diff options
Diffstat (limited to 'modules/nixos/common')
| -rw-r--r-- | modules/nixos/common/ark.nix | 64 | ||||
| -rw-r--r-- | modules/nixos/common/console.nix | 10 | ||||
| -rw-r--r-- | modules/nixos/common/default.nix | 21 | ||||
| -rw-r--r-- | modules/nixos/common/documentation.nix | 31 | ||||
| -rw-r--r-- | modules/nixos/common/home-manager.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/common/kernel.nix | 40 | ||||
| -rw-r--r-- | modules/nixos/common/locale.nix | 41 | ||||
| -rw-r--r-- | modules/nixos/common/networking.nix | 130 | ||||
| -rw-r--r-- | modules/nixos/common/nix.nix | 35 | ||||
| -rw-r--r-- | modules/nixos/common/secrets.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/common/security.nix | 31 | ||||
| -rw-r--r-- | modules/nixos/common/services.nix | 10 | ||||
| -rw-r--r-- | modules/nixos/common/shell.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/common/stylix.nix | 46 | ||||
| -rw-r--r-- | modules/nixos/common/systemd.nix | 43 | ||||
| -rw-r--r-- | modules/nixos/common/tmp.nix | 18 | ||||
| -rw-r--r-- | modules/nixos/common/users.nix | 30 | ||||
| -rw-r--r-- | modules/nixos/common/xdg.nix | 41 |
18 files changed, 0 insertions, 600 deletions
diff --git a/modules/nixos/common/ark.nix b/modules/nixos/common/ark.nix deleted file mode 100644 index 6c7148f..0000000 --- a/modules/nixos/common/ark.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.ark; -in -{ - imports = [ - (mkAliasOptionModule [ "ark" ] [ - "nixfiles" - "modules" - "ark" - ]) - inputs.impermanence.nixosModules.impermanence - ]; - - options.nixfiles.modules.ark = - let - mkListOfAnythingOption = mkOption { - type = with types; listOf anything; # Assumed to be matching with the upstream type. - default = [ ]; - }; - in - { - enable = mkEnableOption "persistent storage support via impermanence"; - - path = mkOption { - type = types.str; - default = "/ark"; - }; - - directories = mkListOfAnythingOption; - files = mkListOfAnythingOption; - # hm = { - # directories = mkListOfAnythingOption; - # files = mkListOfAnythingOption; - # }; - }; - - config = mkIf cfg.enable { - environment.persistence.${cfg.path} = { - hideMounts = true; - enableDebugging = false; - inherit (cfg) directories files; - }; - - # NOTE We can't reliably[1] use this, so for the time being, this will stay - # commented out. Probably forever. - # - # [1]: https://github.com/nix-community/impermanence/issues/18 - # - # hm = { - # imports = [inputs.impermanence.nixosModules.home-manager.impermanence]; - # home.persistence."${cfg.path}/${config.my.home}" = { - # allowOther = false; - # inherit (cfg.hm) directories files; - # }; - # }; - }; -} diff --git a/modules/nixos/common/console.nix b/modules/nixos/common/console.nix deleted file mode 100644 index 330310c..0000000 --- a/modules/nixos/common/console.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: -{ - stylix.targets.console.enable = false; - - console = { - earlySetup = true; - font = "${pkgs.terminus_font}/share/consolefonts/ter-v16b.psf.gz"; - useXkbConfig = config.services.xserver.enable; - }; -} diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix deleted file mode 100644 index 4c192c9..0000000 --- a/modules/nixos/common/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -_: { - imports = [ - ./ark.nix - ./console.nix - ./documentation.nix - ./home-manager.nix - ./kernel.nix - ./locale.nix - ./networking.nix - ./nix.nix - ./secrets.nix - ./security.nix - ./services.nix - ./shell.nix - ./stylix.nix - ./systemd.nix - ./tmp.nix - ./users.nix - ./xdg.nix - ]; -} diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix deleted file mode 100644 index f7d1585..0000000 --- a/modules/nixos/common/documentation.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; -{ - config = mkIf this.isHeadful { - documentation = { - dev.enable = true; - nixos.enable = true; - - man.man-db.manualPages = - (pkgs.buildEnv { - name = "man-paths"; - paths = with config; environment.systemPackages ++ hm.home.packages; - pathsToLink = [ "/share/man" ]; - extraOutputsToInstall = [ "man" ]; - ignoreCollisions = true; - }).overrideAttrs - (_: _: { __contentAddressed = true; }); - }; - - environment.sessionVariables = { - MANOPT = "--no-hyphenation"; - MANPAGER = "${getExe pkgs.less} -+F"; - }; - }; -} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix deleted file mode 100644 index c553a65..0000000 --- a/modules/nixos/common/home-manager.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.home-manager.nixosModule ]; -} diff --git a/modules/nixos/common/kernel.nix b/modules/nixos/common/kernel.nix deleted file mode 100644 index 5c45b5d..0000000 --- a/modules/nixos/common/kernel.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, ... }: -with lib; -{ - boot = { - # I don't use it even on laptops. It's also /required/ to disable it for - # ZFS[1]. - # [1]: https://github.com/openzfs/zfs/issues/260 - # [1]: https://github.com/openzfs/zfs/issues/12842 - kernelParams = [ "hibernate=no" ]; - - kernel.sysctl = { - "fs.file-max" = pow 2 17; - "fs.inotify.max_user_watches" = pow 2 19; - "fs.suid_dumpable" = 0; - "kernel.core_uses_pid" = 1; - "kernel.exec-shield" = 1; - "kernel.kptr_restrict" = 1; - "kernel.maps_protect" = 1; - "kernel.msgmax" = pow 2 16; - "kernel.msgmnb" = pow 2 16; - "kernel.pid_max" = pow 2 16; - "kernel.randomize_va_space" = 2; - "kernel.shmall" = pow 2 28; - "kernel.shmmax" = pow 2 28; - "kernel.sysrq" = 0; - "vm.dirty_background_bytes" = pow 2 22; - "vm.dirty_background_ratio" = 5; - "vm.dirty_bytes" = pow 2 22; - "vm.dirty_ratio" = 30; - "vm.min_free_kbytes" = pow 2 16; - "vm.mmap_min_addr" = pow 2 12; - "vm.overcommit_memory" = mkDefault 0; - "vm.overcommit_ratio" = mkDefault 50; - "vm.vfs_cache_pressure" = 50; - }; - }; - - # https://docs.kernel.org/admin-guide/mm/ksm.html - hardware.ksm.enable = true; -} diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix deleted file mode 100644 index 8b91a5a..0000000 --- a/modules/nixos/common/locale.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -{ - i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; - supportedLocales = [ - "C.UTF-8/UTF-8" - "en_GB.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "ja_JP.UTF-8/UTF-8" - "ru_RU.UTF-8/UTF-8" - ]; - - inputMethod = { - enabled = null; # FIXME Breaks on Wayland. - fcitx5 = { - addons = with pkgs; [ - fcitx5-configtool - fcitx5-mozc - ]; - waylandFrontend = config.nixfiles.modules.wayland.enable; - }; - }; - }; - - services.xserver.xkb = { - layout = "us,ru"; - variant = ",phonetic"; - options = concatStringsSep "," [ - "caps:escape" - "compose:menu" - "grp:win_space_toggle" - "terminate:ctrl_alt_bksp" - ]; - }; -} diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix deleted file mode 100644 index ecadf6e..0000000 --- a/modules/nixos/common/networking.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.common.networking; -in -{ - options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; - - config = mkIf (!cfg.onlyDefault) { - ark.directories = - with config.networking; - optional networkmanager.enable "/etc/NetworkManager/system-connections" - ++ optional wireless.iwd.enable "/var/lib/iwd"; - - # TODO Switch to systemd-networkd. - networking = mkMerge [ - { - domain = my.domain.shire; - - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - - # Remove default hostname mappings. This is required at least by the - # current implementation of the monitoring module. - hosts = { - "127.0.0.2" = mkForce [ ]; - "::1" = mkForce [ ]; - }; - - nameservers = mkDefault dns.const.quad9.default; - resolvconf.enable = true; - - useDHCP = false; - - nftables.enable = true; - - firewall = { - enable = true; - - rejectPackets = false; - - allowPing = true; - pingLimit = "1/minute burst 5 packets"; - - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - } - ( - let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = - with this.ipv4; - optional (isString address && isInt prefixLength) { inherit address prefixLength; }; - - ipv6.addresses = - with this.ipv6; - optional (isString address && isInt prefixLength) { inherit address prefixLength; }; - }; - defaultGateway = - with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = - with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - } - ) - (mkIf this.isHeadful { - interfaces = { - eth0.useDHCP = mkDefault true; - wlan0.useDHCP = mkDefault true; - }; - - networkmanager = { - enable = mkDefault true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = mkDefault true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }) - ]; - - environment = { - shellAliases = listToAttrs ( - map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ - { - name = "bridge"; - value = "bridge -color=always"; - } - { - name = "ip"; - value = "ip -color=always"; - } - { - name = "tc"; - value = "tc -color=always"; - } - ] - ); - - systemPackages = with pkgs; [ - ethtool - nethogs - ]; - }; - }; -} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix deleted file mode 100644 index 146575d..0000000 --- a/modules/nixos/common/nix.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.common.nix; -in -{ - options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { - description = "A list of allowed unfree packages."; - type = with types; listOf str; - default = [ ]; - }; - - config = { - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - daemonIOSchedPriority = 7; - }; - - nixpkgs.config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; - - system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); - - environment = { - sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; - localBinInPath = true; - defaultPackages = [ ]; - }; - }; -} diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix deleted file mode 100644 index 31787ac..0000000 --- a/modules/nixos/common/secrets.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.agenix.nixosModules.default ]; -} diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix deleted file mode 100644 index c635cdc..0000000 --- a/modules/nixos/common/security.nix +++ /dev/null @@ -1,31 +0,0 @@ -_: { - security = { - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture=never - ''; - }; - - polkit = { - enable = true; - extraConfig = '' - /* - * Allow members of the wheel group to execute any actions - * without password authentication, similar to "sudo NOPASSWD:". - * - * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt - */ - polkit.addRule(function(action, subject) { - if (subject.isInGroup('wheel')) - return polkit.Result.YES; - }); - ''; - }; - - # Pretty much used only for PipeWire. - rtkit.enable = true; - }; -} diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix deleted file mode 100644 index 12e4bf7..0000000 --- a/modules/nixos/common/services.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - services = { - # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584 - # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system - irqbalance.enable = true; - - # This is upposed to be better? - dbus.implementation = "broker"; - }; -} diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix deleted file mode 100644 index a1a7f08..0000000 --- a/modules/nixos/common/shell.nix +++ /dev/null @@ -1 +0,0 @@ -_: { programs.command-not-found.enable = false; } diff --git a/modules/nixos/common/stylix.nix b/modules/nixos/common/stylix.nix deleted file mode 100644 index 58b4f29..0000000 --- a/modules/nixos/common/stylix.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: -with lib; -{ - imports = [ inputs.stylix.nixosModules.stylix ]; - - stylix.cursor = { - name = "phinger-cursors-light"; - package = pkgs.phinger-cursors; - size = 32; - }; - - fonts = { - packages = mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; - - fontconfig.defaultFonts = with config.stylix.fonts; { - serif = mkForce [ - serif.name - "Sarasa Gothic" - "Source Han Serif" - "Noto Serif" - ]; - sansSerif = mkForce [ - sansSerif.name - "Sarasa Gothic" - "Source Han Sans" - "Noto Sans" - ]; - monospace = mkForce [ - monospace.name - "Sarasa Mono" - "Source Han Mono" - "Noto Sans Mono" - ]; - emoji = mkForce [ - "Twitter Color Emoji" - "Noto Color Emoji" - ]; - }; - }; -} diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix deleted file mode 100644 index b393d9f..0000000 --- a/modules/nixos/common/systemd.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, ... }: -{ - ark = { - files = [ "/etc/machine-id" ]; - directories = [ "/var/lib/systemd/coredump" ]; - }; - - my.extraGroups = [ "systemd-journal" ]; - - hm.systemd.user.startServices = "sd-switch"; - - boot.initrd.systemd = { - enable = true; - network = { - inherit (config.systemd.network) enable; - wait-online.enable = false; - }; - }; - - services.journald.extraConfig = '' - SystemMaxUse=5G - ''; - - systemd = - let - extraConfig = '' - DefaultTimeoutStartSec=30s - DefaultTimeoutStopSec=15s - ''; - in - { - inherit extraConfig; - user = { - inherit extraConfig; - }; - }; - - environment.sessionVariables = { - SYSTEMD_PAGERSECURE = "1"; - SYSTEMD_PAGER = "${pkgs.less}/bin/less"; - SYSTEMD_LESS = "FRSXMK"; - }; -} diff --git a/modules/nixos/common/tmp.nix b/modules/nixos/common/tmp.nix deleted file mode 100644 index d56e2b6..0000000 --- a/modules/nixos/common/tmp.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - systemd.mounts = [ - { - type = "tmpfs"; - what = "tmpfs"; - where = "/tmp"; - mountConfig.Options = [ - "huge=within_size" - "mode=1777" - "noatime" - "nodev" - "nosuid" - "rw" - "size=25%" - ]; - } - ]; -} diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix deleted file mode 100644 index a92a38e..0000000 --- a/modules/nixos/common/users.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - localUsername ? lib.my.username, - ... -}: -with lib; -let - home = "/home/${localUsername}"; -in -{ - ark.directories = [ home ]; - - users = { - mutableUsers = false; - - users = { - root.hashedPassword = "@HASHED_PASSWORD@"; - - ${localUsername} = { - isNormalUser = true; - uid = 1000; - description = my.fullname; - inherit home; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [ my.ssh.key ]; - extraGroups = [ "wheel" ]; - }; - }; - }; -} diff --git a/modules/nixos/common/xdg.nix b/modules/nixos/common/xdg.nix deleted file mode 100644 index 1fe167e..0000000 --- a/modules/nixos/common/xdg.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.common.xdg; -in -{ - options.nixfiles.modules.common.xdg.defaultApplications = mkOption { - description = "Default applications."; - type = with types; attrsOf (listOf str); - default = { }; - }; - - config = { - xdg.portal = mkIf this.isHeadful { enable = true; }; - - hm.xdg = mkMerge [ - (with cfg; { - enable = true; - - inherit cacheHome; - inherit configHome; - inherit dataHome; - inherit stateHome; - inherit userDirs; - }) - (mkIf this.isHeadful { - mimeApps = { - enable = true; - defaultApplications = mkMerge ( - mapAttrsToList (n: v: genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications - ); - }; - }) - ]; - }; -} |