SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 21:19:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles: Introduce core, server and workstation profiles

Browse source
This commit is contained in:
SebastianStork 2026-02-03 21:09:06 +01:00
parent 1c0f293c3d
commit 100f02a2d8
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
15 changed files with 94 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake-parts/hosts.nix
View file

@ -11,8 +11,9 @@ let
specialArgs = { inherit inputs self; };
modules = [
{ networking = { inherit hostName; }; }
"${self}/hosts/common.nix"
"${self}/hosts/${hostName}"
"${self}/hosts/${hostName}/default.nix"
"${self}/hosts/${hostName}/hardware.nix"
"${self}/hosts/${hostName}/disko.nix"
"${self}/users/seb"
]
++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}";

12
flake-parts/profiles.nix Normal file
View file

@ -0,0 +1,12 @@
{ self, lib, ... }:
{
flake.nixosModules =
"${self}/profiles"
|> builtins.readDir
|> lib.attrNames
|> lib.map (name: {
name = "profile-${name |> lib.removeSuffix ".nix"}";
value = "${self}/profiles/${name}";
})
|> lib.listToAttrs;
}

39
hosts/desktop/default.nix
View file

@ -1,51 +1,22 @@
{ inputs, pkgs, ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-workstation ];
system.stateVersion = "23.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
sops.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.1";
role = "client";
};
overlay.address = "10.254.250.1";
underlay = {
interface = "enp6s0";
useDhcp = true;
};
};
services = {
auto-gc.enable = true;
sound.enable = true;
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
};
};
services.syncthing.deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
programs.steam.enable = true;
};
programs.localsend.enable = true;
}

2
hosts/desktop/hardware.nix
View file

@ -22,8 +22,6 @@ _: {
];
};
zramSwap.enable = true;
# Prevent immediate wake-up from suspend caused by the logi bolt receiver
services.udev.extraRules = ''
ACTION=="add" SUBSYSTEM=="pci" ATTR{vendor}=="0x1022" ATTR{device}=="0x43ee" ATTR{power/wakeup}="disabled"

37
hosts/laptop/default.nix
View file

@ -1,33 +1,14 @@
{ inputs, pkgs, ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-workstation ];
system.stateVersion = "24.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
sops.enable = true;
boot = {
loader.systemd-boot.enable = true;
silent = true;
};
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.3";
role = "client";
};
overlay.address = "10.254.250.3";
underlay = {
interface = "wlan0";
useDhcp = true;
@ -36,14 +17,8 @@
};
services = {
auto-gc.enable = true;
bluetooth.enable = true;
sound.enable = true;
sshd.enable = true;
syncthing = {
enable = true;
deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
};
syncthing.deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";
};
programs = {
@ -51,6 +26,4 @@
wireshark.enable = true;
};
};
programs.localsend.enable = true;
}

2
hosts/laptop/hardware.nix
View file

@ -20,8 +20,6 @@
];
};
zramSwap.enable = true;
services = {
fwupd.enable = true;
fprintd.enable = true; # fwupdmgr refresh && fwupdmgr update

28
hosts/vps-monitor/default.nix
View file

@ -1,25 +1,16 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
custom = {
persistence.enable = true;
sops.enable = true;
boot.loader.grub.enable = true;
networking = {
overlay = {
address = "10.254.250.5";
isLighthouse = true;
role = "server";
};
underlay = {
interface = "enp1s0";
@ -29,15 +20,7 @@
};
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true;
};
services.dns.enable = true;
web-services =
let
@ -77,11 +60,6 @@
enable = true;
domain = "logs.${privateDomain}";
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-monitor/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}

28
hosts/vps-private/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
@ -13,17 +9,12 @@
privateDomain = config.custom.networking.overlay.domain;
in
{
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.2";
isLighthouse = true;
role = "server";
};
underlay = {
interface = "enp1s0";
@ -34,19 +25,13 @@
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
dns.enable = true;
syncthing = {
enable = true;
isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
isServer = true;
gui.domain = "syncthing.${privateDomain}";
doBackups = true;
};
};
@ -62,11 +47,6 @@
domain = "budget.${privateDomain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-private/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}

36
hosts/vps-public/default.nix
View file

@ -1,10 +1,6 @@
{ config, inputs, ... }:
{ config, self, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
imports = [ self.nixosModules.profile-server ];
system.stateVersion = "25.11";
@ -13,17 +9,10 @@
sproutedDomain = "sprouted.cloud";
in
{
persistence.enable = true;
sops.enable = true;
boot.loader.systemd-boot.enable = true;
networking = {
overlay = {
address = "10.254.250.4";
role = "server";
};
overlay.address = "10.254.250.4";
underlay = {
interface = "enp1s0";
cidr = "167.235.73.246/32";
@ -32,25 +21,15 @@
};
};
services = {
auto-gc = {
enable = true;
onlyCleanRoots = true;
};
comin.enable = true;
sshd.enable = true;
caddy.virtualHosts."dav.${sproutedDomain}" = {
services.caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 { close }
'';
};
};
web-services =
let
privateDomain = config.custom.networking.overlay.domain;
sstorkDomain = "sstork.dev";
in
{
@ -94,14 +73,9 @@
radicale = {
enable = true;
domain = "dav.${privateDomain}";
domain = "dav.${config.custom.networking.overlay.domain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
};
}

2
hosts/vps-public/hardware.nix
View file

@ -12,6 +12,4 @@
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
}

15
hosts/common.nix → profiles/core.nix
View file

@ -7,7 +7,10 @@
...
}:
{
imports = [ self.nixosModules.default ];
imports = [
self.nixosModules.default
inputs.disko.nixosModules.default
];
nix =
let
@ -74,6 +77,8 @@
vimAlias = true;
};
zramSwap.enable = true;
environment.systemPackages = [
(lib.hiPrio pkgs.uutils-coreutils-noprefix)
pkgs.git
@ -90,4 +95,12 @@
inherit (pkgs.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config;
};
custom = {
sops.enable = true;
services = {
auto-gc.enable = true;
sshd.enable = true;
};
};
}

17
profiles/server.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, self, ... }:
{
imports = [ self.nixosModules.profile-core ];
custom = {
persistence.enable = true;
networking.overlay.role = "server";
services = {
auto-gc.onlyCleanRoots = true;
comin.enable = true;
};
web-services.alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}";
};
};
}

22
profiles/workstation.nix Normal file
View file

@ -0,0 +1,22 @@
{ self, pkgs, ... }:
{
imports = [ self.nixosModules.profile-core ];
boot.kernelPackages = pkgs.linuxPackages_latest;
custom = {
networking.overlay.role = "client";
boot.silent = true;
dm.tuigreet = {
enable = true;
autoLogin = true;
};
de.hyprland.enable = true;
services = {
sound.enable = true;
syncthing.enable = true;
};
};
programs.localsend.enable = true;
}