diff options
Diffstat (limited to 'modules/common')
-rw-r--r-- | modules/common/documentation.nix | 2 | ||||
-rw-r--r-- | modules/common/home-manager.nix | 1 | ||||
-rw-r--r-- | modules/common/networking.nix | 16 | ||||
-rw-r--r-- | modules/common/nix.nix | 230 | ||||
-rw-r--r-- | modules/common/security.nix | 12 | ||||
-rw-r--r-- | modules/common/stylix.nix | 2 | ||||
-rw-r--r-- | modules/common/systemd.nix | 3 | ||||
-rw-r--r-- | modules/common/xdg.nix | 5 |
8 files changed, 137 insertions, 134 deletions
diff --git a/modules/common/documentation.nix b/modules/common/documentation.nix index 20856cb..33e767c 100644 --- a/modules/common/documentation.nix +++ b/modules/common/documentation.nix @@ -32,7 +32,7 @@ with lib; (_: _: { __contentAddressed = true; }); }; - environment.sessionVariables = { + environment.variables = { MANOPT = "--no-hyphenation"; MANPAGER = "${getExe pkgs.less} -+F"; }; diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix index 9c4cbeb..f2fc8a8 100644 --- a/modules/common/home-manager.nix +++ b/modules/common/home-manager.nix @@ -19,6 +19,7 @@ with lib; news.display = "silent"; home = { inherit (config.system) stateVersion; + enableNixpkgsReleaseCheck = false; }; }; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 727def4..e891e58 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -18,7 +18,6 @@ in optional networkmanager.enable "/etc/NetworkManager/system-connections" ++ optional wireless.iwd.enable "/var/lib/iwd"; - # TODO Switch to systemd-networkd. networking = mkMerge [ { domain = my.domain.shire; @@ -29,12 +28,11 @@ in # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.2" = mkForce [ ]; + "127.0.0.1" = mkForce [ ]; "::1" = mkForce [ ]; }; nameservers = mkDefault dns.const.quad9.default; - resolvconf.enable = true; useDHCP = false; @@ -84,13 +82,17 @@ in } ) (mkIf this.isHeadful { - interfaces = { - eth0.useDHCP = mkDefault true; - wlan0.useDHCP = mkDefault true; - }; + interfaces.eth0.useDHCP = mkDefault true; networkmanager = { enable = mkDefault true; + unmanaged = [ + "bridge" + "ethernet" + "loopback" + "wireguard" + ]; + plugins = mkForce [ ]; wifi.backend = "iwd"; }; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index c03c1b1..6c5bd18 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -3,7 +3,6 @@ inputs, lib, pkgs, - pkgsPr, this, ... }: @@ -12,142 +11,149 @@ let cfg = config.nixfiles.modules.common.nix; in { + imports = with inputs.srvos.nixosModules; [ + mixins-nix-experimental + mixins-trusted-nix-caches + ]; + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { description = "A list of allowed unfree packages."; type = with types; listOf str; default = [ ]; }; - config = { - _module.args = - let - importNixpkgs = - nixpkgs: - import nixpkgs { - inherit (config.nixpkgs) config; - inherit (this) system; - }; - in - rec { - pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! - pkgsMaster = importNixpkgs inputs.nixpkgs-master; - pkgsStable = importNixpkgs inputs.nixpkgs-stable; - pkgsRev = - rev: hash: - importNixpkgs ( - pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - inherit rev hash; - } - ); - pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; + config = + let + useNixpkgs = + nixpkgs: + import nixpkgs { + inherit (config.nixpkgs) config; + inherit (this) system; + }; + + pkgsLocal = useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! + pkgsMaster = useNixpkgs inputs.nixpkgs-master; + pkgsStable = useNixpkgs inputs.nixpkgs-stable; + pkgsRev = + rev: hash: + useNixpkgs ( + pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixpkgs"; + inherit rev hash; + } + ); + pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; + in + { + _module.args = { + inherit + pkgsLocal + pkgsMaster + pkgsStable + pkgsRev + pkgsPr + ; + }; + + hm = { + # Used primarily in conjunction with the "nixfiles" script. + home.file.".nix-defexpr/default.nix".text = + let + hostname = strings.escapeNixIdentifier this.hostname; + in + optionalString this.isHeadful '' + let + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + pretty = expr: lib.trace (lib.generators.toPretty {} expr) {}; + } // configurations // local._module.args + ''; + + programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; }; - hm = { - # Used primarily in conjunction with the "nixfiles" script. - home.file.".nix-defexpr/default.nix".text = + nix = let - hostname = strings.escapeNixIdentifier this.hostname; + notSelfInputs = filterAttrs (n: _: n != "self") inputs; in - optionalString this.isHeadful '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - pretty = expr: lib.trace (lib.generators.toPretty {} expr) {}; - } // configurations // local._module.args - ''; - - programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; - }; + { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + daemonIOSchedPriority = 7; - nix = - let - notSelfInputs = filterAttrs (n: _: n != "self") inputs; - in - { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - daemonIOSchedPriority = 7; - - settings = { - # https://nixos.org/manual/nix/unstable/contributing/experimental-features.html#currently-available-experimental-features - # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc - experimental-features = concatStringsSep " " [ - "flakes" - "nix-command" - "recursive-nix" - "repl-flake" - ]; + settings = { + keep-derivations = if this.isHeadful then "true" else "false"; + keep-outputs = if this.isHeadful then "true" else "false"; - keep-derivations = if this.isHeadful then "true" else "false"; - keep-outputs = if this.isHeadful then "true" else "false"; + warn-dirty = false; - flake-registry = "${inputs.flake-registry}/flake-registry.json"; + keep-going = true; - warn-dirty = false; + substituters = [ + "https://azahi.cachix.org" + "https://nix-community.cachix.org" + ]; - keep-going = true; + trusted-substituters = [ "https://azahi.cachix.org" ]; + trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" ]; - substituters = [ - "https://azahi.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; + trusted-users = [ + "root" + my.username + ]; + }; - trusted-users = [ - "root" - my.username + nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ + "nixfiles=${config.my.home}/src/nixfiles" ]; + + registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { + nixfiles.flake = inputs.self; + }; }; - nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ - "nixfiles=${config.my.home}/src/nixfiles" + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + self.overlays.default + (_: _: { + # Global PR package overrides go here. Example: + # ``` + # inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go; + # ``` + }) ]; + }; - registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { - nixfiles.flake = inputs.self; + environment = { + localBinInPath = true; + defaultPackages = [ ]; + systemPackages = + with pkgs; + optionals this.isHeadful [ + nix-top + nix-tree + nixfiles + ]; + variables = { + NIXFILES = "${config.my.home}/src/nixfiles"; + NIX_SHELL_PRESERVE_PROMPT = "1"; }; }; - nixpkgs = { - config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; - - overlays = with inputs; [ - self.overlays.default - (_: _super: { - inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go; - }) - ]; - }; - - environment = { - localBinInPath = true; - defaultPackages = mkForce [ ]; - systemPackages = - with pkgs; - optionals this.isHeadful [ - nix-top - nix-tree - nixfiles - ]; - sessionVariables = { - NIXFILES = "${config.my.home}/src/nixfiles"; - NIX_SHELL_PRESERVE_PROMPT = "1"; + system = { + # HACK This lets `nix flake check` to pass. + stateVersion = if hasAttr "stateVersion" this then this.stateVersion else trivial.release; }; }; - - system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); - }; } diff --git a/modules/common/security.nix b/modules/common/security.nix index c635cdc..acfc9cc 100644 --- a/modules/common/security.nix +++ b/modules/common/security.nix @@ -1,13 +1,6 @@ _: { security = { - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture=never - ''; - }; + sudo.wheelNeedsPassword = false; polkit = { enable = true; @@ -24,8 +17,5 @@ _: { }); ''; }; - - # Pretty much used only for PipeWire. - rtkit.enable = true; }; } diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix index 9a360ad..314aa4c 100644 --- a/modules/common/stylix.nix +++ b/modules/common/stylix.nix @@ -37,6 +37,8 @@ with lib; # [1]: https://github.com/tinted-theming/base24/blob/master/styling.md config = { stylix = { + autoEnable = this.isHeadful; + image = pkgs.fetchurl { url = "https://upload.wikimedia.org/wikipedia/commons/a/a5/Bonaparte_ante_la_Esfinge%2C_por_Jean-Léon_Gérôme.jpg"; sha256 = "sha256-qWv52oT8cF9K4ZoeawmR3jgoGB2ARfjbKKc12IljUcM="; diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index b393d9f..aac1647 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -13,7 +13,6 @@ enable = true; network = { inherit (config.systemd.network) enable; - wait-online.enable = false; }; }; @@ -35,7 +34,7 @@ }; }; - environment.sessionVariables = { + environment.variables = { SYSTEMD_PAGERSECURE = "1"; SYSTEMD_PAGER = "${pkgs.less}/bin/less"; SYSTEMD_LESS = "FRSXMK"; diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix index c581369..0b807b7 100644 --- a/modules/common/xdg.nix +++ b/modules/common/xdg.nix @@ -84,7 +84,10 @@ in }; config = { - xdg.portal = mkIf this.isHeadful { enable = true; }; + xdg = { + portal.enable = this.isHeadful; + sounds.enable = this.isHeadful; + }; hm.xdg = mkMerge [ (with cfg; { |