ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2024-09-19 21:09:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Actually enforce the roles

Browse source
This commit is contained in:
ItsDrike 2024-04-13 21:15:25 +02:00
parent 01e3567653
commit dd00ed5f70
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
9 changed files with 238 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/herugrim/default.nix
View file

@ -59,6 +59,10 @@
hasTPM = true; hasTPM = true;
}; };
workstation = {
printing.enable = true;
};
home-manager = { home-manager = {
enable = true; enable = true;
stateVersion = "23.11"; stateVersion = "23.11";

5
system/roles/default.nix
View file

@ -1,4 +1,9 @@
{ {
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [ imports = [
./workstation ./workstation
./laptop ./laptop

108
system/roles/laptop/power/default.nix
View file

@ -1,66 +1,70 @@
{lib, config, pkgs, ...}: let { pkgs, lib, config, ...}: let
inherit (lib) mkDefault; inherit (lib) mkIf mkDefault;
in{ deviceType = config.myOptions.device.roles.type;
hardware.acpilight.enable = true; acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
acpi acpi
powertop powertop
]; ];
services = { services = {
# handle ACPI events # handle ACPI events
acpid.enable = true; acpid.enable = true;
# allows changing system behavior based upon user-selected power profiles # allows changing system behavior based upon user-selected power profiles
power-profiles-daemon.enable = true; power-profiles-daemon.enable = true;
# temperature target on battery # temperature target on battery
undervolt = { undervolt = {
tempBat = 65; # deg C tempBat = 65; # deg C
package = pkgs.undervolt; package = pkgs.undervolt;
}; };
# superior power management # superior power management
auto-cpufreq = { auto-cpufreq = {
enable = true; enable = true;
# define the profiles # define the profiles
# (you can manually switch between profiles using `powerprofilesctl` cmd) # (you can manually switch between profiles using `powerprofilesctl` cmd)
settings = let settings = let
MHz = x: x * 1000; MHz = x: x * 1000;
in { in {
battery = { battery = {
governor = "powersave"; governor = "powersave";
scaling_min_freq = mkDefault (MHz 1200); scaling_min_freq = mkDefault (MHz 1200);
scaling_max_freq = mkDefault (MHz 1800); scaling_max_freq = mkDefault (MHz 1800);
turbo = "never"; turbo = "never";
};
charger = {
governor = "performance";
scaling_min_freq = mkDefault (MHz 1800);
scaling_max_freq = mkDefault (MHz 3800);
turbo = "auto";
};
}; };
};
charger = { # DBus service that provides power management support to applications
governor = "performance"; upower = {
scaling_min_freq = mkDefault (MHz 1800); enable = true;
scaling_max_freq = mkDefault (MHz 3800); percentageLow = 15;
turbo = "auto"; percentageCritical = 5;
}; percentageAction = 3;
criticalPowerAction = "Hibernate";
}; };
}; };
# DBus service that provides power management support to applications boot = {
upower = { kernelModules = ["acpi_call"];
enable = true; extraModulePackages = with config.boot.kernelPackages; [
percentageLow = 15; acpi_call
percentageCritical = 5; cpupower
percentageAction = 3; ];
criticalPowerAction = "Hibernate";
}; };
}; };
boot = {
kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
} }

40
system/roles/laptop/touchpad.nix
View file

@ -1,22 +1,28 @@
{ { lib, config, ...}: let
services.xserver.libinput = { inherit (lib) mkIf;
# enable libinput deviceType = config.myOptions.device.roles.type;
enable = true; acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.xserver.libinput = {
# enable libinput
enable = true;
# disable mouse acceleration # disable mouse acceleration
mouse = { mouse = {
accelProfile = "flat"; accelProfile = "flat";
accelSpeed = "0"; accelSpeed = "0";
middleEmulation = false; middleEmulation = false;
}; };
# touchpad settings # touchpad settings
touchpad = { touchpad = {
naturalScrolling = false; # I'm weird like that naturalScrolling = false; # I'm weird like that
tapping = true; tapping = true;
clickMethod = "clickfinger"; clickMethod = "clickfinger";
horizontalScrolling = true; horizontalScrolling = true;
disableWhileTyping = true; disableWhileTyping = true;
};
}; };
}; };
} }

176
system/roles/workstation/fonts.nix
View file

@ -1,93 +1,99 @@
{pkgs, ...}: { {pkgs, lib, config, ...}: let
fonts = { inherit (lib) mkIf;
enableDefaultPackages = false; deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
fontconfig = { fontconfig = {
defaultFonts = let defaultFonts = let
common = [ common = [
"Iosevka Nerd Font" "Iosevka Nerd Font"
"Symbols Nerd Font" "Symbols Nerd Font"
"Noto Color Emoji" "Noto Color Emoji"
]; ];
in { in {
monospace = [ monospace = [
"Source Code Pro Medium" "Source Code Pro Medium"
"Source Han Mono" "Source Han Mono"
] ]
++ common; ++ common;
sansSerif = [ sansSerif = [
"Lexend" "Lexend"
] ]
++ common; ++ common;
serif = [ serif = [
"Noto Serif" "Noto Serif"
] ]
++ common; ++ common;
emoji = [ emoji = [
"Noto Color Emoji" "Noto Color Emoji"
] ]
++ common; ++ common;
};
}; };
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
];
})
];
}; };
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
];
})
];
}; };
} }

26
system/roles/workstation/programs/misc.nix
View file

@ -1,15 +1,21 @@
{ { lib, config, ...}: let
programs = { inherit (lib) mkIf;
# allow non-root users to mount fuse filesystems with allow_other deviceType = config.myOptions.device.roles.type;
fuse.userAllowOther = true; acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage # show network usage
bandwhich.enable = true; bandwhich.enable = true;
# network inspection utility # network inspection utility
wireshark.enable = true; wireshark.enable = true;
# gnome's keyring manager # gnome's keyring manager
seahorse.enable = true; seahorse.enable = true;
};
}; };
} }

44
system/roles/workstation/services/earlyoom.nix
View file

@ -1,22 +1,28 @@
{pkgs, ...}: { {pkgs, lib, config, ...}: let
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html inherit (lib) mkIf;
# avoid the linux kernel locking itself when we're putting too much strain on the memory deviceType = config.myOptions.device.roles.type;
# this helps avoid having to shut down forcefully when we OOM acceptedTypes = ["laptop" "desktop"];
services.earlyoom = { in {
enable = true; config = mkIf (builtins.elem deviceType acceptedTypes) {
enableNotifications = true; # annoying, but we want to know what's killed # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
freeSwapThreshold = 2; # avoid the linux kernel locking itself when we're putting too much strain on the memory
freeMemThreshold = 2; # this helps avoid having to shut down forcefully when we OOM
extraArgs = [ services.earlyoom = {
"-g" # kill all processes within a process group enable = true;
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill enableNotifications = true; # annoying, but we want to know what's killed
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently freeSwapThreshold = 2;
]; freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal # we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later # for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" '' killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
''; '';
};
}; };
} }

21
system/roles/workstation/services/mount.nix
View file

@ -1,11 +1,16 @@
{ config, ... }: { lib, config, ...}: let
{ inherit (lib) mkIf;
services = { deviceType = config.myOptions.device.roles.type;
# enable GVfs, a userspace virtual filesystem acceptedTypes = ["laptop" "desktop"];
# (allows viewing ftp,sftp,... directly from the file manager) in {
gvfs.enable = true; config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount # Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer; udisks2.enable = !config.boot.isContainer;
};
}; };
} }

7
system/roles/workstation/services/printing.nix
View file

@ -1,9 +1,12 @@
{ config, lib, pkgs, ... }: let { pkgs, lib, config, ...}: let
inherit (lib) mkIf; inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing; cfg = config.myOptions.workstation.printing;
in { in {
config = mkIf cfg.enable {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
# enable cups and add some drivers for common printers # enable cups and add some drivers for common printers
services = { services = {
printing = { printing = {