Break things out for greater modulatiry

This commit is contained in:
iFargle 2023-07-12 20:52:15 +09:00
parent fbdaf9263f
commit 72f2a400c6
10 changed files with 111 additions and 100 deletions

View file

@ -12,50 +12,18 @@
./desktops/gnome-unstable.nix ./desktops/gnome-unstable.nix
# Services # Services
./services/openssh.nix ./services/openssh.nix
./services/promtail.nix ./services/promtail.nix
./services/fail2ban.nix ./services/fail2ban.nix
./services/telegraf.nix ./services/telegraf.nix
# Modules
./modules/nixos.nix # General NixOS items. Flake enablement, etc
./modules/secureboot.nix # Secureboot Configs
./modules/fonts.nix # Font Configs
./modules/networking.nix # Initial Networking configs
]; ];
# Keep the system up-to-date automatically
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
channel = https://channels.nixos.org/nixos-23.05;
};
};
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
# Plymouth splash screen
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.kernelParams = ["quiet"];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
# Enable networking
networking = {
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
};
};
# Set your time zone. # Set your time zone.
time.timeZone = "Asia/Tokyo"; time.timeZone = "Asia/Tokyo";
@ -74,7 +42,7 @@
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
# Define a user account. Don't forget to set a password with passwd. # Define a user account.
users.users.albert = { users.users.albert = {
isNormalUser = true; isNormalUser = true;
description = "Albert J. Copeland"; description = "Albert J. Copeland";
@ -82,9 +50,6 @@
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
}; };
# Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# List packages installed in system profile # List packages installed in system profile
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Secureboot # Secureboot
@ -122,33 +87,6 @@
tailscale.enable = true; tailscale.enable = true;
}; };
# Garbage collection -- Keep the system clean
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
# Fonts
fonts = {
fontconfig = {
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
};
includeUserConf = false;
};
fonts = with pkgs; [
cascadia-code
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
noto-fonts-emoji
sarasa-gothic
];
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -54,11 +54,11 @@
imports = [ imports = [
# Gnome Themes # Gnome Themes
# ./gnome/themes/gruvbox.nix ./gnome/themes/gruvbox.nix
# ./gnome/themes/tokyo-night.nix ./gnome/themes/tokyo-night.nix
# ./gnome/themes/nordic.nix ./gnome/themes/nordic.nix
# ./gnome/themes/vimix.nix ./gnome/themes/vimix.nix
# ./gnome/themes/fluent.nix ./gnome/themes/fluent.nix
# You may need to edit which theme you're using in dconf.nix if you remove themes # You may need to edit which theme you're using in dconf.nix if you remove themes
]; ];
# Idea... Move these to a separate file and tie it into dconf # Idea... Move these to a separate file and tie it into dconf

View file

@ -54,11 +54,11 @@
imports = [ imports = [
# Gnome Themes # Gnome Themes
./gnome/themes/gruvbox.nix ./gnome/themes/gruvbox.nix
./gnome/themes/tokyo-night.nix ./gnome/themes/tokyo-night.nix
./gnome/themes/nordic.nix ./gnome/themes/nordic.nix
./gnome/themes/vimix.nix ./gnome/themes/vimix.nix
./gnome/themes/fluent.nix ./gnome/themes/fluent.nix
# You may need to edit which theme you're using in dconf.nix if you remove themes # You may need to edit which theme you're using in dconf.nix if you remove themes
]; ];
# Idea... Move these to a separate file and tie it into dconf # Idea... Move these to a separate file and tie it into dconf

View file

@ -6,18 +6,6 @@
# Set the networking hostname: # Set the networking hostname:
networking.hostName = "nixos-laptop"; networking.hostName = "nixos-laptop";
# Enable swap on luks
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Hibernation resume device:
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
# Configure the fingerprint reader # Configure the fingerprint reader
services.fprintd = { services.fprintd = {
enable = true; enable = true;
@ -30,6 +18,7 @@
hardware = { hardware = {
opengl.enable = true; opengl.enable = true;
opengl.driSupport32Bit = true; opengl.driSupport32Bit = true;
opengl.driSupport = true;
nvidia = { nvidia = {
open = false; open = false;
@ -47,9 +36,4 @@
# Fingerprint software # Fingerprint software
fprintd fprintd
]; ];
imports = [
# Modules
../../modules/powertop.nix
];
} }

View file

@ -25,6 +25,19 @@
fsType = "vfat"; fsType = "vfat";
}; };
# Enable swap on luks
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Hibernation resume device:
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; } [ { device = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; }
]; ];

21
modules/fonts.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, config, ... }: {
# Fonts
fonts = {
fontconfig = {
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
};
includeUserConf = false;
};
fonts = with pkgs; [
cascadia-code
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
noto-fonts-emoji
sarasa-gothic
];
};
}

20
modules/networking.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, config, hostname, ...}: {
# Enable networking
# Imports for host-specific configs:
imports = [
../hosts/${hostname}/networking.nix
]
networking = {
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
};
};
}

20
modules/nixos.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, config, ... }: {
# Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Keep the system up-to-date automatically
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
channel = https://channels.nixos.org/nixos-23.05;
};
};
# Garbage collection -- Keep the system clean
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
}

15
modules/secureboot.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, ...}: {
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
# Plymouth splash screen
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.kernelParams = ["quiet"];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
}