ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2024-11-14 04:37:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use roles properly

Browse source 
Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.
This commit is contained in:
ItsDrike 2024-09-24 11:40:42 +02:00
parent c6c3ecb1e9
commit 00016063fe
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
27 changed files with 375 additions and 610 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
home/packages/cli/desktop.nix
View file

@ -1,15 +1,5 @@
{
osConfig,
lib,
pkgs,
...
}: let
inherit (lib) mkIf;
devType = osConfig.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem devType acceptedTypes) {
{pkgs, ...}: {
# TODO: Only apply this to workstations
home.packages = with pkgs; [
libnotify # send desktop notifications
imagemagick # create/edit images
@ -22,5 +12,4 @@ in {
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
};
}

11
hosts/default.nix
View file

@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need
shared = [
../system
../system/shared
../home
../options
];
workstationRole = ../system/roles/workstation;
laptopRole = ../system/roles/laptop;
uniRole = ../system/roles/uni;
in {
herugrim = lib.nixosSystem {
system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
]
++ shared;
};
@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
uniRole
]
++ shared;
};

6
hosts/voyager/default.nix
View file

@ -143,11 +143,7 @@
};
device = {
roles = {
type = "laptop";
virtual-machine = false;
isUniMachine = true;
};
roles.virtual-machine = false;
cpu.type = "amd";
gpu.type = "amd";
hasTPM = true;

42
options/device/roles.nix
View file

@ -1,49 +1,11 @@
{
lib,
config,
...
}: let
inherit (lib) mkOption types;
cfg = config.myOptions.device.roles;
{lib, ...}: let
inherit (lib) mkOption;
in {
options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
isUniMachine = mkOption {
type = lib.types.bool;
default = false;
description = ''
Should University specific configuration be applied?
(Things like University specific software, etc.)
'';
};
};
}

12
system/roles/default.nix
View file

@ -1,12 +0,0 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop
./uni
];
}

9
system/roles/laptop/power/acpi.nix
View file

@ -1,14 +1,8 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
}: {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [acpi];
@ -23,5 +17,4 @@ in {
cpupower
];
};
};
}

13
system/roles/laptop/power/default.nix
View file

@ -1,13 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
{pkgs, ...}: {
imports = [
./power-profiles-daemon
./upower.nix
@ -15,7 +6,7 @@ in {
./systemd.nix
];
config = mkIf (builtins.elem deviceType acceptedTypes) {
config = {
environment.systemPackages = with pkgs; [powertop];
};
}

6
system/roles/laptop/power/power-profiles-daemon/default.nix
View file

@ -1,16 +1,11 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# allows changing system behavior based upon user-selected power profiles
# (with `powerprofilesctl` command)
services.power-profiles-daemon.enable = true;
@ -39,5 +34,4 @@ in {
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
};
};
}

11
system/roles/laptop/power/upower.nix
View file

@ -1,14 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# DBus service that provides power management support to applications
upower = {
@ -19,5 +9,4 @@ in {
criticalPowerAction = "Hibernate";
};
};
};
}

10
system/roles/laptop/touchpad.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.libinput = {
# enable libinput
enable = true;
@ -28,5 +19,4 @@ in {
disableWhileTyping = true;
};
};
};
}

12
system/roles/uni/android.nix
View file

@ -1,13 +1,3 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (config.myOptions.device.roles) isUniMachine;
in {
config = mkIf isUniMachine {
{pkgs, ...}: {
environment.systemPackages = [pkgs.android-studio];
};
}

7
system/roles/workstation/display/login/greetd.nix
View file

@ -4,12 +4,9 @@
lib,
...
}: let
inherit (lib) mkIf getExe;
inherit (lib) getExe;
inherit (lib.strings) concatStringsSep;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,7 +43,6 @@
];
};
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.greetd = {
enable = true;
vt = 1;
@ -74,5 +70,4 @@ in {
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
};
}

10
system/roles/workstation/display/login/pam.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# unlock GPG keyring on login
security.pam.services = let
gnupg = {
@ -31,5 +22,4 @@ in {
inherit gnupg;
};
};
};
}

13
system/roles/workstation/fonts.nix
View file

@ -1,14 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
{pkgs, ...}: {
fonts = {
enableDefaultPackages = false;
@ -116,5 +106,4 @@ in {
# Tool for searching and previewing installed fonts
font-manager
];
};
}

10
system/roles/workstation/programs/misc.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
@ -24,5 +15,4 @@ in {
# registry for linux (thanks to Gnome)
dconf.enable = true;
};
};
}

10
system/roles/workstation/programs/physlock.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
@ -23,5 +14,4 @@ in {
hibernate = true;
};
};
};
}

4
system/roles/workstation/programs/steam.nix
View file

@ -5,10 +5,8 @@
}: let
inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.steam = {
enable = true;
remotePlay.openFirewall = false;

13
system/roles/workstation/programs/thunar.nix
View file

@ -1,14 +1,4 @@
{
lib,
pkgs,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
{pkgs, ...}: {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
@ -32,5 +22,4 @@ in {
# thumbnail support on thunar
services.tumbler.enable = true;
};
}

4
system/roles/workstation/programs/virtualbox.nix
View file

@ -6,10 +6,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
virtualisation.virtualbox.host = {
enable = true;

4
system/roles/workstation/programs/wireshark.nix
View file

@ -7,10 +7,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.wireshark = {
enable = true;
package = pkgs.wireshark;

10
system/roles/workstation/runners.nix
View file

@ -1,15 +1,8 @@
{
config,
pkgs,
lib,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
}: {
environment.systemPackages = [pkgs.appimage-run];
# run appimages with appimage-run
@ -53,5 +46,4 @@ in {
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
};
}

13
system/roles/workstation/services/earlyoom.nix
View file

@ -1,14 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
{pkgs, ...}: {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
@ -29,5 +19,4 @@ in {
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
};
}

13
system/roles/workstation/services/gnome-keyring.nix
View file

@ -1,14 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
{pkgs, ...}: {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
@ -21,5 +11,4 @@ in {
xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
};
}

10
system/roles/workstation/services/logind.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
@ -18,5 +9,4 @@ in {
HibernateDelaySec=3600
'';
};
};
}

11
system/roles/workstation/services/misc.nix
View file

@ -1,14 +1,4 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
@ -16,5 +6,4 @@ in {
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
};
}

12
system/roles/workstation/services/mount.nix
View file

@ -1,13 +1,4 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
{config, ...}: {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
@ -16,5 +7,4 @@ in {
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
};
}

4
system/roles/workstation/services/printing.nix
View file

@ -5,13 +5,11 @@
...
}: let
inherit (lib) mkIf optional;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username;
in {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
config = mkIf cfg.enable {
# enable cups and add some drivers for common printers
services = {
printing = {