artemist/nixos-config
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Further modularlize config

Browse source
This commit is contained in:
Artemis Tosini 2020-11-17 01:51:13 +00:00
parent f5105cea8d
commit fc10d65648
Signed by: artemist
GPG key ID: ADFFE553DCBB831E
13 changed files with 182 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
configuration.nix
View file

@ -1,96 +1,58 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports = [
[ ./private
./private ./system/current
./system/current ./packages.nix
./packages.nix ./fonts.nix
./fonts.nix ];
./sets/neovim
];
nix = { nix = {
daemonNiceLevel = 5; daemonNiceLevel = 5;
daemonIONiceLevel = 1; daemonIONiceLevel = 1;
autoOptimiseStore = true; autoOptimiseStore = true;
gc = { gc = {
automatic = true; automatic = true;
dates = "00:00"; dates = "00:00";
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
};
trustedUsers = [ "artemis" ];
}; };
trustedUsers = [ "artemis" ];
};
console = { console = {
keyMap = "us"; keyMap = "us";
earlySetup = true; earlySetup = true;
}; };
i18n.defaultLocale = "de_DE.UTF-8"; i18n.defaultLocale = "de_DE.UTF-8";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
time.timeZone = "Etc/UTC"; time.timeZone = "Etc/UTC";
environment = { environment = {
variables = { variables.TERMINAL = "alacritty";
TERMINAL = "alacritty";
# for Sway
MOZ_USE_XINPUT2 = "1";
_JAVA_AWT_WM_NONREPARENTING = "1";
GTK_THEME = "Adwaita-dark";
};
enableDebugInfo = true; enableDebugInfo = true;
shellAliases = {
vim = "nvim";
};
}; };
sound.enable = true;
virtualisation = {
docker.enable = true;
lxd = {
enable = true;
recommendedSysctlSettings = true;
};
};
security.polkit.enable = true;
services = { services = {
avahi = { avahi = {
enable = true; enable = true;
nssmdns = true; nssmdns = true;
publish = {
enable = true;
userServices = true;
};
}; };
accounts-daemon.enable = true;
chrony.enable = true; chrony.enable = true;
flatpak.enable = true; flatpak.enable = true;
fwupd.enable = true; fwupd.enable = true;
kbfs.enable = true; kbfs.enable = true;
keybase.enable = true; keybase.enable = true;
logind.extraConfig = "HandlePowerKey=suspend";
pcscd.enable = true; pcscd.enable = true;
tor = {
enable = true;
client.enable = true;
};
syncthing = { syncthing = {
enable = true; enable = true;
user = "artemis"; user = "artemis";
dataDir = "/home/artemis"; dataDir = "/home/artemis";
}; };
udev.packages = [ udev.packages = [
pkgs.android-udev-rules
(pkgs.callPackage ./externals/rules/adafruit.nix { })
(pkgs.callPackage ./externals/rules/fpga.nix { })
(pkgs.callPackage ./externals/rules/limesuite.nix { })
(pkgs.callPackage ./externals/rules/uhk.nix { }) (pkgs.callPackage ./externals/rules/uhk.nix { })
]; ];
printing = { printing = {
@ -98,13 +60,6 @@
drivers = [ pkgs.brlaser ]; drivers = [ pkgs.brlaser ];
}; };
}; };
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
];
};
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
@ -117,29 +72,13 @@
}; };
}; };
networking = { networking.firewall.enable = false;
firewall.enable = false;
networkmanager = {
enable = lib.mkDefault true;
ethernet.macAddress = "random";
wifi.macAddress = "random";
};
};
programs = { programs = {
adb.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
sway = {
enable = true;
wrapperFeatures.gtk = true;
};
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
fish.enable = true; fish.enable = true;
}; };
@ -148,14 +87,9 @@
isNormalUser = true; isNormalUser = true;
description = "Artemis Tosini"; description = "Artemis Tosini";
uid = 1000; uid = 1000;
extraGroups = [ "networkmanager" "wheel" "adbusers" "wireshark" "video" "docker" "lxd" "plugdev" "dialout" ]; extraGroups = [ "wheel" "docker" "lxd" ];
# hashedPassword set in private # hashedPassword set in private
}; };
extraGroups.plugdev = {};
users.root = {
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
};
mutableUsers = false; mutableUsers = false;
}; };
systemd.extraConfig = "DefaultLimitCORE=infinity"; systemd.extraConfig = "DefaultLimitCORE=infinity";

42
packages.nix
View file

@ -3,16 +3,6 @@
let let
llvm = pkgs.llvmPackages_10; llvm = pkgs.llvmPackages_10;
go = pkgs.go_1_15; go = pkgs.go_1_15;
wofi = pkgs.wofi.overrideAttrs ( old: {
src = pkgs.fetchhg {
url = old.src.url;
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
};
} );
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
})) else pkgs.openocd;
in in
{ {
environment.systemPackages = (with pkgs; [ environment.systemPackages = (with pkgs; [
@ -54,7 +44,6 @@ in
gparted gparted
hdparm hdparm
iptables iptables
krb5
lm_sensors lm_sensors
manpages manpages
nethogs nethogs
@ -77,22 +66,6 @@ in
ntfs3g ntfs3g
udftools udftools
# Wayland tools
dex
glib
grim
imagemagick
libnotify
mako
polkit_gnome
slurp
wf-recorder
wl-clipboard
wofi
xdg-user-dirs
xdg_utils
xsettingsd
# Useful CLI tools # Useful CLI tools
age age
appimage-run appimage-run
@ -172,12 +145,6 @@ in
valgrind valgrind
yarn yarn
# Embedded
kicad-unstable
openocd
stlink
(callPackage ./externals/packages/jlink { })
# Radio # Radio
gr-limesdr gr-limesdr
limesuite limesuite
@ -186,15 +153,6 @@ in
gqrx gqrx
# Hacking tools # Hacking tools
aircrack-ng
fusee-launcher
ghidra-bin
insomnia
ncat
pcsctools
pwndbg
python37Packages.binwalk-full
python37Packages.shodan
# Security # Security
(pass.withExtensions (exts: [ exts.pass-otp ])) (pass.withExtensions (exts: [ exts.pass-otp ]))

3
sets/fpga.nix
View file

@ -1,6 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.udev.packages = [
(pkgs.callPackage ../externals/rules/fpga.nix { })
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Synthesis # Synthesis
icestorm icestorm

22
sets/hacking.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
programs = {
adb.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
};
environment.systemPackages = with pkgs; [
aircrack-ng
fusee-launcher
ncat
pcsctools
pwndbg
python37Packages.binwalk-full
python37Packages.shodan
];
users.users.artemis.extraGroups = [ "adbusers" "wireshark" ];
}

26
sets/hardware.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
let
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
})) else pkgs.openocd;
in
{
services.udev.packages = [
(pkgs.callPackage ../externals/rules/adafruit.nix { })
(pkgs.callPackage ../externals/rules/limesuite.nix { })
openocd
];
environment.systemPackages = with pkgs; [
kicad-unstable
openocd
stlink
(callPackage ../externals/packages/jlink { })
];
users = {
users.artemis.extraGroups = [ "plugdev" "dialout" ];
extraGroups.plugdev = {};
};
}

4
sets/laptop.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
./networkmanager.nix
];
services = { services = {
tlp.enable = true; tlp.enable = true;
upower.enable = true; upower.enable = true;

9
sets/networkmanager.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
networking.networkmanager = {
enable = true;
ethernet.macAddress = "random";
wifi.macAddress = "random";
};
users.users.artemis.extraGroups = [ "networkmanager" ];
}

0
services/ssh.nix → sets/ssh.nix
View file

52
sets/sway.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, pkgs, ... }:
let
wofi = pkgs.wofi.overrideAttrs ( old: {
src = pkgs.fetchhg {
url = old.src.url;
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
};
} );
in
{
security.polkit.enable = true;
services = {
accounts-daemon.enable = true;
logind.extraConfig = "HandlePowerKey=suspend";
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
];
};
sound.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export MOZ_USE_XINPUT2=1
export _JAVA_AWT_WM_NONREPARENTING=1
export GTK_THEME=Adwaita-dark
'';
};
environment.systemPackages = with pkgs; [
dex
glib
grim
imagemagick
libnotify
mako
polkit_gnome
slurp
wf-recorder
wl-clipboard
wofi
xdg-user-dirs
xdg_utils
xsettingsd
];
}

19
sets/virtualization.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
virtualisation = {
docker.enable = true;
lxd = {
enable = true;
recommendedSysctlSettings = true;
};
};
users.users = {
artemis.extraGroups = [ "docker" "lxd" ];
root = {
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
};
};
}

5
system/rainbowdash/default.nix
View file

@ -5,9 +5,12 @@
./boot-config.nix ./boot-config.nix
./secure-boot.nix ./secure-boot.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../sets/gpu/intel.nix
../../sets/cpu/intel.nix ../../sets/cpu/intel.nix
../../sets/gpu/intel.nix
../../sets/hacking.nix
../../sets/laptop.nix ../../sets/laptop.nix
../../sets/neovim
../../sets/sway.nix
]; ];
networking.hostName = "rainbowdash"; networking.hostName = "rainbowdash";

7
system/spike/default.nix
View file

@ -4,10 +4,13 @@
imports = [ imports = [
./boot-config.nix ./boot-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../services/ssh.nix
../../sets/gpu/intel.nix
../../sets/cpu/intel.nix ../../sets/cpu/intel.nix
../../sets/gpu/intel.nix
../../sets/hacking.nix
../../sets/laptop.nix ../../sets/laptop.nix
../../sets/neovim
../../sets/ssh.nix
../../sets/sway.nix
]; ];
networking.hostName = "spike"; networking.hostName = "spike";

21
system/starlight/default.nix
View file

@ -5,11 +5,16 @@
./boot-config.nix ./boot-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./nginx.nix ./nginx.nix
../../services/ssh.nix ../../private/starlight.nix
../../sets/cpu/amd.nix
../../sets/fpga.nix ../../sets/fpga.nix
../../sets/gpu/amd.nix ../../sets/gpu/amd.nix
../../sets/cpu/amd.nix ../../sets/hacking.nix
../../private/starlight.nix ../../sets/hardware.nix
../../sets/neovim
../../sets/ssh.nix
../../sets/sway.nix
../../sets/virtualization.nix
]; ];
networking.hostName = "starlight"; networking.hostName = "starlight";
@ -19,7 +24,6 @@
KERNEL=="eth*", ATTR{address}=="00:0f:53:16:15:9d", NAME="lan10g1" KERNEL=="eth*", ATTR{address}=="00:0f:53:16:15:9d", NAME="lan10g1"
''; '';
networking.networkmanager.enable = false;
networking.bridges.br0 = { networking.bridges.br0 = {
rstp = true; rstp = true;
interfaces = [ "lan10g0" "lan10g1" "enp4s0" ]; interfaces = [ "lan10g0" "lan10g1" "enp4s0" ];
@ -33,12 +37,9 @@
}; };
networking.dhcpcd.allowInterfaces = [ "br0" ]; networking.dhcpcd.allowInterfaces = [ "br0" ];
hardware.cpu.amd.updateMicrocode = true; services.tor = {
services = { enable = true;
tor = { client.enable = true;
enable = true;
client.enable = true;
};
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];