From 8dc12c0ae77b1b025da0c145ffd590fa53b7c89c Mon Sep 17 00:00:00 2001 From: ItsDrike Date: Thu, 21 Mar 2024 21:47:25 +0100 Subject: [PATCH] Full rewrite --- .gitignore | 5 +++ README.md | 18 ++++++++++ guides/installation.md | 40 ++++++++++++++++++++++- hosts/default.nix | 5 +-- hosts/vbox_nix/default.nix | 14 ++++++-- options/default.nix | 6 ++++ options/device/default.nix | 5 +++ options/device/hardware.nix | 16 +++++++++ options/system.nix | 15 +++++++++ system/boot/default.nix | 5 +++ system/boot/systemd-boot.nix | 11 +++++++ system/default.nix | 23 +++++++------ system/hardware/cpu/amd.nix | 9 +++++ system/hardware/cpu/default.nix | 6 ++++ system/hardware/cpu/intel.nix | 9 +++++ system/hardware/default.nix | 5 +++ system/localisation.nix | 4 +++ system/nix.nix | 8 ++++- system/options/cachix.nix | 14 -------- system/options/oomd.nix | 9 ----- system/options/systemd-boot.nix | 12 ------- system/packages.nix | 9 ----- system/programs/default.nix | 14 ++++++++ system/programs/nano.nix | 49 ++++++++++++++++++++++++++++ system/services/default.nix | 5 +++ system/services/oomd.nix | 20 ++++++++++++ {modules => system}/services/ssh.nix | 4 ++- system/system.nix | 20 ++++++++++++ system/users.nix | 8 ----- 29 files changed, 294 insertions(+), 74 deletions(-) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 options/default.nix create mode 100644 options/device/default.nix create mode 100644 options/device/hardware.nix create mode 100644 options/system.nix create mode 100644 system/boot/default.nix create mode 100644 system/boot/systemd-boot.nix create mode 100644 system/hardware/cpu/amd.nix create mode 100644 system/hardware/cpu/default.nix create mode 100644 system/hardware/cpu/intel.nix create mode 100644 system/hardware/default.nix create mode 100644 system/localisation.nix delete mode 100644 system/options/cachix.nix delete mode 100644 system/options/oomd.nix delete mode 100644 system/options/systemd-boot.nix delete mode 100644 system/packages.nix create mode 100644 system/programs/default.nix create mode 100644 system/programs/nano.nix create mode 100644 system/services/default.nix create mode 100644 system/services/oomd.nix rename {modules => system}/services/ssh.nix (70%) create mode 100644 system/system.nix delete mode 100644 system/users.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a1300ce --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# Backup files I sometimes keep for references +*.bak + +# Personal TODO file +TODO diff --git a/README.md b/README.md new file mode 100644 index 0000000..76de2c2 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# NixDots + +My NixOS and home-manager flake + +## Structure + +- [`flake.nix`](./flake.nix): Starting point of the configuration, declaring entrypoints. +- [`guides`](./guides/): Some simple documentation to help me (and maybe others) understand NixOS. +- [`system`](./system/): Basic core configurations for the system itself. +- [`options`](./options/): Declaration of the configurable options, that should be set by the individual machines. +- [`hosts`](./hosts): Configuration of the individual hosts/computers + +## Inspiration + +This configuration was massively inspired by the following amazing projects: + +- +- diff --git a/guides/installation.md b/guides/installation.md index 1c22735..ac232ba 100644 --- a/guides/installation.md +++ b/guides/installation.md @@ -77,7 +77,6 @@ Create a very basic `./flake.nix`: description = "ItsDrike's NixOS configuration"; inputs = { - # the version here should match your system.stateVersion in configuration.nix nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; }; @@ -153,3 +152,42 @@ nixos-rebuild switch --flake . > [!TIP] > This replaces the legacy (non-flake) regime's command: `nixos-rebuild switch --upgrade` + +## Home-Manager + +Home-Manager is a way to bring nix features to your home directory. It allows +you to version and manage your configuration files that usually live in your +home directories, like `~/.config` with the usual nix tooling. This can help +you achieve full reproducibility for the user side, not just the system side. + +First, let's add home-manager as an input to our flake: + +```nix +home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; +}; +``` + +```nix +{ + description = "ItsDrike's NixOS configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ...} @ inputs: { + nixosConfigurations = { + nixos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + }; + }; +} +``` diff --git a/hosts/default.nix b/hosts/default.nix index ade7ce9..4cbbef9 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -6,10 +6,7 @@ in { modules = [ ./vbox_nix ../system - ../system/options/systemd-boot.nix - ../system/options/cachix.nix - ../system/options/oomd.nix - ../modules/services/ssh.nix + ../options inputs.home-manager.nixosModules.home-manager ]; }; diff --git a/hosts/vbox_nix/default.nix b/hosts/vbox_nix/default.nix index 3467086..f4e27e9 100644 --- a/hosts/vbox_nix/default.nix +++ b/hosts/vbox_nix/default.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ...}: +{ lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; @@ -13,10 +13,18 @@ udisks2.enable = true; }; - networking.hostName = "vboxnix"; - # NixOS release from which this machine was first installed. # (for stateful data, like file locations and db versions) # Leave this alone! system.stateVersion = lib.mkForce "23.11"; + + myOptions = { + system = { + hostname = "vboxnix"; + username = "itsdrike"; + }; + device = { + cpu.type = "vm-amd"; + }; + }; } diff --git a/options/default.nix b/options/default.nix new file mode 100644 index 0000000..f3a5f52 --- /dev/null +++ b/options/default.nix @@ -0,0 +1,6 @@ +_: { + imports = [ + ./device + ./system.nix + ]; +} diff --git a/options/device/default.nix b/options/device/default.nix new file mode 100644 index 0000000..863f6a5 --- /dev/null +++ b/options/device/default.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ./hardware.nix + ]; +} diff --git a/options/device/hardware.nix b/options/device/hardware.nix new file mode 100644 index 0000000..3fa6d8a --- /dev/null +++ b/options/device/hardware.nix @@ -0,0 +1,16 @@ +{ lib, ... }: with lib; let +in +{ + options.myOptions.device = { + cpu.type = mkOption { + type = with types; nullOr (enum [ "intel" "vm-intel" "amd" "vm-amd" ]); + default = null; + description = '' + The manifaturer/type of the primary system CPU. + + Determines which ucode services will be enabled and provides additional kernel packages. + If running in a virtual machine with forwarded/shared cores, use the `vm-` prefix. + ''; + }; + }; +} diff --git a/options/system.nix b/options/system.nix new file mode 100644 index 0000000..beab2c8 --- /dev/null +++ b/options/system.nix @@ -0,0 +1,15 @@ +{ lib, ... }: with lib; let +in +{ + options.myOptions.system = { + hostname = mkOption { + description = "hostname for this system"; + type = types.str; + }; + + username = mkOption { + description = "username for the primary admin account for this system"; + type = types.str; + }; + }; +} diff --git a/system/boot/default.nix b/system/boot/default.nix new file mode 100644 index 0000000..684ea28 --- /dev/null +++ b/system/boot/default.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ./systemd-boot.nix + ]; +} diff --git a/system/boot/systemd-boot.nix b/system/boot/systemd-boot.nix new file mode 100644 index 0000000..9b8864c --- /dev/null +++ b/system/boot/systemd-boot.nix @@ -0,0 +1,11 @@ +_: { + boot.loader = { + systemd-boot = { + enable = true; + memtest86.enable = true; + editor = true; + }; + efi.canTouchEfiVariables = true; + timeout = 3; + }; +} diff --git a/system/default.nix b/system/default.nix index 14b15d8..d589af8 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,13 +1,12 @@ -{lib, ...}: -{ - imports = [ - ./network.nix - ./users.nix - ./nix.nix - ./packages.nix - ]; - - # Internationalisation properties - time.timeZone = "CET"; - i18n.defaultLocale = "en_US.UTF-8"; +_: { + imports = [ + ./hardware + ./boot + ./services + ./programs + ./system.nix + ./nix.nix + ./network.nix + ./localisation.nix + ]; } diff --git a/system/hardware/cpu/amd.nix b/system/hardware/cpu/amd.nix new file mode 100644 index 0000000..bedbe5b --- /dev/null +++ b/system/hardware/cpu/amd.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +let + dev = config.myOptions.device; +in +{ + config = lib.mkIf (builtins.elem dev.cpu.type [ "amd" "vm-amd" ]) { + hardware.cpu.amd.updateMicrocode = true; + }; +} diff --git a/system/hardware/cpu/default.nix b/system/hardware/cpu/default.nix new file mode 100644 index 0000000..5472fdb --- /dev/null +++ b/system/hardware/cpu/default.nix @@ -0,0 +1,6 @@ +_: { + imports = [ + ./amd.nix + ./intel.nix + ]; +} diff --git a/system/hardware/cpu/intel.nix b/system/hardware/cpu/intel.nix new file mode 100644 index 0000000..ed7814d --- /dev/null +++ b/system/hardware/cpu/intel.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +let + dev = config.myOptions.device; +in +{ + config = lib.mkIf (builtins.elem dev.cpu.type [ "intel" "vm-intel" ]) { + hardware.cpu.intel.updateMicrocode = true; + }; +} diff --git a/system/hardware/default.nix b/system/hardware/default.nix new file mode 100644 index 0000000..c91c827 --- /dev/null +++ b/system/hardware/default.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ./cpu + ]; +} diff --git a/system/localisation.nix b/system/localisation.nix new file mode 100644 index 0000000..4be096f --- /dev/null +++ b/system/localisation.nix @@ -0,0 +1,4 @@ +_: { + time.timeZone = "CET"; + i18n.defaultLocale = "en_US.UTF-8"; +} diff --git a/system/nix.nix b/system/nix.nix index 6b22de5..461d636 100644 --- a/system/nix.nix +++ b/system/nix.nix @@ -1,5 +1,7 @@ {pkgs, ...}: { + system.autoUpgrade.enable = false; + nix = { settings = { # nix often takes up a lot of space, with /nix/store growing beyond reasonable sizes @@ -8,6 +10,10 @@ auto-optimise-store = true; # enable flakes support experimental-features = [ "nix-command" "flakes" ]; + + # Keep all dependencies used to build + keep-outputs = true; + keep-derivations = true; }; # Enable automatic garbage collection, deleting entries older than 14 days @@ -31,5 +37,5 @@ nixpkgs.config.allowUnfree = true; # Git is needed for flakes - environment.systemPackages = with pkgs; [git]; + environment.systemPackages = [pkgs.git]; } diff --git a/system/options/cachix.nix b/system/options/cachix.nix deleted file mode 100644 index a23b11b..0000000 --- a/system/options/cachix.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://nixpkgs-wayland.cachix.org" - "https://viperml.cachix.org" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" - "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8=" - ]; - }; -} diff --git a/system/options/oomd.nix b/system/options/oomd.nix deleted file mode 100644 index 4bc5b92..0000000 --- a/system/options/oomd.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - systemd.oomd = { - enable = true; - enableSystemSlice = true; - enableRootSlice = true; - enableUserSlices = true; - }; -} - diff --git a/system/options/systemd-boot.nix b/system/options/systemd-boot.nix deleted file mode 100644 index e46beec..0000000 --- a/system/options/systemd-boot.nix +++ /dev/null @@ -1,12 +0,0 @@ -_: { - boot.loader = { - systemd-boot = { - enable = true; - memtest86.enable = true; - editor = true; - }; - efi.canTouchEfiVariables = true; - timeout = 3; - }; -} - diff --git a/system/packages.nix b/system/packages.nix deleted file mode 100644 index 8c3140c..0000000 --- a/system/packages.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: -{ - # Basic list of must-have packages for all systems - environment.systemPackages = with pkgs; [ - vim - gnupg - delta - ]; -} diff --git a/system/programs/default.nix b/system/programs/default.nix new file mode 100644 index 0000000..906f90d --- /dev/null +++ b/system/programs/default.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, ... }: { + imports = [ + ./nano.nix + ]; + + # Basic list of must-have packages for all systems + # TODO: Move these to home-manager, no need for system wide deps + # although maybe keep vim + environment.systemPackages = with pkgs; [ + vim + gnupg + delta + ]; +} diff --git a/system/programs/nano.nix b/system/programs/nano.nix new file mode 100644 index 0000000..4ca7e7c --- /dev/null +++ b/system/programs/nano.nix @@ -0,0 +1,49 @@ +{ pkgs, ... }: { + programs.nano = { + # enabled by default anyway, we can keep it in case my neovim config breaks + enable = true; + nanorc = '' + include ${pkgs.nanorc}/share/*.nanorc # extended syntax highlighting + + # Options + # https://github.com/davidhcefx/Modern-Nano-Keybindings + set tabsize 4 + set tabstospaces + set linenumbers + set numbercolor yellow,normal + set indicator # side-bar for indicating cur position + set smarthome # `Home` jumps to line start first + set afterends # `Ctrl+Right` move to word ends instead of word starts + set wordchars "_" # recognize '_' as part of a word + set zap # delete selected text as a whole + set historylog # remember search history + set multibuffer # read files into multibuffer instead of insert + set mouse # enable mouse support + bind M-R redo main + bind ^C copy main + bind ^X cut main + bind ^V paste main + bind ^K zap main + bind ^H chopwordleft all + bind ^Q exit all + bind ^Z suspend main + bind M-/ comment main + bind ^Space complete main + + bind M-C location main + bind ^E wherewas all + bind M-E findprevious all + bind ^R replace main + bind ^B pageup all # vim-like support + bind ^F pagedown all + bind ^G firstline all + bind M-G lastline all + + bind M-1 help all # fix ^G been used + bind Sh-M-C constantshow main # fix M-C, M-F and M-b been used + bind Sh-M-F formatter main + bind Sh-M-B linter main + ''; + }; +} + diff --git a/system/services/default.nix b/system/services/default.nix new file mode 100644 index 0000000..53cf156 --- /dev/null +++ b/system/services/default.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ./ssh.nix + ]; +} diff --git a/system/services/oomd.nix b/system/services/oomd.nix new file mode 100644 index 0000000..717382f --- /dev/null +++ b/system/services/oomd.nix @@ -0,0 +1,20 @@ +{ lib, ... }: { + systemd = { + # OOMd: Out Of Memory daemon + # By default, this will only kill cgroups. So either systemd services + # marked for killing uder OOM or (non-default, but enabled here) the entire user slice. + oomd = { + enable = true; + enableSystemSlice = true; + enableRootSlice = true; + enableUserSlices = true; + extraConfig = { + "DefaultMemoryPressureDurationSec" = "20s"; + }; + }; + + # Make nix builds more likely to get killed than other important services. + # The default for user slices is 100, and systemd-coredumpd is 500 + services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 350; + }; +} diff --git a/modules/services/ssh.nix b/system/services/ssh.nix similarity index 70% rename from modules/services/ssh.nix rename to system/services/ssh.nix index d26ec8b..535827c 100644 --- a/modules/services/ssh.nix +++ b/system/services/ssh.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: { + # TODO: This really shouldn't be a default service in system/ services.openssh = { enable = true; settings = { @@ -8,3 +9,4 @@ }; }; } + diff --git a/system/system.nix b/system/system.nix new file mode 100644 index 0000000..17a17f2 --- /dev/null +++ b/system/system.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: with lib; let + cfg = config.myOptions.system; +in +{ + networking.hostName = cfg.hostname; + + users = { + # Prevent mutating users outside of our configurations. + # TODO: Solve this, currentry it fails with no password + # specified for root account nor any whell user accounts + # and wants us to set pw manually with passwd, which needs + # mutableUsers + #mutableUsers = false; + + users.${cfg.username} = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + }; +} diff --git a/system/users.nix b/system/users.nix deleted file mode 100644 index 0717223..0000000 --- a/system/users.nix +++ /dev/null @@ -1,8 +0,0 @@ -{pkgs, ...}: -{ - users.users.itsdrike = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - initialPassword = "itsdrike"; - }; -}