Progress rewrite further

2025-01-10 23:38:56 +01:00 · 2025-01-10 23:38:56 +01:00 · b00e1c1c9d
commit b00e1c1c9d
parent bc6d1e6984
15 changed files with 169 additions and 44 deletions
--- a/hosts/puter/default.nix
+++ b/hosts/puter/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, ... }:

 {
  imports = [
@ -14,14 +14,6 @@
    useDHCP = true;
  };

-  hardware.cpu.amd.updateMicrocode = true;
-
-  services = {
-    fstrim.enable = true;
-    btrfs.autoScrub.enable = true;
-    fwupd.enable = true;
-  };
-
  boot = {
    loader = {
      canTouchEfiVariables = true;
@ -35,37 +27,17 @@
    tmp.useTmpfs = true;
    kernelPackages = pkgs.linuxPackages_xanmod_latest;
    supportedFilesystems = [ "btfs" "vfat" "xfs" ];
-    kernelModules = [ "kvm-amd" ];
-    extraModprobeConfig = "options kvm_amd nested=1";
    initrd = {
-      availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-      postDeviceCommands = lib.mkAfter ''
-        mkdir /btrfs_tmp
-        mount ${config.fileSystems."/".device} /btrfs_tmp
-        if [[ -e /btrfs_tmp/root ]]; then
-            mkdir -p /btrfs_tmp/old_roots
-            timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
-            mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
-        fi
-
-        delete_subvolume_recursively() {
-            IFS=$'\n'
-            for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-                delete_subvolume_recursively "/btrfs_tmp/$i"
-            done
-            btrfs subvolume delete "$1"
-        }
-
-        for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
-            delete_subvolume_recursively "$i"
-        done
-
-        btrfs subvolume create /btrfs_tmp/root
-        umount /btrfs_tmp
-      '';
+      availableKernelModules = [ "nvme" "xhci_pci" "ahci"
+                                 "usbhid" "usb_storage" "sd_mod" ];
    };
  };

+  services = {
+    fstrim.enable = true;
+    btrfs.autoScrub.enable = true;
+  };
+
  fileSystems = {
    # These are system specific. If you have any additional drives that are not
    # your root device you can add and mount them here. Added nofail so that you can
@ -85,13 +57,6 @@
    };
  };

-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-    };
-    hostPlatform = lib.mkDefault "x86_64-linux";
-  };
-
  system.stateVersion = "24.11"; # [managed by install.sh] { state version }
 }

--- a/hosts/puter/packages.nix
+++ b/hosts/puter/packages.nix
@ -4,8 +4,11 @@
  imports = let
    modules = ../../modules/nixos;
  in [
-    "${modules}/hardware/nvidia"
+    "${modules}/core"
    "${modules}/hardware/audio"
+    "${modules}/hardware/gpu/nvidia"
+    "${modules}/hardware/cpu/amd"
+    "${modules}/multimedia"
  ];
 }

--- a/lib/fs.nix
+++ b/lib/fs.nix
@ -6,5 +6,7 @@
      dirs = builtins.readDir path;
    in
      builtins.filter (name: dirs.${name} == "directory") (builtins.attrNames dirs);
+
+  getModuleImports = builtins.attrNames (builtins.removeAttrs (builtins.readDir ./.) ["default.nix"]);
 }

--- a/modules/nixos/core/default.nix
+++ b/modules/nixos/core/default.nix
@ -0,0 +1,6 @@
+{ lib }:
+
+{
+  imports = lib.getModuleImports;
+}
+
--- a/modules/nixos/core/fonts.nix
+++ b/modules/nixos/core/fonts.nix
@ -0,0 +1,27 @@
+{ pkgs, ... }:
+
+{
+  fonts = {
+    packages = with pkgs; [
+      (nerdfonts.override {
+        fonts = [
+          "GoMono"
+        ];
+      })
+      ipafont
+      noto-fonts-emoji
+      cantarell-fonts
+      newcomputermodern
+    ];
+
+    fontconfig = {
+      enable = true;
+      cache32Bit = true;
+      subpixel.rgba = "rgb";
+      defaultFonts = {
+        monospace = [ "Go Mono Nerd Font" ];
+      };
+    };
+  };
+}
+
--- a/modules/nixos/core/impermanence.nix
+++ b/modules/nixos/core/impermanence.nix
@ -0,0 +1,28 @@
+{ config, lib, ... }:
+
+{
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount ${config.fileSystems."/".device} /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+            delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    umount /btrfs_tmp
+  '';
+}
--- a/modules/nixos/core/nix.nix
+++ b/modules/nixos/core/nix.nix
@ -0,0 +1,19 @@
+{ lib, ... }:
+
+{
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      use-xdg-base-directories = true;
+      trusted-users = [ "@wheel" ];
+      allowed-users = [ "@wheel" ];
+    };
+  };
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+    hostPlatform = lib.mkDefault "x86_64-linux";
+  };
+}
--- a/modules/nixos/core/security.nix
+++ b/modules/nixos/core/security.nix
@ -0,0 +1,32 @@
+{ ... }:
+
+{
+  programs.gnupg = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  /*
+   * Sudo is scheduled to be replaced by systemd's run0.
+   * The blocker for this is persistent authentication support.
+   *
+   * https://github.com/systemd/systemd/issues/33366
+   * https://github.com/polkit-org/polkit/issues/472
+   */
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    extraConfig = ''
+      Defaults  lecture="never"
+    '';
+  };
+
+  security.apparmor.enable = true;
+  networking.firewall.enable = true;
+
+  /* Disable the root user */
+  users = {
+    users.root.hashedPassword = "!";
+    mutableUsers = false;
+  };
+}
--- a/modules/nixos/core/zsh.nix
+++ b/modules/nixos/core/zsh.nix
@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  programs.zsh = {
+    enable = true;
+    shellInit = ''
+      export ZDOTDIR=$HOME/.local/share/zsh
+    '';
+  };
+}
--- a/modules/nixos/hardware/audio/default.nix
+++ b/modules/nixos/hardware/audio/default.nix
@ -1,6 +1,7 @@
 { ... }:

 {
+  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa = {
--- a/modules/nixos/hardware/cpu/amd/default.nix
+++ b/modules/nixos/hardware/cpu/amd/default.nix
@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  boot = {
+    kernelModules = [ "kvm-amd" ];
+    extraModprobeConfig = "options kvm_amd nested=1";
+  };
+
+  hardware.cpu.amd.updateMicrocode = true;
+  hardware.firmware = with pkgs; [ linux-firmware ];
+}
--- a/modules/nixos/hardware/gpu/nvidia/default.nix
+++ b/modules/nixos/hardware/gpu/nvidia/default.nix
--- a/modules/nixos/multimedia/default.nix
+++ b/modules/nixos/multimedia/default.nix
@ -0,0 +1,5 @@
+{ lib }:
+
+{
+  imports = lib.getModuleImports;
+}
--- a/modules/nixos/multimedia/games/default.nix
+++ b/modules/nixos/multimedia/games/default.nix
@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  
+}
--- a/modules/nixos/user/caem.nix
+++ b/modules/nixos/user/caem.nix
@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  users.users.caem = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [
+      "wheel"
+    ];
+  };
+}