mirror of
https://github.com/ItsDrike/nixdots
synced 2024-12-25 06:04:33 +00:00
Use roles properly
Originally, I was including all role configurations for all hosts, and controlling which get applied in the role configs with a check in each file. This is a very repetetive and annoying approach. Instead, now the role directory is included manually from the hosts config for devices which meet that role, removing the role options.
This commit is contained in:
parent
c6c3ecb1e9
commit
00016063fe
|
@ -1,15 +1,5 @@
|
|||
{
|
||||
osConfig,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
devType = osConfig.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem devType acceptedTypes) {
|
||||
{pkgs, ...}: {
|
||||
# TODO: Only apply this to workstations
|
||||
home.packages = with pkgs; [
|
||||
libnotify # send desktop notifications
|
||||
imagemagick # create/edit images
|
||||
|
@ -22,5 +12,4 @@ in {
|
|||
glow # render markdown
|
||||
ffmpeg # record, convert and stream audio and video
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,10 +4,14 @@
|
|||
|
||||
# A list of shared modules that ALL systems need
|
||||
shared = [
|
||||
../system
|
||||
../system/shared
|
||||
../home
|
||||
../options
|
||||
];
|
||||
|
||||
workstationRole = ../system/roles/workstation;
|
||||
laptopRole = ../system/roles/laptop;
|
||||
uniRole = ../system/roles/uni;
|
||||
in {
|
||||
herugrim = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
@ -18,6 +22,8 @@ in {
|
|||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
workstationRole
|
||||
laptopRole
|
||||
]
|
||||
++ shared;
|
||||
};
|
||||
|
@ -31,6 +37,9 @@ in {
|
|||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
workstationRole
|
||||
laptopRole
|
||||
uniRole
|
||||
]
|
||||
++ shared;
|
||||
};
|
||||
|
|
|
@ -143,11 +143,7 @@
|
|||
};
|
||||
|
||||
device = {
|
||||
roles = {
|
||||
type = "laptop";
|
||||
virtual-machine = false;
|
||||
isUniMachine = true;
|
||||
};
|
||||
roles.virtual-machine = false;
|
||||
cpu.type = "amd";
|
||||
gpu.type = "amd";
|
||||
hasTPM = true;
|
||||
|
|
|
@ -1,49 +1,11 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkOption types;
|
||||
|
||||
cfg = config.myOptions.device.roles;
|
||||
{lib, ...}: let
|
||||
inherit (lib) mkOption;
|
||||
in {
|
||||
options.myOptions.device.roles = {
|
||||
type = mkOption {
|
||||
type = types.enum ["laptop" "desktop" "server"];
|
||||
default = "";
|
||||
description = ''
|
||||
The type/purpoes of the device that will be used within the rest of the configuration.
|
||||
- laptop: portable devices with battery optimizations
|
||||
- desktop: stationary devices configured for maximum performance
|
||||
- server: server and infrastructure
|
||||
'';
|
||||
};
|
||||
|
||||
virtual-machine = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "Is this system a virtual machine?";
|
||||
};
|
||||
|
||||
isWorkstation = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = builtins.elem cfg.type ["laptop" "desktop"];
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Is this machine a workstation?
|
||||
|
||||
Workstation machines are meant for regular day-to-day use.
|
||||
'';
|
||||
};
|
||||
|
||||
isUniMachine = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Should University specific configuration be applied?
|
||||
|
||||
(Things like University specific software, etc.)
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
{
|
||||
# We import all of the roles here, with the type checks being handled
|
||||
# in the individual files each time. This is a bit ugly, but necessary
|
||||
# as NixOS doesn't support optional imports, due to circual imports
|
||||
# (there might be a change of the config value inside one of the
|
||||
# imported files).
|
||||
imports = [
|
||||
./workstation
|
||||
./laptop
|
||||
./uni
|
||||
];
|
||||
}
|
|
@ -1,14 +1,8 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
}: {
|
||||
hardware.acpilight.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [acpi];
|
||||
|
@ -23,5 +17,4 @@ in {
|
|||
cpupower
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop"];
|
||||
in {
|
||||
{pkgs, ...}: {
|
||||
imports = [
|
||||
./power-profiles-daemon
|
||||
./upower.nix
|
||||
|
@ -15,7 +6,7 @@ in {
|
|||
./systemd.nix
|
||||
];
|
||||
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
config = {
|
||||
environment.systemPackages = with pkgs; [powertop];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,16 +1,11 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib.modules) mkForce;
|
||||
inherit (lib.strings) makeBinPath;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
# allows changing system behavior based upon user-selected power profiles
|
||||
# (with `powerprofilesctl` command)
|
||||
services.power-profiles-daemon.enable = true;
|
||||
|
@ -39,5 +34,4 @@ in {
|
|||
wants = ["power-profiles-daemon.service"];
|
||||
wantedBy = ["default.target"];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
services = {
|
||||
# DBus service that provides power management support to applications
|
||||
upower = {
|
||||
|
@ -19,5 +9,4 @@ in {
|
|||
criticalPowerAction = "Hibernate";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
services.libinput = {
|
||||
# enable libinput
|
||||
enable = true;
|
||||
|
@ -28,5 +19,4 @@ in {
|
|||
disableWhileTyping = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,3 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
inherit (config.myOptions.device.roles) isUniMachine;
|
||||
in {
|
||||
config = mkIf isUniMachine {
|
||||
{pkgs, ...}: {
|
||||
environment.systemPackages = [pkgs.android-studio];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,12 +4,9 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf getExe;
|
||||
inherit (lib) getExe;
|
||||
inherit (lib.strings) concatStringsSep;
|
||||
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
|
||||
greetingMsg = "'Access is restricted to authorized personnel only.'";
|
||||
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
|
||||
|
||||
|
@ -46,7 +43,6 @@
|
|||
];
|
||||
};
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
vt = 1;
|
||||
|
@ -74,5 +70,4 @@ in {
|
|||
|
||||
# Persist info about previous session & user
|
||||
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
# unlock GPG keyring on login
|
||||
security.pam.services = let
|
||||
gnupg = {
|
||||
|
@ -31,5 +22,4 @@ in {
|
|||
inherit gnupg;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
{pkgs, ...}: {
|
||||
fonts = {
|
||||
enableDefaultPackages = false;
|
||||
|
||||
|
@ -116,5 +106,4 @@ in {
|
|||
# Tool for searching and previewing installed fonts
|
||||
font-manager
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
programs = {
|
||||
# allow non-root users to mount fuse filesystems with allow_other
|
||||
fuse.userAllowOther = true;
|
||||
|
@ -24,5 +15,4 @@ in {
|
|||
# registry for linux (thanks to Gnome)
|
||||
dconf.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
# Screen locker which works across all virtual terminals
|
||||
# Use `systemctl start physlock` to securely lock the screen
|
||||
services.physlock = {
|
||||
|
@ -23,5 +14,4 @@ in {
|
|||
hibernate = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,10 +5,8 @@
|
|||
}: let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.myOptions.home-manager.programs.games.steam;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = false;
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
{pkgs, ...}: {
|
||||
# Unconditionally enable thunar file manager here as a relatively
|
||||
# lightweight fallback option for my default file manager.
|
||||
programs.thunar = {
|
||||
|
@ -32,5 +22,4 @@ in {
|
|||
|
||||
# thumbnail support on thunar
|
||||
services.tumbler.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,10 +6,8 @@
|
|||
inherit (lib) mkIf;
|
||||
cfgUser = config.myOptions.system.username;
|
||||
cfg = config.myOptions.home-manager.programs.applications.virtualbox;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
virtualisation.virtualbox.host = {
|
||||
enable = true;
|
||||
|
||||
|
|
|
@ -7,10 +7,8 @@
|
|||
inherit (lib) mkIf;
|
||||
cfgUser = config.myOptions.system.username;
|
||||
cfg = config.myOptions.home-manager.programs.applications.wireshark;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
programs.wireshark = {
|
||||
enable = true;
|
||||
package = pkgs.wireshark;
|
||||
|
|
|
@ -1,15 +1,8 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
}: {
|
||||
environment.systemPackages = [pkgs.appimage-run];
|
||||
|
||||
# run appimages with appimage-run
|
||||
|
@ -53,5 +46,4 @@ in {
|
|||
# symlink there for compatibility.
|
||||
# - For example the rye installed python binaries look there
|
||||
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
{pkgs, ...}: {
|
||||
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
|
||||
# avoid the linux kernel locking itself when we're putting too much strain on the memory
|
||||
# this helps avoid having to shut down forcefully when we OOM
|
||||
|
@ -29,5 +19,4 @@ in {
|
|||
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
{pkgs, ...}: {
|
||||
services = {
|
||||
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
|
||||
gnome.gnome-keyring.enable = true;
|
||||
|
@ -21,5 +11,4 @@ in {
|
|||
xdg.portal.config.common = {
|
||||
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
# despite being under logind, this has nothing to do with login
|
||||
# it's about power management
|
||||
services.logind = {
|
||||
|
@ -18,5 +9,4 @@ in {
|
|||
HibernateDelaySec=3600
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,4 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
services = {
|
||||
# enable GVfs - a userspace virtual filesystem
|
||||
gvfs.enable = true;
|
||||
|
@ -16,5 +6,4 @@ in {
|
|||
# storage daemon required for udiskie auto-mount
|
||||
udisks2.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,4 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes) {
|
||||
{config, ...}: {
|
||||
services = {
|
||||
# enable GVfs, a userspace virtual filesystem
|
||||
# (allows viewing ftp,sftp,... directly from the file manager)
|
||||
|
@ -16,5 +7,4 @@ in {
|
|||
# Storage daemon required for udiskie auto-mount
|
||||
udisks2.enable = !config.boot.isContainer;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,13 +5,11 @@
|
|||
...
|
||||
}: let
|
||||
inherit (lib) mkIf optional;
|
||||
deviceType = config.myOptions.device.roles.type;
|
||||
acceptedTypes = ["laptop" "desktop"];
|
||||
|
||||
cfg = config.myOptions.workstation.printing;
|
||||
cfgUser = config.myOptions.system.username;
|
||||
in {
|
||||
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
# enable cups and add some drivers for common printers
|
||||
services = {
|
||||
printing = {
|
||||
|
|
Loading…
Reference in a new issue