Add configuration for workspace

2025-05-12 15:36:35 +02:00 · 2023-12-15 10:53:14 +01:00 · 2023-12-15 10:53:14 +01:00 · 1f33e7ede7
commit 1f33e7ede7
parent 2a839b1467
5 changed files with 158 additions and 21 deletions
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
  - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
  - &target_amon age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
+  - &target_workspace age18fk39kcnqu3wn3dw9hxhpa7fla583knaqmvcg9sdulk8wrvpyg9qtm8cq4
 creation_rules:
  - path_regex: kevin-tp/secrets/[^/]+\.yaml$
    key_groups:
@ -25,4 +26,5 @@ creation_rules:
      - *admin_kevin
      - *target_kevin-tp
      - *target_kevin-pc
-      - *target_amon
+      - *target_amon
+      - *target_workspace
--- a/nixos/flake-module.nix
+++ b/nixos/flake-module.nix
@ -58,5 +58,11 @@ in
        ./amon/configuration.nix
      ];
    };
+    workspace = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = defaultModules ++ homeManagerSetup ++ [
+        ./workspace/configuration.nix
+      ];
+    };
  };
 }
--- a/nixos/shared/secrets/passwords.yaml
+++ b/nixos/shared/secrets/passwords.yaml
@ -8,38 +8,47 @@ sops:
        - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbndqVUZPNUdWOE1NQUd6
-            ZWZMTG1DQTlHRStPK3FKTnRBdmtUQlZHNUM4CmtIbENwTkFDb0N3dlRnaFJHLzFa
-            bUlBU3dVWlZ1a00xb21YTm9LU2xZazAKLS0tIEQ5NmVTampweFN5SnhNZWUvOWxQ
-            Q0VadWFoUDA4ZXJoVVdXNVRiTURLOU0KotulBGPQ8CDKzXAt1Mpx0QH3OPLiEoXD
-            j9VhFgbsZVaICdZvSpf7t9QBrxESEgdEQViWmD2q4QjyY+n3/xSwQw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WEJmZ01sZW0zTFlNWTNB
+            ZUl2MGdQRWNLVWZOVU4vVTZiUVNyYytHakY0CjJ1YzdFMUF6TWhITWx3ckxoMUFO
+            aGs5eXhoa2YvclN0ODhEOThTdW4wLzQKLS0tIHNMOFZMVjR2QTkrQlRwNVJOeDhw
+            a1ZsN0dXNlowUHU0Z0J6RUl1T1RhaUkK7ShlvbbhAbbr4XVUw1FCwY36QKTKvD3W
+            xnTsSaiMg/+CYxRi/0SczsRwXlTyxu0w/TDbzdRT0qN7kroGyoAYEw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJakhtTk9FaEI4Yll4NXlN
-            Q2UwQTJvNXF3ODJQZmsrbHBsb3Vja2xwV3g0CkFDUDhXb2FyajRaZkpLdVFFMkhN
-            SVlLSkpnd3JmWXVJeWNaRnhtR0xqazQKLS0tIGw0SzlNcm5VdFdwSkZmdmNkZC8v
-            aUVLTjJCTVEvOHl2ZmxyL2psQ2tNSnMKDfpJX3YOpuueoJGhha1Cdei5kRnbP/Nx
-            ZWXQ4VvXhVg0SCKhZcmW7on5sCBexe1P6JDxnkD0EfULmbgnQ8DmWg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ai9rV0V4YStySGtINCtH
+            ZWt2TDhjVForWEN4cHoxOXNDcjM2UU10S1JnClV6elBXU0UvdkpJVkcxRE9jSVVS
+            TE54MDExUFpVVmZhakEreC9nRGRXOGMKLS0tIHNlaHpRTjJDSlZHdDhzM1UyUzhy
+            eFNydFgzZUpqZ3VuNkQ4MDdtRCsvTnMKt7KINxAYm6BvJo4JmnyLxv58Bo6lSdRH
+            BPZ5xXTjA6ZqqnLYi/BCYG+17HdMP/q1xFfLryvQoWLLnpdDJG5Awg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVkZqYk5ZM0E2NEdJMmEw
-            RXZIcURlWkFPVjBzcUw5YUFTMUZ5d1B2ZkZZCmxHYmJ2MDZ2czVveWtkZXRZSDRC
-            WmtKME5ybWtxakd0cS9GWmV6SGpYRmsKLS0tIDcwMDdtUUhyNG9oRGtpSXZ1UU01
-            WjRiL2pBbnFtVk9DN3BTUzFjSXdXUjgK7dYmDHt7879OhKC+YSq0DDa1+NSw18WV
-            XKUZRT86UU4PoV5BKZLA2zensom7hfy5BkY69Gu/mfFuUVvCcVeGHA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcnBuN0FqN0FKY3BDaW9T
+            KzBwTko4ejU1QVRhaFJ1SUgwb2dNbGZNaHdnClJXbEtXL0xqUHRlRGFTS0wvOTVh
+            Y2FhNlhJNEVjWm1mVjFQdDB1UVdjR28KLS0tIDlqUHEvR01hcmxWZ2dId214N0Jk
+            amU2YkZtK2k3ZFRDT0x3RXdDUTdLSm8KqliBqhAzFLC3HunEwLWoF1hgype4i2KN
+            iS0nxgBdvgJ/CpR0gTUxrU0m2B8cUgrSQfpev9sS0eA0HR3a1JvjgQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NWJMNlcvakxMblFyRnRM
-            bWg0YXdRYkxMN2pUL1NwU3E5T042VW5jcEF3Cmg5UTVDaHovVmRvdVlWMEIrNm1N
-            Wk1KcEJwQk9lYjRFY0dhY1JWMkhvMGsKLS0tIDJWMStITVoxNW1XSGR5Y2lFUVd0
-            NTU4WHpkSVpJTkNxZks4TUFwbFhWaGMKdkthdQSkJufz7+KBTok1TTyDS57AYIKz
-            f21wyhY0UDZM9Ncacw5arD1v/6huWvTWmxYuuSdAyblZrLjoeXJnKg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaOVNOSFVFY2hKM291RGVr
+            cXhtWDlaaTNyenRWTXJUSzJmbjVZRlpESUNrClR6RjhEeUQ0QVZ1dldMMCtGQ0lv
+            Tk5oU3Jtc0lBQ0J1RlY3WFU0TDFkMDgKLS0tIHI4RWZKNWQ4eUdPOXdUQm81WUcv
+            NEliMVZ1QXZlcTBWcXZDVHA0UFlZNGMKIbWkAUpiPAI9dfL06Y3Zxa5m3ZJcH09T
+            +pax87oSg3IkC7DzgyGHQDjFwdeZUyLLy2fhAiR+EAlk0bDWMMaDrw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age18fk39kcnqu3wn3dw9hxhpa7fla583knaqmvcg9sdulk8wrvpyg9qtm8cq4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMmhkMWpiTExyOUNkUElk
+            OFJ1UnQwY3IyUTZGTUNDMkpJdnkzc1JiTncwCkpObnBNdGJnVjJySVZCQXBlTzcw
+            V2Vqa3JJZFkvY1NCTjl3TzNCM01YSHcKLS0tIHZ4LzN4RnFMQ3BoSnJtMmpFdFBr
+            VTZuYmFld3RIdU5DWEczTXhmV3ZNMVEKr5RGKojraZT5wBb93BKA1WJxQslWYLqu
+            pJovtRj5ds0efpJmmjExD9w4htig8pE+M/6IEaXyD1xALLqOv2eldQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-02-28T18:31:14Z"
    mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str]
--- a/nixos/workspace/configuration.nix
+++ b/nixos/workspace/configuration.nix
@ -0,0 +1,77 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      
+      ../modules/gnome.nix
+      ../modules/pipewire.nix
+      ../modules/avahi.nix
+      ../modules/firewall/kde-connect.nix
+      ../modules/firewall/syncthing.nix
+      ../modules/firewall/wireguard.nix
+      #../modules/yubikey.nix
+      #../modules/gaming/steam.nix
+      #../modules/gaming/helpers.nix
+      #../modules/barrier.nix
+      #../modules/restic.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  #services.gnome.gnome-remote-desktop.enable = true;
+  networking.firewall.allowedTCPPorts = [ 3389 ];
+  networking.firewall.allowedUDPPorts = [ 3389 ];
+  services.xrdp.enable = true;
+  services.xrdp.defaultWindowManager = "${pkgs.gnome.gnome-session}/bin/gnome-session";
+  services.xrdp.openFirewall = true;
+
+  #virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    firefox
+    league-of-moveable-type
+    hunspell
+    hunspellDicts.de_DE
+    #virt-manager
+  ];
+
+  services.syncthing = {
+    enable = true;
+    user = "kevin";
+    dataDir = "/home/kevin/Syncthing";
+    configDir = "/home/kevin/Syncthing/.config/syncthing";
+  };
+
+  #services.fwupd.enable = true;
+  #hardware.cpu.intel.updateMicrocode = true;
+
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  services.printing.enable = true;
+  virtualisation.docker.enable = true;
+  
+  #services.xserver.videoDrivers = [ "nvidia" ];
+  #hardware.opengl.enable = true;
+
+  #services.clamav.daemon.enable = true;
+  #services.clamav.updater.enable = true;
+
+  #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
+
+  programs.gnupg.agent = {
+    enable = true;
+    # enableSSHSupport = true;
+  };
+
+  #programs.wireshark.enable = true;
+  #users.users.kevin.extraGroups = [ "wireshark" ];
+
+  networking.hostName = "workspace";
+  networking.hostId   = "6599a272";
+
+  system.stateVersion = "23.05"; # No touchy. Locks defaults.
+}
--- a/nixos/workspace/hardware-configuration.nix
+++ b/nixos/workspace/hardware-configuration.nix
@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9dc2f0f7-1080-476d-9967-e4e72fadffcc";
+      fsType = "ext4";
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-uuid/7d4df7b7-69be-4c52-a4d3-dc5048cc74b8";
+      fsType = "btrfs";
+      options = [ "subvol=@var" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/7d4df7b7-69be-4c52-a4d3-dc5048cc74b8";
+      fsType = "btrfs";
+      options = [ "subvol=@home" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}