Merge branch 'master' of github.com:pniedzwiedzinski/dots

7 files changed, 234 insertions, 38 deletions

diff --git a/machines/base.nix b/machines/base.nix
index 035ee59..f89738c 100755
--- a/machines/base.nix
+++ b/machines/base.nix
@@ -4,10 +4,10 @@
 {
 
   imports = [
-    ../modules/nur.nix
-    ../users/pn.nix
+     ../modules/nur.nix
+  #  ../users/pn.nix
     ../modules/doas.nix
-    ../modules/internet.nix
+  #  ../modules/internet.nix
   ];
 
   boot.cleanTmpDir = true;
diff --git a/machines/srv3/configuration.nix b/machines/srv3/configuration.nix
index 09ae394..73c20db 100644
--- a/machines/srv3/configuration.nix
+++ b/machines/srv3/configuration.nix
@@ -77,7 +77,7 @@ in
   services.sshguard = {
     enable = true;
     whitelist = [
-      "192.168.0.0/18"
+      "192.168.1.0/24"
     ];
   };
 
@@ -120,16 +120,6 @@ in
       forceSSL = true;
       root = "${www}/pics.niedzwiedzinski.cyou";
     };
-    "rss.srv3.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      extraConfig = ''
-        modsecurity_rules '
-          SecRuleEngine On
-          SecRule ARGS:u "@rx life[-_]*hack(s)?" "id:1234,deny,status:403"
-        ';
-      '';
-    };
     "tmp.niedzwiedzinski.cyou" = {
       enableACME = true;
       addSSL = true;
@@ -167,32 +157,9 @@ in
   security.acme.defaults.email = "pniedzwiedzinski19@gmail.com";
   security.acme.acceptTerms = true;
 
-  networking.firewall.allowedTCPPorts = [ 53 80 443 config.services.molly-brown.settings.Port ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
   networking.firewall.allowedUDPPorts = [ 53 ];
 
-  services.molly-brown = {
-    hostName = "niedzwiedzinski.cyou";
-    enable = true;
-    certPath = "/var/lib/acme/niedzwiedzinski.cyou/cert.pem";
-    keyPath = "/var/lib/acme/niedzwiedzinski.cyou/key.pem";
-    docBase = "${www}/niedzwiedzinski.cyou";
-  };
-
-  systemd = {
-    services.molly-brown.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."niedzwiedzinski.cyou".group ];
-  };
-
-  services.rss-bridge = {
-    enable = true;
-    virtualHost = "rss.srv3.niedzwiedzinski.cyou";
-    whitelist = [
-      "Instagram"
-      "Soundcloud"
-      "Facebook"
-    ];
-  };
-
-
   virtualisation.docker.enable = true;
 
   users = {
diff --git a/machines/x220-gnome/configuration.nix b/machines/x220-gnome/configuration.nix
new file mode 100644
index 0000000..ea23c3e
--- /dev/null
+++ b/machines/x220-gnome/configuration.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+	imports =
+		[ # Include the results of the hardware scan.
+		../base.nix
+		./gnome.nix
+		./pass.nix
+		./hardware-configuration.nix
+		./pn.nix
+		];
+
+# Enable networking
+	networking.networkmanager.enable = true;
+
+# Set your time zone.
+	time.timeZone = "Europe/Warsaw";
+
+# Select internationalisation properties.
+	i18n.defaultLocale = "en_US.UTF-8";
+
+	i18n.extraLocaleSettings = {
+		LC_ALL = "en_US.UTF-8";
+		LC_ADDRESS = "en_US.UTF-8";
+		LC_IDENTIFICATION = "en_US.UTF-8";
+		LC_MEASUREMENT = "en_US.UTF-8";
+		LC_MONETARY = "en_US.UTF-8";
+		LC_NAME = "en_US.UTF-8";
+		LC_NUMERIC = "en_US.UTF-8";
+		LC_PAPER = "en_US.UTF-8";
+		LC_TELEPHONE = "en_US.UTF-8";
+		LC_TIME = "en_US.UTF-8";
+	};
+
+	programs.vim.defaultEditor = true;
+	programs.nano.enable = false;
+	programs.git.enable = true;
+
+# Allow unfree packages
+	nixpkgs.config.allowUnfree = true;
+	nix.settings.experimental-features = [ "flakes" "nix-command" ];
+
+# List packages installed in system profile. To search, run:
+# $ nix search wget
+	environment.systemPackages = with pkgs; [
+#  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+#  wget
+	];
+
+# Some programs need SUID wrappers, can be configured further or are
+# started in user sessions.
+# programs.mtr.enable = true;
+# programs.gnupg.agent = {
+#   enable = true;
+#   enableSSHSupport = true;
+# };
+
+
+# Open ports in the firewall.
+# networking.firewall.allowedTCPPorts = [ ... ];
+# networking.firewall.allowedUDPPorts = [ ... ];
+# Or disable the firewall altogether.
+# networking.firewall.enable = false;
+
+
+# This value determines the NixOS release from which the default
+# settings for stateful data, like file locations and database versions
+# on your system were taken. It‘s perfectly fine and recommended to leave
+# this value at the release version of the first install of this system.
+# Before changing this value read the documentation for this option
+# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+	system.stateVersion = "24.05"; # Did you read the comment?
+
+}
diff --git a/machines/x220-gnome/gnome.nix b/machines/x220-gnome/gnome.nix
new file mode 100644
index 0000000..e0d5f7c
--- /dev/null
+++ b/machines/x220-gnome/gnome.nix
@@ -0,0 +1,68 @@
+{ pkgs, ... }:
+{
+# Enable the X11 windowing system.
+	services.xserver.enable = true;
+
+# Enable the GNOME Desktop Environment.
+	services.xserver.displayManager.gdm.enable = true;
+	services.xserver.desktopManager.gnome.enable = true;
+	services.xserver.desktopManager.xterm.enable = false;
+	services.xserver.excludePackages = [ pkgs.xterm ];
+
+	environment.gnome.excludePackages = with pkgs.gnome; [
+		pkgs.epiphany
+		baobab totem yelp file-roller seahorse gnome-clocks pkgs.gnome-connections
+			pkgs.gnome-tour
+	];
+
+	services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
+		[org.gnome.shell]
+		favorite-apps = [ "brave-browser.desktop", "org.gnome.Geary.desktop", "org.gnome.Nautilus.desktop" ]
+
+		[org.gnome.desktop.wm.keybindings]
+		close = ["<Super>q"]
+
+		[org.gnome.settings-daemon.plugins.media-keys]
+		custom-keybindings = ["org/gnome/settings-daemon/plugins/media-keys/custom0/"]
+
+		[org.gnome.settings-daemon.plugins.media-keys.custom0]
+		binding = ["<Super><Enter>"]
+		command = ["kgx"]
+		name = ["GNOME Console"]
+	'';
+
+# Configure keymap in X11
+	services.xserver = {
+		layout = "pl";
+		xkbVariant = "";
+	};
+
+# Configure console keymap
+	console.keyMap = "pl2";
+
+# Enable CUPS to print documents.
+	services.printing.enable = true;
+
+# Enable sound with pipewire.
+	hardware.pulseaudio.enable = false;
+	security.rtkit.enable = true;
+	services.pipewire = {
+		enable = true;
+		alsa.enable = true;
+		alsa.support32Bit = true;
+		pulse.enable = true;
+# If you want to use JACK applications, uncomment this
+#jack.enable = true;
+
+# use the example session manager (no others are packaged yet so this is enabled by default,
+# no need to redefine it in your config for now)
+#media-session.enable = true;
+	};
+
+	environment.systemPackages = with pkgs; [
+		libnotify
+		brave
+	];
+
+	documentation.nixos.enable = false;
+}
diff --git a/machines/x220-gnome/hardware-configuration.nix b/machines/x220-gnome/hardware-configuration.nix
new file mode 100644
index 0000000..7db32ec
--- /dev/null
+++ b/machines/x220-gnome/hardware-configuration.nix
@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices."luks-9f3a316a-7177-4122-a4f5-03fbd375d6e1".device = "/dev/disk/by-uuid/9f3a316a-7177-4122-a4f5-03fbd375d6e1";
+  networking.hostName = "nixos"; # Define your hostname.
+ 
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/01db2679-e134-4870-b503-a0e616432175";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-8a50e0b7-d2a7-4b0c-b092-9194536cae41".device = "/dev/disk/by-uuid/8a50e0b7-d2a7-4b0c-b092-9194536cae41";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D259-64AC";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a7366f52-418f-47a7-bb29-fbd394d559ee"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwp0s29u1u4i6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/x220-gnome/pass.nix b/machines/x220-gnome/pass.nix
new file mode 100644
index 0000000..c781746
--- /dev/null
+++ b/machines/x220-gnome/pass.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+	environment.systemPackages = with pkgs; [
+		pkgs.pass-wayland
+	];
+	
+	programs.browserpass.enable = true;
+
+	programs.gnupg.agent = {
+		enable = true;
+		pinentryPackage = pkgs.pinentry-gnome3;
+		enableSSHSupport = true;
+	};
+
+	environment.variables = {
+		PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+	};
+}
diff --git a/machines/x220-gnome/pn.nix b/machines/x220-gnome/pn.nix
new file mode 100644
index 0000000..add63cd
--- /dev/null
+++ b/machines/x220-gnome/pn.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+
+
+
+
+	users.users.pn = {
+		isNormalUser = true;
+		description = "Patryk Niedzwiedzinski";
+		extraGroups = [ "networkmanager" "wheel" ];
+		packages = with pkgs; [
+			gnomeExtensions.gsconnect
+		];
+	};
+	
+
+
+}