chema/nix_config
1
0
Fork 0
forked from fabian/nix
Code Pull requests Activity

modularize baseline system configuration

Browse source
This commit is contained in:
Fabian Montero 2024-12-02 14:04:55 -06:00
parent 80e5a5e8a6
commit d5afd4b1a7
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F
7 changed files with 107 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

2
home/modules/baseline.nix
View file

@ -8,7 +8,7 @@ with lib; let
cfg = config.local.baseline; cfg = config.local.baseline;
in { in {
options.local.baseline = { options.local.baseline = {
enable = mkEnableOption "Basic settings"; enable = mkEnableOption "Basic home settings";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
xdg.enable = true; xdg.enable = true;

13
sys/default.nix
View file

@ -1 +1,12 @@
{} {
flakes,
config,
pkgs,
lib,
...
}:
with lib; {
imports = [
./modules
];
}

76
sys/modules/baseline.nix Normal file
View file

@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.sys.baseline;
in {
options.local.sys.baseline = {
enable = mkEnableOption "Basic system settings";
};
config = mkIf cfg.enable {
system.stateVersion = "24.05"; # DO NOT CHANGE
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
# Not interested in the global flake registry
settings.flake-registry = "";
};
console = {
keyMap = "us";
};
programs = {
zsh.enable = true;
fuse.userAllowOther = true;
};
environment = {
pathsToLink = [
"/share/zsh"
];
systemPackages = with pkgs;
[
git
vim
]
++ optionals (!config.boot.isContainer) [
lm_sensors
lshw
parted
pciutils
smartmontools
usbutils
];
};
services = {
openssh.enable = mkDefault true;
earlyoom = {
enable = mkDefault true;
enableNotifications = true;
};
};
# Coredumps are a security risk and may use up a lot of disk space
systemd.coredump.extraConfig = ''
Storage=none
ProcessSizeMax=0
'';
security.dhparams = {
enable = true;
defaultBitSize = 4096;
};
};
}

10
sys/modules/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
config,
lib,
pkgs,
...
}: {
imports = [
./baseline.nix
];
}

32
sys/platforms/posixlycorrect/default.nix
View file

@ -13,6 +13,10 @@
./yubikey.nix ./yubikey.nix
]; ];
local.sys = {
baseline.enable = true;
};
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -34,10 +38,6 @@
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
@ -64,9 +64,6 @@
wireplumber.enable = true; wireplumber.enable = true;
}; };
programs.zsh.enable = true;
environment.pathsToLink = ["/share/zsh"];
users = { users = {
users.fabian = { users.fabian = {
isNormalUser = true; isNormalUser = true;
@ -82,11 +79,6 @@
pkgs.android-udev-rules pkgs.android-udev-rules
]; ];
users.users.temp = {
isNormalUser = true;
extraGroups = ["wheel"];
};
virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm;
virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.libvirtd.qemu.ovmf.enable = true;
virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd];
@ -95,20 +87,4 @@
# boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
# boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ];
virtualisation.libvirtd.onBoot = "start"; virtualisation.libvirtd.onBoot = "start";
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
services.openssh.enable = true;
services.earlyoom = {
enable = true;
enableNotifications = true;
};
system.stateVersion = "24.05"; # DO NOT CHANGE
} }

42
sys/platforms/vps/default.nix
View file

@ -13,13 +13,11 @@ with lib; {
./srv ./srv
]; ];
environment.systemPackages = with pkgs; [ local.sys = {
vim baseline.enable = true;
git };
];
services.openssh = { services.openssh = {
enable = true;
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
@ -38,24 +36,8 @@ with lib; {
}; };
}; };
programs = {
zsh.enable = true;
fuse.userAllowOther = true;
};
networking.hostName = "vps"; networking.hostName = "vps";
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
# No me interesa el global registry
settings.flake-registry = "";
};
users = { users = {
users.fabian = { users.fabian = {
isNormalUser = true; isNormalUser = true;
@ -72,11 +54,6 @@ with lib; {
DefaultTimeoutStartSec=900s DefaultTimeoutStartSec=900s
''; '';
security.dhparams = {
enable = true;
defaultBitSize = 4096;
};
fileSystems = { fileSystems = {
"/mnt/export2008" = { "/mnt/export2008" = {
device = "172.16.129.19:/nas/5876"; device = "172.16.129.19:/nas/5876";
@ -91,18 +68,5 @@ with lib; {
}; };
}; };
services.earlyoom = {
enable = mkDefault true;
enableNotifications = true;
};
# Coredumps son un riesgo de seguridad y puden usar mucho disco
systemd.coredump.extraConfig = ''
Storage=none
ProcessSizeMax=0
'';
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
system.stateVersion = "24.05"; # DO NOT CHANGE
} }