From 2493d40db6503c0967cc4bc9152fffc4d2fe73a4 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sat, 18 May 2024 21:02:54 +0200 Subject: refactor to disable many things by default --- nixos/common.nix | 30 ++++--------------- nixos/common2.nix | 39 +++++++++++++++++++++++++ nixos/kusanagi.nix | 85 +++++++++++++++++++++++++++++------------------------- nixos/lindy.nix | 15 ++++------ 4 files changed, 96 insertions(+), 73 deletions(-) create mode 100644 nixos/common2.nix diff --git a/nixos/common.nix b/nixos/common.nix index 4352df8..4bacead 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,3 +1,6 @@ +# Common / necessary stuff here +# Additional stuff in common2.nix + { config, pkgs, lib, ... }: { @@ -69,13 +72,6 @@ }; }; - # Input method for japanese - i18n.inputMethod.enabled = "fcitx5"; - i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ]; - - # Enable CUPS to print documents. - services.printing.enable = true; - # Enable sound. sound.enable = true; hardware.pulseaudio.enable = false; @@ -87,9 +83,6 @@ jack.enable = true; }; - # Enable RTL-SDR - hardware.rtl-sdr.enable = true; - # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; @@ -97,9 +90,6 @@ hardware.logitech.wireless.enable = true; hardware.logitech.wireless.enableGraphical = true; - # Enable libvirt - virtualisation.libvirtd.enable = true; - # -------------------- users --------------------- # Define a user account. Don't forget to set a password with ‘passwd’. @@ -135,8 +125,7 @@ # -------------------- packages --------------------- nixpkgs.config.allowUnfree = true; - nix.gc.automatic = pkgs.lib.mkDefault true; - nix.gc.options = "--delete-older-than 30d"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ]; nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ]; @@ -170,6 +159,7 @@ ipafont kochi-substitute ]; + fonts.fontconfig.defaultFonts = { monospace = [ "DejaVu Sans Mono" @@ -323,9 +313,6 @@ programs.mtr.enable = true; - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - # ---- fancy networks and stuff ---- services.yggdrasil = { @@ -340,13 +327,6 @@ }; }; - services.tailscale.enable = true; - - services.tor = { - enable = true; - client.enable = true; - }; - # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. diff --git a/nixos/common2.nix b/nixos/common2.nix new file mode 100644 index 0000000..4c82e19 --- /dev/null +++ b/nixos/common2.nix @@ -0,0 +1,39 @@ +# More stuff, slows down boot process +# so not enabled by default on kusanagi + +{ config, pkgs, lib, ... }: + +{ + # Input method for japanese + i18n.inputMethod.enabled = "fcitx5"; + i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-mozc ]; + + # ---- hardware support + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable RTL-SDR + hardware.rtl-sdr.enable = true; + + # ---- networking + + # Enable tailscale + services.tailscale.enable = true; + + # Enable Tor daemon + services.tor = { + enable = true; + client.enable = true; + }; + + # ---- virtualization + + # Enable libvirt + virtualisation.libvirtd.enable = true; + + # Enable docker + virtualisation.docker.enable = true; + + users.users.lx.extraGroups = [ "docker" "libvirtd" ]; +} diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix index 3558a99..0b2bdbc 100644 --- a/nixos/kusanagi.nix +++ b/nixos/kusanagi.nix @@ -21,8 +21,6 @@ in (modulesPath + "/installer/scan/not-detected.nix") ./common.nix ./sway.nix - ./wayfire.nix - ./local.nix (import "${home-manager}/nixos") ]; @@ -107,7 +105,6 @@ in users.mutableUsers = false; users.users.lx.hashedPasswordFile = "/Z/lx/.password"; users.users.lx.uid = 1000; - users.users.lx.extraGroups = [ "vboxusers" "docker" ]; # ---- no persistent home, use home manager to set everything up ---- @@ -131,47 +128,57 @@ in Option "TearFree" "true" ''; - # ---- printing ---- - - services.printing.enable = true; - services.printing.drivers = [ pkgs.cups-brother-hl1210w ]; - services.avahi.enable = true; - services.avahi.nssmdns = true; - services.avahi.openFirewall = true; - - # ---- other - - virtualisation.docker.enable = true; - virtualisation.virtualbox.host.enable = true; - - # ---- remote backup (restic to infracoll) + # ---- specialization with extra stuff - services.restic.backups."infracoll" = { - repository = "s3:http://garage.isomorphis.me:3900/restic-lx"; - environmentFile = "/persist/etc/secrets/restic/infracoll/credentials"; - passwordFile = "/persist/etc/secrets/restic/infracoll/password"; - paths = [ - "/persist" - "/Z/lx" - ]; - exclude = [ - "/persist/var/log" + specialisation."extra".configuration = { pkgs, ...}: { + imports = [ + ./common2.nix + ./wayfire.nix ]; - timerConfig = { - OnCalendar = "Fri, 8:00"; - Persistent = true; + + # ---- printing ---- + + services.printing.drivers = [ pkgs.cups-brother-hl1210w ]; + + services.avahi.enable = true; + services.avahi.nssmdns = true; + services.avahi.openFirewall = true; + + # ---- tor paths ---- + + services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth"; + systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ]; + + # ---- remote backup (restic to infracoll) + # requires tailscale so not enabled in default specialisation + + services.restic.backups."infracoll" = { + repository = "s3:http://garage.isomorphis.me:3900/restic-lx"; + environmentFile = "/persist/etc/secrets/restic/infracoll/credentials"; + passwordFile = "/persist/etc/secrets/restic/infracoll/password"; + paths = [ + "/persist" + "/Z/lx" + ]; + exclude = [ + "/persist/var/log" + ]; + timerConfig = { + OnCalendar = "Fri, 8:00"; + Persistent = true; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 75" + ]; }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - "--keep-yearly 75" - ]; }; # ---- - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + nixpkgs.hostPlatform = "x86_64-linux"; + powerManagement.cpuFreqGovernor = "powersave"; + hardware.cpu.intel.updateMicrocode = true; } diff --git a/nixos/lindy.nix b/nixos/lindy.nix index a3bed87..bd1ec69 100644 --- a/nixos/lindy.nix +++ b/nixos/lindy.nix @@ -4,6 +4,7 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ./common.nix + ./common2.nix #./kde.nix #./95theme.nix #./gnome.nix @@ -173,10 +174,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key }; hardware.opengl.enable = true; - # Docker, VirtualBox - virtualisation.docker.enable = true; + # VirtualBox virtualisation.virtualbox.host.enable = true; - users.users.lx.extraGroups = [ "docker" "vboxusers" ]; + users.users.lx.extraGroups = [ "vboxusers" ]; # Use resolver from network services.resolved.enable = false; @@ -208,10 +208,7 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key pinentry.gnome3 ]; - nix.gc.automatic = false; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + nixpkgs.hostPlatform = "x86_64-linux"; + powerManagement.cpuFreqGovernor = "ondemand"; + hardware.cpu.intel.updateMicrocode = true; } -- cgit v1.2.3