nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Packages Projects Releases Wiki Activity

Take out common stuff in NixOS config

Browse source
This commit is contained in:
Natsu Kagami 2023-04-02 17:35:59 +02:00
parent 41fc7ddc83
commit 8d06042c9e
Signed by: nki
GPG key ID: 7306B3D3C3AD6E51
5 changed files with 278 additions and 373 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
common.nix
View file

@ -11,7 +11,11 @@ in
# Common stuff
{ lib, pkgs, config, ... }:
with lib; {
imports = [ defaultShell ];
imports = [
defaultShell
./modules/common/linux
./modules/my-tinc
];
# swaync disable notifications on screencast
config.xdg.portal.wlr.settings.screencast = {
exec_before = ''which swaync-client && swaync-client --inhibitor-add "xdg-desktop-portal-wlr" || true'';

4
flake.nix
View file

@ -121,7 +121,6 @@
pkgs = pkgs' system;
modules = [
./common.nix
./modules/my-tinc
sops-nix.nixosModules.sops
./nki-home/configuration.nix
nixpkgsAsRegistry
@ -145,7 +144,6 @@
pkgs = pkgs' system;
system = "x86_64-linux";
modules = [
./modules/my-tinc
sops-nix.nixosModules.sops
./nki-x1c1/configuration.nix
nixpkgsAsRegistry
@ -162,7 +160,7 @@
pkgs = pkgs' system;
system = "aarch64-linux";
modules = [
./modules/my-tinc
./common.nix
sops-nix.nixosModules.sops
inputs.nixos-m1.nixosModules.apple-silicon-support
./kagami-air-m1/configuration.nix

166
kagami-air-m1/configuration.nix
View file

@ -11,24 +11,10 @@
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
../modules/services/swaylock.nix
# Encrypted DNS
../modules/services/edns
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
boot.kernelPatches = [
# {
# name = "enable-suspend";
# patch = null;
# extraConfig = ''
# SUSPEND y
# '';
# }
];
# Asahi kernel configuration
hardware.asahi = {
peripheralFirmwareDirectory = ./firmware;
@ -51,117 +37,17 @@
services.logind.lidSwitch = "suspend";
# Printing
services.printing.enable = true;
services.printing.drivers = with pkgs;[ epfl-cups-drivers ];
networking.hostName = "kagami-air-m1"; # Define your hostname.
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.wireless.iwd.enable = true;
networking.interfaces.wlan0.useDHCP = true;
# Set your time zone.
time.timeZone = "Europe/Zurich";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-unikey
fcitx5-gtk
];
};
console = {
# font = "ter-v32n";
keyMap = "jp106";
# useXkbConfig = true; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.displayManager.sddm.enableHidpi = true;
# services.xserver.desktopManager.plasma5.enable = true;
services.gnome.gnome-keyring.enable = true;
services.udev.packages = with pkgs; [ libfido2 ];
# Configure keymap in X11
# services.xserver.layout = "jp106";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
services.pipewire = {
enable = true;
# alsa is optional
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# Keyboard
services.input-remapper.enable = true;
# services.input-remapper.package = pkgs.input-remapper.overridePythonAttrs {
# src = pkgs.fetchFromGitHub {
# owner = "sezanzeb";
# repo = "input-remapper";
# rev = "ac07769854b5c0b3d5e99ee130516243699687ed";
# sha256 = "sha256-/Jh2hXcv8NSceYoobSqugWwX8jUf+FP1i922Ufp2H9w=";
# # sha256 = lib.fakeSha256;
# };
# };
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
services.input-remapper.serviceWantedBy = [ "graphical-session.target" ];
hardware.uinput.enable = true;
hardware.opengl.enable = true;
services.swaylock.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.nki = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
# kakoune
# thunderbird
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
kakoune # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
libfido2
## Security stuff
libsForQt5.qtkeychain
## Wayland
qt5.qtwayland
## Drivers...?
libimobiledevice
];
services.usbmuxd.enable = true;
common.linux.username = "nki";
# Enable sway on login.
environment.loginShellInit = ''
@ -170,49 +56,15 @@
fi
'';
# Environment variables
environment.variables = {
# Basic editor setup
EDITOR = "kak";
VISUAL = "kak";
# Networking
common.linux.networking = {
hostname = "kagami-air-m1";
networks."10-wired".match = "enp*";
networks."20-wireless".match = "wlan*";
dnsServers = [ "127.0.0.1" ];
};
services.resolved.enable = true;
services.resolved.domains = [ "127.0.0.1" ];
services.resolved.fallbackDns = [ "127.0.0.1" ];
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
services.flatpak.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
};
## Bluetooth
#
hardware.bluetooth.enable = true;
# PAM
security.pam.services.sddm.enableKwallet = true;
security.pam.services.sddm.enableGnomeKeyring = true;
security.pam.services.login.enableKwallet = true;
security.pam.services.login.enableGnomeKeyring = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
programs.kdeconnect.enable = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Secrets
sops.defaultSopsFile = ./secrets.yaml;

241
modules/common/linux/default.nix Normal file
View file

@ -0,0 +1,241 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.common.linux;
# Modules
modules = {
adb = { config, ... }: mkIf config.common.linux.enable {
services.udev.packages = with pkgs; [ android-udev-rules ];
programs.adb.enable = true;
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
};
ios = { config, ... }: mkIf config.common.linux.enable {
services.usbmuxd.enable = true;
users.users.${config.common.linux.username}.extraGroups = [ config.services.usbmuxd.group ];
systemd.network.networks."05-ios-tethering" = {
matchConfig.Driver = "ipheth";
networkConfig.DHCP = "yes";
};
};
};
in
{
imports = with modules; [ adb ios ];
options.common.linux = {
enable = mkOption {
type = types.bool;
description = "Enable the common settings for Linux personal machines";
default = pkgs.stdenv.isLinux;
};
luksDevices = mkOption {
type = types.attrsOf types.str;
description = "A mapping from device mount name to its path (/dev/disk/...) to be mounted on boot";
default = { };
};
networking = {
hostname = mkOption {
type = types.str;
description = "Host name for your machine";
};
dnsServers = mkOption {
type = types.listOf types.str;
description = "DNS server list";
default = [ "8.8.8.8" "8.8.4.4" ];
};
networks = mkOption {
type = types.attrsOf (types.submodule {
options.match = mkOption {
type = types.str;
description = "The interface name to match";
};
options.isRequired = mkOption {
type = types.bool;
description = "Require this interface to be connected for network-online.target";
default = false;
};
});
description = "Network configuration";
default = {
default = { match = "*"; };
};
};
};
username = mkOption {
type = types.str;
description = "The linux username";
default = "nki";
};
};
config = mkIf cfg.enable {
## Boot Configuration
# Set kernel version to latest
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot = {
plymouth.enable = true;
loader.timeout = 60;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "ntfs" ];
};
boot.initrd.systemd.enable = true;
# LUKS devices
boot.initrd.luks.devices = builtins.mapAttrs
(name: path: {
device = path;
preLVM = true;
allowDiscards = true;
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
];
})
cfg.luksDevices;
## Hardware-related
# Enable sound.
sound.enable = true;
services.pipewire = {
enable = true;
# alsa is optional
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# udev configurations
services.udev.packages = with pkgs; [
qmk-udev-rules # For keyboards
];
# Bluetooth: just enable
hardware.bluetooth.enable = true;
hardware.bluetooth.package = pkgs.bluez5-experimental; # Why do we need experimental...?
hardware.bluetooth.settings.General.Experimental = true;
services.blueman.enable = true; # For a GUI
## Users
users.users.${cfg.username} = {
isNormalUser = true;
uid = 1000;
extraGroups = [
"wheel" # Enable sudo for the user.
"plugdev" # Enable openrazer-daemon privileges
];
};
## Network configuration
systemd.network.enable = true;
networking.hostName = cfg.networking.hostname;
networking.wireless.iwd.enable = true;
systemd.network.networks = builtins.mapAttrs
(name: cfg: {
matchConfig.Name = cfg.match;
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = if cfg.isRequired then "yes" else "no";
})
cfg.networking.networks;
# Leave DNS to systemd-resolved
services.resolved.enable = true;
services.resolved.domains = cfg.networking.dnsServers;
services.resolved.fallbackDns = cfg.networking.dnsServers;
# Firewall: only open to SSH now
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ 22 ];
## Time and Region
time.timeZone = "Europe/Zurich";
# Select internationalisation properties.
console.keyMap = "jp106"; # Console key layout
i18n.defaultLocale = "ja_JP.UTF-8";
# Input methods (only fcitx5 works reliably on Wayland)
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-unikey
fcitx5-gtk
];
};
## Packages
# Nix options
# Always have flakes enabled!
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# Default packages
environment.systemPackages = with pkgs; [
kakoune # An editor
wget # A simple fetcher
fish # Good shell
## System monitoring tools
usbutils # lsusb and friends
pciutils # lspci and friends
psmisc # killall, pstree, ...
## Security stuff
libsForQt5.qtkeychain
## Wayland
qt5.qtwayland
];
# Add a reliable terminal
programs.gnome-terminal.enable = true;
# KDEConnect is just based
programs.kdeconnect.enable = true;
# Flatpaks are useful... sometimes...
services.flatpak.enable = true;
# DConf for GNOME configurations
programs.dconf.enable = true;
# Gaming! (not for ARM64)
programs.steam.enable = !pkgs.stdenv.isAarch64;
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = !pkgs.stdenv.isAarch64; # For 32 bit applications
# Email
programs.evolution = {
enable = true;
plugins = with pkgs; [ evolution-ews ]; # For @epfl.ch and @uwaterloo.ca emails
};
## Services
# gnome-keyring for storing keys
services.gnome.gnome-keyring.enable = true;
# OpenSSH so you can SSH to me
services.openssh.enable = true;
# PAM
security.pam.services.login.enableKwallet = true;
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.lightdm.enableKwallet = true;
security.pam.services.lightdm.enableGnomeKeyring = true;
security.pam.services.swaylock = { };
# Printers
services.printing.enable = true;
# Portals
xdg.portal = {
enable = true;
wlr.enable = true;
# gtk portal needed to make gtk apps happy
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# D-Bus
services.dbus.packages = with pkgs; [ gcr ];
## Environment
environment.variables = {
# Set default editor
EDITOR = "kak";
VISUAL = "kak";
};
};
}

234
nki-home/configuration.nix
View file

@ -4,6 +4,7 @@
{ lib, config, pkgs, ... }:
with lib;
{
imports =
[
@ -16,214 +17,41 @@
# Encrypted DNS
../modules/services/edns
# Other services
../modules/services/swaylock.nix
../modules/personal/u2f.nix
];
# Set kernel version to latest
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot = {
plymouth.enable = true;
loader.timeout = 60;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "ntfs" ];
};
## Encryption
# Kernel modules needed for mounting USB VFAT devices in initrd stage
boot.initrd.systemd.enable = true;
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
preLVM = true;
allowDiscards = true;
common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
];
# Networking
common.linux.networking =
{
hostname = "kagamiPC"; # Define your hostname.
networks = {
"10-wired" = {
match = "enp*";
isRequired = true;
};
"20-wireless".match = "wlan*";
};
dnsServers = [ "127.0.0.1" ];
};
};
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
systemd.network.enable = true;
networking.hostName = "kagamiPC"; # Define your hostname.
networking.wireless.iwd.enable = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
systemd.network.networks = {
# Wired
"10-wired" = {
matchConfig.Name = "enp*";
networkConfig.DHCP = "yes";
};
# Wireless
"20-wireless" = {
matchConfig.Name = "wlan*";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "no";
};
};
# networking.useDHCP = false;
# networking.interfaces.enp38s0.useDHCP = true;
# networking.interfaces.wlan0.useDHCP = true;
# Allow qmk boards to boot
services.udev.packages = with pkgs; [ qmk-udev-rules ];
# Set your time zone.
time.timeZone = "Europe/Zurich";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Select internationalisation properties.
i18n.defaultLocale = "ja_JP.UTF-8";
# i18n.inputMethod.enabled = "ibus";
# i18n.inputMethod.ibus.engines = (with pkgs.ibus-engines; [ bamboo mozc libpinyin ]);
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-unikey
fcitx5-gtk
];
};
console.keyMap = "jp106";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Configure keymap in X11
# services.xserver.layout = "jp";
# services.xserver.xkbOptions = "";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account.
common.linux.username = "nki";
services.getty.autologinUser = "nki";
## Hardware
# Peripherals
hardware.opentabletdriver.enable = true;
# Enable razer daemon
hardware.openrazer.enable = true;
hardware.openrazer.keyStatistics = true;
hardware.openrazer.verboseLogging = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.nki = {
isNormalUser = true;
uid = 1000;
extraGroups = [
"wheel" # Enable sudo for the user.
"plugdev" # Enable openrazer-daemon privileges
"adbusers" # Android
];
};
services.getty.autologinUser = "nki";
# Allow all packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
kakoune # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
fish
## System monitoring tools
usbutils
pciutils
## Security stuff
libsForQt5.qtkeychain
## Wayland
qt5.qtwayland
];
# Nix config
# Terminal
programs.gnome-terminal.enable = true;
programs.kdeconnect.enable = true;
# Environment variables
environment.variables = {
# Input method overrides
# GTK_IM_MODULE = "ibus";
# QT_IM_MODULE = "ibus";
# "XMODIFIERS=@im" = "ibus";
# Basic editor setup
EDITOR = "kak";
VISUAL = "kak";
};
# Enable Desktop Environment.
services.xserver.displayManager = {
# lightdm.enable = true;
};
# services.xserver.desktopManager.cinnamon.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.resolved.enable = true;
services.resolved.domains = [ "127.0.0.1" ];
services.resolved.fallbackDns = [ "127.0.0.1" ];
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
services.flatpak.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
# gtk portal needed to make gtk apps happy
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
programs.dconf.enable = true;
services.gnome.gnome-keyring.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 4533 ];
networking.firewall.allowedUDPPorts = [ 22 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
#
## Bluetooth
#
hardware.bluetooth.enable = true;
hardware.bluetooth.package = pkgs.bluez5-experimental;
hardware.bluetooth.settings.General.Experimental = true;
services.blueman.enable = true;
# Peripherals
hardware.opentabletdriver.enable = true;
# Mounting disks!
fileSystems =
let
@ -240,12 +68,8 @@
};
# PAM
security.pam.services.lightdm.enableKwallet = true;
security.pam.services.lightdm.enableGnomeKeyring = true;
services.swaylock.enable = true;
personal.u2f.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -265,20 +89,6 @@
bindPort = 6565;
};
# Gaming!
programs.steam.enable = true;
hardware.opengl.driSupport = true;
# For 32 bit applications
hardware.opengl.driSupport32Bit = true;
# Evolution wants a plugin
programs.evolution = {
enable = true;
plugins = with pkgs; [ evolution-ews ];
};
# Android
programs.adb.enable = true;
# Music server
services.navidrome.enable = true;