palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

play around with cherry

Browse source
This commit is contained in:
Ingolf Wagner 2023-12-17 19:17:59 +01:00
parent 5112093b26
commit 45a4de7b78
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
7 changed files with 96 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/components/default.nix
View file

@ -4,7 +4,8 @@
./mainUser.nix ./mainUser.nix
./media ./media
./network ./network
./terminal
./nixos ./nixos
./terminal
./yubikey.nix
]; ];
} }

13
nixos/components/gui/browser.nix
View file

@ -5,6 +5,19 @@ let
in in
{ {
config = lib.mkIf config.components.gui.enable { config = lib.mkIf config.components.gui.enable {
# overwrite use zram on small RAM systems
fileSystems."/share" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
# overwrite use zram on small RAM systems
fileSystems."${homeFolder}" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
programs.custom.browser = { programs.custom.browser = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
configList = { configList = {

66
nixos/components/yubikey.nix Normal file
View file

@ -0,0 +1,66 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, lib, ... }:
with lib;
{
options.components.yubikey.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
# todo move this tho home manager
config = mkIf config.components.yubikey.enable {
services.pcscd.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
# additional services, but I just want gpg
# pkgs.libu2f-host
];
environment.systemPackages = [
# for `gpg --export $keyid | hokey lint` to check keys
#pkgs.haskellPackages.hopenpgp-tools
# for otp keys (but I use pass otp)
# pkgs.yubioath-desktop
(pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
echo "reset gpg to make new key available"
set -x
set -e
${pkgs.psmisc}/bin/killall gpg-agent
rm -r ~/.gnupg/private-keys-v1.d/
${pkgs.gnupg}/bin/gpg --card-status
echo "now the new key should work"
'')
];
## managed by home-manager now
#environment.shellInit = ''
# export GPG_TTY="$(tty)"
# gpg-connect-agent /bye
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
#'';
#programs = {
# ssh.startAgent = false;
# gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
#};
## managed by home-manager now
#security.pam.u2f.enable = true;
#security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
#sops.secrets.yubikey_u2fAuthFile = { };
};
}

33
nixos/machines/cherry/configuration.nix
View file

@ -3,9 +3,13 @@
imports = [ imports = [
../../components # last system packages that need to be migrated to components
../../system/desktop ../../system/all/borg-jobs.nix
../../system/all/syncthing.nix
../../system/server/netdata.nix ../../system/server/netdata.nix
../../modules
../../components
./disko-config.nix ./disko-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -20,9 +24,6 @@
]; ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
sops.secrets.pushover_user_key = { }; sops.secrets.pushover_user_key = { };
sops.secrets.pushover_api_key = { }; sops.secrets.pushover_api_key = { };
@ -109,17 +110,8 @@
}; };
}; };
programs.custom.steam.enable = true;
services.printing.enable = true; services.printing.enable = true;
# fonts
# -----
programs.custom.urxvt.fontSize = 16;
programs.custom.urxvt.fontType = "vector";
programs.custom.xterm.fontSize = 16;
# todo : add xterm fontType
# programs.custom.xterm.fontType = "vector";
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
podman.enable = true; podman.enable = true;
@ -130,19 +122,6 @@
}; };
}; };
#services.xserver.desktopManager.gnome.enable = true;
#services.xserver.displayManager.lightdm.enable = false;
#services.xserver.displayManager.sddm.enable = true;
custom.samba-share = {
enable = false;
folders = {
share = "/home/share";
video = "/home/video-material";
};
};
# for congress and streaming # for congress and streaming
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;

9
nixos/machines/cherry/disko-config.nix
View file

@ -3,17 +3,24 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
# ZFS stuff
# ---------
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4 # head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "59e38471"; networking.hostId = "59e38471";
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
# ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something. # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
# copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) '' services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none" ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
''; '';
# disko configuration
# -------------------
disko.devices = { disko.devices = {
disk = { disk = {
root = { root = {

23
nixos/system/desktop/default.nix
View file

@ -4,7 +4,7 @@
../all ../all
#./packages.nix #./packages.nix
./yubikey.nix #./yubikey.nix
]; ];
#components.network.sshd.onlyTincAccess = lib.mkDefault true; #components.network.sshd.onlyTincAccess = lib.mkDefault true;
@ -34,27 +34,6 @@
services.urxvtd.enable = true; services.urxvtd.enable = true;
#system.custom.bluetooth.enable = true;
# temperature / power consumption
# https://linrunner.de/en/tlp/docs/tlp-linux-advanced-power-management.html
# todo fix this
#services.tlp.enable = false;
#services.thermald.enable = false;
# fucks up usb mouse
#powerManagement.powertop.enable = true;
# overwrite use zram on small RAM systems
fileSystems."/share" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
# overwrite use zram on small RAM systems
fileSystems."/browsers" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
} }

55
nixos/system/desktop/yubikey.nix
View file

@ -1,55 +0,0 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, ... }: {
services.pcscd.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
# additional services, but I just want gpg
# pkgs.libu2f-host
];
environment.systemPackages = [
# for `gpg --export $keyid | hokey lint` to check keys
#pkgs.haskellPackages.hopenpgp-tools
# for otp keys (but I use pass otp)
# pkgs.yubioath-desktop
(pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
echo "reset gpg to make new key available"
set -x
set -e
${pkgs.psmisc}/bin/killall gpg-agent
rm -r ~/.gnupg/private-keys-v1.d/
${pkgs.gnupg}/bin/gpg --card-status
echo "now the new key should work"
'')
];
## managed by home-manager now
#environment.shellInit = ''
# export GPG_TTY="$(tty)"
# gpg-connect-agent /bye
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
#'';
#programs = {
# ssh.startAgent = false;
# gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
#};
## managed by home-manager now
#security.pam.u2f.enable = true;
#security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
#sops.secrets.yubikey_u2fAuthFile = { };
}