sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: split hardware related and system related common configuration

Browse source
This commit is contained in:
oddlama 2023-05-01 15:27:28 +02:00
parent f55c83c1b8
commit de19b23d3d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 82 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

87
hosts/common/core/default.nix
View file

@ -1,100 +1,25 @@
{ {config, ...}: {
inputs,
lib,
pkgs,
config,
nodeName,
...
}: {
imports = [ imports = [
./inputrc.nix
./impermanence.nix ./impermanence.nix
./inputrc.nix
./issue.nix ./issue.nix
./net.nix ./net.nix
./nix.nix ./nix.nix
./resolved.nix ./resolved.nix
./ssh.nix ./ssh.nix
./tmux.nix ./system.nix
./xdg.nix ./xdg.nix
../../../modules/wireguard.nix ../../../modules/wireguard.nix
]; ];
# IP address math library
# https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
# Plus some extensions by us
lib = let
libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
in
lib.recursiveUpdate libWithNet {
net.cidr = rec {
hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
ip = x: lib.head (lib.splitString "/" x);
canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
};
};
# Setup secret rekeying parameters
rekey = {
inherit
(inputs.self.secrets)
masterIdentities
extraEncryptionPubkeys
;
# This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let
pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
in
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
pubkeyPath;
};
boot = {
initrd.systemd.enable = true;
kernelParams = ["log_buf_len=10M"];
tmp.useTmpfs = true;
};
# Disable sudo which is entierly unnecessary.
security.sudo.enable = false;
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = "C.UTF-8";
console.keyMap = "de-latin1-nodeadkeys";
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
};
systemd.enableUnifiedCgroupHierarchy = true;
users.mutableUsers = false;
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
verbose = true; verbose = true;
}; };
programs = { # Required even when using home-manager's zsh module since the /etc/profile load order
# Required even when using home-manager's zsh module since the /etc/profile load order # is partly controlled by this. See nix-community/home-manager#3681.
# is partly controlled by this. See nix-community/home-manager#3681. programs.zsh.enable = true;
zsh.enable = true;
git = {
enable = true;
config = {
init.defaultBranch = "main";
pull.rebase = true;
};
};
};
services = {
fwupd.enable = true;
smartd.enable = true;
thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
};
} }

54
hosts/common/core/system.nix Normal file
View file

@ -0,0 +1,54 @@
{
inputs,
lib,
nodeName,
...
}: {
# IP address math library
# https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
# Plus some extensions by us
lib = let
libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
in
lib.recursiveUpdate libWithNet {
net.cidr = rec {
hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
ip = x: lib.head (lib.splitString "/" x);
canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
};
};
# Setup secret rekeying parameters
rekey = {
inherit
(inputs.self.secrets)
masterIdentities
extraEncryptionPubkeys
;
# This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let
pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
in
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
pubkeyPath;
};
boot = {
initrd.systemd.enable = true;
kernelParams = ["log_buf_len=10M"];
tmp.useTmpfs = true;
};
# Disable sudo which is entierly unnecessary.
security.sudo.enable = false;
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = "C.UTF-8";
console.keyMap = "de-latin1-nodeadkeys";
systemd.enableUnifiedCgroupHierarchy = true;
users.mutableUsers = false;
}

14
hosts/common/core/tmux.nix
View file

@ -1,14 +0,0 @@
{
programs.tmux = {
enable = true;
aggressiveResize = true;
clock24 = true;
escapeTime = 0;
historyLimit = 10000;
# breaks tmate
newSession = false;
secureSocket = false;
shortcut = "g";
terminal = "tmux-256color";
};
}

4
hosts/common/hardware/cloud.nix Normal file
View file

@ -0,0 +1,4 @@
# Configuration for cloud-servers machines
{
services.smartd.enable = true;
}

13
hosts/common/hardware/physical.nix Normal file
View file

@ -0,0 +1,13 @@
# Configuration for actual physical machines
{config, ...}: {
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
};
services = {
fwupd.enable = true;
smartd.enable = true;
thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
};
}

1
hosts/nom/default.nix
View file

@ -14,6 +14,7 @@
../common/graphical ../common/graphical
../common/hardware/intel.nix ../common/hardware/intel.nix
../common/hardware/physical.nix
../common/efi.nix ../common/efi.nix
../common/initrd-ssh.nix ../common/initrd-ssh.nix
../common/laptop.nix ../common/laptop.nix

1
hosts/ward/default.nix
View file

@ -10,6 +10,7 @@
../common/core ../common/core
../common/hardware/intel.nix ../common/hardware/intel.nix
../common/hardware/physical.nix
../common/initrd-ssh.nix ../common/initrd-ssh.nix
../common/efi.nix ../common/efi.nix
../common/zfs.nix ../common/zfs.nix

2
hosts/zackbiene/default.nix
View file

@ -9,6 +9,8 @@
nixos-hardware.common-pc-ssd nixos-hardware.common-pc-ssd
../common/core ../common/core
../common/hardware/physical.nix
#../common/initrd-ssh.nix
../common/zfs.nix ../common/zfs.nix
../../users/root ../../users/root

5
users/common/git.nix
View file

@ -5,14 +5,11 @@
difftastic.enable = true; difftastic.enable = true;
lfs.enable = lib.mkDefault false; lfs.enable = lib.mkDefault false;
extraConfig = { extraConfig = {
#diff = {
# colorMoved = "default";
# age.textconv = "${pkgs.rage}/bin/rage -i ~/.ssh/username --decrypt";
#};
difftool.prompt = true; difftool.prompt = true;
init.defaultBranch = "main"; init.defaultBranch = "main";
merge.conflictstyle = "diff3"; merge.conflictstyle = "diff3";
mergetool.prompt = true; mergetool.prompt = true;
pull.rebase = true;
}; };
aliases = { aliases = {
unstash = "stash pop"; unstash = "stash pop";