feat: reworked directory structure of host
This commit is contained in:
parent
c41b81e929
commit
e8fb75b42f
|
@ -55,7 +55,7 @@
|
|||
} @ inputs:
|
||||
{
|
||||
secrets = {
|
||||
masterIdentities = [./secrets/NIXOSc.key.pub ./secrets/NIXOSa.key.pub];
|
||||
masterIdentities = [./secrets/NIXOSc.key.pub];
|
||||
extraEncryptionPubkeys = [./secrets/recipients.txt];
|
||||
content = import ./nix/secrets.nix inputs;
|
||||
};
|
||||
|
|
20
hosts/common/core/default.nix
Normal file
20
hosts/common/core/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
imports = [
|
||||
./inputrc.nix
|
||||
./issue.nix
|
||||
./net.nix
|
||||
./nix.nix
|
||||
./ssh.nix
|
||||
./system.nix
|
||||
./xdg.nix
|
||||
];
|
||||
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
verbose = true;
|
||||
};
|
||||
# HM zsh needs this or else the startup order is fucked
|
||||
# and env variables will be loaded incorrectly
|
||||
programs.zsh.enable = true;
|
||||
}
|
110
hosts/common/core/inputrc.nix
Normal file
110
hosts/common/core/inputrc.nix
Normal file
|
@ -0,0 +1,110 @@
|
|||
{
|
||||
environment.etc."inputrc".text = ''
|
||||
# /etc/inputrc: initialization file for readline
|
||||
#
|
||||
# For more information on how this file works, please see the
|
||||
# INITIALIZATION FILE section of the readline(3) man page
|
||||
#
|
||||
# Quick dirty little note:
|
||||
# To get the key sequence for binding, you can abuse bash.
|
||||
# While running bash, hit CTRL+V, and then type the key sequence.
|
||||
# So, typing 'ALT + left arrow' in Konsole gets you back:
|
||||
# ^[[1;3D
|
||||
# The readline entry to make this skip back a word will then be:
|
||||
# "\e[1;3D" backward-word
|
||||
#
|
||||
# Customization note:
|
||||
# You don't need to put all your changes in this file. You can create
|
||||
# ~/.inputrc which starts off with the line:
|
||||
# $include /etc/inputrc
|
||||
# Then put all your own stuff after that.
|
||||
#
|
||||
|
||||
# do not bell on tab-completion
|
||||
set bell-style none
|
||||
|
||||
set history-size -1
|
||||
|
||||
set meta-flag on
|
||||
set input-meta on
|
||||
set convert-meta off
|
||||
set output-meta on
|
||||
|
||||
# dont output everything on first line
|
||||
set horizontal-scroll-mode off
|
||||
|
||||
|
||||
# append slash to completed directories & symlinked directories
|
||||
set mark-directories on
|
||||
set mark-symlinked-directories on
|
||||
|
||||
# dont expand ~ in tab completion
|
||||
set expand-tilde off
|
||||
|
||||
# instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking
|
||||
set show-all-if-ambiguous on
|
||||
set completion-query-items 300
|
||||
|
||||
|
||||
$if mode=emacs
|
||||
|
||||
# for linux console and RH/Debian xterm
|
||||
# allow the use of the Home/End keys
|
||||
"\e[1~": beginning-of-line
|
||||
"\e[4~": end-of-line
|
||||
# map "page up" and "page down" to search history based on current cmdline
|
||||
"\e[5~": history-search-backward
|
||||
"\e[6~": history-search-forward
|
||||
# allow the use of the Delete/Insert keys
|
||||
"\e[3~": delete-char
|
||||
"\e[2~": quoted-insert
|
||||
|
||||
# gnome / others (escape + arrow key)
|
||||
"\e[5C": forward-word
|
||||
"\e[5D": backward-word
|
||||
# konsole / xterm / rxvt (escape + arrow key)
|
||||
"\e\e[C": forward-word
|
||||
"\e\e[D": backward-word
|
||||
# gnome / konsole / others (control + arrow key)
|
||||
"\e[1;5C": forward-word
|
||||
"\e[1;5D": backward-word
|
||||
# aterm / eterm (control + arrow key)
|
||||
"\eOc": forward-word
|
||||
"\eOd": backward-word
|
||||
|
||||
# konsole (alt + arrow key)
|
||||
"\e[1;3C": forward-word
|
||||
"\e[1;3D": backward-word
|
||||
|
||||
# Chromebooks remap alt + backspace so provide alternative (alt + k)
|
||||
"\ek": backward-kill-word
|
||||
|
||||
$if term=rxvt
|
||||
"\e[8~": end-of-line
|
||||
|
||||
"\e[3^": kill-line
|
||||
"\e[3@": backward-kill-line
|
||||
$endif
|
||||
|
||||
# for non RH/Debian xterm, can't hurt for RH/Debian xterm
|
||||
"\eOH": beginning-of-line
|
||||
"\eOF": end-of-line
|
||||
|
||||
# for freebsd console
|
||||
"\e[H": beginning-of-line
|
||||
"\e[F": end-of-line
|
||||
|
||||
# fix Home and End for German users
|
||||
"\e[7~": beginning-of-line
|
||||
"\e[8~": end-of-line
|
||||
|
||||
# ctrl [+ shift] + del = kill line [backward]
|
||||
"\e[3;5~": kill-line
|
||||
"\e[3;6~": backward-kill-line
|
||||
$endif
|
||||
|
||||
# Up and Down should search history based on current cmdline
|
||||
"\e[A": history-search-backward
|
||||
"\e[B": history-search-forward
|
||||
'';
|
||||
}
|
7
hosts/common/core/issue.nix
Normal file
7
hosts/common/core/issue.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
environment.etc.issue.text = ''
|
||||
<<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
|
||||
'';
|
||||
|
||||
users.motd = "Guten Tach";
|
||||
}
|
19
hosts/common/core/net.nix
Normal file
19
hosts/common/core/net.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{nodeName, ...}: {
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
dhcpcd.enable = false;
|
||||
hostName = nodeName;
|
||||
};
|
||||
# Should remain enabled since nscd from glibc is kinda ass
|
||||
services.nscd.enableNsncd = true;
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
wait-online.anyInterface = true;
|
||||
};
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
# man i whish dnssec would be viable to use
|
||||
dnssec = "allow-downgrade";
|
||||
llmnr = "true";
|
||||
};
|
||||
}
|
|
@ -32,11 +32,12 @@
|
|||
experimental-features = nix-command flakes recursive-nix
|
||||
flake-registry = /etc/nix/registry.json
|
||||
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
|
||||
extra-builtins-file = ${../../../nix/extra-builtins.nix}
|
||||
'';
|
||||
optimise.automatic = true;
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
dates = "monthly";
|
||||
};
|
||||
|
||||
registry = {
|
||||
|
@ -46,18 +47,6 @@
|
|||
templates.flake = inputs.templates;
|
||||
};
|
||||
};
|
||||
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
# breaks flake based building
|
||||
# system.copySystemConfiguration = true;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
# TODO unify the stateversions here and of homemanager
|
||||
system.stateVersion = "23.05";
|
||||
}
|
20
hosts/common/core/ssh.nix
Normal file
20
hosts/common/core/ssh.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "yes";
|
||||
};
|
||||
hostKeys = [
|
||||
{
|
||||
# never set this to an actual nix type path
|
||||
# or else .....
|
||||
# it will end up in the nix store
|
||||
path = "/etc/ssh/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
59
hosts/common/core/system.nix
Normal file
59
hosts/common/core/system.nix
Normal file
|
@ -0,0 +1,59 @@
|
|||
{
|
||||
inputs,
|
||||
lib,
|
||||
nodePath,
|
||||
pkgs,
|
||||
nodeName,
|
||||
...
|
||||
}: {
|
||||
rekey = {
|
||||
inherit
|
||||
(inputs.self.secrets)
|
||||
masterIdentities
|
||||
extraEncryptionPubkeys
|
||||
;
|
||||
|
||||
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
|
||||
hostPubkey = let
|
||||
pubkeyPath = nodePath + "/secrets/host.pub";
|
||||
in
|
||||
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
|
||||
pubkeyPath;
|
||||
};
|
||||
boot = {
|
||||
initrd.systemd.enable = true;
|
||||
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
|
||||
supportedFilesystems = ["ntfs"];
|
||||
kernelModules = ["kvm-intel"];
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
security.sudo.enable = false;
|
||||
|
||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||
i18n.defaultLocale = "C.UTF-8";
|
||||
services.xserver = {
|
||||
layout = "de";
|
||||
xkbVariant = "bone";
|
||||
};
|
||||
console = {
|
||||
font = "ter-v28n";
|
||||
packages = with pkgs; [terminus_font];
|
||||
useXkbConfig = true; # use xkbOptions in tty.
|
||||
keyMap = lib.mkDefault "de-latin1-nodeadkeys";
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
gcc
|
||||
tree
|
||||
rage
|
||||
file
|
||||
ripgrep
|
||||
killall
|
||||
fd
|
||||
];
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
14
hosts/common/core/xdg.nix
Normal file
14
hosts/common/core/xdg.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
# XDG base spec
|
||||
environment.sessionVariables = rec {
|
||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||
XDG_CONFIG_HOME = "\${HOME}/.config";
|
||||
XDG_STATE_HOME = "\${HOME}/.local/state";
|
||||
XDG_DATA_HOME = "\${HOME}/.local/share";
|
||||
# xdg ninja recommendations
|
||||
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
|
||||
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
|
||||
RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
|
||||
WINEPREFIX = "${XDG_DATA_HOME}/wine";
|
||||
};
|
||||
}
|
6
hosts/common/dev/default.nix
Normal file
6
hosts/common/dev/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./docs.nix
|
||||
];
|
||||
environment.enableDebugInfo = true;
|
||||
}
|
11
hosts/common/dev/docs.nix
Normal file
11
hosts/common/dev/docs.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
man-pages
|
||||
man-pages-posix
|
||||
];
|
||||
documentation = {
|
||||
dev.enable = true;
|
||||
man.enable = true;
|
||||
info.enable = false;
|
||||
};
|
||||
}
|
7
hosts/common/efi.nix
Normal file
7
hosts/common/efi.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
}
|
5
hosts/common/graphical/default.nix
Normal file
5
hosts/common/graphical/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
imports = [
|
||||
./fonts.nix
|
||||
];
|
||||
}
|
53
hosts/common/graphical/fonts.nix
Normal file
53
hosts/common/graphical/fonts.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{pkgs, ...}: {
|
||||
fonts = {
|
||||
enableDefaultFonts = false;
|
||||
enableGhostscriptFonts = false;
|
||||
fontDir.enable = false;
|
||||
fontconfig = {
|
||||
defaultFonts = {
|
||||
sansSerif = ["IBM Plex Sans"];
|
||||
serif = ["IBM Plex Sans"];
|
||||
monospace = ["FiraCode Nerd Font"];
|
||||
emoji = ["Noto Color Emoji"];
|
||||
};
|
||||
localConf = ''
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
|
||||
<fontconfig>
|
||||
<alias binding="weak">
|
||||
<family>monospace</family>
|
||||
<prefer>
|
||||
<family>emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
<alias binding="weak">
|
||||
<family>sans-serif</family>
|
||||
<prefer>
|
||||
<family>emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
<alias binding="weak">
|
||||
<family>serif</family>
|
||||
<prefer>
|
||||
<family>emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
</fontconfig>
|
||||
'';
|
||||
};
|
||||
fonts = with pkgs; [
|
||||
(nerdfonts.override {fonts = ["FiraCode"];})
|
||||
ibm-plex
|
||||
dejavu_fonts
|
||||
unifont
|
||||
freefont_ttf
|
||||
gyre-fonts # TrueType substitutes for standard PostScript fonts
|
||||
liberation_ttf
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
noto-fonts-emoji
|
||||
noto-fonts-extra
|
||||
];
|
||||
};
|
||||
}
|
9
hosts/common/graphical/hyprland.nix
Normal file
9
hosts/common/graphical/hyprland.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
programs.hyprland.enable = true;
|
||||
services.dbus.enable = true;
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
extraPortals = with pkgs; [xdg-desktop-portal-hyprland];
|
||||
};
|
||||
}
|
27
hosts/common/hardware/bluetooth.nix
Normal file
27
hosts/common/hardware/bluetooth.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [bluetuith];
|
||||
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
powerOnBoot = true;
|
||||
disabledPlugins = ["sap"];
|
||||
settings = {
|
||||
General = {
|
||||
FastConnectable = "true";
|
||||
JustWorksRepairing = "always";
|
||||
MultiProfile = "multiple";
|
||||
Enable = "Source,Sink,Media,Socket";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hardware.pulseaudio = {
|
||||
package = pkgs.pulseaudio.override {bluetoothSupport = true;};
|
||||
extraConfig = ''
|
||||
load-module module-bluetooth-discover
|
||||
load-module module-bluetooth-policy
|
||||
load-module module-switch-on-connect
|
||||
'';
|
||||
extraModules = with pkgs; [pulseaudio-modules-bt];
|
||||
};
|
||||
}
|
4
hosts/common/hardware/intel.nix
Normal file
4
hosts/common/hardware/intel.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
}
|
21
hosts/common/hardware/nvidia.nix
Normal file
21
hosts/common/hardware/nvidia.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.xserver.videoDrivers = lib.mkForce ["nvidia"];
|
||||
|
||||
hardware = {
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
nvidia = {
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
finegrained = true;
|
||||
};
|
||||
modesetting.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
13
hosts/common/hardware/physical.nix
Normal file
13
hosts/common/hardware/physical.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Configuration for actual physical machines
|
||||
{config, ...}: {
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true;
|
||||
enableAllFirmware = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
fwupd.enable = true;
|
||||
smartd.enable = true;
|
||||
thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
|
||||
};
|
||||
}
|
15
hosts/common/laptop.nix
Normal file
15
hosts/common/laptop.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{pkgs, ...}: {
|
||||
services = {
|
||||
physlock.enable = true;
|
||||
tlp = {
|
||||
enable = true;
|
||||
# currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
|
||||
settings = {
|
||||
USB_EXLUDE_PHONE = 1;
|
||||
};
|
||||
};
|
||||
udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness"
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,39 +0,0 @@
|
|||
{
|
||||
networking.wireless.iwd.enable = true;
|
||||
rekey.secrets.eduroam = {
|
||||
file = ../../secrets/iwd/eduroam.8021x.age;
|
||||
path = "/var/lib/iwd/eduroam.8021x";
|
||||
};
|
||||
rekey.secrets.devoloog = {
|
||||
file = ../../secrets/iwd/devolo-og.psk.age;
|
||||
path = "/var/lib/iwd/devolo-og.psk";
|
||||
};
|
||||
rekey.secrets.kaist = {
|
||||
file = ../../secrets/iwd/kaist.8021x.age;
|
||||
path = "/var/lib/iwd/Welcome_KAIST.8021x";
|
||||
};
|
||||
|
||||
networking.useNetworkd = true;
|
||||
networking.dhcpcd.enable = false;
|
||||
# Should remain enabled since nscd from glibc is kinda ass
|
||||
services.nscd.enableNsncd = true;
|
||||
systemd.network.wait-online.anyInterface = true;
|
||||
# Fuck korea.
|
||||
# I need a static global IP address for my dorm LAN
|
||||
# So to not dox myself this config file is hardcoded
|
||||
rekey.secrets.enp0s20f0u2u4 = {
|
||||
file = ../../secrets/koreaIP.age;
|
||||
path = "/etc/systemd/network/10-enp0s20f0u2u4.network";
|
||||
mode = "444";
|
||||
};
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
};
|
||||
# Add the VPN based route to my paperless instance to
|
||||
# etc/hosts
|
||||
networking.extraHosts = ''
|
||||
10.0.0.1 paperless.lel.lol
|
||||
'';
|
||||
|
||||
networking.firewall.enable = false;
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.xserver.videoDrivers = lib.mkForce ["nvidia"];
|
||||
|
||||
hardware.nvidia = {
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
finegrained = true;
|
||||
};
|
||||
modesetting.enable = true;
|
||||
prime = {
|
||||
offload = {
|
||||
enableOffloadCmd = true;
|
||||
enable = true;
|
||||
};
|
||||
|
||||
intelBusId = "PCI:00:02:0";
|
||||
nvidiaBusId = "PCI:59:00:0";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,13 +6,6 @@
|
|||
environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
|
||||
|
||||
hardware.pulseaudio.enable = lib.mkForce false;
|
||||
hardware.bluetooth.enable = true;
|
||||
hardware.bluetooth.settings = {
|
||||
General = {
|
||||
Enable = "Source,Sink,Media,Socket";
|
||||
};
|
||||
};
|
||||
|
||||
security.rtkit.enable = true;
|
||||
|
||||
services.pipewire = {
|
||||
|
@ -22,5 +15,5 @@
|
|||
pulse.enable = true;
|
||||
};
|
||||
|
||||
sound.enable = true;
|
||||
sound.enable = false;
|
||||
}
|
||||
|
|
13
hosts/common/steam.nix
Normal file
13
hosts/common/steam.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{pkgs, ...}: {
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
package = pkgs.steam.override {
|
||||
extraPkgs = pkgs:
|
||||
with pkgs; [
|
||||
# vampir überlebende braucht diese pkgs
|
||||
libgdiplus
|
||||
cups
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
pkgs:
|
||||
# This is small script to map touchinputs to outputs
|
||||
# in an ideal world this would happen automatically but
|
||||
# with udev and X11 we truly do not live in an ideal world
|
||||
"${pkgs.writeShellScriptBin "fix-shit" ''
|
||||
xinput --map-to-output "ELAN2514:00 04F3:2817" eDP-1
|
||||
xinput --map-to-output "ELAN2514:00 04F3:2817 Stylus Pen (0)" eDP-1
|
||||
xset r rate 235 60
|
||||
autorandr -c
|
||||
''}/bin/fix-shit"
|
11
hosts/common/yubikey.nix
Normal file
11
hosts/common/yubikey.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
yubikey-personalization
|
||||
yubikey-manager
|
||||
age-plugin-yubikey
|
||||
];
|
||||
|
||||
services.pcscd.enable = true;
|
||||
|
||||
services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
|
||||
}
|
25
hosts/common/zfs.nix
Normal file
25
hosts/common/zfs.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
|
||||
# The root pool should never be imported forcefully.
|
||||
# Failure to import is important to notice!
|
||||
boot.zfs.forceImportRoot = false;
|
||||
|
||||
environment.systemPackages = with pkgs; [zfs];
|
||||
|
||||
services.zfs = {
|
||||
autoScrub = {
|
||||
enable = true;
|
||||
interval = "weekly";
|
||||
};
|
||||
trim = {
|
||||
enable = true;
|
||||
interval = "weekly";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,87 +1,42 @@
|
|||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
nodeName,
|
||||
lib,
|
||||
nixos-hardware,
|
||||
...
|
||||
}: let
|
||||
shell = pkgs.zsh;
|
||||
in {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
#user home configuration
|
||||
../../users/patrick
|
||||
#
|
||||
nixos-hardware.common-cpu-intel
|
||||
nixos-hardware.common-gpu-intel
|
||||
nixos-hardware.common-pc-laptop
|
||||
nixos-hardware.common-pc-laptop-ssd
|
||||
|
||||
../common/core
|
||||
../common/dev
|
||||
../common/graphical
|
||||
../common/hardware/bluetooth.nix
|
||||
../common/hardware/intel.nix
|
||||
../common/hardware/physical.nix
|
||||
../common/efi.nix
|
||||
../common/laptop.nix
|
||||
../common/pipewire.nix
|
||||
../common/nvidia.nix
|
||||
../common/wireguard.nix
|
||||
../common/smb-mounts.nix
|
||||
../common/networking.nix
|
||||
../common/nix.nix
|
||||
../common/steam.nix
|
||||
../common/yubikey.nix
|
||||
../common/zfs.nix
|
||||
|
||||
../common/hardware/nvidia.nix
|
||||
./prime-offload.nix
|
||||
|
||||
./net.nix
|
||||
./fs.nix
|
||||
./smb-mounts.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "patricknix"; # Define your hostname.
|
||||
networking.hostId = "68438432";
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Asia/Seoul";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "C.UTF-8";
|
||||
services.xserver = {
|
||||
layout = "de";
|
||||
xkbVariant = "bone";
|
||||
};
|
||||
programs.hyprland.enable = true;
|
||||
console = {
|
||||
font = "ter-v28n";
|
||||
packages = with pkgs; [terminus_font];
|
||||
useXkbConfig = true; # use xkbOptions in tty.
|
||||
};
|
||||
|
||||
rekey = {
|
||||
inherit
|
||||
(inputs.self.secrets)
|
||||
masterIdentities
|
||||
extraEncryptionPubkeys
|
||||
;
|
||||
|
||||
#forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
|
||||
hostPubkey = let
|
||||
pubkeyPath = ../. + "/${nodeName}/secrets/host.pub";
|
||||
in
|
||||
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
|
||||
pubkeyPath;
|
||||
};
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
# currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
|
||||
settings = {
|
||||
USB_EXLUDE_PHONE = 1;
|
||||
};
|
||||
};
|
||||
|
||||
# Disable mutable Users, any option can only be set by the nix config
|
||||
users.mutableUsers = false;
|
||||
|
||||
rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
|
||||
|
||||
environment.etc.issue.text = ''
|
||||
<<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
|
||||
'';
|
||||
|
||||
users.motd = "Guten Tach";
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.users.patrick = {
|
||||
inherit shell;
|
||||
|
@ -94,9 +49,6 @@ in {
|
|||
};
|
||||
users.groups.patrick.gid = 1000;
|
||||
# Allow users in group video to edit backlight setting
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness"
|
||||
'';
|
||||
|
||||
rekey.secrets.root.file = ../../secrets/root.passwd.age;
|
||||
users.users.root = {
|
||||
|
@ -108,87 +60,13 @@ in {
|
|||
passwordFile = config.rekey.secrets.root.path;
|
||||
};
|
||||
|
||||
security.sudo.enable = false;
|
||||
|
||||
documentation.dev.enable = true;
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
xterm
|
||||
wget
|
||||
gcc
|
||||
tree
|
||||
age-plugin-yubikey
|
||||
rage
|
||||
file
|
||||
ripgrep
|
||||
killall
|
||||
fd
|
||||
man-pages
|
||||
man-pages-posix
|
||||
# xournalpp needs this or else it will crash
|
||||
gnome3.adwaita-icon-theme
|
||||
];
|
||||
# HM zsh needs this or else the startup order is fucked
|
||||
# and env variables will be loaded incorrectly
|
||||
programs.zsh.enable = true;
|
||||
|
||||
services.physlock.enable = true;
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
package = pkgs.steam.override {
|
||||
extraPkgs = pkgs:
|
||||
with pkgs; [
|
||||
# vampir überlebende braucht diese pkgs
|
||||
libgdiplus
|
||||
cups
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "yes";
|
||||
};
|
||||
hostKeys = [
|
||||
{
|
||||
# never set this to an actual nix type path
|
||||
# or else .....
|
||||
# it will end up in the nix store
|
||||
path = "/etc/ssh/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.thermald.enable = true;
|
||||
services.pcscd.enable = true;
|
||||
services.fstrim.enable = true;
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
|
||||
|
||||
environment.shellInit = ''
|
||||
gpg-connect-agent /bye
|
||||
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
||||
umask 077
|
||||
'';
|
||||
# XDG base spec
|
||||
environment.sessionVariables = rec {
|
||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||
XDG_CONFIG_HOME = "\${HOME}/.config";
|
||||
XDG_STATE_HOME = "\${HOME}/.local/state";
|
||||
XDG_DATA_HOME = "\${HOME}/.local/share";
|
||||
# xdg ninja recommendations
|
||||
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
|
||||
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
|
||||
RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
|
||||
WINEPREFIX = "${XDG_DATA_HOME}/wine";
|
||||
};
|
||||
}
|
||||
|
|
13
hosts/patricknix/fs.nix
Normal file
13
hosts/patricknix/fs.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
fileSystems."/" = {
|
||||
device = "rpool/ROOT/nixos";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/BC47-8FB9";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [];
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.supportedFilesystems = ["ntfs"];
|
||||
boot.kernelModules = ["kvm-intel"];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "rpool/ROOT/nixos";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/BC47-8FB9";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s20f0u2u4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
48
hosts/patricknix/net.nix
Normal file
48
hosts/patricknix/net.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{
|
||||
nodeSecrets,
|
||||
nodePath,
|
||||
...
|
||||
}: {
|
||||
networking = {
|
||||
inherit (nodeSecrets.networking) hostId;
|
||||
wireless.iwd.enable = true;
|
||||
# Add the VPN based route to my paperless instance to
|
||||
# etc/hosts
|
||||
extraHosts = ''
|
||||
10.0.0.1 paperless.lel.lol
|
||||
'';
|
||||
};
|
||||
|
||||
# Fuck korea.
|
||||
# I need a static global IP address for my dorm LAN
|
||||
# So to not dox myself this config file is hardcoded
|
||||
systemd.network.networks = {
|
||||
"lan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
|
||||
networkConfig.IPv6PrivacyExtensions = "yes";
|
||||
gateway = [nodeSecrets.networking.fuckKoreanDorm.gateway];
|
||||
address = [nodeSecrets.networking.fuckKoreanDorm.address];
|
||||
dns = ["9.9.9.9"];
|
||||
};
|
||||
"wlan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
|
||||
networkConfig.IPv6PrivacyExtensions = "yes";
|
||||
# TODO: change dns to own when at hom
|
||||
dns = ["9.9.9.9"];
|
||||
};
|
||||
};
|
||||
rekey.secrets.eduroam = {
|
||||
file = nodePath + "/secrets/iwd/eduroam.8021x.age";
|
||||
path = "/var/lib/iwd/eduroam.8021x";
|
||||
};
|
||||
rekey.secrets.devoloog = {
|
||||
file = nodePath + "/secrets/iwd/devolo-og.psk.age";
|
||||
path = "/var/lib/iwd/devolo-og.psk";
|
||||
};
|
||||
rekey.secrets.kaist = {
|
||||
file = nodePath + "/secrets/iwd/kaist.8021x.age";
|
||||
path = "/var/lib/iwd/Welcome_KAIST.8021x";
|
||||
};
|
||||
}
|
11
hosts/patricknix/prime-offload.nix
Normal file
11
hosts/patricknix/prime-offload.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
hardware.nvidia.prime = {
|
||||
offload = {
|
||||
enableOffloadCmd = true;
|
||||
enable = true;
|
||||
};
|
||||
|
||||
intelBusId = "PCI:00:02:0";
|
||||
nvidiaBusId = "PCI:59:00:0";
|
||||
};
|
||||
}
|
BIN
hosts/patricknix/secrets/secrets.nix.age
Normal file
BIN
hosts/patricknix/secrets/secrets.nix.age
Normal file
Binary file not shown.
|
@ -22,6 +22,7 @@ in
|
|||
inherit nodeName;
|
||||
inherit nodeMeta;
|
||||
inherit hyprland;
|
||||
nodePath = ../hosts + "/${nodeName}/";
|
||||
secrets = self.secrets.content;
|
||||
nodeSecrets = self.secrets.content.nodes.${nodeName};
|
||||
nixos-hardware = nixos-hardware.nixosModules;
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
{
|
||||
config,
|
||||
home-manager,
|
||||
hyprland,
|
||||
...
|
||||
}: {
|
||||
{hyprland, ...}: {
|
||||
# TODO: only import this if the current host is a nixos host
|
||||
imports = [
|
||||
../../hosts/common/graphical/hyprland.nix
|
||||
];
|
||||
home-manager.users.patrick.imports = [
|
||||
hyprland.homeManagerModules.default
|
||||
./patrick.nix
|
||||
|
|
Loading…
Reference in a new issue