UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

full refactor

Browse Source
This commit is contained in:
Hunter David Halloran
2025-12-09 17:38:41 -05:00
parent 1f5feb1b42
commit 785564e69e
31 changed files with 925 additions and 754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
hosts/boot.nix Normal file
View File

@@ -0,0 +1,109 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, ... }:
{
options.host = {
filesystem = {
device = lib.mkOption {
type = lib.types.str;
description = "The main disk device to use for installation.";
};
swapSize = lib.mkOption {
type = lib.types.str;
description = "The size of the swap partition.";
};
};
};
config = {
disko.enableConfig = true;
disko.devices = {
disk.main = {
type = "disk";
device = config.host.filesystem.device;
content = {
type = "gpt";
partitions = {
ESP = {
name = "ESP";
label = "BOOT";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
extraArgs = [ "-n" "BOOT" ];
};
};
swap = {
name = "swap";
label = "swap";
size = config.host.filesystem.swapSize;
content = { type = "swap"; };
};
root = {
name = "root";
label = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L" "ROOT" ];
};
};
};
};
};
};
# Bootloader.
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
plymouth.enable = true;
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 0;
};
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
systemd.sleep.extraConfig = ''
SuspendState=freeze
HibernateDelaySec=2h
'';
system.stateVersion = "25.11"; # Did you read the comment?
};
}

166
hosts/default.nix
View File

@@ -1,63 +1,32 @@
{ inputs, ... }:
{ inputs, hosts ? import ../inventory.nix, ... }:
let
nixpkgs = inputs.nixpkgs;
lib = nixpkgs.lib;
home-manager = inputs.home-manager;
disko = inputs.disko;
lib = nixpkgs.lib;
commonModules = [
../boot.nix
../users
./boot.nix
./user-config.nix
../users.nix
../sw
home-manager.nixosModules.home-manager
disko.nixosModules.disko
({ ... }: {
disko.enableConfig = true;
disko.devices = {
disk.main = {
type = "disk";
device = lib.mkDefault "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
name = "ESP";
label = "BOOT";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
extraArgs = [ "-n" "BOOT" ];
};
};
swap = {
name = "swap";
label = "swap";
size = lib.mkDefault "34G";
content = { type = "swap"; };
};
root = {
name = "root";
label = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L" "ROOT" ];
};
};
};
};
};
{
system.stateVersion = "25.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Automatic Garbage Collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
})
# Optimize storage
nix.optimise.automatic = true;
}
];
mkHost = { hostName, system ? "x86_64-linux", extraModules ? [ ] }:
@@ -73,61 +42,44 @@ let
{ networking.hostName = hostName; }
];
};
# Function to generate a set of hosts
mkHostGroup = { prefix, count, system ? "x86_64-linux", extraModules ? [], deviceOverrides ? {} }:
lib.listToAttrs (map (i: {
name = "${prefix}${toString i}";
value = mkHost {
hostName = "${prefix}${toString i}";
inherit system;
extraModules = extraModules ++
(lib.optional (builtins.hasAttr (toString i) deviceOverrides)
({ ... }:
let
devConf = deviceOverrides.${toString i};
fsConf = builtins.removeAttrs devConf [ "extraUsers" ];
in {
host.filesystem = fsConf;
modules.users.enabledUsers = devConf.extraUsers or [];
}
)
);
};
}) (lib.range 1 count));
# Generate host groups based on the input hosts configuration
hostGroups = lib.mapAttrsToList (type: config:
let
typeFile = ./types + "/${type}.nix";
modules = if builtins.pathExists typeFile
then import typeFile { inherit inputs; }
else throw "Host type '${type}' not found in hosts/types/";
in
mkHostGroup {
prefix = type;
inherit (config) count;
extraModules = modules;
deviceOverrides = config.devices or {};
}
) hosts;
in
{
nix-laptop1 = mkHost {
hostName = "nix-laptop1";
system = "x86_64-linux";
extraModules = [
./nix-laptop.nix
];
};
nix-laptop2 = mkHost {
hostName = "nix-laptop2";
system = "x86_64-linux";
extraModules = [
./nix-laptop.nix
../sw.nix
];
};
nix-desktop1 = mkHost {
hostName = "nix-desktop1";
system = "x86_64-linux";
extraModules = [
./nix-desktop.nix
../sw.nix
];
};
nix-surface1 = mkHost {
hostName = "nix-surface1";
system = "x86_64-linux";
extraModules = [
./nix-surface.nix
../sw-kiosk.nix
inputs.nixos-hardware.nixosModules.microsoft-surface-go
];
};
nix-surface2 = mkHost {
hostName = "nix-surface2";
system = "x86_64-linux";
extraModules = [
./nix-surface.nix
../sw-kiosk.nix
inputs.nixos-hardware.nixosModules.microsoft-surface-go
];
};
nix-surface3 = mkHost {
hostName = "nix-surface3";
system = "x86_64-linux";
extraModules = [
./nix-surface.nix
../sw-kiosk.nix
inputs.nixos-hardware.nixosModules.microsoft-surface-go
];
};
}
lib.foldl' lib.recursiveUpdate {} hostGroups

23
hosts/nix-desktop.nix
View File

@@ -1,23 +0,0 @@
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
disko.devices.disk.main.content.partitions.swap.size = "16G";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

36
hosts/nix-laptop.nix
View File

@@ -1,36 +0,0 @@
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
"i915.enable_psr=0"
"i915.enable_dc=0"
"i915.enable_fbc=0"
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Suspend / logind behavior
services.upower.enable = true;
services.logind.settings = {
Login = {
HandleLidSwitch = "suspend";
HandleLidSwitchExternalPower = "suspend";
HandleLidSwitchDocked = "ignore";
};
};
}

38
hosts/nix-surface.nix
View File

@@ -1,38 +0,0 @@
{ config, lib, pkgs, inputs, modulesPath, ... }:
let
refSystem = inputs.nixpkgs-old-kernel.lib.nixosSystem {
system = pkgs.stdenv.hostPlatform.system;
modules = [ inputs.nixos-hardware.nixosModules.microsoft-surface-go ];
};
refKernelPackages = refSystem.config.boot.kernelPackages;
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
"intel_ipu3_imgu"
"intel_ipu3_isys"
"fbcon=map:1"
"i915.enable_psr=0" # Panel Self Refresh breaks resume on Surface
"i915.enable_dc=0"
];
boot.kernelPackages = lib.mkForce refKernelPackages;
disko.devices.disk.main.content.partitions.swap.size = "8G";
disko.devices.disk.main.device = "/dev/mmcblk0";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

24
hosts/types/nix-desktop.nix Normal file
View File

@@ -0,0 +1,24 @@
{ inputs, ... }: [
({ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
host.filesystem.swapSize = lib.mkDefault "16G";
host.filesystem.device = lib.mkDefault "/dev/nvme0n1";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
})
{ modules.sw.enable = true; modules.sw.type = "desktop"; }
]

37
hosts/types/nix-laptop.nix Normal file
View File

@@ -0,0 +1,37 @@
{ inputs, ... }: [
({ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
"i915.enable_psr=0"
"i915.enable_dc=0"
"i915.enable_fbc=0"
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
host.filesystem.device = lib.mkDefault "/dev/nvme0n1";
host.filesystem.swapSize = lib.mkDefault "34G";
# Suspend / logind behavior
services.upower.enable = true;
services.logind.settings = {
Login = {
HandleLidSwitch = "suspend";
HandleLidSwitchExternalPower = "suspend";
HandleLidSwitchDocked = "ignore";
};
};
})
{ modules.sw.enable = true; modules.sw.type = "desktop"; }
]

40
hosts/types/nix-surface.nix Normal file
View File

@@ -0,0 +1,40 @@
{ inputs, ... }: [
({ config, lib, pkgs, modulesPath, ... }:
let
refSystem = inputs.nixpkgs-old-kernel.lib.nixosSystem {
system = pkgs.stdenv.hostPlatform.system;
modules = [ inputs.nixos-hardware.nixosModules.microsoft-surface-go ];
};
refKernelPackages = refSystem.config.boot.kernelPackages;
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
"intel_ipu3_imgu"
"intel_ipu3_isys"
"fbcon=map:1"
"i915.enable_psr=0" # Panel Self Refresh breaks resume on Surface
"i915.enable_dc=0"
];
boot.kernelPackages = lib.mkForce refKernelPackages;
host.filesystem.swapSize = lib.mkDefault "8G";
host.filesystem.device = lib.mkDefault "/dev/mmcblk0";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
})
inputs.nixos-hardware.nixosModules.microsoft-surface-go
{ modules.sw.enable = true; modules.sw.type = "kiosk"; }
]

79
hosts/user-config.nix Normal file
View File

@@ -0,0 +1,79 @@
{ pkgs, config, lib, ... }:
let
userSubmodule = lib.types.submodule {
options = {
isNormalUser = lib.mkOption { type = lib.types.bool; default = true; };
description = lib.mkOption { type = lib.types.str; default = ""; };
extraGroups = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; };
hashedPassword = lib.mkOption { type = lib.types.str; default = "!"; };
extraPackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; };
excludePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; };
homePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; };
extraImports = lib.mkOption { type = lib.types.listOf lib.types.path; default = []; };
flakeUrl = lib.mkOption { type = lib.types.str; default = ""; description = "URL of a flake to import Home Manager configuration from (e.g. github:user/dotfiles)."; };
opensshKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; description = "List of SSH public keys for the user."; };
};
};
in
{
options.modules.users = {
shell = lib.mkOption {
type = lib.types.package;
default = pkgs.zsh;
description = "The default shell for users.";
};
accounts = lib.mkOption {
type = lib.types.attrsOf userSubmodule;
default = {};
description = "User accounts configuration.";
};
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "List of users to enable on this system.";
};
};
config = {
modules.users.enabledUsers = [ "root" "engr-ugaif" ];
# Generate NixOS users
users.users =
let
enabledAccounts = lib.filterAttrs (name: _: lib.elem name config.modules.users.enabledUsers) config.modules.users.accounts;
in
lib.mapAttrs (name: user:
let
isPlasma6 = config.services.desktopManager.plasma6.enable;
defaultPackages = lib.optionals (isPlasma6 && name != "root") [ pkgs.kdePackages.kate ];
finalPackages = lib.subtractLists user.excludePackages (defaultPackages ++ user.extraPackages);
in
{
inherit (user) isNormalUser description extraGroups hashedPassword;
openssh.authorizedKeys.keys = user.opensshKeys;
packages = finalPackages;
shell = config.modules.users.shell;
}
) enabledAccounts;
# Home Manager configs per user
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit osConfig; };
users =
let
enabledAccounts = lib.filterAttrs (name: _: lib.elem name config.modules.users.enabledUsers) config.modules.users.accounts;
in
lib.mapAttrs (name: user: { ... }: {
imports = user.extraImports ++
(lib.optional (user.flakeUrl != "") (builtins.getFlake user.flakeUrl).homeManagerModules.default);
home.username = name;
home.homeDirectory = if name == "root" then "/root" else "/home/${name}";
home.stateVersion = "25.11";
home.packages = user.homePackages;
}) enabledAccounts;
};
};
}