restructure system configuration

2024-01-15 22:12:53 +13:00 · 2024-01-15 22:12:53 +13:00 · e65c6bc159
commit e65c6bc159
parent 8f58a79fe2
27 changed files with 143 additions and 44 deletions
--- a/system/base/auto-upgrade.nix
+++ b/system/base/auto-upgrade.nix
@ -0,0 +1,31 @@
+{ config, inputs, pkgs, lib, ... }:
+
+let
+  inherit (config.networking) hostName;
+  isClean = inputs.self ? rev;
+in
+{
+  system.autoUpgrade = {
+    enable = isClean;
+    dates = "hourly";
+    flags = [
+      "--refresh"
+    ];
+    flake = "github:ooks-io/nix#${hostName};
+  };
+
+# Only run if current config (self) is older than the new one.
+
+  systemd.services.nixos-upgrade = lib.mkIf config.system.autoUpgrade.enable {
+    serviceConfig.ExecCondition = lib.getExe (
+      pkgs.writeShellScriptBin "check-date" ''
+        lastModified() {
+          nix flake metadata "$1" --refresh --json | ${lib.getExe pkgs.jq} '.lastModified'
+        }
+        test "$(lastModified "${config.system.autoUpgrade.flake}")"  -gt "$(lastModified "self")"
+      ''
+    );
+  };
+}
+
+
--- a/system/base/default.nix
+++ b/system/base/default.nix
@ -0,0 +1,18 @@
+{ inputs, outputs, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./nix.nix
+    ./fish.nix
+    ./locale.nix
+    ./security.nix
+    ./systemdboot.nix
+    ./pipewire.nix
+  # ./auto-upgrade.nix # still needs some work
+    ];
+
+  home-manager.extraSpecialArgs = { inherit inputs outputs; };
+    
+  #hardware.enableRedistibutableFirmware = true;
+  environment.enableAllTerminfo = true;
+
+  }
--- a/system/base/fish.nix
+++ b/system/base/fish.nix
@ -0,0 +1,10 @@
+{
+  programs.fish = {
+    enable = true;
+    vendor = {
+      completions.enable = true;
+      config.enable = true;
+      functions.enable = true;
+    };
+  };
+}
--- a/system/base/locale.nix
+++ b/system/base/locale.nix
@ -0,0 +1,10 @@
+{ lib, ... }: {
+  i18n = {
+    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    supportedLocales = lib.mkDefault [
+      "en_US.UTF-8/UTF-8"
+    ];
+  };
+  time.timeZone = lib.mkDefault "Pacific/Auckland";
+  services.geoclue2.enable = true;
+}
--- a/system/base/pipewire.nix
+++ b/system/base/pipewire.nix
@ -0,0 +1,11 @@
+{
+  security.rtkit.enable = true;
+  hardware.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}
--- a/system/base/security.nix
+++ b/system/base/security.nix
@ -0,0 +1,58 @@
+
+
+
+
+{ config, pkgs, ... }:
+
+
+{
+
+  environment.systemPackages = with pkgs; [
+    polkit_gnome
+];
+
+  programs = {
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    _1password = {
+      enable = true;
+    };
+    _1password-gui = {
+      enable = true;
+      polkitPolicyOwners = [ "ooks" ];
+    };
+  };
+  security = {
+    polkit = {
+      enable = true;
+    };
+    pam.services = { swaylock = { }; };
+    sudo = {
+      enable = true;
+      extraConfig = ''
+        ooks ALL=(ALL) NOPASSWD:ALL
+        '';
+    };
+  };
+  
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+
+      };
+    };
+  };
+
+
+}
--- a/system/base/systemdboot.nix
+++ b/system/base/systemdboot.nix
@ -0,0 +1,9 @@
+{
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      consoleMode = "max";
+    };
+    efi.canTouchEfiVariables = true;
+  };
+}