add options to allow backing up to specific machine

backup-target.nix

@@ -5,23 +5,11 @@
   users.users.backup = {
     isNormalUser = true;
     openssh.authorizedKeys.keys = [
-    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD''
-    #''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
+    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup/",restrict sh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
     ];
 
     packages = [
       pkgs.rsync
-      pkgs.rrsync
     ];
   };
-
-  fileSystems."/mnt/backup" =
-    { 
-      #depends = [ "/" ];
-      device = "BACKUP/backup";
-      fsType = "zfs";
-      options = [ "nofail" ];
-    };
-
-  networking.firewall.allowedTCPPorts = [ 22 ]; 
 }

configuration.nix

@@ -21,6 +21,26 @@
   };
   # leftover from the original config
   boot.loader.efi.canTouchEfiVariables = true;
+  
+  # mount network shares
+  fileSystems."/mnt/nas/private" = {
+    device = "dashboard.omv:/ShatteredMINT";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+  fileSystems."/mnt/nas/shared" = {
+    device = "dashboard.omv:/default-nas";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+
+  networking.hostName = "nix-desk"; # Define your hostname.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+  # required for ZFS
+  networking.hostId = "00000001";
+
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
@@ -48,12 +68,11 @@
 
   fonts = {
     packages = with pkgs; [
-      # nerdfonts
+      nerdfonts
 
       # TODO after 25.05
       # change to only install explicit fonts
-      nerd-fonts.jetbrains-mono
-      # does not exist
+      # nerd-fonts.jetbrains-mono
       # nerd-fonts.jetbrains
     ];
 
@@ -75,7 +94,10 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
-    # List packages installed in system profile. To search, run:
+  # enable flatpak
+  services.flatpak.enable = true;
+
+  # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
     neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
@@ -83,6 +105,10 @@
     htop
     ];
 
+  # allow specific users to affect system configuration
+  users.groups.nixos-admins = {};
+  users.users.root.extraGroups = [ "nixos-admins" ];
+
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
@@ -94,18 +120,7 @@
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-    settings = {
-      PasswordAuthentication = true;
-      KbdInteractiveAuthentication = false;
-      # AllowUsers = [ "backup" ];
-      # UseDns = true;
-      X11Forwarding = false;
-      PermitRootLogin = "no";
-    };
-  };
+  # services.openssh.enable = true;
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];

devices/conv.nix

@@ -1,70 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "NIX_CONV_POOL/root";
-      fsType = "zfs";
-    };
-
-  fileSystems."/nix" =
-    { device = "NIX_CONV_POOL/nix";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var" =
-    { device = "NIX_CONV_POOL/var";
-      fsType = "zfs";
-    };
-
-  fileSystems."/home" =
-    { device = "NIX_CONV_POOL/home";
-      fsType = "zfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/334B-15CD";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
-    ];
-
-  networking.hostName = "nix-conv"; # Define your hostname.
-  networking.hostId = "00000002";
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  # BLUETOOTH
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-
-    settings.General.Experimental = true;
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

devices/nas.nix

@@ -1,61 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [  ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "NIX_CONV_POOL/root";
-      fsType = "zfs";
-    };
-
-  fileSystems."/nix" =
-    { device = "NIX_CONV_POOL/nix";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var" =
-    { device = "NIX_CONV_POOL/var";
-      fsType = "zfs";
-    };
-
-  fileSystems."/home" =
-    { device = "NIX_CONV_POOL/home";
-      fsType = "zfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/334B-15CD";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  #swapDevices =
-  #  [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
-  #  ];
-
-  networking.hostName = "nix-nas"; # Define your hostname.
-  networking.hostId = "00000003";
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

flake.lock

@@ -7,31 +7,32 @@
         ]
       },
       "locked": {
-        "lastModified": 1759573136,
-        "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
+        "lastModified": 1733572789,
+        "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
+        "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1759381078,
-        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
+        "lastModified": 1733808091,
+        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
         "owner": "NixOs",
         "repo": "nixpkgs",
-        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
+        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
         "type": "github"
       },
       "original": {
         "owner": "NixOs",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,9 +2,9 @@
   description = "Flake to handle all my infrastructure";
 
   inputs = {
-    nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.11";
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-24.11";
 
       # follow defined nixpkgs to prevent version mismatch
       inputs.nixpkgs.follows = "nixpkgs";
@@ -18,48 +18,17 @@
     nixosConfigurations = {
       nix-desk = lib.nixosSystem {
         system = "x86_64-linux";
-	    specialArgs = inputs;
-	    modules = [
-          ./devices/desk.nix
-	      ./hardware/nvidia.nix
+	specialArgs = inputs;
+	modules = [
+      ./hardware/desk.nix
 
-	      ./configuration.nix 
-	      ./plasma.nix
-          ./network-shares.nix
+	  ./configuration.nix 
+	  ./nvidia.nix
+	  ./plasma.nix
 
-          ./backup-target.nix
-
-	      ./users/shatteredmint.nix
-          ./qemu-bridges.nix
+	  ./users/shatteredmint.nix
 	];
       };
-
-      nix-conv = lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = inputs;
-
-        modules = [
-          ./devices/conv.nix
-
-          ./configuration.nix
-
-          ./plasma.nix
-          ./users/shatteredmint.nix
-          ./network-shares.nix
-        ];
-      };
-      nix-nas = lib.nixosSystem {
-        system = "aarch64-linux";
-        specialArgs = inputs;
-
-        modules = [
-          ./devices/nas.nix
-          
-          ./configuration.nix
-
-          ./users/shatteredmint.nix
-        ];
-      };
     };
   };
 }

hardware/desk.nix

@@ -11,7 +11,7 @@
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "sg" ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
@@ -48,14 +48,9 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
-  networking.hostName = "nix-desk"; # Define your hostname.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-  # required for ZFS
-  networking.hostId = "00000001";
 }

network-shares.nix

@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{ 
-  # mount network shares
-  fileSystems."/mnt/nas/private" = {
-    device = "dashboard.omv:/ShatteredMINT";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-
-  };
-  fileSystems."/mnt/nas/shared" = {
-    device = "dashboard.omv:/default-nas";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-
-  };
-}

nvidia.nix

@@ -19,6 +19,6 @@
     nvidiaSettings = true;
 
     # set specific version
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
   };
 }

plasma.nix

@@ -12,8 +12,7 @@
     pkgs.kdePackages.elisa
   ];
 
-  # enable flatpak
-  services.flatpak.enable = true;
+
 
   # Enable sound.
   services.pipewire = {

qemu-bridges.nix

@@ -1,18 +0,0 @@
-{ config, libs, pkgs, ... }:
-{
-    networking.bridges.virtbr0.interfaces = [
-        "enp4s0"
-    ];
-
-    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-
-    networking.interfaces.virtbr0 = {
-        useDHCP = true;
-    };
-
-    virtualisation.libvirtd = { 
-        enable = true;
-        allowedBridges = [ "virtbr0" ];
-        
-    };
-}

users/shatteredmint.nix

@@ -6,11 +6,8 @@
 
   users.users.shatteredmint = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "nixos-admins" "cdrom" ];
+    extraGroups = [ "wheel" "nixos-admins" ];
     shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT9u43WNMlu3gnu5z9Twt1vkdNdpf6REfEK/OT4qxjK shatteredmint"
-    ];
   };
 
   
@@ -33,7 +30,7 @@
         ignoreAllDups = true;
       };
 
-      initContent = ''
+      initExtra = ''
         bindkey '^?' backward-delete-char
         bindkey '\e[3~' delete-char
         autoload -Uz vcs_info
@@ -51,30 +48,20 @@
       userName = "ShatteredMINT";
       extraConfig = {
         init.defaultBranch = "main";
-        pull.rebase = true;
       };
     };
 
-    programs.neovim = {
-      enable = true;
-      extraPackages = with pkgs; [
-        wl-clipboard
-      ];
-    };
-
     home.packages = with pkgs; [
       thunderbird
       firefox
       lazygit
       veracrypt
       keepassxc
-      kdePackages.yakuake
+      yakuake
       cargo
       zig
       clang
       nil
-      wl-clipboard
-      makemkv
     ];
 
     home.sessionPath = [