modularize config

modules/common/autoupdate.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  system.autoUpgrade = {
+    enable = true;
+    dates = "04:00";
+    flake = "git+ssh://gitea@git.huwe.mooo.com/willifan/nix-config";
+    persistent = true;
+    randomizedDelaySec = "5min";
+    fixedRandomDelay = true;
+  };
+}

modules/common/default.nix

@@ -0,0 +1,20 @@
+{ hostname, ... }:
+{
+  imports = [
+    ./autoupdate.nix
+    ./garbage-collect.nix
+    ./keyd.nix
+    ./mimetype.nix
+    ./optimise.nix
+    ./sops.nix
+  ];
+
+  networking = {
+    networkmanager.enable = true;
+    hostName = "${hostname}";
+  };
+  console.keyMap = "de";
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nixpkgs.config.allowUnfree = true;
+  system.stateVersion = "23.11";
+}

modules/common/garbage-collect.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  nix.gc = {
+    automatic = true;
+    dates = "04:30";
+    persistent = true;
+    options = "--delete-older-than 30d";
+  };
+}

modules/common/keyd.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+
+  services.keyd = {
+    enable = true;
+    keyboards.default = {
+      ids = [ "*" ];
+      settings = {
+        main = {
+          rightalt = "overload(altgr, rightalt)";
+	  capslock = "overload(control, esc)";
+	};
+	altgr = {
+          a = ''macro(compose a ")'';
+          o = ''macro(compose o ")'';
+	  u = ''macro(compose u ")'';
+	  s = ''macro(compose s s)'';
+	};
+      };
+    };
+  };
+
+}

modules/common/mimetype.nix

@@ -0,0 +1,15 @@
+{ ... }:
+{
+
+  xdg.mime.defaultApplications = {
+    "application/pdf" = "zen.desktop";
+    "text/html" = "zen.desktop";
+    "x-scheme-handler/http" = "zen.desktop";
+    "x-scheme-handler/https" = "zen.desktop";
+    "x-scheme-handler/about" = "zen.desktop";
+    "x-scheme-handler/unknown" = "zen.desktop";
+  };
+
+  environment.sessionVariables.DEFAULT_BROWSER = "zen";
+
+}

modules/common/optimise.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  nix.optimise = {
+    automatic = true;
+    dates = [ "05:00" ];
+  };
+}

modules/common/sops.nix

@@ -0,0 +1,18 @@
+{ attrs, ... }:
+{
+
+  imports = [
+    attrs.sops-nix.nixosModules.sops
+  ];
+
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/willifan/.config/sops/age/keys.txt";
+
+  sops.secrets."ssh/root/private" = {
+    owner = "root";
+  };
+  sops.secrets."syncthing/password" = {
+  };
+}

modules/common/syncthing.nix

@@ -0,0 +1,70 @@
+{ lib, config, ... }:
+{
+
+  options = {
+
+    syncthing.devices = lib.mkOption {
+      default = { };
+      type = lib.types.attrsOf (lib.types.submodule {
+        options = {
+
+          id = lib.mkOption {
+            type = lib.types.str;
+            default = null;
+          };
+
+        };
+      });
+    };
+  };
+
+  services.syncthing = {
+    enable =  true;
+    user = "willifan";
+    dataDir = "/mnt/data";
+    configDir = "/mnt/data/.config/syncthing";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      gui = {
+        user = "willifan";
+        password = "temppassword";
+      };
+      devices = {
+        Anton = { id = "WCDBADD-UPKCACI-X2YJOIO-5QC44PL-DBCR6TS-ADVQV33-HSMF32O-FOKMKAU"; };
+      };
+      folders = {
+        "Documents" = {
+          id = "jtl6g-qjmwo";
+          path = "/mnt/data/Documents";
+          devices = [ "Anton" ];
+        };
+        "Enpass" = {
+          id = "ciksm-xsw4m";
+          path = "/mnt/data/Enpass";
+          devices = [ "Anton" ];
+        };
+        "Pictures" = {
+          id = "po4qj-q9t0t";
+          path = "/mnt/data/Pictures";
+          devices = [ "Anton" ];
+        };
+        "Videos" = {
+          id = "4wqf5-xasng";
+          path = "/mnt/data/Videos";
+          devices = [ "Anton" ];
+        };
+        "Notes" = {
+          id = "oc61n-iewgj";
+          path = "/mnt/data/Notes";
+          devices = [ "Anton" ];
+        };
+        "Music" = {
+          id = "xxh8a-3y2tq";
+          path = "/mnt/data/Music";
+          devices = [ "Anton" ];
+        };
+      };
+    };
+  };
+}

modules/desktop/boot.nix

@@ -0,0 +1,31 @@
+{ ... }:
+{
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
+    plymouth = {
+      enable = true;
+#      theme = "bgrt";
+#      logo = "${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png";
+#      font = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf";
+    };
+
+    consoleLogLevel = 0;
+    initrd.verbose = false;
+    kernelParams = [
+      "quiet"
+      "splash"
+      "boot.shell_on_fail"
+      "loglevel=3"
+      "rd.systemd.show_status=false"
+      "rd.udev.log_level=3"
+      "udev.log_priority=3"
+    ];
+    # Hide the OS choice for bootloaders.
+    # It's still possible to open the bootloader list by pressing any key
+    # It will just not appear on screen unless a key is pressed
+    loader.timeout = 0;
+
+  };
+}

modules/desktop/default.nix

@@ -0,0 +1,16 @@
+{ hostname, ... }:
+{
+  networking.hostName = hostname;
+  imports = [
+    ./boot.nix
+    ./nfs-client.nix
+    ./nix-ld.nix
+    ./printers.nix
+    ./remoteBuilder.nix
+    ./ssh-server.nix
+  ];
+  
+  hardware.bluetooth.enable = true;
+  services.hardware.bolt.enable = true;
+
+}

modules/desktop/nfs-client.nix

@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+
+  environment.systemPackages = with pkgs; [
+    nfs-utils
+  ];
+  services.autofs = {
+    enable = true;
+    autoMaster = let
+      mapConf = pkgs.writeText "auto.nfs" ''
+        roms    -fstype=nfs4    192.168.178.19:/roms  
+      '';
+    in ''
+      /mnt/nfs ${mapConf}
+    ''; 
+  };
+
+}

modules/desktop/nix-ld.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  programs.nix-ld.enable = true;
+
+  programs.nix-ld.libraries = with pkgs; [
+  ];
+}

modules/desktop/printers.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  services.printing = {
+    enable = true;
+    drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
+  };
+
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+  };
+}

modules/desktop/remoteBuilder.nix

@@ -0,0 +1,22 @@
+{ ... }:
+
+{
+	nix.buildMachines = [ {
+	  hostName = "Anton";
+    sshUser = "builder";
+	  systems = [ "x86_64-linux" "aarch64-linux" ];
+    protocol = "ssh";
+	  # if the builder supports building for multiple architectures, 
+	  # replace the previous line by, e.g.
+	  # systems = ["x86_64-linux" "aarch64-linux"];
+	  maxJobs = 1;
+	  speedFactor = 2;
+	  supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+	  mandatoryFeatures = [ ];
+	}];
+	nix.distributedBuilds = true;
+	# optional, useful when the builder has a faster internet connection than yours
+	nix.extraOptions = ''
+	  builders-use-substitutes = true
+	'';
+}

modules/desktop/ssh-server.nix

@@ -0,0 +1,22 @@
+{ ... }:
+{
+
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+
+  users.users.willifan.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me"
+  ];
+
+  nix.settings.trusted-users = [ "willifan" ];
+  
+}

modules/server/boot.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
+  };
+}

modules/server/builder.nix

@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  users.users.builder = {
+    group = "builder";
+    isNormalUser = true;
+    homeMode = "111";
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRgaPLmdimjvCM7jvlXkRPbw0KOmMdtgTcBahgIWNm8QAFkPX8T42RNDgTb7QG+XqRU4+t4VgM0xt6ldcOTrrcJ2bHW8ybeXM5DU7z2f0aCp3OULosbDHoWiEdxvNmIHcFKgMbL7K/ieVYx5wrPkU+63inK5GrzWIaOOd8O4Q/z7M/XIwOAz2Kb3B4muCG9b9cKAGodOkRT81aJsK0aE84Cy4DbzCgz34FWvfGPWSHQZ/fLNlKrtKI0lCEG5r7r1Tw1wXDAFb7d+enypUwy+KlQDJLkDp0O1dJPEmY0RKXMRL2xFl3jrQ4LgOAyWhXF2ERc2bkky4YaIQfLX3NaMRqVRmUCVpnGRcYqdbn2ulsUOmC0Or/bnJa7/sKFBhFb8aEoxD7/w4h5ugh0xVWMFvwjDb0gymXjNPgvefagAhi8qhxf/6X4AZK4x7y/tcIKpW3QfyrdX7bWQ7itBpMPtYH6WWyoKfypnAGeUtdwcXsb5cwGoJ4s9S/E1CwyZxdC38ydrDYFeRih7+KDHnOqZFnLwBb6yLdpvUhyMkksAzVxh8cvObVgjUFQMAwKvLKVzlv28BLgaWj+K+oFakytRtYZv7CsCneZyL3s/nDKs2ChhYgiXvVicZi+sC8FXZIl6wXWHYj5i/p5A/6ulVFgkfDna051hNewerXuTlyMMbTRw== willifan@pm.me" ];
+  };
+  users.groups.builder = { };
+  nix.settings.trusted-users = [ "builder" "willifan" ];
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
+}

modules/server/default.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+
+  imports = [
+    ./boot.nix
+    ./builder.nix
+    ./ssh-server.nix
+  ];
+}

modules/server/ssh-server.nix

@@ -0,0 +1,21 @@
+{ ... }:
+{
+
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+
+  users.users.willifan.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me"
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCd8g40ehDWL44XbzDY4qbka6FD4oCGA8stA5EqKdORhUqXAqEjw8s8kqNbok13RtSRpC5cgt8dsXG+lXL7A5oldq1u02+yl3YJtyt0nl+cH0WUEHdx7z3uWZPfI2WJh7Q14n0bl/31Rnxsw2A93JTrWqRCs4sV8CG4K8b5WhQSTJEbSO61z7tMEETfag+20FSA2sPP+QZCbxIGdRfTx/aA2pUlkSy5ih0WjwCJlI2wkTQsdsmHuZnPse0QRejbORSfHc/jh7KFFV/KR/UHs4X1EH4dOo4lebigUdtoUwlK9ciBaK1fFCLERJNWMCJOK5zfd3nUEbk7+hXVkAPTB/mDxYub8trpZSCu+3X3z10GM/AuSlk/8lrNQxUpovLffb8bJWSdAH7QdMM/fdgt0YHxt/FEpz5fiB7RHxQ4w/CQC+a+FOVDGFddd4uinX+999ZpshHKnB+R0Yi/7C+XoyhgytNATsPQlWYF367DWXA4cfSmpxchmi1EK4M0XBC8UxtF/EW0ULV2WFAFrO77LKKZ0UkjT7UWv6F3CofY1tAI4Kem6ervegXlasUe3AogiTuIvXfQm5kUk2fgK//VTe4vqQY+BqezHDYgSVbB/FASd0Z5vv+f7zRdqOhLH3ybkjTeQ4MlS0HHO2BCaAKjCmSBBn6w2pC92Qz32uK28w7yhQ== root@Lenni"
+  ];
+
+}