diff options
Diffstat (limited to 'modules/system')
-rw-r--r-- | modules/system/boot/default.nix | 44 | ||||
-rw-r--r-- | modules/system/btrfs/default.nix | 5 | ||||
-rw-r--r-- | modules/system/console/default.nix | 6 | ||||
-rw-r--r-- | modules/system/default.nix | 16 | ||||
-rw-r--r-- | modules/system/documentation/default.nix | 14 | ||||
-rw-r--r-- | modules/system/fonts/default.nix | 29 | ||||
-rw-r--r-- | modules/system/locale/default.nix | 7 | ||||
-rw-r--r-- | modules/system/nix/default.nix | 16 | ||||
-rw-r--r-- | modules/system/packages/default.nix | 51 | ||||
-rw-r--r-- | modules/system/security/default.nix | 6 | ||||
-rw-r--r-- | modules/system/users/default.nix | 39 |
11 files changed, 233 insertions, 0 deletions
diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix new file mode 100644 index 0000000..b037f63 --- /dev/null +++ b/modules/system/boot/default.nix @@ -0,0 +1,44 @@ +{ pkgs, config, lib, ... }: +let cfg = config.my.system.boot; +in { + options.my.system.boot = with lib; { + tmp = { clean = mkEnableOption "clean `/tmp` on boot."; }; + initrd = { + network = { enable = mkEnableOption "enable SSH with initrd"; }; + }; + }; + + config = { + boot = { + loader = { + # Use the systemd-boot EFI boot loader. + systemd-boot.enable = true; + # Prohibits gaining root access by passing init=/bin/sh as a kernel parameter + systemd-boot.editor = false; + efi.canTouchEfiVariables = true; + }; + + kernelPackages = pkgs.linuxPackages_latest; + cleanTmpDir = cfg.tmp.clean; + tmpOnTmpfs = true; + + initrd = { + luks.devices."system".allowDiscards = true; + network = lib.mkIf cfg.initrd.network.enable { + enable = true; + postCommands = '' + echo "cryptsetup-askpass; exit" > /root/.profile + ''; + ssh = { + enable = true; + port = 2222; + hostKeys = + [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ]; + authorizedKeys = + config.users.users.fcuny.openssh.authorizedKeys.keys; + }; + }; + }; + }; + }; +} diff --git a/modules/system/btrfs/default.nix b/modules/system/btrfs/default.nix new file mode 100644 index 0000000..d569c78 --- /dev/null +++ b/modules/system/btrfs/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.btrfs.autoScrub.enable = true; +} diff --git a/modules/system/console/default.nix b/modules/system/console/default.nix new file mode 100644 index 0000000..c9c24b0 --- /dev/null +++ b/modules/system/console/default.nix @@ -0,0 +1,6 @@ +{ ... }: { + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; +} diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..bf3e367 --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + imports = [ + ./boot + ./btrfs + ./console + ./documentation + ./fonts + ./locale + ./nix + ./packages + ./security + ./users + ]; +} diff --git a/modules/system/documentation/default.nix b/modules/system/documentation/default.nix new file mode 100644 index 0000000..67f84ff --- /dev/null +++ b/modules/system/documentation/default.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: { + documentation = { + enable = true; + dev.enable = true; + info.enable = true; + man = { + enable = true; + generateCaches = true; + }; + nixos.enable = true; + }; + + environment.systemPackages = with pkgs; [ man-pages man-pages-posix ]; +} diff --git a/modules/system/fonts/default.nix b/modules/system/fonts/default.nix new file mode 100644 index 0000000..df01140 --- /dev/null +++ b/modules/system/fonts/default.nix @@ -0,0 +1,29 @@ +{ pkgs, config, lib, ... }: +let cfg = config.my.systems.fonts; +in { + options.my.systems.fonts = with lib; { + enable = mkEnableOption "fonts configuration"; + }; + + config = lib.mkIf cfg.enable { + fonts = { + enableDefaultFonts = true; + fontDir.enable = true; + fontconfig.enable = true; + fonts = with pkgs; [ + dejavu_fonts + font-awesome_5 + noto-fonts + noto-fonts-cjk # Chinese, Japanese, Korean + noto-fonts-emoji + noto-fonts-emoji + noto-fonts-extra + source-code-pro + source-sans-pro + source-serif-pro + ]; + + fontconfig.defaultFonts = { monospace = [ "Source Code Pro" ]; }; + }; + }; +} diff --git a/modules/system/locale/default.nix b/modules/system/locale/default.nix new file mode 100644 index 0000000..2026764 --- /dev/null +++ b/modules/system/locale/default.nix @@ -0,0 +1,7 @@ +# Language settings +{ ... }: { + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + time.timeZone = "America/Los_Angeles"; +} diff --git a/modules/system/nix/default.nix b/modules/system/nix/default.nix new file mode 100644 index 0000000..2ad20c3 --- /dev/null +++ b/modules/system/nix/default.nix @@ -0,0 +1,16 @@ +# Nix related settings +{ lib, pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + autoOptimiseStore = true; + trustedUsers = [ "root" "@wheel" ]; + + gc = { + automatic = true; + options = "--delete-older-than 14d"; + }; + }; +} diff --git a/modules/system/packages/default.nix b/modules/system/packages/default.nix new file mode 100644 index 0000000..3747f6e --- /dev/null +++ b/modules/system/packages/default.nix @@ -0,0 +1,51 @@ +# Common packages +{ config, lib, pkgs, ... }: +with lib; +let linuxpkgs = config.boot.kernelPackages; +in { + + # It's always useful to have bash around + environment.shells = with pkgs; [ bashInteractive ]; + + environment.systemPackages = with pkgs; [ + binutils + cacert + curl + dmidecode + ethtool + flameGraph + git + htop + hwdata + iftop + iptraf-ng + linuxPackages.cpupower + linuxpkgs.perf + lm_sensors + lsb-release + lsof + man-pages + mg + mtr + numactl + openssl + openssl + parted + pciutils + perf-tools + powertop + rsync + sqlite + strace + tcpdump + tmux + traceroute + unzip + usbutils + vim + wget + wireguard + ]; + + programs.bcc.enable = true; +} diff --git a/modules/system/security/default.nix b/modules/system/security/default.nix new file mode 100644 index 0000000..1181e6a --- /dev/null +++ b/modules/system/security/default.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + security.sudo.wheelNeedsPassword = false; + security.polkit.enable = true; +} diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix new file mode 100644 index 0000000..3086f18 --- /dev/null +++ b/modules/system/users/default.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +let + groupExists = grp: builtins.hasAttr grp config.users.groups; + groupsIfExist = builtins.filter groupExists; +in { + # Users are managed through this configuration. If a user is added + # manually, it will be removed on system activation. + users.mutableUsers = false; + + users.groups.fcuny = { gid = 1000; }; + users.users.fcuny = { + isNormalUser = true; + uid = 1000; + group = "fcuny"; + home = "/home/fcuny"; + shell = pkgs.zsh; + extraGroups = groupsIfExist [ + "docker" + "users" + "nas" # in order to access to files downloaded by transmission + "wheel" # `sudo` for the user. + "cdrom" # in order to read from the bluray + ]; + hashedPassword = + "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6."; + openssh.authorizedKeys.keys = [ + # aptos + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl" + # work + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9" + ]; + }; + + users.users.root = { + hashedPassword = null; + openssh.authorizedKeys.keys = + config.users.users.fcuny.openssh.authorizedKeys.keys; + }; +} |