william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactoring for iServer and isWorkstation: part 1

Browse source
This commit is contained in:
William 2025-03-13 13:17:31 -03:00
parent 94f540b2d0
commit af1d9ac368
37 changed files with 663 additions and 508 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -76,6 +76,10 @@
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
hostType = {
isServer = false;
isWorkstation = true;
};
}; };
modules = [ modules = [
./hosts/desktops/rotterdam.nix ./hosts/desktops/rotterdam.nix
@ -98,6 +102,10 @@
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
hostType = {
isServer = false;
isWorkstation = true;
};
}; };
modules = [ modules = [
./hosts/desktops/io.nix ./hosts/desktops/io.nix
@ -120,6 +128,10 @@
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
hostType = {
isServer = true;
isWorkstation = false;
};
}; };
modules = [ modules = [
./hosts/servers/alexandria.nix ./hosts/servers/alexandria.nix

20
hosts/common/boot.nix
View file

@ -1,20 +0,0 @@
{ ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}

8
hosts/common/console.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}

10
hosts/common/environment.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
environment.shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
neofetch = "fastfetch";
tree = "ls --tree";
syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot";
};
}

20
hosts/common/locale.nix
View file

@ -1,20 +0,0 @@
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
}

8
hosts/common/networking.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
networking = {
networkmanager.enable = true;
firewall.enable = true;
};
}

28
hosts/common/nix.nix
View file

@ -1,28 +0,0 @@
{ ... }:
{
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
system.stateVersion = "22.11";
}

21
hosts/common/packages.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
agenix
bind
btop
fastfetch
git
helix
killall
sysz
tmux
wget
];
programs = {
fish.enable = true;
command-not-found.enable = false;
};
}

13
hosts/common/security.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}

20
hosts/common/services.nix
View file

@ -1,20 +0,0 @@
{ ... }:
{
services = {
fwupd.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
openssh.enable = true;
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
}

28
hosts/common/users.nix
View file

@ -1,28 +0,0 @@
{ pkgs, ... }:
{
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"docker"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
];
hashedPassword = "!";
};
};
}

15
hosts/common/virtualisation.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}

26
hosts/desktops/common/boot.nix
View file

@ -1,26 +0,0 @@
{ pkgs, ... }:
{
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
}

7
hosts/desktops/common/default.nix
View file

@ -2,15 +2,8 @@
{ {
imports = [ imports = [
./boot.nix
./hardware.nix
./home-manager.nix ./home-manager.nix
./impermanence.nix ./impermanence.nix
./nix.nix
./packages.nix
./services.nix
./stylix.nix ./stylix.nix
./users.nix
./virtualisation.nix
]; ];
} }

13
hosts/desktops/common/hardware.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
hardware = {
xpadneo.enable = true;
bluetooth.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
i2c.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
}

13
hosts/desktops/common/nix.nix
View file

@ -1,13 +0,0 @@
{ inputs, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
}

137
hosts/desktops/common/packages.nix
View file

@ -1,137 +0,0 @@
{ inputs, pkgs, ... }:
let
kdepkgs = with pkgs.kdePackages; [
ark
dolphin-plugins
kolourpaint
];
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
environment.systemPackages =
with pkgs;
[
adwaita-icon-theme
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
bat
bitwarden-desktop
clonehero
deploy-rs
distrobox
fd
firefox
freecad-wayland
fzf
gimp
heroic
inkscape
junction
kara
kde-rounded-corners
kwrite
libfido2
libreoffice-qt
# lilipod BROKEN
mangohud
microsoft-edge
mission-center
mpv
nextcloud-client
nixfmt-rfc-style
nixos-firewall-tool
nix-init
nix-output-monitor
obsidian
obs-studio
onlyoffice-desktopeditors
orca-slicer
p7zip
plasma-panel-colorizer
prismlauncher
protonup
quickemu
quickgui
qview
qbittorrent
ripgrep
rnote
steam-run
tor-browser
ungoogled-chromium
unrar
ventoy
vesktop
]
++ kdepkgs;
services.flatpak = {
enable = true;
packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.github.tchx84.Flatseal"
"com.steamgriddb.SGDBoop"
"app.zen_browser.zen"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
programs = {
adb.enable = true;
steam.enable = true;
dconf.enable = true;
nix-ld.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
gamemode.enable = true;
nix-index-database.comma.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nh = {
enable = true;
flake = "/home/user/Projects/personal/nix-config";
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
noto-fonts-cjk-sans
roboto
];
};
environment.plasma6.excludePackages = (
with pkgs.kdePackages;
[
discover
elisa
gwenview
kate
khelpcenter
oxygen
]
);
}

67
hosts/desktops/common/services.nix
View file

@ -1,67 +0,0 @@
{
inputs,
pkgs,
...
}:
{
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
displayManager.sddm = {
enable = true;
wayland = {
enable = true;
compositor = "kwin";
};
};
desktopManager.plasma6.enable = true;
tailscale.useRoutingFeatures = "client";
nginx = {
enable = true;
virtualHosts."localhost".root = inputs.homepage;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
# greetd = {
# enable = true;
# settings = {
# default_session.command =
# let
# xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions";
# wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions";
# in
# ''
# ${pkgs.greetd.tuigreet}/bin/tuigreet \
# --remember \
# --asterisks \
# --time \
# --greeting "NixOS" \
# --sessions ${xSessions}:${wlSessions}
# '';
# initial_session = {
# command = ''
# ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null
# '';
# user = "user";
# };
# };
# };
};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
}

29
hosts/desktops/common/users.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
environment.sessionVariables = rec {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
users.users = {
user = {
description = "William";
uid = 1000;
extraGroups = [
"uaccess" # Needed for HID dev
"dialout" # Needed for arduino dev
"libvirt"
"libvirtd"
"adbusers"
"i2c"
];
};
ewans = {
description = "Ewans";
isNormalUser = true;
uid = 1001;
hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58";
};
};
}

8
hosts/desktops/common/virtualisation.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
virtualisation = {
libvirtd.enable = true;
lxd.enable = true;
};
}

2
hosts/desktops/rotterdam.nix
View file

@ -31,7 +31,7 @@ in
{ {
imports = [ imports = [
# Host-common imports # Host-common imports
../common ../modules
# Desktop-common imports # Desktop-common imports
./common ./common
# Host-specific imports # Host-specific imports

61
hosts/modules/boot.nix Normal file
View file

@ -0,0 +1,61 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
boot.kernelPackages = pkgs.linuxPackages_hardened;
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
})
];
}

21
hosts/modules/console.nix Normal file
View file

@ -0,0 +1,21 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

4
hosts/common/default.nix → hosts/modules/default.nix
View file

@ -4,14 +4,14 @@
imports = [ imports = [
./boot.nix ./boot.nix
./console.nix ./console.nix
./desktop.nix
./locale.nix ./locale.nix
./networking.nix ./networking.nix
./nix.nix ./nix.nix
./packages.nix ./programs.nix
./security.nix ./security.nix
./services.nix ./services.nix
./users.nix ./users.nix
./virtualisation.nix ./virtualisation.nix
./environment.nix
]; ];
} }

67
hosts/modules/desktop.nix Normal file
View file

@ -0,0 +1,67 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
displayManager.sddm = {
enable = true;
wayland = {
enable = true;
compositor = "kwin";
};
};
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
desktopManager.plasma6.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
};
hardware = {
xpadneo.enable = true;
bluetooth.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
i2c.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
})
];
}

4
hosts/modules/environment.nix Normal file
View file

@ -0,0 +1,4 @@
{ pkgs, ... }:
{
}

33
hosts/modules/locale.nix Normal file
View file

@ -0,0 +1,33 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

45
hosts/modules/networking.nix Normal file
View file

@ -0,0 +1,45 @@
{
hostType,
inputs,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
networking = {
networkmanager.enable = true;
firewall.enable = true;
};
services = {
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
openssh.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
tailscale.useRoutingFeatures = "client";
nginx = {
enable = true;
virtualHosts."localhost".root = inputs.homepage;
};
};
})
];
}

64
hosts/modules/nix.nix Normal file
View file

@ -0,0 +1,64 @@
{
inputs,
lib,
hostType,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
system.stateVersion = "22.11";
}
# Server specific configuration
(lib.mkIf hostType.isServer {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
];
}

188
hosts/modules/programs.nix Normal file
View file

@ -0,0 +1,188 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
environment.systemPackages = with pkgs; [
### Dev Tools ###
agenix
git
helix
### System Utilities ###
btop
fastfetch
nixos-firewall-tool
sysz
wget
tmux
];
programs = {
fish.enable = true;
command-not-found.enable = false;
};
environment.shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
neofetch = "fastfetch";
tree = "ls --tree";
syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot";
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation (
let
kdepkgs = with pkgs.kdePackages; [
ark
dolphin-plugins
kolourpaint
];
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
environment.systemPackages =
with pkgs;
[
### Dev Tools ###
bat
deploy-rs
fd
fzf
nixfmt-rfc-style
nix-init
nix-output-monitor
ripgrep
### Internet Browsers & Communication ###
firefox
microsoft-edge
nextcloud-client
tor-browser
ungoogled-chromium
vesktop
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
kwrite
libreoffice-qt
obsidian
onlyoffice-desktopeditors
rnote
### Graphics & Design ###
freecad-wayland
gimp
inkscape
orca-slicer
### Gaming & Entertainment ###
clonehero
heroic
mangohud
prismlauncher
protonup
### System Utilities ###
adwaita-icon-theme
distrobox
junction
kara
kde-rounded-corners
libfido2
# lilipod BROKEN
mission-center
p7zip
plasma-panel-colorizer
qbittorrent
quickemu
quickgui
steam-run
unrar
ventoy
### Media ###
mpv
obs-studio
qview
]
++ kdepkgs;
services.flatpak = {
enable = true;
packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.github.tchx84.Flatseal"
"com.steamgriddb.SGDBoop"
"app.zen_browser.zen"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
programs = {
adb.enable = true;
steam.enable = true;
dconf.enable = true;
nix-ld.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
gamemode.enable = true;
nix-index-database.comma.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nh = {
enable = true;
flake = "/home/user/Projects/personal/nix-config";
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
noto-fonts-cjk-sans
roboto
];
};
environment.plasma6.excludePackages = (
with pkgs.kdePackages;
[
discover
elisa
gwenview
kate
khelpcenter
oxygen
]
);
}
))
];
}

26
hosts/modules/security.nix Normal file
View file

@ -0,0 +1,26 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

30
hosts/modules/services.nix Normal file
View file

@ -0,0 +1,30 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
services = {
fwupd.enable = true;
fstrim.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
};
})
];
}

71
hosts/modules/users.nix Normal file
View file

@ -0,0 +1,71 @@
{
lib,
hostType,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"docker"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
];
hashedPassword = "!";
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
users.users = {
user = {
description = "William";
uid = 1000;
extraGroups = [
"uaccess" # Needed for HID dev
"dialout" # Needed for arduino dev
"libvirt"
"libvirtd"
"adbusers"
"i2c"
];
};
ewans = {
description = "Ewans";
isNormalUser = true;
uid = 1001;
hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58";
};
};
})
];
}

38
hosts/modules/virtualisation.nix Normal file
View file

@ -0,0 +1,38 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
virtualisation = {
libvirtd.enable = true;
lxd.enable = true;
};
})
];
}

1
hosts/servers/common/boot.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
boot.kernelPackages = pkgs.linuxPackages_hardened;
} }

9
hosts/servers/common/nix.nix
View file

@ -1,13 +1,4 @@
{ inputs, ... }: { inputs, ... }:
{ {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
} }

4
hosts/servers/common/services.nix
View file

@ -1,8 +1,4 @@
{ ... }: { ... }:
{ {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
} }