From bf62eaece255a5668bc9143a942172a52b9eb062 Mon Sep 17 00:00:00 2001 From: sajenim Date: Sun, 14 Jan 2024 06:29:18 +0800 Subject: [PATCH] refactor --- flake.nix | 4 +- home-manager/sajenim/home.nix | 5 +- nixos/common/global/default.nix | 27 ++++ nixos/common/global/nix.nix | 27 ++++ nixos/common/global/ssh.nix | 13 ++ nixos/common/{ => global}/system-tools.nix | 3 +- nixos/common/optional/steam.nix | 25 ++++ nixos/common/users/sajenim/default.nix | 25 ++++ nixos/fuchsia/configuration.nix | 153 ++------------------- nixos/fuchsia/hardware-configuration.nix | 49 ++++--- nixos/viridian/configuration.nix | 3 +- 11 files changed, 160 insertions(+), 174 deletions(-) create mode 100644 nixos/common/global/default.nix create mode 100644 nixos/common/global/nix.nix create mode 100644 nixos/common/global/ssh.nix rename nixos/common/{ => global}/system-tools.nix (92%) create mode 100644 nixos/common/optional/steam.nix create mode 100644 nixos/common/users/sajenim/default.nix diff --git a/flake.nix b/flake.nix index 664df69..4cb801d 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,8 @@ }; # Add any other flake you might need - #neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; agenix.url = "github:ryantm/agenix"; + impermanence.url = "github:nix-community/impermanence"; }; outputs = { self, nixpkgs, home-manager, ... }@inputs: @@ -60,7 +60,6 @@ fuchsia = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; modules = [ - # > Our main nixos configuration file < ./nixos/fuchsia/configuration.nix ]; }; @@ -68,7 +67,6 @@ viridian = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; modules = [ - # > Our main nixos configuration file < ./nixos/viridian/configuration.nix ]; }; diff --git a/home-manager/sajenim/home.nix b/home-manager/sajenim/home.nix index 31d8e28..66fe6cb 100644 --- a/home-manager/sajenim/home.nix +++ b/home-manager/sajenim/home.nix @@ -1,7 +1,7 @@ # This is your home-manager configuration file # Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix) -{ inputs, outputs, lib, config, pkgs, ... }: { +{ inputs, outputs, pkgs, ... }: { # You can import other home-manager modules here imports = [ # If you want to use modules your own flake exports (from modules/home-manager): @@ -9,6 +9,7 @@ # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default + inputs.impermanence.nixosModules.home-manager.impermanence # You can also split up your configuration and import pieces of it here: @@ -61,6 +62,7 @@ matchBlocks = { "viridian" = { hostname = "192.168.1.102"; + port = 48654; }; }; }; @@ -84,7 +86,6 @@ runelite jellyfin-media-player xmobar - super-slicer-latest # Unstable user programs unstable.wezterm ]; diff --git a/nixos/common/global/default.nix b/nixos/common/global/default.nix new file mode 100644 index 0000000..39c36b5 --- /dev/null +++ b/nixos/common/global/default.nix @@ -0,0 +1,27 @@ +{ outputs, ... }: + +{ + imports = [ + ./nix.nix + ./ssh.nix + ./system-tools.nix + ]; + + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + ]; + config = { + allowUnfree = true; + }; + }; + + i18n.defaultLocale = "en_AU.UTF-8"; + time.timeZone = "Australia/Perth"; + + networking.domain = "kanto.dev"; + + hardware.enableRedistributableFirmware = true; +} diff --git a/nixos/common/global/nix.nix b/nixos/common/global/nix.nix new file mode 100644 index 0000000..e4057b6 --- /dev/null +++ b/nixos/common/global/nix.nix @@ -0,0 +1,27 @@ +{ config, inputs, lib, ... }: + +{ + nix = { + gc = { + # Automatically run the garbage collector an a specified time. + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + # This will add each flake input as a registry + # To make nix commands consistent with your flake + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # This will additionally add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Deduplicate and optimize nix store + auto-optimise-store = true; + }; + }; +} diff --git a/nixos/common/global/ssh.nix b/nixos/common/global/ssh.nix new file mode 100644 index 0000000..01f59b2 --- /dev/null +++ b/nixos/common/global/ssh.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + ports = [ 48654 ]; + openFirewall = true; + }; +} diff --git a/nixos/common/system-tools.nix b/nixos/common/global/system-tools.nix similarity index 92% rename from nixos/common/system-tools.nix rename to nixos/common/global/system-tools.nix index fd516c9..9fd6107 100644 --- a/nixos/common/system-tools.nix +++ b/nixos/common/global/system-tools.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }: { environment = { @@ -15,6 +15,7 @@ scrot # screenshot direnv # load environment jq # JSON processor + git # version control # HTTP curl # transfer dato to/from server diff --git a/nixos/common/optional/steam.nix b/nixos/common/optional/steam.nix new file mode 100644 index 0000000..ba578e0 --- /dev/null +++ b/nixos/common/optional/steam.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + fileSystems."/home/sajenim/.local/share/Steam" = { + device = "/dev/disk/by-label/data"; + fsType = "btrfs"; + options = [ + "subvol=steam" + "compress=zstd:3" + ]; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + # When we mount our steam filesystem parent directories created are owned by root. + # Lets fix that to avoid home-manager failing to start due to permission errors. + systemd.tmpfiles.rules = [ + "d /home/sajenim/.local 0755 sajenim users -" + "d /home/sajenim/.local/share 0755 sajenim users -" + ]; +} diff --git a/nixos/common/users/sajenim/default.nix b/nixos/common/users/sajenim/default.nix new file mode 100644 index 0000000..56df9bb --- /dev/null +++ b/nixos/common/users/sajenim/default.nix @@ -0,0 +1,25 @@ +{ inputs, outputs, pkgs, ... }: + +{ + imports = [ + "${inputs.self}/nixos/common/optional/steam.nix" + ]; + + users.users.sajenim = { + isNormalUser = true; + extraGroups = [ "audio" "docker" "networkmanager" "wheel" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = [ + "${inputs.self}/home-manager/sabrina/id_ed25519.pub" + ]; + hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9"; + }; + users.mutableUsers = false; + + home-manager = { + extraSpecialArgs = { inherit inputs outputs; }; + users = { + sajenim = import "${inputs.self}/home-manager/sajenim/home.nix"; + }; + }; +} diff --git a/nixos/fuchsia/configuration.nix b/nixos/fuchsia/configuration.nix index f2ab3f0..81c7903 100644 --- a/nixos/fuchsia/configuration.nix +++ b/nixos/fuchsia/configuration.nix @@ -1,98 +1,24 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) +{ inputs, pkgs, ... }: -{ inputs, outputs, lib, config, pkgs, ... }: { - # You can import other NixOS modules here +{ imports = [ - # If you want to use modules your own flake exports (from modules/nixos): - # outputs.nixosModules.example inputs.impermanence.nixosModules.impermanence + inputs.home-manager.nixosModules.home-manager - # Or modules from other flakes (such as nixos-hardware): - # inputs.hardware.nixosModules.common-cpu-amd - # inputs.hardware.nixosModules.common-ssd + ../common/global + ../common/users/sajenim - # You can also split up your configuration and import pieces of it here: - - # Import common configurations - ../common/system-tools.nix - - # Import your generated (nixos-generate-config) hardware configuration ./hardware-configuration.nix ]; - nixpkgs = { - # You can add overlays here - overlays = [ - # Add overlays your own flake exports (from overlays and pkgs dir): - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - - # You can also add overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) - ]; - # Configure your nixpkgs instance - config = { - # Disable if you don't want unfree packages - allowUnfree = true; - }; - }; - - nix = { - gc = { - # Automatically run the garbage collector an a specified time. - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - # This will add each flake input as a registry - # To make nix commands consistent with your flake - registry = lib.mapAttrs (_: value: { flake = value; }) inputs; - - # This will additionally add your inputs to the system's legacy channels - # Making legacy nix commands consistent as well, awesome! - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - settings = { - # Enable flakes and new 'nix' command - experimental-features = "nix-command flakes"; - # Deduplicate and optimize nix store - auto-optimise-store = true; - }; - }; - - # Select internationalisation properties - i18n.defaultLocale = "en_AU.UTF-8"; - # Set timezone - time.timeZone = "Australia/Perth"; - boot = { - # Kernel to install kernelPackages = pkgs.linuxPackages_latest; - # Parameters added to the kernel command line - kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; - # Autoload stage 2 modules + kernelParams = [ + # Enable amdgpu driver sysfs API that allows fine grain control of GPU + "amdgpu.ppfeaturemask=0xffffffff" + ]; kernelModules = [ "i2c-dev" "i2c-piix4" ]; - # Autoload stage 1 modules initrd.kernelModules = [ "amdgpu" ]; - - loader = { - systemd-boot.enable = true; - - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot/efi"; - }; - }; }; hardware = { @@ -100,14 +26,10 @@ enable = true; powerOnBoot = true; }; - - # Setup sound server (Audio Support) pulseaudio = { enable = true; - support32Bit = true; # If compatibility with 32-bit applications is desired. + support32Bit = true; }; - - # Configure OpenGL opengl = { enable = true; # Vulkan @@ -123,17 +45,10 @@ networking = { hostName = "fuchsia"; - domain = "kanto.dev"; networkmanager.enable = true; - # firewall = { - # enable = true; - # allowedTCPPorts = [ ]; - # allowedUDPPorts = [ ]; - # }; }; fonts = { - # Install system fonts packages = with pkgs; [ fantasque-sans-mono fira-code @@ -144,75 +59,46 @@ ]; }; - # Setup environment environment = { # Symlink /bin/sh to POSIX-Complient shell binsh = "${pkgs.bash}/bin/bash"; shells = with pkgs; [ zsh ]; - # Install packages, prefix with 'unstable.' to use overlay systemPackages = with pkgs; [ # Audio pulsemixer - # Code editors emacs vscode - # Browsers firefox - # Graphics gimp inkscape krita - # Printing - blender freecad openscad cura prusa-slicer - + blender freecad openscad prusa-slicer # Misc openrgb protonup-ng - # Hardware libratbag piper ]; - # Completions for system packages pathsToLink = [ "/share/zsh" ]; }; programs = { zsh.enable = true; - - # GPG and SSH support for yubikey gnupg.agent = { enable = true; enableSSHSupport = true; }; - - steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Dedicated Server - }; + fuse.userAllowOther = true; }; services = { - # This setups a SSH server. Very important if you're setting up a headless system. - # Feel free to remove if you don't need it. - openssh = { - enable = true; - # Forbid root login through SSH. - settings.PermitRootLogin = "no"; - # Use keys only. Remove if you want to SSH using password (not recommended) - settings.PasswordAuthentication = false; - }; - - # Our udev rules udev.packages = with pkgs; [ yubikey-personalization openrgb qmk-udev-rules ]; - - # Setup our xserver xserver = { enable = true; layout = "au"; @@ -220,39 +106,24 @@ libinput = { enable = true; mouse = { - # Disable mouse acceleration. accelProfile = "flat"; }; }; displayManager.startx.enable = true; }; - ratbagd.enable = true; }; - # Install docker virtualisation.docker = { enable = true; - # Reduce container downtime due to daemon crashes liveRestore = false; }; - # Login and use sudo with our yubikey security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; }; - # Users - users.users.sajenim = { - isNormalUser = true; - extraGroups = [ "audio" "docker" "networkmanager" "wheel" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keyFiles = [ - ../../home-manager/sabrina/id_ed25519.pub - ]; - }; - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "22.11"; } diff --git a/nixos/fuchsia/hardware-configuration.nix b/nixos/fuchsia/hardware-configuration.nix index ec4fd08..7363f73 100644 --- a/nixos/fuchsia/hardware-configuration.nix +++ b/nixos/fuchsia/hardware-configuration.nix @@ -1,37 +1,36 @@ -# This is just an example, you should generate yours with nixos-generate-config and put it in here. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + ../common/optional/ephemeral-btrfs.nix + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/08e24fe4-91d3-4966-83a5-2f1668f2ce0f"; - fsType = "ext4"; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ "kvm-amd" ]; }; - - fileSystems."/boot/efi" = - { device = "/dev/disk/by-uuid/B5A4-2D13"; - fsType = "vfat"; + loader= { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; }; + }; - fileSystems."/home/sajenim/Games" = - { device = "/dev/disk/by-uuid/58097403-9b5b-4cee-b9d1-e3d5fde1a364"; - fsType = "ext4"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = [ + { device = "/swap/swapfile"; + size = 16*1024; + } + ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp34s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix index e56b10e..a74383a 100644 --- a/nixos/viridian/configuration.nix +++ b/nixos/viridian/configuration.nix @@ -15,7 +15,6 @@ outputs.nixosModules.qbittorrent # Or modules from other flakes (such as nixos-hardware): - inputs.agenix.nixosModules.default # You can also split up your configuration and import pieces of it here: # ./users.nix @@ -197,7 +196,7 @@ # Install packages, prefix with 'unstable.' to use overlay systemPackages = with pkgs; [ - inputs.agenix.packages."${system}".default + agenix.packages."${system}".default ]; }; programs = {