diff --git a/flake.nix b/flake.nix index a70cae1..9f496f6 100644 --- a/flake.nix +++ b/flake.nix @@ -76,11 +76,11 @@ ./nixos/modules/nixos ./nixos/hosts/${hostname} ] - , extraModules ? [ ] + , profileModules ? [ ] }: nixpkgs.lib.nixosSystem { inherit system; - modules = baseModules ++ hardwareModules ++ extraModules; + modules = baseModules ++ hardwareModules ++ profileModules; specialArgs = { inherit self inputs nixpkgs; }; }; in @@ -93,6 +93,10 @@ ./nixos/profiles/hw-thinkpad-e14-amd.nix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-amd ]; + profileModules = [ + ./nixos/profiles/role-worstation.nix + + ]; }; "citadel" = mkNixosConfig { diff --git a/nixos/modules/nixos/system/nix.nix b/nixos/modules/nixos/system/nix.nix new file mode 100644 index 0000000..f75c7e1 --- /dev/null +++ b/nixos/modules/nixos/system/nix.nix @@ -0,0 +1,81 @@ +{ lib +, config +, self +, ... +}: +with lib; +let + cfg = config.mySystem.nix; +in +{ + options.mySystem.nix = { + autoOptimiseStore = mkOption + { + type = lib.types.bool; + description = "If we want to auto optimise store"; + default = true; + + }; + gc = { + enabled = mkEnableOption "automatic garbage collection" // { + default = true; + }; + persistent = mkOption + { + type = lib.types.bool; + description = "Persistent timer for gc, runs at startup if timer missed"; + default = true; + + }; + }; + + }; + + nix = { + settings = { + # Enable flakes + experimental-features = [ + "nix-command" + "flakes" + ]; + + # Substitutions + trusted-substituters = [ + "https://nix-community.cachix.org" + "https://numtide.cachix.org" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" + ]; + + # Fallback quickly if substituters are not available. + connect-timeout = 5; + # Avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; + + + trusted-users = [ "root" "@wheel" ]; + + warn-dirty = false; + + # The default at 10 is rarely enough. + log-lines = lib.mkDefault 25; + + }; + + optimise.automatic = cfg.autoOptimiseStore; + + # automatically garbage collect nix store + gc = mkIf cfg.gc.enabled { + # garbage collection + automatic = cfg.gc.enabled; + options = "--delete-older-than 30d"; + persistent = cfg.gc.persistent; + }; + + }; + + +} diff --git a/nixos/profiles/global.nix b/nixos/profiles/global.nix index 8be3570..be82a63 100644 --- a/nixos/profiles/global.nix +++ b/nixos/profiles/global.nix @@ -2,10 +2,18 @@ with lib; { + # NOTE + # Some 'global' areas have defaults set in their respective modules. + # These will be applied when the modules are loaded + # Not the global role. + # Not sure at this point a good way to manage globals in one place + # without mono-repo config. + # Generated by nixos-config-generate imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ./global/nix.nix ]; mySystem = { @@ -20,52 +28,6 @@ with lib; }; # TODO refactor this shit out wow - nix = { - settings = { - trusted-substituters = [ - "https://nix-community.cachix.org" - "https://numtide.cachix.org" - ]; - - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" - ]; - - trusted-users = [ "root" "@wheel" ]; - - # hardlink duplicates of builds - auto-optimise-store = lib.mkDefault true; - - - - # Fallback quickly if substituters are not available. - connect-timeout = 5; - - # Enable flakes - experimental-features = [ - "nix-command" - "flakes" - ]; - - warn-dirty = false; - - # The default at 10 is rarely enough. - log-lines = lib.mkDefault 25; - - # Avoid copying unnecessary stuff over SSH - builders-use-substitutes = true; - }; - - # automatically garbage collect nix store - gc = { - # garbage collection - automatic = true; - options = "--delete-older-than 30d"; - persistent = true; - }; - - }; # SOPS settings # https://github.com/Mic92/sops-nix diff --git a/nixos/profiles/global/nix.nix b/nixos/profiles/global/nix.nix new file mode 100644 index 0000000..618eaf5 --- /dev/null +++ b/nixos/profiles/global/nix.nix @@ -0,0 +1,84 @@ +{ lib, ... }: +{ + nix = { + nix = { + settings = { + # Enable flakes + experimental-features = [ + "nix-command" + "flakes" + ]; + + # Substitutions + trusted-substituters = [ + "https://nix-community.cachix.org" + "https://numtide.cachix.org" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" + ]; + + # Fallback quickly if substituters are not available. + connect-timeout = 5; + # Avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; + + + trusted-users = [ "root" "@wheel" ]; + + warn-dirty = false; + + # The default at 10 is rarely enough. + log-lines = lib.mkDefault 25; + + }; + + }; + + settings = { + # Enable flakes + experimental-features = [ + "nix-command" + "flakes" + ]; + + # Substitutions + trusted-substituters = [ + "https://nix-community.cachix.org" + "https://numtide.cachix.org" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" + ]; + + # Fallback quickly if substituters are not available. + connect-timeout = 5; + # Avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; + + + trusted-users = [ "root" "@wheel" ]; + + warn-dirty = false; + + # The default at 10 is rarely enough. + log-lines = lib.mkDefault 25; + + }; + + optimise.automatic = cfg.autoOptimiseStore; + + # automatically garbage collect nix store + gc = mkIf cfg.gc.enabled { + # garbage collection + automatic = cfg.gc.enabled; + options = "--delete-older-than 30d"; + persistent = cfg.gc.persistent; + }; + + }; +} diff --git a/nixos/profiles/hw-thinkpad-e14-amd.nix b/nixos/profiles/hw-thinkpad-e14-amd.nix index 2c2244b..d7a0686 100644 --- a/nixos/profiles/hw-thinkpad-e14-amd.nix +++ b/nixos/profiles/hw-thinkpad-e14-amd.nix @@ -11,10 +11,13 @@ with lib; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; + # why not ensure we can memtest workstatons easily? + grub.memtest86.enable = true; + }; }; - # set xserver videodrivers if used + # set xserver videodrivers for amp gpu services.xserver.videoDrivers = [ "amdgpu" ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/nixos/profiles/role-worstation.nix b/nixos/profiles/role-worstation.nix index c0194bc..a40e66a 100644 --- a/nixos/profiles/role-worstation.nix +++ b/nixos/profiles/role-worstation.nix @@ -18,8 +18,13 @@ with lib; min-free = lib.mkDefault (128 * 1000 * 1000); }; + # set xserver videodrivers if used + services.xserver.enable = true; - + # Laptop so ill likely use wireles + # very likely to be set by GUI packages but lets + # be declarative. + networking.networkmanager.enable = true; }