From e8fb75b42f59445aa89a85842482af81293faef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Thu, 18 May 2023 13:57:58 +0900 Subject: [PATCH] feat: reworked directory structure of host --- flake.nix | 2 +- hosts/common/core/default.nix | 20 ++ hosts/common/core/inputrc.nix | 110 +++++++++++ hosts/common/core/issue.nix | 7 + hosts/common/core/net.nix | 19 ++ hosts/common/{ => core}/nix.nix | 21 +-- hosts/common/core/ssh.nix | 20 ++ hosts/common/core/system.nix | 59 ++++++ hosts/common/core/xdg.nix | 14 ++ hosts/common/dev/default.nix | 6 + hosts/common/dev/docs.nix | 11 ++ hosts/common/efi.nix | 7 + hosts/common/graphical/default.nix | 5 + hosts/common/graphical/fonts.nix | 53 ++++++ hosts/common/graphical/hyprland.nix | 9 + hosts/common/hardware/bluetooth.nix | 27 +++ hosts/common/hardware/intel.nix | 4 + hosts/common/hardware/nvidia.nix | 21 +++ hosts/common/hardware/physical.nix | 13 ++ hosts/common/laptop.nix | 15 ++ hosts/common/networking.nix | 39 ---- hosts/common/nvidia.nix | 24 --- hosts/common/pipewire.nix | 9 +- hosts/common/steam.nix | 13 ++ hosts/common/touchscreen.nix | 10 - hosts/common/yubikey.nix | 11 ++ hosts/common/zfs.nix | 25 +++ hosts/patricknix/default.nix | 172 +++--------------- hosts/patricknix/fs.nix | 13 ++ hosts/patricknix/hardware-configuration.nix | 40 ---- hosts/patricknix/net.nix | 48 +++++ hosts/patricknix/prime-offload.nix | 11 ++ .../patricknix/secrets}/iwd/devolo-og.psk.age | Bin .../patricknix/secrets}/iwd/eduroam.8021x.age | 0 .../patricknix/secrets}/iwd/kaist.8021x.age | Bin hosts/patricknix/secrets/secrets.nix.age | Bin 0 -> 894 bytes hosts/{common => patricknix}/smb-mounts.nix | 0 hosts/{common => patricknix}/wireguard.nix | 0 nix/generate-node.nix | 1 + users/patrick/default.nix | 11 +- 40 files changed, 579 insertions(+), 291 deletions(-) create mode 100644 hosts/common/core/default.nix create mode 100644 hosts/common/core/inputrc.nix create mode 100644 hosts/common/core/issue.nix create mode 100644 hosts/common/core/net.nix rename hosts/common/{ => core}/nix.nix (61%) create mode 100644 hosts/common/core/ssh.nix create mode 100644 hosts/common/core/system.nix create mode 100644 hosts/common/core/xdg.nix create mode 100644 hosts/common/dev/default.nix create mode 100644 hosts/common/dev/docs.nix create mode 100644 hosts/common/efi.nix create mode 100644 hosts/common/graphical/default.nix create mode 100644 hosts/common/graphical/fonts.nix create mode 100644 hosts/common/graphical/hyprland.nix create mode 100644 hosts/common/hardware/bluetooth.nix create mode 100644 hosts/common/hardware/intel.nix create mode 100644 hosts/common/hardware/nvidia.nix create mode 100644 hosts/common/hardware/physical.nix create mode 100644 hosts/common/laptop.nix delete mode 100644 hosts/common/networking.nix delete mode 100644 hosts/common/nvidia.nix create mode 100644 hosts/common/steam.nix delete mode 100644 hosts/common/touchscreen.nix create mode 100644 hosts/common/yubikey.nix create mode 100644 hosts/common/zfs.nix create mode 100644 hosts/patricknix/fs.nix delete mode 100644 hosts/patricknix/hardware-configuration.nix create mode 100644 hosts/patricknix/net.nix create mode 100644 hosts/patricknix/prime-offload.nix rename {secrets => hosts/patricknix/secrets}/iwd/devolo-og.psk.age (100%) rename {secrets => hosts/patricknix/secrets}/iwd/eduroam.8021x.age (100%) rename {secrets => hosts/patricknix/secrets}/iwd/kaist.8021x.age (100%) create mode 100644 hosts/patricknix/secrets/secrets.nix.age rename hosts/{common => patricknix}/smb-mounts.nix (100%) rename hosts/{common => patricknix}/wireguard.nix (100%) diff --git a/flake.nix b/flake.nix index 4afd081..b0c161e 100644 --- a/flake.nix +++ b/flake.nix @@ -55,7 +55,7 @@ } @ inputs: { secrets = { - masterIdentities = [./secrets/NIXOSc.key.pub ./secrets/NIXOSa.key.pub]; + masterIdentities = [./secrets/NIXOSc.key.pub]; extraEncryptionPubkeys = [./secrets/recipients.txt]; content = import ./nix/secrets.nix inputs; }; diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix new file mode 100644 index 0000000..3cd8166 --- /dev/null +++ b/hosts/common/core/default.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./inputrc.nix + ./issue.nix + ./net.nix + ./nix.nix + ./ssh.nix + ./system.nix + ./xdg.nix + ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + verbose = true; + }; + # HM zsh needs this or else the startup order is fucked + # and env variables will be loaded incorrectly + programs.zsh.enable = true; +} diff --git a/hosts/common/core/inputrc.nix b/hosts/common/core/inputrc.nix new file mode 100644 index 0000000..0238da2 --- /dev/null +++ b/hosts/common/core/inputrc.nix @@ -0,0 +1,110 @@ +{ + environment.etc."inputrc".text = '' + # /etc/inputrc: initialization file for readline + # + # For more information on how this file works, please see the + # INITIALIZATION FILE section of the readline(3) man page + # + # Quick dirty little note: + # To get the key sequence for binding, you can abuse bash. + # While running bash, hit CTRL+V, and then type the key sequence. + # So, typing 'ALT + left arrow' in Konsole gets you back: + # ^[[1;3D + # The readline entry to make this skip back a word will then be: + # "\e[1;3D" backward-word + # + # Customization note: + # You don't need to put all your changes in this file. You can create + # ~/.inputrc which starts off with the line: + # $include /etc/inputrc + # Then put all your own stuff after that. + # + + # do not bell on tab-completion + set bell-style none + + set history-size -1 + + set meta-flag on + set input-meta on + set convert-meta off + set output-meta on + + # dont output everything on first line + set horizontal-scroll-mode off + + + # append slash to completed directories & symlinked directories + set mark-directories on + set mark-symlinked-directories on + + # dont expand ~ in tab completion + set expand-tilde off + + # instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking + set show-all-if-ambiguous on + set completion-query-items 300 + + + $if mode=emacs + + # for linux console and RH/Debian xterm + # allow the use of the Home/End keys + "\e[1~": beginning-of-line + "\e[4~": end-of-line + # map "page up" and "page down" to search history based on current cmdline + "\e[5~": history-search-backward + "\e[6~": history-search-forward + # allow the use of the Delete/Insert keys + "\e[3~": delete-char + "\e[2~": quoted-insert + + # gnome / others (escape + arrow key) + "\e[5C": forward-word + "\e[5D": backward-word + # konsole / xterm / rxvt (escape + arrow key) + "\e\e[C": forward-word + "\e\e[D": backward-word + # gnome / konsole / others (control + arrow key) + "\e[1;5C": forward-word + "\e[1;5D": backward-word + # aterm / eterm (control + arrow key) + "\eOc": forward-word + "\eOd": backward-word + + # konsole (alt + arrow key) + "\e[1;3C": forward-word + "\e[1;3D": backward-word + + # Chromebooks remap alt + backspace so provide alternative (alt + k) + "\ek": backward-kill-word + + $if term=rxvt + "\e[8~": end-of-line + + "\e[3^": kill-line + "\e[3@": backward-kill-line + $endif + + # for non RH/Debian xterm, can't hurt for RH/Debian xterm + "\eOH": beginning-of-line + "\eOF": end-of-line + + # for freebsd console + "\e[H": beginning-of-line + "\e[F": end-of-line + + # fix Home and End for German users + "\e[7~": beginning-of-line + "\e[8~": end-of-line + + # ctrl [+ shift] + del = kill line [backward] + "\e[3;5~": kill-line + "\e[3;6~": backward-kill-line + $endif + + # Up and Down should search history based on current cmdline + "\e[A": history-search-backward + "\e[B": history-search-forward + ''; +} diff --git a/hosts/common/core/issue.nix b/hosts/common/core/issue.nix new file mode 100644 index 0000000..9b5eb0c --- /dev/null +++ b/hosts/common/core/issue.nix @@ -0,0 +1,7 @@ +{ + environment.etc.issue.text = '' + <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>> + ''; + + users.motd = "Guten Tach"; +} diff --git a/hosts/common/core/net.nix b/hosts/common/core/net.nix new file mode 100644 index 0000000..3b53183 --- /dev/null +++ b/hosts/common/core/net.nix @@ -0,0 +1,19 @@ +{nodeName, ...}: { + networking = { + useNetworkd = true; + dhcpcd.enable = false; + hostName = nodeName; + }; + # Should remain enabled since nscd from glibc is kinda ass + services.nscd.enableNsncd = true; + systemd.network = { + enable = true; + wait-online.anyInterface = true; + }; + services.resolved = { + enable = true; + # man i whish dnssec would be viable to use + dnssec = "allow-downgrade"; + llmnr = "true"; + }; +} diff --git a/hosts/common/nix.nix b/hosts/common/core/nix.nix similarity index 61% rename from hosts/common/nix.nix rename to hosts/common/core/nix.nix index e95baae..72bbdef 100644 --- a/hosts/common/nix.nix +++ b/hosts/common/core/nix.nix @@ -31,12 +31,13 @@ builders-use-substitutes = true experimental-features = nix-command flakes recursive-nix flake-registry = /etc/nix/registry.json - plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins + plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins + extra-builtins-file = ${../../../nix/extra-builtins.nix} ''; optimise.automatic = true; gc = { automatic = true; - dates = "weekly"; + dates = "monthly"; }; registry = { @@ -46,18 +47,6 @@ templates.flake = inputs.templates; }; }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # breaks flake based building - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? + # TODO unify the stateversions here and of homemanager + system.stateVersion = "23.05"; } diff --git a/hosts/common/core/ssh.nix b/hosts/common/core/ssh.nix new file mode 100644 index 0000000..7d2b1e7 --- /dev/null +++ b/hosts/common/core/ssh.nix @@ -0,0 +1,20 @@ +{ + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "yes"; + }; + hostKeys = [ + { + # never set this to an actual nix type path + # or else ..... + # it will end up in the nix store + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; +} diff --git a/hosts/common/core/system.nix b/hosts/common/core/system.nix new file mode 100644 index 0000000..3a0a6a0 --- /dev/null +++ b/hosts/common/core/system.nix @@ -0,0 +1,59 @@ +{ + inputs, + lib, + nodePath, + pkgs, + nodeName, + ... +}: { + rekey = { + inherit + (inputs.self.secrets) + masterIdentities + extraEncryptionPubkeys + ; + + forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem; + hostPubkey = let + pubkeyPath = nodePath + "/secrets/host.pub"; + in + lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false) + pubkeyPath; + }; + boot = { + initrd.systemd.enable = true; + initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"]; + supportedFilesystems = ["ntfs"]; + kernelModules = ["kvm-intel"]; + tmp.useTmpfs = true; + }; + + security.sudo.enable = false; + + time.timeZone = lib.mkDefault "Europe/Berlin"; + i18n.defaultLocale = "C.UTF-8"; + services.xserver = { + layout = "de"; + xkbVariant = "bone"; + }; + console = { + font = "ter-v28n"; + packages = with pkgs; [terminus_font]; + useXkbConfig = true; # use xkbOptions in tty. + keyMap = lib.mkDefault "de-latin1-nodeadkeys"; + }; + + users.mutableUsers = false; + environment.systemPackages = with pkgs; [ + wget + gcc + tree + rage + file + ripgrep + killall + fd + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/common/core/xdg.nix b/hosts/common/core/xdg.nix new file mode 100644 index 0000000..932acbb --- /dev/null +++ b/hosts/common/core/xdg.nix @@ -0,0 +1,14 @@ +{ + # XDG base spec + environment.sessionVariables = rec { + XDG_CACHE_HOME = "\${HOME}/.cache"; + XDG_CONFIG_HOME = "\${HOME}/.config"; + XDG_STATE_HOME = "\${HOME}/.local/state"; + XDG_DATA_HOME = "\${HOME}/.local/share"; + # xdg ninja recommendations + CARGO_HOME = "${XDG_DATA_HOME}/cargo"; + CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; + RUSTUP_HOME = "${XDG_DATA_HOME}/rustup"; + WINEPREFIX = "${XDG_DATA_HOME}/wine"; + }; +} diff --git a/hosts/common/dev/default.nix b/hosts/common/dev/default.nix new file mode 100644 index 0000000..f21a843 --- /dev/null +++ b/hosts/common/dev/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./docs.nix + ]; + environment.enableDebugInfo = true; +} diff --git a/hosts/common/dev/docs.nix b/hosts/common/dev/docs.nix new file mode 100644 index 0000000..d9f3aa2 --- /dev/null +++ b/hosts/common/dev/docs.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + man-pages + man-pages-posix + ]; + documentation = { + dev.enable = true; + man.enable = true; + info.enable = false; + }; +} diff --git a/hosts/common/efi.nix b/hosts/common/efi.nix new file mode 100644 index 0000000..c07c7e8 --- /dev/null +++ b/hosts/common/efi.nix @@ -0,0 +1,7 @@ +{ + # Use the systemd-boot EFI boot loader. + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; +} diff --git a/hosts/common/graphical/default.nix b/hosts/common/graphical/default.nix new file mode 100644 index 0000000..2b547d6 --- /dev/null +++ b/hosts/common/graphical/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./fonts.nix + ]; +} diff --git a/hosts/common/graphical/fonts.nix b/hosts/common/graphical/fonts.nix new file mode 100644 index 0000000..187dbab --- /dev/null +++ b/hosts/common/graphical/fonts.nix @@ -0,0 +1,53 @@ +{pkgs, ...}: { + fonts = { + enableDefaultFonts = false; + enableGhostscriptFonts = false; + fontDir.enable = false; + fontconfig = { + defaultFonts = { + sansSerif = ["IBM Plex Sans"]; + serif = ["IBM Plex Sans"]; + monospace = ["FiraCode Nerd Font"]; + emoji = ["Noto Color Emoji"]; + }; + localConf = '' + + + + + monospace + + emoji + + + + sans-serif + + emoji + + + + serif + + emoji + + + + ''; + }; + fonts = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ibm-plex + dejavu_fonts + unifont + freefont_ttf + gyre-fonts # TrueType substitutes for standard PostScript fonts + liberation_ttf + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-emoji + noto-fonts-extra + ]; + }; +} diff --git a/hosts/common/graphical/hyprland.nix b/hosts/common/graphical/hyprland.nix new file mode 100644 index 0000000..2f2dfcb --- /dev/null +++ b/hosts/common/graphical/hyprland.nix @@ -0,0 +1,9 @@ +{ + programs.hyprland.enable = true; + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = with pkgs; [xdg-desktop-portal-hyprland]; + }; +} diff --git a/hosts/common/hardware/bluetooth.nix b/hosts/common/hardware/bluetooth.nix new file mode 100644 index 0000000..e6fd94b --- /dev/null +++ b/hosts/common/hardware/bluetooth.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [bluetuith]; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + disabledPlugins = ["sap"]; + settings = { + General = { + FastConnectable = "true"; + JustWorksRepairing = "always"; + MultiProfile = "multiple"; + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + + hardware.pulseaudio = { + package = pkgs.pulseaudio.override {bluetoothSupport = true;}; + extraConfig = '' + load-module module-bluetooth-discover + load-module module-bluetooth-policy + load-module module-switch-on-connect + ''; + extraModules = with pkgs; [pulseaudio-modules-bt]; + }; +} diff --git a/hosts/common/hardware/intel.nix b/hosts/common/hardware/intel.nix new file mode 100644 index 0000000..a2a9139 --- /dev/null +++ b/hosts/common/hardware/intel.nix @@ -0,0 +1,4 @@ +{ + powerManagement.cpuFreqGovernor = "powersave"; + hardware.cpu.intel.updateMicrocode = true; +} diff --git a/hosts/common/hardware/nvidia.nix b/hosts/common/hardware/nvidia.nix new file mode 100644 index 0000000..a764899 --- /dev/null +++ b/hosts/common/hardware/nvidia.nix @@ -0,0 +1,21 @@ +{ + lib, + pkgs, + ... +}: { + services.xserver.videoDrivers = lib.mkForce ["nvidia"]; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + }; + nvidia = { + powerManagement = { + enable = true; + finegrained = true; + }; + modesetting.enable = true; + }; + }; +} diff --git a/hosts/common/hardware/physical.nix b/hosts/common/hardware/physical.nix new file mode 100644 index 0000000..f8349d6 --- /dev/null +++ b/hosts/common/hardware/physical.nix @@ -0,0 +1,13 @@ +# Configuration for actual physical machines +{config, ...}: { + hardware = { + enableRedistributableFirmware = true; + enableAllFirmware = true; + }; + + services = { + fwupd.enable = true; + smartd.enable = true; + thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"]; + }; +} diff --git a/hosts/common/laptop.nix b/hosts/common/laptop.nix new file mode 100644 index 0000000..463aa0a --- /dev/null +++ b/hosts/common/laptop.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + services = { + physlock.enable = true; + tlp = { + enable = true; + # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692 + settings = { + USB_EXLUDE_PHONE = 1; + }; + }; + udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness" + ''; + }; +} diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix deleted file mode 100644 index 935a09f..0000000 --- a/hosts/common/networking.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - networking.wireless.iwd.enable = true; - rekey.secrets.eduroam = { - file = ../../secrets/iwd/eduroam.8021x.age; - path = "/var/lib/iwd/eduroam.8021x"; - }; - rekey.secrets.devoloog = { - file = ../../secrets/iwd/devolo-og.psk.age; - path = "/var/lib/iwd/devolo-og.psk"; - }; - rekey.secrets.kaist = { - file = ../../secrets/iwd/kaist.8021x.age; - path = "/var/lib/iwd/Welcome_KAIST.8021x"; - }; - - networking.useNetworkd = true; - networking.dhcpcd.enable = false; - # Should remain enabled since nscd from glibc is kinda ass - services.nscd.enableNsncd = true; - systemd.network.wait-online.anyInterface = true; - # Fuck korea. - # I need a static global IP address for my dorm LAN - # So to not dox myself this config file is hardcoded - rekey.secrets.enp0s20f0u2u4 = { - file = ../../secrets/koreaIP.age; - path = "/etc/systemd/network/10-enp0s20f0u2u4.network"; - mode = "444"; - }; - services.resolved = { - enable = true; - }; - # Add the VPN based route to my paperless instance to - # etc/hosts - networking.extraHosts = '' - 10.0.0.1 paperless.lel.lol - ''; - - networking.firewall.enable = false; -} diff --git a/hosts/common/nvidia.nix b/hosts/common/nvidia.nix deleted file mode 100644 index 13565e7..0000000 --- a/hosts/common/nvidia.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - services.xserver.videoDrivers = lib.mkForce ["nvidia"]; - - hardware.nvidia = { - powerManagement = { - enable = true; - finegrained = true; - }; - modesetting.enable = true; - prime = { - offload = { - enableOffloadCmd = true; - enable = true; - }; - - intelBusId = "PCI:00:02:0"; - nvidiaBusId = "PCI:59:00:0"; - }; - }; -} diff --git a/hosts/common/pipewire.nix b/hosts/common/pipewire.nix index 1ec9b31..ab3c7ec 100644 --- a/hosts/common/pipewire.nix +++ b/hosts/common/pipewire.nix @@ -6,13 +6,6 @@ environment.systemPackages = with pkgs; [pulseaudio pulsemixer]; hardware.pulseaudio.enable = lib.mkForce false; - hardware.bluetooth.enable = true; - hardware.bluetooth.settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - }; - }; - security.rtkit.enable = true; services.pipewire = { @@ -22,5 +15,5 @@ pulse.enable = true; }; - sound.enable = true; + sound.enable = false; } diff --git a/hosts/common/steam.nix b/hosts/common/steam.nix new file mode 100644 index 0000000..05d2ad9 --- /dev/null +++ b/hosts/common/steam.nix @@ -0,0 +1,13 @@ +{pkgs, ...}: { + programs.steam = { + enable = true; + package = pkgs.steam.override { + extraPkgs = pkgs: + with pkgs; [ + # vampir überlebende braucht diese pkgs + libgdiplus + cups + ]; + }; + }; +} diff --git a/hosts/common/touchscreen.nix b/hosts/common/touchscreen.nix deleted file mode 100644 index e8e8203..0000000 --- a/hosts/common/touchscreen.nix +++ /dev/null @@ -1,10 +0,0 @@ -pkgs: -# This is small script to map touchinputs to outputs -# in an ideal world this would happen automatically but -# with udev and X11 we truly do not live in an ideal world -"${pkgs.writeShellScriptBin "fix-shit" '' - xinput --map-to-output "ELAN2514:00 04F3:2817" eDP-1 - xinput --map-to-output "ELAN2514:00 04F3:2817 Stylus Pen (0)" eDP-1 - xset r rate 235 60 - autorandr -c -''}/bin/fix-shit" diff --git a/hosts/common/yubikey.nix b/hosts/common/yubikey.nix new file mode 100644 index 0000000..8c11869 --- /dev/null +++ b/hosts/common/yubikey.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + yubikey-personalization + yubikey-manager + age-plugin-yubikey + ]; + + services.pcscd.enable = true; + + services.udev.packages = with pkgs; [yubikey-personalization libu2f-host]; +} diff --git a/hosts/common/zfs.nix b/hosts/common/zfs.nix new file mode 100644 index 0000000..7f3df45 --- /dev/null +++ b/hosts/common/zfs.nix @@ -0,0 +1,25 @@ +{ + pkgs, + config, + ... +}: { + boot.supportedFilesystems = ["zfs"]; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + # The root pool should never be imported forcefully. + # Failure to import is important to notice! + boot.zfs.forceImportRoot = false; + + environment.systemPackages = with pkgs; [zfs]; + + services.zfs = { + autoScrub = { + enable = true; + interval = "weekly"; + }; + trim = { + enable = true; + interval = "weekly"; + }; + }; +} diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index 1730f6a..4fbc145 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -1,87 +1,42 @@ { config, - inputs, pkgs, - nodeName, - lib, + nixos-hardware, ... }: let shell = pkgs.zsh; in { imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - #user home configuration - ../../users/patrick - # + nixos-hardware.common-cpu-intel + nixos-hardware.common-gpu-intel + nixos-hardware.common-pc-laptop + nixos-hardware.common-pc-laptop-ssd + + ../common/core + ../common/dev + ../common/graphical + ../common/hardware/bluetooth.nix + ../common/hardware/intel.nix + ../common/hardware/physical.nix + ../common/efi.nix + ../common/laptop.nix ../common/pipewire.nix - ../common/nvidia.nix - ../common/wireguard.nix - ../common/smb-mounts.nix - ../common/networking.nix - ../common/nix.nix + ../common/steam.nix + ../common/yubikey.nix + ../common/zfs.nix + + ../common/hardware/nvidia.nix + ./prime-offload.nix + + ./net.nix + ./fs.nix + ./smb-mounts.nix + ./wireguard.nix ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "patricknix"; # Define your hostname. - networking.hostId = "68438432"; - # Set your time zone. time.timeZone = "Asia/Seoul"; - - # Select internationalisation properties. - i18n.defaultLocale = "C.UTF-8"; - services.xserver = { - layout = "de"; - xkbVariant = "bone"; - }; - programs.hyprland.enable = true; - console = { - font = "ter-v28n"; - packages = with pkgs; [terminus_font]; - useXkbConfig = true; # use xkbOptions in tty. - }; - - rekey = { - inherit - (inputs.self.secrets) - masterIdentities - extraEncryptionPubkeys - ; - - #forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem; - hostPubkey = let - pubkeyPath = ../. + "/${nodeName}/secrets/host.pub"; - in - lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false) - pubkeyPath; - }; - - hardware.opengl.enable = true; - - nixpkgs.config.allowUnfree = true; - - services.tlp = { - enable = true; - # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692 - settings = { - USB_EXLUDE_PHONE = 1; - }; - }; - - # Disable mutable Users, any option can only be set by the nix config - users.mutableUsers = false; - rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age; - environment.etc.issue.text = '' - <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>> - ''; - - users.motd = "Guten Tach"; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.patrick = { inherit shell; @@ -94,9 +49,6 @@ in { }; users.groups.patrick.gid = 1000; # Allow users in group video to edit backlight setting - services.udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness" - ''; rekey.secrets.root.file = ../../secrets/root.passwd.age; users.users.root = { @@ -108,87 +60,13 @@ in { passwordFile = config.rekey.secrets.root.path; }; - security.sudo.enable = false; - - documentation.dev.enable = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - xterm - wget - gcc - tree - age-plugin-yubikey - rage - file - ripgrep - killall - fd - man-pages - man-pages-posix # xournalpp needs this or else it will crash gnome3.adwaita-icon-theme ]; - # HM zsh needs this or else the startup order is fucked - # and env variables will be loaded incorrectly - programs.zsh.enable = true; - - services.physlock.enable = true; - - programs.steam = { - enable = true; - package = pkgs.steam.override { - extraPkgs = pkgs: - with pkgs; [ - # vampir überlebende braucht diese pkgs - libgdiplus - cups - ]; - }; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "yes"; - }; - hostKeys = [ - { - # never set this to an actual nix type path - # or else ..... - # it will end up in the nix store - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - - services.thermald.enable = true; - services.pcscd.enable = true; - services.fstrim.enable = true; - hardware.cpu.intel.updateMicrocode = true; - - services.udev.packages = with pkgs; [yubikey-personalization libu2f-host]; - environment.shellInit = '' gpg-connect-agent /bye export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) umask 077 ''; - # XDG base spec - environment.sessionVariables = rec { - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_STATE_HOME = "\${HOME}/.local/state"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - # xdg ninja recommendations - CARGO_HOME = "${XDG_DATA_HOME}/cargo"; - CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; - RUSTUP_HOME = "${XDG_DATA_HOME}/rustup"; - WINEPREFIX = "${XDG_DATA_HOME}/wine"; - }; } diff --git a/hosts/patricknix/fs.nix b/hosts/patricknix/fs.nix new file mode 100644 index 0000000..5e8b1bb --- /dev/null +++ b/hosts/patricknix/fs.nix @@ -0,0 +1,13 @@ +{ + fileSystems."/" = { + device = "rpool/ROOT/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/BC47-8FB9"; + fsType = "vfat"; + }; + + swapDevices = []; +} diff --git a/hosts/patricknix/hardware-configuration.nix b/hosts/patricknix/hardware-configuration.nix deleted file mode 100644 index f1cca1e..0000000 --- a/hosts/patricknix/hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.supportedFilesystems = ["ntfs"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "rpool/ROOT/nixos"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/BC47-8FB9"; - fsType = "vfat"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u2u4.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix new file mode 100644 index 0000000..ef3aa87 --- /dev/null +++ b/hosts/patricknix/net.nix @@ -0,0 +1,48 @@ +{ + nodeSecrets, + nodePath, + ... +}: { + networking = { + inherit (nodeSecrets.networking) hostId; + wireless.iwd.enable = true; + # Add the VPN based route to my paperless instance to + # etc/hosts + extraHosts = '' + 10.0.0.1 paperless.lel.lol + ''; + }; + + # Fuck korea. + # I need a static global IP address for my dorm LAN + # So to not dox myself this config file is hardcoded + systemd.network.networks = { + "lan1" = { + DHCP = "yes"; + matchConfig.MACAddress = nodeSecrets.networking.lan1.mac; + networkConfig.IPv6PrivacyExtensions = "yes"; + gateway = [nodeSecrets.networking.fuckKoreanDorm.gateway]; + address = [nodeSecrets.networking.fuckKoreanDorm.address]; + dns = ["9.9.9.9"]; + }; + "wlan1" = { + DHCP = "yes"; + matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac; + networkConfig.IPv6PrivacyExtensions = "yes"; + # TODO: change dns to own when at hom + dns = ["9.9.9.9"]; + }; + }; + rekey.secrets.eduroam = { + file = nodePath + "/secrets/iwd/eduroam.8021x.age"; + path = "/var/lib/iwd/eduroam.8021x"; + }; + rekey.secrets.devoloog = { + file = nodePath + "/secrets/iwd/devolo-og.psk.age"; + path = "/var/lib/iwd/devolo-og.psk"; + }; + rekey.secrets.kaist = { + file = nodePath + "/secrets/iwd/kaist.8021x.age"; + path = "/var/lib/iwd/Welcome_KAIST.8021x"; + }; +} diff --git a/hosts/patricknix/prime-offload.nix b/hosts/patricknix/prime-offload.nix new file mode 100644 index 0000000..2963d06 --- /dev/null +++ b/hosts/patricknix/prime-offload.nix @@ -0,0 +1,11 @@ +{ + hardware.nvidia.prime = { + offload = { + enableOffloadCmd = true; + enable = true; + }; + + intelBusId = "PCI:00:02:0"; + nvidiaBusId = "PCI:59:00:0"; + }; +} diff --git a/secrets/iwd/devolo-og.psk.age b/hosts/patricknix/secrets/iwd/devolo-og.psk.age similarity index 100% rename from secrets/iwd/devolo-og.psk.age rename to hosts/patricknix/secrets/iwd/devolo-og.psk.age diff --git a/secrets/iwd/eduroam.8021x.age b/hosts/patricknix/secrets/iwd/eduroam.8021x.age similarity index 100% rename from secrets/iwd/eduroam.8021x.age rename to hosts/patricknix/secrets/iwd/eduroam.8021x.age diff --git a/secrets/iwd/kaist.8021x.age b/hosts/patricknix/secrets/iwd/kaist.8021x.age similarity index 100% rename from secrets/iwd/kaist.8021x.age rename to hosts/patricknix/secrets/iwd/kaist.8021x.age diff --git a/hosts/patricknix/secrets/secrets.nix.age b/hosts/patricknix/secrets/secrets.nix.age new file mode 100644 index 0000000000000000000000000000000000000000..850aab95b2e0f6663662a2a947880a4b13e8e60f GIT binary patch literal 894 zcmZwE{maw@0KoA?sXUN}cpxnihSvkqaouk3D=T-myY05y?b+@2+_p@(muvV^|Rt1ieu9i@y~`XjUZRBZ7!xQbcMQAp}KH_LK#oQl>u!{RJQRep{B2HM~wZ z4Mw)_-RFl^Zk$hL9|BYeMe`(3Q0tTg2_=xrsdQn+4#*H|;eDK0sqAZr0$xR`!$JqcvF+godu0jD6 zj@hUoxrwFISb*0^hzX@G1(^dCzvTXrP@s2LI@W^vK%^aGNqYaK5y>+MA!8R>!6`n8!@u(M`)3fGShxHzVSMn1tukSya*3f zt`rX}5^*rPU8<0dN=MpIu9+-@jl*8V*=z)+(i^vI`0mo_eXst_uUWhPHh;g7Grumy zdBnMTcF#ONBEp}3&8|L|*);e|+egsL2a~z$7r)&$fBU7kHTm~!_~yyS_grp&aMe5e zA+>38e|z1D_je_Cx1OB)v%fiV;A6L3+?Ft0;oOB6Q@hFd-11K4=`+8qJI_m}Ru1p} z>gc<~olm`WLb}Upd&hSE@Y?MAYwO8xE}Vb%qvPi1t7p7FoF6w_!PA?!EU!HC+3K3# z?mdz|^x)dpkI?h}##?v1@$rH1%4OvG&%o)u4=lVR?Rw?Ye_sCN;KEA&+VgXFD1Nj4 RrHza4J^I2IFP++c@?Y(VLl^)6 literal 0 HcmV?d00001 diff --git a/hosts/common/smb-mounts.nix b/hosts/patricknix/smb-mounts.nix similarity index 100% rename from hosts/common/smb-mounts.nix rename to hosts/patricknix/smb-mounts.nix diff --git a/hosts/common/wireguard.nix b/hosts/patricknix/wireguard.nix similarity index 100% rename from hosts/common/wireguard.nix rename to hosts/patricknix/wireguard.nix diff --git a/nix/generate-node.nix b/nix/generate-node.nix index 3834349..6c06f6d 100644 --- a/nix/generate-node.nix +++ b/nix/generate-node.nix @@ -22,6 +22,7 @@ in inherit nodeName; inherit nodeMeta; inherit hyprland; + nodePath = ../hosts + "/${nodeName}/"; secrets = self.secrets.content; nodeSecrets = self.secrets.content.nodes.${nodeName}; nixos-hardware = nixos-hardware.nixosModules; diff --git a/users/patrick/default.nix b/users/patrick/default.nix index bae7c7d..d38aac2 100644 --- a/users/patrick/default.nix +++ b/users/patrick/default.nix @@ -1,9 +1,8 @@ -{ - config, - home-manager, - hyprland, - ... -}: { +{hyprland, ...}: { + # TODO: only import this if the current host is a nixos host + imports = [ + ../../hosts/common/graphical/hyprland.nix + ]; home-manager.users.patrick.imports = [ hyprland.homeManagerModules.default ./patrick.nix