aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-03-31 02:40:11 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-03-31 02:40:11 -0700
commit76b3b07e7329be637b37f92e767595143d3b03fa (patch)
treeff674a9bc8d8e1cdba94cb0d1c13de28b75c1e74 /hosts
parent04fd53819ffce3e1275ec48bcdf71769414fdea1 (diff)
downloadnix-76b3b07e7329be637b37f92e767595143d3b03fa.tar
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.gz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.bz2
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.lz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.xz
nix-76b3b07e7329be637b37f92e767595143d3b03fa.tar.zst
nix-76b3b07e7329be637b37f92e767595143d3b03fa.zip
Migrate to more modular layout
Diffstat (limited to '')
-rw-r--r--hosts/common/core/default.nix21
-rw-r--r--hosts/common/core/locale.nix5
-rw-r--r--hosts/common/core/nix.nix30
-rw-r--r--hosts/common/core/shells.nix8
-rw-r--r--hosts/common/core/zsh.nix6
-rw-r--r--hosts/common/optional/google-authenticator.nix23
-rw-r--r--hosts/common/optional/pipewire.nix24
-rw-r--r--hosts/common/optional/services/openssh.nix11
-rw-r--r--hosts/common/optional/services/xorg.nix21
-rw-r--r--hosts/common/optional/zfs.nix6
-rw-r--r--hosts/common/users/nipsy/default.nix31
-rw-r--r--hosts/common/users/nipsy/keys/id_arrakis.pub1
-rw-r--r--hosts/common/users/root/default.nix10
-rw-r--r--hosts/ginaz/default.nix (renamed from ginaz/configuration.nix)135
-rw-r--r--hosts/ginaz/hardware-configuration.nix (renamed from ginaz/hardware-configuration.nix)3
15 files changed, 230 insertions, 105 deletions
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
new file mode 100644
index 0000000..8d19a9f
--- /dev/null
+++ b/hosts/common/core/default.nix
@@ -0,0 +1,21 @@
+{ inputs, outputs, ... }: {
+ imports = [
+ inputs.home-manager.nixosModules.home-manager
+ ./locale.nix
+ ./nix.nix
+ ./shells.nix
+ ./zsh.nix
+ ] ++ (builtins.attrValues outputs.nixosModules);
+
+ home-manager.extraSpecialArgs = { inherit inputs outputs; };
+
+ nixpkgs = {
+ # you can add global overlays here
+ overlays = builtins.attrValues outputs.overlays;
+ config = {
+ allowUnfree = true;
+ };
+ };
+
+ hardware.enableRedistributableFirmware = true;
+}
diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix
new file mode 100644
index 0000000..914312e
--- /dev/null
+++ b/hosts/common/core/locale.nix
@@ -0,0 +1,5 @@
+{ lib, ... }:
+{
+ i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+ time.timeZone = lib.mkDefault "America/Los_Angeles";
+}
diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix
new file mode 100644
index 0000000..587bac6
--- /dev/null
+++ b/hosts/common/core/nix.nix
@@ -0,0 +1,30 @@
+{ inputs, lib, ... }:
+{
+ nix = {
+ settings = {
+ trusted-users = [ "root" "@wheel" ];
+
+ auto-optimise-store = lib.mkDefault true;
+ experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+ warn-dirty = false;
+ #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below.
+ };
+
+ # Add each flake input as a registry to make nix3 commands consistent with your flake
+ #registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+ # Add nixpkgs input to NIX_PATH
+ # This lets nix2 commands still use <nixpkgs>
+ #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+
+ # Garbage Collection
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ randomizedDelaySec = "14m";
+ # Keep the last 2 generations
+ options = "--delete-older-than +2";
+ };
+
+ };
+}
diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix
new file mode 100644
index 0000000..0469b8c
--- /dev/null
+++ b/hosts/common/core/shells.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ bash
+ zsh;
+ };
+}
diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix
new file mode 100644
index 0000000..ba73c00
--- /dev/null
+++ b/hosts/common/core/zsh.nix
@@ -0,0 +1,6 @@
+{
+ programs.zsh = {
+ enable = true;
+ enableCompletion = true;
+ };
+}
diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix
new file mode 100644
index 0000000..7380d1b
--- /dev/null
+++ b/hosts/common/optional/google-authenticator.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ #other
+ google-authenticator;
+ };
+
+ security.pam.services = {
+ chfn.googleAuthenticator.enable = true;
+ chsh.googleAuthenticator.enable = true;
+ cups.googleAuthenticator.enable = true;
+ lightdm.googleAuthenticator.enable = true;
+ login.googleAuthenticator.enable = true;
+ other.googleAuthenticator.enable = true;
+ sshd.googleAuthenticator.enable = true;
+ su.googleAuthenticator.enable = true;
+ sudo.googleAuthenticator.enable = true;
+ vlock.googleAuthenticator.enable = true;
+ xlock.googleAuthenticator.enable = true;
+ xscreensaver.googleAuthenticator.enable = true;
+ };
+}
diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix
new file mode 100644
index 0000000..27b2a09
--- /dev/null
+++ b/hosts/common/optional/pipewire.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+ sound.enable = true;
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+
+ # use the example session manager (no others are packaged yet so this is enabled by default,
+ # no need to redefine it in your config for now)
+ # media-session.enable = true;
+ };
+
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ pamixer
+ pavucontrol;
+ };
+}
diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix
new file mode 100644
index 0000000..33cdbac
--- /dev/null
+++ b/hosts/common/optional/services/openssh.nix
@@ -0,0 +1,11 @@
+{
+ services.openssh = {
+ enable = true;
+ openFirewall = true;
+ settings = {
+ KbdInteractiveAuthentication = false;
+ PasswordAuthentication = false;
+ PermitRootLogin = "yes";
+ };
+ };
+}
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
new file mode 100644
index 0000000..ebca5ea
--- /dev/null
+++ b/hosts/common/optional/services/xorg.nix
@@ -0,0 +1,21 @@
+{
+ services.xserver = {
+ displayManager.defaultSession = "xsession";
+ displayManager.lightdm = {
+ enable = true;
+ extraSeatDefaults = ''greeter-hide-users=true'';
+ };
+ displayManager.session = [
+ {
+ manage = "desktop";
+ name = "xsession";
+ start = ''exec $HOME/.xsession'';
+ }
+ ];
+ enable = true;
+ libinput.enable = true;
+ videoDrivers = [ "amdgpu" ];
+ xkb.layout = "us";
+ xkb.options = "caps:super,compose:ralt";
+ };
+}
diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix
new file mode 100644
index 0000000..a2d978d
--- /dev/null
+++ b/hosts/common/optional/zfs.nix
@@ -0,0 +1,6 @@
+{
+ services.zfs = {
+ autoScrub.enable = true;
+ trim.enable = true;
+ };
+}
diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix
new file mode 100644
index 0000000..58ef9b3
--- /dev/null
+++ b/hosts/common/users/nipsy/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, inputs, config, ... }:
+let
+ ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+ users.groups.nipsy.gid = 1000;
+ users.users.nipsy = {
+ description = "Mark Nipper";
+ extraGroups = [
+ "wheel"
+ "audio"
+ "video"
+ ] ++ ifTheyExist [
+ "networkmanager"
+ ];
+ group = "nipsy";
+ home = "/home/nipsy";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ./keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+
+ packages = [ pkgs.home-manager ];
+ shell = pkgs.zsh;
+ };
+
+ # Import this user's personal/home configurations
+ home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix;
+
+}
diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub
new file mode 100644
index 0000000..38c1d4c
--- /dev/null
+++ b/hosts/common/users/nipsy/keys/id_arrakis.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net
diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix
new file mode 100644
index 0000000..f70f414
--- /dev/null
+++ b/hosts/common/users/root/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ../nipsy/keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+ shell = pkgs.zsh;
+ };
+}
diff --git a/ginaz/configuration.nix b/hosts/ginaz/default.nix
index 9310c2b..d5fa16c 100644
--- a/ginaz/configuration.nix
+++ b/hosts/ginaz/default.nix
@@ -1,27 +1,19 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }: {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
-
- boot.initrd.kernelModules = [ "amdgpu" "zfs" ];
- boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.generationsDir.copyKernels = true;
- boot.loader.systemd-boot.enable = true;
- boot.supportedFilesystems = [ "zfs" ];
- boot.zfs.devNodes = "/dev/disk/by-label";
+{ config, inputs, pkgs, ... }: {
+ boot = {
+ initrd.kernelModules = [ "amdgpu" "zfs" ];
+ kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+ loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = true;
+ timeout = 3;
+ };
+ supportedFilesystems = [ "zfs" ];
+ zfs.devNodes = "/dev/disk/by-label";
+ };
documentation.dev.enable = true;
documentation.man.enable = true;
- environment.shells = with pkgs; [ zsh ];
- # List packages installed in system profile. To search, run:
- # $ nix search wget
environment.systemPackages = with pkgs; [
bc
bespokesynth
@@ -122,8 +114,7 @@
sshfs
st
stoken
- surge
- #surge-XT
+ surge-XT
sxiv
synthv1
sysstat
@@ -164,15 +155,26 @@
zynaddsubfx
];
- i18n.defaultLocale = "en_US.UTF-8";
+ imports = [
+ inputs.hardware.nixosModules.lenovo-yoga-7-14ARH7.amdgpu
- networking.hostId = "8425e349";
- networking.hostName = "ginaz";
- networking.networkmanager.enable = true;
- networking.nftables.enable = true;
+ ./hardware-configuration.nix
+ ../common/core
+ ../common/optional/google-authenticator.nix
+ ../common/optional/pipewire.nix
+ ../common/optional/services/openssh.nix
+ ../common/optional/services/xorg.nix
+ ../common/optional/zfs.nix
+ ../common/users/nipsy
+ ../common/users/root
+ ];
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
- nixpkgs.config.allowUnfree = true;
+ networking = {
+ hostId = "8425e349";
+ hostName = "ginaz";
+ networkmanager.enable = true;
+ nftables.enable = true;
+ };
programs.atop.enable = true;
programs.firefox.enable = true;
@@ -187,20 +189,6 @@
programs.tmux.enable = true;
programs.zsh.enable = true;
- security.pam.services = {
- chfn.googleAuthenticator.enable = true;
- chsh.googleAuthenticator.enable = true;
- cups.googleAuthenticator.enable = true;
- lightdm.googleAuthenticator.enable = true;
- login.googleAuthenticator.enable = true;
- other.googleAuthenticator.enable = true;
- sshd.googleAuthenticator.enable = true;
- su.googleAuthenticator.enable = true;
- sudo.googleAuthenticator.enable = true;
- vlock.googleAuthenticator.enable = true;
- xlock.googleAuthenticator.enable = true;
- xscreensaver.googleAuthenticator.enable = true;
- };
security.polkit = {
enable = true;
extraConfig = ''
@@ -220,23 +208,7 @@
})
'';
};
- security.rtkit.enable = true;
-
services.blueman.enable = true;
- services.openssh = {
- enable = true;
- openFirewall = true;
- settings.PasswordAuthentication = false;
- settings.KbdInteractiveAuthentication = false;
- settings.PermitRootLogin = "yes";
- };
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- jack.enable = true;
- };
services.printing.enable = true;
services.udev.extraRules = ''
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666"
@@ -245,29 +217,6 @@
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3020",MODE:="0666"
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3030",MODE:="0666"
'';
- services.xserver = {
- displayManager.defaultSession = "xsession";
- displayManager.lightdm = {
- enable = true;
- extraSeatDefaults = ''greeter-hide-users=true'';
- };
- displayManager.session = [
- {
- manage = "desktop";
- name = "xsession";
- start = ''exec $HOME/.xsession'';
- }
- ];
- enable = true;
- libinput.enable = true;
- videoDrivers = [ "amdgpu" ];
- xkb.layout = "us";
- xkb.options = "caps:super,compose:ralt";
- };
- services.zfs.autoScrub.enable = true;
- services.zfs.trim.enable = true;
-
- system.stateVersion = "23.11";
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
@@ -285,25 +234,5 @@
};
};
- time.timeZone = "America/Los_Angeles";
-
- users.groups.nipsy.gid = 1000;
- users.users.nipsy = {
- isNormalUser = true;
- group = "nipsy";
- home = "/home/nipsy";
- description = "Mark Nipper";
- extraGroups = [ "wheel" "networkmanager" ];
- #packages = with pkgs; [
- # firefox
- # tree
- #];
- shell = pkgs.zsh;
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ];
- };
-
- users.users.root = {
- shell = pkgs.zsh;
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ];
- };
+ system.stateVersion = "23.11";
}
diff --git a/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix
index 140a799..a5ae455 100644
--- a/ginaz/hardware-configuration.nix
+++ b/hosts/ginaz/hardware-configuration.nix
@@ -5,7 +5,7 @@
{
imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
+ [ #(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
@@ -44,7 +44,6 @@
hardware.bluetooth.enable = true;
#hardware.bluetooth.powerOnBoot = true;
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}