Chore: formatting & cleanup
This commit is contained in:
parent
6ab9a35136
commit
86f7864f8f
|
@ -36,10 +36,6 @@ in
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
|
|
||||||
###*** Configure your system below this line. ***###
|
###*** Configure your system below this line. ***###
|
||||||
# Set your time zone.
|
|
||||||
# To see all available timezones, run `timedatectl list-timezones`.
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
# Build Nix packages for other hosts.
|
# Build Nix packages for other hosts.
|
||||||
# Runs every day at 4 AM
|
# Runs every day at 4 AM
|
||||||
systemd = {
|
systemd = {
|
||||||
|
|
|
@ -37,10 +37,6 @@ in
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
|
|
||||||
###*** Configure your system below this line. ***###
|
###*** Configure your system below this line. ***###
|
||||||
# Set your time zone.
|
|
||||||
# To see all available timezones, run `timedatectl list-timezones`.
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
# Build Nix packages for other hosts.
|
# Build Nix packages for other hosts.
|
||||||
# Runs every day at 4 AM
|
# Runs every day at 4 AM
|
||||||
systemd = {
|
systemd = {
|
||||||
|
@ -87,6 +83,7 @@ in
|
||||||
# Enable GPU support.
|
# Enable GPU support.
|
||||||
gpu.amd.enable = true;
|
gpu.amd.enable = true;
|
||||||
|
|
||||||
|
# Install script to get the system up and running after boot.
|
||||||
packages = [ start-services ];
|
packages = [ start-services ];
|
||||||
|
|
||||||
# Enable support for primary RAID array
|
# Enable support for primary RAID array
|
||||||
|
|
|
@ -41,23 +41,4 @@ in
|
||||||
size = 16384;
|
size = 16384;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Automatically scrub the RAID array monthly
|
|
||||||
systemd.services."raid-scrub" = {
|
|
||||||
description = "Periodically scrub RAID volumes for errors.";
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
User = "root";
|
|
||||||
};
|
|
||||||
script = "echo check > /sys/block/md127/md/sync_action";
|
|
||||||
};
|
|
||||||
systemd.timers."raid-scrub" = {
|
|
||||||
description = "Periodically scrub RAID volumes for errors.";
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "monthly";
|
|
||||||
Persistent = true;
|
|
||||||
Unit = "raid-scrub.service";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,10 +12,6 @@ in
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
|
|
||||||
###*** Configure your system below this line. ***###
|
###*** Configure your system below this line. ***###
|
||||||
# Set your time zone.
|
|
||||||
# To see all available timezones, run `timedatectl list-timezones`.
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
# Configure the system.
|
# Configure the system.
|
||||||
aux.system = {
|
aux.system = {
|
||||||
# Enable to allow unfree (e.g. closed source) packages.
|
# Enable to allow unfree (e.g. closed source) packages.
|
||||||
|
|
|
@ -12,7 +12,17 @@ in
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
system.stateVersion = stateVersion;
|
system.stateVersion = stateVersion;
|
||||||
networking.hostName = hostName;
|
networking = {
|
||||||
|
hostName = hostName;
|
||||||
|
|
||||||
|
# Connect to the network automagically
|
||||||
|
networkmanager.enable = lib.mkForce false;
|
||||||
|
wireless.networks = {
|
||||||
|
"${config.secrets.networking.networks.home.SSID}" = {
|
||||||
|
psk = "${config.secrets.networking.networks.home.password}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
aux.system = {
|
aux.system = {
|
||||||
bootloader.enable = false; # Bootloader configured in hardware-configuration.nix
|
bootloader.enable = false; # Bootloader configured in hardware-configuration.nix
|
||||||
|
@ -30,16 +40,4 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
# Connect to the network automagically
|
|
||||||
networking = {
|
|
||||||
networkmanager.enable = lib.mkForce false;
|
|
||||||
wireless.networks = {
|
|
||||||
"${config.secrets.networking.networks.home.SSID}" = {
|
|
||||||
psk = "${config.secrets.networking.networks.home.password}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.apps.writing.enable = lib.mkEnableOption (lib.mdDoc "Enables writing and editing tools");
|
aux.system.apps.writing.enable = lib.mkEnableOption "Enables writing and editing tools";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -8,19 +8,12 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
config = {
|
config = {
|
||||||
# Install ZSH for all users
|
# Install base packages
|
||||||
programs.zsh.enable = true;
|
aux.system.packages = with pkgs; [
|
||||||
users.defaultUserShell = pkgs.zsh;
|
|
||||||
|
|
||||||
aux.system = {
|
|
||||||
packages = with pkgs; [
|
|
||||||
fastfetch # Show a neat system statistics screen when opening a terminal
|
fastfetch # Show a neat system statistics screen when opening a terminal
|
||||||
htop
|
htop # System monitor
|
||||||
mdadm # RAID management
|
|
||||||
nh # Nix Helper: https://github.com/viperML/nh
|
|
||||||
zellij # Terminal multiplexer
|
zellij # Terminal multiplexer
|
||||||
];
|
];
|
||||||
};
|
|
||||||
|
|
||||||
# Allow packages from the unstable repo by using 'pkgs.unstable'
|
# Allow packages from the unstable repo by using 'pkgs.unstable'
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
|
@ -33,14 +26,17 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
|
# Install ZSH for all users
|
||||||
|
zsh.enable = true;
|
||||||
|
|
||||||
# Enable NH, an alternative nixos-rebuild frontend.
|
# Enable NH, an alternative nixos-rebuild frontend.
|
||||||
|
# https://github.com/viperML/nh
|
||||||
nh = {
|
nh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
flake = "${config.secrets.nixConfigFolder}";
|
flake = "${config.secrets.nixConfigFolder}";
|
||||||
};
|
};
|
||||||
# Do some additional Nano configuration
|
# Configure nano
|
||||||
nano.nanorc = ''
|
nano.nanorc = ''
|
||||||
set linenumbers
|
|
||||||
set tabsize 4
|
set tabsize 4
|
||||||
set softwrap
|
set softwrap
|
||||||
set autoindent
|
set autoindent
|
||||||
|
@ -48,6 +44,7 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban.enable = true;
|
# Set ZSH as the default shell
|
||||||
|
users.defaultUserShell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.myModule = {
|
aux.system.services.myModule = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables this example module.");
|
enable = lib.mkEnableOption "Enables this example module.";
|
||||||
attributes = lib.mkOption {
|
attributes = lib.mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = lib.types.attrs;
|
type = lib.types.attrs;
|
||||||
|
|
|
@ -6,9 +6,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.acme = {
|
aux.system.services.acme = {
|
||||||
enable = lib.mkEnableOption (
|
enable = lib.mkEnableOption "Enable the ACME client (for Let's Encrypt TLS certificates).";
|
||||||
lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)."
|
|
||||||
);
|
|
||||||
certs = lib.mkOption {
|
certs = lib.mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = lib.types.attrs;
|
type = lib.types.attrs;
|
||||||
|
|
|
@ -10,7 +10,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.airsonic = {
|
aux.system.services.airsonic = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service.");
|
enable = lib.mkEnableOption "Enables Airsonic Advanced media streaming service.";
|
||||||
home = lib.mkOption {
|
home = lib.mkOption {
|
||||||
default = "/var/lib/airsonic";
|
default = "/var/lib/airsonic";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
|
@ -7,7 +7,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.autoUpgrade = {
|
aux.system.services.autoUpgrade = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables automatic system updates.");
|
enable = lib.mkEnableOption "Enables automatic system updates.";
|
||||||
branches = lib.mkOption {
|
branches = lib.mkOption {
|
||||||
type = lib.types.attrs;
|
type = lib.types.attrs;
|
||||||
description = "Which local and remote branches to compare.";
|
description = "Which local and remote branches to compare.";
|
||||||
|
@ -31,9 +31,7 @@ in
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
|
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
|
||||||
};
|
};
|
||||||
pushUpdates = lib.mkEnableOption (
|
pushUpdates = lib.mkEnableOption "Updates the flake.lock file and pushes it back to the repo.";
|
||||||
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
|
|
||||||
);
|
|
||||||
user = lib.mkOption {
|
user = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "The user who owns the configDir.";
|
description = "The user who owns the configDir.";
|
||||||
|
|
|
@ -10,9 +10,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.boinc.enable = lib.mkEnableOption (
|
aux.system.services.boinc.enable = lib.mkEnableOption "Enables BOINC distributed computing service.";
|
||||||
lib.mdDoc "Enables BOINC distributed computing service."
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -24,7 +24,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.forgejo = {
|
aux.system.services.forgejo = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
|
enable = lib.mkEnableOption "Enables Forgejo Git hosting service.";
|
||||||
domain = lib.mkOption {
|
domain = lib.mkOption {
|
||||||
default = "/var/lib/forgejo";
|
default = "/var/lib/forgejo";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
@ -44,7 +44,7 @@ in
|
||||||
example = "https://forgejo.example.com";
|
example = "https://forgejo.example.com";
|
||||||
};
|
};
|
||||||
actions = {
|
actions = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner.");
|
enable = lib.mkEnableOption "Enables a local Forgejo Actions runner.";
|
||||||
token = lib.mkOption {
|
token = lib.mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
|
@ -11,7 +11,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.home-assistant = {
|
aux.system.services.home-assistant = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Home Assistant.");
|
enable = lib.mkEnableOption "Enables Home Assistant.";
|
||||||
domain = lib.mkOption {
|
domain = lib.mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
|
@ -14,7 +14,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.jellyfin = {
|
aux.system.services.jellyfin = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the Jellyfin media streaming service.");
|
enable = lib.mkEnableOption "Enables the Jellyfin media streaming service.";
|
||||||
home = lib.mkOption {
|
home = lib.mkOption {
|
||||||
default = "/var/lib/jellyfin";
|
default = "/var/lib/jellyfin";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
|
@ -6,8 +6,8 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.nginx = {
|
aux.system.services.nginx = {
|
||||||
autostart = lib.mkEnableOption (lib.mdDoc "Whether to autostart Nginx at boot.");
|
autostart = lib.mkEnableOption "Whether to autostart Nginx at boot.";
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enable the Nginx web server.");
|
enable = lib.mkEnableOption "Enable the Nginx web server.";
|
||||||
|
|
||||||
virtualHosts = lib.mkOption {
|
virtualHosts = lib.mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
|
|
|
@ -6,7 +6,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.ssh = {
|
aux.system.services.ssh = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
|
enable = lib.mkEnableOption "Enables SSH server.";
|
||||||
ports = lib.mkOption {
|
ports = lib.mkOption {
|
||||||
default = [ 22 ];
|
default = [ 22 ];
|
||||||
type = lib.types.listOf lib.types.int;
|
type = lib.types.listOf lib.types.int;
|
||||||
|
|
|
@ -12,16 +12,16 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.virtualization = {
|
aux.system.services.virtualization = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
|
enable = lib.mkEnableOption "Enables virtualization tools on this host.";
|
||||||
host = {
|
host = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
|
enable = lib.mkEnableOption "Enables virtual machine hosting.";
|
||||||
user = lib.mkOption {
|
user = lib.mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "The default user to add as a KVM admin.";
|
description = "The default user to add as a KVM admin.";
|
||||||
};
|
};
|
||||||
vmBuilds = {
|
vmBuilds = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
|
enable = lib.mkEnableOption "Enables builds via `nixos-rebuild build-vm` on this host.";
|
||||||
cores = lib.mkOption {
|
cores = lib.mkOption {
|
||||||
type = lib.types.int;
|
type = lib.types.int;
|
||||||
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
|
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
|
||||||
|
|
|
@ -13,7 +13,7 @@ in
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
aux.system.bluetooth = {
|
aux.system.bluetooth = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth");
|
enable = lib.mkEnableOption "Enables bluetooth.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,8 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support.");
|
secureboot.enable = lib.mkEnableOption "Enables Secureboot support (please read the README before enabling!).";
|
||||||
tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support.");
|
tpm2.enable = lib.mkEnableOption "Enables TPM2 support.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -34,8 +34,10 @@ in
|
||||||
bootspec.enable = true;
|
bootspec.enable = true;
|
||||||
|
|
||||||
# Use Lanzaboote in place of systemd-boot.
|
# Use Lanzaboote in place of systemd-boot.
|
||||||
loader.systemd-boot.enable = false;
|
loader = {
|
||||||
loader.efi.canTouchEfiVariables = true;
|
systemd-boot.enable = false;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
lanzaboote = {
|
lanzaboote = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pkiBundle = "/etc/secureboot";
|
pkiBundle = "/etc/secureboot";
|
||||||
|
@ -46,9 +48,8 @@ in
|
||||||
# Set up TPM if enabled. See https://wiki.nixos.org/wiki/TPM
|
# Set up TPM if enabled. See https://wiki.nixos.org/wiki/TPM
|
||||||
(lib.mkIf (cfg.tpm2.enable) {
|
(lib.mkIf (cfg.tpm2.enable) {
|
||||||
boot.initrd = {
|
boot.initrd = {
|
||||||
# Enable systemd for TPM auto-unlocking
|
# Enable modules and support for TPM auto-unlocking
|
||||||
systemd.enable = true;
|
systemd.enable = true;
|
||||||
|
|
||||||
availableKernelModules = [ "tpm_crb" ];
|
availableKernelModules = [ "tpm_crb" ];
|
||||||
kernelModules = [ "tpm_crb" ];
|
kernelModules = [ "tpm_crb" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,7 +9,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.filesystem = {
|
aux.system.filesystem = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
|
enable = lib.mkEnableOption "Enables standard BTRFS subvolumes and parameters.";
|
||||||
partitions = {
|
partitions = {
|
||||||
boot = lib.mkOption {
|
boot = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
@ -28,7 +28,7 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
swapFile = {
|
swapFile = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
|
enable = lib.mkEnableOption "Enables the creation of a swap file.";
|
||||||
size = lib.mkOption {
|
size = lib.mkOption {
|
||||||
type = lib.types.int;
|
type = lib.types.int;
|
||||||
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";
|
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support.");
|
aux.system.gpu.amd.enable = lib.mkEnableOption "Enables AMD GPU support.";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support.");
|
aux.system.gpu.intel.enable = lib.mkEnableOption "Enables Intel GPU support.";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
@ -19,7 +19,8 @@ in
|
||||||
|
|
||||||
environment.variables.VDPAU_DRIVER = "va_gl";
|
environment.variables.VDPAU_DRIVER = "va_gl";
|
||||||
|
|
||||||
hardware.opengl.extraPackages = with pkgs; [
|
hardware.opengl = {
|
||||||
|
extraPackages = with pkgs; [
|
||||||
(
|
(
|
||||||
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
||||||
vaapiIntel
|
vaapiIntel
|
||||||
|
@ -30,7 +31,7 @@ in
|
||||||
intel-media-driver
|
intel-media-driver
|
||||||
];
|
];
|
||||||
|
|
||||||
hardware.opengl.extraPackages32 = with pkgs.driversi686Linux; [
|
extraPackages32 = with pkgs.driversi686Linux; [
|
||||||
(
|
(
|
||||||
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
||||||
vaapiIntel
|
vaapiIntel
|
||||||
|
@ -41,4 +42,5 @@ in
|
||||||
intel-media-driver
|
intel-media-driver
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,12 +11,10 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.gpu.nvidia = {
|
aux.system.gpu.nvidia = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support.");
|
enable = lib.mkEnableOption "Enables Nvidia GPU support.";
|
||||||
hybrid = {
|
hybrid = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support.");
|
enable = lib.mkEnableOption "Enables hybrid GPU support.";
|
||||||
sync = lib.mkEnableOption (
|
sync = lib.mkEnableOption "Enables sync mode for faster performance at the cost of higher battery usage.";
|
||||||
lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage."
|
|
||||||
);
|
|
||||||
busIDs = {
|
busIDs = {
|
||||||
nvidia = lib.mkOption {
|
nvidia = lib.mkOption {
|
||||||
description = "The bus ID for your Nvidia GPU.";
|
description = "The bus ID for your Nvidia GPU.";
|
||||||
|
@ -57,9 +55,9 @@ in
|
||||||
aux.system.allowUnfree = true;
|
aux.system.allowUnfree = true;
|
||||||
|
|
||||||
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
|
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
|
||||||
hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau ];
|
hardware = {
|
||||||
|
opengl.extraPackages = with pkgs; [ vaapiVdpau ];
|
||||||
hardware.nvidia = {
|
nvidia = {
|
||||||
modesetting.enable = true;
|
modesetting.enable = true;
|
||||||
nvidiaSettings = config.aux.system.ui.desktops.enable;
|
nvidiaSettings = config.aux.system.ui.desktops.enable;
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||||
|
@ -78,4 +76,5 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,4 +12,8 @@
|
||||||
nftables.enable = true;
|
nftables.enable = true;
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Enable fail2ban by default
|
||||||
|
# https://github.com/fail2ban/fail2ban
|
||||||
|
services.fail2ban.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,13 +11,15 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install.");
|
aux.system = {
|
||||||
aux.system.retentionPeriod = lib.mkOption {
|
allowUnfree = lib.mkEnableOption "Allow unfree packages to install.";
|
||||||
|
retentionPeriod = lib.mkOption {
|
||||||
description = "How long to retain NixOS generations. Defaults to one month.";
|
description = "How long to retain NixOS generations. Defaults to one month.";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "monthly";
|
default = "monthly";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
config = {
|
config = {
|
||||||
nixpkgs.config.allowUnfree = cfg.allowUnfree;
|
nixpkgs.config.allowUnfree = cfg.allowUnfree;
|
||||||
nix = {
|
nix = {
|
||||||
|
@ -33,15 +35,15 @@ in
|
||||||
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
|
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
|
||||||
|
|
||||||
# Only allow these users to use Nix
|
# Only allow these users to use Nix
|
||||||
allowed-users = [
|
allowed-users = with config.users.users; [
|
||||||
"root"
|
root.name
|
||||||
config.users.users.aires.name
|
aires.name
|
||||||
];
|
];
|
||||||
|
|
||||||
# Avoid signature verification messages when doing remote builds
|
# Avoid signature verification messages when doing remote builds
|
||||||
trusted-users = [
|
trusted-users =
|
||||||
config.users.users.aires.name
|
with config.users.users;
|
||||||
] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ];
|
[ aires.name ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ gremlin.name ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable periodic nix store optimization
|
# Enable periodic nix store optimization
|
||||||
|
@ -63,10 +65,10 @@ in
|
||||||
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||||
|
|
||||||
# Configure remote build machines
|
# Configure remote build machines
|
||||||
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
|
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
|
||||||
buildMachines = [
|
buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = "dimaga";
|
hostName = "hevana";
|
||||||
systems = [
|
systems = [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
"aarch64-linux"
|
"aarch64-linux"
|
||||||
|
|
|
@ -19,6 +19,27 @@ in
|
||||||
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
|
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
|
||||||
MAILADDR ${config.secrets.users.aires.email}
|
MAILADDR ${config.secrets.users.aires.email}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# Automatically scrub the array monthly
|
||||||
|
systemd = {
|
||||||
|
services."raid-scrub" = {
|
||||||
|
description = "Periodically scrub RAID volumes for errors.";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = "root";
|
||||||
|
};
|
||||||
|
script = "echo check > /sys/block/md127/md/sync_action";
|
||||||
|
};
|
||||||
|
timers."raid-scrub" = {
|
||||||
|
description = "Periodically scrub RAID volumes for errors.";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "monthly";
|
||||||
|
Persistent = true;
|
||||||
|
Unit = "raid-scrub.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ in
|
||||||
environment.systemPackages = cfg.corePackages ++ cfg.packages;
|
environment.systemPackages = cfg.corePackages ++ cfg.packages;
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
# Automatically set the timezone
|
# Automatically set the timezone based on location
|
||||||
automatic-timezoned.enable = true;
|
automatic-timezoned.enable = true;
|
||||||
geoclue2.enableDemoAgent = lib.mkForce true;
|
geoclue2.enableDemoAgent = lib.mkForce true;
|
||||||
|
|
||||||
|
|
|
@ -12,10 +12,8 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.audio = {
|
aux.system.ui.audio = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables audio.");
|
enable = lib.mkEnableOption "Enables audio.";
|
||||||
enableLowLatency = lib.mkEnableOption (
|
enableLowLatency = lib.mkEnableOption "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup.";
|
||||||
lib.mdDoc "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup."
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -29,10 +27,12 @@ in
|
||||||
|
|
||||||
services.pipewire = {
|
services.pipewire = {
|
||||||
enable = true;
|
enable = true;
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
jack.enable = true;
|
jack.enable = true;
|
||||||
|
alsa = {
|
||||||
|
enable = true;
|
||||||
|
support32Bit = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Reduce audio latency per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup
|
# Reduce audio latency per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup
|
||||||
extraConfig.pipewire = lib.mkIf cfg.enableLowLatency {
|
extraConfig.pipewire = lib.mkIf cfg.enableLowLatency {
|
||||||
|
|
|
@ -5,9 +5,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops.budgie.enable = lib.mkEnableOption (
|
aux.system.ui.desktops.budgie.enable = lib.mkEnableOption "Enables the Budgie desktop environment.";
|
||||||
lib.mdDoc "Enables the Budgie desktop environment."
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -12,7 +12,7 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops = {
|
aux.system.ui.desktops = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support.");
|
enable = lib.mkEnableOption "Enables base desktop environment support.";
|
||||||
xkb = lib.mkOption {
|
xkb = lib.mkOption {
|
||||||
description = "The keyboard layout to use by default. Defaults to us.";
|
description = "The keyboard layout to use by default. Defaults to us.";
|
||||||
type = lib.types.attrs;
|
type = lib.types.attrs;
|
||||||
|
|
|
@ -13,10 +13,8 @@ in
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops.gnome = {
|
aux.system.ui.desktops.gnome = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the Gnome Desktop Environment.");
|
enable = lib.mkEnableOption "Enables the Gnome Desktop Environment.";
|
||||||
tripleBuffering.enable = lib.mkEnableOption (
|
tripleBuffering.enable = lib.mkEnableOption "(Experimental) Enables dynamic triple buffering";
|
||||||
lib.mdDoc "(Experimental) Enables dynamic triple buffering"
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -89,7 +87,7 @@ in
|
||||||
gnomeExtensions.alphabetical-app-grid
|
gnomeExtensions.alphabetical-app-grid
|
||||||
gnomeExtensions.appindicator
|
gnomeExtensions.appindicator
|
||||||
gnomeExtensions.dash-to-panel
|
gnomeExtensions.dash-to-panel
|
||||||
gnomeExtensions.forge
|
gnomeExtensions.random-wallpaper
|
||||||
# Themeing
|
# Themeing
|
||||||
gnome.gnome-themes-extra
|
gnome.gnome-themes-extra
|
||||||
papirus-icon-theme
|
papirus-icon-theme
|
||||||
|
|
|
@ -5,9 +5,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption (
|
aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption "Enables the Hyprland desktop environment.";
|
||||||
lib.mdDoc "Enables the Hyprland desktop environment."
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -12,8 +12,8 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops.kde = {
|
aux.system.ui.desktops.kde = {
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment.");
|
enable = lib.mkEnableOption "Enables the KDE Desktop Environment.";
|
||||||
useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland.");
|
useX11 = lib.mkEnableOption "Uses X11 instead of Wayland.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -5,9 +5,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.ui.desktops.xfce.enable = lib.mkEnableOption (
|
aux.system.ui.desktops.xfce.enable = lib.mkEnableOption "Enables the XFCE desktop environment.";
|
||||||
lib.mdDoc "Enables the XFCE desktop environment."
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -29,9 +29,7 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
useBindFS = lib.mkEnableOption {
|
useBindFS = lib.mkEnableOption "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues.";
|
||||||
description = "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues.";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -62,16 +62,6 @@ in
|
||||||
username = "aires";
|
username = "aires";
|
||||||
homeDirectory = "/home/aires";
|
homeDirectory = "/home/aires";
|
||||||
|
|
||||||
# Install extra packages, specifically gnome extensions
|
|
||||||
packages = lib.mkIf config.aux.system.ui.desktops.gnome.enable [
|
|
||||||
pkgs.gnomeExtensions.wallpaper-slideshow
|
|
||||||
];
|
|
||||||
|
|
||||||
# Set environment variables
|
|
||||||
sessionVariables = {
|
|
||||||
KUBECONFIG = "/home/aires/.kube/config";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Create .face file
|
# Create .face file
|
||||||
file.".face".source = ./face.png;
|
file.".face".source = ./face.png;
|
||||||
};
|
};
|
||||||
|
@ -114,19 +104,6 @@ in
|
||||||
loginExtra = "fastfetch";
|
loginExtra = "fastfetch";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Gnome settings specific to aires on Shura
|
|
||||||
/*
|
|
||||||
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
|
|
||||||
"org/gnome/desktop/interface" = {
|
|
||||||
# Increase font scaling;
|
|
||||||
text-scaling-factor = 1.3;
|
|
||||||
|
|
||||||
# Dark mode
|
|
||||||
color-scheme = "prefer-dark";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,16 +13,18 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.groups."media" = {
|
users = {
|
||||||
gid = 1001;
|
users.media = {
|
||||||
};
|
|
||||||
|
|
||||||
users.users.media = {
|
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
description = "Media manager";
|
description = "Media manager";
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
group = "media";
|
group = "media";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
groups."media" = {
|
||||||
|
gid = 1001;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue