diff --git a/common/base.nix b/common/base.nix index 5d9486d..f53a7b8 100644 --- a/common/base.nix +++ b/common/base.nix @@ -7,29 +7,37 @@ ... }: { imports = [ + ./components/bootloader.nix + ./components/networking.nix + ./components/packages.nix + ./components/security.nix + ./locales/paris.nix - ./services/sshd.nix ./programs/neovim.nix ./programs/zsh.nix ./programs/git.nix + + ./services/sshd.nix ]; - nixpkgs = { - overlays = [ - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - ]; + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Deduplicate and optimize nix store + auto-optimise-store = true; + }; + + # This will add each flake input as a registry + # To make nix3 commands consistent with your flake + registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs); + + # This will additionally add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = ["/etc/nix/path"]; }; - # This will add each flake input as a registry - # To make nix3 commands consistent with your flake - nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs); - - # This will additionally add your inputs to the system's legacy channels - # Making legacy nix commands consistent as well, awesome! - nix.nixPath = ["/etc/nix/path"]; environment.etc = lib.mapAttrs' (name: value: { @@ -38,112 +46,24 @@ }) config.nix.registry; - nix.settings = { - # Enable flakes and new 'nix' command - experimental-features = "nix-command flakes"; - # Deduplicate and optimize nix store - auto-optimise-store = true; - }; - - # Unfree packages that can be installe even if "allow-unfree.nix" isn't imported - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - # Steam - "steam" - "steam-original" - "steam-run" - - # Nvidia drivers - "nvidia-x11" - "nvidia-settings" + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages ]; - - boot.loader = { - systemd-boot = { - enable = true; - editor = false; - }; - - efi.canTouchEfiVariables = true; }; - # boot.initrd.enable = true; - # boot.initrd.systemd.enable = true; - # boot.plymouth = { - # enable = true; - # font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf"; - # themePackages = [ pkgs.catppuccin-plymouth ]; - # theme = "catppuccin-macchiato"; - # logo = pkgs.fetchurl { - # url = "https://nixos.org/logo/nixos-hires.png"; - # sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; - # }; - # }; - - networking = { - networkmanager = { - enable = true; - wifi = { - powersave = true; - scanRandMacAddress = true; - # XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091 - #backend = "iwd"; - # Generate a random MAC for each WiFi and associate the two permanently. - macAddress = "stable"; - }; - # Randomize MAC for every ethernet connetion - ethernet.macAddress = "random"; - connectionConfig = { - # IPv6 Privacy Extensions - "ipv6.ip6-privacy" = 2; - - # unique DUID per connection - "ipv6.dhcp-duid" = "stable-uuid"; - }; - }; - - firewall = { - enable = true; - trustedInterfaces = ["tailscale0"]; - }; - }; - - # sudo and nix can only be used by the wheel group - nix.settings.allowed-users = ["@wheel"]; - security.sudo.execWheelOnly = true; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; - }; - - environment.systemPackages = with pkgs; [ - wget - dig - nmap - btop - gitFull - smartmontools - lm_sensors - pciutils - gcc - gnumake - sysstat - file - ffmpeg - usbutils - ]; + }; services = { fwupd.enable = true; tailscale.enable = true; }; -# console = { -# earlySetup = true; -# }; - - # boot.blacklistedKernelModules = [ "nvidia_drm" ]; } diff --git a/common/components/bootloader.nix b/common/components/bootloader.nix new file mode 100644 index 0000000..4ea2368 --- /dev/null +++ b/common/components/bootloader.nix @@ -0,0 +1,23 @@ +{ + boot.loader = { + systemd-boot = { + enable = true; + editor = false; + }; + + efi.canTouchEfiVariables = true; + }; + + # boot.initrd.enable = true; + # boot.initrd.systemd.enable = true; + # boot.plymouth = { + # enable = true; + # font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf"; + # themePackages = [ pkgs.catppuccin-plymouth ]; + # theme = "catppuccin-macchiato"; + # logo = pkgs.fetchurl { + # url = "https://nixos.org/logo/nixos-hires.png"; + # sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; + # }; + # }; +} diff --git a/common/de/hyprland.nix b/common/components/de/hyprland.nix similarity index 100% rename from common/de/hyprland.nix rename to common/components/de/hyprland.nix diff --git a/common/de/plasma-packages.nix b/common/components/de/plasma-packages.nix similarity index 100% rename from common/de/plasma-packages.nix rename to common/components/de/plasma-packages.nix diff --git a/common/de/plasma5.nix b/common/components/de/plasma5.nix similarity index 100% rename from common/de/plasma5.nix rename to common/components/de/plasma5.nix diff --git a/common/de/plasma6.nix b/common/components/de/plasma6.nix similarity index 100% rename from common/de/plasma6.nix rename to common/components/de/plasma6.nix diff --git a/common/components/networking.nix b/common/components/networking.nix new file mode 100644 index 0000000..98b676a --- /dev/null +++ b/common/components/networking.nix @@ -0,0 +1,29 @@ +{ + networking = { + networkmanager = { + enable = true; + wifi = { + powersave = true; + scanRandMacAddress = true; + # XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091 + #backend = "iwd"; + # Generate a random MAC for each WiFi and associate the two permanently. + macAddress = "stable"; + }; + # Randomize MAC for every ethernet connetion + ethernet.macAddress = "random"; + connectionConfig = { + # IPv6 Privacy Extensions + "ipv6.ip6-privacy" = 2; + + # unique DUID per connection + "ipv6.dhcp-duid" = "stable-uuid"; + }; + }; + + firewall = { + enable = true; + trustedInterfaces = ["tailscale0"]; + }; + }; +} diff --git a/common/components/packages.nix b/common/components/packages.nix new file mode 100644 index 0000000..2d1816b --- /dev/null +++ b/common/components/packages.nix @@ -0,0 +1,31 @@ +{pkgs, ...}: { + # Unfree packages that can be installes regardless of whether "allow-unfree.nix" is imported + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + # Steam + "steam" + "steam-original" + "steam-run" + + # Nvidia drivers + "nvidia-x11" + "nvidia-settings" + ]; + + environment.systemPackages = with pkgs; [ + wget + dig + nmap + btop + gitFull + smartmontools + lm_sensors + pciutils + gcc + gnumake + sysstat + file + ffmpeg + usbutils + ]; +} \ No newline at end of file diff --git a/common/components/security.nix b/common/components/security.nix new file mode 100644 index 0000000..6f84217 --- /dev/null +++ b/common/components/security.nix @@ -0,0 +1,5 @@ +{ + # sudo and nix can only be used by the wheel group + nix.settings.allowed-users = ["@wheel"]; + security.sudo.execWheelOnly = true; +} \ No newline at end of file diff --git a/common/de/greetd.nix b/common/components/wm/greetd.nix similarity index 100% rename from common/de/greetd.nix rename to common/components/wm/greetd.nix diff --git a/common/de/sddm.nix b/common/components/wm/sddm.nix similarity index 100% rename from common/de/sddm.nix rename to common/components/wm/sddm.nix diff --git a/hosts/new-new-phoenix/configuration.nix b/hosts/new-new-phoenix/configuration.nix index c9d85f2..35d1ac5 100644 --- a/hosts/new-new-phoenix/configuration.nix +++ b/hosts/new-new-phoenix/configuration.nix @@ -22,7 +22,7 @@ in { ../../common/hardware/latest-kernel.nix ../../common/de/greetd.nix - ../../common/de/plasma6.nix + ../../common/de/plasma6.nix ../../common/de/hyprland.nix ../../common/programs/steam.nix