From c81dc5a13b469c511fac6fa2390b70422d1b4da5 Mon Sep 17 00:00:00 2001 From: azahi Date: Wed, 12 Mar 2025 20:17:13 +0300 Subject: 2025-03-12 --- modules/profiles/default.nix | 7 +- modules/profiles/dev/default.nix | 6 +- modules/profiles/email.nix | 2 +- modules/profiles/headful.nix | 182 -------------------------------- modules/profiles/headful/default.nix | 190 ++++++++++++++++++++++++++++++++++ modules/profiles/headless.nix | 54 ---------- modules/profiles/headless/default.nix | 47 +++++++++ 7 files changed, 247 insertions(+), 241 deletions(-) delete mode 100644 modules/profiles/headful.nix create mode 100644 modules/profiles/headful/default.nix delete mode 100644 modules/profiles/headless.nix create mode 100644 modules/profiles/headless/default.nix (limited to 'modules/profiles') diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index cbfb665..bf95f7b 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -1,5 +1,6 @@ { config, + inputs, lib, pkgs, this, @@ -9,7 +10,9 @@ let cfg = config.nixfiles.modules.profiles.default; in { - imports = lib.modulesIn ./. |> lib.attrValues; + imports = (lib.modulesIn ./. |> lib.attrValues) ++ [ + inputs.nixpkgs.nixosModules.notDetected + ]; options.nixfiles.modules.profiles.default.enable = lib.mkEnableOption "The most default profile of them all." @@ -34,8 +37,10 @@ in ]; nixfiles.modules = { + alloy.enable = true; htop.enable = true; vim.enable = true; + yubikey.enable = true; }; programs = { diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index 89ed7a3..b7d1389 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -77,14 +77,14 @@ in logcli nix-update nixpkgs-review - opentofu - scaleway-cli + radare2 + rustscan scanmem sops sqlitebrowser terraform toolbox - vultr-cli + vulnix yq ]; diff --git a/modules/profiles/email.nix b/modules/profiles/email.nix index 5f142dc..b5fb59d 100644 --- a/modules/profiles/email.nix +++ b/modules/profiles/email.nix @@ -33,7 +33,7 @@ in patterns = [ "*" ]; }; msmtp.enable = true; - mu.enable = true; + mu.enable = false; thunderbird = { enable = true; settings = id: { diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix deleted file mode 100644 index 62a036c..0000000 --- a/modules/profiles/headful.nix +++ /dev/null @@ -1,182 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -let - cfg = config.nixfiles.modules.profiles.headful; -in -{ - options.nixfiles.modules.profiles.headful.enable = lib.mkEnableOption "headful profile" // { - default = this.isHeadful; - }; - - config = lib.mkIf cfg.enable { - nixfiles.modules = { - common.xdg.defaultApplications."org.telegram.desktop" = [ "x-scheme-handler/tg" ]; - - profiles.dev.enable = true; - - alacritty.enable = true; - aria2.enable = true; - bat.enable = true; - chromium.enable = true; - emacs.enable = true; - eza.enable = true; - firefox.enable = true; - foot.enable = true; - kde.enable = true; - mpv.enable = true; - nullmailer.enable = true; - openssh.client.enable = true; - password-store.enable = true; - sound.enable = true; - thunderbird.enable = true; - vscode.enable = true; - wayland.enable = true; - x11.enable = true; - zathura.enable = true; - }; - - hm = { - imports = [ inputs.nix-index-database.hmModules.nix-index ]; - - home = { - file.".digrc".text = '' - +answer - +multiline - +recurse - ''; - - packages = with pkgs; [ - anki - audacity - ayugram-desktop - bitwarden-cli - bitwarden-desktop - byedpi - eaglemode - easyeffects - element-desktop - fd - gimp - helvum - imv - kdenlive - libreoffice-fresh - mumble - obs-studio - qbittorrent - ripgrep - sd - telegram-desktop - tldr - tor-browser-bundle-bin - vesktop - ]; - }; - - programs = { - bash.shellAliases.open = "xdg-open"; - - nix-index-database.comma.enable = true; - }; - }; - - boot = { - kernelPackages = lib.mkDefault ( - if config.boot.zfs.enabled then - pkgs.linuxKernel.packages - |> lib.filterAttrs ( - k: v: - (builtins.match "linux_[0-9]+_[0-9]+" k) != null - && (builtins.tryEval v).success - && (!v.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken) - ) - |> builtins.attrValues - |> lib.sort (a: b: lib.versionOlder a.kernel.version b.kernel.version) - |> lib.last - else - pkgs.linuxPackages_latest - ); - - kernelParams = [ - # https://wiki.archlinux.org/title/improving_performance#Watchdogs - "nowatchdog" - "kernel.nmi_watchdog=0" - # A security risk I'm willing to take for a reason[1]. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - "mitigations=off" - ]; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - editor = false; - configurationLimit = 10; - }; - }; - }; - - hardware.graphics.enable = true; - - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - daemonIOSchedPriority = 7; - - gc.automatic = false; - optimise.automatic = false; - }; - - programs = { - dconf.enable = true; - iftop.enable = true; - mtr.enable = true; - }; - - services = { - fwupd.enable = true; - - libinput.enable = true; - - upower.enable = true; - - languagetool = { - enable = true; - port = 8081; - allowOrigin = "*"; - }; - }; - - time.timeZone = "Europe/Moscow"; - - environment.systemPackages = with pkgs; [ - brightnessctl - lm_sensors - usbutils - wirelesstools - ]; - - my.extraGroups = [ - "audio" - "input" - "render" - "video" - ]; - - # https://github.com/NixOS/nix/issues/3995#issuecomment-2081164515 - system.extraDependencies = - let - collectFlakeInputs = - input: [ input ] ++ (lib.attrValues (input.inputs or { }) |> lib.concatMap collectFlakeInputs); - in - lib.concatMap collectFlakeInputs (lib.attrValues inputs); - }; -} diff --git a/modules/profiles/headful/default.nix b/modules/profiles/headful/default.nix new file mode 100644 index 0000000..ec43d20 --- /dev/null +++ b/modules/profiles/headful/default.nix @@ -0,0 +1,190 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +let + cfg = config.nixfiles.modules.profiles.headful; +in +{ + imports = lib.modulesIn ./. |> lib.attrValues; + + options.nixfiles.modules.profiles.headful.enable = lib.mkEnableOption "headful profile" // { + default = this.isHeadful; + }; + + config = lib.mkIf cfg.enable { + nixfiles.modules = { + common.xdg.defaultApplications."org.telegram.desktop" = [ "x-scheme-handler/tg" ]; + + profiles.dev.enable = true; + + alacritty.enable = true; + aria2.enable = true; + bat.enable = true; + chromium.enable = true; + emacs.enable = true; + eza.enable = true; + firefox.enable = true; + foot.enable = true; + kde.enable = true; + mpv.enable = true; + nullmailer.enable = true; + openssh.client.enable = true; + password-store.enable = true; + sound.enable = true; + thunderbird.enable = true; + vscode.enable = false; + wayland.enable = true; + x11.enable = true; + yubikey.enable = true; + zathura.enable = true; + }; + + hm = { + imports = [ inputs.nix-index-database.hmModules.nix-index ]; + + home = { + file.".digrc".text = '' + +answer + +multiline + +recurse + ''; + + packages = with pkgs; [ + anki + audacity + bitwarden-cli + bitwarden-desktop + eaglemode + easyeffects + element-desktop + fd + gimp + helvum + imv + libreoffice-fresh + mumble + obs-studio + qbittorrent + ripgrep + sd + telegram-desktop + tldr + tor-browser-bundle-bin + vesktop + ]; + }; + + programs = { + bash.shellAliases.open = "xdg-open"; + + nix-index-database.comma.enable = true; + }; + }; + + boot = { + kernelPackages = lib.mkDefault ( + if config.boot.zfs.enabled then + pkgs.linuxKernel.packages + |> lib.filterAttrs ( + n: v: + (builtins.match "linux_[0-9]+_[0-9]+" n) != null + && (builtins.tryEval v).success + && (!v.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken) + ) + |> builtins.attrValues + |> lib.sort (n: v: lib.versionOlder n.kernel.version v.kernel.version) + |> lib.last + else + pkgs.linuxPackages_latest + ); + + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + editor = false; + configurationLimit = 10; + }; + }; + }; + + hardware.graphics.enable = true; + + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + daemonIOSchedPriority = 7; + + gc.automatic = false; + optimise.automatic = false; + }; + + programs = { + dconf.enable = true; + + iftop.enable = true; + + mtr.enable = true; + }; + + services = { + fwupd.enable = true; + + libinput.enable = true; + + upower.enable = true; + + languagetool = { + enable = true; + port = 8081; + allowOrigin = "*"; + }; + }; + + time.timeZone = "Europe/Moscow"; + + environment.systemPackages = with pkgs; [ + brightnessctl + lm_sensors + usbutils + wirelesstools + ]; + + my.extraGroups = [ + "audio" + "input" + "render" + "video" + ]; + + nix.settings.system-features = [ + "benchmark" + "kvm" + "nixos-test" + ]; + + # https://github.com/NixOS/nix/issues/3995#issuecomment-2081164515 + system.extraDependencies = + let + collectFlakeInputs = + input: [ input ] ++ (lib.attrValues (input.inputs or { }) |> lib.concatMap collectFlakeInputs); + in + lib.concatMap collectFlakeInputs (lib.attrValues inputs); + }; +} diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix deleted file mode 100644 index bf0d23a..0000000 --- a/modules/profiles/headless.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -let - cfg = config.nixfiles.modules.profiles.headless; -in -{ - options.nixfiles.modules.profiles.headless.enable = lib.mkEnableOption "headless profile" // { - default = this.isHeadless; - }; - - config = lib.mkIf cfg.enable { - nixfiles.modules = { - openssh.server.enable = true; - endlessh-go.enable = true; - - fail2ban.enable = true; - - node-exporter.enable = true; - promtail.enable = false; # FIXME High RAM usage. - }; - - hm.home.file = { - ".hushlogin".text = ""; - ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; - }; - - boot.kernelPackages = pkgs.linuxPackages_hardened; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - optimise = { - automatic = true; - dates = [ "daily" ]; - }; - }; - - environment.systemPackages = with pkgs; [ - alacritty.terminfo - foot.terminfo - ]; - - services.udisks2.enable = false; - }; -} diff --git a/modules/profiles/headless/default.nix b/modules/profiles/headless/default.nix new file mode 100644 index 0000000..42c041b --- /dev/null +++ b/modules/profiles/headless/default.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +let + cfg = config.nixfiles.modules.profiles.headless; +in +{ + imports = lib.modulesIn ./. |> lib.attrValues; + + options.nixfiles.modules.profiles.headless.enable = lib.mkEnableOption "headless profile" // { + default = this.isHeadless; + }; + + config = lib.mkIf cfg.enable { + nixfiles.modules = { + endlessh-go.enable = true; + fail2ban.enable = true; + openssh.server.enable = true; + }; + + hm.home.file = { + ".hushlogin".text = ""; + ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; + }; + + boot.kernelPackages = pkgs.linuxPackages_hardened; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = [ "daily" ]; + }; + }; + + services.udisks2.enable = false; + }; +} -- cgit 1.4.1