From 76b3b07e7329be637b37f92e767595143d3b03fa Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Sun, 31 Mar 2024 02:40:11 -0700
Subject: Migrate to more modular layout

---
 hosts/common/core/default.nix                  | 21 +++++++++++++++++
 hosts/common/core/locale.nix                   |  5 +++++
 hosts/common/core/nix.nix                      | 30 +++++++++++++++++++++++++
 hosts/common/core/shells.nix                   |  8 +++++++
 hosts/common/core/zsh.nix                      |  6 +++++
 hosts/common/optional/google-authenticator.nix | 23 +++++++++++++++++++
 hosts/common/optional/pipewire.nix             | 24 ++++++++++++++++++++
 hosts/common/optional/services/openssh.nix     | 11 +++++++++
 hosts/common/optional/services/xorg.nix        | 21 +++++++++++++++++
 hosts/common/optional/zfs.nix                  |  6 +++++
 hosts/common/users/nipsy/default.nix           | 31 ++++++++++++++++++++++++++
 hosts/common/users/nipsy/keys/id_arrakis.pub   |  1 +
 hosts/common/users/root/default.nix            | 10 +++++++++
 13 files changed, 197 insertions(+)
 create mode 100644 hosts/common/core/default.nix
 create mode 100644 hosts/common/core/locale.nix
 create mode 100644 hosts/common/core/nix.nix
 create mode 100644 hosts/common/core/shells.nix
 create mode 100644 hosts/common/core/zsh.nix
 create mode 100644 hosts/common/optional/google-authenticator.nix
 create mode 100644 hosts/common/optional/pipewire.nix
 create mode 100644 hosts/common/optional/services/openssh.nix
 create mode 100644 hosts/common/optional/services/xorg.nix
 create mode 100644 hosts/common/optional/zfs.nix
 create mode 100644 hosts/common/users/nipsy/default.nix
 create mode 100644 hosts/common/users/nipsy/keys/id_arrakis.pub
 create mode 100644 hosts/common/users/root/default.nix

(limited to 'hosts/common')

diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
new file mode 100644
index 0000000..8d19a9f
--- /dev/null
+++ b/hosts/common/core/default.nix
@@ -0,0 +1,21 @@
+{ inputs, outputs, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./locale.nix
+    ./nix.nix
+    ./shells.nix
+    ./zsh.nix
+  ] ++ (builtins.attrValues outputs.nixosModules);
+
+  home-manager.extraSpecialArgs = { inherit inputs outputs; };
+
+  nixpkgs = {
+    # you can add global overlays here
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+}
diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix
new file mode 100644
index 0000000..914312e
--- /dev/null
+++ b/hosts/common/core/locale.nix
@@ -0,0 +1,5 @@
+{ lib, ... }:
+{
+  i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+  time.timeZone = lib.mkDefault "America/Los_Angeles";
+}
diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix
new file mode 100644
index 0000000..587bac6
--- /dev/null
+++ b/hosts/common/core/nix.nix
@@ -0,0 +1,30 @@
+{ inputs, lib, ... }:
+{
+  nix = {
+    settings = {
+      trusted-users = [ "root" "@wheel" ];
+
+      auto-optimise-store = lib.mkDefault true;
+      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      warn-dirty = false;
+      #flake-registry = ""; # Disable global flake registry   This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below.
+    };
+
+    # Add each flake input as a registry to make nix3 commands consistent with your flake
+    #registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+    # Add nixpkgs input to NIX_PATH
+    # This lets nix2 commands still use <nixpkgs>
+    #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+
+    # Garbage Collection
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      randomizedDelaySec = "14m";
+      # Keep the last 2 generations
+      options = "--delete-older-than +2";
+    };
+
+  };
+}
diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix
new file mode 100644
index 0000000..0469b8c
--- /dev/null
+++ b/hosts/common/core/shells.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      bash
+      zsh;
+  };
+}
diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix
new file mode 100644
index 0000000..ba73c00
--- /dev/null
+++ b/hosts/common/core/zsh.nix
@@ -0,0 +1,6 @@
+{
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+  };
+}
diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix
new file mode 100644
index 0000000..7380d1b
--- /dev/null
+++ b/hosts/common/optional/google-authenticator.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      #other
+      google-authenticator;
+  };
+
+  security.pam.services = {
+    chfn.googleAuthenticator.enable = true;
+    chsh.googleAuthenticator.enable = true;
+    cups.googleAuthenticator.enable = true;
+    lightdm.googleAuthenticator.enable = true;
+    login.googleAuthenticator.enable = true;
+    other.googleAuthenticator.enable = true;
+    sshd.googleAuthenticator.enable = true;
+    su.googleAuthenticator.enable = true;
+    sudo.googleAuthenticator.enable = true;
+    vlock.googleAuthenticator.enable = true;
+    xlock.googleAuthenticator.enable = true;
+    xscreensaver.googleAuthenticator.enable = true;
+  };
+}
diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix
new file mode 100644
index 0000000..27b2a09
--- /dev/null
+++ b/hosts/common/optional/pipewire.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    wireplumber.enable = true;
+    jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    # media-session.enable = true;
+  };
+
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      pamixer
+      pavucontrol;
+  };
+}
diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix
new file mode 100644
index 0000000..33cdbac
--- /dev/null
+++ b/hosts/common/optional/services/openssh.nix
@@ -0,0 +1,11 @@
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "yes";
+    };
+  };
+}
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
new file mode 100644
index 0000000..ebca5ea
--- /dev/null
+++ b/hosts/common/optional/services/xorg.nix
@@ -0,0 +1,21 @@
+{
+  services.xserver = {
+    displayManager.defaultSession = "xsession";
+    displayManager.lightdm = {
+      enable = true;
+      extraSeatDefaults = ''greeter-hide-users=true'';
+    };
+    displayManager.session = [
+      {
+        manage = "desktop";
+        name = "xsession";
+        start = ''exec $HOME/.xsession'';
+      }
+    ];
+    enable = true;
+    libinput.enable = true;
+    videoDrivers = [ "amdgpu" ];
+    xkb.layout = "us";
+    xkb.options = "caps:super,compose:ralt";
+  };
+}
diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix
new file mode 100644
index 0000000..a2d978d
--- /dev/null
+++ b/hosts/common/optional/zfs.nix
@@ -0,0 +1,6 @@
+{
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+}
diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix
new file mode 100644
index 0000000..58ef9b3
--- /dev/null
+++ b/hosts/common/users/nipsy/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, inputs, config, ... }:
+let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+  users.groups.nipsy.gid = 1000;
+  users.users.nipsy = {
+    description = "Mark Nipper";
+    extraGroups = [
+      "wheel"
+      "audio"
+      "video"
+    ] ++ ifTheyExist [
+      "networkmanager"
+    ];
+    group = "nipsy";
+    home = "/home/nipsy";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ./keys/id_arrakis.pub)
+      #(builtins.readFile ./keys/id_other.pub)
+    ];
+
+    packages = [ pkgs.home-manager ];
+    shell = pkgs.zsh;
+  };
+
+  # Import this user's personal/home configurations
+  home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix;
+
+}
diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub
new file mode 100644
index 0000000..38c1d4c
--- /dev/null
+++ b/hosts/common/users/nipsy/keys/id_arrakis.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net
diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix
new file mode 100644
index 0000000..f70f414
--- /dev/null
+++ b/hosts/common/users/root/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ../nipsy/keys/id_arrakis.pub)
+      #(builtins.readFile ./keys/id_other.pub)
+    ];
+    shell = pkgs.zsh;
+  };
+}
-- 
cgit v1.2.3