feat: continued refactor

This commit is contained in:
Truxnell 2024-03-24 23:21:13 +11:00
parent 85e8b4774d
commit ca7d1c7a2b
18 changed files with 231 additions and 597 deletions

100
flake.nix
View file

@ -48,14 +48,14 @@
# Use nixpkgs-fmt for 'nix fmt' # Use nixpkgs-fmt for 'nix fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
nixosModules = import ./nixos/modules/nixos;
lib = import ./lib { inherit inputs; } // inputs.nixpkgs.lib; lib = import ./lib { inherit inputs; } // inputs.nixpkgs.lib;
nixosConfigurations = nixosConfigurations =
with self.lib; with self.lib;
let let
defaultModules = defaultModules =
(builtins.attrValues lib.nixosModules) ++ (builtins.attrValues nixosModules) ++
[ [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
@ -69,11 +69,11 @@
{ hostname { hostname
, system ? "x86_64-linux" , system ? "x86_64-linux"
, nixpkgs ? inputs.nixpkgs , nixpkgs ? inputs.nixpkgs
, hardwareModules , hardwareModules ? [ ]
, baseModules ? [ , baseModules ? [
./nixos/modules/nixos
./nixos/profiles
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./nixos/profiles/global.nix
./nixos/modules/nixos
./nixos/hosts/${hostname} ./nixos/hosts/${hostname}
] ]
, extraModules ? [ ] , extraModules ? [ ]
@ -85,104 +85,52 @@
}; };
in in
{ {
nixosvm = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "x86_64-linux";
modules = defaultModules ++ [
./nixos/hosts/nixosvm
];
};
# rickenbacker = nixpkgs.lib.nixosSystem {
# inherit specialArgs;
# system = "x86_64-linux";
# modules = defaultModules ++ [
# ./nixos/hosts/rickenbacker
# ];
# };
"rickenbacker" = mkNixosConfig { "rickenbacker" = mkNixosConfig {
hostname = "rickenbacker"; hostname = "rickenbacker";
system = "x86_64-linux"; system = "x86_64-linux";
hardwareModules = [ hardwareModules = [
# ./modules/hardware/phil.nix ./nixos/profiles/hw-thinkpad-e14-amd.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-amd
];
extraModules = [
# ./profiles/personal.nix
]; ];
}; };
"citadel" = mkNixosConfig { "citadel" = mkNixosConfig {
hostname = "citadel"; hostname = "citadel";
system = "x86_64-linux"; system = "x86_64-linux";
hardwareModules = [
# ./modules/hardware/phil.nix
];
extraModules = [
# ./profiles/personal.nix
];
}; };
# "kclejeune@aarch64-linux" = mkNixosConfig { "dns01" = mkNixosConfig {
# system = "aarch64-linux"; hostname = "dns01";
# hardwareModules = [./modules/hardware/phil.nix]; system = "x86_64-linux";
# extraModules = [./profiles/personal.nix];
# };
dns01 = nixpkgs.lib.nixosSystem {
inherit specialArgs;
system = "aarch64-linux";
modules = defaultModules ++ [
./nixos/hosts/dns01
];
}; };
# dns02 = nixpkgs.lib.nixosSystem {
# # nix build .#images.rpi4
# rpi4 = nixpkgs.lib.nixosSystem {
# inherit specialArgs; # inherit specialArgs;
# system = "aarch64-linux";
# modules = defaultModules ++ [ # modules = defaultModules ++ [
# ./nixos/hosts/dns02 # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
# ./nixos/hosts/images/sd-image
# ]; # ];
# }; # };
# # nix build .#images.iso
# isoimage = nixpkgs.lib.nixosSystem { # iso = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# inherit specialArgs; # inherit specialArgs;
# modules = defaultModules ++ [ # modules = defaultModules ++ [
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix" # "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# { isoImage.squashfsCompression = "gzip -Xcompression-level 1"; } # "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
# ./nixos/iso # ./nixos/hosts/images/cd-dvd
# ]; # ];
# }; # };
# nix build .#images.rpi4
rpi4 = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = defaultModules ++ [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./nixos/hosts/images/sd-image
];
};
# nix build .#images.iso
iso = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = defaultModules ++ [
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
./nixos/hosts/images/cd-dvd
];
};
}; };
# simple shortcut to allow for easier referencing of correct # simple shortcut to allow for easier referencing of correct
# key for building images # key for building images
# > nix build .#images.rpi4 # > nix build .#images.rpi4
images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage; # images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage;
images.iso = nixosConfigurations.iso.config.system.build.isoImage; # images.iso = nixosConfigurations.iso.config.system.build.isoImage;
# deploy-rs # deploy-rs
deploy.nodes = deploy.nodes =

View file

@ -1,20 +0,0 @@
{ config
, inputs
, ...
}:
let
inherit (config.networking) hostName;
# Only enable auto upgrade if current config came from a clean tree
# This avoids accidental auto-upgrades when working locally.
isClean = inputs.self ? rev;
in
{
system.autoUpgrade = {
enable = isClean;
dates = "hourly";
flags = [
"--refresh"
];
flake = "github:truxnell/nix-config";
};
}

View file

@ -1,71 +0,0 @@
{ inputs
, outputs
, config
, sops-nix
, ...
}: {
imports =
[
# inputs.home-manager.nixosModules.home-manager
#inputs.sops-nix.nixosModules.sops
# ./locale.nix
./nix.nix
# ./openssh.nix
./packages.nix
]
++ (builtins.attrValues { });
# home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager
nixpkgs = {
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
# TODO Shared sops location, probably in home-manager?
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
# Increase open file limit for sudoers
security.pam.loginLimits = [
{
domain = "@wheel";
item = "nofile";
type = "soft";
value = "524288";
}
{
domain = "@wheel";
item = "nofile";
type = "hard";
value = "1048576";
}
];
# sops.secrets.msmtp = {
# sopsFile = ./secret.sops.yaml;
# }
# # TODO Email settings
# programs.msmtp = {
# enable = true;
# accounts.default = {
# host = "maddy.home.tld";
# from = "${config.networking.hostName}@trux.dev";
# };
# defaults = {
# aliases = "/etc/aliases";
# };
# };
environment.etc = {
"aliases" = {
text = ''
root: ${config.networking.hostName}@trux.dev
'';
mode = "0644";
};
};
}

View file

@ -1,6 +0,0 @@
{ lib, ... }: {
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
};
time.timeZone = lib.mkDefault "Australia/Melbourne";
}

View file

@ -1,50 +0,0 @@
{ inputs
, lib
, pkgs
, config
, ...
}: {
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = [ "root" "@wheel" ];
auto-optimise-store = lib.mkDefault true;
warn-dirty = false;
};
gc = {
automatic = true;
dates = "weekly";
# Delete older generations too
options = "--delete-older-than 5d";
};
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
nix.registry = (lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nix.nixPath = [ "/etc/nix/path" ];
environment.etc =
lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
# Enable printing changes on nix build etc with nvd
system.activationScripts.report-changes = ''
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
'';
}

View file

@ -1,27 +0,0 @@
{...
}:
{
services.openssh = {
enable = true;
settings = {
# Harden
PasswordAuthentication = false;
PermitRootLogin = "no";
# Automatically remove stale sockets
StreamLocalBindUnlink = "yes";
# Allow forwarding ports to everywhere
GatewayPorts = "clientspecified";
# Don't allow home-directory authorized_keys
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
};
# TODO fix pam, wheel no pass is a bit of a hack
# security.pam.enableSSHAgentAuth = true;
# TODO remove this hack
security.sudo.wheelNeedsPassword = false;
}

View file

@ -1,31 +0,0 @@
{ config
, pkgs
, lib
, ...
}: {
environment.systemPackages = with pkgs; [
bat
jq
yq
btop
neovim
vim
git
dnsutils
nvd
gh
nix
# TODO Move
nil
nixpkgs-fmt
statix
];
programs.direnv = {
# TODO move to home-manager
enable = true;
nix-direnv.enable = true;
};
programs.mtr.enable = true;
}

View file

@ -1,10 +0,0 @@
{ inputs
, outputs
, config
, ...
}: {
# SOPS settings
# https://github.com/Mic92/sops-nix
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}

View file

@ -11,7 +11,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Common imports # Common imports
../common/nixos
../common/nixos/users/truxnell ../common/nixos/users/truxnell
../common/optional/fish.nix ../common/optional/fish.nix
../common/optional/monitoring.nix ../common/optional/monitoring.nix

View file

@ -1,105 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config
, lib
, pkgs
, ...
}: {
imports = [
# Host-specific
./hardware-configuration.nix
# Common imports
../common/nixos
../common/nixos/users/truxnell
../common/optional/fish.nix
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/gnome.nix
../common/optional/editors/vscode
../common/optional/firefox.nix
../common/optional/sops-nix.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
networking.hostName = "nixosvm"; # Define your hostname.
modules.services.openssh = true;
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

View file

@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config
, lib
, pkgs
, modulesPath
, ...
}: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [{ device = "/dev/sda2"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens33.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.vmware.guest.enable = true;
virtualisation.virtualbox.guest.enable = true;
virtualisation.virtualbox.guest.x11 = true;
}

View file

@ -1,119 +1,43 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config { config
, lib , lib
, pkgs , pkgs
, ... , ...
}: { }: {
# hardware-configuration.nix is missing as I've abstracted out the parts
# into various areas like my global/hardware profiles, etc.
imports = [ imports = [
# Host-specific
./hardware-configuration.nix
# Common imports # Common imports
../common/nixos
../common/nixos/users/truxnell ../common/nixos/users/truxnell
../common/optional/fish.nix ../common/optional/fish.nix
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/gnome.nix ../common/optional/gnome.nix
../common/optional/editors/vscode ../common/optional/editors/vscode
../common/optional/firefox.nix ../common/optional/firefox.nix
../common/optional/sops-nix.nix
]; ];
config.mySystem = {
mySystem.services.openssh.enable = true; services.openssh.enable = true;
mySystem.security.wheelNeedsSudoPassword = false; security.wheelNeedsSudoPassword = false;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
boot.initrd.kernelModules = [ "amdgpu" ];
boot.plymouth.enable = true;
networking.hostName = "rickenbacker"; # Define your hostname.
# Enable OpenGL
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
}; };
# Load nvidia driver for Xorg and Wayland # TODO build this in from flake host names
services.xserver.videoDrivers = [ "amdgpu" ]; # or "nvidiaLegacy470 etc. config.networking.hostName = "rickenbacker";
# Pick only one of the below networking options. config = {
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary fileSystems."/" =
# networking.proxy.default = "http://user:password@proxy:port/"; {
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# Select internationalisation properties. fileSystems."/boot" =
# i18n.defaultLocale = "en_US.UTF-8"; {
# console = { device = "/dev/disk/by-uuid/44D0-91EC";
# font = "Lat2-Terminus16"; fsType = "vfat";
# keyMap = "us"; };
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system. swapDevices = [ ];
# services.xserver.enable = true; };
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
} }

View file

@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/fe728106-aaf8-46e6-ab46-1610f1f4398a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/44D0-91EC";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -2,6 +2,7 @@
, config , config
, ... , ...
}: }:
with lib;
let let
cfg = config.mySystem.security; cfg = config.mySystem.security;
in in
@ -14,13 +15,33 @@ in
description = "If wheel group users need password for sudo"; description = "If wheel group users need password for sudo";
default = true; default = true;
}; };
options.mySystem.security.increaseWheelLoginLimits = lib.mkOption {
type = lib.types.bool;
description = "If wheel group users receive increased login limits";
default = true;
};
config = config =
{ {
security.pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;
security.sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; security.sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
security.pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;
# Increase open file limit for sudoers
security.pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [
{
domain = "@wheel";
item = "nofile";
type = "soft";
value = "524288";
}
{
domain = "@wheel";
item = "nofile";
type = "hard";
value = "1048576";
}
];
}; };
} }

View file

@ -1,13 +0,0 @@
{ lib, ... }:
{
imports = [
./global.nix
# ./desktop.nix
# ./development.nix
# ./extended.nix
];
}

View file

@ -1,17 +1,123 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, imports, modulesPath, ... }:
with lib; with lib;
let cfg = config.mySystem.profiles.global;
in
{ {
options.mySystem.profiles.global.enable = mkEnableOption "Global profile" // { default = true; }; # Generated by nixos-config-generate
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
config = mkIf cfg.enable mySystem = {
{
mySystem.time.timeZone = "Australia/Melbourne"; # basics for all devices
time.timeZone = "Australia/Melbourne";
security.increaseWheelLoginLimits = true;
};
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_AU.UTF-8"; defaultLocale = lib.mkDefault "en_AU.UTF-8";
}; };
# TODO refactor this shit out wow
nix = {
settings = {
trusted-substituters = [
"https://nix-community.cachix.org"
"https://numtide.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
];
trusted-users = [ "root" "@wheel" ];
# hardlink duplicates of builds
auto-optimise-store = lib.mkDefault true;
# Fallback quickly if substituters are not available.
connect-timeout = 5;
# Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
# The default at 10 is rarely enough.
log-lines = lib.mkDefault 25;
# Avoid copying unnecessary stuff over SSH
builders-use-substitutes = true;
}; };
# automatically garbage collect nix store
gc = {
# garbage collection
automatic = true;
options = "--delete-older-than 30d";
persistent = true;
};
};
# SOPS settings
# https://github.com/Mic92/sops-nix
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
nixpkgs = {
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
system = {
# Enable printing changes on nix build etc with nvd
activationScripts.report-changes = ''
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
'';
# Do not change unless you know what you are doing
stateVersion = "23.11"; # THERE BE DRAGONS
};
networking.useDHCP = lib.mkDefault true;
environment.systemPackages = with pkgs; [
jq
yq
btop
vim
git
dnsutils
nix
# TODO Move
nil
nixpkgs-fmt
statix
nvd
gh
];
programs.direnv = {
# TODO move to home-manager
enable = true;
nix-direnv.enable = true;
};
programs.mtr.enable = true;
} }

View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, imports, boot, ... }:
with lib;
{
boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd.kernelModules = [ "amdgpu" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
# set xserver videodrivers if used
services.xserver.videoDrivers = [ "amdgpu" ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, imports, boot, ... }:
# Role for workstations
# Covers desktops/laptops, expected to have a GUI and do worloads
# Will have home-manager installs
with lib;
{
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
plymouth.enable = true;
};
nix.settings = {
# TODO factor out into mySystem
# Avoid disk full issues
max-free = lib.mkDefault (1000 * 1000 * 1000);
min-free = lib.mkDefault (128 * 1000 * 1000);
};
}