Break things out for greater modulatiry

This commit is contained in:
iFargle 2023-07-12 20:52:15 +09:00
parent fbdaf9263f
commit 72f2a400c6
10 changed files with 111 additions and 100 deletions

View file

@ -16,46 +16,14 @@
./services/promtail.nix
./services/fail2ban.nix
./services/telegraf.nix
# Modules
./modules/nixos.nix # General NixOS items. Flake enablement, etc
./modules/secureboot.nix # Secureboot Configs
./modules/fonts.nix # Font Configs
./modules/networking.nix # Initial Networking configs
];
# Keep the system up-to-date automatically
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
channel = https://channels.nixos.org/nixos-23.05;
};
};
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
# Plymouth splash screen
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.kernelParams = ["quiet"];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
# Enable networking
networking = {
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
};
};
# Set your time zone.
time.timeZone = "Asia/Tokyo";
@ -74,7 +42,7 @@
LC_TIME = "en_US.UTF-8";
};
# Define a user account. Don't forget to set a password with passwd.
# Define a user account.
users.users.albert = {
isNormalUser = true;
description = "Albert J. Copeland";
@ -82,9 +50,6 @@
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
};
# Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [
# Secureboot
@ -122,33 +87,6 @@
tailscale.enable = true;
};
# Garbage collection -- Keep the system clean
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
# Fonts
fonts = {
fontconfig = {
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
};
includeUserConf = false;
};
fonts = with pkgs; [
cascadia-code
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
noto-fonts-emoji
sarasa-gothic
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

View file

@ -54,11 +54,11 @@
imports = [
# Gnome Themes
# ./gnome/themes/gruvbox.nix
# ./gnome/themes/tokyo-night.nix
# ./gnome/themes/nordic.nix
# ./gnome/themes/vimix.nix
# ./gnome/themes/fluent.nix
./gnome/themes/gruvbox.nix
./gnome/themes/tokyo-night.nix
./gnome/themes/nordic.nix
./gnome/themes/vimix.nix
./gnome/themes/fluent.nix
# You may need to edit which theme you're using in dconf.nix if you remove themes
];
# Idea... Move these to a separate file and tie it into dconf

View file

@ -6,18 +6,6 @@
# Set the networking hostname:
networking.hostName = "nixos-laptop";
# Enable swap on luks
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Hibernation resume device:
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
# Configure the fingerprint reader
services.fprintd = {
enable = true;
@ -30,6 +18,7 @@
hardware = {
opengl.enable = true;
opengl.driSupport32Bit = true;
opengl.driSupport = true;
nvidia = {
open = false;
@ -47,9 +36,4 @@
# Fingerprint software
fprintd
];
imports = [
# Modules
../../modules/powertop.nix
];
}

View file

@ -25,6 +25,19 @@
fsType = "vfat";
};
# Enable swap on luks
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Hibernation resume device:
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
swapDevices =
[ { device = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058"; }
];

21
modules/fonts.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, config, ... }: {
# Fonts
fonts = {
fontconfig = {
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
};
includeUserConf = false;
};
fonts = with pkgs; [
cascadia-code
(nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
noto-fonts-emoji
sarasa-gothic
];
};
}

20
modules/networking.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, config, hostname, ...}: {
# Enable networking
# Imports for host-specific configs:
imports = [
../hosts/${hostname}/networking.nix
]
networking = {
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
};
};
}

20
modules/nixos.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, config, ... }: {
# Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Keep the system up-to-date automatically
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
channel = https://channels.nixos.org/nixos-23.05;
};
};
# Garbage collection -- Keep the system clean
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
}

15
modules/secureboot.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, ...}: {
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
# Plymouth splash screen
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.kernelParams = ["quiet"];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
}