diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/common/core/default.nix | 21 | ||||
-rw-r--r-- | hosts/common/core/locale.nix | 5 | ||||
-rw-r--r-- | hosts/common/core/nix.nix | 30 | ||||
-rw-r--r-- | hosts/common/core/shells.nix | 8 | ||||
-rw-r--r-- | hosts/common/core/zsh.nix | 6 | ||||
-rw-r--r-- | hosts/common/optional/google-authenticator.nix | 23 | ||||
-rw-r--r-- | hosts/common/optional/pipewire.nix | 24 | ||||
-rw-r--r-- | hosts/common/optional/services/openssh.nix | 11 | ||||
-rw-r--r-- | hosts/common/optional/services/xorg.nix | 21 | ||||
-rw-r--r-- | hosts/common/optional/zfs.nix | 6 | ||||
-rw-r--r-- | hosts/common/users/nipsy/default.nix | 31 | ||||
-rw-r--r-- | hosts/common/users/nipsy/keys/id_arrakis.pub | 1 | ||||
-rw-r--r-- | hosts/common/users/root/default.nix | 10 | ||||
-rw-r--r-- | hosts/ginaz/default.nix | 238 | ||||
-rw-r--r-- | hosts/ginaz/hardware-configuration.nix | 49 |
15 files changed, 484 insertions, 0 deletions
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix new file mode 100644 index 0000000..8d19a9f --- /dev/null +++ b/hosts/common/core/default.nix @@ -0,0 +1,21 @@ +{ inputs, outputs, ... }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./locale.nix + ./nix.nix + ./shells.nix + ./zsh.nix + ] ++ (builtins.attrValues outputs.nixosModules); + + home-manager.extraSpecialArgs = { inherit inputs outputs; }; + + nixpkgs = { + # you can add global overlays here + overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + }; + }; + + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix new file mode 100644 index 0000000..914312e --- /dev/null +++ b/hosts/common/core/locale.nix @@ -0,0 +1,5 @@ +{ lib, ... }: +{ + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + time.timeZone = lib.mkDefault "America/Los_Angeles"; +} diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix new file mode 100644 index 0000000..587bac6 --- /dev/null +++ b/hosts/common/core/nix.nix @@ -0,0 +1,30 @@ +{ inputs, lib, ... }: +{ + nix = { + settings = { + trusted-users = [ "root" "@wheel" ]; + + auto-optimise-store = lib.mkDefault true; + experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + warn-dirty = false; + #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below. + }; + + # Add each flake input as a registry to make nix3 commands consistent with your flake + #registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # Add nixpkgs input to NIX_PATH + # This lets nix2 commands still use <nixpkgs> + #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ]; + + # Garbage Collection + gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "14m"; + # Keep the last 2 generations + options = "--delete-older-than +2"; + }; + + }; +} diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix new file mode 100644 index 0000000..0469b8c --- /dev/null +++ b/hosts/common/core/shells.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + bash + zsh; + }; +} diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix new file mode 100644 index 0000000..ba73c00 --- /dev/null +++ b/hosts/common/core/zsh.nix @@ -0,0 +1,6 @@ +{ + programs.zsh = { + enable = true; + enableCompletion = true; + }; +} diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix new file mode 100644 index 0000000..7380d1b --- /dev/null +++ b/hosts/common/optional/google-authenticator.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + #other + google-authenticator; + }; + + security.pam.services = { + chfn.googleAuthenticator.enable = true; + chsh.googleAuthenticator.enable = true; + cups.googleAuthenticator.enable = true; + lightdm.googleAuthenticator.enable = true; + login.googleAuthenticator.enable = true; + other.googleAuthenticator.enable = true; + sshd.googleAuthenticator.enable = true; + su.googleAuthenticator.enable = true; + sudo.googleAuthenticator.enable = true; + vlock.googleAuthenticator.enable = true; + xlock.googleAuthenticator.enable = true; + xscreensaver.googleAuthenticator.enable = true; + }; +} diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix new file mode 100644 index 0000000..27b2a09 --- /dev/null +++ b/hosts/common/optional/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + pamixer + pavucontrol; + }; +} diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix new file mode 100644 index 0000000..33cdbac --- /dev/null +++ b/hosts/common/optional/services/openssh.nix @@ -0,0 +1,11 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "yes"; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix new file mode 100644 index 0000000..ebca5ea --- /dev/null +++ b/hosts/common/optional/services/xorg.nix @@ -0,0 +1,21 @@ +{ + services.xserver = { + displayManager.defaultSession = "xsession"; + displayManager.lightdm = { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }; + displayManager.session = [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; + libinput.enable = true; + videoDrivers = [ "amdgpu" ]; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; + }; +} diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix new file mode 100644 index 0000000..a2d978d --- /dev/null +++ b/hosts/common/optional/zfs.nix @@ -0,0 +1,6 @@ +{ + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix new file mode 100644 index 0000000..58ef9b3 --- /dev/null +++ b/hosts/common/users/nipsy/default.nix @@ -0,0 +1,31 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in +{ + users.groups.nipsy.gid = 1000; + users.users.nipsy = { + description = "Mark Nipper"; + extraGroups = [ + "wheel" + "audio" + "video" + ] ++ ifTheyExist [ + "networkmanager" + ]; + group = "nipsy"; + home = "/home/nipsy"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ./keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + shell = pkgs.zsh; + }; + + # Import this user's personal/home configurations + home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix; + +} diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub new file mode 100644 index 0000000..38c1d4c --- /dev/null +++ b/hosts/common/users/nipsy/keys/id_arrakis.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix new file mode 100644 index 0000000..f70f414 --- /dev/null +++ b/hosts/common/users/root/default.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + shell = pkgs.zsh; + }; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix new file mode 100644 index 0000000..d5fa16c --- /dev/null +++ b/hosts/ginaz/default.nix @@ -0,0 +1,238 @@ +{ config, inputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; + + documentation.dev.enable = true; + documentation.man.enable = true; + + environment.systemPackages = with pkgs; [ + bc + bespokesynth + bintools + cardinal + cargo + conntrack-tools + curl + dmenu + dict + dig + dmidecode + easyeffects + encfs + enscript + evince + feh + ffmpeg + file + flac + fldigi + fluidsynth + foot + fortune + fping + gcr + geeqie + geonkick + #gimp-with-plugins + gimp + git + go + godot_4 + google-authenticator + google-chrome + gv + helm + i3 + i3status + imagemagick + inkscape + inxi + iotop + ipcalc + iperf + jq + lame + libreoffice + libva-utils + lilypond-unstable-with-fonts + lshw + lsof + mame + mariadb + mednafen + mednaffe + mesa-demos + mkvtoolnix + mpv + mutt + netcat-openbsd + nix-index + nmap + ntfs3g + oath-toolkit + openldap + openssl + (pass.withExtensions (ext: with ext; [pass-otp])) + pass + patchelf + pavucontrol + pciutils + picom + polkit_gnome + polyphone + poppler_utils + powertop + psmisc + pv + pwgen + qemu_kvm + qpwgraph + qrencode + qsynth + radeontop + rdesktop + read-edid + reaper + recode + rosegarden + rustc + samplv1 + sfizz + sg3_utils + signal-desktop + speedtest-cli + sqlite + sshfs + st + stoken + surge-XT + sxiv + synthv1 + sysstat + tcpdump + tigervnc + traceroute + tree + tshark + turbovnc + unrar + unzip + usbutils + vapoursynth + vdpauinfo + vim + vlc + vmpk + vocproc + vulkan-tools + wavpack + wget + whois + winetricks + wineWowPackages.stagingFull + wireguard-tools + x11vnc + x265 + xclip + xdotool + xorg.xdpyinfo + xscreensaver + xsnow + yabridge + yabridgectl + yoshimi + zig + zip + zynaddsubfx + ]; + + imports = [ + inputs.hardware.nixosModules.lenovo-yoga-7-14ARH7.amdgpu + + ./hardware-configuration.nix + ../common/core + ../common/optional/google-authenticator.nix + ../common/optional/pipewire.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "8425e349"; + hostName = "ginaz"; + networkmanager.enable = true; + nftables.enable = true; + }; + + programs.atop.enable = true; + programs.firefox.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.iftop.enable = true; + programs.mtr.enable = true; + programs.nm-applet.enable = true; + programs.steam.enable = true; + programs.tmux.enable = true; + programs.zsh.enable = true; + + security.polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + subject.isInGroup("users") + && ( + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" + ) + ) + { + return polkit.Result.YES; + } + }) + ''; + }; + services.blueman.enable = true; + services.printing.enable = true; + services.udev.extraRules = '' + SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" + SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3000",MODE:="0666" + SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3010",MODE:="0666" + SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3020",MODE:="0666" + SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3030",MODE:="0666" + ''; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix new file mode 100644 index 0000000..a5ae455 --- /dev/null +++ b/hosts/ginaz/hardware-configuration.nix @@ -0,0 +1,49 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/root" = + { device = "rpool/user/home/root"; + fsType = "zfs"; + }; + + fileSystems."/home/nipsy" = + { device = "rpool/user/home/nipsy"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + + hardware.bluetooth.enable = true; + #hardware.bluetooth.powerOnBoot = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} |