From e003c79799f86ab595928c6a71a0b18d1d3a7637 Mon Sep 17 00:00:00 2001 From: Kevin Kandlbinder Date: Tue, 28 Feb 2023 13:49:28 +0100 Subject: [PATCH] Add setup for kevin-pc --- home-manager/kevin/home.nix | 62 ++++++++++++++++++++++- nixos/.sops.yaml | 9 +++- nixos/flake-module.nix | 7 ++- nixos/kevin-pc/configuration.nix | 41 +++++++++++++++ nixos/kevin-pc/hardware-configuration.nix | 41 +++++++++++++++ nixos/modules/gnome.nix | 1 + nixos/shared/secrets/passwords.yaml | 34 ++++++++----- 7 files changed, 180 insertions(+), 15 deletions(-) create mode 100644 nixos/kevin-pc/configuration.nix create mode 100644 nixos/kevin-pc/hardware-configuration.nix diff --git a/home-manager/kevin/home.nix b/home-manager/kevin/home.nix index 52a882c..c4bdf72 100644 --- a/home-manager/kevin/home.nix +++ b/home-manager/kevin/home.nix @@ -46,10 +46,70 @@ discord element-desktop vscode - thunderbird + thunderbird-bin vlc gimp blender libreoffice-fresh + yt-dlp + yarn + nodejs + neofetch + inkscape + jetbrains.goland + jetbrains.idea-ultimate + gnomeExtensions.gsconnect + ]; + + home.language = { + base = "en_US"; + + address = "de_DE"; + measurement = "de_DE"; + monetary = "de_DE"; + name = "de_DE"; + paper = "de_DE"; + telephone = "de_DE"; + time = "de_DE"; + }; + + home.sessionVariables = { + LD_LIBRARY_PATH = "/var/run/current-system/sw/lib"; + }; + + home.sessionPath = [ "$HOME/.local/bin" ]; + + home.shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; + "svim" = "sudo vim"; + }; + + manual.html.enable = true; + manual.manpages.enable = true; + + nix.settings = { + sandbox = true; + }; + + nixpkgs.config = { + allowUnfree = true; + }; + + programs.aria2.enable = true; + + programs.obs-studio = { + enable = true; + plugins = [ ]; + }; + + programs.watson = { + enable = true; + }; + + services.nextcloud-client = { + enable = true; + startInBackground = true; + }; } \ No newline at end of file diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 9fe7be0..03ad3c1 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -1,14 +1,21 @@ keys: - &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s + - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj creation_rules: - path_regex: kevin-tp/secrets/[^/]+\.yaml$ key_groups: - age: - *admin_kevin - *target_kevin-tp + - path_regex: kevin-pc/secrets/[^/]+\.yaml$ + key_groups: + - age: + - *admin_kevin + - *target_kevin-pc - path_regex: shared/secrets/[^/]+\.yaml$ key_groups: - age: - *admin_kevin - - *target_kevin-tp \ No newline at end of file + - *target_kevin-tp + - *target_kevin-pc \ No newline at end of file diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix index 2497c67..4fe324a 100644 --- a/nixos/flake-module.nix +++ b/nixos/flake-module.nix @@ -42,9 +42,14 @@ in kevin-tp = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = defaultModules ++ homeManagerSetup ++ [ - inputs.home-manager.nixosModules.home-manager ./kevin-tp/configuration.nix ]; }; + kevin-pc = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ homeManagerSetup ++ [ + ./kevin-pc/configuration.nix + ]; + }; }; } \ No newline at end of file diff --git a/nixos/kevin-pc/configuration.nix b/nixos/kevin-pc/configuration.nix new file mode 100644 index 0000000..4347d8d --- /dev/null +++ b/nixos/kevin-pc/configuration.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + + ../modules/gnome.nix + ../modules/pipewire.nix + ../modules/avahi.nix + ../modules/firewall/kde-connect.nix + ../modules/firewall/syncthing.nix + ../modules/firewall/wireguard.nix + ../modules/yubikey.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + boot.initrd.luks.devices."luks-376a84ea-47d8-494b-aeb4-507ebac2c0fe".device = "/dev/disk/by-uuid/376a84ea-47d8-494b-aeb4-507ebac2c0fe"; + boot.initrd.luks.devices."luks-376a84ea-47d8-494b-aeb4-507ebac2c0fe".keyFile = "/crypto_keyfile.bin"; + + time.hardwareClockInLocalTime = true; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + + networking.hostName = "kevin-pc"; + networking.hostId = "5dbf8235"; + + system.stateVersion = "23.05"; # No touchy. Locks defaults. + +} diff --git a/nixos/kevin-pc/hardware-configuration.nix b/nixos/kevin-pc/hardware-configuration.nix new file mode 100644 index 0000000..654041f --- /dev/null +++ b/nixos/kevin-pc/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d14a7c48-1e05-4754-8250-200b32cb107f"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-981ee52d-7517-422c-9697-c070f288b3b3".device = "/dev/disk/by-uuid/981ee52d-7517-422c-9697-c070f288b3b3"; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/1503-2535"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f80d8d89-96e5-4653-92fa-49f740eaf1c1"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/nixos/modules/gnome.nix b/nixos/modules/gnome.nix index 655d4eb..650e7cf 100644 --- a/nixos/modules/gnome.nix +++ b/nixos/modules/gnome.nix @@ -8,5 +8,6 @@ environment.systemPackages = [ pkgs.gnome.gnome-tweaks pkgs.gnome.dconf-editor + pkgs.gnome.gnome-tweaks ]; } \ No newline at end of file diff --git a/nixos/shared/secrets/passwords.yaml b/nixos/shared/secrets/passwords.yaml index c68a920..75eaaab 100644 --- a/nixos/shared/secrets/passwords.yaml +++ b/nixos/shared/secrets/passwords.yaml @@ -1,4 +1,5 @@ password_kevin: ENC[AES256_GCM,data:I1v/s/sCqEDdh2tivcxJouWw1X0aXmVVbk5/3cEaJZ1HlOnKhe4mFJgMq4a1foBI6hHhAudjnuwJJwdNFjLnyYb/TOzoTtyXjLKNC3A4kgU+Nl1fDg1B3zFuR4YjcIo5/GV1LuCzJrbZPA==,iv:PcZJOuAY0drEZZSfNca8g4h29PSPAdO91DbxPLHdOek=,tag:QGoO4GqIxADHQsGShvEvdQ==,type:str] +demo: ENC[AES256_GCM,data:FgsPXA==,iv:KCNG+G3k3Dd4TuBbIqw8ZU8rU2WhN/Tp2PH3x668kNY=,tag:euL1OXbNDLr4HjirLR7lbA==,type:bool] sops: kms: [] gcp_kms: [] @@ -8,23 +9,32 @@ sops: - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Y2FJS2JOUU42ek8wQThu - VWtHRWNMcXB0dFpmTFJ2b1NiTjdkU3l3OHhVCm5hR1VHQURndEJGT1BiTUZFM1hH - dGdIcnV5L3pPOHhnZzFmZVM3OGp2dFEKLS0tIEM4L0x1aGxOV2dpUTdCYlFCOWhi - MExVTG12bFNXRHdXVThJZ1V2YlIrUlkKrhokMJmFimyuzg1vi/fiiP8XjtKGtxf8 - 5Usgxglk4o0ElsDryOfFdLJ6YJY78I3dyHzuXWhjbs8toTks/sGSkQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVQyZi9vWjk2WW4xK3Vy + V04zVTAweHFrZW9XZHZ3ZkZsRmJMUGhPMGo4Cjc5MkZDMFo1ZHJaRzlqTWNSYVBQ + QVF3NDZ5RGRwYmJRWW9HUm1OS0M4TlUKLS0tIEozelFXWUdta3E3WU43dERmTGxP + YkZoSlliblVGKzUzQUtQRmJlbytnb2cKnY+6xKzKfCr+9UzEL+ELd8bnbIqjIjaJ + 9El1Ch8H6Z0Wv0VU3mop3++2ljs62Y7K4qgRvMnADP5wX7VE6ThtPg== -----END AGE ENCRYPTED FILE----- - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb2JBc2RRV3Fwa3RJb3Mx - WTlob3plakJBWEJGamNYYUpiclRmd2JySkdnCm9kNGZMQm53cSttNUhhV2xRenJR - OGV5RFV4M25MV0lPQ3BrTmxtQVVlV2MKLS0tIGFDelg2T2JCME9VS2lkYVE1d1lX - d3FDUFBaLzB4OWRQZkdTaFhJZUZiMGMK1CikqlTxoc2H6nXdWZJUhAy54S8I7yiw - 8CzEU3K4s01Hnoj3vhQtXtxIqd2kIqilLlo6QVdb9cbFeMTsUOMqaw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1BsaUx2OWE3eUx5ckVs + SDM5WGV6UTZoMk01YUcySEZORXh0ZUZ4VUVRCmxNNFVhRWVBcTVHTDcxZE5XbGVO + akZQYXllSnQ3U0k4ZUJZSTNTSlJYNFUKLS0tIFczVGdCdEIzUEJtRFZ0MVFvRzZV + czNKcGxDNXlqcVB1bkZ5K2VCR3FvcFUKug+0PR4p5e87WdFHtpYbvjph4H5vftz9 + D7YnwbMqwGAHoNBwE9zsxl6KPinql+DCpZBd4O8P4jwQ3pvu/rLoiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-27T14:15:06Z" - mac: ENC[AES256_GCM,data:ROjkbNrmEn0Hj6KeDW2S8gZ47FherNpy7Lta493QWonfAvFEPdY2nJOa3sVs3maTVzDzmFGqJCLGAO/iyeQqjcdCWtQ/lDqz0MZkzXPLViCRzJrDqp3qBk8pflm8drfsVD+mdYDQ5Alg8ffg/S1F+o+jyKzd94no6pI/m6DJNOI=,iv:9XEMpQ4eO70C1CHrqzbmS8CJvRZtG1WEVd3gfv6DKT0=,tag:ewOuZv/EYXdr2iTaFx8Mag==,type:str] + - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRmkvSHFaaFV1eGVpd1Jr + dUh2UWUxdmVIQVFJKzNab0N0djg5Wi92VjFnClRvMDBiVUNHeWtNUHdJazJxR2lB + MS9OZTNiTlFCZG1tWFdoSGZRV2hRZTQKLS0tIHBIbXBZVzJkYzUvTVFpMDd2d0x3 + dGZQQUdxVUN4d3NVVlVMbmt1SnJTQ1kKbzh0vaSeAxUPdj3fLpZFm3APsFwE+i7C + ZzT89bMLeYw9q7FSwLluHR3yfMJanFObpoAs0mH5xFZVad+D5h9GcQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-28T12:38:04Z" + mac: ENC[AES256_GCM,data:cy//wjzt4xHPAj0ghDZG5lKZx3fEy7J5UnmIdbztWnWbCfTLS/oxb00qjiJDyquHC5aeKTEXtDrCSWnQF12ya+9i6V0yQJ4CQdkgJ2nFMBj736wVtFHhZCDgbdsAoe7LzQTvyXT1v2HDKUFkNvSry6zsSFDym51vv0oFrTNkfUI=,iv:Y3lWB0DPS6vF+X4QitpXTSkR2ADQ8iuvF9B22ktZnew=,tag:Jr1AmEH8BvgR+O5ZkV8/VA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3