diff --git a/os/common-graphics.nix b/os/common-graphics.nix new file mode 100644 index 0000000..2c1417e --- /dev/null +++ b/os/common-graphics.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: { + programs.hyprland.enable = true; + + hardware.graphics = { + enable = true; + enable32Bit = true; + }; + + services.xserver.enable = true; + services.displayManager = { + defaultSession = "hyprland"; + autoLogin = { + enable = false; + user = "ant"; + }; + sddm = { + enable = true; + wayland.enable = true; + package = pkgs.kdePackages.sddm; + extraPackages = with pkgs; [ + where-is-my-sddm-theme + kdePackages.qt5compat + ]; + theme = "where_is_my_sddm_theme"; + }; + }; + + services.printing.enable = true; + + boot.plymouth = { + enable = true; + theme = "fade-in"; + }; + + security.pam.services.ant.enableGnomeKeyring = true; + services.gnome.gnome-keyring.enable = true; + + programs.light.enable = true; + programs.gamemode.enable = true; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/os/common.nix b/os/common.nix index 7ab92fb..bc90a72 100644 --- a/os/common.nix +++ b/os/common.nix @@ -8,12 +8,6 @@ }; nixpkgs.config.allowUnfree = true; - - boot.plymouth = { - enable = true; - theme = "fade-in"; - }; - networking.networkmanager.enable = true; time.timeZone = "Europe/Paris"; @@ -35,57 +29,28 @@ }; console.keyMap = "fr"; - services.printing.enable = true; - - programs.fish.enable = true; + programs.fish = { + enable = true; + interactiveShellInit = '' + set -gx fish_greeting + ''; + }; + users.defaultUserShell = pkgs.fish; environment.systemPackages = with pkgs; [ nh neovim where-is-my-sddm-theme ]; - programs.hyprland.enable = true; - - services.xserver.enable = true; - services.displayManager = { - defaultSession = "hyprland"; - autoLogin = { - enable = false; - user = "ant"; - }; - sddm = { - enable = true; - wayland.enable = true; - package = pkgs.kdePackages.sddm; - extraPackages = with pkgs; [ - where-is-my-sddm-theme - kdePackages.qt5compat - ]; - theme = "where_is_my_sddm_theme"; - }; - }; security.rtkit.enable = true; security.pam.services.swaylock = { }; security.polkit.enable = true; - security.pam.services.ant.enableGnomeKeyring = true; - services.gnome.gnome-keyring.enable = true; - security.sudo.wheelNeedsPassword = false; services.udisks2.enable = true; - programs.gamemode.enable = true; programs.gnupg.agent.enable = true; programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses; - programs.light.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; programs.nix-ld.enable = true; } diff --git a/os/configuration.nix b/os/configuration.nix index d7e73ba..e17782b 100644 --- a/os/configuration.nix +++ b/os/configuration.nix @@ -1,13 +1,14 @@ -# Edit this conle to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, pkgs, ... }: - +let sshKeys = with (import ../sshKeys.nix); [ + moon +]; +in { imports = [ ./hardware-configuration.nix ./common.nix + ./common-graphics.nix + (import ./remote-disk-unlock.nix sshKeys) ]; boot.loader = { @@ -24,30 +25,30 @@ }; # unlock over ssh - boot.initrd = { - availableKernelModules = [ "igb" ]; - network = { - enable = true; - udhcpc = { - enable = true; - extraArgs = [ "--background" "--retries" "1" ]; - }; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon " - ]; - # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; - }; - postCommands = '' - # Automatically ask for the password on SSH login - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; - }; + # boot.initrd = { + # availableKernelModules = [ "igb" ]; + # network = { + # enable = true; + # udhcpc = { + # enable = true; + # extraArgs = [ "--background" "--retries" "1" ]; + # }; + # flushBeforeStage2 = true; + # ssh = { + # enable = true; + # port = 22; + # authorizedKeys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon " + # ]; + # # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + # hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # }; + # postCommands = '' + # # Automatically ask for the password on SSH login + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + # }; + # }; hardware.bluetooth.enable = true; # enables support for Bluetooth hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot @@ -87,11 +88,6 @@ fsType = "ext4"; }; - hardware.graphics = { - enable = true; - enable32Bit = true; - }; - # NVIDIA services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia = { @@ -110,8 +106,6 @@ openFirewall = true; }; - networking.firewall.enable = true; - virtualisation.docker = { enable = true; }; virtualisation.libvirtd.enable = true; programs.virt-manager.enable = true; diff --git a/os/hs/configuration.nix b/os/hs/configuration.nix index 0901889..725e139 100644 --- a/os/hs/configuration.nix +++ b/os/hs/configuration.nix @@ -1,78 +1,41 @@ { config, pkgs, ... }: let - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAM15boHYClgaBXAIyWSjbJd3W/bwcIE6YZwLu/K+Ipp ant@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5zrLxiyG6T5eupXT/wqhvtt8Cuak4DtPEzCyksqa1a ant@allegro" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKt6WkeBNowTOqSv1GAvTSIMReaMDvltOKGpUC2jStGG ant@hs" + sshKeys = with (import ../../sshKeys.nix); [ + basado + moon + allegro + hs ]; domain = "antoinev.freeboxos.fr"; - # ./ssh/authorized_keys_root; in { imports = [ ./hardware-configuration.nix ./syncthing.nix ./disks.nix ./backup.nix + ../common.nix + (import ../remote-disk-unlock.nix sshKeys) ]; - nix.settings = { experimental-features = [ "nix-command" "flakes" ]; }; - - boot.kernelParams = [ "ip=dhcp" ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; - initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - ssh = { - enable = true; - port = 22; - authorizedKeys = sshKeys; - hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; - shell = "/bin/cryptsetup-askpass"; - }; - }; + }; + + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ nvidia-vaapi-driver ]; }; + nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_535; }; - - hardware.graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - - }; - - hardware.nvidia.package = - config.boot.kernelPackages.nvidiaPackages.legacy_535; - services.xserver.videoDrivers = [ "nvidia" ]; networking.hostName = "hs"; # Define your hostname. - networking.networkmanager.enable = true; networking.domain = domain; - time.timeZone = "Europe/Paris"; - i18n.defaultLocale = "fr_FR.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_NUMERIC = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - LC_TIME = "fr_FR.UTF-8"; - }; - services.xserver.xkb = { - layout = "fr"; - variant = ""; - }; - console.keyMap = "fr"; - users.users.ant = { isNormalUser = true; description = "ant"; @@ -88,30 +51,10 @@ in { nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ neovim tmux nh git curl wget htop ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh = { enable = true; settings.PasswordAuthentication = false; }; - users.users.root.openssh.authorizedKeys.keys = sshKeys; - - programs.fish = { - enable = true; - interactiveShellInit = '' - set -gx fish_greeting - ''; - }; - users.defaultUserShell = pkgs.fish; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ @@ -120,11 +63,8 @@ in { 25565 ]; networking.firewall.allowedUDPPorts = [ 25565 ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; networking.interfaces.enp10s0.wakeOnLan.enable = true; - systemd.services.ragnamod = { enable = false; after = [ "network.target" ]; diff --git a/os/moon.nix b/os/moon.nix index 7d32216..c800cb6 100644 --- a/os/moon.nix +++ b/os/moon.nix @@ -3,6 +3,7 @@ imports = [ # Include the results of the hardware scan. ./moon-hardware-configuration.nix ./common.nix + ./common-graphics.nix ]; # Bootloader. @@ -26,7 +27,6 @@ hardware.bluetooth.powerOnBoot = true; # Define a user account. Don't forget to set a password with ‘passwd’. - programs.fish.enable = true; users.users.ant = { isNormalUser = true; shell = pkgs.fish; @@ -61,7 +61,6 @@ to = 1764; } # KDE Connect ]; - networking.hosts = { "90.52.247.64" = [ "home" ]; }; programs.nix-ld.enable = true; programs.nix-ld.libraries = with pkgs; [ diff --git a/os/remote-disk-unlock.nix b/os/remote-disk-unlock.nix new file mode 100644 index 0000000..9fcf4e6 --- /dev/null +++ b/os/remote-disk-unlock.nix @@ -0,0 +1,27 @@ +sshKeys: ({ config, pkgs, ... }: { + boot.kernelParams = [ "ip=dhcp" ]; + boot = { + initrd = { + availableKernelModules = [ "r8169" "igd" ]; + network = { + enable = true; + udhcpc = { + enable = true; + extraArgs = [ "--background" "--retries" "1" ]; + }; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 22; + authorizedKeys = sshKeys; + hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # shell = "/bin/cryptsetup-askpass"; + }; + postCommands = '' + # Automatically ask for the password on SSH login + echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + ''; + }; + }; + }; +}) diff --git a/sshKeys.nix b/sshKeys.nix new file mode 100644 index 0000000..f01c5e3 --- /dev/null +++ b/sshKeys.nix @@ -0,0 +1,6 @@ +{ + basado = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAM15boHYClgaBXAIyWSjbJd3W/bwcIE6YZwLu/K+Ipp ant@nixos"; + moon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon"; + allegro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5zrLxiyG6T5eupXT/wqhvtt8Cuak4DtPEzCyksqa1a ant@allegro"; + hs = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKt6WkeBNowTOqSv1GAvTSIMReaMDvltOKGpUC2jStGG ant@hs"; +}