diff --git a/aly-server.md b/aly-server.md deleted file mode 100644 index f457a8d..0000000 --- a/aly-server.md +++ /dev/null @@ -1,6 +0,0 @@ -samba -ps3netsrv -xbox360 srv -retronas -openmediavault? -btrfs diff --git a/data/authorized_keys.nix b/data/authorized_keys.nix index 0d20f26..0ceb696 100644 --- a/data/authorized_keys.nix +++ b/data/authorized_keys.nix @@ -4,5 +4,4 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos" ] diff --git a/flake.lock b/flake.lock index 9eec9d7..5943b5f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": [], - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", - "owner": "ryantm", - "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -65,7 +44,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -82,27 +61,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -204,22 +162,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1758589230, "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", @@ -242,7 +184,7 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1758373036, @@ -305,11 +247,10 @@ }, "root": { "inputs": { - "agenix": "agenix", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixvim": "nixvim", "nur": "nur" } @@ -343,21 +284,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 17e93b5..74d9ffa 100644 --- a/flake.nix +++ b/flake.nix @@ -18,11 +18,9 @@ url = "github:nix-community/nixvim/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - agenix.url = "github:ryantm/agenix"; - agenix.inputs.darwin.follows = ""; }; - outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: { + outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: { nixosConfigurations = { "aly-laptop" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -41,27 +39,6 @@ } ]; }; - "aly-server" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nur.modules.nixos.default - nix-flatpak.nixosModules.nix-flatpak - nixvim.nixosModules.nixvim - ./hw/aly-server.nix - ./system/aly-server.nix - agenix.nixosModules.default - { - environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; - } - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.aly = import ./home/aly.nix; - } - # TODO - ]; - }; }; }; } diff --git a/home/aly.nix b/home/aly.nix index 5ef4a91..4e73a90 100644 --- a/home/aly.nix +++ b/home/aly.nix @@ -3,28 +3,28 @@ { home.username = "aly"; home.homeDirectory = "/home/aly"; -# xresources.properties = { -# "Xcursor.size" = 16; -# "Xft.dpi" = 300; -# }; + xresources.properties = { + "Xcursor.size" = 16; + "Xft.dpi" = 300; + }; home.packages = with pkgs; [ -# gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic + gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool pciutils usbutils nix-output-monitor ]; -# programs.firefox = { -# enable = true; -# profiles.default = { -# extensions = { -# packages = with pkgs.nur.repos.rycee.firefox-addons; [ -# ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock -# ]; -# }; -# }; -# }; + programs.firefox = { + enable = true; + profiles.default = { + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock + ]; + }; + }; + }; programs.git = { enable = true; diff --git a/hw/aly-server.nix b/hw/aly-server.nix deleted file mode 100644 index 4fbc60f..0000000 --- a/hw/aly-server.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/EF0E-1E4B"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/mnt/storage" = - { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - virtualisation.hypervGuest.enable = true; -} diff --git a/system/aly-laptop.nix b/system/aly-laptop.nix index 4817113..22bb3f0 100644 --- a/system/aly-laptop.nix +++ b/system/aly-laptop.nix @@ -13,16 +13,4 @@ lidSwitchDocked = "ignore"; lidSwitchExternalPower = "ignore"; }; - services.flatpak.enable = true; - services.flatpak.packages = [ - "com.moonlight_stream.Moonlight" - ]; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - pulse.enable = true; - }; - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; }) diff --git a/system/aly-server.nix b/system/aly-server.nix deleted file mode 100644 index bd75550..0000000 --- a/system/aly-server.nix +++ /dev/null @@ -1,112 +0,0 @@ -({ config, pkgs, agenix, ... }: { - networking.hostName = "aly-server"; - networking.networkmanager.enable = true; - networking.firewall.allowedTCPPorts = [ - 80 443 445 3923 5656 5030 5031 50300 - 4747 8989 7878 8686 13378 6767 9696 4545 - 52568 50000 - ]; - networking.firewall.allowedUDPPorts = [ - 137 138 139 50000 - ]; - services.openvpn.servers = { - server = { config = '' config /home/aly/.secrets/server.ovpn ''; }; - }; - system.stateVersion = "25.05"; - virtualisation.hypervGuest.enable = true; - virtualisation.docker = { - enable = true; - autoPrune.enable = true; - }; - virtualisation.oci-containers.backend = "docker"; - boot.blacklistedKernelModules = [ "hyperv_fb" ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - environment.systemPackages = with pkgs; [ - cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs - ]; - programs.nixvim.enable = true; - programs.nixvim.defaultEditor = true; - security.sudo.wheelNeedsPassword = false; - - time.timeZone = "Australia/Brisbane"; - users.users.aly = { - isNormalUser = true; - description = "aly"; - hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; - openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - }; - - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - PermitRootLogin = "no"; - PasswordAuthentication = true; - }; - openFirewall = true; - }; - - services.samba-wsdd.enable = true; - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "workgroup" = "WORKGROUP"; - "server string" = "aly-server"; - "netbios name" = "aly-server"; - "disable netbios" = "yes"; - "wide links" = "yes"; - "allow insecure wide links" = "yes"; - "security" = "user"; - "min protocol" = "SMB2_02"; - "max protocol" = "SMB3_11"; - "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - "interfaces" = "lo eth0 docker0 tun0"; - "bind interfaces only" = "yes"; - }; - "storage" = { - "path" = "/mnt/storage"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "guest only" = "no"; - "inherit acls" = "no"; - "inherit permissions" = "no"; - "store dos attributes" = "no"; - "follow symlinks" = "yes"; - "valid users" = "aly"; - "create mask" = "0664"; - "directory mask" = "0775"; - }; - "media" = { - "path" = "/mnt/storage/media"; - "browseable" = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - "hide special files" = "yes"; - "inherit acls" = "no"; - "inherit permissions" = "no"; - "store dos attributes" = "no"; - "follow symlinks" = "yes"; - }; - "mirror" = { - "path" = "/mnt/storage/mirror"; - "browseable" = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - "hide special files" = "yes"; - "inherit acls" = "no"; - "inherit permissions" = "no"; - "store dos attributes" = "no"; - "follow symlinks" = "yes"; - }; - }; - }; -}) diff --git a/system/global.nix b/system/global.nix index 87d6d2d..0491fbb 100644 --- a/system/global.nix +++ b/system/global.nix @@ -12,6 +12,15 @@ networking.networkmanager.enable = true; + services.flatpak.enable = true; + services.flatpak.packages = [ + "com.moonlight_stream.Moonlight" + ]; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; time.timeZone = "Australia/Brisbane"; users.users.aly = { isNormalUser = true; @@ -21,13 +30,20 @@ extraGroups = [ "networkmanager" "wheel" ]; }; + # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { X11Forwarding = true; - PermitRootLogin = "no"; - PasswordAuthentication = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = true; # disable password login }; openFirewall = true; }; + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; })