diff --git a/hosts/kitty/wireguard/default.nix b/hosts/kitty/wireguard/default.nix deleted file mode 100644 index a8b26e5..0000000 --- a/hosts/kitty/wireguard/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, config, ... }: -{ - networking = { - firewall.allowedUDPPorts = [ 51820 ]; - - nat = { - enable = config.system.wireguard.server.enable; - externalInterface = "eno1"; - internalInterfaces = [ "wgs" ]; - }; - - wireguard.interfaces.wgs = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - privateKey = config.secrets.wgServerPriv; - peers = [ - { # NixOS Config Key - publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; - allowedIPs = [ "10.100.0.16/28" ]; - } - { # Pixel 9 - publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; - allowedIPs = [ "10.100.0.2/32" ]; - } - ]; - }; - }; -} diff --git a/hosts/redmond/boot/default.nix b/hosts/redmond/boot/default.nix index 3e8b22b..cc98a84 100644 --- a/hosts/redmond/boot/default.nix +++ b/hosts/redmond/boot/default.nix @@ -3,38 +3,5 @@ boot = { kernelPackages = pkgs.linuxPackages_latest; kernel.sysctl."vm.max_map_count" = 2147483642; - - initrd = { - systemd = { - enable = true; - services.root-reset = { - description = "Reset BTRFS root and snapshot last boot"; - wantedBy = [ "initrd.target" ]; - after = [ "dev-nixos-root.device" ]; - before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - mount /dev/nixos/root /mnt - - if [[ -e /mnt/@prev ]]; then - btrfs subvolume delete /mnt/@prev - fi - - btrfs subvolume snapshot /mnt/@ /mnt/@prev - - btrfs subvolume list -o /mnt/@ | cut -f9 -d' ' | while read subvolume; do - btrfs subvolume delete "/mnt/$subvolume" - done - - btrfs subvolume delete /mnt/@ - btrfs subvolume create /mnt/@ - - umount /mnt - ''; - }; - }; - }; }; } diff --git a/hosts/redmond/default.nix b/hosts/redmond/default.nix index ca454b1..e3559b5 100644 --- a/hosts/redmond/default.nix +++ b/hosts/redmond/default.nix @@ -3,27 +3,15 @@ imports = [ ./boot ./disko + ./filesystems ./hardware - - # Apps and programs ../../modules/system - ../../modules/system/accounts - ../../modules/system/desktop - ../../modules/system/programs - ../../modules/system/services - - # Devices and hardware - ../../modules/system/devices - ../../modules/system/devices/boot/systemd - ../../modules/system/devices/networking/wireless - ../../modules/system/devices/networking/firewall/pc - ../../modules/system/devices/networking/wireguard/pc - - # Extras - ../../overlays - ../../variables ]; + system.lanzaboote.enable = true; + + system.wireguard.client.enable = true; + networking.wireguard.interfaces.wgc.ips = [ "10.100.0.23/24" ]; + networking.hostName = "redmond"; - networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.20/24" ]; } diff --git a/hosts/redmond/filesystems/default.nix b/hosts/redmond/filesystems/default.nix new file mode 100644 index 0000000..359e1bc --- /dev/null +++ b/hosts/redmond/filesystems/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + fileSystems = { + "/home/jimbo/JimboNFS" = { + device = "10.100.0.1:/export/JimboNFS"; + fsType = "nfs4"; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; + }; + }; +} diff --git a/hosts/redmond/hardware/default.nix b/hosts/redmond/hardware/default.nix index d064383..c1dc734 100644 --- a/hosts/redmond/hardware/default.nix +++ b/hosts/redmond/hardware/default.nix @@ -1,27 +1,7 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, ... }: { - boot = { - kernelModules = [ "kvm-amd" ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "ehci_pci" - "sd_mod" - "sr_mod" - "sdhci_pci" - "rtsx_usb_sdmmc" - ]; - }; - }; - - fileSystems = { - "/home/jimbo/JimboNFS" = { - device = "${config.ips.wgSpan}.1:/export/JimboNFS"; - fsType = "nfs4"; - options = ["x-systemd.automount" "_netdev" "nofail" "noauto"]; - }; - }; + boot.kernelModules = [ "kvm-amd" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "sd_mod" "sr_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/redmond/id_ed25519.pub b/hosts/redmond/id_ed25519.pub index 4fd4ec5..678792f 100644 --- a/hosts/redmond/id_ed25519.pub +++ b/hosts/redmond/id_ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9uITpyw5WgxT7UnswueFtyWxAqQCZv4h9DfcDkr+kn +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsPwxV2qr4IFC63SxPM5bI9iFCbH5wVxorNHYKSvE7i diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix index 4453523..972bff6 100644 --- a/hosts/tower/boot/default.nix +++ b/hosts/tower/boot/default.nix @@ -27,37 +27,6 @@ in { "vfio_pci" "vfio_iommu_type1" ]; - - initrd.systemd = { - enable = true; - services.root-reset = { - description = "Reset root and snapshot last boot"; - wantedBy = [ "initrd.target" ]; - before = [ "sysroot.mount" ]; - after = [ "dev-${config.networking.hostName}-root.device" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - mount /dev/${config.networking.hostName}/root /mnt - - if [[ -e /mnt/prev ]]; then - btrfs subvolume delete /mnt/prev - fi - - btrfs subvolume snapshot /mnt/root /mnt/prev - - btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do - btrfs subvolume delete "/mnt/$subvolume" - done - - btrfs subvolume delete /mnt/root - btrfs subvolume create /mnt/root - - umount /mnt - ''; - }; - }; }; # Use second GPU on boot diff --git a/modules/home/programs/gui/librewolf/default.nix b/modules/home/programs/gui/librewolf/default.nix index 119094e..d9a7f58 100644 --- a/modules/home/programs/gui/librewolf/default.nix +++ b/modules/home/programs/gui/librewolf/default.nix @@ -134,6 +134,7 @@ in { "extensions.pocket.enabled" = false; "extensions.autoDisableScopes" = 0; + "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.tabbox.switchByScrolling" = true; diff --git a/modules/home/programs/terminal/fastfetch/default.nix b/modules/home/programs/terminal/fastfetch/default.nix index 9435f14..b40c4ea 100644 --- a/modules/home/programs/terminal/fastfetch/default.nix +++ b/modules/home/programs/terminal/fastfetch/default.nix @@ -1,6 +1,6 @@ { ... }: { imports = [ ./small ]; - home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc; programs.fastfetch.enable = true; + home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc; } diff --git a/modules/home/programs/terminal/fastfetch/small/default.nix b/modules/home/programs/terminal/fastfetch/small/default.nix index cdc8fb8..4f729d4 100644 --- a/modules/home/programs/terminal/fastfetch/small/default.nix +++ b/modules/home/programs/terminal/fastfetch/small/default.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { home = { + packages = with pkgs; [ (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ]; file.".config/fastfetch/small.jsonc".source = ./small.jsonc; - packages = with pkgs; [ - (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") - ]; }; } diff --git a/modules/home/programs/terminal/ncmpcpp/default.nix b/modules/home/programs/terminal/ncmpcpp/default.nix index 418cb8b..2b12d46 100644 --- a/modules/home/programs/terminal/ncmpcpp/default.nix +++ b/modules/home/programs/terminal/ncmpcpp/default.nix @@ -16,7 +16,5 @@ services.mpd-discord-rpc.enable = true; - home.packages = with pkgs; [ - mpc-cli - ]; + home.packages = with pkgs; [ mpc-cli ]; } diff --git a/modules/home/programs/terminal/zsh/default.nix b/modules/home/programs/terminal/zsh/default.nix index 2acc44f..2698541 100644 --- a/modules/home/programs/terminal/zsh/default.nix +++ b/modules/home/programs/terminal/zsh/default.nix @@ -2,7 +2,6 @@ { programs.zsh = { enable = true; - enableCompletion = false; autosuggestion.enable = true; syntaxHighlighting.enable = true; oh-my-zsh = { diff --git a/modules/home/wms/sway/swayshot/default.nix b/modules/home/wms/sway/swayshot/default.nix index 07307e0..25e498a 100644 --- a/modules/home/wms/sway/swayshot/default.nix +++ b/modules/home/wms/sway/swayshot/default.nix @@ -1,8 +1,6 @@ { pkgs, config, ... }: { - imports = [ - ./swappy - ]; + imports = [ ./swappy ]; home.packages = with pkgs; [ (pkgs.writeScriptBin "swayshot" '' diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix new file mode 100644 index 0000000..f36d616 --- /dev/null +++ b/modules/system/boot/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./firmware + ./systemd + ]; +} diff --git a/modules/system/boot/firmware/default.nix b/modules/system/boot/firmware/default.nix new file mode 100644 index 0000000..8b6f5f3 --- /dev/null +++ b/modules/system/boot/firmware/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + hardware.enableRedistributableFirmware = true; +} diff --git a/modules/system/boot/systemd/default.nix b/modules/system/boot/systemd/default.nix new file mode 100644 index 0000000..1d42ae2 --- /dev/null +++ b/modules/system/boot/systemd/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ ./root-reset ]; + + boot.initrd.systemd.enable = true; +} diff --git a/modules/system/boot/systemd/root-reset/default.nix b/modules/system/boot/systemd/root-reset/default.nix new file mode 100644 index 0000000..f8f5523 --- /dev/null +++ b/modules/system/boot/systemd/root-reset/default.nix @@ -0,0 +1,30 @@ +{ config, ... }: +{ + boot.initrd.systemd.services.root-reset = { + description = "Reset root and snapshot last boot"; + wantedBy = [ "initrd.target" ]; + before = [ "sysroot.mount" ]; + after = [ "dev-${config.networking.hostName}-root.device" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + mount /dev/${config.networking.hostName}/root /mnt + + if [[ -e /mnt/prev ]]; then + btrfs subvolume delete /mnt/prev + fi + + btrfs subvolume snapshot /mnt/root /mnt/prev + + btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do + btrfs subvolume delete "/mnt/$subvolume" + done + + btrfs subvolume delete /mnt/root + btrfs subvolume create /mnt/root + + umount /mnt + ''; + }; +} diff --git a/modules/system/default.nix b/modules/system/default.nix index 893b2d3..fb742ef 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -2,6 +2,7 @@ { imports = [ ./accounts + ./boot ./devices ./options ./programs @@ -10,8 +11,5 @@ ../extras ]; - time.timeZone = "America/Toronto"; - programs.nano.enable = false; - hardware.enableRedistributableFirmware = true; system.stateVersion = "24.05"; } diff --git a/modules/system/devices/networking/default.nix b/modules/system/devices/networking/default.nix index 539cc69..aa0bc66 100644 --- a/modules/system/devices/networking/default.nix +++ b/modules/system/devices/networking/default.nix @@ -1,6 +1,9 @@ { ... }: { - imports = [ ./wireless ]; + imports = [ + ./wireless + ./wireguard + ]; networking = { wireless.enable = false; diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix new file mode 100644 index 0000000..b0951d5 --- /dev/null +++ b/modules/system/devices/networking/wireguard/client/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +{ + options.system.wireguard.client.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable the wireguard client"; + }; + + config = lib.mkIf config.system.wireguard.client.enable { + networking = { + firewall = { + allowedUDPPorts = [ 51820 ]; + trustedInterfaces = [ "wgc" ]; + }; + + wireguard.interfaces.wgc = { + listenPort = 51820; + privateKey = config.secrets.wgClientPriv; + peers = [ + { # Cyberspark Server + publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "sv.${config.domains.jim1}:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} diff --git a/modules/system/devices/networking/wireguard/default.nix b/modules/system/devices/networking/wireguard/default.nix new file mode 100644 index 0000000..0b5cd07 --- /dev/null +++ b/modules/system/devices/networking/wireguard/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./client + ./server + ]; +} diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix new file mode 100644 index 0000000..0ca984d --- /dev/null +++ b/modules/system/devices/networking/wireguard/server/default.nix @@ -0,0 +1,36 @@ +{ lib, config, ... }: +{ + options.system.wireguard.server.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable the wireguard server"; + }; + + config = lib.mkIf config.system.wireguard.server.enable { + networking = { + firewall.allowedUDPPorts = [ 51820 ]; + + nat = { + enable = config.system.wireguard.server.enable; + externalInterface = "eno1"; + internalInterfaces = [ "wgs" ]; + }; + + wireguard.interfaces.wgs = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + privateKey = config.secrets.wgServerPriv; + peers = [ + { # NixOS Config Key + publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; + allowedIPs = [ "10.100.0.16/28" ]; + } + { # Pixel 9 + publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; + allowedIPs = [ "10.100.0.2/32" ]; + } + ]; + }; + }; + }; +} diff --git a/modules/system/devices/networking/wireless/default.nix b/modules/system/devices/networking/wireless/default.nix index a726ee5..0004da8 100644 --- a/modules/system/devices/networking/wireless/default.nix +++ b/modules/system/devices/networking/wireless/default.nix @@ -1,11 +1,9 @@ { config, lib, pkgs, ... }: { - options.system.wireless = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable Wifi with iwd"; - }; + options.system.wireless.enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable Wifi with iwd"; }; config = lib.mkIf config.system.wireless.enable { diff --git a/modules/system/services/server/nginx/virtualhosts/jimDomain1/default.nix b/modules/system/services/server/nginx/virtualhosts/jimDomain1/default.nix index 38a60af..a4c877f 100644 --- a/modules/system/services/server/nginx/virtualhosts/jimDomain1/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/jimDomain1/default.nix @@ -19,7 +19,7 @@ "url": "https://matrix.${config.domains.jim1}" } } - '; + '; ''; "/.well-known/matrix/server".extraConfig = '' diff --git a/modules/system/settings/default.nix b/modules/system/settings/default.nix index 6544304..f7b4345 100644 --- a/modules/system/settings/default.nix +++ b/modules/system/settings/default.nix @@ -5,5 +5,6 @@ ./fonts ./minimal ./nix + ./timezone ]; } diff --git a/modules/system/settings/minimal/default.nix b/modules/system/settings/minimal/default.nix index 00eade7..785bcf7 100644 --- a/modules/system/settings/minimal/default.nix +++ b/modules/system/settings/minimal/default.nix @@ -5,6 +5,7 @@ stub-ld.enable = false; }; + programs.nano.enable = false; programs.less.lessopen = null; services.logrotate.enable = false; diff --git a/modules/system/settings/timezone/default.nix b/modules/system/settings/timezone/default.nix new file mode 100644 index 0000000..f0b23fa --- /dev/null +++ b/modules/system/settings/timezone/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + time.timeZone = "America/Toronto"; +}