about summary refs log tree commit diff
path: root/modules/common
diff options
context:
space:
mode:
Diffstat (limited to 'modules/common')
-rw-r--r--modules/common/documentation.nix2
-rw-r--r--modules/common/home-manager.nix1
-rw-r--r--modules/common/networking.nix16
-rw-r--r--modules/common/nix.nix230
-rw-r--r--modules/common/security.nix12
-rw-r--r--modules/common/stylix.nix2
-rw-r--r--modules/common/systemd.nix3
-rw-r--r--modules/common/xdg.nix5
8 files changed, 137 insertions, 134 deletions
diff --git a/modules/common/documentation.nix b/modules/common/documentation.nix
index 20856cb..33e767c 100644
--- a/modules/common/documentation.nix
+++ b/modules/common/documentation.nix
@@ -32,7 +32,7 @@ with lib;
           (_: _: { __contentAddressed = true; });
     };
 
-    environment.sessionVariables = {
+    environment.variables = {
       MANOPT = "--no-hyphenation";
       MANPAGER = "${getExe pkgs.less} -+F";
     };
diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix
index 9c4cbeb..f2fc8a8 100644
--- a/modules/common/home-manager.nix
+++ b/modules/common/home-manager.nix
@@ -19,6 +19,7 @@ with lib;
     news.display = "silent";
     home = {
       inherit (config.system) stateVersion;
+      enableNixpkgsReleaseCheck = false;
     };
   };
 
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 727def4..e891e58 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -18,7 +18,6 @@ in
       optional networkmanager.enable "/etc/NetworkManager/system-connections"
       ++ optional wireless.iwd.enable "/var/lib/iwd";
 
-    # TODO Switch to systemd-networkd.
     networking = mkMerge [
       {
         domain = my.domain.shire;
@@ -29,12 +28,11 @@ in
         # Remove default hostname mappings. This is required at least by the
         # current implementation of the monitoring module.
         hosts = {
-          "127.0.0.2" = mkForce [ ];
+          "127.0.0.1" = mkForce [ ];
           "::1" = mkForce [ ];
         };
 
         nameservers = mkDefault dns.const.quad9.default;
-        resolvconf.enable = true;
 
         useDHCP = false;
 
@@ -84,13 +82,17 @@ in
         }
       )
       (mkIf this.isHeadful {
-        interfaces = {
-          eth0.useDHCP = mkDefault true;
-          wlan0.useDHCP = mkDefault true;
-        };
+        interfaces.eth0.useDHCP = mkDefault true;
 
         networkmanager = {
           enable = mkDefault true;
+          unmanaged = [
+            "bridge"
+            "ethernet"
+            "loopback"
+            "wireguard"
+          ];
+          plugins = mkForce [ ];
           wifi.backend = "iwd";
         };
 
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index c03c1b1..6c5bd18 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -3,7 +3,6 @@
   inputs,
   lib,
   pkgs,
-  pkgsPr,
   this,
   ...
 }:
@@ -12,142 +11,149 @@ let
   cfg = config.nixfiles.modules.common.nix;
 in
 {
+  imports = with inputs.srvos.nixosModules; [
+    mixins-nix-experimental
+    mixins-trusted-nix-caches
+  ];
+
   options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption {
     description = "A list of allowed unfree packages.";
     type = with types; listOf str;
     default = [ ];
   };
 
-  config = {
-    _module.args =
-      let
-        importNixpkgs =
-          nixpkgs:
-          import nixpkgs {
-            inherit (config.nixpkgs) config;
-            inherit (this) system;
-          };
-      in
-      rec {
-        pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure!
-        pkgsMaster = importNixpkgs inputs.nixpkgs-master;
-        pkgsStable = importNixpkgs inputs.nixpkgs-stable;
-        pkgsRev =
-          rev: hash:
-          importNixpkgs (
-            pkgs.fetchFromGitHub {
-              owner = "NixOS";
-              repo = "nixpkgs";
-              inherit rev hash;
-            }
-          );
-        pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head";
+  config =
+    let
+      useNixpkgs =
+        nixpkgs:
+        import nixpkgs {
+          inherit (config.nixpkgs) config;
+          inherit (this) system;
+        };
+
+      pkgsLocal = useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure!
+      pkgsMaster = useNixpkgs inputs.nixpkgs-master;
+      pkgsStable = useNixpkgs inputs.nixpkgs-stable;
+      pkgsRev =
+        rev: hash:
+        useNixpkgs (
+          pkgs.fetchFromGitHub {
+            owner = "NixOS";
+            repo = "nixpkgs";
+            inherit rev hash;
+          }
+        );
+      pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head";
+    in
+    {
+      _module.args = {
+        inherit
+          pkgsLocal
+          pkgsMaster
+          pkgsStable
+          pkgsRev
+          pkgsPr
+          ;
+      };
+
+      hm = {
+        # Used primarily in conjunction with the "nixfiles" script.
+        home.file.".nix-defexpr/default.nix".text =
+          let
+            hostname = strings.escapeNixIdentifier this.hostname;
+          in
+          optionalString this.isHeadful ''
+            let
+              self = builtins.getFlake "nixfiles";
+              configurations = self.nixosConfigurations;
+              local = configurations.${hostname};
+            in rec {
+              inherit self;
+              inherit (self) inputs lib;
+              inherit (lib) my;
+              this = my.configurations.${hostname};
+              inherit (local) config;
+              inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
+              pretty = expr: lib.trace (lib.generators.toPretty {} expr) {};
+            } // configurations // local._module.args
+          '';
+
+        programs.bash.shellAliases.nix = "nix --verbose --print-build-logs";
       };
 
-    hm = {
-      # Used primarily in conjunction with the "nixfiles" script.
-      home.file.".nix-defexpr/default.nix".text =
+      nix =
         let
-          hostname = strings.escapeNixIdentifier this.hostname;
+          notSelfInputs = filterAttrs (n: _: n != "self") inputs;
         in
-        optionalString this.isHeadful ''
-          let
-            self = builtins.getFlake "nixfiles";
-            configurations = self.nixosConfigurations;
-            local = configurations.${hostname};
-          in rec {
-            inherit self;
-            inherit (self) inputs lib;
-            inherit (lib) my;
-            this = my.configurations.${hostname};
-            inherit (local) config;
-            inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
-            pretty = expr: lib.trace (lib.generators.toPretty {} expr) {};
-          } // configurations // local._module.args
-        '';
-
-      programs.bash.shellAliases.nix = "nix --verbose --print-build-logs";
-    };
+        {
+          daemonCPUSchedPolicy = "idle";
+          daemonIOSchedClass = "idle";
+          daemonIOSchedPriority = 7;
 
-    nix =
-      let
-        notSelfInputs = filterAttrs (n: _: n != "self") inputs;
-      in
-      {
-        daemonCPUSchedPolicy = "idle";
-        daemonIOSchedClass = "idle";
-        daemonIOSchedPriority = 7;
-
-        settings = {
-          # https://nixos.org/manual/nix/unstable/contributing/experimental-features.html#currently-available-experimental-features
-          # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc
-          experimental-features = concatStringsSep " " [
-            "flakes"
-            "nix-command"
-            "recursive-nix"
-            "repl-flake"
-          ];
+          settings = {
+            keep-derivations = if this.isHeadful then "true" else "false";
+            keep-outputs = if this.isHeadful then "true" else "false";
 
-          keep-derivations = if this.isHeadful then "true" else "false";
-          keep-outputs = if this.isHeadful then "true" else "false";
+            warn-dirty = false;
 
-          flake-registry = "${inputs.flake-registry}/flake-registry.json";
+            keep-going = true;
 
-          warn-dirty = false;
+            substituters = [
+              "https://azahi.cachix.org"
+              "https://nix-community.cachix.org"
+            ];
 
-          keep-going = true;
+            trusted-substituters = [ "https://azahi.cachix.org" ];
+            trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" ];
 
-          substituters = [
-            "https://azahi.cachix.org"
-            "https://nix-community.cachix.org"
-          ];
-          trusted-public-keys = [
-            "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s="
-            "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-          ];
+            trusted-users = [
+              "root"
+              my.username
+            ];
+          };
 
-          trusted-users = [
-            "root"
-            my.username
+          nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [
+            "nixfiles=${config.my.home}/src/nixfiles"
           ];
+
+          registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // {
+            nixfiles.flake = inputs.self;
+          };
         };
 
-        nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [
-          "nixfiles=${config.my.home}/src/nixfiles"
+      nixpkgs = {
+        config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages;
+
+        overlays = with inputs; [
+          self.overlays.default
+          (_: _: {
+            # Global PR package overrides go here. Example:
+            # ```
+            # inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go;
+            # ```
+          })
         ];
+      };
 
-        registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // {
-          nixfiles.flake = inputs.self;
+      environment = {
+        localBinInPath = true;
+        defaultPackages = [ ];
+        systemPackages =
+          with pkgs;
+          optionals this.isHeadful [
+            nix-top
+            nix-tree
+            nixfiles
+          ];
+        variables = {
+          NIXFILES = "${config.my.home}/src/nixfiles";
+          NIX_SHELL_PRESERVE_PROMPT = "1";
         };
       };
 
-    nixpkgs = {
-      config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages;
-
-      overlays = with inputs; [
-        self.overlays.default
-        (_: _super: {
-          inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go;
-        })
-      ];
-    };
-
-    environment = {
-      localBinInPath = true;
-      defaultPackages = mkForce [ ];
-      systemPackages =
-        with pkgs;
-        optionals this.isHeadful [
-          nix-top
-          nix-tree
-          nixfiles
-        ];
-      sessionVariables = {
-        NIXFILES = "${config.my.home}/src/nixfiles";
-        NIX_SHELL_PRESERVE_PROMPT = "1";
+      system = {
+        # HACK This lets `nix flake check` to pass.
+        stateVersion = if hasAttr "stateVersion" this then this.stateVersion else trivial.release;
       };
     };
-
-    system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version"));
-  };
 }
diff --git a/modules/common/security.nix b/modules/common/security.nix
index c635cdc..acfc9cc 100644
--- a/modules/common/security.nix
+++ b/modules/common/security.nix
@@ -1,13 +1,6 @@
 _: {
   security = {
-    sudo = {
-      enable = true;
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-      extraConfig = ''
-        Defaults lecture=never
-      '';
-    };
+    sudo.wheelNeedsPassword = false;
 
     polkit = {
       enable = true;
@@ -24,8 +17,5 @@ _: {
         });
       '';
     };
-
-    # Pretty much used only for PipeWire.
-    rtkit.enable = true;
   };
 }
diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix
index 9a360ad..314aa4c 100644
--- a/modules/common/stylix.nix
+++ b/modules/common/stylix.nix
@@ -37,6 +37,8 @@ with lib;
   # [1]: https://github.com/tinted-theming/base24/blob/master/styling.md
   config = {
     stylix = {
+      autoEnable = this.isHeadful;
+
       image = pkgs.fetchurl {
         url = "https://upload.wikimedia.org/wikipedia/commons/a/a5/Bonaparte_ante_la_Esfinge%2C_por_Jean-Léon_Gérôme.jpg";
         sha256 = "sha256-qWv52oT8cF9K4ZoeawmR3jgoGB2ARfjbKKc12IljUcM=";
diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix
index b393d9f..aac1647 100644
--- a/modules/common/systemd.nix
+++ b/modules/common/systemd.nix
@@ -13,7 +13,6 @@
     enable = true;
     network = {
       inherit (config.systemd.network) enable;
-      wait-online.enable = false;
     };
   };
 
@@ -35,7 +34,7 @@
       };
     };
 
-  environment.sessionVariables = {
+  environment.variables = {
     SYSTEMD_PAGERSECURE = "1";
     SYSTEMD_PAGER = "${pkgs.less}/bin/less";
     SYSTEMD_LESS = "FRSXMK";
diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix
index c581369..0b807b7 100644
--- a/modules/common/xdg.nix
+++ b/modules/common/xdg.nix
@@ -84,7 +84,10 @@ in
   };
 
   config = {
-    xdg.portal = mkIf this.isHeadful { enable = true; };
+    xdg = {
+      portal.enable = this.isHeadful;
+      sounds.enable = this.isHeadful;
+    };
 
     hm.xdg = mkMerge [
       (with cfg; {

Consider giving Nix/NixOS a try! <3