too much to mention

README.md

@@ -1,37 +1,65 @@
 # Setup
 
-Follow the steps below to setup your environment.
+This dotfiles is intended to be used with NixOS 24.05
+Please install a clean version of NixOS GNOME and then follow the steps below.
 
-## Begin here
+## Installation
+
+### 0. Install NixOS
+
+Either install GNOME or Minimal depending on if you intend to setup a server or desktop.
 
 ### 1. Clone dotfiles to home directory
 
-You should probably already have this cloned in your home directory but if you don't you can clone it with the following command.
+Clone the repository to your home directory, you can do this by opening a shell with git installed.
 
 ```bash
-git clone ssh://od.mvl.sh/dotfiles ~/dotfiles
+nixos-shell -p git
+git clone https://git.mvl.sh/vleeuwenmenno/dotfiles.git ~/dotfiles
+exit
 ```
 
-### 2. Prepare shell
+### 2. Run `setup.sh`
 
-You can run the setup.sh in the dotfiles folder to install all the necessary packages.
+You can run the setup.sh in the dotfiles folder to setup the system.
+This will prompt you to give a hostname for the system. For things to properly work you should ensure this repository contains the relevant assets for the hostname you provide.
+
+In case you're setting up a new system you could use any of the existing hostnames in the `nconfig/nixos/hardware/` folder.
+Afterwards you should adopt the pre-generated configuration under `/etc/nixos/hardware-configuration.nix` to the repository and change the hostname to anything you like.
 
 ```bash
 cd ~/dotfiles && ./setup.sh
 ```
 
-### 3. Run `dotf update`
+### 3. Reboot
 
-This should fix all the symlinks and install all the necessary packages.
+It's probably a good idea that you either reboot or log out and log back in to make sure all the changes are applied.
-Afterwards you should restart your shell.
 
-This should also set your terminal and default shell to zsh so make sure to restart or just reboot your system.
+```bash
+# sudo reboot
+```
+
+### 4. Run `dotf update`
+
+Run the `dotf update` command, although nixos-rebuild and home-manager already ran the dotf cli didn't yet place proper symlinks for everything.
 
 ```bash
 dotf update
 ```
 
-### 4. Reboot
+### 5. Setup 1Password
+
+1Password is installed but you need to login and enable the SSH agent and CLI components under the settings before continuing.
+
+### 6. Decrypt secrets
+
+Now that you've got 1Password setup you can decrypt the secrets needed for various applications.
+
+```bash
+dotf secrets decrypt
+```
+
+### 7. Reboot
 
 After you have done all the steps above you should reboot your system to make sure everything is working as intended.
 
@@ -39,14 +67,21 @@ After you have done all the steps above you should reboot your system to make su
 # sudo reboot
 ```
 
-### 5. Secrets + 1Password
+## Adding a new system
 
-Since 1Password has been installed you can open it.
+### Paths in the repository
-Secrets won't be able to decrypt until you have logged in on 1Password and enabled Developer tools under the settings.
 
-## Install extra packages
+Here are some paths that contain files named after the hostname of the system.
+If you add a new system you should add the relevant files to these paths.
 
-After you've got the first part done and you have `dotf` installed you can install extra packages.
+- `nconfig/nixos/hardware/`: Contains the hardware configurations for the different systems.
-Check the [packages](packages.md) file for more information.
+- `config/ssh/authorized_keys`: Contains the public keys per hostname that will be symlinked to the `~/.ssh/authorized_keys` file.
+- `config/nixos/flake.nix`: Contains an array `nixosConfigurations` where you should be adding the new system hostname and relevant configuration.
 
-You can also have a look at [gnome-extensions](gnome-extensions.md) for some gnome extensions that I use.
+### Adding a new system
+
+To add a new system you should follow these steps:
+
+1. Add the relevant files shown in the section above.
+2. Ensure you've either updated or added the `$HOME/.hostname` file with the hostname of the system.
+3. Run `dotf update` to ensure the symlinks are properly updated/created.

config/config.yaml

@@ -22,7 +22,7 @@ config:
     u2f:
       sources:
         mennos-laptop: ~/dotfiles/secrets/yubico/u2f.work.keys
-        mennos-desktop: ~/dotfiles/secrets/yubico/u2f.personal.keys
+        mennos-server: ~/dotfiles/secrets/yubico/u2f.personal.keys
         mennos-gamingpc: ~/dotfiles/secrets/yubico/u2f.personal.keys
         homeserver-pc: ~/dotfiles/secrets/yubico/u2f.personal.keys
       target: ~/.config/Yubico/u2f_keys
@@ -50,7 +50,7 @@ config:
     ssh_authorized_keys:
       sources:
         mennos-laptop: ~/dotfiles/config/ssh/authorized_keys/mennos-laptop
-        mennos-desktop: ~/dotfiles/config/ssh/authorized_keys/mennos-desktop
+        mennos-server: ~/dotfiles/config/ssh/authorized_keys/mennos-server
         mennos-gamingpc: ~/dotfiles/config/ssh/authorized_keys/mennos-gamingpc
         homeserver-pc: ~/dotfiles/config/ssh/authorized_keys/homeserver-pc
       target: ~/.ssh/authorized_keys

config/nixos/common/server.nix

@@ -1,4 +1,28 @@
 { config, pkgs, ... }:
 {
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };
 
+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [ ];
+  };
 }

config/nixos/common/workstation.nix

@@ -24,4 +24,40 @@
     alsa.support32Bit = true;
     pulse.enable = true;
   };
+
+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+    ];
+  };
+
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = true;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };
 }

config/nixos/configuration.nix

@@ -1,13 +1,22 @@
-{ config, pkgs, ... }:
 {
-  imports = [
+  config,
-    ./packages/default.nix
+  pkgs,
-    ./virtualization.nix
+  lib,
-    ./users.nix
+  isServer ? false,
-    ./flatpak.nix
+  isWorkstation ? false,
-    ./hosts.nix
+  ...
-    ./yubikey.nix
+}:
-  ];
+{
+  imports =
+    [
+      ./packages/common/default.nix
+      ./users.nix
+      ./hosts.nix
+      ./yubikey.nix
+    ]
+    # Include packages based on whether this is a server or workstation.
+    ++ lib.optional isServer ./packages/server/default.nix
+    ++ lib.optional isWorkstation ./packages/workstation/default.nix;
 
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
@@ -16,8 +25,8 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # Set your time zone.
+  # Allow unfree packages
-  time.timeZone = "Europe/Amsterdam";
+  nixpkgs.config.allowUnfree = true;
 
   # Enable experimental nix-command flakes
   nix = {
@@ -27,6 +36,9 @@
     '';
   };
 
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
 
@@ -49,33 +61,6 @@
 
   services.tailscale.enable = true;
 
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # Enable the OpenSSH daemon.
-  # services.openssh = {
-  #   enable = true;
-  #   port = 400;
-  #   permitRootLogin = "no";
-  #   passwordAuthentication = false;
-  #   pubkeyAuthentication = true;
-  # };
-
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      3389
-      3390
-      3391
-    ];
-    allowedUDPPorts = [
-      3389
-      3390
-      3391
-    ];
-  };
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

config/nixos/flake.nix

@@ -16,6 +16,10 @@
             ./common/workstation.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = true;
+            isServer = false;
+          };
         };
         "mennos-gamingpc" = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
@@ -24,14 +28,22 @@
             ./common/workstation.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = true;
+            isServer = false;
+          };
         };
-        "mennos-desktop" = nixpkgs.lib.nixosSystem {
+        "mennos-server" = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           modules = [
-            ./hardware/mennos-desktop.nix
+            ./hardware/mennos-server.nix
             ./common/server.nix
             ./configuration.nix
           ];
+          specialArgs = {
+            isWorkstation = false;
+            isServer = true;
+          };
         };
       };
     };

config/nixos/hardware/mennos-server.nix

@@ -21,23 +21,10 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1356cd09-5c55-45b5-8b06-6aadc84cee37";
+    device = "/dev/disk/by-uuid/010484c7-457e-4953-8712-5e81275e57f4";
     fsType = "ext4";
   };
 
-  boot.initrd.luks.devices."luks-32bf1c42-e6ef-4fb8-9b76-8bb13b9ea155".device = "/dev/disk/by-uuid/32bf1c42-e6ef-4fb8-9b76-8bb13b9ea155";
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CD6B-8910";
-    fsType = "vfat";
-    options = [
-      "fmask=0077"
-      "dmask=0077"
-    ];
-  };
-
-  swapDevices = [ ];
-
   # Enable OpenGL
   hardware.opengl = {
     enable = true;
@@ -82,7 +69,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  networking.hostName = "mennos-desktop";
+  networking.hostName = "mennos-server";
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

config/nixos/packages/common/default.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  imports = [ ./virtualization.nix ];
+}

config/nixos/packages/workstation/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./steam.nix
+    ./1password.nix
+    ./flatpak.nix
+  ];
+}

config/ssh/authorized_keys/mennos-gamingpc

@@ -1,2 +1,2 @@
-# This is the authrorized_keys file for the user mennos-desktop
+# This is the authrorized_keys file for the user mennos-gamingpc
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr

config/ssh/authorized_keys/mennos-server

@@ -1,2 +1,2 @@
-# This is the authrorized_keys file for the user mennos-desktop
+# This is the authrorized_keys file for the user mennos-server
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr

setup.sh

@@ -1,37 +1,64 @@
 #!/usr/bin/env bash
 
-# Check if nixos-version is available
+NIXOS_RELEASE=24.05
-if [ -x "$(command -v nixos-version)" ]; then
-    echo "Detected NixOS, skipping Nix setup."
-    return
-else 
-    echo "NixOS not detected, installing Nix..."
-    sh <(curl -L https://nixos.org/nix/install) --daemon
-fi
 
-# Check if home-manager is available
+# Check if $HOME/.dotfiles-setup exists, if so exit because setup has already been run
-if [ -x "$(command -v home-manager)" ]; then
+if [ -f $HOME/.dotfiles-setup ]; then
-    echo "Detected Home Manager, did you setup everything already!?"
+    echo "Setup has already been run, exiting..."
-    echo "You should only run ./setup.sh once, re-running this could do damage."
     exit 0
 fi
 
-# Link .bashrc
+# Check if nixos-version is available
-rm -rf $HOME/.bashrc
+ensure_nixos() {
-ln -s $HOME/dotfiles/.bashrc $HOME/.bashrc
+    if [ -x "$(command -v nixos-version)" ]; then
+        echo "Detected NixOS, skipping Nix setup."
+        return
+    else 
+        echo "NixOS not detected, installing Nix..."
+        sh <(curl -L https://nixos.org/nix/install) --daemon
+    fi
+}
 
-# Install home-manager
+setup_symlinks() {
-sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager
+    # Link .bashrc
-sudo nix-channel --update
+    rm -rf $HOME/.bashrc
-sudo nix-shell '<home-manager>' -A install
+    ln -s $HOME/dotfiles/.bashrc $HOME/.bashrc
-nix-shell '<home-manager>' -A install
 
-# Link proper home-manager configs
+    # Link proper home-manager configs
-rm -rf ~/.config/home-manager
+    rm -rf ~/.config/home-manager
-ln -s $HOME/dotfiles/config/home-manager ~/.config/home-manager
+    ln -s $HOME/dotfiles/config/home-manager ~/.config/home-manager
 
-# Link proper nixos configs
+    # Link proper nixos configs
-sudo ln -s $HOME/dotfiles/config/nixos/configuration.nix /etc/nixos/configuration.nix
+    sudo ln -s $HOME/dotfiles/config/nixos/configuration.nix /etc/nixos/configuration.nix
+}
+
+install_home_manager() {
+    sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-$NIXOS_RELEASE.tar.gz home-manager
+    sudo nix-channel --update
+    sudo nix-shell '<home-manager>' -A install
+    nix-shell '<home-manager>' -A install
+}
+
+prepare_hostname() {
+    # Ask the user what hostname this machine should have
+    echo "Enter the hostname for this machine:"
+    read hostname
+
+    # Validate hostname to ensure it's not empty, contains only alphanumeric characters, and is less than 64 characters
+    while [[ -z $hostname || ! $hostname =~ ^[a-zA-Z0-9]+$ || ${#hostname} -gt 64 ]]; do
+        echo "Invalid hostname. Please enter a valid hostname:"
+        read hostname
+    done
+
+    # Set the hostname by dumping it into $HOME/.hostname
+    touch $HOME/.hostname
+    echo $hostname > $HOME/.hostname
+}
+
+prepare_hostname
+ensure_nixos
+install_home_manager
+setup_symlinks
 
 # Rebuild NixOS
 sudo nixos-rebuild switch
@@ -39,6 +66,8 @@ sudo nixos-rebuild switch
 # Rebuild Home Manager
 cd $HOME/dotfiles/config/home-manager && NIXPKGS_ALLOW_UNFREE=1 home-manager switch
 
+touch $HOME/.dotfiles-setup
+
 echo "##############################################################"
 echo "#                                                            #"
 echo "# !!!    LOGOUT & LOGIN OR RESTART BEFORE YOU CONTINUE   !!! #"