2024-08-03 20:40:07 +02:00
|
|
|
{
|
|
|
|
nix-config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}:
|
2024-04-03 14:05:28 +02:00
|
|
|
|
|
|
|
let
|
2024-04-06 14:11:58 +02:00
|
|
|
inherit (lib.types) nullOr str listOf;
|
2024-09-02 18:18:15 +02:00
|
|
|
inherit (config.boot) isContainer;
|
2024-08-03 20:40:07 +02:00
|
|
|
|
|
|
|
inherit (lib)
|
|
|
|
mkOption
|
|
|
|
mkEnableOption
|
|
|
|
mkIf
|
|
|
|
singleton
|
2024-08-15 16:55:57 +02:00
|
|
|
optional
|
2024-08-03 20:40:07 +02:00
|
|
|
;
|
|
|
|
|
|
|
|
inherit (cfg)
|
|
|
|
username
|
|
|
|
iHaveLotsOfRam
|
|
|
|
hashedPassword
|
|
|
|
mullvad
|
|
|
|
allowSRB2Port
|
|
|
|
allowDevPort
|
|
|
|
postgres
|
|
|
|
;
|
2024-04-03 15:43:02 +02:00
|
|
|
|
2024-09-09 17:51:39 +02:00
|
|
|
isPhone = config.programs.calls.enable;
|
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
cfg = config.modules.system;
|
2024-04-03 14:05:28 +02:00
|
|
|
in
|
2023-06-22 17:54:12 +02:00
|
|
|
{
|
2024-08-03 21:26:45 +02:00
|
|
|
imports = with nix-config.inputs.home-manager.nixosModules; [ home-manager ];
|
2024-04-05 16:09:51 +02:00
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
options.modules.system = {
|
2024-04-04 22:36:08 +02:00
|
|
|
username = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "user";
|
|
|
|
};
|
|
|
|
|
2024-04-06 14:11:58 +02:00
|
|
|
hashedPassword = mkOption {
|
|
|
|
type = nullOr str;
|
|
|
|
default = null;
|
|
|
|
};
|
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
timeZone = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "America/New_York";
|
|
|
|
};
|
2024-04-04 03:28:50 +02:00
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
defaultLocale = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "ja_JP.UTF-8";
|
2024-04-03 13:30:40 +02:00
|
|
|
};
|
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
supportedLocales = mkOption {
|
|
|
|
type = listOf str;
|
2024-08-03 20:40:07 +02:00
|
|
|
|
|
|
|
default = [
|
|
|
|
"ja_JP.UTF-8/UTF-8"
|
|
|
|
"en_US.UTF-8/UTF-8"
|
|
|
|
"fr_FR.UTF-8/UTF-8"
|
|
|
|
];
|
2024-04-04 15:41:32 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
stateVersion = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "22.11";
|
|
|
|
};
|
2024-04-05 16:59:48 +02:00
|
|
|
|
2024-04-06 14:37:09 +02:00
|
|
|
hostName = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "nixos";
|
|
|
|
};
|
|
|
|
|
2024-07-18 19:28:05 +02:00
|
|
|
iHaveLotsOfRam = mkEnableOption "tmpfs on /tmp";
|
2024-04-06 14:37:09 +02:00
|
|
|
mullvad = mkEnableOption "mullvad vpn";
|
2024-04-09 15:25:30 +02:00
|
|
|
postgres = mkEnableOption "postgres database for containers";
|
2024-04-06 14:37:09 +02:00
|
|
|
allowSRB2Port = mkEnableOption "port for srb2";
|
2024-05-20 17:53:12 +02:00
|
|
|
allowDevPort = mkEnableOption "port for development server";
|
2024-04-03 14:05:28 +02:00
|
|
|
};
|
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
config = {
|
2024-07-17 12:49:30 +02:00
|
|
|
boot = {
|
2024-08-03 20:40:07 +02:00
|
|
|
tmp = if iHaveLotsOfRam then { useTmpfs = true; } else { cleanOnBoot = true; };
|
2024-04-03 14:05:28 +02:00
|
|
|
|
2024-06-16 13:43:51 +02:00
|
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
loader = {
|
|
|
|
systemd-boot = {
|
|
|
|
enable = true;
|
|
|
|
editor = false;
|
|
|
|
configurationLimit = 10;
|
|
|
|
};
|
|
|
|
|
|
|
|
timeout = 0;
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
};
|
2024-04-11 04:56:48 +02:00
|
|
|
|
2024-08-03 20:40:07 +02:00
|
|
|
blacklistedKernelModules = [ "floppy" ];
|
2024-04-03 14:05:28 +02:00
|
|
|
};
|
|
|
|
|
2024-06-23 19:51:21 +02:00
|
|
|
systemd = {
|
2024-04-04 15:41:32 +02:00
|
|
|
extraConfig = "DefaultTimeoutStopSec=10s";
|
|
|
|
services.NetworkManager-wait-online.enable = false;
|
|
|
|
};
|
2024-04-03 15:16:18 +02:00
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
nix = {
|
2024-08-16 03:34:55 +02:00
|
|
|
package = pkgs.nixVersions.latest;
|
2024-07-18 18:55:27 +02:00
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
settings = {
|
|
|
|
auto-optimise-store = true;
|
|
|
|
warn-dirty = false;
|
2024-06-21 04:32:42 +02:00
|
|
|
allow-import-from-derivation = false;
|
2024-06-17 17:24:51 +02:00
|
|
|
|
2024-08-03 20:40:07 +02:00
|
|
|
experimental-features = [
|
|
|
|
"nix-command"
|
|
|
|
"flakes"
|
|
|
|
];
|
|
|
|
|
2024-06-17 17:24:51 +02:00
|
|
|
trusted-users = [
|
|
|
|
"root"
|
|
|
|
"@wheel"
|
|
|
|
];
|
2024-04-04 15:41:32 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-06-23 15:45:09 +02:00
|
|
|
zramSwap = {
|
2024-04-04 15:41:32 +02:00
|
|
|
enable = true;
|
|
|
|
memoryPercent = 100;
|
|
|
|
};
|
2024-04-03 13:14:47 +02:00
|
|
|
|
2024-04-04 15:41:32 +02:00
|
|
|
time = {
|
|
|
|
inherit (cfg) timeZone;
|
|
|
|
};
|
|
|
|
|
|
|
|
i18n = {
|
|
|
|
inherit (cfg) defaultLocale supportedLocales;
|
|
|
|
};
|
|
|
|
|
|
|
|
system = {
|
|
|
|
inherit (cfg) stateVersion;
|
|
|
|
};
|
2024-04-04 22:00:09 +02:00
|
|
|
|
|
|
|
users = {
|
|
|
|
mutableUsers = false;
|
2024-09-02 18:18:15 +02:00
|
|
|
allowNoPasswordLogin = mkIf isContainer true;
|
2024-04-04 22:00:09 +02:00
|
|
|
|
2024-04-04 22:36:08 +02:00
|
|
|
users.${username} = {
|
2024-04-06 14:11:58 +02:00
|
|
|
inherit hashedPassword;
|
|
|
|
|
2024-04-04 22:36:08 +02:00
|
|
|
isNormalUser = true;
|
|
|
|
uid = 1000;
|
2024-09-09 17:51:39 +02:00
|
|
|
password = mkIf (hashedPassword == null && !isContainer) (if isPhone then "1234" else username);
|
2024-08-03 20:40:07 +02:00
|
|
|
|
2024-06-19 08:04:46 +02:00
|
|
|
extraGroups =
|
2024-09-02 18:18:15 +02:00
|
|
|
if isContainer then
|
2024-08-03 20:40:07 +02:00
|
|
|
[ ]
|
|
|
|
else
|
|
|
|
[
|
|
|
|
"wheel"
|
|
|
|
"networkmanager"
|
|
|
|
"dialout"
|
|
|
|
"feedbackd"
|
|
|
|
"video"
|
|
|
|
];
|
2024-04-04 22:00:09 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
home-manager = {
|
|
|
|
useGlobalPkgs = true;
|
|
|
|
useUserPackages = true;
|
|
|
|
|
2024-04-08 10:11:19 +02:00
|
|
|
sharedModules = singleton {
|
2024-04-08 10:15:46 +02:00
|
|
|
home = {
|
|
|
|
inherit (cfg) stateVersion;
|
|
|
|
};
|
|
|
|
|
2024-09-09 19:08:19 +02:00
|
|
|
programs.man.generateCaches = mkIf (!isPhone) true;
|
2024-04-08 10:11:19 +02:00
|
|
|
};
|
2024-04-04 22:00:09 +02:00
|
|
|
|
2024-04-04 22:36:08 +02:00
|
|
|
users.${username}.home = {
|
|
|
|
inherit username;
|
|
|
|
|
|
|
|
homeDirectory = "/home/${username}";
|
2024-04-04 22:00:09 +02:00
|
|
|
};
|
|
|
|
};
|
2024-04-06 01:38:56 +02:00
|
|
|
|
|
|
|
virtualisation.vmVariant = {
|
|
|
|
virtualisation = {
|
|
|
|
memorySize = 4096;
|
|
|
|
cores = 4;
|
|
|
|
|
2024-04-06 14:21:27 +02:00
|
|
|
sharedDirectories = {
|
|
|
|
tmp = {
|
|
|
|
source = "/tmp";
|
|
|
|
target = "/mnt";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-04-06 01:38:56 +02:00
|
|
|
qemu.options = [
|
|
|
|
"-device virtio-vga-gl"
|
|
|
|
"-display sdl,gl=on,show-cursor=off"
|
|
|
|
"-audio pa,model=hda"
|
2024-04-06 12:44:31 +02:00
|
|
|
"-full-screen"
|
2024-04-06 01:38:56 +02:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.interception-tools.enable = lib.mkForce false;
|
|
|
|
networking.resolvconf.enable = lib.mkForce true;
|
2024-04-06 04:23:20 +02:00
|
|
|
zramSwap.enable = lib.mkForce false;
|
2024-04-06 01:38:56 +02:00
|
|
|
|
|
|
|
boot.enableContainers = false;
|
|
|
|
};
|
2024-04-06 14:37:09 +02:00
|
|
|
|
|
|
|
networking = {
|
|
|
|
inherit (cfg) hostName;
|
|
|
|
|
|
|
|
networkmanager = {
|
|
|
|
enable = true;
|
|
|
|
wifi.macAddress = "random";
|
|
|
|
ethernet.macAddress = "random";
|
|
|
|
|
|
|
|
unmanaged = [ "interface-name:ve-*" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
useHostResolvConf = true;
|
|
|
|
|
|
|
|
resolvconf.enable = mkIf mullvad false;
|
|
|
|
|
|
|
|
nat = mkIf mullvad {
|
|
|
|
enable = true;
|
|
|
|
internalInterfaces = [ "ve-+" ];
|
|
|
|
externalInterface = "wg-mullvad";
|
|
|
|
};
|
|
|
|
|
|
|
|
firewall = {
|
2024-08-16 20:58:34 +02:00
|
|
|
allowedUDPPorts = [
|
|
|
|
67
|
|
|
|
68
|
|
|
|
] ++ optional allowSRB2Port [ 5029 ];
|
2024-08-15 16:55:57 +02:00
|
|
|
|
2024-08-03 20:40:07 +02:00
|
|
|
allowedTCPPorts = mkIf allowDevPort [ 3000 ];
|
2024-04-06 14:37:09 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-04-09 15:25:30 +02:00
|
|
|
services = {
|
|
|
|
resolved.llmnr = "false";
|
2024-04-06 14:37:09 +02:00
|
|
|
|
2024-04-09 15:25:30 +02:00
|
|
|
mullvad-vpn = mkIf mullvad {
|
|
|
|
enable = true;
|
|
|
|
enableExcludeWrapper = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
postgresql = mkIf postgres {
|
|
|
|
enable = true;
|
2024-08-27 16:58:05 +02:00
|
|
|
|
|
|
|
ensureUsers = singleton {
|
|
|
|
name = username;
|
|
|
|
};
|
|
|
|
|
|
|
|
ensureDatabases = [
|
|
|
|
username
|
|
|
|
];
|
2024-04-09 15:25:30 +02:00
|
|
|
};
|
2024-08-12 00:47:05 +02:00
|
|
|
|
|
|
|
openssh = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
PasswordAuthentication = false;
|
2024-08-12 12:39:12 +02:00
|
|
|
KbdInteractiveAuthentication = false;
|
2024-08-12 00:47:05 +02:00
|
|
|
};
|
|
|
|
};
|
2024-04-06 14:37:09 +02:00
|
|
|
};
|
2024-04-06 16:26:02 +02:00
|
|
|
|
2024-06-23 15:46:55 +02:00
|
|
|
environment = {
|
2024-08-03 20:40:07 +02:00
|
|
|
systemPackages = with pkgs; [ (pass.withExtensions (ext: with ext; [ pass-otp ])) ];
|
2024-06-23 15:46:55 +02:00
|
|
|
defaultPackages = [ ];
|
|
|
|
gnome.excludePackages = with pkgs; [ gnome-tour ];
|
|
|
|
};
|
2024-07-18 20:31:46 +02:00
|
|
|
|
|
|
|
programs.command-not-found.enable = false;
|
2024-04-03 15:43:02 +02:00
|
|
|
};
|
2023-06-22 17:54:12 +02:00
|
|
|
}
|