diff --git a/flake/hosts.nix b/flake/hosts.nix index a0ec121..d66a6a0 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -15,25 +15,29 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "openssh" - "localisation" - "gnupg" - "shell" - "desktop" - "sway" - "greeter" - "printing" - "networkmanager" - "docker" - "tailscale" - "nix-ld" - "yubikey" - "calibre" - "gaming" - "direnv" - "neovim" - "dev" + "bootloader" "claude" + "desktop" + "dev" + "direnv" + "docker" + "gaming" + "git" + "gnupg" + "localisation" + "neovim" + "networkmanager" + "nix-ld" + "nix-settings" + "onepassword" + "openssh" + "power" + "printing" + "shell" + "sway" + "tailscale" + "udev" + "zsh" ]; }; @@ -41,27 +45,30 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "openssh" - "localisation" - "gnupg" - "shell" - "desktop" - "sway" - "greeter" - "printing" - "networkmanager" - "docker" - "tailscale" - "nix-ld" - "yubikey" - "calibre" - "gaming" - "initrd-ssh" - "direnv" - "neovim" - "dev" + "bootloader" "claude" + "desktop" + "dev" + "direnv" + "docker" + "gaming" + "git" + "gnupg" "harmonia" + "initrd-ssh" + "localisation" + "neovim" + "networkmanager" + "nix-ld" + "nix-settings" + "onepassword" + "openssh" + "printing" + "shell" + "sway" + "tailscale" + "udev" + "zsh" ]; }; @@ -70,7 +77,9 @@ in system = "x86_64-linux"; user = "matej"; features = [ + "nix-settings" "openssh" + "zsh" ]; }; @@ -78,11 +87,14 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "openssh" + "bootloader" "localisation" + "nix-settings" + "openssh" + "remote-base" "shell" "tailscale" - "remote-base" + "zsh" ]; }; @@ -91,12 +103,14 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "openssh" + "filedrop" "localisation" + "nix-settings" + "openssh" + "remote-base" "shell" "tailscale" - "remote-base" - "filedrop" + "zsh" ]; }; @@ -104,14 +118,15 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "localisation" + "bootloader" + "desktop" "gnupg" - "shell-minimal" - "desktop-minimal" - "sway" - "greeter" + "localisation" "networkmanager" - "yubikey" + "nix-settings" + "sway" + "udev" + "zsh" ]; }; @@ -119,16 +134,18 @@ in system = "x86_64-linux"; user = "matej"; features = [ - "openssh" - "localisation" - "gnupg" - "shell" - "vm-guest" - "vm-9p-automount" - "docker" - "neovim" "claude" "dev" + "docker" + "git" + "gnupg" + "localisation" + "neovim" + "nix-settings" + "openssh" + "shell" + "vm-guest" + "zsh" ]; }; }; diff --git a/hosts/cube/configuration.nix b/hosts/cube/configuration.nix index 98d9f67..e985332 100644 --- a/hosts/cube/configuration.nix +++ b/hosts/cube/configuration.nix @@ -2,9 +2,6 @@ { imports = [ inputs.disko.nixosModules.disko ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - disko.devices.disk.main = { type = "disk"; device = "/dev/nvme0n1"; @@ -32,10 +29,5 @@ }; }; - localisation = { - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; - }; - system.stateVersion = "25.11"; } diff --git a/hosts/ephvm/configuration.nix b/hosts/ephvm/configuration.nix index 775d276..a5ece44 100644 --- a/hosts/ephvm/configuration.nix +++ b/hosts/ephvm/configuration.nix @@ -5,6 +5,7 @@ ... }: { + features.nix-settings.towerCache.enable = false; # no hardware firmware needed in a VM hardware.enableRedistributableFirmware = lib.mkForce false; hardware.wirelessRegulatoryDatabase = lib.mkForce false; @@ -28,18 +29,12 @@ ); }; - vm-guest.headless = true; - - vm-9p-automount.user = "matej"; - - localisation = { - timeZone = "UTC"; - defaultLocale = "en_US.UTF-8"; - }; - - home-manager.users.matej = { - neovim.dotfiles = inputs.nvim; + features.vm-guest.headless = true; + features.vm-guest.automount = { + enable = true; + user = "matej"; }; + features.neovim.dotfiles = inputs.nvim; # ensure .config exists with correct ownership before automount systemd.tmpfiles.rules = [ "d /home/matej/.config 0755 matej users -" ]; diff --git a/hosts/floo/configuration.nix b/hosts/floo/configuration.nix index dde1d29..ae82b71 100644 --- a/hosts/floo/configuration.nix +++ b/hosts/floo/configuration.nix @@ -2,6 +2,8 @@ { imports = [ inputs.disko.nixosModules.disko ]; + features.filedrop.sopsFile = ../../secrets/floo.yaml; + boot.loader.grub.enable = true; disko.devices.disk.main = { @@ -26,10 +28,5 @@ }; }; - localisation = { - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; - }; - system.stateVersion = "25.11"; } diff --git a/hosts/fortress/configuration.nix b/hosts/fortress/configuration.nix index c5e1195..9558331 100644 --- a/hosts/fortress/configuration.nix +++ b/hosts/fortress/configuration.nix @@ -10,13 +10,11 @@ inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series ]; - localisation = { - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; + features.desktop = { + apps.enable = false; + internalCA.enable = false; }; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + features.gnupg.yubikey.enable = true; disko.devices.disk.main = { type = "disk"; diff --git a/hosts/fw16/configuration.nix b/hosts/fw16/configuration.nix index f19b3a8..88c6c40 100644 --- a/hosts/fw16/configuration.nix +++ b/hosts/fw16/configuration.nix @@ -1,8 +1,7 @@ { lib, - pkgs, - inputs, options, + inputs, ... }: @@ -11,37 +10,22 @@ inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series ]; - localisation = { - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; + features.desktop.bluetooth.enable = true; + features.gnupg.yubikey.enable = true; + features.udev = { + ledger.enable = true; + keyboard-zsa.enable = true; }; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + features.power.resumeDevice = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540"; boot.kernelParams = [ "pcie_aspm.policy=powersupersave" ]; - boot.resumeDevice = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540"; - - services.logind.settings.Login = { - HandleLidSwitch = "suspend-then-hibernate"; - HandlePowerKey = "suspend-then-hibernate"; - IdleAction = "suspend-then-hibernate"; - IdleActionSec = "15min"; - }; - - systemd.sleep.settings.Sleep = { - HibernateDelaySec = "30min"; - }; - programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; services.gnome.gnome-keyring.enable = true; services.teamviewer.enable = true; services.hardware.bolt.enable = true; - hardware.keyboard.zsa.enable = true; - hardware.ledger.enable = true; hardware.bluetooth.powerOnBoot = true; hardware.inputmodule.enable = true; diff --git a/hosts/iso/configuration.nix b/hosts/iso/configuration.nix index 6a7b733..d306305 100644 --- a/hosts/iso/configuration.nix +++ b/hosts/iso/configuration.nix @@ -1,15 +1,13 @@ -{ lib, ... }: +{ lib, userKeys, ... }: { + features.nix-settings.towerCache.enable = false; image.modules.iso-installer = { isoImage.squashfsCompression = "zstd -Xcompression-level 6"; }; # live iso: passwordless login and sudo users.users.matej.initialHashedPassword = ""; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" - ]; + users.users.root.openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; security.sudo.wheelNeedsPassword = false; diff --git a/hosts/tower/configuration.nix b/hosts/tower/configuration.nix index 617831c..6c8e7b5 100644 --- a/hosts/tower/configuration.nix +++ b/hosts/tower/configuration.nix @@ -1,38 +1,28 @@ { config, - lib, - inputs, userKeys, ... }: { - imports = [ - inputs.lanzaboote.nixosModules.lanzaboote - ]; + features.nix-settings.towerCache.enable = false; + features.bootloader.mode = "lanzaboote"; + features.desktop.bluetooth.enable = true; + features.gnupg.yubikey.enable = true; + features.udev = { + ledger.enable = true; + keyboard-zsa.enable = true; + }; + features.initrd-ssh = { + networkModule = "r8169"; + authorizedKeys = userKeys.sshAuthorizedKeys; + }; # nix store signing sops.secrets.nix-signing-key.sopsFile = ../../secrets/tower.yaml; nix.settings.secret-key-files = [ config.sops.secrets.nix-signing-key.path ]; - localisation = { - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; - }; - - initrd-ssh = { - networkModule = "r8169"; - authorizedKeys = userKeys.sshAuthorizedKeys; - }; - - # lanzaboote secure boot boot.kernelParams = [ "btusb.reset=1" ]; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; services.udisks2.enable = true;