From d5afd4b1a77c0620b347430bea9c7c79af31953d Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:04:55 -0600 Subject: [PATCH 1/9] modularize baseline system configuration --- home/modules/baseline.nix | 2 +- sys/default.nix | 13 +++- sys/modules/baseline.nix | 76 ++++++++++++++++++++++++ sys/modules/default.nix | 10 ++++ sys/platforms/posixlycorrect/default.nix | 32 ++-------- sys/platforms/posixlycorrect/yubikey.nix | 2 +- sys/platforms/vps/default.nix | 42 +------------ 7 files changed, 107 insertions(+), 70 deletions(-) create mode 100644 sys/modules/baseline.nix create mode 100644 sys/modules/default.nix diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix index f4852be..c5cdd05 100644 --- a/home/modules/baseline.nix +++ b/home/modules/baseline.nix @@ -8,7 +8,7 @@ with lib; let cfg = config.local.baseline; in { options.local.baseline = { - enable = mkEnableOption "Basic settings"; + enable = mkEnableOption "Basic home settings"; }; config = mkIf cfg.enable { xdg.enable = true; diff --git a/sys/default.nix b/sys/default.nix index 0967ef4..5c7405a 100644 --- a/sys/default.nix +++ b/sys/default.nix @@ -1 +1,12 @@ -{} +{ + flakes, + config, + pkgs, + lib, + ... +}: +with lib; { + imports = [ + ./modules + ]; +} diff --git a/sys/modules/baseline.nix b/sys/modules/baseline.nix new file mode 100644 index 0000000..3869463 --- /dev/null +++ b/sys/modules/baseline.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.baseline; +in { + options.local.sys.baseline = { + enable = mkEnableOption "Basic system settings"; + }; + config = mkIf cfg.enable { + system.stateVersion = "24.05"; # DO NOT CHANGE + + nix = { + package = pkgs.nixVersions.stable; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + # Not interested in the global flake registry + settings.flake-registry = ""; + }; + + console = { + keyMap = "us"; + }; + + programs = { + zsh.enable = true; + fuse.userAllowOther = true; + }; + + environment = { + pathsToLink = [ + "/share/zsh" + ]; + + systemPackages = with pkgs; + [ + git + vim + ] + ++ optionals (!config.boot.isContainer) [ + lm_sensors + lshw + parted + pciutils + smartmontools + usbutils + ]; + }; + + services = { + openssh.enable = mkDefault true; + + earlyoom = { + enable = mkDefault true; + enableNotifications = true; + }; + }; + + # Coredumps are a security risk and may use up a lot of disk space + systemd.coredump.extraConfig = '' + Storage=none + ProcessSizeMax=0 + ''; + + security.dhparams = { + enable = true; + defaultBitSize = 4096; + }; + }; +} diff --git a/sys/modules/default.nix b/sys/modules/default.nix new file mode 100644 index 0000000..02f9f67 --- /dev/null +++ b/sys/modules/default.nix @@ -0,0 +1,10 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./baseline.nix + ]; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index e939e18..d5c1bb8 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -13,6 +13,10 @@ ./yubikey.nix ]; + local.sys = { + baseline.enable = true; + }; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -34,10 +38,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; # Enable the X11 windowing system. services.xserver = { @@ -64,9 +64,6 @@ wireplumber.enable = true; }; - programs.zsh.enable = true; - environment.pathsToLink = ["/share/zsh"]; - users = { users.fabian = { isNormalUser = true; @@ -82,11 +79,6 @@ pkgs.android-udev-rules ]; - users.users.temp = { - isNormalUser = true; - extraGroups = ["wheel"]; - }; - virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; @@ -95,20 +87,4 @@ # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; virtualisation.libvirtd.onBoot = "start"; - - nix = { - package = pkgs.nixVersions.stable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - services.openssh.enable = true; - - services.earlyoom = { - enable = true; - enableNotifications = true; - }; - - system.stateVersion = "24.05"; # DO NOT CHANGE } diff --git a/sys/platforms/posixlycorrect/yubikey.nix b/sys/platforms/posixlycorrect/yubikey.nix index 8b83a12..1064b1d 100644 --- a/sys/platforms/posixlycorrect/yubikey.nix +++ b/sys/platforms/posixlycorrect/yubikey.nix @@ -29,7 +29,7 @@ control = "sufficient"; settings = { debug = false; - cue = true; + cue = true; }; }; }; diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index e983e06..6cb9c72 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -13,13 +13,11 @@ with lib; { ./srv ]; - environment.systemPackages = with pkgs; [ - vim - git - ]; + local.sys = { + baseline.enable = true; + }; services.openssh = { - enable = true; settings.PasswordAuthentication = false; }; @@ -38,24 +36,8 @@ with lib; { }; }; - programs = { - zsh.enable = true; - fuse.userAllowOther = true; - }; - networking.hostName = "vps"; - nix = { - package = pkgs.nixVersions.stable; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - # No me interesa el global registry - settings.flake-registry = ""; - }; - users = { users.fabian = { isNormalUser = true; @@ -72,11 +54,6 @@ with lib; { DefaultTimeoutStartSec=900s ''; - security.dhparams = { - enable = true; - defaultBitSize = 4096; - }; - fileSystems = { "/mnt/export2008" = { device = "172.16.129.19:/nas/5876"; @@ -91,18 +68,5 @@ with lib; { }; }; - services.earlyoom = { - enable = mkDefault true; - enableNotifications = true; - }; - - # Coredumps son un riesgo de seguridad y puden usar mucho disco - systemd.coredump.extraConfig = '' - Storage=none - ProcessSizeMax=0 - ''; - time.timeZone = "Europe/Amsterdam"; - - system.stateVersion = "24.05"; # DO NOT CHANGE } From 1221aaf0fc977819d305e06f5f11d4042fca1e93 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:14:13 -0600 Subject: [PATCH 2/9] modularize yubikey --- sys/modules/default.nix | 1 + sys/modules/yubikey.nix | 44 ++++++++++++++++++++++++ sys/platforms/posixlycorrect/default.nix | 3 +- sys/platforms/posixlycorrect/yubikey.nix | 36 ------------------- 4 files changed, 47 insertions(+), 37 deletions(-) create mode 100644 sys/modules/yubikey.nix delete mode 100644 sys/platforms/posixlycorrect/yubikey.nix diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 02f9f67..9f6fdcc 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -6,5 +6,6 @@ }: { imports = [ ./baseline.nix + ./yubikey.nix ]; } diff --git a/sys/modules/yubikey.nix b/sys/modules/yubikey.nix new file mode 100644 index 0000000..c5e3008 --- /dev/null +++ b/sys/modules/yubikey.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.yubikey; +in { + options.local.sys.yubikey = { + enable = mkEnableOption "yubikey settings"; + }; + config = mkIf cfg.enable { + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + }; + + environment.etc."pkcs11/modules/ykcs11".text = '' + module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so + ''; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + security.pam = { + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + + u2f = { + enable = true; + control = "sufficient"; + settings = { + debug = false; + cue = true; + }; + }; + }; + }; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index d5c1bb8..2125f47 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -10,11 +10,12 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ./yubikey.nix ]; local.sys = { baseline.enable = true; + + yubikey.enable = true; }; # Use the systemd-boot EFI boot loader. diff --git a/sys/platforms/posixlycorrect/yubikey.nix b/sys/platforms/posixlycorrect/yubikey.nix deleted file mode 100644 index 1064b1d..0000000 --- a/sys/platforms/posixlycorrect/yubikey.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services = { - pcscd.enable = true; - udev.packages = [pkgs.yubikey-personalization]; - }; - - environment.etc."pkcs11/modules/ykcs11".text = '' - module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so - ''; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - security.pam = { - services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - }; - - u2f = { - enable = true; - control = "sufficient"; - settings = { - debug = false; - cue = true; - }; - }; - }; -} From 01f1576b8a4ebe7565f6aa8c0579a136b22d5a99 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:23:52 -0600 Subject: [PATCH 3/9] modularize audio --- sys/modules/audio.nix | 29 ++++++++++++++++++++++++ sys/modules/default.nix | 1 + sys/platforms/posixlycorrect/default.nix | 16 +------------ 3 files changed, 31 insertions(+), 15 deletions(-) create mode 100644 sys/modules/audio.nix diff --git a/sys/modules/audio.nix b/sys/modules/audio.nix new file mode 100644 index 0000000..df248fe --- /dev/null +++ b/sys/modules/audio.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.audio; +in { + options.local.sys.audio = { + enable = mkEnableOption "audio settings"; + }; + config = mkIf cfg.enable { + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + + jack.enable = true; + pulse.enable = true; + wireplumber.enable = true; + }; + }; +} diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 9f6fdcc..eed6ea4 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -7,5 +7,6 @@ imports = [ ./baseline.nix ./yubikey.nix + ./audio.nix ]; } diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index 2125f47..3497bd1 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -16,6 +16,7 @@ baseline.enable = true; yubikey.enable = true; + audio.enable = true; }; # Use the systemd-boot EFI boot loader. @@ -50,21 +51,6 @@ hardware.graphics.enable = true; - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - - alsa = { - enable = true; - support32Bit = true; - }; - - jack.enable = true; - pulse.enable = true; - wireplumber.enable = true; - }; - users = { users.fabian = { isNormalUser = true; From 99816f0d3fc4684d3cccc94705b3f5e2e8c8c8c4 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:28:35 -0600 Subject: [PATCH 4/9] modularize system graphics settings --- sys/modules/default.nix | 1 + sys/modules/graphics.nix | 25 ++++++++++++++++++++++++ sys/modules/virtualisation.nix | 23 ++++++++++++++++++++++ sys/platforms/posixlycorrect/default.nix | 20 +------------------ 4 files changed, 50 insertions(+), 19 deletions(-) create mode 100644 sys/modules/graphics.nix create mode 100644 sys/modules/virtualisation.nix diff --git a/sys/modules/default.nix b/sys/modules/default.nix index eed6ea4..49af04c 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -8,5 +8,6 @@ ./baseline.nix ./yubikey.nix ./audio.nix + ./graphics.nix ]; } diff --git a/sys/modules/graphics.nix b/sys/modules/graphics.nix new file mode 100644 index 0000000..98fa94a --- /dev/null +++ b/sys/modules/graphics.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.graphics; +in { + options.local.sys.graphics = { + enable = mkEnableOption "graphics settings"; + }; + config = mkIf cfg.enable { + services.xserver = { + enable = true; + xkb.layout = "us"; #TODO + displayManager.startx.enable = true; #TODO maybe crear un modulo para ly? + libinput.enable = true; + }; + + hardware.graphics.enable = true; + + programs.dconf.enable = true; + }; +} diff --git a/sys/modules/virtualisation.nix b/sys/modules/virtualisation.nix new file mode 100644 index 0000000..0ff9627 --- /dev/null +++ b/sys/modules/virtualisation.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.virtualisation; +in { + options.local.sys.virtualisation = { + enable = mkEnableOption "virtualisation settings"; + }; + config = mkIf cfg.enable { + virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; + virtualisation.libvirtd.qemu.ovmf.enable = true; + virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; + # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; + virtualisation.libvirtd.onBoot = "start"; + }; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index 3497bd1..f1974a5 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -17,6 +17,7 @@ yubikey.enable = true; audio.enable = true; + graphics.enable = true; }; # Use the systemd-boot EFI boot loader. @@ -41,16 +42,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - # Enable the X11 windowing system. - services.xserver = { - enable = true; - xkb.layout = "us"; - displayManager.startx.enable = true; - }; - services.libinput.enable = true; - - hardware.graphics.enable = true; - users = { users.fabian = { isNormalUser = true; @@ -65,13 +56,4 @@ services.udev.packages = [ pkgs.android-udev-rules ]; - - virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; - virtualisation.libvirtd.qemu.ovmf.enable = true; - virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; - # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; - virtualisation.libvirtd.onBoot = "start"; } From ff1b655d3cce6d7f688982228061ac8a813fba3d Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:34:37 -0600 Subject: [PATCH 5/9] modularize virtualization settings --- sys/modules/default.nix | 1 + sys/modules/virtualisation.nix | 1 - sys/platforms/posixlycorrect/default.nix | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 49af04c..32dae85 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -9,5 +9,6 @@ ./yubikey.nix ./audio.nix ./graphics.nix + ./virtualisation.nix ]; } diff --git a/sys/modules/virtualisation.nix b/sys/modules/virtualisation.nix index 0ff9627..b64741e 100644 --- a/sys/modules/virtualisation.nix +++ b/sys/modules/virtualisation.nix @@ -15,7 +15,6 @@ in { virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; virtualisation.libvirtd.onBoot = "start"; diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index f1974a5..90f6a35 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -18,6 +18,7 @@ yubikey.enable = true; audio.enable = true; graphics.enable = true; + virtualisation.enable = true; }; # Use the systemd-boot EFI boot loader. From 33ab479e227b8be7e9f00cb3ce134087a94e7afb Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:37:46 -0600 Subject: [PATCH 6/9] modularize android support --- sys/modules/android.nix | 18 ++++++++++++++++++ sys/modules/default.nix | 1 + sys/platforms/posixlycorrect/default.nix | 5 +---- 3 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 sys/modules/android.nix diff --git a/sys/modules/android.nix b/sys/modules/android.nix new file mode 100644 index 0000000..57c1964 --- /dev/null +++ b/sys/modules/android.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.androidSupport; +in { + options.local.sys.androidSupport = { + enable = mkEnableOption "androidSupport settings"; + }; + config = mkIf cfg.enable { + services.udev.packages = with pkgs; [ + android-udev-rules + ]; + }; +} diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 32dae85..512b392 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -10,5 +10,6 @@ ./audio.nix ./graphics.nix ./virtualisation.nix + ./android.nix ]; } diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index 90f6a35..3d36e3b 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -19,6 +19,7 @@ audio.enable = true; graphics.enable = true; virtualisation.enable = true; + androidSupport.enable = true; }; # Use the systemd-boot EFI boot loader. @@ -53,8 +54,4 @@ }; groups.fabian.gid = 1002; }; - - services.udev.packages = [ - pkgs.android-udev-rules - ]; } From 1add39aae00699e0dbba8b468d65eed1c30da4a6 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 14:57:33 -0600 Subject: [PATCH 7/9] re-order configuration --- sys/modules/graphics.nix | 10 ++++--- sys/platforms/posixlycorrect/default.nix | 36 +++++++++++++----------- sys/platforms/vps/default.nix | 28 +++++++++--------- 3 files changed, 40 insertions(+), 34 deletions(-) diff --git a/sys/modules/graphics.nix b/sys/modules/graphics.nix index 98fa94a..31493c4 100644 --- a/sys/modules/graphics.nix +++ b/sys/modules/graphics.nix @@ -11,10 +11,12 @@ in { enable = mkEnableOption "graphics settings"; }; config = mkIf cfg.enable { - services.xserver = { - enable = true; - xkb.layout = "us"; #TODO - displayManager.startx.enable = true; #TODO maybe crear un modulo para ly? + services = { + xserver = { + enable = true; + xkb.layout = "us"; #TODO + displayManager.startx.enable = true; #TODO maybe crear un modulo para ly? + }; libinput.enable = true; }; diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index 3d36e3b..b2182a3 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -22,24 +22,26 @@ androidSupport.enable = true; }; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + tmp.useTmpfs = true; + kernelPackages = pkgs.linuxPackages_latest; + }; - networking.hostName = "posixlycorrect"; - networking.networkmanager.enable = true; + networking = { + hostName = "posixlycorrect"; + networkmanager.enable = true; - # Set your time zone. - time.timeZone = "America/Costa_Rica"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp7s0.useDHCP = true; - networking.interfaces.wlp6s0.useDHCP = true; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces.enp7s0.useDHCP = true; + interfaces.wlp6s0.useDHCP = true; + }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; @@ -54,4 +56,6 @@ }; groups.fabian.gid = 1002; }; + + time.timeZone = "America/Costa_Rica"; } diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index 6cb9c72..bc4d279 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -17,6 +17,20 @@ with lib; { baseline.enable = true; }; + networking.hostName = "vps"; + + users = { + users.fabian = { + isNormalUser = true; + uid = 1000; + group = "fabian"; + shell = pkgs.zsh; + extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; + openssh.authorizedKeys.keyFiles = [public_files/pki/fabian.ssh]; + }; + groups.fabian.gid = 1000; + }; + services.openssh = { settings.PasswordAuthentication = false; }; @@ -36,20 +50,6 @@ with lib; { }; }; - networking.hostName = "vps"; - - users = { - users.fabian = { - isNormalUser = true; - uid = 1000; - group = "fabian"; - shell = pkgs.zsh; - extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - openssh.authorizedKeys.keyFiles = [public_files/pki/fabian.ssh]; - }; - groups.fabian.gid = 1000; - }; - systemd.extraConfig = '' DefaultTimeoutStartSec=900s ''; From 119c0ab771a44375618c0f1600c090dc26aeb30f Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 19:25:34 -0600 Subject: [PATCH 8/9] modularize users and other stuff --- sys/modules/default.nix | 1 + sys/modules/users.nix | 75 +++++++++++++++++++ sys/platforms/posixlycorrect/default.nix | 46 +++++------- .../posixlycorrect/hardware-configuration.nix | 3 +- sys/platforms/vps/default.nix | 35 ++------- sys/platforms/vps/hardware-configuration.nix | 23 ++++++ 6 files changed, 128 insertions(+), 55 deletions(-) create mode 100644 sys/modules/users.nix create mode 100644 sys/platforms/vps/hardware-configuration.nix diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 512b392..0696df5 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -11,5 +11,6 @@ ./graphics.nix ./virtualisation.nix ./android.nix + ./users.nix ]; } diff --git a/sys/modules/users.nix b/sys/modules/users.nix new file mode 100644 index 0000000..1e90b41 --- /dev/null +++ b/sys/modules/users.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.users; + userType = types.submodule { + options = { + enable = mkEnableOption "user settings"; + unixId = mkOption { + # gid and uid are always the same + type = types.int; + }; + admin = mkOption { + type = types.bool; + default = false; + }; + sshKeyPublicFile = mkOption { + type = types.listOf types.path; + default = []; + }; + }; + }; +in { + options.local.sys.users = mkOption { + type = types.attrsOf userType; + default = {}; + }; + + config = { + local.sys.users = { + fabian = { + unixId = mkDefault 1000; + admin = true; + }; + vanessa = { + unixId = mkDefault 1001; + admin = false; + }; + soto = { + unixId = mkDefault 1010; + admin = false; + }; + diaz = { + unixId = mkDefault 1011; + admin = false; + }; + }; + + users = let + enabledUsers = filterAttrs (k: v: v.enable) cfg; + in { + groups = + mapAttrs (k: v: { + gid = v.unixId; + }) + enabledUsers; + + users = + mapAttrs (k: v: { + isNormalUser = true; + uid = v.unixId; + group = k; + shell = pkgs.zsh; + extraGroups = + ["users" "networkmanager"] + ++ optionals (v.admin) ["wheel" "libvirtd" "dialout"]; + openssh.authorizedKeys.keyFiles = v.sshKeyPublicFile; + }) + enabledUsers; + }; + }; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index b2182a3..8abceaf 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -1,14 +1,13 @@ -# Edet this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, + flakes, ... }: { imports = [ - # Include the results of the hardware scan. + flakes.home-manager.nixosModules.home-manager + flakes.impermanence.nixosModule ./hardware-configuration.nix ]; @@ -20,6 +19,22 @@ graphics.enable = true; virtualisation.enable = true; androidSupport.enable = true; + users = { + fabian = { + enable = true; + unixId = 1002; + }; + vanessa.enable = true; + }; + }; + + networking = { + hostName = "posixlycorrect"; + networkmanager.enable = true; + + useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here. + interfaces.enp7s0.useDHCP = true; # Per-interface useDHCP will be mandatory in the future, so this generated config + interfaces.wlp6s0.useDHCP = true; # replicates the default behaviour. }; boot = { @@ -31,31 +46,8 @@ kernelPackages = pkgs.linuxPackages_latest; }; - networking = { - hostName = "posixlycorrect"; - networkmanager.enable = true; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - interfaces.enp7s0.useDHCP = true; - interfaces.wlp6s0.useDHCP = true; - }; - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - users = { - users.fabian = { - isNormalUser = true; - uid = 1002; # nunca cambiar mi ID de usuario - group = "fabian"; - shell = pkgs.zsh; - extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - }; - groups.fabian.gid = 1002; - }; - time.timeZone = "America/Costa_Rica"; } diff --git a/sys/platforms/posixlycorrect/hardware-configuration.nix b/sys/platforms/posixlycorrect/hardware-configuration.nix index a9feac6..168c7c6 100644 --- a/sys/platforms/posixlycorrect/hardware-configuration.nix +++ b/sys/platforms/posixlycorrect/hardware-configuration.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + flakes, modulesPath, ... }: let @@ -12,7 +13,7 @@ }; in { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") + flakes.nixpkgs.nixosModules.notDetected ]; boot.initrd = { diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index bc4d279..2882423 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -1,8 +1,9 @@ { config, - pkgs, lib, + pkgs, flakes, + modulesPath, ... }: with lib; { @@ -10,27 +11,21 @@ with lib; { flakes.vpsadminos.nixosConfigurations.container flakes.home-manager.nixosModules.home-manager flakes.impermanence.nixosModule + ./hardware-configuration.nix ./srv ]; local.sys = { baseline.enable = true; + + users.fabian = { + enable = true; + sshKeyPublicFile = [ public_files/pki/fabian.ssh ]; + }; }; networking.hostName = "vps"; - users = { - users.fabian = { - isNormalUser = true; - uid = 1000; - group = "fabian"; - shell = pkgs.zsh; - extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - openssh.authorizedKeys.keyFiles = [public_files/pki/fabian.ssh]; - }; - groups.fabian.gid = 1000; - }; - services.openssh = { settings.PasswordAuthentication = false; }; @@ -54,19 +49,5 @@ with lib; { DefaultTimeoutStartSec=900s ''; - fileSystems = { - "/mnt/export2008" = { - device = "172.16.129.19:/nas/5876"; - fsType = "nfs"; - options = ["nofail" "noatime"]; - }; - - "/mnt/export2011" = { - device = "172.16.129.151:/nas/5876/bepasty"; - fsType = "nfs"; - options = ["nofail" "noatime" "noexec"]; - }; - }; - time.timeZone = "Europe/Amsterdam"; } diff --git a/sys/platforms/vps/hardware-configuration.nix b/sys/platforms/vps/hardware-configuration.nix new file mode 100644 index 0000000..431b227 --- /dev/null +++ b/sys/platforms/vps/hardware-configuration.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + flakes, + modulesPath, + ... +}: let +in { + fileSystems = { + "/mnt/export2008" = { + device = "172.16.129.19:/nas/5876"; + fsType = "nfs"; + options = ["nofail" "noatime"]; + }; + + "/mnt/export2011" = { + device = "172.16.129.151:/nas/5876/bepasty"; + fsType = "nfs"; + options = ["nofail" "noatime" "noexec"]; + }; + }; +} From 360138e76f53483be262e3270efb9c51d0e062b3 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 20:38:10 -0600 Subject: [PATCH 9/9] remove comments --- sys/modules/graphics.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/modules/graphics.nix b/sys/modules/graphics.nix index 31493c4..162e21b 100644 --- a/sys/modules/graphics.nix +++ b/sys/modules/graphics.nix @@ -14,8 +14,8 @@ in { services = { xserver = { enable = true; - xkb.layout = "us"; #TODO - displayManager.startx.enable = true; #TODO maybe crear un modulo para ly? + xkb.layout = "us"; + displayManager.startx.enable = true; }; libinput.enable = true; };