2025-10-14 04:59:39 +10:00
9 changed files with 38 additions and 291 deletions
--- a/aly-server.md
+++ b/aly-server.md
@ -1,6 +0,0 @@
-samba
-ps3netsrv
-xbox360 srv
-retronas
-openmediavault?
-btrfs
--- a/data/authorized_keys.nix
+++ b/data/authorized_keys.nix
@ -4,5 +4,4 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos"
 ]
--- a/flake.lock
+++ b/flake.lock
@ -1,26 +1,5 @@
 {
  "nodes": {
-    "agenix": {
-      "inputs": {
-        "darwin": [],
-        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs",
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1754433428,
-        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
-        "owner": "ryantm",
-        "repo": "agenix",
-        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ryantm",
-        "repo": "agenix",
-        "type": "github"
-      }
-    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -65,7 +44,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
@ -82,27 +61,6 @@
      }
    },
    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1745494811,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -204,22 +162,6 @@
      }
    },
    "nixpkgs": {
-      "locked": {
-        "lastModified": 1754028485,
-        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
      "locked": {
        "lastModified": 1758589230,
        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
@ -242,7 +184,7 @@
          "nixpkgs"
        ],
        "nuschtosSearch": "nuschtosSearch",
-        "systems": "systems_3"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1758373036,
@ -305,11 +247,10 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
        "nix-flatpak": "nix-flatpak",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixvim": "nixvim",
        "nur": "nur"
      }
@ -343,21 +284,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -18,11 +18,9 @@
      url = "github:nix-community/nixvim/nixos-25.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    agenix.url = "github:ryantm/agenix";
-    agenix.inputs.darwin.follows = "";
  };

-  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: {
+  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: {
    nixosConfigurations = {
      "aly-laptop" = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@ -41,27 +39,6 @@
          }
        ];
      };
-      "aly-server" = nixpkgs.lib.nixosSystem {
-      	system = "x86_64-linux";
-	modules = [
-          nur.modules.nixos.default
-          nix-flatpak.nixosModules.nix-flatpak
-          nixvim.nixosModules.nixvim
-          ./hw/aly-server.nix
-          ./system/aly-server.nix
-	  agenix.nixosModules.default
-	  {
-	    environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
-	  }
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.aly = import ./home/aly.nix;
-          }
-          # TODO
-	];
-      };
    };
  };
 }
--- a/home/aly.nix
+++ b/home/aly.nix
@ -3,28 +3,28 @@
 {
  home.username = "aly";
  home.homeDirectory = "/home/aly";
-#  xresources.properties = {
-#    "Xcursor.size" = 16;
-#    "Xft.dpi" = 300;
-#  };
+  xresources.properties = {
+    "Xcursor.size" = 16;
+    "Xft.dpi" = 300;
+  };
  home.packages = with pkgs; [
-#    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
+    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
    neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils
    ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd
    gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool
    pciutils usbutils nix-output-monitor
  ];

-#  programs.firefox = {
-#    enable = true;
-#    profiles.default = {
-#      extensions = {
-#        packages = with pkgs.nur.repos.rycee.firefox-addons; [
-#          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
-#        ];
-#      };
-#    };
-#  };
+  programs.firefox = {
+    enable = true;
+    profiles.default = {
+      extensions = {
+        packages = with pkgs.nur.repos.rycee.firefox-addons; [
+          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
+        ];
+      };
+    };
+  };

  programs.git = {
    enable = true;
--- a/hw/aly-server.nix
+++ b/hw/aly-server.nix
@ -1,41 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ ];
-
-  boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/EF0E-1E4B";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  fileSystems."/mnt/storage" =
-    { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f";
-      fsType = "btrfs";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  virtualisation.hypervGuest.enable = true;
-}
--- a/system/aly-laptop.nix
+++ b/system/aly-laptop.nix
@ -13,16 +13,4 @@
    lidSwitchDocked = "ignore";
    lidSwitchExternalPower = "ignore";
  };
-  services.flatpak.enable = true;
-  services.flatpak.packages = [
-    "com.moonlight_stream.Moonlight"
-  ];
-  services.pulseaudio.enable = false;
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
-  services.xserver.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
 })
--- a/system/aly-server.nix
+++ b/system/aly-server.nix
@ -1,112 +0,0 @@
-({ config, pkgs, agenix, ... }: {
-  networking.hostName = "aly-server";
-  networking.networkmanager.enable = true;
-  networking.firewall.allowedTCPPorts = [
-    80 443 445 3923 5656 5030 5031 50300
-    4747 8989 7878 8686 13378 6767 9696 4545
-    52568 50000
-  ];
-  networking.firewall.allowedUDPPorts = [
-    137 138 139 50000 
-  ];
-  services.openvpn.servers = {
-    server = { config = '' config /home/aly/.secrets/server.ovpn ''; };
-  };
-  system.stateVersion = "25.05";
-  virtualisation.hypervGuest.enable = true;
-  virtualisation.docker = {
-    enable = true;
-    autoPrune.enable = true;
-  };
-  virtualisation.oci-containers.backend = "docker";
-  boot.blacklistedKernelModules = [ "hyperv_fb" ];
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  environment.systemPackages = with pkgs; [
-    cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs
-  ];
-  programs.nixvim.enable = true;
-  programs.nixvim.defaultEditor = true;
-  security.sudo.wheelNeedsPassword = false;
-
-  time.timeZone = "Australia/Brisbane";
-  users.users.aly = {
-    isNormalUser = true;
-    description = "aly";
-    hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/";
-    openssh.authorizedKeys.keys = import ../data/authorized_keys.nix;
-    extraGroups = [ "networkmanager" "wheel" "docker" ];
-  };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "no";
-      PasswordAuthentication = true;
-    };
-    openFirewall = true;
-  };
-
-  services.samba-wsdd.enable = true;
-  services.samba = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      global = {
-        "workgroup" = "WORKGROUP";
-	"server string" = "aly-server";
-	"netbios name" = "aly-server";
-	"disable netbios" = "yes";
-	"wide links" = "yes";
-	"allow insecure wide links" = "yes";
-	"security" = "user";
-	"min protocol" = "SMB2_02";
-	"max protocol" = "SMB3_11";
-	"hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1";
-	"hosts deny" = "0.0.0.0/0";
-	"guest account" = "nobody";
-	"map to guest" = "bad user";
-	"interfaces" = "lo eth0 docker0 tun0";
-	"bind interfaces only" = "yes";
-      };
-      "storage" = {
-        "path" = "/mnt/storage";
-	"browseable" = "yes";
-	"read only" = "no";
-	"guest ok" = "no";
-	"guest only" = "no";
-	"inherit acls" = "no";
-	"inherit permissions" = "no";
-	"store dos attributes" = "no";
-	"follow symlinks" = "yes";
-	"valid users" = "aly";
-	"create mask" = "0664";
-        "directory mask" = "0775";
-      };
-      "media" = {
-        "path" = "/mnt/storage/media";
-	"browseable" = "yes";
-	"read only" = "yes";
-	"guest ok" = "yes";
-	"hide special files" = "yes";
-	"inherit acls" = "no";
-	"inherit permissions" = "no";
-	"store dos attributes" = "no";
-	"follow symlinks" = "yes";
-      };
-      "mirror" = {
-        "path" = "/mnt/storage/mirror";
-	"browseable" = "yes";
-	"read only" = "yes";
-	"guest ok" = "yes";
-	"hide special files" = "yes";
-	"inherit acls" = "no";
-	"inherit permissions" = "no";
-	"store dos attributes" = "no";
-	"follow symlinks" = "yes";
-      };
-    };
-  };
-})
--- a/system/global.nix
+++ b/system/global.nix
@ -12,6 +12,15 @@

  networking.networkmanager.enable = true;

+  services.flatpak.enable = true;
+  services.flatpak.packages = [
+    "com.moonlight_stream.Moonlight"
+  ];
+  services.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
  time.timeZone = "Australia/Brisbane";
  users.users.aly = {
    isNormalUser = true;
@ -21,13 +30,20 @@
    extraGroups = [ "networkmanager" "wheel" ];
  };

+  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings = {
      X11Forwarding = true;
-      PermitRootLogin = "no";
-      PasswordAuthentication = true;
+      PermitRootLogin = "no"; # disable root login
+      PasswordAuthentication = true; # disable password login
    };
    openFirewall = true;
  };
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the GNOME Desktop Environment.
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
 })