From 76b3b07e7329be637b37f92e767595143d3b03fa Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Sun, 31 Mar 2024 02:40:11 -0700 Subject: Migrate to more modular layout --- hosts/common/core/default.nix | 21 +++++++++++++++++ hosts/common/core/locale.nix | 5 +++++ hosts/common/core/nix.nix | 30 +++++++++++++++++++++++++ hosts/common/core/shells.nix | 8 +++++++ hosts/common/core/zsh.nix | 6 +++++ hosts/common/optional/google-authenticator.nix | 23 +++++++++++++++++++ hosts/common/optional/pipewire.nix | 24 ++++++++++++++++++++ hosts/common/optional/services/openssh.nix | 11 +++++++++ hosts/common/optional/services/xorg.nix | 21 +++++++++++++++++ hosts/common/optional/zfs.nix | 6 +++++ hosts/common/users/nipsy/default.nix | 31 ++++++++++++++++++++++++++ hosts/common/users/nipsy/keys/id_arrakis.pub | 1 + hosts/common/users/root/default.nix | 10 +++++++++ 13 files changed, 197 insertions(+) create mode 100644 hosts/common/core/default.nix create mode 100644 hosts/common/core/locale.nix create mode 100644 hosts/common/core/nix.nix create mode 100644 hosts/common/core/shells.nix create mode 100644 hosts/common/core/zsh.nix create mode 100644 hosts/common/optional/google-authenticator.nix create mode 100644 hosts/common/optional/pipewire.nix create mode 100644 hosts/common/optional/services/openssh.nix create mode 100644 hosts/common/optional/services/xorg.nix create mode 100644 hosts/common/optional/zfs.nix create mode 100644 hosts/common/users/nipsy/default.nix create mode 100644 hosts/common/users/nipsy/keys/id_arrakis.pub create mode 100644 hosts/common/users/root/default.nix (limited to 'hosts/common') diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix new file mode 100644 index 0000000..8d19a9f --- /dev/null +++ b/hosts/common/core/default.nix @@ -0,0 +1,21 @@ +{ inputs, outputs, ... }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./locale.nix + ./nix.nix + ./shells.nix + ./zsh.nix + ] ++ (builtins.attrValues outputs.nixosModules); + + home-manager.extraSpecialArgs = { inherit inputs outputs; }; + + nixpkgs = { + # you can add global overlays here + overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + }; + }; + + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix new file mode 100644 index 0000000..914312e --- /dev/null +++ b/hosts/common/core/locale.nix @@ -0,0 +1,5 @@ +{ lib, ... }: +{ + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + time.timeZone = lib.mkDefault "America/Los_Angeles"; +} diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix new file mode 100644 index 0000000..587bac6 --- /dev/null +++ b/hosts/common/core/nix.nix @@ -0,0 +1,30 @@ +{ inputs, lib, ... }: +{ + nix = { + settings = { + trusted-users = [ "root" "@wheel" ]; + + auto-optimise-store = lib.mkDefault true; + experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + warn-dirty = false; + #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below. + }; + + # Add each flake input as a registry to make nix3 commands consistent with your flake + #registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # Add nixpkgs input to NIX_PATH + # This lets nix2 commands still use + #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ]; + + # Garbage Collection + gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "14m"; + # Keep the last 2 generations + options = "--delete-older-than +2"; + }; + + }; +} diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix new file mode 100644 index 0000000..0469b8c --- /dev/null +++ b/hosts/common/core/shells.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + bash + zsh; + }; +} diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix new file mode 100644 index 0000000..ba73c00 --- /dev/null +++ b/hosts/common/core/zsh.nix @@ -0,0 +1,6 @@ +{ + programs.zsh = { + enable = true; + enableCompletion = true; + }; +} diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix new file mode 100644 index 0000000..7380d1b --- /dev/null +++ b/hosts/common/optional/google-authenticator.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + #other + google-authenticator; + }; + + security.pam.services = { + chfn.googleAuthenticator.enable = true; + chsh.googleAuthenticator.enable = true; + cups.googleAuthenticator.enable = true; + lightdm.googleAuthenticator.enable = true; + login.googleAuthenticator.enable = true; + other.googleAuthenticator.enable = true; + sshd.googleAuthenticator.enable = true; + su.googleAuthenticator.enable = true; + sudo.googleAuthenticator.enable = true; + vlock.googleAuthenticator.enable = true; + xlock.googleAuthenticator.enable = true; + xscreensaver.googleAuthenticator.enable = true; + }; +} diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix new file mode 100644 index 0000000..27b2a09 --- /dev/null +++ b/hosts/common/optional/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + pamixer + pavucontrol; + }; +} diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix new file mode 100644 index 0000000..33cdbac --- /dev/null +++ b/hosts/common/optional/services/openssh.nix @@ -0,0 +1,11 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "yes"; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix new file mode 100644 index 0000000..ebca5ea --- /dev/null +++ b/hosts/common/optional/services/xorg.nix @@ -0,0 +1,21 @@ +{ + services.xserver = { + displayManager.defaultSession = "xsession"; + displayManager.lightdm = { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }; + displayManager.session = [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; + libinput.enable = true; + videoDrivers = [ "amdgpu" ]; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; + }; +} diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix new file mode 100644 index 0000000..a2d978d --- /dev/null +++ b/hosts/common/optional/zfs.nix @@ -0,0 +1,6 @@ +{ + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix new file mode 100644 index 0000000..58ef9b3 --- /dev/null +++ b/hosts/common/users/nipsy/default.nix @@ -0,0 +1,31 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in +{ + users.groups.nipsy.gid = 1000; + users.users.nipsy = { + description = "Mark Nipper"; + extraGroups = [ + "wheel" + "audio" + "video" + ] ++ ifTheyExist [ + "networkmanager" + ]; + group = "nipsy"; + home = "/home/nipsy"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ./keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + shell = pkgs.zsh; + }; + + # Import this user's personal/home configurations + home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix; + +} diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub new file mode 100644 index 0000000..38c1d4c --- /dev/null +++ b/hosts/common/users/nipsy/keys/id_arrakis.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix new file mode 100644 index 0000000..f70f414 --- /dev/null +++ b/hosts/common/users/root/default.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + shell = pkgs.zsh; + }; +} -- cgit v1.2.3