diff --git a/.gitignore b/.gitignore index 012da5d..ab58f15 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,7 @@ doc/index.html # Result of bud commands vm -iso +/iso doi # PubSolarOS diff --git a/hosts/default.nix b/hosts/default.nix index 7876d9b..248ff40 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -10,26 +10,32 @@ self.nixosModules.b12f self.nixosModules.audio self.nixosModules.bluetooth + self.nixosModules.desktop-extended self.nixosModules.docker + self.nixosModules.email self.nixosModules.graphical self.nixosModules.nextcloud self.nixosModules.office + self.nixosModules.uhk ]; }; chocolatebar = self.nixos-flake.lib.mkLinuxSystem { nixpkgs.hostPlatform = "x86_64-linux"; imports = [ + inputs.musnix.nixosModules.musnix self.nixosModules.base ./chocolatebar self.nixosModules.b12f self.nixosModules.audio - self.nixosModules.virtualisation + self.nixosModules.desktop-extended self.nixosModules.docker + self.nixosModules.email self.nixosModules.gaming self.nixosModules.graphical self.nixosModules.nextcloud self.nixosModules.office + self.nixosModules.uhk self.nixosModules.virtualisation ]; }; @@ -63,6 +69,30 @@ # self.nixosModules.yule # ]; # }; + + iso = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + ]; + }; + + iso-graphical = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + self.nixosModules.graphical + self.nixosModules.audio + self.nixosModules.bluetooth + ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; }) + ]; + }; }; }; } diff --git a/hosts/iso/default.nix b/hosts/iso/default.nix new file mode 100644 index 0000000..6ccfabc --- /dev/null +++ b/hosts/iso/default.nix @@ -0,0 +1,10 @@ +{ + pkgs, + lib, + ... +}: { + pub-solar.core.disk-encryption-active = false; + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + networking.networkmanager.enable = false; +} diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 5f7ef13..ad0612a 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -11,7 +11,7 @@ networking.networkmanager = { # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. - enable = true; + enable = lib.mkDefault true; wifi.backend = lib.mkDefault "iwd"; }; @@ -21,7 +21,7 @@ # Caddy reverse proxy for local services like cups services.caddy = { - enable = true; + # don't enable by default globalConfig = '' default_bind 127.0.0.1 auto_https off diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 585716f..e959010 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -14,8 +14,6 @@ in { services.gnome.gnome-keyring.enable = true; users.users."${psCfg.user.name}".packages = with pkgs; [ - gnome.seahorse - keepassxc libsecret ]; diff --git a/modules/default.nix b/modules/default.nix index 5c8eeaf..a8e008a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,6 +10,7 @@ bluetooth = import ./bluetooth; core = import ./core; crypto = import ./crypto; + desktop-extended = import ./desktop-extended; docker = import ./docker; email = import ./email; gaming = import ./gaming; @@ -28,7 +29,6 @@ base.imports = [ self.nixosModules.home-manager inputs.agenix.nixosModules.default - inputs.musnix.nixosModules.musnix self.nixosModules.overlays self.nixosModules.core diff --git a/modules/desktop-extended/default.nix b/modules/desktop-extended/default.nix new file mode 100644 index 0000000..ed0334d --- /dev/null +++ b/modules/desktop-extended/default.nix @@ -0,0 +1,58 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + # Needed for the udev rules for solaar + hardware.logitech.wireless.enable = true; + + users.users."${psCfg.user.name}".packages = with pkgs; [ + ungoogled-chromium + gimp + wine + + present-md + inkscape + gpxsee + digikam + nix-output-monitor + tigervnc + nodejs + solaar + insomnia + concourse + + signal-desktop + tdesktop + element-desktop + irssi + + # Nix specific utilities + alejandra + manix + nix-index + nix-tree + nvd + ]; + + fonts = { + fonts = with pkgs; [ + dejavu_fonts + fira-code + fira-code-symbols + google-fonts + lato + montserrat + nerdfonts + noto-fonts + noto-fonts-cjk + open-sans + powerline-fonts + source-sans-pro + ]; + }; +} diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index ffcd499..f4bfc53 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -31,8 +31,6 @@ in { config = { hardware.opengl.enable = true; - # Needed for the udev rules for solaar - hardware.logitech.wireless.enable = true; environment = { systemPackages = with pkgs; [ @@ -77,17 +75,7 @@ in { fonts = { fonts = with pkgs; [ dejavu_fonts - fira-code - fira-code-symbols - google-fonts - lato - montserrat - nerdfonts - noto-fonts - noto-fonts-cjk - open-sans powerline-fonts - source-sans-pro ]; enableDefaultFonts = true; fontconfig.enable = true; @@ -99,20 +87,19 @@ in { users.users."${psCfg.user.name}".packages = with pkgs; [ alacritty - ungoogled-chromium firefox-wayland flameshot - libnotify gnome.adwaita-icon-theme gnome.eog gnome.nautilus + gnome.seahorse gnome.yelp hicolor-icon-theme - wine + keepassxc + libnotify toggle-kbd-layout - wcwd vlc - gimp + wcwd ]; home-manager.users."${psCfg.user.name}" = { diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index ac926ae..3f75a20 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -45,10 +45,13 @@ in { }; networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"]; - services.caddy.extraConfig = '' - paperless.local:80 { - request_header Host localhost:${builtins.toString config.services.paperless.port} - reverse_proxy localhost:${builtins.toString config.services.paperless.port} - } - ''; + services.caddy = { + enable = true; + extraConfig = '' + paperless.local:80 { + request_header Host localhost:${builtins.toString config.services.paperless.port} + reverse_proxy localhost:${builtins.toString config.services.paperless.port} + } + ''; + }; } diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 0c49bab..8a0c4bb 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -27,6 +27,7 @@ networking.hosts = flake.self.lib.addLocalHostname ["cups.local"]; services.caddy = { + enable = true; extraConfig = '' cups.local:80 { request_header Host localhost:631 diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index d2c5193..db4af8f 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -11,9 +11,9 @@ in { options.pub-solar.terminal-life = { full = mkOption { description = '' - Enable a full version + Enable a full version, which includes more nvim plugins and lsps. ''; - default = true; + default = false; type = types.bool; }; }; diff --git a/modules/user/session-variables.nix b/modules/user/session-variables.nix index 2f07d5f..ae96e81 100644 --- a/modules/user/session-variables.nix +++ b/modules/user/session-variables.nix @@ -110,7 +110,7 @@ {IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames;} ]; in { - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { home.sessionVariables = variablesWithMeta; systemd.user.sessionVariables = variablesWithMeta; }; diff --git a/users/b12f/concepts-and-training.nix b/users/b12f/concepts-and-training.nix index e97b8ee..2cb9abd 100644 --- a/users/b12f/concepts-and-training.nix +++ b/users/b12f/concepts-and-training.nix @@ -29,7 +29,7 @@ in { systemd.services.openvpn-catVPN.serviceConfig.ExecStartPre = "${pkgs.fwknop}/bin/fwknop --rc-file=${config.age.secrets.".fwknoprc".path} --no-save-args --no-home-dir --save-args-file=/dev/null -n hetzner_test_cloud --wget-cmd=${pkgs.wget}/bin/wget"; - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { programs.ssh = { matchBlocks = { "salt.base.test" = { diff --git a/users/b12f/home.nix b/users/b12f/home.nix index 5a78ec6..9cd33cd 100644 --- a/users/b12f/home.nix +++ b/users/b12f/home.nix @@ -15,31 +15,6 @@ in { ]; home-manager.users."${psCfg.user.name}" = { - home.packages = with pkgs; [ - present-md - inkscape - gpxsee - digikam - nix-output-monitor - tigervnc - nodejs - solaar - insomnia - concourse - - signal-desktop - tdesktop - element-desktop - irssi - - # Nix specific utilities - alejandra - manix - nix-index - nix-tree - nvd - ]; - programs.ssh = { enable = true; matchBlocks = { @@ -105,13 +80,6 @@ in { ''; }; - age.secrets."mopidy.conf" = { - file = "${flake.self}/secrets/mopidy.conf"; - mode = "700"; - owner = "b12f"; - }; - services.mopidy.extraConfigFiles = ["/run/agenix/mopidy.conf"]; - programs.ssh.extraConfig = " PubkeyAcceptedKeyTypes +ssh-rsa "; diff --git a/users/default.nix b/users/default.nix index a01cd33..888811f 100644 --- a/users/default.nix +++ b/users/default.nix @@ -3,16 +3,9 @@ flake = { nixosModules = rec { root = import ./root; - - b12f = { - imports = [ - ./b12f - self.nixosModules.email - self.nixosModules.uhk - ]; - }; - + b12f = import ./b12f; yule = import ./yule; + nixos = import ./nixos; }; }; } diff --git a/users/nixos/default.nix b/users/nixos/default.nix new file mode 100644 index 0000000..447e4d8 --- /dev/null +++ b/users/nixos/default.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: let + psCfg = config.pub-solar; +in { + config = { + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # The rest is used for programs like git + user = { + name = "nixos"; + description = "nixos"; + password = ""; + fullName = "nixos user"; + email = "nixos-iso@benjaminbaedorf.eu"; + publicKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCelYBqrnyU1AI2p9urIrbVxRwnH81qDWF16BXU8sqMY47htvGji8FAnCBxCnd/9r5aOsOem4lKNoPQmzGFkZQZFn7xdxVO9uzcgIEFDWKK8dQ9MzmuB2W7JXMNjCs0zktkVu5hWpYiFGhN3QEMkqKoB+fJPBQ7d6J1488Yu3Zd3odyt8x1UMWfU7ObZIOCIzJIR0F23jACkh5Q1xWJXI7rUcycCZen4aWE6uYVTE7w94ARpTHHs6NlsQwUz3+aXKaWIoFLoXHumNO3mgrs/XzMgc96pS5HrbiauwL0GS5SRkskxMPbGr93mWeTEVsDd7Q6pszTzNeVM+0O9V/iVUfwyQ6L2OVUa+fYcGiCIjSJ7DzpPW7dx/bWDTtEyPb0amf1hvof9Q0R1LLHuYUPlxSy9ySp4aHM3++u4B10PKQnebvafkXAn98lgQolFiiuAn5dekGcHiFj1vQu2NP+E+LnQFDhPa61YQD2GVvAzR5Uh/2tZLIvXEoqDMZvKY9n02SsTGBeSweGd8kgT9WVkhQ3c2zAkfkGqPiJwYpaFVd8s/z+vLp+ViCgPY401sNNPQ81AoERY7BrcIRFG1Ed29jMVuzySDKpRGOYo/9H/RiHigIqAyUs2D0VOTYPbmCUZa17iZuPHhc6VLX/ar9optIBbV5EsXfDWhoy+fIXlQ+pw== root@nougat" + ]; + }; + }; + }; +}