commit 4715a1a88b3bb65e684c8d2af9fd79c62143831b
parent fd0fb7c43a67b2c43e9d743edd622df241003df9
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 27 Feb 2025 11:54:15 +0100
parent fd0fb7c43a67b2c43e9d743edd622df241003df9
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 27 Feb 2025 11:54:15 +0100
configurations/linux: refactor
7 files changed, 99 insertions(+), 91 deletions(-)
diff --git a/configurations/linux/default.nix b/configurations/linux/default.nix @@ -8,9 +8,13 @@ ./bluetooth.nix ./fonts.nix + ./xdg.nix ./mobile-device.nix + ./thunderbolt.nix ]; + age.secrets.katja-systempassword.file = ../../secrets/passwords/katja.age; + deployment = { buildOnTarget = lib.mkDefault false; targetUser = lib.mkDefault "root"; @@ -40,7 +44,6 @@ }; }; - networking.hostName = lib.mkDefault args.name; networking.domain = lib.mkDefault "ctu.cx"; @@ -49,12 +52,18 @@ nix = { channel.enable = false; + settings.trusted-users = [ "@wheel" ]; settings.auto-optimise-store = true; + + daemonCPUSchedPolicy = lib.mkDefault "idle"; + daemonIOSchedClass = lib.mkDefault "idle"; + optimise = { automatic = lib.mkDefault true; dates = [ "12:00" "15:00" "18:00" "21:00" ]; }; + gc = { automatic = lib.mkDefault true; options = "--delete-older-than 3d"; @@ -66,12 +75,14 @@ services = { timesyncd.enable = true; + fstrim.enable = true; vnstat.enable = true; vnstati.enable = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false)); - fstrim.enable = true; journald.extraConfig = "SystemMaxUse=1G"; + logind.killUserProcesses = true; + nginx = { recommendedGzipSettings = true; recommendedOptimisation = true; @@ -106,16 +117,13 @@ acme.defaults.email = "letsencrypt@ctu.cx"; }; - age.secrets.katja-systempassword.file = ../../secrets/passwords/katja.age; - users.mutableUsers = false; - users.users = { + users.users = let + katja-pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)"; + in { root.openssh.authorizedKeys.keys = [ - # gpg katja - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)" - #gpg leah - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161" + katja-pubkey ]; katja = { @@ -123,12 +131,10 @@ hashedPasswordFile = config.age.secrets.katja-systempassword.path; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ - # gpg katja - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)" - #gpg leah - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161" + katja-pubkey ]; }; + }; home-manager.users.katja = {
diff --git a/configurations/linux/gnome.nix b/configurations/linux/gnome.nix @@ -54,6 +54,10 @@ home-manager.users.katja = { manual.html.enable = true; + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gnome"; + }; + home.packages = with pkgs; [ wl-clipboard-x11 gnome-calendar @@ -66,6 +70,7 @@ diebahn cozy xdg-utils + qgnomeplatform # look and feel from libadwaita ported to GTK-3 adw-gtk3 ] ++ (with pkgs.gnomeExtensions; [ @@ -233,7 +238,9 @@ ctucxConfig = { configure = { mobileDevice = false; + thunderbolt = true; fonts = true; + xdg = true; }; wm.gnome.enable = true;
diff --git a/configurations/linux/gtk.nix b/configurations/linux/gtk.nix @@ -1,32 +0,0 @@ -{ config, lib, pkgs, home-manager, ... }: - -{ - - services.dbus.packages = with pkgs; [ dconf ]; - home-manager.users.katja = { - - gtk = { - enable = true; - - iconTheme = { - name = "Adwaita"; - package = pkgs.gnome3.adwaita-icon-theme; - }; - - font = { - name = "Dejavu Sans"; - package = pkgs.dejavu_fonts; - }; - - gtk3 = { - #bookmarks - extraConfig = { - gtk-application-prefer-dark-theme = true; - gtk-recent-files-limit = 10; - }; - }; - }; - - }; - -}
diff --git a/configurations/linux/qt.nix b/configurations/linux/qt.nix @@ -1,17 +0,0 @@ -{ config, lib, pkgs, home-manager, ... }: - -{ - - home-manager.users.katja = { - - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gnome"; - }; - - home.packages = with pkgs; [ - pkgs.qgnomeplatform - ]; - - }; - -}
diff --git a/configurations/linux/sway.nix b/configurations/linux/sway.nix @@ -2,11 +2,6 @@ { - imports = [ - ./gtk.nix - ./qt.nix - ]; - users.users.katja.extraGroups = [ "dialout" ]; nixpkgs.config.allowUnfree = true; @@ -29,17 +24,48 @@ services = { nscd.enable = true; getty.autologinUser = "katja"; + dbus.packages = [ pkgs.dconf ]; }; home-manager.users.katja = { manual.html.enable = true; services.gnome-keyring.enable = true; + + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gnome"; + }; + + home.packages = with pkgs; [ + pkgs.qgnomeplatform + ]; + + gtk = { + enable = true; + + iconTheme = { + name = "Adwaita"; + package = pkgs.gnome3.adwaita-icon-theme; + }; + + font = { + name = "Dejavu Sans"; + package = pkgs.dejavu_fonts; + }; + + gtk3.extraConfig = { + gtk-application-prefer-dark-theme = true; + gtk-recent-files-limit = 10; + }; + }; + }; ctucxConfig = { configure = { mobileDevice = false; + thunderbolt = true; fonts = true; + xdg = true; bluetooth = true; };
diff --git a/configurations/linux/thunderbolt.nix b/configurations/linux/thunderbolt.nix @@ -1,15 +1,24 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: -{ +let + cfg = config.ctucxConfig.configure.thunderbolt; - boot.kernelModules = [ "thunderbolt-net"]; - environment.systemPackages = [ pkgs.bolt ]; +in { - services = { - hardware.bolt.enable = true; - udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - ''; + options = { + ctucxConfig.configure.thunderbolt = lib.mkEnableOption "thunderbolt"; + }; + + config = lib.mkIf cfg { + boot.kernelModules = [ "thunderbolt-net"]; + environment.systemPackages = [ pkgs.bolt ]; + + services = { + hardware.bolt.enable = true; + udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" + ''; + }; }; }
diff --git a/configurations/linux/xdg.nix b/configurations/linux/xdg.nix @@ -1,22 +1,31 @@ { config, lib, pkgs, home-manager, ... }: -{ +let + cfg = config.ctucxConfig.configure.xdg; - home-manager.users.katja = { - xdg = { - enable = true; - mime.enable = true; +in { - userDirs = { - enable = true; - desktop = "\$HOME/Desktop"; - documents = "\$HOME/Documents"; - download = "\$HOME/Downloads"; - videos = "\$HOME/Videos"; - music = "\$HOME/Music"; - pictures = "\$HOME/Pictures"; - publicShare = "\$HOME/Public"; - templates = "\$HOME/Templates"; + options = { + ctucxConfig.configure.xdg = lib.mkEnableOption "xdg"; + }; + + config = lib.mkIf cfg { + home-manager.users.katja = { + xdg = { + enable = true; + mime.enable = true; + + userDirs = { + enable = true; + desktop = "\$HOME/Desktop"; + documents = "\$HOME/Documents"; + download = "\$HOME/Downloads"; + videos = "\$HOME/Videos"; + music = "\$HOME/Music"; + pictures = "\$HOME/Pictures"; + publicShare = "\$HOME/Public"; + templates = "\$HOME/Templates"; + }; }; }; };