From 72f2a400c6cdcc086d11ed8deb7b915aaec262f2 Mon Sep 17 00:00:00 2001 From: iFargle Date: Wed, 12 Jul 2023 20:52:15 +0900 Subject: [PATCH] Break things out for greater modulatiry --- configuration.nix | 84 +++---------------- desktops/gnome-unstable.nix | 10 +-- desktops/gnome.nix | 10 +-- hosts/nixos-laptop/configuration.nix | 18 +--- .../nixos-laptop}/gnome-dconf.nix | 0 hosts/nixos-laptop/hardware-configuration.nix | 13 +++ modules/fonts.nix | 21 +++++ modules/networking.nix | 20 +++++ modules/nixos.nix | 20 +++++ modules/secureboot.nix | 15 ++++ 10 files changed, 111 insertions(+), 100 deletions(-) rename {users/albert => hosts/nixos-laptop}/gnome-dconf.nix (100%) create mode 100644 modules/fonts.nix create mode 100644 modules/networking.nix create mode 100644 modules/nixos.nix create mode 100644 modules/secureboot.nix diff --git a/configuration.nix b/configuration.nix index 7435b3e0..2a1d1c22 100644 --- a/configuration.nix +++ b/configuration.nix @@ -12,50 +12,18 @@ ./desktops/gnome-unstable.nix # Services - ./services/openssh.nix - ./services/promtail.nix - ./services/fail2ban.nix - ./services/telegraf.nix + ./services/openssh.nix + ./services/promtail.nix + ./services/fail2ban.nix + ./services/telegraf.nix + + # Modules + ./modules/nixos.nix # General NixOS items. Flake enablement, etc + ./modules/secureboot.nix # Secureboot Configs + ./modules/fonts.nix # Font Configs + ./modules/networking.nix # Initial Networking configs ]; - # Keep the system up-to-date automatically - system = { - autoUpgrade = { - enable = true; - allowReboot = false; - channel = https://channels.nixos.org/nixos-23.05; - }; - }; - - # Bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.cleanOnBoot = true; - - # Plymouth splash screen - boot.plymouth.enable = true; - boot.initrd.systemd.enable = true; - boot.kernelParams = ["quiet"]; - - # SecureBoot - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.lanzaboote.enable = true; - boot.lanzaboote.pkiBundle = "/etc/secureboot"; - - # Enable networking - networking = { - networkmanager = { - enable = true; - }; - - enableIPv6 = false; - firewall = { - enable = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - interfaces.tailscale0.allowedTCPPorts = [ 22 ]; - }; - }; - # Set your time zone. time.timeZone = "Asia/Tokyo"; @@ -74,7 +42,7 @@ LC_TIME = "en_US.UTF-8"; }; - # Define a user account. Don't forget to set a password with ‘passwd’. + # Define a user account. users.users.albert = { isNormalUser = true; description = "Albert J. Copeland"; @@ -82,9 +50,6 @@ hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; }; - # Enable flakes: https://nixos.wiki/wiki/Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # List packages installed in system profile environment.systemPackages = with pkgs; [ # Secureboot @@ -122,33 +87,6 @@ tailscale.enable = true; }; - # Garbage collection -- Keep the system clean - nix.gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; - - # Fonts - fonts = { - fontconfig = { - defaultFonts = { - emoji = [ "Noto Color Emoji" ]; - monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ]; - sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; - serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; - }; - includeUserConf = false; - }; - - fonts = with pkgs; [ - cascadia-code - (nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; }) - noto-fonts-emoji - sarasa-gothic - ]; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/desktops/gnome-unstable.nix b/desktops/gnome-unstable.nix index 6f0e3311..4d9c1483 100644 --- a/desktops/gnome-unstable.nix +++ b/desktops/gnome-unstable.nix @@ -54,11 +54,11 @@ imports = [ # Gnome Themes - # ./gnome/themes/gruvbox.nix - # ./gnome/themes/tokyo-night.nix - # ./gnome/themes/nordic.nix - # ./gnome/themes/vimix.nix - # ./gnome/themes/fluent.nix + ./gnome/themes/gruvbox.nix + ./gnome/themes/tokyo-night.nix + ./gnome/themes/nordic.nix + ./gnome/themes/vimix.nix + ./gnome/themes/fluent.nix # You may need to edit which theme you're using in dconf.nix if you remove themes ]; # Idea... Move these to a separate file and tie it into dconf diff --git a/desktops/gnome.nix b/desktops/gnome.nix index 44bcca7e..f0ddc868 100644 --- a/desktops/gnome.nix +++ b/desktops/gnome.nix @@ -54,11 +54,11 @@ imports = [ # Gnome Themes - ./gnome/themes/gruvbox.nix - ./gnome/themes/tokyo-night.nix - ./gnome/themes/nordic.nix - ./gnome/themes/vimix.nix - ./gnome/themes/fluent.nix + ./gnome/themes/gruvbox.nix + ./gnome/themes/tokyo-night.nix + ./gnome/themes/nordic.nix + ./gnome/themes/vimix.nix + ./gnome/themes/fluent.nix # You may need to edit which theme you're using in dconf.nix if you remove themes ]; # Idea... Move these to a separate file and tie it into dconf diff --git a/hosts/nixos-laptop/configuration.nix b/hosts/nixos-laptop/configuration.nix index f002495b..30efc01f 100644 --- a/hosts/nixos-laptop/configuration.nix +++ b/hosts/nixos-laptop/configuration.nix @@ -6,18 +6,6 @@ # Set the networking hostname: networking.hostName = "nixos-laptop"; - # Enable swap on luks - boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431"; - boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin"; - - # Setup keyfile - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - # Hibernation resume device: - boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; - # Configure the fingerprint reader services.fprintd = { enable = true; @@ -30,6 +18,7 @@ hardware = { opengl.enable = true; opengl.driSupport32Bit = true; + opengl.driSupport = true; nvidia = { open = false; @@ -47,9 +36,4 @@ # Fingerprint software fprintd ]; - - imports = [ - # Modules - ../../modules/powertop.nix - ]; } diff --git a/users/albert/gnome-dconf.nix b/hosts/nixos-laptop/gnome-dconf.nix similarity index 100% rename from users/albert/gnome-dconf.nix rename to hosts/nixos-laptop/gnome-dconf.nix diff --git a/hosts/nixos-laptop/hardware-configuration.nix b/hosts/nixos-laptop/hardware-configuration.nix index 6884b774..8dc0ed52 100644 --- a/hosts/nixos-laptop/hardware-configuration.nix +++ b/hosts/nixos-laptop/hardware-configuration.nix @@ -25,6 +25,19 @@ fsType = "vfat"; }; + + # Enable swap on luks + boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431"; + boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin"; + + # Setup keyfile + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + # Hibernation resume device: + boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; + swapDevices = [ { device = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; } ]; diff --git a/modules/fonts.nix b/modules/fonts.nix new file mode 100644 index 00000000..83522c59 --- /dev/null +++ b/modules/fonts.nix @@ -0,0 +1,21 @@ +{ pkgs, config, ... }: { + # Fonts + fonts = { + fontconfig = { + defaultFonts = { + emoji = [ "Noto Color Emoji" ]; + monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ]; + sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; + serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; + }; + includeUserConf = false; + }; + + fonts = with pkgs; [ + cascadia-code + (nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; }) + noto-fonts-emoji + sarasa-gothic + ]; + }; +} \ No newline at end of file diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 00000000..3df01b88 --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,20 @@ +{pkgs, config, hostname, ...}: { + # Enable networking + # Imports for host-specific configs: + imports = [ + ../hosts/${hostname}/networking.nix + ] + networking = { + networkmanager = { + enable = true; + }; + + enableIPv6 = false; + firewall = { + enable = true; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; + interfaces.tailscale0.allowedTCPPorts = [ 22 ]; + }; + }; +} \ No newline at end of file diff --git a/modules/nixos.nix b/modules/nixos.nix new file mode 100644 index 00000000..3f5480f9 --- /dev/null +++ b/modules/nixos.nix @@ -0,0 +1,20 @@ +{ pkgs, config, ... }: { + # Enable flakes: https://nixos.wiki/wiki/Flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Keep the system up-to-date automatically + system = { + autoUpgrade = { + enable = true; + allowReboot = false; + channel = https://channels.nixos.org/nixos-23.05; + }; + }; + + # Garbage collection -- Keep the system clean + nix.gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; +} \ No newline at end of file diff --git a/modules/secureboot.nix b/modules/secureboot.nix new file mode 100644 index 00000000..5941d45f --- /dev/null +++ b/modules/secureboot.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ...}: { + # Bootloader + boot.loader.efi.canTouchEfiVariables = true; + boot.tmp.cleanOnBoot = true; + + # Plymouth splash screen + boot.plymouth.enable = true; + boot.initrd.systemd.enable = true; + boot.kernelParams = ["quiet"]; + + # SecureBoot + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote.enable = true; + boot.lanzaboote.pkiBundle = "/etc/secureboot"; +} \ No newline at end of file