SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 16:39:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles: Introduce core, server and workstation profiles

Browse source
This commit is contained in:
SebastianStork 2026-02-03 21:09:06 +01:00
parent 1c0f293c3d
commit 100f02a2d8
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
15 changed files with 94 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake-parts/hosts.nix
View file

@ -11,8 +11,9 @@ let
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
modules = [ modules = [
{ networking = { inherit hostName; }; } { networking = { inherit hostName; }; }
"${self}/hosts/common.nix" "${self}/hosts/${hostName}/default.nix"
"${self}/hosts/${hostName}" "${self}/hosts/${hostName}/hardware.nix"
"${self}/hosts/${hostName}/disko.nix"
"${self}/users/seb" "${self}/users/seb"
] ]
++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}"; ++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}";

12
flake-parts/profiles.nix Normal file
View file

@ -0,0 +1,12 @@
{ self, lib, ... }:
{
flake.nixosModules =
"${self}/profiles"
|> builtins.readDir
|> lib.attrNames
|> lib.map (name: {
name = "profile-${name |> lib.removeSuffix ".nix"}";
value = "${self}/profiles/${name}";
})
|> lib.listToAttrs;
}

39
hosts/desktop/default.nix
View file

@ -1,51 +1,22 @@
{ inputs, pkgs, ... }: { self, ... }:
{ {
imports = [ imports = [ self.nixosModules.profile-workstation ];
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = { custom = {
sops.enable = true; boot.loader.systemd-boot.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
networking = { networking = {
overlay = { overlay.address = "10.254.250.1";
address = "10.254.250.1";
role = "client";
};
underlay = { underlay = {
interface = "enp6s0"; interface = "enp6s0";
useDhcp = true; useDhcp = true;
}; };
}; };
services = { services.syncthing.deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
auto-gc.enable = true;
sound.enable = true;
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
};
};
programs.steam.enable = true; programs.steam.enable = true;
}; };
programs.localsend.enable = true;
} }

2
hosts/desktop/hardware.nix
View file

@ -22,8 +22,6 @@ _: {
]; ];
}; };
zramSwap.enable = true;
# Prevent immediate wake-up from suspend caused by the logi bolt receiver # Prevent immediate wake-up from suspend caused by the logi bolt receiver
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="add" SUBSYSTEM=="pci" ATTR{vendor}=="0x1022" ATTR{device}=="0x43ee" ATTR{power/wakeup}="disabled" ACTION=="add" SUBSYSTEM=="pci" ATTR{vendor}=="0x1022" ATTR{device}=="0x43ee" ATTR{power/wakeup}="disabled"

37
hosts/laptop/default.nix
View file

@ -1,33 +1,14 @@
{ inputs, pkgs, ... }: { self, ... }:
{ {
imports = [ imports = [ self.nixosModules.profile-workstation ];
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = { custom = {
sops.enable = true; boot.loader.systemd-boot.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
networking = { networking = {
overlay = { overlay.address = "10.254.250.3";
address = "10.254.250.3";
role = "client";
};
underlay = { underlay = {
interface = "wlan0"; interface = "wlan0";
useDhcp = true; useDhcp = true;
@ -36,14 +17,8 @@
}; };
services = { services = {
auto-gc.enable = true;
bluetooth.enable = true; bluetooth.enable = true;
sound.enable = true; syncthing.deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
};
}; };
programs = { programs = {
@ -51,6 +26,4 @@
wireshark.enable = true; wireshark.enable = true;
}; };
}; };
programs.localsend.enable = true;
} }

2
hosts/laptop/hardware.nix
View file

@ -20,8 +20,6 @@
]; ];
}; };
zramSwap.enable = true;
services = { services = {
fwupd.enable = true; fwupd.enable = true;
fprintd.enable = true; # fwupdmgr refresh && fwupdmgr update fprintd.enable = true; # fwupdmgr refresh && fwupdmgr update

28
hosts/vps-monitor/default.nix
View file

@ -1,25 +1,16 @@
{ config, inputs, ... }: { config, self, ... }:
{ {
imports = [ imports = [ self.nixosModules.profile-server ];
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "25.11"; system.stateVersion = "25.11";
custom = { custom = {
persistence.enable = true;
sops.enable = true;
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
networking = { networking = {
overlay = { overlay = {
address = "10.254.250.5"; address = "10.254.250.5";
isLighthouse = true; isLighthouse = true;
role = "server";
}; };
underlay = { underlay = {
interface = "enp1s0"; interface = "enp1s0";
@ -29,15 +20,7 @@
}; };
}; };
services = { services.dns.enable = true;
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true;
};
web-services = web-services =
let let
@ -77,11 +60,6 @@
enable = true; enable = true;
domain = "logs.${privateDomain}"; domain = "logs.${privateDomain}";
}; };
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
}; };
}; };
} }

2
hosts/vps-monitor/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
zramSwap.enable = true;
} }

28
hosts/vps-private/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }: { config, self, ... }:
{ {
imports = [ imports = [ self.nixosModules.profile-server ];
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "25.11"; system.stateVersion = "25.11";
@ -13,17 +9,12 @@
privateDomain = config.custom.networking.overlay.domain; privateDomain = config.custom.networking.overlay.domain;
in in
{ {
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
networking = { networking = {
overlay = { overlay = {
address = "10.254.250.2"; address = "10.254.250.2";
isLighthouse = true; isLighthouse = true;
role = "server";
}; };
underlay = { underlay = {
interface = "enp1s0"; interface = "enp1s0";
@ -34,19 +25,13 @@
}; };
services = { services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true; dns.enable = true;
syncthing = { syncthing = {
enable = true; enable = true;
isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
isServer = true;
gui.domain = "syncthing.${privateDomain}"; gui.domain = "syncthing.${privateDomain}";
doBackups = true;
}; };
}; };
@ -62,11 +47,6 @@
domain = "budget.${privateDomain}"; domain = "budget.${privateDomain}";
doBackups = true; doBackups = true;
}; };
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
}; };
}; };
} }

2
hosts/vps-private/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
zramSwap.enable = true;
} }

44
hosts/vps-public/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }: { config, self, ... }:
{ {
imports = [ imports = [ self.nixosModules.profile-server ];
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "25.11"; system.stateVersion = "25.11";
@ -13,17 +9,10 @@
sproutedDomain = "sprouted.cloud"; sproutedDomain = "sprouted.cloud";
in in
{ {
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
networking = { networking = {
overlay = { overlay.address = "10.254.250.4";
address = "10.254.250.4";
role = "server";
};
underlay = { underlay = {
interface = "enp1s0"; interface = "enp1s0";
cidr = "167.235.73.246/32"; cidr = "167.235.73.246/32";
@ -32,25 +21,15 @@
}; };
}; };
services = { services.caddy.virtualHosts."dav.${sproutedDomain}" = {
auto-gc = { inherit (config.custom.web-services.radicale) port;
enable = true; extraConfig = ''
onlyCleanRoots = true; respond /.web/ "Access denied" 403 { close }
}; '';
comin.enable = true;
sshd.enable = true;
caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 { close }
'';
};
}; };
web-services = web-services =
let let
privateDomain = config.custom.networking.overlay.domain;
sstorkDomain = "sstork.dev"; sstorkDomain = "sstork.dev";
in in
{ {
@ -94,14 +73,9 @@
radicale = { radicale = {
enable = true; enable = true;
domain = "dav.${privateDomain}"; domain = "dav.${config.custom.networking.overlay.domain}";
doBackups = true; doBackups = true;
}; };
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
}; };
}; };
} }

2
hosts/vps-public/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
zramSwap.enable = true;
} }

15
hosts/common.nix → profiles/core.nix
View file

@ -7,7 +7,10 @@
... ...
}: }:
{ {
imports = [ self.nixosModules.default ]; imports = [
self.nixosModules.default
inputs.disko.nixosModules.default
];
nix = nix =
let let
@ -74,6 +77,8 @@
vimAlias = true; vimAlias = true;
}; };
zramSwap.enable = true;
environment.systemPackages = [ environment.systemPackages = [
(lib.hiPrio pkgs.uutils-coreutils-noprefix) (lib.hiPrio pkgs.uutils-coreutils-noprefix)
pkgs.git pkgs.git
@ -90,4 +95,12 @@
inherit (pkgs.stdenv.hostPlatform) system; inherit (pkgs.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config; inherit (config.nixpkgs) config;
}; };
custom = {
sops.enable = true;
services = {
auto-gc.enable = true;
sshd.enable = true;
};
};
} }

17
profiles/server.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, self, ... }:
{
imports = [ self.nixosModules.profile-core ];
custom = {
persistence.enable = true;
networking.overlay.role = "server";
services = {
auto-gc.onlyCleanRoots = true;
comin.enable = true;
};
web-services.alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}";
};
};
}

22
profiles/workstation.nix Normal file
View file

@ -0,0 +1,22 @@
{ self, pkgs, ... }:
{
imports = [ self.nixosModules.profile-core ];
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
networking.overlay.role = "client";
boot.silent = true;
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
services = {
sound.enable = true;
syncthing.enable = true;
};
};
programs.localsend.enable = true;
}