diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..c96f7fe --- /dev/null +++ b/common/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./base.nix + ./laptop.nix + ./locale.nix + ./networking.nix + ./remote-access.nix + ./security.nix + ./stateless.nix + ./user.nix + ]; +} \ No newline at end of file diff --git a/common/laptop.nix b/common/laptop.nix index f988a98..2772bfe 100644 --- a/common/laptop.nix +++ b/common/laptop.nix @@ -9,7 +9,6 @@ in { config = lib.mkIf (cfg.enable) { environment.systemPackages = with pkgs; [ - powertop lm_sensors ]; diff --git a/common/locale.nix b/common/locale.nix index c9300f4..9df910e 100644 --- a/common/locale.nix +++ b/common/locale.nix @@ -4,6 +4,7 @@ time.timeZone = "Europe/Moscow"; i18n.defaultLocale = "ru_RU.UTF-8"; + console = { font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz"; keyMap = "us"; diff --git a/common/networking.nix b/common/networking.nix index 3f6daf5..0b50979 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -4,10 +4,12 @@ networking.wireless.iwd.enable = true; networking.wireless.iwd.settings = { General = { + # Enable DHCP in IWD, TODO: don't do it EnableNetworkConfiguration = true; }; }; + # TODO: setup DoH or DoT networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ]; networking.enableIPv6 = true; @@ -28,6 +30,8 @@ services.timesyncd.enable = true; networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; + + # Useful tools boot.kernelModules = [ "af_packet" ]; environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ]; } diff --git a/common/remote-access.nix b/common/remote-access.nix index 5357324..61c51fd 100644 --- a/common/remote-access.nix +++ b/common/remote-access.nix @@ -4,6 +4,8 @@ services.openssh = { enable = true; settings.PasswordAuthentication = false; + + # Cute banner, right? banner = '' Authorized access only! @@ -12,5 +14,7 @@ If you are not authorized to access or use this system, disconnect now! ''; }; + + # TODO: I don't use it programs.mosh.enable = true; } \ No newline at end of file diff --git a/common/security.nix b/common/security.nix index 8a12a98..0badcf3 100644 --- a/common/security.nix +++ b/common/security.nix @@ -6,8 +6,8 @@ security = { lockKernelModules = true; protectKernelImage = true; - allowSimultaneousMultithreading = true; - forcePageTableIsolation = false; + allowSimultaneousMultithreading = false; + forcePageTableIsolation = true; virtualisation.flushL1DataCache = "always"; apparmor = { enable = true; diff --git a/common/stateless.nix b/common/stateless.nix new file mode 100644 index 0000000..eca8dbd --- /dev/null +++ b/common/stateless.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: + +{ + boot.kernel.sysctl = { + "vm.panic_on_oom" = true; + "kernel.panic" = 3; + }; +} \ No newline at end of file diff --git a/common/user.nix b/common/user.nix index 78bf1af..0615e3c 100644 --- a/common/user.nix +++ b/common/user.nix @@ -7,6 +7,7 @@ in rec { users.users.ivabus = { isNormalUser = true; + # Figure out groups I need extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"]; uid = 1000; packages = with pkgs; [ diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..cbd5759 --- /dev/null +++ b/default.nix @@ -0,0 +1,11 @@ +rec { + common = import ./common; + roles = import ./roles; + + modules = { pkgs, ... }: rec { + imports = [ + common + roles + ]; + }; +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index edf06b3..aa5b74d 100644 --- a/flake.nix +++ b/flake.nix @@ -27,21 +27,7 @@ system = "x86_64-linux"; modules = [ home-manager.nixosModules.home-manager - ./common/base.nix - ./common/laptop.nix - ./common/locale.nix - ./common/networking.nix - ./common/remote-access.nix - ./common/security.nix - ./common/user.nix - ./roles/graphical.nix - ./roles/latex.nix - ./roles/gaming.nix - ./roles/devel.nix - ./roles/virtualisation.nix - ./roles/yggdrasil-client.nix - ./machines/vetus/configuration.nix - ./machines/vetus/hardware.nix + ./machines/vetus ]; }; @@ -51,19 +37,7 @@ modules = [ home-manager.nixosModules.home-manager apple-silicon-support.nixosModules.apple-silicon-support - ./common/base.nix - ./common/user.nix - ./common/laptop.nix - ./common/networking.nix - ./common/locale.nix - ./common/remote-access.nix - ./roles/graphical.nix - ./roles/latex.nix - #./roles/gaming.nix - ./roles/devel.nix - ./roles/yggdrasil-client.nix - ./machines/celerrime/configuration.nix - ./machines/celerrime/hardware.nix + ./machines/celerrime ]; }; @@ -73,11 +47,9 @@ nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ - ./common/base.nix - ./common/user.nix - ./roles/laptop.nix - ./machines/effundam/configuration.nix - ./machines/effundam/hardware.nix + home-manager.nixosModules.home-manager + apple-silicon-support.nixosModules.apple-silicon-support + ./machines/effundam ]; }; */ diff --git a/machines/celerrime/configuration.nix b/machines/celerrime/configuration.nix deleted file mode 100644 index 5f25df0..0000000 --- a/machines/celerrime/configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ]; - networking.hostName = "celerrime"; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = false; - boot.kernelParams = [ "apple_dcp.show_notch=1" ]; - - hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware; - hardware.asahi.addEdgeKernelConfig = true; - hardware.asahi.useExperimentalGPUDriver = true; - - system.stateVersion = "23.05"; -} diff --git a/machines/celerrime/default.nix b/machines/celerrime/default.nix new file mode 100644 index 0000000..5339dbe --- /dev/null +++ b/machines/celerrime/default.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +let + my = import ../..; +in { + imports = [ + ./hardware.nix + my.modules + ]; + + networking.hostName = "celerrime"; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + # Enable screen space near notch + boot.kernelParams = [ "apple_dcp.show_notch=1" ]; + + my.laptop.enable = true; + my.roles = { + design.enable = true; + devel.enable = true; + gaming.enable = false; + graphical.enable = true; + latex.enable = true; + virtualisation.enable = false; + yggdrasil-client.enable = true; + }; + + # Setup asahi-specific things. NOTE: you must copy firmware from ESP to /etc/nixos/asahi/firmware + hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware; + hardware.asahi.addEdgeKernelConfig = true; + hardware.asahi.useExperimentalGPUDriver = true; + + system.stateVersion = "23.05"; +} diff --git a/machines/example/default.nix b/machines/example/default.nix new file mode 100644 index 0000000..32f83e5 --- /dev/null +++ b/machines/example/default.nix @@ -0,0 +1,32 @@ + +{ config, pkgs, lib, ... }: + +let + my = import ../..; +in { + imports = [ + ./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix + my.modules + ]; + + # Bootloader configuration + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "MACHINE"; + + # All "my" options + my.laptop.enable = true; + my.roles = { + design.enable = true; + devel.enable = true; + gaming.enable = true; + graphical.enable = true; + latex.enable = true; + virtualisation.enable = true; + yggdrasil-client.enable = true; + }; + + system.stateVersion = "23.05"; +} + diff --git a/machines/stella/default.nix b/machines/stella/default.nix new file mode 100644 index 0000000..df6591a --- /dev/null +++ b/machines/stella/default.nix @@ -0,0 +1,38 @@ + +{ config, pkgs, lib, ... }: + +let + my = import ../..; +in { + imports = [ + ./hardware.nix + my.modules + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "stella"; + + my.laptop.enable = true; + my.roles = { + design.enable = true; + devel.enable = true; + gaming.enable = true; + graphical.enable = true; + latex.enable = true; + virtualisation.enable = true; + yggdrasil-client.enable = true; + }; + + services.xserver.videoDrivers=["amdgpu"]; + boot.initrd.kernelModules=["amdgpu"]; + + powerManagement = { + enable = true; + cpuFreqGovernor = "ondemand"; + }; + + system.stateVersion = "23.05"; +} + diff --git a/machines/vetus/configuration.nix b/machines/vetus/configuration.nix deleted file mode 100644 index d8bd32a..0000000 --- a/machines/vetus/configuration.nix +++ /dev/null @@ -1,14 +0,0 @@ - -{ config, pkgs, ... }: - -{ - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "vetus"; - - - system.stateVersion = "23.05"; -} - diff --git a/machines/vetus/default.nix b/machines/vetus/default.nix new file mode 100644 index 0000000..94b4b48 --- /dev/null +++ b/machines/vetus/default.nix @@ -0,0 +1,33 @@ + +{ config, pkgs, ... }: + +let + my = import ../..; +in { + imports = [ + ./hardware.nix + my.modules + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "vetus"; + + my.laptop.enable = false; + my.roles = { + design.enable = true; + devel.enable = true; + gaming.enable = true; + graphical.enable = true; + latex.enable = true; + virtualisation.enable = true; + yggdrasil-client.enable = true; + }; + + services.xserver.videoDrivers=["amdgpu"]; + boot.initrd.kernelModules=["amdgpu"]; + + system.stateVersion = "23.05"; +} + diff --git a/machines/vetus/hardware.nix b/machines/vetus/hardware.nix index f6b39ba..f42033d 100644 --- a/machines/vetus/hardware.nix +++ b/machines/vetus/hardware.nix @@ -7,7 +7,7 @@ ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = ["amdgpu"]; + boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/roles/default.nix b/roles/default.nix new file mode 100644 index 0000000..31a9c4d --- /dev/null +++ b/roles/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./design.nix + ./devel.nix + ./gaming.nix + ./graphical.nix + ./latex.nix + ./virtualisation.nix + ./yggdrasil-client.nix + ]; +} \ No newline at end of file diff --git a/roles/devel.nix b/roles/devel.nix index 959ce89..2b247ff 100644 --- a/roles/devel.nix +++ b/roles/devel.nix @@ -26,11 +26,13 @@ in { (lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];}) (lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];}) # Remove CLion from builds while I'm semi-online + # Install CLion only if we are on x86_64 /*(lib.mkIf (pkgs.stdenv.isx86_64) { environment.systemPackages = with pkgs; [ jetbrains.clion ]; })*/ + # Install vscode only if we are on x86_64 or aarch64 or aarch32 (lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) { environment.systemPackages = with pkgs; [ vscode diff --git a/roles/gaming.nix b/roles/gaming.nix index b3f2b24..b92fb21 100644 --- a/roles/gaming.nix +++ b/roles/gaming.nix @@ -4,13 +4,11 @@ let cfg = config.my.roles.gaming; in { options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam"; - config = lib.mkIf (cfg.enable) { + config = lib.mkIf (cfg.enable) (lib.mkMerge { nixpkgs.config.allowUnfree = true; hardware.opengl.driSupport32Bit = true; services.pipewire.alsa.support32Bit = true; - programs.steam.enable = true; environment.systemPackages = with pkgs; [ - steam wineWowPackages.stable wine (wine.override { wineBuild = "wine64"; }) @@ -18,5 +16,7 @@ in { winetricks wineWowPackages.waylandFull ]; - }; + } + # Enable steam only on x86_64 (since we have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon) + (lib.mkIf(pkgs.stdenv.isx86_64) {programs.steam.enable = true;})) } \ No newline at end of file diff --git a/roles/graphical.nix b/roles/graphical.nix index 43fd455..05181b4 100644 --- a/roles/graphical.nix +++ b/roles/graphical.nix @@ -15,7 +15,6 @@ in { ffmpeg cinnamon.nemo usbmuxd - telegram-desktop keepassxc ]; @@ -29,6 +28,7 @@ in { }; }; }; + programs.sway = { enable = true; extraPackages = with pkgs; [ diff --git a/roles/latex.nix b/roles/latex.nix index a2fc120..58d639e 100644 --- a/roles/latex.nix +++ b/roles/latex.nix @@ -5,7 +5,9 @@ let in { options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff"; config = lib.mkIf (cfg.enable){ - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; + # Maybe I don't need to use -full variant of texlive + # I should find distribution I actually need texlive.combined.scheme-full ]; }; diff --git a/roles/yggdrasil-client.nix b/roles/yggdrasil-client.nix index 8b9aa18..39c4369 100644 --- a/roles/yggdrasil-client.nix +++ b/roles/yggdrasil-client.nix @@ -10,6 +10,7 @@ in { persistentKeys = true; settings = { Peers = [ + # Maybe add more peers, not only mine "tls://ygg.iva.bz:50002" ]; };