Extract components from NixOS configuration
This commit is contained in:
parent
3ed28c9446
commit
8477ea4533
7 changed files with 140 additions and 106 deletions
18
common/components/backup.nix
Normal file
18
common/components/backup.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.services.mirror = {
|
||||
description = "Mirror to closet";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.Nice = 10;
|
||||
onFailure = [ "alert@%n.service" ];
|
||||
path = with pkgs; [ netcat openssh rsync ];
|
||||
script = builtins.readFile (config.host.local + "/resources/mirror.sh");
|
||||
};
|
||||
|
||||
systemd.timers.mirror = {
|
||||
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
|
||||
timerConfig.Persistent = true;
|
||||
wantedBy = [ "timers.target" ];
|
||||
};
|
||||
}
|
27
common/components/keyboard.nix
Normal file
27
common/components/keyboard.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../packages/kmonad.nix
|
||||
../../packages/ydotoold.nix
|
||||
];
|
||||
|
||||
console.useXkbConfig = true;
|
||||
services.xserver.layout = "halmakish";
|
||||
services.xserver.extraLayouts.halmakish = {
|
||||
description = "Halmakish";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = ../resources/halmakish.xkb;
|
||||
};
|
||||
|
||||
services.kmonad = {
|
||||
enable = true;
|
||||
keyboards.default = {
|
||||
config = builtins.readFile (config.host.resources + "/halmakish.kbd");
|
||||
fallthrough = true;
|
||||
allowCommands = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.ydotoold.enable = true;
|
||||
}
|
24
common/components/locale.nix
Normal file
24
common/components/locale.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
# Duplicated from <nixpkgs/nixos/modules/config/i18n.nix>
|
||||
glibcLocalesDefault = pkgs.glibcLocales.override {
|
||||
allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
|
||||
locales = config.i18n.supportedLocales;
|
||||
};
|
||||
|
||||
glibcLocales = glibcLocalesDefault.overrideAttrs (glibcLocales: {
|
||||
patchPhase = glibcLocales.patchPhase or "" + ''
|
||||
cp --verbose '${../resources}/en_US@aspirational' 'localedata/locales/'
|
||||
echo 'en_US.UTF-8@aspirational/UTF-8 \' >> 'localedata/SUPPORTED'
|
||||
'';
|
||||
});
|
||||
in
|
||||
{
|
||||
i18n = {
|
||||
inherit glibcLocales;
|
||||
supportedLocales = [ "en_US.UTF-8/UTF-8" "en_US.UTF-8@aspirational/UTF-8" ];
|
||||
|
||||
extraLocaleSettings.LANG = "en_US.UTF-8@aspirational";
|
||||
};
|
||||
}
|
21
common/components/mail.nix
Normal file
21
common/components/mail.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
destination = [ ]; # Disable local delivery
|
||||
|
||||
mapFiles.smtp_sasl_password_maps = config.host.local + "/resources/smtp-sasl-password-maps";
|
||||
|
||||
origin = "andrew.kvalhe.im";
|
||||
config = {
|
||||
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
|
||||
smtp_use_tls = "yes";
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtp_tls_note_starttls_offer = "yes";
|
||||
smtp_sasl_auth_enable = "yes";
|
||||
smtp_sasl_security_options = "noanonymous";
|
||||
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
|
||||
};
|
||||
};
|
||||
}
|
17
common/components/printer.nix
Normal file
17
common/components/printer.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
allowedUnfree = [ "brgenml1lpr" ];
|
||||
|
||||
services.printing = { enable = true; drivers = with pkgs; [ brgenml1cupswrapper ]; };
|
||||
|
||||
hardware.printers = {
|
||||
ensureDefaultPrinter = "DCP-7065DN";
|
||||
ensurePrinters = [{
|
||||
name = "DCP-7065DN";
|
||||
description = "Brother DCP-7065DN";
|
||||
model = "brother-BrGenML1-cups-en.ppd";
|
||||
deviceUri = "lpd://lumberjack/binary_p1";
|
||||
}];
|
||||
};
|
||||
}
|
11
common/components/scanner.nix
Normal file
11
common/components/scanner.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
imports = [ <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> ];
|
||||
|
||||
allowedUnfree = [ "brother-udev-rule-type1" "brscan4" "brscan4-etc-files" ];
|
||||
|
||||
hardware.sane = { enable = true; brscan4.enable = true; };
|
||||
|
||||
hardware.sane.brscan4.netDevices = {
|
||||
DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
|
||||
};
|
||||
}
|
128
common/nixos.nix
128
common/nixos.nix
|
@ -6,18 +6,15 @@ let
|
|||
|
||||
# Resources
|
||||
palette = import ./resources/palette.nix;
|
||||
|
||||
# Duplicated from <nixpkgs/nixos/modules/config/i18n.nix>
|
||||
glibcLocalesDefault = pkgs.glibcLocales.override {
|
||||
allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
|
||||
locales = config.i18n.supportedLocales;
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
||||
../packages/kmonad.nix
|
||||
../packages/ydotoold.nix
|
||||
./components/backup.nix
|
||||
./components/keyboard.nix
|
||||
./components/locale.nix
|
||||
./components/mail.nix
|
||||
./components/printer.nix
|
||||
./components/scanner.nix
|
||||
];
|
||||
|
||||
# Pending NixOS/nixpkgs#55674
|
||||
|
@ -47,15 +44,8 @@ in
|
|||
${pkgs.nvd}/bin/nvd diff '/run/current-system' "$systemConfig"
|
||||
'';
|
||||
|
||||
|
||||
# Unfree packages
|
||||
allowedUnfree = [
|
||||
"brgenml1lpr" # brgenml1cupswrapper
|
||||
"brother-udev-rule-type1" "brscan4" "brscan4-etc-files" # hardware.sane.brscan4
|
||||
"memtest86-efi" # boot.loader.systemd-boot.memtest86
|
||||
];
|
||||
|
||||
# Boot
|
||||
allowedUnfree = [ "memtest86-efi" ];
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.systemd-boot.memtest86.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -79,18 +69,8 @@ in
|
|||
services.btrfs.autoScrub.enable = true;
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
# Time and locale
|
||||
# Time
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
i18n = {
|
||||
supportedLocales = [ "en_US.UTF-8/UTF-8" "en_US.UTF-8@aspirational/UTF-8" ];
|
||||
glibcLocales = glibcLocalesDefault.overrideAttrs (glibcLocales: {
|
||||
patchPhase = glibcLocales.patchPhase or "" + ''
|
||||
cp --verbose '${./resources}/en_US@aspirational' 'localedata/locales/'
|
||||
echo 'en_US.UTF-8@aspirational/UTF-8 \' >> 'localedata/SUPPORTED'
|
||||
'';
|
||||
});
|
||||
extraLocaleSettings.LANG = "en_US.UTF-8@aspirational";
|
||||
};
|
||||
|
||||
# Networking
|
||||
networking.hostName = host.name;
|
||||
|
@ -108,24 +88,6 @@ in
|
|||
gray red green yellow blue orange purple white
|
||||
]);
|
||||
|
||||
# Keyboard
|
||||
services.xserver.extraLayouts.halmakish = {
|
||||
description = "Halmakish";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = ./resources/halmakish.xkb;
|
||||
};
|
||||
services.xserver.layout = "halmakish";
|
||||
console.useXkbConfig = true;
|
||||
services.kmonad = {
|
||||
enable = true;
|
||||
keyboards.default = {
|
||||
config = builtins.readFile (host.resources + "/halmakish.kbd");
|
||||
fallthrough = true;
|
||||
allowCommands = false;
|
||||
};
|
||||
};
|
||||
services.ydotoold.enable = true;
|
||||
|
||||
# Power
|
||||
systemd.ctrlAltDelUnit = "poweroff.target";
|
||||
services.irqbalance.enable = true;
|
||||
|
@ -156,28 +118,13 @@ in
|
|||
# SSH
|
||||
services.openssh = { enable = true; passwordAuthentication = false; };
|
||||
|
||||
# Mail
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
config = {
|
||||
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
|
||||
smtp_use_tls = "yes";
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtp_tls_note_starttls_offer = "yes";
|
||||
smtp_sasl_auth_enable = "yes";
|
||||
smtp_sasl_security_options = "noanonymous";
|
||||
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
|
||||
};
|
||||
origin = "andrew.kvalhe.im";
|
||||
destination = [ ]; # Disable local delivery
|
||||
mapFiles.smtp_sasl_password_maps = host.local + "/resources/smtp-sasl-password-maps";
|
||||
};
|
||||
# Service monitoring
|
||||
systemd.services."alert@" = {
|
||||
description = "Alert of failed %I";
|
||||
serviceConfig.SyslogIdentifier = "%p";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.ExecStart = ''
|
||||
${pkgs.bash}/bin/bash -c "${pkgs.system-sendmail}/bin/sendmail -i root \
|
||||
serviceConfig.ExecStart = with pkgs; ''
|
||||
${bash}/bin/bash -c "${system-sendmail}/bin/sendmail -i root \
|
||||
<<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
|
||||
'';
|
||||
};
|
||||
|
@ -202,25 +149,17 @@ in
|
|||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# Printer
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = with pkgs; [ brgenml1cupswrapper ];
|
||||
hardware.printers = {
|
||||
ensureDefaultPrinter = "DCP-7065DN";
|
||||
ensurePrinters = [{
|
||||
name = "DCP-7065DN";
|
||||
description = "Brother DCP-7065DN";
|
||||
model = "brother-BrGenML1-cups-en.ppd";
|
||||
deviceUri = "lpd://lumberjack/binary_p1";
|
||||
}];
|
||||
# Virtualization
|
||||
virtualisation = {
|
||||
containers.registries.search = [ "docker.io" ];
|
||||
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
|
||||
podman.enable = true;
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
# Scanner
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.brscan4 = {
|
||||
enable = true;
|
||||
netDevices.DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
|
||||
};
|
||||
# OpenPGP
|
||||
services.pcscd.enable = true;
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
# Graphical environment
|
||||
services.xserver.enable = true;
|
||||
|
@ -228,6 +167,8 @@ in
|
|||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
# Applications
|
||||
environment.localBinInPath = true;
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
environment.gnome.excludePackages = with pkgs; [
|
||||
gnome.epiphany
|
||||
gnome.geary
|
||||
|
@ -237,17 +178,7 @@ in
|
|||
gnome.gnome-weather
|
||||
gnome-photos
|
||||
];
|
||||
services.pcscd.enable = true;
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
virtualisation = {
|
||||
containers.registries.search = [ "docker.io" ];
|
||||
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
|
||||
podman.enable = true;
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
programs.zsh.enable = true;
|
||||
environment.localBinInPath = true;
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
|
||||
# Users
|
||||
users.mutableUsers = false;
|
||||
|
@ -271,20 +202,5 @@ in
|
|||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./resources/andrew.pub) ];
|
||||
};
|
||||
|
||||
# Backup
|
||||
systemd.services.mirror = {
|
||||
description = "Mirror to closet";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.Nice = 10;
|
||||
onFailure = [ "alert@%n.service" ];
|
||||
path = with pkgs; [ netcat openssh rsync ];
|
||||
script = builtins.readFile (host.local + "/resources/mirror.sh");
|
||||
};
|
||||
systemd.timers.mirror = {
|
||||
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
|
||||
timerConfig.Persistent = true;
|
||||
wantedBy = [ "timers.target" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue