diff --git a/home/default.nix b/home/default.nix index f908838..b721ef3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -67,7 +67,12 @@ tflint kubectl kustomize - kubernetes-helm + (wrapHelm kubernetes-helm { + plugins = with kubernetes-helmPlugins; [ + helm-diff + helm-secrets + ]; + }) helmfile stern kubeswitch diff --git a/nixos/configuration.nix b/nixos/configuration.nix deleted file mode 100644 index 404d0b7..0000000 --- a/nixos/configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./repo/server.nix - ./repo/default-hardware.nix - ./repo/desktop-sway.nix - ./repo/users.nix - ]; - - system.stateVersion = "21.05"; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-unstable"; - - # boot - boot.zfs.requestEncryptionCredentials = []; # list -> default: true - always request for password - - # -------- - # specifical this maschine: - # -------- - - networking.hostId = "/etc/machine-id"; # zfs needed - networking.hostName = "nixos"; # Define your hostname. - # cryptsetup - # boot.initrd.luks.enable = true; - boot.initrd.luks.devices = { - "croot" = { - device = "/dev/disk/by-uuid/e75385e9-b733-49d4-91fd-6ac2fa821195" ; - }; - }; -} - diff --git a/nixos/default-container.nix b/nixos/default-container.nix deleted file mode 100644 index dec116d..0000000 --- a/nixos/default-container.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [./default.nix]; - system.stateVersion = "22.05"; -} - diff --git a/nixos/desktop-cage.nix b/nixos/desktop-cage.nix deleted file mode 100644 index 446d2c4..0000000 --- a/nixos/desktop-cage.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -{ - imports = [./desktop.nix]; - - systemd.network.networks.eth = { - matchConfig.Name = "en*"; - DHCP = "ipv4"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = true; - }; - }; - - services.cage = { - enable = true; - extraArguments = [ - "-d" - ]; - }; -} diff --git a/nixos/desktop/cage.nix b/nixos/desktop/cage.nix new file mode 100644 index 0000000..6da6d6f --- /dev/null +++ b/nixos/desktop/cage.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + imports = [ + ./default.nix + ../hardware/network.nix + ]; + + services.cage = { + enable = true; + extraArguments = [ + "-d" + ]; + }; +} diff --git a/nixos/desktop.nix b/nixos/desktop/default.nix similarity index 100% rename from nixos/desktop.nix rename to nixos/desktop/default.nix diff --git a/nixos/desktop-gnome.nix b/nixos/desktop/gnome.nix similarity index 96% rename from nixos/desktop-gnome.nix rename to nixos/desktop/gnome.nix index 021e679..2672079 100644 --- a/nixos/desktop-gnome.nix +++ b/nixos/desktop/gnome.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { - imports = [./desktop.nix]; + imports = [./default.nix]; services.xserver = { enable = true; diff --git a/nixos/desktop-sway.nix b/nixos/desktop/sway.nix similarity index 52% rename from nixos/desktop-sway.nix rename to nixos/desktop/sway.nix index e6ae170..64ef95f 100644 --- a/nixos/desktop-sway.nix +++ b/nixos/desktop/sway.nix @@ -1,70 +1,9 @@ { pkgs, ... }: { - imports = [./desktop.nix]; - - systemd.network.networks.wifi = { - matchConfig = { - Name = "wlan0"; - SSID = [ - "!HotoHo-v6" - ]; - }; - DHCP = "ipv4"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = true; - }; - }; - systemd.network.networks.wifi-v6 = { - matchConfig = { - Name = "wlan0"; - SSID = [ - "urbanForest-v6" - ]; - }; - networkConfig = { - DNSSEC = false; - IPv6AcceptRA = true; - IPv6PrivacyExtensions = true; - }; - }; - systemd.network.networks.wifi-unsec = { - matchConfig = { - Name = "wlan0"; - SSID = [ - "wanderverein" # fake to keep - # "urbanForest" - ]; - }; - DHCP = "ipv4"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = true; - DNSSEC = false; - DNS = [ - "2001:4860:4860::8888" - "8.8.8.8" - ]; - }; - dhcpV4Config = { - UseDomains = false; - UseDNS = false; - }; - dhcpV6Config = { - UseDNS = false; - }; - ipv6AcceptRAConfig = { - UseDNS = false; - }; - }; - systemd.network.networks.eth = { - matchConfig.Name = "enp*"; - DHCP = "ipv4"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = true; - }; - }; + imports = [ + ./default.nix + ../hardware/network.nix + ]; services.greetd = { enable = true; diff --git a/nixos/default-hardware.nix b/nixos/hardware/default.nix similarity index 97% rename from nixos/default-hardware.nix rename to nixos/hardware/default.nix index 9fdf319..8ea40ba 100644 --- a/nixos/default-hardware.nix +++ b/nixos/hardware/default.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - imports = [./default.nix]; + imports = [../default.nix]; # boot boot.loader.systemd-boot.enable = true; diff --git a/nixos/hw-intel.nix b/nixos/hardware/intel.nix similarity index 87% rename from nixos/hw-intel.nix rename to nixos/hardware/intel.nix index 61135c5..598ebb5 100644 --- a/nixos/hw-intel.nix +++ b/nixos/hardware/intel.nix @@ -1,5 +1,9 @@ {pkgs, ...}: { + imports = [ + ./default.nix + ]; + hardware.opengl = { enable = true; extraPackages = with pkgs; [ diff --git a/nixos/hardware/network.nix b/nixos/hardware/network.nix new file mode 100644 index 0000000..e0b5ece --- /dev/null +++ b/nixos/hardware/network.nix @@ -0,0 +1,70 @@ +{ pkgs, ... }: +{ + imports = [ + ./default.nix + ]; + + systemd.network.networks.wifi = { + matchConfig = { + Name = "wlan0"; + SSID = [ + "!HotoHo-v6" + ]; + }; + DHCP = "ipv4"; + networkConfig = { + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + }; + }; + systemd.network.networks.wifi-v6 = { + matchConfig = { + Name = "wlan0"; + SSID = [ + "urbanForest-v6" + ]; + }; + networkConfig = { + DNSSEC = false; + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + }; + }; + systemd.network.networks.wifi-unsec = { + matchConfig = { + Name = "wlan0"; + SSID = [ + "wanderverein" # fake to keep + # "urbanForest" + ]; + }; + DHCP = "ipv4"; + networkConfig = { + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + DNSSEC = false; + DNS = [ + "2001:4860:4860::8888" + "8.8.8.8" + ]; + }; + dhcpV4Config = { + UseDomains = false; + UseDNS = false; + }; + dhcpV6Config = { + UseDNS = false; + }; + ipv6AcceptRAConfig = { + UseDNS = false; + }; + }; + systemd.network.networks.eth = { + matchConfig.Name = "en*"; + DHCP = "ipv4"; + networkConfig = { + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + }; + }; +} \ No newline at end of file diff --git a/nixos/k3s/default.nix b/nixos/k3s/default.nix index 16f3997..3f25c3e 100644 --- a/nixos/k3s/default.nix +++ b/nixos/k3s/default.nix @@ -11,7 +11,7 @@ enable = true; role = "server"; extraFlags = toString [ - "--disable traefik" # manuelle ... with ipv6 enable + "--disable traefik,metrics-server" # manuelle ... with ipv6 enable ]; }; systemd.services.k3s = { diff --git a/nixos/server.nix b/nixos/server.nix deleted file mode 100644 index 9fc6d49..0000000 --- a/nixos/server.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - # enable monitoring - services.prometheus.exporters.node = { - enable = true; - openFirewall = true; - enabledCollectors = [ "systemd" ]; - }; -} diff --git a/nixos/users.nix b/nixos/users.nix deleted file mode 100644 index 7fc182d..0000000 --- a/nixos/users.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, config, ... }: -{ - users.groups.genofire = { - gid = 1021; - }; - users.users.genofire = { - uid = 1021; - home = "/home/genofire"; - group = "genofire"; - extraGroups = ["wheel"]; - isNormalUser = true; - useDefaultShell = true; - # shell = pkgs.nushell; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOr9wE3i1+Cl/06WOf0/6OjxsOnN7veV3LZcWgtHkcS genofire@fireYubi" - ]; - }; -}