Getting more idomatic nix modules setup... will tackle users dir later

2024-10-10 15:21:39 -05:00 · 2024-10-10 15:21:39 -05:00 · 913cff0ffa
commit 913cff0ffa
parent 6316fffeb1
41 changed files with 675 additions and 498 deletions
--- a/modules/_template.nix
+++ b/modules/_template.nix
@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "NAME";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # TODO
+  };
+}
--- a/modules/audio_pulse.nix
+++ b/modules/audio_pulse.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  name = "audio_pulse";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Enable sound.
+    hardware.pulseaudio.enable = true;
+    hardware.pulseaudio.package = pkgs.pulseaudioFull;
+    environment.systemPackages = [ pkgs.pavucontrol ];
+  };
+}
--- a/modules/boot/grub.nix
+++ b/modules/boot/grub.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+let
+  name = "boot_grub";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+      device = mkDefaultOption {
+        type = types.str;
+        default = "/dev/sda";
+        description = ''
+          The device to install GRUB on.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.loader.grub = {
+      enable = true;
+      device = cfg.device;
+    };
+  };
+}
--- a/modules/boot/systemd.nix
+++ b/modules/boot/systemd.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+let
+  name = "boot_systemd";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Use the systemd-boot EFI boot loader.
+    boot.loader = {
+      systemd-boot = {
+        enable = true;
+        consoleMode = "keep";
+      };
+      timeout = 5;
+      efi = {
+        canTouchEfiVariables = true;
+      };
+    };
+  };
+}
--- a/modules/de/cosmic.nix
+++ b/modules/de/cosmic.nix
--- a/modules/de/gnome_wayland.nix
+++ b/modules/de/gnome_wayland.nix
@ -0,0 +1,37 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  name = "de_gnome_wayland";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable GNOME with wayland desktop environment");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver = {
+      enable = true;
+      displayManager.gdm = {
+        enable = true;
+        autoSuspend = false;
+        wayland = true;
+      };
+      desktopManager.gnome.enable = true;
+    };
+    services.gnome.core-utilities.enable = false;
+    environment.systemPackages = with pkgs; [
+      gnome.dconf-editor
+      # wayland clipboard in terminal
+      wl-clipboard
+    ];
+    environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  };
+}
--- a/modules/de/gnome_xorg.nix
+++ b/modules/de/gnome_xorg.nix
@ -0,0 +1,35 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  name = "de_gnome_xorg";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption "Enable GNOME with wayland desktop environment";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver = {
+      enable = true;
+      displayManager.gdm = {
+        enable = true;
+        autoSuspend = false;
+        wayland = false;
+      };
+      desktopManager.gnome.enable = true;
+    };
+    services.gnome.core-utilities.enable = false;
+    environment.systemPackages = with pkgs; [
+      gnome.dconf-editor
+      xclip
+    ];
+  };
+}
--- a/modules/de_gnome_wayland.nix
+++ b/modules/de_gnome_wayland.nix
@ -1,21 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  name = "de_gnome_wayland";
-  cfg = config.my_modules.${name};
-in
-{
-  options = {
-    my_modules.${name} = {
-      enable = mkEnableOption (lib.mdDoc "Enable GNOME with wayland desktop environment");
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # TODO
-  };
-}
--- a/modules/de_gnome_xorg.nix
+++ b/modules/de_gnome_xorg.nix
@ -1,22 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  name = "de_gnome_xorg";
-  cfg = config.my_modules.${name};
-in
-{
-  options = {
-    my_modules.${name} = {
-      enable = mkEnableOption "Enable GNOME with wayland desktop environment";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # TODO
-  };
-}
-
--- a/modules/docker.nix
+++ b/modules/docker.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "docker";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.docker.enable = true;
+    users.extraGroups.docker.members = [ settings.user.username ];
+    environment.shellAliases = {
+      dockerv = "docker volume";
+      dockeri = "docker image";
+      dockerc = "docker container";
+    };
+  };
+}
--- a/modules/fonts.nix
+++ b/modules/fonts.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "fonts";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    fonts.packages = with pkgs; [
+      (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+    ];
+  };
+}
--- a/modules/home_manager.nix
+++ b/modules/home_manager.nix
@ -0,0 +1,23 @@
+{
+  config,
+  settings,
+  ylib,
+  ...
+}@inputs:
+let
+  home-manager = settings.home-manager;
+in
+{
+  imports = [ home-manager.nixosModules.home-manager ];
+
+  # Home manager options
+  security.polkit.enable = true;
+  home-manager.useUserPackages = true;
+  home-manager.useGlobalPkgs = true;
+  home-manager.extraSpecialArgs = {
+    inherit settings;
+    inherit ylib;
+    inherit (inputs) ragenix;
+    inherit (config) age;
+  };
+}
--- a/modules/nebula.nix
+++ b/modules/nebula.nix
@ -0,0 +1,70 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  name = "nebula";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      nebula
+      traceroute # for debugging
+    ];
+
+    networking.firewall.allowedUDPPorts = [ 4242 ];
+
+    systemd.services."nebula" = {
+      description = "Nebula VPN service";
+      wants = [ "basic.target" ];
+      after = [
+        "basic.target"
+        "network.target"
+      ];
+      before = [ "sshd.service" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "notify";
+        Restart = "always";
+        RestartSec = 1;
+        ExecStart = "${pkgs.nebula}/bin/nebula -config /etc/nebula/config.yml";
+        UMask = "0027";
+        CapabilityBoundingSet = "CAP_NET_ADMIN";
+        AmbientCapabilities = "CAP_NET_ADMIN";
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = false; # needs access to /dev/net/tun (below)
+        DeviceAllow = "/dev/net/tun rw";
+        DevicePolicy = "closed";
+        PrivateTmp = true;
+        PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RestrictNamespaces = true;
+        RestrictSUIDSGID = true;
+      };
+      unitConfig = {
+        StartLimitIntervalSec = 5;
+        StartLimitBurst = 3;
+      };
+    };
+
+  };
+}
--- a/modules/neovim.nix
+++ b/modules/neovim.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  settings,
+  ringofstorms-nvim,
+  ...
+}:
+with lib;
+let
+  name = "neovim";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [
+      ringofstorms-nvim.packages.${settings.system.system}.neovim
+    ];
+  };
+}
--- a/modules/shell/common.nix
+++ b/modules/shell/common.nix
@ -0,0 +1,90 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "shell_common";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking = {
+      hostName = settings.system.hostname;
+      extraHosts = ''
+        127.0.0.1 local.belljm.com
+        127.0.0.1 n0.local.belljm.com
+        127.0.0.1 n1.local.belljm.com
+        127.0.0.1 n2.local.belljm.com
+        127.0.0.1 n3.local.belljm.com
+        127.0.0.1 n4.local.belljm.com
+      '';
+      # Use nftables not iptables
+      nftables.enable = true;
+      firewall.enable = true;
+    };
+
+    environment.systemPackages = with pkgs; [
+      # Basics
+      vim
+      nano
+      wget
+      curl
+      fastfetch
+      bat
+      htop
+      unzip
+      git
+      fzf
+      ripgrep
+      lsof
+      killall
+      hdparm
+      speedtest-cli
+      ffmpeg-full
+    ];
+
+    environment.shellAliases = {
+      n = "nvim";
+      nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim";
+      bat = "bat --theme Coldark-Dark";
+      cat = "bat --pager=never -p";
+      # TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh)
+      nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df";
+
+      # general unix
+      date_compact = "date +'%Y%m%d'";
+      date_short = "date +'%Y-%m-%d'";
+      ls = "ls --color -Ga";
+      ll = "ls --color -Gal";
+      lss = "du --max-depth=0 -h * 2>/dev/null";
+      psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
+      cl = "clear";
+
+      # git
+      stash = "git stash";
+      pop = "git stash pop";
+      branch = "git checkout -b";
+      status = "git status";
+      diff = "git diff";
+      branches = "git branch -a";
+      gcam = "git commit -a -m";
+      stashes = "git stash list";
+
+      # ripgrep
+      rg = "rg --no-ignore";
+      rgf = "rg --files 2>/dev/null | rg";
+    };
+
+    environment.shellInit = builtins.readFile ./common.sh;
+  };
+}
--- a/modules/shell/common.sh
+++ b/modules/shell/common.sh
@ -0,0 +1,141 @@
+# basics
+htop_psg () {
+  htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}')
+}
+
+htop_pid () {
+  htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }')
+}
+
+kill_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Killing ${PIDS}
+  for pid in ${PIDS}; do
+    kill -9 ${pid} &> /dev/null
+  done
+}
+
+term_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Terminating ${PIDS}
+  for pid in ${PIDS}; do
+    kill -15 ${pid} &> /dev/null
+  done
+}
+
+skill_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Quitting ${PIDS}
+  for pid in ${PIDS}; do
+    sudo kill -9 ${pid} &> /dev/null
+  done;
+}
+
+mail_clear() {
+  : > /var/mail/$USER
+}
+
+speedtest_fs () {
+  dir=$(pwd)
+  drive=$(df -h ${dir} | awk 'NR==2 {print $1}')
+  echo Testing read speeds on drive ${drive}
+  sudo hdparm -Tt ${drive}
+  test_file=$(date +%u%m%d)
+  test_file="${dir}/speedtest_fs_${test_file}"
+  echo
+  echo Testing write speeds into test file: ${test_file}
+  dd if=/dev/zero of=${test_file} bs=8k count=10k; rm -f ${test_file}
+}
+
+speedtest_internet () {
+  speedtest-cli
+}
+
+# git
+getdefault () {
+  git remote show origin | grep "HEAD branch" | sed 's/.*: //'
+}
+
+master () {
+  git stash
+  git checkout $(getdefault)
+  pull
+}
+
+mp () {
+  master
+  prunel
+}
+
+pullmaster () {
+  git pull origin $(getdefault)
+}
+
+push () {
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git pull origin $B
+  git push origin $B --no-verify
+}
+
+pull () {
+  git fetch
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git pull origin $B
+}
+
+forcepush () {
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git push origin $B --force
+}
+
+remote_branches () {
+  git branch -a | grep 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | cut -d'/' -f 3-
+}
+
+local_branches () {
+  git branch -a | grep -v 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | grep -v '^*' |  cut -d' ' -f 3-
+}
+
+prunel () {
+  git fetch
+  git remote prune origin
+
+  for local in $(local_branches); do
+    in=false
+    for remote in $(remote_branches); do
+      if [[ ${local} = ${remote} ]]; then
+        in=true
+      fi
+    done;
+    if [[ $in = 'false' ]]; then
+      git branch -D ${local}
+    else
+      echo 'Skipping branch '${local}
+    fi
+  done;
+}
+
+checkout () {
+  git fetch
+  git checkout $1
+  pull
+}
+
+from_master () {
+  git checkout $(getdefault) $@
+}
+
+
+# nix
+alias nixpkgs=nixpkg
+nixpkg () {
+  if [ $# -eq 0 ]; then
+    echo "Error: No arguments provided. Please specify at least one package."
+    return 1
+  fi
+  cmd="nix shell"
+  for pkg in "$@"; do
+    cmd="$cmd \"nixpkgs#$pkg\""
+  done
+  eval $cmd
+}
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -0,0 +1,40 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "ssh";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Use fail2ban
+    services.fail2ban = {
+      enable = true;
+    };
+
+    # Open ports in the firewall.
+    networking.firewall.allowedTCPPorts = [
+      22 # sshd
+    ];
+
+    # Enable the OpenSSH daemon.
+    services.openssh = {
+      enable = true;
+      settings = {
+        LogLevel = "VERBOSE";
+        PermitRootLogin = "yes";
+      };
+    };
+  };
+}
--- a/modules/stormd.nix
+++ b/modules/stormd.nix
@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+let
+  name = "stormd";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # environment.systemPackages = with pkgs; [
+    # ];
+
+    # TODO make a derivation for stormd binary and get it properlly in the store. This is super janky and the binary just has to exist there right now.
+
+    # networking.firewall.allowedUDPPorts = [ 4242 ];
+
+    systemd.services."stormd" = {
+      description = "Stormd service";
+      wants = [ "basic.target" ];
+      after = [
+        "basic.target"
+        "network.target"
+      ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "notify";
+        Restart = "always";
+        RestartSec = 1;
+        ExecStart = "/etc/stormd/stormd daemon";
+      };
+      unitConfig = {
+        StartLimitIntervalSec = 5;
+        StartLimitBurst = 3;
+      };
+    };
+  };
+}
--- a/modules/tty_caps_esc.nix
+++ b/modules/tty_caps_esc.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+with lib;
+let
+  name = "tty_caps_esc";
+  cfg = config.mods.${name};
+in
+{
+  options = {
+    mods.${name} = {
+      enable = mkEnableOption (lib.mdDoc "Enable ${name}");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver.xkb.options = "caps:escape";
+    console = {
+      earlySetup = true;
+      packages = with pkgs; [ terminus_font ];
+      useXkbConfig = true; # use xkb.options in tty. (caps -> escape)
+    };
+  };
+}
--- a/modules/validations.nix
+++ b/modules/validations.nix
@ -1,22 +1,29 @@
 { lib, config, ... }:
 {
-  # config.assertions = [
-  #   {
-  #     assertion =
-  #       lib.length (
-  #         lib.filter (x: x) [
-  #           config.my_modules.de_cosmic.enable
-  #           config.my_modules.de_gnome_xorg.enable
-  #           config.my_modules.de_gnome_wayland.enable
-  #         ]
-  #       ) <= 1;
-  #     message = ''
-  #       Configuration Error: Multiple desktop environments are enabled.
-  #       Please enable only one of the following:
-  #         - my_modules.de_cosmic.enable
-  #         - my_modules.de_gnome_xorg.enable
-  #         - my_modules.de_gnome_wayland.enable
-  #     '';
-  #   }
-  # ];
+  config.assertions = [
+    {
+      assertion =
+        lib.length (
+          lib.filter (x: x) [
+            config.mods.de_cosmic.enable
+            config.mods.de_gnome_xorg.enable
+            config.mods.de_gnome_wayland.enable
+          ]
+        ) <= 1;
+      message = ''
+        Configuration Error: Multiple desktop environments are enabled.
+        Please enable only one of the following:
+          - mods.de_cosmic.enable
+          - mods.de_gnome_xorg.enable
+          - mods.de_gnome_wayland.enable
+      '';
+    }
+    {
+      assertion = !(config.mods.de_cosmic.enable && config.mods.audio_pulse.enable);
+      message = ''
+        Configuration Error: cannot use pulse audio with cosmic.
+        Remove: mods.audio_pulse.enable
+      '';
+    }
+  ];
 }