nix-config/nixos/default.nix
Greg Burd 5ac9d748df
LC_
2023-09-29 15:38:50 -04:00

311 lines
10 KiB
Nix

{ config, desktop, hostname, inputs, lib, modulesPath, outputs, pkgs, stateVersion, username, ... }:
let
# Only enable auto upgrade if current config came from a clean tree
# This avoids accidental auto-upgrades when working locally.
isClean = inputs.self ? rev;
in
{
imports = [
inputs.disko.nixosModules.disko
(modulesPath + "/installer/scan/not-detected.nix")
./${hostname}
./_mixins/sops.nix
./_mixins/optin-persistence.nix
./_mixins/services/firewall.nix
./_mixins/services/kmscon.nix
./_mixins/services/openssh.nix
./_mixins/services/smartmon.nix
./_mixins/users/root
]
++ lib.optional (builtins.pathExists (./. + "/_mixins/users/${username}")) ./_mixins/users/${username}
++ lib.optional (desktop != null) ./_mixins/desktop;
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelModules = [ "vhost_vsock" ];
kernelParams = [
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
console = {
font = "${pkgs.tamzen}/share/consolefonts/TamzenForPowerline10x20.psf";
keyMap = "us";
packages = with pkgs; [ tamzen ];
};
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
extraLocaleSettings = {
LANGUAGE = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
supportedLocales = lib.mkDefault [
"en_US.UTF-8/UTF-8"
];
};
time.timeZone = lib.mkDefault "America/New_York";
services.xserver.layout = "us";
# Increase open file limit for sudoers
security.pam.loginLimits = [
{
domain = "@wheel";
item = "nofile";
type = "soft";
value = "524288";
}
{
domain = "@wheel";
item = "nofile";
type = "hard";
value = "1048576";
}
];
# Only install the docs I use
documentation.enable = true;
documentation.nixos.enable = false;
documentation.man.enable = true;
documentation.info.enable = false;
documentation.doc.enable = false;
environment = {
# Eject nano and perl from the system
defaultPackages = with pkgs; lib.mkForce [
gitMinimal
home-manager
micro
rsync
];
systemPackages = with pkgs; [
agenix
pciutils
psmisc
unzip
usbutils
wget
];
variables = {
EDITOR = "vi";
SYSTEMD_EDITOR = "vi";
VISUAL = "vi";
};
enableAllTerminfo = true;
};
fonts = {
fontDir.enable = true;
fonts = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" "SourceCodePro" "UbuntuMono" ]; })
fira
fira-go
joypixels
liberation_ttf
noto-fonts-emoji
source-serif
ubuntu_font_family
work-sans
];
# Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.
enableDefaultFonts = false;
fontconfig = {
antialias = true;
defaultFonts = {
serif = [ "Source Serif" ];
sansSerif = [ "Work Sans" "Fira Sans" "FiraGO" ];
monospace = [ "FiraCode Nerd Font Mono" "SauceCodePro Nerd Font Mono" ];
emoji = [ "Joypixels" "Noto Color Emoji" ];
};
enable = true;
hinting = {
autohint = false;
enable = true;
style = "hintslight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "light";
};
};
};
# Use passed hostname to configure basic networking
networking = {
extraHosts = ''
192.168.7.1 router eero
'';
hostName = hostname;
domain = "burd.me";
useDHCP = lib.mkDefault true;
};
hardware.enableRedistributableFirmware = true;
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
inputs.agenix.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Accept the joypixels license
joypixels.acceptLicense = true;
};
};
nix = {
gc = {
automatic = true;
options = "--delete-older-than 10d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
optimise.automatic = true;
package = pkgs.unstable.nix;
settings = {
trusted-users = [ "root" "@wheel" ];
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
system-features = [ "kvm" "big-parallel" "nixos-test" ];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
warn-dirty = false;
};
};
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_cursor_default block blink
set fish_cursor_insert line blink
set fish_cursor_replace_one underscore blink
set fish_cursor_visual block
set -U fish_color_autosuggestion brblack
set -U fish_color_cancel -r
set -U fish_color_command green
set -U fish_color_comment brblack
set -U fish_color_cwd brgreen
set -U fish_color_cwd_root brred
set -U fish_color_end brmagenta
set -U fish_color_error red
set -U fish_color_escape brcyan
set -U fish_color_history_current --bold
set -U fish_color_host normal
set -U fish_color_match --background=brblue
set -U fish_color_normal normal
set -U fish_color_operator cyan
set -U fish_color_param blue
set -U fish_color_quote yellow
set -U fish_color_redirection magenta
set -U fish_color_search_match bryellow '--background=brblack'
set -U fish_color_selection white --bold '--background=brblack'
set -U fish_color_status red
set -U fish_color_user brwhite
set -U fish_color_valid_path --underline
set -U fish_pager_color_completion normal
set -U fish_pager_color_description yellow
set -U fish_pager_color_prefix white --bold --underline
set -U fish_pager_color_progress brwhite '--background=cyan'
'';
shellAbbrs = {
nix-gc = "sudo nix-collect-garbage --delete-older-than 10d && nix-collect-garbage --delete-older-than 10d";
rebuild-all = "sudo nixos-rebuild switch --flake $HOME/ws/nix-config && home-manager switch -b backup --flake $HOME/ws/nix-config";
rebuild-home = "home-manager switch -b backup --flake $HOME/ws/nix-config";
rebuild-host = "sudo nixos-rebuild switch --flake $HOME/ws/nix-config";
rebuild-lock = "pushd $HOME/ws/nix-config && nix flake update && popd";
rebuild-iso-console = "sudo true && pushd $HOME/ws/nix-config && nix build .#nixosConfigurations.iso-console.config.system.build.isoImage && set ISO (head -n1 result/nix-support/hydra-build-products | cut -d'/' -f6) && sudo cp result/iso/$ISO ~/Quickemu/nixos-console/nixos.iso && popd";
rebuild-iso-desktop = "sudo true && pushd $HOME/ws/nix-config && nix build .#nixosConfigurations.iso-desktop.config.system.build.isoImage && set ISO (head -n1 result/nix-support/hydra-build-products | cut -d'/' -f6) && sudo cp result/iso/$ISO ~/Quickemu/nixos-desktop/nixos.iso && popd";
rebuild-iso-gpd-edp = "sudo true && pushd $HOME/ws/nix-config && nix build .#nixosConfigurations.iso-gpd-edp.config.system.build.isoImage && set ISO (head -n1 result/nix-support/hydra-build-products | cut -d'/' -f6) && sudo cp result/iso/$ISO ~/Quickemu/nixos-gpd-edp.iso && popd";
rebuild-iso-gpd-dsi = "sudo true && pushd $HOME/ws/nix-config && nix build .#nixosConfigurations.iso-gpd-dsi.config.system.build.isoImage && set ISO (head -n1 result/nix-support/hydra-build-products | cut -d'/' -f6) && sudo cp result/iso/$ISO ~/Quickemu/nixos-gpd-dsi.iso && popd";
};
shellAliases = {
nano = "micro";
};
};
};
services.fwupd.enable = true;
systemd.tmpfiles.rules = [
"d /nix/var/nix/profiles/per-user/${username} 0755 ${username} root"
"d /mnt/snapshot/${username} 0755 ${username} users"
];
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
system.autoUpgrade = {
enable = isClean;
dates = "hourly";
flags = [
"--refresh"
];
flake = "git://github.com/gburd/nix-config?ref=release-${hostname}";
};
# Only run if current config (self) is older than the new one.
systemd.services.nixos-upgrade = lib.mkIf config.system.autoUpgrade.enable {
serviceConfig.ExecCondition = lib.getExe (
pkgs.writeShellScriptBin "check-date" ''
lastModified() {
nix flake metadata "$1" --refresh --json | ${lib.getExe pkgs.jq} '.lastModified'
}
test "$(lastModified "${config.system.autoUpgrade.flake}")" -gt "$(lastModified "self")"
''
);
};
system.stateVersion = stateVersion;
}