11 changed files with 123 additions and 325 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9dc9eeb64946668460dcabb1916bdd5f655e2cbe
+Subproject commit 0ef5669a6560b19dce05cfb1c10382aa59b313f0
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715381426,
-        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
+        "lastModified": 1712386041,
+        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
+        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
        "type": "github"
      },
      "original": {
@ -21,28 +21,13 @@
        "type": "github"
      }
    },
-    "nixos-hardware": {
-      "locked": {
-        "lastModified": 1716034089,
-        "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1715948915,
-        "narHash": "sha256-dxMrggEogQuJQr6f02VAFtsSNtjEPkgxczeiyW7WOQc=",
+        "lastModified": 1713013257,
+        "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "bacb8503d3a51d9e9b52e52a1ba45e2c380ad07d",
+        "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
        "type": "github"
      },
      "original": {
@ -55,7 +40,6 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
-        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@ -3,14 +3,13 @@

  inputs = {
    nixpkgs.url = github:nixos/nixpkgs/nixos-23.11;
-    nixos-hardware.url = github:NixOS/nixos-hardware;
    home-manager = {
      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

-  outputs = { self, nixpkgs, home-manager, nixos-hardware }: 
+  outputs = { self, nixpkgs, home-manager }: 
  let
    system = "x86_64-linux";
    pkgs = import nixpkgs {
@ -73,27 +72,6 @@
          }
        ];
      };
-
-      pinix = lib.nixosSystem {
-        system = "aarch64-linux";
-        pkgs = import nixpkgs {
-          system = "aarch64-linux";
-          config.allowUnfree = true;
-        };
-        modules = [ 
-          ./hosts/pinix/configuration.nix 
-          nixos-hardware.nixosModules.raspberry-pi-4
-          home-manager.nixosModules.home-manager {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.dm = {
-              imports = [ 
-                  ./hosts/home-common.nix 
-              ];
-            };
-          }
-        ];
-      };
    };
  };
 }
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -1,6 +1,10 @@
 { config, pkgs, ... }:

 {
+    # Bootloader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
    time.timeZone = "Europe/Berlin";
    i18n.defaultLocale = "en_US.UTF-8";
    i18n.extraLocaleSettings = {
@ -34,7 +38,7 @@
        ];
    };

-    networking.wireguard.enable = true;
+    networking.networkmanager.enable = true;

    programs.neovim = {
        enable = true;
--- a/hosts/dmeiburg/configuration.nix
+++ b/hosts/dmeiburg/configuration.nix
@ -5,9 +5,6 @@
 { config, pkgs, ... }:

 {
-    # Bootloader.
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
    imports =
        [ # Include the results of the hardware scan.
        ./hardware-configuration.nix
@ -17,30 +14,6 @@
    networking.hostName = "dmeiburg"; # Define your hostname.
    networking.firewall.trustedInterfaces = [ "docker0" ];
    networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-    networking.firewall.allowedUDPPorts = [ 51820 ];
-    networking.nat.enable = true;
-    networking.nat.externalInterface = "enp3s0";
-    networking.nat.internalInterfaces = [ "wg0" ];
-
-    networking.wireguard.interfaces = {
-        wg0 = {
-            ips = [ "10.100.0.1/24" ];
-            listenPort = 51820;
-
-            privateKeyFile = "/home/dm/.wireguard/dmeiburg";
-
-            peers = [
-            { # p14s 
-                publicKey = "BTIuA08t8lwPZa418EJ7vcni3MxC8ihhadem6uicnAA=";
-                allowedIPs = [ "10.100.0.2/32" ];
-            }
-            { # pinix
-                publicKey = "Zhnl8OJXjCk4zmuTg6xFnWPyf3Asnkhk/yW09s6yJCc=";
-                allowedIPs = [ "10.100.0.3/32" ];
-            }
-            ];
-        };
-    };

    environment.systemPackages = with pkgs; [
        gnupg
@ -57,4 +30,5 @@
    };

    system.stateVersion = "23.11"; # Did you read the comment?
+
 }
--- a/hosts/home-workstations.nix
+++ b/hosts/home-workstations.nix
@ -1,7 +1,8 @@
-{ config, pkgs, ...}: 
-{ home.packages = with pkgs; [ 
+{ pkgs, ...}:
+
+{
+    home.packages = with pkgs; [ 
        calc
-    clang-tools
        conda
        dig
        ffmpeg
@ -21,7 +22,6 @@
        megatools
        mpv
        networkmanagerapplet
-    nodejs # copilot requirement
        obsidian
        openconnect
        owncloud-client
@ -31,7 +31,6 @@
        polkit_gnome
        pulseaudio
        pynitrokey
-    rpi-imager
        sshfs
        swaybg
        thunderbird
@ -44,38 +43,27 @@
        xdg-utils
        zathura
        ];
-
-
    home.file = {
-    ".config/nvim" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/nvim";
+        ".config/" = {
+            source = ../dotfiles/.config;
+            recursive = true;
        };
-    ".config/kitty" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/kitty";
-    };
-    ".config/waybar" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/waybar";
-    };
-    ".config/git" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/git";
-    };
-    ".config/kanshi" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/kanshi";
-    };
-    ".config/fish" = {
-       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/fish";
    };
+    home.file = {
        ".xkb/" = {
-        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.xkb";
+            source = ../dotfiles/.xkb;
+            recursive = true;
        };
+    };
+    home.file = {
        ".profile" = {
-        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.profile";
+            source = ../dotfiles/.profile;
+            recursive = true;
        };
+    };
+    home.file = {
        ".tmux.conf" = {
-        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.tmux.conf";
-    };
-    ".config/sway" = {
-        source = ../dotfiles/.config/sway;
+            source = ../dotfiles/.tmux.conf;
            recursive = true;
        };
    };
--- a/hosts/p14s/configuration.nix
+++ b/hosts/p14s/configuration.nix
@ -1,10 +1,6 @@
 { config, pkgs, ... }:

 {
-    # Bootloader.
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
    imports =
        [ # Include the results of the hardware scan.
            ./hardware-configuration.nix
@ -18,30 +14,6 @@
    programs.light.enable = true;
    services.tlp.enable = true;

-    networking.firewall = {
-    allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
-  };
-  # Enable WireGuard
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.3/24" ];
-      listenPort = 51820; 
-      privateKeyFile = "/home/dm/.wireguard/p14s";
-
-      peers = [
-        { # dmeiburg
-          publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY=";
-
-          allowedIPs = [ "10.100.0.0/24"];
-
-          endpoint = "152.53.0.23:51820"; 
-
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
    system.stateVersion = "23.05"; # Did you read the comment?

 }
--- a/hosts/pinix/configuration.nix
+++ b/hosts/pinix/configuration.nix
@ -1,69 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-    ../common.nix
-    ./hardware-configuration.nix
-    ];
-
-  hardware = {
-      raspberry-pi."4".apply-overlays-dtmerge.enable = true;
-      deviceTree = {
-          enable = true;
-          filter = "*rpi-4-*.dtb";
-          overlays = [
-            {
-              name = "w1-gpio";
-              dtboFile = ./w1-gpio.dtbo;
-            }
-          ];
-      };
-  };
-  boot.kernelModules = [ "pwm_bcm2835" "w1-gpio" ];
-#hardware = {
-#    raspberry-pi."4".apply-overlays-dtmerge.enable = true;
-#    deviceTree = {
-#      enable = true;
-#      filter = "*rpi-4-*.dtb";
-#    };
-#  };
-  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
-  boot.loader.grub.enable = false;
-  # Enables the generation of /boot/extlinux/extlinux.conf
-  boot.loader.generic-extlinux-compatible.enable = true;
-  networking.hostName = "pinix"; 
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
-  };
-
-  networking.networkmanager.enable = true;
-
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.3/24" ];
-      listenPort = 51820; 
-      privateKeyFile = "/home/dm/.wireguard/pinix";
-
-      peers = [
-        { # dmeiburg
-          publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY=";
-
-          allowedIPs = [ "10.100.0.0/24"];
-
-          endpoint = "152.53.0.23:51820"; 
-
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-    environment.systemPackages = with pkgs; [
-        libraspberrypi
-        raspberrypi-eeprom
-    ];
-  system.stateVersion = "24.05"; # Did you read the comment?
-
-}
-
--- a/hosts/pinix/hardware-configuration.nix
+++ b/hosts/pinix/hardware-configuration.nix
@ -1,32 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}
--- a/hosts/pinix/w1-gpio.dtbo
+++ b/hosts/pinix/w1-gpio.dtbo
--- a/hosts/workstation.nix
+++ b/hosts/workstation.nix
@ -38,7 +38,6 @@
    };

    security.pam.services.swaylock = {};
-    networking.networkmanager.enable = true;

    # enable nitrokeys
    services.udev.packages = [ pkgs.nitrokey-udev-rules ];