feat: continued refactor
This commit is contained in:
parent
85e8b4774d
commit
ca7d1c7a2b
18 changed files with 231 additions and 597 deletions
100
flake.nix
100
flake.nix
|
@ -48,14 +48,14 @@
|
|||
# Use nixpkgs-fmt for 'nix fmt'
|
||||
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
|
||||
|
||||
nixosModules = import ./nixos/modules/nixos;
|
||||
lib = import ./lib { inherit inputs; } // inputs.nixpkgs.lib;
|
||||
|
||||
|
||||
nixosConfigurations =
|
||||
with self.lib;
|
||||
let
|
||||
defaultModules =
|
||||
(builtins.attrValues lib.nixosModules) ++
|
||||
(builtins.attrValues nixosModules) ++
|
||||
[
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
|
@ -69,11 +69,11 @@
|
|||
{ hostname
|
||||
, system ? "x86_64-linux"
|
||||
, nixpkgs ? inputs.nixpkgs
|
||||
, hardwareModules
|
||||
, hardwareModules ? [ ]
|
||||
, baseModules ? [
|
||||
./nixos/modules/nixos
|
||||
./nixos/profiles
|
||||
sops-nix.nixosModules.sops
|
||||
./nixos/profiles/global.nix
|
||||
./nixos/modules/nixos
|
||||
./nixos/hosts/${hostname}
|
||||
]
|
||||
, extraModules ? [ ]
|
||||
|
@ -85,104 +85,52 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
nixosvm = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
system = "x86_64-linux";
|
||||
modules = defaultModules ++ [
|
||||
./nixos/hosts/nixosvm
|
||||
];
|
||||
};
|
||||
|
||||
# rickenbacker = nixpkgs.lib.nixosSystem {
|
||||
# inherit specialArgs;
|
||||
# system = "x86_64-linux";
|
||||
# modules = defaultModules ++ [
|
||||
# ./nixos/hosts/rickenbacker
|
||||
# ];
|
||||
# };
|
||||
|
||||
"rickenbacker" = mkNixosConfig {
|
||||
hostname = "rickenbacker";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
# ./modules/hardware/phil.nix
|
||||
|
||||
];
|
||||
extraModules = [
|
||||
# ./profiles/personal.nix
|
||||
./nixos/profiles/hw-thinkpad-e14-amd.nix
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-amd
|
||||
];
|
||||
};
|
||||
|
||||
"citadel" = mkNixosConfig {
|
||||
hostname = "citadel";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
# ./modules/hardware/phil.nix
|
||||
|
||||
];
|
||||
extraModules = [
|
||||
# ./profiles/personal.nix
|
||||
];
|
||||
};
|
||||
|
||||
# "kclejeune@aarch64-linux" = mkNixosConfig {
|
||||
# system = "aarch64-linux";
|
||||
# hardwareModules = [./modules/hardware/phil.nix];
|
||||
# extraModules = [./profiles/personal.nix];
|
||||
# };
|
||||
|
||||
|
||||
dns01 = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
system = "aarch64-linux";
|
||||
modules = defaultModules ++ [
|
||||
./nixos/hosts/dns01
|
||||
];
|
||||
"dns01" = mkNixosConfig {
|
||||
hostname = "dns01";
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
# dns02 = nixpkgs.lib.nixosSystem {
|
||||
|
||||
# # nix build .#images.rpi4
|
||||
# rpi4 = nixpkgs.lib.nixosSystem {
|
||||
# inherit specialArgs;
|
||||
# system = "aarch64-linux";
|
||||
|
||||
# modules = defaultModules ++ [
|
||||
# ./nixos/hosts/dns02
|
||||
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
# ./nixos/hosts/images/sd-image
|
||||
# ];
|
||||
# };
|
||||
|
||||
# isoimage = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# # nix build .#images.iso
|
||||
# iso = nixpkgs.lib.nixosSystem {
|
||||
# inherit specialArgs;
|
||||
|
||||
# modules = defaultModules ++ [
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix"
|
||||
# { isoImage.squashfsCompression = "gzip -Xcompression-level 1"; }
|
||||
# ./nixos/iso
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
|
||||
# ./nixos/hosts/images/cd-dvd
|
||||
# ];
|
||||
# };
|
||||
|
||||
# nix build .#images.rpi4
|
||||
rpi4 = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
|
||||
modules = defaultModules ++ [
|
||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
./nixos/hosts/images/sd-image
|
||||
];
|
||||
};
|
||||
# nix build .#images.iso
|
||||
iso = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
|
||||
modules = defaultModules ++ [
|
||||
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
|
||||
./nixos/hosts/images/cd-dvd
|
||||
];
|
||||
};
|
||||
};
|
||||
# simple shortcut to allow for easier referencing of correct
|
||||
# key for building images
|
||||
# > nix build .#images.rpi4
|
||||
images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage;
|
||||
images.iso = nixosConfigurations.iso.config.system.build.isoImage;
|
||||
# images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage;
|
||||
# images.iso = nixosConfigurations.iso.config.system.build.isoImage;
|
||||
|
||||
# deploy-rs
|
||||
deploy.nodes =
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
{ config
|
||||
, inputs
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (config.networking) hostName;
|
||||
# Only enable auto upgrade if current config came from a clean tree
|
||||
# This avoids accidental auto-upgrades when working locally.
|
||||
isClean = inputs.self ? rev;
|
||||
in
|
||||
{
|
||||
system.autoUpgrade = {
|
||||
enable = isClean;
|
||||
dates = "hourly";
|
||||
flags = [
|
||||
"--refresh"
|
||||
];
|
||||
flake = "github:truxnell/nix-config";
|
||||
};
|
||||
}
|
|
@ -1,71 +0,0 @@
|
|||
{ inputs
|
||||
, outputs
|
||||
, config
|
||||
, sops-nix
|
||||
, ...
|
||||
}: {
|
||||
imports =
|
||||
[
|
||||
# inputs.home-manager.nixosModules.home-manager
|
||||
#inputs.sops-nix.nixosModules.sops
|
||||
# ./locale.nix
|
||||
./nix.nix
|
||||
# ./openssh.nix
|
||||
./packages.nix
|
||||
]
|
||||
++ (builtins.attrValues { });
|
||||
|
||||
# home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager
|
||||
|
||||
nixpkgs = {
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
# TODO Shared sops location, probably in home-manager?
|
||||
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
|
||||
# Increase open file limit for sudoers
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
domain = "@wheel";
|
||||
item = "nofile";
|
||||
type = "soft";
|
||||
value = "524288";
|
||||
}
|
||||
{
|
||||
domain = "@wheel";
|
||||
item = "nofile";
|
||||
type = "hard";
|
||||
value = "1048576";
|
||||
}
|
||||
];
|
||||
|
||||
# sops.secrets.msmtp = {
|
||||
# sopsFile = ./secret.sops.yaml;
|
||||
# }
|
||||
|
||||
# # TODO Email settings
|
||||
# programs.msmtp = {
|
||||
# enable = true;
|
||||
# accounts.default = {
|
||||
# host = "maddy.home.tld";
|
||||
# from = "${config.networking.hostName}@trux.dev";
|
||||
# };
|
||||
# defaults = {
|
||||
# aliases = "/etc/aliases";
|
||||
# };
|
||||
# };
|
||||
|
||||
environment.etc = {
|
||||
"aliases" = {
|
||||
text = ''
|
||||
root: ${config.networking.hostName}@trux.dev
|
||||
'';
|
||||
mode = "0644";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{ lib, ... }: {
|
||||
i18n = {
|
||||
defaultLocale = lib.mkDefault "en_US.UTF-8";
|
||||
};
|
||||
time.timeZone = lib.mkDefault "Australia/Melbourne";
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
{ inputs
|
||||
, lib
|
||||
, pkgs
|
||||
, config
|
||||
, ...
|
||||
}: {
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
trusted-users = [ "root" "@wheel" ];
|
||||
auto-optimise-store = lib.mkDefault true;
|
||||
warn-dirty = false;
|
||||
|
||||
};
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
# Delete older generations too
|
||||
options = "--delete-older-than 5d";
|
||||
};
|
||||
};
|
||||
|
||||
# This will add each flake input as a registry
|
||||
# To make nix3 commands consistent with your flake
|
||||
nix.registry = (lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
|
||||
|
||||
# This will additionally add your inputs to the system's legacy channels
|
||||
# Making legacy nix commands consistent as well, awesome!
|
||||
nix.nixPath = [ "/etc/nix/path" ];
|
||||
environment.etc =
|
||||
lib.mapAttrs'
|
||||
(name: value: {
|
||||
name = "nix/path/${name}";
|
||||
value.source = value.flake;
|
||||
})
|
||||
config.nix.registry;
|
||||
|
||||
# Enable printing changes on nix build etc with nvd
|
||||
system.activationScripts.report-changes = ''
|
||||
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
||||
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
||||
'';
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
{...
|
||||
}:
|
||||
|
||||
{
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# Harden
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
# Automatically remove stale sockets
|
||||
StreamLocalBindUnlink = "yes";
|
||||
# Allow forwarding ports to everywhere
|
||||
GatewayPorts = "clientspecified";
|
||||
# Don't allow home-directory authorized_keys
|
||||
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
|
||||
};
|
||||
};
|
||||
|
||||
# TODO fix pam, wheel no pass is a bit of a hack
|
||||
# security.pam.enableSSHAgentAuth = true;
|
||||
|
||||
# TODO remove this hack
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
bat
|
||||
jq
|
||||
yq
|
||||
btop
|
||||
neovim
|
||||
vim
|
||||
git
|
||||
dnsutils
|
||||
nvd
|
||||
gh
|
||||
nix
|
||||
|
||||
# TODO Move
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
statix
|
||||
];
|
||||
|
||||
programs.direnv = {
|
||||
# TODO move to home-manager
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
programs.mtr.enable = true;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ inputs
|
||||
, outputs
|
||||
, config
|
||||
, ...
|
||||
}: {
|
||||
# SOPS settings
|
||||
# https://github.com/Mic92/sops-nix
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
}
|
|
@ -11,7 +11,6 @@
|
|||
./hardware-configuration.nix
|
||||
|
||||
# Common imports
|
||||
../common/nixos
|
||||
../common/nixos/users/truxnell
|
||||
../common/optional/fish.nix
|
||||
../common/optional/monitoring.nix
|
||||
|
|
|
@ -1,105 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page, on
|
||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
imports = [
|
||||
# Host-specific
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Common imports
|
||||
../common/nixos
|
||||
../common/nixos/users/truxnell
|
||||
../common/optional/fish.nix
|
||||
../common/optional/monitoring.nix
|
||||
../common/optional/reboot-required.nix
|
||||
../common/optional/gnome.nix
|
||||
../common/optional/editors/vscode
|
||||
../common/optional/firefox.nix
|
||||
../common/optional/sops-nix.nix
|
||||
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
|
||||
|
||||
networking.hostName = "nixosvm"; # Define your hostname.
|
||||
|
||||
modules.services.openssh = true;
|
||||
|
||||
# Pick only one of the below networking options.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n.defaultLocale = "en_US.UTF-8";
|
||||
# console = {
|
||||
# font = "Lat2-Terminus16";
|
||||
# keyMap = "us";
|
||||
# useXkbConfig = true; # use xkb.options in tty.
|
||||
# };
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
# services.xserver.xkb.layout = "us";
|
||||
# services.xserver.xkb.options = "eurosign:e,caps:escape";
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable sound.
|
||||
# sound.enable = true;
|
||||
# hardware.pulseaudio.enable = true;
|
||||
|
||||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
# system.copySystemConfiguration = true;
|
||||
|
||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||
#
|
||||
# Most users should NEVER change this value after the initial install, for any reason,
|
||||
# even if you've upgraded your system to a new NixOS release.
|
||||
#
|
||||
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||
# so changing it will NOT upgrade your system.
|
||||
#
|
||||
# This value being lower than the current NixOS release does NOT mean your system is
|
||||
# out of date, out of support, or vulnerable.
|
||||
#
|
||||
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||
# and migrated your data accordingly.
|
||||
#
|
||||
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, modulesPath
|
||||
, ...
|
||||
}: {
|
||||
imports = [ ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-label/boot";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/sda2"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens33.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
virtualisation.vmware.guest.enable = true;
|
||||
virtualisation.virtualbox.guest.enable = true;
|
||||
virtualisation.virtualbox.guest.x11 = true;
|
||||
}
|
|
@ -1,119 +1,43 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page, on
|
||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
|
||||
# hardware-configuration.nix is missing as I've abstracted out the parts
|
||||
# into various areas like my global/hardware profiles, etc.
|
||||
imports = [
|
||||
# Host-specific
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Common imports
|
||||
../common/nixos
|
||||
../common/nixos/users/truxnell
|
||||
../common/optional/fish.nix
|
||||
../common/optional/monitoring.nix
|
||||
../common/optional/reboot-required.nix
|
||||
../common/optional/gnome.nix
|
||||
../common/optional/editors/vscode
|
||||
../common/optional/firefox.nix
|
||||
../common/optional/sops-nix.nix
|
||||
|
||||
];
|
||||
|
||||
mySystem.services.openssh.enable = true;
|
||||
mySystem.security.wheelNeedsSudoPassword = false;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
|
||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
networking.hostName = "rickenbacker"; # Define your hostname.
|
||||
|
||||
# Enable OpenGL
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
config.mySystem = {
|
||||
services.openssh.enable = true;
|
||||
security.wheelNeedsSudoPassword = false;
|
||||
};
|
||||
|
||||
# Load nvidia driver for Xorg and Wayland
|
||||
services.xserver.videoDrivers = [ "amdgpu" ]; # or "nvidiaLegacy470 etc.
|
||||
# TODO build this in from flake host names
|
||||
config.networking.hostName = "rickenbacker";
|
||||
|
||||
# Pick only one of the below networking options.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||
config = {
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n.defaultLocale = "en_US.UTF-8";
|
||||
# console = {
|
||||
# font = "Lat2-Terminus16";
|
||||
# keyMap = "us";
|
||||
# useXkbConfig = true; # use xkb.options in tty.
|
||||
# };
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/44D0-91EC";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
# services.xserver.xkb.layout = "us";
|
||||
# services.xserver.xkb.options = "eurosign:e,caps:escape";
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable sound.
|
||||
# sound.enable = true;
|
||||
# hardware.pulseaudio.enable = true;
|
||||
|
||||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
# system.copySystemConfiguration = true;
|
||||
|
||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||
#
|
||||
# Most users should NEVER change this value after the initial install, for any reason,
|
||||
# even if you've upgraded your system to a new NixOS release.
|
||||
#
|
||||
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||
# so changing it will NOT upgrade your system.
|
||||
#
|
||||
# This value being lower than the current NixOS release does NOT mean your system is
|
||||
# out of date, out of support, or vulnerable.
|
||||
#
|
||||
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||
# and migrated your data accordingly.
|
||||
#
|
||||
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
swapDevices = [ ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/fe728106-aaf8-46e6-ab46-1610f1f4398a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/44D0-91EC";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -2,6 +2,7 @@
|
|||
, config
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.security;
|
||||
in
|
||||
|
@ -14,13 +15,33 @@ in
|
|||
description = "If wheel group users need password for sudo";
|
||||
default = true;
|
||||
};
|
||||
options.mySystem.security.increaseWheelLoginLimits = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = "If wheel group users receive increased login limits";
|
||||
default = true;
|
||||
};
|
||||
|
||||
config =
|
||||
{
|
||||
security.pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;
|
||||
security.sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
|
||||
|
||||
security.pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;
|
||||
|
||||
# Increase open file limit for sudoers
|
||||
security.pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [
|
||||
{
|
||||
domain = "@wheel";
|
||||
item = "nofile";
|
||||
type = "soft";
|
||||
value = "524288";
|
||||
}
|
||||
{
|
||||
domain = "@wheel";
|
||||
item = "nofile";
|
||||
type = "hard";
|
||||
value = "1048576";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./global.nix
|
||||
# ./desktop.nix
|
||||
# ./development.nix
|
||||
# ./extended.nix
|
||||
];
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,17 +1,123 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, imports, modulesPath, ... }:
|
||||
|
||||
with lib;
|
||||
let cfg = config.mySystem.profiles.global;
|
||||
in
|
||||
{
|
||||
options.mySystem.profiles.global.enable = mkEnableOption "Global profile" // { default = true; };
|
||||
# Generated by nixos-config-generate
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
config = mkIf cfg.enable
|
||||
{
|
||||
mySystem.time.timeZone = "Australia/Melbourne";
|
||||
mySystem = {
|
||||
|
||||
# basics for all devices
|
||||
time.timeZone = "Australia/Melbourne";
|
||||
security.increaseWheelLoginLimits = true;
|
||||
};
|
||||
|
||||
i18n = {
|
||||
defaultLocale = lib.mkDefault "en_AU.UTF-8";
|
||||
};
|
||||
|
||||
# TODO refactor this shit out wow
|
||||
nix = {
|
||||
settings = {
|
||||
trusted-substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://numtide.cachix.org"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
|
||||
];
|
||||
|
||||
trusted-users = [ "root" "@wheel" ];
|
||||
|
||||
# hardlink duplicates of builds
|
||||
auto-optimise-store = lib.mkDefault true;
|
||||
|
||||
|
||||
|
||||
# Fallback quickly if substituters are not available.
|
||||
connect-timeout = 5;
|
||||
|
||||
# Enable flakes
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
|
||||
warn-dirty = false;
|
||||
|
||||
# The default at 10 is rarely enough.
|
||||
log-lines = lib.mkDefault 25;
|
||||
|
||||
# Avoid copying unnecessary stuff over SSH
|
||||
builders-use-substitutes = true;
|
||||
};
|
||||
|
||||
# automatically garbage collect nix store
|
||||
gc = {
|
||||
# garbage collection
|
||||
automatic = true;
|
||||
options = "--delete-older-than 30d";
|
||||
persistent = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# SOPS settings
|
||||
# https://github.com/Mic92/sops-nix
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
|
||||
nixpkgs = {
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
system = {
|
||||
# Enable printing changes on nix build etc with nvd
|
||||
activationScripts.report-changes = ''
|
||||
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
||||
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
||||
'';
|
||||
# Do not change unless you know what you are doing
|
||||
stateVersion = "23.11"; # THERE BE DRAGONS
|
||||
};
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
yq
|
||||
btop
|
||||
vim
|
||||
git
|
||||
dnsutils
|
||||
nix
|
||||
|
||||
# TODO Move
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
statix
|
||||
nvd
|
||||
gh
|
||||
];
|
||||
|
||||
programs.direnv = {
|
||||
# TODO move to home-manager
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
programs.mtr.enable = true;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
22
nixos/profiles/hw-thinkpad-e14-amd.nix
Normal file
22
nixos/profiles/hw-thinkpad-e14-amd.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, lib, pkgs, imports, boot, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
boot = {
|
||||
|
||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
initrd.kernelModules = [ "amdgpu" ];
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
# set xserver videodrivers if used
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
}
|
25
nixos/profiles/role-worstation.nix
Normal file
25
nixos/profiles/role-worstation.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, pkgs, imports, boot, ... }:
|
||||
# Role for workstations
|
||||
# Covers desktops/laptops, expected to have a GUI and do worloads
|
||||
# Will have home-manager installs
|
||||
|
||||
with lib;
|
||||
{
|
||||
boot = {
|
||||
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
|
||||
plymouth.enable = true;
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
# TODO factor out into mySystem
|
||||
# Avoid disk full issues
|
||||
max-free = lib.mkDefault (1000 * 1000 * 1000);
|
||||
min-free = lib.mkDefault (128 * 1000 * 1000);
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
Reference in a new issue