diff options
Diffstat (limited to '')
| -rw-r--r-- | nix/profiles/darwin.nix | 46 | ||||
| -rw-r--r-- | nix/profiles/disk/vm.nix (renamed from nix/machines/vm-synology/disk.nix) | 0 | ||||
| -rw-r--r-- | nix/profiles/git-server.nix (renamed from nix/machines/vm-synology/git.nix) | 0 | ||||
| -rw-r--r-- | nix/profiles/hardware/synology.nix (renamed from nix/machines/vm-synology/hardware.nix) | 9 | ||||
| -rw-r--r-- | nix/profiles/home-manager.nix | 36 | ||||
| -rw-r--r-- | nix/profiles/server.nix | 80 |
6 files changed, 162 insertions, 9 deletions
diff --git a/nix/profiles/darwin.nix b/nix/profiles/darwin.nix new file mode 100644 index 0000000..e355b72 --- /dev/null +++ b/nix/profiles/darwin.nix @@ -0,0 +1,46 @@ +{ ... }: +{ + system.defaults = { + dock = { + autohide = true; + dashboard-in-overlay = false; + launchanim = false; # Don't animate opening applications. + mru-spaces = false; # don’t rearrange spaces based on the most recent use + orientation = "left"; + show-recents = false; + showhidden = false; + tilesize = 60; # Default is 64. + wvous-br-corner = 1; # Disable Notes hot corner. + }; + finder.AppleShowAllExtensions = true; + + CustomUserPreferences = { + "com.apple.desktopservices" = { + # Avoid creating .DS_Store files on network or USB volumes + DSDontWriteNetworkStores = true; + DSDontWriteUSBStores = true; + }; + }; + + # Requires the directory to already exist. + # See system.activationScripts.postUserActivation + screencapture.location = "~/Documents/screenshots"; + SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; + }; + + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToControl = true; + }; + + # TODO: - The `system.activationScripts.postUserActivation` option has + # been removed, as all activation now takes place as `root`. Please + # restructure your custom activation scripts appropriately, + # potentially using `sudo` if you need to run commands as a user. + # system.activationScripts.postUserActivation.text = '' + # mkdir -p ~/Documents/screenshots + # ''; + + # Touch ID for sudo auth + security.pam.services.sudo_local.touchIdAuth = true; +} diff --git a/nix/machines/vm-synology/disk.nix b/nix/profiles/disk/vm.nix index 1641339..1641339 100644 --- a/nix/machines/vm-synology/disk.nix +++ b/nix/profiles/disk/vm.nix diff --git a/nix/machines/vm-synology/git.nix b/nix/profiles/git-server.nix index 27eebc7..27eebc7 100644 --- a/nix/machines/vm-synology/git.nix +++ b/nix/profiles/git-server.nix diff --git a/nix/machines/vm-synology/hardware.nix b/nix/profiles/hardware/synology.nix index c894a80..ad1fd3f 100644 --- a/nix/machines/vm-synology/hardware.nix +++ b/nix/profiles/hardware/synology.nix @@ -1,10 +1,8 @@ { lib, modulesPath, ... }: - { imports = [ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/installer/scan/not-detected.nix") - ./disk.nix ]; boot.initrd.availableKernelModules = [ @@ -21,12 +19,5 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/nix/profiles/home-manager.nix b/nix/profiles/home-manager.nix new file mode 100644 index 0000000..50ed0c4 --- /dev/null +++ b/nix/profiles/home-manager.nix @@ -0,0 +1,36 @@ +{ + self, + hostName, + inputs, + config, + adminUser, + ... +}: +{ + home-manager.extraSpecialArgs = + { + inherit + self + hostName + inputs + adminUser + ; + } + // { + mainConfig = config; + configPath = "${self}/config/users/fcuny}"; + }; + + home-manager.sharedModules = [ + inputs.agenix.homeManagerModules.default + "${self}/nix/users/modules/userinfo.nix" + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.emacs-overlay.overlay + self.overlays.default + ]; + nixpkgs.config.allowUnfree = true; + } + ]; +} diff --git a/nix/profiles/server.nix b/nix/profiles/server.nix new file mode 100644 index 0000000..30f186b --- /dev/null +++ b/nix/profiles/server.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + time.timeZone = "America/Los_Angeles"; + + # Don't require password for sudo + security.sudo.wheelNeedsPassword = false; + + # Virtualization settings + virtualisation.docker.enable = true; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + boot.loader.systemd-boot.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + environment.systemPackages = with pkgs; [ + curl + fd + fish + git + htop + jq + mtr + pciutils + powertop + ripgrep + tcpdump + traceroute + vim + ]; + + boot.kernel.sysctl = { + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + + networking = { + firewall = { + enable = false; + allowPing = true; + logRefusedConnections = false; + }; + useNetworkd = lib.mkDefault true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + + # Default to systemd-networkd usage. + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + # Use systemd-resolved for DoT support. + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + # Used by systemd-resolved, not directly by resolv.conf. + networking.nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + + ## disable that slow "building man-cache" step + documentation.man.generateCaches = lib.mkForce false; +} |