phundrak/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: refactor system modules

Browse Source
This commit is contained in:
Lucien Cartier-Tilet
2025-07-05 00:02:39 +02:00
parent d054442c28
commit af1a606c1a
56 changed files with 549 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
hosts/alys/configuration.nix
View File

@@ -1,64 +1,41 @@
{
pkgs,
inputs,
...
}: {
{inputs, ...}: {
imports = [
./hardware-configuration.nix
./host.nix
inputs.home-manager.nixosModules.default
../../modules/locale.nix
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
../../system
];
zramSwap.enable = true;
# networking.domain = "phundrak.com";
system = {
amdgpu.enable = false;
boot = {
kernel = {
hardened = true;
cpuVendor = "amd";
};
kernel.hardened = true;
systemd-boot = false;
zfs.enable = false;
zram = {
enable = true;
memoryMax = 512;
};
};
dev.docker.enable = true;
networking = {
hostname = "alys";
domain = "phundrak.com";
id = "41157110";
firewall.openPorts = [
22
];
};
sound.enable = false;
packages.nix = {
gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
endlessh.enable = true;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
users = {
root.disablePassword = true;
phundrak = true;
phundrak.enable = true;
};
};
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = false;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# networking.hostName = "alys";
# users.users.root.openssh.authorizedKeys.keys = [
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+b7BE/gHrHVkqNVfHtp2r4OCUDdohst8hb3Bz5tYtx3gvXJQCB1rFc2hgQJf8FsVyQbidS64lnhU1rUIEbFhv7itT5FGGUnfJEYs64W30wKsnPSb5WXdFXzrNi8za48i2oNl9JA9Fj9k6isyvkTup89hB+ELbXIcfz3bM93WaAt2dIgKijXaAMAAA+tHhgWvlrHlvGlU9/KxY3ZOQSoEboPXd7TDyOf1672eAibYyb5h1HIewYZ+xv1X4dxx/c9Arh4K0s8scuB7XTQQkEbRUEYKD2YXKN83Z09jfMlMYuBAKKO8zU4CM2KTbL7kEVgNc/ArY+uCAakmC5+eS7LxMuOt86+Bi4gXTJ6o6dbfUbCGiq751ni8pg44YSfwYiI05vvZ08eIyNkowumD+X4GRW4tu0I3qK8TI7exeEeoQIwlSfLXlYHEdNB8Q3feLyhHMRkxXgUskbXwWIBexLzJyY40tyqQplZWbYGrUEmjxZ7FWmaV+o8ZjnU2GfJ8JoWyCnEYfRc6Z2ILdXNDRzZ9qYOwefMHtuaYaYYximL+zdVVrm4EZuOetmaJ6zblk4ebU3GZjYykB8DmCDFDZO9koKwzPazLKQl0OWzmQqgxVNg7Mg1NZbuRQgVAhKPelnqejaXbf2/IHAYBn5LDR1Jew5+srlstM9XuYG2whEOx84w== Lucien Cartier-Tilet <lucien@phundrak.com>"
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com"
# ];
system.stateVersion = "23.11";
}

3
hosts/alys/host.nix
View File

@@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [neofetch vim emacs];
}

95
hosts/gampo/configuration.nix
View File

@@ -7,55 +7,72 @@
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
./services
../../modules/opentablet.nix
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
# ./services
../../system
];
system = {
boot = {
plymouth.enable = true;
kernel = {
cpuVendor = "intel";
package = pkgs.linuxPackages;
modules = ["i915"];
};
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
hardware = {
bluetooth.enable = true;
corne.allowHidAccess = true;
ibmTrackpoint.disable = true;
opentablet.enable = true;
sound.enable = true;
};
misc.keymap = "fr-bepo";
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
packages = {
appimage.enable = true;
flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
ssh.enable = true;
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
boot.initrd.kernelModules = ["i915"];
system = {
boot.plymouth.enable = true;
docker = {
enable = true;
autoprune.enable = true;
podman.enable = true;
};
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
sound.enable = true;
};
modules = {
appimage.enable = true;
hyprland.enable = true;
};
security.rtkit.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
nix.settings.trusted-users = ["root" "phundrak"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database
# versions on your system were taken. Its perfectly fine and

6
hosts/gampo/services/default.nix
View File

@@ -1,7 +1,7 @@
{
imports = [
./gnome.nix
];
# imports = [
# ./gnome.nix
# ];
services = {
# Enable CUPS to print documents.

109
hosts/marpa/configuration.nix
View File

@@ -1,42 +1,48 @@
{
config,
pkgs,
inputs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./system/hardware-configuration.nix
./services
../../modules/opentablet.nix
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
../../system
];
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
security.polkit.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
system = {
amdgpu.enable = true;
boot.plymouth.enable = true;
docker = {
boot = {
extraModprobeConfig = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
plymouth.enable = true;
kernel.cpuVendor = "amd";
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
niri.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
hardware = {
amdgpu.enable = true;
bluetooth.enable = true;
corne.allowHidAccess = true;
opentablet.enable = true;
sound = {
enable = true;
jack = true;
scarlett.enable = true;
};
};
misc.keymap = "fr-bepo";
networking = {
hostname = "marpa";
id = "7EA4A111";
@@ -49,34 +55,45 @@
}
];
};
sound = {
enable = true;
jack = true;
packages = {
appimage.enable = true;
flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
printing.enable = true;
ssh.enable = true;
sunshine = {
enable = true;
autostart = true;
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
modules = {
appimage.enable = true;
hyprland.enable = true;
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
security.rtkit.enable = true;
security = {
polkit.enable = true;
rtkit.enable = true;
};
nix.settings.trusted-users = ["root" "phundrak"];
environment.systemPackages = with pkgs; [
clinfo # AMD
curl
openssl
wget
alsa-scarlett-gui
];
boot.extraModprobeConfig = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
programs.nix-ld.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

43
hosts/marpa/services/default.nix
View File

@@ -1,25 +1,24 @@
{
imports = [
./logind.nix
../../../modules/ssh.nix
../../../modules/sunshine.nix
../../../modules/xserver.nix
];
# imports = [
# ./logind.nix
# ../../../system
# ];
# imports = [
# ./logind.nix
# ../../../modules/ssh.nix
# ../../../modules/sunshine.nix
# ];
modules = {
sunshine = {
enable = true;
autostart = true;
};
xserver = {
amdgpu.enable = true;
de = "gnome";
};
};
services = {
blueman.enable = true;
fwupd.enable = true;
printing.enable = true;
openssh.enable = true;
};
# modules = {
# sunshine = {
# enable = true;
# autostart = true;
# };
# };
# services = {
# blueman.enable = true;
# fwupd.enable = true;
# printing.enable = true;
# openssh.enable = true;
# };
}

48
hosts/tilo/configuration.nix
View File

@@ -1,24 +1,15 @@
# Edit this configuration file to define what should be installed on your
# system. Help is available in the configuration.nix(5) man page and in
# the NixOS manual (accessible by running nixos-help).
{
pkgs,
inputs,
...
}: {
{inputs, ...}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../modules/locale.nix
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
../../system
./services
];
system = {
amdgpu.enable = false;
boot = {
kernel = {
hardened = true;
@@ -29,16 +20,15 @@
pools = ["tank"];
};
};
docker.enable = true;
dev.docker.enable = true;
misc.keymap = "fr-bepo";
networking = {
hostname = "tilo";
id = "7110b33f";
firewall = {
openPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
2222 # endlessh
25565 # Minecraft
];
extraCommands = ''
@@ -47,28 +37,24 @@
'';
};
};
nix.gc.automatic = true;
sound.enable = false;
packages.nix = {
gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
endlessh.enable = true;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
users = {
root.disablePassword = true;
phundrak = true;
phundrak.enable = true;
};
console.keyMap = "fr-bepo";
};
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = true;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave