refactor to disable many things by default

4 files changed, 96 insertions, 73 deletions

diff --git a/nixos/common.nix b/nixos/common.nix
index 4352df8..4bacead 100644
--- a/nixos/common.nix
+++ b/nixos/common.nix
@@ -1,3 +1,6 @@
+# Common / necessary stuff here
+# Additional stuff in common2.nix
+
 { config, pkgs, lib, ... }:
 
 {
@@ -69,13 +72,6 @@
     };
   };
 
-  # Input method for japanese
-  i18n.inputMethod.enabled = "fcitx5";
-  i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ];
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
   # Enable sound.
   sound.enable = true;
   hardware.pulseaudio.enable = false;
@@ -87,9 +83,6 @@
     jack.enable = true;
   };
 
-  # Enable RTL-SDR
-  hardware.rtl-sdr.enable = true;
-
   # Enable touchpad support (enabled default in most desktopManager).
   services.xserver.libinput.enable = true;
 
@@ -97,9 +90,6 @@
   hardware.logitech.wireless.enable = true;
   hardware.logitech.wireless.enableGraphical = true;
 
-  # Enable libvirt
-  virtualisation.libvirtd.enable = true;
-
   # -------------------- users ---------------------
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
@@ -135,8 +125,7 @@
   # -------------------- packages ---------------------
 
   nixpkgs.config.allowUnfree = true;
-  nix.gc.automatic = pkgs.lib.mkDefault true;
-  nix.gc.options = "--delete-older-than 30d";
+
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
   nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
@@ -170,6 +159,7 @@
     ipafont
     kochi-substitute
   ];
+
   fonts.fontconfig.defaultFonts = {
     monospace = [
       "DejaVu Sans Mono"
@@ -323,9 +313,6 @@
 
   programs.mtr.enable = true;
 
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
   # ---- fancy networks and stuff ----
 
   services.yggdrasil = {
@@ -340,13 +327,6 @@
     };
   };
 
-  services.tailscale.enable = true;
-
-  services.tor = {
-    enable = true;
-    client.enable = true;
-  };
-
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.
diff --git a/nixos/common2.nix b/nixos/common2.nix
new file mode 100644
index 0000000..4c82e19
--- /dev/null
+++ b/nixos/common2.nix
@@ -0,0 +1,39 @@
+# More stuff, slows down boot process
+# so not enabled by default on kusanagi
+
+{ config, pkgs, lib, ... }:
+
+{
+  # Input method for japanese
+  i18n.inputMethod.enabled = "fcitx5";
+  i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ];
+
+  # ---- hardware support
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable RTL-SDR
+  hardware.rtl-sdr.enable = true;
+
+  # ---- networking
+
+  # Enable tailscale
+  services.tailscale.enable = true;
+
+  # Enable Tor daemon
+  services.tor = {
+    enable = true;
+    client.enable = true;
+  };
+
+  # ---- virtualization
+
+  # Enable libvirt
+  virtualisation.libvirtd.enable = true;
+
+  # Enable docker
+  virtualisation.docker.enable = true;
+
+  users.users.lx.extraGroups = [ "docker" "libvirtd" ];
+}
diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix
index 3558a99..0b2bdbc 100644
--- a/nixos/kusanagi.nix
+++ b/nixos/kusanagi.nix
@@ -21,8 +21,6 @@ in
       (modulesPath + "/installer/scan/not-detected.nix")
       ./common.nix
       ./sway.nix
-      ./wayfire.nix
-      ./local.nix
       (import "${home-manager}/nixos")
     ];
 
@@ -107,7 +105,6 @@ in
   users.mutableUsers = false;
   users.users.lx.hashedPasswordFile = "/Z/lx/.password";
   users.users.lx.uid = 1000;
-  users.users.lx.extraGroups = [ "vboxusers" "docker" ];
 
   # ---- no persistent home, use home manager to set everything up ----
 
@@ -131,47 +128,57 @@ in
     Option "TearFree" "true"
   '';
 
-  # ---- printing ----
-
-  services.printing.enable = true;
-  services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
-  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
-  services.avahi.openFirewall = true;
-
-  # ---- other
-
-  virtualisation.docker.enable = true;
-  virtualisation.virtualbox.host.enable = true;
-
-  # ---- remote backup (restic to infracoll)
+  # ---- specialization with extra stuff
 
-  services.restic.backups."infracoll" = {
-    repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
-    environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
-    passwordFile = "/persist/etc/secrets/restic/infracoll/password";
-    paths = [
-      "/persist"
-      "/Z/lx"
-    ];
-    exclude = [
-      "/persist/var/log"
+  specialisation."extra".configuration = { pkgs, ...}: {
+    imports = [
+      ./common2.nix
+      ./wayfire.nix
     ];
-    timerConfig = {
-      OnCalendar = "Fri, 8:00";
-      Persistent = true;
+
+    # ---- printing ----
+
+    services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
+
+    services.avahi.enable = true;
+    services.avahi.nssmdns = true;
+    services.avahi.openFirewall = true;
+
+    # ---- tor paths ----
+
+    services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
+    systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];
+
+    # ---- remote backup (restic to infracoll)
+    # requires tailscale so not enabled in default specialisation
+
+    services.restic.backups."infracoll" = {
+      repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
+      environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
+      passwordFile = "/persist/etc/secrets/restic/infracoll/password";
+      paths = [
+        "/persist"
+        "/Z/lx"
+      ];
+      exclude = [
+        "/persist/var/log"
+      ];
+      timerConfig = {
+        OnCalendar = "Fri, 8:00";
+        Persistent = true;
+      };
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 75"
+      ];
     };
-    pruneOpts = [
-      "--keep-daily 7"
-      "--keep-weekly 5"
-      "--keep-monthly 12"
-      "--keep-yearly 75"
-    ];
   };
 
   # ----
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  nixpkgs.hostPlatform =  "x86_64-linux";
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/nixos/lindy.nix b/nixos/lindy.nix
index a3bed87..bd1ec69 100644
--- a/nixos/lindy.nix
+++ b/nixos/lindy.nix
@@ -4,6 +4,7 @@
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     ./common.nix
+    ./common2.nix
     #./kde.nix
     #./95theme.nix
     #./gnome.nix
@@ -173,10 +174,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
   };
   hardware.opengl.enable = true;
 
-  # Docker, VirtualBox
-  virtualisation.docker.enable = true;
+  # VirtualBox
   virtualisation.virtualbox.host.enable = true;
-  users.users.lx.extraGroups = [ "docker" "vboxusers" ];
+  users.users.lx.extraGroups = [ "vboxusers" ];
 
   # Use resolver from network
   services.resolved.enable = false;
@@ -208,10 +208,7 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
     pinentry.gnome3
   ];
 
-  nix.gc.automatic = false;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-  hardware.cpu.intel.updateMicrocode =
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  nixpkgs.hostPlatform = "x86_64-linux";
+  powerManagement.cpuFreqGovernor = "ondemand";
+  hardware.cpu.intel.updateMicrocode = true;
 }