refactor

2024-01-14 06:29:18 +08:00 · 2024-01-14 06:29:18 +08:00 · bf62eaece2
commit bf62eaece2
parent 4143db478b
11 changed files with 160 additions and 174 deletions
--- a/flake.nix
+++ b/flake.nix
@ -16,8 +16,8 @@
    };
    # Add any other flake you might need
    #neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
    agenix.url = "github:ryantm/agenix";
    impermanence.url = "github:nix-community/impermanence";
  };
  outputs = { self, nixpkgs, home-manager, ... }@inputs:
@ -60,7 +60,6 @@
        fuchsia = nixpkgs.lib.nixosSystem {
          specialArgs = { inherit inputs outputs; };
          modules = [
            # > Our main nixos configuration file <
            ./nixos/fuchsia/configuration.nix
          ];
        };
@ -68,7 +67,6 @@
        viridian = nixpkgs.lib.nixosSystem {
          specialArgs = { inherit inputs outputs; };
          modules = [
            # > Our main nixos configuration file <
            ./nixos/viridian/configuration.nix
          ];
        };
--- a/home-manager/sajenim/home.nix
+++ b/home-manager/sajenim/home.nix
@ -1,7 +1,7 @@
 # This is your home-manager configuration file
 # Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
-{ inputs, outputs, lib, config, pkgs, ... }: {
+{ inputs, outputs, pkgs, ... }: {
  # You can import other home-manager modules here
  imports = [
    # If you want to use modules your own flake exports (from modules/home-manager):
@ -9,6 +9,7 @@
    # Or modules exported from other flakes (such as nix-colors):
    # inputs.nix-colors.homeManagerModules.default
    inputs.impermanence.nixosModules.home-manager.impermanence
    # You can also split up your configuration and import pieces of it here:
@ -61,6 +62,7 @@
      matchBlocks = {
        "viridian" = {
          hostname = "192.168.1.102";
          port = 48654;
        };
      };
    };
@ -84,7 +86,6 @@
      runelite
      jellyfin-media-player
      xmobar
      super-slicer-latest
      # Unstable user programs
      unstable.wezterm
    ];
--- a/nixos/common/global/default.nix
+++ b/nixos/common/global/default.nix
@ -0,0 +1,27 @@
 { outputs, ... }:
 {
  imports = [
    ./nix.nix
    ./ssh.nix
    ./system-tools.nix
  ];
  nixpkgs = {
    overlays = [
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
    ];
    config = {
      allowUnfree = true;
    };
  };
  i18n.defaultLocale = "en_AU.UTF-8";
  time.timeZone = "Australia/Perth";
  networking.domain = "kanto.dev";
  hardware.enableRedistributableFirmware = true;
 }
--- a/nixos/common/global/nix.nix
+++ b/nixos/common/global/nix.nix
@ -0,0 +1,27 @@
 { config, inputs, lib, ... }:
 {
  nix = {
    gc = {
      # Automatically run the garbage collector an a specified time.
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    # This will add each flake input as a registry
    # To make nix commands consistent with your flake
    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
    # This will additionally add your inputs to the system's legacy channels
    # Making legacy nix commands consistent as well, awesome!
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      # Deduplicate and optimize nix store
      auto-optimise-store = true;
    };
  };
 }
--- a/nixos/common/global/ssh.nix
+++ b/nixos/common/global/ssh.nix
@ -0,0 +1,13 @@
 { ... }:
 {
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
    ports = [ 48654 ];
    openFirewall = true;
  };
 }
--- a/nixos/common/global/system-tools.nix
+++ b/nixos/common/global/system-tools.nix
@ -15,6 +15,7 @@
      scrot   # screenshot
      direnv  # load environment
      jq      # JSON processor
      git     # version control
      # HTTP
      curl    # transfer dato to/from server
--- a/nixos/common/optional/steam.nix
+++ b/nixos/common/optional/steam.nix
@ -0,0 +1,25 @@
 { ... }:
 {
  fileSystems."/home/sajenim/.local/share/Steam" = {
    device = "/dev/disk/by-label/data";
    fsType = "btrfs";
    options = [
      "subvol=steam"
      "compress=zstd:3"
    ];
  };
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };
  # When we mount our steam filesystem parent directories created are owned by root.
  # Lets fix that to avoid home-manager failing to start due to permission errors.
  systemd.tmpfiles.rules = [
    "d /home/sajenim/.local 0755 sajenim users -"
    "d /home/sajenim/.local/share 0755 sajenim users -"
  ];
 }
--- a/nixos/common/users/sajenim/default.nix
+++ b/nixos/common/users/sajenim/default.nix
@ -0,0 +1,25 @@
 { inputs, outputs, pkgs, ... }:
 {
  imports = [
    "${inputs.self}/nixos/common/optional/steam.nix"
  ];
  users.users.sajenim = {
      isNormalUser = true;
      extraGroups = [ "audio" "docker" "networkmanager" "wheel" ];
      shell = pkgs.zsh;
      openssh.authorizedKeys.keyFiles = [
        "${inputs.self}/home-manager/sabrina/id_ed25519.pub"
      ];
      hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9";
  };
  users.mutableUsers = false;
  home-manager = {
    extraSpecialArgs = { inherit inputs outputs; };
    users = {
      sajenim = import "${inputs.self}/home-manager/sajenim/home.nix";
    };
  };
 }
--- a/nixos/fuchsia/configuration.nix
+++ b/nixos/fuchsia/configuration.nix
@ -1,98 +1,24 @@
-# This is your system's configuration file.
+{ inputs, pkgs, ... }:
 # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
-{ inputs, outputs, lib, config, pkgs, ... }: {
+{
  # You can import other NixOS modules here
  imports = [
    # If you want to use modules your own flake exports (from modules/nixos):
    # outputs.nixosModules.example
    inputs.impermanence.nixosModules.impermanence
    inputs.home-manager.nixosModules.home-manager
-    # Or modules from other flakes (such as nixos-hardware):
+    ../common/global
-    # inputs.hardware.nixosModules.common-cpu-amd
+    ../common/users/sajenim
    # inputs.hardware.nixosModules.common-ssd
    # You can also split up your configuration and import pieces of it here:
    # Import common configurations
    ../common/system-tools.nix
    # Import your generated (nixos-generate-config) hardware configuration
    ./hardware-configuration.nix
  ];
  nixpkgs = {
    # You can add overlays here
    overlays = [
      # Add overlays your own flake exports (from overlays and pkgs dir):
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
      # You can also add overlays exported from other flakes:
      # neovim-nightly-overlay.overlays.default
      # Or define it inline, for example:
      # (final: prev: {
      #   hi = final.hello.overrideAttrs (oldAttrs: {
      #     patches = [ ./change-hello-to-hi.patch ];
      #   });
      # })
    ];
    # Configure your nixpkgs instance
    config = {
      # Disable if you don't want unfree packages
      allowUnfree = true;
    };
  };
  nix = {
    gc = {
      # Automatically run the garbage collector an a specified time.
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    # This will add each flake input as a registry
    # To make nix commands consistent with your flake
    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
    # This will additionally add your inputs to the system's legacy channels
    # Making legacy nix commands consistent as well, awesome!
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      # Deduplicate and optimize nix store
      auto-optimise-store = true;
    };
  };
  # Select internationalisation properties
  i18n.defaultLocale = "en_AU.UTF-8";
  # Set timezone
  time.timeZone = "Australia/Perth";
  boot = {
    # Kernel to install
    kernelPackages = pkgs.linuxPackages_latest;
-    # Parameters added to the kernel command line
+    kernelParams = [ 
-    kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
+      # Enable amdgpu driver sysfs API that allows fine grain control of GPU
-    # Autoload stage 2 modules
+      "amdgpu.ppfeaturemask=0xffffffff"
    ];
    kernelModules = [ "i2c-dev" "i2c-piix4" ];
    # Autoload stage 1 modules
    initrd.kernelModules = [ "amdgpu" ];
    loader = {
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
    };
  };
  hardware = {
@ -100,14 +26,10 @@
      enable = true;
      powerOnBoot = true;
    };
    # Setup sound server (Audio Support)
    pulseaudio = {
      enable = true;
-      support32Bit = true; # If compatibility with 32-bit applications is desired.
+      support32Bit = true;
    };
    # Configure OpenGL
    opengl = {
      enable = true;
      # Vulkan
@ -123,17 +45,10 @@
  networking = {
    hostName = "fuchsia";
    domain = "kanto.dev";
    networkmanager.enable = true;
    # firewall = {
    #   enable = true;
    #   allowedTCPPorts = [ ];
    #   allowedUDPPorts = [ ];
    # };
  };
  fonts = {
    # Install system fonts
    packages = with pkgs; [
      fantasque-sans-mono
      fira-code
@ -144,75 +59,46 @@
    ];
  };
  # Setup environment
  environment = {
    # Symlink /bin/sh to POSIX-Complient shell
    binsh = "${pkgs.bash}/bin/bash";
    shells = with pkgs; [ zsh ];
    # Install packages, prefix with 'unstable.' to use overlay
    systemPackages = with pkgs; [
      # Audio
      pulsemixer
      # Code editors
      emacs vscode
      # Browsers
      firefox
      # Graphics
      gimp inkscape krita
      # Printing
-      blender freecad openscad cura prusa-slicer
+      blender freecad openscad prusa-slicer
      # Misc
      openrgb protonup-ng
      # Hardware
      libratbag piper
    ];
    # Completions for system packages
    pathsToLink = [ "/share/zsh" ];
  };
  programs = {
    zsh.enable = true;
    # GPG and SSH support for yubikey
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
-    
+    fuse.userAllowOther = true;    
    steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for steam Remote Play
      dedicatedServer.openFirewall = true; # Open ports in the firewall for Dedicated Server
    };
  };
  services = {
    # This setups a SSH server. Very important if you're setting up a headless system.
    # Feel free to remove if you don't need it.
    openssh = {
      enable = true;
      # Forbid root login through SSH.
      settings.PermitRootLogin = "no";
      # Use keys only. Remove if you want to SSH using password (not recommended)
      settings.PasswordAuthentication = false;
    };
    # Our udev rules
    udev.packages = with pkgs; [
      yubikey-personalization
      openrgb
      qmk-udev-rules
    ];
    # Setup our xserver
    xserver = {
      enable = true;
      layout = "au";
@ -220,39 +106,24 @@
      libinput = {
        enable = true;
        mouse = {
          # Disable mouse acceleration.
          accelProfile = "flat";
        };
      };
      displayManager.startx.enable = true;
    };
    ratbagd.enable = true;
  };
  # Install docker
  virtualisation.docker = {
    enable = true;
    # Reduce container downtime due to daemon crashes
    liveRestore = false;
  };
  # Login and use sudo with our yubikey
  security.pam.services = {
    login.u2fAuth = true;
    sudo.u2fAuth = true;
  };
  # Users
  users.users.sajenim = {
      isNormalUser = true;
      extraGroups = [ "audio" "docker" "networkmanager" "wheel" ];
      shell = pkgs.zsh;
      openssh.authorizedKeys.keyFiles = [
        ../../home-manager/sabrina/id_ed25519.pub
      ];
  };
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "22.11";
 }
--- a/nixos/fuchsia/hardware-configuration.nix
+++ b/nixos/fuchsia/hardware-configuration.nix
@ -1,37 +1,36 @@
-# This is just an example, you should generate yours with nixos-generate-config and put it in here.
+{ config, lib, ... }:
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports = [
    ../common/optional/ephemeral-btrfs.nix
  ];
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot = {
-  boot.kernelModules = [ "kvm-amd" ];
+    initrd = {
-  boot.extraModulePackages = [ ];
+      availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-
+      kernelModules = [ "kvm-amd" ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/08e24fe4-91d3-4966-83a5-2f1668f2ce0f";
      fsType = "ext4";
    };
-
+    loader= {
-  fileSystems."/boot/efi" =
+      systemd-boot.enable = true;
-    { device = "/dev/disk/by-uuid/B5A4-2D13";
+      efi = {
-      fsType = "vfat";
+        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };
  };
-  fileSystems."/home/sajenim/Games" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/58097403-9b5b-4cee-b9d1-e3d5fde1a364";
+    device = "/dev/disk/by-label/ESP";
-      fsType = "ext4";
+    fsType = "vfat";
-    };
+  };
-  swapDevices = [ ];
+  swapDevices = [
    { device = "/swap/swapfile";
      size = 16*1024;
    }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp34s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/nixos/viridian/configuration.nix
+++ b/nixos/viridian/configuration.nix
@ -15,7 +15,6 @@
    outputs.nixosModules.qbittorrent
    # Or modules from other flakes (such as nixos-hardware):
    inputs.agenix.nixosModules.default
    # You can also split up your configuration and import pieces of it here:
    # ./users.nix
@ -197,7 +196,7 @@
    # Install packages, prefix with 'unstable.' to use overlay
    systemPackages = with pkgs; [
-      inputs.agenix.packages."${system}".default
+      agenix.packages."${system}".default
    ];
  };
  programs = {