From af1d9ac3684831f89a439c6601d3df1bcd78df7c Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Mar 2025 13:17:31 -0300 Subject: [PATCH] refactoring for iServer and isWorkstation: part 1 --- flake.nix | 12 ++ hosts/common/boot.nix | 20 --- hosts/common/console.nix | 8 - hosts/common/environment.nix | 10 -- hosts/common/locale.nix | 20 --- hosts/common/networking.nix | 8 - hosts/common/nix.nix | 28 ---- hosts/common/packages.nix | 21 --- hosts/common/security.nix | 13 -- hosts/common/services.nix | 20 --- hosts/common/users.nix | 28 ---- hosts/common/virtualisation.nix | 15 -- hosts/desktops/common/boot.nix | 26 ---- hosts/desktops/common/default.nix | 7 - hosts/desktops/common/hardware.nix | 13 -- hosts/desktops/common/nix.nix | 13 -- hosts/desktops/common/packages.nix | 137 ----------------- hosts/desktops/common/services.nix | 67 -------- hosts/desktops/common/users.nix | 29 ---- hosts/desktops/common/virtualisation.nix | 8 - hosts/desktops/rotterdam.nix | 2 +- hosts/modules/boot.nix | 61 ++++++++ hosts/modules/console.nix | 21 +++ hosts/{common => modules}/default.nix | 4 +- hosts/modules/desktop.nix | 67 ++++++++ hosts/modules/environment.nix | 4 + hosts/modules/locale.nix | 33 ++++ hosts/modules/networking.nix | 45 ++++++ hosts/modules/nix.nix | 64 ++++++++ hosts/modules/programs.nix | 188 +++++++++++++++++++++++ hosts/modules/security.nix | 26 ++++ hosts/modules/services.nix | 30 ++++ hosts/modules/users.nix | 71 +++++++++ hosts/modules/virtualisation.nix | 38 +++++ hosts/servers/common/boot.nix | 1 - hosts/servers/common/nix.nix | 9 -- hosts/servers/common/services.nix | 4 - 37 files changed, 663 insertions(+), 508 deletions(-) delete mode 100644 hosts/common/boot.nix delete mode 100644 hosts/common/console.nix delete mode 100644 hosts/common/environment.nix delete mode 100644 hosts/common/locale.nix delete mode 100644 hosts/common/networking.nix delete mode 100644 hosts/common/nix.nix delete mode 100644 hosts/common/packages.nix delete mode 100644 hosts/common/security.nix delete mode 100644 hosts/common/services.nix delete mode 100644 hosts/common/users.nix delete mode 100644 hosts/common/virtualisation.nix delete mode 100644 hosts/desktops/common/boot.nix delete mode 100644 hosts/desktops/common/hardware.nix delete mode 100644 hosts/desktops/common/nix.nix delete mode 100644 hosts/desktops/common/packages.nix delete mode 100644 hosts/desktops/common/services.nix delete mode 100644 hosts/desktops/common/users.nix delete mode 100644 hosts/desktops/common/virtualisation.nix create mode 100644 hosts/modules/boot.nix create mode 100644 hosts/modules/console.nix rename hosts/{common => modules}/default.nix (82%) create mode 100644 hosts/modules/desktop.nix create mode 100644 hosts/modules/environment.nix create mode 100644 hosts/modules/locale.nix create mode 100644 hosts/modules/networking.nix create mode 100644 hosts/modules/nix.nix create mode 100644 hosts/modules/programs.nix create mode 100644 hosts/modules/security.nix create mode 100644 hosts/modules/services.nix create mode 100644 hosts/modules/users.nix create mode 100644 hosts/modules/virtualisation.nix diff --git a/flake.nix b/flake.nix index 885ff4c..ab27254 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = false; + isWorkstation = true; + }; }; modules = [ ./hosts/desktops/rotterdam.nix @@ -98,6 +102,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = false; + isWorkstation = true; + }; }; modules = [ ./hosts/desktops/io.nix @@ -120,6 +128,10 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; + hostType = { + isServer = true; + isWorkstation = false; + }; }; modules = [ ./hosts/servers/alexandria.nix diff --git a/hosts/common/boot.nix b/hosts/common/boot.nix deleted file mode 100644 index 651c90c..0000000 --- a/hosts/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/common/console.nix b/hosts/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/common/environment.nix b/hosts/common/environment.nix deleted file mode 100644 index 43d1dee..0000000 --- a/hosts/common/environment.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - environment.shellAliases = { - ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; - neofetch = "fastfetch"; - tree = "ls --tree"; - syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; - }; -} diff --git a/hosts/common/locale.nix b/hosts/common/locale.nix deleted file mode 100644 index 7e07d85..0000000 --- a/hosts/common/locale.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix deleted file mode 100644 index fdb6378..0000000 --- a/hosts/common/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; -} diff --git a/hosts/common/nix.nix b/hosts/common/nix.nix deleted file mode 100644 index 4253f7b..0000000 --- a/hosts/common/nix.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/common/packages.nix b/hosts/common/packages.nix deleted file mode 100644 index 16463b3..0000000 --- a/hosts/common/packages.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - agenix - bind - btop - fastfetch - git - helix - killall - sysz - tmux - wget - ]; - - programs = { - fish.enable = true; - command-not-found.enable = false; - }; -} diff --git a/hosts/common/security.nix b/hosts/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/common/services.nix b/hosts/common/services.nix deleted file mode 100644 index 2cfb61e..0000000 --- a/hosts/common/services.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - services = { - fwupd.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - openssh.enable = true; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/common/users.nix b/hosts/common/users.nix deleted file mode 100644 index 41d2253..0000000 --- a/hosts/common/users.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "docker" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" - ]; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/common/virtualisation.nix b/hosts/common/virtualisation.nix deleted file mode 100644 index 1235555..0000000 --- a/hosts/common/virtualisation.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/desktops/common/boot.nix b/hosts/desktops/common/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/desktops/common/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/desktops/common/default.nix b/hosts/desktops/common/default.nix index bc5dc51..e752783 100644 --- a/hosts/desktops/common/default.nix +++ b/hosts/desktops/common/default.nix @@ -2,15 +2,8 @@ { imports = [ - ./boot.nix - ./hardware.nix ./home-manager.nix ./impermanence.nix - ./nix.nix - ./packages.nix - ./services.nix ./stylix.nix - ./users.nix - ./virtualisation.nix ]; } diff --git a/hosts/desktops/common/hardware.nix b/hosts/desktops/common/hardware.nix deleted file mode 100644 index 18cf38f..0000000 --- a/hosts/desktops/common/hardware.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - hardware = { - xpadneo.enable = true; - bluetooth.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - i2c.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority -} diff --git a/hosts/desktops/common/nix.nix b/hosts/desktops/common/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/desktops/common/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix deleted file mode 100644 index 5a6d309..0000000 --- a/hosts/desktops/common/packages.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ inputs, pkgs, ... }: -let - kdepkgs = with pkgs.kdePackages; [ - ark - dolphin-plugins - kolourpaint - ]; - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in -{ - environment.systemPackages = - with pkgs; - [ - adwaita-icon-theme - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - bat - bitwarden-desktop - clonehero - deploy-rs - distrobox - fd - firefox - freecad-wayland - fzf - gimp - heroic - inkscape - junction - kara - kde-rounded-corners - kwrite - libfido2 - libreoffice-qt - # lilipod BROKEN - mangohud - microsoft-edge - mission-center - mpv - nextcloud-client - nixfmt-rfc-style - nixos-firewall-tool - nix-init - nix-output-monitor - obsidian - obs-studio - onlyoffice-desktopeditors - orca-slicer - p7zip - plasma-panel-colorizer - prismlauncher - protonup - quickemu - quickgui - qview - qbittorrent - ripgrep - rnote - steam-run - tor-browser - ungoogled-chromium - unrar - ventoy - vesktop - ] - ++ kdepkgs; - - services.flatpak = { - enable = true; - packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.github.tchx84.Flatseal" - "com.steamgriddb.SGDBoop" - "app.zen_browser.zen" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - - programs = { - adb.enable = true; - steam.enable = true; - dconf.enable = true; - nix-ld.enable = true; - kdeconnect.enable = true; - partition-manager.enable = true; - gamemode.enable = true; - nix-index-database.comma.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - nh = { - enable = true; - flake = "/home/user/Projects/personal/nix-config"; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - noto-fonts-cjk-sans - roboto - ]; - }; - - environment.plasma6.excludePackages = ( - with pkgs.kdePackages; - [ - discover - elisa - gwenview - kate - khelpcenter - oxygen - ] - ); -} diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix deleted file mode 100644 index f0ff244..0000000 --- a/hosts/desktops/common/services.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - displayManager.sddm = { - enable = true; - wayland = { - enable = true; - compositor = "kwin"; - }; - }; - desktopManager.plasma6.enable = true; - tailscale.useRoutingFeatures = "client"; - nginx = { - enable = true; - virtualHosts."localhost".root = inputs.homepage; - }; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - # greetd = { - # enable = true; - # settings = { - # default_session.command = - # let - # xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions"; - # wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions"; - # in - # '' - # ${pkgs.greetd.tuigreet}/bin/tuigreet \ - # --remember \ - # --asterisks \ - # --time \ - # --greeting "NixOS" \ - # --sessions ${xSessions}:${wlSessions} - # ''; - # initial_session = { - # command = '' - # ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null - # ''; - # user = "user"; - # }; - # }; - # }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; -} diff --git a/hosts/desktops/common/users.nix b/hosts/desktops/common/users.nix deleted file mode 100644 index 7ed7844..0000000 --- a/hosts/desktops/common/users.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: - -{ - environment.sessionVariables = rec { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - - users.users = { - user = { - description = "William"; - uid = 1000; - extraGroups = [ - "uaccess" # Needed for HID dev - "dialout" # Needed for arduino dev - "libvirt" - "libvirtd" - "adbusers" - "i2c" - ]; - }; - ewans = { - description = "Ewans"; - isNormalUser = true; - uid = 1001; - hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; - }; - }; -} diff --git a/hosts/desktops/common/virtualisation.nix b/hosts/desktops/common/virtualisation.nix deleted file mode 100644 index 461eb36..0000000 --- a/hosts/desktops/common/virtualisation.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - lxd.enable = true; - }; -} diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix index 97cd189..c98696d 100644 --- a/hosts/desktops/rotterdam.nix +++ b/hosts/desktops/rotterdam.nix @@ -31,7 +31,7 @@ in { imports = [ # Host-common imports - ../common + ../modules # Desktop-common imports ./common # Host-specific imports diff --git a/hosts/modules/boot.nix b/hosts/modules/boot.nix new file mode 100644 index 0000000..8677186 --- /dev/null +++ b/hosts/modules/boot.nix @@ -0,0 +1,61 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }) + ]; +} diff --git a/hosts/modules/console.nix b/hosts/modules/console.nix new file mode 100644 index 0000000..042976d --- /dev/null +++ b/hosts/modules/console.nix @@ -0,0 +1,21 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + console = { + useXkbConfig = true; + earlySetup = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/common/default.nix b/hosts/modules/default.nix similarity index 82% rename from hosts/common/default.nix rename to hosts/modules/default.nix index aeb88ef..4d419e6 100644 --- a/hosts/common/default.nix +++ b/hosts/modules/default.nix @@ -4,14 +4,14 @@ imports = [ ./boot.nix ./console.nix + ./desktop.nix ./locale.nix ./networking.nix ./nix.nix - ./packages.nix + ./programs.nix ./security.nix ./services.nix ./users.nix ./virtualisation.nix - ./environment.nix ]; } diff --git a/hosts/modules/desktop.nix b/hosts/modules/desktop.nix new file mode 100644 index 0000000..f0c03c8 --- /dev/null +++ b/hosts/modules/desktop.nix @@ -0,0 +1,67 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + displayManager.sddm = { + enable = true; + wayland = { + enable = true; + compositor = "kwin"; + }; + }; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + desktopManager.plasma6.enable = true; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + }; + + hardware = { + xpadneo.enable = true; + bluetooth.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + i2c.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; + }) + ]; +} diff --git a/hosts/modules/environment.nix b/hosts/modules/environment.nix new file mode 100644 index 0000000..a67ca90 --- /dev/null +++ b/hosts/modules/environment.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: + +{ +} diff --git a/hosts/modules/locale.nix b/hosts/modules/locale.nix new file mode 100644 index 0000000..44204d5 --- /dev/null +++ b/hosts/modules/locale.nix @@ -0,0 +1,33 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix new file mode 100644 index 0000000..f567d9b --- /dev/null +++ b/hosts/modules/networking.nix @@ -0,0 +1,45 @@ +{ + hostType, + inputs, + lib, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + networking = { + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + openssh.enable = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + tailscale.useRoutingFeatures = "client"; + nginx = { + enable = true; + virtualHosts."localhost".root = inputs.homepage; + }; + }; + }) + ]; +} diff --git a/hosts/modules/nix.nix b/hosts/modules/nix.nix new file mode 100644 index 0000000..ddc3b5b --- /dev/null +++ b/hosts/modules/nix.nix @@ -0,0 +1,64 @@ +{ + inputs, + lib, + hostType, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + system.stateVersion = "22.11"; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }) + ]; +} diff --git a/hosts/modules/programs.nix b/hosts/modules/programs.nix new file mode 100644 index 0000000..97022b2 --- /dev/null +++ b/hosts/modules/programs.nix @@ -0,0 +1,188 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + environment.systemPackages = with pkgs; [ + ### Dev Tools ### + agenix + git + helix + ### System Utilities ### + btop + fastfetch + nixos-firewall-tool + sysz + wget + tmux + ]; + + programs = { + fish.enable = true; + command-not-found.enable = false; + }; + + environment.shellAliases = { + ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; + neofetch = "fastfetch"; + tree = "ls --tree"; + syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation ( + let + kdepkgs = with pkgs.kdePackages; [ + ark + dolphin-plugins + kolourpaint + ]; + kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + in + { + environment.systemPackages = + with pkgs; + [ + ### Dev Tools ### + bat + deploy-rs + fd + fzf + nixfmt-rfc-style + nix-init + nix-output-monitor + ripgrep + ### Internet Browsers & Communication ### + firefox + microsoft-edge + nextcloud-client + tor-browser + ungoogled-chromium + vesktop + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + kwrite + libreoffice-qt + obsidian + onlyoffice-desktopeditors + rnote + ### Graphics & Design ### + freecad-wayland + gimp + inkscape + orca-slicer + ### Gaming & Entertainment ### + clonehero + heroic + mangohud + prismlauncher + protonup + ### System Utilities ### + adwaita-icon-theme + distrobox + junction + kara + kde-rounded-corners + libfido2 + # lilipod BROKEN + mission-center + p7zip + plasma-panel-colorizer + qbittorrent + quickemu + quickgui + steam-run + unrar + ventoy + ### Media ### + mpv + obs-studio + qview + ] + ++ kdepkgs; + + services.flatpak = { + enable = true; + packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.github.tchx84.Flatseal" + "com.steamgriddb.SGDBoop" + "app.zen_browser.zen" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + + programs = { + adb.enable = true; + steam.enable = true; + dconf.enable = true; + nix-ld.enable = true; + kdeconnect.enable = true; + partition-manager.enable = true; + gamemode.enable = true; + nix-index-database.comma.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + nh = { + enable = true; + flake = "/home/user/Projects/personal/nix-config"; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + noto-fonts-cjk-sans + roboto + ]; + }; + + environment.plasma6.excludePackages = ( + with pkgs.kdePackages; + [ + discover + elisa + gwenview + kate + khelpcenter + oxygen + ] + ); + } + )) + ]; +} diff --git a/hosts/modules/security.nix b/hosts/modules/security.nix new file mode 100644 index 0000000..5cb1786 --- /dev/null +++ b/hosts/modules/security.nix @@ -0,0 +1,26 @@ +{ hostType, lib, ... }: + +{ + config = lib.mkMerge [ + # Common configuration + { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + }) + ]; +} diff --git a/hosts/modules/services.nix b/hosts/modules/services.nix new file mode 100644 index 0000000..d35bfff --- /dev/null +++ b/hosts/modules/services.nix @@ -0,0 +1,30 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + services = { + fwupd.enable = true; + fstrim.enable = true; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + }; + }) + ]; +} diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix new file mode 100644 index 0000000..fd9ef02 --- /dev/null +++ b/hosts/modules/users.nix @@ -0,0 +1,71 @@ +{ + lib, + hostType, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "docker" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + ]; + hashedPassword = "!"; + }; + }; + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + environment.sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + + users.users = { + user = { + description = "William"; + uid = 1000; + extraGroups = [ + "uaccess" # Needed for HID dev + "dialout" # Needed for arduino dev + "libvirt" + "libvirtd" + "adbusers" + "i2c" + ]; + }; + ewans = { + description = "Ewans"; + isNormalUser = true; + uid = 1001; + hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58"; + }; + }; + }) + ]; +} diff --git a/hosts/modules/virtualisation.nix b/hosts/modules/virtualisation.nix new file mode 100644 index 0000000..232459a --- /dev/null +++ b/hosts/modules/virtualisation.nix @@ -0,0 +1,38 @@ +{ + hostType, + lib, + pkgs, + ... +}: + +{ + config = lib.mkMerge [ + # Common configuration + { + virtualisation.podman = { + enable = true; + dockerCompat = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + + } + + # Server specific configuration + (lib.mkIf hostType.isServer { + }) + + # Workstation specific configuration + (lib.mkIf hostType.isWorkstation { + virtualisation = { + libvirtd.enable = true; + lxd.enable = true; + }; + }) + ]; +} diff --git a/hosts/servers/common/boot.nix b/hosts/servers/common/boot.nix index 5d6e482..a67ca90 100644 --- a/hosts/servers/common/boot.nix +++ b/hosts/servers/common/boot.nix @@ -1,5 +1,4 @@ { pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_hardened; } diff --git a/hosts/servers/common/nix.nix b/hosts/servers/common/nix.nix index af57cae..e0d65f1 100644 --- a/hosts/servers/common/nix.nix +++ b/hosts/servers/common/nix.nix @@ -1,13 +1,4 @@ { inputs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; } diff --git a/hosts/servers/common/services.nix b/hosts/servers/common/services.nix index 035de35..04618ac 100644 --- a/hosts/servers/common/services.nix +++ b/hosts/servers/common/services.nix @@ -1,8 +1,4 @@ { ... }: { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; }