mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

refactor: split hardware related and system related common configuration

Browse source
This commit is contained in:
oddlama 2023-05-01 15:27:28 +02:00
parent f55c83c1b8
commit de19b23d3d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 82 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

87
hosts/common/core/default.nix
View file

@ -1,100 +1,25 @@
{
inputs,
lib,
pkgs,
config,
nodeName,
...
}: {
{config, ...}: {
imports = [
./inputrc.nix
./impermanence.nix
./inputrc.nix
./issue.nix
./net.nix
./nix.nix
./resolved.nix
./ssh.nix
./tmux.nix
./system.nix
./xdg.nix
../../../modules/wireguard.nix
];
# IP address math library
# https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
# Plus some extensions by us
lib = let
libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
in
lib.recursiveUpdate libWithNet {
net.cidr = rec {
hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
ip = x: lib.head (lib.splitString "/" x);
canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
};
};
# Setup secret rekeying parameters
rekey = {
inherit
(inputs.self.secrets)
masterIdentities
extraEncryptionPubkeys
;
# This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let
pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
in
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
pubkeyPath;
};
boot = {
initrd.systemd.enable = true;
kernelParams = ["log_buf_len=10M"];
tmp.useTmpfs = true;
};
# Disable sudo which is entierly unnecessary.
security.sudo.enable = false;
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = "C.UTF-8";
console.keyMap = "de-latin1-nodeadkeys";
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
};
systemd.enableUnifiedCgroupHierarchy = true;
users.mutableUsers = false;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
verbose = true;
};
programs = {
# Required even when using home-manager's zsh module since the /etc/profile load order
# is partly controlled by this. See nix-community/home-manager#3681.
zsh.enable = true;
git = {
enable = true;
config = {
init.defaultBranch = "main";
pull.rebase = true;
};
};
};
services = {
fwupd.enable = true;
smartd.enable = true;
thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
};
# Required even when using home-manager's zsh module since the /etc/profile load order
# is partly controlled by this. See nix-community/home-manager#3681.
programs.zsh.enable = true;
}

54
hosts/common/core/system.nix Normal file
View file

@ -0,0 +1,54 @@
{
inputs,
lib,
nodeName,
...
}: {
# IP address math library
# https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
# Plus some extensions by us
lib = let
libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
in
lib.recursiveUpdate libWithNet {
net.cidr = rec {
hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
ip = x: lib.head (lib.splitString "/" x);
canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
};
};
# Setup secret rekeying parameters
rekey = {
inherit
(inputs.self.secrets)
masterIdentities
extraEncryptionPubkeys
;
# This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let
pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
in
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
pubkeyPath;
};
boot = {
initrd.systemd.enable = true;
kernelParams = ["log_buf_len=10M"];
tmp.useTmpfs = true;
};
# Disable sudo which is entierly unnecessary.
security.sudo.enable = false;
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = "C.UTF-8";
console.keyMap = "de-latin1-nodeadkeys";
systemd.enableUnifiedCgroupHierarchy = true;
users.mutableUsers = false;
}

14
hosts/common/core/tmux.nix
View file

@ -1,14 +0,0 @@
{
programs.tmux = {
enable = true;
aggressiveResize = true;
clock24 = true;
escapeTime = 0;
historyLimit = 10000;
# breaks tmate
newSession = false;
secureSocket = false;
shortcut = "g";
terminal = "tmux-256color";
};
}

4
hosts/common/hardware/cloud.nix Normal file
View file

@ -0,0 +1,4 @@
# Configuration for cloud-servers machines
{
services.smartd.enable = true;
}

13
hosts/common/hardware/physical.nix Normal file
View file

@ -0,0 +1,13 @@
# Configuration for actual physical machines
{config, ...}: {
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
};
services = {
fwupd.enable = true;
smartd.enable = true;
thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
};
}

1
hosts/nom/default.nix
View file

@ -14,6 +14,7 @@
../common/graphical
../common/hardware/intel.nix
../common/hardware/physical.nix
../common/efi.nix
../common/initrd-ssh.nix
../common/laptop.nix

1
hosts/ward/default.nix
View file

@ -10,6 +10,7 @@
../common/core
../common/hardware/intel.nix
../common/hardware/physical.nix
../common/initrd-ssh.nix
../common/efi.nix
../common/zfs.nix

2
hosts/zackbiene/default.nix
View file

@ -9,6 +9,8 @@
nixos-hardware.common-pc-ssd
../common/core
../common/hardware/physical.nix
#../common/initrd-ssh.nix
../common/zfs.nix
../../users/root