Add some comments, fix vetus and celerrime

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

common/default.nix

@@ -0,0 +1,12 @@
+{
+  imports = [
+    ./base.nix
+    ./laptop.nix
+    ./locale.nix
+    ./networking.nix
+    ./remote-access.nix
+    ./security.nix
+    ./stateless.nix
+    ./user.nix
+  ];
+}

common/laptop.nix

@@ -9,7 +9,6 @@ in {
 
   config = lib.mkIf (cfg.enable) {
     environment.systemPackages = with pkgs; [
-      powertop
       lm_sensors
     ];
 

common/locale.nix

@@ -4,6 +4,7 @@
   time.timeZone = "Europe/Moscow";
 
   i18n.defaultLocale = "ru_RU.UTF-8";
+  
   console = {
     font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz";
     keyMap = "us";

common/networking.nix

@@ -4,10 +4,12 @@
   networking.wireless.iwd.enable = true;
   networking.wireless.iwd.settings = {
     General = {
+      # Enable DHCP in IWD, TODO: don't do it
       EnableNetworkConfiguration = true;
     };
   };
 
+  # TODO: setup DoH or DoT
   networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
 
   networking.enableIPv6 = true;
@@ -28,6 +30,8 @@
 
   services.timesyncd.enable = true;
   networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
+
+  # Useful tools
   boot.kernelModules = [ "af_packet" ];
   environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ];
 }

common/remote-access.nix

@@ -4,6 +4,8 @@
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
+    
+    # Cute banner, right?
     banner = ''
 
 Authorized access only!
@@ -12,5 +14,7 @@ If you are not authorized to access or use this system, disconnect now!
 
     '';
   };
+
+  # TODO: I don't use it
   programs.mosh.enable = true;
 }

common/security.nix

@@ -6,8 +6,8 @@
   security = {
     lockKernelModules = true;
     protectKernelImage = true;
-    allowSimultaneousMultithreading = true;
-    forcePageTableIsolation = false;
+    allowSimultaneousMultithreading = false;
+    forcePageTableIsolation = true;
     virtualisation.flushL1DataCache = "always";
     apparmor = {
       enable = true;

common/stateless.nix

@@ -0,0 +1,8 @@
+{ config, lib, ... }:
+
+{
+  boot.kernel.sysctl = {
+    "vm.panic_on_oom" = true;
+    "kernel.panic" = 3;
+  };
+}

common/user.nix

@@ -7,6 +7,7 @@ in rec {
 
   users.users.ivabus = {
     isNormalUser = true;
+    # Figure out groups I need
     extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"];
     uid = 1000;
     packages = with pkgs; [

default.nix

@@ -0,0 +1,11 @@
+rec {
+  common = import ./common;
+  roles = import ./roles;
+
+  modules = { pkgs, ... }: rec {
+    imports = [
+      common
+      roles
+    ];
+  };
+}

flake.nix

@@ -27,21 +27,7 @@
       system = "x86_64-linux";
       modules = [
         home-manager.nixosModules.home-manager
-        ./common/base.nix
-        ./common/laptop.nix
-        ./common/locale.nix
-        ./common/networking.nix
-        ./common/remote-access.nix
-        ./common/security.nix
-        ./common/user.nix
-        ./roles/graphical.nix
-        ./roles/latex.nix
-        ./roles/gaming.nix
-        ./roles/devel.nix
-        ./roles/virtualisation.nix
-        ./roles/yggdrasil-client.nix
-        ./machines/vetus/configuration.nix
-        ./machines/vetus/hardware.nix
+        ./machines/vetus
       ];
     };
 
@@ -51,19 +37,7 @@
       modules = [
         home-manager.nixosModules.home-manager
         apple-silicon-support.nixosModules.apple-silicon-support
-        ./common/base.nix
-        ./common/user.nix
-        ./common/laptop.nix
-        ./common/networking.nix
-        ./common/locale.nix
-        ./common/remote-access.nix
-        ./roles/graphical.nix
-        ./roles/latex.nix
-        #./roles/gaming.nix
-        ./roles/devel.nix
-        ./roles/yggdrasil-client.nix
-        ./machines/celerrime/configuration.nix
-        ./machines/celerrime/hardware.nix
+        ./machines/celerrime
       ];
     };
 
@@ -73,11 +47,9 @@
     nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
       system = "aarch64-linux";
       modules = [
-        ./common/base.nix
-        ./common/user.nix
-        ./roles/laptop.nix
-        ./machines/effundam/configuration.nix
-        ./machines/effundam/hardware.nix
+        home-manager.nixosModules.home-manager
+        apple-silicon-support.nixosModules.apple-silicon-support
+        ./machines/effundam
       ];
     };
     */

machines/celerrime/configuration.nix

@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [  ];
-  networking.hostName = "celerrime";
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = false;
-  boot.kernelParams = [ "apple_dcp.show_notch=1" ];
-
-  hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
-  hardware.asahi.addEdgeKernelConfig = true;
-  hardware.asahi.useExperimentalGPUDriver = true;
-
-  system.stateVersion = "23.05";
-}

machines/celerrime/default.nix

@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+let
+  my = import ../..;
+in {
+  imports = [
+    ./hardware.nix
+    my.modules
+  ];
+  
+  networking.hostName = "celerrime";
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = false;
+  # Enable screen space near notch
+  boot.kernelParams = [ "apple_dcp.show_notch=1" ];
+
+  my.laptop.enable = true;
+  my.roles = {
+    design.enable = true;
+    devel.enable = true;
+    gaming.enable = false;
+    graphical.enable = true;
+    latex.enable = true;
+    virtualisation.enable = false;
+    yggdrasil-client.enable = true;
+  };
+
+  # Setup asahi-specific things. NOTE: you must copy firmware from ESP to /etc/nixos/asahi/firmware
+  hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
+  hardware.asahi.addEdgeKernelConfig = true;
+  hardware.asahi.useExperimentalGPUDriver = true;
+
+  system.stateVersion = "23.05";
+}

machines/example/default.nix

@@ -0,0 +1,32 @@
+
+{ config, pkgs, lib, ... }:
+
+let
+  my = import ../..;
+in {
+  imports = [
+    ./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
+    my.modules
+  ];
+
+  # Bootloader configuration
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "MACHINE";
+
+  # All "my" options
+  my.laptop.enable = true;
+  my.roles = {
+    design.enable = true;
+    devel.enable = true;
+    gaming.enable = true;
+    graphical.enable = true;
+    latex.enable = true;
+    virtualisation.enable = true;
+    yggdrasil-client.enable = true;
+  };
+
+  system.stateVersion = "23.05";
+}
+

machines/stella/default.nix

@@ -0,0 +1,38 @@
+
+{ config, pkgs, lib, ... }:
+
+let
+  my = import ../..;
+in {
+  imports = [
+    ./hardware.nix
+    my.modules
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "stella";
+
+  my.laptop.enable = true;
+  my.roles = {
+    design.enable = true;
+    devel.enable = true;
+    gaming.enable = true;
+    graphical.enable = true;
+    latex.enable = true;
+    virtualisation.enable = true;
+    yggdrasil-client.enable = true;
+  };
+
+  services.xserver.videoDrivers=["amdgpu"];
+  boot.initrd.kernelModules=["amdgpu"];
+
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "ondemand";
+  };
+
+  system.stateVersion = "23.05";
+}
+

machines/vetus/configuration.nix

@@ -1,14 +0,0 @@
-
-{ config, pkgs, ... }:
-
-{
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "vetus";
-
-  
-  system.stateVersion = "23.05";
-}
-

machines/vetus/default.nix

@@ -0,0 +1,33 @@
+
+{ config, pkgs, ... }:
+
+let
+  my = import ../..;
+in {
+  imports = [
+    ./hardware.nix
+    my.modules
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "vetus";
+
+  my.laptop.enable = false;
+  my.roles = {
+    design.enable = true;
+    devel.enable = true;
+    gaming.enable = true;
+    graphical.enable = true;
+    latex.enable = true;
+    virtualisation.enable = true;
+    yggdrasil-client.enable = true;
+  };
+
+  services.xserver.videoDrivers=["amdgpu"];
+  boot.initrd.kernelModules=["amdgpu"];
+  
+  system.stateVersion = "23.05";
+}
+

machines/vetus/hardware.nix

@@ -7,7 +7,7 @@
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = ["amdgpu"];
+  boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 

roles/default.nix

@@ -0,0 +1,11 @@
+{
+  imports = [
+    ./design.nix
+    ./devel.nix
+    ./gaming.nix
+    ./graphical.nix
+    ./latex.nix
+    ./virtualisation.nix
+    ./yggdrasil-client.nix
+  ];
+}

roles/devel.nix

@@ -26,11 +26,13 @@ in {
     (lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];})
     (lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];})
     # Remove CLion from builds while I'm semi-online
+    # Install CLion only if we are on x86_64
     /*(lib.mkIf (pkgs.stdenv.isx86_64) {
       environment.systemPackages = with pkgs; [
         jetbrains.clion
       ];
     })*/
+    # Install vscode only if we are on x86_64 or aarch64 or aarch32
     (lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
       environment.systemPackages = with pkgs; [
         vscode

roles/gaming.nix

@@ -4,13 +4,11 @@ let
   cfg = config.my.roles.gaming;
 in {
   options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
-  config = lib.mkIf (cfg.enable) {
+  config = lib.mkIf (cfg.enable) (lib.mkMerge {
     nixpkgs.config.allowUnfree = true;
     hardware.opengl.driSupport32Bit = true;
     services.pipewire.alsa.support32Bit = true;
-    programs.steam.enable = true;
     environment.systemPackages = with pkgs; [
-      steam
       wineWowPackages.stable
       wine
       (wine.override { wineBuild = "wine64"; })
@@ -18,5 +16,7 @@ in {
       winetricks
       wineWowPackages.waylandFull
     ];
-  };
+  }
+  # Enable steam only on x86_64 (since we have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
+  (lib.mkIf(pkgs.stdenv.isx86_64) {programs.steam.enable = true;}))
 }

roles/graphical.nix

@@ -15,7 +15,6 @@ in {
       ffmpeg
       cinnamon.nemo
       usbmuxd
-      telegram-desktop
       keepassxc
     ];
 
@@ -29,6 +28,7 @@ in {
         };
       };
     };
+
     programs.sway = {
       enable = true;
       extraPackages = with pkgs; [

roles/latex.nix

@@ -5,7 +5,9 @@ let
 in {
   options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
   config = lib.mkIf (cfg.enable){
-    environment.systemPackages = with pkgs; [
+    environment.systemPackages = with pkgs;
+      # Maybe I don't need to use -full variant of texlive
+      # I should find distribution I actually need
       texlive.combined.scheme-full
     ];
   };

roles/yggdrasil-client.nix

@@ -10,6 +10,7 @@ in {
       persistentKeys = true;
       settings = {
         Peers = [
+          # Maybe add more peers, not only mine
           "tls://ygg.iva.bz:50002"
         ];
       };