diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-03-31 02:40:11 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-03-31 02:40:11 -0700 |
commit | 76b3b07e7329be637b37f92e767595143d3b03fa (patch) | |
tree | ff674a9bc8d8e1cdba94cb0d1c13de28b75c1e74 /hosts | |
parent | 04fd53819ffce3e1275ec48bcdf71769414fdea1 (diff) | |
download | nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.gz nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.bz2 nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.lz nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.xz nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.zst nix-76b3b07e7329be637b37f92e767595143d3b03fa.zip |
Migrate to more modular layout
Diffstat (limited to '')
-rw-r--r-- | hosts/common/core/default.nix | 21 | ||||
-rw-r--r-- | hosts/common/core/locale.nix | 5 | ||||
-rw-r--r-- | hosts/common/core/nix.nix | 30 | ||||
-rw-r--r-- | hosts/common/core/shells.nix | 8 | ||||
-rw-r--r-- | hosts/common/core/zsh.nix | 6 | ||||
-rw-r--r-- | hosts/common/optional/google-authenticator.nix | 23 | ||||
-rw-r--r-- | hosts/common/optional/pipewire.nix | 24 | ||||
-rw-r--r-- | hosts/common/optional/services/openssh.nix | 11 | ||||
-rw-r--r-- | hosts/common/optional/services/xorg.nix | 21 | ||||
-rw-r--r-- | hosts/common/optional/zfs.nix | 6 | ||||
-rw-r--r-- | hosts/common/users/nipsy/default.nix | 31 | ||||
-rw-r--r-- | hosts/common/users/nipsy/keys/id_arrakis.pub | 1 | ||||
-rw-r--r-- | hosts/common/users/root/default.nix | 10 | ||||
-rw-r--r-- | hosts/ginaz/default.nix (renamed from ginaz/configuration.nix) | 135 | ||||
-rw-r--r-- | hosts/ginaz/hardware-configuration.nix (renamed from ginaz/hardware-configuration.nix) | 3 |
15 files changed, 230 insertions, 105 deletions
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix new file mode 100644 index 0000000..8d19a9f --- /dev/null +++ b/hosts/common/core/default.nix @@ -0,0 +1,21 @@ +{ inputs, outputs, ... }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./locale.nix + ./nix.nix + ./shells.nix + ./zsh.nix + ] ++ (builtins.attrValues outputs.nixosModules); + + home-manager.extraSpecialArgs = { inherit inputs outputs; }; + + nixpkgs = { + # you can add global overlays here + overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + }; + }; + + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix new file mode 100644 index 0000000..914312e --- /dev/null +++ b/hosts/common/core/locale.nix @@ -0,0 +1,5 @@ +{ lib, ... }: +{ + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + time.timeZone = lib.mkDefault "America/Los_Angeles"; +} diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix new file mode 100644 index 0000000..587bac6 --- /dev/null +++ b/hosts/common/core/nix.nix @@ -0,0 +1,30 @@ +{ inputs, lib, ... }: +{ + nix = { + settings = { + trusted-users = [ "root" "@wheel" ]; + + auto-optimise-store = lib.mkDefault true; + experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + warn-dirty = false; + #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below. + }; + + # Add each flake input as a registry to make nix3 commands consistent with your flake + #registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # Add nixpkgs input to NIX_PATH + # This lets nix2 commands still use <nixpkgs> + #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ]; + + # Garbage Collection + gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "14m"; + # Keep the last 2 generations + options = "--delete-older-than +2"; + }; + + }; +} diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix new file mode 100644 index 0000000..0469b8c --- /dev/null +++ b/hosts/common/core/shells.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + bash + zsh; + }; +} diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix new file mode 100644 index 0000000..ba73c00 --- /dev/null +++ b/hosts/common/core/zsh.nix @@ -0,0 +1,6 @@ +{ + programs.zsh = { + enable = true; + enableCompletion = true; + }; +} diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix new file mode 100644 index 0000000..7380d1b --- /dev/null +++ b/hosts/common/optional/google-authenticator.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + #other + google-authenticator; + }; + + security.pam.services = { + chfn.googleAuthenticator.enable = true; + chsh.googleAuthenticator.enable = true; + cups.googleAuthenticator.enable = true; + lightdm.googleAuthenticator.enable = true; + login.googleAuthenticator.enable = true; + other.googleAuthenticator.enable = true; + sshd.googleAuthenticator.enable = true; + su.googleAuthenticator.enable = true; + sudo.googleAuthenticator.enable = true; + vlock.googleAuthenticator.enable = true; + xlock.googleAuthenticator.enable = true; + xscreensaver.googleAuthenticator.enable = true; + }; +} diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix new file mode 100644 index 0000000..27b2a09 --- /dev/null +++ b/hosts/common/optional/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + pamixer + pavucontrol; + }; +} diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix new file mode 100644 index 0000000..33cdbac --- /dev/null +++ b/hosts/common/optional/services/openssh.nix @@ -0,0 +1,11 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "yes"; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix new file mode 100644 index 0000000..ebca5ea --- /dev/null +++ b/hosts/common/optional/services/xorg.nix @@ -0,0 +1,21 @@ +{ + services.xserver = { + displayManager.defaultSession = "xsession"; + displayManager.lightdm = { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }; + displayManager.session = [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; + libinput.enable = true; + videoDrivers = [ "amdgpu" ]; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; + }; +} diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix new file mode 100644 index 0000000..a2d978d --- /dev/null +++ b/hosts/common/optional/zfs.nix @@ -0,0 +1,6 @@ +{ + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix new file mode 100644 index 0000000..58ef9b3 --- /dev/null +++ b/hosts/common/users/nipsy/default.nix @@ -0,0 +1,31 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in +{ + users.groups.nipsy.gid = 1000; + users.users.nipsy = { + description = "Mark Nipper"; + extraGroups = [ + "wheel" + "audio" + "video" + ] ++ ifTheyExist [ + "networkmanager" + ]; + group = "nipsy"; + home = "/home/nipsy"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ./keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + shell = pkgs.zsh; + }; + + # Import this user's personal/home configurations + home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix; + +} diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub new file mode 100644 index 0000000..38c1d4c --- /dev/null +++ b/hosts/common/users/nipsy/keys/id_arrakis.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix new file mode 100644 index 0000000..f70f414 --- /dev/null +++ b/hosts/common/users/root/default.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + shell = pkgs.zsh; + }; +} diff --git a/ginaz/configuration.nix b/hosts/ginaz/default.nix index 9310c2b..d5fa16c 100644 --- a/ginaz/configuration.nix +++ b/hosts/ginaz/default.nix @@ -1,27 +1,19 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - boot.initrd.kernelModules = [ "amdgpu" "zfs" ]; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.generationsDir.copyKernels = true; - boot.loader.systemd-boot.enable = true; - boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.devNodes = "/dev/disk/by-label"; +{ config, inputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; documentation.dev.enable = true; documentation.man.enable = true; - environment.shells = with pkgs; [ zsh ]; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ bc bespokesynth @@ -122,8 +114,7 @@ sshfs st stoken - surge - #surge-XT + surge-XT sxiv synthv1 sysstat @@ -164,15 +155,26 @@ zynaddsubfx ]; - i18n.defaultLocale = "en_US.UTF-8"; + imports = [ + inputs.hardware.nixosModules.lenovo-yoga-7-14ARH7.amdgpu - networking.hostId = "8425e349"; - networking.hostName = "ginaz"; - networking.networkmanager.enable = true; - networking.nftables.enable = true; + ./hardware-configuration.nix + ../common/core + ../common/optional/google-authenticator.nix + ../common/optional/pipewire.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nixpkgs.config.allowUnfree = true; + networking = { + hostId = "8425e349"; + hostName = "ginaz"; + networkmanager.enable = true; + nftables.enable = true; + }; programs.atop.enable = true; programs.firefox.enable = true; @@ -187,20 +189,6 @@ programs.tmux.enable = true; programs.zsh.enable = true; - security.pam.services = { - chfn.googleAuthenticator.enable = true; - chsh.googleAuthenticator.enable = true; - cups.googleAuthenticator.enable = true; - lightdm.googleAuthenticator.enable = true; - login.googleAuthenticator.enable = true; - other.googleAuthenticator.enable = true; - sshd.googleAuthenticator.enable = true; - su.googleAuthenticator.enable = true; - sudo.googleAuthenticator.enable = true; - vlock.googleAuthenticator.enable = true; - xlock.googleAuthenticator.enable = true; - xscreensaver.googleAuthenticator.enable = true; - }; security.polkit = { enable = true; extraConfig = '' @@ -220,23 +208,7 @@ }) ''; }; - security.rtkit.enable = true; - services.blueman.enable = true; - services.openssh = { - enable = true; - openFirewall = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - settings.PermitRootLogin = "yes"; - }; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; services.printing.enable = true; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" @@ -245,29 +217,6 @@ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3020",MODE:="0666" SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3030",MODE:="0666" ''; - services.xserver = { - displayManager.defaultSession = "xsession"; - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; - displayManager.session = [ - { - manage = "desktop"; - name = "xsession"; - start = ''exec $HOME/.xsession''; - } - ]; - enable = true; - libinput.enable = true; - videoDrivers = [ "amdgpu" ]; - xkb.layout = "us"; - xkb.options = "caps:super,compose:ralt"; - }; - services.zfs.autoScrub.enable = true; - services.zfs.trim.enable = true; - - system.stateVersion = "23.11"; systemd = { user.services.polkit-gnome-authentication-agent-1 = { @@ -285,25 +234,5 @@ }; }; - time.timeZone = "America/Los_Angeles"; - - users.groups.nipsy.gid = 1000; - users.users.nipsy = { - isNormalUser = true; - group = "nipsy"; - home = "/home/nipsy"; - description = "Mark Nipper"; - extraGroups = [ "wheel" "networkmanager" ]; - #packages = with pkgs; [ - # firefox - # tree - #]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ]; - }; - - users.users.root = { - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ]; - }; + system.stateVersion = "23.11"; } diff --git a/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index 140a799..a5ae455 100644 --- a/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -5,7 +5,7 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ #(modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; @@ -44,7 +44,6 @@ hardware.bluetooth.enable = true; #hardware.bluetooth.powerOnBoot = true; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } |