diff --git a/flake.nix b/flake.nix index ea33aa6..403bed6 100644 --- a/flake.nix +++ b/flake.nix @@ -119,7 +119,6 @@ suites = with profiles; self.lib.flattenSetList rec { base = [ - core (with users; [ root infinidoge ]) ]; graphic = base ++ [ graphical.qtile ]; diff --git a/modules/global/general.nix b/modules/global/general.nix new file mode 100644 index 0000000..60e4c68 --- /dev/null +++ b/modules/global/general.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + bud.enable = true; + + programs = { + # Enable dconf for programs that need it + dconf.enable = true; + + udevil.enable = true; + }; + + services = { + # Enable Early Out of Memory service + earlyoom.enable = true; + + # Ensure certain necessary directories always exist + ensure.directories = [ "/mnt" ]; + }; + + system.activationScripts = { + # FIX: command-not-found database doesn't exist normally + channels-update.text = '' + ${pkgs.nix}/bin/nix-channel --update + ''; + }; +} diff --git a/modules/global/packages.nix b/modules/global/packages.nix new file mode 100644 index 0000000..682f4e6 --- /dev/null +++ b/modules/global/packages.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: +{ + # Use the latest Linux kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Remove all default packages + environment.defaultPackages = lib.mkForce [ ]; + + # Packages wanted everywhere + environment.systemPackages = with pkgs; [ + bat + binutils + btrfs-progs + coreutils-doge + curl + direnv + dnsutils + dosfstools + exfat # Windows drives + fd + ffmpeg + git + htop + iputils + jq + lynx + manix + moreutils + neofetch + nmap + ntfs3g # Windows drives + parted + ripgrep + rsync + skim + sshfs + strace + tealdeer + tree + unixtools.whereis + unzip + usbutils + utillinux + vim + wget + whois + ]; +} diff --git a/modules/global/security.nix b/modules/global/security.nix new file mode 100644 index 0000000..9b21ce7 --- /dev/null +++ b/modules/global/security.nix @@ -0,0 +1,44 @@ +{ config, lib, ... }: +with lib; +{ + # Security settings based on https://github.com/hlissner/dotfiles/blob/master/modules/security.nix + security = { + sudo.extraConfig = '' + Defaults lecture=never + ''; + acme.acceptTerms = true; + + pam.enableSSHAgentAuth = true; + }; + + boot = { + # Make tmp volatile, using tmpfs is speedy on SSD systems + # Redundant on opt-in state systems + # tmpOnTmpfs = mkDefault true; + # cleanTmpDir = mkDefault (!config.boot.tmpOnTmpfs); + }; + + # Allow non-root users to allow other users to access mount point + programs.fuse.userAllowOther = mkDefault true; + + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = mkDefault true; + forwardX11 = mkDefault false; + hostKeys = mkDefault [ + { + bits = 4096; + openSSHFormat = true; + path = "/etc/ssh/ssh_host_rsa_key"; + rounds = 100; + type = "rsa"; + } + { + path = "/etc/ssh/ssh_host_ed25519_key"; + rounds = 100; + type = "ed25519"; + } + ]; + }; +} diff --git a/modules/global/shell.nix b/modules/global/shell.nix new file mode 100644 index 0000000..633481c --- /dev/null +++ b/modules/global/shell.nix @@ -0,0 +1,53 @@ +{ config, lib, ... }: +let + ifSudo = lib.mkIf config.security.sudo.enable; +in +{ + environment.shellAliases = { + # quick cd + ".." = "cd .."; + "..." = "cd ../.."; + "...." = "cd ../../.."; + "....." = "cd ../../../.."; + + # git + g = "git"; + + gcd = "cd $(git root)"; + + # grep + grep = "rg"; + gi = "grep -i"; + + # internet ip + myip = "curl ipecho.net/plain"; + + # sudo + s = ifSudo "sudo -E "; + si = ifSudo "sudo -i"; + se = ifSudo "sudoedit"; + + # systemd + ctl = "systemctl"; + stl = ifSudo "s systemctl"; + utl = "systemctl --user"; + ut = "systemctl --user start"; + un = "systemctl --user stop"; + up = ifSudo "s systemctl start"; + dn = ifSudo "s systemctl stop"; + jtl = "journalctl"; + + ll = "ls -al"; + dd = "dd status=progress"; + cat = "bat --paging=never"; + + lsdisk = "lsblk -o name,size,mountpoints,fstype,label,uuid,fsavail,fsuse%"; + + mnt = "s mount"; + umnt = "s umount"; + + mktmp = "cd $(mktemp -d)"; + + edit = "$EDITOR"; + }; +} diff --git a/modules/modules/global.nix b/modules/modules/global.nix deleted file mode 100644 index 348c5d9..0000000 --- a/modules/modules/global.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -with lib.hlissner; -{ - # Security settings based on https://github.com/hlissner/dotfiles/blob/master/modules/security.nix - security = { - sudo.extraConfig = '' - Defaults lecture=never - ''; - acme.acceptTerms = true; - - pam = { - enableSSHAgentAuth = true; - }; - }; - - # Remove all default packages - environment.defaultPackages = mkForce [ ]; - - boot = { - # Make tmp volatile, using tmpfs is speedy on SSD systems - tmpOnTmpfs = mkDefault true; - cleanTmpDir = mkDefault (!config.boot.tmpOnTmpfs); - - # Use the latest Linux kernel - kernelPackages = pkgs.linuxPackages_latest; - }; - - programs = { - # Allow non-root users to allow other users to access mount point - fuse.userAllowOther = mkDefault true; - - # Enable dconf for programs that need it - dconf.enable = true; - }; - - bud.enable = lib.mkDefault true; - - services = { - # Ensure certain necessary directories always exist - ensure.directories = [ "/mnt" ]; - - # Enable Early Out of Memory service - earlyoom.enable = true; - - # For rage encryption, all hosts need a ssh key pair - openssh = { - enable = true; - openFirewall = lib.mkDefault true; - forwardX11 = lib.mkDefault false; - hostKeys = lib.mkDefault [ - { - bits = 4096; - openSSHFormat = true; - path = "/etc/ssh/ssh_host_rsa_key"; - rounds = 100; - type = "rsa"; - } - { - path = "/etc/ssh/ssh_host_ed25519_key"; - rounds = 100; - type = "ed25519"; - } - ]; - }; - }; - - # FIX: command-not-found database doesn't exist normally - system.activationScripts.channels-update.text = '' - ${pkgs.nix}/bin/nix-channel --update - ''; -}