too much to mention

config/nixos/common/server.nix

@@ -1,4 +1,28 @@
 { config, pkgs, ... }:
 {
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };
 
+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [ ];
+  };
 }

config/nixos/common/workstation.nix

@@ -24,4 +24,40 @@
     alsa.support32Bit = true;
     pulse.enable = true;
   };
+
+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+    ];
+  };
+
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = true;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };
 }

config/nixos/configuration.nix

@@ -1,13 +1,22 @@
-{ config, pkgs, ... }:
 {
-  imports = [
-    ./packages/default.nix
-    ./virtualization.nix
-    ./users.nix
-    ./flatpak.nix
-    ./hosts.nix
-    ./yubikey.nix
-  ];
+  config,
+  pkgs,
+  lib,
+  isServer ? false,
+  isWorkstation ? false,
+  ...
+}:
+{
+  imports =
+    [
+      ./packages/common/default.nix
+      ./users.nix
+      ./hosts.nix
+      ./yubikey.nix
+    ]
+    # Include packages based on whether this is a server or workstation.
+    ++ lib.optional isServer ./packages/server/default.nix
+    ++ lib.optional isWorkstation ./packages/workstation/default.nix;
 
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
@@ -16,8 +25,8 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
 
   # Enable experimental nix-command flakes
   nix = {
@@ -27,6 +36,9 @@
     '';
   };
 
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
 
@@ -49,33 +61,6 @@
 
   services.tailscale.enable = true;
 
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # Enable the OpenSSH daemon.
-  # services.openssh = {
-  #   enable = true;
-  #   port = 400;
-  #   permitRootLogin = "no";
-  #   passwordAuthentication = false;
-  #   pubkeyAuthentication = true;
-  # };
-
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      3389
-      3390
-      3391
-    ];
-    allowedUDPPorts = [
-      3389
-      3390
-      3391
-    ];
-  };
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

config/nixos/flake.nix

@@ -16,6 +16,10 @@
             ./common/workstation.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = true;
+            isServer = false;
+          };
         };
         "mennos-gamingpc" = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
@@ -24,14 +28,22 @@
             ./common/workstation.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = true;
+            isServer = false;
+          };
         };
-        "mennos-desktop" = nixpkgs.lib.nixosSystem {
+        "mennos-server" = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           modules = [
-            ./hardware/mennos-desktop.nix
+            ./hardware/mennos-server.nix
             ./common/server.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = false;
+            isServer = true;
+          };
         };
       };
     };

config/nixos/hardware/mennos-server.nix

@@ -21,23 +21,10 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1356cd09-5c55-45b5-8b06-6aadc84cee37";
+    device = "/dev/disk/by-uuid/010484c7-457e-4953-8712-5e81275e57f4";
     fsType = "ext4";
   };
 
-  boot.initrd.luks.devices."luks-32bf1c42-e6ef-4fb8-9b76-8bb13b9ea155".device = "/dev/disk/by-uuid/32bf1c42-e6ef-4fb8-9b76-8bb13b9ea155";
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CD6B-8910";
-    fsType = "vfat";
-    options = [
-      "fmask=0077"
-      "dmask=0077"
-    ];
-  };
-
-  swapDevices = [ ];
-
   # Enable OpenGL
   hardware.opengl = {
     enable = true;
@@ -82,7 +69,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  networking.hostName = "mennos-desktop";
+  networking.hostName = "mennos-server";
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

config/nixos/packages/common/default.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  imports = [ ./virtualization.nix ];
+}

config/nixos/packages/workstation/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./steam.nix
+    ./1password.nix
+    ./flatpak.nix
+  ];
+}