mirror of
https://github.com/ivabus/nixos
synced 2024-11-24 09:25:06 +03:00
Minor changes
Untested VF2 config, basic "user", option to enable users, option to enable git, basic graphics role, unfinished `router` role, global features Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
6889a37771
commit
f916ffb2b4
26 changed files with 530 additions and 380 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
|||
asahi*
|
||||
.key
|
||||
*.DS_Store
|
16
README.md
16
README.md
|
@ -24,16 +24,16 @@ nix build path:{{REPO_PATH}}#nixosConfigurations.HOST.config.system.build.sdImag
|
|||
nixos-rebuild switch --flake path:/etc/nixos
|
||||
```
|
||||
|
||||
Apple Silicon hosts require additional `--impure` flag for firmware installation. (Firmware should be placed in /etc/nixos/asahi/firmware (ignored by git)).
|
||||
Apple Silicon hosts require additional `--impure` flag for firmware installation. (Firmware should be placed in `/etc/nixos/asahi/firmware` (ignored by git)).
|
||||
|
||||
### Hosts configured
|
||||
|
||||
- stella (Random Ryzen 3 3250U laptop)
|
||||
- vetus (iMac 27" 2017)
|
||||
- celerrime (MacBook Air M2)
|
||||
- celerrime-x (MacBook Air M2 under Darwin) (Needs unifying)
|
||||
- rubusidaeus (Raspberry Pi 4B)
|
||||
|
||||
- celerrime (MacBook Air M2) (coding)
|
||||
- vetus (iMac 27" 2017) (gaming)
|
||||
- stella (Random Ryzen 3 3250U laptop) (lite websurfing client)
|
||||
- celerrime-x (MacBook Air M2 under Darwin) - Needs unifying + doesn't work - Nix daemon "bootloops"
|
||||
- rubusidaeus (Raspberry Pi 4B) (small services)
|
||||
- periculo (StarFive VisionFive2) (as router) - WIP + untested
|
||||
|
||||
## Modules
|
||||
|
||||
|
@ -70,7 +70,7 @@ curl https://iva.bz/nix | sh
|
|||
- [ ] iva.bz
|
||||
- [ ] ивабус.рф
|
||||
- Setup "secret" roles (I need them)
|
||||
- Setup router
|
||||
- Setup router (in progress with `periculo`)
|
||||
|
||||
## Copyright
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
my = import ../.;
|
||||
secrets = my.secrets { inherit config; };
|
||||
in {
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
|
@ -10,7 +13,7 @@
|
|||
auto-optimise-store = true;
|
||||
allowed-users = [ "root" "@wheel" ];
|
||||
trusted-users = [ "root" "@wheel" ];
|
||||
sandbox = true;
|
||||
#sandbox = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = true;
|
||||
|
@ -25,12 +28,13 @@
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs;
|
||||
[ wget curl git git-crypt neovim python3Minimal nixfmt ]
|
||||
[ wget curl git git-crypt neovim python3Minimal ]
|
||||
++ lib.optionals pkgs.stdenv.isLinux [
|
||||
usbutils
|
||||
pciutils
|
||||
coreutils-full
|
||||
coreutils
|
||||
killall
|
||||
];
|
||||
|
||||
# Inject secrets through module arguments while evaluating configs.
|
||||
_module.args.secrets = secrets;
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@ let cfg = config.my.git;
|
|||
in {
|
||||
options = { my.git.enable = lib.mkEnableOption "Enable git configuration"; };
|
||||
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
config = lib.mkIf (cfg.enable && config.my.users.ivabus.enable) {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.ivabus = {
|
||||
|
|
|
@ -7,13 +7,13 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
networking.wireless.iwd.enable = true;
|
||||
networking.wireless.iwd.enable = lib.mkDefault true;
|
||||
environment.systemPackages = with pkgs; [ lm_sensors ];
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
services.blueman.enable = true;
|
||||
hardware.bluetooth.enable = lib.mkDefault true;
|
||||
services.blueman.enable = lib.mkDefault true;
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.upower.enable = true;
|
||||
services.tlp.enable = lib.mkDefault true;
|
||||
services.upower.enable = lib.mkDefault true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
security = {
|
||||
lockKernelModules = true;
|
||||
protectKernelImage = true;
|
||||
allowSimultaneousMultithreading = false;
|
||||
allowSimultaneousMultithreading = lib.mkDefault false;
|
||||
forcePageTableIsolation = true;
|
||||
virtualisation.flushL1DataCache = "always";
|
||||
apparmor = {
|
||||
|
|
111
common/user.nix
111
common/user.nix
|
@ -1,50 +1,77 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, secrets, ... }:
|
||||
|
||||
let my = import ../.;
|
||||
let
|
||||
cfg = config.my.users;
|
||||
keys = [
|
||||
# celerrime-x
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE= ivabus@celerrime-x"
|
||||
|
||||
# Celerrime
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
|
||||
];
|
||||
in rec {
|
||||
users.mutableUsers = false;
|
||||
|
||||
users.groups.ivabus = { gid = 1000; };
|
||||
users.users.ivabus = {
|
||||
isNormalUser = true;
|
||||
group = "ivabus";
|
||||
extraGroups = [ "users" "wheel" ];
|
||||
uid = 1000;
|
||||
packages = with pkgs; [
|
||||
tree
|
||||
neofetch # I use NixOS BTW
|
||||
duf
|
||||
htop
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
# celerrime-x
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE= ivabus@celerrime-x"
|
||||
|
||||
# Stella
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
|
||||
|
||||
# Celerrime
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
|
||||
];
|
||||
hashedPassword = my.secrets.hashed-password;
|
||||
options.my.users = {
|
||||
ivabus.enable = lib.mkEnableOption "Enable ivabus user";
|
||||
user.enable = lib.mkEnableOption "Enable general-purpose user";
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf (cfg.ivabus.enable) {
|
||||
my.features.secrets = lib.mkForce true;
|
||||
|
||||
users.users.root = {
|
||||
hashedPassword = null;
|
||||
openssh.authorizedKeys.keys =
|
||||
users.users.ivabus.openssh.authorizedKeys.keys;
|
||||
};
|
||||
users.groups.ivabus = { gid = 1000; };
|
||||
users.users.ivabus = {
|
||||
isNormalUser = true;
|
||||
group = "ivabus";
|
||||
extraGroups = [ "users" "wheel" ];
|
||||
uid = 1000;
|
||||
packages = with pkgs; [
|
||||
tree
|
||||
neofetch # I use NixOS BTW
|
||||
duf
|
||||
htop
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
hashedPassword = secrets.hashed-password;
|
||||
};
|
||||
programs.gnupg.agent.enable = true;
|
||||
})
|
||||
|
||||
environment.shells = [ pkgs.zsh ];
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
promptInit = "";
|
||||
};
|
||||
(lib.mkIf (cfg.user.enable) {
|
||||
users.users.user = {
|
||||
isNormalUser = true;
|
||||
group = "users";
|
||||
extraGroups = [ "video" "audio" "networkmanager" ];
|
||||
uid = 1001;
|
||||
packages = with pkgs; [
|
||||
tree
|
||||
neofetch # I use NixOS BTW
|
||||
duf
|
||||
htop
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
password = "12345";
|
||||
};
|
||||
})
|
||||
|
||||
programs.gnupg.agent.enable = true;
|
||||
programs.ssh.startAgent = true;
|
||||
({
|
||||
users.mutableUsers = false;
|
||||
users.users.root = {
|
||||
hashedPassword = null;
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
environment.shells = [ pkgs.zsh ];
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
promptInit = "";
|
||||
};
|
||||
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
rec {
|
||||
common = import ./common;
|
||||
roles = import ./roles;
|
||||
features = import ./features.nix;
|
||||
secrets = import ./secrets.nix;
|
||||
|
||||
modules = { pkgs, ... }: { imports = [ common roles ]; };
|
||||
modules = { pkgs, ... }: { imports = [ features common roles ]; };
|
||||
}
|
||||
|
|
5
features.nix
Normal file
5
features.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
in {
|
||||
options.my.features.secrets = lib.mkEnableOption "Enable secrets decrypting";
|
||||
}
|
153
flake.lock
153
flake.lock
|
@ -1,153 +0,0 @@
|
|||
{
|
||||
"nodes": {
|
||||
"apple-silicon-support": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693064156,
|
||||
"narHash": "sha256-EnZntHnlPqWZIoa593zDV4GSkfbLLAL6VAreMvM6JN4=",
|
||||
"owner": "tpwrules",
|
||||
"repo": "nixos-apple-silicon",
|
||||
"rev": "bef25f9cdfd8513a42c175b88a1cb619e3ef5951",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tpwrules",
|
||||
"repo": "nixos-apple-silicon",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693208669,
|
||||
"narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692248770,
|
||||
"narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=",
|
||||
"owner": "LnL7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "LnL7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1692913444,
|
||||
"narHash": "sha256-1SvMQm2DwofNxXVtNWWtIcTh7GctEVrS/Xel/mdc6iY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "18324978d632ffc55ef1d928e81630c620f4f447",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "18324978d632ffc55ef1d928e81630c620f4f447",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1694062546,
|
||||
"narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-23.05-darwin",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1693985761,
|
||||
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"apple-silicon-support": "apple-silicon-support",
|
||||
"home-manager": "home-manager",
|
||||
"nix-darwin": "nix-darwin",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1686795910,
|
||||
"narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
17
flake.nix
17
flake.nix
|
@ -12,13 +12,17 @@
|
|||
|
||||
apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon";
|
||||
|
||||
#nixos-vf2 = { url = "path:/root/nixos-vf2"; };
|
||||
#nixos-vf2 = { url = "github:Snektron/nixos-vf2"; };
|
||||
|
||||
nix-darwin = {
|
||||
url = "github:LnL7/nix-darwin/master";
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, home-manager, nix-darwin, apple-silicon-support
|
||||
# , nixos-vf2
|
||||
, ... }@inputs: {
|
||||
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
||||
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
||||
|
@ -52,6 +56,17 @@
|
|||
];
|
||||
};
|
||||
|
||||
# VisionFive 2, 8GB - firewall + router
|
||||
nixosConfigurations."periculo" = nixpkgs.lib.nixosSystem {
|
||||
system = "riscv64-linux";
|
||||
modules = [
|
||||
#nixos-vf2.nixosModules.sdImage
|
||||
./hardware/vf2.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
./machines/periculo
|
||||
];
|
||||
};
|
||||
|
||||
# Celerrime under macOS
|
||||
darwinConfigurations."celerrime-x" = nix-darwin.lib.darwinSystem {
|
||||
system = "aarch64-darwin";
|
||||
|
|
|
@ -3,3 +3,4 @@
|
|||
Contains `portable` configurations for hardware.
|
||||
|
||||
`./rpi4.nix` - Raspberry Pi 4
|
||||
`./vf2.nix` - StarFive VisionFive 2
|
60
hardware/vf2.nix
Normal file
60
hardware/vf2.nix
Normal file
|
@ -0,0 +1,60 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
overlay = final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // {
|
||||
allowMissing = true;
|
||||
}); # Ignores missing kernel modules (can't build image without this fix)
|
||||
# Overflow tests fail
|
||||
diffutils = super.diffutils.override { doCheck = false; };
|
||||
};
|
||||
in {
|
||||
boot = {
|
||||
kernelParams = [
|
||||
"console=tty0"
|
||||
"console=ttyS0,115200"
|
||||
"earlycon=sbi"
|
||||
"boot.shell_on_fail"
|
||||
];
|
||||
supportedFilesystems = lib.mkForce [ "ext4" ];
|
||||
initrd.includeDefaultModules = false;
|
||||
initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"dw_mmc-pltfm"
|
||||
"dw_mmc-starfive"
|
||||
"dwmac-starfive"
|
||||
"spi-dw-mmio"
|
||||
"mmc_block"
|
||||
"nvme"
|
||||
"sdhci"
|
||||
"sdhci-pci"
|
||||
"sdhci-of-dwcmshc"
|
||||
];
|
||||
loader = {
|
||||
grub.enable = false;
|
||||
generic-extlinux-compatible.enable = true;
|
||||
};
|
||||
};
|
||||
systemd.services."serial-getty@hvc0".enable = false;
|
||||
systemd.services."serial-getty@ttyS0" = {
|
||||
enable = true;
|
||||
wantedBy = [ "getty.target" ];
|
||||
serviceConfig.Restart = "always";
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
};
|
||||
|
||||
sdImage.compressImage = false;
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
|
|
@ -38,23 +38,22 @@
|
|||
enable = true;
|
||||
promptInit = "";
|
||||
};
|
||||
/* users.users.ivabus.home = "/Users/ivabus";
|
||||
users.users.ivabus.openssh.authorizedKeys.keys = [
|
||||
# i should somehow reuse it from common/user.nix
|
||||
# celerrime-x
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
|
||||
|
||||
users.users.ivabus.home = "/Users/ivabus";
|
||||
users.users.ivabus.openssh.authorizedKeys.keys = [
|
||||
# i should somehow reuse it from common/user.nix
|
||||
# celerrime-x
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
|
||||
# Stella
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
|
||||
|
||||
# Stella
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
|
||||
# Celerrime
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
|
||||
];
|
||||
|
||||
# Celerrime
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
|
||||
];
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
*/
|
||||
|
||||
services.nix-daemon.enable = true;
|
||||
nix.package = lib.mkForce pkgs.nix;
|
||||
}
|
||||
|
|
|
@ -26,6 +26,11 @@ in {
|
|||
|
||||
server = { ivabus-dev.enable = false; };
|
||||
};
|
||||
my.users = {
|
||||
ivabus.enable = true;
|
||||
user.enable = false;
|
||||
};
|
||||
my.features.secrets = true;
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ in {
|
|||
devel.enable = true;
|
||||
gaming.enable = true;
|
||||
graphical.enable = true;
|
||||
graphical.basic.enable = false;
|
||||
latex.enable = true;
|
||||
media-client.enable = true;
|
||||
torrent.enable = true;
|
||||
|
@ -29,6 +30,11 @@ in {
|
|||
|
||||
server = { ivabus-dev.enable = true; };
|
||||
};
|
||||
my.users = {
|
||||
ivabus.enable = true;
|
||||
user.enable = false;
|
||||
};
|
||||
my.features.secrets = true;
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
|
|
54
machines/periculo/default.nix
Normal file
54
machines/periculo/default.nix
Normal file
|
@ -0,0 +1,54 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let my = import ../..;
|
||||
in {
|
||||
imports = [ my.modules ];
|
||||
|
||||
networking.hostName = "periculo";
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
# All "my" options
|
||||
my.laptop.enable = false;
|
||||
my.git.enable = false;
|
||||
my.roles = {
|
||||
design.enable = false;
|
||||
devel.enable = false;
|
||||
gaming.enable = false;
|
||||
graphical.enable = false;
|
||||
latex.enable = false;
|
||||
media-client.enable = false;
|
||||
torrent.enable = false;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = false;
|
||||
|
||||
server = { ivabus-dev.enable = false; };
|
||||
};
|
||||
|
||||
my.users = {
|
||||
ivabus.enable = true;
|
||||
user.enable = false;
|
||||
};
|
||||
|
||||
my.features.secrets = true;
|
||||
|
||||
my.roles.router = {
|
||||
enable = false;
|
||||
interfaces = {
|
||||
wan = "enp1s0";
|
||||
lan = "enp2s0";
|
||||
};
|
||||
};
|
||||
|
||||
# find out interfaces that show onboard
|
||||
/* networking = {
|
||||
enp1s0.useDHCP = false;
|
||||
enp2s0.useDHCP = false;
|
||||
};
|
||||
*/
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
@ -29,6 +29,13 @@ in {
|
|||
server = { ivabus-dev.enable = true; };
|
||||
};
|
||||
|
||||
my.users = {
|
||||
ivabus.enable = true;
|
||||
user.enable = false;
|
||||
};
|
||||
|
||||
my.features.secrets = true;
|
||||
|
||||
networking = {
|
||||
useNetworkd = false;
|
||||
useDHCP = false;
|
||||
|
|
|
@ -7,31 +7,48 @@ in {
|
|||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
google-chrome
|
||||
zoom-us
|
||||
whatsapp-for-linux
|
||||
telegram-desktop
|
||||
];
|
||||
|
||||
networking.hostName = "stella";
|
||||
|
||||
my.laptop.enable = true;
|
||||
my.git.enable = true;
|
||||
my.roles = {
|
||||
design.enable = true;
|
||||
devel.enable = true;
|
||||
gaming.enable = true;
|
||||
graphical.enable = true;
|
||||
design.enable = false;
|
||||
devel.enable = false;
|
||||
gaming.enable = false;
|
||||
graphical.enable = false;
|
||||
graphical.basic.enable = true;
|
||||
latex.enable = false;
|
||||
media-client.enable = true;
|
||||
torrent.enable = true;
|
||||
virtualisation.enable = true;
|
||||
yggdrasil-client.enable = true;
|
||||
torrent.enable = false;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = false;
|
||||
};
|
||||
|
||||
my.users = {
|
||||
ivabus.enable = false;
|
||||
user.enable = true;
|
||||
};
|
||||
|
||||
my.features.secrets = false;
|
||||
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
cpuFreqGovernor = "ondemand";
|
||||
cpuFreqGovernor = "powersave";
|
||||
};
|
||||
|
||||
networking.useDHCP = true;
|
||||
# system is very slow without it
|
||||
security.allowSimultaneousMultithreading = lib.mkForce true;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -1,36 +1,37 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" "nct6775" ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
environment.etc = {
|
||||
"sysconfig/lm_sensors".text = ''
|
||||
HWMON_MODULES="lm75"
|
||||
'';
|
||||
};
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/01106217-beff-4837-87ce-60f36ad0296e";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/e9d47776-8f25-490b-9ea3-ee80ab9d6110";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptroot".device =
|
||||
"/dev/disk/by-uuid/c2e3757b-b29c-4797-9535-084eb71351e9";
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/4F73-6FFF";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/22B9-FD88";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -21,6 +21,13 @@ in {
|
|||
yggdrasil-client.enable = true;
|
||||
};
|
||||
|
||||
my.users = {
|
||||
ivabus.enable = true;
|
||||
user.enable = false;
|
||||
};
|
||||
|
||||
my.features.secrets = true;
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
./graphical.nix
|
||||
./latex.nix
|
||||
./media-client.nix # TODO: media-server
|
||||
./router.nix
|
||||
./ntp-server.nix
|
||||
./torrent.nix
|
||||
./virtualisation.nix
|
||||
|
|
|
@ -23,6 +23,7 @@ in {
|
|||
picocom
|
||||
screen
|
||||
hyperfine
|
||||
nixfmt
|
||||
];
|
||||
}
|
||||
# Architecture-specific packages and configuration
|
||||
|
@ -35,16 +36,20 @@ in {
|
|||
(lib.mkIf (!pkgs.stdenv.isx86_64) {
|
||||
boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];
|
||||
})
|
||||
|
||||
# Install CLion only if we are on x86_64
|
||||
(lib.mkIf (pkgs.stdenv.isx86_64) {
|
||||
environment.systemPackages = with pkgs; [ jetbrains.clion ];
|
||||
(lib.mkIf (builtins.currentSystem != "riscv64-linux") {
|
||||
boot.binfmt.emulatedSystems = [ "riscv64-linux" ];
|
||||
})
|
||||
|
||||
# Install vscode only if we are on x86_64 or aarch64 or aarch32
|
||||
(lib.mkIf
|
||||
(pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
|
||||
environment.systemPackages = with pkgs; [ vscode ];
|
||||
})
|
||||
/* # Install CLion only if we are on x86_64
|
||||
(lib.mkIf (pkgs.stdenv.isx86_64) {
|
||||
environment.systemPackages = with pkgs; [ jetbrains.clion ];
|
||||
})
|
||||
|
||||
# Install vscode only if we are on x86_64 or aarch64 or aarch32
|
||||
(lib.mkIf
|
||||
(pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
|
||||
environment.systemPackages = with pkgs; [ vscode ];
|
||||
})
|
||||
*/
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -2,121 +2,138 @@
|
|||
|
||||
let cfg = config.my.roles.graphical;
|
||||
in {
|
||||
options.my.roles.graphical.enable = lib.mkEnableOption "Enable GUI";
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
alacritty
|
||||
pavucontrol
|
||||
bottom
|
||||
mpv
|
||||
glib
|
||||
ffmpeg
|
||||
cinnamon.nemo
|
||||
usbmuxd
|
||||
keepassxc
|
||||
];
|
||||
# When adding pkgs prefer GTK over Qt, because Qt bad GTK good
|
||||
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
vt = 7;
|
||||
settings = {
|
||||
default_session = {
|
||||
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
|
||||
user = "greeter";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
waybar
|
||||
grim
|
||||
slurp
|
||||
wf-recorder
|
||||
sway-launcher-desktop
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
poweralertd
|
||||
kanshi
|
||||
libsForQt5.qt5ct
|
||||
mako
|
||||
brightnessctl
|
||||
wdisplays
|
||||
options.my.roles.graphical.enable = lib.mkEnableOption "Enable GUI (sway)";
|
||||
options.my.roles.graphical.basic.enable =
|
||||
lib.mkEnableOption "Enable GUI (MATE)";
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf (cfg.enable) {
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
alacritty
|
||||
pavucontrol
|
||||
bottom
|
||||
mpv
|
||||
glib
|
||||
ffmpeg
|
||||
cinnamon.nemo
|
||||
usbmuxd
|
||||
keepassxc
|
||||
];
|
||||
wrapperFeatures.gtk = true;
|
||||
};
|
||||
# When adding pkgs prefer GTK over Qt, because Qt bad GTK good
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
};
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
};
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme = "gtk2";
|
||||
style = "gtk2";
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
noto-fonts-emoji
|
||||
jetbrains-mono
|
||||
font-awesome
|
||||
#google-fonts
|
||||
liberation_ttf
|
||||
open-sans
|
||||
roboto
|
||||
roboto-mono
|
||||
kochi-substitute
|
||||
];
|
||||
environment.sessionVariables.NIXOS_OZONE_WL =
|
||||
"1"; # Enable wayland for electron
|
||||
home-manager.users.ivabus = {
|
||||
gtk = {
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
theme = {
|
||||
name = "Catppuccin-Macchiato-Standard-Blue-dark";
|
||||
package = pkgs.catppuccin-gtk.override {
|
||||
accents = [ "blue" ];
|
||||
tweaks = [ "rimless" ];
|
||||
size = "standard";
|
||||
variant = "macchiato";
|
||||
vt = 7;
|
||||
settings = {
|
||||
default_session = {
|
||||
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
|
||||
user = "greeter";
|
||||
};
|
||||
};
|
||||
iconTheme = {
|
||||
name = "Mint-Y-Blue";
|
||||
package = pkgs.cinnamon.mint-y-icons;
|
||||
};
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
waybar
|
||||
grim
|
||||
slurp
|
||||
wf-recorder
|
||||
sway-launcher-desktop
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
poweralertd
|
||||
kanshi
|
||||
libsForQt5.qt5ct
|
||||
mako
|
||||
brightnessctl
|
||||
wdisplays
|
||||
];
|
||||
wrapperFeatures.gtk = true;
|
||||
};
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
};
|
||||
environment.sessionVariables.NIXOS_OZONE_WL =
|
||||
"1"; # Enable wayland for electron
|
||||
home-manager.users.ivabus = {
|
||||
gtk = {
|
||||
enable = true;
|
||||
theme = {
|
||||
name = "Catppuccin-Macchiato-Standard-Blue-dark";
|
||||
package = pkgs.catppuccin-gtk.override {
|
||||
accents = [ "blue" ];
|
||||
tweaks = [ "rimless" ];
|
||||
size = "standard";
|
||||
variant = "macchiato";
|
||||
};
|
||||
};
|
||||
iconTheme = {
|
||||
name = "Mint-Y-Blue";
|
||||
package = pkgs.cinnamon.mint-y-icons;
|
||||
};
|
||||
cursorTheme = {
|
||||
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||
};
|
||||
font = {
|
||||
name = "Ubuntu";
|
||||
size = 9;
|
||||
package = pkgs.ubuntu_font_family;
|
||||
};
|
||||
};
|
||||
cursorTheme = {
|
||||
home.pointerCursor = {
|
||||
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||
};
|
||||
font = {
|
||||
name = "Ubuntu";
|
||||
size = 9;
|
||||
package = pkgs.ubuntu_font_family;
|
||||
x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
};
|
||||
};
|
||||
home.pointerCursor = {
|
||||
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||
x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
})
|
||||
(lib.mkIf (cfg.basic.enable) {
|
||||
environment.systemPackages = with pkgs; [ firefox ubuntu-themes ];
|
||||
services.xserver.desktopManager.mate.enable = true;
|
||||
networking.networkmanager.enable = lib.mkForce true;
|
||||
networking.networkmanager.wifi.backend = "iwd";
|
||||
programs.nm-applet.enable = true;
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us,ru";
|
||||
services.xserver.xkbOptions = "grp:alt_shift_toggle";
|
||||
})
|
||||
(lib.mkIf (cfg.basic.enable || cfg.enable) {
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme = "gtk2";
|
||||
style = "gtk2";
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
noto-fonts-emoji
|
||||
jetbrains-mono
|
||||
font-awesome
|
||||
#google-fonts
|
||||
liberation_ttf
|
||||
open-sans
|
||||
roboto
|
||||
roboto-mono
|
||||
kochi-substitute
|
||||
];
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
69
roles/router.nix
Normal file
69
roles/router.nix
Normal file
|
@ -0,0 +1,69 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.my.roles.router;
|
||||
in {
|
||||
options.my.roles.router.enable =
|
||||
lib.mkEnableOption "Enable router capabilities";
|
||||
|
||||
options.my.roles.router.interfaces.wan = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "wan0";
|
||||
description = ''
|
||||
WAN interface name.
|
||||
'';
|
||||
};
|
||||
options.my.roles.router.interfaces.lan = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "lan0";
|
||||
description = ''
|
||||
LAN interface name.
|
||||
'';
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
boot.kernel.sysctl = lib.mkForce {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
|
||||
"net.ipv6.conf.all.accept_ra" = 0;
|
||||
"net.ipv6.conf.all.autoconf" = 0;
|
||||
"net.ipv6.conf.all.use_tempaddr" = 0;
|
||||
|
||||
# On WAN, allow IPv6 autoconfiguration and tempory address use.
|
||||
"net.ipv6.conf.${cfg.interfaces.wan}.accept_ra" = 2;
|
||||
"net.ipv6.conf.${cfg.interfaces.wan}.autoconf" = 1;
|
||||
};
|
||||
services = {
|
||||
avahi = {
|
||||
enable = true;
|
||||
allowInterfaces = [ "${cfg.interfaces.lan}" ];
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
reflector = true;
|
||||
};
|
||||
dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = [ "${cfg.interfaces.lan}" ];
|
||||
extraConfig = ''
|
||||
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||
option subnet-mask 255.255.255.0;
|
||||
|
||||
subnet 192.168.1.0 netmask 255.255.255.0 {
|
||||
option broadcast-address 192.168.1.255;
|
||||
option routers 192.168.1.1;
|
||||
interface ${cfg.interfaces.lan};
|
||||
range 192.168.1.64 192.168.1.254;
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "${cfg.interfaces.wan}";
|
||||
internalInterfaces = [ "${cfg.interfaces.lan}" ];
|
||||
internalIPs = [ "192.168.0.0/24" "192.168.1.0" /24 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,8 +1,9 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
||||
expectedHash =
|
||||
"bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
||||
in if canaryHash != expectedHash then
|
||||
in if (canaryHash != expectedHash && config.my.features.secrets) then
|
||||
abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||
else {
|
||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||
|
|
Loading…
Reference in a new issue