From add04e20758b4691d7c4e2a1eb64aecfa8878c28 Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Sat, 4 Jan 2025 08:44:19 +0300 Subject: [PATCH] Purpose: Rewrite as flags instead of config. --- config/Kernel.nix | 24 +++++ config/Powersave.nix | 5 + config/Purpose.nix | 148 ----------------------------- host/x86_64-linux/live/default.nix | 14 ++- option/AutoUpdateSigned.nix | 7 +- option/Distrobox.nix | 7 +- option/Docker.nix | 7 +- option/Kernel.nix | 17 +++- option/Keyd.nix | 9 +- option/Ollama.nix | 6 +- option/Package.nix | 29 ++++-- option/Purpose.nix | 3 +- option/Sway.nix | 9 +- option/Tablet.nix | 9 +- option/VirtManager.nix | 7 +- option/Wallpaper.nix | 3 +- 16 files changed, 125 insertions(+), 179 deletions(-) delete mode 100644 config/Purpose.nix diff --git a/config/Kernel.nix b/config/Kernel.nix index ebd54e2..f201803 100644 --- a/config/Kernel.nix +++ b/config/Kernel.nix @@ -57,6 +57,30 @@ in (lib.mkIf cfg.hotspotTtlBypass { boot.kernel.sysctl."net.ipv4.ip_default_ttl" = 65; }) (lib.mkIf cfg.latest { boot.kernelPackages = pkgsUnstable.linuxPackages_latest; }) + + (lib.mkIf cfg.router { + boot.kernel.sysctl = { + # Allow spoofing. + "net.ipv4.conf.all.rp_filter" = lib.mkForce 0; + "net.ipv4.conf.default.rp_filter" = lib.mkForce 0; + + # Forward packets. + "net.ipv4.ip_forward" = lib.mkForce 1; + "net.ipv6.conf.all.forwarding" = lib.mkForce 1; + "net.ipv4.conf.all.src_valid_mark" = lib.mkForce 1; + + # Allow redirects. + "net.ipv4.conf.all.accept_redirects" = lib.mkForce 1; + "net.ipv6.conf.all.accept_redirects" = lib.mkForce 1; + + # Send ICMP. + "net.ipv4.conf.all.send_redirects" = lib.mkForce 1; + + # Accept IP source route packets. + "net.ipv4.conf.all.accept_source_route" = lib.mkForce 1; + "net.ipv6.conf.all.accept_source_route" = lib.mkForce 1; + }; + }) ] ); } diff --git a/config/Powersave.nix b/config/Powersave.nix index 9feab82..c7402a1 100644 --- a/config/Powersave.nix +++ b/config/Powersave.nix @@ -35,6 +35,11 @@ let in { config = lib.mkIf cfg.enable { + services = { + tlp.enable = true; + upower.enable = true; + }; + environment.systemPackages = [ script ]; systemd = { services.powersave-cpu = { diff --git a/config/Purpose.nix b/config/Purpose.nix deleted file mode 100644 index d5135fc..0000000 --- a/config/Purpose.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.module.purpose; -in -{ - config = lib.mkMerge [ - (lib.mkIf cfg.creative { - module = { - tablet.enable = true; - package.creative = true; - }; - }) - - (lib.mkIf cfg.desktop { - module = { - keyd.enable = true; - sway.enable = true; - kernel = { - enable = true; - latest = true; - }; - package = { - common = true; - core = true; - desktop = true; - }; - }; - }) - - (lib.mkIf cfg.disown { - module = { - autoupdate.enable = true; - kernel = { - enable = true; - hardening = true; - }; - }; - }) - - (lib.mkIf cfg.gaming { module.package.gaming = true; }) - - (lib.mkIf cfg.laptop { - services.tlp.enable = true; # Automatic powersaving based on Pluged/AC states. - services.upower.enable = true; - module = { - keyd.enable = true; - sway.enable = true; - wallpaper.video = false; - kernel = { - enable = true; - hardening = true; - latest = true; - }; - package = { - common = true; - core = true; - desktop = true; - }; - }; - }) - - (lib.mkIf cfg.live { - module = { - keyd.enable = true; - sway.enable = true; - kernel.enable = true; - wallpaper.video = false; - package = { - common = true; - core = true; - creative = true; - desktop = true; - dev = true; - extra = true; - gaming = true; - }; - }; - }) - - (lib.mkIf cfg.phone { }) - - (lib.mkIf cfg.router { - module = { - kernel = { - enable = true; - hardening = true; - }; - package = { - common = true; - core = true; - }; - }; - # De-harden some stuff. - boot.kernel.sysctl = { - # Allow spoofing. - "net.ipv4.conf.all.rp_filter" = lib.mkForce 0; - "net.ipv4.conf.default.rp_filter" = lib.mkForce 0; - - # Forward packets. - "net.ipv4.ip_forward" = lib.mkForce 1; - "net.ipv6.conf.all.forwarding" = lib.mkForce 1; - "net.ipv4.conf.all.src_valid_mark" = lib.mkForce 1; - - # Allow redirects. - "net.ipv4.conf.all.accept_redirects" = lib.mkForce 1; - "net.ipv6.conf.all.accept_redirects" = lib.mkForce 1; - - # Send ICMP. - "net.ipv4.conf.all.send_redirects" = lib.mkForce 1; - - # Accept IP source route packets. - "net.ipv4.conf.all.accept_source_route" = lib.mkForce 1; - "net.ipv6.conf.all.accept_source_route" = lib.mkForce 1; - }; - }) - - (lib.mkIf cfg.server { - module = { - wallpaper.video = false; - kernel = { - enable = true; - hardening = true; - }; - package = { - common = true; - core = true; - }; - }; - }) - - (lib.mkIf cfg.work { - module = { - distrobox.enable = true; - package.dev = true; - virtmanager.enable = true; - docker = { - enable = true; - autostart = false; - rootless = false; - }; - kernel = { - enable = true; - hardening = true; - }; - }; - }) - ]; -} diff --git a/host/x86_64-linux/live/default.nix b/host/x86_64-linux/live/default.nix index 2c7c5d5..742f286 100644 --- a/host/x86_64-linux/live/default.nix +++ b/host/x86_64-linux/live/default.nix @@ -21,6 +21,18 @@ }; module = { - purpose.live = true; + keyd.enable = true; + sway.enable = true; + kernel.enable = true; + wallpaper.video = false; + package = { + common = true; + core = true; + creative = true; + desktop = true; + dev = true; + extra = true; + gaming = true; + }; }; } diff --git a/option/AutoUpdateSigned.nix b/option/AutoUpdateSigned.nix index b08dacf..ab583c6 100644 --- a/option/AutoUpdateSigned.nix +++ b/option/AutoUpdateSigned.nix @@ -1,4 +1,7 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { - options.module.autoupdate.enable = lib.mkEnableOption "the system auto-updates."; + options.module.autoupdate.enable = lib.mkEnableOption "the system auto-updates." // { default = purpose.disown; }; } diff --git a/option/Distrobox.nix b/option/Distrobox.nix index c261275..0cd8d2e 100644 --- a/option/Distrobox.nix +++ b/option/Distrobox.nix @@ -1,4 +1,7 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { - options.module.distrobox.enable = lib.mkEnableOption "the distrobox."; + options.module.distrobox.enable = lib.mkEnableOption "the distrobox." // { default = purpose.work; }; } diff --git a/option/Docker.nix b/option/Docker.nix index e81eff0..7b0f8df 100644 --- a/option/Docker.nix +++ b/option/Docker.nix @@ -1,7 +1,10 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { options.module.docker = { - enable = lib.mkEnableOption "the docker."; + enable = lib.mkEnableOption "the docker." // { default = purpose.work; }; rootless = lib.mkOption { default = false; type = lib.types.bool; diff --git a/option/Kernel.nix b/option/Kernel.nix index 2d6a87e..1530f92 100644 --- a/option/Kernel.nix +++ b/option/Kernel.nix @@ -1,9 +1,14 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { options.module.kernel = { - enable = lib.mkEnableOption "the kernel tweaks."; + enable = lib.mkEnableOption "the kernel tweaks." // { + default = with purpose; desktop || disown || laptop || router || server || work; + }; hardening = lib.mkOption { - default = false; + default = with purpose; disown || laptop || router || server || work; type = lib.types.bool; }; hotspotTtlBypass = lib.mkOption { @@ -11,7 +16,11 @@ type = lib.types.bool; }; latest = lib.mkOption { - default = false; + default = with purpose; desktop || laptop || gaming; + type = lib.types.bool; + }; + router = lib.mkOption { + default = purpose.router; type = lib.types.bool; }; }; diff --git a/option/Keyd.nix b/option/Keyd.nix index 460a82b..23609e2 100644 --- a/option/Keyd.nix +++ b/option/Keyd.nix @@ -1,4 +1,9 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { - options.module.keyd.enable = lib.mkEnableOption "the keyboard remaps."; + options.module.keyd.enable = lib.mkEnableOption "the keyboard remaps." // { + default = with purpose; desktop || laptop; + }; } diff --git a/option/Ollama.nix b/option/Ollama.nix index 90fa03b..89e2277 100644 --- a/option/Ollama.nix +++ b/option/Ollama.nix @@ -6,13 +6,15 @@ let in { options.module.ollama = { - enable = lib.mkEnableOption "the local LLM server." // { default = purpose.work && purpose.desktop; }; + enable = lib.mkEnableOption "the local LLM server." // { + default = purpose.work; + }; models = lib.mkOption { default = [ cfg.primaryModel ]; type = with lib.types; listOf str; }; primaryModel = lib.mkOption { - default = "llama3.3"; + default = "llama3.2"; type = lib.types.str; }; }; diff --git a/option/Package.nix b/option/Package.nix index 0bdacb6..383f943 100644 --- a/option/Package.nix +++ b/option/Package.nix @@ -1,12 +1,27 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { options.module.package = { - common = lib.mkEnableOption "Common Apps."; - core = lib.mkEnableOption "Core apps."; - creative = lib.mkEnableOption "Creative Apps."; - desktop = lib.mkEnableOption "Desktop Apps."; - dev = lib.mkEnableOption "Dev Apps."; + core = lib.mkEnableOption "Core apps." // { + default = true; + }; + common = lib.mkEnableOption "Common Apps." // { + default = with purpose; desktop || laptop; + }; + creative = lib.mkEnableOption "Creative Apps." // { + default = purpose.creative; + }; + desktop = lib.mkEnableOption "Desktop Apps." // { + default = with purpose; desktop || laptop; + }; + dev = lib.mkEnableOption "Dev Apps." // { + default = purpose.work; + }; + gaming = lib.mkEnableOption "Gaming Apps." // { + default = purpose.gaming; + }; extra = lib.mkEnableOption "Extra Apps."; - gaming = lib.mkEnableOption "Gaming Apps."; }; } diff --git a/option/Purpose.nix b/option/Purpose.nix index f08aecb..c205900 100644 --- a/option/Purpose.nix +++ b/option/Purpose.nix @@ -1,12 +1,11 @@ { lib, ... }: { options.module.purpose = { - creative = lib.mkEnableOption "creativity modules."; + creative = lib.mkEnableOption "creative modules."; desktop = lib.mkEnableOption "desktop modules."; disown = lib.mkEnableOption "modules for machines not used by me."; gaming = lib.mkEnableOption "gaming modules."; laptop = lib.mkEnableOption "laptop modules."; - live = lib.mkEnableOption "live modules."; phone = lib.mkEnableOption "phone modules."; router = lib.mkEnableOption "router modules."; server = lib.mkEnableOption "server modules."; diff --git a/option/Sway.nix b/option/Sway.nix index eff7920..1e85a68 100644 --- a/option/Sway.nix +++ b/option/Sway.nix @@ -1,7 +1,12 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { options.module.sway = { - enable = lib.mkEnableOption "the Sway WM."; + enable = lib.mkEnableOption "the Sway WM." // { + default = with purpose; desktop || laptop; + }; extraConfig = lib.mkOption { default = [ ]; type = with lib.types; listOf str; diff --git a/option/Tablet.nix b/option/Tablet.nix index a91724a..a8d8889 100644 --- a/option/Tablet.nix +++ b/option/Tablet.nix @@ -1,4 +1,9 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { - options.module.tablet.enable = lib.mkEnableOption "the support for tables."; + options.module.tablet.enable = lib.mkEnableOption "the support for tables." // { + default = purpose.creative; + }; } diff --git a/option/VirtManager.nix b/option/VirtManager.nix index 7514ba3..243ed72 100644 --- a/option/VirtManager.nix +++ b/option/VirtManager.nix @@ -1,4 +1,7 @@ -{ lib, ... }: +{ lib, config, ... }: +let + purpose = config.module.purpose; +in { - options.module.virtmanager.enable = lib.mkEnableOption "the VM support."; + options.module.virtmanager.enable = lib.mkEnableOption "the VM support." // { default = purpose.work; }; } diff --git a/option/Wallpaper.nix b/option/Wallpaper.nix index 6d2e12a..2bb8816 100644 --- a/option/Wallpaper.nix +++ b/option/Wallpaper.nix @@ -7,6 +7,7 @@ }: let cfg = config.module.wallpaper; + purpose = config.module.purpose; url = "https://cloud.voronind.com/public.php/dav/files/dG9E9sCNaXyPToH/dark-winter-forest-road-moewalls-com.mp4"; sha256 = "sha256-jCa8bVspeOsAMcUne3DQS+g8rj0byHCA9WQWHXNLccI="; @@ -43,7 +44,7 @@ in type = lib.types.path; }; video = lib.mkOption { - default = video; + default = video && purpose.desktop; type = lib.types.bool; }; videoPath = lib.mkOption {