From 6ddc25d4e189c30431703f602653b8bae861e4af Mon Sep 17 00:00:00 2001 From: Fuwn Date: Thu, 29 Aug 2024 20:54:34 -0700 Subject: some stuff --- home/ebisu/meta/system/shell/fish/default.nix | 4 +++ modules/boot/default.nix | 45 +++------------------------ modules/boot/grub.nix | 30 ++++++++++++++++++ modules/boot/systemd-boot.nix | 10 ++++++ modules/datetime.nix | 26 ++++++++++++++++ modules/datetime/default.nix | 26 ---------------- modules/default.nix | 12 +++---- modules/networking.nix | 27 ++++++++++++++++ modules/networking/default.nix | 22 ------------- modules/nix.nix | 42 +++++++++++++++++++++++++ modules/nix/default.nix | 37 ---------------------- modules/security.nix | 29 +++++++++++++++++ modules/security/default.nix | 19 ----------- modules/users.nix | 24 ++++++++++++++ modules/users/default.nix | 17 ---------- modules/virtualisation.nix | 11 +++++++ modules/virtualisation/default.nix | 11 ------- 17 files changed, 214 insertions(+), 178 deletions(-) create mode 100644 modules/boot/grub.nix create mode 100644 modules/boot/systemd-boot.nix create mode 100644 modules/datetime.nix delete mode 100644 modules/datetime/default.nix create mode 100644 modules/networking.nix delete mode 100644 modules/networking/default.nix create mode 100644 modules/nix.nix delete mode 100644 modules/nix/default.nix create mode 100644 modules/security.nix delete mode 100644 modules/security/default.nix create mode 100644 modules/users.nix delete mode 100644 modules/users/default.nix create mode 100644 modules/virtualisation.nix delete mode 100644 modules/virtualisation/default.nix diff --git a/home/ebisu/meta/system/shell/fish/default.nix b/home/ebisu/meta/system/shell/fish/default.nix index 94270e7..bcc0def 100644 --- a/home/ebisu/meta/system/shell/fish/default.nix +++ b/home/ebisu/meta/system/shell/fish/default.nix @@ -26,6 +26,10 @@ command nh $argv end end + + function nix-find + find $argv -type f -exec test ! -L {} \; -exec realpath {} \; | grep -v "^/nix/store" + end end set -l config_home (set -q XDG_CONFIG_HOME; and echo $XDG_CONFIG_HOME; or echo $HOME/.config) diff --git a/modules/boot/default.nix b/modules/boot/default.nix index d0f5852..eb128ed 100644 --- a/modules/boot/default.nix +++ b/modules/boot/default.nix @@ -1,8 +1,10 @@ { pkgs, config, ... }: -let - configurationLimit = 10; -in { + imports = [ + ./grub.nix + ./systemd-boot.nix + ]; + boot = { loader = { timeout = 5; @@ -11,43 +13,6 @@ in canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; - - systemd-boot = { - enable = false; - editor = true; - consoleMode = "max"; - memtest86.enable = true; - netbootxyz.enable = true; - configurationLimit = configurationLimit; - }; - - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - useOSProber = true; - configurationLimit = configurationLimit; - memtest86.enable = true; - gfxmodeEfi = "1920x1080"; - gfxmodeBios = "1920x1080"; - splashMode = "normal"; - - extraEntries = '' - menuentry "Arch Linux (linux-clear)" { - linux /vmlinuz-linux-clear - initrd /amd-ucode.img - initrd /booster-linux-clear.img - options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1 - } - ''; - - theme = pkgs.fetchFromGitHub { - owner = "Lxtharia"; - repo = "minegrub-theme"; - rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; - sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; - }; - }; }; kernelPackages = pkgs.linuxPackages_zen; diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix new file mode 100644 index 0000000..b562370 --- /dev/null +++ b/modules/boot/grub.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +{ + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + configurationLimit = 10; + memtest86.enable = true; + gfxmodeEfi = "1920x1080"; + gfxmodeBios = "1920x1080"; + splashMode = "normal"; + + extraEntries = '' + menuentry "Arch Linux (linux-clear)" { + linux /vmlinuz-linux-clear + initrd /amd-ucode.img + initrd /booster-linux-clear.img + options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1 + } + ''; + + theme = pkgs.fetchFromGitHub { + owner = "Lxtharia"; + repo = "minegrub-theme"; + rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; + sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; + }; + }; +} diff --git a/modules/boot/systemd-boot.nix b/modules/boot/systemd-boot.nix new file mode 100644 index 0000000..5b50bad --- /dev/null +++ b/modules/boot/systemd-boot.nix @@ -0,0 +1,10 @@ +{ + boot.loader.systemd-boot = { + enable = false; + editor = true; + consoleMode = "max"; + memtest86.enable = true; + netbootxyz.enable = true; + configurationLimit = 10; + }; +} diff --git a/modules/datetime.nix b/modules/datetime.nix new file mode 100644 index 0000000..2e4fbe0 --- /dev/null +++ b/modules/datetime.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + time.timeZone = "America/Los_Angeles"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + inputMethod = { + enabled = "fcitx5"; + + fcitx5 = { + waylandFrontend = true; + + addons = with pkgs; [ + fcitx5-configtool + fcitx5-gtk + fcitx5-hangul + fcitx5-mozc + fcitx5-rime + rime-data + catppuccin-fcitx5 + ]; + }; + }; + }; +} diff --git a/modules/datetime/default.nix b/modules/datetime/default.nix deleted file mode 100644 index 2e4fbe0..0000000 --- a/modules/datetime/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: -{ - time.timeZone = "America/Los_Angeles"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - - inputMethod = { - enabled = "fcitx5"; - - fcitx5 = { - waylandFrontend = true; - - addons = with pkgs; [ - fcitx5-configtool - fcitx5-gtk - fcitx5-hangul - fcitx5-mozc - fcitx5-rime - rime-data - catppuccin-fcitx5 - ]; - }; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index a2d6ec4..b4d4169 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,16 +1,16 @@ { imports = [ ./boot - ./datetime ./environment ./hardware - ./networking - ./nix ./programs - ./security ./services - ./users - ./virtualisation + ./datetime.nix + ./networking.nix + ./nix.nix + ./security.nix + ./users.nix + ./virtualisation.nix ./xdg-portal.nix ]; diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 0000000..d2d2f0d --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,27 @@ +{ + networking = { + hostName = "kansai"; + networkmanager.enable = false; + + nameservers = [ + "1.1.1.1" + "9.9.9.9" + ]; + + firewall = { + enable = true; + allowedUDPPorts = [ 53 ]; + + allowedTCPPorts = [ + 2222 + 80 + 443 + ]; + }; + + dhcpcd = { + wait = "background"; + extraConfig = "noarp"; + }; + }; +} diff --git a/modules/networking/default.nix b/modules/networking/default.nix deleted file mode 100644 index 30052f2..0000000 --- a/modules/networking/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - networking = { - hostName = "kansai"; - networkmanager.enable = false; - - firewall = { - enable = true; - allowedUDPPorts = [ 53 ]; - - allowedTCPPorts = [ - 2222 - 80 - 443 - ]; - }; - - dhcpcd = { - wait = "background"; - extraConfig = "noarp"; - }; - }; -} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..26d79ef --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,42 @@ +{ + nixpkgs.config.allowUnfree = true; + + nix = { + allowedUsers = [ + "root" + "@wheel" + ]; + + settings = { + auto-optimise-store = true; + http-connections = 50; + warn-dirty = false; + log-lines = 50; + # sandbox = "relaxed"; + + trusted-users = [ + "root" + "@wheel" + ]; + + substituters = [ + "https://nix-community.cachix.org" + "https://hyprland.cachix.org" + "https://ghostty.cachix.org" + ]; + + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + + gc = { + automatic = false; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + + # distributedBuilds = true; + }; +} diff --git a/modules/nix/default.nix b/modules/nix/default.nix deleted file mode 100644 index 365dc77..0000000 --- a/modules/nix/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - nixpkgs.config.allowUnfree = true; - - nix = { - settings = { - auto-optimise-store = true; - http-connections = 50; - warn-dirty = false; - log-lines = 50; - # sandbox = "relaxed"; - - trusted-users = [ - "root" - "@wheel" - ]; - - substituters = [ - "https://nix-community.cachix.org" - "https://hyprland.cachix.org" - "https://ghostty.cachix.org" - ]; - - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - - gc = { - automatic = false; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - - # distributedBuilds = true; - }; -} diff --git a/modules/security.nix b/modules/security.nix new file mode 100644 index 0000000..b377317 --- /dev/null +++ b/modules/security.nix @@ -0,0 +1,29 @@ +{ + security = { + polkit.enable = true; + auditd.enable = true; + + sudo = { + enable = true; + execWheelOnly = true; + }; + + audit = { + enable = true; + rules = [ "-a exit,always -F arch=b64 -S execve" ]; + }; + + doas = { + enable = true; + extraRules = [ + { + keepEnv = true; + # persist = true; + noPass = true; + + users = [ "ebisu" ]; + } + ]; + }; + }; +} diff --git a/modules/security/default.nix b/modules/security/default.nix deleted file mode 100644 index e7db804..0000000 --- a/modules/security/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - security = { - sudo.enable = true; - polkit.enable = true; - - doas = { - enable = true; - extraRules = [ - { - keepEnv = true; - # persist = true; - noPass = true; - - users = [ "ebisu" ]; - } - ]; - }; - }; -} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..84a2ea3 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +let + initialPassword = "123456"; +in +{ + users.users = { + root.initialPassword = initialPassword; + + ebisu = { + isNormalUser = true; + initialPassword = initialPassword; + shell = pkgs.fish; + + extraGroups = [ + "networkmanager" + "wheel" + "input" + "docker" + "kvm" + "libvirtd" + ]; + }; + }; +} diff --git a/modules/users/default.nix b/modules/users/default.nix deleted file mode 100644 index fed20c3..0000000 --- a/modules/users/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - users.users.ebisu = { - isNormalUser = true; - initialPassword = "123456"; - shell = pkgs.fish; - - extraGroups = [ - "networkmanager" - "wheel" - "input" - "docker" - "kvm" - "libvirtd" - ]; - }; -} diff --git a/modules/virtualisation.nix b/modules/virtualisation.nix new file mode 100644 index 0000000..6add74f --- /dev/null +++ b/modules/virtualisation.nix @@ -0,0 +1,11 @@ +{ + virtualisation = { + docker = { + enable = true; + storageDriver = "btrfs"; + enableOnBoot = false; + }; + + libvirtd.enable = true; + }; +} diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix deleted file mode 100644 index 6add74f..0000000 --- a/modules/virtualisation/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - virtualisation = { - docker = { - enable = true; - storageDriver = "btrfs"; - enableOnBoot = false; - }; - - libvirtd.enable = true; - }; -} -- cgit v1.2.3