From b00e1c1c9d1148796460bf44aead6e6cd5adf7e0 Mon Sep 17 00:00:00 2001 From: caem Date: Fri, 10 Jan 2025 23:38:56 +0100 Subject: [PATCH] Progress rewrite further --- hosts/puter/default.nix | 51 +++---------------- hosts/puter/packages.nix | 5 +- lib/fs.nix | 2 + modules/nixos/core/default.nix | 6 +++ modules/nixos/core/fonts.nix | 27 ++++++++++ modules/nixos/core/impermanence.nix | 28 ++++++++++ modules/nixos/core/nix.nix | 19 +++++++ modules/nixos/core/security.nix | 32 ++++++++++++ modules/nixos/core/zsh.nix | 10 ++++ modules/nixos/hardware/audio/default.nix | 1 + modules/nixos/hardware/cpu/amd/default.nix | 11 ++++ .../hardware/{ => gpu}/nvidia/default.nix | 0 modules/nixos/multimedia/default.nix | 5 ++ modules/nixos/multimedia/games/default.nix | 5 ++ modules/nixos/user/caem.nix | 11 ++++ 15 files changed, 169 insertions(+), 44 deletions(-) create mode 100644 modules/nixos/core/default.nix create mode 100644 modules/nixos/core/fonts.nix create mode 100644 modules/nixos/core/impermanence.nix create mode 100644 modules/nixos/core/nix.nix create mode 100644 modules/nixos/core/security.nix create mode 100644 modules/nixos/core/zsh.nix create mode 100644 modules/nixos/hardware/cpu/amd/default.nix rename modules/nixos/hardware/{ => gpu}/nvidia/default.nix (100%) create mode 100644 modules/nixos/multimedia/default.nix create mode 100644 modules/nixos/multimedia/games/default.nix create mode 100644 modules/nixos/user/caem.nix diff --git a/hosts/puter/default.nix b/hosts/puter/default.nix index d57604c..8ec2a05 100644 --- a/hosts/puter/default.nix +++ b/hosts/puter/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, ... }: { imports = [ @@ -14,14 +14,6 @@ useDHCP = true; }; - hardware.cpu.amd.updateMicrocode = true; - - services = { - fstrim.enable = true; - btrfs.autoScrub.enable = true; - fwupd.enable = true; - }; - boot = { loader = { canTouchEfiVariables = true; @@ -35,37 +27,17 @@ tmp.useTmpfs = true; kernelPackages = pkgs.linuxPackages_xanmod_latest; supportedFilesystems = [ "btfs" "vfat" "xfs" ]; - kernelModules = [ "kvm-amd" ]; - extraModprobeConfig = "options kvm_amd nested=1"; initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - postDeviceCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount ${config.fileSystems."/".device} /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - ''; + availableKernelModules = [ "nvme" "xhci_pci" "ahci" + "usbhid" "usb_storage" "sd_mod" ]; }; }; + services = { + fstrim.enable = true; + btrfs.autoScrub.enable = true; + }; + fileSystems = { # These are system specific. If you have any additional drives that are not # your root device you can add and mount them here. Added nofail so that you can @@ -85,13 +57,6 @@ }; }; - nixpkgs = { - config = { - allowUnfree = true; - }; - hostPlatform = lib.mkDefault "x86_64-linux"; - }; - system.stateVersion = "24.11"; # [managed by install.sh] { state version } } diff --git a/hosts/puter/packages.nix b/hosts/puter/packages.nix index d1c2283..4a0ebf5 100644 --- a/hosts/puter/packages.nix +++ b/hosts/puter/packages.nix @@ -4,8 +4,11 @@ imports = let modules = ../../modules/nixos; in [ - "${modules}/hardware/nvidia" + "${modules}/core" "${modules}/hardware/audio" + "${modules}/hardware/gpu/nvidia" + "${modules}/hardware/cpu/amd" + "${modules}/multimedia" ]; } diff --git a/lib/fs.nix b/lib/fs.nix index cb8d639..fdf12f8 100644 --- a/lib/fs.nix +++ b/lib/fs.nix @@ -6,5 +6,7 @@ dirs = builtins.readDir path; in builtins.filter (name: dirs.${name} == "directory") (builtins.attrNames dirs); + + getModuleImports = builtins.attrNames (builtins.removeAttrs (builtins.readDir ./.) ["default.nix"]); } diff --git a/modules/nixos/core/default.nix b/modules/nixos/core/default.nix new file mode 100644 index 0000000..9d4837a --- /dev/null +++ b/modules/nixos/core/default.nix @@ -0,0 +1,6 @@ +{ lib }: + +{ + imports = lib.getModuleImports; +} + diff --git a/modules/nixos/core/fonts.nix b/modules/nixos/core/fonts.nix new file mode 100644 index 0000000..725fc4a --- /dev/null +++ b/modules/nixos/core/fonts.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +{ + fonts = { + packages = with pkgs; [ + (nerdfonts.override { + fonts = [ + "GoMono" + ]; + }) + ipafont + noto-fonts-emoji + cantarell-fonts + newcomputermodern + ]; + + fontconfig = { + enable = true; + cache32Bit = true; + subpixel.rgba = "rgb"; + defaultFonts = { + monospace = [ "Go Mono Nerd Font" ]; + }; + }; + }; +} + diff --git a/modules/nixos/core/impermanence.nix b/modules/nixos/core/impermanence.nix new file mode 100644 index 0000000..013c280 --- /dev/null +++ b/modules/nixos/core/impermanence.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +{ + boot.initrd.postDeviceCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount ${config.fileSystems."/".device} /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; +} diff --git a/modules/nixos/core/nix.nix b/modules/nixos/core/nix.nix new file mode 100644 index 0000000..3f8b675 --- /dev/null +++ b/modules/nixos/core/nix.nix @@ -0,0 +1,19 @@ +{ lib, ... }: + +{ + nix = { + settings = { + auto-optimise-store = true; + use-xdg-base-directories = true; + trusted-users = [ "@wheel" ]; + allowed-users = [ "@wheel" ]; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/modules/nixos/core/security.nix b/modules/nixos/core/security.nix new file mode 100644 index 0000000..6d0f9ff --- /dev/null +++ b/modules/nixos/core/security.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + programs.gnupg = { + enable = true; + enableSSHSupport = true; + }; + + /* + * Sudo is scheduled to be replaced by systemd's run0. + * The blocker for this is persistent authentication support. + * + * https://github.com/systemd/systemd/issues/33366 + * https://github.com/polkit-org/polkit/issues/472 + */ + security.sudo = { + enable = true; + execWheelOnly = true; + extraConfig = '' + Defaults lecture="never" + ''; + }; + + security.apparmor.enable = true; + networking.firewall.enable = true; + + /* Disable the root user */ + users = { + users.root.hashedPassword = "!"; + mutableUsers = false; + }; +} diff --git a/modules/nixos/core/zsh.nix b/modules/nixos/core/zsh.nix new file mode 100644 index 0000000..f87fd6a --- /dev/null +++ b/modules/nixos/core/zsh.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + programs.zsh = { + enable = true; + shellInit = '' + export ZDOTDIR=$HOME/.local/share/zsh + ''; + }; +} diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix index b9fadea..d754374 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio/default.nix @@ -1,6 +1,7 @@ { ... }: { + security.rtkit.enable = true; services.pipewire = { enable = true; alsa = { diff --git a/modules/nixos/hardware/cpu/amd/default.nix b/modules/nixos/hardware/cpu/amd/default.nix new file mode 100644 index 0000000..c46d798 --- /dev/null +++ b/modules/nixos/hardware/cpu/amd/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + boot = { + kernelModules = [ "kvm-amd" ]; + extraModprobeConfig = "options kvm_amd nested=1"; + }; + + hardware.cpu.amd.updateMicrocode = true; + hardware.firmware = with pkgs; [ linux-firmware ]; +} diff --git a/modules/nixos/hardware/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix similarity index 100% rename from modules/nixos/hardware/nvidia/default.nix rename to modules/nixos/hardware/gpu/nvidia/default.nix diff --git a/modules/nixos/multimedia/default.nix b/modules/nixos/multimedia/default.nix new file mode 100644 index 0000000..d325261 --- /dev/null +++ b/modules/nixos/multimedia/default.nix @@ -0,0 +1,5 @@ +{ lib }: + +{ + imports = lib.getModuleImports; +} diff --git a/modules/nixos/multimedia/games/default.nix b/modules/nixos/multimedia/games/default.nix new file mode 100644 index 0000000..e79c637 --- /dev/null +++ b/modules/nixos/multimedia/games/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + +} diff --git a/modules/nixos/user/caem.nix b/modules/nixos/user/caem.nix new file mode 100644 index 0000000..6384bdb --- /dev/null +++ b/modules/nixos/user/caem.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + users.users.caem = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "wheel" + ]; + }; +}