diff --git a/hosts/darwin/home-default.nix b/hosts/darwin/home-default.nix index 44732a8..c36540f 100644 --- a/hosts/darwin/home-default.nix +++ b/hosts/darwin/home-default.nix @@ -51,6 +51,11 @@ preview = "open -a Preview"; slide = "open -a SlidePilot"; inkscape = "open -a Inkscape"; + + # Network monitoring aliases + bw = "sudo bandwhich"; + bw-raw = "sudo bandwhich --raw"; + bw-dns = "sudo bandwhich --show-dns"; }; @@ -157,6 +162,7 @@ netcat-gnu # Network connection utility curl # HTTP client wget # Web downloader + bandwhich # Terminal bandwidth utilization tool # Command-line utilities ncdu diff --git a/hosts/nixos/home-default.nix b/hosts/nixos/home-default.nix index 47f4618..4d05aa2 100644 --- a/hosts/nixos/home-default.nix +++ b/hosts/nixos/home-default.nix @@ -26,6 +26,11 @@ # nixOS-specific alias programs.zsh.shellAliases = { oss = "sudo nixos-rebuild switch --flake ~/.config/nix#$(hostname)"; + + # Network monitoring aliases (no sudo needed - NixOS module handles permissions) + bw = "bandwhich"; + bw-raw = "bandwhich --raw"; + bw-dns = "bandwhich --show-dns"; }; home.packages = with pkgs; [ diff --git a/hosts/nixos/hs/system.nix b/hosts/nixos/hs/system.nix index b004932..fd41700 100644 --- a/hosts/nixos/hs/system.nix +++ b/hosts/nixos/hs/system.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ./containers.nix # Host-specific container definitions ./proxy.nix # Host-specific Traefik dynamic configuration + ../system-default.nix # Common NixOS system configuration ../../../modules/wireguard.nix ../../../modules/podman.nix ../../../modules/traefik.nix @@ -78,20 +79,11 @@ firewall = { enable = false; }; }; - # Set your time zone - time.timeZone = "Europe/Copenhagen"; # Adjust to your timezone - # Select internationalisation properties - i18n.defaultLocale = "en_US.UTF-8"; - - # Enable the OpenSSH daemon + # Host-specific SSH configuration services.openssh = { - enable = true; settings = { - PermitRootLogin = "yes"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - AcceptEnv = "LANG LC_* TERM COLORTERM TMUX TMUX_PANE"; + PermitRootLogin = "yes"; # Allow root login for this server }; openFirewall = true; }; @@ -109,20 +101,15 @@ ]; }; - # Optional: Create a regular user account + # Host-specific user configuration users.users.yanlin = { - isNormalUser = true; - description = "yanlin"; extraGroups = [ "networkmanager" "wheel" ]; - shell = pkgs.zsh; hashedPassword = "$6$8NUV0JK33hs3XBYe$osnYKzENDLYHQEpj8Z5F6ECpLdc8Y3RZcVGxQ0bc/6DepTwugAkfX8h6ItI01dJyk8RstiGsWVVCKGwXaL.sN."; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG35m0DgTrEOAM+1wAlYZ8mvLelNTcx65cFccGPQcxmo yanlin@imac" ]; }; - # Enable sudo for wheel group - security.sudo.wheelNeedsPassword = false; # Container auto-updater configuration services.containerUpdater = { @@ -134,23 +121,10 @@ gotifyToken = "Ac9qKFH5cA.7Yly"; # Same token as borg backups }; - # List packages installed in system profile + # Host-specific packages environment.systemPackages = with pkgs; [ - vim - git - htop - curl - wget - rsync - tmux - tree - lsof - tcpdump - iotop smartmontools # For monitoring disk health zfs # ZFS utilities - zsh # Shell - home-manager # Enable standalone home-manager command mergerfs # Union filesystem for combining multiple drives snapraid # Parity-based backup tool ]; @@ -224,14 +198,6 @@ }; - # Allow unfree packages globally - nixpkgs.config.allowUnfree = true; - - # Enable zsh system-wide (required when set as user shell) - programs.zsh.enable = true; - - # Enable experimental nix features - nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Samba file sharing configuration services.samba-custom = { enable = false; }; @@ -327,9 +293,4 @@ }; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/nixos/system-default.nix b/hosts/nixos/system-default.nix new file mode 100644 index 0000000..ee9d6ac --- /dev/null +++ b/hosts/nixos/system-default.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: + +{ + # Common NixOS system configuration shared across all hosts + + # Time zone and localization + time.timeZone = "Europe/Copenhagen"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable zsh system-wide (required when set as user shell) + programs.zsh.enable = true; + + # Enable bandwhich network monitoring tool + programs.bandwhich.enable = true; + + # Enable experimental nix features + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Allow unfree packages globally + nixpkgs.config.allowUnfree = true; + + # Basic SSH configuration + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + AcceptEnv = "LANG LC_* TERM COLORTERM TMUX TMUX_PANE"; + }; + }; + + # Common user configuration + users.users.yanlin = { + isNormalUser = true; + description = "yanlin"; + shell = pkgs.zsh; + }; + + # Enable sudo for wheel group without password + security.sudo.wheelNeedsPassword = false; + + # Common system packages + environment.systemPackages = with pkgs; [ + # Essential command-line tools + vim + git + htop + curl + wget + rsync + tmux + tree + lsof + tcpdump + iotop + + # Shell and system management + zsh + home-manager + ]; + + # Default system state version + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/hosts/nixos/thinkpad/system.nix b/hosts/nixos/thinkpad/system.nix index d755be4..ddce155 100644 --- a/hosts/nixos/thinkpad/system.nix +++ b/hosts/nixos/thinkpad/system.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix + ../system-default.nix # Common NixOS system configuration ../../../modules/wireguard.nix ../../../modules/borg-server.nix ../../../modules/smart-report.nix @@ -100,9 +101,6 @@ firewall.enable = false; }; - # Time zone and localization - time.timeZone = "Europe/Copenhagen"; - i18n.defaultLocale = "en_US.UTF-8"; # Sound configuration with PipeWire (better than PulseAudio) services.pulseaudio.enable = false; @@ -234,52 +232,33 @@ # Enable CUPS for printing services.printing.enable = true; - # SSH service + # Host-specific SSH configuration services.openssh = { - enable = true; settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; # Disable root login for laptop }; }; - # User account + # Host-specific user configuration users.users.yanlin = { - isNormalUser = true; - description = "yanlin"; extraGroups = [ "networkmanager" "wheel" "video" "audio" "input" ]; - shell = pkgs.zsh; hashedPassword = "$6$kSyaRzAtj8VPcNeX$NsEP6zQAfp6O8YWcolfPRKnhIcJlKu5luZgWqozJAHtbE/gv90KoOOKU7Dt.FnbPB0Ej26jXoBH4X.7y/OLGB1"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICp2goZiuSfwMA02GsHhYzUZHrQPPBgP5sWSNP9kQR3e yanlin@imac" ]; }; - # Enable sudo for wheel group - security.sudo.wheelNeedsPassword = false; # Enable KDE Wallet auto-unlock via PAM security.pam.services.sddm.enableKwallet = true; - # System packages + # Host-specific packages environment.systemPackages = with pkgs; [ - # Essential tools - vim - git - wget - curl - htop + # Additional system monitoring btop neofetch - tree unzip - # Development tools - tmux - zsh - home-manager - # KDE/Plasma utilities kdePackages.kate kdePackages.konsole @@ -308,14 +287,6 @@ smartmontools # Disk health monitoring (SMART) ]; - # Enable zsh - programs.zsh.enable = true; - - # Enable experimental features - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Allow unfree packages (needed for NVIDIA drivers and Obsidian) - nixpkgs.config.allowUnfree = true; # Laptop-specific services services.acpid.enable = true; @@ -380,8 +351,4 @@ }; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. - system.stateVersion = "24.05"; } diff --git a/hosts/nixos/vps/system.nix b/hosts/nixos/vps/system.nix index d864ad0..122036f 100644 --- a/hosts/nixos/vps/system.nix +++ b/hosts/nixos/vps/system.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ./containers.nix # Host-specific container definitions ./proxy.nix # Host-specific Traefik dynamic configuration + ../system-default.nix # Common NixOS system configuration ../../../modules/wireguard.nix ../../../modules/podman.nix ../../../modules/traefik.nix @@ -30,19 +31,11 @@ }; }; - # Set your time zone - time.timeZone = "Europe/Copenhagen"; - # Select internationalisation properties - i18n.defaultLocale = "en_US.UTF-8"; - - # Enable the OpenSSH daemon + # Host-specific SSH configuration services.openssh = { - enable = true; settings = { PermitRootLogin = "prohibit-password"; # Allow key-based root login for nixos-anywhere - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; }; }; @@ -53,45 +46,17 @@ ]; }; - # Regular user account + # Host-specific user configuration users.users.yanlin = { - isNormalUser = true; - description = "yanlin"; extraGroups = [ "wheel" ]; # Enable sudo - shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGVvviqbwBEGDIbAUnmgHQJi+N5Qfvo5u49biWl6R7oC yanlin@MacBook-Air" ]; }; - # Enable sudo for wheel group - security.sudo.wheelNeedsPassword = false; - # List packages installed in system profile - environment.systemPackages = with pkgs; [ - vim - git - htop - curl - wget - rsync - tmux - tree - lsof - tcpdump - iotop - zsh - home-manager - ]; + # No additional host-specific packages needed - # Enable zsh system-wide (required when set as user shell) - programs.zsh.enable = true; - - # Enable experimental nix features - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Allow unfree packages globally - nixpkgs.config.allowUnfree = true; # Borg backup configuration services.borgbackup-custom = { @@ -157,9 +122,4 @@ }; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - system.stateVersion = "24.05"; # Did you read the comment? }