summaryrefslogtreecommitdiff
path: root/os/pc
diff options
context:
space:
mode:
Diffstat (limited to 'os/pc')
-rw-r--r--os/pc/configuration.nix27
-rw-r--r--os/pc/modules/getty.nix15
-rw-r--r--os/pc/modules/network.nix10
-rw-r--r--os/pc/modules/sshfs.nix25
-rw-r--r--os/pc/modules/wayland.nix36
-rw-r--r--os/pc/secrets.yaml31
6 files changed, 144 insertions, 0 deletions
diff --git a/os/pc/configuration.nix b/os/pc/configuration.nix
new file mode 100644
index 0000000..4cd3a62
--- /dev/null
+++ b/os/pc/configuration.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }: let
+ user = config.global.userdata.name;
+in {
+ imports = [
+ ../common/configuration.nix
+
+ ./modules/getty.nix
+ ./modules/sshfs.nix
+ ./modules/network.nix
+ ./modules/wayland.nix
+ ];
+
+ boot = {
+ consoleLogLevel = 3;
+ kernelPackages = pkgs.linuxPackages_latest;
+ };
+
+ sound.enable = true;
+ services.pipewire = {
+ enable = true;
+ pulse.enable = true;
+ };
+
+ documentation.dev.enable = true;
+ programs.adb.enable = true;
+ users.users.${user}.extraGroups = [ "adbusers" ];
+}
diff --git a/os/pc/modules/getty.nix b/os/pc/modules/getty.nix
new file mode 100644
index 0000000..8c7f57e
--- /dev/null
+++ b/os/pc/modules/getty.nix
@@ -0,0 +1,15 @@
+{ config, ... }: let
+ user = config.global.userdata.name;
+in {
+ systemd.services."getty@".serviceConfig.TTYVTDisallocate = "no";
+
+ services.getty = {
+ loginOptions = "-f ${user}";
+ extraArgs = [
+ "--nonewline"
+ "--skip-login"
+ "--noclear"
+ "--noissue"
+ ];
+ };
+}
diff --git a/os/pc/modules/network.nix b/os/pc/modules/network.nix
new file mode 100644
index 0000000..6e07963
--- /dev/null
+++ b/os/pc/modules/network.nix
@@ -0,0 +1,10 @@
+{ ... }: {
+ networking.wireless.iwd = {
+ enable = true;
+
+ settings = {
+ General.EnableNetworkConfiguration = true;
+ Network.NameResolvingService = "resolvconf";
+ };
+ };
+}
diff --git a/os/pc/modules/sshfs.nix b/os/pc/modules/sshfs.nix
new file mode 100644
index 0000000..2dbccce
--- /dev/null
+++ b/os/pc/modules/sshfs.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }: let
+ domain = config.global.userdata.domain;
+ user = config.global.userdata.name;
+ uid = config.users.users.${user}.uid;
+ gid = config.users.groups.users.gid;
+in {
+ sops.secrets."misc/sftp".sopsFile = ../secrets.yaml;
+ system.fsPackages = with pkgs; [ sshfs ];
+
+ fileSystems."/media/kay" = {
+ device = "sftp@${domain}:";
+ fsType = "sshfs";
+
+ options = [
+ "allow_other" # for non-root access
+ "uid=${toString uid}"
+ "gid=${toString gid}"
+ "_netdev" # this is a network fs
+ "x-systemd.automount" # mount on demand
+ "reconnect" # handle connection drops
+ "ServerAliveInterval=15" # keep connections alive
+ "IdentityFile=${config.sops.secrets."misc/sftp".path}"
+ ];
+ };
+}
diff --git a/os/pc/modules/wayland.nix b/os/pc/modules/wayland.nix
new file mode 100644
index 0000000..e609cd9
--- /dev/null
+++ b/os/pc/modules/wayland.nix
@@ -0,0 +1,36 @@
+{ config, ... }: let
+ user = config.global.userdata.name;
+
+ fontSans = config.global.font.sans.name;
+ fontMonospace = config.global.font.monospace.name;
+ fontPackages = config.global.font.monospace.packages
+ ++ config.global.font.sans.packages;
+in {
+ fonts = {
+ packages = fontPackages;
+ enableDefaultPackages = true;
+
+ fontconfig = {
+ hinting.style = "full";
+ subpixel.rgba = "rgb";
+
+ defaultFonts = {
+ monospace = [ fontMonospace ];
+ serif = [ fontSans ];
+ sansSerif = [ fontSans ];
+ };
+ };
+ };
+
+ users.users.${user}.extraGroups = [ "seat" ];
+ services = {
+ seatd.enable = true;
+ dbus = {
+ enable = true;
+ implementation = "broker";
+ };
+ };
+
+ hardware.opengl.enable = true;
+ security.pam.services.swaylock = {};
+}
diff --git a/os/pc/secrets.yaml b/os/pc/secrets.yaml
new file mode 100644
index 0000000..3e49d32
--- /dev/null
+++ b/os/pc/secrets.yaml
@@ -0,0 +1,31 @@
+misc:
+ sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL
+ b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC
+ TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj
+ d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A
+ xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps
+ V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu
+ Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X
+ dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
+ fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-06-04T10:15:07Z"
+ mac: ENC[AES256_GCM,data:zkxID1SWr9q7PQR4EVb/PaNVdS1xQdVcnwHlWzseqZrjEgyJLlupYKwEOw9eB4dY/R1VZx46BgI5Kk6rgbrIopnV3symARUOcqPUHM3lfz7h3S3sRJv547fu0UdQGp00HM1pW2nA5v6w8oY+H96+JdVtorrAt56B7EN6J28nb3M=,iv:p2gUIviAG3mBcMH6KUGmnvetWH9lb8ZlamSGOpbqins=,tag:adw9FMLJk5cUHmNmuRnZUQ==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.8.1