kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add wireguard and ssh to laptop

Browse Source
This commit is contained in:
Kopatz
2023-10-30 10:34:49 +01:00
parent 2a8c0aa33f
commit b254df662b
9 changed files with 246 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
laptop/configuration.nix Normal file
View File

@@ -0,0 +1,57 @@
{ config, pkgs, ... }:
{
imports =
[
./main.nix
];
services.xserver = {
layout = "at";
xkbVariant = "";
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
#geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
environment.systemPackages = with pkgs; [
wmctrl
gnome.mutter
gnome.adwaita-icon-theme
gnome.gnome-settings-daemon
gnome.gnome-tweaks
gnome.dconf-editor
gruvbox-gtk-theme
colloid-icon-theme
gnomeExtensions.appindicator
gnomeExtensions.just-perfection
gnomeExtensions.system-monitor
gnomeExtensions.dash2dock-lite
gnomeExtensions.dash-to-dock
gnomeExtensions.vitals
gnomeExtensions.rounded-window-corners
gnomeExtensions.wallpaper-switcher
gnomeExtensions.backslide
rofi
];
}

84
laptop/flake.lock generated
View File

@@ -1,6 +1,69 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@@ -38,6 +101,22 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1697226376,
"narHash": "sha256-cumLLb1QOUtWieUnLGqo+ylNt3+fU8Lcv5Zl+tYbRUE=",
@@ -55,9 +134,10 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
}
}
},

21
laptop/flake.nix
View File

@@ -14,6 +14,7 @@
# Official NixOS package source
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
agenix.url = "github:ryantm/agenix";
# home-manager, used for managing user configuration
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
@@ -35,7 +36,7 @@
#
# The `@` syntax here is used to alias the attribute set of the
# inputs's parameter, making it convenient to use inside the function.
outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: {
outputs = { self, nixpkgs, nixos-hardware, agenix, ... }@inputs: {
nixosConfigurations = {
# By default, NixOS will try to refer the nixosConfiguration with
# its hostname, so the system named `nixos-test` will use this one.
@@ -48,8 +49,8 @@
# Run the following command in the flake's directory to
# deploy this configuration on any NixOS system:
# sudo nixos-rebuild switch --flake .#nixos-test
"nix-laptop" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
#"nix-laptop" = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# The Nix module system can modularize configuration,
# improving the maintainability of configuration.
@@ -90,15 +91,15 @@
# you must use `specialArgs` by uncomment the following line:
#
# specialArgs = {...}; # pass custom arguments into all sub module.
modules = [
# modules = [
# Import the configuration.nix here, so that the
# old configuration file can still take effect.
# Note: configuration.nix itself is also a Nix Module,
./configuration.nix
nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
];
};
# ./configuration.nix
# nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
#
# ];
#};
"nix-laptop-no-gpu" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
@@ -107,7 +108,9 @@
# Note: configuration.nix itself is also a Nix Module,
./configuration.nix
nixos-hardware.nixosModules.dell-xps-15-7590
agenix.nixosModules.default
];
specialArgs = { inherit inputs; };
};
};
};

9
laptop/main.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{ config, pkgs, inputs, ... }:
let
keepassWithPlugins = pkgs.keepass.override {
@@ -17,7 +17,9 @@ in
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./battery.nix
./modules/battery.nix
./modules/ssh.nix
#./modules/wireguard.nix
## -- set in flake.nix
#<nixos-hardware/dell/xps/15-7590/nvidia>
#<home-manager/nixos>
@@ -32,7 +34,7 @@ in
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nix-laptop"; # Define your hostname.
networking.hostName = "nix-laptop-no-gpu"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Enable networking
@@ -165,6 +167,7 @@ in
xclip
usbutils
bun
inputs.agenix.packages."x86_64-linux".default
insomnia
#podman-compose
#arion # docker

0
laptop/battery.nix → laptop/modules/battery.nix
View File

11
laptop/modules/ssh.nix Normal file
View File

@@ -0,0 +1,11 @@
{
services.openssh = {
enable = true;
ports = [];
openFirewall = false;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}

52
laptop/modules/wireguard.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, pkgs, lib, inputs, ... }:
{
age.secrets.wireguard-private = {
file = ../secrets/wireguard-private.age;
};
systemd.network = {
enable = true;
netdevs."10-wg0" = {
enable = true;
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets.wireguard-private.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"192.168.2.0/24"
];
Endpoint = "kopatz.ddns.net:51820";
PersistentKeepalive = 25;
PublicKey = "vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=";
};
}
];
};
networks.wg0 = {
# See also man systemd.network
matchConfig.Name = "wg0";
# IP addresses the client interface will have
address = [
"192.168.2.22/24"
];
#DHCP = "no";
#dns = [ "fc00::53" ];
#ntp = [ "fc00::123" ];
#gateway = [
# "fc00::1"
# "10.100.0.1"
#];
networkConfig = {
IPv6AcceptRA = false;
};
};
};
}

9
laptop/secrets/secrets.nix Normal file
View File

@@ -0,0 +1,9 @@
let
laptop-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXJG+MciJHOKSPGkrmVB/+TmWA6GNvXI6IAEkt5wNzV root@nix-laptop-no-gpu";
users = [ laptop-user ];
systems = [ laptop ];
in
{
"wireguard-private.age".publicKeys = [ laptop-user laptop ];
}

17
laptop/secrets/wireguard-private.age Normal file
View File

@@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa zcSrWQ
X93O3oelY/N4csMrck2RAzRqD2F3vEePsZvpZCr1Jbs9Ea+UR1P8bTwmEK53XOg4
gvsx/d7gv7f1cL4R/LuiyQ/gZKgkPCMkAaNznQUDu6Q6qJ91c/jCzN0hdPvJsa6G
s6rjRS+mjdYSD/2IDUosWX6nkt9VJcva8HD2uxwoX217Ks7hrcaQ22UHhry7kls7
IjHTFyHHjiqjeGRZP4oWNm8LnxHz2+LVTOkdX8fWtHHe5e5UvuVrhfzx/CmVfPJf
0Ee6twVUombJyC0nLgyX0/LwesZjfCOY1iR2gwG0OK3MfF+dgBR8dxjjsVxNAtaY
+IQ/w04PzZ0Zlg+7AaLbTfEkAXwYkMSGjIwr0YpZTPvDd3LWW1/Byt0SGG1YhNhx
1SZWRuXqNG5cbqfthU+Khu6sA9IdKSYzVk3D31PDhazwIjivMkTtUfBo8naXRyiD
VSCUur9JcLyjRa3dSb6utdS3wrqhvxicg3D1VhmCazLcQdv3mIDX7oVS+4Daa8en
-> ssh-ed25519 KEcJCg VLmMM1HKI5JuY4mRovnMtyPgbg7Tj4U46P8ZwC28SQk
7s72phSR6EssIqjC+2maJqoePNBV2bWnH39tXRKj/gA
-> U/-grease q5+ $z
I188
--- b8nzBdKkVwZwJ/X/IUNga+qEODawJx45kRsogRptke0
š{XíÔÕŠ Þ)×´tcà³ÙÇWx Çb¹øþ