From 76b3b07e7329be637b37f92e767595143d3b03fa Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Sun, 31 Mar 2024 02:40:11 -0700 Subject: Migrate to more modular layout --- hosts/common/optional/google-authenticator.nix | 23 +++++++++++++++++++++++ hosts/common/optional/pipewire.nix | 24 ++++++++++++++++++++++++ hosts/common/optional/services/openssh.nix | 11 +++++++++++ hosts/common/optional/services/xorg.nix | 21 +++++++++++++++++++++ hosts/common/optional/zfs.nix | 6 ++++++ 5 files changed, 85 insertions(+) create mode 100644 hosts/common/optional/google-authenticator.nix create mode 100644 hosts/common/optional/pipewire.nix create mode 100644 hosts/common/optional/services/openssh.nix create mode 100644 hosts/common/optional/services/xorg.nix create mode 100644 hosts/common/optional/zfs.nix (limited to 'hosts/common/optional') diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix new file mode 100644 index 0000000..7380d1b --- /dev/null +++ b/hosts/common/optional/google-authenticator.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + #other + google-authenticator; + }; + + security.pam.services = { + chfn.googleAuthenticator.enable = true; + chsh.googleAuthenticator.enable = true; + cups.googleAuthenticator.enable = true; + lightdm.googleAuthenticator.enable = true; + login.googleAuthenticator.enable = true; + other.googleAuthenticator.enable = true; + sshd.googleAuthenticator.enable = true; + su.googleAuthenticator.enable = true; + sudo.googleAuthenticator.enable = true; + vlock.googleAuthenticator.enable = true; + xlock.googleAuthenticator.enable = true; + xscreensaver.googleAuthenticator.enable = true; + }; +} diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix new file mode 100644 index 0000000..27b2a09 --- /dev/null +++ b/hosts/common/optional/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + pamixer + pavucontrol; + }; +} diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix new file mode 100644 index 0000000..33cdbac --- /dev/null +++ b/hosts/common/optional/services/openssh.nix @@ -0,0 +1,11 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "yes"; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix new file mode 100644 index 0000000..ebca5ea --- /dev/null +++ b/hosts/common/optional/services/xorg.nix @@ -0,0 +1,21 @@ +{ + services.xserver = { + displayManager.defaultSession = "xsession"; + displayManager.lightdm = { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }; + displayManager.session = [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; + libinput.enable = true; + videoDrivers = [ "amdgpu" ]; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; + }; +} diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix new file mode 100644 index 0000000..a2d978d --- /dev/null +++ b/hosts/common/optional/zfs.nix @@ -0,0 +1,6 @@ +{ + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; +} -- cgit v1.2.3