initial refactoring

2025-07-06 12:00:14 +00:00 · 2025-01-20 22:35:40 -05:00
parent a4b5e05f8f
commit c7933f8502
209 changed files with 5998 additions and 5308 deletions
--- a/platforms/nixos/modules/nmasur/profiles/aws.nix
+++ b/platforms/nixos/modules/nmasur/profiles/aws.nix
@ -0,0 +1,20 @@
+{ config, ... }:
+
+let
+  cfg = config.nmasur.profiles.aws;
+in
+{
+
+  options.nmasur.profiles.nmasur.aws.enable = lib.mkEnableOption "AWS EC2";
+
+  config = lib.mkIf cfg.enable {
+
+    # AWS settings require this
+    permitRootLogin = "prohibit-password";
+
+    # Make sure disk size is large enough
+    # https://github.com/nix-community/nixos-generators/issues/150
+    amazonImage.sizeMB = 16 * 1024;
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/base.nix
+++ b/platforms/nixos/modules/nmasur/profiles/base.nix
@ -0,0 +1,35 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.base;
+in
+
+{
+
+  options.nmasur.profiles.base.enable = lib.mkEnableOption "base Linux config";
+
+  config = lib.mkIf cfg.enable {
+
+    # Allows us to declaritively set password
+    users.mutableUsers = false;
+
+    # Define a user account. Don't forget to set a password with ‘passwd’.
+    users.users.${config.user} = {
+
+      # Create a home directory for human user
+      isNormalUser = true;
+
+      # Automatically create a password to start
+      hashedPassword = config.passwordHash;
+
+      extraGroups = [
+        "wheel" # Sudo privileges
+      ];
+    };
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/gaming.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gaming.nix
@ -0,0 +1,29 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.gaming;
+in
+
+{
+
+  options.nmasur.profiles.gaming.enable = lib.mkEnableOption "gaming options";
+
+  config = lib.mkIf cfg.enable {
+
+    # Enable graphics acceleration
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+
+    # Enable gamemode which can be executed on a per-game basis
+    programs.gamemode.enable = true;
+
+    environment.systemPackages = with pkgs; [ moonlight-qt ];
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/gui.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gui.nix
@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.gui;
+in
+
+{
+
+  options.nmasur.profiles.gui.enable = lib.mkEnableOption "GUI machine";
+
+  config = lib.mkIf cfg.enable {
+
+    # Mouse customization
+    services.ratbagd.enable = lib.mkDefault true;
+
+    environment.systemPackages = lib.mkDefault [
+      pkgs.libratbag # Mouse adjustments
+      pkgs.piper # Mouse adjustments GUI
+      pkgs.ddcutil # Monitor brightness control
+    ];
+
+    services.libinput.mouse = {
+      # Disable mouse acceleration
+      accelProfile = lib.mkDefault "flat";
+      accelSpeed = lib.mkDefault "1.15";
+    };
+
+    # Enable touchpad support
+    services.libinput.enable = true;
+
+    services.xserver = {
+
+      xkb.layout = lib.mkDefault "us";
+
+      # Keyboard responsiveness
+      autoRepeatDelay = lib.mkDefault 250;
+      autoRepeatInterval = lib.mkDefault 40;
+
+      windowManager = {
+        i3 = {
+          enable = lib.mkDefault true;
+        };
+      };
+
+    };
+
+    # Detect monitors (brightness) for ddcutil
+    hardware.i2c.enable = lib.mkDefault true;
+
+    # Grant main user access to external monitors
+    users.users.${config.user}.extraGroups = lib.mkDefault [ "i2c" ];
+
+    services.xserver.displayManager = {
+
+      # Put the login screen on the left monitor
+      lightdm.greeters.gtk.extraConfig = lib.mkDefault ''
+        active-monitor=0
+      '';
+
+      # Set up screen position and rotation
+      setupCommands = lib.mkDefault ''
+        ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
+                                            --primary \
+                                            --rotate normal \
+                                            --mode 2560x1440 \
+                                            --rate 165 \
+                                        --output DisplayPort-2 \
+                                            --right-of DisplayPort-1 \
+                                            --rotate left \
+                                        --output DVI-0 --off \
+                                        --output DVI-1 --off \
+                                        || echo "xrandr failed"
+      '';
+    };
+
+    # Required for setting GTK theme (for preferred-color-scheme in browser)
+    services.dbus.packages = [ pkgs.dconf ];
+    programs.dconf.enable = true;
+
+    # Make the login screen dark
+    services.xserver.displayManager.lightdm.greeters.gtk.theme = {
+      name = config.gtk.theme.name;
+      package = config.gtk.theme.package;
+    };
+
+    environment.sessionVariables = {
+      GTK_THEME = config.gtk.theme.name;
+    };
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/latest.nix
+++ b/platforms/nixos/modules/nmasur/profiles/latest.nix
@ -0,0 +1,22 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.latest;
+in
+
+{
+
+  options.nmasur.profiles.latest.enable = lib.mkEnableOption "keeping machine up-to-date";
+
+  config = lib.mkIf cfg.enable {
+
+    # Use latest released Linux kernel by default
+    boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/no-mitigations.nix
+++ b/platforms/nixos/modules/nmasur/profiles/no-mitigations.nix
@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.no-mitigations;
+in
+
+{
+
+  options.nmasur.profiles.no-mitigations.enable = lib.mkEnableOption "remove Kernel CPU mitigations";
+
+  config = lib.mkIf cfg.enable {
+
+    # WARNING: This is not secure
+    boot.kernelParams = [ "mitigations=off" ];
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/on-premises.nix
+++ b/platforms/nixos/modules/nmasur/profiles/on-premises.nix
@ -0,0 +1,44 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.on-premises;
+in
+
+{
+
+  options.nmasur.profiles.on-premises.enable = lib.mkEnableOption "on-premises machine settings";
+
+  config = lib.mkIf cfg.enable {
+
+    # Enable automatic timezone updates based on location
+    services.tzupdate.enable = true;
+
+    # Allow reading from Windows drives
+    boot.supportedFilesystems = [ "ntfs" ];
+
+    # Enable fstrim, which tracks free space on SSDs for garbage collection
+    # More info: https://www.reddit.com/r/NixOS/comments/rbzhb1/if_you_have_a_ssd_dont_forget_to_enable_fstrim/
+    services.fstrim.enable = true;
+
+    networking.useDHCP = !config.networking.networkmanager.enable;
+
+    networking.wireless = {
+      # Enables wireless support via wpa_supplicant.
+      enable = !config.networking.networkmanager.enable;
+
+      # Allows the user to control the WiFi settings.
+      userControlled.enable = true;
+    };
+
+    # Wake up tempest with a command
+    environment.systemPackages = [
+      (pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
+    ];
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/server.nix
+++ b/platforms/nixos/modules/nmasur/profiles/server.nix
@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.server;
+in
+
+{
+
+  options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";
+
+  config = lib.mkIf cfg.enable {
+
+    networking.firewall.allowPing = true;
+
+    # Implement a simple fail2ban service for sshd
+    services.sshguard.enable = true;
+
+    # Servers need a bootloader or they won't start
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # Use power button to sleep instead of poweroff
+    services.logind.powerKey = "suspend";
+    services.logind.powerKeyLongPress = "poweroff";
+
+    # Prevent wake from keyboard
+    powerManagement.powerDownCommands = ''
+      set +e
+
+      # Fix for Gigabyte motherboard
+      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
+      # Disable if enabled
+      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
+          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
+      fi
+
+      sleep 2
+
+      set -e
+    '';
+    services.udev.extraRules = ''
+      ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
+      ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"
+    '';
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/shared-media.nix
+++ b/platforms/nixos/modules/nmasur/profiles/shared-media.nix
@ -0,0 +1,25 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.shared-media;
+in
+
+{
+
+  options.nmasur.profiles.shared-media.enable = lib.mkEnableOption "shared media groups";
+
+  config = lib.mkIf cfg.enable {
+
+    # Create a shared group for many services
+    users.groups.shared = { };
+
+    # Give the human user access to the shared group
+    users.users.${config.user}.extraGroups = [ config.users.groups.shared.name ];
+
+  };
+}
--- a/platforms/nixos/modules/nmasur/profiles/wsl.nix
+++ b/platforms/nixos/modules/nmasur/profiles/wsl.nix
@ -0,0 +1,21 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.nmasur.profiles.wsl;
+in
+
+{
+  options.nmasur.profiles.wsl.enable = lib.mkEnableOption "WSL settings";
+
+  config = lib.mkIf cfg.enable {
+
+    # Replace config directory with our repo, since it sources from config on
+    # every launch
+    system.activationScripts.configDir.text = ''
+      rm -rf /etc/nixos
+      ln --symbolic --no-dereference --force ${config.dotfilesPath} /etc/nixos
+    '';
+
+  };
+
+}