diff options
| author | Freya Murphy <freya@freyacat.org> | 2025-06-26 13:26:37 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2025-06-26 13:26:37 -0400 |
| commit | d94d620d2f393e274676a619b8a56f97f0ed7524 (patch) | |
| tree | 9a71c00f90a93749a4db4abe823e87ea72bfec2a | |
| parent | add packages to wsl (diff) | |
| download | dotfiles-nix-d94d620d2f393e274676a619b8a56f97f0ed7524.tar.gz dotfiles-nix-d94d620d2f393e274676a619b8a56f97f0ed7524.tar.bz2 dotfiles-nix-d94d620d2f393e274676a619b8a56f97f0ed7524.zip | |
make system config more modular
| -rw-r--r-- | home/default.nix | 1 | ||||
| -rw-r--r-- | hosts/kaworu/default.nix | 4 | ||||
| -rw-r--r-- | hosts/kaworu/hardware.nix | 4 | ||||
| -rw-r--r-- | hosts/shinji/default.nix | 5 | ||||
| -rw-r--r-- | hosts/shinji/hardware.nix | 4 | ||||
| -rw-r--r-- | hosts/thinkpad/default.nix | 5 | ||||
| -rw-r--r-- | hosts/thinkpad/hardware.nix | 4 | ||||
| -rw-r--r-- | hosts/wsl/default.nix | 9 | ||||
| -rw-r--r-- | modules/options.nix | 18 | ||||
| -rw-r--r-- | system/battery.nix | 41 | ||||
| -rw-r--r-- | system/bluetooth.nix | 12 | ||||
| -rw-r--r-- | system/default.nix | 67 | ||||
| -rw-r--r-- | system/desktop.nix | 41 | ||||
| -rw-r--r-- | system/hardware.nix | 26 | ||||
| -rw-r--r-- | system/networking.nix | 20 | ||||
| -rw-r--r-- | system/sshd.nix | 55 |
16 files changed, 206 insertions, 110 deletions
diff --git a/home/default.nix b/home/default.nix index 042e675..faa4993 100644 --- a/home/default.nix +++ b/home/default.nix @@ -43,7 +43,6 @@ in { gajim thunderbird-latest # programs - blueman brightnessctl easyeffects filezilla diff --git a/hosts/kaworu/default.nix b/hosts/kaworu/default.nix index 8b7e089..c9a2361 100644 --- a/hosts/kaworu/default.nix +++ b/hosts/kaworu/default.nix @@ -39,4 +39,8 @@ terminal = { kitty = true; }; + + # modules + bluetooth = true; + network = true; } diff --git a/hosts/kaworu/hardware.nix b/hosts/kaworu/hardware.nix index b236890..8b49109 100644 --- a/hosts/kaworu/hardware.nix +++ b/hosts/kaworu/hardware.nix @@ -1,8 +1,4 @@ {...}: { - # hardware - hardware.graphics.enable = true; - hardware.bluetooth.enable = true; - # bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi = { diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix index 5c39012..4d7f434 100644 --- a/hosts/shinji/default.nix +++ b/hosts/shinji/default.nix @@ -62,4 +62,9 @@ terminal = { kitty = true; }; + + # modules + battery = true; + bluetooth = true; + network = true; } diff --git a/hosts/shinji/hardware.nix b/hosts/shinji/hardware.nix index 65db35d..edf7733 100644 --- a/hosts/shinji/hardware.nix +++ b/hosts/shinji/hardware.nix @@ -1,8 +1,4 @@ {...}: { - # hardware - hardware.graphics.enable = true; - hardware.bluetooth.enable = true; - # bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi = { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 4d764c0..b2986ba 100644 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -33,4 +33,9 @@ terminal = { kitty = true; }; + + # modules + battery = true; + bluetooth = true; + network = true; } diff --git a/hosts/thinkpad/hardware.nix b/hosts/thinkpad/hardware.nix index 61948b4..95f9ffd 100644 --- a/hosts/thinkpad/hardware.nix +++ b/hosts/thinkpad/hardware.nix @@ -1,8 +1,4 @@ {...}: { - # hardware - hardware.graphics.enable = true; - hardware.bluetooth.enable = true; - # bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi = { diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix index 2dc86c4..3c60f14 100644 --- a/hosts/wsl/default.nix +++ b/hosts/wsl/default.nix @@ -18,10 +18,11 @@ # packages environment.systemPackages = with pkgs; [ - (python3.withPackages (ppkgs: with ppkgs; [ - myst-parser - sphinx - ])) + (python3.withPackages (ppkgs: + with ppkgs; [ + myst-parser + sphinx + ])) gnumake texliveFull inputs.self.packages.${system}.arcanist diff --git a/modules/options.nix b/modules/options.nix index f55b398..62b4ae5 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -189,6 +189,24 @@ in { type = types.str; description = "Hostname of the system."; }; + timeZone = mkOption { + type = types.str; + description = "System time zone"; + default = "America/New_York"; + }; + + # + # System modules + # + battery = mkEnableOption { + description = "Install battery and power system services and programs."; + }; + bluetooth = mkEnableOption { + description = "Install bluetooth system services and programs."; + }; + network = mkEnableOption { + description = "Install networking system services and programs."; + }; minimal = mkEnableOption { description = "Install only required system services, drivers, and programs."; }; diff --git a/system/battery.nix b/system/battery.nix new file mode 100644 index 0000000..42ee269 --- /dev/null +++ b/system/battery.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf config.battery { + # power monterting + services.upower = { + enable = !config.minimal; + percentageLow = 20; + percentageCritical = 10; + percentageAction = 4; + criticalPowerAction = "Hibernate"; + }; + + # power profiles + services.tlp = { + enable = !config.minimal; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 20; + }; + }; + + # packages + environment.systemPackages = with pkgs; [ + acpi + ]; + }; +} diff --git a/system/bluetooth.nix b/system/bluetooth.nix new file mode 100644 index 0000000..2015eb6 --- /dev/null +++ b/system/bluetooth.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf config.bluetooth { + hardware.bluetooth.enable = true; + services.blueman.enable = true; + }; +} diff --git a/system/default.nix b/system/default.nix index ae04066..36d11ee 100644 --- a/system/default.nix +++ b/system/default.nix @@ -5,7 +5,11 @@ ... }: { imports = [ + ./battery.nix + ./bluetooth.nix + ./desktop.nix ./hardware.nix + ./networking.nix ./sshd.nix ]; @@ -30,7 +34,6 @@ bash zsh # utility - acpi curl dig file @@ -49,15 +52,6 @@ wget ]; - # nix-ld - programs.nix-ld.enable = true; - - # appimage - programs.appimage = { - enable = !config.minimal; - binfmt = !config.minimal; - }; - # use the latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; @@ -65,7 +59,7 @@ boot.kernel.sysctl."kernel.sysrq" = 246; # timezone - time.timeZone = "America/New_York"; + time.timeZone = config.timeZone; # docs documentation = { @@ -77,60 +71,11 @@ # locale i18n.defaultLocale = "en_US.UTF-8"; - # networking - networking.networkmanager.enable = true; - networking.networkmanager.dns = "systemd-resolved"; - networking.firewall.enable = true; - services.resolved.enable = true; - - # hardware - services.dbus.implementation = "broker"; - services.fwupd.enable = true; - services.libinput.enable = config.desktop.enable; - services.pipewire = { - enable = config.desktop.enable; - alsa.enable = config.desktop.enable; - pulse.enable = config.desktop.enable; - jack.enable = config.desktop.enable; - }; - - # power - services.upower = { - enable = !config.minimal; - percentageLow = 20; - percentageCritical = 10; - percentageAction = 4; - criticalPowerAction = "Hibernate"; - }; - services.tlp = { - enable = !config.minimal; - settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - - CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - - CPU_MIN_PERF_ON_AC = 0; - CPU_MAX_PERF_ON_AC = 100; - CPU_MIN_PERF_ON_BAT = 0; - CPU_MAX_PERF_ON_BAT = 20; - }; - }; - - # printing - services.printing.enable = config.desktop.enable; - services.avahi = { - enable = config.desktop.enable; - nssmdns4 = config.desktop.enable; - openFirewall = config.desktop.enable; - }; - # create user account users.users.${config.user} = { isNormalUser = true; description = config.fullName; - extraGroups = ["networkmanager" "wheel" "sys" "video" "audio"]; + extraGroups = ["wheel" "sys" "video" "audio"]; home = config.homePath; shell = pkgs.zsh; }; diff --git a/system/desktop.nix b/system/desktop.nix new file mode 100644 index 0000000..bc6daba --- /dev/null +++ b/system/desktop.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf config.desktop.enable { + # nix-ld + programs.nix-ld.enable = true; + + # appimage + programs.appimage = { + enable = true; + binfmt = true; + }; + + # services + services.dbus.implementation = "broker"; + services.libinput.enable = true; + + # audio / video + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + jack.enable = true; + }; + hardware.graphics.enable = true; + users.groups.audio.members = [config.user]; + users.groups.video.members = [config.user]; + + # printing + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} diff --git a/system/hardware.nix b/system/hardware.nix index 853a6cc..8b1ef0c 100644 --- a/system/hardware.nix +++ b/system/hardware.nix @@ -1,9 +1,21 @@ -{pkgs, ...}: { - # yubikey support - services = { - pcscd.enable = true; - udev.packages = with pkgs; [ - yubikey-personalization - ]; +{ + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf (!config.minimal) { + # yubikey support + services = { + pcscd.enable = true; + udev.packages = with pkgs; [ + yubikey-personalization + ]; + }; + + # firmware + services.fwupd.enable = true; }; } diff --git a/system/networking.nix b/system/networking.nix new file mode 100644 index 0000000..923fa39 --- /dev/null +++ b/system/networking.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf config.network { + # ethernet / wifi + networking.networkmanager.enable = true; + users.groups.networkmanager.members = [config.user]; + + # firewall + networking.firewall.enable = true; + + # dns + services.resolved.enable = true; + networking.networkmanager.dns = "systemd-resolved"; + }; +} diff --git a/system/sshd.nix b/system/sshd.nix index 088bccb..a1ca2f2 100644 --- a/system/sshd.nix +++ b/system/sshd.nix @@ -1,35 +1,40 @@ { + lib, config, self, ... -}: { - # sshd - services.openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - UseDns = true; - X11Forwarding = false; - PermitRootLogin = "no"; +}: let + inherit (lib) mkIf; +in { + config = mkIf config.network { + # sshd + services.openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "no"; + }; }; - }; - # allow ssh port - networking.firewall.allowedTCPPorts = [22]; + # allow ssh port + networking.firewall.allowedTCPPorts = [22]; - # ban evil - services.fail2ban = { - enable = true; - ignoreIP = [ - # freyanet - "10.0.0.0/14" - ]; - }; + # ban evil + services.fail2ban = { + enable = true; + ignoreIP = [ + # freyanet + "10.0.0.0/14" + ]; + }; - # add authorized keys - users.users.${config.user} = { - openssh.authorizedKeys.keyFiles = self.lib.sshKeys; + # add authorized keys + users.users.${config.user} = { + openssh.authorizedKeys.keyFiles = self.lib.sshKeys; + }; }; } |