diff options
| author | seth <[email protected]> | 2023-01-25 20:26:41 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-01-26 03:49:52 -0500 |
| commit | 7608b3701bf43502a9d3e5752b5f4cd9643f126b (patch) | |
| tree | 31e8e43af2effe1a306db6cc3b65171101968698 /hosts | |
| parent | 7c93704d3d49a7dc3f0067beb80846ca539d392b (diff) | |
help
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/common/default.nix | 10 | ||||
| -rw-r--r-- | hosts/common/desktop/common.nix | 4 | ||||
| -rw-r--r-- | hosts/common/desktop/gnome.nix | 24 | ||||
| -rw-r--r-- | hosts/common/documentation.nix | 11 | ||||
| -rw-r--r-- | hosts/common/fonts.nix | 28 | ||||
| -rw-r--r-- | hosts/common/hardware/default.nix | 6 | ||||
| -rw-r--r-- | hosts/common/hardware/nvidia.nix | 17 | ||||
| -rw-r--r-- | hosts/common/options.nix | 14 | ||||
| -rw-r--r-- | hosts/common/security.nix | 43 | ||||
| -rw-r--r-- | hosts/common/systemd.nix | 19 | ||||
| -rw-r--r-- | hosts/glados-wsl/default.nix | 19 | ||||
| -rw-r--r-- | hosts/glados-wsl/packages.nix | 9 | ||||
| -rw-r--r-- | hosts/glados/boot.nix | 28 | ||||
| -rw-r--r-- | hosts/glados/default.nix | 28 | ||||
| -rw-r--r-- | hosts/glados/network.nix | 9 | ||||
| -rw-r--r-- | hosts/glados/packages.nix | 24 | ||||
| -rw-r--r-- | hosts/glados/services.nix | 12 |
17 files changed, 266 insertions, 39 deletions
diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 9793191..2923ae0 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -1,7 +1,13 @@ -{ +{lib, ...}: { imports = [ + ./options.nix + ./documentation.nix + ./fonts.nix + ./locale.nix ./security.nix + ./systemd.nix ./users.nix - ./locale.nix ]; + + config.services.kmscon.enable = true; } diff --git a/hosts/common/desktop/common.nix b/hosts/common/desktop/common.nix new file mode 100644 index 0000000..d0289b1 --- /dev/null +++ b/hosts/common/desktop/common.nix @@ -0,0 +1,4 @@ +{config, ...}: { + programs.xwayland.enable = true; + xdg.portal.enable = true; +} diff --git a/hosts/common/desktop/gnome.nix b/hosts/common/desktop/gnome.nix new file mode 100644 index 0000000..f6d06b4 --- /dev/null +++ b/hosts/common/desktop/gnome.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + ... +}: { + services = + if config.system.gui-stuff + then { + xserver.enable = true; + xserver.displayManager.gdm.enable = true; + xserver.desktopManager.gnome.enable = true; + } + else {}; + + environment.gnome.excludePackages = ( + with pkgs; + if config.system.gui-stuff + then [ + epiphany + gnome-tour + ] + else [] + ); +} diff --git a/hosts/common/documentation.nix b/hosts/common/documentation.nix new file mode 100644 index 0000000..6d6b96f --- /dev/null +++ b/hosts/common/documentation.nix @@ -0,0 +1,11 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [man-pages man-pages-posix nixpkgs-manual]; + documentation = { + dev.enable = true; + man.enable = true; + }; +} diff --git a/hosts/common/fonts.nix b/hosts/common/fonts.nix new file mode 100644 index 0000000..9cec045 --- /dev/null +++ b/hosts/common/fonts.nix @@ -0,0 +1,28 @@ +{ + config, + pkgs, + ... +}: { + fonts = { + fonts = with pkgs; + if config.system.gui-stuff + then [ + noto-fonts + noto-fonts-extra + noto-fonts-emoji + noto-fonts-cjk-sans + fira-code + (nerdfonts.override {fonts = ["FiraCode"];}) + ] + else []; + fontconfig.defaultFonts = + if config.system.gui-stuff + then { + serif = ["Noto Serif"]; + sansSerif = ["Noto Sans"]; + emoji = ["Noto Color Emoji"]; + monospace = ["Fira Code"]; + } + else {}; + }; +} diff --git a/hosts/common/hardware/default.nix b/hosts/common/hardware/default.nix new file mode 100644 index 0000000..e7e6350 --- /dev/null +++ b/hosts/common/hardware/default.nix @@ -0,0 +1,6 @@ +_: { + imports = [ + ./nvidia.nix + ./zfs.nix + ]; +} diff --git a/hosts/common/hardware/nvidia.nix b/hosts/common/hardware/nvidia.nix new file mode 100644 index 0000000..4bc445c --- /dev/null +++ b/hosts/common/hardware/nvidia.nix @@ -0,0 +1,17 @@ +{ + config, + pkgs, + ... +}: { + hardware = { + nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; + opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + ]; + }; + }; + + services.xserver.videoDrivers = ["nvidia"]; +} diff --git a/hosts/common/options.nix b/hosts/common/options.nix new file mode 100644 index 0000000..2d532ed --- /dev/null +++ b/hosts/common/options.nix @@ -0,0 +1,14 @@ +{lib, ...}: { + options.system = with lib.types; { + devel-packages = lib.mkOption { + type = bool; + default = false; + description = "install development packages for neovim lsp"; + }; + gui-stuff = lib.mkOption { + type = bool; + default = false; + description = "install gui-related packages"; + }; + }; +} diff --git a/hosts/common/security.nix b/hosts/common/security.nix index f0f3bb9..32c2ff5 100644 --- a/hosts/common/security.nix +++ b/hosts/common/security.nix @@ -1,21 +1,28 @@ _: { - security.sudo = { - configFile = '' - Defaults env_reset - Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin - Defaults editor = /run/current-system/sw/bin/vim,!env_editor - ''; - execWheelOnly = true; - extraRules = [ - { - users = ["root"]; - groups = ["root"]; - commands = ["ALL"]; - } - { - users = ["seth"]; - commands = ["ALL"]; - } - ]; + security = { + apparmor.enable = true; + audit.enable = true; + auditd.enable = true; + rtkit.enable = true; + sudo = { + configFile = '' + Defaults env_reset + Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin + Defaults editor = /run/current-system/sw/bin/vim,!env_editor + ''; + execWheelOnly = true; + extraRules = [ + { + users = ["root"]; + groups = ["root"]; + commands = ["ALL"]; + } + { + users = ["seth"]; + commands = ["ALL"]; + } + ]; + }; + polkit.enable = true; }; } diff --git a/hosts/common/systemd.nix b/hosts/common/systemd.nix new file mode 100644 index 0000000..42b4042 --- /dev/null +++ b/hosts/common/systemd.nix @@ -0,0 +1,19 @@ +{config, ...}: { + services = { + journald.extraConfig = '' + MaxRetentionSec=1w + ''; + resolved = + if config.system.gui-stuff + then { + enable = true; + dnssec = "allow-downgrade"; + extraConfig = '' + [Resolve] + DNS=1.1.1.1 1.0.0.1 + DNSOverTLS=yes + ''; + } + else {}; + }; +} diff --git a/hosts/glados-wsl/default.nix b/hosts/glados-wsl/default.nix index 49db2ae..d77baf6 100644 --- a/hosts/glados-wsl/default.nix +++ b/hosts/glados-wsl/default.nix @@ -19,23 +19,4 @@ nix.settings.experimental-features = ["nix-command" "flakes"]; system.stateVersion = "22.11"; - - # hardware = { - # nvidia.package = boot.kernelPackages.nvidiaPackages.stable; - # xserver = { - # videoDrivers = [ "nvidia" ]; - # }; - # opengl.enable = true; - # }; - - networking.hostName = "glados-wsl"; - - programs = { - gnupg = { - agent = { - enable = true; - pinentryFlavor = "curses"; - }; - }; - }; } diff --git a/hosts/glados-wsl/packages.nix b/hosts/glados-wsl/packages.nix index c6ff472..7066911 100644 --- a/hosts/glados-wsl/packages.nix +++ b/hosts/glados-wsl/packages.nix @@ -8,4 +8,13 @@ python310 vim ]; + + programs = { + gnupg = { + agent = { + enable = true; + pinentryFlavor = "curses"; + }; + }; + }; } diff --git a/hosts/glados/boot.nix b/hosts/glados/boot.nix new file mode 100644 index 0000000..13cc84e --- /dev/null +++ b/hosts/glados/boot.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + sbctl + ]; + + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + kernelParams = ["nohibernate"]; + + loader = { + systemd-boot = { + enable = lib.mkForce false; + }; + efi.canTouchEfiVariables = true; + }; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + + supportedFilesystems = ["zfs"]; + }; +} diff --git a/hosts/glados/default.nix b/hosts/glados/default.nix new file mode 100644 index 0000000..96fa381 --- /dev/null +++ b/hosts/glados/default.nix @@ -0,0 +1,28 @@ +{ + config, + modulesPath, + pkgs, + ... +}: { + imports = [ + (modulesPath + "/profiles/minimal.nix") + ../common + ../common/desktop/gnome.nix + ../common/hardware/nvidia.nix + ./boot.nix + ./network.nix + ./packages.nix + ../../users/seth + ]; + + system.gui-stuff = true; + + # enable non-free packages + nixpkgs.config.allowUnfree = true; + + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.settings.experimental-features = ["nix-command" "flakes"]; + + system.stateVersion = "23.05"; +} diff --git a/hosts/glados/network.nix b/hosts/glados/network.nix new file mode 100644 index 0000000..b80f0ae --- /dev/null +++ b/hosts/glados/network.nix @@ -0,0 +1,9 @@ +{config, ...}: { + networking = { + hostId = "$(head -c 8 /etc/machine-id)"; + networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + }; +} diff --git a/hosts/glados/packages.nix b/hosts/glados/packages.nix new file mode 100644 index 0000000..2765f35 --- /dev/null +++ b/hosts/glados/packages.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + git + gnupg1 + neofetch + nixos-option + pinentry-curses + python310 + vim + ]; + + programs = { + gnupg = { + agent = { + enable = true; + pinentryFlavor = "curses"; + }; + }; + }; +} diff --git a/hosts/glados/services.nix b/hosts/glados/services.nix new file mode 100644 index 0000000..a71acbd --- /dev/null +++ b/hosts/glados/services.nix @@ -0,0 +1,12 @@ +{config, ...}: { + services = { + dbus.enable = true; + pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + jack.enable = true; + pulse.enable = true; + }; + }; +} |