hosts: source modules from workstation

Signed-off-by: unexplrd <unexplrd@linerds.us>
2025-05-03 23:13:28 +03:00
parent 7e2458b322
commit 5a6daf52ca
14 changed files with 12 additions and 281 deletions
--- a/hosts/dunamis/nix/ssh-serve.nix
+++ b/hosts/dunamis/nix/ssh-serve.nix
@ -2,6 +2,7 @@
  inherit (builtins) readFile;
  inherit (config.users.users) user;
 in {
  nix.settings.trusted-users = ["nix-ssh"];
  nix.sshServe = {
    enable = true;
    write = true;
--- a/hosts/dunamis/users.nix
+++ b/hosts/dunamis/users.nix
@ -8,7 +8,6 @@
  inherit (inputs) mysecrets;
  sshKeys = f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub";
 in {
  nix.settings.trusted-users = ["user" "nix-ssh"];
  users.mutableUsers = false;
  users.users = {
    user = {
--- a/hosts/eldrid/configuration.nix
+++ b/hosts/eldrid/configuration.nix
@ -5,12 +5,12 @@
    ./boot
    ./disko
    ./hardware
-    ./networking.nix
+    ./networking
    ./nix
    ../dunamis/programs.nix
-    ./services.nix
+    ../dunamis/services.nix
-    ./sops.nix
+    ../dunamis/sops.nix
-    ./users.nix
+    ../dunamis/users.nix
  ];
  desktop.plasma.enable = true;
--- a/hosts/eldrid/networking/network-manager.nix
+++ b/hosts/eldrid/networking/network-manager.nix
@ -3,7 +3,7 @@
    networkmanager = {
      enable = true;
      ethernet.macAddress = "stable";
-      networkmanager.wifi = {
+      wifi = {
        backend = "iwd";
        macAddress = "random";
        scanRandMacAddress = true;
--- a/hosts/eldrid/programs.nix
+++ b/hosts/eldrid/programs.nix
@ -1,18 +0,0 @@
 {pkgs, ...}: {
  programs.neovim = {
    enable = false;
    viAlias = true;
    vimAlias = true;
  };
  programs.nh = {
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 7d --keep 3";
    flake = "/home/user/.config/nixos";
  };
  programs.fish.enable = true;
  environment.systemPackages = with pkgs; [
    helix
    # nushell
  ];
 }
--- a/hosts/eldrid/services.nix
+++ b/hosts/eldrid/services.nix
@ -1,21 +0,0 @@
 {
  services = {
    # flatpak.enable = true;
    fstrim.enable = true;
    openssh.enable = true;
    power-profiles-daemon.enable = true;
    syncthing.openDefaultPorts = true;
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        require_dnssec = true;
        server_names = ["mullvad-doh"];
        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
      };
    };
    scx = {
      enable = true;
      scheduler = "scx_flash";
    };
  };
 }
--- a/hosts/eldrid/sops.nix
+++ b/hosts/eldrid/sops.nix
@ -1,64 +0,0 @@
 {
  config,
  inputs,
  ...
 }: let
  inherit (inputs) mysecrets;
  hostName =
    if (config.networking.hostName == "vylxae")
    then "sarien"
    else config.networking.hostName;
  sopsFile = mysecrets + "/hosts/${hostName}.yaml";
  dotSsh = name: "/home/user/.ssh/" + name;
  sshKey = {
    mode = "0400";
    owner = "user";
  };
 in {
  imports = with inputs; [
    sops-nix.nixosModules.sops
  ];
  sops = {
    age = {
      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
    defaultSopsFile = mysecrets + "/common.yaml";
    secrets = {
      "user-password-hashed".neededForUsers = true;
      "ssh-config" = {
        path = dotSsh "config";
        mode = "0400";
        owner = "user";
      };
      "ssh-${hostName}-user" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519";
      };
      "ssh-${hostName}-user.pub" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519.pub";
      };
      "ssh-unexplrd" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519";
      };
      "ssh-unexplrd.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519.pub";
      };
      "ssh-uni" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519";
      };
      "ssh-uni.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519.pub";
      };
    };
  };
 }
--- a/hosts/eldrid/users.nix
+++ b/hosts/eldrid/users.nix
@ -1,26 +0,0 @@
 {
  inputs,
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
  inherit (inputs) mysecrets;
 in {
  nix.settings.trusted-users = ["user"];
  users.mutableUsers = false;
  users.users = {
    user = {
      hashedPasswordFile = secrets."user-password-hashed".path;
      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
      isNormalUser = true;
      shell = pkgs.fish;
      openssh.authorizedKeys.keyFiles = map (f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub") [
        "dunamis"
        "eldrid"
        "sarien"
        "legion"
      ];
    };
  };
 }
--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@ -14,37 +14,21 @@
    ../dunamis/programs.nix
    ../dunamis/services.nix
    ../dunamis/sops.nix
-    ./users.nix
+    ../dunamis/users.nix
  ];
-  desktop.niri.enable = true;
+  system.stateVersion = "25.05";
-
+  time.timeZone = "Europe/Kyiv";
  locale.ukrainian.enable = true;
  module.stylix = {
    enable = true;
    theme = "helios";
  };
-  opentabletdriver.enable = false;
+  desktop.niri.enable = true;
  locale.ukrainian.enable = true;
  qmk-vial.enable = true;
  security.basic.enable = true;
  system.stateVersion = "25.05";
  time.timeZone = "Europe/Kyiv";
  virtual.libvirt.enable = true;
  wireless = {
    wifi.enable = true;
    bluetooth.enable = true;
  };
  hardware.graphics.extraPackages = with pkgs; [
    intel-compute-runtime
    intel-media-driver
    vpl-gpu-rt
  ];
 }
--- a/hosts/sarien/networking/network-manager.nix
+++ b/hosts/sarien/networking/network-manager.nix
@ -3,7 +3,7 @@
    networkmanager = {
      enable = true;
      ethernet.macAddress = "stable";
-      networkmanager.wifi = {
+      wifi = {
        backend = "iwd";
        macAddress = "random";
        scanRandMacAddress = true;
--- a/hosts/sarien/programs.nix
+++ b/hosts/sarien/programs.nix
@ -1,13 +0,0 @@
 {pkgs, ...}: {
  programs.nh = {
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 7d --keep 3";
    flake = "/home/user/.config/nixos";
  };
  programs.fish.enable = true;
  environment.systemPackages = with pkgs; [
    helix
    nushell
  ];
 }
--- a/hosts/sarien/services.nix
+++ b/hosts/sarien/services.nix
@ -1,21 +0,0 @@
 {
  services = {
    flatpak.enable = true;
    fstrim.enable = true;
    openssh.enable = true;
    power-profiles-daemon.enable = true;
    syncthing.openDefaultPorts = true;
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        require_dnssec = true;
        server_names = ["mullvad-doh"];
        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
      };
    };
    scx = {
      enable = true;
      scheduler = "scx_flash";
    };
  };
 }
--- a/hosts/sarien/sops.nix
+++ b/hosts/sarien/sops.nix
@ -1,64 +0,0 @@
 {
  config,
  inputs,
  ...
 }: let
  inherit (inputs) mysecrets;
  hostName =
    if (config.networking.hostName == "vylxae")
    then "sarien"
    else config.networking.hostName;
  sopsFile = mysecrets + "/hosts/${hostName}.yaml";
  dotSsh = name: "/home/user/.ssh/" + name;
  sshKey = {
    mode = "0400";
    owner = "user";
  };
 in {
  imports = with inputs; [
    sops-nix.nixosModules.sops
  ];
  sops = {
    age = {
      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
    defaultSopsFile = mysecrets + "/common.yaml";
    secrets = {
      "user-password-hashed".neededForUsers = true;
      "ssh-config" = {
        path = dotSsh "config";
        mode = "0400";
        owner = "user";
      };
      "ssh-${hostName}-user" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519";
      };
      "ssh-${hostName}-user.pub" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519.pub";
      };
      "ssh-unexplrd" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519";
      };
      "ssh-unexplrd.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519.pub";
      };
      "ssh-uni" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519";
      };
      "ssh-uni.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519.pub";
      };
    };
  };
 }
--- a/hosts/sarien/users.nix
+++ b/hosts/sarien/users.nix
@ -1,26 +0,0 @@
 {
  inputs,
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
  inherit (inputs) mysecrets;
 in {
  nix.settings.trusted-users = ["user"];
  users.mutableUsers = false;
  users.users = {
    user = {
      hashedPasswordFile = secrets."user-password-hashed".path;
      isNormalUser = true;
      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
      shell = pkgs.fish;
      openssh.authorizedKeys.keyFiles = map (f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub") [
        "dunamis"
        "eldrid"
        "sarien"
        "legion"
      ];
    };
  };
 }