reconfigure sternchen

flake.nix

@@ -281,6 +281,15 @@
 
       nixosConfigurations =
         {
+          sternchen = nixosConfigurationSetup {
+            name = "sternchen";
+            modules = [
+              nixos-hardware.nixosModules.lenovo-thinkpad-x220
+              #retiolum.nixosModules.retiolum
+              #private_assets.nixosModules.jobrad
+              homeManagerModules
+            ];
+          };
           sterni = nixosConfigurationSetup {
             name = "sterni";
             modules = [

nixos/components/network/tinc/secret.nix

@@ -33,7 +33,7 @@ in
         };
         cream = {
           subnets = [{ address = hosts.cream; }];
-          settings.Ed25519PublicKey = "";
+          settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
         };
         sterni = {
           subnets = [{ address = hosts.sterni; }];
@@ -65,6 +65,10 @@ in
   networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
 
   services.openssh.knownHosts = {
+    "cream.${network}" = {
+      hostNames = [ "cream.${network}" hosts.cream ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
+    };
     "sternchen.${network}" = {
       hostNames = [ "sterni.${network}" hosts.sterni ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";

nixos/machines/sternchen/configuration.nix

@@ -11,15 +11,19 @@
 
   ];
 
-
-  home-manager.users.mainUser.home.git-pull.enable = false;
-
   sops.defaultSopsFile = ../../secrets/sternchen.yaml;
   networking.hostName = "sternchen";
 
+  components.gui.enable = true;
+  components.terminal.enable = true;
+  components.network.enable = true;
+  components.network.wifi.enable = true;
+  components.mainUser.enable = true;
+  users.users.mainUser.extraGroups = [ "adbusers" "video" ];
+  home-manager.users.mainUser.home.git-pull.enable = false;
   system.custom.mainUser.userName = "tina";
 
-  system.custom.wifi.interfaces = [ "wlp3s0" ];
+  #system.custom.wifi.interfaces = [ "wlp3s0" ];
 
   security.wrappers = {
     pmount = {
@@ -37,7 +41,7 @@
   };
 
   programs.custom.steam.enable = false;
-  programs.custom.video.enable = true;
+  programs.custom.video.enable = false;
 
   # keyboard fiddling
   i18n.defaultLocale = "de_DE.UTF-8";
@@ -45,7 +49,7 @@
   services.xserver.layout = "de,us";
 
   system.custom.suspend.enable = false;
-  services.printing.enable = true;
+  services.printing.enable = false;
 
   # fonts
   # -----
@@ -62,13 +66,13 @@
   # for congress and streaming
   hardware.opengl = {
     enable = true;
-    extraPackages = [ pkgs.vaapiIntel ];
+    #extraPackages = [ pkgs.vaapiIntel ];
     driSupport = true;
     driSupport32Bit = true;
   };
-  nixpkgs.config.packageOverrides = pkgs: {
+  #nixpkgs.config.packageOverrides = pkgs: {
-    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  #  vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-  };
+  #};
 
   services.xserver.displayManager.defaultSession = "plasma";
 
@@ -76,7 +80,6 @@
   services.xserver.desktopManager.xfce.enable = false;
   services.xserver.desktopManager.gnome.enable = false;
 
-
   services.xserver.desktopManager.cinnamon.enable = true;
   services.xserver.desktopManager.lxqt.enable = true;
   services.xserver.desktopManager.mate.enable = true;
@@ -93,13 +96,8 @@
     };
   };
 
-  # enable this to use sidequest
-  programs.adb.enable = false;
-  users.users.mainUser.extraGroups = [ "adbusers" "video" ];
-
   virtualisation = {
     docker.enable = false;
-
     virtualbox = {
       host.enable = false;
       guest.x11 = false;

nixos/machines/sternchen/packages.nix

@@ -40,6 +40,8 @@
     #synfigstudio
     valentina
 
+    vscode
+
     # kde programs
     okular
     ark

nixos/machines/sternchen/tinc.nix

@@ -1,18 +1,7 @@
-{ config, lib, pkgs, ... }:
+{ config, ... }:
-
-with lib;
-
 {
 
-  module.cluster.services.tinc = {
+  tinc.secret.enable = true;
-    "secret" = {
+  tinc.secret.ipv4 = "10.123.42.25";
-      enable = true;
-      openPort = true;
-      connectTo = [ "robi" ];
-    };
-  };
-
-  users.users."tinc.secret".group = "tinc.secret";
-  users.groups."tinc.secret" = { };
 
 }

nixos/machines/sternchen/wifi-access-point.nix

@@ -1,85 +0,0 @@
-{ lib, pkgs, ... }:
-
-let
-  wifi = "wlp0s29u1u2";
-  ipAddress = "10.123.145.1";
-  prefixLength = 24;
-  servedAddressRange = "10.123.145.2,10.123.145.150,12h";
-  ssid = "bumbumbum";
-  wifiPassword = lib.fileContents <secrets/wifi-access-point>;
-
-in
-{
-  # todo only open needed ports
-  networking.firewall.trustedInterfaces = [ wifi ];
-
-  networking.networkmanager.unmanaged = [ wifi ];
-  networking.dhcpcd.denyInterfaces = [ wifi ];
-
-  networking.interfaces."${wifi}".ipv4.addresses = [{
-    address = ipAddress;
-    prefixLength = prefixLength;
-  }];
-
-  # forward traffic coming in trough the access point => provide internet and vpn network access
-  # todo : forward to own servers
-  boot.kernel.sysctl = {
-    "net.ipv4.conf.${wifi}.forwarding" = true;
-    "net.ipv6.conf.${wifi}.forwarding" = true;
-  };
-
-  systemd.services.hostapd = {
-    description = "hostapd wireless AP";
-    path = [ pkgs.hostapd ];
-
-    # start manual
-    # wantedBy = [ "network.target" ];
-
-    after = [
-      "${wifi}-cfg.service"
-      "nat.service"
-      "bind.service"
-      "dhcpd.service"
-      "sys-subsystem-net-devices-${wifi}.device"
-    ];
-
-    serviceConfig = {
-      ExecStart = "${pkgs.hostapd}/bin/hostapd ${
-          pkgs.writeText "hostapd.conf" ''
-            interface=${wifi}
-            hw_mode=g
-            channel=10
-            ieee80211d=1
-            country_code=DE
-            ieee80211n=1
-            wmm_enabled=1
-
-            ssid=${ssid}
-            auth_algs=1
-            wpa=2
-            wpa_key_mgmt=WPA-PSK
-            rsn_pairwise=CCMP
-            wpa_passphrase=${wifiPassword}
-          ''
-        }";
-      Restart = "always";
-    };
-  };
-
-  services.dnsmasq = {
-    enable = true;
-    extraConfig = ''
-      # Only listen to routers' LAN NIC.  Doing so opens up tcp/udp port 53 to
-      # localhost and udp port 67 to world:
-      interface=${wifi}
-
-      # Explicitly specify the address to listen on
-      listen-address=${ipAddress}
-
-      # Dynamic range of IPs to make available to LAN PC and the lease time.
-      # Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
-      dhcp-range=${servedAddressRange}
-    '';
-  };
-
-}

nixos/machines/sterni/configuration.nix

@@ -26,7 +26,6 @@
   components.mainUser.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "video" ];
 
-  # todo
   programs.custom.steam.enable = false;
   programs.custom.video.enable = false;
   services.printing.enable = false;
@@ -86,7 +85,7 @@
   };
 
   # enable this to use sidequest
-  programs.adb.enable = true;
+  # programs.adb.enable = false;
 
   # for congress and streaming
   hardware.opengl = {