Break things out for greater modulatiry
This commit is contained in:
parent
fbdaf9263f
commit
72f2a400c6
10 changed files with 111 additions and 100 deletions
|
@ -16,46 +16,14 @@
|
|||
./services/promtail.nix
|
||||
./services/fail2ban.nix
|
||||
./services/telegraf.nix
|
||||
|
||||
# Modules
|
||||
./modules/nixos.nix # General NixOS items. Flake enablement, etc
|
||||
./modules/secureboot.nix # Secureboot Configs
|
||||
./modules/fonts.nix # Font Configs
|
||||
./modules/networking.nix # Initial Networking configs
|
||||
];
|
||||
|
||||
# Keep the system up-to-date automatically
|
||||
system = {
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
allowReboot = false;
|
||||
channel = https://channels.nixos.org/nixos-23.05;
|
||||
};
|
||||
};
|
||||
|
||||
# Bootloader
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
# Plymouth splash screen
|
||||
boot.plymouth.enable = true;
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot.kernelParams = ["quiet"];
|
||||
|
||||
# SecureBoot
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.lanzaboote.enable = true;
|
||||
boot.lanzaboote.pkiBundle = "/etc/secureboot";
|
||||
|
||||
# Enable networking
|
||||
networking = {
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
enableIPv6 = false;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ ];
|
||||
allowedUDPPorts = [ ];
|
||||
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
};
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Asia/Tokyo";
|
||||
|
||||
|
@ -74,7 +42,7 @@
|
|||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
# Define a user account.
|
||||
users.users.albert = {
|
||||
isNormalUser = true;
|
||||
description = "Albert J. Copeland";
|
||||
|
@ -82,9 +50,6 @@
|
|||
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
||||
};
|
||||
|
||||
# Enable flakes: https://nixos.wiki/wiki/Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Secureboot
|
||||
|
@ -122,33 +87,6 @@
|
|||
tailscale.enable = true;
|
||||
};
|
||||
|
||||
# Garbage collection -- Keep the system clean
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
# Fonts
|
||||
fonts = {
|
||||
fontconfig = {
|
||||
defaultFonts = {
|
||||
emoji = [ "Noto Color Emoji" ];
|
||||
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
|
||||
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
|
||||
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
|
||||
};
|
||||
includeUserConf = false;
|
||||
};
|
||||
|
||||
fonts = with pkgs; [
|
||||
cascadia-code
|
||||
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
|
||||
noto-fonts-emoji
|
||||
sarasa-gothic
|
||||
];
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
|
|
@ -54,11 +54,11 @@
|
|||
|
||||
imports = [
|
||||
# Gnome Themes
|
||||
# ./gnome/themes/gruvbox.nix
|
||||
# ./gnome/themes/tokyo-night.nix
|
||||
# ./gnome/themes/nordic.nix
|
||||
# ./gnome/themes/vimix.nix
|
||||
# ./gnome/themes/fluent.nix
|
||||
./gnome/themes/gruvbox.nix
|
||||
./gnome/themes/tokyo-night.nix
|
||||
./gnome/themes/nordic.nix
|
||||
./gnome/themes/vimix.nix
|
||||
./gnome/themes/fluent.nix
|
||||
# You may need to edit which theme you're using in dconf.nix if you remove themes
|
||||
];
|
||||
# Idea... Move these to a separate file and tie it into dconf
|
||||
|
|
|
@ -6,18 +6,6 @@
|
|||
# Set the networking hostname:
|
||||
networking.hostName = "nixos-laptop";
|
||||
|
||||
# Enable swap on luks
|
||||
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
|
||||
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
|
||||
|
||||
# Setup keyfile
|
||||
boot.initrd.secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
|
||||
# Hibernation resume device:
|
||||
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
|
||||
|
||||
# Configure the fingerprint reader
|
||||
services.fprintd = {
|
||||
enable = true;
|
||||
|
@ -30,6 +18,7 @@
|
|||
hardware = {
|
||||
opengl.enable = true;
|
||||
opengl.driSupport32Bit = true;
|
||||
opengl.driSupport = true;
|
||||
|
||||
nvidia = {
|
||||
open = false;
|
||||
|
@ -47,9 +36,4 @@
|
|||
# Fingerprint software
|
||||
fprintd
|
||||
];
|
||||
|
||||
imports = [
|
||||
# Modules
|
||||
../../modules/powertop.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -25,6 +25,19 @@
|
|||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
||||
# Enable swap on luks
|
||||
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
|
||||
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
|
||||
|
||||
# Setup keyfile
|
||||
boot.initrd.secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
|
||||
# Hibernation resume device:
|
||||
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; }
|
||||
];
|
||||
|
|
21
modules/fonts.nix
Normal file
21
modules/fonts.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ pkgs, config, ... }: {
|
||||
# Fonts
|
||||
fonts = {
|
||||
fontconfig = {
|
||||
defaultFonts = {
|
||||
emoji = [ "Noto Color Emoji" ];
|
||||
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
|
||||
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
|
||||
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
|
||||
};
|
||||
includeUserConf = false;
|
||||
};
|
||||
|
||||
fonts = with pkgs; [
|
||||
cascadia-code
|
||||
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
|
||||
noto-fonts-emoji
|
||||
sarasa-gothic
|
||||
];
|
||||
};
|
||||
}
|
20
modules/networking.nix
Normal file
20
modules/networking.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{pkgs, config, hostname, ...}: {
|
||||
# Enable networking
|
||||
# Imports for host-specific configs:
|
||||
imports = [
|
||||
../hosts/${hostname}/networking.nix
|
||||
]
|
||||
networking = {
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
enableIPv6 = false;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ ];
|
||||
allowedUDPPorts = [ ];
|
||||
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
};
|
||||
}
|
20
modules/nixos.nix
Normal file
20
modules/nixos.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ pkgs, config, ... }: {
|
||||
# Enable flakes: https://nixos.wiki/wiki/Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# Keep the system up-to-date automatically
|
||||
system = {
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
allowReboot = false;
|
||||
channel = https://channels.nixos.org/nixos-23.05;
|
||||
};
|
||||
};
|
||||
|
||||
# Garbage collection -- Keep the system clean
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
}
|
15
modules/secureboot.nix
Normal file
15
modules/secureboot.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, pkgs, ...}: {
|
||||
# Bootloader
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
# Plymouth splash screen
|
||||
boot.plymouth.enable = true;
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot.kernelParams = ["quiet"];
|
||||
|
||||
# SecureBoot
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.lanzaboote.enable = true;
|
||||
boot.lanzaboote.pkiBundle = "/etc/secureboot";
|
||||
}
|
Loading…
Reference in a new issue