NixOS/FxNet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
derFenix
2025-09-01 14:21:12 +03:00
commit 5787dcd528
47 changed files with 3079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
roles/default.nix Normal file
View File

@@ -0,0 +1,131 @@
{
pkgs,
config,
lib,
...
}:
{
systemd = {
oomd = {
enable = true;
enableUserSlices = lib.mkDefault true;
enableSystemSlice = lib.mkDefault true;
extraConfig = {
DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
DefaultMemoryPressureLimit = lib.mkDefault "50%";
};
};
};
boot.kernel.sysctl = {
"vm.swappiness" = config.swappiness;
};
networking = {
domain = lib.mkDefault "fxnet";
search = [
config.networking.domain
];
hosts = {
"192.168.1.5" = [
"nas.fxnet"
"radicale.fxnet"
];
};
firewall = {
enable = lib.mkDefault true;
};
iproute2.enable = lib.mkDefault true;
};
services = {
openssh = {
enable = lib.mkDefault true;
settings = {
PermitRootLogin = lib.mkDefault "prohibit-password";
PasswordAuthentication = lib.mkDefault false;
AllowGroups = [
"ssh"
"root"
];
};
};
timesyncd.servers = [
"192.168.1.1"
"0.nixos.pool.ntp.org"
];
btrfs.autoScrub = {
enable = lib.mkDefault true;
interval = lib.mkDefault "monthly";
fileSystems = [
"/"
"/nix"
"/home"
];
};
};
programs = {
nix-index = {
enable = true;
enableFishIntegration = config.programs.fish.enable;
enableZshIntegration = config.programs.zsh.enable;
enableBashIntegration = config.programs.bash.enable;
};
};
environment.systemPackages = with pkgs; [
linux-firmware
git
wget
curl
htop
gnumake
neovim
# archives
zip
xz
unzip
p7zip
# utils
ripgrep # recursively searches directories for a regex pattern
jq # A lightweight and flexible command-line JSON processor
# networking tools
mtr # A network diagnostic tool
ldns # replacement of `dig`, it provide the command `drill`
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
file
which
tree
gnused
gnutar
gawk
zstd
gnupg
bc
# btop # replacement of htop/nmon
iotop # io monitoring
iftop # network monitoring
# system call monitoring
strace # system call monitoring
ltrace # library call monitoring
lsof # list open files
cifs-utils
age
sops
];
}

197
roles/desktop.nix Normal file
View File

@@ -0,0 +1,197 @@
{
pkgs,
lib,
config,
...
}:
let
specialisations = builtins.map (name: ../specialisations + "/${name}") (
builtins.attrNames (builtins.readDir ../specialisations)
);
in
{
imports = [
./default.nix
]
++ specialisations;
swappiness = lib.mkDefault 20;
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
tmp = {
cleanOnBoot = lib.mkDefault true;
tmpfsSize = lib.mkDefault "50%";
useTmpfs = lib.mkDefault true;
};
consoleLogLevel = lib.mkDefault 1;
loader = {
systemd-boot = {
enable = lib.mkDefault true;
configurationLimit = lib.mkDefault 10;
};
efi.canTouchEfiVariables = lib.mkDefault true;
};
};
hardware = {
enableRedistributableFirmware = lib.mkDefault true;
bluetooth = {
enable = lib.mkDefault true;
powerOnBoot = true;
settings = {
General = {
IdleTimeout = 0;
ControllerMode = "dual";
MultiProfile = "multiple";
FastConnectable = true;
};
};
};
};
networking = {
networkmanager = {
enable = lib.mkDefault true;
plugins = lib.mkForce [ ];
};
firewall = {
enable = false;
};
};
i18n = {
defaultLocale = "ru_RU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
};
security = {
rtkit.enable = true;
sudo = {
enable = true;
extraConfig = ''
Defaults:root,%wheel env_keep=HTTPS_PROXY
Defaults:root,%wheel env_keep=no_proxy
'';
};
pam = {
yubico.enable = true;
yubico.mode = "challenge-response";
};
};
services = {
pulseaudio.enable = false;
pcscd.enable = true;
resolved = {
enable = true;
fallbackDns = [
# "192.168.1.5"
"1.1.1.1"
"8.8.8.8"
];
};
pipewire = {
wireplumber.enable = true;
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
libinput.enable = true;
btrfs.autoScrub.interval = "weekly";
flatpak.enable = true;
printing = {
enable = lib.mkDefault true;
openFirewall = true;
drivers = with pkgs; [
gutenprint
];
cups-pdf.enable = true;
browsing = lib.mkDefault true;
};
udev = {
extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
};
};
powerManagement = {
enable = true;
};
users.groups = {
ssh = {
name = "ssh";
};
};
environment.systemPackages = with pkgs; [
mesa
steam-run
obsidian
telegram-desktop
keepassxc
gimp
mpv
ffmpeg
yt-dlp
avidemux
krita
krita-plugin-gmic
# onlyoffice-desktopeditors
libreoffice-qt-fresh
thunderbird-latest
# Fonts
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
];
programs = {
nix-ld = {
enable = true;
libraries = [
];
};
yubikey-touch-detector = {
enable = config.security.pam.yubico.enable;
libnotify = true;
};
};
environment.pathsToLink = [
"/share/xdg-desktop-portal"
"/share/applications"
];
hardware = {
graphics = {
enable = true;
};
};
xdg.portal.enable = true;
}

8
roles/laptop.nix Normal file
View File

@@ -0,0 +1,8 @@
{...}:
{
imports = [
./desktop.nix
];
powerManagement.powertop.enable = true;
}

7
roles/server.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./default.nix
];
}