Refactors profiles for gui, desktop and laptop

2025-04-13 19:57:19 +00:00 · 2024-02-06 16:28:28 -08:00 · 2024-02-06 16:28:28 -08:00 · d0f1e9a09d
commit d0f1e9a09d
parent 550d37ad66
11 changed files with 126 additions and 308 deletions
--- a/common/hosts/zerotier
+++ b/common/hosts/zerotier
@ -1,4 +1,6 @@
 10.1.2.16  zeus
 10.1.2.153 glassbox
 10.1.2.28  voyager
 10.1.2.134 bsdremote
 10.1.2.152 thinkpad
 10.1.2.171 pizero
--- a/nixos/hosts/glassbox.nix
+++ b/nixos/hosts/glassbox.nix
@ -5,15 +5,10 @@
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+    ../profiles/desktop.nix
    ../profiles/hyprland.nix
    ../profiles/default.nix
    ../users/willem/home/linux.nix
    ../modules/zerotier.nix
  ];
  boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"];
@ -48,10 +43,6 @@
  swapDevices = [];
  networking.hostName = "glassbox";
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos/hosts/nixbox.nix
+++ b/nixos/hosts/nixbox.nix
@ -2,18 +2,10 @@
  config,
  lib,
  pkgs,
  modulesPath,
  ...
-}: let
+}: {
  torrent_group_id = 987;
 in
  {
  imports = [
-      (modulesPath + "/installer/scan/not-detected.nix")
+    ../profiles/desktop.nix
      ../profiles/hyprland.nix
      ../profiles/default.nix
      ../users/willem/home/linux.nix
      ../modules/zerotier.nix
  ];
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
@ -57,151 +49,9 @@ in
  users.groups.torrent.gid = torrent_group_id;
    services.transmission = {
      enable = false;
      package = pkgs.transmission_4;
      group = "torrent";
      settings = rec {
        download-dir = "/zpool/media/torrents";
        incomplete-dir = "/zpool/media/torrents/.incomplete";
        incomplete-dir-enabled = true;
        peer-port = 51413;
        rpc-enabled = true;
        rpc-bind-address = "0.0.0.0";
        rpc-whitelist-enabled = false;
        rpc-whitelist = "10.1.2.*,127.0.0.*";
        rpc-host-whitelist-enabled = false;
      };
    };
    networking.nftables.enable = true;
    networking.nftables.flushRuleset = true;
    networking.nftables.tables."nixos-fw".content = lib.mkForce "";
    networking.nftables.ruleset = ''
      table inet filter {
        chain input {
          type filter hook input priority 0;
          # accept all localhost and zerotier traffic
          iifname lo accept
          iifname "zt*" accept
          # accept traffic sent by us
          ct state {established, related} accept
          # ICMP
          # routers may also want: mld-listener-query, nd-router-solicit
          ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
          # allow "ping"
          ip protocol icmp icmp type echo-request accept
          # jellyfin
          tcp dport 8096 accept
          tcp dport 8920 accept
          udp dport 1900 accept
          udp dport 7359 accept
          # transmission web ui
          tcp dport 9091 accept
          # zerotier
          udp dport 9993 accept
          tcp dport 9993 accept
          # ssh
          tcp dport 22 accept
          iifname "tun0" tcp dport 51413 accept
          iifname "tun0" udp dport 51413 accept
          iifname {lo, "zt*"} tcp dport 9091 accept
          iifname "tun0" skgid ${toString torrent_group_id} accept
          # drop all other packets
          counter drop
          #accept
        }
        chain output {
          type filter hook output priority 0;
          tcp dport 53 accept
          udp dport 53 accept
          oifname {"lo", "zt*"} tcp sport 9091 accept
          skgid ${toString torrent_group_id} oifname != "tun0" counter drop
          # zerotier
          oifname "zt*" accept
          udp dport 9993 accept
          tcp dport 9993 accept
          accept
        }
        chain forward {
          type filter hook forward priority 0;
          accept
        }
      }
    '';
    networking.useDHCP = lib.mkDefault true;
  networking.hostName = "nixbox";
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  }
+}
  # Do not modify this file!  It was generated by ‘nixos-generate-config’
  # and may be overwritten by future invocations.  Please make changes
  # to /etc/nixos/configuration.nix instead.
  {
    config,
    lib,
    pkgs,
    modulesPath,
    ...
  }: {
    imports = [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
    boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"];
    boot.initrd.kernelModules = [];
    boot.kernelModules = ["kvm-intel"];
    boot.extraModulePackages = [];
    fileSystems."/" = {
      device = "/dev/disk/by-uuid/4e9a4d87-4b00-413b-84c0-62e737a012a9";
      fsType = "ext4";
    };
    fileSystems."/boot" = {
      device = "/dev/disk/by-uuid/1641-A38E";
      fsType = "vfat";
    };
    swapDevices = [];
    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
    # (the default) this is the recommended approach. When using systemd-networkd it's
    # still possible to use this option, but it's recommended to use it in conjunction
    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
    networking.useDHCP = lib.mkDefault true;
    # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
    # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  }
--- a/nixos/hosts/thinkpad.nix
+++ b/nixos/hosts/thinkpad.nix
@ -2,15 +2,10 @@
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+    ../profiles/laptop.nix
    ../profiles/hyprland.nix
    ../profiles/default.nix
    ../users/willem/home/linux.nix
    ../modules/zerotier.nix
  ];
  boot.loader.systemd-boot.enable = true;
@ -42,7 +37,6 @@
    settings.General.EnableNetworkConfiguration = true;
  };
  networking.useDHCP = lib.mkDefault true;
  networking.hostName = "thinkpad";
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/nixos/hosts/voyager/default.nix
+++ b/nixos/hosts/voyager/default.nix
@ -3,31 +3,14 @@
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+    ../../profiles/laptop.nix
    ../../profiles/hyprland.nix
    ../../profiles/default.nix
    ../../users/willem/home/linux.nix
    ../../modules/zerotier.nix
    inputs.nixos-apple-silicon.nixosModules.apple-silicon-support
  ];
  environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine}/gmp-widevinecdm/system-installed"];
  environment.systemPackages = [pkgs.powertop];
  services.logind = {
    extraConfig = ''
      HandlePowerKey=suspend
      HandleLidSwitchDocked=suspend
    '';
    lidSwitch = "suspend";
  };
  powerManagement.powertop.enable = true;
  boot.initrd.availableKernelModules = ["usb_storage" "sdhci_pci"];
  fileSystems."/" = {
@ -42,8 +25,6 @@
  swapDevices = [];
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;
@ -71,10 +52,6 @@
  };
  hardware.opengl.enable = true;
  networking.wireless.iwd = {
    enable = true;
    settings.General.EnableNetworkConfiguration = true;
  };
  networking.hostName = "voyager";
 }
--- a/nixos/profiles/default.nix
+++ b/nixos/profiles/default.nix
@ -3,6 +3,7 @@
  overlays,
  pkgs,
  globals,
  lib,
  ...
 }: {
  imports = [
@ -15,6 +16,9 @@
    inputs.stylix.nixosModules.stylix
  ];
  networking.useDHCP = lib.mkDefault true;
  hardware.enableRedistributableFirmware = lib.mkDefault true;
  programs.command-not-found.enable = false;
  boot.tmp.useTmpfs = true;
--- a/nixos/profiles/desktop.nix
+++ b/nixos/profiles/desktop.nix
@ -1,49 +1,10 @@
-{
+{pkgs, ...}: {
-  pkgs,
+  imports = [
-  globals,
+    ./hyprland.nix
-  ...
+    ./default.nix
-}: {
+    ../users/willem/home/linux.nix
-  services.pipewire = {
+    ../modules/zerotier.nix
-    enable = true;
+  ];
-    alsa.enable = true;
+  powerManagement.cpuFreqGovernor = "performance";
-    alsa.support32Bit = true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
    pulse.enable = true;
  };
  services.dbus = {
    enable = true;
    packages = [pkgs.dconf];
  };
  programs.dconf = {
    enable = true;
  };
  services.printing.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.xserver = {
    enable = true;
    layout = globals.keyboard.layout;
    xkbVariant = globals.keyboard.variant;
    synaptics.enable = false;
    displayManager.lightdm.enable = false;
    libinput = {
      enable = true;
      touchpad.tapping = true;
      touchpad.naturalScrolling = true;
      touchpad.scrollMethod = "twofinger";
      touchpad.disableWhileTyping = true;
      touchpad.clickMethod = "clickfinger";
    };
  };
  sound.enable = true;
 }
--- a/nixos/profiles/gnome.nix
+++ b/nixos/profiles/gnome.nix
@ -1,31 +0,0 @@
 {pkgs, ...}: {
  imports = [./desktop.nix];
  environment.gnome.excludePackages =
    (with pkgs; [
      gnome-photos
      gnome-tour
    ])
    ++ (with pkgs.gnome; [
      gnome-music
      evince # document viewer
      gnome-characters
      totem # video player
      tali # poker game
      iagno # go game
      hitori # sudoku game
      atomix # puzzle game
    ]);
  environment.systemPackages = with pkgs; [
    pinentry-gnome
  ];
  services.xserver = {
    enable = true;
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
  };
  sound.enable = true;
 }
--- a/nixos/profiles/gui.nix
+++ b/nixos/profiles/gui.nix
@ -0,0 +1,49 @@
 {
  pkgs,
  globals,
  ...
 }: {
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  services.dbus = {
    enable = true;
    packages = [pkgs.dconf];
  };
  programs.dconf = {
    enable = true;
  };
  services.printing.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.xserver = {
    enable = true;
    layout = globals.keyboard.layout;
    xkbVariant = globals.keyboard.variant;
    synaptics.enable = false;
    displayManager.lightdm.enable = false;
    libinput = {
      enable = true;
      touchpad.tapping = true;
      touchpad.naturalScrolling = true;
      touchpad.scrollMethod = "twofinger";
      touchpad.disableWhileTyping = true;
      touchpad.clickMethod = "clickfinger";
    };
  };
  sound.enable = true;
 }
--- a/nixos/profiles/hyprland.nix
+++ b/nixos/profiles/hyprland.nix
@ -3,7 +3,7 @@
  pkgs,
  ...
 }: {
-  imports = [./desktop.nix];
+  imports = [./gui.nix];
  programs.hyprland.enable = true;
  programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.hyprland;
--- a/nixos/profiles/laptop.nix
+++ b/nixos/profiles/laptop.nix
@ -0,0 +1,21 @@
 {pkgs, ...}: {
  imports = [
    ./hyprland.nix
    ./default.nix
    ../users/willem/home/linux.nix
    ../modules/zerotier.nix
  ];
  environment.systemPackages = [pkgs.powertop];
  services.logind = {
    extraConfig = ''
      HandlePowerKey=suspend
      HandleLidSwitchDocked=suspend
    '';
    lidSwitch = "suspend";
  };
  powerManagement.powertop.enable = true;
  networking.wireless.iwd = {
    enable = true;
    settings.General.EnableNetworkConfiguration = true;
  };
 }