formatting
This commit is contained in:
parent
20e99d234d
commit
9ea28ef218
18 changed files with 183 additions and 75 deletions
|
|
@ -67,7 +67,6 @@
|
||||||
|
|
||||||
nix.channel.enable = false;
|
nix.channel.enable = false;
|
||||||
|
|
||||||
|
|
||||||
nix.registry = {
|
nix.registry = {
|
||||||
self.flake = inputs.self;
|
self.flake = inputs.self;
|
||||||
nixpkgs.flake = inputs.nixpkgs;
|
nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
|
@ -91,7 +90,10 @@
|
||||||
|
|
||||||
osbm-nvim.flake = inputs.osbm-nvim;
|
osbm-nvim.flake = inputs.osbm-nvim;
|
||||||
my-nixpkgs = {
|
my-nixpkgs = {
|
||||||
from = { type = "indirect"; id = "my-nixpkgs"; };
|
from = {
|
||||||
|
type = "indirect";
|
||||||
|
id = "my-nixpkgs";
|
||||||
|
};
|
||||||
to = {
|
to = {
|
||||||
owner = "osbm";
|
owner = "osbm";
|
||||||
repo = "nixpkgs";
|
repo = "nixpkgs";
|
||||||
|
|
@ -99,7 +101,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
osbm-dev = {
|
osbm-dev = {
|
||||||
from = { type = "indirect"; id = "osbm-dev"; };
|
from = {
|
||||||
|
type = "indirect";
|
||||||
|
id = "osbm-dev";
|
||||||
|
};
|
||||||
to = {
|
to = {
|
||||||
owner = "osbm";
|
owner = "osbm";
|
||||||
repo = "osbm.dev";
|
repo = "osbm.dev";
|
||||||
|
|
@ -107,7 +112,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
devshells = {
|
devshells = {
|
||||||
from = { type = "indirect"; id = "devshells"; };
|
from = {
|
||||||
|
type = "indirect";
|
||||||
|
id = "devshells";
|
||||||
|
};
|
||||||
to = {
|
to = {
|
||||||
owner = "osbm";
|
owner = "osbm";
|
||||||
repo = "devshells";
|
repo = "devshells";
|
||||||
|
|
|
||||||
|
|
@ -48,10 +48,10 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
hostID = "0f7de22e";
|
hostID = "0f7de22e";
|
||||||
root = {
|
root = {
|
||||||
useTmpfs = false; # Use ZFS root, not tmpfs
|
useTmpfs = false; # Use ZFS root, not tmpfs
|
||||||
encrypt = true;
|
encrypt = true;
|
||||||
disk1 = "vda";
|
disk1 = "vda";
|
||||||
impermanenceRoot = true; # Wipe root on boot with ZFS snapshots
|
impermanenceRoot = true; # Wipe root on boot with ZFS snapshots
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -73,17 +73,24 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.ens3 = {
|
interfaces.ens3 = {
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
ipv4.addresses = [{
|
ipv4.addresses = [
|
||||||
address = "152.53.152.129";
|
{
|
||||||
prefixLength = 22;
|
address = "152.53.152.129";
|
||||||
}];
|
prefixLength = 22;
|
||||||
ipv6.addresses = [{
|
}
|
||||||
address = "2a00:11c0:47:3b2a::1";
|
];
|
||||||
prefixLength = 64;
|
ipv6.addresses = [
|
||||||
}];
|
{
|
||||||
|
address = "2a00:11c0:47:3b2a::1";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
defaultGateway = "152.53.152.1";
|
defaultGateway = "152.53.152.1";
|
||||||
defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
|
defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "ens3";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Override initrd kernel params for static IP
|
# Override initrd kernel params for static IP
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
{
|
{
|
||||||
# Disko configuration is now managed by osbmModules.hardware.disko
|
# Disko configuration is now managed by osbmModules.hardware.disko
|
||||||
# All disk configuration moved to configuration.nix
|
# All disk configuration moved to configuration.nix
|
||||||
|
|
||||||
# Required for ZFS
|
# Required for ZFS
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ in
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableDefaultConfig = false;
|
enableDefaultConfig = false;
|
||||||
|
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
ymir = sshBlock "192.168.0.2";
|
ymir = sshBlock "192.168.0.2";
|
||||||
ymir-ts = sshBlock "ymir.curl-boga.ts.net";
|
ymir-ts = sshBlock "ymir.curl-boga.ts.net";
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, inputs, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.osbmModules.hardware.disko;
|
cfg = config.osbmModules.hardware.disko;
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
|
|
@ -9,9 +15,11 @@ let
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo"
|
||||||
];
|
];
|
||||||
|
|
||||||
authorizedKeys = if cfg.initrd-ssh.authorizedKeys != []
|
authorizedKeys =
|
||||||
then cfg.initrd-ssh.authorizedKeys
|
if cfg.initrd-ssh.authorizedKeys != [ ] then
|
||||||
else defaultAuthorizedKeys;
|
cfg.initrd-ssh.authorizedKeys
|
||||||
|
else
|
||||||
|
defaultAuthorizedKeys;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
@ -52,9 +60,12 @@ in
|
||||||
# ZFS does not support swapfiles
|
# ZFS does not support swapfiles
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
"nohibernate"
|
"nohibernate"
|
||||||
"zfs.zfs_arc_max=17179869184" # 16GB ARC max
|
"zfs.zfs_arc_max=17179869184" # 16GB ARC max
|
||||||
|
];
|
||||||
|
supportedFilesystems = [
|
||||||
|
"vfat"
|
||||||
|
"zfs"
|
||||||
];
|
];
|
||||||
supportedFilesystems = [ "vfat" "zfs" ];
|
|
||||||
zfs = {
|
zfs = {
|
||||||
devNodes = "/dev/disk/by-id/";
|
devNodes = "/dev/disk/by-id/";
|
||||||
forceImportAll = true;
|
forceImportAll = true;
|
||||||
|
|
@ -117,7 +128,10 @@ in
|
||||||
type = "filesystem";
|
type = "filesystem";
|
||||||
format = "vfat";
|
format = "vfat";
|
||||||
mountpoint = "/boot";
|
mountpoint = "/boot";
|
||||||
mountOptions = [ "defaults" "umask=0077" ];
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
"umask=0077"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,23 @@
|
||||||
options.osbmModules = {
|
options.osbmModules = {
|
||||||
# Desktop Environment
|
# Desktop Environment
|
||||||
desktopEnvironment = lib.mkOption {
|
desktopEnvironment = lib.mkOption {
|
||||||
type = lib.types.enum [ "plasma" "none" ];
|
type = lib.types.enum [
|
||||||
|
"plasma"
|
||||||
|
"none"
|
||||||
|
];
|
||||||
default = "none";
|
default = "none";
|
||||||
description = "Which desktop environment to use";
|
description = "Which desktop environment to use";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Machine Type
|
# Machine Type
|
||||||
machineType = lib.mkOption {
|
machineType = lib.mkOption {
|
||||||
type = lib.types.enum [ "desktop" "laptop" "server" "embedded" "mobile" ];
|
type = lib.types.enum [
|
||||||
|
"desktop"
|
||||||
|
"laptop"
|
||||||
|
"server"
|
||||||
|
"embedded"
|
||||||
|
"mobile"
|
||||||
|
];
|
||||||
default = "server";
|
default = "server";
|
||||||
description = "Type of machine for appropriate defaults";
|
description = "Type of machine for appropriate defaults";
|
||||||
};
|
};
|
||||||
|
|
@ -18,7 +27,10 @@
|
||||||
# Users
|
# Users
|
||||||
users = lib.mkOption {
|
users = lib.mkOption {
|
||||||
type = lib.types.listOf lib.types.str;
|
type = lib.types.listOf lib.types.str;
|
||||||
default = [ "osbm" "bayram" ];
|
default = [
|
||||||
|
"osbm"
|
||||||
|
"bayram"
|
||||||
|
];
|
||||||
description = "List of users to create. `osbm` is my main user, and `bayram` is for my family.";
|
description = "List of users to create. `osbm` is my main user, and `bayram` is for my family.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -188,7 +200,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystem = lib.mkOption {
|
fileSystem = lib.mkOption {
|
||||||
type = lib.types.enum [ "zfs" "ext4" ];
|
type = lib.types.enum [
|
||||||
|
"zfs"
|
||||||
|
"ext4"
|
||||||
|
];
|
||||||
default = "ext4";
|
default = "ext4";
|
||||||
description = "Root filesystem type";
|
description = "Root filesystem type";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.programs.arduino.enable {
|
config = lib.mkIf config.osbmModules.programs.arduino.enable {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.programs.commandLine.enable {
|
config = lib.mkIf config.osbmModules.programs.commandLine.enable {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.programs.graphical.enable {
|
config = lib.mkIf config.osbmModules.programs.graphical.enable {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
{ lib, inputs, config, pkgs, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.programs.neovim.enable {
|
config = lib.mkIf config.osbmModules.programs.neovim.enable {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
{ lib, config, ... }:
|
{ lib, config, ... }:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.programs.steam.enable {
|
config = lib.mkIf config.osbmModules.programs.steam.enable {
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# Open ports in the firewall for Steam Remote Play
|
# Open ports in the firewall for Steam Remote Play
|
||||||
remotePlay.openFirewall = true;
|
remotePlay.openFirewall = true;
|
||||||
# Open ports in the firewall for Source Dedicated Server
|
# Open ports in the firewall for Source Dedicated Server
|
||||||
dedicatedServer.openFirewall = true;
|
dedicatedServer.openFirewall = true;
|
||||||
# Open ports in the firewall for Steam Local Network Game Transfers
|
# Open ports in the firewall for Steam Local Network Game Transfers
|
||||||
localNetworkGameTransfers.openFirewall = true;
|
localNetworkGameTransfers.openFirewall = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,32 +1,38 @@
|
||||||
{ lib, pkgs, inputs, config, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
inputs.agenix.nixosModules.default
|
inputs.agenix.nixosModules.default
|
||||||
];
|
];
|
||||||
|
|
||||||
config = lib.mkIf config.osbmModules.agenix.enable {
|
config = lib.mkIf config.osbmModules.agenix.enable {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.agenix
|
inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.agenix
|
||||||
pkgs.age
|
pkgs.age
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
network-manager.file = ../secrets/network-manager.age;
|
network-manager.file = ../secrets/network-manager.age;
|
||||||
ssh-key-private = {
|
ssh-key-private = {
|
||||||
file = ../secrets/ssh-key-private.age;
|
file = ../secrets/ssh-key-private.age;
|
||||||
path = "/home/osbm/.ssh/id_ed25519";
|
path = "/home/osbm/.ssh/id_ed25519";
|
||||||
owner = "osbm";
|
owner = "osbm";
|
||||||
group = "users";
|
group = "users";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
};
|
|
||||||
ssh-key-public = {
|
|
||||||
file = ../secrets/ssh-key-public.age;
|
|
||||||
path = "/home/osbm/.ssh/id_ed25519.pub";
|
|
||||||
owner = "osbm";
|
|
||||||
group = "users";
|
|
||||||
mode = "644";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
ssh-key-public = {
|
||||||
|
file = ../secrets/ssh-key-public.age;
|
||||||
|
path = "/home/osbm/.ssh/id_ed25519.pub";
|
||||||
|
owner = "osbm";
|
||||||
|
group = "users";
|
||||||
|
mode = "644";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.osbmModules;
|
cfg = config.osbmModules;
|
||||||
in
|
in
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.fonts.enable {
|
config = lib.mkIf config.osbmModules.fonts.enable {
|
||||||
fonts.packages = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
|
|
@ -12,14 +17,23 @@
|
||||||
dina-font
|
dina-font
|
||||||
proggyfonts
|
proggyfonts
|
||||||
jetbrains-mono
|
jetbrains-mono
|
||||||
(nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" "Iosevka" ]; })
|
(nerdfonts.override {
|
||||||
|
fonts = [
|
||||||
|
"FiraCode"
|
||||||
|
"JetBrainsMono"
|
||||||
|
"Iosevka"
|
||||||
|
];
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
fonts.fontconfig = {
|
fonts.fontconfig = {
|
||||||
defaultFonts = {
|
defaultFonts = {
|
||||||
serif = [ "Noto Serif" ];
|
serif = [ "Noto Serif" ];
|
||||||
sansSerif = [ "Noto Sans" ];
|
sansSerif = [ "Noto Sans" ];
|
||||||
monospace = [ "JetBrainsMono Nerd Font" "Fira Code" ];
|
monospace = [
|
||||||
|
"JetBrainsMono Nerd Font"
|
||||||
|
"Fira Code"
|
||||||
|
];
|
||||||
emoji = [ "Noto Color Emoji" ];
|
emoji = [ "Noto Color Emoji" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ lib, config, inputs, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = lib.optionals (inputs ? home-manager) [
|
imports = lib.optionals (inputs ? home-manager) [
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ lib, config, inputs, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nix-index-database.nixosModules.nix-index
|
inputs.nix-index-database.nixosModules.nix-index
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,14 @@
|
||||||
{ inputs, lib, config, ... }:
|
{
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.osbmModules.nixSettings.enable {
|
config = lib.mkIf config.osbmModules.nixSettings.enable {
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
nixpkgs.config.allowUnfreePredicate =
|
||||||
|
pkg:
|
||||||
builtins.elem (lib.getName pkg) [
|
builtins.elem (lib.getName pkg) [
|
||||||
"vscode"
|
"vscode"
|
||||||
"discord"
|
"discord"
|
||||||
|
|
|
||||||
|
|
@ -5,16 +5,18 @@ let
|
||||||
regularUsers = builtins.filter (u: u != "root") cfg.users;
|
regularUsers = builtins.filter (u: u != "root") cfg.users;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf (cfg.users != []) {
|
config = lib.mkIf (cfg.users != [ ]) {
|
||||||
users.users = lib.mkMerge [
|
users.users = lib.mkMerge [
|
||||||
# Create users based on the list (excluding root)
|
# Create users based on the list (excluding root)
|
||||||
(lib.genAttrs regularUsers (username: {
|
(lib.genAttrs regularUsers (username: {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = username;
|
description = username;
|
||||||
extraGroups = [ "networkmanager" ]
|
extraGroups = [
|
||||||
++ lib.optional (username == cfg.defaultUser) "wheel"
|
"networkmanager"
|
||||||
++ lib.optional config.osbmModules.virtualization.docker.enable "docker"
|
]
|
||||||
++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
|
++ lib.optional (username == cfg.defaultUser) "wheel"
|
||||||
|
++ lib.optional config.osbmModules.virtualization.docker.enable "docker"
|
||||||
|
++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
|
||||||
}))
|
}))
|
||||||
|
|
||||||
# Additional configuration for default user (including root if it's default)
|
# Additional configuration for default user (including root if it's default)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue