Add workstation-specific settings

This commit is contained in:
ItsDrike 2024-04-13 20:10:01 +02:00
parent fca6296841
commit 27b0d375f2
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
18 changed files with 258 additions and 9 deletions

View file

@ -145,8 +145,12 @@ The resulting file should then look something like this:
}; };
device = { device = {
roles = {
type = "laptop";
virtual-machine = false; virtual-machine = false;
};
cpu.type = "intel"; cpu.type = "intel";
hasTPM = true;
}; };
home-manager = { home-manager = {

View file

@ -51,7 +51,10 @@
}; };
device = { device = {
roles = {
type = "laptop";
virtual-machine = false; virtual-machine = false;
};
cpu.type = "intel"; cpu.type = "intel";
hasTPM = true; hasTPM = true;
}; };

View file

@ -24,6 +24,7 @@
username = "itsdrike"; username = "itsdrike";
}; };
device = { device = {
type = "desktop";
virtual-machine = true; virtual-machine = true;
cpu.type = "amd"; cpu.type = "amd";
}; };

View file

@ -3,5 +3,6 @@ _: {
./device ./device
./home ./home
./system ./system
./workstation
]; ];
} }

View file

@ -1,5 +1,6 @@
_: { {
imports = [ imports = [
./hardware.nix ./hardware.nix
./roles.nix
]; ];
} }

View file

@ -14,12 +14,6 @@ in
''; '';
}; };
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
hasTPM = mkOption { hasTPM = mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;

35
options/device/roles.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, config, ... }: let
inherit (lib) mkOption types;
cfg = config.myOptions.device;
in {
options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
};
}

View file

@ -0,0 +1,16 @@
{ lib, config, ... }: with lib; let
inherit (lib) mkEnableOption mkOption literalExpression types;
cfg = config.myOptions.workstation;
in
{
options.myOptions.workstation = {
printing = {
enable = mkEnableOption ''
printing support using cups.
Also adds some drivers for common printers.
'';
};
};
}

View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./shared ./shared
./roles
]; ];
} }

5
system/roles/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./workstation
];
}

View file

@ -0,0 +1,7 @@
{
imports = [
./services
./programs
./fonts.nix
];
}

View file

@ -0,0 +1,93 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = false;
fontconfig = {
defaultFonts = let
common = [
"Iosevka Nerd Font"
"Symbols Nerd Font"
"Noto Color Emoji"
];
in {
monospace = [
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif = [
"Lexend"
]
++ common;
serif = [
"Noto Serif"
]
++ common;
emoji = [
"Noto Color Emoji"
]
++ common;
};
};
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
];
})
];
};
}

View file

@ -0,0 +1,5 @@
{
imports = [
./misc.nix
];
}

View file

@ -0,0 +1,15 @@
{
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage
bandwhich.enable = true;
# network inspection utility
wireshark.enable = true;
# gnome's keyring manager
seahorse.enable = true;
};
}

View file

@ -0,0 +1,8 @@
{
imports = [
./earlyoom.nix
./mount.nix
./printing.nix
];
}

View file

@ -0,0 +1,22 @@
{pkgs, ...}: {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
}

View file

@ -0,0 +1,11 @@
{ config, ... }:
{
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
}

View file

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }: let
inherit (lib) mkIf;
cfg = config.myOptions.workstation.printing;
in {
config = mkIf cfg.enable {
# enable cups and add some drivers for common printers
services = {
printing = {
enable = true;
drivers = with pkgs; [
gutenprint
hplip
];
};
# required for network discovery of printers
avahi = {
enable = true;
# resolve .local domains for printers
nssmdns4 = true;
# open the avahi port(s) in the firewall
openFirewall = true;
};
};
};
}