mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-10 01:42:55 +00:00
clean up host settings
and start removing if statements
This commit is contained in:
parent
3c51dd0db6
commit
d013f980a7
@ -7,7 +7,6 @@ with inputs;
|
|||||||
|
|
||||||
nixpkgs.lib.nixosSystem {
|
nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { };
|
|
||||||
modules = [
|
modules = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../modules/common
|
../../modules/common
|
||||||
@ -18,24 +17,26 @@ nixpkgs.lib.nixosSystem {
|
|||||||
{
|
{
|
||||||
physical = true;
|
physical = true;
|
||||||
networking.hostName = "tempest";
|
networking.hostName = "tempest";
|
||||||
nixpkgs.overlays = [ nur.overlay ] ++ overlays;
|
|
||||||
# Set registry to flake packages, used for nix X commands
|
|
||||||
nix.registry.nixpkgs.flake = nixpkgs;
|
|
||||||
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
|
|
||||||
gui.enable = true;
|
gui.enable = true;
|
||||||
|
nixpkgs.overlays = [ nur.overlay ] ++ overlays;
|
||||||
|
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
|
||||||
|
|
||||||
|
# Must be prepared ahead
|
||||||
|
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
|
||||||
|
|
||||||
|
# Theming
|
||||||
theme = {
|
theme = {
|
||||||
colors = (import ../../colorscheme/gruvbox).dark;
|
colors = (import ../../colorscheme/gruvbox).dark;
|
||||||
dark = true;
|
dark = true;
|
||||||
};
|
};
|
||||||
wallpaper = "${wallpapers}/gruvbox/road.jpg";
|
wallpaper = "${wallpapers}/gruvbox/road.jpg";
|
||||||
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
|
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
|
||||||
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
|
|
||||||
wsl.enable = false;
|
|
||||||
publicKey = null;
|
|
||||||
|
|
||||||
|
# Programs and services
|
||||||
charm.enable = true;
|
charm.enable = true;
|
||||||
neovim.enable = true;
|
neovim.enable = true;
|
||||||
media.enable = true;
|
media.enable = true;
|
||||||
|
dotfiles.enable = true;
|
||||||
firefox.enable = true;
|
firefox.enable = true;
|
||||||
kitty.enable = true;
|
kitty.enable = true;
|
||||||
_1password.enable = true;
|
_1password.enable = true;
|
||||||
@ -46,11 +47,9 @@ nixpkgs.lib.nixosSystem {
|
|||||||
mail.aerc.enable = true;
|
mail.aerc.enable = true;
|
||||||
mail.himalaya.enable = true;
|
mail.himalaya.enable = true;
|
||||||
keybase.enable = true;
|
keybase.enable = true;
|
||||||
# mullvad.enable = true;
|
mullvad.enable = false;
|
||||||
nixlang.enable = true;
|
nixlang.enable = true;
|
||||||
dotfiles.enable = true;
|
|
||||||
yt-dlp.enable = true;
|
yt-dlp.enable = true;
|
||||||
|
|
||||||
gaming = {
|
gaming = {
|
||||||
enable = true;
|
enable = true;
|
||||||
steam.enable = true;
|
steam.enable = true;
|
||||||
|
@ -32,7 +32,7 @@
|
|||||||
frequency = "*:0/5";
|
frequency = "*:0/5";
|
||||||
postExec = "${pkgs.notmuch}/bin/notmuch new";
|
postExec = "${pkgs.notmuch}/bin/notmuch new";
|
||||||
};
|
};
|
||||||
services.imapnotify.enable = pkgs.stdenv.isLinux && config.physical;
|
services.imapnotify.enable = pkgs.stdenv.isLinux;
|
||||||
programs.notmuch.enable = true;
|
programs.notmuch.enable = true;
|
||||||
accounts.email = {
|
accounts.email = {
|
||||||
maildirBasePath = "${config.homePath}/mail";
|
maildirBasePath = "${config.homePath}/mail";
|
||||||
|
@ -67,6 +67,12 @@
|
|||||||
# Set channel to flake packages, used for nix-shell commands
|
# Set channel to flake packages, used for nix-shell commands
|
||||||
nixPath = [ "nixpkgs=${pkgs.path}" ];
|
nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||||
|
|
||||||
|
# Set registry to this flake's packages, used for nix X commands
|
||||||
|
registry.nixpkgs.to = {
|
||||||
|
type = "path";
|
||||||
|
path = pkgs.path;
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
boot.loader = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
|
boot.loader = lib.mkIf config.physical {
|
||||||
grub = {
|
grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
@ -40,8 +40,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Allow reading from Windows drives
|
# Allow reading from Windows drives
|
||||||
boot.supportedFilesystems =
|
boot.supportedFilesystems = lib.mkIf config.physical [ "ntfs" ];
|
||||||
lib.mkIf (config.physical && pkgs.stdenv.isLinux) [ "ntfs" ];
|
|
||||||
|
|
||||||
# Use latest released Linux kernel by default
|
# Use latest released Linux kernel by default
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||||
|
@ -1,51 +1,50 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
config =
|
config = lib.mkIf config.gui.enable {
|
||||||
lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;
|
environment.systemPackages = with pkgs;
|
||||||
[
|
[
|
||||||
ddcutil # Monitor brightness control
|
ddcutil # Monitor brightness control
|
||||||
];
|
];
|
||||||
|
|
||||||
# Reduce blue light at night
|
# Reduce blue light at night
|
||||||
services.redshift = {
|
services.redshift = {
|
||||||
enable = true;
|
enable = true;
|
||||||
brightness = {
|
brightness = {
|
||||||
day = "1.0";
|
day = "1.0";
|
||||||
night = "1.0";
|
night = "1.0";
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Detect monitors (brightness) for ddcutil
|
|
||||||
hardware.i2c.enable = true;
|
|
||||||
|
|
||||||
# Grant main user access to external monitors
|
|
||||||
users.users.${config.user}.extraGroups = [ "i2c" ];
|
|
||||||
|
|
||||||
services.xserver.displayManager = {
|
|
||||||
|
|
||||||
# Put the login screen on the left monitor
|
|
||||||
lightdm.greeters.gtk.extraConfig = ''
|
|
||||||
active-monitor=0
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Set up screen position and rotation
|
|
||||||
setupCommands = ''
|
|
||||||
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
|
|
||||||
--mode 1920x1200 \
|
|
||||||
--pos 1920x0 \
|
|
||||||
--rotate left \
|
|
||||||
--output HDMI-A-0 \
|
|
||||||
--primary \
|
|
||||||
--mode 1920x1080 \
|
|
||||||
--pos 0x560 \
|
|
||||||
--rotate normal \
|
|
||||||
--output DVI-0 --off \
|
|
||||||
--output DVI-1 --off \
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Detect monitors (brightness) for ddcutil
|
||||||
|
hardware.i2c.enable = true;
|
||||||
|
|
||||||
|
# Grant main user access to external monitors
|
||||||
|
users.users.${config.user}.extraGroups = [ "i2c" ];
|
||||||
|
|
||||||
|
services.xserver.displayManager = {
|
||||||
|
|
||||||
|
# Put the login screen on the left monitor
|
||||||
|
lightdm.greeters.gtk.extraConfig = ''
|
||||||
|
active-monitor=0
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Set up screen position and rotation
|
||||||
|
setupCommands = ''
|
||||||
|
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
|
||||||
|
--mode 1920x1200 \
|
||||||
|
--pos 1920x0 \
|
||||||
|
--rotate left \
|
||||||
|
--output HDMI-A-0 \
|
||||||
|
--primary \
|
||||||
|
--mode 1920x1080 \
|
||||||
|
--pos 0x560 \
|
||||||
|
--rotate normal \
|
||||||
|
--output DVI-0 --off \
|
||||||
|
--output DVI-1 --off \
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,22 +1,21 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
config =
|
config = lib.mkIf config.gui.enable {
|
||||||
lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
|
|
||||||
|
|
||||||
# Mouse customization
|
# Mouse customization
|
||||||
services.ratbagd.enable = true;
|
services.ratbagd.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
libratbag # Mouse adjustments
|
libratbag # Mouse adjustments
|
||||||
piper # Mouse adjustments GUI
|
piper # Mouse adjustments GUI
|
||||||
];
|
];
|
||||||
|
|
||||||
services.xserver.libinput.mouse = {
|
|
||||||
# Disable mouse acceleration
|
|
||||||
accelProfile = "flat";
|
|
||||||
accelSpeed = "1.15";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
services.xserver.libinput.mouse = {
|
||||||
|
# Disable mouse acceleration
|
||||||
|
accelProfile = "flat";
|
||||||
|
accelSpeed = "1.15";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
|
config = lib.mkIf config.physical {
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
|
config = lib.mkIf config.physical {
|
||||||
|
|
||||||
# Prevent wake from keyboard
|
# Prevent wake from keyboard
|
||||||
powerManagement.powerDownCommands = ''
|
powerManagement.powerDownCommands = ''
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
publicKey = lib.mkOption {
|
publicKey = lib.mkOption {
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "Public SSH key authorized for this system.";
|
description = "Public SSH key authorized for this system.";
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
permitRootLogin = lib.mkOption {
|
permitRootLogin = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
@ -12,28 +13,27 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf
|
config = lib.mkIf (!config.wsl.enable && config.publicKey != null) {
|
||||||
(pkgs.stdenv.isLinux && !config.wsl.enable && config.publicKey != null) {
|
services.openssh = {
|
||||||
services.openssh = {
|
enable = true;
|
||||||
enable = true;
|
ports = [ 22 ];
|
||||||
ports = [ 22 ];
|
allowSFTP = true;
|
||||||
allowSFTP = true;
|
settings = {
|
||||||
settings = {
|
GatewayPorts = "no";
|
||||||
GatewayPorts = "no";
|
X11Forwarding = false;
|
||||||
X11Forwarding = false;
|
PasswordAuthentication = false;
|
||||||
PasswordAuthentication = false;
|
PermitRootLogin = config.permitRootLogin;
|
||||||
PermitRootLogin = config.permitRootLogin;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${config.user}.openssh.authorizedKeys.keys =
|
|
||||||
[ config.publicKey ];
|
|
||||||
|
|
||||||
# Implement a simple fail2ban service for sshd
|
|
||||||
services.sshguard.enable = true;
|
|
||||||
|
|
||||||
# Add terminfo for SSH from popular terminal emulators
|
|
||||||
environment.enableAllTerminfo = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.${config.user}.openssh.authorizedKeys.keys =
|
||||||
|
[ config.publicKey ];
|
||||||
|
|
||||||
|
# Implement a simple fail2ban service for sshd
|
||||||
|
services.sshguard.enable = true;
|
||||||
|
|
||||||
|
# Add terminfo for SSH from popular terminal emulators
|
||||||
|
environment.enableAllTerminfo = true;
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user