From b84ca8ac24488e20fe9add6600816aff782f602e Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Thu, 3 Apr 2025 12:50:08 +0200 Subject: [PATCH] Changed: Modules --- hosts/m920q/default.nix | 19 +++- modules/file_managers/spacefm.nix | 4 + modules/file_managers/thunar.nix | 13 +++ modules/firewall.nix | 7 ++ modules/fonts.nix | 31 ++++++ modules/localisation.nix | 20 ++++ modules/nix-settings.nix | 36 +++++++ modules/openssh.nix | 13 +++ modules/pipewire.nix | 20 ++++ modules/podman.nix | 34 ++++++ modules/services.nix | 15 +++ modules/system.nix | 171 +----------------------------- modules/vpn.nix | 8 ++ 13 files changed, 218 insertions(+), 173 deletions(-) create mode 100644 modules/file_managers/spacefm.nix create mode 100644 modules/file_managers/thunar.nix create mode 100644 modules/firewall.nix create mode 100644 modules/fonts.nix create mode 100644 modules/localisation.nix create mode 100644 modules/nix-settings.nix create mode 100644 modules/openssh.nix create mode 100644 modules/pipewire.nix create mode 100644 modules/podman.nix create mode 100644 modules/services.nix create mode 100644 modules/vpn.nix diff --git a/hosts/m920q/default.nix b/hosts/m920q/default.nix index d8ede85..20669d5 100644 --- a/hosts/m920q/default.nix +++ b/hosts/m920q/default.nix @@ -7,12 +7,21 @@ { imports = [ - ../../modules/system.nix - ../../modules/regreet/regreet.nix - ../../modules/plymouth.nix + ../../modules/system.nix + ../../modules/vpn.nix + ../../modules/fonts.nix + ../../modules/firewall.nix + ../../modules/localisation.nix + ../../modules/openssh.nix + ../../modules/pipewire.nix + ../../modules/podman.nix + ../../modules/services.nix + ../../modules/regreet/regreet.nix + ../../modules/plymouth.nix + ../../modules/file_managers/spacefm.nix - # Include the results of the hardware scan. - ./hardware-configuration.nix +# Include the results of the hardware scan. + ./hardware-configuration.nix ]; # Bootloader. diff --git a/modules/file_managers/spacefm.nix b/modules/file_managers/spacefm.nix new file mode 100644 index 0000000..6647c8f --- /dev/null +++ b/modules/file_managers/spacefm.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + programs.spacefm.enable = true; +} diff --git a/modules/file_managers/thunar.nix b/modules/file_managers/thunar.nix new file mode 100644 index 0000000..6b16924 --- /dev/null +++ b/modules/file_managers/thunar.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + programs.xfconf.enable = true; + services.gvfs.enable = true; + services.tumbler.enable = true; + programs.thunar = { + enable = true; + plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman + ]; + }; +} diff --git a/modules/firewall.nix b/modules/firewall.nix new file mode 100644 index 0000000..52aa16e --- /dev/null +++ b/modules/firewall.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; +} diff --git a/modules/fonts.nix b/modules/fonts.nix new file mode 100644 index 0000000..3a56315 --- /dev/null +++ b/modules/fonts.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: +{ + fonts = { + packages = with pkgs; [ + # icon fonts + material-icons + material-black-colors + material-design-icons + + # normal fonts + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + + nerdfonts + ]; + + # use fonts specified by user rather than default ones + enableDefaultPackages = false; + + # user defined fonts + # the reason there's Noto Color Emoji everywhere is to override DejaVu's + # B&W emojis that would sometimes show instead of some Color emojis + fontconfig.defaultFonts = { + serif = ["Noto Serif" "Noto Color Emoji"]; + sansSerif = ["Noto Sans" "Noto Color Emoji"]; + monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"]; + emoji = ["Noto Color Emoji"]; + }; + }; +} diff --git a/modules/localisation.nix b/modules/localisation.nix new file mode 100644 index 0000000..9c2a792 --- /dev/null +++ b/modules/localisation.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; +} diff --git a/modules/nix-settings.nix b/modules/nix-settings.nix new file mode 100644 index 0000000..fa2599d --- /dev/null +++ b/modules/nix-settings.nix @@ -0,0 +1,36 @@ +{ pkgs, username, ... }: +{ + # given the users in this list the right to specify additional substituters via: + # 1. `nixConfig.substituers` in `flake.nix` + # 2. command line args `--options substituers http://xxx` + nix.settings.trusted-users = [username]; + + # customise /etc/nix/nix.conf declaratively via `nix.settings` + nix.settings = { + # enable flakes globally + experimental-features = ["nix-command" "flakes"]; + auto-optimise-store = true; + substituters = [ + "https://cache.nixos.org" + "https://hyprland.cachix.org" + ]; + + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + ]; + builders-use-substitutes = true; + }; + + # do garbage collection weekly to keep disk usage low + nix.gc = { + automatic = lib.mkDefault true; + dates = lib.mkDefault "1h"; + options = lib.mkDefault "--delete-older-than +3"; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowBroken = true; + +} diff --git a/modules/openssh.nix b/modules/openssh.nix new file mode 100644 index 0000000..cf99d46 --- /dev/null +++ b/modules/openssh.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; +} diff --git a/modules/pipewire.nix b/modules/pipewire.nix new file mode 100644 index 0000000..a35d571 --- /dev/null +++ b/modules/pipewire.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + # Enable sound with pipewire. + #sound.enable = true; + hardware.pulseaudio.enable = false; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + +} diff --git a/modules/podman.nix b/modules/podman.nix new file mode 100644 index 0000000..d491856 --- /dev/null +++ b/modules/podman.nix @@ -0,0 +1,34 @@ +{ pkgs, ...}: +{ + + environment.packages = with pkgs; [ + # Virtualisation + podman-compose # docker-compose alternative + dive # docker layer viewer + podman-tui # status of containers in terminal + podman-desktop # Desktop client + tailscale # Vpn + ]; + # Virtualisation + virtualisation = { + containers.enable = true; + + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + + oci-containers = { + backend = "podman"; + containers = { + /*container-name = { + image = "image"; + autoStart = true; + ports = [ "127.0.0.1:1234:1234" ]; + };*/ + }; + }; + }; + +} diff --git a/modules/services.nix b/modules/services.nix new file mode 100644 index 0000000..6fee5b8 --- /dev/null +++ b/modules/services.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + services = { + dbus.packages = [pkgs.gcr]; + + geoclue2.enable = true; + + udev.packages = with pkgs; [gnome.gnome-settings-daemon]; + + # Enable CUPS to print documents. + printing.enable = true; + + power-profiles-daemon.enable = true; + }; +} diff --git a/modules/system.nix b/modules/system.nix index 75b2a04..9b59de4 100644 --- a/modules/system.nix +++ b/modules/system.nix @@ -12,141 +12,8 @@ description = username; extraGroups = ["networkmanager" "wheel" "podman"]; }; -# given the users in this list the right to specify additional substituters via: -# 1. `nixConfig.substituers` in `flake.nix` -# 2. command line args `--options substituers http://xxx` - nix.settings.trusted-users = [username]; - -# customise /etc/nix/nix.conf declaratively via `nix.settings` - nix.settings = { -# enable flakes globally - experimental-features = ["nix-command" "flakes"]; - auto-optimise-store = true; - substituters = [ - "https://cache.nixos.org" - "https://hyprland.cachix.org" - ]; - - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - ]; - builders-use-substitutes = true; - }; - -# do garbage collection weekly to keep disk usage low - nix.gc = { - automatic = lib.mkDefault true; - dates = lib.mkDefault "weekly"; - options = lib.mkDefault "--delete-older-than +3"; - }; - -# Allow unfree packages - nixpkgs.config.allowUnfree = true; - nixpkgs.config.allowBroken = true; - -# Set your time zone. - time.timeZone = "Europe/Berlin"; - -# Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - -# Enable CUPS to print documents. - services.printing.enable = true; - - fonts = { - packages = with pkgs; [ - # icon fonts - material-icons - material-black-colors - material-design-icons - - # normal fonts - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - - nerdfonts - ]; - -# use fonts specified by user rather than default ones - enableDefaultPackages = false; - -# user defined fonts -# the reason there's Noto Color Emoji everywhere is to override DejaVu's -# B&W emojis that would sometimes show instead of some Color emojis - fontconfig.defaultFonts = { - serif = ["Noto Serif" "Noto Color Emoji"]; - sansSerif = ["Noto Sans" "Noto Color Emoji"]; - monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"]; - emoji = ["Noto Color Emoji"]; - }; - }; programs.dconf.enable = true; - - programs.spacefm.enable = true; - /*programs.xfconf.enable = true; - services.gvfs.enable = true; - services.tumbler.enable = true; - programs.thunar = { - enable = true; - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - };*/ - -# Virtualisation - virtualisation = { - containers.enable = true; - - podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - - oci-containers = { - backend = "podman"; - containers = { - /*container-name = { - image = "image"; - autoStart = true; - ports = [ "127.0.0.1:1234:1234" ]; - };*/ - }; - }; - }; - - -# networking.firewall.allowedTCPPorts = [ ... ]; -# networking.firewall.allowedUDPPorts = [ ... ]; -# Or disable the firewall altogether. - networking.firewall.enable = false; - -# Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - PermitRootLogin = "no"; # disable root login - PasswordAuthentication = false; # disable password login - }; - openFirewall = true; - }; # List packages installed in system profile. To search, run: # $ nix search wget @@ -203,42 +70,10 @@ p7zip xz -# Virtualisation - podman-compose # docker-compose alternative - dive # docker layer viewer - podman-tui # status of containers in terminal - podman-desktop # Desktop client - tailscale # Vpn + ]; -# Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - services.power-profiles-daemon = { - enable = true; - }; + security.polkit.enable = true; - services = { - dbus.packages = [pkgs.gcr]; - - geoclue2.enable = true; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - tailscale.enable = true; - - udev.packages = with pkgs; [gnome.gnome-settings-daemon]; - }; -} + } diff --git a/modules/vpn.nix b/modules/vpn.nix new file mode 100644 index 0000000..79e96dd --- /dev/null +++ b/modules/vpn.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + services.tailscale = { + enable = true; + openFirewall = true; + }; + +}