From b9d4c49d43a7404e5c6c2c5be1c058e56ade69b7 Mon Sep 17 00:00:00 2001
From: xeovalyte <me+gitea@xeovalyte.dev>
Date: Thu, 24 Apr 2025 16:10:39 +0200
Subject: [PATCH] Added two new hosts

---
 hosts/th-ctr-vrt01/default.nix       | 80 ++++++++++++++++++++++++++++
 hosts/th-ctr-vrt01/home.nix          | 46 ++++++++++++++++
 hosts/th-hpr-srv01/default.nix       | 80 ++++++++++++++++++++++++++++
 hosts/th-hpr-srv01/home.nix          | 46 ++++++++++++++++
 modules/system/hardware/firewall.nix |  6 +--
 5 files changed, 254 insertions(+), 4 deletions(-)
 create mode 100644 hosts/th-ctr-vrt01/default.nix
 create mode 100644 hosts/th-ctr-vrt01/home.nix
 create mode 100644 hosts/th-hpr-srv01/default.nix
 create mode 100644 hosts/th-hpr-srv01/home.nix

diff --git a/hosts/th-ctr-vrt01/default.nix b/hosts/th-ctr-vrt01/default.nix
new file mode 100644
index 0000000..0273583
--- /dev/null
+++ b/hosts/th-ctr-vrt01/default.nix
@@ -0,0 +1,80 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    # Import hardware configuration
+    ./hardware-configuration.nix
+
+    # Import modules
+    ../../modules/system/default.nix
+  ];
+
+  settings = {
+    # display-manager = "cosmic-greeter";
+    desktop-environments = {
+      cosmic.enable = false;
+      hyprland.enable = false;
+      gnome.enable = false;
+    };
+    applications = {
+      common.enable = true;
+      steam.enable = false;
+      thunar.enable = false;
+    };
+    services = {
+      docker.enable = false;
+      quickemu.enable = false;
+      sunshine.enable = false;
+      garbage-collection.enable = true;
+      incus.enable = false;
+    };
+    hardware = {
+      fprint.enable = false;
+      printing.enable = false;
+      bluetooth.enable = false;
+      firewall.enable = true;
+      locale.enable = true;
+      nvidia.enable = false;
+    };
+  };
+
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cosmic.cachix.org/"
+    ];
+
+    trusted-public-keys = [
+      "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
+    ];
+  };
+
+  # Bootloader.
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    device = "nodev";
+    configurationLimit = 32;
+  };
+
+  networking.hostName = "th-hpr-srv01"; # Define your hostname.
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 53 ];
+    allowedUDPPorts = [ 80 443 53 ];
+  };
+
+  users.users.timo = {
+    isNormalUser = true;
+    description = "Timo Boomers";
+    extraGroups = [ "networkmanager" "wheel" "dialout" ];
+  };
+
+  nix.settings.trusted-users = [ "root" "timo" ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/th-ctr-vrt01/home.nix b/hosts/th-ctr-vrt01/home.nix
new file mode 100644
index 0000000..8ac63ea
--- /dev/null
+++ b/hosts/th-ctr-vrt01/home.nix
@@ -0,0 +1,46 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    # Modules
+    ../../modules/home/default.nix
+  ];
+
+  config = {
+    home = {
+      username = "timo";
+      homeDirectory = "/home/timo";
+    };
+
+    settings = {
+      applications.common.enable = false;
+      applications.alacritty.enable = false;
+      applications.devenv.enable = false;
+      applications.firefox.enable = false;
+      applications.git.enable = false;
+      applications.helix.enable = false;
+      applications.zsh.enable = true;
+      applications.ssh.enable = true;
+      applications.thunderbird.enable = false;
+      applications.yazi.enable = true;
+      applications.zellij.enable = false;
+
+      services.nextcloud-sync.enable = false;
+
+      theming.fonts.enable = false;
+      theming.stylix.enable = false;
+      theming.stylix.wallpaper = "wallpaper-2.png";
+      theming.stylix.theme = "da-one-ocean";
+
+      desktop-environments.hyprland.enable = false;
+    };
+
+    home.packages = with pkgs; [
+    ];
+
+    # Enable home-manager
+    programs.home-manager.enable = true;
+
+    home.stateVersion = "24.05";
+  };
+}
diff --git a/hosts/th-hpr-srv01/default.nix b/hosts/th-hpr-srv01/default.nix
new file mode 100644
index 0000000..1f3813e
--- /dev/null
+++ b/hosts/th-hpr-srv01/default.nix
@@ -0,0 +1,80 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    # Import hardware configuration
+    ./hardware-configuration.nix
+
+    # Import modules
+    ../../modules/system/default.nix
+  ];
+
+  settings = {
+    # display-manager = "cosmic-greeter";
+    desktop-environments = {
+      cosmic.enable = false;
+      hyprland.enable = false;
+      gnome.enable = false;
+    };
+    applications = {
+      common.enable = true;
+      steam.enable = false;
+      thunar.enable = false;
+    };
+    services = {
+      docker.enable = false;
+      quickemu.enable = true;
+      sunshine.enable = false;
+      garbage-collection.enable = true;
+      incus.enable = true;
+    };
+    hardware = {
+      fprint.enable = false;
+      printing.enable = false;
+      bluetooth.enable = false;
+      firewall.enable = true;
+      locale.enable = true;
+      nvidia.enable = false;
+    };
+  };
+
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cosmic.cachix.org/"
+    ];
+
+    trusted-public-keys = [
+      "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
+    ];
+  };
+
+  # Bootloader.
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    device = "nodev";
+    configurationLimit = 32;
+  };
+
+  networking.hostName = "th-hpr-srv01"; # Define your hostname.
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 53 ];
+    allowedUDPPorts = [ 80 443 53 ];
+  };
+
+  users.users.timo = {
+    isNormalUser = true;
+    description = "Timo Boomers";
+    extraGroups = [ "networkmanager" "wheel" "dialout" ];
+  };
+
+  nix.settings.trusted-users = [ "root" "timo" ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/th-hpr-srv01/home.nix b/hosts/th-hpr-srv01/home.nix
new file mode 100644
index 0000000..8ac63ea
--- /dev/null
+++ b/hosts/th-hpr-srv01/home.nix
@@ -0,0 +1,46 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    # Modules
+    ../../modules/home/default.nix
+  ];
+
+  config = {
+    home = {
+      username = "timo";
+      homeDirectory = "/home/timo";
+    };
+
+    settings = {
+      applications.common.enable = false;
+      applications.alacritty.enable = false;
+      applications.devenv.enable = false;
+      applications.firefox.enable = false;
+      applications.git.enable = false;
+      applications.helix.enable = false;
+      applications.zsh.enable = true;
+      applications.ssh.enable = true;
+      applications.thunderbird.enable = false;
+      applications.yazi.enable = true;
+      applications.zellij.enable = false;
+
+      services.nextcloud-sync.enable = false;
+
+      theming.fonts.enable = false;
+      theming.stylix.enable = false;
+      theming.stylix.wallpaper = "wallpaper-2.png";
+      theming.stylix.theme = "da-one-ocean";
+
+      desktop-environments.hyprland.enable = false;
+    };
+
+    home.packages = with pkgs; [
+    ];
+
+    # Enable home-manager
+    programs.home-manager.enable = true;
+
+    home.stateVersion = "24.05";
+  };
+}
diff --git a/modules/system/hardware/firewall.nix b/modules/system/hardware/firewall.nix
index 83c1d32..111b42c 100644
--- a/modules/system/hardware/firewall.nix
+++ b/modules/system/hardware/firewall.nix
@@ -1,7 +1,5 @@
 { config, lib, ... }:
 
-with lib;
-
 let
   cfg = config.settings.hardware.firewall;
 in {
@@ -14,9 +12,9 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = {
     networking.firewall = {
-      enable = true;
+      enable = cfg.enable;
       allowedTCPPorts = [ ];
       allowedUDPPorts = [ ];
     };