karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modularize code

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-06-20 11:42:31 +03:00
parent 4e4fb9c86c
commit ea01ac7fe0
17 changed files with 440 additions and 374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/common/configs/persist/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, lib, ... }:
{
imports = [ inputs.impermanence.nixosModules.impermanence ];
fileSystems."/persist".neededForBoot = true;
boot.initrd.postDeviceCommands = lib.mkAfter (builtins.readFile ./impermanence.sh);
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/etc/NetworkManager/system-connections"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/log"
];
files = [
"/etc/machine-id"
];
};
}

4
hosts/common/scripts/impermanence.sh → hosts/common/configs/persist/impermanence.sh
View File

@@ -1,5 +1,3 @@
#!/bin/sh
delete_subvolume_recursively() { delete_subvolume_recursively() {
IFS=$'\n' IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
@@ -17,7 +15,7 @@ if [[ -e /mnt/btrfs/root ]]; then
mv /mnt/btrfs/root "/mnt/btrfs/root.bak/$timestamp" mv /mnt/btrfs/root "/mnt/btrfs/root.bak/$timestamp"
fi fi
find /mnt/btrfs/root.bak/ -maxdepth 1 -mtime +30 | while IFS= read -r i; do find /mnt/btrfs/root.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do
delete_subvolume_recursively "$i" delete_subvolume_recursively "$i"
done done

16
hosts/common/configs/sops/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
environment = {
persistence."/persist".files = [ "/etc/ssh/ssh_host_ed25519_key" ];
systemPackages = with pkgs; [ sops ];
};
sops.age = {
generateKey = true;
sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
};
}

2
hosts/common/configs/zsh/default.nix
View File

@@ -3,4 +3,6 @@
enable = true; enable = true;
histFile = "/var/lib/zsh/history"; histFile = "/var/lib/zsh/history";
}; };
environment.persistence."/persist".directories = [ "/var/lib/zsh" ];
} }

52
hosts/common/default.nix
View File

@@ -2,8 +2,9 @@
{ {
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence ./configs/persist
inputs.sops-nix.nixosModules.sops ./configs/sops
./configs/pipewire ./configs/pipewire
./configs/zsh ./configs/zsh
./configs/neovim ./configs/neovim
@@ -14,8 +15,6 @@
./configs/gpg-agent ./configs/gpg-agent
]; ];
fileSystems."/persist".neededForBoot = true;
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@@ -23,46 +22,23 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
initrd = {
verbose = false;
postDeviceCommands = lib.mkAfter (builtins.readFile ./scripts/impermanence.sh);
};
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = [ "btrfs" "ntfs" ]; supportedFilesystems = [ "btrfs" "ntfs" ];
kernelParams = [ "loglevel=3" "quiet" ]; kernelParams = [ "loglevel=3" "quiet" ];
initrd.verbose = false;
consoleLogLevel = 0; consoleLogLevel = 0;
}; };
environment = {
persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/etc/NetworkManager/system-connections"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/zsh"
"/var/log"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/machine-id"
];
};
systemPackages = with pkgs; [
tree
ranger
btop
fastfetch
sops
];
};
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [
tree
ranger
btop
fastfetch
];
users = { users = {
mutableUsers = false; mutableUsers = false;
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
@@ -72,12 +48,6 @@
Defaults lecture = never Defaults lecture = never
''; '';
sops.age = {
generateKey = true;
sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
};
system = { system = {
autoUpgrade = { autoUpgrade = {
enable = true; enable = true;

4
hosts/eirene/base/default.nix
View File

@@ -13,9 +13,7 @@
# https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6 # https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6
hardware = { hardware = {
cpu.amd = { cpu.amd.updateMicrocode = true;
updateMicrocode = true;
};
nvidia = { nvidia = {
modesetting.enable = true; modesetting.enable = true;

12
users/common/configs/firefox/default.nix
View File

@@ -1,8 +1,11 @@
{ pkgs, ... }: { config, lib, pkgs, ... }:
{ {
home-manager = {
sharedModules = [{
programs.firefox = { programs.firefox = {
enable = true; enable = true;
policies = { policies = {
DisableTelemetry = true; DisableTelemetry = true;
DisableFirefoxStudies = true; DisableFirefoxStudies = true;
@@ -25,6 +28,7 @@
"browser.translations.automaticallyPopup" = false; "browser.translations.automaticallyPopup" = false;
}; };
}; };
profiles.nick = { profiles.nick = {
search = { search = {
default = "DuckDuckGo"; default = "DuckDuckGo";
@@ -84,5 +88,11 @@
}; };
}; };
}; };
}];
users = lib.attrsets.mapAttrs (user: config: ({
home.persistence."/persist${config.home}".directories = [ ".mozilla" ];
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

22
users/common/configs/git/default.nix
View File

@@ -1,6 +1,8 @@
{ pkgs, ... }: { config, lib, pkgs, ... }:
{ {
home-manager = {
sharedModules = [{
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
@@ -9,15 +11,25 @@
key = null; key = null;
}; };
extraConfig.credential.helper = "store"; extraConfig.credential.helper = "store";
hooks = { hooks = let
commit-msg = pkgs.writeScript "git-commit-msg" '' commit-msg-hook = pkgs.writeShellScriptBin "git-commit-msg" ''
#!${pkgs.runtimeShell}
git interpret-trailers --if-exists doNothing --trailer \ git interpret-trailers --if-exists doNothing --trailer \
"Signed-off-by: $(git config user.name) <$(git config user.email)>" \ "Signed-off-by: $(git config user.name) <$(git config user.email)>" \
--in-place "$1" --in-place "$1"
''; '';
in
{
commit-msg = "${commit-msg-hook}/bin/git-commit-msg";
}; };
}; };
}];
users = lib.attrsets.mapAttrs (user: config: ({
programs.git = {
userName = config.fullName;
userEmail = config.email;
};
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

35
users/common/configs/gpg-agent/default.nix
View File

@@ -1,24 +1,16 @@
{ pkgs, ... }: { config, lib, pkgs, ... }:
{ {
home-manager = {
sharedModules = [{
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
defaultCacheTtl = 31536000; defaultCacheTtl = 31536000;
maxCacheTtl = 31536000; maxCacheTtl = 31536000;
}; };
systemd.user.services.gpg-agent-import = { systemd.user.services.gpg-agent-import = let
Unit = { init = pkgs.writeShellScriptBin "import-gpg-keys" ''
Description = "Auto-import GPG keys";
Requires = [ "sops-nix.service" "gpg-agent.socket" ];
After = [ "sops-nix.service" "gpg-agent.socket" ];
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeScript "import-gpg-keys" ''
#!${pkgs.runtimeShell}
for keyfile in "$HOME"/.config/sops-nix/secrets/gpg-agent/*.key; do for keyfile in "$HOME"/.config/sops-nix/secrets/gpg-agent/*.key; do
passfile="''${keyfile%.key}.pass" passfile="''${keyfile%.key}.pass"
@@ -36,8 +28,25 @@
gpg --import-ownertrust "$HOME"/.gnupg/otrust.txt gpg --import-ownertrust "$HOME"/.gnupg/otrust.txt
rm "$HOME"/.gnupg/otrust.txt rm "$HOME"/.gnupg/otrust.txt
''; '';
in
{
Unit = {
Description = "Auto-import GPG keys";
Requires = [ "sops-nix.service" "gpg-agent.socket" ];
After = [ "sops-nix.service" "gpg-agent.socket" ];
};
Service = {
Type = "oneshot";
ExecStart = "${init}/bin/import-gpg-keys";
}; };
Install = { WantedBy = [ "default.target" ]; }; Install = { WantedBy = [ "default.target" ]; };
}; };
}];
users = lib.attrsets.mapAttrs (user: config: ({
systemd.user.tmpfiles.rules = [ "d ${config.home}/.gnupg 0700 ${user} users -" ];
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

35
users/common/configs/hyprland/default.nix
View File

@@ -1,4 +1,12 @@
{ config, lib, pkgs, ... }:
{ {
programs.hyprland.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
home-manager = {
sharedModules = [{
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = { settings = {
@@ -93,7 +101,32 @@
programs.zsh.loginExtra = '' programs.zsh.loginExtra = ''
if [ -z "''${WAYLAND_DISPLAY}" ] && [ ! -z "''${XDG_VTNR}" ] && [ "''${XDG_VTNR}" -eq 1 ]; then if [ -z "''${WAYLAND_DISPLAY}" ] && [ ! -z "''${XDG_VTNR}" ] && [ "''${XDG_VTNR}" -eq 1 ]; then
hyprland &> /tmp/hyprland.log ${pkgs.hyprland}/bin/hyprland &> /tmp/hyprland.log
fi fi
''; '';
home.packages = with pkgs; [
swww
rofi-wayland
pavucontrol
];
}];
users = lib.attrsets.mapAttrs (user: config: (
let
init = pkgs.writeShellScriptBin "hyprland-init" ''
${pkgs.swww}/bin/swww-daemon &> /tmp/swww.log &
while ! ${pkgs.swww}/bin/swww query &> /dev/null; do
sleep 0.1
done
${pkgs.swww}/bin/swww img ${config.wallpaper}
'';
in
{
wayland.windowManager.hyprland.settings.exec-once = "${init}/bin/hyprland-init";
}
)) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

2
users/common/configs/kitty/default.nix
View File

@@ -1,8 +1,10 @@
{ {
home-manager.sharedModules = [{
programs.kitty = { programs.kitty = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
confirm_os_window_close 0 confirm_os_window_close 0
''; '';
}; };
}];
} }

2
users/common/configs/neovim/default.nix
View File

@@ -1,4 +1,5 @@
{ {
home-manager.sharedModules = [{
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
@@ -12,5 +13,6 @@
set smartindent set smartindent
''; '';
}; };
}];
} }

28
users/common/configs/persist/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, inputs, lib, ... }:
{
programs.fuse.userAllowOther = true;
systemd.tmpfiles.rules = [ "d /persist/home 0755 root root -" ] ++
lib.attrsets.mapAttrsToList (user: config: "d /persist${config.home} 0700 ${user} users -")
(lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
home-manager = {
sharedModules = [{ imports = [ inputs.impermanence.nixosModules.home-manager.impermanence ]; }];
users = lib.attrsets.mapAttrs (user: config: ({
home.persistence."/persist${config.home}" = {
allowOther = true;
directories = [
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
"Templates"
"VMs"
"git"
];
};
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
}

17
users/common/configs/sops/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, inputs, lib, ... }:
let
sopsKeyPath = ".config/sops-nix/key.txt";
in
{
environment.sessionVariables.SOPS_AGE_KEY_FILE = "$HOME/${sopsKeyPath}";
home-manager = {
sharedModules = [{ imports = [ inputs.sops-nix.homeManagerModules.sops ]; }];
users = lib.attrsets.mapAttrs (user: config: ({
home.persistence."/persist${config.home}".files = [ sopsKeyPath ];
sops.age.keyFile = "/persist${config.home}/${sopsKeyPath}";
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
}

14
users/common/configs/stylix/default.nix
View File

@@ -1,3 +1,17 @@
{ config, inputs, lib, ... }:
{ {
home-manager = {
sharedModules = [{
imports = [ inputs.stylix.homeManagerModules.stylix ];
stylix.enable = true; stylix.enable = true;
}];
users = lib.attrsets.mapAttrs (user: config: ({
stylix = {
image = config.wallpaper;
base16Scheme = config.base16Scheme;
};
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

10
users/common/configs/zsh/default.nix
View File

@@ -1,4 +1,8 @@
{ config, lib, ... }:
{ {
home-manager = {
sharedModules = [{
programs.zsh = { programs.zsh = {
enable = true; enable = true;
autocd = true; autocd = true;
@@ -10,4 +14,10 @@
autosuggestion.enable = true; autosuggestion.enable = true;
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
}; };
}];
users = lib.attrsets.mapAttrs (user: config: ({
home.persistence."/persist${config.home}".directories = [ ".local/share/zsh" ];
})) (lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users);
};
} }

105
users/common/default.nix
View File

@@ -1,108 +1,31 @@
{ config, inputs, lib, pkgs, ... }: { config, inputs, lib, pkgs, ... }:
let
normalUsers = lib.attrsets.filterAttrs (name: config: config.isNormalUser) config.users.users;
in
{ {
imports = [ imports = [
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
./extra.nix ./extra.nix
./configs/persist
./configs/sops
./configs/firefox
./configs/git
./configs/gpg-agent
./configs/hyprland
./configs/kitty
./configs/neovim
./configs/stylix
./configs/zsh
]; ];
programs = {
hyprland.enable = true;
fuse.userAllowOther = true;
dconf.enable = true;
};
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SOPS_AGE_KEY_FILE = "$HOME/.config/sops-nix/key.txt";
};
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs; };
backupFileExtension = "bak"; backupFileExtension = "bak";
sharedModules = [{ sharedModules = [{
imports = [ home.stateVersion = "24.05";
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeManagerModules.stylix
./configs/stylix
./configs/hyprland
./configs/git
./configs/zsh
./configs/neovim
./configs/kitty
./configs/firefox
./configs/gpg-agent
];
home = {
packages = with pkgs; [
rofi-wayland
swww
pavucontrol
];
stateVersion = "24.05";
};
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
}]; }];
users = lib.attrsets.mapAttrs' (user: config: lib.attrsets.nameValuePair
(user)
(let
init = pkgs.pkgs.writeShellScriptBin "hyprland-init" ''
${pkgs.swww}/bin/swww-daemon &> /tmp/swww.log &
while ! swww query &> /dev/null; do
sleep 0.1
done
${pkgs.swww}/bin/swww img ${config.wallpaper}
'';
in
{
home.persistence."/persist${config.home}" = {
directories = [
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
"Templates"
"VMs"
"git"
".mozilla"
".local/share/zsh"
];
files = [
".config/sops-nix/key.txt"
];
allowOther = true;
}; };
sops.age.keyFile = "/persist${config.home}/.config/sops-nix/key.txt"; programs.dconf.enable = true;
programs.git = {
userName = config.fullName;
userEmail = config.email;
};
stylix = {
image = config.wallpaper;
base16Scheme = config.base16Scheme;
};
wayland.windowManager.hyprland.settings.exec-once = "${init}/bin/hyprland-init";
})
) normalUsers;
};
systemd.tmpfiles.rules = [ "d /persist/home/ 0755 root root -" ] ++
lib.attrsets.mapAttrsToList ( user: config: "d /persist${config.home} 0700 ${user} users -" ) normalUsers ++
lib.attrsets.mapAttrsToList ( user: config: "d ${config.home}/.gnupg 0700 ${user} users -" ) normalUsers;
} }