diff options
| author | Mel <mel@rnrd.eu> | 2025-09-24 16:15:46 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2025-09-24 16:15:46 +0200 |
| commit | 117d6afa0054123e71b2eb06c9d91482a2988fdc (patch) | |
| tree | a19a6991fa070464ceed3f4f67a45eaa64045943 /modules | |
| parent | 80a80465b86c8619254c5214dfd3803ae6089df6 (diff) | |
| download | minerals-117d6afa0054123e71b2eb06c9d91482a2988fdc.tar.zst minerals-117d6afa0054123e71b2eb06c9d91482a2988fdc.zip | |
Move out common.nix and development-server.nix into roles
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common.nix | 173 | ||||
| -rw-r--r-- | modules/development-server.nix | 124 |
2 files changed, 0 insertions, 297 deletions
diff --git a/modules/common.nix b/modules/common.nix deleted file mode 100644 index 838df28..0000000 --- a/modules/common.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ - me, - pkgs, - auxiliaryPkgs, - unstablePkgs, - ... -}: - -let - inherit (builtins) filter elem; - - filterUnsupportedPackages = - packages: filter (p: elem me.system (p.meta.platforms or [ me.system ])) packages; -in -{ - imports = [ - ./nix.nix - ./user.nix - ./locale.nix - ./vim.nix - ./tmux.nix - ./gnome.nix - ./fonts.nix - ./flatpak.nix - ./libreoffice.nix - ./electronics.nix - ./hardware-keys.nix - ./nix-ld.nix - ]; - - services.envfs.enable = true; - - virtualisation = { - libvirtd.enable = true; - docker.enable = true; - }; - - # fish enables this by default, - # it makes every nixos rebuild very slow. - documentation.man.generateCaches = false; - documentation = { - info.enable = true; - doc.enable = true; - dev.enable = true; - nixos = { - enable = true; - includeAllModules = true; - }; - }; - - networking.hostName = me.name; - # use corsac dns server - networking.nameservers = - let - corsacTailnet = "100.64.100.100"; - in - [ corsacTailnet ]; - - services.resolved.enable = true; - - services = { - acpid.enable = true; - sysprof.enable = true; - tailscale = { - enable = true; - useRoutingFeatures = "both"; - extraUpFlags = [ "--ssh" ]; - }; - - # sometimes needed for gnupg - pcscd.enable = true; - }; - - programs = { - # steam requires the i386 package set, which obviously does not work on ARM. - # TODO: pull out gaming related configuration (like steam) into a seperate module. - # steam = { - # enable = true; - # remotePlay.openFirewall = true; - # }; - virt-manager.enable = true; - fish.enable = true; - git.enable = true; - - ghidra = { - enable = true; - package = auxiliaryPkgs.ghidra; - gdb = true; - }; - - wireshark = { - enable = true; - dumpcap.enable = true; - usbmon.enable = true; - }; - - adb.enable = true; - - gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-gnome3; - }; - }; - - # on desktop machines (a.k.a. minerals) we only use tailscale ssh - # for access, so we don't generally have normal host keys, and - # have to grab the ones tailscale uses. - age.identityPaths = [ "/var/lib/tailscale/ssh/ssh_host_ed25519_key" ]; - - # TODO: the filter already does some good work, but we need some way to - # pick out x86-only packages, so it is not as opaque as it currently is. - # (who knows if muse-sounds-manager is actually installed, for example?) - environment.systemPackages = (with pkgs; filterUnsupportedPackages [ - file unzip jq dig htop wget screen dive - gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester - bitwarden-desktop bitwarden-cli - inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid - minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool - sysprof wireshark seer mitmproxy hardinfo2 btrfs-assistant remmina trayscale - vlc celluloid foliate calibre - yt-dlp ffmpeg_7-full imagemagick handbrake mpv helvum - gimp3 krita mypaint aseprite rnote fontforge-gtk - blender inkscape obs-studio darktable davinci-resolve - orca-slicer - renderdoc - audacity musescore muse-sounds-manager reaper - # bitwigs bubblewrap configuration requires some non-ARM package sets. - # bitwig-studio - ungoogled-chromium librewolf lagrange - senpai signal-desktop alpaca newsflash - qemu_full virtiofsd - - openvpn openvpn3 update-resolv-conf - transmission_4-gtk fragments - - xorg.xeyes wl-clipboard - - ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean - universal-ctags compiledb graphviz - python3 uv ruff - nodejs_22 deno yarn - rustc rustup cargo rustfmt - go gopls delve go-task gotags golangci-lint - meson cmake gnumake ninja gdb gcc clang clang-tools - hare haredoc - jdk maven gradle - nil nixfmt-rfc-style - nixpkgs-review nixpkgs-fmt nixpkgs-lint-community - postgresql - helix alacritty ghostty - androidStudioPackages.dev - - winetricks bottles - scrcpy apfs-fuse nfs-utils - ubootTools dtc cloud-utils - borgbackup pika-backup - - prismlauncher xonotic - - man-pages man-pages-posix - ]) ++ (with unstablePkgs; [ - claude-code gemini-cli - ]) ++ (with auxiliaryPkgs; [ - # TODO: need fixes for 25.05 - # retroarch wine - - # TODO: ngfx (obviously) does not work on ARM, put it somewhere else - # ngfx - ]); - - environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; -} diff --git a/modules/development-server.nix b/modules/development-server.nix deleted file mode 100644 index b0e80e5..0000000 --- a/modules/development-server.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ - me, - pkgs, - auxiliaryPkgs, - unstablePkgs, - ... -}: -{ - imports = [ - ./nix.nix - ./user.nix - ./locale.nix - ./vim.nix - ./tmux.nix - ./nix-ld.nix - ]; - - services.envfs.enable = true; - - virtualisation = { - libvirtd.enable = true; - docker = { - enable = true; - daemon.settings.dns = [ "1.1.1.1" "1.0.0.1" ]; - }; - }; - - # fish enables this by default, - # it makes every nixos rebuild very slow. - documentation.man.generateCaches = false; - documentation = { - info.enable = true; - doc.enable = true; - dev.enable = true; - nixos = { - enable = true; - includeAllModules = true; - }; - }; - - networking.hostName = me.name; - services.resolved.enable = true; - - users.users.mel.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTG/DHTkuQgwLakSBuXx3XBe+WjUmDlSgLBGzldx/ZD mel@moissanite" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlqytVSNMFAfbB+rdiNktv3WYViVBMeK7zUO2Pjfii+ mel@corsac" - ]; - services = { - acpid.enable = true; - tailscale.enable = true; - - openssh = { - enable = true; - ports = [ 62322 ]; # listen on random port - openFirewall = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - # annoy every ssh spammer - endlessh = { - enable = true; - port = 22; - openFirewall = true; - }; - - # ban those who found the real port - fail2ban.enable = true; - - # sometimes needed for gnupg - pcscd.enable = true; - }; - - programs = { - fish.enable = true; - git.enable = true; - - gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-curses; - }; - }; - - environment.systemPackages = (with pkgs; [ - file unzip jq dig htop wget screen dive - gnupg pinentry-curses age agenix minisign openssl cryptsetup pamtester - inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid - minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool - mitmproxy - yt-dlp ffmpeg_7-full imagemagick - senpai - qemu_full virtiofsd - - openvpn openvpn3 update-resolv-conf - - ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean - universal-ctags compiledb graphviz - python3 uv ruff - nodejs_22 deno yarn - rustc rustup cargo rustfmt - go gopls delve go-task gotags golangci-lint - meson cmake gnumake ninja gdb gcc clang clang-tools - hare haredoc - jdk maven gradle - nil nixfmt-rfc-style - nixpkgs-review nixpkgs-fmt nixpkgs-lint-community - postgresql - helix alacritty - - ubootTools dtc cloud-utils - borgbackup - - man-pages man-pages-posix - ]) ++ (with unstablePkgs; [ - claude-code gemini-cli - ]) ++ (with auxiliaryPkgs; [ - ]); - - environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; -} |