summaryrefslogtreecommitdiff
path: root/os/cez/modules
diff options
context:
space:
mode:
Diffstat (limited to 'os/cez/modules')
-rw-r--r--os/cez/modules/getty.nix15
-rw-r--r--os/cez/modules/network.nix15
-rw-r--r--os/cez/modules/sshfs.nix27
-rw-r--r--os/cez/modules/tlp.nix26
-rw-r--r--os/cez/modules/wayland.nix72
-rw-r--r--os/cez/modules/wireguard.nix27
6 files changed, 182 insertions, 0 deletions
diff --git a/os/cez/modules/getty.nix b/os/cez/modules/getty.nix
new file mode 100644
index 0000000..725eb4b
--- /dev/null
+++ b/os/cez/modules/getty.nix
@@ -0,0 +1,15 @@
+{ config, ... }: let
+ user = config.userdata.name;
+in {
+ systemd.services."getty@".serviceConfig.TTYVTDisallocate = "no";
+
+ services.getty = {
+ loginOptions = "-f ${user}";
+ extraArgs = [
+ "--nonewline"
+ "--skip-login"
+ "--noclear"
+ "--noissue"
+ ];
+ };
+}
diff --git a/os/cez/modules/network.nix b/os/cez/modules/network.nix
new file mode 100644
index 0000000..fb30056
--- /dev/null
+++ b/os/cez/modules/network.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+ networking = {
+ firewall.enable = false;
+
+ wireless.iwd = {
+ enable = true;
+ settings = {
+ General.EnableNetworkConfiguration = true;
+ Network.NameResolvingService = "resolvconf";
+ };
+ };
+ };
+}
diff --git a/os/cez/modules/sshfs.nix b/os/cez/modules/sshfs.nix
new file mode 100644
index 0000000..2431b96
--- /dev/null
+++ b/os/cez/modules/sshfs.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+let
+ domain = config.userdata.domain;
+ user = config.userdata.name;
+ uid = config.users.users.${user}.uid;
+ gid = config.users.groups.users.gid;
+in
+{
+ sops.secrets."misc/sftp" = {};
+ system.fsPackages = with pkgs; [ sshfs ];
+
+ fileSystems."/media/kay" = {
+ device = "sftp@${domain}:";
+ fsType = "sshfs";
+ options = [
+ "allow_other" # for non-root access
+ "uid=${toString uid}"
+ "gid=${toString gid}"
+ "_netdev" # this is a network fs
+ "x-systemd.automount" # mount on demand
+ "reconnect" # handle connection drops
+ "ServerAliveInterval=15" # keep connections alive
+ "IdentityFile=${config.sops.secrets."misc/sftp".path}"
+ ];
+ };
+}
diff --git a/os/cez/modules/tlp.nix b/os/cez/modules/tlp.nix
new file mode 100644
index 0000000..912fd5f
--- /dev/null
+++ b/os/cez/modules/tlp.nix
@@ -0,0 +1,26 @@
+{ ... }: {
+ services.tlp = {
+ enable = true;
+
+ settings = {
+ RADEON_DPM_STATE_ON_AC = "performance";
+ RADEON_DPM_STATE_ON_BAT = "battery";
+
+ NMI_WATCHDOG = 0;
+
+ CPU_SCALING_GOVERNOR_ON_AC = "performance";
+ CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+
+ DEVICES_TO_ENABLE_ON_AC = "bluetooth";
+ DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE = "bluetooth";
+
+ CPU_BOOST_ON_AC = 1;
+ CPU_BOOST_ON_BAT = 0;
+ CPU_HWP_DYN_BOOST_ON_AC = 1;
+ CPU_HWP_DYN_BOOST_ON_BAT = 0;
+
+ PLATFORM_PROFILE_ON_AC = "balanced";
+ PLATFORM_PROFILE_ON_BAT = "low-power";
+ };
+ };
+}
diff --git a/os/cez/modules/wayland.nix b/os/cez/modules/wayland.nix
new file mode 100644
index 0000000..1ce04cf
--- /dev/null
+++ b/os/cez/modules/wayland.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }: let
+ user = config.userdata.name;
+in {
+ # pkgs
+ environment.systemPackages = with pkgs; [
+ bemenu
+ sway
+ i3status
+ swaylock
+ swayidle
+ swaybg
+ foot
+ wl-clipboard
+ mako
+ xdg-utils
+ libnotify
+ ];
+
+ users.users.${user} = {
+ extraGroups = [ "seat" ];
+ packages = with pkgs; [
+ zathura
+ mpv
+ imv
+ wtype
+ qemu
+ OVMFFull
+ grim
+ slurp
+ tor-browser-bundle-bin
+ element-desktop-wayland
+ pinentry-bemenu
+ ];
+ };
+
+ # font
+ fonts = {
+ packages = with pkgs; [
+ terminus-nerdfont
+ dm-sans
+ ];
+ enableDefaultPackages = true;
+ fontconfig = {
+ hinting.style = "full";
+ subpixel.rgba = "rgb";
+ defaultFonts = {
+ monospace = [ "Terminess Nerd Font" ];
+ serif = [ "DeepMind Sans" ];
+ sansSerif = [ "DeepMind Sans" ];
+ };
+ };
+ };
+
+ # misc
+ services = {
+ seatd.enable = true;
+ dbus = {
+ enable = true;
+ implementation = "broker";
+ };
+ };
+
+ programs = {
+ gnupg.agent = {
+ enable = true;
+ pinentryPackage = pkgs.pinentry-bemenu;
+ };
+ };
+
+ security.pam.services.swaylock.text = "auth include login";
+ hardware.opengl.enable = true;
+}
diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix
new file mode 100644
index 0000000..d8e8dd0
--- /dev/null
+++ b/os/cez/modules/wireguard.nix
@@ -0,0 +1,27 @@
+{ config, ... }:
+
+let
+ domain = config.userdata.domain;
+in
+{
+ sops.secrets."misc/wireguard" = {};
+
+ networking.wg-quick.interfaces."kay" = {
+ autostart = false;
+ address = [ "10.0.1.2/24" ];
+ dns = [ "10.0.1.1" ];
+ mtu = 1380;
+ privateKeyFile = config.sops.secrets."misc/wireguard".path;
+
+ peers = [{
+ publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw=";
+ allowedIPs = [
+ "10.0.1.0/24"
+ "104.16.0.0/12"
+ "172.64.0.0/13"
+ ];
+ endpoint = "${domain}:51820";
+ persistentKeepalive = 25;
+ }];
+ };
+}