chore: cleaned up configuration

feat: Added LAN config for kaist

configuration.nix

@@ -1,6 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
   config,
   pkgs,
@@ -20,6 +17,9 @@ in {
     ./modules/nvidia.nix
     ./modules/wireguard.nix
     ./modules/smb-mounts.nix
+    ./modules/networking.nix
+    ./modules/nix.nix
+    ./modules/xserver.nix
   ];
 
   # Use the systemd-boot EFI boot loader.
@@ -29,40 +29,8 @@ in {
   networking.hostName = "patricknix"; # Define your hostname.
   networking.hostId = "68438432";
 
-  networking.extraHosts = ''
-    10.0.0.1 paperless.lel.lol
-  '';
-
-  # Identities with which all secrets are encrypted
-  rekey.masterIdentityPaths = [./secrets/NIXOSc.key ./secrets/NIXOSa.key];
-
-  rekey.pubKey = ./keys + "/${config.networking.hostName}.pub";
-
-  networking.wireless.iwd.enable = true;
-  rekey.secrets.eduroam = {
-    file = ./secrets/iwd/eduroam.8021x.age;
-    path = "/etc/iwd/eduroam.8021x";
-  };
-  rekey.secrets.devoloog = {
-    file = ./secrets/iwd/devolo-og.psk.age;
-    path = "/etc/iwd/devolo-og.psk";
-  };
-
-  networking.useNetworkd = true;
-  networking.dhcpcd.enable = false;
-  # Should remain enabled since nscd from glibc is kinda ass
-  services.nscd.enableNsncd = true;
-  systemd.network.wait-online.anyInterface = true;
-  services.resolved = {
-    enable = true;
-  };
-
   # Set your time zone.
-  time.timeZone = "Europe/Berlin";
+  time.timeZone = "Asia/Seoul";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
   # Select internationalisation properties.
   i18n.defaultLocale = "C.UTF-8";
@@ -71,27 +39,10 @@ in {
     packages = with pkgs; [terminus_font];
     useXkbConfig = true; # use xkbOptions in tty.
   };
+  # Identities with which all secrets are encrypted
+  rekey.masterIdentityPaths = [./secrets/NIXOSc.key ./secrets/NIXOSa.key];
 
-  # Configure keymap in X11
+  rekey.pubKey = ./keys + "/${config.networking.hostName}.pub";
-  services.xserver = {
-    enable = true;
-    displayManager.startx.enable = true;
-    layout = "de";
-    xkbVariant = "bone";
-    autoRepeatDelay = 235;
-    autoRepeatInterval = 60;
-    videoDrivers = ["modesetting"];
-    libinput = {
-      enable = true;
-      mouse.accelProfile = "flat";
-      touchpad = {
-        accelProfile = "flat";
-        naturalScrolling = true;
-      };
-    };
-  };
-  services.autorandr.enable = true;
-  services.physlock.enable = true;
 
   hardware.opengl.enable = true;
 
@@ -178,11 +129,6 @@ in {
   services.pcscd.enable = true;
   services.fstrim.enable = true;
   hardware.cpu.intel.updateMicrocode = true;
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
 
   services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
 
@@ -191,47 +137,4 @@ in {
        export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
     umask 077
   '';
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # breaks flake based building
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
-
-  nix = {
-    settings = {
-      auto-optimise-store = true;
-      allowed-users = ["@wheel"];
-      trusted-users = ["root" "@wheel"];
-      system-features = ["recursive-nix"];
-      substituters = [
-        "https://nix-config.cachix.org"
-        "https://nix-community.cachix.org"
-      ];
-      trusted-public-keys = [
-        "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      ];
-      cores = 0;
-      max-jobs = "auto";
-    };
-    daemonCPUSchedPolicy = "batch";
-    daemonIOSchedPriority = 5;
-    distributedBuilds = true;
-    extraOptions = ''
-      builders-use-substitutes = true
-      experimental-features = nix-command flakes recursive-nix
-      flake-registry = /etc/nix/registry.json
-    '';
-    optimise.automatic = true;
-    gc.automatic = true;
-  };
 }

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676599101,
+        "lastModified": 1677247280,
-        "narHash": "sha256-CKS6UsOGhoNxGDBt9wyFiWHvtng/+BMAJ4G8ahhe1DE=",
+        "narHash": "sha256-sa+8MtoAOSLsWP9vf0qiJUyMovIEYgDzHE8TkoK04Hk=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "de657061b13cf329c57a1a9730a5049a971b40b3",
+        "rev": "833f87c8ff574a29aea3e091045cbaed3cf86bc1",
         "type": "github"
       },
       "original": {
@@ -103,11 +103,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1676367705,
+        "lastModified": 1677400245,
-        "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
+        "narHash": "sha256-+/oDZltWUhYFYcIRjH0F5lSNWcBj+4o5kzmDSheiLRw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
+        "rev": "693d76eeb84124cc3110793ff127aeab3832f95c",
         "type": "github"
       },
       "original": {
@@ -118,11 +118,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1676569297,
+        "lastModified": 1677342105,
-        "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
+        "narHash": "sha256-kv1fpkfCJGb0M+LZaCHFUuIS9kRIwyVgupHu86Y28nc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
+        "rev": "b1f87ca164a9684404c8829b851c3586c4d9f089",
         "type": "github"
       },
       "original": {
@@ -161,11 +161,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1676513100,
+        "lastModified": 1677160285,
-        "narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=",
+        "narHash": "sha256-tBzpCjMP+P3Y3nKLYvdBkXBg3KvTMo3gvi8tLQaqXVY=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798",
+        "rev": "2bd861ab81469428d9c823ef72c4bb08372dd2c4",
         "type": "github"
       },
       "original": {

modules/networking.nix

@@ -0,0 +1,34 @@
+{
+  networking.wireless.iwd.enable = true;
+  rekey.secrets.eduroam = {
+    file = ../secrets/iwd/eduroam.8021x.age;
+    path = "/etc/iwd/eduroam.8021x";
+  };
+  rekey.secrets.devoloog = {
+    file = ../secrets/iwd/devolo-og.psk.age;
+    path = "/etc/iwd/devolo-og.psk";
+  };
+
+  networking.useNetworkd = true;
+  networking.dhcpcd.enable = false;
+  # Should remain enabled since nscd from glibc is kinda ass
+  services.nscd.enableNsncd = true;
+  systemd.network.wait-online.anyInterface = true;
+  # Fuck korea.
+  # I need a static global IP address for my dorm LAN
+  # So to not dox myself this config file is hardcoded
+  rekey.secrets.enp0s20f0u2u4 = {
+    file = ../secrets/koreaIP.age;
+    path = "/etc/systemd/network/enp0s20f0u2u4.network";
+  };
+  services.resolved = {
+    enable = true;
+  };
+  # Add the VPN based route to my paperless instance to
+  # etc/hosts
+  networking.extraHosts = ''
+    10.0.0.1 paperless.lel.lol
+  '';
+
+  networking.firewall.enable = false;
+}

modules/nix.nix

@@ -0,0 +1,44 @@
+{
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      allowed-users = ["@wheel"];
+      trusted-users = ["root" "@wheel"];
+      system-features = ["recursive-nix"];
+      substituters = [
+        "https://nix-config.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      cores = 0;
+      max-jobs = "auto";
+    };
+    daemonCPUSchedPolicy = "batch";
+    daemonIOSchedPriority = 5;
+    distributedBuilds = true;
+    extraOptions = ''
+      builders-use-substitutes = true
+      experimental-features = nix-command flakes recursive-nix
+      flake-registry = /etc/nix/registry.json
+    '';
+    optimise.automatic = true;
+    gc.automatic = true;
+  };
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # breaks flake based building
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

modules/rekey.nix

@@ -6,31 +6,6 @@
   options,
   ...
 }: {
-  config = with lib; let
-    secretFiles = mapAttrsToList (_: x: x.file) config.rekey.secrets;
-    drv = import ./rekey-drv.nix pkgs config;
-  in
-    mkIf (config.rekey.secrets != {}) {
-      # export all secrets to agenix with rewritten path from rekey
-      age = {
-        secrets = let
-          secretPath = "${drv}/";
-          newPath = x: "${secretPath}/${x}.age";
-        in
-          mapAttrs (name: value: value // {file = newPath name;}) config.rekey.secrets;
-      };
-
-      # Warn if rekey has to been executed
-      # use the drvPath to prevent nix from building the derivation in this step
-      # drvPath is not outPath so this warning does not work
-      # to fix it you would need some kind of way to access the outPath without evaluating the derivation
-      #warnings = optional ( ! pathExists (removeSuffix ".drv" drv.drvPath)) ''
-      #  Path ${drv.drvPath}
-      #  Rekeyed secrets not available.
-      #  Maybe you forgot to run "nix run '.#rekey'" to rekey them?
-      #'';
-    };
-
   options = with lib; {
     rekey.secrets = options.age.secrets;
     rekey.pubKey = mkOption {
@@ -53,4 +28,16 @@
       '';
     };
   };
+
+  config = with lib; let
+    secretFiles = mapAttrsToList (_: x: x.file) config.rekey.secrets;
+    drv = import ./rekey-drv.nix pkgs config;
+  in
+    mkIf (config.rekey.secrets != {}) {
+      # export all secrets to agenix with rewritten path from rekey
+      age.secrets = let
+        newPath = x: "${drv}/${x}.age";
+      in
+        mapAttrs (name: value: value // {file = newPath name;}) config.rekey.secrets;
+    };
 }

modules/xserver.nix

@@ -0,0 +1,24 @@
+{
+  # Configure keymap in X11
+  services.xserver = {
+    enable = true;
+    displayManager.startx.enable = true;
+    layout = "de";
+    xkbVariant = "bone";
+    autoRepeatDelay = 235;
+    autoRepeatInterval = 60;
+    videoDrivers = ["modesetting"];
+    libinput = {
+      enable = true;
+      mouse.accelProfile = "flat";
+      touchpad = {
+        accelProfile = "flat";
+        accelSpeed = "0.5";
+        naturalScrolling = true;
+        disableWhileTyping = true;
+      };
+    };
+  };
+  services.autorandr.enable = true;
+  services.physlock.enable = true;
+}

secrets/koreaIP.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> X25519 3J4C1gErVk61rhDZ2V8wNRQhOz4gZQ+kUnF0w4bacTM
+e6YK/xDjXtTTJL5wSbZ+xzhuGodu2OJeTw3u4hJ2Oik
+-> piv-p256 XTQkUA A0GdsIHUCWBXggnSZj0XGHDQk3OsTH9WB7nNzhZJnwj/
+j5bCq50HjIqPp1jTsyX6WfEBNooyq8ovMkYEzrn33CQ
+-> piv-p256 ZFgiIw AkhhWD/yOroM1ttX1PNAi6Fss1Nqm7pJHB4micU5IfsI
+kTB28H46jvtCYF7u7PoN02kQof41ycuZbSQh6UWz57Y
+-> "\s0YT#-grease 3YP75@.
+aqpRxhJHTMQsvjgPW1bqZSD7YgOX9fw+VNUW+KURv6cV+gLYZeoecFruJXchA60E
+9efPuI8vUfNxmYzPQChsqxqDdzwc5wg0u+ZrwSaz
+--- M/B7EHfz8B63cqQ/zQwO64Pqo5ewYx2nqBoLZdtuGbY
+Þ$M:×-u/ö6<C3B6>[P°Ðµ”ˆâ<CB86>ЉX<E280B0><58>HÄ&Í¢ÀšœÌ<C593>w¬/^~*×èQ¶Þ¾’¡ß-þ<>ÎÍv`8<t$©,”%
+°;ï‚;†
+Œ•íª—öƒÕ÷×yÿÙÍ