refactor

2024-01-14 06:29:18 +08:00 · 2024-01-14 06:29:18 +08:00 · bf62eaece2
commit bf62eaece2
parent 4143db478b
11 changed files with 160 additions and 174 deletions
--- a/nixos/common/global/default.nix
+++ b/nixos/common/global/default.nix
@ -0,0 +1,27 @@
+{ outputs, ... }:
+
+{
+  imports = [
+    ./nix.nix
+    ./ssh.nix
+    ./system-tools.nix
+  ];
+
+  nixpkgs = {
+    overlays = [
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.unstable-packages
+    ];
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  i18n.defaultLocale = "en_AU.UTF-8";
+  time.timeZone = "Australia/Perth";
+
+  networking.domain = "kanto.dev";
+
+  hardware.enableRedistributableFirmware = true;
+}
--- a/nixos/common/global/nix.nix
+++ b/nixos/common/global/nix.nix
@ -0,0 +1,27 @@
+{ config, inputs, lib, ... }:
+
+{
+  nix = {
+    gc = {
+      # Automatically run the garbage collector an a specified time.
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
+    # This will add each flake input as a registry
+    # To make nix commands consistent with your flake
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+    # This will additionally add your inputs to the system's legacy channels
+    # Making legacy nix commands consistent as well, awesome!
+    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Deduplicate and optimize nix store
+      auto-optimise-store = true;
+    };
+  };
+}
--- a/nixos/common/global/ssh.nix
+++ b/nixos/common/global/ssh.nix
@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+    ports = [ 48654 ];
+    openFirewall = true;
+  };
+}
--- a/nixos/common/global/system-tools.nix
+++ b/nixos/common/global/system-tools.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: 
+{ pkgs, ... }:

 {
  environment = {
@ -15,6 +15,7 @@
      scrot   # screenshot
      direnv  # load environment
      jq      # JSON processor
+      git     # version control

      # HTTP
      curl    # transfer dato to/from server
--- a/nixos/common/optional/steam.nix
+++ b/nixos/common/optional/steam.nix
@ -0,0 +1,25 @@
+{ ... }:
+
+{
+  fileSystems."/home/sajenim/.local/share/Steam" = {
+    device = "/dev/disk/by-label/data";
+    fsType = "btrfs";
+    options = [
+      "subvol=steam"
+      "compress=zstd:3"
+    ];
+  };
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  # When we mount our steam filesystem parent directories created are owned by root.
+  # Lets fix that to avoid home-manager failing to start due to permission errors.
+  systemd.tmpfiles.rules = [
+    "d /home/sajenim/.local 0755 sajenim users -"
+    "d /home/sajenim/.local/share 0755 sajenim users -"
+  ];
+}
--- a/nixos/common/users/sajenim/default.nix
+++ b/nixos/common/users/sajenim/default.nix
@ -0,0 +1,25 @@
+{ inputs, outputs, pkgs, ... }:
+
+{
+  imports = [
+    "${inputs.self}/nixos/common/optional/steam.nix"
+  ];
+
+  users.users.sajenim = {
+      isNormalUser = true;
+      extraGroups = [ "audio" "docker" "networkmanager" "wheel" ];
+      shell = pkgs.zsh;
+      openssh.authorizedKeys.keyFiles = [
+        "${inputs.self}/home-manager/sabrina/id_ed25519.pub"
+      ];
+      hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9";
+  };
+  users.mutableUsers = false;
+
+  home-manager = {
+    extraSpecialArgs = { inherit inputs outputs; };
+    users = {
+      sajenim = import "${inputs.self}/home-manager/sajenim/home.nix";
+    };
+  };
+}