diff options
Diffstat (limited to 'os/pc')
| -rw-r--r-- | os/pc/configuration.nix | 27 | ||||
| -rw-r--r-- | os/pc/modules/getty.nix | 15 | ||||
| -rw-r--r-- | os/pc/modules/network.nix | 10 | ||||
| -rw-r--r-- | os/pc/modules/sshfs.nix | 25 | ||||
| -rw-r--r-- | os/pc/modules/wayland.nix | 36 | ||||
| -rw-r--r-- | os/pc/secrets.yaml | 31 |
6 files changed, 144 insertions, 0 deletions
diff --git a/os/pc/configuration.nix b/os/pc/configuration.nix new file mode 100644 index 0000000..4cd3a62 --- /dev/null +++ b/os/pc/configuration.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: let + user = config.global.userdata.name; +in { + imports = [ + ../common/configuration.nix + + ./modules/getty.nix + ./modules/sshfs.nix + ./modules/network.nix + ./modules/wayland.nix + ]; + + boot = { + consoleLogLevel = 3; + kernelPackages = pkgs.linuxPackages_latest; + }; + + sound.enable = true; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + documentation.dev.enable = true; + programs.adb.enable = true; + users.users.${user}.extraGroups = [ "adbusers" ]; +} diff --git a/os/pc/modules/getty.nix b/os/pc/modules/getty.nix new file mode 100644 index 0000000..8c7f57e --- /dev/null +++ b/os/pc/modules/getty.nix @@ -0,0 +1,15 @@ +{ config, ... }: let + user = config.global.userdata.name; +in { + systemd.services."getty@".serviceConfig.TTYVTDisallocate = "no"; + + services.getty = { + loginOptions = "-f ${user}"; + extraArgs = [ + "--nonewline" + "--skip-login" + "--noclear" + "--noissue" + ]; + }; +} diff --git a/os/pc/modules/network.nix b/os/pc/modules/network.nix new file mode 100644 index 0000000..6e07963 --- /dev/null +++ b/os/pc/modules/network.nix @@ -0,0 +1,10 @@ +{ ... }: { + networking.wireless.iwd = { + enable = true; + + settings = { + General.EnableNetworkConfiguration = true; + Network.NameResolvingService = "resolvconf"; + }; + }; +} diff --git a/os/pc/modules/sshfs.nix b/os/pc/modules/sshfs.nix new file mode 100644 index 0000000..2dbccce --- /dev/null +++ b/os/pc/modules/sshfs.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: let + domain = config.global.userdata.domain; + user = config.global.userdata.name; + uid = config.users.users.${user}.uid; + gid = config.users.groups.users.gid; +in { + sops.secrets."misc/sftp".sopsFile = ../secrets.yaml; + system.fsPackages = with pkgs; [ sshfs ]; + + fileSystems."/media/kay" = { + device = "sftp@${domain}:"; + fsType = "sshfs"; + + options = [ + "allow_other" # for non-root access + "uid=${toString uid}" + "gid=${toString gid}" + "_netdev" # this is a network fs + "x-systemd.automount" # mount on demand + "reconnect" # handle connection drops + "ServerAliveInterval=15" # keep connections alive + "IdentityFile=${config.sops.secrets."misc/sftp".path}" + ]; + }; +} diff --git a/os/pc/modules/wayland.nix b/os/pc/modules/wayland.nix new file mode 100644 index 0000000..e609cd9 --- /dev/null +++ b/os/pc/modules/wayland.nix @@ -0,0 +1,36 @@ +{ config, ... }: let + user = config.global.userdata.name; + + fontSans = config.global.font.sans.name; + fontMonospace = config.global.font.monospace.name; + fontPackages = config.global.font.monospace.packages + ++ config.global.font.sans.packages; +in { + fonts = { + packages = fontPackages; + enableDefaultPackages = true; + + fontconfig = { + hinting.style = "full"; + subpixel.rgba = "rgb"; + + defaultFonts = { + monospace = [ fontMonospace ]; + serif = [ fontSans ]; + sansSerif = [ fontSans ]; + }; + }; + }; + + users.users.${user}.extraGroups = [ "seat" ]; + services = { + seatd.enable = true; + dbus = { + enable = true; + implementation = "broker"; + }; + }; + + hardware.opengl.enable = true; + security.pam.services.swaylock = {}; +} diff --git a/os/pc/secrets.yaml b/os/pc/secrets.yaml new file mode 100644 index 0000000..3e49d32 --- /dev/null +++ b/os/pc/secrets.yaml @@ -0,0 +1,31 @@ +misc: + sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL + b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC + TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj + d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A + xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps + V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu + Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X + dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28 + fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-04T10:15:07Z" + mac: ENC[AES256_GCM,data:zkxID1SWr9q7PQR4EVb/PaNVdS1xQdVcnwHlWzseqZrjEgyJLlupYKwEOw9eB4dY/R1VZx46BgI5Kk6rgbrIopnV3symARUOcqPUHM3lfz7h3S3sRJv547fu0UdQGp00HM1pW2nA5v6w8oY+H96+JdVtorrAt56B7EN6J28nb3M=,iv:p2gUIviAG3mBcMH6KUGmnvetWH9lb8ZlamSGOpbqins=,tag:adw9FMLJk5cUHmNmuRnZUQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 |