heavy refactorings

flake.nix

@@ -322,6 +322,7 @@
           sternchen = nixosConfigurationSetup {
             name = "sternchen";
             host = "sternchen.secret";
+            #host = "192.168.178.25";
             modules = [
               nixos-hardware.nixosModules.lenovo-thinkpad-x220
               homeManagerModules

nixos/components/gui/cups.nix

@@ -0,0 +1,28 @@
+{ config, lib, ... }:
+with lib;
+{
+
+  options.components.gui.cups.enable = mkOption {
+    type = lib.types.bool;
+    default = config.components.gui.enable;
+  };
+
+  config = mkIf (config.components.gui.cups.enable) {
+
+    hardware.printers.ensurePrinters = [
+      {
+        description = "Lexmark E350d";
+        deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
+        location = "office";
+        name = "Lexmark_E350d";
+        model = "drv:///sample.drv/generic.ppd";
+        ppdOptions = {
+          job-sheets = "none, none";
+          media = "na_letter_8.5x11in";
+          sides = "one-sided";
+        };
+      }
+    ];
+
+  };
+}

nixos/components/gui/default.nix

@@ -9,6 +9,7 @@ with lib;
     # todo : structure with home-manager and such is not cool, create another structure
     ./audio.nix
     ./browser.nix
+    ./cups.nix
     ./fonts.nix
     ./home-manager
     ./kmonad.nix

nixos/components/network/tinc/secret.nix

@@ -9,10 +9,11 @@
 let
   port = 721;
   hosts = {
-    sternchen = "10.123.42.25";
-    sterni = "10.123.42.24";
+    cherry = "10.123.42.29";
     cream = "10.123.42.27";
     robi = "10.123.42.123";
+    sternchen = "10.123.42.25";
+    sterni = "10.123.42.24";
   };
   network = "secret";
 in
@@ -35,6 +36,10 @@ in
           subnets = [{ address = hosts.cream; }];
           settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
         };
+        cherry = {
+          subnets = [{ address = hosts.cherry; }];
+          settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
+        };
         sterni = {
           subnets = [{ address = hosts.sterni; }];
           settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";

nixos/components/terminal/zsh.nix

@@ -8,6 +8,9 @@ with lib;
 
   config = mkIf (config.components.terminal.zsh.enable) {
 
+    # root uses zsh on default
+    users.users.root.shell = pkgs.zsh;
+
     programs.zsh = {
 
       enable = true;

nixos/homes/palo/default.nix

@@ -9,6 +9,7 @@
     ./packages
     ./ssh.nix
     ./stylix.nix
+    ./tmux.nix
     ./vim.nix
     ./yubikey.nix
     ./zellij.nix

nixos/homes/palo/packages/development.nix

@@ -7,102 +7,44 @@ with lib;
 
     (mkIf config.gui.enable {
 
-      home.packages =
-        let
+      home.packages = [
 
-          # to make copilot work
-          # jetbrains.pycharm-professional
-          #fhsPyCharm = pkgs.buildFHSUserEnv {
-          #  name = "pycharm";
-          #  targetPkgs = pkgs: (with pkgs; [
-          #    black
-          #    isort
-          #    #unstable.jetbrains.pycharm-professional
-          #    jetbrains.pycharm-professional
-          #    python311
-          #    pipenv
-          #    zlib # needed for NumPy
-          #    nodejs
-          #    git
-          #  ]);
-          #  runScript = "pycharm-professional";
-          #};
+        # general
+        unstable.jetbrains.idea-ultimate
+        #vscode
 
-          # jetbrains.datagrip
-          #fhsDataGrip = pkgs.buildFHSUserEnv {
-          #  name = "datagrip";
-          #  targetPkgs = pkgs: (with pkgs; [
-          #    unstable.jetbrains.datagrip
-          #  ]);
-          #  runScript = "datagrip";
-          #};
+        jetbrains.mps
 
-          #fhsClion = pkgs.buildFHSUserEnv {
-          #  name = "clion";
-          #  targetPkgs = pkgs: (with pkgs; [
-          #    unstable.jetbrains.clion
-          #  ]);
-          #  runScript = "clion";
-          #};
+        unstable.jetbrains.datagrip
 
-        in
-        [
+        # Rust
+        # ----
+        unstable.jetbrains.clion
+        gcc
+        rustup
 
-          # general
-          unstable.jetbrains.idea-ultimate
-          #vscode
+        # Python
+        # ------
+        unstable.jetbrains.pycharm-professional
 
-          jetbrains.mps
+        # planing
+        ((ganttproject-bin.override {
+          jre = pkgs.openjdk11;
+        }).overrideAttrs (old: {
+          version = "3.1.3100";
+          src = pkgs.fetchzip {
+            url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
+            sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
+          };
+        }))
 
-          unstable.jetbrains.datagrip
-          #fhsDataGrip
-          #(pkgs.makeDesktopItem {
-          #  name = "datagrip";
-          #  desktopName = "DataGrip";
-          #  exec = "${fhsDataGrip}/bin/datagrip";
-          #  terminal = false;
-          #})
+        mermaid-cli
 
-          # Rust
-          unstable.jetbrains.clion
-          #fhsClion
-          #(pkgs.makeDesktopItem {
-          #  name = "clion";
-          #  desktopName = "Clion";
-          #  exec = "${fhsClion}/bin/clion";
-          #  terminal = false;
-          #})
-          gcc
-          rustup
-
-          # python
-
-          unstable.jetbrains.pycharm-professional
-          #fhsPyCharm
-          #(pkgs.makeDesktopItem {
-          #  name = "pycharm";
-          #  desktopName = "PyCharm";
-          #  exec = "${fhsPyCharm}/bin/pycharm";
-          #  terminal = false;
-          #})
-
-          # planing
-          ((ganttproject-bin.override {
-            jre = pkgs.openjdk11;
-          }).overrideAttrs (old: {
-            version = "3.1.3100";
-            src = pkgs.fetchzip {
-              url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
-              sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
-            };
-          }))
-
-          mermaid-cli
-
-        ];
+      ];
     })
     {
 
+
       home.packages =
         let
           pandocScript = { inputFormat, outputFormat }:
@@ -116,7 +58,7 @@ with lib;
         in
         [
 
-          # smoke
+          lnav
 
           tmux
 
@@ -160,6 +102,16 @@ with lib;
           nixpkgs-fmt
           treefmt
 
+
+          (pkgs.writers.writeBashBin "ssl-check-cert-of-domain" ''
+            DOMAIN=$1
+            echo | \
+            ${pkgs.openssl}/bin/openssl s_client -servername ''${DOMAIN} -connect ''${DOMAIN}:443 2>/dev/null | \
+            ${pkgs.openssl}/bin/openssl x509 -text | \
+            ${pkgs.less}/bin/less
+          '')
+
+
         ] ++ (map pandocScript (lib.cartesianProductOfSets {
           inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
           outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];

nixos/homes/palo/tmux.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+with pkgs;
+{
+  programs.tmux = {
+    enable = true;
+    aggressiveResize = true;
+    baseIndex = 1;
+    clock24 = true;
+    historyLimit = 150000;
+    keyMode = "vi";
+    mouse = true;
+    secureSocket = true;
+  };
+}

nixos/homes/root/default.nix

@@ -4,4 +4,5 @@
     ../palo/doom-emacs.nix
   ];
   gui.enable = false;
+
 }

nixos/machines/cherry/configuration.nix

@@ -3,16 +3,13 @@
 
   imports = [
 
-    ../../modules
     ../../components
+    ../../modules
 
-    ./disko-config.nix
-    ./hardware-configuration.nix
+    ./hardware-configuration
 
     ./syncthing.nix
-    ./cups.nix
     ./tinc.nix
-    #./tinc_retiolum.nix
 
     ./qemu.nix
     ./wireguard.nix

nixos/machines/cherry/cups.nix

@@ -1,16 +0,0 @@
-{
-  hardware.printers.ensurePrinters = [
-    {
-      description = "Lexmark E350d";
-      deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
-      location = "office";
-      name = "Lexmark_E350d";
-      model = "drv:///sample.drv/generic.ppd";
-      ppdOptions = {
-        job-sheets = "none, none";
-        media = "na_letter_8.5x11in";
-        sides = "one-sided";
-      };
-    }
-  ];
-}

nixos/machines/cherry/hardware-configuration/default.nix

@@ -0,0 +1,26 @@
+{ lib, config, ... }:
+{
+  imports = [
+    ./disko-config.nix
+    ./hardware-configuration.nix
+  ];
+
+  boot.tmp.useTmpfs = true;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # ZFS stuff
+  # ---------
+  boot.supportedFilesystems = [ "zfs" ];
+  # head -c4 /dev/urandom | od -A none -t x4
+  networking.hostId = "59e38471";
+  services.zfs.autoSnapshot.enable = true;
+
+  # todo not needed anymore if srvos is used
+  # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
+  # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
+  services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
+    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
+  '';
+
+}

nixos/machines/cherry/hardware-configuration/disko-config.nix

@@ -1,24 +1,6 @@
-# nix run github:nix-community/disko -- --mode zap_create_mount ./disko-config.nix
-# nixos-generate-config --no-filesystems --root /mnt
 { config, lib, ... }:
 {
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
-
-  # ZFS stuff
-  # ---------
-  boot.supportedFilesystems = [ "zfs" ];
-  # head -c4 /dev/urandom | od -A none -t x4
-  networking.hostId = "59e38471";
-  services.zfs.autoSnapshot.enable = true;
-  # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
-  # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
-  services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
-  '';
-
   # disko configuration
   # -------------------
   disko.devices = {

nixos/machines/chungus/configuration.nix

@@ -84,8 +84,6 @@
 
   networking.hostName = "chungus";
 
-  users.users.root.shell = pkgs.zsh;
-
   hardware.opengl = {
     enable = true;
     extraPackages = with pkgs; [

nixos/machines/cream/configuration.nix

@@ -9,7 +9,6 @@
     ./hardware-configuration.nix
 
     ./syncthing.nix
-    ./cups.nix
     ./tinc.nix
     ./tinc_retiolum.nix
 

nixos/machines/cream/cups.nix

@@ -1,16 +0,0 @@
-{
-  hardware.printers.ensurePrinters = [
-    {
-      description = "Lexmark E350d";
-      deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
-      location = "office";
-      name = "Lexmark_E350d";
-      model = "drv:///sample.drv/generic.ppd";
-      ppdOptions = {
-        job-sheets = "none, none";
-        media = "na_letter_8.5x11in";
-        sides = "one-sided";
-      };
-    }
-  ];
-}

nixos/machines/orbi/configuration.nix

@@ -52,21 +52,17 @@
 
   networking.hostName = "orbi";
 
+
   components.terminal.enable = true;
   components.mainUser.enable = true;
   components.gui.enable = false;
   components.network.enable = true;
   components.network.wifi.enable = false;
 
-  users.users.root.shell = pkgs.zsh;
-
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "contact@ingolf-wagner.de";
 
+  # todo create your own
   sops.defaultSopsFile = ../../secrets/robi.yaml;
 
-  services.smartd.enable = true;
-
-
-
 }

nixos/machines/orbi/hardware-configuration/default.nix

@@ -34,6 +34,8 @@ in
     ./hardware-configuration.nix
   ];
 
+  services.smartd.enable = true;
+
   # Use GRUB2 as the boot loader.
   # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
   boot.loader.grub = {

nixos/machines/orbi/hardware-configuration/disko-config.nix

@@ -4,7 +4,6 @@ let
   disks = [ "sda" "sdb" ];
 in
 {
-
   disko.devices = {
     disk =
       lib.genAttrs disks (disk: {

nixos/machines/robi/configuration.nix

@@ -66,11 +66,6 @@
 
   services.sshguard.enable = true;
 
-  # Shell configuration
-  # -------------------
-  #programs.custom. zsh.enable = true;
-  users.users.root.shell = pkgs.zsh;
-
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "contact@ingolf-wagner.de";
 

nixos/machines/sternchen/configuration.nix

@@ -11,8 +11,6 @@
     ./syncthing.nix
     ./tinc.nix
 
-    ./cups.nix
-
   ];
 
   sops.defaultSopsFile = ../../secrets/sternchen.yaml;

nixos/machines/sternchen/cups.nix

@@ -1,16 +0,0 @@
-{
-  hardware.printers.ensurePrinters = [
-    {
-      description = "Lexmark E350d";
-      deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
-      location = "office";
-      name = "Lexmark_E350d";
-      model = "drv:///sample.drv/generic.ppd";
-      ppdOptions = {
-        job-sheets = "none, none";
-        media = "na_letter_8.5x11in";
-        sides = "one-sided";
-      };
-    }
-  ];
-}