folder restructur

home/default.nix

@@ -67,7 +67,12 @@
 		tflint
 		kubectl
 		kustomize
-		kubernetes-helm
+		(wrapHelm kubernetes-helm {
+			plugins = with kubernetes-helmPlugins; [
+				helm-diff
+				helm-secrets
+			];
+		})
 		helmfile
 		stern
 		kubeswitch

nixos/configuration.nix

@@ -1,35 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-{
-	imports = [
-		./hardware-configuration.nix
-		./repo/server.nix
-		./repo/default-hardware.nix
-		./repo/desktop-sway.nix
-		./repo/users.nix
-	];
-
-	system.stateVersion = "21.05";
-	system.autoUpgrade.channel = "https://nixos.org/channels/nixos-unstable";
-
-	# boot
-	boot.zfs.requestEncryptionCredentials = []; # list -> default: true - always request for password
-
-	# --------
-	# specifical this maschine:
-	# --------
-
-	networking.hostId = "/etc/machine-id"; # zfs needed
-	networking.hostName = "nixos"; # Define your hostname.
-	# cryptsetup
-	# boot.initrd.luks.enable = true;
-	boot.initrd.luks.devices = {
-		"croot" = {
-			device = "/dev/disk/by-uuid/e75385e9-b733-49d4-91fd-6ac2fa821195" ;
-		};
-	};
-}
-

nixos/default-container.nix

@@ -1,5 +0,0 @@
-{
-	imports = [./default.nix];
-	system.stateVersion = "22.05";
-}
-

nixos/desktop-cage.nix

@@ -1,20 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [./desktop.nix];
-
-  systemd.network.networks.eth = {
-    matchConfig.Name = "en*";
-    DHCP = "ipv4";
-    networkConfig = {
-      IPv6AcceptRA = true;
-      IPv6PrivacyExtensions = true;
-    };
-  };
-
-  services.cage = {
-    enable = true;
-    extraArguments = [
-      "-d"
-    ];
-  };
-}

nixos/desktop/cage.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./default.nix
+    ../hardware/network.nix
+  ];
+
+  services.cage = {
+    enable = true;
+    extraArguments = [
+      "-d"
+    ];
+  };
+}

nixos/desktop/gnome.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-	imports = [./desktop.nix];
+	imports = [./default.nix];
 
 	services.xserver = {
 		enable = true;

nixos/desktop/sway.nix

@@ -1,70 +1,9 @@
 { pkgs, ... }:
 {
-	imports = [./desktop.nix];
-
-	systemd.network.networks.wifi = {
-		matchConfig = {
-			Name = "wlan0";
-			SSID = [
-				"!HotoHo-v6"
-			];
-		};
-		DHCP = "ipv4";
-		networkConfig = {
-			IPv6AcceptRA = true;
-			IPv6PrivacyExtensions = true;
-		};
-	};
-	systemd.network.networks.wifi-v6 = {
-		matchConfig = {
-			Name = "wlan0";
-			SSID = [
-				"urbanForest-v6"
-			];
-		};
-		networkConfig = {
-			DNSSEC = false;
-			IPv6AcceptRA = true;
-			IPv6PrivacyExtensions = true;
-		};
-	};
-	systemd.network.networks.wifi-unsec = {
-		matchConfig = {
-			Name = "wlan0";
-			SSID = [
-				"wanderverein" # fake to keep
-			#	"urbanForest"
-			];
-		};
-		DHCP = "ipv4";
-		networkConfig = {
-			IPv6AcceptRA = true;
-			IPv6PrivacyExtensions = true;
-			DNSSEC = false;
-			DNS = [
-				"2001:4860:4860::8888"
-				"8.8.8.8"
-			];
-		};
-		dhcpV4Config = {
-			UseDomains = false;
-			UseDNS = false;
-		};
-		dhcpV6Config = {
-			UseDNS = false;
-		};
-		ipv6AcceptRAConfig = {
-			UseDNS = false;
-		};
-	};
-	systemd.network.networks.eth = {
-		matchConfig.Name = "enp*";
-		DHCP = "ipv4";
-		networkConfig = {
-			IPv6AcceptRA = true;
-			IPv6PrivacyExtensions = true;
-		};
-	};
+	imports = [
+		./default.nix
+		../hardware/network.nix
+	];
 
 	services.greetd = {
 	  enable = true;

nixos/hardware/default.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 {
-	imports = [./default.nix];
+	imports = [../default.nix];
 
 	# boot
 	boot.loader.systemd-boot.enable = true;

nixos/hardware/intel.nix

@@ -1,5 +1,9 @@
 {pkgs, ...}:
 {
+  imports = [
+    ./default.nix
+  ];
+
 	hardware.opengl = {
 		enable = true;
 		extraPackages = with pkgs; [

nixos/hardware/network.nix

@@ -0,0 +1,70 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./default.nix
+  ];
+
+	systemd.network.networks.wifi = {
+		matchConfig = {
+			Name = "wlan0";
+			SSID = [
+				"!HotoHo-v6"
+			];
+		};
+		DHCP = "ipv4";
+		networkConfig = {
+			IPv6AcceptRA = true;
+			IPv6PrivacyExtensions = true;
+		};
+	};
+	systemd.network.networks.wifi-v6 = {
+		matchConfig = {
+			Name = "wlan0";
+			SSID = [
+				"urbanForest-v6"
+			];
+		};
+		networkConfig = {
+			DNSSEC = false;
+			IPv6AcceptRA = true;
+			IPv6PrivacyExtensions = true;
+		};
+	};
+	systemd.network.networks.wifi-unsec = {
+		matchConfig = {
+			Name = "wlan0";
+			SSID = [
+				"wanderverein" # fake to keep
+			#	"urbanForest"
+			];
+		};
+		DHCP = "ipv4";
+		networkConfig = {
+			IPv6AcceptRA = true;
+			IPv6PrivacyExtensions = true;
+			DNSSEC = false;
+			DNS = [
+				"2001:4860:4860::8888"
+				"8.8.8.8"
+			];
+		};
+		dhcpV4Config = {
+			UseDomains = false;
+			UseDNS = false;
+		};
+		dhcpV6Config = {
+			UseDNS = false;
+		};
+		ipv6AcceptRAConfig = {
+			UseDNS = false;
+		};
+	};
+	systemd.network.networks.eth = {
+		matchConfig.Name = "en*";
+		DHCP = "ipv4";
+		networkConfig = {
+			IPv6AcceptRA = true;
+			IPv6PrivacyExtensions = true;
+		};
+	};
+}

nixos/k3s/default.nix

@@ -11,7 +11,7 @@
     enable = true;
     role = "server";
     extraFlags = toString [
-      "--disable traefik" # manuelle ... with ipv6 enable
+      "--disable traefik,metrics-server" # manuelle ... with ipv6 enable
     ];
   };
   systemd.services.k3s = {

nixos/server.nix

@@ -1,8 +0,0 @@
-{
-	# enable monitoring
-	services.prometheus.exporters.node = {
-		enable = true;
-		openFirewall = true;
-		enabledCollectors = [ "systemd" ];
-	};
-}

nixos/users.nix

@@ -1,18 +0,0 @@
-{pkgs, config, ... }:
-{
-	users.groups.genofire = {
-		gid = 1021;
-	};
-	users.users.genofire = {
-		uid = 1021;
-		home = "/home/genofire";
-		group = "genofire";
-		extraGroups = ["wheel"];
-		isNormalUser = true;
-		useDefaultShell = true;
-		# shell = pkgs.nushell;
-		openssh.authorizedKeys.keys = [
-			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOr9wE3i1+Cl/06WOf0/6OjxsOnN7veV3LZcWgtHkcS genofire@fireYubi"
-		];
-	};
-}