Andrew/configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
configuration/common/system.nix
Andrew Kvalheim e0f09be044 Rename component filenames
2023-05-17 11:40:54 -07:00

141 lines
3.9 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
inherit (config) host;
# Resources
palette = import ./resources/palette.nix;
in
{
imports = [
./components/backup.system.nix
./components/keyboard.system.nix
./components/locale.system.nix
./components/mail.system.nix
./components/networking.system.nix
./components/nix.system.nix
./components/printer.system.nix
./components/scanner.system.nix
./components/users.system.nix
./components/virtualization.system.nix
];
options.host = {
local = lib.mkOption { type = lib.types.path; };
resources = lib.mkOption { type = lib.types.path; };
};
config = {
# Boot
allowedUnfree = [ "memtest86-efi" ];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
# Swap
zramSwap.enable = true;
# Filesystems
boot.initrd.luks = {
gpgSupport = true;
devices.pv = {
device = "/dev/disk/by-partlabel/pv-enc";
allowDiscards = true;
fallbackToPassword = true;
gpgCard.encryptedPass = ./local/resources/luks-passphrase.gpg;
gpgCard.publicKey = ./resources/andrew.asc;
};
};
fileSystems."/".options = [ "compress=zstd:2" "discard=async" "noatime" ];
services.btrfs.autoScrub.enable = true;
boot.cleanTmpDir = true;
# Time
time.timeZone = "America/Los_Angeles";
# Console
console.packages = with pkgs; [ terminus_font ];
console.font = "ter-v32n";
console.colors = map (lib.removePrefix "#") (with palette; [
"#000000" red green yellow blue orange purple white
gray red green yellow blue orange purple white
]);
# Power
systemd.ctrlAltDelUnit = "poweroff.target";
services.irqbalance.enable = true;
# Authentication
security.pam.u2f = {
enable = true;
appId = "pam://${host.name}";
authFile = host.local + "/resources/andrew.u2f";
control = "sufficient";
cue = true;
};
# Authorization
security.sudo.extraRules = [
{
groups = [ "wheel" ];
commands = [
{ command = "/run/current-system/sw/bin/btrfs balance start --enqueue -dusage=50 -musage=50 /"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/nix-channel --update"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/nixos-rebuild boot"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/nixos-rebuild switch"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/poweroff"; options = [ "NOPASSWD" ]; }
];
}
];
# SSH
services.openssh = {
enable = true;
passwordAuthentication = false;
};
# SMART monitoring
services.smartd = {
enable = true;
notifications.mail.enable = true;
};
# Firmware updates
hardware.enableRedistributableFirmware = true;
services.fwupd.enable = true;
# Audio
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
systemd.services.rtkit-daemon.serviceConfig.LogLevelMax = "notice";
services.pipewire = {
enable = true;
alsa = { enable = true; support32Bit = true; };
pulse.enable = true;
};
# OpenPGP
services.pcscd.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# Graphical environment
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.gnome.excludePackages = with pkgs; [
gnome.epiphany
gnome.geary
gnome.gnome-calculator
gnome.gnome-maps
gnome.gnome-music
gnome.gnome-weather
gnome-photos
];
# Applications
environment.localBinInPath = true;
programs.zsh.enable = true;
};
}
Reference in a new issue View git blame Copy permalink