From f24240f8ca38521a7d2f73edabc8a0fb5a155d23 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 5 Sep 2023 23:51:32 -0500 Subject: [PATCH] Modular stuff now working on thinker! --- daniel.nix | 51 +-------------- modules/amd.nix | 3 + modules/pipewire.nix | 40 ++++++------ modules/sway.nix | 9 ++- nixos.nix | 29 +++++---- nixos/common.nix | 31 ++++++--- nixos/rascal.nix | 148 ++++++------------------------------------- nixos/thinker.nix | 2 +- 8 files changed, 90 insertions(+), 223 deletions(-) create mode 100644 modules/amd.nix diff --git a/daniel.nix b/daniel.nix index 38d3629..424dcd5 100644 --- a/daniel.nix +++ b/daniel.nix @@ -12,58 +12,11 @@ home.packages = [ pkgs.rtx + # I use this for managing the following programs' versions instead of nix: + # kubectl, aws # TODO: os-specific scripts? macOS versus Linux (arch or nixos? do I need to distinguish at that point?) (pkgs.buildEnv { name = "my-scripts"; paths = [ ./scripts ]; }) - - # fortune # fun sayings - # steam # games - # pulsemixer # audio - # file # identify file types - # kitty # terminal emulator - # unstable.fzf # fuzzy finder - # dmenu # TODO: currently only using this for dmenu_path in `bin/launch` - # ranger # tui for file management - # pass # the standard unix password manager - # vulkan-tools # vkcube for making sure vulkan still works - # rustup - # clang - # pavucontrol # gui pulseaudio manager - # pamixer # tui pulseaudio manager - # strongswan # work vpn - # gnumake - # elixir - # postgresql # database - # htop # almost as good as bottom (btm) - # unzip # needed by a handful of other utilities - # autoconf - # automake # autotools - # weechat # irc - # python39Full # python 3.9 - # jq # awk for json - # xfce.thunar - # xfce.thunar-archive-plugin - # xfce.thunar-volman # gui file manager - # mpd # music player daemon - # ncmpcpp # ncurses music player client - # vlc # video player - # google-chrome # sometimes ya gotta screenshare - - # # TODO: work module? - # google-cloud-sdk # gcloud - # kubectl # kubernetes cli - # awscli # aws cli - # zoom-us # video conferencing - # lastpass-cli - - # # TODO: move this one to just laptop? - # brightnessctl # laptop screen brightness - - # # nix utils - # nox # package querying and installation? - # # yay is to pacman, nox is to nix-env - # niv # dependency pinning? - # lorri # project envrc - like asdf-vm? ]; programs.password-store = { diff --git a/modules/amd.nix b/modules/amd.nix new file mode 100644 index 0000000..b0308e2 --- /dev/null +++ b/modules/amd.nix @@ -0,0 +1,3 @@ +{ config, lib, ... }: { + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/pipewire.nix b/modules/pipewire.nix index fd4b759..6bdacd0 100644 --- a/modules/pipewire.nix +++ b/modules/pipewire.nix @@ -1,26 +1,26 @@ { ... }: { - services.pipewire = { - enable = true; + services.pipewire = { + enable = true; - wireplumber.enable = true; - pulse.enable = true; - jack.enable = true; + wireplumber.enable = true; + pulse.enable = true; + jack.enable = true; - alsa = { - enable = true; - support32Bit = true; - }; - }; + alsa = { + enable = true; + support32Bit = true; + }; + }; - hardware = { - pulseaudio = { - support32Bit = true; - }; - }; + hardware = { + pulseaudio = { + support32Bit = true; + }; + }; - security = { - # I forget why I need these... - polkit.enable = true; - security.rtkit.enable = true; - }; + security = { + # I forget why I need these... + polkit.enable = true; + rtkit.enable = true; + }; } diff --git a/modules/sway.nix b/modules/sway.nix index 708eb47..51b4b27 100644 --- a/modules/sway.nix +++ b/modules/sway.nix @@ -33,6 +33,8 @@ in { imports = [ ./pipewire.nix ]; + # services.xserver.libinput.enable = true; + services.gnome.gnome-keyring.enable = true; programs.gnupg.agent = { enable = true; @@ -57,7 +59,10 @@ in services.dbus.enable = true; - programs.thunar.enable = true; + programs.thunar = { + enable = true; + plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ]; + }; environment.systemPackages = with pkgs; [ brightnessctl @@ -90,10 +95,10 @@ in vlc vulkan-tools waybar + weechat wine wl-clipboard wofi zathura ]; - # services.xserver.libinput.enable = true; } diff --git a/nixos.nix b/nixos.nix index f98ef6f..c9d8a37 100644 --- a/nixos.nix +++ b/nixos.nix @@ -14,25 +14,26 @@ let scheme { _module.args.disks = disks; } ]; - nixosSystem = modules: inputs.nixpkgs.lib.nixosSystem { + nixosSystem = modules: (inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; - modules = [ ./nixos/common.nix ] ++ modules; - }; + modules = [ + inputs.sops-nix.nixosModules.sops + ./nixos/common.nix + ] ++ modules ++ hms; + }); + diskoNixosSystem = scheme: disks: modules: (nixosSystem ((disko scheme disks) ++ modules)); in { + # TODO: disko-fy rascal and beefcake? + beefcake = nixosSystem [ - inputs.sops-nix.nixosModules.sops - ./machines/beefcake.nix + ./nixos/beefcake.nix inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev - ] ++ hms; + ]; - musicbox = nixosSystem (disko self.diskoConfigurations.unencrypted [ "/dev/sda" ]) ++ [ - ./machines/musicbox.nix - ] ++ hms; - - thinker = nixosSystem (disko self.diskoConfigurations.standard [ "/dev/nvme0n1" ]) ++ [ - ./machines/thinker.nix - inputs.sops-nix.nixosModules.sops - ] ++ hms; + rascal = nixosSystem [ ./nixos/rascal.nix ]; + musicbox = diskoNixosSystem self.diskoConfigurations.unencrypted [ "/dev/sda" ] [ ./nixos/musicbox.nix ]; + thinker = diskoNixosSystem self.diskoConfigurations.standard [ "/dev/nvme0n1" ] [ ./nixos/thinker.nix ]; + dragon = diskoNixosSystem self.diskoConfigurations.standard [ "/dev/disk/by-uuid/asdf" ] [ ./machines/dragon.nix ]; } diff --git a/nixos/common.nix b/nixos/common.nix index d911b84..da92b7b 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -19,13 +19,12 @@ exa fd file - fwupd - git - git-lfs gnumake + gron hexyl htop iputils + jq killall kitty # TODO: I really just need the terminfo on servers, though, right? less @@ -39,8 +38,7 @@ rsync sd sops - tmux - traceroute + smartmontools unzip watchexec wget @@ -98,6 +96,9 @@ enable = true; useRoutingFeatures = lib.mkDefault "client"; }; + + fwupd.enable = true; + smartd.enable = true; }; console = { @@ -149,12 +150,26 @@ hostPlatform = lib.mkDefault "x86_64-linux"; }; - programs = - { - fish = { + programs = { + fish = { + enable = true; + }; + + tmux = { + enable = true; + clock24 = true; + }; + + traceroute.enable = true; + + git = { + enable = true; + + lfs = { enable = true; }; }; + }; time = { timeZone = "America/Chicago"; diff --git a/nixos/rascal.nix b/nixos/rascal.nix index 4c03731..b373ca2 100644 --- a/nixos/rascal.nix +++ b/nixos/rascal.nix @@ -1,146 +1,36 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, modulesPath, ... }: -let - unstable = import { config = { allowUnfree = true; }; }; -in -{ - imports = - [ - # Include the results of the hardware scan. - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, modulesPath, ... }: { + imports = [ + ../modules/amd.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod" ]; boot.kernelModules = [ "kvm-amd" ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d"; - fsType = "f2fs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d"; + fsType = "f2fs"; + }; - swapDevices = [ ]; + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/sda"; + }; - networking.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - networking.hostName = "rascal"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.daniel = { - shell = pkgs.fish; - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - - ]; + networking = { + hostName = "rascal"; + networkmanager.enable = true; }; users.users.beefcake = { # used for restic backups isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" + openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" ]; }; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - unstable.helix # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - unstable.zellij - tmux - curl - wget - exa - sd - smartmontools - fd - git - fish - ripgrep - rnix-lsp - wireguard-tools - tailscale - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - services.smartd.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - services.tailscale.enable = true; - - environment.variables = { - EDITOR = "hx"; - FISH_START_ZELLIJ = "true"; - }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; - networking.firewall.checkReversePath = "loose"; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.0.10.15/24" ]; - listenPort = 51820; - privateKeyFile = "/root/wg.key"; - - peers = [ - { - publicKey = "c6gERFUqFr8aTSyRF9c4IF2aah8WbUsO/Qo8QJQ2Hzk="; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "vpn4.h.lyte.dev:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - persistentKeepalive = 25; - } - ]; - }; - }; + system.stateVersion = "22.05"; } diff --git a/nixos/thinker.nix b/nixos/thinker.nix index 3aea5af..05f7490 100644 --- a/nixos/thinker.nix +++ b/nixos/thinker.nix @@ -1,7 +1,7 @@ { modulesPath, lib, ... }: { imports = [ - ../modules/intel.net + ../modules/intel.nix ../modules/desktop-usage.nix ../modules/podman.nix ../modules/wifi.nix