mirror of
https://github.com/ivabus/nixos
synced 2024-11-22 08:25:07 +03:00
Call nixfmt for the first time
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
6c7e4a2946
commit
9de8497113
35 changed files with 239 additions and 299 deletions
|
@ -1,11 +1,8 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.git;
|
||||||
cfg = config.my.git;
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = { my.git.enable = lib.mkEnableOption "Enable git configuration"; };
|
||||||
my.git.enable = lib.mkEnableOption "Enable git configuration";
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.laptop;
|
||||||
cfg = config.my.laptop;
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
my.laptop.enable = lib.mkEnableOption "Laptop-specific configuration";
|
my.laptop.enable = lib.mkEnableOption "Laptop-specific configuration";
|
||||||
|
@ -9,9 +8,7 @@ in {
|
||||||
|
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
networking.wireless.iwd.enable = true;
|
networking.wireless.iwd.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ lm_sensors ];
|
||||||
lm_sensors
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
services.blueman.enable = true;
|
services.blueman.enable = true;
|
||||||
|
|
|
@ -16,10 +16,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# Used by systemd-resolved, not directly by resolv.conf.
|
# Used by systemd-resolved, not directly by resolv.conf.
|
||||||
networking.nameservers = [
|
networking.nameservers =
|
||||||
"8.8.8.8#dns.google"
|
[ "8.8.8.8#dns.google" "1.0.0.1#cloudflare-dns.com" ];
|
||||||
"1.0.0.1#cloudflare-dns.com"
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.enableIPv6 = true;
|
networking.enableIPv6 = true;
|
||||||
|
|
||||||
|
@ -37,7 +35,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.chrony.enable = true;
|
services.chrony.enable = true;
|
||||||
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
networking.timeServers =
|
||||||
|
[ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
||||||
|
|
||||||
# Useful tools
|
# Useful tools
|
||||||
boot.kernelModules = [ "af_packet" ];
|
boot.kernelModules = [ "af_packet" ];
|
||||||
|
|
|
@ -8,9 +8,9 @@
|
||||||
# Cute banner, r-right?
|
# Cute banner, r-right?
|
||||||
banner = ''
|
banner = ''
|
||||||
|
|
||||||
Authorized access only!
|
Authorized access only!
|
||||||
|
|
||||||
If you are not authorized to access or use this system, disconnect now!
|
If you are not authorized to access or use this system, disconnect now!
|
||||||
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../.;
|
||||||
my = import ../.;
|
|
||||||
in rec {
|
in rec {
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
@ -33,15 +32,13 @@ in rec {
|
||||||
hashedPassword = my.secrets.hashed-password;
|
hashedPassword = my.secrets.hashed-password;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
hashedPassword = null;
|
hashedPassword = null;
|
||||||
openssh.authorizedKeys.keys = users.users.ivabus.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys =
|
||||||
|
users.users.ivabus.openssh.authorizedKeys.keys;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.zsh = {
|
programs.zsh = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.gnupg.agent.enable = true;
|
programs.gnupg.agent.enable = true;
|
||||||
programs.ssh.startAgent = true;
|
programs.ssh.startAgent = true;
|
||||||
|
|
|
@ -3,10 +3,5 @@ rec {
|
||||||
roles = import ./roles;
|
roles = import ./roles;
|
||||||
secrets = import ./secrets.nix;
|
secrets = import ./secrets.nix;
|
||||||
|
|
||||||
modules = { pkgs, ... }: {
|
modules = { pkgs, ... }: { imports = [ common roles ]; };
|
||||||
imports = [
|
|
||||||
common
|
|
||||||
roles
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
19
flake.nix
19
flake.nix
|
@ -11,24 +11,18 @@
|
||||||
apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon";
|
apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
outputs =
|
||||||
outputs = { self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: {
|
{ self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: {
|
||||||
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
||||||
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [ home-manager.nixosModules.home-manager ./machines/stella ];
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
./machines/stella
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Vetus = iMac 27" 2017, i5, 64 GB RAM
|
# Vetus = iMac 27" 2017, i5, 64 GB RAM
|
||||||
nixosConfigurations."vetus" = nixpkgs.lib.nixosSystem {
|
nixosConfigurations."vetus" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [ home-manager.nixosModules.home-manager ./machines/vetus ];
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
./machines/vetus
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Celerrime = MacBook Air M2
|
# Celerrime = MacBook Air M2
|
||||||
|
@ -51,9 +45,8 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
/* These machines will be configured later. */
|
# These machines will be configured later.
|
||||||
/*
|
/* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
|
||||||
# Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
|
|
||||||
nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
|
nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
overlay = final: super: {
|
overlay = final: super: {
|
||||||
makeModulesClosure = x:
|
makeModulesClosure = x:
|
||||||
super.makeModulesClosure (x // { allowMissing = true; }); # Ignores missing kernel modules (can't build image without this fix)
|
super.makeModulesClosure (x // {
|
||||||
|
allowMissing = true;
|
||||||
|
}); # Ignores missing kernel modules (can't build image without this fix)
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../..;
|
||||||
my = import ../..;
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [ ./hardware.nix my.modules ];
|
||||||
./hardware.nix
|
|
||||||
my.modules
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hostName = "celerrime";
|
networking.hostName = "celerrime";
|
||||||
|
|
||||||
|
@ -28,9 +24,7 @@ in {
|
||||||
virtualisation.enable = false;
|
virtualisation.enable = false;
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-client.enable = true;
|
||||||
|
|
||||||
server = {
|
server = { ivabus-dev.enable = true; };
|
||||||
ivabus-dev.enable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.useDHCP = true;
|
networking.useDHCP = true;
|
||||||
|
@ -40,9 +34,8 @@ in {
|
||||||
hardware.asahi.addEdgeKernelConfig = true;
|
hardware.asahi.addEdgeKernelConfig = true;
|
||||||
hardware.asahi.useExperimentalGPUDriver = true;
|
hardware.asahi.useExperimentalGPUDriver = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs;
|
||||||
(retroarch.override { cores = with libretro; [ np2kai ];})
|
[ (retroarch.override { cores = with libretro; [ np2kai ]; }) ];
|
||||||
];
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,30 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "usb_storage" ];
|
boot.initrd.availableKernelModules = [ "usb_storage" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/aed0b311-8954-4164-afc3-9e7c6a2d8c2a";
|
device = "/dev/disk/by-uuid/aed0b311-8954-4164-afc3-9e7c6a2d8c2a";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/8551d309-afe6-4a25-b571-b2cb1eff7c09";
|
boot.initrd.luks.devices."cryptroot".device =
|
||||||
|
"/dev/disk/by-uuid/8551d309-afe6-4a25-b571-b2cb1eff7c09";
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/771E-1309";
|
device = "/dev/disk/by-uuid/771E-1309";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices = [{
|
||||||
[ {
|
|
||||||
device = "/dev/disk/by-partuuid/dace6477-697e-4bba-aede-eb0e9f7a28ff";
|
device = "/dev/disk/by-partuuid/dace6477-697e-4bba-aede-eb0e9f7a28ff";
|
||||||
randomEncryption.enable = true;
|
randomEncryption.enable = true;
|
||||||
} ];
|
}];
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../..;
|
||||||
my = import ../..;
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
|
./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
|
||||||
|
|
|
@ -1,13 +1,8 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../..;
|
||||||
my = import ../..;
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [ my.modules ../../hardware/rpi4.nix ];
|
||||||
my.modules
|
|
||||||
../../hardware/rpi4.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hostName = "rubusidaeus";
|
networking.hostName = "rubusidaeus";
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,8 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../..;
|
||||||
my = import ../..;
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [ ./hardware.nix my.modules ];
|
||||||
./hardware.nix
|
|
||||||
my.modules
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
@ -28,8 +23,8 @@ in {
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-client.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.xserver.videoDrivers=["amdgpu"];
|
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||||
boot.initrd.kernelModules=["amdgpu"];
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
|
|
||||||
powerManagement = {
|
powerManagement = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" "nct6775" ];
|
boot.kernelModules = [ "kvm-amd" "nct6775" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
@ -17,20 +15,22 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/e9d47776-8f25-490b-9ea3-ee80ab9d6110";
|
device = "/dev/disk/by-uuid/e9d47776-8f25-490b-9ea3-ee80ab9d6110";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c2e3757b-b29c-4797-9535-084eb71351e9";
|
boot.initrd.luks.devices."cryptroot".device =
|
||||||
|
"/dev/disk/by-uuid/c2e3757b-b29c-4797-9535-084eb71351e9";
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/4F73-6FFF";
|
device = "/dev/disk/by-uuid/4F73-6FFF";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,8 @@
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let my = import ../..;
|
||||||
my = import ../..;
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [ ./hardware.nix my.modules ];
|
||||||
./hardware.nix
|
|
||||||
my.modules
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
@ -28,8 +23,8 @@ in {
|
||||||
|
|
||||||
networking.useDHCP = true;
|
networking.useDHCP = true;
|
||||||
|
|
||||||
services.xserver.videoDrivers=["amdgpu"];
|
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||||
boot.initrd.kernelModules=["amdgpu"];
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,23 +1,24 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
|
(modulesPath + "/hardware/network/broadcom-43xx.nix")
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/nvme0n1p2";
|
device = "/dev/nvme0n1p2";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/B167-E1D3";
|
device = "/dev/disk/by-uuid/B167-E1D3";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -25,5 +26,6 @@
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs ? import <nixpkgs> {}, bundlerEnv, ... }:
|
{ pkgs ? import <nixpkgs> { }, bundlerEnv, ... }:
|
||||||
let
|
let
|
||||||
version = "130812885aee9f2e0a5f6a4b534a3b6b68431554";
|
version = "130812885aee9f2e0a5f6a4b534a3b6b68431554";
|
||||||
repo = builtins.fetchGit {
|
repo = builtins.fetchGit {
|
||||||
|
|
|
@ -1,14 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.design;
|
||||||
cfg = config.my.roles.design;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.design.enable = lib.mkEnableOption "Enable design-specific programs";
|
options.my.roles.design.enable =
|
||||||
|
lib.mkEnableOption "Enable design-specific programs";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ inkscape gimp imagemagick ];
|
||||||
inkscape
|
|
||||||
gimp
|
|
||||||
imagemagick
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.devel;
|
||||||
cfg = config.my.roles.devel;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.devel.enable = lib.mkEnableOption "Enable tools for development programs";
|
options.my.roles.devel.enable =
|
||||||
config = lib.mkIf (cfg.enable) ( lib.mkMerge [{
|
lib.mkEnableOption "Enable tools for development programs";
|
||||||
|
config = lib.mkIf (cfg.enable) (lib.mkMerge [
|
||||||
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
rustc
|
rustc
|
||||||
|
@ -25,21 +26,27 @@ in {
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
# Architecture-specific packages and configuration
|
# Architecture-specific packages and configuration
|
||||||
(lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];})
|
(lib.mkIf (!pkgs.stdenv.isAarch64) {
|
||||||
(lib.mkIf (!pkgs.stdenv.isAarch32) {boot.binfmt.emulatedSystems = [ "armv6l-linux" ];})
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
(lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];})
|
})
|
||||||
|
(lib.mkIf (!pkgs.stdenv.isAarch32) {
|
||||||
|
boot.binfmt.emulatedSystems = [ "armv6l-linux" ];
|
||||||
|
})
|
||||||
|
(lib.mkIf (!pkgs.stdenv.isx86_64) {
|
||||||
|
boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];
|
||||||
|
})
|
||||||
# Remove CLion from builds while I'm semi-online
|
# Remove CLion from builds while I'm semi-online
|
||||||
# Install CLion only if we are on x86_64
|
# Install CLion only if we are on x86_64
|
||||||
/*(lib.mkIf (pkgs.stdenv.isx86_64) {
|
/* (lib.mkIf (pkgs.stdenv.isx86_64) {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
jetbrains.clion
|
jetbrains.clion
|
||||||
];
|
];
|
||||||
})*/
|
})
|
||||||
|
*/
|
||||||
# Install vscode only if we are on x86_64 or aarch64 or aarch32
|
# Install vscode only if we are on x86_64 or aarch64 or aarch32
|
||||||
(lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
|
(lib.mkIf
|
||||||
environment.systemPackages = with pkgs; [
|
(pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
|
||||||
vscode
|
environment.systemPackages = with pkgs; [ vscode ];
|
||||||
];
|
|
||||||
})
|
})
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.gaming;
|
||||||
cfg = config.my.roles.gaming;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
|
options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
|
||||||
config = lib.mkIf (cfg.enable) ( lib.mkMerge [{
|
config = lib.mkIf (cfg.enable) (lib.mkMerge [
|
||||||
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
hardware.opengl.driSupport32Bit = true;
|
hardware.opengl.driSupport32Bit = true;
|
||||||
services.pipewire.alsa.support32Bit = true;
|
services.pipewire.alsa.support32Bit = true;
|
||||||
|
@ -15,12 +15,13 @@ in {
|
||||||
wineWowPackages.staging
|
wineWowPackages.staging
|
||||||
winetricks
|
winetricks
|
||||||
wineWowPackages.waylandFull
|
wineWowPackages.waylandFull
|
||||||
(retroarch.override { cores = with libretro; [ np2kai ];})
|
(retroarch.override { cores = with libretro; [ np2kai ]; })
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
# Enable steam only on x86_64 (since I have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
|
# Enable steam only on x86_64 (since I have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
|
||||||
(lib.mkIf(pkgs.stdenv.isx86_64) {
|
(lib.mkIf (pkgs.stdenv.isx86_64) {
|
||||||
programs.steam.enable = true; # Firewall ports used by Steam in-home streaming.
|
programs.steam.enable =
|
||||||
|
true; # Firewall ports used by Steam in-home streaming.
|
||||||
networking.firewall.allowedTCPPorts = [ 27036 27037 ];
|
networking.firewall.allowedTCPPorts = [ 27036 27037 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 27031 27036 ];
|
networking.firewall.allowedUDPPorts = [ 27031 27036 ];
|
||||||
})
|
})
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.graphical;
|
||||||
cfg = config.my.roles.graphical;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.graphical.enable = lib.mkEnableOption "Enable GUI";
|
options.my.roles.graphical.enable = lib.mkEnableOption "Enable GUI";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
@ -85,7 +84,8 @@ in {
|
||||||
roboto-mono
|
roboto-mono
|
||||||
kochi-substitute
|
kochi-substitute
|
||||||
];
|
];
|
||||||
environment.sessionVariables.NIXOS_OZONE_WL = "1"; # Enable wayland for electron
|
environment.sessionVariables.NIXOS_OZONE_WL =
|
||||||
|
"1"; # Enable wayland for electron
|
||||||
home-manager.users.ivabus = {
|
home-manager.users.ivabus = {
|
||||||
gtk = {
|
gtk = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.latex;
|
||||||
cfg = config.my.roles.latex;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
|
options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
|
||||||
config = lib.mkIf (cfg.enable){
|
config = lib.mkIf (cfg.enable) {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs;
|
||||||
|
[
|
||||||
# Maybe I don't need to use -full variant of texlive
|
# Maybe I don't need to use -full variant of texlive
|
||||||
# TODO: I should find distribution I actually need
|
# TODO: I should find distribution I actually need
|
||||||
texlive.combined.scheme-full
|
texlive.combined.scheme-full
|
||||||
|
|
|
@ -1,13 +1,10 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.media-client;
|
||||||
cfg = config.my.roles.media-client;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.media-client.enable = lib.mkEnableOption "Enable media players, downloaders, etc.";
|
options.my.roles.media-client.enable =
|
||||||
config = lib.mkIf (cfg.enable){
|
lib.mkEnableOption "Enable media players, downloaders, etc.";
|
||||||
environment.systemPackages = with pkgs; [
|
config = lib.mkIf (cfg.enable) {
|
||||||
vlc
|
environment.systemPackages = with pkgs; [ vlc yt-dlp ffmpeg ];
|
||||||
yt-dlp ffmpeg
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,12 +1,11 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.ntp-server;
|
||||||
cfg = config.my.roles.ntp-server;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.ntp-server.enable = lib.mkEnableOption "Enable NTP server";
|
options.my.roles.ntp-server.enable = lib.mkEnableOption "Enable NTP server";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
services.chrony.extraConfig = ''
|
services.chrony.extraConfig = ''
|
||||||
allow 192.168.0.0/16
|
allow 192.168.0.0/16
|
||||||
'';
|
'';
|
||||||
networking.firewall.allowedUDPPorts = [ 123 ];
|
networking.firewall.allowedUDPPorts = [ 123 ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let cfg = config.my.roles.server.ivabus-dev;
|
||||||
cfg = config.my.roles.server.ivabus-dev;
|
in {
|
||||||
in
|
options.my.roles.server.ivabus-dev.enable =
|
||||||
{
|
lib.mkEnableOption "Serve ivabus.dev";
|
||||||
options.my.roles.server.ivabus-dev.enable = lib.mkEnableOption "Serve ivabus.dev";
|
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
my.roles.server.nginx.enable = true;
|
my.roles.server.nginx.enable = true;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts."ivabus.dev" = {
|
virtualHosts."ivabus.dev" = {
|
||||||
# i don't want to call package like this
|
# i don't want to call package like this
|
||||||
root = pkgs.callPackage ../../pkgs/ivabus-dev.nix {};
|
root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { };
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let cfg = config.my.roles.server.nginx;
|
||||||
cfg = config.my.roles.server.nginx;
|
in {
|
||||||
in
|
|
||||||
{
|
|
||||||
# Don't call from machine setup, services will enable it automatically
|
# Don't call from machine setup, services will enable it automatically
|
||||||
options.my.roles.server.nginx.enable = lib.mkEnableOption "Initial nginx setup";
|
options.my.roles.server.nginx.enable =
|
||||||
|
lib.mkEnableOption "Initial nginx setup";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,13 +1,12 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.torrent;
|
||||||
cfg = config.my.roles.torrent;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.torrent.enable = lib.mkEnableOption "Enable torrent support.";
|
options.my.roles.torrent.enable =
|
||||||
|
lib.mkEnableOption "Enable torrent support.";
|
||||||
# TODO: do something about systems without GUI (i don't use any at the moment)
|
# TODO: do something about systems without GUI (i don't use any at the moment)
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs;
|
||||||
(transmission.override {enableGTK3 = true;})
|
[ (transmission.override { enableGTK3 = true; }) ];
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,15 +1,12 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.virtualisation;
|
||||||
cfg = config.my.roles.virtualisation;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.virtualisation.enable = lib.mkEnableOption "Enable tools for virtualisation";
|
options.my.roles.virtualisation.enable =
|
||||||
|
lib.mkEnableOption "Enable tools for virtualisation";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
# TODO: Think if I ever need virtualisation
|
# TODO: Think if I ever need virtualisation
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ qemu_full qemu-utils ];
|
||||||
qemu_full
|
|
||||||
qemu-utils
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,9 +1,9 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
let
|
let cfg = config.my.roles.yggdrasil-client;
|
||||||
cfg = config.my.roles.yggdrasil-client;
|
|
||||||
in {
|
in {
|
||||||
options.my.roles.yggdrasil-client.enable = lib.mkEnableOption "Enable yggdrasil";
|
options.my.roles.yggdrasil-client.enable =
|
||||||
|
lib.mkEnableOption "Enable yggdrasil";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
services.yggdrasil = {
|
services.yggdrasil = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
12
secrets.nix
12
secrets.nix
|
@ -1,9 +1,9 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
||||||
expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
expectedHash =
|
||||||
in
|
"bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
||||||
if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
in if canaryHash != expectedHash then
|
||||||
else {
|
abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||||
|
else {
|
||||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,18 +1,9 @@
|
||||||
{ crossSystem ? "aarch64-unknown-linux-musl" }:
|
{ crossSystem ? "aarch64-unknown-linux-musl" }:
|
||||||
|
|
||||||
let pkgs = import <nixpkgs> {
|
let pkgs = import <nixpkgs> { crossSystem = { config = crossSystem; }; };
|
||||||
crossSystem = {
|
in pkgs.pkgsStatic.callPackage ({ mkShell, pkg-config, zlib, file }:
|
||||||
config = crossSystem;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
pkgs.pkgsStatic.callPackage (
|
|
||||||
{mkShell, pkg-config, zlib, file}:
|
|
||||||
mkShell {
|
mkShell {
|
||||||
nativeBuildInputs = [ pkg-config file ];
|
nativeBuildInputs = [ pkg-config file ];
|
||||||
buildInputs = [ zlib ];
|
buildInputs = [ zlib ];
|
||||||
env = {
|
env = { CROSS_COMPILE = crossSystem; };
|
||||||
CROSS_COMPILE = crossSystem;
|
}) { }
|
||||||
};
|
|
||||||
}
|
|
||||||
) {}
|
|
||||||
|
|
Loading…
Reference in a new issue