From cb10f78bce09b43a4a1073e7c412dc5870e6baaf Mon Sep 17 00:00:00 2001 From: Don Harper Date: Sat, 24 Sep 2022 20:36:29 -0500 Subject: [PATCH] refactor --- dragon/configuration.nix | 195 +------------------------------ eve/configuration.nix | 195 +------------------------------ workstation/configuration.nix | 186 +++++++++++++++++++++++++++++ {dragon => workstation}/sway.nix | 0 4 files changed, 196 insertions(+), 380 deletions(-) create mode 100644 workstation/configuration.nix rename {dragon => workstation}/sway.nix (100%) diff --git a/dragon/configuration.nix b/dragon/configuration.nix index 52c965d..8b63cc5 100644 --- a/dragon/configuration.nix +++ b/dragon/configuration.nix @@ -2,195 +2,10 @@ { imports = - [ # Include the results of the hardware scan. - # - ./hardware-configuration.nix - ./sway.nix + [ + /etc/nixos/hardware-configuration.nix + /home/don/nixos/workstation/configuration.nix + /home/don/nixos/workstation/sway.nix ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - boot.kernelPackages = pkgs.linuxPackages_latest; - - networking.hostName = "dragon"; # Define your hostname. - - # Enable networking - networking.networkmanager.enable = true; - networking.networkmanager.wifi.powersave = true; - networking.useDHCP = false; - networking.interfaces.wlo1.useDHCP = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.utf8"; - - # Splash screen - boot.plymouth.enable = false; - boot.plymouth.theme = "breeze"; - - # Enable doas instead of sudo - security.sudo.enable = false; - security.doas.enable = true; - security.doas.extraRules = [{ - users = [ "don" ]; - keepEnv = true; - noPass = true; - }]; - - # Enable the X11 windowing system. - #services.xserver.enable = false; - - # Enable the GNOME Desktop Environment. - #services.xserver.displayManager.gdm.enable = true; - #services.xserver.desktopManager.gnome.enable = false; - - # Configure keymap in X11 - #services.xserver = { - #layout = "us"; - #xkbVariant = ""; - #}; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - xdg.portal.enable = true; # only needed if you are not doing Gnome - services.flatpak.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.don = { - isNormalUser = true; - description = "Don Harper"; - extraGroups = [ "networkmanager" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" - ]; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - citrix_workspace - firefox - git-crypt - gitFull - gnupg - home-manager - mosh - pulseaudio - python311 - qutebrowser - syncthing - tailscale - tmux - tmuxp - topgrade - vim - wget - zoom-us - ]; - - programs.mtr.enable = true; - nixpkgs.overlays = [ - ( self: super: - let - extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ]; - in { - citrix_workspace = super.citrix_workspace.override { - inherit extraCerts; - }; - } - ) - ]; - - services.tailscale.enable = true; - # create a oneshot job to authenticate to Tailscale - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56 - ''; - }; - - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - #permitRootLogin = "yes"; - }; - - # Open ports in the firewall. - networking.firewall = { - enable = true; - # always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - checkReversePath = "loose"; - - # allow the Tailscale UDP port through the firewall - allowedUDPPorts = [ config.services.tailscale.port ]; - - # allow you to SSH in over the public internet - allowedTCPPorts = [ 22 ]; - }; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - nixpkgs.config.firefox.enableGnomeExtenions = true; - services.gnome.chrome-gnome-shell.enable = true; - + networking.hostName = "dragon"; } diff --git a/eve/configuration.nix b/eve/configuration.nix index fe3b58f..ae6312a 100644 --- a/eve/configuration.nix +++ b/eve/configuration.nix @@ -2,195 +2,10 @@ { imports = - [ # Include the results of the hardware scan. - - ./hardware-configuration.nix - ./sway.nix + [ + /etc/nixos/hardware-configuration.nix + /home/don/nixos/workstation/configuration.nix + /home/don/nixos/workstation/sway.nix ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.kernelPackages = pkgs.linuxPackages_latest; - - networking.hostName = "eve"; # Define your hostname. - - # Enable networking - networking.networkmanager.enable = true; - networking.networkmanager.wifi.powersave = true; - networking.useDHCP = false; - networking.interfaces.wlp1s0.useDHCP = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.utf8"; - - # Splash screen - boot.plymouth.enable = false; - boot.plymouth.theme = "breeze"; - - # Enable doas instead of sudo - security.sudo.enable = false; - security.doas.enable = true; - security.doas.extraRules = [{ - users = [ "don" ]; - keepEnv = true; - noPass = true; - }]; - - # Enable the X11 windowing system. - #services.xserver.enable = false; - - # Enable the GNOME Desktop Environment. - #services.xserver.displayManager.gdm.enable = true; - #services.xserver.desktopManager.gnome.enable = false; - - # Configure keymap in X11 - #services.xserver = { - #layout = "us"; - #xkbVariant = ""; - #}; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - xdg.portal.enable = true; # only needed if you are not doing Gnome - services.flatpak.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.don = { - isNormalUser = true; - description = "Don Harper"; - extraGroups = [ "networkmanager" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" - ]; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - citrix_workspace - firefox - git-crypt - gitFull - gnupg - home-manager - mosh - pulseaudio - python311 - qutebrowser - syncthing - tailscale - tmux - tmuxp - topgrade - vim - wget - zoom-us - ]; - - programs.mtr.enable = true; - nixpkgs.overlays = [ - ( self: super: - let - extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ]; - in { - citrix_workspace = super.citrix_workspace.override { - inherit extraCerts; - }; - } - ) - ]; - - services.tailscale.enable = true; - # create a oneshot job to authenticate to Tailscale - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56 - ''; - }; - - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - #permitRootLogin = "yes"; - }; - - # Open ports in the firewall. - networking.firewall = { - enable = true; - # always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - checkReversePath = "loose"; - - # allow the Tailscale UDP port through the firewall - allowedUDPPorts = [ config.services.tailscale.port ]; - - # allow you to SSH in over the public internet - allowedTCPPorts = [ 22 ]; - }; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - nixpkgs.config.firefox.enableGnomeExtenions = true; - services.gnome.chrome-gnome-shell.enable = true; - + networking.hostName = "eve"; } diff --git a/workstation/configuration.nix b/workstation/configuration.nix new file mode 100644 index 0000000..53cdf08 --- /dev/null +++ b/workstation/configuration.nix @@ -0,0 +1,186 @@ +{ config, pkgs, ... }: + +{ + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Enable networking + networking.networkmanager.enable = true; + networking.networkmanager.wifi.powersave = true; + networking.useDHCP = false; + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.utf8"; + + # Splash screen + boot.plymouth.enable = false; + boot.plymouth.theme = "breeze"; + + # Enable doas instead of sudo + security.sudo.enable = false; + security.doas.enable = true; + security.doas.extraRules = [{ + users = [ "don" ]; + keepEnv = true; + noPass = true; + }]; + + # Enable the X11 windowing system. + #services.xserver.enable = false; + + # Enable the GNOME Desktop Environment. + #services.xserver.displayManager.gdm.enable = true; + #services.xserver.desktopManager.gnome.enable = false; + + # Configure keymap in X11 + #services.xserver = { + #layout = "us"; + #xkbVariant = ""; + #}; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + xdg.portal.enable = true; # only needed if you are not doing Gnome + services.flatpak.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.don = { + isNormalUser = true; + description = "Don Harper"; + extraGroups = [ "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + citrix_workspace + firefox + git-crypt + gitFull + gnupg + home-manager + mosh + pulseaudio + python311 + qutebrowser + syncthing + tailscale + tmux + tmuxp + topgrade + vim + wget + zoom-us + ]; + + programs.mtr.enable = true; + nixpkgs.overlays = [ + ( self: super: + let + extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ]; + in { + citrix_workspace = super.citrix_workspace.override { + inherit extraCerts; + }; + } + ) + ]; + + services.tailscale.enable = true; + # create a oneshot job to authenticate to Tailscale + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56 + ''; + }; + + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + #permitRootLogin = "yes"; + }; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + # always allow traffic from your Tailscale network + trustedInterfaces = [ "tailscale0" ]; + checkReversePath = "loose"; + + # allow the Tailscale UDP port through the firewall + allowedUDPPorts = [ config.services.tailscale.port ]; + + # allow you to SSH in over the public internet + allowedTCPPorts = [ 22 ]; + }; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + nixpkgs.config.firefox.enableGnomeExtenions = true; + services.gnome.chrome-gnome-shell.enable = true; + +} diff --git a/dragon/sway.nix b/workstation/sway.nix similarity index 100% rename from dragon/sway.nix rename to workstation/sway.nix