From 913cff0ffab51ed7298097620a43da4c4fae83b3 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Josh)" Date: Thu, 10 Oct 2024 15:21:39 -0500 Subject: [PATCH] Getting more idomatic nix modules setup... will tackle users dir later --- flake.nix | 10 +- hosts/_common/components/audio.nix | 7 - .../components/caps_to_escape_in_tty.nix | 10 -- hosts/_common/components/cosmic.nix | 12 -- hosts/_common/components/docker.nix | 10 -- .../_common/components/font_jetbrainsmono.nix | 7 - hosts/_common/components/gnome_wayland.nix | 20 --- hosts/_common/components/gnome_xorg.nix | 18 --- hosts/_common/components/nebula.nix | 51 ------ hosts/_common/components/neovim.nix | 7 - hosts/_common/components/plasma_wayland.nix | 21 --- hosts/_common/components/plasma_xorg.nix | 19 --- hosts/_common/components/ssh.nix | 21 --- hosts/_common/components/stormd.nix | 29 ---- hosts/_common/components/systemd_boot.nix | 15 -- hosts/_common/configuration.nix | 147 ------------------ hosts/configuration.nix | 71 +++++++++ hosts/gpdPocket3/configuration.nix | 25 ++- hosts/h002/configuration.nix | 22 +-- hosts/joe/configuration.nix | 27 ++-- hosts/{_common => }/ragenix.nix | 2 - modules/_template.nix | 23 +++ modules/audio_pulse.nix | 25 +++ modules/boot/grub.nix | 31 ++++ modules/boot/systemd.nix | 31 ++++ modules/{de_cosmic.nix => de/cosmic.nix} | 0 modules/de/gnome_wayland.nix | 37 +++++ modules/de/gnome_xorg.nix | 35 +++++ modules/de_gnome_wayland.nix | 21 --- modules/de_gnome_xorg.nix | 22 --- modules/docker.nix | 28 ++++ modules/fonts.nix | 25 +++ .../components => modules}/home_manager.nix | 0 modules/nebula.nix | 70 +++++++++ modules/neovim.nix | 25 +++ modules/shell/common.nix | 90 +++++++++++ .../shellInit.sh => modules/shell/common.sh | 0 modules/ssh.nix | 40 +++++ modules/stormd.nix | 46 ++++++ modules/tty_caps_esc.nix | 28 ++++ modules/validations.nix | 45 +++--- 41 files changed, 675 insertions(+), 498 deletions(-) delete mode 100644 hosts/_common/components/audio.nix delete mode 100644 hosts/_common/components/caps_to_escape_in_tty.nix delete mode 100644 hosts/_common/components/cosmic.nix delete mode 100644 hosts/_common/components/docker.nix delete mode 100644 hosts/_common/components/font_jetbrainsmono.nix delete mode 100644 hosts/_common/components/gnome_wayland.nix delete mode 100644 hosts/_common/components/gnome_xorg.nix delete mode 100644 hosts/_common/components/nebula.nix delete mode 100644 hosts/_common/components/neovim.nix delete mode 100644 hosts/_common/components/plasma_wayland.nix delete mode 100644 hosts/_common/components/plasma_xorg.nix delete mode 100644 hosts/_common/components/ssh.nix delete mode 100644 hosts/_common/components/stormd.nix delete mode 100644 hosts/_common/components/systemd_boot.nix delete mode 100644 hosts/_common/configuration.nix create mode 100644 hosts/configuration.nix rename hosts/{_common => }/ragenix.nix (99%) create mode 100644 modules/_template.nix create mode 100644 modules/audio_pulse.nix create mode 100644 modules/boot/grub.nix create mode 100644 modules/boot/systemd.nix rename modules/{de_cosmic.nix => de/cosmic.nix} (100%) create mode 100644 modules/de/gnome_wayland.nix create mode 100644 modules/de/gnome_xorg.nix delete mode 100644 modules/de_gnome_wayland.nix delete mode 100644 modules/de_gnome_xorg.nix create mode 100644 modules/docker.nix create mode 100644 modules/fonts.nix rename {hosts/_common/components => modules}/home_manager.nix (100%) create mode 100644 modules/nebula.nix create mode 100644 modules/neovim.nix create mode 100644 modules/shell/common.nix rename hosts/_common/shellInit.sh => modules/shell/common.sh (100%) create mode 100644 modules/ssh.nix create mode 100644 modules/stormd.nix create mode 100644 modules/tty_caps_esc.nix diff --git a/flake.nix b/flake.nix index 011174d..3656e3f 100644 --- a/flake.nix +++ b/flake.nix @@ -79,6 +79,7 @@ inherit user; nixpkgs = joe_nixpkgs; home-manager = joe_home-manager; + allowUnfree = true; }; } { @@ -90,6 +91,7 @@ inherit user; nixpkgs = gpdPocket3_nixpkgs; home-manager = gpdPocket3_home-manager; + allowUnfree = true; }; } { @@ -107,6 +109,7 @@ }; nixpkgs = h002_nixpkgs; home-manager = h002_home-manager; + allowUnfree = true; }; } ]; @@ -127,14 +130,15 @@ // { "${nixConfig.name}" = let - lib = nixConfig.settings.nixpkgs.lib; + settings = nixConfig.settings; + lib = settings.nixpkgs.lib; ylib = nypkgs.legacyPackages.${nixConfig.opts.system}.lib; in (lib.nixosSystem { modules = [ - ./hosts/_common/configuration.nix cosmic.nixosModules.default + ./hosts/configuration.nix ] ++ ylib.umport { path = lib.fileset.maybeMissing ./modules; @@ -144,7 +148,7 @@ inherit ylib; settings = directories - // nixConfig.settings + // settings // { system = nixConfig.opts // { hostname = nixConfig.name; diff --git a/hosts/_common/components/audio.nix b/hosts/_common/components/audio.nix deleted file mode 100644 index ca8d2f2..0000000 --- a/hosts/_common/components/audio.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - # Enable sound. - hardware.pulseaudio.enable = true; - hardware.pulseaudio.package = pkgs.pulseaudioFull; - environment.systemPackages = [ pkgs.pavucontrol ]; -} diff --git a/hosts/_common/components/caps_to_escape_in_tty.nix b/hosts/_common/components/caps_to_escape_in_tty.nix deleted file mode 100644 index d39df03..0000000 --- a/hosts/_common/components/caps_to_escape_in_tty.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -{ - # I want this globally even for root so doing it outside of home manager - services.xserver.xkb.options = "caps:escape"; - console = { - earlySetup = true; - packages = with pkgs; [ terminus_font ]; - useXkbConfig = true; # use xkb.options in tty. (caps -> escape) - }; -} diff --git a/hosts/_common/components/cosmic.nix b/hosts/_common/components/cosmic.nix deleted file mode 100644 index bfd2aff..0000000 --- a/hosts/_common/components/cosmic.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ cosmic, ... }: -{ - nix.settings = { - substituters = [ "https://cosmic.cachix.org/" ]; - trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ]; - }; - - imports = [ cosmic.nixosModules.default ]; - - services.desktopManager.cosmic.enable = true; - services.displayManager.cosmic-greeter.enable = true; -} diff --git a/hosts/_common/components/docker.nix b/hosts/_common/components/docker.nix deleted file mode 100644 index 20061b0..0000000 --- a/hosts/_common/components/docker.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ settings, ... }: -{ - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ settings.user.username ]; - environment.shellAliases = { - dockerv = "docker volume"; - dockeri = "docker image"; - dockerc = "docker container"; - }; -} diff --git a/hosts/_common/components/font_jetbrainsmono.nix b/hosts/_common/components/font_jetbrainsmono.nix deleted file mode 100644 index ee605d8..0000000 --- a/hosts/_common/components/font_jetbrainsmono.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - fonts.packages = with pkgs; [ - (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) - ]; -} - diff --git a/hosts/_common/components/gnome_wayland.nix b/hosts/_common/components/gnome_wayland.nix deleted file mode 100644 index 10fd5e5..0000000 --- a/hosts/_common/components/gnome_wayland.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -{ - services.xserver = { - enable = true; - displayManager.gdm = { - enable = true; - autoSuspend = false; - wayland = true; - }; - desktopManager.gnome.enable = true; - }; - services.gnome.core-utilities.enable = false; - environment.systemPackages = with pkgs; [ - gnome.dconf-editor - # wayland clipboard in terminal - wl-clipboard - ]; - environment.sessionVariables.NIXOS_OZONE_WL = "1"; -} - diff --git a/hosts/_common/components/gnome_xorg.nix b/hosts/_common/components/gnome_xorg.nix deleted file mode 100644 index 6ed9cb2..0000000 --- a/hosts/_common/components/gnome_xorg.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: -{ - services.xserver = { - enable = true; - displayManager.gdm = { - enable = true; - autoSuspend = false; - wayland = false; - }; - desktopManager.gnome.enable = true; - }; - services.gnome.core-utilities.enable = false; - environment.systemPackages = with pkgs; [ - gnome.dconf-editor - xclip - ]; -} - diff --git a/hosts/_common/components/nebula.nix b/hosts/_common/components/nebula.nix deleted file mode 100644 index 3759872..0000000 --- a/hosts/_common/components/nebula.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ - nebula - traceroute # for debugging - ]; - - networking.firewall.allowedUDPPorts = [ 4242 ]; - - systemd.services."nebula" = { - description = "Nebula VPN service"; - wants = [ "basic.target" ]; - after = [ - "basic.target" - "network.target" - ]; - before = [ "sshd.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "notify"; - Restart = "always"; - RestartSec = 1; - ExecStart = "${pkgs.nebula}/bin/nebula -config /etc/nebula/config.yml"; - UMask = "0027"; - CapabilityBoundingSet = "CAP_NET_ADMIN"; - AmbientCapabilities = "CAP_NET_ADMIN"; - LockPersonality = true; - NoNewPrivileges = true; - PrivateDevices = false; # needs access to /dev/net/tun (below) - DeviceAllow = "/dev/net/tun rw"; - DevicePolicy = "closed"; - PrivateTmp = true; - PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProtectSystem = "strict"; - RestrictNamespaces = true; - RestrictSUIDSGID = true; - }; - unitConfig = { - StartLimitIntervalSec = 5; - StartLimitBurst = 3; - }; - }; -} diff --git a/hosts/_common/components/neovim.nix b/hosts/_common/components/neovim.nix deleted file mode 100644 index 868bd39..0000000 --- a/hosts/_common/components/neovim.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ settings, ringofstorms-nvim, ... }: -{ - environment.systemPackages = [ - ringofstorms-nvim.packages.${settings.system.system}.neovim - ]; -} - diff --git a/hosts/_common/components/plasma_wayland.nix b/hosts/_common/components/plasma_wayland.nix deleted file mode 100644 index 8e8b487..0000000 --- a/hosts/_common/components/plasma_wayland.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: -{ - services.xserver = { - enable = true; - displayManager.gdm = { - enable = true; - autoSuspend = false; - wayland = true; - }; - displayManager.defaultSession = "plasma"; - displayManager.sddm.wayland.enable = true; - desktopManager.plasma6 = { - enable = true; - }; - }; - environment.systemPackages = with pkgs; [ - xclip - ]; -} - - diff --git a/hosts/_common/components/plasma_xorg.nix b/hosts/_common/components/plasma_xorg.nix deleted file mode 100644 index a47846c..0000000 --- a/hosts/_common/components/plasma_xorg.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - services.xserver = { - enable = true; - displayManager.gdm = { - enable = true; - autoSuspend = false; - wayland = false; - }; - displayManager.defaultSession = "plasmax11"; - desktopManager.plasma6 = { - enable = true; - }; - }; - environment.systemPackages = with pkgs; [ - xclip - ]; -} - diff --git a/hosts/_common/components/ssh.nix b/hosts/_common/components/ssh.nix deleted file mode 100644 index ceef173..0000000 --- a/hosts/_common/components/ssh.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: -{ - # Use fail2ban - services.fail2ban = { - enable = true; - }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 22 # sshd - ]; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - LogLevel = "VERBOSE"; - PermitRootLogin = "yes"; - }; - }; -} diff --git a/hosts/_common/components/stormd.nix b/hosts/_common/components/stormd.nix deleted file mode 100644 index 1577b97..0000000 --- a/hosts/_common/components/stormd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, ... }: -{ - # environment.systemPackages = with pkgs; [ - # ]; - - # TODO make a derivation for stormd binary and get it properlly in the store. This is super janky and the binary just has to exist there right now. - - # networking.firewall.allowedUDPPorts = [ 4242 ]; - - systemd.services."stormd" = { - description = "Stormd service"; - wants = [ "basic.target" ]; - after = [ - "basic.target" - "network.target" - ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "notify"; - Restart = "always"; - RestartSec = 1; - ExecStart = "/etc/stormd/stormd daemon"; - }; - unitConfig = { - StartLimitIntervalSec = 5; - StartLimitBurst = 3; - }; - }; -} diff --git a/hosts/_common/components/systemd_boot.nix b/hosts/_common/components/systemd_boot.nix deleted file mode 100644 index ca92bcf..0000000 --- a/hosts/_common/components/systemd_boot.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - # Use the systemd-boot EFI boot loader. - boot.loader = { - systemd-boot = { - enable = true; - consoleMode = "keep"; - }; - timeout = 5; - efi = { - canTouchEfiVariables = true; - }; - }; -} - diff --git a/hosts/_common/configuration.nix b/hosts/_common/configuration.nix deleted file mode 100644 index ef43092..0000000 --- a/hosts/_common/configuration.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - lib, - pkgs, - settings, - ... -}: -let - defaultLocal = "en_US.UTF-8"; -in -{ - imports = [ - # Secrets management - ./ragenix.nix - # Include the results of the hardware scan. - (/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix) - # Include the specific machine's config. - (/${settings.hostsDir}/${settings.system.hostname}/configuration.nix) - ]; - - # Enable flakes - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - # allow mounting ntfs filesystems - boot.supportedFilesystems = [ "ntfs" ]; - - # Fallback quickly if substituters are not available. - nix.settings.connect-timeout = 5; - nix.settings.download-attempts = 3; - # The default at 10 is rarely enough. - nix.settings.log-lines = 50; - # Avoid disk full issues - nix.settings.max-free = (3000 * 1024 * 1024); - nix.settings.min-free = (1000 * 1024 * 1024); - # Avoid copying unnecessary stuff over SSH - nix.settings.builders-use-substitutes = true; - # Slower but mroe robust during crash TODO enable once we upgrade nix - # nix.settings.fsync-store-paths = true; - # nix.settings.fsync-metadata = true; - nix.settings.auto-optimise-store = true; - - # ========== - # Common - # ========== - networking = { - hostName = settings.system.hostname; - extraHosts = '' - 127.0.0.1 local.belljm.com - 127.0.0.1 n0.local.belljm.com - 127.0.0.1 n1.local.belljm.com - 127.0.0.1 n2.local.belljm.com - 127.0.0.1 n3.local.belljm.com - 127.0.0.1 n4.local.belljm.com - ''; - # Use nftables not iptables - nftables.enable = true; - firewall.enable = true; - }; - # TODO do I want this dynamic at all? Roaming? - time.timeZone = "America/Chicago"; - - # nix helper - programs.nh = { - enable = true; - clean.enable = true; - clean.extraArgs = "--keep 3"; - # TODO this may need to be defined higher up if it is ever different for a machine... - flake = "/home/${settings.user.username}/.config/nixos-config"; - }; - - # Select internationalization properties. - i18n.defaultLocale = defaultLocal; - i18n.extraLocaleSettings = { - LC_ADDRESS = defaultLocal; - LC_IDENTIFICATION = defaultLocal; - LC_MEASUREMENT = defaultLocal; - LC_MONETARY = defaultLocal; - LC_NAME = defaultLocal; - LC_NUMERIC = defaultLocal; - LC_PAPER = defaultLocal; - LC_TELEPHONE = defaultLocal; - LC_TIME = defaultLocal; - }; - - # Some basics - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - # Basics - vim - wget - curl - fastfetch - bat - htop - unzip - git - fzf - ripgrep - lsof - killall - hdparm - speedtest-cli - - # TODO keep in common or move to specific machines, I want this for my pocket 3 video KDM module but I use ffmpeg on most machines anyways? - ffmpeg-full - ]; - - environment.shellAliases = { - n = "nvim"; - nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim"; - bat = "bat --theme Coldark-Dark"; - cat = "bat --pager=never -p"; - # TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh) - nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df"; - - # general unix - date_compact = "date +'%Y%m%d'"; - date_short = "date +'%Y-%m-%d'"; - ls = "ls --color -Ga"; - ll = "ls --color -Gal"; - lss = "du --max-depth=0 -h * 2>/dev/null"; - psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; - cl = "clear"; - - # git - stash = "git stash"; - pop = "git stash pop"; - branch = "git checkout -b"; - status = "git status"; - diff = "git diff"; - branches = "git branch -a"; - gcam = "git commit -a -m"; - stashes = "git stash list"; - - # ripgrep - rg = "rg --no-ignore"; - rgf = "rg --files 2>/dev/null | rg"; - - # Neofetch is dead - neofetch = "fastfetch"; - }; - environment.shellInit = builtins.readFile ./shellInit.sh; - - system.stateVersion = "23.11"; -} diff --git a/hosts/configuration.nix b/hosts/configuration.nix new file mode 100644 index 0000000..c4d35d3 --- /dev/null +++ b/hosts/configuration.nix @@ -0,0 +1,71 @@ +{ + settings, + ... +}: +let + defaultLocal = "en_US.UTF-8"; +in +{ + imports = [ + # Secrets management + ./ragenix.nix + # Include the results of the hardware scan. + (/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix) + # Include the specific machine's config. + (/${settings.hostsDir}/${settings.system.hostname}/configuration.nix) + ]; + + # Enable flakes + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + # allow mounting ntfs filesystems + boot.supportedFilesystems = [ "ntfs" ]; + + # Fallback quickly if substituters are not available. + nix.settings.connect-timeout = 5; + nix.settings.download-attempts = 3; + # The default at 10 is rarely enough. + nix.settings.log-lines = 50; + # Avoid disk full issues + nix.settings.max-free = (3000 * 1024 * 1024); + nix.settings.min-free = (1000 * 1024 * 1024); + # Avoid copying unnecessary stuff over SSH + nix.settings.builders-use-substitutes = true; + # Slower but mroe robust during crash TODO enable once we upgrade nix + # nix.settings.fsync-store-paths = true; + # nix.settings.fsync-metadata = true; + nix.settings.auto-optimise-store = true; + + # nix helper + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep 3"; + # TODO this may need to be defined higher up if it is ever different for a machine... + flake = "/home/${settings.user.username}/.config/nixos-config"; + }; + + # TODO do I want this dynamic at all? Roaming? + time.timeZone = "America/Chicago"; + # Select internationalization properties. + i18n.defaultLocale = defaultLocal; + i18n.extraLocaleSettings = { + LC_ADDRESS = defaultLocal; + LC_IDENTIFICATION = defaultLocal; + LC_MEASUREMENT = defaultLocal; + LC_MONETARY = defaultLocal; + LC_NAME = defaultLocal; + LC_NUMERIC = defaultLocal; + LC_PAPER = defaultLocal; + LC_TELEPHONE = defaultLocal; + LC_TIME = defaultLocal; + }; + + # Some basics + nixpkgs.config.allowUnfree = settings.allowUnfree; + + system.stateVersion = "23.11"; +} diff --git a/hosts/gpdPocket3/configuration.nix b/hosts/gpdPocket3/configuration.nix index eda018b..b65395d 100644 --- a/hosts/gpdPocket3/configuration.nix +++ b/hosts/gpdPocket3/configuration.nix @@ -7,18 +7,6 @@ }: { imports = [ - # Common components this machine uses - (settings.hostsDir + "/_common/components/neovim.nix") - (settings.hostsDir + "/_common/components/systemd_boot.nix") - (settings.hostsDir + "/_common/components/ssh.nix") - (settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix") - (settings.hostsDir + "/_common/components/font_jetbrainsmono.nix") - # (settings.hostsDir + "/_common/components/audio.nix") - (settings.hostsDir + "/_common/components/home_manager.nix") - # (settings.hostsDir + "/_common/components/gnome_wayland.nix") - # (settings.hostsDir + "/_common/components/cosmic.nix") - (settings.hostsDir + "/_common/components/docker.nix") - (settings.hostsDir + "/_common/components/nebula.nix") # Users this machine has (settings.usersDir + "/root/configuration.nix") (settings.usersDir + "/josh/configuration.nix") @@ -27,7 +15,18 @@ # ./stupid-keyboard-2.nix ]; - mods.de_cosmic.enable = true; + # My custom modules + mods = { + boot_systemd.enable = true; + shell_common.enable = true; + de_cosmic.enable = true; + neovim.enable = true; + tty_caps_esc.enable = true; + docker.enable = true; + fonts.enable = true; + nebula.enable = true; + ssh.enable = true; + }; # machine specific configuration # ============================== diff --git a/hosts/h002/configuration.nix b/hosts/h002/configuration.nix index b50d0a6..cc5070b 100644 --- a/hosts/h002/configuration.nix +++ b/hosts/h002/configuration.nix @@ -5,14 +5,6 @@ }: { imports = [ - # Common components this machine uses - (settings.hostsDir + "/_common/components/neovim.nix") - (settings.hostsDir + "/_common/components/ssh.nix") - (settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix") - (settings.hostsDir + "/_common/components/audio.nix") - (settings.hostsDir + "/_common/components/home_manager.nix") - (settings.hostsDir + "/_common/components/docker.nix") - (settings.hostsDir + "/_common/components/nebula.nix") # Users this machine has (settings.usersDir + "/root/configuration.nix") (settings.usersDir + "/luser/configuration.nix") @@ -20,9 +12,17 @@ # (settings.hostsDir + "/h002/nixserver.nix") ]; - boot.loader.grub = { - enable = true; - device = "/dev/sdb"; + # My custom modules + mods = { + boot_grub = true; + shell_common.enable = true; + de_gnome_xorg.enable = true; + audio_pulse.enable = true; + neovim.enable = true; + tty_caps_esc.enable = true; + docker.enable = true; + nebula.enable = true; + ssh.enable = true; }; # machine specific configuration diff --git a/hosts/joe/configuration.nix b/hosts/joe/configuration.nix index f143161..fc1830b 100644 --- a/hosts/joe/configuration.nix +++ b/hosts/joe/configuration.nix @@ -6,24 +6,25 @@ }: { imports = [ - # Common components this machine uses - (settings.hostsDir + "/_common/components/neovim.nix") - (settings.hostsDir + "/_common/components/systemd_boot.nix") - (settings.hostsDir + "/_common/components/ssh.nix") - (settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix") - (settings.hostsDir + "/_common/components/font_jetbrainsmono.nix") - (settings.hostsDir + "/_common/components/audio.nix") - (settings.hostsDir + "/_common/components/home_manager.nix") - (settings.hostsDir + "/_common/components/gnome_xorg.nix") - (settings.hostsDir + "/_common/components/docker.nix") - # (settings.hostsDir + "/_common/components/stormd.nix") TODO figure out why this is failing - (settings.hostsDir + "/_common/components/nebula.nix") # Users this machine has (settings.usersDir + "/root/configuration.nix") (settings.usersDir + "/josh/configuration.nix") ]; - # test + # My custom modules + mods = { + boot_systemd.enable = true; + shell_common.enable = true; + de_gnome_xorg.enable = true; + audio_pulse.enable = true; + neovim.enable = true; + tty_caps_esc.enable = true; + docker.enable = true; + fonts.enable = true; + nebula.enable = true; + ssh.enable = true; + # storage.enable = true; # TODO figure out why this is failing + }; networking.firewall.allowedTCPPorts = [ 5173 # test diff --git a/hosts/_common/ragenix.nix b/hosts/ragenix.nix similarity index 99% rename from hosts/_common/ragenix.nix rename to hosts/ragenix.nix index 527336e..8edca05 100644 --- a/hosts/_common/ragenix.nix +++ b/hosts/ragenix.nix @@ -6,8 +6,6 @@ ragenix, ... }: -let -in # TODO auto import secret files here # secretsFile = (settings.secretsDir + /secrets.nix); { diff --git a/modules/_template.nix b/modules/_template.nix new file mode 100644 index 0000000..59876ff --- /dev/null +++ b/modules/_template.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + settings, + ... +}: +with lib; +let + name = "NAME"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + # TODO + }; +} diff --git a/modules/audio_pulse.nix b/modules/audio_pulse.nix new file mode 100644 index 0000000..d4503fe --- /dev/null +++ b/modules/audio_pulse.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + name = "audio_pulse"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + # Enable sound. + hardware.pulseaudio.enable = true; + hardware.pulseaudio.package = pkgs.pulseaudioFull; + environment.systemPackages = [ pkgs.pavucontrol ]; + }; +} diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix new file mode 100644 index 0000000..ca7a929 --- /dev/null +++ b/modules/boot/grub.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: +with lib; +let + name = "boot_grub"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + device = mkDefaultOption { + type = types.str; + default = "/dev/sda"; + description = '' + The device to install GRUB on. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + boot.loader.grub = { + enable = true; + device = cfg.device; + }; + }; +} diff --git a/modules/boot/systemd.nix b/modules/boot/systemd.nix new file mode 100644 index 0000000..c2eede7 --- /dev/null +++ b/modules/boot/systemd.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: +with lib; +let + name = "boot_systemd"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + # Use the systemd-boot EFI boot loader. + boot.loader = { + systemd-boot = { + enable = true; + consoleMode = "keep"; + }; + timeout = 5; + efi = { + canTouchEfiVariables = true; + }; + }; + }; +} diff --git a/modules/de_cosmic.nix b/modules/de/cosmic.nix similarity index 100% rename from modules/de_cosmic.nix rename to modules/de/cosmic.nix diff --git a/modules/de/gnome_wayland.nix b/modules/de/gnome_wayland.nix new file mode 100644 index 0000000..c20d354 --- /dev/null +++ b/modules/de/gnome_wayland.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + name = "de_gnome_wayland"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable GNOME with wayland desktop environment"); + }; + }; + + config = mkIf cfg.enable { + services.xserver = { + enable = true; + displayManager.gdm = { + enable = true; + autoSuspend = false; + wayland = true; + }; + desktopManager.gnome.enable = true; + }; + services.gnome.core-utilities.enable = false; + environment.systemPackages = with pkgs; [ + gnome.dconf-editor + # wayland clipboard in terminal + wl-clipboard + ]; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + }; +} diff --git a/modules/de/gnome_xorg.nix b/modules/de/gnome_xorg.nix new file mode 100644 index 0000000..6162c3a --- /dev/null +++ b/modules/de/gnome_xorg.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + name = "de_gnome_xorg"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption "Enable GNOME with wayland desktop environment"; + }; + }; + + config = mkIf cfg.enable { + services.xserver = { + enable = true; + displayManager.gdm = { + enable = true; + autoSuspend = false; + wayland = false; + }; + desktopManager.gnome.enable = true; + }; + services.gnome.core-utilities.enable = false; + environment.systemPackages = with pkgs; [ + gnome.dconf-editor + xclip + ]; + }; +} diff --git a/modules/de_gnome_wayland.nix b/modules/de_gnome_wayland.nix deleted file mode 100644 index 170fda9..0000000 --- a/modules/de_gnome_wayland.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; -let - name = "de_gnome_wayland"; - cfg = config.my_modules.${name}; -in -{ - options = { - my_modules.${name} = { - enable = mkEnableOption (lib.mdDoc "Enable GNOME with wayland desktop environment"); - }; - }; - - config = mkIf cfg.enable { - # TODO - }; -} diff --git a/modules/de_gnome_xorg.nix b/modules/de_gnome_xorg.nix deleted file mode 100644 index a6fd260..0000000 --- a/modules/de_gnome_xorg.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; -let - name = "de_gnome_xorg"; - cfg = config.my_modules.${name}; -in -{ - options = { - my_modules.${name} = { - enable = mkEnableOption "Enable GNOME with wayland desktop environment"; - }; - }; - - config = mkIf cfg.enable { - # TODO - }; -} - diff --git a/modules/docker.nix b/modules/docker.nix new file mode 100644 index 0000000..3675268 --- /dev/null +++ b/modules/docker.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + settings, + ... +}: +with lib; +let + name = "docker"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ settings.user.username ]; + environment.shellAliases = { + dockerv = "docker volume"; + dockeri = "docker image"; + dockerc = "docker container"; + }; + }; +} diff --git a/modules/fonts.nix b/modules/fonts.nix new file mode 100644 index 0000000..b76481c --- /dev/null +++ b/modules/fonts.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + settings, + ... +}: +with lib; +let + name = "fonts"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + fonts.packages = with pkgs; [ + (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + ]; + }; +} diff --git a/hosts/_common/components/home_manager.nix b/modules/home_manager.nix similarity index 100% rename from hosts/_common/components/home_manager.nix rename to modules/home_manager.nix diff --git a/modules/nebula.nix b/modules/nebula.nix new file mode 100644 index 0000000..ff59673 --- /dev/null +++ b/modules/nebula.nix @@ -0,0 +1,70 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + name = "nebula"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + nebula + traceroute # for debugging + ]; + + networking.firewall.allowedUDPPorts = [ 4242 ]; + + systemd.services."nebula" = { + description = "Nebula VPN service"; + wants = [ "basic.target" ]; + after = [ + "basic.target" + "network.target" + ]; + before = [ "sshd.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "notify"; + Restart = "always"; + RestartSec = 1; + ExecStart = "${pkgs.nebula}/bin/nebula -config /etc/nebula/config.yml"; + UMask = "0027"; + CapabilityBoundingSet = "CAP_NET_ADMIN"; + AmbientCapabilities = "CAP_NET_ADMIN"; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = false; # needs access to /dev/net/tun (below) + DeviceAllow = "/dev/net/tun rw"; + DevicePolicy = "closed"; + PrivateTmp = true; + PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictNamespaces = true; + RestrictSUIDSGID = true; + }; + unitConfig = { + StartLimitIntervalSec = 5; + StartLimitBurst = 3; + }; + }; + + }; +} diff --git a/modules/neovim.nix b/modules/neovim.nix new file mode 100644 index 0000000..9070e46 --- /dev/null +++ b/modules/neovim.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + settings, + ringofstorms-nvim, + ... +}: +with lib; +let + name = "neovim"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ + ringofstorms-nvim.packages.${settings.system.system}.neovim + ]; + }; +} diff --git a/modules/shell/common.nix b/modules/shell/common.nix new file mode 100644 index 0000000..99e3663 --- /dev/null +++ b/modules/shell/common.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + pkgs, + settings, + ... +}: +with lib; +let + name = "shell_common"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + networking = { + hostName = settings.system.hostname; + extraHosts = '' + 127.0.0.1 local.belljm.com + 127.0.0.1 n0.local.belljm.com + 127.0.0.1 n1.local.belljm.com + 127.0.0.1 n2.local.belljm.com + 127.0.0.1 n3.local.belljm.com + 127.0.0.1 n4.local.belljm.com + ''; + # Use nftables not iptables + nftables.enable = true; + firewall.enable = true; + }; + + environment.systemPackages = with pkgs; [ + # Basics + vim + nano + wget + curl + fastfetch + bat + htop + unzip + git + fzf + ripgrep + lsof + killall + hdparm + speedtest-cli + ffmpeg-full + ]; + + environment.shellAliases = { + n = "nvim"; + nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim"; + bat = "bat --theme Coldark-Dark"; + cat = "bat --pager=never -p"; + # TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh) + nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df"; + + # general unix + date_compact = "date +'%Y%m%d'"; + date_short = "date +'%Y-%m-%d'"; + ls = "ls --color -Ga"; + ll = "ls --color -Gal"; + lss = "du --max-depth=0 -h * 2>/dev/null"; + psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; + cl = "clear"; + + # git + stash = "git stash"; + pop = "git stash pop"; + branch = "git checkout -b"; + status = "git status"; + diff = "git diff"; + branches = "git branch -a"; + gcam = "git commit -a -m"; + stashes = "git stash list"; + + # ripgrep + rg = "rg --no-ignore"; + rgf = "rg --files 2>/dev/null | rg"; + }; + + environment.shellInit = builtins.readFile ./common.sh; + }; +} diff --git a/hosts/_common/shellInit.sh b/modules/shell/common.sh similarity index 100% rename from hosts/_common/shellInit.sh rename to modules/shell/common.sh diff --git a/modules/ssh.nix b/modules/ssh.nix new file mode 100644 index 0000000..29368af --- /dev/null +++ b/modules/ssh.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + settings, + ... +}: +with lib; +let + name = "ssh"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + # Use fail2ban + services.fail2ban = { + enable = true; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 22 # sshd + ]; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + LogLevel = "VERBOSE"; + PermitRootLogin = "yes"; + }; + }; + }; +} diff --git a/modules/stormd.nix b/modules/stormd.nix new file mode 100644 index 0000000..e21b445 --- /dev/null +++ b/modules/stormd.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + ... +}: +with lib; +let + name = "stormd"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + # environment.systemPackages = with pkgs; [ + # ]; + + # TODO make a derivation for stormd binary and get it properlly in the store. This is super janky and the binary just has to exist there right now. + + # networking.firewall.allowedUDPPorts = [ 4242 ]; + + systemd.services."stormd" = { + description = "Stormd service"; + wants = [ "basic.target" ]; + after = [ + "basic.target" + "network.target" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "notify"; + Restart = "always"; + RestartSec = 1; + ExecStart = "/etc/stormd/stormd daemon"; + }; + unitConfig = { + StartLimitIntervalSec = 5; + StartLimitBurst = 3; + }; + }; + }; +} diff --git a/modules/tty_caps_esc.nix b/modules/tty_caps_esc.nix new file mode 100644 index 0000000..00ffa7c --- /dev/null +++ b/modules/tty_caps_esc.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + pkgs, + settings, + ... +}: +with lib; +let + name = "tty_caps_esc"; + cfg = config.mods.${name}; +in +{ + options = { + mods.${name} = { + enable = mkEnableOption (lib.mdDoc "Enable ${name}"); + }; + }; + + config = mkIf cfg.enable { + services.xserver.xkb.options = "caps:escape"; + console = { + earlySetup = true; + packages = with pkgs; [ terminus_font ]; + useXkbConfig = true; # use xkb.options in tty. (caps -> escape) + }; + }; +} diff --git a/modules/validations.nix b/modules/validations.nix index 241fe9f..548ee4d 100644 --- a/modules/validations.nix +++ b/modules/validations.nix @@ -1,22 +1,29 @@ { lib, config, ... }: { - # config.assertions = [ - # { - # assertion = - # lib.length ( - # lib.filter (x: x) [ - # config.my_modules.de_cosmic.enable - # config.my_modules.de_gnome_xorg.enable - # config.my_modules.de_gnome_wayland.enable - # ] - # ) <= 1; - # message = '' - # Configuration Error: Multiple desktop environments are enabled. - # Please enable only one of the following: - # - my_modules.de_cosmic.enable - # - my_modules.de_gnome_xorg.enable - # - my_modules.de_gnome_wayland.enable - # ''; - # } - # ]; + config.assertions = [ + { + assertion = + lib.length ( + lib.filter (x: x) [ + config.mods.de_cosmic.enable + config.mods.de_gnome_xorg.enable + config.mods.de_gnome_wayland.enable + ] + ) <= 1; + message = '' + Configuration Error: Multiple desktop environments are enabled. + Please enable only one of the following: + - mods.de_cosmic.enable + - mods.de_gnome_xorg.enable + - mods.de_gnome_wayland.enable + ''; + } + { + assertion = !(config.mods.de_cosmic.enable && config.mods.audio_pulse.enable); + message = '' + Configuration Error: cannot use pulse audio with cosmic. + Remove: mods.audio_pulse.enable + ''; + } + ]; }