diff --git a/docs/99_MY_FLAKE.md b/docs/99_MY_FLAKE.md index 8185030..aad3706 100644 --- a/docs/99_MY_FLAKE.md +++ b/docs/99_MY_FLAKE.md @@ -145,8 +145,12 @@ The resulting file should then look something like this: }; device = { - virtual-machine = false; + roles = { + type = "laptop"; + virtual-machine = false; + }; cpu.type = "intel"; + hasTPM = true; }; home-manager = { diff --git a/hosts/herugrim/default.nix b/hosts/herugrim/default.nix index 00b5a36..bc6f749 100644 --- a/hosts/herugrim/default.nix +++ b/hosts/herugrim/default.nix @@ -51,7 +51,10 @@ }; device = { - virtual-machine = false; + roles = { + type = "laptop"; + virtual-machine = false; + }; cpu.type = "intel"; hasTPM = true; }; diff --git a/hosts/vbox_nix/default.nix b/hosts/vbox_nix/default.nix index 5422f7f..1da37a6 100644 --- a/hosts/vbox_nix/default.nix +++ b/hosts/vbox_nix/default.nix @@ -24,6 +24,7 @@ username = "itsdrike"; }; device = { + type = "desktop"; virtual-machine = true; cpu.type = "amd"; }; diff --git a/options/default.nix b/options/default.nix index f7985c6..5385c36 100644 --- a/options/default.nix +++ b/options/default.nix @@ -3,5 +3,6 @@ _: { ./device ./home ./system + ./workstation ]; } diff --git a/options/device/default.nix b/options/device/default.nix index 863f6a5..f7762b3 100644 --- a/options/device/default.nix +++ b/options/device/default.nix @@ -1,5 +1,6 @@ -_: { +{ imports = [ ./hardware.nix + ./roles.nix ]; } diff --git a/options/device/hardware.nix b/options/device/hardware.nix index ac2d42a..3d86d37 100644 --- a/options/device/hardware.nix +++ b/options/device/hardware.nix @@ -14,12 +14,6 @@ in ''; }; - virtual-machine = mkOption { - type = lib.types.bool; - default = false; - description = "Is this system a virtual machine?"; - }; - hasTPM = mkOption { type = lib.types.bool; default = false; diff --git a/options/device/roles.nix b/options/device/roles.nix new file mode 100644 index 0000000..241f682 --- /dev/null +++ b/options/device/roles.nix @@ -0,0 +1,35 @@ +{ lib, config, ... }: let + inherit (lib) mkOption types; + + cfg = config.myOptions.device; +in { + options.myOptions.device.roles = { + type = mkOption { + type = types.enum ["laptop" "desktop" "server"]; + default = ""; + description = '' + The type/purpoes of the device that will be used within the rest of the configuration. + - laptop: portable devices with battery optimizations + - desktop: stationary devices configured for maximum performance + - server: server and infrastructure + ''; + }; + + virtual-machine = mkOption { + type = lib.types.bool; + default = false; + description = "Is this system a virtual machine?"; + }; + + isWorkstation = mkOption { + type = lib.types.bool; + default = builtins.elem cfg.type ["laptop" "desktop"]; + readOnly = true; + description = '' + Is this machine a workstation? + + Workstation machines are meant for regular day-to-day use. + ''; + }; + }; +} diff --git a/options/workstation/default.nix b/options/workstation/default.nix new file mode 100644 index 0000000..05c4c70 --- /dev/null +++ b/options/workstation/default.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: with lib; let + inherit (lib) mkEnableOption mkOption literalExpression types; + + cfg = config.myOptions.workstation; +in +{ + options.myOptions.workstation = { + printing = { + enable = mkEnableOption '' + printing support using cups. + + Also adds some drivers for common printers. + ''; + }; + }; +} diff --git a/system/default.nix b/system/default.nix index 2f3be58..6c2870d 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,5 +1,6 @@ { imports = [ ./shared + ./roles ]; } diff --git a/system/roles/default.nix b/system/roles/default.nix new file mode 100644 index 0000000..cf4b423 --- /dev/null +++ b/system/roles/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./workstation + ]; +} diff --git a/system/roles/workstation/default.nix b/system/roles/workstation/default.nix new file mode 100644 index 0000000..54b31e5 --- /dev/null +++ b/system/roles/workstation/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./services + ./programs + ./fonts.nix + ]; +} diff --git a/system/roles/workstation/fonts.nix b/system/roles/workstation/fonts.nix new file mode 100644 index 0000000..520c031 --- /dev/null +++ b/system/roles/workstation/fonts.nix @@ -0,0 +1,93 @@ +{pkgs, ...}: { + fonts = { + enableDefaultPackages = false; + + fontconfig = { + defaultFonts = let + common = [ + "Iosevka Nerd Font" + "Symbols Nerd Font" + "Noto Color Emoji" + ]; + in { + monospace = [ + "Source Code Pro Medium" + "Source Han Mono" + ] + ++ common; + + sansSerif = [ + "Lexend" + ] + ++ common; + + serif = [ + "Noto Serif" + ] + ++ common; + + emoji = [ + "Noto Color Emoji" + ] + ++ common; + }; + }; + + fontDir = { + enable = true; + decompressFonts = true; + }; + + packages = with pkgs; [ + # programming fonts + sarasa-gothic + source-code-pro + + # desktop fonts + corefonts # MS fonts + b612 # high legibility + material-icons + material-design-icons + roboto + work-sans + comic-neue + source-sans + inter + lato + lexend + dejavu_fonts + noto-fonts + noto-fonts-cjk + + # emojis + noto-fonts-color-emoji + twemoji-color-font + openmoji-color + openmoji-black + font-awesome + + # defaults worth keeping + dejavu_fonts + freefont_ttf + gyre-fonts + liberation_ttf + unifont + + # specific nerd fonts only + # (installing all nerd fonts is slow and takes gigabytes) + # see: + # for all available fonts + (nerdfonts.override { + fonts = [ + "JetBrainsMono" + "Iosevka" + "NerdFontsSymbolsOnly" + "FiraCode" + "FiraMono" + "Hack" + "HeavyData" + ]; + }) + ]; + }; +} diff --git a/system/roles/workstation/programs/default.nix b/system/roles/workstation/programs/default.nix new file mode 100644 index 0000000..5ad52c9 --- /dev/null +++ b/system/roles/workstation/programs/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./misc.nix + ]; +} diff --git a/system/roles/workstation/programs/misc.nix b/system/roles/workstation/programs/misc.nix new file mode 100644 index 0000000..2283bab --- /dev/null +++ b/system/roles/workstation/programs/misc.nix @@ -0,0 +1,15 @@ +{ + programs = { + # allow non-root users to mount fuse filesystems with allow_other + fuse.userAllowOther = true; + + # show network usage + bandwhich.enable = true; + + # network inspection utility + wireshark.enable = true; + + # gnome's keyring manager + seahorse.enable = true; + }; +} diff --git a/system/roles/workstation/services/default.nix b/system/roles/workstation/services/default.nix new file mode 100644 index 0000000..a68d854 --- /dev/null +++ b/system/roles/workstation/services/default.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./earlyoom.nix + ./mount.nix + ./printing.nix + ]; +} + diff --git a/system/roles/workstation/services/earlyoom.nix b/system/roles/workstation/services/earlyoom.nix new file mode 100644 index 0000000..d934c3f --- /dev/null +++ b/system/roles/workstation/services/earlyoom.nix @@ -0,0 +1,22 @@ +{pkgs, ...}: { + # https://dataswamp.org/~solene/2022-09-28-earlyoom.html + # avoid the linux kernel locking itself when we're putting too much strain on the memory + # this helps avoid having to shut down forcefully when we OOM + services.earlyoom = { + enable = true; + enableNotifications = true; # annoying, but we want to know what's killed + freeSwapThreshold = 2; + freeMemThreshold = 2; + extraArgs = [ + "-g" # kill all processes within a process group + "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill + "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently + ]; + + # we should ideally write the logs into a designated log file; or even better, to the journal + # for now we can hope this echo sends the log to somewhere we can observe later + killHook = pkgs.writeShellScript "earlyoom-kill-hook" '' + echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" + ''; + }; +} diff --git a/system/roles/workstation/services/mount.nix b/system/roles/workstation/services/mount.nix new file mode 100644 index 0000000..e4a6da0 --- /dev/null +++ b/system/roles/workstation/services/mount.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + services = { + # enable GVfs, a userspace virtual filesystem + # (allows viewing ftp,sftp,... directly from the file manager) + gvfs.enable = true; + + # Storage daemon required for udiskie auto-mount + udisks2.enable = !config.boot.isContainer; + }; +} diff --git a/system/roles/workstation/services/printing.nix b/system/roles/workstation/services/printing.nix new file mode 100644 index 0000000..2148fe4 --- /dev/null +++ b/system/roles/workstation/services/printing.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf; + + cfg = config.myOptions.workstation.printing; +in { + config = mkIf cfg.enable { + # enable cups and add some drivers for common printers + services = { + printing = { + enable = true; + drivers = with pkgs; [ + gutenprint + hplip + ]; + }; + + # required for network discovery of printers + avahi = { + enable = true; + # resolve .local domains for printers + nssmdns4 = true; + # open the avahi port(s) in the firewall + openFirewall = true; + }; + }; + }; +}