more refactoring

2025-08-07 22:20:33 +02:00 · 2025-03-23 17:39:15 +01:00 · 2025-03-23 17:39:15 +01:00 · ed7afeba43
commit ed7afeba43
parent dcc640bd56
20 changed files with 222 additions and 136 deletions
--- a/shared/client/backups.nix
+++ b/shared/client/backups.nix
--- a/shared/client/default.nix
+++ b/shared/client/default.nix
@ -0,0 +1,6 @@
+{config, pkgs, ...}:
+{
+  imports = [
+    ./tailscale.nix
+  ]
+}
--- a/shared/client/games.nix
+++ b/shared/client/games.nix
@ -0,0 +1,18 @@
+{config, pkgs, ...}:
+{
+ programs.steam = {
+  enable = true;
+  remotePlay.openFirewall = true;
+  dedicatedServer.openFirewall = true;
+
+   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "steam"
+    "steam-original"
+    "steam-run"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    lutris
+  ];
+ }; 
+}
--- a/shared/client/sway.nix
+++ b/shared/client/sway.nix
@ -0,0 +1,24 @@
+{config, pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    mako
+    grim
+    slurp
+    wl-clipboard
+    xdg-utils
+    sway-contrib.grimshot
+    swaylock
+    swaynotificationcenter
+  ];
+
+  services.gnome.gnome-keyring.enable = true;
+  programs.sway = { 
+    enable = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  xdg.portal.wlr.enable = true;
+  security.pam.loginLimits = [
+  { domain = "@users"; item = "rtprio"; type = "-"; value = 1; }
+];
+
+  }
--- a/shared/client/tailscale.nix
+++ b/shared/client/tailscale.nix
@ -0,0 +1,5 @@
+{config, pkgs, ...}:
+{
+  services.tailscale.enable = true;
+}
+
--- a/shared/client/udisks2.nix
+++ b/shared/client/udisks2.nix
--- a/shared/default.nix
+++ b/shared/default.nix
@ -0,0 +1,45 @@
+{
+  pkgs,
+  inputs,
+  system,
+  lib,
+  ...
+}:
+{
+  imports = [
+    ../shared
+  ];
+
+  environment.systemPackages = [
+    inputs.miovim.packages.${system}.default
+    pkgs.curl
+    pkgs.unzip
+  ];
+
+  environment.variables.EDITOR = "nvim";
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };
+
+  services.tailscale.enable = true;
+
+  # Set your time zone.
+  time.timeZone = lib.mkDefault "Europe/Paris";
+  i18n.defaultLocale = "fr_FR.UTF-8";
+
+  # reducing disk usage
+  boot.loader.systemd-boot.configurationLimit = 10;
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 1w";
+  };
+  nix.settings.auto-optimise-store = true;
+}
--- a/shared/isos/goober.nix
+++ b/shared/isos/goober.nix
@ -0,0 +1,99 @@
+{
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
+{
+  imports = [
+    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    "${modulesPath}/installer/cd-dvd/channel.nix"
+  ];
+
+  # use the latest Linux kernel
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Needed for https://github.com/NixOS/nixpkgs/issues/58959
+  boot.supportedFilesystems = lib.mkForce [
+    "btrfs"
+    "reiserfs"
+    "vfat"
+    "f2fs"
+    "xfs"
+    "ntfs"
+    "cifs"
+  ];
+
+  boot.blacklistedKernelModules = [
+    "b43"
+    "b43legacy"
+    "ssb"
+    "bcma"
+    "bcm43xx"
+    "brcm80211"
+    "brcmfmac"
+    "brcmsmac"
+    "bcma"
+  ];
+
+  boot.extraModprobeConfig = ''
+    options cfg80211 cfg80211_disable_40mhz_24ghz=Y
+  '';
+
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "nvidia"
+      "broadcom-sta"
+    ];
+
+  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+  environment.systemPackages = with pkgs; [
+    # Add your own packages here
+    neovim
+    git
+    # required for ios tethering
+    libimobiledevice
+    ifuse # optional, to mount using 'ifuse'
+  ];
+  boot.kernelModules = [ "wl" ];
+
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    # Enable this if you have graphical corruption issues or application crashes after waking
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+    # of just the bare essentials.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Currently "beta quality", so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  # ios tethering
+  services.usbmuxd.enable = true;
+
+}
--- a/shared/ssh.nix
+++ b/shared/ssh.nix
@ -0,0 +1,26 @@
+{
+  config,
+
+  ...
+}:
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.fail2ban.jails.sshd.settings = {
+    ssh = ''
+      enabled = true
+      port = ssh
+      filter = sshd
+      logpath = %(sshd_log)s
+      maxretry = 5
+    '';
+  };
+
+}