Moving to modules. Structural changes.

2026-02-09 12:29:19 -08:00 · 2021-07-05 22:47:28 +01:00 · 2021-07-05 22:47:28 +01:00 · 060d4c6d1e
commit 060d4c6d1e
parent 3903bc1766
258 changed files with 621 additions and 407 deletions
--- a/profiles/common/access.nix
+++ b/profiles/common/access.nix
@ -1,16 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  security.sudo.wheelNeedsPassword = lib.mkForce false;
-
-  users.users.root = {
-    openssh.authorizedKeys.keys = with pkgs.lib;
-      concatLists (mapAttrsToList
-        (name: user:
-          if elem "wheel" user.extraGroups then
-            user.openssh.authorizedKeys.keys
-          else
-            [ ])
-        config.users.users);
-  };
-}
--- a/profiles/common/base16.nix
+++ b/profiles/common/base16.nix
@ -1,10 +0,0 @@
-{ config, ... }:
-
-{
-  base16 = {
-    console = {
-      enable = true;
-      scheme = "rebecca.rebecca";
-    };
-  };
-}
--- a/profiles/common/default.nix
+++ b/profiles/common/default.nix
@ -1,19 +0,0 @@
-{ config, users, lib, pkgs, ... }:
-
-{
-  imports = [
-    users.kat.base
-    users.kairi.base
-    users.arc
-    users.hexchen
-    ./system.nix
-    ./base16.nix
-    ./net.nix
-    ./access.nix
-    ./locale.nix
-    ./nix.nix
-    ./ssh.nix
-    ./packages.nix
-    ./secrets.nix
-  ];
-}
--- a/profiles/common/locale.nix
+++ b/profiles/common/locale.nix
@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  fonts.fonts = [
-    pkgs.tamzen
-  ];
-  i18n.defaultLocale = "en_GB.UTF-8";
-  time.timeZone = "Europe/London";
-  console = {
-    packages = [ pkgs.tamzen ];
-    keyMap = "uk";
-  };
-}
--- a/profiles/common/net.nix
+++ b/profiles/common/net.nix
@ -1,5 +0,0 @@
-{ config, lib, ... }:
-
-{
-  kw.nftables.enable = lib.mkDefault true;
-}
--- a/profiles/common/nix.nix
+++ b/profiles/common/nix.nix
@ -1,21 +0,0 @@
-{ config, lib, pkgs, sources, ... }:
-
-{
-  boot.loader.grub.configurationLimit = 8;
-  boot.loader.systemd-boot.configurationLimit = 8;
-
-  nix = {
-    nixPath = [
-      "nixpkgs=${sources.nixpkgs}"
-      "nur=${sources.nur}"
-      "arc=${sources.nixexprs}"
-      "ci=${sources.ci}"
-    ];
-    binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" ];
-    binaryCachePublicKeys =
-      [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" ];
-    gc.automatic = lib.mkDefault true;
-    gc.options = lib.mkDefault "--delete-older-than 1w";
-    trustedUsers = [ "root" "@wheel" ];
-  };
-}
--- a/profiles/common/packages.nix
+++ b/profiles/common/packages.nix
@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  environment.systemPackages = with pkgs; [
-    smartmontools
-    hddtemp
-    lm_sensors
-    cachix
-    pinentry-curses
-    wezterm-terminfo
-    kitty.terminfo
-    gnupg
-  ];
-}
--- a/profiles/common/secrets.nix
+++ b/profiles/common/secrets.nix
@ -1,9 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  secrets = {
-    root = "/var/lib/kat/secrets";
-    persistentRoot = "/var/lib/kat/secrets";
-    external = true;
-  };
-}
--- a/profiles/common/ssh.nix
+++ b/profiles/common/ssh.nix
@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  kw.fw.public.udp.ranges = [{
-    from = 60000;
-    to = 61000;
-  }];
-  kw.fw.private.udp.ranges = [{
-    from = 60000;
-    to = 61000;
-  }];
-
-  services.openssh = {
-    enable = true;
-    ports = lib.mkDefault [ 62954 ];
-    passwordAuthentication = false;
-    challengeResponseAuthentication = false;
-    permitRootLogin = lib.mkDefault "prohibit-password";
-    kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
-    extraConfig = ''
-      StreamLocalBindUnlink yes
-      LogLevel VERBOSE 
-    '';
-  };
-  programs.mosh.enable = true;
-}
--- a/profiles/common/system.nix
+++ b/profiles/common/system.nix
@ -1,9 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-  boot.tmpOnTmpfs = true;
-  boot.zfs.enableUnstable = true;
-  services.journald.extraConfig = "SystemMaxUse=512M";
-  users.mutableUsers = false;
-}
--- a/profiles/fvwm/default.nix
+++ b/profiles/fvwm/default.nix
@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [ ./fvwm.nix ];
-
-  deploy.profile.fvwm = true;
-}
--- a/profiles/fvwm/fvwm.nix
+++ b/profiles/fvwm/fvwm.nix
@ -1,10 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.xserver.enable = true;
-  services.xserver.displayManager.startx.enable = true;
-  services.xserver.windowManager.fvwm = {
-    enable = true;
-    gestures = true;
-  };
-}
--- a/profiles/gui/adb.nix
+++ b/profiles/gui/adb.nix
@ -1,6 +0,0 @@
-{ config, ... }:
-
-{
-  programs.adb.enable = true;
-  users.users.kat.extraGroups = [ "adbusers" ];
-}
--- a/profiles/gui/default.nix
+++ b/profiles/gui/default.nix
@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./adb.nix
-    ./fonts.nix
-    ./gpg.nix
-    ./firefox.nix
-    ./dns.nix
-    ./nfs.nix
-    ./nix-doc.nix
-    ./mpd.nix
-    ./nixpkgs.nix
-    ./mingetty.nix
-    ./sound.nix
-  ];
-
-  hardware.opengl.extraPackages = with pkgs; [ libvdpau-va-gl ];
-  services.tumbler.enable = true;
-  environment.systemPackages = with pkgs; [ ntfs3g exfat-utils ];
-  
-  deploy.profile.gui = true;
-}
--- a/profiles/gui/dns.nix
+++ b/profiles/gui/dns.nix
@ -1,37 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  networking = {
-    #      networkmanager.enable = true;
-    resolvconf.useLocalResolver = true;
-    networkmanager.dns = "none";
-  };
-
-  services.dnscrypt-proxy2 = {
-    enable = true;
-    settings = {
-      ipv6_servers = true;
-      require_dnssec = true;
-
-      sources.public-resolvers = {
-        urls = [
-          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
-          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
-        ];
-        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
-        minisign_key =
-          "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
-      };
-
-      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
-      server_names = [
-        "acsacsar-ams-ipv4"
-        "acsacsar-ams-ipv6"
-        "dnscrypt.eu-dk"
-        "dnscrypt.eu-dk-ipv6"
-        "dnscrypt.eu-nl"
-        "dnscrypt.eu-nl-ipv6"
-        "meganerd"
-        "meganerd-ipv6"
-      ];
-    };
-  };
-}
--- a/profiles/gui/firefox.nix
+++ b/profiles/gui/firefox.nix
@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  environment.variables = { BROWSER = "firefox"; };
-
-  xdg = {
-    portal = {
-      enable = true;
-      extraPortals = with pkgs; [
-        xdg-desktop-portal-wlr
-        xdg-desktop-portal-gtk
-      ];
-      gtkUsePortal = true;
-    };
-  };
-}
--- a/profiles/gui/fonts.nix
+++ b/profiles/gui/fonts.nix
@ -1,18 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  fonts.fontconfig = {
-    enable = true;
-    defaultFonts = {
-      emoji = [
-        "Twitter Color Emoji"
-      ];
-    };
-  };
-  fonts.fonts = with pkgs; [
-    font-awesome
-    nerdfonts
-    emacs-all-the-icons-fonts
-    twitter-color-emoji
-  ];
-}
--- a/profiles/gui/gpg.nix
+++ b/profiles/gui/gpg.nix
@ -1,12 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.pcscd.enable = true;
-  services.udev.packages = [ pkgs.yubikey-personalization ];
-
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-    pinentryFlavor = "gtk2";
-  };
-}
--- a/profiles/gui/mingetty.nix
+++ b/profiles/gui/mingetty.nix
@ -1,46 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  c1 = "\\e[22;34m";
-  c2 = "\\e[1;35m";
-  nixos = [
-    " ${c1}          ::::.    ${c2}':::::     ::::'          "
-    " ${c1}          ':::::    ${c2}':::::.  ::::'           "
-    " ${c1}            :::::     ${c2}'::::.:::::            "
-    " ${c1}      .......:::::..... ${c2}::::::::             "
-    " ${c1}     ::::::::::::::::::. ${c2}::::::    ${c1}::::.     "
-    " ${c1}    ::::::::::::::::::::: ${c2}:::::.  ${c1}.::::'     "
-    " ${c2}           .....           ::::' ${c1}:::::'      "
-    " ${c2}          :::::            '::' ${c1}:::::'       "
-    " ${c2} ........:::::               ' ${c1}:::::::::::.  "
-    " ${c2}:::::::::::::                 ${c1}:::::::::::::  "
-    " ${c2} ::::::::::: ${c1}..              ${c1}:::::           "
-    " ${c2}     .::::: ${c1}.:::            ${c1}:::::            "
-    " ${c2}    .:::::  ${c1}:::::          ${c1}'''''    ${c2}.....    "
-    " ${c2}    :::::   ${c1}':::::.  ${c2}......:::::::::::::'    "
-    " ${c2}     :::     ${c1}::::::. ${c2}':::::::::::::::::'     "
-    " ${c1}            .:::::::: ${c2}'::::::::::            "
-    " ${c1}           .::::''::::.     ${c2}'::::.           "
-    " ${c1}          .::::'   ::::.     ${c2}'::::.          "
-    " ${c1}         .::::      ::::      ${c2}'::::.         "
-  ];
-in
-{
-  console = {
-    font = "Tamzen7x14";
-    earlySetup = true;
-    getty = {
-      greetingPrefix =
-        ''\e[H\e[2J'' + # topleft
-        ''\e[9;10]''; # setterm blank/powersave = 10 minutes
-      greeting =
-        "\n" +
-        lib.concatStringsSep "\n" nixos +
-        "\n\n" +
-        ''\e[1;32m>>> NixOS ${config.system.nixos.label} (Linux \r) - \l\e[0m'';
-    };
-  };
-  services.getty = {
-    helpLine = lib.mkForce "";
-  };
-}
--- a/profiles/gui/mpd.nix
+++ b/profiles/gui/mpd.nix
@ -1,8 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-{
-  kw.fw.private.tcp.ports = [ 6600 32101 ];
-  kw.fw.public.tcp.ports = [ 6600 32101 ];
-}
--- a/profiles/gui/nfs.nix
+++ b/profiles/gui/nfs.nix
@ -1,23 +0,0 @@
-{ config, ... }:
-
-{
-  boot.supportedFilesystems = [ "nfs" ];
-
-  fileSystems."/mnt/kat-nas" = {
-    device = "samhain.net.kittywit.ch:/mnt/zraw/media";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-  };
-
-  fileSystems."/mnt/hex-corn" = {
-    device = "storah.net.lilwit.ch:/data/cornbox";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-  };
-
-  fileSystems."/mnt/hex-tor" = {
-    device = "storah.net.lilwit.ch:/data/torrents";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-  };
-}
--- a/profiles/gui/nix-doc.nix
+++ b/profiles/gui/nix-doc.nix
@ -1,11 +0,0 @@
-{ pkgs, ... }:
-
-{
-  nix.extraOptions = ''
-    plugin-files = ${pkgs.nix-doc}/lib/libnix_doc_plugin.so
-  '';
-
-  environment.systemPackages = with pkgs; [
-    nix-doc
-  ];
-}
--- a/profiles/gui/nixpkgs.nix
+++ b/profiles/gui/nixpkgs.nix
@ -1,8 +0,0 @@
-{ pkgs, config, lib, ... }:
-
-{
-  nixpkgs.config = {
-    allowUnfree = true;
-    pulseaudio = true;
-  };
-}
--- a/profiles/gui/sound.nix
+++ b/profiles/gui/sound.nix
@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  sound = {
-    enable = true;
-    extraConfig = ''
-      defaults.pcm.rate_converter "speexrate_best"
-    '';
-  };
-
-  environment.systemPackages = with pkgs; [ pavucontrol ];
-
-  security.rtkit.enable = true;
-
-  services.pipewire = {
-    enable = true;
-    config = {
-      pipewire = {
-        "context.properties" = {
-          "log.level" = 2;
-          "default.clock.min-quantum" =
-            32; # default; going lower may cause crackles and distorted audio
-        };
-        pipewire-pulse = {
-          "context.modules" = [{
-            name = "libpipewire-module-protocol-pulse";
-            args = {
-              "pulse.min.quantum" = 32; # controls minimum playback quant
-              "pulse.min.req" = 32; # controls minimum recording quant
-              "pulse.min.frag" = 32; # controls minimum fragment size
-              "server.address" =
-                [ "unix:native" ]; # the default address of the server
-            };
-          }];
-        };
-      };
-    };
-    pulse.enable = true;
-    alsa.support32Bit = true;
-    jack.enable = true;
-    alsa.enable = true;
-  };
-}
--- a/profiles/laptop/default.nix
+++ b/profiles/laptop/default.nix
@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  imports = [ ./light.nix ];
-
-  deploy.profile.laptop = true;
-}
--- a/profiles/laptop/light.nix
+++ b/profiles/laptop/light.nix
@ -1,5 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  programs.light.enable = true;
-}
--- a/profiles/sway/default.nix
+++ b/profiles/sway/default.nix
@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [ ./sway.nix ];
-
-  deploy.profile.sway = true;
-}
--- a/profiles/sway/sway.nix
+++ b/profiles/sway/sway.nix
@ -1,8 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  programs.sway = {
-    enable = true;
-    extraPackages = with pkgs; lib.mkForce [ xwayland swaylock swayidle ];
-  };
-}