From d934c9ac18672b10900face2ec11eb445e36062e Mon Sep 17 00:00:00 2001 From: madmin Date: Wed, 19 Jun 2024 15:09:21 +0200 Subject: [PATCH] add(common dir of system): configs for hardware, firmware, machine specific --- systems/common/core/console.nix | 9 +++ systems/common/core/default.nix | 7 ++ systems/common/core/time_locale.nix | 17 +++++ systems/common/core/xorg_plasma.nix | 17 +++++ systems/common/disks/jeroboam.nix | 93 ++++++++++++++++++++++++++ systems/common/optional/default.nix | 6 ++ systems/common/users/laozi/default.nix | 61 +++++++++++++++++ 7 files changed, 210 insertions(+) create mode 100644 systems/common/core/console.nix create mode 100644 systems/common/core/default.nix create mode 100644 systems/common/core/time_locale.nix create mode 100644 systems/common/core/xorg_plasma.nix create mode 100644 systems/common/disks/jeroboam.nix create mode 100644 systems/common/optional/default.nix create mode 100644 systems/common/users/laozi/default.nix diff --git a/systems/common/core/console.nix b/systems/common/core/console.nix new file mode 100644 index 0000000..2cc06f8 --- /dev/null +++ b/systems/common/core/console.nix @@ -0,0 +1,9 @@ +{ + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + }; + + +} diff --git a/systems/common/core/default.nix b/systems/common/core/default.nix new file mode 100644 index 0000000..4775926 --- /dev/null +++ b/systems/common/core/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./time_locale.nix + ./xorg_plasma.nix + ./console.nix + ]; +} diff --git a/systems/common/core/time_locale.nix b/systems/common/core/time_locale.nix new file mode 100644 index 0000000..2187bd2 --- /dev/null +++ b/systems/common/core/time_locale.nix @@ -0,0 +1,17 @@ +{ + time.timezone = "Europe/Paris"; + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_MESSAGES = "fr_FR.UTF-8"; + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; +} diff --git a/systems/common/core/xorg_plasma.nix b/systems/common/core/xorg_plasma.nix new file mode 100644 index 0000000..1a45178 --- /dev/null +++ b/systems/common/core/xorg_plasma.nix @@ -0,0 +1,17 @@ +{ + services.xserver = { + # Enable the X11 windowing system + enable = true; + + # Enable Keymap + xkb = { + layout = "us"; + variant = "qwerty"; + # model = "thinkpad"; + }; + # KDE X + displayManager.sddm.enable = true; + displayManager.plasma5.enable = true; + }; +} + diff --git a/systems/common/disks/jeroboam.nix b/systems/common/disks/jeroboam.nix new file mode 100644 index 0000000..14ec448 --- /dev/null +++ b/systems/common/disks/jeroboam.nix @@ -0,0 +1,93 @@ +# NOTE: ... is needed because dikso passes diskoFile +{ + lib, + disk ? [ "/dev/vda" ], + withSwap ? true, + swapSize ? "16", + ... +}: +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/nvme-eui.002538d211111953"; + content = { + type = "gpt"; + partitions = { + ESP = { + # name = "ESP"; + priority = 1; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + luks = { + # name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + # passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + # keyFile = "/tmp/secret.key"; + }; + # additionalKeyFiles = [ "/tmp/hdd.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@var-lib" = { + mountpoint = "/var/lib"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@var-log" = { + mountpoint = "/var/log"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@var-tmp" = { + mountpoint = "/var/tmp"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "@swap" = lib.mkIf withSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = "${swapSize}G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} + + diff --git a/systems/common/optional/default.nix b/systems/common/optional/default.nix new file mode 100644 index 0000000..c08e69c --- /dev/null +++ b/systems/common/optional/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./pipewire.nix + ./boot + ]; +} diff --git a/systems/common/users/laozi/default.nix b/systems/common/users/laozi/default.nix new file mode 100644 index 0000000..b2c96eb --- /dev/null +++ b/systems/common/users/laozi/default.nix @@ -0,0 +1,61 @@ +{ pkgs, inputs, config, lib, configVars, configLib, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + # sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."${configVars.username}/password".path; + pubKeys = lib.filesystem.listFilesRecursive (./keys); + + # these are values we don't want to set if the environment is minimal. E.g. ISO or nixos-installer + # isMinimal is true in the nixos-installer/flake.nix + fullUserConfig = lib.optionalAttrs (!configVars.isMinimal) + { + users.users.${configVars.username} = { + # hashedPasswordFile = sopsHashedPasswordFile; + packages = [ pkgs.home-manager ]; + }; + + # Import this user's personal/home configurations + home-manager.users.${configVars.username} = import (configLib.relativeToRoot "home/${configVars.username}/${config.networking.hostName}.nix"); + }; +in +{ + config = lib.recursiveUpdate fullUserConfig + #this is the second argument to recursiveUpdate + { + users.mutableUsers = false; # Only allow declarative credentials; Required for sops + users.users.${configVars.username} = { + isNormalUser = true; + password = "nixos"; # Overridden if sops is working + + extraGroups = [ + "wheel" + ] ++ ifTheyExist [ + "audio" + "video" + "docker" + "git" + "networkmanager" + ]; + + # These get placed into /etc/ssh/authorized_keys.d/ on nixos + openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); + + shell = pkgs.zsh; # default shell + }; + + # Proper root use required for borg and some other specific operations + users.users.root = { + hashedPasswordFile = config.users.users.${configVars.username}.hashedPasswordFile; + password = lib.mkForce config.users.users.${configVars.username}.password; + # root's ssh keys are mainly used for remote deployment. + openssh.authorizedKeys.keys = config.users.users.${configVars.username}.openssh.authorizedKeys.keys; + }; + + # No matter what environment we are in we want these tools for root, and the user(s) + programs.zsh.enable = true; + programs.git.enable = true; + environment.systemPackages = [ + pkgs.just + pkgs.rsync + ]; + }; +}