feat: refactor, hyprland - greet with autologin

2026-04-25 09:28:27 +02:00 · 2023-12-17 23:00:19 +08:00
parent 7d03e63bdd
commit a04a058077
33 changed files with 414 additions and 380 deletions
--- a/modules/nixos/base/i18n.nix
+++ b/modules/nixos/base/i18n.nix
@@ -0,0 +1,19 @@
+{
+  # Set your time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+}
--- a/modules/nixos/base/misc.nix
+++ b/modules/nixos/base/misc.nix
@@ -0,0 +1,60 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  ###################################################################################
+  #
+  #  NixOS's core configuration suitable for all my machines
+  #
+  ###################################################################################
+
+  # to install chrome, you need to enable unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # for nix server, we do not need to keep too much generations
+  boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
+
+  # Manual optimise storage: nix-store --optimise
+  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
+  nix.settings.auto-optimise-store = true;
+
+  # for power management
+  services = {
+    power-profiles-daemon = {
+      enable = true;
+    };
+    upower.enable = true;
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    parted
+    psmisc # killall/pstree/prtstat/fuser/...
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    curl
+    aria2
+    git # used by nix flakes
+    git-lfs # used by huggingface models
+
+    # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
+    (
+      let
+        base = pkgs.appimageTools.defaultFhsEnvArgs;
+      in
+        pkgs.buildFHSUserEnv (base
+          // {
+            name = "fhs";
+            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
+            profile = "export FHS=1";
+            runScript = "bash";
+            extraOutputsToInstall = ["dev"];
+          })
+    )
+  ];
+
+  # replace default editor with neovim
+  environment.variables.EDITOR = "nvim";
+}
--- a/modules/nixos/base/networking.nix
+++ b/modules/nixos/base/networking.nix
@@ -0,0 +1,17 @@
+{lib, ...}: {
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = lib.mkDefault false;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no"; # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+}
--- a/modules/nixos/base/remote-building.nix
+++ b/modules/nixos/base/remote-building.nix
@@ -0,0 +1,132 @@
+{ username, ... }:
+{
+  ####################################################################
+  #
+  #  NixOS's Configuration for Remote Building / Distributed Building
+  #
+  #  Related Docs:
+  #    1. https://github.com/NixOS/nix/issues/7380
+  #    2. https://nixos.wiki/wiki/Distributed_build
+  #    3. https://github.com/NixOS/nix/issues/2589
+  #
+  ####################################################################
+
+  # set local's max-job to 0 to force remote building(disable local building)
+  # nix.settings.max-jobs = 0;
+  nix.distributedBuilds = true;
+  nix.buildMachines = let
+    sshUser = username;
+    # ssh key's path on local machine
+    sshKey = "/home/${username}/.ssh/ai-idols";
+    systems = [
+      # native arch
+      "x86_64-linux"
+
+      # emulated arch using binfmt_misc and qemu-user
+      "aarch64-linux"
+      "riscv64-linux"
+    ];
+    # all available system features are poorly documentd here:
+    #  https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
+    supportedFeatures = [
+      "benchmark"
+      "big-parallel"
+      "kvm"
+    ];
+  in [
+    # Nix seems always try to build on the machine remotely
+    # to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
+    # {
+    #   # some of my remote builders are running NixOS
+    #   # and has the same sshUser, sshKey, systems, etc.
+    #   inherit sshUser sshKey systems supportedFeatures;
+    #
+    #   # the hostName should be:
+    #   #   1. a hostname that can be resolved by DNS
+    #   #   2. the ip address of the remote builder
+    #   #   3. a host alias defined globally in /etc/ssh/ssh_config
+    #   hostName = "aquamarine";
+    #   # remote builder's max-job
+    #   maxJobs = 3;
+    #   # speedFactor's a signed integer
+    #   # but it seems that it's not used by Nix, takes no effect
+    #   speedFactor = 1;
+    # }
+    # {
+    #   inherit sshUser sshKey systems supportedFeatures;
+    #   hostName = "ruby";
+    #   maxJobs = 2;
+    #   speedFactor = 1;
+    # }
+    # {
+    #   inherit sshUser sshKey systems supportedFeatures;
+    #   hostName = "kana";
+    #   maxJobs = 2;
+    #   speedFactor = 1;
+    # }
+  ];
+  # optional, useful when the builder has a faster internet connection than yours
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+
+  # define the host alias for remote builders
+  # this config will be written to /etc/ssh/ssh_config
+  programs.ssh.extraConfig = ''
+    # idols
+    Host ai
+      HostName 192.168.5.100
+      Port 22
+
+    Host aquamarine
+      HostName 192.168.5.101
+      Port 22
+
+    Host ruby
+      HostName 192.168.5.102
+      Port 22
+
+    Host kana
+      HostName 192.168.5.103
+      Port 22
+
+    # rolling girls
+    Host nozomi
+      HostName 192.168.5.104
+      Port 22
+
+    Host yukina
+      HostName 192.168.5.105
+      Port 22
+
+    Host chiaya
+      HostName 192.168.5.106
+      Port 22
+
+    Host suzu
+      HostName 192.168.5.107
+      Port 22
+  '';
+
+  # define the host key for remote builders so that nix can verify all the remote builders
+  # this config will be written to /etc/ssh/ssh_known_hosts
+  programs.ssh.knownHosts = {
+    # 星野 愛久愛海, Hoshino Aquamarine
+    aquamarine = {
+      hostNames = ["aquamarine" "192.168.5.101"];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0EzzjnuHBE9xEOZupLmaAj9xbYxkUDeLbMqFZ7YPjU";
+    };
+
+    # 星野 瑠美衣, Hoshino Rubii
+    ruby = {
+      hostNames = ["ruby" "192.168.5.102"];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrDXNQXELnbevZ1rImfXwmQHkRcd3TDNLsQo33c2tUf";
+    };
+
+    # 有馬 かな, Arima Kana
+    kana = {
+      hostNames = ["kana" "192.168.5.103"];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMVX05DQD1XJ0AqFZzsRsqgeUOlZ4opAI+8tkVXyjq+";
+    };
+  };
+}
--- a/modules/nixos/base/user-group.nix
+++ b/modules/nixos/base/user-group.nix
@@ -0,0 +1,63 @@
+{ username, ... }: 
+
+{
+  # Don't allow mutation of users outside the config.
+  users.mutableUsers = false;
+
+  users.groups = {
+    "${username}" = {};
+    docker = {};
+    wireshark = {};
+    # for android platform tools's udev rules
+    adbusers ={};
+    dialout = {};
+    # for openocd (embedded system development)
+    plugdev = {};
+    # misc
+    uinput = {};
+  };
+
+  users.users."${username}" = {
+    # generated by `mkpasswd -m scrypt`
+    # we have to use initialHashedPassword here when using tmpfs for /
+    initialHashedPassword = "$7$CU..../....Sdl/JRH..9eIvZ6mE/52r.$xeR6lyvTcVVKt28Owcoc/vPOOECcYSiq1xjw/QCz2t0";
+    home = "/home/${username}";
+    isNormalUser = true;
+    description = username;
+    extraGroups = [
+      username
+      "users"
+      "networkmanager"
+      "wheel"
+      "docker"
+      "wireshark"
+      "adbusers"
+      "libvirtd"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica"
+    ];
+  };
+  users.users.root.initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
+
+  # fix for `sudo xxx` in kitty/wezterm and other modern terminal emulators
+  security.sudo.keepTerminfo = true;
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo.extraRules = [
+    {
+      users = [username];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/nix-store";
+          options = ["NOPASSWD"];
+        }
+        {
+          command = "/run/current-system/sw/bin/nix-copy-closure";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+}
--- a/modules/nixos/base/visualisation.nix
+++ b/modules/nixos/base/visualisation.nix
@@ -0,0 +1,25 @@
+{pkgs, ...}: {
+  ###################################################################################
+  #
+  #  Visualisation - Libvirt(QEMU/KVM) / Docker / LXD / WayDroid
+  #
+  ###################################################################################
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      daemon.settings = {
+        # enables pulling using containerd, which supports restarting from a partial pull
+        # https://docs.docker.com/storage/containerd/
+        "features" = {"containerd-snapshotter" = true;};
+      };
+
+      # start dockerd on boot.
+      # This is required for containers which are created with the `--restart=always` flag to work.
+      enableOnBoot = true;
+    };
+
+    waydroid.enable = true;
+    lxd.enable = true;
+  };
+}