mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

refactor: merge initrd-ssh.nix with ssh.nix, remove ccid override (now upstream)

Browse source
This commit is contained in:
oddlama 2024-10-29 23:56:03 +01:00
parent ccffba4930
commit 32e9896154
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
19 changed files with 167 additions and 439 deletions
Download patch file Download diff file Expand all files Collapse all files

1
config/default.nix
View file

@ -23,7 +23,6 @@
./boot.nix
./home-manager.nix
./impermanence.nix
./inputrc.nix
./installer.nix
./issue.nix
./net.nix

172
config/graphical/cosmic.nix
View file

@ -1,172 +0,0 @@
{
lib,
pkgs,
config,
utils,
...
}: let
excludePackages = with pkgs; [fira];
in {
environment.pathsToLink = [
"/share/backgrounds"
"/share/cosmic"
];
environment.systemPackages =
utils.removePackagesByName (
with pkgs;
[
adwaita-icon-theme
alsa-utils
cosmic-applets
cosmic-applibrary
cosmic-bg
(cosmic-comp.override {
# avoid PATH pollution of system action keybinds (Xwayland handled below)
useXWayland = false;
})
cosmic-edit
cosmic-files
cosmic-greeter
cosmic-icons
cosmic-launcher
cosmic-notifications
cosmic-osd
cosmic-panel
cosmic-randr
cosmic-screenshot
cosmic-session
cosmic-settings
cosmic-settings-daemon
cosmic-term
cosmic-wallpapers
cosmic-workspaces-epoch
hicolor-icon-theme
playerctl
pop-icon-theme
pop-launcher
xdg-user-dirs
xwayland
]
++ lib.optionals config.services.flatpak.enable [
cosmic-store
]
)
excludePackages;
# xdg portal packages and config
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-cosmic
xdg-desktop-portal-gtk
];
configPackages = lib.mkDefault (
with pkgs; [
xdg-desktop-portal-cosmic
]
);
};
# fonts
fonts.packages =
utils.removePackagesByName (with pkgs; [
fira
])
excludePackages;
# required features
# hardware.${
# if lib.versionAtLeast lib.version "24.11"
# then "graphics"
# else "opengl"
# }.enable =
# true;
# services.libinput.enable = true;
# xdg.mime.enable = true;
# xdg.icons.enable = true;
# optional features
# hardware.bluetooth.enable = lib.mkDefault true;
services.acpid.enable = lib.mkDefault true;
# services.pipewire = {
# enable = lib.mkDefault true;
# alsa.enable = lib.mkDefault true;
# pulse.enable = lib.mkDefault true;
# };
services.gvfs.enable = lib.mkDefault true;
# networking.networkmanager.enable = lib.mkDefault true;
services.gnome.gnome-keyring.enable = lib.mkDefault true;
# general graphical session features
# programs.dconf.enable = lib.mkDefault true;
#
# required dbus services
services.accounts-daemon.enable = true;
services.upower.enable = true;
services.power-profiles-daemon.enable = lib.mkDefault (!config.hardware.system76.power-daemon.enable);
security.polkit.enable = true;
security.rtkit.enable = true;
# session packages
services.displayManager.sessionPackages = with pkgs; [cosmic-session];
systemd.packages = with pkgs; [cosmic-session];
# TODO: remove when upstream has XDG autostart support
systemd.user.targets.cosmic-session = {
wants = ["xdg-desktop-autostart.target"];
before = ["xdg-desktop-autostart.target"];
};
# required for screen locker
security.pam.services.cosmic-greeter = {};
nix.settings.substituters = [
"https://cosmic.cachix.org/"
];
nix.settings.trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
# module diagnostics
warnings =
lib.optional
(
lib.elem pkgs.cosmic-files excludePackages
&& !(lib.elem pkgs.cosmic-session excludePackages)
)
''
The COSMIC session may fail to initialise with the `cosmic-files` package excluded via
`excludePackages`.
Please do one of the following:
1. Remove `cosmic-files` from `excludePackages`.
2. Add `cosmic-session` (in addition to `cosmic-files`) to
`excludePackages` and ensure whatever session starter/manager you are
using is appropriately set up.
'';
assertions = [
{
assertion = lib.elem "libcosmic-app-hook" (
lib.map (
drv: lib.optionalString (lib.isDerivation drv) (lib.getName drv)
)
pkgs.cosmic-comp.nativeBuildInputs
);
message = ''
It looks like the provided `pkgs` to the NixOS COSMIC module is not usable for a working COSMIC
desktop environment.
If you are erroneously passing in `pkgs` to `specialArgs` somewhere in your system configuration,
this is is often unnecessary and has unintended consequences for all NixOS modules. Please either
remove that in favor of configuring the NixOS `pkgs` instance via `nixpkgs.config` and
`nixpkgs.overlays`.
If you must instantiate your own `pkgs`, then please include the overlay from the NixOS COSMIC flake
when instantiating `pkgs` and be aware that the `nixpkgs.config` and `nixpkgs.overlays` options will
not function for any NixOS modules.
Note that the COSMIC packages in Nixpkgs are still largely broken as of 2024-10-16 and will not be
usable for having a fully functional COSMIC desktop environment. The overlay is therefore necessary.
'';
}
];
}

6
config/graphical/default.nix
View file

@ -4,7 +4,6 @@
lib,
minimal,
pkgs,
globals,
...
}: let
inherit
@ -30,7 +29,6 @@ in
./fonts.nix
./steam.nix
./xserver.nix
# ./cosmic.nix
];
config = {
@ -67,13 +65,13 @@ in
waylandCompositors.sway = {
prettyName = "Sway";
comment = "Sway";
binPath = lib.getExe config.home-manager.users.${globals.myuser.name}.wayland.windowManager.sway.package;
binPath = lib.getExe pkgs.sway;
};
waylandCompositors.hyprland = {
prettyName = "Hyprland";
comment = "Hyprland";
binPath = lib.getExe config.home-manager.users.${globals.myuser.name}.wayland.windowManager.hyprland.package;
binPath = lib.getExe pkgs.hyprland;
};
};

2
config/hardware/bluetooth.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [bluetuith];
environment.systemPackages = with pkgs; [bluetui];
environment.persistence."/persist".directories = [
"/var/lib/bluetooth"
];

105
config/inputrc Normal file
View file

@ -0,0 +1,105 @@
# /etc/inputrc: initialization file for readline
#
# For more information on how this file works, please see the
# INITIALIZATION FILE section of the readline(3) man page
#
# Quick dirty little note:
# To get the key sequence for binding, you can abuse bash.
# While running bash, hit CTRL+V, and then type the key sequence.
# So, typing 'ALT + left arrow' in Konsole gets you back:
# ^[[1;3D
# The readline entry to make this skip back a word will then be:
# "\e[1;3D" backward-word
#
# Customization note:
# You don't need to put all your changes in this file. You can create
# ~/.inputrc which starts off with the line:
# $include /etc/inputrc
# Then put all your own stuff after that.
# do not bell on tab-completion
set bell-style none
set history-size -1
set meta-flag on
set input-meta on
set convert-meta off
set output-meta on
# dont output everything on first line
set horizontal-scroll-mode off
# append slash to completed directories & symlinked directories
set mark-directories on
set mark-symlinked-directories on
# dont expand ~ in tab completion
set expand-tilde off
# instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking
set show-all-if-ambiguous on
set completion-query-items 300
$if mode=emacs
# for linux console and RH/Debian xterm
# allow the use of the Home/End keys
"\e[1~": beginning-of-line
"\e[4~": end-of-line
# map "page up" and "page down" to search history based on current cmdline
"\e[5~": history-search-backward
"\e[6~": history-search-forward
# allow the use of the Delete/Insert keys
"\e[3~": delete-char
"\e[2~": quoted-insert
# gnome / others (escape + arrow key)
"\e[5C": forward-word
"\e[5D": backward-word
# konsole / xterm / rxvt (escape + arrow key)
"\e\e[C": forward-word
"\e\e[D": backward-word
# gnome / konsole / others (control + arrow key)
"\e[1;5C": forward-word
"\e[1;5D": backward-word
# aterm / eterm (control + arrow key)
"\eOc": forward-word
"\eOd": backward-word
# konsole (alt + arrow key)
"\e[1;3C": forward-word
"\e[1;3D": backward-word
# Chromebooks remap alt + backspace so provide alternative (alt + k)
"\ek": backward-kill-word
$if term=rxvt
"\e[8~": end-of-line
"\e[3^": kill-line
"\e[3@": backward-kill-line
$endif
# for non RH/Debian xterm, can't hurt for RH/Debian xterm
"\eOH": beginning-of-line
"\eOF": end-of-line
# for freebsd console
"\e[H": beginning-of-line
"\e[F": end-of-line
# fix Home and End for German users
"\e[7~": beginning-of-line
"\e[8~": end-of-line
# ctrl [+ shift] + del = kill line [backward]
"\e[3;5~": kill-line
"\e[3;6~": backward-kill-line
$endif
# Up and Down should search history based on current cmdline
"\e[A": history-search-backward
"\e[B": history-search-forward

110
config/inputrc.nix
View file

@ -1,110 +0,0 @@
{
environment.etc."inputrc".text = ''
# /etc/inputrc: initialization file for readline
#
# For more information on how this file works, please see the
# INITIALIZATION FILE section of the readline(3) man page
#
# Quick dirty little note:
# To get the key sequence for binding, you can abuse bash.
# While running bash, hit CTRL+V, and then type the key sequence.
# So, typing 'ALT + left arrow' in Konsole gets you back:
# ^[[1;3D
# The readline entry to make this skip back a word will then be:
# "\e[1;3D" backward-word
#
# Customization note:
# You don't need to put all your changes in this file. You can create
# ~/.inputrc which starts off with the line:
# $include /etc/inputrc
# Then put all your own stuff after that.
#
# do not bell on tab-completion
set bell-style none
set history-size -1
set meta-flag on
set input-meta on
set convert-meta off
set output-meta on
# dont output everything on first line
set horizontal-scroll-mode off
# append slash to completed directories & symlinked directories
set mark-directories on
set mark-symlinked-directories on
# dont expand ~ in tab completion
set expand-tilde off
# instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking
set show-all-if-ambiguous on
set completion-query-items 300
$if mode=emacs
# for linux console and RH/Debian xterm
# allow the use of the Home/End keys
"\e[1~": beginning-of-line
"\e[4~": end-of-line
# map "page up" and "page down" to search history based on current cmdline
"\e[5~": history-search-backward
"\e[6~": history-search-forward
# allow the use of the Delete/Insert keys
"\e[3~": delete-char
"\e[2~": quoted-insert
# gnome / others (escape + arrow key)
"\e[5C": forward-word
"\e[5D": backward-word
# konsole / xterm / rxvt (escape + arrow key)
"\e\e[C": forward-word
"\e\e[D": backward-word
# gnome / konsole / others (control + arrow key)
"\e[1;5C": forward-word
"\e[1;5D": backward-word
# aterm / eterm (control + arrow key)
"\eOc": forward-word
"\eOd": backward-word
# konsole (alt + arrow key)
"\e[1;3C": forward-word
"\e[1;3D": backward-word
# Chromebooks remap alt + backspace so provide alternative (alt + k)
"\ek": backward-kill-word
$if term=rxvt
"\e[8~": end-of-line
"\e[3^": kill-line
"\e[3@": backward-kill-line
$endif
# for non RH/Debian xterm, can't hurt for RH/Debian xterm
"\eOH": beginning-of-line
"\eOF": end-of-line
# for freebsd console
"\e[H": beginning-of-line
"\e[F": end-of-line
# fix Home and End for German users
"\e[7~": beginning-of-line
"\e[8~": end-of-line
# ctrl [+ shift] + del = kill line [backward]
"\e[3;5~": kill-line
"\e[3;6~": backward-kill-line
$endif
# Up and Down should search history based on current cmdline
"\e[A": history-search-backward
"\e[B": history-search-forward
'';
}

29
config/optional/initrd-ssh.nix
View file

@ -1,29 +0,0 @@
{
config,
pkgs,
...
}: {
age.secrets.initrd_host_ed25519_key.generator.script = "ssh-ed25519";
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 4;
hostKeys = [config.age.secrets.initrd_host_ed25519_key.path];
};
# Make sure that there is always a valid initrd hostkey available that can be installed into
# the initrd. When bootstrapping a system (or re-installing), agenix cannot succeed in decrypting
# whatever is given, since the correct hostkey doesn't even exist yet. We still require
# a valid hostkey to be available so that the initrd can be generated successfully.
# The correct initrd host-key will be installed with the next update after the host is booted
# for the first time, and the secrets were rekeyed for the the new host identity.
system.activationScripts.agenixEnsureInitrdHostkey = {
text = ''
[[ -e ${config.age.secrets.initrd_host_ed25519_key.path} ]] \
|| ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${config.age.secrets.initrd_host_ed25519_key.path}
'';
deps = ["agenixInstall" "users"];
};
system.activationScripts.agenixChown.deps = ["agenixEnsureInitrdHostkey"];
}

76
config/ssh.nix
View file

@ -1,21 +1,57 @@
{lib, ...}: {
services.openssh = {
enable = true;
# In containers, this is true by default, but we don't want that
# because we rely on ssh key generation for agenix
startWhenNeeded = lib.mkForce false;
authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
sftpServerExecutable = "internal-sftp";
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
{
config,
lib,
pkgs,
...
}: {
config = lib.mkMerge [
{
services.openssh = {
enable = true;
# In containers, this is true by default, but we don't want that
# because we rely on ssh key generation for agenix. So we need
# the service to start eagerly
startWhenNeeded = lib.mkForce false;
authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
sftpServerExecutable = "internal-sftp";
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}
# Enable initrd-ssh unlock for non-virtualized hosts
(lib.mkIf (config.node.type == "host") {
age.secrets.initrd_host_ed25519_key.generator.script = "ssh-ed25519";
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 4;
hostKeys = [config.age.secrets.initrd_host_ed25519_key.path];
};
# Make sure that there is always a valid initrd hostkey available that can be installed into
# the initrd. When bootstrapping a system (or re-installing), agenix cannot succeed in decrypting
# whatever is given, since the correct hostkey doesn't even exist yet. We still require
# a valid hostkey to be available so that the initrd can be generated successfully.
# The correct initrd host-key will be installed with the next update after the host is booted
# for the first time, and the secrets were rekeyed for the the new host identity.
system.activationScripts.agenixEnsureInitrdHostkey = {
text = ''
[[ -e ${config.age.secrets.initrd_host_ed25519_key.path} ]] \
|| ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${config.age.secrets.initrd_host_ed25519_key.path}
'';
deps = ["agenixInstall" "users"];
};
system.activationScripts.agenixChown.deps = ["agenixEnsureInitrdHostkey"];
})
];
}

3
config/system.nix
View file

@ -11,4 +11,7 @@
# Install the kitty terminfo package for all systems.
environment.systemPackages = [pkgs.kitty.terminfo];
# And a reasonable inputrc please
environment.etc."inputrc".source = ./inputrc;
}