diff options
Diffstat (limited to 'os/cez/modules')
-rw-r--r-- | os/cez/modules/getty.nix | 15 | ||||
-rw-r--r-- | os/cez/modules/network.nix | 15 | ||||
-rw-r--r-- | os/cez/modules/sshfs.nix | 27 | ||||
-rw-r--r-- | os/cez/modules/tlp.nix | 26 | ||||
-rw-r--r-- | os/cez/modules/wayland.nix | 72 | ||||
-rw-r--r-- | os/cez/modules/wireguard.nix | 27 |
6 files changed, 182 insertions, 0 deletions
diff --git a/os/cez/modules/getty.nix b/os/cez/modules/getty.nix new file mode 100644 index 0000000..725eb4b --- /dev/null +++ b/os/cez/modules/getty.nix @@ -0,0 +1,15 @@ +{ config, ... }: let + user = config.userdata.name; +in { + systemd.services."getty@".serviceConfig.TTYVTDisallocate = "no"; + + services.getty = { + loginOptions = "-f ${user}"; + extraArgs = [ + "--nonewline" + "--skip-login" + "--noclear" + "--noissue" + ]; + }; +} diff --git a/os/cez/modules/network.nix b/os/cez/modules/network.nix new file mode 100644 index 0000000..fb30056 --- /dev/null +++ b/os/cez/modules/network.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + networking = { + firewall.enable = false; + + wireless.iwd = { + enable = true; + settings = { + General.EnableNetworkConfiguration = true; + Network.NameResolvingService = "resolvconf"; + }; + }; + }; +} diff --git a/os/cez/modules/sshfs.nix b/os/cez/modules/sshfs.nix new file mode 100644 index 0000000..2431b96 --- /dev/null +++ b/os/cez/modules/sshfs.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: + +let + domain = config.userdata.domain; + user = config.userdata.name; + uid = config.users.users.${user}.uid; + gid = config.users.groups.users.gid; +in +{ + sops.secrets."misc/sftp" = {}; + system.fsPackages = with pkgs; [ sshfs ]; + + fileSystems."/media/kay" = { + device = "sftp@${domain}:"; + fsType = "sshfs"; + options = [ + "allow_other" # for non-root access + "uid=${toString uid}" + "gid=${toString gid}" + "_netdev" # this is a network fs + "x-systemd.automount" # mount on demand + "reconnect" # handle connection drops + "ServerAliveInterval=15" # keep connections alive + "IdentityFile=${config.sops.secrets."misc/sftp".path}" + ]; + }; +} diff --git a/os/cez/modules/tlp.nix b/os/cez/modules/tlp.nix new file mode 100644 index 0000000..912fd5f --- /dev/null +++ b/os/cez/modules/tlp.nix @@ -0,0 +1,26 @@ +{ ... }: { + services.tlp = { + enable = true; + + settings = { + RADEON_DPM_STATE_ON_AC = "performance"; + RADEON_DPM_STATE_ON_BAT = "battery"; + + NMI_WATCHDOG = 0; + + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + DEVICES_TO_ENABLE_ON_AC = "bluetooth"; + DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE = "bluetooth"; + + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + CPU_HWP_DYN_BOOST_ON_AC = 1; + CPU_HWP_DYN_BOOST_ON_BAT = 0; + + PLATFORM_PROFILE_ON_AC = "balanced"; + PLATFORM_PROFILE_ON_BAT = "low-power"; + }; + }; +} diff --git a/os/cez/modules/wayland.nix b/os/cez/modules/wayland.nix new file mode 100644 index 0000000..1ce04cf --- /dev/null +++ b/os/cez/modules/wayland.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: let + user = config.userdata.name; +in { + # pkgs + environment.systemPackages = with pkgs; [ + bemenu + sway + i3status + swaylock + swayidle + swaybg + foot + wl-clipboard + mako + xdg-utils + libnotify + ]; + + users.users.${user} = { + extraGroups = [ "seat" ]; + packages = with pkgs; [ + zathura + mpv + imv + wtype + qemu + OVMFFull + grim + slurp + tor-browser-bundle-bin + element-desktop-wayland + pinentry-bemenu + ]; + }; + + # font + fonts = { + packages = with pkgs; [ + terminus-nerdfont + dm-sans + ]; + enableDefaultPackages = true; + fontconfig = { + hinting.style = "full"; + subpixel.rgba = "rgb"; + defaultFonts = { + monospace = [ "Terminess Nerd Font" ]; + serif = [ "DeepMind Sans" ]; + sansSerif = [ "DeepMind Sans" ]; + }; + }; + }; + + # misc + services = { + seatd.enable = true; + dbus = { + enable = true; + implementation = "broker"; + }; + }; + + programs = { + gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-bemenu; + }; + }; + + security.pam.services.swaylock.text = "auth include login"; + hardware.opengl.enable = true; +} diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix new file mode 100644 index 0000000..d8e8dd0 --- /dev/null +++ b/os/cez/modules/wireguard.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +let + domain = config.userdata.domain; +in +{ + sops.secrets."misc/wireguard" = {}; + + networking.wg-quick.interfaces."kay" = { + autostart = false; + address = [ "10.0.1.2/24" ]; + dns = [ "10.0.1.1" ]; + mtu = 1380; + privateKeyFile = config.sops.secrets."misc/wireguard".path; + + peers = [{ + publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw="; + allowedIPs = [ + "10.0.1.0/24" + "104.16.0.0/12" + "172.64.0.0/13" + ]; + endpoint = "${domain}:51820"; + persistentKeepalive = 25; + }]; + }; +} |