move nixos and darwin back into modules dir

2025-07-05 08:00:14 +00:00 · 2023-02-20 20:37:37 -05:00
parent ded498f4c9
commit cc84f1d37a
163 changed files with 30 additions and 30 deletions
--- a/modules/nixos/system/default.nix
+++ b/modules/nixos/system/default.nix
@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }: {
+
+  imports = [ ./user.nix ./timezone.nix ./doas.nix ];
+
+  config = lib.mkIf pkgs.stdenv.isLinux {
+
+    # Pin a state version to prevent warnings
+    system.stateVersion =
+      config.home-manager.users.${config.user}.home.stateVersion;
+
+  };
+
+}
--- a/modules/nixos/system/doas.nix
+++ b/modules/nixos/system/doas.nix
@ -0,0 +1,35 @@
+# Replace sudo with doas
+
+{ config, pkgs, lib, ... }: {
+
+  config = lib.mkIf pkgs.stdenv.isLinux {
+
+    security = {
+
+      # Remove sudo
+      sudo.enable = false;
+
+      # Add doas
+      doas = {
+        enable = true;
+
+        # No password required
+        wheelNeedsPassword = false;
+
+        # Pass environment variables from user to root
+        # Also requires removing password here
+        extraRules = [{
+          groups = [ "wheel" ];
+          noPass = true;
+          keepEnv = true;
+        }];
+      };
+    };
+
+    home-manager.users.${config.user}.programs.fish.shellAliases = {
+      sudo = "doas";
+    };
+
+  };
+
+}
--- a/modules/nixos/system/timezone.nix
+++ b/modules/nixos/system/timezone.nix
@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }: {
+
+  config = lib.mkIf pkgs.stdenv.isLinux {
+
+    # Service to determine location for time zone
+    services.geoclue2.enable = true;
+    services.geoclue2.enableWifi = false; # Breaks when it can't connect
+    location = { provider = "geoclue2"; };
+
+    # Enable local time based on time zone
+    services.localtimed.enable = true;
+
+    # Required to get localtimed to talk to geoclue2
+    services.geoclue2.appConfig.localtimed.isSystem = true;
+    services.geoclue2.appConfig.localtimed.isAllowed = true;
+
+  };
+
+}
--- a/modules/nixos/system/user.nix
+++ b/modules/nixos/system/user.nix
@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }: {
+
+  options = {
+
+    passwordHash = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      description = "Password created with mkpasswd -m sha-512";
+      default = null;
+      # Test it by running: mkpasswd -m sha-512 --salt "PZYiMGmJIIHAepTM"
+    };
+
+  };
+
+  config = lib.mkIf (pkgs.stdenv.isLinux) {
+
+    # Allows us to declaritively set password
+    users.mutableUsers = false;
+
+    # Define a user account. Don't forget to set a password with ‘passwd’.
+    users.users.${config.user} = {
+
+      # Create a home directory for human user
+      isNormalUser = true;
+
+      # Automatically create a password to start
+      hashedPassword = config.passwordHash;
+
+      extraGroups = [
+        "wheel" # Sudo privileges
+      ];
+
+    };
+
+    home-manager.users.${config.user}.xdg = {
+      userDirs = {
+        enable = true;
+        createDirectories = true;
+        documents = "$HOME/documents";
+        download = config.userDirs.download;
+        music = "$HOME/media/music";
+        pictures = "$HOME/media/images";
+        videos = "$HOME/media/videos";
+        desktop = "$HOME/other/desktop";
+        publicShare = "$HOME/other/public";
+        templates = "$HOME/other/templates";
+        extraConfig = { XDG_DEV_DIR = "$HOME/dev"; };
+      };
+    };
+
+  };
+
+}