From 1f33e7ede76b0f8d0a34f5724fb4dc3a8043bf9b Mon Sep 17 00:00:00 2001 From: Kevin Kandlbinder Date: Fri, 15 Dec 2023 10:53:14 +0100 Subject: [PATCH] Add configuration for workspace --- nixos/.sops.yaml | 4 +- nixos/flake-module.nix | 6 ++ nixos/shared/secrets/passwords.yaml | 49 ++++++++------ nixos/workspace/configuration.nix | 77 ++++++++++++++++++++++ nixos/workspace/hardware-configuration.nix | 43 ++++++++++++ 5 files changed, 158 insertions(+), 21 deletions(-) create mode 100644 nixos/workspace/configuration.nix create mode 100644 nixos/workspace/hardware-configuration.nix diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index ee1d3ca..c3ec59d 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -3,6 +3,7 @@ keys: - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj - &target_amon age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t + - &target_workspace age18fk39kcnqu3wn3dw9hxhpa7fla583knaqmvcg9sdulk8wrvpyg9qtm8cq4 creation_rules: - path_regex: kevin-tp/secrets/[^/]+\.yaml$ key_groups: @@ -25,4 +26,5 @@ creation_rules: - *admin_kevin - *target_kevin-tp - *target_kevin-pc - - *target_amon \ No newline at end of file + - *target_amon + - *target_workspace diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix index 6541617..e54362d 100644 --- a/nixos/flake-module.nix +++ b/nixos/flake-module.nix @@ -58,5 +58,11 @@ in ./amon/configuration.nix ]; }; + workspace = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ homeManagerSetup ++ [ + ./workspace/configuration.nix + ]; + }; }; } diff --git a/nixos/shared/secrets/passwords.yaml b/nixos/shared/secrets/passwords.yaml index 8d85f48..60b1d03 100644 --- a/nixos/shared/secrets/passwords.yaml +++ b/nixos/shared/secrets/passwords.yaml @@ -8,38 +8,47 @@ sops: - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbndqVUZPNUdWOE1NQUd6 - ZWZMTG1DQTlHRStPK3FKTnRBdmtUQlZHNUM4CmtIbENwTkFDb0N3dlRnaFJHLzFa - bUlBU3dVWlZ1a00xb21YTm9LU2xZazAKLS0tIEQ5NmVTampweFN5SnhNZWUvOWxQ - Q0VadWFoUDA4ZXJoVVdXNVRiTURLOU0KotulBGPQ8CDKzXAt1Mpx0QH3OPLiEoXD - j9VhFgbsZVaICdZvSpf7t9QBrxESEgdEQViWmD2q4QjyY+n3/xSwQw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WEJmZ01sZW0zTFlNWTNB + ZUl2MGdQRWNLVWZOVU4vVTZiUVNyYytHakY0CjJ1YzdFMUF6TWhITWx3ckxoMUFO + aGs5eXhoa2YvclN0ODhEOThTdW4wLzQKLS0tIHNMOFZMVjR2QTkrQlRwNVJOeDhw + a1ZsN0dXNlowUHU0Z0J6RUl1T1RhaUkK7ShlvbbhAbbr4XVUw1FCwY36QKTKvD3W + xnTsSaiMg/+CYxRi/0SczsRwXlTyxu0w/TDbzdRT0qN7kroGyoAYEw== -----END AGE ENCRYPTED FILE----- - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJakhtTk9FaEI4Yll4NXlN - Q2UwQTJvNXF3ODJQZmsrbHBsb3Vja2xwV3g0CkFDUDhXb2FyajRaZkpLdVFFMkhN - SVlLSkpnd3JmWXVJeWNaRnhtR0xqazQKLS0tIGw0SzlNcm5VdFdwSkZmdmNkZC8v - aUVLTjJCTVEvOHl2ZmxyL2psQ2tNSnMKDfpJX3YOpuueoJGhha1Cdei5kRnbP/Nx - ZWXQ4VvXhVg0SCKhZcmW7on5sCBexe1P6JDxnkD0EfULmbgnQ8DmWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ai9rV0V4YStySGtINCtH + ZWt2TDhjVForWEN4cHoxOXNDcjM2UU10S1JnClV6elBXU0UvdkpJVkcxRE9jSVVS + TE54MDExUFpVVmZhakEreC9nRGRXOGMKLS0tIHNlaHpRTjJDSlZHdDhzM1UyUzhy + eFNydFgzZUpqZ3VuNkQ4MDdtRCsvTnMKt7KINxAYm6BvJo4JmnyLxv58Bo6lSdRH + BPZ5xXTjA6ZqqnLYi/BCYG+17HdMP/q1xFfLryvQoWLLnpdDJG5Awg== -----END AGE ENCRYPTED FILE----- - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVkZqYk5ZM0E2NEdJMmEw - RXZIcURlWkFPVjBzcUw5YUFTMUZ5d1B2ZkZZCmxHYmJ2MDZ2czVveWtkZXRZSDRC - WmtKME5ybWtxakd0cS9GWmV6SGpYRmsKLS0tIDcwMDdtUUhyNG9oRGtpSXZ1UU01 - WjRiL2pBbnFtVk9DN3BTUzFjSXdXUjgK7dYmDHt7879OhKC+YSq0DDa1+NSw18WV - XKUZRT86UU4PoV5BKZLA2zensom7hfy5BkY69Gu/mfFuUVvCcVeGHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcnBuN0FqN0FKY3BDaW9T + KzBwTko4ejU1QVRhaFJ1SUgwb2dNbGZNaHdnClJXbEtXL0xqUHRlRGFTS0wvOTVh + Y2FhNlhJNEVjWm1mVjFQdDB1UVdjR28KLS0tIDlqUHEvR01hcmxWZ2dId214N0Jk + amU2YkZtK2k3ZFRDT0x3RXdDUTdLSm8KqliBqhAzFLC3HunEwLWoF1hgype4i2KN + iS0nxgBdvgJ/CpR0gTUxrU0m2B8cUgrSQfpev9sS0eA0HR3a1JvjgQ== -----END AGE ENCRYPTED FILE----- - recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NWJMNlcvakxMblFyRnRM - bWg0YXdRYkxMN2pUL1NwU3E5T042VW5jcEF3Cmg5UTVDaHovVmRvdVlWMEIrNm1N - Wk1KcEJwQk9lYjRFY0dhY1JWMkhvMGsKLS0tIDJWMStITVoxNW1XSGR5Y2lFUVd0 - NTU4WHpkSVpJTkNxZks4TUFwbFhWaGMKdkthdQSkJufz7+KBTok1TTyDS57AYIKz - f21wyhY0UDZM9Ncacw5arD1v/6huWvTWmxYuuSdAyblZrLjoeXJnKg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaOVNOSFVFY2hKM291RGVr + cXhtWDlaaTNyenRWTXJUSzJmbjVZRlpESUNrClR6RjhEeUQ0QVZ1dldMMCtGQ0lv + Tk5oU3Jtc0lBQ0J1RlY3WFU0TDFkMDgKLS0tIHI4RWZKNWQ4eUdPOXdUQm81WUcv + NEliMVZ1QXZlcTBWcXZDVHA0UFlZNGMKIbWkAUpiPAI9dfL06Y3Zxa5m3ZJcH09T + +pax87oSg3IkC7DzgyGHQDjFwdeZUyLLy2fhAiR+EAlk0bDWMMaDrw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18fk39kcnqu3wn3dw9hxhpa7fla583knaqmvcg9sdulk8wrvpyg9qtm8cq4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMmhkMWpiTExyOUNkUElk + OFJ1UnQwY3IyUTZGTUNDMkpJdnkzc1JiTncwCkpObnBNdGJnVjJySVZCQXBlTzcw + V2Vqa3JJZFkvY1NCTjl3TzNCM01YSHcKLS0tIHZ4LzN4RnFMQ3BoSnJtMmpFdFBr + VTZuYmFld3RIdU5DWEczTXhmV3ZNMVEKr5RGKojraZT5wBb93BKA1WJxQslWYLqu + pJovtRj5ds0efpJmmjExD9w4htig8pE+M/6IEaXyD1xALLqOv2eldQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-02-28T18:31:14Z" mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str] diff --git a/nixos/workspace/configuration.nix b/nixos/workspace/configuration.nix new file mode 100644 index 0000000..74a7768 --- /dev/null +++ b/nixos/workspace/configuration.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + + ../modules/gnome.nix + ../modules/pipewire.nix + ../modules/avahi.nix + ../modules/firewall/kde-connect.nix + ../modules/firewall/syncthing.nix + ../modules/firewall/wireguard.nix + #../modules/yubikey.nix + #../modules/gaming/steam.nix + #../modules/gaming/helpers.nix + #../modules/barrier.nix + #../modules/restic.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + #services.gnome.gnome-remote-desktop.enable = true; + networking.firewall.allowedTCPPorts = [ 3389 ]; + networking.firewall.allowedUDPPorts = [ 3389 ]; + services.xrdp.enable = true; + services.xrdp.defaultWindowManager = "${pkgs.gnome.gnome-session}/bin/gnome-session"; + services.xrdp.openFirewall = true; + + #virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + + environment.systemPackages = with pkgs; [ + firefox + league-of-moveable-type + hunspell + hunspellDicts.de_DE + #virt-manager + ]; + + services.syncthing = { + enable = true; + user = "kevin"; + dataDir = "/home/kevin/Syncthing"; + configDir = "/home/kevin/Syncthing/.config/syncthing"; + }; + + #services.fwupd.enable = true; + #hardware.cpu.intel.updateMicrocode = true; + + boot.supportedFilesystems = [ "ntfs" ]; + + services.printing.enable = true; + virtualisation.docker.enable = true; + + #services.xserver.videoDrivers = [ "nvidia" ]; + #hardware.opengl.enable = true; + + #services.clamav.daemon.enable = true; + #services.clamav.updater.enable = true; + + #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; + + programs.gnupg.agent = { + enable = true; + # enableSSHSupport = true; + }; + + #programs.wireshark.enable = true; + #users.users.kevin.extraGroups = [ "wireshark" ]; + + networking.hostName = "workspace"; + networking.hostId = "6599a272"; + + system.stateVersion = "23.05"; # No touchy. Locks defaults. +} diff --git a/nixos/workspace/hardware-configuration.nix b/nixos/workspace/hardware-configuration.nix new file mode 100644 index 0000000..6a81b43 --- /dev/null +++ b/nixos/workspace/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9dc2f0f7-1080-476d-9967-e4e72fadffcc"; + fsType = "ext4"; + }; + + fileSystems."/var" = + { device = "/dev/disk/by-uuid/7d4df7b7-69be-4c52-a4d3-dc5048cc74b8"; + fsType = "btrfs"; + options = [ "subvol=@var" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/7d4df7b7-69be-4c52-a4d3-dc5048cc74b8"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}