From 78529ae2641e8645ee3459753819d0ecff655d86 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Sun, 7 Mar 2021 15:11:56 -0500 Subject: Refactor configs into modules --- modules/common.nix | 60 +++++++++++++++++++++++++++ modules/desktop.nix | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++ modules/gaming.nix | 85 ++++++++++++++++++++++++++++++++++++++ modules/thinkpad.nix | 43 ++++++++++++++++++++ modules/users.nix | 100 +++++++++++++++++++++++++++++++++++++++++++++ modules/yubikey.nix | 60 +++++++++++++++++++++++++++ 6 files changed, 461 insertions(+) create mode 100644 modules/common.nix create mode 100644 modules/desktop.nix create mode 100644 modules/gaming.nix create mode 100644 modules/thinkpad.nix create mode 100644 modules/users.nix create mode 100644 modules/yubikey.nix (limited to 'modules') diff --git a/modules/common.nix b/modules/common.nix new file mode 100644 index 0000000..161d376 --- /dev/null +++ b/modules/common.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +{ + programs.zsh.enable = true; + programs.tmux.enable = true; + + nixpkgs.config.packageOverrides = pkgs: { + libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { }; + keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { }; + }; + + environment.shellAliases = { + vim = "nvim"; + }; + environment.systemPackages = with pkgs; [ + dnsutils + git + gnupg + haskellPackages.hledger + htop + mosh + neovim + # nox # Broken as of 2017-06-12 + pass + silver-searcher + whois + unzip + p7zip + unrar + ]; + time.timeZone = "America/New_York"; + + services = { + postgresql = { + dataDir = "/var/db/postgresql"; + package = pkgs.postgresql95; + }; + openssh.passwordAuthentication = false; + }; + + nix = rec { + useSandbox = lib.mkDefault true; + maxJobs = lib.mkOverride 110 16; + buildCores = lib.mkDefault 0; # auto configure + gc.automatic = lib.mkDefault true; + trustedBinaryCaches = [ + "https://cache.nixos.org" + ]; + binaryCaches = trustedBinaryCaches; + daemonNiceLevel = 10; + daemonIONiceLevel = 10; + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + boot.cleanTmpDir = true; + + nixpkgs.config.allowUnfree = true; +} diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..e348d77 --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.desktop; +in +{ + options = { + orbekk.desktop = { + enable = lib.mkEnableOption "Enable standard desktop config"; + }; + }; + + config = lib.mkIf cfg.enable { + orbekk.yubikey.enable = lib.mkDefault true; + + location.latitude = 40.0; + location.longitude = -74.0; + + sound.enable = true; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + }; + + bluetooth.enable = true; + pulseaudio = { + enable = true; + support32Bit = true; + package = pkgs.pulseaudioFull; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp.enable = true; + tcp.anonymousClients.allowAll = true; + }; + }; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [ fira-code dejavu_fonts steamPackages.steam-fonts wqy_microhei ]; + fontconfig = { + defaultFonts = { + sansSerif = [ "Noto Sans" "WenQuanYi Micro Hei" ]; + serif = [ "Noto Serif" "WenQuanYi Micro Hei-14" ]; + emoji = [ "Noto Color Emoji" ]; + monospace = [ "DejaVu Sans Mono" "WenQuanYi Micro Hei Mono" ]; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + chromium + dmenu + emacs + firefox + haskellPackages.xmobar + pavucontrol + rxvt_unicode-with-plugins + sshfsFuse + trayer + (conky.override { pulseSupport = true; }) + xbindkeys + xorg.xbacklight + xorg.xev + xscreensaver + xsel # used by urxvt clipboard + xss-lock + networkmanagerapplet + imagemagick + dzen2 + rofi + autorandr + ]; + + i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin]; + }; + + services = { + avahi.enable = true; + + xserver = { + enable = true; + layout = "us"; + # xkbVariant = "dvorak"; + xkbOptions = "caps:ctrl_modifier"; + + # desktopManager.plasma5 = { + # enable = true; + # }; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + extraPackages = hpkgs: [ hpkgs.xmobar hpkgs.split ]; + }; + + displayManager.lightdm = { + enable = true; + }; + + libinput.enable = true; + }; + + redshift = { + enable = true; + extraOptions = ["-r"]; + }; + }; + }; +} diff --git a/modules/gaming.nix b/modules/gaming.nix new file mode 100644 index 0000000..431c1f5 --- /dev/null +++ b/modules/gaming.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.orbekk.gaming; + + pkgs' = pkgs.unstable; + + overlay = final: prev: { + steam = pkgs'.steam.override { + # nativeOnly = true; + withJava = true; + extraPkgs = p: with pkgs'; + let xorgdeps = with xorg; [ + libX11 libXrender libXrandr libxcb libXmu libpthreadstubs libXext libXdmcp + libXxf86vm libXinerama libSM libXv libXaw libXi libXcursor libXcomposite + ]; + in [ + samba + tdb + glib-networking + libxkbcommon + fluidsynth hidapi mesa libdrm + perl which p7zip gnused gnugrep psmisc opencl-headers + cups lcms2 mpg123 cairo unixODBC samba4 sane-backends openldap ocl-icd utillinux + fribidi + libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio + libao libusb libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l + libjpeg libxkbcommon libass libcdio libsamplerate libzip libmad libaio + libcap libtiff libva libgphoto2 libxslt libsndfile giflib zlib glib + alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils + readline gcc SDL SDL2 curl graphite2 gtk2 gtk3 udev ncurses wayland libglvnd + vulkan-loader xdg_utils sqlite gnutls libbsd + libnghttp2 + openssl + openldap + xorg.xrandr + xorg.xinput + gnome3.gtk + zlib + dbus + freetype + glib + atk + cairo + gdk_pixbuf + pango + fontconfig + xorg.libxcb + libkrb5 + nss + qt4 + qt514.full + libjack2 jack2 jack2Full jack_capture + libidn2 + rtmpdump + libpsl + ] ++ xorgdeps; + }; + }; + +in { + options = { + orbekk.gaming = { + enable = lib.mkEnableOption "Enable steam with overrides"; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ overlay ]; + + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "steam" + ]; + + programs.steam.enable = true; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + + environment.systemPackages = with pkgs; [ + wineWowPackages.staging + steam + steam.run + obs-studio + ]; + }; +} diff --git a/modules/thinkpad.nix b/modules/thinkpad.nix new file mode 100644 index 0000000..df24573 --- /dev/null +++ b/modules/thinkpad.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.desktop; +in +{ + options = { + orbekk.thinkpad = { + enable = lib.mkEnableOption "Enable standard desktop config"; + }; + }; + + config = { + services = { + tlp = { + enable = true; + settings = { + "SATA_LINKPWR_ON_BAT" = "max_performance"; + }; + }; + xserver.xkbModel = "thinkpad60"; + }; + + boot = { + kernelModules = [ "tp_smapi" "thinkpad_acpi" "fbcon" "i915" "acpi_call" ]; + extraModulePackages = with config.boot.kernelPackages; [ tp_smapi acpi_call ]; + }; + + systemd.services = { + battery_threshold = { + description = "Set battery charging thresholds."; + path = [ pkgs.tpacpi-bat ]; + after = [ "basic.target" ]; + wantedBy = [ "multi-user.target" ]; + script = '' + tpacpi-bat -s ST 1 39 + tpacpi-bat -s ST 2 39 + tpacpi-bat -s SP 1 80 + tpacpi-bat -s SP 2 80 + ''; + }; + }; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..b595754 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,100 @@ +{ config, lib, pkgs, ... }: +let aliases = import ../data/aliases.nix; +in { + users = { + defaultUserShell = pkgs.zsh; + extraUsers = { + orbekk = { + isNormalUser = true; + home = "/home/orbekk"; + uid = 1000; + description = "KJ"; + extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input" "vboxusers" "video" "sound" "tty" ]; + openssh.authorizedKeys.keyFiles = [ + ../data/pincer_rsa.pub + ../data/yubikey_rsa.pub + ]; + }; + guest = { + isNormalUser = true; + home = "/home/guest"; + uid = 1500; + description = "Guest"; + extraGroups = ["networkmanager" "audio" "input"]; + }; + fcgi = { + group = "fcgi"; + extraGroups = ["readonly"]; + uid = 500; + }; + systemhttpd = { + name = "systemhttpd"; + group = "systemhttpd"; + createHome = true; + uid = 502; + home = "/var/lib/systemhttpd"; + }; + linoquotes = { + name = "linoquotes"; + group = "linoquotes"; + createHome = true; + uid = 503; + home = "/var/lib/linoquotes"; + }; + minecraft = { + name = "minecraft"; + uid = config.ids.uids.minecraft; + extraGroups = ["readonly"]; + }; + stats = { + name = "stats"; + group = "stats"; + createHome = true; + uid = 504; + home = aliases.services.stats.home; + }; + terraria = { + name = "terraria"; + group = "terraria"; + createHome = true; + uid = 505; + home = "/var/lib/terraria"; + }; + readonly = { + group = "readonly"; + createHome = false; + uid = 506; + useDefaultShell = true; + home = "/storage"; + }; + pjournal = { + group = "pjournal"; + createHome = false; + uid = 507; + }; + pjournal_test = { + group = "pjournal_test"; + createHome = false; + uid = 508; + }; + mpd = lib.optionalAttrs config.services.mpd.enable { + extraGroups = ["readonly"]; + }; + nginx = lib.optionalAttrs config.services.nginx.enable { + extraGroups = ["readonly"]; + }; + }; + extraGroups = { + fcgi = { name = "fcgi"; gid = 500; }; + plugdev = { name = "plugdev"; gid = 501; }; + systemhttpd = { name = "systemhttpd"; gid = 502; }; + linoquotes = { name = "linoquotes"; gid = 503; }; + stats = { name = "stats"; gid = 504; }; + terraria = { name = "terraria"; gid = 505; }; + readonly = { gid = 506; }; + pjournal = { gid = 507; }; + pjournal_test = { gid = 508; }; + }; + }; +} + diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..971ac1f --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.yubikey; + + yubikey-pkgs = with pkgs; [ + ccid + libu2f-host + libusb + rng_tools + yubikey-manager + yubikey-personalization + gnupg + pinentry + ]; +in +{ + options = { + orbekk.yubikey = { + enable = lib.mkEnableOption "Enable yubikey config"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + # Use GPG agent instead. + programs.ssh.startAgent = lib.mkDefault false; + + environment = { + systemPackages = yubikey-pkgs; + }; + + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; + } + ]; + + systemd.user.services.restart-pcscd = { + description = "Restart pcscd on startup"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = '' + sudo systemctl restart pcscd + ''; + Type = "oneshot"; + }; + }; + }; +} -- cgit v1.2.3