From e8d8a0107092034773374171a54d483195988c91 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Sat, 16 Mar 2024 13:18:17 -0400 Subject: [PATCH] modules: massive code cleanup and style improvements --- modules/desktop.nix | 10 ++-- modules/gnome/default.nix | 23 ++++---- modules/homelab/default.nix | 6 +- modules/homelab/nginx_proxy.nix | 21 ++++--- modules/homelab/samba.nix | 56 +++++++++--------- modules/homelab/virtualization.nix | 14 ++--- modules/kde.nix | 10 +++- modules/plymouth.nix | 9 +-- modules/steam.nix | 6 +- system/default.nix | 91 +++++++++++++++++------------- system/network.nix | 79 +++++++++++++------------- system/sound.nix | 2 - 12 files changed, 170 insertions(+), 157 deletions(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index a162e3af..dce51b45 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -2,15 +2,13 @@ { ## Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.excludePackages = with pkgs; [ - xterm - ]; - - # Configure keymap in X11 services.xserver = { + enable = true; xkb.layout = "us"; xkb.variant = ""; + desktopManager = { + xterm.enable = false; + }; }; ## Needed for Flatpaks diff --git a/modules/gnome/default.nix b/modules/gnome/default.nix index 7f886ea8..17c2ee50 100644 --- a/modules/gnome/default.nix +++ b/modules/gnome/default.nix @@ -6,16 +6,6 @@ ../desktop.nix ]; - # Enable Gnome and GDM. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - security.pam.services.gdm.enableKwallet = true; - - services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; - - services.gnome.tracker-miners.enable = true; - environment.systemPackages = with pkgs; [ fractal gnome.gnome-software @@ -28,4 +18,17 @@ gnomeExtensions.tailscale-status gnomeExtensions.tiling-assistant ]; + + # Enable keyring support for KDE apps in GNOME. + security.pam.services.gdm.enableKwallet = true; + + # Enable GNOME and GDM. + services = { + gnome.tracker-miners.enable = true; + udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; + xserver = { + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + }; + }; } diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index f960a895..c3ffdd7d 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -10,10 +10,6 @@ # services.ddclient.enable = true; # services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; - # Open TCP ports for transmission-server. - networking.firewall.allowedTCPPorts = [ 51413 9091 ]; - networking.firewall.allowedUDPPorts = [ 51413 ]; - virtualisation.oci-containers.containers = { audiobookshelf = { ports = ["0.0.0.0:13378:80"]; @@ -73,7 +69,7 @@ MusicFolder = "/Music"; DefaultTheme = "Auto"; SubsonicArtistParticipations = true; - UIWelcomeMessage = "Welcome to Navidrome on Raffauf Labs."; + UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com."; }; }; }; diff --git a/modules/homelab/nginx_proxy.nix b/modules/homelab/nginx_proxy.nix index 32102471..616ba1bd 100644 --- a/modules/homelab/nginx_proxy.nix +++ b/modules/homelab/nginx_proxy.nix @@ -5,14 +5,19 @@ # services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; # Open TCP ports for audiobookshelf, plex-server, and transmission-server. - networking.firewall.allowedTCPPorts = [ 80 443 51413 9091 ]; - networking.firewall.allowedUDPPorts = [ 51413 ]; - - networking.extraHosts = '' - 127.0.0.1 music.raffauflabs.com - 127.0.0.1 podcasts.raffauflabs.com - 127.0.0.1 plex.raffauflabs.com - ''; + networking = { + firewall = { + allowedTCPPorts = [ 80 443 51413 9091 ]; + allowedUDPPorts = [ 51413 ]; + }; + # My router doesn't expose settings for NAT loopback + # So we have to use this workaround. + extraHosts = '' + 127.0.0.1 music.raffauflabs.com + 127.0.0.1 podcasts.raffauflabs.com + 127.0.0.1 plex.raffauflabs.com + ''; + }; security.acme = { acceptTerms = true; diff --git a/modules/homelab/samba.nix b/modules/homelab/samba.nix index 173cc721..1c6759e5 100644 --- a/modules/homelab/samba.nix +++ b/modules/homelab/samba.nix @@ -1,36 +1,36 @@ { config, pkgs, ... }: { - services.avahi.nssmdns = true; - services.samba = { - enable = true; - securityType = "user"; - openFirewall = true; - shares = { - Media = { - comment = "Media @Mauville"; - path = "/mnt/Media"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0755"; - "directory mask" = "0755"; + services = { + samba = { + enable = true; + securityType = "user"; + openFirewall = true; + shares = { + Media = { + comment = "Media @Mauville"; + path = "/mnt/Media"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0755"; + "directory mask" = "0755"; + }; + Archive = { + comment = "Archive @Mauville"; + path = "/mnt/Archive"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0755"; + "directory mask" = "0755"; + }; + }; }; - Archive = { - comment = "Archive @Mauville"; - path = "/mnt/Archive"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0755"; - "directory mask" = "0755"; + samba-wsdd = { + enable = true; + openFirewall = true; }; - }; - }; - - services.samba-wsdd = { - enable = true; - openFirewall = true; }; } diff --git a/modules/homelab/virtualization.nix b/modules/homelab/virtualization.nix index e94c6125..1b0b8380 100644 --- a/modules/homelab/virtualization.nix +++ b/modules/homelab/virtualization.nix @@ -5,17 +5,13 @@ virtualisation = { libvirtd.enable = true; - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; oci-containers = { backend = "podman"; }; + podman = { + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + enable = true; + }; }; } \ No newline at end of file diff --git a/modules/kde.nix b/modules/kde.nix index ccc3e0d0..31e08bb1 100644 --- a/modules/kde.nix +++ b/modules/kde.nix @@ -6,9 +6,13 @@ ./desktop.nix ]; - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.wayland.enable = true; - services.xserver.desktopManager.plasma6.enable = true; + # Enable SDDM + Plasma Desktop. + services = { + desktopManager.plasma6.enable = true; + xserver = { + displayManager.sddm.wayland.enable = true; + }; + }; environment.systemPackages = with pkgs; [ kdePackages.kate diff --git a/modules/plymouth.nix b/modules/plymouth.nix index 9ff0763b..4f2413c0 100644 --- a/modules/plymouth.nix +++ b/modules/plymouth.nix @@ -1,8 +1,9 @@ { config, pkgs, ... }: { - boot.initrd.verbose = false; - boot.consoleLogLevel = 0; - - boot.plymouth.enable = true; + boot = { + consoleLogLevel = 0; + initrd.verbose = false; + plymouth.enable = true; + }; } diff --git a/modules/steam.nix b/modules/steam.nix index cfc5558f..5cfa13f4 100644 --- a/modules/steam.nix +++ b/modules/steam.nix @@ -3,8 +3,8 @@ { hardware.steam-hardware.enable = true; programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; } diff --git a/system/default.nix b/system/default.nix index 1e18e4e1..be305ebe 100644 --- a/system/default.nix +++ b/system/default.nix @@ -6,64 +6,77 @@ ./network.nix ./sound.nix ]; + # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; }; - # Add support for logitech unifying receivers. - hardware.logitech.wireless.enable = true; - hardware.logitech.wireless.enableGraphical = true; - - # Add support for configuring QMK keyboards with Via. - hardware.keyboard.qmk.enable = true; + hardware = { + # Enable Bluetooth connections. + bluetooth.enable = true; + # Add support for logitech unifying receivers. + logitech.wireless = { + enable = true; + enableGraphical = true; + }; + # Add support for configuring QMK keyboards with Via. + keyboard.qmk.enable = true; + }; # Allow unfree packages nixpkgs.config.allowUnfree = true; system.autoUpgrade = { - enable = true; allowReboot = true; - flake = "github:alyraffauf/nixcfg"; dates = "daily"; + enable = true; + flake = "github:alyraffauf/nixcfg"; operation = "boot"; rebootWindow = { - lower = "01:00"; + lower = "02:00"; upper = "05:00"; }; }; - # Delete generations older than 7 days. - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; + + nix = { + gc = { + # Delete generations older than 7 days. + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + randomizedDelaySec = "60min"; + }; + # Run GC when there is less than 100MiB left. + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + settings = { + # Automatically optimize the Nix store in the background. + auto-optimise-store = true; + # Enable experimental `nix` command and flakes. + experimental-features = [ "nix-command" "flakes" ]; + }; }; - # Automatically optimize the Nix store in the background. - nix.settings.auto-optimise-store = true; - - # Run GC when there is less than 100MiB left. - nix.extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; } diff --git a/system/network.nix b/system/network.nix index cdbd0c45..ad94a225 100644 --- a/system/network.nix +++ b/system/network.nix @@ -2,50 +2,49 @@ { # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; - - # Enable tailscale - services.tailscale.enable = true; - - # Enable avahi. - services.avahi.enable = true; - services.avahi.publish.enable = true; - services.avahi.publish.addresses = true; - services.avahi.publish.workstation = true; - - # for a WiFi printer - services.avahi.openFirewall = true; - - hardware.bluetooth.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; + networking = { + networkmanager.enable = true; + firewall.allowedTCPPortRanges = [ + # KDE Connect + { from = 1714; to = 1764; } + # Soulseek + { from = 2234; to = 2239; } + ]; + firewall.allowedUDPPortRanges = [ + # KDE/GS Connect + { from = 1714; to = 1764; } + # Soulseek + { from = 2234; to = 2239; } + ]; + }; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open TCP ports for SSH and Syncthing. - networking.firewall.allowedTCPPorts = [ 22 8384 22000 ]; - - # Open UDP ports for Syncthing. - networking.firewall.allowedUDPPorts = [ 22000 21027 ]; - - networking.firewall.allowedTCPPortRanges = [ - # KDE Connect - { from = 1714; to = 1764; } - # Soulseek - { from = 2234; to = 2239; } - ]; - - networking.firewall.allowedUDPPortRanges = [ - # KDE Connect - { from = 1714; to = 1764; } - # Soulseek - { from = 2234; to = 2239; } - ]; + services = { + # Enable avahi for auto network discovery. + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + publish = { + addresses = true; + enable = true; + workstation = true; + }; + }; + # Enable remote connections with SSH. + openssh = { + enable = true; + openFirewall = true; + }; + # Enable printing. + printing.enable = true; + # Syncthing runs as a user service, but needs its ports open here. + syncthing.openDefaultPorts = true; + # Enable tailscale for easy Wireguard VPNs on a tailnet. + tailscale.enable = true; + }; } \ No newline at end of file diff --git a/system/sound.nix b/system/sound.nix index d015400d..3c660acc 100644 --- a/system/sound.nix +++ b/system/sound.nix @@ -14,7 +14,5 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; }; } \ No newline at end of file