From 6cf3070f8c220b9cdf5fcde53770d169c5217c80 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Wed, 12 Jun 2024 18:09:56 +0700 Subject: [PATCH] prepare for homeserver profile --- flake.nix | 17 ++++++ hardware-configuration/homeserver.nix | 2 + home/modules/hyprland/hyprland.nix | 3 +- home/tigor/config/ideavim/default.nix | 10 +++- home/tigor/config/kitty/default.nix | 16 +++-- home/tigor/config/wezterm/default.nix | 24 ++++---- home/tigor/default.nix | 19 +++--- home/tigor/programs/autostart.nix | 17 ------ home/tigor/programs/bitwarden.nix | 19 ++++++ home/tigor/programs/chromium.nix | 24 ++++++++ home/tigor/programs/dbeaver.nix | 9 +++ home/tigor/programs/default.nix | 84 ++++----------------------- home/tigor/programs/github.nix | 9 +++ home/tigor/programs/go.nix | 15 +++++ home/tigor/programs/jellyfin.nix | 11 ++++ home/tigor/programs/mpv.nix | 24 ++++---- home/tigor/programs/nnn.nix | 9 +++ home/tigor/programs/spotify.nix | 11 ++++ home/tigor/programs/variety.nix | 14 +++++ home/tigor/programs/vscode.nix | 26 +++++---- home/tigor/programs/zsh.nix | 4 ++ options/default.nix | 33 ++++++++++- options/podman.nix | 6 ++ options/programs.nix | 36 ++++++++++++ profiles/castle.nix | 18 ++++++ profiles/fort.nix | 7 +++ profiles/homeserver.nix | 25 ++++++++ system/default.nix | 14 +---- system/modules/audio.nix | 29 +++++---- system/modules/boot_loader.nix | 39 ++++++++----- system/modules/openssh.nix | 17 ++++++ system/modules/podman.nix | 20 +++++++ system/modules/sops.nix | 8 --- system/programs.nix | 6 ++ system/user.nix | 9 +-- 35 files changed, 441 insertions(+), 193 deletions(-) create mode 100644 hardware-configuration/homeserver.nix delete mode 100644 home/tigor/programs/autostart.nix create mode 100644 home/tigor/programs/bitwarden.nix create mode 100644 home/tigor/programs/chromium.nix create mode 100644 home/tigor/programs/dbeaver.nix create mode 100644 home/tigor/programs/github.nix create mode 100644 home/tigor/programs/go.nix create mode 100644 home/tigor/programs/jellyfin.nix create mode 100644 home/tigor/programs/nnn.nix create mode 100644 home/tigor/programs/spotify.nix create mode 100644 home/tigor/programs/variety.nix create mode 100644 options/podman.nix create mode 100644 profiles/homeserver.nix create mode 100644 system/modules/openssh.nix create mode 100644 system/modules/podman.nix diff --git a/flake.nix b/flake.nix index 0207f10..579aa11 100644 --- a/flake.nix +++ b/flake.nix @@ -109,6 +109,23 @@ ] ++ commonModules; specialArgs = specialArgs; }; + homeserver = + let + profile-path = ./profiles/homeserver.nix; + hardware-configuration = ./hardware-configuration/homeserver.nix; + specialArgs = { inherit inputs unstable profile-path hardware-configuration; }; + in + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./system + { + home-manager.extraSpecialArgs = specialArgs; + home-manager.users.tigor = import ./home/tigor; + } + ] ++ commonModules; + specialArgs = specialArgs; + }; }; }; } diff --git a/hardware-configuration/homeserver.nix b/hardware-configuration/homeserver.nix new file mode 100644 index 0000000..fb4b367 --- /dev/null +++ b/hardware-configuration/homeserver.nix @@ -0,0 +1,2 @@ +{ ... }: +{ } diff --git a/home/modules/hyprland/hyprland.nix b/home/modules/hyprland/hyprland.nix index 976db34..2505459 100644 --- a/home/modules/hyprland/hyprland.nix +++ b/home/modules/hyprland/hyprland.nix @@ -21,6 +21,8 @@ in config = lib.mkIf cfg.enable { home.packages = [ inputs.hyprland-contrib.packages.${pkgs.system}.grimblast + pkgs.wl-clipboard + pkgs.kcalc ]; sops.secrets."gnome-keyring/${config.home.username}" = { }; wayland.windowManager.hyprland = { @@ -223,7 +225,6 @@ in exec-once=pasystray exec-once=pypr exec-once=dunst - exec-once=fcitx5 -d source=${config.home.homeDirectory}/.cache/wallust/hyprland.conf exec-once=sleep 0.2 && swww img ${config.home.homeDirectory}/.cache/wallpaper/current diff --git a/home/tigor/config/ideavim/default.nix b/home/tigor/config/ideavim/default.nix index 19eefd7..06e3e0c 100644 --- a/home/tigor/config/ideavim/default.nix +++ b/home/tigor/config/ideavim/default.nix @@ -1,5 +1,11 @@ +{ config, lib, ... }: +let + cfg = config.profile.ideavim; +in { - home.file.".ideavimrc" = { - source = ./.ideavimrc; + config = lib.mkIf cfg.enable { + home.file.".ideavimrc" = { + source = ./.ideavimrc; + }; }; } diff --git a/home/tigor/config/kitty/default.nix b/home/tigor/config/kitty/default.nix index 2b088a0..6e07e6c 100644 --- a/home/tigor/config/kitty/default.nix +++ b/home/tigor/config/kitty/default.nix @@ -1,10 +1,14 @@ -{ ... }: - +{ config, lib, ... }: +let + cfg = config.profile.kitty; +in { - programs.kitty.enable = true; + config = lib.mkIf cfg.enable { + programs.kitty.enable = true; - home.file.".config/kitty" = { - source = ./.; - recursive = true; + home.file.".config/kitty" = { + source = ./.; + recursive = true; + }; }; } diff --git a/home/tigor/config/wezterm/default.nix b/home/tigor/config/wezterm/default.nix index 2608597..456073a 100644 --- a/home/tigor/config/wezterm/default.nix +++ b/home/tigor/config/wezterm/default.nix @@ -1,14 +1,18 @@ -{ ... }: - +{ config, lib, ... }: +let + cfg = config.profile.wezterm; +in { - programs.wezterm = { - enable = true; - enableZshIntegration = true; - enableBashIntegration = true; - }; + config = lib.mkIf cfg.enable { + programs.wezterm = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + }; - home.file.".config/wezterm" = { - source = ./.; - recursive = true; + home.file.".config/wezterm" = { + source = ./.; + recursive = true; + }; }; } diff --git a/home/tigor/default.nix b/home/tigor/default.nix index ad725e6..b3d9f4a 100644 --- a/home/tigor/default.nix +++ b/home/tigor/default.nix @@ -1,4 +1,8 @@ -{ pkgs, profile-path, ... }: +{ config, profile-path, ... }: +let + user = config.profile.user; + stateVersion = config.profile.system.stateVersion; +in { imports = [ profile-path @@ -15,15 +19,14 @@ ]; home = { - username = "tigor"; - homeDirectory = "/home/tigor"; - stateVersion = "23.11"; + username = user.name; + homeDirectory = "/home/${user.name}"; + stateVersion = stateVersion; }; - - + programs.home-manager.enable = true; systemd.user.sessionVariables = { - XDG_CONFIG_HOME = "/home/tigor/.config"; + XDG_CONFIG_HOME = "/home/${user.name}/.config"; }; - services.mpris-proxy.enable = true; + services.mpris-proxy.enable = config.profile.mpris-proxy.enable; } diff --git a/home/tigor/programs/autostart.nix b/home/tigor/programs/autostart.nix deleted file mode 100644 index d9cf690..0000000 --- a/home/tigor/programs/autostart.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - variety - bitwarden - ]; - - home.file = { - ".config/autostart/variety.desktop" = { - source = "${pkgs.variety}/share/applications/variety.desktop"; - }; - - ".config/autostart/bitwarden.desktop" = { - source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop"; - }; - }; -} diff --git a/home/tigor/programs/bitwarden.nix b/home/tigor/programs/bitwarden.nix new file mode 100644 index 0000000..fafbc3d --- /dev/null +++ b/home/tigor/programs/bitwarden.nix @@ -0,0 +1,19 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.profile.bitwarden; +in +{ + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + bitwarden + ]; + + + + home.file = { + ".config/autostart/bitwarden.desktop" = lib.mkIf cfg.autostart { + source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop"; + }; + }; + }; +} diff --git a/home/tigor/programs/chromium.nix b/home/tigor/programs/chromium.nix new file mode 100644 index 0000000..ed8043b --- /dev/null +++ b/home/tigor/programs/chromium.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: +let + cfg = config.profile.chromium; +in +{ + config = lib.mkIf cfg.enable { + programs.chromium = { + enable = true; + extensions = [ + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin + { id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey + { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden + { id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block + { id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger + { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete + { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration + ]; + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }; + }; +} diff --git a/home/tigor/programs/dbeaver.nix b/home/tigor/programs/dbeaver.nix new file mode 100644 index 0000000..6df6537 --- /dev/null +++ b/home/tigor/programs/dbeaver.nix @@ -0,0 +1,9 @@ +{ config, lib, unstable, ... }: +let + cfg = config.profile.dbeaver; +in +{ + config = lib.mkIf cfg.enable { + home.packages = [ unstable.dbeaver-bin ]; + }; +} diff --git a/home/tigor/programs/default.nix b/home/tigor/programs/default.nix index 43f784a..f172296 100644 --- a/home/tigor/programs/default.nix +++ b/home/tigor/programs/default.nix @@ -1,22 +1,27 @@ { pkgs, unstable, ... }: { imports = [ - ./autostart.nix + ./bitwarden.nix + ./chromium.nix + ./discord.nix ./git.nix + ./github.nix + ./go.nix ./mpv.nix + ./neovide.nix + ./nnn.nix ./node.nix + ./slack.nix + ./spotify.nix ./starship.nix ./tofi.nix + ./variety.nix ./vscode.nix - ./zsh.nix - ./discord.nix - ./neovide.nix - ./slack.nix ./whatsapp.nix + ./zsh.nix + ./dbeaver.nix ]; - programs.home-manager.enable = true; - programs.fzf = { enable = true; enableZshIntegration = true; @@ -29,76 +34,11 @@ enableZshIntegration = true; }; programs.ripgrep.enable = true; - - programs.go = { - enable = true; - goPrivate = [ - "gitlab.bareksa.com" - ]; - package = unstable.go_1_22; - }; - - programs.chromium = { - enable = true; - extensions = [ - { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin - { id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey - { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden - { id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block - { id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger - { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete - { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration - ]; - commandLineArgs = [ - "--enable-features=UseOzonePlatform" - "--ozone-platform=wayland" - ]; - }; - - programs.nnn = { - enable = true; - }; - programs.htop.enable = true; - programs.mpv.enable = true; - home.packages = with pkgs; [ - unstable.gh # github cli - wget - curl - openssl - zig - unzip - libcap - gcc - cargo - nixpkgs-fmt - fd - wl-clipboard - unstable.dbeaver-bin unstable.jellyfin-media-player - stylua - luarocks - du-dust - just - modd - lefthook - spotify - # seafile-client - lsof - # scrcpy - masterpdfeditor4 - watchexec - kcalc - pdfarranger unstable.microsoft-edge - # (floorp.override { - # nativeMessagingHosts = with pkgs; [ - # plasma5Packages.plasma-browser-integration - # ]; - # }) nextcloud-client - # qownnotes ]; } diff --git a/home/tigor/programs/github.nix b/home/tigor/programs/github.nix new file mode 100644 index 0000000..9bcb8d4 --- /dev/null +++ b/home/tigor/programs/github.nix @@ -0,0 +1,9 @@ +{ config, lib, unstable, ... }: +let + cfg = config.profile.gh; +in +{ + config = lib.mkIf cfg.enable { + home.packages = [ unstable.gh ]; + }; +} diff --git a/home/tigor/programs/go.nix b/home/tigor/programs/go.nix new file mode 100644 index 0000000..2fb484d --- /dev/null +++ b/home/tigor/programs/go.nix @@ -0,0 +1,15 @@ +{ config, lib, unstable, ... }: +let + cfg = config.profile.go; +in +{ + config = lib.mkIf cfg.enable { + programs.go = { + enable = true; + goPrivate = [ + "gitlab.bareksa.com" + ]; + package = unstable.go_1_22; + }; + }; +} diff --git a/home/tigor/programs/jellyfin.nix b/home/tigor/programs/jellyfin.nix new file mode 100644 index 0000000..88f442b --- /dev/null +++ b/home/tigor/programs/jellyfin.nix @@ -0,0 +1,11 @@ +{ config, lib, unstable, ... }: +let + cfg = config.profile.jellyfin; +in +{ + config = lib.mkIf cfg.enable { + home.packages = lib.mkIf cfg.client.enable [ + unstable.jellyfin-media-player + ]; + }; +} diff --git a/home/tigor/programs/mpv.nix b/home/tigor/programs/mpv.nix index 0e16340..a10415a 100644 --- a/home/tigor/programs/mpv.nix +++ b/home/tigor/programs/mpv.nix @@ -1,13 +1,17 @@ -{ pkgs, ... }: - +{ config, lib, pkgs, ... }: +let + cfg = config.profile.mpv; +in { - programs.mpv = { - enable = true; - scripts = with pkgs.mpvScripts; [ - uosc - mpris - thumbnail - sponsorblock - ]; + config = lib.mkIf cfg.enable { + programs.mpv = { + enable = true; + scripts = with pkgs.mpvScripts; [ + uosc + mpris + thumbnail + sponsorblock + ]; + }; }; } diff --git a/home/tigor/programs/nnn.nix b/home/tigor/programs/nnn.nix new file mode 100644 index 0000000..194fd95 --- /dev/null +++ b/home/tigor/programs/nnn.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +let + cfg = config.profile.nnn; +in +{ + config = lib.mkIf cfg.enable { + programs.nnn.enable = true; + }; +} diff --git a/home/tigor/programs/spotify.nix b/home/tigor/programs/spotify.nix new file mode 100644 index 0000000..f096c82 --- /dev/null +++ b/home/tigor/programs/spotify.nix @@ -0,0 +1,11 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.profile.spotify; +in +{ + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + spotify + ]; + }; +} diff --git a/home/tigor/programs/variety.nix b/home/tigor/programs/variety.nix new file mode 100644 index 0000000..ad50ddd --- /dev/null +++ b/home/tigor/programs/variety.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.profile.variety; +in +{ + config = lib.mkIf cfg.enable { + home.packages = [ pkgs.variety ]; + + home.file.".config/autostart.variety.desktop" = lib.mkIf cfg.autostart { + source = "${pkgs.variety}/share/applications/variety.desktop"; + }; + }; + +} diff --git a/home/tigor/programs/vscode.nix b/home/tigor/programs/vscode.nix index adcc3cd..5827620 100644 --- a/home/tigor/programs/vscode.nix +++ b/home/tigor/programs/vscode.nix @@ -1,14 +1,18 @@ -{ unstable, ... }: - +{ config, lib, unstable, ... }: +let + cfg = config.profile.vscode; +in { - programs.vscode = { - enable = true; - package = unstable.vscode; - extensions = with unstable.vscode-extensions; [ - dracula-theme.theme-dracula - golang.go - esbenp.prettier-vscode - catppuccin.catppuccin-vsc - ]; + config = lib.mkIf cfg.enable { + programs.vscode = { + enable = true; + package = unstable.vscode; + extensions = with unstable.vscode-extensions; [ + dracula-theme.theme-dracula + golang.go + esbenp.prettier-vscode + catppuccin.catppuccin-vsc + ]; + }; }; } diff --git a/home/tigor/programs/zsh.nix b/home/tigor/programs/zsh.nix index 57658ad..43e8158 100644 --- a/home/tigor/programs/zsh.nix +++ b/home/tigor/programs/zsh.nix @@ -45,6 +45,10 @@ (cat "$_ZSH_COLOR_SCHEME_FILE" &) fi ''; + initExtra = '' + bindkey '^I' menu-complete + bindkey "$terminfo[kcbt]" reverse-menu-complete + ''; antidote = { enable = true; plugins = [ diff --git a/options/default.nix b/options/default.nix index 6cf154e..ce2acf4 100644 --- a/options/default.nix +++ b/options/default.nix @@ -3,12 +3,41 @@ imports = [ ./programs.nix ./hyprland.nix + ./podman.nix ]; options.profile = { + + #### Required Options #### + hostname = lib.mkOption { type = lib.types.str; }; + user = { + name = lib.mkOption { + type = lib.types.str; + }; + fullName = lib.mkOption { + type = lib.types.str; + }; + + getty.autoLogin = lib.mkEnableOption "auto-login to getty"; + }; + + system.stateVersion = lib.mkOption { + type = lib.types.str; + }; + + #### Optionals #### + + grub.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + audio.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; android.enable = lib.mkEnableOption "android"; avahi.enable = lib.mkEnableOption "avahi"; bluetooth.enable = lib.mkEnableOption "bluetooth"; @@ -47,9 +76,7 @@ }; keyboard.language.japanese = lib.mkEnableOption "Japanese keyboard input"; - - firefox.enable = lib.mkEnableOption "firefox"; - brightnessctl.enable = lib.mkEnableOption "brightnessctl"; + openssh.enable = lib.mkEnableOption "openssh"; }; } diff --git a/options/podman.nix b/options/podman.nix new file mode 100644 index 0000000..3f005f3 --- /dev/null +++ b/options/podman.nix @@ -0,0 +1,6 @@ +{ lib, ... }: +{ + options.profile.podman = { + enable = lib.mkEnableOption "podman"; + }; +} diff --git a/options/programs.nix b/options/programs.nix index 920930a..de37590 100644 --- a/options/programs.nix +++ b/options/programs.nix @@ -31,5 +31,41 @@ syncthing.enable = lib.mkEnableOption "syncthing"; obs.enable = lib.mkEnableOption "obs"; + + wezterm.enable = lib.mkEnableOption "wezterm"; + neovide.enable = lib.mkEnableOption "neovide"; + ideavim.enable = lib.mkEnableOption "ideavim"; + kitty.enable = lib.mkEnableOption "kitty"; + + mpris-proxy.enable = lib.mkEnableOption "mpris-proxy"; + + variety = { + enable = lib.mkEnableOption "variety"; + autostart = lib.mkEnableOption "variety autostart"; + }; + + + bitwarden = { + enable = lib.mkEnableOption "bitwarden"; + autostart = lib.mkEnableOption "bitwarden autostart"; + }; + + go.enable = lib.mkEnableOption "go"; + chromium.enable = lib.mkEnableOption "chromium"; + nnn.enable = lib.mkEnableOption "nnn"; + mpv.enable = lib.mkEnableOption "mpv"; + + gh.enable = lib.mkEnableOption "gh"; # GitHub CLI + spotify = { + enable = lib.mkEnableOption "spotify"; + autostart = lib.mkEnableOption "spotify autostart"; + }; + firefox.enable = lib.mkEnableOption "firefox"; + vscode.enable = lib.mkEnableOption "vscode"; + + # This is client jellyfin option only. + # For server option, see podman.nix. + jellyfin.enable = lib.mkEnableOption "jellyfin"; + dbeaver.enable = lib.mkEnableOption "dbeaver"; }; } diff --git a/profiles/castle.nix b/profiles/castle.nix index 8dbe402..9f715c4 100644 --- a/profiles/castle.nix +++ b/profiles/castle.nix @@ -10,6 +10,10 @@ in profile = { hostname = "castle"; + user = { + name = "tigor"; + fullName = "Tigor Hutasuhut"; + }; hyprland = { enable = true; @@ -55,5 +59,19 @@ in security.sudo.wheelNeedsPassword = false; keyboard.language.japanese = true; + + system.stateVersion = "23.11"; + + mpris-proxy.enable = true; + kitty.enable = true; + neovide.enable = true; + spotify.enable = true; + vscode.enable = true; + jellyfin.enable = true; + mpv.enable = true; + go.enable = true; + chromium.enable = true; + bitwarden.enable = true; + dbeaver.enable = true; }; } diff --git a/profiles/fort.nix b/profiles/fort.nix index b8b8006..bc6cae7 100644 --- a/profiles/fort.nix +++ b/profiles/fort.nix @@ -6,6 +6,12 @@ profile = { hostname = "fort"; + user = { + name = "tigor"; + fullName = "Tigor Hutasuhut"; + }; + system.stateVersion = "23.11"; + hyprland = { enable = true; settings = { @@ -41,5 +47,6 @@ brightnessctl.enable = true; keyboard.language.japanese = true; + }; } diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix new file mode 100644 index 0000000..0c9c3b5 --- /dev/null +++ b/profiles/homeserver.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + imports = [ + ../options + ]; + + profile = { + hostname = "homeserver"; + user = { + name = "homeserver"; + fullName = "Homeserver"; + }; + system.stateVersion = "24.05"; + + grub.enable = false; + # There is no GUI on the server. No need for audio. + audio.enable = false; + security.sudo.wheelNeedsPassword = false; + + podman = { + enable = true; + }; + openssh.enable = true; + }; +} diff --git a/system/default.nix b/system/default.nix index a8a0d72..94b0969 100644 --- a/system/default.nix +++ b/system/default.nix @@ -9,17 +9,7 @@ ./keyboard.nix ]; - security.sudo = - let - cfg = config.profile.security.sudo; - in - { - wheelNeedsPassword = cfg.wheelNeedsPassword; - extraConfig = '' - Defaults timestamp_timeout=30 - Defaults timestamp_type=global - ''; - }; + security.sudo.wheelNeedsPassword = config.profile.security.sudo.wheelNeedsPassword; networking.hostName = config.profile.hostname; @@ -59,7 +49,7 @@ mandoc.enable = true; }; - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = config.profile.system.stateVersion; systemd.services.decrypt-sops = { wantedBy = [ "multi-user.target" ]; diff --git a/system/modules/audio.nix b/system/modules/audio.nix index 67cae37..cf24433 100644 --- a/system/modules/audio.nix +++ b/system/modules/audio.nix @@ -1,19 +1,16 @@ -{ ... }: +{ config, lib, ... }: +let + cfg = config.profile.audio; +in { - # Enable sound with pipewire. - # sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; + config = lib.mkIf cfg.enable { + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; }; } diff --git a/system/modules/boot_loader.nix b/system/modules/boot_loader.nix index dabe5f9..8db8d1d 100644 --- a/system/modules/boot_loader.nix +++ b/system/modules/boot_loader.nix @@ -1,15 +1,28 @@ -{ ... }: -{ - boot.loader = { - efi = { - efiSysMountPoint = "/boot"; - canTouchEfiVariables = true; +{ config, lib, ... }: +let + grub = config.profile.grub; +in +lib.mkMerge [ + { + boot.loader = lib.mkIf grub.enable { + efi = { + efiSysMountPoint = "/boot"; + canTouchEfiVariables = true; + }; + grub = { + enable = true; + efiSupport = true; + useOSProber = true; + device = "nodev"; # used nodev because of efi support + }; }; - grub = { - enable = true; - efiSupport = true; - useOSProber = true; - device = "nodev"; # used nodev because of efi support + } + { + boot.loader = lib.mkIf (!grub.enable) { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + }; }; - }; -} + } +] diff --git a/system/modules/openssh.nix b/system/modules/openssh.nix new file mode 100644 index 0000000..cd1ffe5 --- /dev/null +++ b/system/modules/openssh.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: +let + cfg = config.profile.openssh; +in +{ + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; + }; +} diff --git a/system/modules/podman.nix b/system/modules/podman.nix new file mode 100644 index 0000000..7f0798c --- /dev/null +++ b/system/modules/podman.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.profile.podman; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + dive # look into docker image layers + podman-tui # status of containers in the terminal + podman-compose # start group of containers for dev + ]; + + virtualisation.podman = { + enable = true; + dockerSocket.enable = true; + autoPrune.enable = true; # Default weekly + dockerCompat = true; + }; + }; +} diff --git a/system/modules/sops.nix b/system/modules/sops.nix index 61c1201..102bc9c 100644 --- a/system/modules/sops.nix +++ b/system/modules/sops.nix @@ -12,13 +12,5 @@ in defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/${owner}/.config/sops/age/keys.txt"; - - secrets = { - "smb/secrets" = { inherit owner; }; - "docker/config" = { - inherit owner; - path = "/home/${owner}/.docker/config.json"; - }; - }; }; } diff --git a/system/programs.nix b/system/programs.nix index ba6e976..97e9e54 100644 --- a/system/programs.nix +++ b/system/programs.nix @@ -19,6 +19,12 @@ gnumake sqlite nurl + lsof + unzip + openssl + libcap + fd + du-dust ]; environment.sessionVariables = { diff --git a/system/user.nix b/system/user.nix index 49aa702..aaba880 100644 --- a/system/user.nix +++ b/system/user.nix @@ -1,13 +1,13 @@ -{ pkgs, ... }: +{ pkgs, config, lib, ... }: let - user = "tigor"; - fullName = "Tigor Hutasuhut"; + user = config.profile.user.name; + fullName = config.profile.user.fullName; in { users.users.${user} = { isNormalUser = true; description = fullName; - extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" ]; + extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ]; shell = pkgs.zsh; }; @@ -18,4 +18,5 @@ in }; nix.settings.trusted-users = [ user ]; + services.getty.autologinUser = lib.mkIf config.profile.user.getty.autoLogin user; }