From 17a5f552a5c9a587b00192b81428134652a1c6bc Mon Sep 17 00:00:00 2001 From: EinEtwas Date: Sun, 27 Oct 2024 09:25:21 +0100 Subject: [PATCH] style: follow statix's advisories --- flake.nix | 49 ++++--- home/default.nix | 11 +- home/essentials/default.nix | 2 +- home/essentials/zsh.nix | 181 +++++++++++++------------ home/misc_pkgs/default.nix | 10 +- modules/essentials/bootloader.nix | 14 +- modules/essentials/environment.nix | 21 +-- modules/essentials/hardware_config.nix | 64 +++++---- modules/misc_hardware/networking.nix | 16 ++- modules/utils/agenix.nix | 58 ++++---- modules/utils/auth.nix | 8 +- 11 files changed, 247 insertions(+), 187 deletions(-) diff --git a/flake.nix b/flake.nix index 2d390f7..417f42e 100644 --- a/flake.nix +++ b/flake.nix @@ -32,25 +32,38 @@ }; }; - outputs = { self, nixpkgs, nixos-hardware, agenix, spicetify-nix, nix-index-database, lix-module, ... } @ inputs: { - nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - inherit spicetify-nix; - inherit agenix; + outputs = + { + self, + nixpkgs, + nixos-hardware, + agenix, + spicetify-nix, + nix-index-database, + lix-module, + ... + }@inputs: + { + nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + inherit spicetify-nix; + inherit agenix; + }; + + system = "x86_64-linux"; + + # List all Modules to load + modules = [ + nixos-hardware.nixosModules.framework-13-7040-amd + lix-module.nixosModules.default + nix-index-database.nixosModules.nix-index + agenix.nixosModules.default + ./modules + ./home + ]; }; - system = "x86_64-linux"; - - # List all Modules to load - modules = [ - nixos-hardware.nixosModules.framework-13-7040-amd - lix-module.nixosModules.default - nix-index-database.nixosModules.nix-index - agenix.nixosModules.default - ./modules - ./home - ]; + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; }; - }; } diff --git a/home/default.nix b/home/default.nix index 3cf484f..3c10579 100644 --- a/home/default.nix +++ b/home/default.nix @@ -23,11 +23,12 @@ users.rhea = { # The home.stateVersion option does not have a default and must be set - home.stateVersion = "24.05"; - # Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; - # inherit ./hyprland.nix; - home.username = "rhea"; - home.homeDirectory = "/home/rhea"; + home = { + stateVersion = "24.05"; + username = "rhea"; + homeDirectory = "/home/rhea"; + }; + programs.home-manager.enable = true; catppuccin = { diff --git a/home/essentials/default.nix b/home/essentials/default.nix index 242aa6c..2dab1c9 100644 --- a/home/essentials/default.nix +++ b/home/essentials/default.nix @@ -1,4 +1,4 @@ -{ age, config, ... }: { +{ imports = [ ./git.nix ./keyring.nix diff --git a/home/essentials/zsh.nix b/home/essentials/zsh.nix index 36b8549..58d090e 100644 --- a/home/essentials/zsh.nix +++ b/home/essentials/zsh.nix @@ -1,109 +1,114 @@ { - programs.nix-index-database.comma.enable = true; + programs = { + nix-index-database.comma.enable = true; - programs.zsh = { - enable = true; - - autocd = true; - shellAliases = { - os-update = "nh os switch /home/rhea/nix-config/"; - os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/"; - light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899"; - clr = "clear"; - power-saver = "powerprofilesctl set power-saver"; - power-balanced = "powerprofilesctl set balanced"; - power-performance = "powerprofilesctl set performance"; - }; - - autosuggestion = { - enable = true; - strategy = [ "history" "completion" ]; - }; - - history = { - append = true; - expireDuplicatesFirst = true; - size = 2500; - }; - - syntaxHighlighting = { + zsh = { enable = true; - highlighters = [ - "brackets" - ]; + autocd = true; + shellAliases = { + os-update = "nh os switch /home/rhea/nix-config/"; + os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/"; + light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899"; + clr = "clear"; + power-saver = "powerprofilesctl set power-saver"; + power-balanced = "powerprofilesctl set balanced"; + power-performance = "powerprofilesctl set performance"; + }; + + autosuggestion = { + enable = true; + strategy = [ + "history" + "completion" + ]; + }; + + history = { + append = true; + expireDuplicatesFirst = true; + size = 2500; + }; + + syntaxHighlighting = { + enable = true; + + highlighters = [ + "brackets" + ]; + }; + + oh-my-zsh = { + enable = true; + + plugins = [ + "git" + "sudo" + "virtualenv" + "safe-paste" + "timer" + "z" + ]; + + theme = "agnoster"; + }; }; - oh-my-zsh = { + starship = { enable = true; + enableZshIntegration = true; + enableBashIntegration = true; - plugins = [ - "git" - "sudo" - "virtualenv" - "safe-paste" - "timer" - "z" - ]; + settings = { + add_newline = false; + command_timeout = 1000; - theme = "agnoster"; - }; - }; + right_format = "$time"; - programs.starship = { - enable = true; - enableZshIntegration = true; - enableBashIntegration = true; + character = { + success_symbol = "[](bold green)"; + error_symbol = "[](bold red)"; + vicmd_symbol = "[](bold yellow)"; + }; - settings = { - add_newline = false; - command_timeout = 1000; + username = { + show_always = true; + format = ''\[[$user]($style)''; + }; - right_format = "$time"; + hostname = { + ssh_only = false; + format = ''@[$ssh_symbol$hostname]($style)\]''; + }; - character = { - success_symbol = "[](bold green)"; - error_symbol = "[](bold red)"; - vicmd_symbol = "[](bold yellow)"; - }; + directory = { + truncation_length = 6; + format = ''\[[$path]($style)[$read_only]($read_only_style)\]''; + read_only = " "; + }; - username = { - show_always = true; - format = ''\[[$user]($style)''; - }; + git_branch = { + symbol = " "; + format = ''\[[$symbol$branch]($style)\]''; + }; - hostname = { - ssh_only = false; - format = ''@[$ssh_symbol$hostname]($style)\]''; - }; + git_status = { + format = ''([\[$all_status$ahead_behind\]]($style))''; + }; - directory = { - truncation_length = 6; - format = ''\[[$path]($style)[$read_only]($read_only_style)\]''; - read_only = " "; - }; + nix_shell = { + symbol = "󱄅 "; + format = ''\[[$symbol$state(\($name\))]($style)\]''; + }; - git_branch = { - symbol = " "; - format = ''\[[$symbol$branch]($style)\]''; - }; + cmd_duration = { + format = ''\[[󰅐 $duration]($style)\]''; + }; - git_status = { - format = ''([\[$all_status$ahead_behind\]]($style))''; - }; - - nix_shell = { - symbol = "󱄅 "; - format = ''\[[$symbol$state(\($name\))]($style)\]''; - }; - - cmd_duration = { - format = ''\[[󰅐 $duration]($style)\]''; - }; - - time = { - disabled = false; - format = ''\[[$time]($style)\]''; + time = { + disabled = false; + format = ''\[[$time]($style)\]''; + }; }; }; }; diff --git a/home/misc_pkgs/default.nix b/home/misc_pkgs/default.nix index 1fc6c2f..f6f62ef 100644 --- a/home/misc_pkgs/default.nix +++ b/home/misc_pkgs/default.nix @@ -1,4 +1,12 @@ -{ agenix, config, inputs, pkgs, spicetify-nix, ... }: { +{ + agenix, + config, + inputs, + pkgs, + spicetify-nix, + ... +}: +{ imports = [ ./packages.nix ./spicetify.nix diff --git a/modules/essentials/bootloader.nix b/modules/essentials/bootloader.nix index a84bb51..8e5e23b 100644 --- a/modules/essentials/bootloader.nix +++ b/modules/essentials/bootloader.nix @@ -1,5 +1,11 @@ -{ pkgs, ... }: { - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelPackages = pkgs.linuxPackages_latest; +{ pkgs, ... }: +{ + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + kernelPackages = pkgs.linuxPackages_latest; + }; } diff --git a/modules/essentials/environment.nix b/modules/essentials/environment.nix index 5851a10..79e2733 100644 --- a/modules/essentials/environment.nix +++ b/modules/essentials/environment.nix @@ -1,19 +1,22 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ programs.zsh.enable = true; - environment.pathsToLink = [ "/share/zsh" ]; + environment = { + pathsToLink = [ "/share/zsh" ]; - environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; + + systemPackages = with pkgs; [ + fprintd + polkit_gnome + ]; }; fonts.packages = with pkgs; [ nerdfonts jetbrains-mono ]; - - environment.systemPackages = with pkgs; [ - fprintd - polkit_gnome - ]; } diff --git a/modules/essentials/hardware_config.nix b/modules/essentials/hardware_config.nix index fedb894..3a92b07 100644 --- a/modules/essentials/hardware_config.nix +++ b/modules/essentials/hardware_config.nix @@ -1,34 +1,50 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; + }; + + kernelModules = [ "kvm-amd" ]; + + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/nix-root"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/EFI"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" ]; + }; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-label/nix-root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-label/EFI"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/misc_hardware/networking.nix b/modules/misc_hardware/networking.nix index c2b7117..b572fca 100644 --- a/modules/misc_hardware/networking.nix +++ b/modules/misc_hardware/networking.nix @@ -1,14 +1,16 @@ { config, ... }: { - networking.hostName = "rhea-laptop"; + networking = { + hostName = "rhea-laptop"; - # Enable networking - networking.networkmanager.enable = true; - networking.networkmanager.wifi.powersave = true; + # Enable networking + networkmanager.enable = true; + networkmanager.wifi.powersave = true; - networking.wireguard.enable = true; + wireguard.enable = true; - networking.firewall = { - allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport + firewall = { + allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport + }; }; } diff --git a/modules/utils/agenix.nix b/modules/utils/agenix.nix index 93ae0e6..b6feb64 100644 --- a/modules/utils/agenix.nix +++ b/modules/utils/agenix.nix @@ -1,39 +1,43 @@ { config, ... }: { # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey - age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ]; + age = { + identityPaths = [ "/var/lib/persistent/host_id_ed25519" ]; - age.secrets.access-tokens-github.file = ../../secrets/gh_argstr.age; + secrets = { + access-tokens-github.file = ../../secrets/gh_argstr.age; - age.secrets.fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age; - age.secrets.fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age; + fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age; + fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age; - age.secrets.obvps-id = { - file = ../../secrets/1bvps.age; - path = "/home/rhea/.ssh/id_1bvps"; - owner = "rhea"; - symlink = false; - }; + obvps-id = { + file = ../../secrets/1bvps.age; + path = "/home/rhea/.ssh/id_1bvps"; + owner = "rhea"; + symlink = false; + }; - age.secrets.gh_etwas = { - file = ../../secrets/gh_token.age; - path = "/home/rhea/.ssh/id_gh_etwas"; - owner = "rhea"; - symlink = false; - }; + gh_etwas = { + file = ../../secrets/gh_token.age; + path = "/home/rhea/.ssh/id_gh_etwas"; + owner = "rhea"; + symlink = false; + }; - age.secrets.gcd_etwas = { - file = ../../secrets/gcd_etwas.age; - path = "/home/rhea/.ssh/id_gcd_etwas"; - owner = "rhea"; - symlink = false; - }; + gcd_etwas = { + file = ../../secrets/gcd_etwas.age; + path = "/home/rhea/.ssh/id_gcd_etwas"; + owner = "rhea"; + symlink = false; + }; - age.secrets.etwas_sign_key = { - file = ../../secrets/sign_etwas.age; - path = "/home/rhea/.ssh/etwas_sign_key"; - owner = "rhea"; - symlink = false; + etwas_sign_key = { + file = ../../secrets/sign_etwas.age; + path = "/home/rhea/.ssh/etwas_sign_key"; + owner = "rhea"; + symlink = false; + }; + }; }; nix.extraOptions = '' diff --git a/modules/utils/auth.nix b/modules/utils/auth.nix index 083b3c1..aabffcd 100644 --- a/modules/utils/auth.nix +++ b/modules/utils/auth.nix @@ -2,9 +2,11 @@ { services.fprintd.enable = true; - security.pam.services.login.fprintAuth = true; - security.pam.services.sudo.fprintAuth = true; - security.pam.services.greetd.enableGnomeKeyring = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + greetd.enableGnomeKeyring = true; + }; services.greetd = { enable = true;