diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix index f4852be..c5cdd05 100644 --- a/home/modules/baseline.nix +++ b/home/modules/baseline.nix @@ -8,7 +8,7 @@ with lib; let cfg = config.local.baseline; in { options.local.baseline = { - enable = mkEnableOption "Basic settings"; + enable = mkEnableOption "Basic home settings"; }; config = mkIf cfg.enable { xdg.enable = true; diff --git a/sys/default.nix b/sys/default.nix index 0967ef4..5c7405a 100644 --- a/sys/default.nix +++ b/sys/default.nix @@ -1 +1,12 @@ -{} +{ + flakes, + config, + pkgs, + lib, + ... +}: +with lib; { + imports = [ + ./modules + ]; +} diff --git a/sys/modules/baseline.nix b/sys/modules/baseline.nix new file mode 100644 index 0000000..3869463 --- /dev/null +++ b/sys/modules/baseline.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.baseline; +in { + options.local.sys.baseline = { + enable = mkEnableOption "Basic system settings"; + }; + config = mkIf cfg.enable { + system.stateVersion = "24.05"; # DO NOT CHANGE + + nix = { + package = pkgs.nixVersions.stable; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + # Not interested in the global flake registry + settings.flake-registry = ""; + }; + + console = { + keyMap = "us"; + }; + + programs = { + zsh.enable = true; + fuse.userAllowOther = true; + }; + + environment = { + pathsToLink = [ + "/share/zsh" + ]; + + systemPackages = with pkgs; + [ + git + vim + ] + ++ optionals (!config.boot.isContainer) [ + lm_sensors + lshw + parted + pciutils + smartmontools + usbutils + ]; + }; + + services = { + openssh.enable = mkDefault true; + + earlyoom = { + enable = mkDefault true; + enableNotifications = true; + }; + }; + + # Coredumps are a security risk and may use up a lot of disk space + systemd.coredump.extraConfig = '' + Storage=none + ProcessSizeMax=0 + ''; + + security.dhparams = { + enable = true; + defaultBitSize = 4096; + }; + }; +} diff --git a/sys/modules/default.nix b/sys/modules/default.nix new file mode 100644 index 0000000..02f9f67 --- /dev/null +++ b/sys/modules/default.nix @@ -0,0 +1,10 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./baseline.nix + ]; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index e939e18..d5c1bb8 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -13,6 +13,10 @@ ./yubikey.nix ]; + local.sys = { + baseline.enable = true; + }; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -34,10 +38,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; # Enable the X11 windowing system. services.xserver = { @@ -64,9 +64,6 @@ wireplumber.enable = true; }; - programs.zsh.enable = true; - environment.pathsToLink = ["/share/zsh"]; - users = { users.fabian = { isNormalUser = true; @@ -82,11 +79,6 @@ pkgs.android-udev-rules ]; - users.users.temp = { - isNormalUser = true; - extraGroups = ["wheel"]; - }; - virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; @@ -95,20 +87,4 @@ # boot.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "vfio-pci.ids=1002:699f,1002:aae0" "video=efifb:off" ]; virtualisation.libvirtd.onBoot = "start"; - - nix = { - package = pkgs.nixVersions.stable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - services.openssh.enable = true; - - services.earlyoom = { - enable = true; - enableNotifications = true; - }; - - system.stateVersion = "24.05"; # DO NOT CHANGE } diff --git a/sys/platforms/posixlycorrect/yubikey.nix b/sys/platforms/posixlycorrect/yubikey.nix index 8b83a12..1064b1d 100644 --- a/sys/platforms/posixlycorrect/yubikey.nix +++ b/sys/platforms/posixlycorrect/yubikey.nix @@ -29,7 +29,7 @@ control = "sufficient"; settings = { debug = false; - cue = true; + cue = true; }; }; }; diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index e983e06..6cb9c72 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -13,13 +13,11 @@ with lib; { ./srv ]; - environment.systemPackages = with pkgs; [ - vim - git - ]; + local.sys = { + baseline.enable = true; + }; services.openssh = { - enable = true; settings.PasswordAuthentication = false; }; @@ -38,24 +36,8 @@ with lib; { }; }; - programs = { - zsh.enable = true; - fuse.userAllowOther = true; - }; - networking.hostName = "vps"; - nix = { - package = pkgs.nixVersions.stable; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - # No me interesa el global registry - settings.flake-registry = ""; - }; - users = { users.fabian = { isNormalUser = true; @@ -72,11 +54,6 @@ with lib; { DefaultTimeoutStartSec=900s ''; - security.dhparams = { - enable = true; - defaultBitSize = 4096; - }; - fileSystems = { "/mnt/export2008" = { device = "172.16.129.19:/nas/5876"; @@ -91,18 +68,5 @@ with lib; { }; }; - services.earlyoom = { - enable = mkDefault true; - enableNotifications = true; - }; - - # Coredumps son un riesgo de seguridad y puden usar mucho disco - systemd.coredump.extraConfig = '' - Storage=none - ProcessSizeMax=0 - ''; - time.timeZone = "Europe/Amsterdam"; - - system.stateVersion = "24.05"; # DO NOT CHANGE }