Refactor host configs

2024-01-20 15:33:04 +00:00 · 2024-01-20 15:33:04 +00:00 · 6eb50d3a8f
commit 6eb50d3a8f
parent a19656d56d
9 changed files with 156 additions and 171 deletions
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@ -6,21 +6,15 @@
    ../desktop.nix
  ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };

-  networking.hostName = "atlas";
-  networking.hostId = "8425e349";
-  networking.networkmanager.enable = true;
-
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
+  networking = {
+    hostId = "8425e349";
+    networkmanager.enable = true;
+  };

  modules = {
    desktop = {
@ -53,4 +47,6 @@
      zsh.enable = true;
    };
  };
+
+  system.stateVersion = "22.11";
 }
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+{
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+  
+  console.keyMap = "uk";
+
+  security = {
+    auditd.enable = true;
+    audit = {
+      enable = true;
+      rules = [
+        "-a exit,always -F arch=b64 -S execve"
+      ];
+    };
+    sudo.execWheelOnly = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=4G
+    MaxRetentionSec=90day
+  '';
+
+  users.defaultUserShell = pkgs.zsh;
+
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    settings = {
+      connect-timeout = 5;
+      log-lines = 25;
+      min-free = 128000000;
+      max-free = 1000000000;
+      fallback = true;
+      allowed-users = [ "@wheel" ];
+      auto-optimise-store = true;
+      substituters = [
+        "http://odyssey.mesh.vimium.net"
+        "https://cache.nixos.org"
+      ];
+      trusted-public-keys = [
+        "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
+      ];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "-d --delete-older-than 7d";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+  ];
+}
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@ -1,33 +1,12 @@
 { config, lib, pkgs, ... }:

 {
-  time.timeZone = "Europe/London";
-
-  i18n.defaultLocale = "en_GB.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_GB.UTF-8";
-    LC_IDENTIFICATION = "en_GB.UTF-8";
-    LC_MEASUREMENT = "en_GB.UTF-8";
-    LC_MONETARY = "en_GB.UTF-8";
-    LC_NAME = "en_GB.UTF-8";
-    LC_NUMERIC = "en_GB.UTF-8";
-    LC_PAPER = "en_GB.UTF-8";
-    LC_TELEPHONE = "en_GB.UTF-8";
-    LC_TIME = "en_GB.UTF-8";
-  };
-
-  console.keyMap = "uk";
+  imports = [
+    ./common.nix
+  ];

  services.printing.enable = true;
-  services.openssh = {
-    enable = true;
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-    startWhenNeeded = true;
-  };
+  services.openssh.startWhenNeeded = true;

  sound.enable = true;
  hardware.pulseaudio.enable = false;
@ -39,40 +18,14 @@
    pulse.enable = true;
  };

-  environment.systemPackages = with pkgs; [
-    git
-    neovim
-  ];
-
  system.autoUpgrade = {
    enable = true;
    flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
    randomizedDelaySec = "10min";
  };

-  nix = {
-    settings = {
-      connect-timeout = 5;
-      log-lines = 25;
-      min-free = 128000000;
-      max-free = 1000000000;
-      fallback = true;
-      auto-optimise-store = true;
-      substituters = [
-        "http://odyssey.mesh.vimium.net"
-        "https://cache.nixos.org"
-      ];
-      trusted-public-keys = [
-        "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
-      ];
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "-d --delete-older-than 7d";
-    };
+  modules = {
+    desktop.gnome.enable = true;
+    networking.tailscale.enable = true;
  };
-
-  modules.desktop.gnome.enable = true;
-  modules.networking.tailscale.enable = true;
 }
--- a/hosts/eos/default.nix
+++ b/hosts/eos/default.nix
@ -6,22 +6,15 @@
    ../desktop.nix
  ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };

-  networking.hostName = "eos";
-  networking.hostId = "cc858347";
-  networking.networkmanager.enable = true;
-
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-  nix.settings.auto-optimise-store = true;
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
+  networking = {
+    hostId = "cc858347";
+    networkmanager.enable = true;
+  };

  dconf.settings = {
    "org/gnome/desktop/interface" = {
@ -51,4 +44,6 @@
      zsh.enable = true;
    };
  };
+
+  system.stateVersion = "22.11";
 }
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@ -15,20 +15,10 @@
  };

  networking = {
-    hostName = "helios";
    hostId = "47d23505";
    networkmanager.enable = true;
  };

-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
-
  modules = {
    desktop = {
      apps.qbittorrent.enable = true;
@ -60,4 +50,6 @@
      zsh.enable = true;
    };
  };
+
+  system.stateVersion = "22.11";
 }
--- a/hosts/hypnos/default.nix
+++ b/hosts/hypnos/default.nix
@ -12,17 +12,7 @@
    efi.canTouchEfiVariables = true;
  };

-  networking = {
-    hostName = "hypnos";
-    hostId = "cf791898";
-  };
-
-  nix = {
-    package = pkgs.nixFlakes;
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
+  networking.hostId = "cf791898";

  modules = {
    desktop = {
--- a/hosts/odyssey/default.nix
+++ b/hosts/odyssey/default.nix
@ -7,35 +7,25 @@
    ../desktop.nix
  ];

-  boot.loader.systemd-boot = {
-    enable = true;
-    graceful = true;
-    netbootxyz.enable = true;
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      graceful = true;
+      netbootxyz.enable = true;
+    };
+    efi.canTouchEfiVariables = true;
  };
-  boot.loader.efi.canTouchEfiVariables = true;

-  networking.hostName = "odyssey";
-  networking.hostId = "c5e68d78";
-  networking.networkmanager.enable = true;
+  networking = {
+    hostId = "c5e68d78";
+    networkmanager.enable = true;
+    firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359
+  };

-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  virtualisation.libvirtd.enable = true;
-  virtualisation.lxd.enable = true;
-  # Work around https://github.com/NixOS/nixpkgs/issues/263359
-  networking.firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ];
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
-
-  services.journald.extraConfig = ''
-    SystemMaxUse=4G
-    MaxRetentionSec=90day
-  '';
+  virtualisation = {
+    libvirtd.enable = true;
+    lxd.enable = true;
+  };

  services.nix-serve = {
    enable = true;
@ -101,4 +91,6 @@
      zsh.enable = true;
    };
  };
+
+  system.stateVersion = "22.11";
 }
--- a/hosts/server.nix
+++ b/hosts/server.nix
@ -1,49 +1,11 @@
 { config, lib, pkgs, ... }:

 {
-  time.timeZone = "Europe/London";
-
-  i18n.defaultLocale = "en_GB.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_GB.UTF-8";
-    LC_IDENTIFICATION = "en_GB.UTF-8";
-    LC_MEASUREMENT = "en_GB.UTF-8";
-    LC_MONETARY = "en_GB.UTF-8";
-    LC_NAME = "en_GB.UTF-8";
-    LC_NUMERIC = "en_GB.UTF-8";
-    LC_PAPER = "en_GB.UTF-8";
-    LC_TELEPHONE = "en_GB.UTF-8";
-    LC_TIME = "en_GB.UTF-8";
-  };
-
-  console.keyMap = "uk";
-
-  documentation.enable = false;
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    neovim
+  imports = [
+    ./common.nix
  ];

-  nix = {
-    settings = {
-      auto-optimise-store = true;
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "-d --delete-older-than 7d";
-    };
-  };
+  documentation.enable = false;

  modules.networking.tailscale = {
    enable = true;
--- a/modules/networking/wireless.nix
+++ b/modules/networking/wireless.nix
@ -31,6 +31,30 @@ in {
          "Apollo 600 Mbps".psk = "@PSK_APOLLO@";
        };
      };
+      networkmanager.ensureProfiles.profiles = {
+        "Apollo" = {
+          connection = {
+            id = "Apollo 600 Mbps";
+            type = "wifi";
+          };
+          wifi = {
+            mode = "infrastructure";
+            ssid = "Apollo 600 Mbps";
+          };
+          wifi-security = {
+            auth-alg = "open";
+            key-mgmt = "wpa-psk";
+            psk = "";
+          };
+          ipv4 = {
+            method = "auto";
+          };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+        };
+      };
    };
  };
 }