diff --git a/nixos/homeserver.nix b/nixos/homeserver.nix index cb4575b..117de92 100644 --- a/nixos/homeserver.nix +++ b/nixos/homeserver.nix @@ -9,8 +9,13 @@ imports = [ ./core.nix ./homeserver/hardware-configuration.nix + ./homeserver/packages.nix + ./homeserver/programs.nix + ./homeserver/services.nix ./homeserver/filesystems.nix ./homeserver/firewall.nix + ./homeserver/virtualisation.nix + ./homeserver/environment.nix ]; # Allow unfree packages @@ -59,34 +64,6 @@ ''; }; - environment.etc = - lib.mapAttrs' - (name: value: { - name = "nix/path/${name}"; - value.source = value.flake; - }) - config.nix.registry - // { - "justfile" = { - text = '' - default: - @just -g --list - - update-root: - if `/usr/bin/env grep -Rq "nixos" /etc/*-release`; then \ - nixos-rebuild switch --flake /home/cianh/.config/nix/#$HOSTNAME; \ - fi - ''; - mode = "0644"; - }; - "root_gitconfig" = { - text = '' - [safe] - directory = /home/cianh/.config/nix - ''; - }; - }; - system.activationScripts.linkRootJustfile = { text = '' ln -sf /etc/justfile /root/.justfile @@ -120,71 +97,6 @@ }; }; - # $ nix search wget - environment.systemPackages = [ - pkgs.pinentry-tty - ]; - - # Enable the OpenSSH daemon and other remote tools. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - extraConfig = "UsePAM yes"; - }; - # Modify the SSH service to prioritise because server is headless - systemd.services.sshd = { - requires = []; # Remove any non-essential dependencies - after = ["network.target"]; # Only need to wait for networking (obviously) - serviceConfig = { - # If SSH dies, we want to restart it asap - Restart = "always"; - RestartSec = "3"; - StartLimitIntervalSec = "0"; - # The CPU should never be too busy to respond to SSH - CPUSchedulingPolicy = "rr"; - CPUSchedulingPriority = "99"; - IOSchedulingClass = "realtime"; - IOSchedulingPriority = "0"; - # Finally, if the system hits an OOM, for the love of god dont kill SSH until last - OOMScoreAdjust = "-1000"; - }; - }; - - # Add custom services - systemd.services.pueued = { - enable = true; - description = "Pueue Daemon - CLI process scheduler and manager"; - wantedBy = ["default.target"]; - serviceConfig = { - Restart = "no"; - ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv"; - }; - }; - - # Enable GPG signing - services.pcscd.enable = true; - programs.gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-tty; - enableSSHSupport = true; - }; - - virtualisation = { - containers.enable = true; - - podman = { - enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - dockerSocket.enable = true; - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - }; - system = { stateVersion = "24.11"; # Did you read the comment? autoUpgrade.enable = true; diff --git a/nixos/homeserver/environment.nix b/nixos/homeserver/environment.nix new file mode 100644 index 0000000..07dc678 --- /dev/null +++ b/nixos/homeserver/environment.nix @@ -0,0 +1,39 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + environment.etc = + lib.mapAttrs' + (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) + config.nix.registry + // { + "justfile" = { + text = '' + default: + @just -g --list + + update-root: + if `/usr/bin/env grep -Rq "nixos" /etc/*-release`; then \ + nixos-rebuild switch --flake /home/cianh/.config/nix/#$HOSTNAME; \ + fi + ''; + mode = "0644"; + }; + "root_gitconfig" = { + text = '' + [safe] + directory = /home/cianh/.config/nix + ''; + }; + }; + environment.systemPackages = [ + pkgs.pinentry-tty + ]; +} diff --git a/nixos/homeserver/packages.nix b/nixos/homeserver/packages.nix new file mode 100644 index 0000000..bf66b6c --- /dev/null +++ b/nixos/homeserver/packages.nix @@ -0,0 +1,9 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { +} diff --git a/nixos/homeserver/programs.nix b/nixos/homeserver/programs.nix new file mode 100644 index 0000000..09e5cfd --- /dev/null +++ b/nixos/homeserver/programs.nix @@ -0,0 +1,14 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-tty; + enableSSHSupport = true; + }; +} diff --git a/nixos/homeserver/services.nix b/nixos/homeserver/services.nix new file mode 100644 index 0000000..a96187b --- /dev/null +++ b/nixos/homeserver/services.nix @@ -0,0 +1,51 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + services = { + # Enable the OpenSSH daemon and other remote tools. + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + extraConfig = "UsePAM yes"; + # Enable GPG signing + pcscd.enable = true; + }; + }; + # Modify the SSH service to prioritise because server is headless + systemd.services.sshd = { + requires = []; # Remove any non-essential dependencies + after = ["network.target"]; # Only need to wait for networking (obviously) + serviceConfig = { + # If SSH dies, we want to restart it asap + Restart = "always"; + RestartSec = "3"; + StartLimitIntervalSec = "0"; + # The CPU should never be too busy to respond to SSH + CPUSchedulingPolicy = "rr"; + CPUSchedulingPriority = "99"; + IOSchedulingClass = "realtime"; + IOSchedulingPriority = "0"; + # Finally, if the system hits an OOM, for the love of god dont kill SSH until last + OOMScoreAdjust = "-1000"; + }; + }; + + # Add custom services + systemd.services.pueued = { + enable = true; + description = "Pueue Daemon - CLI process scheduler and manager"; + wantedBy = ["default.target"]; + serviceConfig = { + Restart = "no"; + ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv"; + }; + }; +} diff --git a/nixos/homeserver/virtualisation.nix b/nixos/homeserver/virtualisation.nix new file mode 100644 index 0000000..3db6643 --- /dev/null +++ b/nixos/homeserver/virtualisation.nix @@ -0,0 +1,21 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + virtualisation = { + containers.enable = true; + + podman = { + enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + dockerSocket.enable = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; +} diff --git a/nixos/worklaptop.nix b/nixos/worklaptop.nix index 9b3d1a8..cc3a4b8 100644 --- a/nixos/worklaptop.nix +++ b/nixos/worklaptop.nix @@ -9,6 +9,11 @@ imports = [ ./core.nix ./worklaptop/hardware-configuration.nix + ./worklaptop/packages.nix + ./worklaptop/programs.nix + ./worklaptop/services.nix + ./worklaptop/virtualisation.nix + ./worklaptop/environment.nix ./worklaptop/theming.nix ]; @@ -47,11 +52,6 @@ }; }; hardware.nvidia-container-toolkit.enable = true; - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; - NIXOS_OZONE_WL = "1"; - ELECTRON_OZONE_PLATFORM_HINT = "wayland"; - }; # Bootloader. boot = { @@ -109,47 +109,11 @@ ''; }; - environment.etc = - lib.mapAttrs' - (name: value: { - name = "nix/path/${name}"; - value.source = value.flake; - }) - config.nix.registry; - - # Load nvidia driver for Xorg and Wayland - services = { - xserver = { - videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc. - enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = false; - xkb = { - layout = "ie"; - variant = ""; - }; - }; - }; - # Configure console keymap console.keyMap = "ie"; - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; users.users.cianh = { isNormalUser = true; @@ -172,67 +136,7 @@ chmod 0444 /var/lib/AccountsService/icons/cianh ''; - # $ nix search wget - environment.systemPackages = [ - pkgs.flatpak - pkgs.gdm - pkgs.grub2_efi - pkgs.hyprland - pkgs.hyprlock - pkgs.hyprpaper - pkgs.hyprpicker - pkgs.hyprshot - pkgs.mosh - pkgs.nix-ld - pkgs.nmap - pkgs.nodejs - pkgs.phinger-cursors - pkgs.pinentry-gnome3 - pkgs.qmk - pkgs.qmk-udev-rules - pkgs.qmk_hid - pkgs.seahorse - pkgs.sway # More stable, backup DE - pkgs.wayland - pkgs.wayland-utils - pkgs.xdg-desktop-portal-gtk - pkgs.xdg-desktop-portal-hyprland - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-xapp - pkgs.xfce.thunar - pkgs.xfce.tumbler - unstablePkgs.ghostty - unstablePkgs.libnotify - unstablePkgs.ruff - unstablePkgs.swaynotificationcenter - unstablePkgs.uv - unstablePkgs.waybar - unstablePkgs.wofi - ]; - hardware.keyboard.qmk.enable = true; - - # Activate DEs - programs.hyprland = { - enable = true; - xwayland.enable = true; - }; - programs.sway = { - enable = true; - extraOptions = ["--unsupported-gpu"]; - }; - programs.waybar.enable = true; - - # Enable my preferred DE utilities - programs.thunar.enable = true; - programs.thunar.plugins = [ - pkgs.xfce.thunar-volman - pkgs.xfce.thunar-archive-plugin - pkgs.xfce.thunar-media-tags-plugin - ]; - services.gvfs.enable = true; - services.tumbler.enable = true; - programs.xfconf.enable = true; xdg.portal = { enable = true; wlr.enable = true; @@ -242,86 +146,6 @@ ]; }; - # Disable automatically activated programs i dont want - programs.foot.enable = false; - - # Lets also activate some handy devenv tools - programs.direnv.enable = true; - programs.direnv.nix-direnv.enable = true; - programs.nix-ld = { - enable = true; - libraries = [ - pkgs.acl - pkgs.alsa-lib - pkgs.at-spi2-core - pkgs.attr - pkgs.bzip2 - pkgs.curl - pkgs.dbus - pkgs.expat - pkgs.glib - pkgs.libsodium - pkgs.libssh - pkgs.libxml2 - pkgs.nspr - pkgs.nss - pkgs.openssl - pkgs.pango - pkgs.stdenv.cc - pkgs.systemd - pkgs.util-linux - pkgs.vulkan-loader - pkgs.xz - pkgs.zlib - pkgs.zstd - ]; - }; - - # Enable flatpaks - services.flatpak.enable = true; - - # Enable the OpenSSH daemon and other remote tools. - services.openssh.enable = true; - programs.mosh.enable = true; - - # Add custom services - systemd.services.pueued = { - enable = true; - description = "Pueue Daemon - CLI process scheduler and manager"; - wantedBy = ["default.target"]; - serviceConfig = { - Restart = "no"; - ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv"; - }; - }; - - # Enable GPG signing - services.gnome.gnome-keyring.enable = true; - programs.seahorse.enable = true; # enable the graphical frontend - security.pam.services.gdm.enableGnomeKeyring = true; # load gnome-keyring at startup - services.pcscd.enable = true; - programs.gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-gnome3; - enableSSHSupport = true; - }; - - virtualisation = { - containers.enable = true; - - podman = { - enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - dockerSocket.enable = true; - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - - libvirtd.enable = true; - }; - programs.virt-manager.enable = true; - system = { stateVersion = "23.11"; # Did you read the comment? autoUpgrade.enable = true; diff --git a/nixos/worklaptop/environment.nix b/nixos/worklaptop/environment.nix new file mode 100644 index 0000000..2f21674 --- /dev/null +++ b/nixos/worklaptop/environment.nix @@ -0,0 +1,23 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + environment = { + sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + NIXOS_OZONE_WL = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "wayland"; + }; + etc = + lib.mapAttrs' + (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) + config.nix.registry; + }; +} diff --git a/nixos/worklaptop/packages.nix b/nixos/worklaptop/packages.nix new file mode 100644 index 0000000..26e1b70 --- /dev/null +++ b/nixos/worklaptop/packages.nix @@ -0,0 +1,45 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + environment.systemPackages = [ + pkgs.flatpak + pkgs.gdm + pkgs.grub2_efi + pkgs.hyprland + pkgs.hyprlock + pkgs.hyprpaper + pkgs.hyprpicker + pkgs.hyprshot + pkgs.mosh + pkgs.nix-ld + pkgs.nmap + pkgs.nodejs + pkgs.phinger-cursors + pkgs.pinentry-gnome3 + pkgs.qmk + pkgs.qmk-udev-rules + pkgs.qmk_hid + pkgs.seahorse + pkgs.sway # More stable, backup DE + pkgs.wayland + pkgs.wayland-utils + pkgs.xdg-desktop-portal-gtk + pkgs.xdg-desktop-portal-hyprland + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-xapp + pkgs.xfce.thunar + pkgs.xfce.tumbler + unstablePkgs.ghostty + unstablePkgs.libnotify + unstablePkgs.ruff + unstablePkgs.swaynotificationcenter + unstablePkgs.uv + unstablePkgs.waybar + unstablePkgs.wofi + ]; +} diff --git a/nixos/worklaptop/programs.nix b/nixos/worklaptop/programs.nix new file mode 100644 index 0000000..98ca1e4 --- /dev/null +++ b/nixos/worklaptop/programs.nix @@ -0,0 +1,73 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + # Activate DEs + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + programs.sway = { + enable = true; + extraOptions = ["--unsupported-gpu"]; + }; + programs.waybar.enable = true; + + # Enable my preferred DE utilities + programs.thunar.enable = true; + programs.thunar.plugins = [ + pkgs.xfce.thunar-volman + pkgs.xfce.thunar-archive-plugin + pkgs.xfce.thunar-media-tags-plugin + ]; + programs.xfconf.enable = true; + + # Disable automatically activated programs i dont want + programs.foot.enable = false; + + # Lets also activate some handy devenv tools + programs.direnv.enable = true; + programs.direnv.nix-direnv.enable = true; + programs.nix-ld = { + enable = true; + libraries = [ + pkgs.acl + pkgs.alsa-lib + pkgs.at-spi2-core + pkgs.attr + pkgs.bzip2 + pkgs.curl + pkgs.dbus + pkgs.expat + pkgs.glib + pkgs.libsodium + pkgs.libssh + pkgs.libxml2 + pkgs.nspr + pkgs.nss + pkgs.openssl + pkgs.pango + pkgs.stdenv.cc + pkgs.systemd + pkgs.util-linux + pkgs.vulkan-loader + pkgs.xz + pkgs.zlib + pkgs.zstd + ]; + }; + + programs.mosh.enable = true; + + programs.seahorse.enable = true; # enable the graphical frontend + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-gnome3; + enableSSHSupport = true; + }; + programs.virt-manager.enable = true; +} diff --git a/nixos/worklaptop/services.nix b/nixos/worklaptop/services.nix new file mode 100644 index 0000000..f3620ba --- /dev/null +++ b/nixos/worklaptop/services.nix @@ -0,0 +1,53 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + services = { + xserver = { + videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc. + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = false; + xkb = { + layout = "ie"; + variant = ""; + }; + }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + gvfs.enable = true; + tumbler.enable = true; + + # Enable flatpaks + flatpak.enable = true; + + # Enable the OpenSSH daemon and other remote tools. + openssh.enable = true; + + gnome.gnome-keyring.enable = true; + pcscd.enable = true; + }; + + # Add custom services + systemd.services.pueued = { + enable = true; + description = "Pueue Daemon - CLI process scheduler and manager"; + wantedBy = ["default.target"]; + serviceConfig = { + Restart = "no"; + ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv"; + }; + }; + + # Enable GPG signing + security.pam.services.gdm.enableGnomeKeyring = true; # load gnome-keyring at startup +} diff --git a/nixos/worklaptop/virtualisation.nix b/nixos/worklaptop/virtualisation.nix new file mode 100644 index 0000000..393b849 --- /dev/null +++ b/nixos/worklaptop/virtualisation.nix @@ -0,0 +1,23 @@ +{ + inputs, + lib, + config, + pkgs, + unstablePkgs, + ... +}: { + virtualisation = { + containers.enable = true; + + podman = { + enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + dockerSocket.enable = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + + libvirtd.enable = true; + }; +}