Clean up aspi and kardorf configs

hosts/aspi/default.nix

@@ -1,49 +1,30 @@
-{
-  pkgs,
-  inputs,
-  ...
-}:
 {
   imports = [
-    # inputs.hardware.nixosModules.common-cpu-amd # TODO something useful for me?
-
     ./hardware-configuration.nix
 
     ../common/global
     ../common/users/julian
 
-    # ../common/optional/openssh.nix
-    ../common/optional/pipewire.nix
     ../common/optional/remote-builder.nix
     ../common/optional/boot-efi.nix
-    ../common/optional/pcmanfm.nix
 
-    # ../common/optional/i3.nix
-    # ../common/optional/gdm.nix
     ../common/optional/greetd.nix
+    ../common/optional/authentication.nix
+    ../common/optional/pcmanfm.nix
+    ../common/optional/pipewire.nix
 
     ../common/optional/gamemode.nix
-    # ../common/optional/redshift.nix
-    # ../common/optional/redshift.nix
     ../common/optional/virtualbox.nix
-    ../common/optional/xdg-portal.nix # TODO: not needed?
+
-    ../common/optional/polkit.nix # TODO: maybe not needed!
+    ../common/optional/podman.nix
-    ../common/optional/keyring.nix # TODO: maybe not needed!
+    ../common/optional/wireguard.nix
+    ../common/optional/flatpak.nix
+
+    ../common/optional/avahi.nix
   ];
 
-  # programs.hyprland.enable = true;
-
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-  boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"
-
   networking.hostName = "aspi";
-  networking.networkmanager.enable = true;
+  system.stateVersion = "24.05";
-  # networking.networkmanager.dns = "systemd-resolved";
-  services.resolved.enable = true;
-
-  time.timeZone = "Europe/Berlin";
-
-  hardware.graphics.enable = true;
 
   modules = {
     syncthing = {
@@ -52,84 +33,18 @@
     };
   };
 
-  users.mutableUsers = false;
-
   services.blueman.enable = true;
   services.upower.enable = true;
 
   programs.steam.enable = true;
 
-  programs.dconf.enable = true;
+  # TODO: not working
   services.logind.lidSwitch = "lock";
   services.logind.lidSwitchDocked = "lock";
 
   programs.kdeconnect.enable = true;
 
-  # Enable touchpad support (enabled default in most desktopManager).
+  # Enable touchpad support
   services.libinput.enable = true;
 
-  # This interface is started on boot / switch
-  networking.wg-quick.interfaces = {
-    julian = {
-      configFile = "/etc/wireguard/julian.conf";
-    };
-  };
-
-  # List services that you want to enable:
-  services.openssh.enable = false;
-  services.flatpak.enable = true;
-
-  security.krb5.enable = true;
-  security.krb5.settings = {
-    # domain_realm = {
-    #   ".julian-mutter.de" = "julian-mutter.de";
-    #   "julian-mutter.de" = "julian-mutter.de";
-    # };
-    libdefaults = {
-      default_realm = "julian-mutter.de";
-      #   dns_lookup_realm = true;
-      #   dns_lookup_kdc = true;
-      #   ticket_lifetime = "24h";
-      #   renew_lifetime = "7d";
-    };
-    realms = {
-      "julian-mutter.de" = {
-        kdc = [ "kerberos.julian-mutter.de" ];
-        admin_server = "kerberos-admin.julian-mutter.de";
-        default_domain = "julian-mutter.de";
-      };
-    };
-  };
-
-  virtualisation.docker.enable = true;
-  # hardware.nvidia-container-toolkit.enable = true;
-  # services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.nvidia.open = false;
-
-  # Do not alway generate man-cache, making builds much faster
-  documentation.man.generateCaches = false;
-
-  # MDNS on local network
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-  };
-
-  # Packages needed as root
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    mc
-    xorg.xhost
-    pavucontrol
-    frajul.pulseaudio-popup
-    gparted-xhost # needs to be installed as system package so it can be actually opened
-    xclip
-
-    brightnessctl
-  ];
-
-  # ======================== DO NOT CHANGE THIS ========================
-  system.stateVersion = "24.05";
-  # ======================== DO NOT CHANGE THIS ========================
 }

hosts/aspi/hardware-configuration.nix

@@ -1,17 +1,24 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+{
-# and may be overwritten by future invocations.  Please make changes
+  config,
-# to /etc/nixos/configuration.nix instead.
+  lib,
-{ config, lib, pkgs, modulesPath, ... }:
+  ...
+}:
 
 {
-  imports =
+  boot.initrd.availableKernelModules = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    "vmd"
-    ];
+    "xhci_pci"
-
+    "ahci"
-  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+  boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   boot.initrd.luks.devices = {
     root = {
@@ -21,32 +28,42 @@
     };
   };
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
-      fsType = "btrfs";
+    fsType = "btrfs";
-      options = [ "subvol=root" "compress=zstd" ];
+    options = [
-    };
+      "subvol=root"
-
+      "compress=zstd"
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
-      fsType = "btrfs";
-      options = [ "subvol=home" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
-      fsType = "btrfs";
-      options = [ "subvol=nix" "compress=zstd" "noatime" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7040-F37C";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80"; }
     ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7040-F37C";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80"; }
+  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -59,4 +76,5 @@
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.nvidia.open = false;
 }

hosts/builder/default.nix

@@ -34,9 +34,6 @@
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   networking.hostName = "builder";
-  networking.networkmanager.enable = true;
-
-  time.timeZone = "Europe/Berlin";
 
   modules = {
     keymap.enable = true;

hosts/common/global/default.nix

@@ -11,15 +11,25 @@
       ./fish.nix # fish for admin
       ./locale.nix
       ./nix.nix
-      ./podman.nix
       ./sops.nix
-      ./xserver.nix
+      ./root.nix
     ]
     ++ [
       inputs.home-manager.nixosModules.home-manager
     ]
     ++ (builtins.attrValues outputs.nixosModules);
 
+  # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+  # Enables non-free firmware
+  hardware.enableRedistributableFirmware = true;
+
+  # Networking
+  networking.networkmanager.enable = true;
+  services.resolved.enable = true;
+
+  programs.dconf.enable = true;
+
+  # HM
   home-manager.useGlobalPkgs = true;
   home-manager.extraSpecialArgs = {
     inherit inputs outputs;

hosts/common/global/locale.nix

@@ -21,4 +21,6 @@
   };
 
   console.keyMap = "de";
+
+  time.timeZone = "Europe/Berlin";
 }

hosts/common/global/root.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  # Packages needed as root
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    mc
+    gparted-xhost # needs to be installed as system package so it can be actually opened
+  ];
+}

hosts/common/optional/authentication.nix

@@ -1,14 +1,11 @@
+{ pkgs, ... }:
 {
-  config,
+  # Make programs like nextcloud client access saved passwords
-  lib,
+  programs.seahorse.enable = true;
-  pkgs,
+  services.gnome.gnome-keyring.enable = true;
-  ...
-}:
-
-{
 
+  # Make authentication work for e.g. gparted
   security.polkit.enable = true;
-
   systemd = {
     user.services.polkit-gnome-authentication-agent-1 = {
       description = "polkit-gnome-authentication-agent-1";

hosts/common/optional/avahi.nix

@@ -0,0 +1,9 @@
+{
+  # MDNS on local network
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish.enable = true;
+    publish.addresses = true;
+  };
+}

hosts/common/optional/docker.nix

@@ -0,0 +1,5 @@
+{
+  virtualisation.docker = {
+    enable = true;
+  };
+}

hosts/common/optional/flatpak.nix

@@ -2,10 +2,9 @@
   pkgs,
   ...
 }:
-
 {
+  services.flatpak.enable = true;
   xdg.portal.enable = true;
   xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
   xdg.portal.config.common.default = "*"; # Use first portal implementation found
-  # hyprland desktop portal added automatically
 }

hosts/common/optional/kerberos.nix

@@ -0,0 +1,24 @@
+{
+
+  security.krb5.enable = true;
+  security.krb5.settings = {
+    # domain_realm = {
+    #   ".julian-mutter.de" = "julian-mutter.de";
+    #   "julian-mutter.de" = "julian-mutter.de";
+    # };
+    libdefaults = {
+      default_realm = "julian-mutter.de";
+      #   dns_lookup_realm = true;
+      #   dns_lookup_kdc = true;
+      #   ticket_lifetime = "24h";
+      #   renew_lifetime = "7d";
+    };
+    realms = {
+      "julian-mutter.de" = {
+        kdc = [ "kerberos.julian-mutter.de" ];
+        admin_server = "kerberos-admin.julian-mutter.de";
+        default_domain = "julian-mutter.de";
+      };
+    };
+  };
+}

hosts/common/optional/keyring.nix

@@ -1,12 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-
-  programs.seahorse.enable = true;
-  services.gnome.gnome-keyring.enable = true;
-}

hosts/common/optional/wireguard.nix

@@ -0,0 +1,11 @@
+{
+  networking.wg-quick.interfaces = {
+    julian = {
+      configFile = "/etc/wireguard/julian.conf";
+      autostart = true; # This interface is started on boot
+    };
+    comu = {
+      configFile = "/etc/wireguard/comu.conf";
+    };
+  };
+}

hosts/kardorf/default.nix

@@ -1,5 +1,4 @@
 {
-  config,
   pkgs,
   ...
 }:
@@ -10,57 +9,27 @@
     ../common/global
     ../common/users/julian
 
-    # ../common/optional/openssh.nix
-    # ../common/optional/greetd.nix
-    ../common/optional/pipewire.nix
     ../common/optional/remote-builder.nix
     ../common/optional/boot-efi.nix
+
+    ../common/optional/greetd.nix
+    ../common/optional/authentication.nix
     ../common/optional/pcmanfm.nix
-    ../common/optional/i3.nix
+    ../common/optional/pipewire.nix
-    ../common/optional/gdm.nix
+
-    ../common/optional/redshift.nix
+    ../common/optional/podman.nix
-    ../common/optional/virtualbox.nix
+    ../common/optional/flatpak.nix
-    ../common/optional/xdg-portal.nix
-    ../common/optional/polkit.nix # TODO: maybe not needed!
-    ../common/optional/keyring.nix # TODO: maybe not needed!
   ];
 
-  networking.hostName = "kardorf"; # Define your hostname.
+  networking.hostName = "kardorf";
-  networking.networkmanager.enable = true;
+  system.stateVersion = "22.11";
-  services.resolved.enable = true;
 
-  time.timeZone = "Europe/Berlin";
-
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
   services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
+
-  # hardware.nvidia.modesetting.enable = true; # for wayland
+  programs.kdeconnect.enable = true;
 
   # Enable CUPS to print documents.
-  # hardware.sane.enable = true;
   services.printing.enable = true;
   services.printing.browsing = true;
-  # services.avahi.enable = true;
-  # services.avahi.nssmdns = true;
   services.printing.drivers = with pkgs; [ gutenprint ];
-
-  # List services that you want to enable:
-  services.openssh.enable = false;
-  services.flatpak.enable = true;
-  # Smart card reader
-  services.pcscd.enable = true;
-
-  virtualisation.docker.enable = true;
-
-  # Packages needed as root
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    mc
-    gparted-xhost # needs to be installed as system package so it can be actually opened
-  ];
-
-  # ======================== DO NOT CHANGE THIS ========================
-  system.stateVersion = "22.11";
-  # ======================== DO NOT CHANGE THIS ========================
 }

hosts/kardorf/hardware-configuration.nix

@@ -1,39 +1,62 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  boot.initrd.availableKernelModules = [
-
+    "ehci_pci"
-  boot.initrd.availableKernelModules =
+    "ahci"
-    [ "ehci_pci" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sr_mod" ];
+    "xhci_pci"
+    "usbhid"
+    "uas"
+    "sd_mod"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
     fsType = "btrfs";
-    options = [ "subvol=root" "compress=zstd" ];
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/home" = {
     device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
     fsType = "btrfs";
-    options = [ "subvol=home" "compress=zstd" ];
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
     fsType = "btrfs";
-    options = [ "subvol=nix" "compress=zstd" "noatime" ];
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
   };
 
   fileSystems."/swap" = {
     device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
     fsType = "btrfs";
-    options = [ "subvol=swap" "noatime" ];
+    options = [
+      "subvol=swap"
+      "noatime"
+    ];
   };
 
   fileSystems."/boot/efi" = {
@@ -41,10 +64,12 @@
     fsType = "vfat";
   };
 
-  swapDevices = [{
+  swapDevices = [
-    device = "/swap/swapfile";
+    {
-    size = 16 * 1024;
+      device = "/swap/swapfile";
-  }];
+      size = 16 * 1024;
+    }
+  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -55,6 +80,7 @@
   # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
+  # hardware.nvidia.modesetting.enable = true; # for wayland
 }

hosts/pianonix/default.nix

@@ -35,16 +35,12 @@
 
   # disko.devices.disk.main.device = "/dev/mmcblk1";
 
-  networking.networkmanager.enable = true;
   # networking.wireless.enable = true;
   # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
   # networking.wireless.networks = {
   #   "@SSID@".psk = "@PSK@";
   # };
-  networking.hostName = "pianonix"; # Define your hostname.
+  networking.hostName = "pianonix";
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
 
   sops.secrets."vnc-passwd" = {
     owner = config.users.users.julian.name;
@@ -64,8 +60,6 @@
     };
   };
 
-  users.mutableUsers = false;
-
   # Enable the Desktop Environment.
   # services.xserver.displayManager.lightdm.enable = true;
   services.displayManager.autoLogin = {
@@ -89,7 +83,6 @@
 
   boot.loader.timeout = 1; # Set boot loader timeout to 1s
 
-  programs.dconf.enable = true;
   # De-facto disable network manager, which is enabled by gnome
   # networking.networkmanager.unmanaged = [ "*" ];
   services.xserver.desktopManager = {
@@ -121,17 +114,6 @@
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
   ];
 
-  # Do not alway generate man-cache, making builds much faster
-  documentation.man.generateCaches = false;
-
-  # MDNS on local network
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-    publish.enable = true;
-    publish.addresses = true;
-  };
-
   services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
   services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
   services.syncthing.settings = {

modules/nixos/syncthing.nix

@@ -1,21 +1,5 @@
 {
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
   lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  system, # The system architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
-  format, # A normalized name for the system target (eg. `iso`).
-  virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
-  systems, # An attribute map of your defined hosts.
-
-  # All other arguments come from the module system.
   config,
   ...
 }: