diff options
| author | Quentin Aristote <quentin@aristote.fr> | 2023-02-11 17:18:54 +0100 |
|---|---|---|
| committer | Quentin Aristote <quentin@aristote.fr> | 2023-02-12 13:16:43 +0100 |
| commit | 6ea803da80558e269564c99070e92e285cf977ff (patch) | |
| tree | 151458881e22471888ac301ba6cb8b060f3723d8 /modules | |
| parent | 84d6a76d15345cdbd11fac5a079e04c81e484238 (diff) | |
add personal nixos modules
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/boot.nix | 17 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 13 | ||||
| -rw-r--r-- | modules/nixos/environment.nix | 31 | ||||
| -rw-r--r-- | modules/nixos/gui.nix | 54 | ||||
| -rw-r--r-- | modules/nixos/hardware.nix | 70 | ||||
| -rw-r--r-- | modules/nixos/networking.nix | 60 | ||||
| -rw-r--r-- | modules/nixos/nix.nix | 52 | ||||
| -rw-r--r-- | modules/nixos/user.nix | 22 |
8 files changed, 319 insertions, 0 deletions
diff --git a/modules/nixos/boot.nix b/modules/nixos/boot.nix new file mode 100644 index 0000000..b3f36aa --- /dev/null +++ b/modules/nixos/boot.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +let cfg = config.personal.boot; +in { + options.personal.boot = { grub.enable = lib.mkEnableOption "grub"; }; + + config.boot.loader = lib.mkIf cfg.grub.enable { + efi = { canTouchEfiVariables = true; }; + grub = { + enable = true; + version = 2; + efiSupport = true; + enableCryptodisk = config.boot.initrd.luks.devices != { }; + device = "nodev"; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..9485a9d --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./environment.nix + ./gui.nix + ./hardware.nix + ./networking.nix + ./nix.nix + ./user.nix + ]; +} diff --git a/modules/nixos/environment.nix b/modules/nixos/environment.nix new file mode 100644 index 0000000..5c84037 --- /dev/null +++ b/modules/nixos/environment.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.environment; +in { + options.personal.environment = { + enable = lib.mkEnableOption "basic environment"; + locale.enable = lib.mkEnableOption "French locale"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + vim + gitMinimal + busybox + coreutils + ]; + } + (lib.mkIf cfg.locale.enable { + time.timeZone = "Europe/Paris"; + i18n = { + defaultLocale = "fr_FR.utf8"; + extraLocaleSettings.LANG = "en_US.utf8"; + }; + console = { + font = "Lat2-Terminus16"; + keyMap = config.personal.hardware.keyboard.keyMap; + }; + }) + ]); +} diff --git a/modules/nixos/gui.nix b/modules/nixos/gui.nix new file mode 100644 index 0000000..d4de375 --- /dev/null +++ b/modules/nixos/gui.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.gui; +in { + options.personal.gui = { + enable = lib.mkEnableOption "GUI"; + xserver.enable = lib.mkEnableOption "X server"; + i3.enable = lib.mkEnableOption "i3"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + services.xserver = lib.mkIf cfg.xserver.enable { + enable = true; + desktopManager.xfce.enable = true; + displayManager = { + lightdm = { + enable = true; + # background = background-image; + greeters.gtk = { + enable = true; + # extraConfig = '' + # user-background = false + # ''; + theme = { + name = "Arc-Dark"; + package = pkgs.arc-theme; + }; + iconTheme = { + name = "Breeze-dark"; + package = pkgs.breeze-icons; + }; + }; + }; + }; + # Hardware + libinput.enable = true; + layout = config.personal.hardware.keyboard.keyMap; + autoRepeatDelay = 200; + }; + services.blueman.enable = config.hardware.bluetooth.enable; + } + (lib.mkIf cfg.i3.enable { + services.xserver = { + desktopManager.xfce = { + noDesktop = true; + enableXfwm = false; + }; + windowManager.i3.enable = true; + displayManager.defaultSession = "xfce+i3"; + }; + }) + ]); +} diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix new file mode 100644 index 0000000..71d48a4 --- /dev/null +++ b/modules/nixos/hardware.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.hardware; +in { + options.personal.hardware = { + usb.enable = lib.mkEnableOption "usb"; + disks.crypted = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = "Path to the encrypted disk."; + }; + firmwareNonFree.enable = lib.mkEnableOption "non-free firmwares"; + keyboard = { + keyMap = lib.mkOption { + type = lib.types.str; + default = "fr"; + }; + }; + backlights = let + mkBacklightOption = name: + lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = + "Whether to allow all users to change hardware the ${name} brightness."; + }; + in { + screen = mkBacklightOption "screen"; + keyboard = mkBacklightOption "keyboard"; + }; + sound.enable = lib.mkEnableOption "sound"; + }; + + config = lib.mkMerge [ + { + hardware.firmware = + lib.optional cfg.firmwareNonFree.enable pkgs.firmwareLinuxNonfree; + boot.initrd = { + availableKernelModules = lib.optional cfg.usb.enable "usb_storage"; + luks.devices = lib.optionalAttrs (cfg.disks.crypted != null) { + crypt = { + name = "crypt"; + device = cfg.disks.crypted; + preLVM = true; + }; + }; + }; + + services.udev.extraRules = + lib.optionalString (cfg.backlights.screen != null) '' + ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="${cfg.backlights.screen}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" + '' + lib.optionalString (cfg.backlights.keyboard != null) '' + ACTION=="add", SUBSYSTEM=="leds", KERNEL=="${cfg.backlights.keyboard}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/brightness" + ''; + } + + (lib.mkIf cfg.sound.enable { + sound.enable = true; + hardware.pulseaudio = { + enable = true; + support32Bit = true; + package = pkgs.pulseaudioFull; + extraConfig = '' + load-module module-dbus-protocol + ''; + }; + nixpkgs.config.pulseaudio = true; + }) + ]; +} diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix new file mode 100644 index 0000000..2b853de --- /dev/null +++ b/modules/nixos/networking.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.personal.networking; + mkFirewallEnableOption = name: + lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open ports for ${name}."; + }; +in { + options.personal.networking = { + enable = lib.mkEnableOption "networking"; + bluetooth.enable = lib.mkEnableOption "bluetooth"; + networkmanager.enable = lib.mkEnableOption "NetworkManager"; + ssh.enable = lib.mkEnableOption "SSH server"; + firewall = { + syncthing = mkFirewallEnableOption "Syncthing"; + kdeconnect = mkFirewallEnableOption "KDE Connect"; + http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.networkmanager.enable pkgs.networkmanager; + networking = { + networkmanager = lib.mkIf cfg.networkmanager.enable { + enable = true; + unmanaged = [ "interface-name:ve-*" ]; + }; + firewall = { + enable = true; + allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000 + ++ lib.optionals cfg.firewall.http [ 80 443 ]; + allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ]; + allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + }; + }; + services = lib.mkIf cfg.ssh.enable { + openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + extraConfig = '' + AcceptEnv PS1 + ''; + }; + fail2ban.enable = true; + }; + hardware.bluetooth.enable = cfg.bluetooth.enable; + }; +} diff --git a/modules/nixos/nix.nix b/modules/nixos/nix.nix new file mode 100644 index 0000000..24b5012 --- /dev/null +++ b/modules/nixos/nix.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: + +let cfg = config.personal.nix; +in { + options.personal.nix = { + enable = lib.mkEnableOption "nix configuration"; + autoUpgrade = lib.mkEnableOption "automatic system and nixpkgs upgrade"; + flake = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + }; + gc.enable = lib.mkEnableOption "garbage collection"; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.config = { allowUnfree = true; }; + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + gc = lib.mkIf cfg.gc.enable { + automatic = true; + dates = "daily"; + options = "--delete-old"; + }; + }; + system.autoUpgrade = lib.mkIf cfg.autoUpgrade { + enable = true; + flake = cfg.flake; + flags = if (cfg.flake == null) then + [ "--upgrade-all" ] + else [ + "--update-input" + "nixpkgs" + "--commit-lock-file" + ]; + }; + systemd.services = { + nix-gc.after = + lib.optional (cfg.autoUpgrade && cfg.gc.enable) "nixos-upgrade.service"; + nix-gc-remove-dead-roots = { + enable = cfg.gc.enable; + description = "Remove dead symlinks in /nix/var/nix/gcroots"; + serviceConfig.Type = "oneshot"; + script = "find /nix/var/nix/gcroots -xtype l -delete"; + before = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; + wantedBy = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; + }; + }; + }; +} diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix new file mode 100644 index 0000000..0d1585e --- /dev/null +++ b/modules/nixos/user.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: + +let cfg = config.personal.user; +in { + options.personal.user = { + enable = lib.mkEnableOption "main user"; + name = lib.mkOption { + type = lib.types.str; + default = "qaristote"; + }; + }; + + config.users.users."${cfg.name}" = lib.mkIf cfg.enable { + isNormalUser = true; + extraGroups = [ "wheel" ] ++ lib.optional config.sound.enable "sound" + ++ lib.optional config.networking.networkmanager.enable "networkmanager"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" + ]; + + }; +} |