Andrew/configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Extract components from NixOS configuration

Browse source
This commit is contained in:
Andrew Kvalheim 2022-10-24 16:26:00 -07:00
parent 3ed28c9446
commit 8477ea4533
7 changed files with 140 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
common/components/backup.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
systemd.services.mirror = {
description = "Mirror to closet";
serviceConfig.Type = "oneshot";
serviceConfig.Nice = 10;
onFailure = [ "alert@%n.service" ];
path = with pkgs; [ netcat openssh rsync ];
script = builtins.readFile (config.host.local + "/resources/mirror.sh");
};
systemd.timers.mirror = {
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
timerConfig.Persistent = true;
wantedBy = [ "timers.target" ];
};
}

27
common/components/keyboard.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
imports = [
../../packages/kmonad.nix
../../packages/ydotoold.nix
];
console.useXkbConfig = true;
services.xserver.layout = "halmakish";
services.xserver.extraLayouts.halmakish = {
description = "Halmakish";
languages = [ "eng" ];
symbolsFile = ../resources/halmakish.xkb;
};
services.kmonad = {
enable = true;
keyboards.default = {
config = builtins.readFile (config.host.resources + "/halmakish.kbd");
fallthrough = true;
allowCommands = false;
};
};
services.ydotoold.enable = true;
}

24
common/components/locale.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
let
# Duplicated from <nixpkgs/nixos/modules/config/i18n.nix>
glibcLocalesDefault = pkgs.glibcLocales.override {
allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
glibcLocales = glibcLocalesDefault.overrideAttrs (glibcLocales: {
patchPhase = glibcLocales.patchPhase or "" + ''
cp --verbose '${../resources}/en_US@aspirational' 'localedata/locales/'
echo 'en_US.UTF-8@aspirational/UTF-8 \' >> 'localedata/SUPPORTED'
'';
});
in
{
i18n = {
inherit glibcLocales;
supportedLocales = [ "en_US.UTF-8/UTF-8" "en_US.UTF-8@aspirational/UTF-8" ];
extraLocaleSettings.LANG = "en_US.UTF-8@aspirational";
};
}

21
common/components/mail.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, ... }:
{
services.postfix = {
enable = true;
destination = [ ]; # Disable local delivery
mapFiles.smtp_sasl_password_maps = config.host.local + "/resources/smtp-sasl-password-maps";
origin = "andrew.kvalhe.im";
config = {
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
smtp_use_tls = "yes";
smtp_tls_security_level = "encrypt";
smtp_tls_note_starttls_offer = "yes";
smtp_sasl_auth_enable = "yes";
smtp_sasl_security_options = "noanonymous";
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
};
};
}

17
common/components/printer.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, ... }:
{
allowedUnfree = [ "brgenml1lpr" ];
services.printing = { enable = true; drivers = with pkgs; [ brgenml1cupswrapper ]; };
hardware.printers = {
ensureDefaultPrinter = "DCP-7065DN";
ensurePrinters = [{
name = "DCP-7065DN";
description = "Brother DCP-7065DN";
model = "brother-BrGenML1-cups-en.ppd";
deviceUri = "lpd://lumberjack/binary_p1";
}];
};
}

11
common/components/scanner.nix Normal file
View file

@ -0,0 +1,11 @@
{
imports = [ <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> ];
allowedUnfree = [ "brother-udev-rule-type1" "brscan4" "brscan4-etc-files" ];
hardware.sane = { enable = true; brscan4.enable = true; };
hardware.sane.brscan4.netDevices = {
DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
};
}

128
common/nixos.nix
View file

@ -6,18 +6,15 @@ let
# Resources
palette = import ./resources/palette.nix;
# Duplicated from <nixpkgs/nixos/modules/config/i18n.nix>
glibcLocalesDefault = pkgs.glibcLocales.override {
allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
in
{
imports = [
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
../packages/kmonad.nix
../packages/ydotoold.nix
./components/backup.nix
./components/keyboard.nix
./components/locale.nix
./components/mail.nix
./components/printer.nix
./components/scanner.nix
];
# Pending NixOS/nixpkgs#55674
@ -47,15 +44,8 @@ in
${pkgs.nvd}/bin/nvd diff '/run/current-system' "$systemConfig"
'';
# Unfree packages
allowedUnfree = [
"brgenml1lpr" # brgenml1cupswrapper
"brother-udev-rule-type1" "brscan4" "brscan4-etc-files" # hardware.sane.brscan4
"memtest86-efi" # boot.loader.systemd-boot.memtest86
];
# Boot
allowedUnfree = [ "memtest86-efi" ];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -79,18 +69,8 @@ in
services.btrfs.autoScrub.enable = true;
boot.cleanTmpDir = true;
# Time and locale
# Time
time.timeZone = "America/Los_Angeles";
i18n = {
supportedLocales = [ "en_US.UTF-8/UTF-8" "en_US.UTF-8@aspirational/UTF-8" ];
glibcLocales = glibcLocalesDefault.overrideAttrs (glibcLocales: {
patchPhase = glibcLocales.patchPhase or "" + ''
cp --verbose '${./resources}/en_US@aspirational' 'localedata/locales/'
echo 'en_US.UTF-8@aspirational/UTF-8 \' >> 'localedata/SUPPORTED'
'';
});
extraLocaleSettings.LANG = "en_US.UTF-8@aspirational";
};
# Networking
networking.hostName = host.name;
@ -108,24 +88,6 @@ in
gray red green yellow blue orange purple white
]);
# Keyboard
services.xserver.extraLayouts.halmakish = {
description = "Halmakish";
languages = [ "eng" ];
symbolsFile = ./resources/halmakish.xkb;
};
services.xserver.layout = "halmakish";
console.useXkbConfig = true;
services.kmonad = {
enable = true;
keyboards.default = {
config = builtins.readFile (host.resources + "/halmakish.kbd");
fallthrough = true;
allowCommands = false;
};
};
services.ydotoold.enable = true;
# Power
systemd.ctrlAltDelUnit = "poweroff.target";
services.irqbalance.enable = true;
@ -156,28 +118,13 @@ in
# SSH
services.openssh = { enable = true; passwordAuthentication = false; };
# Mail
services.postfix = {
enable = true;
config = {
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
smtp_use_tls = "yes";
smtp_tls_security_level = "encrypt";
smtp_tls_note_starttls_offer = "yes";
smtp_sasl_auth_enable = "yes";
smtp_sasl_security_options = "noanonymous";
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
};
origin = "andrew.kvalhe.im";
destination = [ ]; # Disable local delivery
mapFiles.smtp_sasl_password_maps = host.local + "/resources/smtp-sasl-password-maps";
};
# Service monitoring
systemd.services."alert@" = {
description = "Alert of failed %I";
serviceConfig.SyslogIdentifier = "%p";
serviceConfig.Type = "oneshot";
serviceConfig.ExecStart = ''
${pkgs.bash}/bin/bash -c "${pkgs.system-sendmail}/bin/sendmail -i root \
serviceConfig.ExecStart = with pkgs; ''
${bash}/bin/bash -c "${system-sendmail}/bin/sendmail -i root \
<<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
'';
};
@ -202,25 +149,17 @@ in
pulse.enable = true;
};
# Printer
services.printing.enable = true;
services.printing.drivers = with pkgs; [ brgenml1cupswrapper ];
hardware.printers = {
ensureDefaultPrinter = "DCP-7065DN";
ensurePrinters = [{
name = "DCP-7065DN";
description = "Brother DCP-7065DN";
model = "brother-BrGenML1-cups-en.ppd";
deviceUri = "lpd://lumberjack/binary_p1";
}];
# Virtualization
virtualisation = {
containers.registries.search = [ "docker.io" ];
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
podman.enable = true;
libvirtd.enable = true;
};
# Scanner
hardware.sane.enable = true;
hardware.sane.brscan4 = {
enable = true;
netDevices.DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
};
# OpenPGP
services.pcscd.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# Graphical environment
services.xserver.enable = true;
@ -228,6 +167,8 @@ in
services.xserver.desktopManager.gnome.enable = true;
# Applications
environment.localBinInPath = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.gnome.excludePackages = with pkgs; [
gnome.epiphany
gnome.geary
@ -237,17 +178,7 @@ in
gnome.gnome-weather
gnome-photos
];
services.pcscd.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
virtualisation = {
containers.registries.search = [ "docker.io" ];
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
podman.enable = true;
libvirtd.enable = true;
};
programs.zsh.enable = true;
environment.localBinInPath = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Users
users.mutableUsers = false;
@ -271,20 +202,5 @@ in
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ (builtins.readFile ./resources/andrew.pub) ];
};
# Backup
systemd.services.mirror = {
description = "Mirror to closet";
serviceConfig.Type = "oneshot";
serviceConfig.Nice = 10;
onFailure = [ "alert@%n.service" ];
path = with pkgs; [ netcat openssh rsync ];
script = builtins.readFile (host.local + "/resources/mirror.sh");
};
systemd.timers.mirror = {
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
timerConfig.Persistent = true;
wantedBy = [ "timers.target" ];
};
};
}