diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-02 08:03:36 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-02 08:03:36 -0700 |
commit | 7aa912237697c08537688cc4d13d75bff819f7aa (patch) | |
tree | 646be15680ccec130463e5c66da65a5cf0a0f403 | |
parent | profiles/workstation: add font configurations (diff) | |
download | world-7aa912237697c08537688cc4d13d75bff819f7aa.tar.gz |
profiles/default: more consolidation
-rw-r--r-- | modules/system/console/default.nix | 8 | ||||
-rw-r--r-- | modules/system/default.nix | 4 | ||||
-rw-r--r-- | modules/system/documentation/default.nix | 14 | ||||
-rw-r--r-- | modules/system/nix/default.nix | 38 | ||||
-rw-r--r-- | modules/system/security/default.nix | 8 | ||||
-rw-r--r-- | modules/system/security/ssh.nix | 17 | ||||
-rw-r--r-- | profiles/default.nix | 53 | ||||
-rw-r--r-- | profiles/documentation.nix | 15 | ||||
-rw-r--r-- | profiles/server.nix | 7 | ||||
-rw-r--r-- | profiles/workstation.nix | 1 |
10 files changed, 76 insertions, 89 deletions
diff --git a/modules/system/console/default.nix b/modules/system/console/default.nix deleted file mode 100644 index 5bb169b..0000000 --- a/modules/system/console/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: { - console = { - earlySetup = true; - font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz"; - packages = with pkgs; [ terminus_font ]; - keyMap = "us"; - }; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index 46cefbd..b2f6a19 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -4,11 +4,7 @@ imports = [ ./boot ./btrfs - ./console - ./documentation - ./nix ./packages - ./security ./users ]; } diff --git a/modules/system/documentation/default.nix b/modules/system/documentation/default.nix deleted file mode 100644 index 67f84ff..0000000 --- a/modules/system/documentation/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: { - documentation = { - enable = true; - dev.enable = true; - info.enable = true; - man = { - enable = true; - generateCaches = true; - }; - nixos.enable = true; - }; - - environment.systemPackages = with pkgs; [ man-pages man-pages-posix ]; -} diff --git a/modules/system/nix/default.nix b/modules/system/nix/default.nix deleted file mode 100644 index 67029ad..0000000 --- a/modules/system/nix/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Nix related settings -{ lib, pkgs, ... }: { - nix = { - package = pkgs.nixFlakes; - settings = { - trusted-users = [ "root" "@wheel" ]; - auto-optimise-store = true; - substituters = [ - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - experimental-features = [ "nix-command" "flakes" ]; - # Whether to warn about dirty Git/Mercurial trees - this is not - # useful information to me. - warn-dirty = false; - # The timeout (in seconds) for establishing connections in the binary - # cache substituter. It corresponds to curl’s –connect-timeout option. - # The default is equivalent to 300 seconds, way too long. - connect-timeout = 5; - # The number of lines of the tail of the log to show if a build fails. - # The default is 10 and it's usually too short. - log-lines = 25; - # If set to true, Nix will fall back to building from source if - # a binary substitute fails. This is equivalent to the –fallback - # flag. The default is false. - fallback = true; - }; - - gc = { - automatic = true; - options = "--delete-older-than 14d"; - }; - }; -} diff --git a/modules/system/security/default.nix b/modules/system/security/default.nix deleted file mode 100644 index debcd9e..0000000 --- a/modules/system/security/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ ./ssh.nix ]; - - security.sudo.wheelNeedsPassword = false; - security.polkit.enable = true; -} diff --git a/modules/system/security/ssh.nix b/modules/system/security/ssh.nix deleted file mode 100644 index 14cbf5d..0000000 --- a/modules/system/security/ssh.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - programs.ssh = { - # $ ssh-keyscan example.com - knownHosts = { - github = { - hostNames = [ "github.com" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; - rsync = { - hostNames = [ "de2664.rsync.net" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo"; - }; - }; - }; -} diff --git a/profiles/default.nix b/profiles/default.nix index f415edf..7421144 100644 --- a/profiles/default.nix +++ b/profiles/default.nix @@ -4,4 +4,57 @@ i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/Los_Angeles"; + + security.sudo.wheelNeedsPassword = false; + security.polkit.enable = true; + + programs.ssh = { + # $ ssh-keyscan example.com + knownHosts = { + github = { + hostNames = [ "github.com" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + rsync = { + hostNames = [ "de2664.rsync.net" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo"; + }; + }; + }; + + nix = { + package = pkgs.nixFlakes; + settings = { + trusted-users = [ "root" "@wheel" ]; + auto-optimise-store = true; + substituters = [ + "https://cachix.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + experimental-features = [ "nix-command" "flakes" ]; + # Whether to warn about dirty Git/Mercurial trees - this is not + # useful information to me. + warn-dirty = false; + # The timeout (in seconds) for establishing connections in the binary + # cache substituter. It corresponds to curl’s –connect-timeout option. + # The default is equivalent to 300 seconds, way too long. + connect-timeout = 5; + # The number of lines of the tail of the log to show if a build fails. + # The default is 10 and it's usually too short. + log-lines = 25; + # If set to true, Nix will fall back to building from source if + # a binary substitute fails. This is equivalent to the –fallback + # flag. The default is false. + fallback = true; + }; + + gc = { + automatic = true; + options = "--delete-older-than 14d"; + }; + }; } diff --git a/profiles/documentation.nix b/profiles/documentation.nix new file mode 100644 index 0000000..71ba06b --- /dev/null +++ b/profiles/documentation.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +{ + documentation = { + enable = true; + dev.enable = true; + info.enable = true; + man.enable = true; + nixos.enable = true; + }; + + environment.systemPackages = with pkgs; [ + man-pages + man-pages-posix + ]; +} diff --git a/profiles/server.nix b/profiles/server.nix index 5b96d56..27498d6 100644 --- a/profiles/server.nix +++ b/profiles/server.nix @@ -3,4 +3,11 @@ imports = [ ./default.nix ]; + + console = { + earlySetup = true; + font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz"; + packages = with pkgs; [ terminus_font ]; + keyMap = "us"; + }; } diff --git a/profiles/workstation.nix b/profiles/workstation.nix index 2c7ee02..151357c 100644 --- a/profiles/workstation.nix +++ b/profiles/workstation.nix @@ -2,6 +2,7 @@ { imports = [ ./default.nix + ./documentation.nix ]; virtualisation.docker.enable = false; |