aboutsummaryrefslogtreecommitdiff
path: root/nixos/modules
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/compile.nix30
-rw-r--r--nixos/modules/default.nix11
-rw-r--r--nixos/modules/desktop.nix158
-rw-r--r--nixos/modules/develop.nix105
-rw-r--r--nixos/modules/generic.nix98
-rw-r--r--nixos/modules/hardware.nix12
-rw-r--r--nixos/modules/hosts.nix104
-rw-r--r--nixos/modules/openvpn.nix26
-rw-r--r--nixos/modules/syncthing.nix115
-rw-r--r--nixos/modules/wifi-client.nix23
10 files changed, 682 insertions, 0 deletions
diff --git a/nixos/modules/compile.nix b/nixos/modules/compile.nix
new file mode 100644
index 0000000..a1709e6
--- /dev/null
+++ b/nixos/modules/compile.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = {
+ cynerd.compile = mkOption {
+ type = types.bool;
+ default = false;
+ description = "If machine is about to be used for compilation.";
+ };
+ };
+
+ config = mkIf config.cynerd.compile {
+
+ environment.systemPackages = with pkgs; [
+ # Tools
+ git bash
+ #uroot
+ qemu
+
+ # Python
+ python3Packages.pip
+
+ ];
+
+ };
+
+}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
new file mode 100644
index 0000000..fe401df
--- /dev/null
+++ b/nixos/modules/default.nix
@@ -0,0 +1,11 @@
+nixpkgs: {
+ cynerd-compile = import ./compile.nix;
+ cynerd-desktop = import ./desktop.nix;
+ cynerd-develop = import ./develop.nix nixpkgs;
+ cynerd-generic = import ./generic.nix;
+ cynerd-hardware = import ./hardware.nix;
+ cynerd-hosts = import ./hosts.nix;
+ cynerd-openvpn = import ./openvpn.nix;
+ cynerd-syncthing = import ./syncthing.nix;
+ cynerd-wifi-client = import ./wifi-client.nix;
+}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
new file mode 100644
index 0000000..41efa0b
--- /dev/null
+++ b/nixos/modules/desktop.nix
@@ -0,0 +1,158 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+
+ cnf = config.cynerd.desktop;
+
+in {
+
+ options = {
+ cynerd.desktop = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable my desktop";
+ };
+ laptop = mkOption {
+ type = types.bool;
+ default = false;
+ description = "The desktop requires Laptop extensions";
+ };
+ };
+ };
+
+ config = mkIf cnf.enable {
+ cynerd.hosts.enable = true;
+
+ # TODO autologin but only on tty1
+ services.gpm.enable = true;
+
+ programs.sway.enable = true;
+ programs.sway.extraPackages = with pkgs; [
+ gnome.dconf-editor
+ glib gsettings-desktop-schemas
+ i3blocks sysstat
+ wofi rofimoji wev
+ swaybackground myswaylock
+
+ alacritty
+
+ kanshi wdisplays wayvnc wl-mirror
+ slurp grim
+ xdg-desktop-portal-wlr xdg-desktop-portal-gtk pipewire wf-recorder
+ wl-clipboard wl-color-picker
+ swayidle
+ dunst
+
+ isync msmtp notmuch astroid
+ taskwarrior vdirsyncer khal khard
+ gnupg pass pinentry-gnome pinentry-curses
+
+ firefox chromium
+ ferdi
+ libreoffice
+ mupdf pdfgrep
+
+ xdg-utils xdg-launch
+ mesa-demos vulkan-tools
+
+ pulsemixer
+ mpd mpc-cli ncmpcpp
+ feh shotwell id3lib
+ vlc mpv youtube-dl
+
+ delft-icon-theme gnome3.adwaita-icon-theme
+ vanilla-dmz
+ sound-theme-freedesktop
+ gucharmap
+
+ samba cifs-utils
+
+ tigervnc freerdp
+ kdeconnect
+
+ hdparm ethtool multipath-tools
+ usb-modeswitch
+ v4l-utils
+
+ # Calculating
+ python3Packages.numpy python3Packages.sympy python3Packages.matplotlib
+
+ # Creation
+ simple-scan
+ audacity
+ gimp inkscape
+ blender
+ kdenlive
+
+ # GStreamer
+ gst_all_1.gst-libav
+ gst_all_1.gst-plugins-bad
+ gst_all_1.gst-plugins-base
+ gst_all_1.gst-plugins-good
+ gst_all_1.gst-plugins-ugly
+ gst_all_1.gst-plugins-viperfx
+
+ ] ++ ( [
+ # Power management
+ powertop
+ acpi
+ ]);
+ programs.vim.package = pkgs.vimHugeX;
+ programs.shellrc.desktop = true;
+ xdg.portal.enable = true;
+ xdg.portal.wlr.enable = true;
+ xdg.portal.gtkUsePortal = true;
+ xdg.mime.defaultApplications = {
+ "application/pdf" = [ "mupdf.desktop" ];
+ };
+
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ enableBrowserSocket = true;
+ };
+ services.dbus.packages = [ pkgs.gcr ];
+
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ };
+ security.rtkit.enable = true;
+
+ services.printing = {
+ enable = true;
+ drivers = with pkgs; [
+ gutenprint gutenprintBin
+ cnijfilter2
+ ];
+ };
+
+ fonts.fonts = with pkgs; [
+ arkpandora_ttf
+ corefonts
+ dejavu_fonts
+ font-awesome
+ freefont_ttf
+ hack-font
+ liberation_ttf
+ libertine
+ noto-fonts
+ noto-fonts-emoji
+ terminus_font_ttf
+ ubuntu_font_family
+ unifont
+ ];
+
+ services.udev.extraRules = ''
+ ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq"
+ '';
+ hardware.opengl.driSupport = true;
+ hardware.opengl.driSupport32Bit = true;
+
+
+ };
+}
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
new file mode 100644
index 0000000..bf5c2de
--- /dev/null
+++ b/nixos/modules/develop.nix
@@ -0,0 +1,105 @@
+nixpkgs: { config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ armv6l = (import nixpkgs.outPath {
+ localSystem = config.system.build.toplevel.system;
+ crossSystem = {
+ config = "armv6l-none-eabi";
+ libc = "newlib";
+ };
+ });
+ armv7l = (import nixpkgs.outPath {
+ localSystem = config.system.build.toplevel.system;
+ crossSystem = {
+ config = "armv7l-none-eabi";
+ libc = "newlib";
+ };
+ });
+
+in {
+
+ options = {
+ cynerd.develop = mkOption {
+ type = types.bool;
+ default = false;
+ description = "If machine is about to be used for development.";
+ };
+ };
+
+ config = mkIf config.cynerd.develop {
+ cynerd.compile = true;
+ environment.systemPackages = with pkgs; [
+ # Tools
+ tig gource hub github-cli # Git
+ wlc # Weblate
+ cloc
+ openssl
+ sterm
+
+ # Nix
+ nix-prefetch-git nix-prefetch-github nix-prefetch-scripts
+
+ # C
+ ccls bear
+ check
+ valgrind
+ cppcheck flawfinder
+ gdb
+ lcov massif-visualizer
+
+ # Shell
+ dash # Posix shell
+ bats
+ shellcheck
+
+ # Python
+ python3 python3Packages.ipython
+ twine
+ python3Packages.pytest python3Packages.pytest-html #python3Packages.pytest-tap
+ python3Packages.coverage
+ python3Packages.python-lsp-black
+ mypy
+ pylint python3Packages.pydocstyle
+
+ # Lua
+ lua51Packages.luacheck
+
+ # Ansible
+ ansible
+
+ # U-Boot
+ ubootTools
+ tftp-hpa
+
+ # Network
+ iperf2 iperf3
+ wireshark
+ inetutils
+
+ # Gtk
+ glade
+
+ # Containers
+ lxc lxd
+ docker
+
+ # Barcode generation
+ barcode
+
+ # D-Bus
+ dfeet
+
+ # Bare metal
+ openocd
+ #armv6l.buildPackages.gcc armv6l.buildPackages.gdb
+ #armv7l.buildPackages.gcc armv7l.buildPackages.gdb
+ pkgsCross.arm-embedded.buildPackages.gcc
+
+ ];
+
+ };
+
+}
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
new file mode 100644
index 0000000..31f0829
--- /dev/null
+++ b/nixos/modules/generic.nix
@@ -0,0 +1,98 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ config = {
+ system.stateVersion = "22.05";
+
+ nix = {
+ extraOptions = "experimental-features = nix-command flakes";
+ autoOptimiseStore = true;
+ registry = {
+ personal.to = {
+ type = "git";
+ url = "https://git.cynerd.cz/nixos-personal";
+ };
+ };
+ };
+
+ boot.loader.systemd-boot.enable = mkDefault true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ boot.kernelParams = ["boot.shell_on_fail"];
+ hardware.enableAllFirmware = true;
+
+
+ nixpkgs.config.allowUnfree = true;
+ environment.systemPackages = with pkgs; [
+ git # We need git for this repository to even work
+ # Administration tools
+ coreutils moreutils psmisc progress lshw
+ dig
+
+ # NCurses tools
+ htop iotop glances
+ mc
+ screen tmux
+ ncdu
+
+ # ls tools
+ tree
+ mlocate
+ lsof
+ strace
+
+ sourceHighlight # Colors for less
+ unrar p7zip
+
+ # Vim plugins (used for root account)
+ vimPlugins.vim-nix
+ vimPlugins.vim-nftables
+
+ # Network
+ nmap netcat traceroute
+ iftop nethogs
+ # TODO add mdns
+
+ lm_sensors
+
+ ] ++ optional (system == "x86_64-linux") ltrace;
+
+ users.mutableUsers = false;
+ users.groups.cynerd.gid = 1000;
+ users.users = {
+ root = {
+ passwordFile = "/run/secrets/root.pass";
+ };
+ cynerd = {
+ uid = 1000;
+ subUidRanges = [{ count = 65534; startUid = 10000; }];
+ subGidRanges = [{ count = 65534; startGid = 10000; }];
+ group = "cynerd";
+ isNormalUser = true;
+ createHome = true;
+ shell = pkgs.zsh.out;
+ extraGroups = ["users" "wheel"];
+ passwordFile = "/run/secrets/cynerd.pass";
+ openssh.authorizedKeys.keyFiles = [
+ (config.personal-secrets + "/unencrypted/git-private.pub")
+ ];
+ };
+ };
+ programs.zsh.enable = true;
+ programs.shellrc.enable = true;
+ programs.vim.defaultEditor = mkDefault true;
+
+ security.sudo.extraRules = [
+ { groups = [ "wheel" ]; commands = [ "ALL" ]; }
+ ];
+
+ services.openssh.enable = true;
+
+ time.timeZone = "Europe/Prague";
+ i18n.defaultLocale = "en_US.UTF-8";
+ };
+
+}
diff --git a/nixos/modules/hardware.nix b/nixos/modules/hardware.nix
new file mode 100644
index 0000000..d6bbd94
--- /dev/null
+++ b/nixos/modules/hardware.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = { };
+
+ config = {
+ };
+
+}
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
new file mode 100644
index 0000000..19f877e
--- /dev/null
+++ b/nixos/modules/hosts.nix
@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cnf = config.cynerd.hosts;
+
+ staticZoneOption = mkOption {
+ type = types.attrsOf types.str;
+ readOnly = true;
+ };
+
+in {
+
+ options = {
+ cynerd.hosts = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Use my personal static hosts";
+ };
+ vpn = staticZoneOption;
+ spt = staticZoneOption;
+ adm = staticZoneOption;
+ };
+ };
+
+ config = {
+ cynerd.hosts = {
+ vpn = {
+ "lipwig" = "10.8.0.1";
+ # Portable
+ "android" = "10.8.0.2";
+ "albert" = "10.8.0.3";
+ "dean" = "10.8.0.4";
+ "susan" = "10.8.0.5";
+ "binky" = "10.8.0.6";
+ # Endpoints
+ "spt-omnia" = "10.8.0.50";
+ "adm-omnia" = "10.8.0.51";
+ };
+ spt = {
+ # Network
+ "omnia" = "10.8.2.1";
+ "mox" = "10.8.2.2";
+ "mox2" = "10.8.2.3";
+ # Local
+ "mpd" = "10.8.2.51";
+ "errol" = "10.8.2.60";
+ # Portable
+ "albert" = "10.8.2.61";
+ "susan" = "10.8.2.62";
+ "binky" = "10.8.2.63";
+ };
+ adm = {
+ # Network
+ "omnia" = "10.8.3.1";
+ "omnia2" = "10.8.3.3";
+ # Local
+ "ridcully" = "10.8.3.60";
+ "3dprint" = "10.8.3.80";
+ "mpd" = "192.168.0.51";
+ # Portable
+ "albert" ="10.8.3.61";
+ "susan" = "10.8.3.62";
+ "binky" = "10.8.3.63";
+ };
+ };
+
+ networking.hosts = mkIf cnf.enable {
+ # VPN
+ "${cnf.vpn.lipwig}" = ["lipwig.vpn"];
+ "${cnf.vpn.android}" = ["android.vpn"];
+ "${cnf.vpn.albert}" = ["albert.vpn"];
+ "${cnf.vpn.dean}" = ["dean.vpn"];
+ "${cnf.vpn.susan}" = ["susan.vpn"];
+ "${cnf.vpn.binky}" = ["binky.vpn"];
+ "${cnf.vpn.spt-omnia}" = ["spt.vpn"];
+ "${cnf.vpn.adm-omnia}" = ["adm.vpn"];
+ # Spt
+ "${cnf.spt.omnia}" = ["omnia.spt"];
+ "${cnf.spt.mox}" = ["mox.spt"];
+ "${cnf.spt.mox2}" = ["mox2.spt"];
+ "10.8.2.4" = ["mi3g.spt"];
+ "${cnf.spt.mpd}" = ["mpd.spt"];
+ "${cnf.spt.errol}" = ["errol" "desktop.spt"];
+ "${cnf.spt.albert}" = ["albert.spt"];
+ "${cnf.spt.susan}" = ["susan.spt"];
+ "${cnf.spt.binky}" = ["binky.spt"];
+ # Adm
+ "${cnf.adm.omnia}" = ["omnia.adm"];
+ "10.8.3.2" = ["redmi.adm"];
+ "${cnf.adm.omnia2}" = ["omnia2.adm"];
+ "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"];
+ "${cnf.adm.albert}" = ["albert.adm"];
+ "${cnf.adm.susan}" = ["susan.adm"];
+ "${cnf.adm.binky}" = ["binky.adm"];
+ "${cnf.adm."3dprint"}" = ["3dprint"];
+ "${cnf.adm.mpd}" = ["mpd.adm"];
+ };
+ };
+
+}
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
new file mode 100644
index 0000000..abcd1f0
--- /dev/null
+++ b/nixos/modules/openvpn.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cnf = config.cynerd.openvpn;
+
+in {
+
+ options = {
+ cynerd.openvpn.enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "My personal OpenVPN";
+ };
+ };
+
+ config = mkIf cnf.enable {
+ services.openvpn.servers.personal = {
+ config = "config /run/secrets/personal.ovpn";
+ };
+ };
+
+}
+
diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix
new file mode 100644
index 0000000..44c1ac1
--- /dev/null
+++ b/nixos/modules/syncthing.nix
@@ -0,0 +1,115 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+
+ cnf = config.cynerd.syncthing;
+ hostName = config.networking.hostName;
+ allDevices = [
+ "albert" "binky" "errol" "lipwig" "ridcully" "susan" "spt-omnia"
+ ];
+ mediaDevices = [
+ "lipwig" "binky" "errol" "ridcully" "spt-omnia"
+ ];
+ bigStorageDevices = [
+ "errol" "ridcully" "spt-omnia"
+ ];
+ filterDevice = folders: filterAttrs (n: v: any (d: d == hostName) v.devices) folders;
+
+in {
+
+ options = {
+ cynerd.syncthing = {
+
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "My personal Syncthing configuration";
+ };
+
+ baseDir = mkOption {
+ type = types.str;
+ default = "/home/cynerd";
+ description = "Base directory for all folders being synced.";
+ };
+
+ };
+ };
+
+ config = mkIf cnf.enable {
+ services.syncthing = {
+ enable = any (n: n == hostName) allDevices;
+ user = mkDefault "cynerd";
+ key = "/run/secrets/syncthing/key.pem";
+ cert = "/run/secrets/syncthing/cert.pem";
+
+ openDefaultPorts = true;
+
+ overrideFolders = true;
+ folders = filterDevice {
+ "${cnf.baseDir}/documents" = {
+ label = "Documents";
+ id = "documents";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/notes" = {
+ label = "Notes";
+ id = "notes";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/projects" = {
+ label = "Projects";
+ id = "projects";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/pictures" = {
+ label = "Pictures";
+ id = "pictures";
+ devices = mediaDevices;
+ ignorePerms = false;
+ };
+ # TODO phone-photos
+ "${cnf.baseDir}/music/primary" = {
+ label = "Music-primary";
+ id = "music-primary";
+ devices = mediaDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/music/secondary" = {
+ label = "Music-secondary";
+ id = "music-secondary";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/music/flac" = {
+ label = "Music-flac";
+ id = "music-flac";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ "${cnf.baseDir}/video" = {
+ label = "Video";
+ id = "video";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ };
+
+ overrideDevices = true;
+ devices = recursiveUpdate
+ (genAttrs allDevices (name: {
+ id = config.secrets.syncthingIDs."${name}";
+ }))
+ {
+ lipwig.addresses = ["tcp://cynerd.cz"];
+ };
+ # TODO phone
+ };
+ };
+
+}
diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix
new file mode 100644
index 0000000..af09155
--- /dev/null
+++ b/nixos/modules/wifi-client.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = {
+ cynerd.wifiClient = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable Wi-Fi client support";
+ };
+ };
+
+ config = mkIf config.cynerd.wifiClient {
+ networking.wireless = {
+ enable = true;
+ networks = config.secrets.wifiNetworks;
+ environmentFile = "/run/secrets/wifi.env";
+ userControlled.enable = true;
+ };
+ };
+}