diff options
Diffstat (limited to 'hosts/common')
| -rw-r--r-- | hosts/common/default.nix | 10 | ||||
| -rw-r--r-- | hosts/common/desktop/common.nix | 4 | ||||
| -rw-r--r-- | hosts/common/desktop/gnome.nix | 24 | ||||
| -rw-r--r-- | hosts/common/documentation.nix | 11 | ||||
| -rw-r--r-- | hosts/common/fonts.nix | 28 | ||||
| -rw-r--r-- | hosts/common/hardware/default.nix | 6 | ||||
| -rw-r--r-- | hosts/common/hardware/nvidia.nix | 17 | ||||
| -rw-r--r-- | hosts/common/options.nix | 14 | ||||
| -rw-r--r-- | hosts/common/security.nix | 43 | ||||
| -rw-r--r-- | hosts/common/systemd.nix | 19 |
10 files changed, 156 insertions, 20 deletions
diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 9793191..2923ae0 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -1,7 +1,13 @@ -{ +{lib, ...}: { imports = [ + ./options.nix + ./documentation.nix + ./fonts.nix + ./locale.nix ./security.nix + ./systemd.nix ./users.nix - ./locale.nix ]; + + config.services.kmscon.enable = true; } diff --git a/hosts/common/desktop/common.nix b/hosts/common/desktop/common.nix new file mode 100644 index 0000000..d0289b1 --- /dev/null +++ b/hosts/common/desktop/common.nix @@ -0,0 +1,4 @@ +{config, ...}: { + programs.xwayland.enable = true; + xdg.portal.enable = true; +} diff --git a/hosts/common/desktop/gnome.nix b/hosts/common/desktop/gnome.nix new file mode 100644 index 0000000..f6d06b4 --- /dev/null +++ b/hosts/common/desktop/gnome.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + ... +}: { + services = + if config.system.gui-stuff + then { + xserver.enable = true; + xserver.displayManager.gdm.enable = true; + xserver.desktopManager.gnome.enable = true; + } + else {}; + + environment.gnome.excludePackages = ( + with pkgs; + if config.system.gui-stuff + then [ + epiphany + gnome-tour + ] + else [] + ); +} diff --git a/hosts/common/documentation.nix b/hosts/common/documentation.nix new file mode 100644 index 0000000..6d6b96f --- /dev/null +++ b/hosts/common/documentation.nix @@ -0,0 +1,11 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [man-pages man-pages-posix nixpkgs-manual]; + documentation = { + dev.enable = true; + man.enable = true; + }; +} diff --git a/hosts/common/fonts.nix b/hosts/common/fonts.nix new file mode 100644 index 0000000..9cec045 --- /dev/null +++ b/hosts/common/fonts.nix @@ -0,0 +1,28 @@ +{ + config, + pkgs, + ... +}: { + fonts = { + fonts = with pkgs; + if config.system.gui-stuff + then [ + noto-fonts + noto-fonts-extra + noto-fonts-emoji + noto-fonts-cjk-sans + fira-code + (nerdfonts.override {fonts = ["FiraCode"];}) + ] + else []; + fontconfig.defaultFonts = + if config.system.gui-stuff + then { + serif = ["Noto Serif"]; + sansSerif = ["Noto Sans"]; + emoji = ["Noto Color Emoji"]; + monospace = ["Fira Code"]; + } + else {}; + }; +} diff --git a/hosts/common/hardware/default.nix b/hosts/common/hardware/default.nix new file mode 100644 index 0000000..e7e6350 --- /dev/null +++ b/hosts/common/hardware/default.nix @@ -0,0 +1,6 @@ +_: { + imports = [ + ./nvidia.nix + ./zfs.nix + ]; +} diff --git a/hosts/common/hardware/nvidia.nix b/hosts/common/hardware/nvidia.nix new file mode 100644 index 0000000..4bc445c --- /dev/null +++ b/hosts/common/hardware/nvidia.nix @@ -0,0 +1,17 @@ +{ + config, + pkgs, + ... +}: { + hardware = { + nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; + opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + ]; + }; + }; + + services.xserver.videoDrivers = ["nvidia"]; +} diff --git a/hosts/common/options.nix b/hosts/common/options.nix new file mode 100644 index 0000000..2d532ed --- /dev/null +++ b/hosts/common/options.nix @@ -0,0 +1,14 @@ +{lib, ...}: { + options.system = with lib.types; { + devel-packages = lib.mkOption { + type = bool; + default = false; + description = "install development packages for neovim lsp"; + }; + gui-stuff = lib.mkOption { + type = bool; + default = false; + description = "install gui-related packages"; + }; + }; +} diff --git a/hosts/common/security.nix b/hosts/common/security.nix index f0f3bb9..32c2ff5 100644 --- a/hosts/common/security.nix +++ b/hosts/common/security.nix @@ -1,21 +1,28 @@ _: { - security.sudo = { - configFile = '' - Defaults env_reset - Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin - Defaults editor = /run/current-system/sw/bin/vim,!env_editor - ''; - execWheelOnly = true; - extraRules = [ - { - users = ["root"]; - groups = ["root"]; - commands = ["ALL"]; - } - { - users = ["seth"]; - commands = ["ALL"]; - } - ]; + security = { + apparmor.enable = true; + audit.enable = true; + auditd.enable = true; + rtkit.enable = true; + sudo = { + configFile = '' + Defaults env_reset + Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin + Defaults editor = /run/current-system/sw/bin/vim,!env_editor + ''; + execWheelOnly = true; + extraRules = [ + { + users = ["root"]; + groups = ["root"]; + commands = ["ALL"]; + } + { + users = ["seth"]; + commands = ["ALL"]; + } + ]; + }; + polkit.enable = true; }; } diff --git a/hosts/common/systemd.nix b/hosts/common/systemd.nix new file mode 100644 index 0000000..42b4042 --- /dev/null +++ b/hosts/common/systemd.nix @@ -0,0 +1,19 @@ +{config, ...}: { + services = { + journald.extraConfig = '' + MaxRetentionSec=1w + ''; + resolved = + if config.system.gui-stuff + then { + enable = true; + dnssec = "allow-downgrade"; + extraConfig = '' + [Resolve] + DNS=1.1.1.1 1.0.0.1 + DNSOverTLS=yes + ''; + } + else {}; + }; +} |