julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Clean up aspi and kardorf configs

Browse Source
This commit is contained in:
Julian Mutter 2025-04-28 22:02:24 +02:00
parent c217e3297b
commit 7d17c52192
19 changed files with 197 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
hosts/aspi/default.nix
View File

@ -1,49 +1,30 @@
{
pkgs,
inputs,
...
}:
{
imports = [
# inputs.hardware.nixosModules.common-cpu-amd # TODO something useful for me?
./hardware-configuration.nix
../common/global
../common/users/julian
# ../common/optional/openssh.nix
../common/optional/pipewire.nix
../common/optional/remote-builder.nix
../common/optional/boot-efi.nix
../common/optional/pcmanfm.nix
# ../common/optional/i3.nix
# ../common/optional/gdm.nix
../common/optional/greetd.nix
../common/optional/authentication.nix
../common/optional/pcmanfm.nix
../common/optional/pipewire.nix
../common/optional/gamemode.nix
# ../common/optional/redshift.nix
# ../common/optional/redshift.nix
../common/optional/virtualbox.nix
../common/optional/xdg-portal.nix # TODO: not needed?
../common/optional/polkit.nix # TODO: maybe not needed!
../common/optional/keyring.nix # TODO: maybe not needed!
../common/optional/podman.nix
../common/optional/wireguard.nix
../common/optional/flatpak.nix
../common/optional/avahi.nix
];
# programs.hyprland.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"
networking.hostName = "aspi";
networking.networkmanager.enable = true;
# networking.networkmanager.dns = "systemd-resolved";
services.resolved.enable = true;
time.timeZone = "Europe/Berlin";
hardware.graphics.enable = true;
system.stateVersion = "24.05";
modules = {
syncthing = {
@ -52,84 +33,18 @@
};
};
users.mutableUsers = false;
services.blueman.enable = true;
services.upower.enable = true;
programs.steam.enable = true;
programs.dconf.enable = true;
# TODO: not working
services.logind.lidSwitch = "lock";
services.logind.lidSwitchDocked = "lock";
programs.kdeconnect.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# Enable touchpad support
services.libinput.enable = true;
# This interface is started on boot / switch
networking.wg-quick.interfaces = {
julian = {
configFile = "/etc/wireguard/julian.conf";
};
};
# List services that you want to enable:
services.openssh.enable = false;
services.flatpak.enable = true;
security.krb5.enable = true;
security.krb5.settings = {
# domain_realm = {
# ".julian-mutter.de" = "julian-mutter.de";
# "julian-mutter.de" = "julian-mutter.de";
# };
libdefaults = {
default_realm = "julian-mutter.de";
# dns_lookup_realm = true;
# dns_lookup_kdc = true;
# ticket_lifetime = "24h";
# renew_lifetime = "7d";
};
realms = {
"julian-mutter.de" = {
kdc = [ "kerberos.julian-mutter.de" ];
admin_server = "kerberos-admin.julian-mutter.de";
default_domain = "julian-mutter.de";
};
};
};
virtualisation.docker.enable = true;
# hardware.nvidia-container-toolkit.enable = true;
# services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.open = false;
# Do not alway generate man-cache, making builds much faster
documentation.man.generateCaches = false;
# MDNS on local network
services.avahi = {
enable = true;
nssmdns4 = true;
};
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
xorg.xhost
pavucontrol
frajul.pulseaudio-popup
gparted-xhost # needs to be installed as system package so it can be actually opened
xclip
brightnessctl
];
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "24.05";
# ======================== DO NOT CHANGE THIS ========================
}

86
hosts/aspi/hardware-configuration.nix
View File

@ -1,17 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"vmd"
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.initrd.luks.devices = {
root = {
@ -21,32 +28,42 @@
};
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7040-F37C";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80"; }
fileSystems."/" = {
device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7040-F37C";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -59,4 +76,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia.open = false;
}

3
hosts/builder/default.nix
View File

@ -34,9 +34,6 @@
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking.hostName = "builder";
networking.networkmanager.enable = true;
time.timeZone = "Europe/Berlin";
modules = {
keymap.enable = true;

14
hosts/common/global/default.nix
View File

@ -11,15 +11,25 @@
./fish.nix # fish for admin
./locale.nix
./nix.nix
./podman.nix
./sops.nix
./xserver.nix
./root.nix
]
++ [
inputs.home-manager.nixosModules.home-manager
]
++ (builtins.attrValues outputs.nixosModules);
# Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
# Enables non-free firmware
hardware.enableRedistributableFirmware = true;
# Networking
networking.networkmanager.enable = true;
services.resolved.enable = true;
programs.dconf.enable = true;
# HM
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = {
inherit inputs outputs;

2
hosts/common/global/locale.nix
View File

@ -21,4 +21,6 @@
};
console.keyMap = "de";
time.timeZone = "Europe/Berlin";
}

11
hosts/common/global/root.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
gparted-xhost # needs to be installed as system package so it can be actually opened
];
}

13
hosts/common/optional/polkit.nix → hosts/common/optional/authentication.nix
View File

@ -1,14 +1,11 @@
{ pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
# Make programs like nextcloud client access saved passwords
programs.seahorse.enable = true;
services.gnome.gnome-keyring.enable = true;
# Make authentication work for e.g. gparted
security.polkit.enable = true;
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";

9
hosts/common/optional/avahi.nix Normal file
View File

@ -0,0 +1,9 @@
{
# MDNS on local network
services.avahi = {
enable = true;
nssmdns4 = true;
publish.enable = true;
publish.addresses = true;
};
}

5
hosts/common/optional/docker.nix Normal file
View File

@ -0,0 +1,5 @@
{
virtualisation.docker = {
enable = true;
};
}

3
hosts/common/optional/xdg-portal.nix → hosts/common/optional/flatpak.nix
View File

@ -2,10 +2,9 @@
pkgs,
...
}:
{
services.flatpak.enable = true;
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
xdg.portal.config.common.default = "*"; # Use first portal implementation found
# hyprland desktop portal added automatically
}

24
hosts/common/optional/kerberos.nix Normal file
View File

@ -0,0 +1,24 @@
{
security.krb5.enable = true;
security.krb5.settings = {
# domain_realm = {
# ".julian-mutter.de" = "julian-mutter.de";
# "julian-mutter.de" = "julian-mutter.de";
# };
libdefaults = {
default_realm = "julian-mutter.de";
# dns_lookup_realm = true;
# dns_lookup_kdc = true;
# ticket_lifetime = "24h";
# renew_lifetime = "7d";
};
realms = {
"julian-mutter.de" = {
kdc = [ "kerberos.julian-mutter.de" ];
admin_server = "kerberos-admin.julian-mutter.de";
default_domain = "julian-mutter.de";
};
};
};
}

12
hosts/common/optional/keyring.nix
View File

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.seahorse.enable = true;
services.gnome.gnome-keyring.enable = true;
}

0
hosts/common/global/podman.nix → hosts/common/optional/podman.nix
View File

11
hosts/common/optional/wireguard.nix Normal file
View File

@ -0,0 +1,11 @@
{
networking.wg-quick.interfaces = {
julian = {
configFile = "/etc/wireguard/julian.conf";
autostart = true; # This interface is started on boot
};
comu = {
configFile = "/etc/wireguard/comu.conf";
};
};
}

0
hosts/common/global/xserver.nix → hosts/common/optional/xserver.nix
View File

53
hosts/kardorf/default.nix
View File

@ -1,5 +1,4 @@
{
config,
pkgs,
...
}:
@ -10,57 +9,27 @@
../common/global
../common/users/julian
# ../common/optional/openssh.nix
# ../common/optional/greetd.nix
../common/optional/pipewire.nix
../common/optional/remote-builder.nix
../common/optional/boot-efi.nix
../common/optional/greetd.nix
../common/optional/authentication.nix
../common/optional/pcmanfm.nix
../common/optional/i3.nix
../common/optional/gdm.nix
../common/optional/redshift.nix
../common/optional/virtualbox.nix
../common/optional/xdg-portal.nix
../common/optional/polkit.nix # TODO: maybe not needed!
../common/optional/keyring.nix # TODO: maybe not needed!
../common/optional/pipewire.nix
../common/optional/podman.nix
../common/optional/flatpak.nix
];
networking.hostName = "kardorf"; # Define your hostname.
networking.networkmanager.enable = true;
services.resolved.enable = true;
networking.hostName = "kardorf";
system.stateVersion = "22.11";
time.timeZone = "Europe/Berlin";
boot.loader.efi.efiSysMountPoint = "/boot/efi";
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
# hardware.nvidia.modesetting.enable = true; # for wayland
programs.kdeconnect.enable = true;
# Enable CUPS to print documents.
# hardware.sane.enable = true;
services.printing.enable = true;
services.printing.browsing = true;
# services.avahi.enable = true;
# services.avahi.nssmdns = true;
services.printing.drivers = with pkgs; [ gutenprint ];
# List services that you want to enable:
services.openssh.enable = false;
services.flatpak.enable = true;
# Smart card reader
services.pcscd.enable = true;
virtualisation.docker.enable = true;
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
gparted-xhost # needs to be installed as system package so it can be actually opened
];
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "22.11";
# ======================== DO NOT CHANGE THIS ========================
}

56
hosts/kardorf/hardware-configuration.nix
View File

@ -1,39 +1,62 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"xhci_pci"
"usbhid"
"uas"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.efi.efiSysMountPoint = "/boot/efi";
fileSystems."/" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
options = [
"subvol=root"
"compress=zstd"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
options = [
"subvol=home"
"compress=zstd"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
options = [
"subvol=swap"
"noatime"
];
};
fileSystems."/boot/efi" = {
@ -41,10 +64,12 @@
fsType = "vfat";
};
swapDevices = [{
device = "/swap/swapfile";
size = 16 * 1024;
}];
swapDevices = [
{
device = "/swap/swapfile";
size = 16 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -55,6 +80,7 @@
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
# hardware.nvidia.modesetting.enable = true; # for wayland
}

20
hosts/pianonix/default.nix
View File

@ -35,16 +35,12 @@
# disko.devices.disk.main.device = "/dev/mmcblk1";
networking.networkmanager.enable = true;
# networking.wireless.enable = true;
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "@SSID@".psk = "@PSK@";
# };
networking.hostName = "pianonix"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Berlin";
networking.hostName = "pianonix";
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
@ -64,8 +60,6 @@
};
};
users.mutableUsers = false;
# Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
services.displayManager.autoLogin = {
@ -89,7 +83,6 @@
boot.loader.timeout = 1; # Set boot loader timeout to 1s
programs.dconf.enable = true;
# De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ];
services.xserver.desktopManager = {
@ -121,17 +114,6 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
];
# Do not alway generate man-cache, making builds much faster
documentation.man.generateCaches = false;
# MDNS on local network
services.avahi = {
enable = true;
nssmdns4 = true;
publish.enable = true;
publish.addresses = true;
};
services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
services.syncthing.settings = {

16
modules/nixos/syncthing.nix
View File

@ -1,21 +1,5 @@
{
# Snowfall Lib provides a customized `lib` instance with access to your flake's library
# as well as the libraries available from your flake's inputs.
lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# You also have access to your flake's inputs.
inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
# All other arguments come from the module system.
config,
...
}: