factorize os configurations

os/common-graphics.nix

@@ -0,0 +1,48 @@
+{ config, pkgs, ... }: {
+  programs.hyprland.enable = true;
+
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  services.xserver.enable = true;
+  services.displayManager = {
+    defaultSession = "hyprland";
+    autoLogin = {
+      enable = false;
+      user = "ant";
+    };
+    sddm = {
+      enable = true;
+      wayland.enable = true;
+      package = pkgs.kdePackages.sddm;
+      extraPackages = with pkgs; [
+        where-is-my-sddm-theme
+        kdePackages.qt5compat
+      ];
+      theme = "where_is_my_sddm_theme";
+    };
+  };
+
+  services.printing.enable = true;
+
+  boot.plymouth = {
+    enable = true;
+    theme = "fade-in";
+  };
+
+  security.pam.services.ant.enableGnomeKeyring = true;
+  services.gnome.gnome-keyring.enable = true;
+
+  programs.light.enable = true;
+  programs.gamemode.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}

os/common.nix

@@ -8,12 +8,6 @@
   };
   nixpkgs.config.allowUnfree = true;
 
-
-  boot.plymouth = {
-    enable = true;
-    theme = "fade-in";
-  };
-
   networking.networkmanager.enable = true;
 
   time.timeZone = "Europe/Paris";
@@ -35,57 +29,28 @@
   };
   console.keyMap = "fr";
 
-  services.printing.enable = true;
+  programs.fish = {
-
+    enable = true;
-  programs.fish.enable = true;
+    interactiveShellInit = ''
+      set -gx fish_greeting
+    '';
+  };
+  users.defaultUserShell = pkgs.fish;
 
   environment.systemPackages = with pkgs; [
     nh
     neovim
     where-is-my-sddm-theme
   ];
-  programs.hyprland.enable = true;
-
-  services.xserver.enable = true;
-  services.displayManager = {
-    defaultSession = "hyprland";
-    autoLogin = {
-      enable = false;
-      user = "ant";
-    };
-    sddm = {
-      enable = true;
-      wayland.enable = true;
-      package = pkgs.kdePackages.sddm;
-      extraPackages = with pkgs; [
-        where-is-my-sddm-theme
-        kdePackages.qt5compat
-      ];
-      theme = "where_is_my_sddm_theme";
-    };
-  };
 
   security.rtkit.enable = true;
   security.pam.services.swaylock = { };
   security.polkit.enable = true;
-  security.pam.services.ant.enableGnomeKeyring = true;
-  services.gnome.gnome-keyring.enable = true;
-
   security.sudo.wheelNeedsPassword = false;
 
   services.udisks2.enable = true;
-  programs.gamemode.enable = true;
   programs.gnupg.agent.enable = true;
   programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
-  programs.light.enable = true;
-
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    jack.enable = true;
-  };
 
   programs.nix-ld.enable = true;
 }

os/configuration.nix

@@ -1,13 +1,14 @@
-# Edit this conle to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { config, pkgs, ... }:
-
+let sshKeys = with (import ../sshKeys.nix); [
+  moon
+];
+in
 {
   imports = [
     ./hardware-configuration.nix
     ./common.nix
+    ./common-graphics.nix
+    (import ./remote-disk-unlock.nix sshKeys)
   ];
 
   boot.loader = {
@@ -24,30 +25,30 @@
   };
 
   # unlock over ssh
-  boot.initrd = {
+  # boot.initrd = {
-    availableKernelModules = [ "igb" ];
+  #   availableKernelModules = [ "igb" ];
-    network = {
+  #   network = {
-      enable = true;
+  #     enable = true;
-      udhcpc = {
+  #     udhcpc = {
-        enable = true;
+  #       enable = true;
-        extraArgs = [ "--background" "--retries" "1" ];
+  #       extraArgs = [ "--background" "--retries" "1" ];
-      };
+  #     };
-      flushBeforeStage2 = true;
+  #     flushBeforeStage2 = true;
-      ssh = {
+  #     ssh = {
-        enable = true;
+  #       enable = true;
-        port = 22;
+  #       port = 22;
-        authorizedKeys = [
+  #       authorizedKeys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon "
+  #         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon "
-        ];
+  #       ];
-        # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
+  #       # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
-        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  #       hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
-      };
+  #     };
-      postCommands = ''
+  #     postCommands = ''
-        # Automatically ask for the password on SSH login
+  #       # Automatically ask for the password on SSH login
-        echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+  #       echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
-      '';
+  #     '';
-    };
+  #   };
-  };
+  # };
   hardware.bluetooth.enable = true; # enables support for Bluetooth
   hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
 
@@ -87,11 +88,6 @@
     fsType = "ext4";
   };
 
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
-
   # NVIDIA
   services.xserver.videoDrivers = [ "nvidia" ];
   hardware.nvidia = {
@@ -110,8 +106,6 @@
     openFirewall = true;
   };
 
-  networking.firewall.enable = true;
-
   virtualisation.docker = { enable = true; };
   virtualisation.libvirtd.enable = true;
   programs.virt-manager.enable = true;

os/hs/configuration.nix

@@ -1,78 +1,41 @@
 { config, pkgs, ... }:
 
 let
-  sshKeys = [
+  sshKeys = with (import ../../sshKeys.nix); [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAM15boHYClgaBXAIyWSjbJd3W/bwcIE6YZwLu/K+Ipp ant@nixos"
+    basado
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon"
+    moon
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5zrLxiyG6T5eupXT/wqhvtt8Cuak4DtPEzCyksqa1a ant@allegro"
+    allegro
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKt6WkeBNowTOqSv1GAvTSIMReaMDvltOKGpUC2jStGG ant@hs"
+    hs
   ];
   domain = "antoinev.freeboxos.fr";
-  # ./ssh/authorized_keys_root;
 in {
   imports = [
     ./hardware-configuration.nix
     ./syncthing.nix
     ./disks.nix
     ./backup.nix
+    ../common.nix
+    (import ../remote-disk-unlock.nix sshKeys)
   ];
 
-  nix.settings = { experimental-features = [ "nix-command" "flakes" ]; };
-
-  boot.kernelParams = [ "ip=dhcp" ];
   boot = {
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
-    initrd = {
+  };
-      availableKernelModules = [ "r8169" ];
+
-      network = {
+  hardware = {
-        enable = true;
+    graphics = {
-        ssh = {
+      enable = true;
-          enable = true;
+      enable32Bit = true;
-          port = 22;
+      extraPackages = with pkgs; [ nvidia-vaapi-driver ];
-          authorizedKeys = sshKeys;
-          hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
-          shell = "/bin/cryptsetup-askpass";
-        };
-      };
     };
+    nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_535;
   };
-
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-    extraPackages = with pkgs; [ nvidia-vaapi-driver ];
-
-  };
-
-  hardware.nvidia.package =
-    config.boot.kernelPackages.nvidiaPackages.legacy_535;
-
   services.xserver.videoDrivers = [ "nvidia" ];
 
   networking.hostName = "hs"; # Define your hostname.
-  networking.networkmanager.enable = true;
   networking.domain = domain;
 
-  time.timeZone = "Europe/Paris";
-  i18n.defaultLocale = "fr_FR.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "fr_FR.UTF-8";
-    LC_IDENTIFICATION = "fr_FR.UTF-8";
-    LC_MEASUREMENT = "fr_FR.UTF-8";
-    LC_MONETARY = "fr_FR.UTF-8";
-    LC_NAME = "fr_FR.UTF-8";
-    LC_NUMERIC = "fr_FR.UTF-8";
-    LC_PAPER = "fr_FR.UTF-8";
-    LC_TELEPHONE = "fr_FR.UTF-8";
-    LC_TIME = "fr_FR.UTF-8";
-  };
-  services.xserver.xkb = {
-    layout = "fr";
-    variant = "";
-  };
-  console.keyMap = "fr";
-
   users.users.ant = {
     isNormalUser = true;
     description = "ant";
@@ -88,30 +51,10 @@ in {
   nixpkgs.config.allowUnfree = true;
   environment.systemPackages = with pkgs; [ neovim tmux nh git curl wget htop ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
   };
-  users.users.root.openssh.authorizedKeys.keys = sshKeys;
-
-  programs.fish = {
-    enable = true;
-    interactiveShellInit = ''
-      set -gx fish_greeting
-    '';
-  };
-  users.defaultUserShell = pkgs.fish;
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
@@ -120,11 +63,8 @@ in {
     25565
   ];
   networking.firewall.allowedUDPPorts = [ 25565 ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
 
   networking.interfaces.enp10s0.wakeOnLan.enable = true;
-
   systemd.services.ragnamod = {
     enable = false;
     after = [ "network.target" ];

os/moon.nix

@@ -3,6 +3,7 @@
   imports = [ # Include the results of the hardware scan.
     ./moon-hardware-configuration.nix
     ./common.nix
+    ./common-graphics.nix
   ];
 
   # Bootloader.
@@ -26,7 +27,6 @@
   hardware.bluetooth.powerOnBoot = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  programs.fish.enable = true;
   users.users.ant = {
     isNormalUser = true;
     shell = pkgs.fish;
@@ -61,7 +61,6 @@
     to = 1764;
   } # KDE Connect
     ];
-  networking.hosts = { "90.52.247.64" = [ "home" ]; };
 
   programs.nix-ld.enable = true;
   programs.nix-ld.libraries = with pkgs; [

os/remote-disk-unlock.nix

@@ -0,0 +1,27 @@
+sshKeys: ({ config, pkgs, ... }: {
+  boot.kernelParams = [ "ip=dhcp" ];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "r8169" "igd" ];
+      network = {
+        enable = true;
+        udhcpc = {
+          enable = true;
+          extraArgs = [ "--background" "--retries" "1" ];
+        };
+        flushBeforeStage2 = true;
+        ssh = {
+          enable = true;
+          port = 22;
+          authorizedKeys = sshKeys;
+          hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
+          # shell = "/bin/cryptsetup-askpass";
+        };
+        postCommands = ''
+          # Automatically ask for the password on SSH login
+          echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+        '';
+      };
+    };
+  };
+})

sshKeys.nix

@@ -0,0 +1,6 @@
+{
+  basado = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAM15boHYClgaBXAIyWSjbJd3W/bwcIE6YZwLu/K+Ipp ant@nixos";
+  moon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon";
+  allegro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5zrLxiyG6T5eupXT/wqhvtt8Cuak4DtPEzCyksqa1a ant@allegro";
+  hs = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKt6WkeBNowTOqSv1GAvTSIMReaMDvltOKGpUC2jStGG ant@hs";
+}