play around with cherry

2023-12-17 19:17:59 +01:00 · 2023-12-17 19:17:59 +01:00 · 45a4de7b78
parent 5112093b26
commit 45a4de7b78
7 changed files with 96 additions and 106 deletions
--- a/nixos/components/default.nix
+++ b/nixos/components/default.nix
@ -4,7 +4,8 @@
    ./mainUser.nix
    ./media
    ./network
-    ./terminal
    ./nixos
+    ./terminal
+    ./yubikey.nix
  ];
 }
--- a/nixos/components/gui/browser.nix
+++ b/nixos/components/gui/browser.nix
@ -5,6 +5,19 @@ let
 in
 {
  config = lib.mkIf config.components.gui.enable {
+
+    # overwrite use zram on small RAM systems
+    fileSystems."/share" = lib.mkDefault {
+      device = "tmpfs";
+      fsType = "tmpfs";
+    };
+
+    # overwrite use zram on small RAM systems
+    fileSystems."${homeFolder}" = lib.mkDefault {
+      device = "tmpfs";
+      fsType = "tmpfs";
+    };
+
    programs.custom.browser = {
      enable = lib.mkDefault true;
      configList = {
--- a/nixos/components/yubikey.nix
+++ b/nixos/components/yubikey.nix
@ -0,0 +1,66 @@
+# References:
+# * https://github.com/drduh/YubiKey-Guide
+# * https://nixos.wiki/wiki/Yubikey
+{ config, pkgs, lib, ... }:
+with lib;
+{
+
+  options.components.yubikey.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = true;
+  };
+
+  # todo move this tho home manager
+  config = mkIf config.components.yubikey.enable {
+
+    services.pcscd.enable = true;
+    services.udev.packages = [
+
+      pkgs.yubikey-personalization
+
+      # additional services, but I just want gpg
+      # pkgs.libu2f-host
+
+    ];
+
+    environment.systemPackages = [
+
+      # for `gpg --export $keyid | hokey lint` to check keys
+      #pkgs.haskellPackages.hopenpgp-tools
+
+      # for otp keys (but I use pass otp)
+      # pkgs.yubioath-desktop
+
+      (pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
+        echo "reset gpg to make new key available"
+        set -x
+        set -e
+        ${pkgs.psmisc}/bin/killall gpg-agent
+        rm -r ~/.gnupg/private-keys-v1.d/
+        ${pkgs.gnupg}/bin/gpg --card-status
+        echo "now the new key should work"
+      '')
+
+    ];
+
+    ## managed by home-manager now
+    #environment.shellInit = ''
+    #  export GPG_TTY="$(tty)"
+    #  gpg-connect-agent /bye
+    #  export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    #'';
+    #programs = {
+    #  ssh.startAgent = false;
+    #  gnupg.agent = {
+    #    enable = true;
+    #    enableSSHSupport = true;
+    #  };
+    #};
+
+    ## managed by home-manager now
+    #security.pam.u2f.enable = true;
+    #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
+    #sops.secrets.yubikey_u2fAuthFile = { };
+
+  };
+}
--- a/nixos/machines/cherry/configuration.nix
+++ b/nixos/machines/cherry/configuration.nix
@ -3,9 +3,13 @@

  imports = [

-    ../../components
-    ../../system/desktop
+    # last system packages that need to be migrated to components
+    ../../system/all/borg-jobs.nix
+    ../../system/all/syncthing.nix
    ../../system/server/netdata.nix
+    ../../modules
+
+    ../../components

    ./disko-config.nix
    ./hardware-configuration.nix
@ -20,9 +24,6 @@

  ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)

  sops.secrets.pushover_user_key = { };
  sops.secrets.pushover_api_key = { };
@ -109,17 +110,8 @@
    };
  };

-  programs.custom.steam.enable = true;
  services.printing.enable = true;

-  # fonts
-  # -----
-  programs.custom.urxvt.fontSize = 16;
-  programs.custom.urxvt.fontType = "vector";
-  programs.custom.xterm.fontSize = 16;
-  # todo : add xterm fontType
-  # programs.custom.xterm.fontType = "vector";
-
  virtualisation = {
    docker.enable = true;
    podman.enable = true;
@ -130,19 +122,6 @@
    };
  };

-  #services.xserver.desktopManager.gnome.enable = true;
-  #services.xserver.displayManager.lightdm.enable = false;
-  #services.xserver.displayManager.sddm.enable = true;
-
-  custom.samba-share = {
-    enable = false;
-    folders = {
-      share = "/home/share";
-      video = "/home/video-material";
-    };
-  };
-
-
  # for congress and streaming
  hardware.opengl = {
    enable = true;
--- a/nixos/machines/cherry/disko-config.nix
+++ b/nixos/machines/cherry/disko-config.nix
@ -3,17 +3,24 @@
 { config, lib, ... }:
 {

+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
+
+  # ZFS stuff
+  # ---------
  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "59e38471";
  services.zfs.autoSnapshot.enable = true;
-
  # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
  # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
  services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
  '';

+  # disko configuration
+  # -------------------
  disko.devices = {
    disk = {
      root = {
--- a/nixos/system/desktop/default.nix
+++ b/nixos/system/desktop/default.nix
@ -4,7 +4,7 @@

    ../all
    #./packages.nix
-    ./yubikey.nix
+    #./yubikey.nix
  ];

  #components.network.sshd.onlyTincAccess = lib.mkDefault true;
@ -34,27 +34,6 @@

  services.urxvtd.enable = true;

-  #system.custom.bluetooth.enable = true;
-
-  # temperature / power consumption
-  # https://linrunner.de/en/tlp/docs/tlp-linux-advanced-power-management.html
-  # todo fix this
-  #services.tlp.enable = false;
-  #services.thermald.enable = false;
-  # fucks up usb mouse
-  #powerManagement.powertop.enable = true;
-
-  # overwrite use zram on small RAM systems
-  fileSystems."/share" = lib.mkDefault {
-    device = "tmpfs";
-    fsType = "tmpfs";
-  };
-
-  # overwrite use zram on small RAM systems
-  fileSystems."/browsers" = lib.mkDefault {
-    device = "tmpfs";
-    fsType = "tmpfs";
-  };

 }

--- a/nixos/system/desktop/yubikey.nix
+++ b/nixos/system/desktop/yubikey.nix
@ -1,55 +0,0 @@
-# References:
-# * https://github.com/drduh/YubiKey-Guide
-# * https://nixos.wiki/wiki/Yubikey
-{ config, pkgs, ... }: {
-
-  services.pcscd.enable = true;
-  services.udev.packages = [
-
-    pkgs.yubikey-personalization
-
-    # additional services, but I just want gpg
-    # pkgs.libu2f-host
-
-  ];
-
-  environment.systemPackages = [
-
-    # for `gpg --export $keyid | hokey lint` to check keys
-    #pkgs.haskellPackages.hopenpgp-tools
-
-    # for otp keys (but I use pass otp)
-    # pkgs.yubioath-desktop
-
-    (pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
-      echo "reset gpg to make new key available"
-      set -x
-      set -e
-      ${pkgs.psmisc}/bin/killall gpg-agent
-      rm -r ~/.gnupg/private-keys-v1.d/
-      ${pkgs.gnupg}/bin/gpg --card-status
-      echo "now the new key should work"
-    '')
-
-  ];
-
-  ## managed by home-manager now
-  #environment.shellInit = ''
-  #  export GPG_TTY="$(tty)"
-  #  gpg-connect-agent /bye
-  #  export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-  #'';
-  #programs = {
-  #  ssh.startAgent = false;
-  #  gnupg.agent = {
-  #    enable = true;
-  #    enableSSHSupport = true;
-  #  };
-  #};
-
-  ## managed by home-manager now
-  #security.pam.u2f.enable = true;
-  #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
-  #sops.secrets.yubikey_u2fAuthFile = { };
-
-}