caem/caenix
caem/caenix
1
Fork 0
Code Pull requests Releases Activity

Refactor the whole configuration

Browse source 
Reviewed-on: #1
This commit is contained in:
caem 2025-02-01 14:05:15 +01:00
parent fb5d4d46f8
commit 6cb66d86d2
153 changed files with 2078 additions and 3094 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/core/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }:
{
imports = lib.getModuleImports ./.;
}

23
modules/nixos/core/fonts.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
fonts = {
packages = with pkgs; [
nerdfonts
ipafont
noto-fonts-emoji
cantarell-fonts
newcomputermodern
];
fontconfig = {
enable = true;
cache32Bit = true;
subpixel.rgba = "rgb";
defaultFonts = {
monospace = [ "Go Mono Nerd Font" ];
};
};
};
}

42
modules/nixos/core/impermanence.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, lib, ... }:
{
/* Required to be able to allowOther on user persisted directories */
programs.fuse.userAllowOther = true;
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount "${config.fileSystems."/".device}" /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
];
files = [
"/etc/machine-id"
];
};
}

28
modules/nixos/core/nix.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, lib, inputs, cfgPath, ... }:
let
importOverlays = builtins.map
(overlay: import overlay { inherit lib inputs pkgs cfgPath; })
(builtins.filter
(file: builtins.match ".*\.nix" (builtins.toString file) != null)
(lib.filesystem.listFilesRecursive "${cfgPath}/overlays"));
in {
nix = {
settings = {
auto-optimise-store = true;
use-xdg-base-directories = true;
trusted-users = [ "@wheel" ];
allowed-users = [ "@wheel" ];
};
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs = {
config = {
allowUnfree = true;
};
hostPlatform = lib.mkDefault "x86_64-linux";
overlays = importOverlays;
};
}

51
modules/nixos/core/security.nix Normal file
View file

@ -0,0 +1,51 @@
{ username, ... }:
{
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
/*
* Sudo is scheduled to be replaced by systemd's run0.
* The blocker for this is persistent authentication support.
*
* https://github.com/systemd/systemd/issues/33366
* https://github.com/polkit-org/polkit/issues/472
*/
security.sudo = {
enable = true;
execWheelOnly = true;
extraConfig = ''
Defaults lecture="never"
'';
};
security.apparmor.enable = true;
networking.firewall.enable = true;
/* Disable the root user */
users = {
users.root.hashedPassword = "!";
mutableUsers = false;
};
sops.age.keyFile = "/nix/config/keys.txt";
environment.persistence."/nix/persist" = {
files = [
"/root/.ssh/known_hosts"
];
users."${username}".directories = let
baseAttrs = {
user = "${username}";
group = "users";
mode = "u=rwx,g=,o=";
};
in [
(baseAttrs // { directory = ".ssh"; })
(baseAttrs // { directory = ".local/share/gnupg"; })
(baseAttrs // { directory = ".local/share/keyrings"; })
];
};
}

8
modules/nixos/core/systemd.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
/* https://files.catbox.moe/s5diss.mp4 */
systemd.extraConfig = ''
DefaultTimeoutStopSpec=5s
'';
}

10
modules/nixos/core/zsh.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
programs.zsh = {
enable = true;
shellInit = ''
export ZDOTDIR=$HOME/.config/zsh
'';
};
}