System/modules/linux/default.nix

264 lines
9.1 KiB
Nix
Raw Normal View History

2022-09-04 01:59:56 -04:00
{ config, lib, pkgs, ... }:
let
inherit (import ../lib.nix {
inherit lib;
inherit pkgs;
})
nLib;
in {
2022-09-04 01:59:56 -04:00
imports = [
../options.nix
./base.nix
./user.nix
./desktop.nix
2023-06-16 22:43:59 -04:00
./hyprland.nix
2022-09-04 01:59:56 -04:00
./hardware.nix
./virtualization.nix
./windows.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
./services/ssh.nix
./services/tailscale.nix
./services/borg.nix
./services/nginx.nix
./services/matrix.nix
2022-11-22 22:16:10 -05:00
./services/ipfs.nix
2022-12-25 20:17:36 -05:00
./services/resolved.nix
2023-05-07 00:50:39 -04:00
./services/postgresql.nix
2022-09-04 01:59:56 -04:00
];
options = with lib;
with nLib; {
nathan = {
# Control enabling of services
# Services are system specific so they go here
services = {
2022-12-25 20:17:36 -05:00
# Enable resolved
resolved = {
enable = mkEnableOption "resolved";
2022-12-25 20:47:21 -05:00
nameserver = mkOption { default = "10.0.0.10"; };
2022-12-25 20:17:36 -05:00
domains = mkOption {
default = [ "mccarty.io" "stranger.systems" "local" ];
};
};
# Use zramSwap, enabled by default
zramSwap = mkDefaultOption "zram memory compression"
config.nathan.config.isDesktop;
# Enable ssh and configure firewall
# On by default
ssh = mkEnableOptionT "ssh";
# Enable tailscale, on by default on linux
tailscale = {
enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux;
2022-09-04 02:22:19 -04:00
};
# Borg backup
# Disabled by default as it requires configuration, but a really good idea to turn on
borg = {
enable = mkEnableOption "borg";
extraExcludes = mkOption {
default = [ ];
description = "List of extra paths to exclude";
};
extraIncludes = mkOption {
default = [ ];
description = "List of extra paths to include";
};
location = mkOption {
default = "de1955@de1955.rsync.net:computers";
description = "Location to backup to";
type = lib.types.str;
};
passwordFile = mkOption {
description = "Path to the password file";
type = lib.types.str;
};
sshKey = mkOption {
description = "Path to the ssh key";
type = lib.types.str;
};
startAt = mkOption {
description = "How often to run backups";
default = "hourly";
};
keepForever = mkOption {
description = "Keep monthly backups forever";
default = config.nathan.config.isDesktop;
};
2022-09-04 02:22:19 -04:00
};
# Nginx
nginx = {
enable = mkEnableOption "nginx";
acme = mkEnableOption "ACME Integration";
2022-09-04 02:22:19 -04:00
};
2023-05-07 00:50:39 -04:00
postgresql = {
enable = mkEnableOption "postgresql";
backup = mkEnableOption "postgresqlbackup";
};
# Matrix
matrix = {
enable = mkEnableOption "matrix";
baseDomain = mkOption {
description = "Base domain to use for the matrix services";
example = "mccarty.io";
type = lib.types.str;
};
element =
mkDefaultOption "element" config.nathan.services.matrix.enable;
enableRegistration = mkEnableOption "synapse registration";
2022-09-04 02:22:19 -04:00
};
2022-11-22 22:16:10 -05:00
# Kubo
kubo = { enable = mkEnableOption "kubo"; };
2022-09-04 02:22:19 -04:00
};
# Linux (desktop/server, not android) specific programs
programs = {
# Install games
games = mkEnableOption "games";
# Install gpg with yubikey support
# Enabled by default if the system is a desktop
gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop;
utils = {
# Enable multi system emulation
# Enabled by default on desktop
binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop;
2022-09-04 02:22:19 -04:00
};
2023-06-08 22:05:35 -04:00
perf = mkDefaultOption "perf" config.nathan.config.isDesktop;
2022-09-04 02:22:19 -04:00
};
# Control enabling of hardware support
hardware = {
# Logitech hardware support
# On by default if the system is a desktop
logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop;
# AMD Single gpu passthrough
amdPassthrough = mkEnableOption "logitech";
2022-11-05 23:54:11 -04:00
# Printing setup
printing = mkEnableOption "printing";
2022-09-04 02:22:19 -04:00
};
# Linux specific configuration
config = {
# Wether or not to install the main user
installUser = mkOption {
default = pkgs.stdenv.isLinux;
2022-09-04 02:22:19 -04:00
example = true;
description = "Whether to install the 'nathan' user";
2022-09-04 02:22:19 -04:00
type = lib.types.bool;
};
2023-05-07 02:16:31 -04:00
homeTmpfs = mkEnableOptionT "~/.tmp as tmpfs";
userUid = mkOption {
default = "1000";
example = "1000";
description = "UID of the user";
};
# Should we harden this system?
# On by default
harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem
# On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration
# Off by default
setupGrub = mkEnableOption "Setup grub";
# Install fonts
# On by default if the system is a desktop
fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop;
# Enable unfree software
# On by default
enableUnfree = mkEnableOptionT "unfree software";
# Nix configuration
nix = {
# Automatic GC and optimization of the nix store
# On by default
autoGC = mkEnableOptionT "Nix store optimization and auto gc";
# Automatic updating of the system
# On by default
autoUpdate = mkEnableOptionT "Nix autoupdating";
};
2023-06-18 16:39:16 -04:00
# hyprland configuration
# On by default if the system is a desktop
2023-06-18 16:39:16 -04:00
hyprland = {
enable = mkOption {
default = config.nathan.config.isDesktop;
example = true;
2023-06-18 16:39:16 -04:00
description = "Whether to setup hyprland";
type = lib.types.bool;
2022-09-04 02:22:19 -04:00
};
2023-06-18 18:59:45 -04:00
enableGreetd = mkOption {
default = config.nathan.config.isDesktop;
example = true;
description = "Whether to setup greetd";
type = lib.types.bool;
};
};
# Virtualization configuration
# All on by default if the system is a desktop
virtualization = {
qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop;
docker = mkDefaultOption "docker" config.nathan.config.isDesktop;
2023-06-23 05:51:13 -04:00
podman = mkEnableOption "podman";
2023-05-24 14:08:39 -04:00
lxc = mkEnableOption "lxc";
nixos =
mkDefaultOption "nixos containers" config.nathan.config.isDesktop;
2023-05-24 14:08:39 -04:00
crosvm = mkEnableOption "crosvm";
};
# Support for interacting with a dual booted windows system
windows = {
enable = mkEnableOption "Windows Integration";
mount = {
enable = mkDefaultOption "Mount a bitlockered windows partition"
config.nathan.config.windows.enable;
device = mkOption {
description = "Device to mount";
example = "/dev/sda2";
type = types.str;
};
mountPoint = mkOption {
description = "Location to mount the device to";
example = "/dev/sda2";
type = types.str;
};
keyFile = mkOption {
description =
"File containing the recovery key for the partition";
type = types.str;
};
2022-09-04 02:22:19 -04:00
};
};
};
};
};
2022-09-04 01:59:56 -04:00
config = {
# Enable the firewall
networking.firewall.enable = true;
# Enable unfree packages
nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree;
# Work around for discord jank ugh
2023-06-01 13:56:06 -04:00
# also wkhtmltopdf
nixpkgs.config.permittedInsecurePackages =
[ "electron-13.6.9" "qtwebkit-5.212.0-alpha4" ];
2022-09-04 01:59:56 -04:00
# Set system state version
system.stateVersion = lib.mkDefault "22.05";
2022-09-09 20:54:17 -04:00
nix = {
# Enable flakes
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
# Setup my binary cache
settings = {
2022-09-17 03:42:19 -04:00
substituters = [
"https://nix-cache.mccarty.io/"
"https://nix-community.cachix.org"
2023-06-13 23:21:21 -04:00
"https://hyprland.cachix.org"
2022-09-17 03:42:19 -04:00
];
trusted-public-keys = [
"nathan-nix-cache:R5/0GiItBM64sNgoFC/aSWuAopOAsObLcb/mwDf335A="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
2023-06-13 23:21:21 -04:00
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
2022-09-17 03:42:19 -04:00
];
2022-09-09 20:54:17 -04:00
};
};
2022-09-04 01:59:56 -04:00
};
}