Refactor host configs

hosts/atlas/default.nix

@@ -6,21 +6,15 @@
     ../desktop.nix
   ];
 
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
-  boot.loader.efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
 
-  networking.hostName = "atlas";
+  networking = {
-  networking.hostId = "8425e349";
+    hostId = "8425e349";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-
+  };
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
 
   modules = {
     desktop = {
@@ -53,4 +47,6 @@
       zsh.enable = true;
     };
   };
+
+  system.stateVersion = "22.11";
 }

hosts/common.nix

@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+{
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+  
+  console.keyMap = "uk";
+
+  security = {
+    auditd.enable = true;
+    audit = {
+      enable = true;
+      rules = [
+        "-a exit,always -F arch=b64 -S execve"
+      ];
+    };
+    sudo.execWheelOnly = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=4G
+    MaxRetentionSec=90day
+  '';
+
+  users.defaultUserShell = pkgs.zsh;
+
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    settings = {
+      connect-timeout = 5;
+      log-lines = 25;
+      min-free = 128000000;
+      max-free = 1000000000;
+      fallback = true;
+      allowed-users = [ "@wheel" ];
+      auto-optimise-store = true;
+      substituters = [
+        "http://odyssey.mesh.vimium.net"
+        "https://cache.nixos.org"
+      ];
+      trusted-public-keys = [
+        "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
+      ];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "-d --delete-older-than 7d";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+  ];
+}

hosts/desktop.nix

@@ -1,33 +1,12 @@
 { config, lib, pkgs, ... }:
 
 {
-  time.timeZone = "Europe/London";
+  imports = [
-
+    ./common.nix
-  i18n.defaultLocale = "en_GB.UTF-8";
+  ];
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_GB.UTF-8";
-    LC_IDENTIFICATION = "en_GB.UTF-8";
-    LC_MEASUREMENT = "en_GB.UTF-8";
-    LC_MONETARY = "en_GB.UTF-8";
-    LC_NAME = "en_GB.UTF-8";
-    LC_NUMERIC = "en_GB.UTF-8";
-    LC_PAPER = "en_GB.UTF-8";
-    LC_TELEPHONE = "en_GB.UTF-8";
-    LC_TIME = "en_GB.UTF-8";
-  };
-
-  console.keyMap = "uk";
 
   services.printing.enable = true;
-  services.openssh = {
+  services.openssh.startWhenNeeded = true;
-    enable = true;
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-    startWhenNeeded = true;
-  };
 
   sound.enable = true;
   hardware.pulseaudio.enable = false;
@@ -39,40 +18,14 @@
     pulse.enable = true;
   };
 
-  environment.systemPackages = with pkgs; [
-    git
-    neovim
-  ];
-
   system.autoUpgrade = {
     enable = true;
     flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
     randomizedDelaySec = "10min";
   };
 
-  nix = {
+  modules = {
-    settings = {
+    desktop.gnome.enable = true;
-      connect-timeout = 5;
+    networking.tailscale.enable = true;
-      log-lines = 25;
-      min-free = 128000000;
-      max-free = 1000000000;
-      fallback = true;
-      auto-optimise-store = true;
-      substituters = [
-        "http://odyssey.mesh.vimium.net"
-        "https://cache.nixos.org"
-      ];
-      trusted-public-keys = [
-        "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
-      ];
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "-d --delete-older-than 7d";
-    };
   };
-
-  modules.desktop.gnome.enable = true;
-  modules.networking.tailscale.enable = true;
 }

hosts/eos/default.nix

@@ -6,22 +6,15 @@
     ../desktop.nix
   ];
 
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
-  boot.loader.efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
 
-  networking.hostName = "eos";
+  networking = {
-  networking.hostId = "cc858347";
+    hostId = "cc858347";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-
+  };
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-  nix.settings.auto-optimise-store = true;
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
 
   dconf.settings = {
     "org/gnome/desktop/interface" = {
@@ -51,4 +44,6 @@
       zsh.enable = true;
     };
   };
+
+  system.stateVersion = "22.11";
 }

hosts/helios/default.nix

@@ -15,20 +15,10 @@
   };
 
   networking = {
-    hostName = "helios";
     hostId = "47d23505";
     networkmanager.enable = true;
   };
 
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
-
   modules = {
     desktop = {
       apps.qbittorrent.enable = true;
@@ -60,4 +50,6 @@
       zsh.enable = true;
     };
   };
+
+  system.stateVersion = "22.11";
 }

hosts/hypnos/default.nix

@@ -12,17 +12,7 @@
     efi.canTouchEfiVariables = true;
   };
 
-  networking = {
+  networking.hostId = "cf791898";
-    hostName = "hypnos";
-    hostId = "cf791898";
-  };
-
-  nix = {
-    package = pkgs.nixFlakes;
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
 
   modules = {
     desktop = {

hosts/odyssey/default.nix

@@ -7,35 +7,25 @@
     ../desktop.nix
   ];
 
-  boot.loader.systemd-boot = {
+  boot.loader = {
-    enable = true;
+    systemd-boot = {
-    graceful = true;
+      enable = true;
-    netbootxyz.enable = true;
+      graceful = true;
+      netbootxyz.enable = true;
+    };
+    efi.canTouchEfiVariables = true;
   };
-  boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "odyssey";
+  networking = {
-  networking.hostId = "c5e68d78";
+    hostId = "c5e68d78";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
+    firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359
+  };
 
-  nix.package = pkgs.nixFlakes;
+  virtualisation = {
-  nix.extraOptions = ''
+    libvirtd.enable = true;
-    experimental-features = nix-command flakes
+    lxd.enable = true;
-  '';
+  };
-
-  virtualisation.libvirtd.enable = true;
-  virtualisation.lxd.enable = true;
-  # Work around https://github.com/NixOS/nixpkgs/issues/263359
-  networking.firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ];
-
-  users.defaultUserShell = pkgs.zsh;
-
-  system.stateVersion = "22.11";
-
-  services.journald.extraConfig = ''
-    SystemMaxUse=4G
-    MaxRetentionSec=90day
-  '';
 
   services.nix-serve = {
     enable = true;
@@ -101,4 +91,6 @@
       zsh.enable = true;
     };
   };
+
+  system.stateVersion = "22.11";
 }

hosts/server.nix

@@ -1,49 +1,11 @@
 { config, lib, pkgs, ... }:
 
 {
-  time.timeZone = "Europe/London";
+  imports = [
-
+    ./common.nix
-  i18n.defaultLocale = "en_GB.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_GB.UTF-8";
-    LC_IDENTIFICATION = "en_GB.UTF-8";
-    LC_MEASUREMENT = "en_GB.UTF-8";
-    LC_MONETARY = "en_GB.UTF-8";
-    LC_NAME = "en_GB.UTF-8";
-    LC_NUMERIC = "en_GB.UTF-8";
-    LC_PAPER = "en_GB.UTF-8";
-    LC_TELEPHONE = "en_GB.UTF-8";
-    LC_TIME = "en_GB.UTF-8";
-  };
-
-  console.keyMap = "uk";
-
-  documentation.enable = false;
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    neovim
   ];
 
-  nix = {
+  documentation.enable = false;
-    settings = {
-      auto-optimise-store = true;
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "-d --delete-older-than 7d";
-    };
-  };
 
   modules.networking.tailscale = {
     enable = true;

modules/networking/wireless.nix

@@ -31,6 +31,30 @@ in {
           "Apollo 600 Mbps".psk = "@PSK_APOLLO@";
         };
       };
+      networkmanager.ensureProfiles.profiles = {
+        "Apollo" = {
+          connection = {
+            id = "Apollo 600 Mbps";
+            type = "wifi";
+          };
+          wifi = {
+            mode = "infrastructure";
+            ssid = "Apollo 600 Mbps";
+          };
+          wifi-security = {
+            auth-alg = "open";
+            key-mgmt = "wpa-psk";
+            psk = "";
+          };
+          ipv4 = {
+            method = "auto";
+          };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+        };
+      };
     };
   };
 }