diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index 1314b42..a51fb45 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -6,21 +6,15 @@ ../desktop.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; - networking.hostName = "atlas"; - networking.hostId = "8425e349"; - networking.networkmanager.enable = true; - - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - users.defaultUserShell = pkgs.zsh; - - system.stateVersion = "22.11"; + networking = { + hostId = "8425e349"; + networkmanager.enable = true; + }; modules = { desktop = { @@ -53,4 +47,6 @@ zsh.enable = true; }; }; + + system.stateVersion = "22.11"; } diff --git a/hosts/common.nix b/hosts/common.nix new file mode 100644 index 0000000..69ba270 --- /dev/null +++ b/hosts/common.nix @@ -0,0 +1,81 @@ +{ config, lib, pkgs, ... }: + +{ + time.timeZone = "Europe/London"; + + i18n.defaultLocale = "en_GB.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + console.keyMap = "uk"; + + security = { + auditd.enable = true; + audit = { + enable = true; + rules = [ + "-a exit,always -F arch=b64 -S execve" + ]; + }; + sudo.execWheelOnly = true; + }; + + services.openssh = { + enable = true; + allowSFTP = false; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + services.journald.extraConfig = '' + SystemMaxUse=4G + MaxRetentionSec=90day + ''; + + users.defaultUserShell = pkgs.zsh; + + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + settings = { + connect-timeout = 5; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + fallback = true; + allowed-users = [ "@wheel" ]; + auto-optimise-store = true; + substituters = [ + "http://odyssey.mesh.vimium.net" + "https://cache.nixos.org" + ]; + trusted-public-keys = [ + "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ=" + ]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "-d --delete-older-than 7d"; + }; + }; + + environment.systemPackages = with pkgs; [ + git + neovim + ]; +} diff --git a/hosts/desktop.nix b/hosts/desktop.nix index 163a9c1..a23a8f6 100644 --- a/hosts/desktop.nix +++ b/hosts/desktop.nix @@ -1,33 +1,12 @@ { config, lib, pkgs, ... }: { - time.timeZone = "Europe/London"; - - i18n.defaultLocale = "en_GB.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_GB.UTF-8"; - LC_IDENTIFICATION = "en_GB.UTF-8"; - LC_MEASUREMENT = "en_GB.UTF-8"; - LC_MONETARY = "en_GB.UTF-8"; - LC_NAME = "en_GB.UTF-8"; - LC_NUMERIC = "en_GB.UTF-8"; - LC_PAPER = "en_GB.UTF-8"; - LC_TELEPHONE = "en_GB.UTF-8"; - LC_TIME = "en_GB.UTF-8"; - }; - - console.keyMap = "uk"; + imports = [ + ./common.nix + ]; services.printing.enable = true; - services.openssh = { - enable = true; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - startWhenNeeded = true; - }; + services.openssh.startWhenNeeded = true; sound.enable = true; hardware.pulseaudio.enable = false; @@ -39,40 +18,14 @@ pulse.enable = true; }; - environment.systemPackages = with pkgs; [ - git - neovim - ]; - system.autoUpgrade = { enable = true; flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git"; randomizedDelaySec = "10min"; }; - nix = { - settings = { - connect-timeout = 5; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - fallback = true; - auto-optimise-store = true; - substituters = [ - "http://odyssey.mesh.vimium.net" - "https://cache.nixos.org" - ]; - trusted-public-keys = [ - "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ=" - ]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "-d --delete-older-than 7d"; - }; + modules = { + desktop.gnome.enable = true; + networking.tailscale.enable = true; }; - - modules.desktop.gnome.enable = true; - modules.networking.tailscale.enable = true; } diff --git a/hosts/eos/default.nix b/hosts/eos/default.nix index f21faa8..4c0a253 100644 --- a/hosts/eos/default.nix +++ b/hosts/eos/default.nix @@ -6,22 +6,15 @@ ../desktop.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; - networking.hostName = "eos"; - networking.hostId = "cc858347"; - networking.networkmanager.enable = true; - - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - nix.settings.auto-optimise-store = true; - - users.defaultUserShell = pkgs.zsh; - - system.stateVersion = "22.11"; + networking = { + hostId = "cc858347"; + networkmanager.enable = true; + }; dconf.settings = { "org/gnome/desktop/interface" = { @@ -51,4 +44,6 @@ zsh.enable = true; }; }; + + system.stateVersion = "22.11"; } diff --git a/hosts/helios/default.nix b/hosts/helios/default.nix index 02e970e..b4260d8 100644 --- a/hosts/helios/default.nix +++ b/hosts/helios/default.nix @@ -15,20 +15,10 @@ }; networking = { - hostName = "helios"; hostId = "47d23505"; networkmanager.enable = true; }; - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - users.defaultUserShell = pkgs.zsh; - - system.stateVersion = "22.11"; - modules = { desktop = { apps.qbittorrent.enable = true; @@ -60,4 +50,6 @@ zsh.enable = true; }; }; + + system.stateVersion = "22.11"; } diff --git a/hosts/hypnos/default.nix b/hosts/hypnos/default.nix index 2295226..de6014b 100644 --- a/hosts/hypnos/default.nix +++ b/hosts/hypnos/default.nix @@ -12,17 +12,7 @@ efi.canTouchEfiVariables = true; }; - networking = { - hostName = "hypnos"; - hostId = "cf791898"; - }; - - nix = { - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; + networking.hostId = "cf791898"; modules = { desktop = { diff --git a/hosts/odyssey/default.nix b/hosts/odyssey/default.nix index 1715ad1..2e5b78b 100644 --- a/hosts/odyssey/default.nix +++ b/hosts/odyssey/default.nix @@ -7,35 +7,25 @@ ../desktop.nix ]; - boot.loader.systemd-boot = { - enable = true; - graceful = true; - netbootxyz.enable = true; + boot.loader = { + systemd-boot = { + enable = true; + graceful = true; + netbootxyz.enable = true; + }; + efi.canTouchEfiVariables = true; }; - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "odyssey"; - networking.hostId = "c5e68d78"; - networking.networkmanager.enable = true; + networking = { + hostId = "c5e68d78"; + networkmanager.enable = true; + firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359 + }; - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - virtualisation.libvirtd.enable = true; - virtualisation.lxd.enable = true; - # Work around https://github.com/NixOS/nixpkgs/issues/263359 - networking.firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; - - users.defaultUserShell = pkgs.zsh; - - system.stateVersion = "22.11"; - - services.journald.extraConfig = '' - SystemMaxUse=4G - MaxRetentionSec=90day - ''; + virtualisation = { + libvirtd.enable = true; + lxd.enable = true; + }; services.nix-serve = { enable = true; @@ -101,4 +91,6 @@ zsh.enable = true; }; }; + + system.stateVersion = "22.11"; } diff --git a/hosts/server.nix b/hosts/server.nix index 1c4ec85..2dde15b 100644 --- a/hosts/server.nix +++ b/hosts/server.nix @@ -1,49 +1,11 @@ { config, lib, pkgs, ... }: { - time.timeZone = "Europe/London"; - - i18n.defaultLocale = "en_GB.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_GB.UTF-8"; - LC_IDENTIFICATION = "en_GB.UTF-8"; - LC_MEASUREMENT = "en_GB.UTF-8"; - LC_MONETARY = "en_GB.UTF-8"; - LC_NAME = "en_GB.UTF-8"; - LC_NUMERIC = "en_GB.UTF-8"; - LC_PAPER = "en_GB.UTF-8"; - LC_TELEPHONE = "en_GB.UTF-8"; - LC_TIME = "en_GB.UTF-8"; - }; - - console.keyMap = "uk"; - - documentation.enable = false; - - services.openssh = { - enable = true; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - environment.systemPackages = with pkgs; [ - git - neovim + imports = [ + ./common.nix ]; - nix = { - settings = { - auto-optimise-store = true; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "-d --delete-older-than 7d"; - }; - }; + documentation.enable = false; modules.networking.tailscale = { enable = true; diff --git a/modules/networking/wireless.nix b/modules/networking/wireless.nix index 8f7ac8c..91b8fff 100644 --- a/modules/networking/wireless.nix +++ b/modules/networking/wireless.nix @@ -31,6 +31,30 @@ in { "Apollo 600 Mbps".psk = "@PSK_APOLLO@"; }; }; + networkmanager.ensureProfiles.profiles = { + "Apollo" = { + connection = { + id = "Apollo 600 Mbps"; + type = "wifi"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Apollo 600 Mbps"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = ""; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + }; + }; }; }; }