diff --git a/common/hosts/zerotier b/common/hosts/zerotier index 71c07ac..092643e 100644 --- a/common/hosts/zerotier +++ b/common/hosts/zerotier @@ -1,4 +1,6 @@ 10.1.2.16 zeus +10.1.2.153 glassbox +10.1.2.28 voyager 10.1.2.134 bsdremote 10.1.2.152 thinkpad 10.1.2.171 pizero diff --git a/nixos/hosts/glassbox.nix b/nixos/hosts/glassbox.nix index 0fa07d0..d3c8301 100644 --- a/nixos/hosts/glassbox.nix +++ b/nixos/hosts/glassbox.nix @@ -5,15 +5,10 @@ config, lib, pkgs, - modulesPath, ... }: { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../profiles/hyprland.nix - ../profiles/default.nix - ../users/willem/home/linux.nix - ../modules/zerotier.nix + ../profiles/desktop.nix ]; boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"]; @@ -48,10 +43,6 @@ swapDevices = []; networking.hostName = "glassbox"; - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/nixos/hosts/nixbox.nix b/nixos/hosts/nixbox.nix index a9d034c..edeb6a6 100644 --- a/nixos/hosts/nixbox.nix +++ b/nixos/hosts/nixbox.nix @@ -2,206 +2,56 @@ config, lib, pkgs, - modulesPath, ... -}: let - torrent_group_id = 987; -in - { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../profiles/hyprland.nix - ../profiles/default.nix - ../users/willem/home/linux.nix - ../modules/zerotier.nix - ]; +}: { + imports = [ + ../profiles/desktop.nix + ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["amdgpu"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["amdgpu"]; + boot.extraModulePackages = []; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = ["zfs"]; - boot.zfs.forceImportRoot = false; - networking.hostId = "06818aaa"; + boot.supportedFilesystems = ["zfs"]; + boot.zfs.forceImportRoot = false; + networking.hostId = "06818aaa"; - hardware.opengl.driSupport = true; - hardware.opengl.enable = true; + hardware.opengl.driSupport = true; + hardware.opengl.enable = true; - hardware.opengl.extraPackages = with pkgs; [ - amdvlk - ]; + hardware.opengl.extraPackages = with pkgs; [ + amdvlk + ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/24855432-019b-43d9-9b83-9135b9dc31a6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/24855432-019b-43d9-9b83-9135b9dc31a6"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/F2E9-F515"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/F2E9-F515"; + fsType = "vfat"; + }; - boot.zfs.extraPools = ["zpool"]; + boot.zfs.extraPools = ["zpool"]; - swapDevices = [{device = "/dev/disk/by-uuid/36bb51f0-f56d-4408-b61c-7905789a7304";}]; + swapDevices = [{device = "/dev/disk/by-uuid/36bb51f0-f56d-4408-b61c-7905789a7304";}]; - environment.systemPackages = [pkgs.zfs]; + environment.systemPackages = [pkgs.zfs]; - services.zfs.autoScrub.enable = true; + services.zfs.autoScrub.enable = true; - services.jellyfin.enable = true; + services.jellyfin.enable = true; - users.groups.torrent.gid = torrent_group_id; + users.groups.torrent.gid = torrent_group_id; - services.transmission = { - enable = false; + networking.hostName = "nixbox"; - package = pkgs.transmission_4; - - group = "torrent"; - - settings = rec { - download-dir = "/zpool/media/torrents"; - incomplete-dir = "/zpool/media/torrents/.incomplete"; - incomplete-dir-enabled = true; - peer-port = 51413; - rpc-enabled = true; - rpc-bind-address = "0.0.0.0"; - rpc-whitelist-enabled = false; - rpc-whitelist = "10.1.2.*,127.0.0.*"; - rpc-host-whitelist-enabled = false; - }; - }; - - networking.nftables.enable = true; - networking.nftables.flushRuleset = true; - - networking.nftables.tables."nixos-fw".content = lib.mkForce ""; - - networking.nftables.ruleset = '' - table inet filter { - chain input { - type filter hook input priority 0; - - # accept all localhost and zerotier traffic - iifname lo accept - iifname "zt*" accept - - # accept traffic sent by us - ct state {established, related} accept - - # ICMP - # routers may also want: mld-listener-query, nd-router-solicit - ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept - - # allow "ping" - ip protocol icmp icmp type echo-request accept - - # jellyfin - tcp dport 8096 accept - tcp dport 8920 accept - udp dport 1900 accept - udp dport 7359 accept - - # transmission web ui - tcp dport 9091 accept - - # zerotier - udp dport 9993 accept - tcp dport 9993 accept - - # ssh - tcp dport 22 accept - - iifname "tun0" tcp dport 51413 accept - iifname "tun0" udp dport 51413 accept - - iifname {lo, "zt*"} tcp dport 9091 accept - - iifname "tun0" skgid ${toString torrent_group_id} accept - - # drop all other packets - counter drop - #accept - } - - chain output { - type filter hook output priority 0; - - tcp dport 53 accept - udp dport 53 accept - - oifname {"lo", "zt*"} tcp sport 9091 accept - - skgid ${toString torrent_group_id} oifname != "tun0" counter drop - - # zerotier - oifname "zt*" accept - udp dport 9993 accept - tcp dport 9993 accept - - accept - } - - chain forward { - type filter hook forward priority 0; - - accept - } - } - ''; - - networking.useDHCP = lib.mkDefault true; - - networking.hostName = "nixbox"; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } - # Do not modify this file! It was generated by ‘nixos-generate-config’ - # and may be overwritten by future invocations. Please make changes - # to /etc/nixos/configuration.nix instead. - { - config, - lib, - pkgs, - modulesPath, - ... - }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/4e9a4d87-4b00-413b-84c0-62e737a012a9"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1641-A38E"; - fsType = "vfat"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/hosts/thinkpad.nix b/nixos/hosts/thinkpad.nix index f468f97..ed21614 100644 --- a/nixos/hosts/thinkpad.nix +++ b/nixos/hosts/thinkpad.nix @@ -2,15 +2,10 @@ config, lib, pkgs, - modulesPath, ... }: { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../profiles/hyprland.nix - ../profiles/default.nix - ../users/willem/home/linux.nix - ../modules/zerotier.nix + ../profiles/laptop.nix ]; boot.loader.systemd-boot.enable = true; @@ -42,7 +37,6 @@ settings.General.EnableNetworkConfiguration = true; }; - networking.useDHCP = lib.mkDefault true; networking.hostName = "thinkpad"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/nixos/hosts/voyager/default.nix b/nixos/hosts/voyager/default.nix index 92c2ea6..a60819c 100755 --- a/nixos/hosts/voyager/default.nix +++ b/nixos/hosts/voyager/default.nix @@ -3,31 +3,14 @@ config, lib, pkgs, - modulesPath, ... }: { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../../profiles/hyprland.nix - ../../profiles/default.nix - ../../users/willem/home/linux.nix - ../../modules/zerotier.nix + ../../profiles/laptop.nix inputs.nixos-apple-silicon.nixosModules.apple-silicon-support ]; environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine}/gmp-widevinecdm/system-installed"]; - environment.systemPackages = [pkgs.powertop]; - - services.logind = { - extraConfig = '' - HandlePowerKey=suspend - HandleLidSwitchDocked=suspend - ''; - lidSwitch = "suspend"; - }; - - powerManagement.powertop.enable = true; - boot.initrd.availableKernelModules = ["usb_storage" "sdhci_pci"]; fileSystems."/" = { @@ -42,8 +25,6 @@ swapDevices = []; - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = false; @@ -71,10 +52,6 @@ }; hardware.opengl.enable = true; - networking.wireless.iwd = { - enable = true; - settings.General.EnableNetworkConfiguration = true; - }; networking.hostName = "voyager"; } diff --git a/nixos/profiles/default.nix b/nixos/profiles/default.nix index 9667644..5ad0974 100644 --- a/nixos/profiles/default.nix +++ b/nixos/profiles/default.nix @@ -3,6 +3,7 @@ overlays, pkgs, globals, + lib, ... }: { imports = [ @@ -15,6 +16,9 @@ inputs.stylix.nixosModules.stylix ]; + networking.useDHCP = lib.mkDefault true; + hardware.enableRedistributableFirmware = lib.mkDefault true; + programs.command-not-found.enable = false; boot.tmp.useTmpfs = true; diff --git a/nixos/profiles/desktop.nix b/nixos/profiles/desktop.nix index 915997c..a18edcd 100644 --- a/nixos/profiles/desktop.nix +++ b/nixos/profiles/desktop.nix @@ -1,49 +1,10 @@ -{ - pkgs, - globals, - ... -}: { - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - services.dbus = { - enable = true; - packages = [pkgs.dconf]; - }; - - programs.dconf = { - enable = true; - }; - - services.printing.enable = true; - - hardware.pulseaudio.enable = false; - - security.rtkit.enable = true; - - services.xserver = { - enable = true; - - layout = globals.keyboard.layout; - xkbVariant = globals.keyboard.variant; - - synaptics.enable = false; - - displayManager.lightdm.enable = false; - - libinput = { - enable = true; - touchpad.tapping = true; - touchpad.naturalScrolling = true; - touchpad.scrollMethod = "twofinger"; - touchpad.disableWhileTyping = true; - touchpad.clickMethod = "clickfinger"; - }; - }; - - sound.enable = true; +{pkgs, ...}: { + imports = [ + ./hyprland.nix + ./default.nix + ../users/willem/home/linux.nix + ../modules/zerotier.nix + ]; + powerManagement.cpuFreqGovernor = "performance"; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/nixos/profiles/gnome.nix b/nixos/profiles/gnome.nix deleted file mode 100644 index ec7400f..0000000 --- a/nixos/profiles/gnome.nix +++ /dev/null @@ -1,31 +0,0 @@ -{pkgs, ...}: { - imports = [./desktop.nix]; - - environment.gnome.excludePackages = - (with pkgs; [ - gnome-photos - gnome-tour - ]) - ++ (with pkgs.gnome; [ - gnome-music - evince # document viewer - gnome-characters - totem # video player - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ]); - - environment.systemPackages = with pkgs; [ - pinentry-gnome - ]; - - services.xserver = { - enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - }; - - sound.enable = true; -} diff --git a/nixos/profiles/gui.nix b/nixos/profiles/gui.nix new file mode 100644 index 0000000..915997c --- /dev/null +++ b/nixos/profiles/gui.nix @@ -0,0 +1,49 @@ +{ + pkgs, + globals, + ... +}: { + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.dbus = { + enable = true; + packages = [pkgs.dconf]; + }; + + programs.dconf = { + enable = true; + }; + + services.printing.enable = true; + + hardware.pulseaudio.enable = false; + + security.rtkit.enable = true; + + services.xserver = { + enable = true; + + layout = globals.keyboard.layout; + xkbVariant = globals.keyboard.variant; + + synaptics.enable = false; + + displayManager.lightdm.enable = false; + + libinput = { + enable = true; + touchpad.tapping = true; + touchpad.naturalScrolling = true; + touchpad.scrollMethod = "twofinger"; + touchpad.disableWhileTyping = true; + touchpad.clickMethod = "clickfinger"; + }; + }; + + sound.enable = true; +} diff --git a/nixos/profiles/hyprland.nix b/nixos/profiles/hyprland.nix index 45ef94a..04f2ee7 100644 --- a/nixos/profiles/hyprland.nix +++ b/nixos/profiles/hyprland.nix @@ -3,7 +3,7 @@ pkgs, ... }: { - imports = [./desktop.nix]; + imports = [./gui.nix]; programs.hyprland.enable = true; programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.hyprland; diff --git a/nixos/profiles/laptop.nix b/nixos/profiles/laptop.nix new file mode 100644 index 0000000..3c04068 --- /dev/null +++ b/nixos/profiles/laptop.nix @@ -0,0 +1,21 @@ +{pkgs, ...}: { + imports = [ + ./hyprland.nix + ./default.nix + ../users/willem/home/linux.nix + ../modules/zerotier.nix + ]; + environment.systemPackages = [pkgs.powertop]; + services.logind = { + extraConfig = '' + HandlePowerKey=suspend + HandleLidSwitchDocked=suspend + ''; + lidSwitch = "suspend"; + }; + powerManagement.powertop.enable = true; + networking.wireless.iwd = { + enable = true; + settings.General.EnableNetworkConfiguration = true; + }; +}