summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2024-05-18 21:02:54 +0200
committerAlex Auvolat <alex@adnab.me>2024-05-18 21:02:54 +0200
commit2493d40db6503c0967cc4bc9152fffc4d2fe73a4 (patch)
treea4fe8eb99be03bc2b9b6c2d3c3819600fc6f79e8
parent89f533903dfde2d24ba55236775a41ca46a870ac (diff)
downloaduser-config-2493d40db6503c0967cc4bc9152fffc4d2fe73a4.tar.gz
user-config-2493d40db6503c0967cc4bc9152fffc4d2fe73a4.zip
refactor to disable many things by default
-rw-r--r--nixos/common.nix30
-rw-r--r--nixos/common2.nix39
-rw-r--r--nixos/kusanagi.nix85
-rw-r--r--nixos/lindy.nix15
4 files changed, 96 insertions, 73 deletions
diff --git a/nixos/common.nix b/nixos/common.nix
index 4352df8..4bacead 100644
--- a/nixos/common.nix
+++ b/nixos/common.nix
@@ -1,3 +1,6 @@
+# Common / necessary stuff here
+# Additional stuff in common2.nix
+
{ config, pkgs, lib, ... }:
{
@@ -69,13 +72,6 @@
};
};
- # Input method for japanese
- i18n.inputMethod.enabled = "fcitx5";
- i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ];
-
- # Enable CUPS to print documents.
- services.printing.enable = true;
-
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
@@ -87,9 +83,6 @@
jack.enable = true;
};
- # Enable RTL-SDR
- hardware.rtl-sdr.enable = true;
-
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
@@ -97,9 +90,6 @@
hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true;
- # Enable libvirt
- virtualisation.libvirtd.enable = true;
-
# -------------------- users ---------------------
# Define a user account. Don't forget to set a password with ‘passwd’.
@@ -135,8 +125,7 @@
# -------------------- packages ---------------------
nixpkgs.config.allowUnfree = true;
- nix.gc.automatic = pkgs.lib.mkDefault true;
- nix.gc.options = "--delete-older-than 30d";
+
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
@@ -170,6 +159,7 @@
ipafont
kochi-substitute
];
+
fonts.fontconfig.defaultFonts = {
monospace = [
"DejaVu Sans Mono"
@@ -323,9 +313,6 @@
programs.mtr.enable = true;
- # Enable the OpenSSH daemon.
- # services.openssh.enable = true;
-
# ---- fancy networks and stuff ----
services.yggdrasil = {
@@ -340,13 +327,6 @@
};
};
- services.tailscale.enable = true;
-
- services.tor = {
- enable = true;
- client.enable = true;
- };
-
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
diff --git a/nixos/common2.nix b/nixos/common2.nix
new file mode 100644
index 0000000..4c82e19
--- /dev/null
+++ b/nixos/common2.nix
@@ -0,0 +1,39 @@
+# More stuff, slows down boot process
+# so not enabled by default on kusanagi
+
+{ config, pkgs, lib, ... }:
+
+{
+ # Input method for japanese
+ i18n.inputMethod.enabled = "fcitx5";
+ i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ];
+
+ # ---- hardware support
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Enable RTL-SDR
+ hardware.rtl-sdr.enable = true;
+
+ # ---- networking
+
+ # Enable tailscale
+ services.tailscale.enable = true;
+
+ # Enable Tor daemon
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
+
+ # ---- virtualization
+
+ # Enable libvirt
+ virtualisation.libvirtd.enable = true;
+
+ # Enable docker
+ virtualisation.docker.enable = true;
+
+ users.users.lx.extraGroups = [ "docker" "libvirtd" ];
+}
diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix
index 3558a99..0b2bdbc 100644
--- a/nixos/kusanagi.nix
+++ b/nixos/kusanagi.nix
@@ -21,8 +21,6 @@ in
(modulesPath + "/installer/scan/not-detected.nix")
./common.nix
./sway.nix
- ./wayfire.nix
- ./local.nix
(import "${home-manager}/nixos")
];
@@ -107,7 +105,6 @@ in
users.mutableUsers = false;
users.users.lx.hashedPasswordFile = "/Z/lx/.password";
users.users.lx.uid = 1000;
- users.users.lx.extraGroups = [ "vboxusers" "docker" ];
# ---- no persistent home, use home manager to set everything up ----
@@ -131,47 +128,57 @@ in
Option "TearFree" "true"
'';
- # ---- printing ----
-
- services.printing.enable = true;
- services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
- services.avahi.enable = true;
- services.avahi.nssmdns = true;
- services.avahi.openFirewall = true;
-
- # ---- other
-
- virtualisation.docker.enable = true;
- virtualisation.virtualbox.host.enable = true;
-
- # ---- remote backup (restic to infracoll)
+ # ---- specialization with extra stuff
- services.restic.backups."infracoll" = {
- repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
- environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
- passwordFile = "/persist/etc/secrets/restic/infracoll/password";
- paths = [
- "/persist"
- "/Z/lx"
- ];
- exclude = [
- "/persist/var/log"
+ specialisation."extra".configuration = { pkgs, ...}: {
+ imports = [
+ ./common2.nix
+ ./wayfire.nix
];
- timerConfig = {
- OnCalendar = "Fri, 8:00";
- Persistent = true;
+
+ # ---- printing ----
+
+ services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
+
+ services.avahi.enable = true;
+ services.avahi.nssmdns = true;
+ services.avahi.openFirewall = true;
+
+ # ---- tor paths ----
+
+ services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
+ systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];
+
+ # ---- remote backup (restic to infracoll)
+ # requires tailscale so not enabled in default specialisation
+
+ services.restic.backups."infracoll" = {
+ repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
+ environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
+ passwordFile = "/persist/etc/secrets/restic/infracoll/password";
+ paths = [
+ "/persist"
+ "/Z/lx"
+ ];
+ exclude = [
+ "/persist/var/log"
+ ];
+ timerConfig = {
+ OnCalendar = "Fri, 8:00";
+ Persistent = true;
+ };
+ pruneOpts = [
+ "--keep-daily 7"
+ "--keep-weekly 5"
+ "--keep-monthly 12"
+ "--keep-yearly 75"
+ ];
};
- pruneOpts = [
- "--keep-daily 7"
- "--keep-weekly 5"
- "--keep-monthly 12"
- "--keep-yearly 75"
- ];
};
# ----
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ nixpkgs.hostPlatform = "x86_64-linux";
+ powerManagement.cpuFreqGovernor = "powersave";
+ hardware.cpu.intel.updateMicrocode = true;
}
diff --git a/nixos/lindy.nix b/nixos/lindy.nix
index a3bed87..bd1ec69 100644
--- a/nixos/lindy.nix
+++ b/nixos/lindy.nix
@@ -4,6 +4,7 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./common.nix
+ ./common2.nix
#./kde.nix
#./95theme.nix
#./gnome.nix
@@ -173,10 +174,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
};
hardware.opengl.enable = true;
- # Docker, VirtualBox
- virtualisation.docker.enable = true;
+ # VirtualBox
virtualisation.virtualbox.host.enable = true;
- users.users.lx.extraGroups = [ "docker" "vboxusers" ];
+ users.users.lx.extraGroups = [ "vboxusers" ];
# Use resolver from network
services.resolved.enable = false;
@@ -208,10 +208,7 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
pinentry.gnome3
];
- nix.gc.automatic = false;
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
- hardware.cpu.intel.updateMicrocode =
- lib.mkDefault config.hardware.enableRedistributableFirmware;
+ nixpkgs.hostPlatform = "x86_64-linux";
+ powerManagement.cpuFreqGovernor = "ondemand";
+ hardware.cpu.intel.updateMicrocode = true;
}