diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/common/console.nix (renamed from modules/nixfiles/common/console.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/default.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/documentation.nix | 31 | ||||
-rw-r--r-- | modules/nixos/common/home-manager.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/kernel.nix (renamed from modules/nixfiles/common/kernel.nix) | 8 | ||||
-rw-r--r-- | modules/nixos/common/locale.nix | 24 | ||||
-rw-r--r-- | modules/nixos/common/networking.nix | 108 | ||||
-rw-r--r-- | modules/nixos/common/nix.nix | 39 | ||||
-rw-r--r-- | modules/nixos/common/secrets.nix (renamed from modules/nixfiles/common/secrets.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/common/security.nix (renamed from modules/nixfiles/common/security.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/services.nix | 10 | ||||
-rw-r--r-- | modules/nixos/common/shell.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/systemd.nix (renamed from modules/nixfiles/common/systemd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/tmp.nix (renamed from modules/nixfiles/common/tmp.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/users.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/xdg.nix (renamed from modules/nixfiles/common/xdg.nix) | 0 |
16 files changed, 263 insertions, 3 deletions
diff --git a/modules/nixfiles/common/console.nix b/modules/nixos/common/console.nix index 3c73695..3c73695 100644 --- a/modules/nixfiles/common/console.nix +++ b/modules/nixos/common/console.nix diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..8724c8b --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,19 @@ +_: { + imports = [ + ./console.nix + ./documentation.nix + ./home-manager.nix + ./kernel.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./secrets.nix + ./security.nix + ./services.nix + ./shell.nix + ./systemd.nix + ./tmp.nix + ./users.nix + ./xdg.nix + ]; +} diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix new file mode 100644 index 0000000..f909108 --- /dev/null +++ b/modules/nixos/common/documentation.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + config = mkIf this.isHeadful { + documentation = { + dev.enable = true; + nixos.enable = true; + + man.man-db.manualPages = + (pkgs.buildEnv { + name = "man-paths"; + paths = with config; + environment.systemPackages ++ hm.home.packages; + pathsToLink = ["/share/man"]; + extraOutputsToInstall = ["man"]; + ignoreCollisions = true; + }) + .overrideAttrs (_: _: {__contentAddressed = true;}); + }; + + environment.sessionVariables = { + MANOPT = "--no-hyphenation"; + MANPAGER = "${pkgs.less}/bin/less -+F"; + }; + }; +} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix new file mode 100644 index 0000000..52f2fd3 --- /dev/null +++ b/modules/nixos/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.nixosModule]; +} diff --git a/modules/nixfiles/common/kernel.nix b/modules/nixos/common/kernel.nix index 2fdfeeb..2fc40f9 100644 --- a/modules/nixfiles/common/kernel.nix +++ b/modules/nixos/common/kernel.nix @@ -1,7 +1,10 @@ {lib, ...}: with lib; { boot = { - # I don't use it even on laptops. + # I don't use it even on laptops. It's also /required/ to disable it for + # ZFS[1]. + # [1]: https://github.com/openzfs/zfs/issues/260 + # [1]: https://github.com/openzfs/zfs/issues/12842 kernelParams = ["hibernate=no"]; kernel.sysctl = { @@ -30,4 +33,7 @@ with lib; { "vm.vfs_cache_pressure" = 50; }; }; + + # https://docs.kernel.org/admin-guide/mm/ksm.html + hardware.ksm.enable = true; } diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix new file mode 100644 index 0000000..62d19f4 --- /dev/null +++ b/modules/nixos/common/locale.nix @@ -0,0 +1,24 @@ +{lib, ...}: +with lib; { + i18n = { + defaultLocale = mkDefault "en_GB.UTF-8"; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_GB.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "ru_RU.UTF-8/UTF-8" + ]; + }; + + services.xserver = { + layout = comcat ["us" "ru"]; + xkbVariant = comcat ["" "phonetic"]; + xkbOptions = comcat [ + "terminate:ctrl_alt_bksp" + "caps:escape" + "compose:menu" + "grp:win_space_toggle" + ]; + }; +} diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix new file mode 100644 index 0000000..6109933 --- /dev/null +++ b/modules/nixos/common/networking.nix @@ -0,0 +1,108 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + # TODO Support multiple interfaces and IP addresses. + networking = mkMerge [ + { + domain = my.domain.shire; + + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; + + nameservers = mkDefault dns.const.quad9.default; + + useDHCP = false; + + firewall = { + enable = true; + + rejectPackets = false; + + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; + + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; + + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; + + environment.shellAliases = listToAttrs (map + ({ + name, + value, + }: + nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ]); +} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..07136a0 --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,39 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.common.nix; +in { + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + description = "A list of allowed unfree packages."; + type = with types; listOf str; + default = []; + }; + + config = { + nix.settings.trusted-users = ["@wheel"]; + + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + agenix.overlay + # nix-minecraft-servers.overlays.default + xmonad-ng.overlays.default + ]; + }; + + system.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + + environment = { + sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; + localBinInPath = true; + defaultPackages = []; + }; + }; +} diff --git a/modules/nixfiles/common/secrets.nix b/modules/nixos/common/secrets.nix index 9e59716..4fcdc61 100644 --- a/modules/nixfiles/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -41,7 +41,5 @@ with lib; { }; environment.systemPackages = with pkgs; [agenix]; - - system.extraDependencies = [inputs.agenix]; }; } diff --git a/modules/nixfiles/common/security.nix b/modules/nixos/common/security.nix index 09c5da1..09c5da1 100644 --- a/modules/nixfiles/common/security.nix +++ b/modules/nixos/common/security.nix diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix new file mode 100644 index 0000000..725502a --- /dev/null +++ b/modules/nixos/common/services.nix @@ -0,0 +1,10 @@ +_: { + services = { + # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584 + # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system + irqbalance.enable = true; + + # https://github.com/NixOS/nixpkgs/issues/135888 + nscd.enableNsncd = true; + }; +} diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix new file mode 100644 index 0000000..5fbc441 --- /dev/null +++ b/modules/nixos/common/shell.nix @@ -0,0 +1,3 @@ +_: { + programs.command-not-found.enable = false; +} diff --git a/modules/nixfiles/common/systemd.nix b/modules/nixos/common/systemd.nix index 5c7282d..5c7282d 100644 --- a/modules/nixfiles/common/systemd.nix +++ b/modules/nixos/common/systemd.nix diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixos/common/tmp.nix index d56e2b6..d56e2b6 100644 --- a/modules/nixfiles/common/tmp.nix +++ b/modules/nixos/common/tmp.nix diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix new file mode 100644 index 0000000..22e8023 --- /dev/null +++ b/modules/nixos/common/users.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + users = { + mutableUsers = false; + + users = { + root.hashedPassword = "@HASHED_PASSWORD@"; + + ${my.username} = { + isNormalUser = true; + uid = 1000; + description = my.fullname; + inherit (my) hashedPassword; + openssh.authorizedKeys.keys = [my.ssh.key]; + extraGroups = ["wheel"]; + }; + }; + }; +} diff --git a/modules/nixfiles/common/xdg.nix b/modules/nixos/common/xdg.nix index 8ddf1ac..8ddf1ac 100644 --- a/modules/nixfiles/common/xdg.nix +++ b/modules/nixos/common/xdg.nix |