SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 17:49:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles: Introduce core, server and workstation profiles

Browse source
This commit is contained in:
SebastianStork 2026-02-03 21:09:06 +01:00
parent 1c0f293c3d
commit 100f02a2d8
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
15 changed files with 94 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

93
hosts/common.nix
View file

@ -1,93 +0,0 @@
{
config,
inputs,
self,
pkgs,
lib,
...
}:
{
imports = [ self.nixosModules.default ];
nix =
let
flakeInputs = inputs |> lib.filterAttrs (_: lib.isType "flake");
in
{
channel.enable = false;
registry = flakeInputs |> lib.mapAttrs (_: flake: { inherit flake; });
nixPath = flakeInputs |> lib.attrNames |> lib.map (name: "${name}=flake:${name}");
settings = {
flake-registry = "";
nix-path = config.nix.nixPath;
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
auto-optimise-store = true;
warn-dirty = false;
trusted-users = [
"root"
"@wheel"
];
commit-lock-file-summary = "flake.lock: Update";
allow-import-from-derivation = false;
min-free = 4 * 1024 * 1024 * 1024;
max-free = 8 * 1024 * 1024 * 1024;
};
};
systemd.enableStrictShellChecks = true;
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings =
let
de = "de_DE.UTF-8";
in
{
LC_ADDRESS = de;
LC_IDENTIFICATION = de;
LC_MEASUREMENT = de;
LC_MONETARY = de;
LC_NAME = de;
LC_NUMERIC = de;
LC_PAPER = de;
LC_TELEPHONE = de;
LC_TIME = de;
};
};
console.keyMap = "de-latin1-nodeadkeys";
users.mutableUsers = false;
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
environment.systemPackages = [
(lib.hiPrio pkgs.uutils-coreutils-noprefix)
pkgs.git
pkgs.just
pkgs.nh
pkgs.dust
pkgs.comma
pkgs.btop
];
nixpkgs.config.allowUnfree = true;
_module.args.pkgs-unstable = import inputs.nixpkgs-unstable {
inherit (pkgs.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config;
};
}

39
hosts/desktop/default.nix
View file

@ -1,51 +1,22 @@
{ inputs, pkgs, ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-workstation ];
system.stateVersion = "23.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
sops.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.1";
role = "client";
};
overlay.address = "10.254.250.1";
underlay = {
interface = "enp6s0";
useDhcp = true;
};
};
services = {
auto-gc.enable = true;
sound.enable = true;
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
};
};
services.syncthing.deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
programs.steam.enable = true;
};
programs.localsend.enable = true;
}

2
hosts/desktop/hardware.nix
View file

@ -22,8 +22,6 @@ _: {
];
};
zramSwap.enable = true;
# Prevent immediate wake-up from suspend caused by the logi bolt receiver
services.udev.extraRules = ''
ACTION=="add" SUBSYSTEM=="pci" ATTR{vendor}=="0x1022" ATTR{device}=="0x43ee" ATTR{power/wakeup}="disabled"

37
hosts/laptop/default.nix
View file

@ -1,33 +1,14 @@
{ inputs, pkgs, ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-workstation ];
system.stateVersion = "24.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
sops.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.3";
role = "client";
};
overlay.address = "10.254.250.3";
underlay = {
interface = "wlan0";
useDhcp = true;
@ -36,14 +17,8 @@
};
services = {
auto-gc.enable = true;
bluetooth.enable = true;
sound.enable = true;
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
};
syncthing.deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
};
programs = {
@ -51,6 +26,4 @@
wireshark.enable = true;
};
};
programs.localsend.enable = true;
}

2
hosts/laptop/hardware.nix
View file

@ -20,8 +20,6 @@
];
};
zramSwap.enable = true;
services = {
fwupd.enable = true;
fprintd.enable = true; # fwupdmgr refresh && fwupdmgr update

28
hosts/vps-monitor/default.nix
View file

@ -1,25 +1,16 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
custom = {
persistence.enable = true;
sops.enable = true;
boot.loader.grub.enable = true;
networking = {
overlay = {
address = "10.254.250.5";
isLighthouse = true;
role = "server";
};
underlay = {
interface = "enp1s0";
@ -29,15 +20,7 @@
};
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true;
};
services.dns.enable = true;
web-services =
let
@ -77,11 +60,6 @@
enable = true;
domain = "logs.${privateDomain}";
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-monitor/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}

28
hosts/vps-private/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
@ -13,17 +9,12 @@
privateDomain = config.custom.networking.overlay.domain;
in
{
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.2";
isLighthouse = true;
role = "server";
};
underlay = {
interface = "enp1s0";
@ -34,19 +25,13 @@
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true;
syncthing = {
enable = true;
isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
isServer = true;
gui.domain = "syncthing.${privateDomain}";
doBackups = true;
};
};
@ -62,11 +47,6 @@
domain = "budget.${privateDomain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-private/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}

44
hosts/vps-public/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
@ -13,17 +9,10 @@
sproutedDomain = "sprouted.cloud";
in
{
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.4";
role = "server";
};
overlay.address = "10.254.250.4";
underlay = {
interface = "enp1s0";
cidr = "167.235.73.246/32";
@ -32,25 +21,15 @@
};
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 { close }
'';
};
services.caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 { close }
'';
};
web-services =
let
privateDomain = config.custom.networking.overlay.domain;
sstorkDomain = "sstork.dev";
in
{
@ -94,14 +73,9 @@
radicale = {
enable = true;
domain = "dav.${privateDomain}";
domain = "dav.${config.custom.networking.overlay.domain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-public/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}