diff options
| author | seth <[email protected]> | 2023-05-08 00:21:41 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-08 00:21:41 -0400 |
| commit | 9cedd06b8589a5d39a7a85e2efe646a8edebac53 (patch) | |
| tree | 8884a1238b0586396bc403098e23e78505ab514e /modules/nixos | |
| parent | 589c80eb1bcaf76b4a1a7e6f9cdd725fdb04e063 (diff) | |
modules: merge base and nixos
Diffstat (limited to 'modules/nixos')
24 files changed, 612 insertions, 55 deletions
diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix new file mode 100644 index 0000000..63700e1 --- /dev/null +++ b/modules/nixos/base/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: let + cfg = config.getchoo.base; + inherit (lib) mkDefault mkEnableOption mkIf; +in { + options.getchoo.base.enable = mkEnableOption "base nixos module"; + + imports = [ + ./documentation.nix + ./locale.nix + ./network.nix + ./nix.nix + ./packages.nix + ./root.nix + ./security.nix + ./systemd.nix + ./virtualisation.nix + ]; + + config = mkIf cfg.enable { + getchoo.base = { + defaultPackages.enable = mkDefault true; + defaultLocale.enable = mkDefault true; + defaultRoot.enable = mkDefault true; + documentation.enable = mkDefault true; + networking.enable = mkDefault true; + nix-settings.enable = mkDefault true; + }; + }; +} diff --git a/modules/nixos/base/documentation.nix b/modules/nixos/base/documentation.nix new file mode 100644 index 0000000..9064507 --- /dev/null +++ b/modules/nixos/base/documentation.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.base.documentation; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.base.documentation.enable = mkEnableOption "base module documentation"; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [man-pages man-pages-posix]; + documentation = { + dev.enable = true; + man.enable = true; + }; + }; +} diff --git a/modules/nixos/locale.nix b/modules/nixos/base/locale.nix index c362a6d..b79d328 100644 --- a/modules/nixos/locale.nix +++ b/modules/nixos/base/locale.nix @@ -3,10 +3,10 @@ lib, ... }: let - cfg = config.getchoo.nixos.defaultLocale; + cfg = config.getchoo.base.defaultLocale; inherit (lib) mkEnableOption mkIf; in { - options.getchoo.nixos.defaultLocale.enable = mkEnableOption "enable default locale"; + options.getchoo.base.defaultLocale.enable = mkEnableOption "enable default locale"; config = mkIf cfg.enable { i18n = { diff --git a/modules/nixos/network.nix b/modules/nixos/base/network.nix index 7dce2b1..dbcabac 100644 --- a/modules/nixos/network.nix +++ b/modules/nixos/base/network.nix @@ -3,10 +3,10 @@ lib, ... }: let - cfg = config.getchoo.nixos.networking; + cfg = config.getchoo.base.networking; inherit (lib) mkEnableOption mkIf; in { - options.getchoo.nixos.networking.enable = mkEnableOption "enable networking"; + options.getchoo.base.networking.enable = mkEnableOption "enable networking"; config = mkIf cfg.enable { networking.networkmanager = { diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix new file mode 100644 index 0000000..38fcef0 --- /dev/null +++ b/modules/nixos/base/nix.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.base.nix-settings; + inherit (lib) mkDefault mkEnableOption mkIf; +in { + options.getchoo.base.nix-settings.enable = mkEnableOption "base nix settings"; + + imports = [ + ./documentation.nix + ./packages.nix + ]; + + config = let + channelPath = "/etc/nix/channels/nixpkgs"; + in + mkIf cfg.enable { + nix = { + package = mkDefault pkgs.nixFlakes; + + gc = { + automatic = mkDefault true; + dates = mkDefault "weekly"; + options = mkDefault "--delete-older-than 7d"; + }; + + settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + }; + + nixPath = [ + "nixpkgs=${channelPath}" + ]; + }; + + systemd.tmpfiles.rules = [ + "L+ ${channelPath} - - - - ${pkgs.path}" + ]; + }; +} diff --git a/modules/nixos/base/packages.nix b/modules/nixos/base/packages.nix new file mode 100644 index 0000000..a082196 --- /dev/null +++ b/modules/nixos/base/packages.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.base.defaultPackages; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.base.defaultPackages.enable = mkEnableOption "base module default packages"; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + cachix + hyfetch + neofetch + pinentry-curses + python311 + ]; + + programs = { + git.enable = true; + + gnupg = { + agent = { + enable = true; + pinentryFlavor = lib.mkDefault "curses"; + }; + }; + + vim.defaultEditor = true; + }; + }; +} diff --git a/modules/nixos/root.nix b/modules/nixos/base/root.nix index f2e5878..5f8d7d4 100644 --- a/modules/nixos/root.nix +++ b/modules/nixos/base/root.nix @@ -3,10 +3,10 @@ lib, ... }: let - cfg = config.getchoo.nixos.defaultRoot; + cfg = config.getchoo.base.defaultRoot; inherit (lib) mkDefault mkEnableOption mkIf; in { - options.getchoo.nixos.defaultRoot.enable = mkEnableOption "enable default root user"; + options.getchoo.base.defaultRoot.enable = mkEnableOption "enable default root user"; config = mkIf cfg.enable { users.users.root = { diff --git a/modules/nixos/security.nix b/modules/nixos/base/security.nix index 403cfa5..403cfa5 100644 --- a/modules/nixos/security.nix +++ b/modules/nixos/base/security.nix diff --git a/modules/nixos/systemd.nix b/modules/nixos/base/systemd.nix index 2888c0b..2888c0b 100644 --- a/modules/nixos/systemd.nix +++ b/modules/nixos/base/systemd.nix diff --git a/modules/nixos/base/virtualisation.nix b/modules/nixos/base/virtualisation.nix new file mode 100644 index 0000000..7654fbb --- /dev/null +++ b/modules/nixos/base/virtualisation.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.base.virtualisation; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.base.virtualisation.enable = mkEnableOption "enable podman"; + + config.virtualisation = mkIf cfg.enable { + podman = { + enable = true; + enableNvidia = true; + extraPackages = with pkgs; [podman-compose]; + }; + oci-containers.backend = "podman"; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bbe334e..3ae2f08 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,30 +1,7 @@ -{ - config, - lib, - ... -}: let - cfg = config.getchoo.nixos; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.getchoo.nixos.enable = mkEnableOption "base nixos module"; - +_: { imports = [ - ./locale.nix - ./network.nix - ./root.nix - ./security.nix - ./systemd.nix - ./virtualisation.nix + ./base + ./desktop + ./hardware ]; - - config = mkIf cfg.enable { - getchoo = { - base.enable = true; - nixos = { - defaultLocale.enable = mkDefault true; - defaultRoot.enable = mkDefault true; - networking.enable = mkDefault true; - }; - }; - }; } diff --git a/modules/nixos/desktop/audio.nix b/modules/nixos/desktop/audio.nix new file mode 100644 index 0000000..d04316b --- /dev/null +++ b/modules/nixos/desktop/audio.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: let + cfg = config.getchoo.desktop.audio; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.desktop.audio.enable = mkEnableOption "enable audio support"; + + config = mkIf cfg.enable { + services = { + pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + jack.enable = true; + pulse.enable = true; + }; + }; + hardware.pulseaudio.enable = false; + }; +} diff --git a/modules/nixos/desktop/budgie/default.nix b/modules/nixos/desktop/budgie/default.nix new file mode 100644 index 0000000..440bbc6 --- /dev/null +++ b/modules/nixos/desktop/budgie/default.nix @@ -0,0 +1,58 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.getchoo.desktop.budgie; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.desktop.budgie.enable = mkEnableOption "enable budgie"; + + config = mkIf cfg.enable { + getchoo.desktop.enable = true; + + services.xserver = { + displayManager.lightdm.greeters.slick = { + theme = { + name = "Materia-dark"; + package = pkgs.materia-theme; + }; + iconTheme = { + name = "Papirus-Dark"; + package = pkgs.papirus-icon-theme; + }; + cursorTheme = { + name = "Breeze-gtk"; + package = pkgs.libsForQt5.breeze-gtk; + }; + }; + + desktopManager.budgie = { + enable = true; + extraGSettingsOverrides = '' + [org.gnome.desktop.interface:Budgie] + gtk-theme="Materia-dark" + icon-theme="Papirus-Dark" + cursor-theme="Breeze-gtk" + font-name="Noto Sans 10" + document-font-name="Noto Sans 10" + monospace-font-name="Fira Code 10" + enable-hot-corners=true + ''; + }; + }; + + environment.budgie.excludePackages = with pkgs; [ + qogir-theme + qogir-icon-theme + ]; + + environment.systemPackages = with pkgs; [ + alacritty + breeze-gtk + materia-theme + papirus-icon-theme + ]; + }; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix new file mode 100644 index 0000000..2536a55 --- /dev/null +++ b/modules/nixos/desktop/default.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.desktop; + inherit (lib) mkDefault mkEnableOption mkIf; +in { + imports = [ + ./audio.nix + ./budgie + ./fonts.nix + ./gnome + ./plasma + ]; + + options.getchoo.desktop.enable = mkEnableOption "desktop module"; + + config = mkIf cfg.enable { + getchoo = { + base.enable = true; + desktop = { + audio.enable = mkDefault true; + fonts.enable = mkDefault true; + }; + }; + + environment = { + noXlibs = lib.mkForce false; + systemPackages = with pkgs; [pinentry-curses wl-clipboard xclip]; + }; + + programs = { + dconf.enable = true; + firefox.enable = true; + xwayland.enable = true; + }; + + services.xserver.enable = true; + xdg.portal.enable = true; + }; +} diff --git a/modules/nixos/desktop/fonts.nix b/modules/nixos/desktop/fonts.nix new file mode 100644 index 0000000..95b2e4d --- /dev/null +++ b/modules/nixos/desktop/fonts.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.getchoo.desktop.fonts; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.desktop.fonts.enable = mkEnableOption "enable default fonts"; + + config = mkIf cfg.enable { + fonts = { + enableDefaultFonts = true; + + fonts = with pkgs; [ + corefonts + fira-code + (nerdfonts.override {fonts = ["FiraCode"];}) + noto-fonts + noto-fonts-extra + noto-fonts-emoji + noto-fonts-cjk-sans + ]; + + fontconfig = { + enable = true; + defaultFonts = { + serif = ["Noto Serif"]; + sansSerif = ["Noto Sans"]; + emoji = ["Noto Color Emoji"]; + monospace = ["Fira Code"]; + }; + }; + }; + }; +} diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix new file mode 100644 index 0000000..fd3d34d --- /dev/null +++ b/modules/nixos/desktop/gnome/default.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.getchoo.desktop.gnome; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.desktop.gnome.enable = mkEnableOption "enable gnome"; + + config = mkIf cfg.enable { + getchoo.desktop.enable = true; + + environment = { + gnome.excludePackages = with pkgs; [ + epiphany + gnome-tour + ]; + systemPackages = with pkgs; [ + adw-gtk3 + blackbox-terminal + pinentry-gnome + pinentry-gnome + ]; + }; + + services.xserver = { + displayManager.gdm = { + enable = true; + wayland = lib.mkForce true; + }; + desktopManager.gnome.enable = true; + }; + + programs.gnupg.agent.pinentryFlavor = "gnome3"; + }; +} diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix new file mode 100644 index 0000000..84960f3 --- /dev/null +++ b/modules/nixos/desktop/plasma/default.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.desktop.plasma; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.desktop.plasma.enable = mkEnableOption "enable plasma"; + + config = mkIf cfg.enable { + getchoo.desktop.enable = true; + + environment.systemPackages = with pkgs; [pinentry-qt]; + + services.xserver = { + displayManager.sddm.enable = true; + desktopManager.plasma5 = { + enable = true; + excludePackages = with pkgs.libsForQt5; [ + khelpcenter + plasma-browser-integration + print-manager + ]; + useQtScaling = true; + }; + }; + + programs.gnupg.agent.pinentryFlavor = "qt"; + }; +} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..cefa15c --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: let + cfg = config.getchoo.hardware; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.hardware.enable = mkEnableOption "hardware module"; + + imports = [ + ./nvidia.nix + ]; + + config = mkIf cfg.enable { + hardware.enableAllFirmware = true; + }; +} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix new file mode 100644 index 0000000..c317226 --- /dev/null +++ b/modules/nixos/hardware/nvidia.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.hardware.nvidia; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.hardware.nvidia.enable = mkEnableOption "enable nvidia support"; + + config = mkIf cfg.enable { + getchoo.hardware.enable = true; + + hardware = { + nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.stable; + modesetting.enable = true; + }; + + opengl = { + enable = true; + # make steam work + driSupport32Bit = true; + extraPackages = with pkgs; [ + vaapiVdpau + ]; + }; + }; + + services.xserver.videoDrivers = ["nvidia"]; + }; +} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix new file mode 100644 index 0000000..504a333 --- /dev/null +++ b/modules/nixos/server/default.nix @@ -0,0 +1,79 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.getchoo.server; + inherit (lib) mkDefault mkEnableOption mkIf; +in { + options.getchoo.server.enable = mkEnableOption "enable server configuration"; + + imports = [ + ./secrets.nix + ./services + ]; + + config = mkIf cfg.enable { + getchoo.base = { + enable = true; + documentation.enable = false; + defaultPackages.enable = false; + networking.enable = false; + }; + + environment.systemPackages = [pkgs.cachix]; + + networking = { + firewall = let + ports = [80 420]; + in { + allowedUDPPorts = ports; + allowedTCPPorts = ports; + }; + }; + + nix = { + gc.options = "--delete-older-than 7d --max-freed 50G"; + settings = { + trusted-users = ["${config.networking.hostName}"]; + trusted-substituters = [ + "https://getchoo.cachix.org" + "https://nix-community.cachix.org" + "https://hercules-ci.cachix.org" + "https://wurzelpfropf.cachix.org" + ]; + + trusted-public-keys = [ + "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" + "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" + ]; + }; + }; + + programs = { + git.enable = mkDefault true; + vim.defaultEditor = mkDefault true; + }; + + security = { + pam.enableSSHAgentAuth = mkDefault true; + }; + + services = { + endlessh = { + enable = mkDefault true; + port = mkDefault 22; + openFirewall = mkDefault true; + }; + + openssh = { + enable = true; + passwordAuthentication = mkDefault false; + ports = mkDefault [420]; + }; + }; + }; +} diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix new file mode 100644 index 0000000..c0290cd --- /dev/null +++ b/modules/nixos/server/secrets.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + self, + ... +}: let + cfg = config.getchoo.server.secrets; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.server.secrets = { + enable = mkEnableOption "enable secret management"; + }; + + config.age = let + baseDir = "${self}/secrets/hosts/${config.networking.hostName}"; + in + mkIf cfg.enable { + identityPaths = ["/etc/age/key"]; + + secrets = { + rootPassword.file = "${baseDir}/rootPassword.age"; + userPassword.file = "${baseDir}/userPassword.age"; + }; + }; +} diff --git a/modules/nixos/server/services/default.nix b/modules/nixos/server/services/default.nix new file mode 100644 index 0000000..68271b1 --- /dev/null +++ b/modules/nixos/server/services/default.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ./hercules.nix + ]; +} diff --git a/modules/nixos/server/services/hercules.nix b/modules/nixos/server/services/hercules.nix new file mode 100644 index 0000000..782e5a8 --- /dev/null +++ b/modules/nixos/server/services/hercules.nix @@ -0,0 +1,61 @@ +{ + config, + hercules-ci-agent, + lib, + pkgs, + self, + ... +}: let + cfg = config.getchoo.server.services.hercules-ci; + inherit (lib) mkEnableOption mkIf; +in { + options.getchoo.server.services.hercules-ci = { + enable = mkEnableOption "enable hercules-ci"; + secrets.enable = mkEnableOption "manage secrets for hercules-ci"; + }; + + config = mkIf cfg.enable { + age.secrets = let + baseDir = "${self}/secrets/hosts/${config.networking.hostName}"; + hercArgs = { + mode = "400"; + owner = "hercules-ci-agent"; + group = "hercules-ci-agent"; + }; + in + mkIf cfg.secrets.enable { + binaryCache = + { + file = "${baseDir}/binaryCache.age"; + } + // hercArgs; + + clusterToken = + { + file = "${baseDir}/clusterToken.age"; + } + // hercArgs; + + secretsJson = + { + file = "${baseDir}/secretsJson.age"; + } + // hercArgs; + }; + + environment.systemPackages = [ + hercules-ci-agent.packages.${pkgs.stdenv.hostPlatform.system}.hercules-ci-cli + ]; + + services = { + hercules-ci-agent = { + enable = true; + settings = { + binaryCachesPath = config.age.secrets.binaryCache.path; + clusterJoinTokenPath = config.age.secrets.clusterToken.path; + secretsJsonPath = config.age.secrets.secretsJson.path; + }; + }; + }; + }; +} diff --git a/modules/nixos/virtualisation.nix b/modules/nixos/virtualisation.nix deleted file mode 100644 index 932cc6d..0000000 --- a/modules/nixos/virtualisation.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.getchoo.nixos.virtualisation; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.nixos.virtualisation.enable = mkEnableOption "enable podman"; - - config = mkIf cfg.enable { - virtualisation = { - podman = { - enable = true; - enableNvidia = true; - extraPackages = with pkgs; [podman-compose]; - }; - oci-containers.backend = "podman"; - }; - }; -} |