Move linux into its own directory

This commit is contained in:
Nathan McCarty 2022-09-04 01:59:56 -04:00
parent 8f231ab2ab
commit 9817f1998f
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
20 changed files with 122 additions and 115 deletions

View File

@ -86,7 +86,7 @@
modules = [
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
./modules/default.nix
./modules/linux/default.nix
({ pkgs, lib, config, ... }: {
# Configure hostname
networking = {

View File

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
with lib; {
config = {
nix = mkIf config.nathan.config.nix.autoGC {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
};
}

View File

@ -1,59 +1,14 @@
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
{ config, lib, pkgs, ... }:
with lib; {
config = {
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf config.nathan.config.harden {
boot.kernelPackages = pkgs.linuxPackages_5_18_hardened;
security = {
allowSimultaneousMultithreading = true;
unprivilegedUsernsClone = true;
};
})
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
})
# Systemd user service cludge
{
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
'';
}
];
}

44
modules/linux/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib;
in
{
imports = [
../options.nix
./base.nix
./user.nix
./desktop.nix
./swaywm.nix
./hardware.nix
./virtualization.nix
./windows.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
./services/ssh.nix
./services/tailscale.nix
./services/borg.nix
./services/nginx.nix
./services/matrix.nix
./linux/base.nix
];
config = {
# Enable the firewall
networking.firewall.enable = true;
# Enable unfree packages
nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree;
# Work around for discord jank ugh
nixpkgs.config.permittedInsecurePackages = [
"electron-13.6.9"
];
# Set system state version
system.stateVersion = "22.05";
# Enable flakes
# Enable nix flakes
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
}

View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf config.nathan.config.harden {
boot.kernelPackages = pkgs.linuxPackages_5_18_hardened;
security = {
allowSimultaneousMultithreading = true;
unprivilegedUsernsClone = true;
};
})
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
})
# Systemd user service cludge
{
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
'';
}
];
}

View File

@ -10,8 +10,8 @@ with lib;
# https://github.com/Admicos/minecraft-wayland
glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: {
patches = attrs.patches ++ [
../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch
../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch
../../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch
../../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch
];
});
stable-packages = with pkgs; [

View File

@ -16,7 +16,7 @@ with lib;
# Setup sops
sops.secrets."tailscale-auth" = {
sopsFile = ../../secrets/all/tailscale.yaml;
sopsFile = ../../../secrets/all/tailscale.yaml;
format = "yaml";
};

View File

@ -23,8 +23,8 @@ with lib;{
serviceConfig = {
Type = "forking";
ExecStart =
"${../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}";
ExecStop = "${../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}";
"${../../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}";
ExecStop = "${../../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}";
};
};
};

View File

@ -1,27 +1,9 @@
{ config, lib, pkgs, ... }:
let
inherit (import ./lib.nix { inherit lib; inherit pkgs; }) nLib;
in
{
imports = [
./base.nix
./user.nix
./desktop.nix
./swaywm.nix
./hardware.nix
./virtualization.nix
./windows.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
./services/ssh.nix
./services/tailscale.nix
./services/borg.nix
./services/nginx.nix
./services/matrix.nix
./linux/base.nix
];
options = with lib; with nLib; {
nathan = {
# Control enabling of services
@ -199,23 +181,4 @@ in
};
};
};
config = {
# Enable the firewall
networking.firewall.enable = true;
# Enable unfree packages
nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree;
# Work around for discord jank ugh
nixpkgs.config.permittedInsecurePackages = [
"electron-13.6.9"
];
# Set system state version
system.stateVersion = "22.05";
# Enable flakes
# Enable nix flakes
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
}