kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

refactor: get rid of config folder

Browse source
This commit is contained in:
Kat Inskip 2022-07-08 17:53:16 -07:00
parent 2606e1d874
commit cb3ae5f434
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
254 changed files with 79 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

36
profiles/base/access.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, meta, ... }:
{
security.sudo.wheelNeedsPassword = lib.mkForce false;
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
imports = with meta; [
users.kat.base
];
users.motd = ''
${config.networking.hostName}.${config.networking.domain}
'';
users.users.root = {
shell = pkgs.zsh;
hashedPassword =
"$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
openssh.authorizedKeys.keys = with pkgs.lib;
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi" ] ++ (concatLists (mapAttrsToList
(name: user:
if elem "wheel" user.extraGroups then
user.openssh.authorizedKeys.keys
else
[ ])
config.users.users));
};
}

11
profiles/base/base16.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
base16 = {
inherit (config.home-manager.users.kat.base16) schemes alias;
console = {
enable = true;
scheme = config.home-manager.users.kat.base16.alias.default;
};
};
}

3
profiles/base/documentation.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, ... }: {
documentation.nixos.enable = false;
}

22
profiles/base/home.nix Normal file
View file

@ -0,0 +1,22 @@
{ meta, config, lib, inputs, tf, ... }:
with lib;
{
options.home-manager.users = mkOption {
type = types.attrsOf (types.submoduleWith {
modules = singleton meta.modules.home;
specialArgs = {
inherit inputs tf meta;
nixos = config;
};
});
};
config = {
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
};
};
}

5
profiles/base/kitty.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.buildPackages.buildPackages.kitty.terminfo ];
}

13
profiles/base/locale.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
fonts.fonts = [
pkgs.tamzen
];
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Europe/London";
console = {
packages = [ pkgs.tamzen ];
keyMap = "uk";
};
}

14
profiles/base/network.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }: with lib;
{
networking.nftables.enable = true;
network = {
enable = true;
dns = {
enable = mkDefault true;
email = "acme@kittywit.ch";
zone = "kittywit.ch.";
};
};
}

34
profiles/base/nix.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, inputs, ... }:
{
boot.loader.grub.configurationLimit = 8;
boot.loader.systemd-boot.configurationLimit = 8;
nix = {
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"nur=${inputs.nur}"
"arc=${inputs.arcexprs}"
"ci=${inputs.ci}"
];
registry = {
nixpkgs.flake = inputs.nixpkgs;
nur.flake = inputs.nur;
arc.flake = inputs.arcexprs;
ci.flake = inputs.ci;
};
settings = {
experimental-features = lib.optional (lib.versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
substituters = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" ];
trusted-public-keys =
[ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
}

11
profiles/base/packages.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
neofetch
smartmontools
hddtemp
lm_sensors
gnupg
] ++ (lib.optional config.programs.gnupg.agent.enable pinentry-curses);
}

109
profiles/base/profiles.nix Normal file
View file

@ -0,0 +1,109 @@
{ config, lib, meta, ... }:
with lib;
{
options = {
deploy.profile = {
gui = mkEnableOption "Graphical System";
sway = mkEnableOption "Sway WM";
i3 = mkEnableOption "i3 WM";
vfio = mkEnableOption "VFIO";
shared = mkEnableOption "Shared System";
trusted = mkEnableOption "Trusted Submodule";
light = mkEnableOption "Light mode";
cross = {
enable = mkEnableOption "cross/emulated compilation";
aarch64 = mkOption {
type = types.bool;
default = false;
};
armv6l = mkOption {
type = types.bool;
default = false;
};
armv7l = mkOption {
type = types.bool;
default = false;
};
};
hardware = {
acs-override = mkEnableOption "ACS IOMMU Override";
amdgpu = mkEnableOption "AMD GPU";
hcloud-imperative = mkEnableOption "Imperative Hetzner Cloud Setup";
intel = mkEnableOption "Intel CPU";
laptop = mkEnableOption "Laptop";
wifi = mkEnableOption "WiFi, home network";
ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW";
raspi = mkEnableOption "Raspberry Pi 1 Model B+";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";
oracle = mkEnableOption "Oracle Linux Base Image";
};
eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM";
v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR";
x270 = mkEnableOption "Lenovo Thinkpad x270";
};
};
home-manager.users = mkOption {
type = types.attrsOf (types.submoduleWith {
modules = [
({ nixos, ... }: {
options.deploy.profile = {
gui = mkEnableOption "Graphical System";
sway = mkEnableOption "Sway WM";
i3 = mkEnableOption "i3 WM";
vfio = mkEnableOption "VFIO";
shared = mkEnableOption "Shared System";
trusted = mkEnableOption "Trusted Submodule" // {
default = meta.trusted ? secrets;
};
light = mkEnableOption "Light mode";
cross = {
enable = mkEnableOption "cross/emulated compilation";
aarch64 = mkOption {
type = types.bool;
default = false;
};
armv6l = mkOption {
type = types.bool;
default = false;
};
armv7l = mkOption {
type = types.bool;
default = false;
};
};
hardware = {
acs-override = mkEnableOption "ACS IOMMU Override";
amdgpu = mkEnableOption "AMD GPU";
hcloud-imperative = mkEnableOption "Imperative Hetzner Cloud Setup";
intel = mkEnableOption "Intel CPU";
laptop = mkEnableOption "Laptop";
wifi = mkEnableOption "WiFi, home network";
ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW";
raspi = mkEnableOption "Raspberry Pi 1 Model B+";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";
oracle = mkEnableOption "Oracle Linux Base Image";
};
eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM";
v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR";
x270 = mkEnableOption "Lenovo Thinkpad x270";
};
};
config = {
deploy.profile = nixos.deploy.profile;
};
})
];
});
};
};
}

11
profiles/base/secrets.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, meta, inputs, lib, pkgs, ... }:
{
imports = lib.optional (meta.trusted ? secrets) meta.trusted.secrets;
secrets = {
root = "/var/lib/kat/secrets";
persistentRoot = "/var/lib/kat/secrets";
external = true;
};
}

8
profiles/base/shell.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, ... }:
{
programs.zsh = {
enable = true;
enableCompletion = true;
};
}

43
profiles/base/ssh.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
with lib;
{
network.firewall = {
public = {
tcp.ports = singleton 62954;
udp.ranges = [{
from = 60000;
to = 61000;
}];
};
private = {
tcp.ports = singleton 62954;
udp.ranges = [{
from = 60000;
to = 61000;
}];
};
};
/*
security.pam.services.sshd.text = mkDefault (mkAfter ''
session required pam_exec.so ${katnotify}/bin/notify
'');
*/
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
extraConfig = ''
PubkeyAcceptedAlgorithms +ssh-rsa
StreamLocalBindUnlink yes
LogLevel VERBOSE
'';
};
programs.mosh.enable = true;
}

18
profiles/base/system.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }: with lib;
{
boot.kernelPackages = mkIf (elem "zfs" config.boot.supportedFilesystems) (mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages);
hardware.enableRedistributableFirmware = lib.mkDefault true;
boot.tmpOnTmpfs = true;
boot.zfs.enableUnstable = mkIf (elem "zfs" config.boot.supportedFilesystems) true;
boot.kernel.sysctl = {
"fs.inotify.max_user_watches" = "524288";
"net.core.rmem_max" = "16777216";
"net.core.wmem_max" = "16777216";
"net.ipv4.tcp_rmem" = "4096 87380 16777216";
"net.ipv4.tcp_wmem" = "4096 65536 16777216";
};
services.journald.extraConfig = "SystemMaxUse=512M";
users.mutableUsers = false;
boot.tmpOnTmpfsSize = "80%";
}