Commit fd67be98f6c3
Changed files (7)
modules
profiles
machine/carthage.nix
@@ -4,31 +4,33 @@
imports = [
../networking.nix # generated at runtime by nixos-infect
];
-
- profiles.ssh.enable = true;
- profiles.git.enable = true;
- profiles.syncthing.enable = true;
-
- boot.cleanTmpDir = true;
- boot.loader.grub.enable = true;
+ time.timeZone = "Europe/Paris";
+ boot = {
+ cleanTmpDir = true;
+ loader.grub.enable = true;
+ };
+ profiles = {
+ git.enable = true;
+ ssh.enable = true;
+ syncthing.enable = true;
+ };
+ programs = {
+ podman = true;
+ };
networking.firewall.allowPing = true;
- services.openssh.enable = true;
- services.openssh.ports = with import ../assets/machines.nix; [ ssh.carthage.port ];
- services.openssh.permitRootLogin = "without-password";
- programs.fish.enable = true;
+ services = {
+ openssh.ports = with import ../assets/machines.nix; [ ssh.carthage.port ];
+ openssh.permitRootLogin = "without-password";
+ syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.carthage}:8384";
+ wireguard = with import ../assets/machines.nix; {
+ enable = true;
+ ips = [ "${wireguard.ips.carthage}/24" ];
+ endpoint = wg.endpointIP;
+ endpointPort = wg.listenPort;
+ endpointPublicKey = wireguard.kerkouane.publicKey;
+ };
+ };
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
];
- time.timeZone = "Europe/Paris";
-
- programs.podman.enable = true;
-
- services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.carthage}:8384";
- services.wireguard = with import ../assets/machines.nix; {
- enable = true;
- ips = [ "${wireguard.ips.carthage}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
}
machine/honshu.nix
@@ -2,28 +2,30 @@
{
imports = [ ../hardware/dell-latitude-e6540.nix ];
-
- profiles.ssh.enable = true;
- profiles.dev.enable = true;
- profiles.containerd.enable = true;
- profiles.avahi.enable = true;
- profiles.syncthing.enable = true;
-
time.timeZone = "Europe/Paris";
-
+ profiles = {
+ avahi.enable = true;
+ containerd.enable = true;
+ dev.enable = true;
+ ssh.enable = true;
+ syncthing.enable = true;
+ };
+ networking = {
+ enableIPv6 = false;
+ firewall.allowedTCPPorts = [ 3389 2375 7946 9000 80 ];
+ };
services = {
logind.extraConfig = "HandleLidSwitch=ignore";
+ syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.honshu}:8384";
+ wireguard = with import ../assets/wireguard.nix; {
+ enable = true;
+ ips = [ "${ips.honshu}/24" ];
+ endpoint = main.endpointIP;
+ endpointPort = main.listenPort;
+ endpointPublicKey = kerkouane.publicKey;
+ };
};
- services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.honshu}:8384";
- services.wireguard = with import ../assets/wireguard.nix; {
- enable = true;
- ips = [ "${ips.honshu}/24" ];
- endpoint = main.endpointIP;
- endpointPort = main.listenPort;
- endpointPublicKey = kerkouane.publicKey;
- };
-
environment.etc."vrsync".text = ''
/home/vincent/desktop/pictures/screenshots/ vincent@synodine.local:/volumeUSB2/usbshare/pictures/screenshots/
/home/vincent/desktop/pictures/wallpapers/ vincent@synodine.local:/volumeUSB2/usbshare/pictures/wallpapers/
@@ -32,7 +34,6 @@
/run/media/vincent/FcCuir/music/ vincent@synodine.local:/volumeUSB2/usbshare/music/
vincent@synodine.local:/volume1/backup/drive/ /run/media/vincent/Toshito/backup/drive/
'';
-
systemd.services.vrsync = {
description = "vrsync - sync folders to NAS";
wantedBy = [ "multi-user.target" ];
@@ -51,7 +52,6 @@ vincent@synodine.local:/volume1/backup/drive/ /run/media/vincent/Toshito/backup/
};
};
systemd.timers.vrsync.enable = true;
-
# ape – sync git mirrors
systemd.services.ape = {
description = "Ape - sync git mirrors";
@@ -72,7 +72,4 @@ vincent@synodine.local:/volume1/backup/drive/ /run/media/vincent/Toshito/backup/
};
};
systemd.timers.ape.enable = true;
-
- networking.enableIPv6 = false;
- networking.firewall.allowedTCPPorts = [ 3389 2375 7946 9000 80 ];
}
machine/kerkouane.nix
@@ -2,20 +2,22 @@
{
imports = [ ../networking.nix ];
-
- profiles.ssh.enable = true;
- profiles.git.enable = true;
- profiles.wireguard.enable = true;
-
- boot.cleanTmpDir = true;
- boot.loader.grub.enable = true;
+ time.timeZone = "Europe/Paris";
+ boot = {
+ cleanTmpDir = true;
+ loader.grub.enable = true;
+ };
+ profiles = {
+ git.enable = true;
+ ssh.enable = true;
+ wireguard.server.enable = true;
+ };
networking.firewall.allowPing = true;
- services.openssh.enable = true;
- services.openssh.ports = with import ../assets/machines.nix; [ ssh.kerkouane.port ];
- services.openssh.permitRootLogin = "without-password";
- programs.fish.enable = true;
+ services = {
+ openssh.ports = with import ../assets/machines.nix; [ ssh.kerkouane.port ];
+ openssh.permitRootLogin = "without-password";
+ };
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
];
- time.timeZone = "Europe/Paris";
}
machine/massimo.nix
@@ -1,20 +1,17 @@
{ config, pkgs, ... }:
{
- profiles.ssh.enable = true;
- profiles.git.enable = true;
-
- boot.cleanTmpDir = true;
- networking.firewall.allowPing = true;
- programs.fish.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
- ];
time.timeZone = "Europe/Paris";
-
+ boot = {
+ cleanTmpDir = true;
+ };
+ profiles = {
+ git.enable = true;
+ ssh.enable = true;
+ };
+ networking.firewall.allowPing = true;
services = {
logind.extraConfig = "HandleLidSwitch=ignore";
- openssh.enable = true;
wireguard = with import ../assets/machines.nix; {
enable = true;
ips = [ "${wireguard.ips.massimo}/24" ];
@@ -23,4 +20,7 @@
endpointPublicKey = wireguard.kerkouane.publicKey;
};
};
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
+ ];
}
machine/shikoku.nix
@@ -1,65 +1,61 @@
{ config, pkgs, ... }:
{
- profiles.desktop.enable = true;
- profiles.docker.enable = true;
- profiles.buildkit.enable = true;
- profiles.containerd.enable = true;
- profiles.virtualization.enable = true;
- profiles.ssh.enable = true;
- profiles.dev.enable = true;
- profiles.gaming.enable = true;
-
time.timeZone = "Europe/Paris";
-
- boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.efi.efiSysMountPoint = "/boot";
- boot.loader.grub.devices = ["nodev"];
- boot.loader.grub.extraEntries = ''
- menuentry "Windows" {
- insmod part_gpt
- insmod fat
- insmod search_fs_uuid
- insmod chain
- search --fs-uuid --no-floppy --set=root 122F-2055
- chainloader ($root)/Microsoft/Boot/bootmgfw.efi
- }
- '';
- boot.loader.grub.useOSProber = true;
-
+ profiles = {
+ buildkit.enable = true;
+ containerd.enable = true;
+ desktop.enable = true;
+ dev.enable = true;
+ docker.enable = true;
+ gaming.enable = true;
+ ssh.enable = true;
+ virtualization.enable = true;
+ };
+ boot = {
+ loader.efi.canTouchEfiVariables = true;
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.efiSupport = true;
+ loader.efi.efiSysMountPoint = "/boot";
+ loader.grub.devices = ["nodev"];
+ loader.grub.extraEntries = ''
+ menuentry "Windows" {
+ insmod part_gpt
+ insmod fat
+ insmod search_fs_uuid
+ insmod chain
+ search --fs-uuid --no-floppy --set=root 122F-2055
+ chainloader ($root)/Microsoft/Boot/bootmgfw.efi
+ }
+ '';
+ loader.grub.useOSProber = true;
+ };
+ hardware.bluetooth.enable = true;
+ programs.podman = {
+ enable = true;
+ };
+ networking = {
+ firewall.allowedUDPPortRanges = [ { from = 6001; to = 6101; } ];
+ firewall.allowedTCPPorts = [ 7946 9000 5000 ];
+ };
services = {
+ syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.shikoku}:8384";
+ wireguard = with import ../assets/machines.nix; {
+ enable = true;
+ ips = [ "${wireguard.ips.shikoku}/24" ];
+ endpoint = wg.endpointIP;
+ endpointPort = wg.listenPort;
+ endpointPublicKey = wireguard.kerkouane.publicKey;
+ };
xserver = {
videoDrivers = [ "nvidia" ];
displayManager = {
sessionCommands = ''
xrandr --output DP-2 --auto --left-of DP-4 --output DP-4 --auto &
'';
- slim.theme = pkgs.fetchurl {
- url = "https://github.com/vdemeester/slim-themes/raw/master/docker-nuage-theme-0.1.tar.xz";
- sha256 = "1ds7p3d8dn21bankgs68i53hqrj4d2abpk437h6dbjz36q1ys839";
- };
};
+ dpi = 96;
};
};
-
- hardware.bluetooth.enable = true;
- networking.firewall.allowedUDPPortRanges = [ { from = 6001; to = 6101; } ];
- networking.firewall.allowedTCPPorts = [ 7946 9000 5000 ];
-
- # Move elsewhere
- programs.podman = {
- enable = true;
- };
-
- services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.shikoku}:8384";
- services.wireguard = with import ../assets/machines.nix; {
- enable = true;
- ips = [ "${wireguard.ips.shikoku}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
}
machine/wakasu.nix
@@ -2,47 +2,39 @@
{
imports = [ ../hardware/lenovo-p50.nix ];
-
- profiles.laptop.enable = true;
- profiles.docker.enable = true;
- profiles.containerd.enable = true;
- profiles.virtualization.enable = true;
- profiles.ssh.enable = true;
- profiles.dev.enable = true;
-
- # Move elsewhere
- programs.podman = {
- enable = true;
- };
-
- networking.firewall.allowedUDPPortRanges = [ { from = 6001; to = 6101; } ];
- networking.firewall.allowedTCPPorts = [ 7946 9000 5000 ];
-
time.timeZone = "Europe/Paris";
-
+ profiles = {
+ containerd.enable = true;
+ dev.enable = true;
+ docker.enable = true;
+ laptop.enable = true;
+ ssh.enable = true;
+ virtualization.enable = true;
+ };
+ programs = {
+ podman.enable = true;
+ };
+ networking = {
+ firewall.allowedUDPPortRanges = [ { from = 6001; to = 6101; } ];
+ firewall.allowedTCPPorts = [ 7946 9000 5000 ];
+ };
services = {
logind.extraConfig = ''
HandleLidSwitch=suspend
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
'';
+ syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.wakasu}:8384";
+ wireguard = with import ../assets/machines.nix; {
+ enable = true;
+ ips = [ "${wireguard.ips.wakasu}/24" ];
+ endpoint = wg.endpointIP;
+ endpointPort = wg.listenPort;
+ endpointPublicKey = wireguard.kerkouane.publicKey;
+ };
xserver = {
videoDrivers = [ "nvidia" ];
dpi = 96;
- displayManager.slim.theme = pkgs.fetchurl {
- url = "https://github.com/vdemeester/slim-themes/raw/master/docker-key-theme-0.1.tar.xz";
- sha256 = "127893l1nzqya0g68k8841g5lm3hlnx7b3b3h06axvplc54a1jd8";
- };
};
};
-
- services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.wakasu}:8384";
-
- services.wireguard = with import ../assets/machines.nix; {
- enable = true;
- ips = [ "${wireguard.ips.wakasu}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
}
modules/profiles/desktop.nix
@@ -101,6 +101,10 @@ in
enable = true;
# Probably put this into users instead ?
defaultUser = "vincent";
+ theme = pkgs.fetchurl {
+ url = "https://github.com/vdemeester/slim-themes/raw/master/docker-key-theme-0.1.tar.xz";
+ sha256 = "127893l1nzqya0g68k8841g5lm3hlnx7b3b3h06axvplc54a1jd8";
+ };
};
};
};