From 6a0df97bff62afbf2efd0ab33b3163977dbb479b Mon Sep 17 00:00:00 2001 From: CherryKitten Date: Mon, 1 Apr 2024 19:16:35 +0200 Subject: [PATCH] nyanya --- README.md | 26 ---- cherrykitten.pgp => files/cherrykitten.pgp | 0 flake.nix | 11 +- hosts/bengal/default.nix | 3 +- hosts/common/default.nix | 53 -------- hosts/common/graphical.nix | 21 --- hosts/common/security.nix | 49 ------- hosts/common/users.nix | 23 ---- hosts/common/virtualization.nix | 11 -- hosts/common/yubikey.nix | 11 -- hosts/ocelot/default.nix | 3 +- hosts/ocelot/gotosocial.nix | 6 +- misc/module-template.nix | 5 - {users/common => modules/home}/default.nix | 0 .../common => modules/home}/fish/default.nix | 0 {users/common => modules/home}/foot.nix | 10 +- {users/common => modules/home}/git.nix | 0 .../common => modules/home}/nvim/default.nix | 0 .../home}/nvim/lua/config/autocmds.lua | 0 .../home}/nvim/lua/config/keymaps.lua | 0 .../home}/nvim/lua/config/lazy.lua | 0 .../home}/nvim/lua/config/options.lua | 0 .../home}/nvim/lua/plugins/ansible.lua | 0 .../home}/nvim/lua/plugins/conform.lua | 0 .../home}/nvim/lua/plugins/dashboard.lua | 0 .../home}/nvim/lua/plugins/example.lua | 0 .../home}/nvim/lua/plugins/lsp.lua | 0 {users/common => modules/home}/ssh.nix | 0 {users/common => modules/home}/starship.nix | 0 {users/common => modules/home}/tmux.nix | 0 modules/nixos/.gitkeep | 0 profiles/base/default.nix | 128 ++++++++++++++++++ profiles/desktop/default.nix | 15 ++ users/default.nix | 6 + users/root/default.nix | 14 ++ users/root/home.nix | 10 ++ users/sammy/default.nix | 17 +++ users/{sammy.nix => sammy/home.nix} | 4 +- .../home.nix} | 0 39 files changed, 202 insertions(+), 224 deletions(-) rename cherrykitten.pgp => files/cherrykitten.pgp (100%) delete mode 100644 hosts/common/default.nix delete mode 100644 hosts/common/graphical.nix delete mode 100644 hosts/common/security.nix delete mode 100644 hosts/common/users.nix delete mode 100644 hosts/common/virtualization.nix delete mode 100644 hosts/common/yubikey.nix delete mode 100644 misc/module-template.nix rename {users/common => modules/home}/default.nix (100%) rename {users/common => modules/home}/fish/default.nix (100%) rename {users/common => modules/home}/foot.nix (83%) rename {users/common => modules/home}/git.nix (100%) rename {users/common => modules/home}/nvim/default.nix (100%) rename {users/common => modules/home}/nvim/lua/config/autocmds.lua (100%) rename {users/common => modules/home}/nvim/lua/config/keymaps.lua (100%) rename {users/common => modules/home}/nvim/lua/config/lazy.lua (100%) rename {users/common => modules/home}/nvim/lua/config/options.lua (100%) rename {users/common => modules/home}/nvim/lua/plugins/ansible.lua (100%) rename {users/common => modules/home}/nvim/lua/plugins/conform.lua (100%) rename {users/common => modules/home}/nvim/lua/plugins/dashboard.lua (100%) rename {users/common => modules/home}/nvim/lua/plugins/example.lua (100%) rename {users/common => modules/home}/nvim/lua/plugins/lsp.lua (100%) rename {users/common => modules/home}/ssh.nix (100%) rename {users/common => modules/home}/starship.nix (100%) rename {users/common => modules/home}/tmux.nix (100%) create mode 100644 modules/nixos/.gitkeep create mode 100644 profiles/base/default.nix create mode 100644 profiles/desktop/default.nix create mode 100644 users/default.nix create mode 100644 users/root/default.nix create mode 100644 users/root/home.nix create mode 100644 users/sammy/default.nix rename users/{sammy.nix => sammy/home.nix} (85%) rename users/{sammy@chansey.nix => sammy@chansey/home.nix} (100%) diff --git a/README.md b/README.md index cf1d7bb..c8c5544 100644 --- a/README.md +++ b/README.md @@ -1,27 +1 @@ This repository includes my NixOS and Home-manager configurations. - -The repo is organized as follows: -``` -. -├── flake.lock -├── flake.nix -├── hosts # NixOS-configurations -│   ├── bengal # Host-specific -│   │   ├── default.nix -│   │   └── hardware-configuration.nix -│   ├── common # General, imported by all hosts -│   │   ├── default.nix -│   │   ├── graphical.nix -│   │   ├── security.nix -│   │   ├── users.nix -│   │   ├── virtualization.nix -│   │   └── yubikey.nix -├── misc # just some stuff -├── modules # Home-manager and NixOS modules that follow upstream standards, currently empty lol -│   ├── home -│   └── nixos -└── users # Home-Manager configurations - ├── common # General, imported by all - ├── sammy.nix # User-specific, but not Host-specific - └── sammy@chansey.nix User- and Host-specific -``` diff --git a/cherrykitten.pgp b/files/cherrykitten.pgp similarity index 100% rename from cherrykitten.pgp rename to files/cherrykitten.pgp diff --git a/flake.nix b/flake.nix index 1a3e2b4..5596e44 100644 --- a/flake.nix +++ b/flake.nix @@ -42,19 +42,12 @@ }; defaults = { lib, config, name, ... }: { - imports = [ ./hosts/${name} ./hosts/common (import "${home-manager}/nixos") ]; - - deployment = { - targetUser = "sammy"; - allowLocalDeployment = true; - }; + imports = [ ./hosts/${name} ./profiles/base ]; home-manager.extraSpecialArgs = { inherit inputs outputs; pkgs-unstable = import nixpkgs-unstable { system = "x86_64-linux"; }; }; - - cherrykitten.hostname = name; }; bengal = { }; @@ -75,7 +68,7 @@ mkHome = { user ? "sammy", hostname ? null }: lib.homeManagerConfiguration { inherit pkgs; - modules = [ ./users/${user}.nix ] ++ lib.optional (!isNull hostname) (./. + "/users/${user}@${hostname}.nix"); + modules = [ ./users/${user} ] ++ lib.optional (!isNull hostname) (./. + "/users/${user}@${hostname}"); extraSpecialArgs = { inherit inputs outputs; pkgs-unstable = import nixpkgs-unstable { system = "x86_64-linux"; }; diff --git a/hosts/bengal/default.nix b/hosts/bengal/default.nix index 1501455..0ef3207 100644 --- a/hosts/bengal/default.nix +++ b/hosts/bengal/default.nix @@ -1,10 +1,9 @@ { ... }: { imports = [ ./hardware-configuration.nix + ../../profiles/desktop ]; - cherrykitten.graphical = true; - boot.loader.systemd-boot.enable = true; networking.hostName = "bengal"; diff --git a/hosts/common/default.nix b/hosts/common/default.nix deleted file mode 100644 index fcd7450..0000000 --- a/hosts/common/default.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ lib, pkgs, ... }: { - options.cherrykitten = { - hostname = lib.mkOption { - type = lib.types.str; - default = ""; - description = "the hostname, this is already set for every host by the flake config"; - }; - test = lib.mkOption { - type = lib.types.str; - default = "nya"; - example = "nyanya"; - }; - }; - imports = [ - ./graphical.nix - ./security.nix - ./users.nix - ./yubikey.nix - ./virtualization.nix - ]; - - config = { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - - time.timeZone = "Europe/Berlin"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = lib.mkForce "de"; - useXkbConfig = true; # use xkb.options in tty. - }; - - fonts = { - enableDefaultPackages = true; - packages = with pkgs; [ - noto-fonts-emoji - ]; - }; - - # Packages used on all systems - environment.systemPackages = with pkgs; [ - git - openssl - rsync - pinentry - wget - ]; - }; -} diff --git a/hosts/common/graphical.nix b/hosts/common/graphical.nix deleted file mode 100644 index 5d25264..0000000 --- a/hosts/common/graphical.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.cherrykitten.graphical; -in -{ - options.cherrykitten.graphical = lib.mkEnableOption (lib.mdDoc "graphical stuffs"); - - - config = lib.mkIf cfg { - services.xserver = { - enable = true; - displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; - desktopManager.plasma5.bigscreen.enable = true; - libinput.enable = true; - - xkb.layout = "de"; - xkb.options = "caps:escape"; - }; - }; -} diff --git a/hosts/common/security.nix b/hosts/common/security.nix deleted file mode 100644 index 97ab105..0000000 --- a/hosts/common/security.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ ... }: { - networking.firewall.allowedTCPPorts = [ 22 ]; - - services.openssh = { - enable = true; - extraConfig = '' - StreamLocalBindUnlink yes - ''; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - Macs = [ - "hmac-sha2-512" - "hmac-sha2-256" - ]; - KexAlgorithms = [ - "sntrup761x25519-sha512@openssh.com" - "curve25519-sha256" - "curve25519-sha256@libssh.org" - "diffie-hellman-group-exchange-sha256" - ]; - Ciphers = [ - "aes256-gcm@openssh.com" - "aes128-gcm@openssh.com" - "aes256-ctr" - "aes192-ctr" - "aes128-ctr" - ]; - }; - }; - - security = { - sudo = { - enable = true; - wheelNeedsPassword = false; - keepTerminfo = true; - }; - - acme = { - acceptTerms = true; - defaults.email = "admin@cherrykitten.dev"; - }; - }; - - services.fail2ban = { - enable = true; - maxretry = 5; - }; -} diff --git a/hosts/common/users.nix b/hosts/common/users.nix deleted file mode 100644 index e8e64fc..0000000 --- a/hosts/common/users.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, config, lib, ... }: -let - cfg = config.cherrykitten.users; - hostname = config.cherrykitten.hostname; -in -{ - options.cherrykitten.users = { - sammy.enable = lib.mkEnableOption "sammy" // { default = true; }; - }; - - config = { - users.users.sammy = lib.mkIf cfg.sammy.enable { - isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - shell = pkgs.fish; - ignoreShellProgramCheck = true; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZyQSZw+pExsx2RXB+yxbaJGB9mtvudbQ/BP7E1yKvr openpgp:0x6068FEBB" ]; - }; - - home-manager.users.sammy = lib.mkIf cfg.sammy.enable (import ../../users/sammy.nix); -# something with this is wrong lol // lib.mkIf (lib.pathExists (../../users + "/sammy@${hostname}.nix")) (import ../../users + "sammy@${hostname}.nix"); - }; -} diff --git a/hosts/common/virtualization.nix b/hosts/common/virtualization.nix deleted file mode 100644 index 7c61906..0000000 --- a/hosts/common/virtualization.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: { - virtualisation.vmVariant = { - # following configuration is added only when building VM with build-vm - virtualisation = { - memorySize = 8192; - cores = 6; - graphics = true; - }; - users.users.sammy.initialPassword = "test"; - }; -} diff --git a/hosts/common/yubikey.nix b/hosts/common/yubikey.nix deleted file mode 100644 index cf90c61..0000000 --- a/hosts/common/yubikey.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: { - services.udev.packages = with pkgs; [ libu2f-host yubikey-personalization ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - enableExtraSocket = true; - }; - - services.pcscd.enable = true; -} diff --git a/hosts/ocelot/default.nix b/hosts/ocelot/default.nix index 15781b8..ecafe1d 100644 --- a/hosts/ocelot/default.nix +++ b/hosts/ocelot/default.nix @@ -1,10 +1,9 @@ { ... }: { imports = [ ./hardware-configuration.nix + ./gotosocial.nix ]; - cherrykitten.graphical = false; - boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "ocelot"; diff --git a/hosts/ocelot/gotosocial.nix b/hosts/ocelot/gotosocial.nix index 5e492af..945f625 100644 --- a/hosts/ocelot/gotosocial.nix +++ b/hosts/ocelot/gotosocial.nix @@ -1,12 +1,14 @@ -{ ... }: +{ pkgs-unstable, ... }: let bind-address = "127.0.0.1"; - host = "test-gts.cherrykitten.xyz"; + host = "gts-test.cherrykitten.xyz"; port = 8553; in { services.gotosocial = { enable = true; + setupPostgresqlDB = true; + package = pkgs-unstable.gotosocial; settings = { inherit bind-address host port; application-name = "CherryKitten"; diff --git a/misc/module-template.nix b/misc/module-template.nix deleted file mode 100644 index 89b295a..0000000 --- a/misc/module-template.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: { - options.cherrykitten = { }; - - config = { }; -} diff --git a/users/common/default.nix b/modules/home/default.nix similarity index 100% rename from users/common/default.nix rename to modules/home/default.nix diff --git a/users/common/fish/default.nix b/modules/home/fish/default.nix similarity index 100% rename from users/common/fish/default.nix rename to modules/home/fish/default.nix diff --git a/users/common/foot.nix b/modules/home/foot.nix similarity index 83% rename from users/common/foot.nix rename to modules/home/foot.nix index 735d8f9..1a3f2a4 100644 --- a/users/common/foot.nix +++ b/modules/home/foot.nix @@ -1,12 +1,6 @@ -{ config, lib, ... }: -let - graphical = - if builtins.hasAttr "cherrykitten" config - then config.cherrykitten.graphical - else true; -in +{ ... }: { - programs.foot = lib.mkIf graphical { + programs.foot = { enable = true; settings = { main = { diff --git a/users/common/git.nix b/modules/home/git.nix similarity index 100% rename from users/common/git.nix rename to modules/home/git.nix diff --git a/users/common/nvim/default.nix b/modules/home/nvim/default.nix similarity index 100% rename from users/common/nvim/default.nix rename to modules/home/nvim/default.nix diff --git a/users/common/nvim/lua/config/autocmds.lua b/modules/home/nvim/lua/config/autocmds.lua similarity index 100% rename from users/common/nvim/lua/config/autocmds.lua rename to modules/home/nvim/lua/config/autocmds.lua diff --git a/users/common/nvim/lua/config/keymaps.lua b/modules/home/nvim/lua/config/keymaps.lua similarity index 100% rename from users/common/nvim/lua/config/keymaps.lua rename to modules/home/nvim/lua/config/keymaps.lua diff --git a/users/common/nvim/lua/config/lazy.lua b/modules/home/nvim/lua/config/lazy.lua similarity index 100% rename from users/common/nvim/lua/config/lazy.lua rename to modules/home/nvim/lua/config/lazy.lua diff --git a/users/common/nvim/lua/config/options.lua b/modules/home/nvim/lua/config/options.lua similarity index 100% rename from users/common/nvim/lua/config/options.lua rename to modules/home/nvim/lua/config/options.lua diff --git a/users/common/nvim/lua/plugins/ansible.lua b/modules/home/nvim/lua/plugins/ansible.lua similarity index 100% rename from users/common/nvim/lua/plugins/ansible.lua rename to modules/home/nvim/lua/plugins/ansible.lua diff --git a/users/common/nvim/lua/plugins/conform.lua b/modules/home/nvim/lua/plugins/conform.lua similarity index 100% rename from users/common/nvim/lua/plugins/conform.lua rename to modules/home/nvim/lua/plugins/conform.lua diff --git a/users/common/nvim/lua/plugins/dashboard.lua b/modules/home/nvim/lua/plugins/dashboard.lua similarity index 100% rename from users/common/nvim/lua/plugins/dashboard.lua rename to modules/home/nvim/lua/plugins/dashboard.lua diff --git a/users/common/nvim/lua/plugins/example.lua b/modules/home/nvim/lua/plugins/example.lua similarity index 100% rename from users/common/nvim/lua/plugins/example.lua rename to modules/home/nvim/lua/plugins/example.lua diff --git a/users/common/nvim/lua/plugins/lsp.lua b/modules/home/nvim/lua/plugins/lsp.lua similarity index 100% rename from users/common/nvim/lua/plugins/lsp.lua rename to modules/home/nvim/lua/plugins/lsp.lua diff --git a/users/common/ssh.nix b/modules/home/ssh.nix similarity index 100% rename from users/common/ssh.nix rename to modules/home/ssh.nix diff --git a/users/common/starship.nix b/modules/home/starship.nix similarity index 100% rename from users/common/starship.nix rename to modules/home/starship.nix diff --git a/users/common/tmux.nix b/modules/home/tmux.nix similarity index 100% rename from users/common/tmux.nix rename to modules/home/tmux.nix diff --git a/modules/nixos/.gitkeep b/modules/nixos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/profiles/base/default.nix b/profiles/base/default.nix new file mode 100644 index 0000000..23687a1 --- /dev/null +++ b/profiles/base/default.nix @@ -0,0 +1,128 @@ +{ lib, config, pkgs, inputs, ... }: { + imports = [ + ../../users + inputs.home-manager.nixosModules.home-manager + ]; + + deployment.tags = [ pkgs.stdenv.hostPlatform.system ]; + deployment.targetUser = lib.mkDefault "sammy"; + deployment.targetHost = lib.mkDefault config.networking.fqdnOrHostName; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ "root" "@wheel" "sammy" ]; + }; + gc = { + automatic = lib.mkDefault true; + options = lib.mkDefault "--delete-older-than 7d"; + }; + }; + + users.mutableUsers = false; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + nixpkgs.config.allowUnfree = true; + hardware.enableAllFirmware = true; + + time.timeZone = lib.mkDefault "Europe/Berlin"; + + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = lib.mkDefault "de"; + useXkbConfig = true; + }; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + services.openssh = { + enable = true; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + Macs = [ + "hmac-sha2-512" + "hmac-sha2-256" + ]; + KexAlgorithms = [ + "sntrup761x25519-sha512@openssh.com" + "curve25519-sha256" + "curve25519-sha256@libssh.org" + "diffie-hellman-group-exchange-sha256" + ]; + Ciphers = [ + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + "aes256-ctr" + "aes192-ctr" + "aes128-ctr" + ]; + }; + }; + + security = { + sudo = { + enable = true; + wheelNeedsPassword = false; + keepTerminfo = true; + }; + + acme = { + acceptTerms = true; + defaults.email = "admin@cherrykitten.dev"; + }; + }; + + services.fail2ban = { + enable = lib.mkDefault true; + maxretry = 5; + }; + services.udev.packages = with pkgs; [ libu2f-host yubikey-personalization ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; + + services.pcscd.enable = true; + + virtualisation.vmVariant = { + # following configuration is added only when building VM with build-vm + virtualisation = { + memorySize = 8192; + cores = 6; + graphics = true; + }; + users.users.sammy.hashedPassword = ""; + }; + + programs.fish.enable = true; + # Packages used on all systems + environment.systemPackages = with pkgs; [ + bat + bind.dnsutils + fd + file + git + gnupg + htop + jq + mtr + nmap + openssl + pinentry + rsync + tcpdump + tmux + wget + whois + wireguard-tools + ]; + + +} diff --git a/profiles/desktop/default.nix b/profiles/desktop/default.nix new file mode 100644 index 0000000..b678c0c --- /dev/null +++ b/profiles/desktop/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: { + services.xserver = { + enable = true; + displayManager.sddm.enable = true; + desktopManager.plasma5.enable = true; + libinput.enable = true; + + xkb.layout = "de"; + xkb.options = "caps:escape"; + }; + fonts = { + enableDefaultPackages = true; + packages = [ pkgs.noto-fonts-emoji ]; + }; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..6d5f25a --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{ ... }: { + imports = [ + ./sammy + ./root + ]; +} diff --git a/users/root/default.nix b/users/root/default.nix new file mode 100644 index 0000000..a30a479 --- /dev/null +++ b/users/root/default.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, ... }: +{ + deployment.keys."root_password_hash" = { + destDir = "/nix/persist/keys"; + keyCommand = [ "pass" "users/root/hashedPassword" ]; + }; + + users.users.root = { + shell = pkgs.fish; + hashedPasswordFile = lib.mkDefault "/nix/persist/keys/root_password_hash"; + }; + + home-manager.users.root = import ./home.nix; +} diff --git a/users/root/home.nix b/users/root/home.nix new file mode 100644 index 0000000..1239d58 --- /dev/null +++ b/users/root/home.nix @@ -0,0 +1,10 @@ +{ ... }: { + imports = [ ../../modules/home ]; + + home.stateVersion = "23.11"; # Please read the comment before changing. + + home.sessionVariables = { + EDITOR = "nvim"; + }; + +} diff --git a/users/sammy/default.nix b/users/sammy/default.nix new file mode 100644 index 0000000..a317178 --- /dev/null +++ b/users/sammy/default.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, ... }: +{ + deployment.keys."sammy_password_hash" = { + destDir = "/nix/persist/keys"; + keyCommand = [ "pass" "users/sammy/hashedPassword" ]; + }; + + users.users.sammy = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZyQSZw+pExsx2RXB+yxbaJGB9mtvudbQ/BP7E1yKvr openpgp:0x6068FEBB" ]; + hashedPasswordFile = lib.mkDefault "/nix/persist/keys/sammy_password_hash"; + }; + + home-manager.users.sammy = import ./home.nix; +} diff --git a/users/sammy.nix b/users/sammy/home.nix similarity index 85% rename from users/sammy.nix rename to users/sammy/home.nix index 1c9041c..25bae39 100644 --- a/users/sammy.nix +++ b/users/sammy/home.nix @@ -1,5 +1,5 @@ { ... }: { - imports = [ ./common ]; + imports = [ ../../modules/home ]; programs.git = { userName = "CherryKitten"; @@ -19,7 +19,7 @@ enable = true; publicKeys = [ { - source = ../cherrykitten.pgp; + source = ../../files/cherrykitten.pgp; trust = "ultimate"; } diff --git a/users/sammy@chansey.nix b/users/sammy@chansey/home.nix similarity index 100% rename from users/sammy@chansey.nix rename to users/sammy@chansey/home.nix