diff options
Diffstat (limited to 'modules/work')
| -rw-r--r-- | modules/work/default.nix | 50 | ||||
| -rw-r--r-- | modules/work/hardware-configuration.nix | 41 | ||||
| -rw-r--r-- | modules/work/home-manager.nix | 81 | ||||
| -rw-r--r-- | modules/work/networking.nix | 87 | ||||
| -rw-r--r-- | modules/work/secrets.nix | 13 |
5 files changed, 0 insertions, 272 deletions
diff --git a/modules/work/default.nix b/modules/work/default.nix deleted file mode 100644 index af28423..0000000 --- a/modules/work/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, pkgs, ... }: -{ - imports = [ - ../core - ../hyprland.nix - - ./hardware-configuration.nix - ./home-manager.nix - ./networking.nix - ./secrets.nix - ]; - - system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix - - users.users.jras.extraGroups = [ "networkmanager" "docker" ]; - security.sudo.wheelNeedsPassword = lib.mkForce true; - - time.timeZone = "Europe/Amsterdam"; - - virtualisation.docker = { - enable = true; - enableOnBoot = true; - }; - - virtualisation.virtualbox = { - host.enable = true; - host.enableKvm = false; - }; - - users.extraGroups.vboxusers.members = [ "jras" ]; - - - hardware.bluetooth.enable = true; - hardware.bluetooth.powerOnBoot = true; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - services.libinput.mouse.accelProfile = "flat"; - services.libinput.mouse.accelSpeed = "-5"; - services.upower.enable = true; - - services.xserver.xkb = { - layout = "us"; - variant = ""; - }; - - programs.gnupg.agent.enable = true; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gnome3; -} diff --git a/modules/work/hardware-configuration.nix b/modules/work/hardware-configuration.nix deleted file mode 100644 index 9c8c4b1..0000000 --- a/modules/work/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/df469cf1-1acc-4bf4-86e1-ec368e5a96a1"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-0f6e3603-084c-4438-9749-36b31b6f226a".device = "/dev/disk/by-uuid/0f6e3603-084c-4438-9749-36b31b6f226a"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/F0E6-4DF3"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/work/home-manager.nix b/modules/work/home-manager.nix deleted file mode 100644 index c3ee4d9..0000000 --- a/modules/work/home-manager.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ lib, pkgs, inputs, ... }: -{ - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.jras = { - imports = [ - ../home-manager/core - - ../home-manager/hyprland.nix - ../home-manager/hostnet.nix - ../home-manager/php.nix - ../home-manager/ansible.nix - ../home-manager/python.nix - ]; - - home.username = "jras"; - home.homeDirectory = "/home/jras"; - home.stateVersion = "22.11"; - home.sessionPath = [ "$HOME/.local/bin" ]; - - home.packages = with pkgs; [ - slack - moonlight-qt - brightnessctl - google-chrome - ]; - - programs.git = { - userName = "Jasper Ras"; - userEmail = lib.mkForce "jras@hostnet.nl"; - extraConfig = { gitreview.username = "jrasper"; }; - ignores = [ - ".direnv" - ".envrc" - ".project" - ".settings/" - ".buildpath" - "tags" - ".hhconfig" - ".DS_Store" - ".idea/" - ".vagrant/" - "*.swp" - "clover.xml" - "yarn-error.log" - "gsuite-auth.json" - "venv/" - "shell.nix" - - ".devenv*" - "devenv*" - ".pre-commit-config.yaml" - ]; - }; - - programs.zsh.initExtra = '' - eval "$(dircolors)" - ''; - programs.zsh.shellAliases = { - ssh = "TERM=xterm-256color ssh"; - }; - - programs.pyenv.enable = true; - programs.pyenv.enableZshIntegration = true; - programs.ssh = { - controlMaster = "auto"; - controlPersist = "12h"; - serverAliveInterval = 11; - matchBlocks = { - "*.g1i.one".user = "jasras"; - "*.os1.openstack.group.one".user = "jasras"; - "*.one.com".user = "jasras"; - "91.184.16.185".port = 12345; - "*.compute.prv.vps1-testpod-cph3.one.com".forwardAgent = true; - "access.*.one.com".forwardAgent = true; - "access.*.g1i.one".forwardAgent = true; - }; - }; - }; -} diff --git a/modules/work/networking.nix b/modules/work/networking.nix deleted file mode 100644 index 99ba8d7..0000000 --- a/modules/work/networking.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ pkgs, config, ... }: -{ - environment.systemPackages = with pkgs; [ - networkmanager-openvpn - ]; - - networking.hostName = "work"; - networking.networkmanager.enable = true; - networking.networkmanager.dns = "systemd-resolved"; - networking.nameservers = [ "1.1.1.1" ]; - - services.openvpn.servers = { - ghostnet = { - config = '' - client - remote 185.57.9.6 1194 - cert ${config.age.secrets.ghostnet-cert.path} - key ${config.age.secrets.ghostnet-key.path} - ca ${config.age.secrets.ghostnet-ca.path} - auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path} - reneg-sec 0 - cipher AES-256-CBC - comp-lzo adaptive - dev tun - proto udp - remote-cert-tls server - tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1 - nobind - auth-nocache - script-security 2 - persist-key - persist-tun - user nm-openvpn - group nm-openvpn - ''; - updateResolvConf = false; - autoStart = false; - }; - systems = { - config = '' - client - remote 'vpn-v2.one.com' - cert '${config.age.secrets.systems-cert.path}' - key '${config.age.secrets.systems-key.path}' - ca '${config.age.secrets.systems-ca.path}' - cipher AES-128-CBC - comp-lzo adaptive - dev tun - proto udp - port 1200 - remote-cert-tls server - tls-auth '${config.age.secrets.systems-tls-auth.path}' 1 - nobind - auth-nocache - script-security 2 - persist-key - persist-tun - user nm-openvpn - group nm-openvpn - ''; - updateResolvConf = false; - autoStart = false; - }; - }; - - programs.update-systemd-resolved.servers = { - ghostnet = { - includeAutomatically = true; - settings = { - routeOnlyDomains = [ "hostnetbv.nl." ]; - defaultRoute = false; - multicastDNS = "no"; - dnsOverTLS = "opportunistic"; - dnssec = "no"; - }; - }; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ "1.1.1.1" ]; - dnsovertls = "opportunistic"; - llmnr = "true"; - }; -} diff --git a/modules/work/secrets.nix b/modules/work/secrets.nix deleted file mode 100644 index d13599d..0000000 --- a/modules/work/secrets.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - age.secrets.ghostnet-cert.file = ../../secrets/ghostnet-cert.age; - age.secrets.ghostnet-key.file = ../../secrets/ghostnet-key.age; - age.secrets.ghostnet-ca.file = ../../secrets/ghostnet-ca.age; - age.secrets.ghostnet-tls-auth.file = ../../secrets/ghostnet-tls-auth.age; - age.secrets.ghostnet-auth-user-pass.file = ../../secrets/ghostnet-auth-user-pass.age; - - age.secrets.systems-cert.file = ../../secrets/systems-cert.age; - age.secrets.systems-key.file = ../../secrets/systems-key.age; - age.secrets.systems-ca.file = ../../secrets/systems-ca.age; - age.secrets.systems-tls-auth.file = ../../secrets/systems-tls-auth.age; -} |