clean up host settings

and start removing if statements
This commit is contained in:
Noah Masur 2023-04-15 12:58:37 -04:00
parent 3c51dd0db6
commit d013f980a7
9 changed files with 100 additions and 98 deletions

View File

@ -7,7 +7,6 @@ with inputs;
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { };
modules = [ modules = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common ../../modules/common
@ -18,24 +17,26 @@ nixpkgs.lib.nixosSystem {
{ {
physical = true; physical = true;
networking.hostName = "tempest"; networking.hostName = "tempest";
nixpkgs.overlays = [ nur.overlay ] ++ overlays;
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = true; gui.enable = true;
nixpkgs.overlays = [ nur.overlay ] ++ overlays;
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
# Must be prepared ahead
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
# Theming
theme = { theme = {
colors = (import ../../colorscheme/gruvbox).dark; colors = (import ../../colorscheme/gruvbox).dark;
dark = true; dark = true;
}; };
wallpaper = "${wallpapers}/gruvbox/road.jpg"; wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark"; gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl.enable = false;
publicKey = null;
# Programs and services
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
media.enable = true; media.enable = true;
dotfiles.enable = true;
firefox.enable = true; firefox.enable = true;
kitty.enable = true; kitty.enable = true;
_1password.enable = true; _1password.enable = true;
@ -46,11 +47,9 @@ nixpkgs.lib.nixosSystem {
mail.aerc.enable = true; mail.aerc.enable = true;
mail.himalaya.enable = true; mail.himalaya.enable = true;
keybase.enable = true; keybase.enable = true;
# mullvad.enable = true; mullvad.enable = false;
nixlang.enable = true; nixlang.enable = true;
dotfiles.enable = true;
yt-dlp.enable = true; yt-dlp.enable = true;
gaming = { gaming = {
enable = true; enable = true;
steam.enable = true; steam.enable = true;

View File

@ -32,7 +32,7 @@
frequency = "*:0/5"; frequency = "*:0/5";
postExec = "${pkgs.notmuch}/bin/notmuch new"; postExec = "${pkgs.notmuch}/bin/notmuch new";
}; };
services.imapnotify.enable = pkgs.stdenv.isLinux && config.physical; services.imapnotify.enable = pkgs.stdenv.isLinux;
programs.notmuch.enable = true; programs.notmuch.enable = true;
accounts.email = { accounts.email = {
maildirBasePath = "${config.homePath}/mail"; maildirBasePath = "${config.homePath}/mail";

View File

@ -67,6 +67,12 @@
# Set channel to flake packages, used for nix-shell commands # Set channel to flake packages, used for nix-shell commands
nixPath = [ "nixpkgs=${pkgs.path}" ]; nixPath = [ "nixpkgs=${pkgs.path}" ];
# Set registry to this flake's packages, used for nix X commands
registry.nixpkgs.to = {
type = "path";
path = pkgs.path;
};
}; };
} }

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
boot.loader = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { boot.loader = lib.mkIf config.physical {
grub = { grub = {
enable = true; enable = true;
@ -40,8 +40,7 @@
}; };
# Allow reading from Windows drives # Allow reading from Windows drives
boot.supportedFilesystems = boot.supportedFilesystems = lib.mkIf config.physical [ "ntfs" ];
lib.mkIf (config.physical && pkgs.stdenv.isLinux) [ "ntfs" ];
# Use latest released Linux kernel by default # Use latest released Linux kernel by default
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;

View File

@ -1,51 +1,50 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
config = config = lib.mkIf config.gui.enable {
lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
environment.systemPackages = with pkgs; environment.systemPackages = with pkgs;
[ [
ddcutil # Monitor brightness control ddcutil # Monitor brightness control
]; ];
# Reduce blue light at night # Reduce blue light at night
services.redshift = { services.redshift = {
enable = true; enable = true;
brightness = { brightness = {
day = "1.0"; day = "1.0";
night = "1.0"; night = "1.0";
};
}; };
# Detect monitors (brightness) for ddcutil
hardware.i2c.enable = true;
# Grant main user access to external monitors
users.users.${config.user}.extraGroups = [ "i2c" ];
services.xserver.displayManager = {
# Put the login screen on the left monitor
lightdm.greeters.gtk.extraConfig = ''
active-monitor=0
'';
# Set up screen position and rotation
setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
--mode 1920x1200 \
--pos 1920x0 \
--rotate left \
--output HDMI-A-0 \
--primary \
--mode 1920x1080 \
--pos 0x560 \
--rotate normal \
--output DVI-0 --off \
--output DVI-1 --off \
'';
};
}; };
# Detect monitors (brightness) for ddcutil
hardware.i2c.enable = true;
# Grant main user access to external monitors
users.users.${config.user}.extraGroups = [ "i2c" ];
services.xserver.displayManager = {
# Put the login screen on the left monitor
lightdm.greeters.gtk.extraConfig = ''
active-monitor=0
'';
# Set up screen position and rotation
setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
--mode 1920x1200 \
--pos 1920x0 \
--rotate left \
--output HDMI-A-0 \
--primary \
--mode 1920x1080 \
--pos 0x560 \
--rotate normal \
--output DVI-0 --off \
--output DVI-1 --off \
'';
};
};
} }

View File

@ -1,22 +1,21 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
config = config = lib.mkIf config.gui.enable {
lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
# Mouse customization # Mouse customization
services.ratbagd.enable = true; services.ratbagd.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libratbag # Mouse adjustments libratbag # Mouse adjustments
piper # Mouse adjustments GUI piper # Mouse adjustments GUI
]; ];
services.xserver.libinput.mouse = {
# Disable mouse acceleration
accelProfile = "flat";
accelSpeed = "1.15";
};
services.xserver.libinput.mouse = {
# Disable mouse acceleration
accelProfile = "flat";
accelSpeed = "1.15";
}; };
};
} }

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { { config, lib, ... }: {
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { config = lib.mkIf config.physical {
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { { config, lib, ... }: {
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { config = lib.mkIf config.physical {
# Prevent wake from keyboard # Prevent wake from keyboard
powerManagement.powerDownCommands = '' powerManagement.powerDownCommands = ''

View File

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }: { { config, lib, ... }: {
options = { options = {
publicKey = lib.mkOption { publicKey = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = "Public SSH key authorized for this system."; description = "Public SSH key authorized for this system.";
default = null;
}; };
permitRootLogin = lib.mkOption { permitRootLogin = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -12,28 +13,27 @@
}; };
}; };
config = lib.mkIf config = lib.mkIf (!config.wsl.enable && config.publicKey != null) {
(pkgs.stdenv.isLinux && !config.wsl.enable && config.publicKey != null) { services.openssh = {
services.openssh = { enable = true;
enable = true; ports = [ 22 ];
ports = [ 22 ]; allowSFTP = true;
allowSFTP = true; settings = {
settings = { GatewayPorts = "no";
GatewayPorts = "no"; X11Forwarding = false;
X11Forwarding = false; PasswordAuthentication = false;
PasswordAuthentication = false; PermitRootLogin = config.permitRootLogin;
PermitRootLogin = config.permitRootLogin;
};
}; };
users.users.${config.user}.openssh.authorizedKeys.keys =
[ config.publicKey ];
# Implement a simple fail2ban service for sshd
services.sshguard.enable = true;
# Add terminfo for SSH from popular terminal emulators
environment.enableAllTerminfo = true;
}; };
users.users.${config.user}.openssh.authorizedKeys.keys =
[ config.publicKey ];
# Implement a simple fail2ban service for sshd
services.sshguard.enable = true;
# Add terminfo for SSH from popular terminal emulators
environment.enableAllTerminfo = true;
};
} }