aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/common
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-03-31 02:40:11 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-03-31 02:40:11 -0700
commit76b3b07e7329be637b37f92e767595143d3b03fa (patch)
treeff674a9bc8d8e1cdba94cb0d1c13de28b75c1e74 /hosts/common
parent04fd53819ffce3e1275ec48bcdf71769414fdea1 (diff)
downloadnix-76b3b07e7329be637b37f92e767595143d3b03fa.tar
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.gz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.bz2
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.lz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.xz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.zst
nix-76b3b07e7329be637b37f92e767595143d3b03fa.zip
Migrate to more modular layout
Diffstat (limited to '')
-rw-r--r--hosts/common/core/default.nix21
-rw-r--r--hosts/common/core/locale.nix5
-rw-r--r--hosts/common/core/nix.nix30
-rw-r--r--hosts/common/core/shells.nix8
-rw-r--r--hosts/common/core/zsh.nix6
-rw-r--r--hosts/common/optional/google-authenticator.nix23
-rw-r--r--hosts/common/optional/pipewire.nix24
-rw-r--r--hosts/common/optional/services/openssh.nix11
-rw-r--r--hosts/common/optional/services/xorg.nix21
-rw-r--r--hosts/common/optional/zfs.nix6
-rw-r--r--hosts/common/users/nipsy/default.nix31
-rw-r--r--hosts/common/users/nipsy/keys/id_arrakis.pub1
-rw-r--r--hosts/common/users/root/default.nix10
13 files changed, 197 insertions, 0 deletions
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
new file mode 100644
index 0000000..8d19a9f
--- /dev/null
+++ b/hosts/common/core/default.nix
@@ -0,0 +1,21 @@
+{ inputs, outputs, ... }: {
+ imports = [
+ inputs.home-manager.nixosModules.home-manager
+ ./locale.nix
+ ./nix.nix
+ ./shells.nix
+ ./zsh.nix
+ ] ++ (builtins.attrValues outputs.nixosModules);
+
+ home-manager.extraSpecialArgs = { inherit inputs outputs; };
+
+ nixpkgs = {
+ # you can add global overlays here
+ overlays = builtins.attrValues outputs.overlays;
+ config = {
+ allowUnfree = true;
+ };
+ };
+
+ hardware.enableRedistributableFirmware = true;
+}
diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix
new file mode 100644
index 0000000..914312e
--- /dev/null
+++ b/hosts/common/core/locale.nix
@@ -0,0 +1,5 @@
+{ lib, ... }:
+{
+ i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+ time.timeZone = lib.mkDefault "America/Los_Angeles";
+}
diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix
new file mode 100644
index 0000000..587bac6
--- /dev/null
+++ b/hosts/common/core/nix.nix
@@ -0,0 +1,30 @@
+{ inputs, lib, ... }:
+{
+ nix = {
+ settings = {
+ trusted-users = [ "root" "@wheel" ];
+
+ auto-optimise-store = lib.mkDefault true;
+ experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+ warn-dirty = false;
+ #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below.
+ };
+
+ # Add each flake input as a registry to make nix3 commands consistent with your flake
+ #registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+ # Add nixpkgs input to NIX_PATH
+ # This lets nix2 commands still use <nixpkgs>
+ #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+
+ # Garbage Collection
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ randomizedDelaySec = "14m";
+ # Keep the last 2 generations
+ options = "--delete-older-than +2";
+ };
+
+ };
+}
diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix
new file mode 100644
index 0000000..0469b8c
--- /dev/null
+++ b/hosts/common/core/shells.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ bash
+ zsh;
+ };
+}
diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix
new file mode 100644
index 0000000..ba73c00
--- /dev/null
+++ b/hosts/common/core/zsh.nix
@@ -0,0 +1,6 @@
+{
+ programs.zsh = {
+ enable = true;
+ enableCompletion = true;
+ };
+}
diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix
new file mode 100644
index 0000000..7380d1b
--- /dev/null
+++ b/hosts/common/optional/google-authenticator.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ #other
+ google-authenticator;
+ };
+
+ security.pam.services = {
+ chfn.googleAuthenticator.enable = true;
+ chsh.googleAuthenticator.enable = true;
+ cups.googleAuthenticator.enable = true;
+ lightdm.googleAuthenticator.enable = true;
+ login.googleAuthenticator.enable = true;
+ other.googleAuthenticator.enable = true;
+ sshd.googleAuthenticator.enable = true;
+ su.googleAuthenticator.enable = true;
+ sudo.googleAuthenticator.enable = true;
+ vlock.googleAuthenticator.enable = true;
+ xlock.googleAuthenticator.enable = true;
+ xscreensaver.googleAuthenticator.enable = true;
+ };
+}
diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix
new file mode 100644
index 0000000..27b2a09
--- /dev/null
+++ b/hosts/common/optional/pipewire.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+ sound.enable = true;
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+
+ # use the example session manager (no others are packaged yet so this is enabled by default,
+ # no need to redefine it in your config for now)
+ # media-session.enable = true;
+ };
+
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ pamixer
+ pavucontrol;
+ };
+}
diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix
new file mode 100644
index 0000000..33cdbac
--- /dev/null
+++ b/hosts/common/optional/services/openssh.nix
@@ -0,0 +1,11 @@
+{
+ services.openssh = {
+ enable = true;
+ openFirewall = true;
+ settings = {
+ KbdInteractiveAuthentication = false;
+ PasswordAuthentication = false;
+ PermitRootLogin = "yes";
+ };
+ };
+}
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
new file mode 100644
index 0000000..ebca5ea
--- /dev/null
+++ b/hosts/common/optional/services/xorg.nix
@@ -0,0 +1,21 @@
+{
+ services.xserver = {
+ displayManager.defaultSession = "xsession";
+ displayManager.lightdm = {
+ enable = true;
+ extraSeatDefaults = ''greeter-hide-users=true'';
+ };
+ displayManager.session = [
+ {
+ manage = "desktop";
+ name = "xsession";
+ start = ''exec $HOME/.xsession'';
+ }
+ ];
+ enable = true;
+ libinput.enable = true;
+ videoDrivers = [ "amdgpu" ];
+ xkb.layout = "us";
+ xkb.options = "caps:super,compose:ralt";
+ };
+}
diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix
new file mode 100644
index 0000000..a2d978d
--- /dev/null
+++ b/hosts/common/optional/zfs.nix
@@ -0,0 +1,6 @@
+{
+ services.zfs = {
+ autoScrub.enable = true;
+ trim.enable = true;
+ };
+}
diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix
new file mode 100644
index 0000000..58ef9b3
--- /dev/null
+++ b/hosts/common/users/nipsy/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, inputs, config, ... }:
+let
+ ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+ users.groups.nipsy.gid = 1000;
+ users.users.nipsy = {
+ description = "Mark Nipper";
+ extraGroups = [
+ "wheel"
+ "audio"
+ "video"
+ ] ++ ifTheyExist [
+ "networkmanager"
+ ];
+ group = "nipsy";
+ home = "/home/nipsy";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ./keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+
+ packages = [ pkgs.home-manager ];
+ shell = pkgs.zsh;
+ };
+
+ # Import this user's personal/home configurations
+ home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix;
+
+}
diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub
new file mode 100644
index 0000000..38c1d4c
--- /dev/null
+++ b/hosts/common/users/nipsy/keys/id_arrakis.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net
diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix
new file mode 100644
index 0000000..f70f414
--- /dev/null
+++ b/hosts/common/users/root/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ../nipsy/keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+ shell = pkgs.zsh;
+ };
+}