initial commit

2025-05-12 23:25:39 -03:00
parent bf178e3caa
commit dc6f6894e6
95 changed files with 3922 additions and 0 deletions
--- a/hosts/common/core/darwin.nix
+++ b/hosts/common/core/darwin.nix
@@ -0,0 +1,3 @@
+# Core functionality for every nix-darwin host
+# NOTE(starter): Declare any darwin-specific, core configurations here.
+{ }
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -0,0 +1,103 @@
+# FIXME(starter): modify this file and the other .nix files in `nix-config/hosts/common/core/` to declare
+# settings that will occur across all hosts
+
+# IMPORTANT: This is used by NixOS and nix-darwin so options must exist in both!
+{
+  inputs,
+  outputs,
+  config,
+  lib,
+  pkgs,
+  isDarwin,
+  ...
+}:
+let
+  platform = if isDarwin then "darwin" else "nixos";
+  platformModules = "${platform}Modules";
+in
+{
+  imports = lib.flatten [
+    inputs.home-manager.${platformModules}.home-manager
+
+    (map lib.custom.relativeToRoot [
+      "modules/common"
+      "modules/hosts/common"
+      "modules/hosts/${platform}"
+      "hosts/common/core/${platform}.nix"
+     #"hosts/common/core/sops.nix" # Core because it's used for backups, mail
+      "hosts/common/core/ssh.nix"
+      #"hosts/common/core/services" # uncomment this line if you add any modules to services directory
+      "hosts/common/users/primary"
+      "hosts/common/users/primary/${platform}.nix"
+    ])
+  ];
+
+  #
+  # ========== Core Host Specifications ==========
+  #
+  # FIXME(starter): modify the hostSpec options below to define values that are common across all hosts
+  # such as the username and handle of the primary user (see also `nix-config/hosts/common/users/primary`)
+  hostSpec = {
+    username = "panotaka";
+    handle = "panotaka";
+    # FIXME(starter): modify the attribute sets hostSpec will inherit from your nix-secrets.
+    # If you're not using nix-secrets then remove the following six lines below.
+
+  };
+
+  networking.hostName = config.hostSpec.hostName;
+
+  # System-wide packages, in case we log in as root
+  environment.systemPackages = [ pkgs.openssh ];
+
+  # Force home-manager to use global packages
+  home-manager.useGlobalPkgs = true;
+
+  # If there is a conflict file that is backed up, use this extension
+  home-manager.backupFileExtension = "bk";
+
+  #
+  # ========== Overlays ==========
+  #
+  nixpkgs = {
+    overlays = [
+      outputs.overlays.default
+    ];
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  #
+  # ========== Nix Nix Nix ==========
+  #
+  nix = {
+    # This will add each flake input as a registry
+    # To make nix3 commands consistent with your flake
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+    # This will add your inputs to the system's legacy channels
+    # Making legacy nix commands consistent as well, awesome!
+    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+
+    settings = {
+      # See https://jackson.dev/post/nix-reasonable-defaults/
+      connect-timeout = 5;
+      log-lines = 25;
+      min-free = 128000000; # 128MB
+      max-free = 1000000000; # 1GB
+
+      trusted-users = [ "@wheel" ];
+      # Deduplicate and optimize nix store
+      auto-optimise-store = true;
+      warn-dirty = false;
+
+      allow-import-from-derivation = true;
+
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+    };
+  };
+}
--- a/hosts/common/core/nixos.nix
+++ b/hosts/common/core/nixos.nix
@@ -0,0 +1,36 @@
+# Core functionality for every nixos host
+{ config, lib, ... }:
+{
+  # Database for aiding terminal-based programs
+  environment.enableAllTerminfo = true;
+  # Enable firmware with a license allowing redistribution
+  hardware.enableRedistributableFirmware = true;
+
+  # This should be handled by config.security.pam.sshAgentAuth.enable
+  security.sudo.extraConfig = ''
+    Defaults lecture = never # rollback results in sudo lectures after each reboot, it's somewhat useless anyway
+    Defaults pwfeedback # password input feedback - makes typed password visible as asterisks
+    Defaults timestamp_timeout=120 # only ask for password every 2h
+    # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
+    Defaults env_keep+=SSH_AUTH_SOCK
+  '';
+
+  #
+  # ========== Nix Helper ==========
+  #
+  # Provide better build output and will also handle garbage collection in place of standard nix gc (garbace collection)
+  # FIXME(starter): customize garbage collection rules as desired.
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 20d --keep 20";
+    flake = "/home/user/${config.hostSpec.home}/nix-config";
+  };
+
+  #
+  # ========== Localization ==========
+  #
+  # FIXME(starter): customize localization values as desired.
+  i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+  time.timeZone = lib.mkDefault "America/Edmonton";
+}
--- a/hosts/common/core/services/default.nix
+++ b/hosts/common/core/services/default.nix
@@ -0,0 +1,9 @@
+# Add your core services to the same directory as this default.nix file.
+# They will automatically be imported below.
+{
+  lib,
+  ...
+}:
+{
+  imports = (lib.custom.scanPaths ./.);
+}
--- a/hosts/common/core/ssh.nix
+++ b/hosts/common/core/ssh.nix
@@ -0,0 +1,11 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+{
+  programs.ssh = lib.optionalAttrs pkgs.stdenv.isLinux {
+    startAgent = true;
+    enableAskPassword = true;
+ };
+}