refactor

host/roam/modules/networking.nix

@@ -16,13 +16,10 @@
       address = "fe80::1";
       interface = "ens3";
     };
+  };
 
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        80
-        443
-      ];
-    };
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
   };
 }

host/roam/modules/services.nix

@@ -0,0 +1,47 @@
+{ config, ... }:
+let
+  headscale-domain = "headscale.hdohmen.de";
+in
+{
+  services = {
+    # TODO: maybe just use wireguard...
+    /*
+      headscale = {
+        enable = true;
+        address = "127.0.0.1";
+        port = 8080;
+        settings = {
+          server_url = "https://${headscale-domain}";
+          prefixes.v4 = "100.10.11.0/24";
+          prefixes.v6 = "fd7a:115c:1011::/48";
+          dns = {
+            magic_dns = true;
+            base_domain = "net.hdohmen.de";
+          };
+        };
+      };
+    */
+
+    nginx = {
+      enable = true;
+      /*
+        virtualHosts.${headscale-domain} = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+            proxyWebsockets = true;
+          };
+        };
+      */
+    };
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}

host/roam/modules/wireguard.nix

@@ -0,0 +1,25 @@
+{ ... }:
+let
+  wireguard-port = 51820;
+  wireguard-subnet = "100.10.11.0/24";
+in
+{
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "ens3";
+      internalInterfaces = [ "wg0" ];
+    };
+
+    firewall.allowedUDPPorts = [ wireguard-port ];
+
+    wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        ips = [ wireguard-subnet ];
+        listenPort = wireguard-port;
+        privateKeyFile = "/var/secrets/wg0.key";
+      };
+    };
+  };
+}

host/roam/services/services.nix

@@ -1,40 +0,0 @@
-{ config, ... }:
-let
-  headscale-domain = "headscale.hdohmen.de";
-in
-{
-  services = {
-    # TODO: maybe just use wireguard...
-    headscale = {
-      enable = true;
-      address = "127.0.0.1";
-      port = 8080;
-      settings = {
-        server_url = "https://${headscale-domain}";
-        prefixes.v4 = "100.10.11.0/24";
-        prefixes.v6 = "fd7a:115c:1011::/48";
-        dns = {
-          magic_dns = true;
-          base_domain = "net.hdohmen.de";
-        };
-      };
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts.${headscale-domain} = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
-          proxyWebsockets = true;
-        };
-      };
-    };
-
-    openssh = {
-      enable = true;
-      settings.PasswordAuthentication = false;
-    };
-  };
-}

host/solo/default.nix

@@ -1,12 +1,8 @@
-{ mod, ... }:
+{ lib', ... }:
 {
   networking.hostName = "solo";
 
-  imports = with mod; [
-    software.keyboard
-    nvidia-gpu
-    ./hardware-configuration.nix
-  ];
+  imports = lib'.import-recursive ./.;
 
   powerManagement = {
     enable = true;

host/solo/keyboard.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  # hardware.keyboard.qmk.enable = true;
+  environment.systemPackages = with pkgs; [ vial ];
+  services.udev.packages = with pkgs; [ vial ];
+}

host/solo/nvidia-gpu.nix

@@ -0,0 +1,27 @@
+{ config, ... }:
+{
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+
+    modesetting.enable = true;
+    nvidiaSettings = true;
+
+    open = false;
+    powerManagement = {
+      enable = true;
+      finegrained = false;
+    };
+  };
+
+  boot.kernelParams = [
+    "nvidia-drm.fbdev=1"
+    "nvidia-drm.modeset=1"
+  ];
+}