aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Standardize formatting using the Nix RFC style, even though it means using spaces 🤢

Browse source
This commit is contained in:
Aires 2024-05-07 18:02:59 -04:00
parent f0ddde868d
commit 0a412d6f26
50 changed files with 2049 additions and 1770 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

218
flake.nix
View file

@ -1,116 +1,132 @@
# Based on the Auxolotl template: https://github.com/auxolotl/templates # Based on the Auxolotl template: https://github.com/auxolotl/templates
# For info on Flakes, see: https://nixos-and-flakes.thiscute.world/nixos-with-flakes/nixos-with-flakes-enabled # For info on Flakes, see: https://nixos-and-flakes.thiscute.world/nixos-with-flakes/nixos-with-flakes-enabled
{ {
description = "Aires' system Flake"; description = "Aires' system Flake";
inputs = {
# Track base packages against unstable
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# Replace Nix with Lix: https://lix.systems/ inputs = {
lix = { # Track base packages against unstable
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
# SecureBoot support # Replace Nix with Lix: https://lix.systems/
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0"; lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Flatpak support # SecureBoot support
nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1"; lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
# Hardware configurations # Flatpak support
nixos-hardware.url = "github:NixOS/nixos-hardware"; nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1";
# Home-manager # Hardware configurations
home-manager = { nixos-hardware.url = "github:NixOS/nixos-hardware";
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
};
# TODO: Add Disko - https://github.com/nix-community/disko
};
outputs = inputs@{ self, nixpkgs, lanzaboote, nix-flatpak, home-manager, nixos-hardware, lix-module, ... }: # Home-manager
let home-manager = {
forAllSystems = function: url = "github:nix-community/home-manager/master";
nixpkgs.lib.genAttrs [ inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
"x86_64-linux" };
"aarch64-linux"
] (system: function nixpkgs.legacyPackages.${system});
config.allowUnfree = true;
# Define shared modules and imports
defaultModules = {
base = [
{ _module.args = { inherit inputs; }; }
./hosts/default.nix
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager {
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
};
in {
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
nixosConfigurations = {
Dimaga = nixpkgs.lib.nixosSystem { # TODO: Add Disko - https://github.com/nix-community/disko
system = "x86_64-linux"; };
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga
];
};
Haven = nixpkgs.lib.nixosSystem { outputs =
system = "x86_64-linux"; inputs@{
modules = defaultModules.base ++ [ self,
nixos-hardware.nixosModules.common-cpu-amd-pstate nixpkgs,
./hosts/Haven lanzaboote,
]; nix-flatpak,
}; home-manager,
nixos-hardware,
lix-module,
...
}:
let
forAllSystems =
function:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system: function nixpkgs.legacyPackages.${system});
config.allowUnfree = true;
Khanda = nixpkgs.lib.nixosSystem { # Define shared modules and imports
system = "x86_64-linux"; defaultModules = {
modules = defaultModules.base ++ [ base = [
nixos-hardware.nixosModules.microsoft-surface-pro-intel {
./hosts/Khanda _module.args = {
]; inherit inputs;
}; };
}
./hosts/default.nix
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager
{
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
};
in
{
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
nixosConfigurations = {
Pihole = nixpkgs.lib.nixosSystem { Dimaga = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules.base ++ [
nixos-hardware.nixosModules.raspberry-pi-4 nixos-hardware.nixosModules.common-cpu-intel
./hosts/Pihole ./hosts/Dimaga
]; ];
}; };
Shura = nixpkgs.lib.nixosSystem { Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules.base ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Shura ./hosts/Haven
]; ];
}; };
};
};
}
Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-intel
./hosts/Khanda
];
};
Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole
];
};
Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura
];
};
};
};
}

71
hosts/Dimaga/default.nix
View file

@ -1,39 +1,40 @@
{ pkgs, ... }: { { pkgs, ... }:
imports = [ ./hardware-configuration.nix ]; {
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
host = { host = {
role = "workstation"; role = "workstation";
apps = { apps = {
development.enable = true; development.enable = true;
kdeconnect.enable = true; kdeconnect.enable = true;
media.enable = true; media.enable = true;
office.enable = true; office.enable = true;
writing.enable = true; writing.enable = true;
}; };
ui = { ui = {
flatpak.enable = true; flatpak.enable = true;
gnome.enable = true; gnome.enable = true;
}; };
users = { users = {
aires = { aires = {
enable = true; enable = true;
autologin = true; autologin = true;
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
autostart = true; autostart = true;
enableTray = false; enableTray = false;
}; };
}; };
}; };
}; };
}; };
# Configure the virtual machine created by nixos-rebuild build-vm # Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = { virtualisation.vmVariant.virtualisation = {
memorySize = 2048; memorySize = 2048;
cores = 2; cores = 2;
}; };
} }

93
hosts/Dimaga/hardware-configuration.nix
View file

@ -1,49 +1,62 @@
# Surface Laptop Go 1st gen # Surface Laptop Go 1st gen
{ config, lib, pkgs, modulesPath, ... }: { {
imports = [ config,
(modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; availableKernelModules = [
kernelModules = [ ]; "xhci_pci"
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38"; "nvme"
}; "usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
};
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24"; device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ]; options = [ "subvol=@,compress=zstd" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/0C53-A645"; device = "/dev/disk/by-uuid/0C53-A645";
fsType = "vfat"; fsType = "vfat";
}; };
}; };
swapDevices = [{ swapDevices = [
device = "/swapfile"; {
size = 4096; device = "/swapfile";
}]; size = 4096;
}
];
networking = { networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
# Set the hostname. # Set the hostname.
hostName = "Dimaga"; hostName = "Dimaga";
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

120
hosts/Haven/default.nix
View file

@ -1,69 +1,73 @@
{ pkgs, home-manager, lib, config, ... }: {
pkgs,
home-manager,
lib,
config,
...
}:
let let
start-haven = pkgs.writeShellScriptBin "start-haven" (builtins.readFile ./start-haven.sh); start-haven = pkgs.writeShellScriptBin "start-haven" (builtins.readFile ./start-haven.sh);
in in
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false; system.autoUpgrade.enable = lib.mkForce false;
host = { host = {
role = "server"; role = "server";
apps.development.kubernetes.enable = true; apps.development.kubernetes.enable = true;
services = { services = {
apcupsd.enable = true; apcupsd.enable = true;
duplicacy-web = { duplicacy-web = {
enable = true; enable = true;
autostart = false; autostart = false;
environment = "${config.users.users.aires.home}"; environment = "${config.users.users.aires.home}";
}; };
k3s = { k3s = {
enable = true; enable = true;
role = "server"; role = "server";
}; };
msmtp.enable = true; msmtp.enable = true;
}; };
users = { users = {
aires = { aires = {
enable = true; enable = true;
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
autostart = false; autostart = false;
}; };
}; };
}; };
media.enable = true; media.enable = true;
}; };
}; };
# Enable SSH # Enable SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 33105 ]; ports = [ 33105 ];
settings = { settings = {
# require public key authentication for better security # require public key authentication for better security
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PubkeyAuthentication = true; PubkeyAuthentication = true;
PermitRootLogin = "without-password";
};
};
# Enable mdadm and Sapana (RAID 5 primary storage) PermitRootLogin = "without-password";
boot.swraid = { };
enable = true; };
# mdadmConf configured in nix-secrets
};
# Open port for OpenVPN # Enable mdadm and Sapana (RAID 5 primary storage)
networking.firewall.allowedUDPPorts = [ 1194 ]; boot.swraid = {
enable = true;
# mdadmConf configured in nix-secrets
};
# Add script for booting Haven # Open port for OpenVPN
environment.systemPackages = [ networking.firewall.allowedUDPPorts = [ 1194 ];
start-haven
]; # Add script for booting Haven
environment.systemPackages = [ start-haven ];
} }

102
hosts/Haven/hardware-configuration.nix
View file

@ -1,51 +1,67 @@
# Minisforum UM340 # Minisforum UM340
{ config, lib, pkgs, modulesPath, ... }: { {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") ]; lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
initrd = { initrd = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "btrfs" ]; availableKernelModules = [
kernelModules = [ ]; "nvme"
}; "xhci_pci"
}; "ahci"
"usb_storage"
"usbhid"
"sd_mod"
"btrfs"
];
kernelModules = [ ];
};
};
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a"; device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ]; options = [ "subvol=@,compress=zstd" ];
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a"; device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ]; options = [ "subvol=@home,compress=zstd" ];
}; };
"/swap" = { "/swap" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a"; device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@swap" ]; options = [ "subvol=@swap" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/0120-A755"; device = "/dev/disk/by-uuid/0120-A755";
fsType = "vfat"; fsType = "vfat";
}; };
}; };
swapDevices = [{ swapDevices = [
device = "/swap/swapfile"; {
size = 16384; device = "/swap/swapfile";
}]; size = 16384;
}
];
networking = { networking = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
hostName = "Haven"; hostName = "Haven";
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

79
hosts/Khanda/default.nix
View file

@ -1,44 +1,45 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }:
imports = [ ./hardware-configuration.nix ]; {
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false; system.autoUpgrade.enable = lib.mkForce false;
host = { host = {
role = "workstation"; role = "workstation";
apps = { apps = {
development.enable = true; development.enable = true;
kdeconnect.enable = true; kdeconnect.enable = true;
media.enable = true; media.enable = true;
office.enable = true; office.enable = true;
social.enable = true; social.enable = true;
writing.enable = true; writing.enable = true;
}; };
ui = { ui = {
flatpak.enable = true; flatpak.enable = true;
gnome.enable = true; gnome.enable = true;
}; };
users = { users = {
aires = { aires = {
enable = true; enable = true;
autologin = true; autologin = true;
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
autostart = true; autostart = true;
enableTray = false; enableTray = false;
}; };
}; };
}; };
}; };
}; };
# Build remotely # Build remotely
nix.distributedBuilds = true; nix.distributedBuilds = true;
# Configure the virtual machine created by nixos-rebuild build-vm # Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = { virtualisation.vmVariant.virtualisation = {
memorySize = 2048; memorySize = 2048;
cores = 2; cores = 2;
}; };
} }

135
hosts/Khanda/hardware-configuration.nix
View file

@ -1,56 +1,103 @@
# Surface Pro 9 # Surface Pro 9
{ config, lib, pkgs, modulesPath, ... }: { {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "tpm_crb" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "surface_kbd" "pinctrl_tigerlake" ]; availableKernelModules = [
kernelModules = [ "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ]; "surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"tpm_crb"
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
"surface_kbd"
"pinctrl_tigerlake"
];
kernelModules = [
"tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"surface_hid"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"surface_kbd"
"pinctrl_tigerlake"
];
luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = { luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = {
device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1"; device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1";
crypttabExtraOpts = [ "tpm2-device=auto" ]; crypttabExtraOpts = [ "tpm2-device=auto" ];
}; };
}; };
kernelModules = [ "kvm-intel" "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ]; kernelModules = [
extraModulePackages = [ ]; "kvm-intel"
}; "tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"surface_hid"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"surface_kbd"
"pinctrl_tigerlake"
];
extraModulePackages = [ ];
};
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58"; device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ]; options = [ "subvol=@,compress=zstd" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/DD2A-9C83"; device = "/dev/disk/by-uuid/DD2A-9C83";
fsType = "vfat"; fsType = "vfat";
}; };
}; };
swapDevices = [ swapDevices = [ { device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; } ];
{ device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; }
];
networking = { networking = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
hostName = "Khanda"; hostName = "Khanda";
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Install/configure additional drivers, particularly for touch # Install/configure additional drivers, particularly for touch
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ libwacom-surface ];
libwacom-surface microsoft-surface = {
]; ipts.enable = true;
microsoft-surface = { surface-control.enable = true;
ipts.enable = true; };
surface-control.enable = true;
};
# FIXME: Use default kernel to avoid full kernel rebuilds # NOTE: Use a default kernel to skip full kernel rebuilds
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
} }

57
hosts/Pihole/default.nix
View file

@ -1,36 +1,37 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }:
imports = [ ./hardware-configuration.nix ]; {
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
host = { host = {
role = "server"; role = "server";
users.aires.enable = true; users.aires.enable = true;
boot.enable = false; boot.enable = false;
}; };
networking.hostName = "Pihole"; networking.hostName = "Pihole";
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libraspberrypi libraspberrypi
raspberrypifw raspberrypifw
raspberrypi-eeprom raspberrypi-eeprom
linuxKernel.kernels.linux_rpi4 linuxKernel.kernels.linux_rpi4
]; ];
# Connect to the network automagically # Connect to the network automagically
networking.networkmanager.enable = lib.mkForce false; networking.networkmanager.enable = lib.mkForce false;
# Enable SSH # Enable SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 33105 ]; ports = [ 33105 ];
settings = { settings = {
PasswordAuthentication = true; PasswordAuthentication = true;
AllowUsers = ["aires"]; AllowUsers = [ "aires" ];
PermitRootLogin = "no"; PermitRootLogin = "no";
}; };
}; };
} }

67
hosts/Pihole/hardware-configuration.nix
View file

@ -1,42 +1,49 @@
# Raspberry Pi 4B # Raspberry Pi 4B
# See https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4 # See https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4
{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
config,
lib,
pkgs,
modulesPath,
nixos-hardware,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.loader = lib.mkForce { boot.loader = lib.mkForce {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
}; };
#boot.kernelParams = [ #boot.kernelParams = [
# "console=serial0,115200n8" # "console=serial0,115200n8"
#]; #];
fileSystems ."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [{ swapDevices = [
device = "/swapfile"; {
size = 2048; device = "/swapfile";
}]; size = 2048;
}
];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true; networking.wireless.enable = true;
hardware = { hardware = {
raspberry-pi."4" = { raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true; apply-overlays-dtmerge.enable = true;
}; };
deviceTree = { deviceTree = {
enable = true; enable = true;
filter = "*rpi-4-*.dtb"; filter = "*rpi-4-*.dtb";
}; };
}; };
} }

137
hosts/Shura/default.nix
View file

@ -1,72 +1,83 @@
{ config, pkgs, lib, ... }: {
let config,
# Copy bluetooth device configs pkgs,
shure-aonic-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/shure-aonic-bluetooth-params); lib,
xbox-elite-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/xbox-elite-controller-bluetooth-params); ...
mano-touchpad-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params); }:
let
# Copy bluetooth device configs
shure-aonic-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/shure-aonic-bluetooth-params
);
xbox-elite-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/xbox-elite-controller-bluetooth-params
);
mano-touchpad-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params
);
# Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4 # Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4
monitorsXmlContent = builtins.readFile ./monitors.xml; monitorsXmlContent = builtins.readFile ./monitors.xml;
monitorsConfig = pkgs.writeText "gdm_monitors.xml" monitorsXmlContent; monitorsConfig = pkgs.writeText "gdm_monitors.xml" monitorsXmlContent;
in in
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
host = { host = {
role = "workstation"; role = "workstation";
apps = { apps = {
development = { development = {
enable = true; enable = true;
kubernetes.enable = true; kubernetes.enable = true;
}; };
dj.enable = true; dj.enable = true;
gaming.enable = true; gaming.enable = true;
kdeconnect.enable = true; kdeconnect.enable = true;
media.enable = true; media.enable = true;
office.enable = true; office.enable = true;
recording.enable = true; recording.enable = true;
social.enable = true; social.enable = true;
writing.enable = true; writing.enable = true;
}; };
ui = { ui = {
flatpak.enable = true; flatpak.enable = true;
gnome.enable = true; gnome.enable = true;
}; };
users = { users = {
aires = { aires = {
enable = true; enable = true;
services.syncthing = { services.syncthing = {
enable = true; enable = true;
enableTray = false; # Recent versions of STT don't recognize Gnome's tray. Uninstalling for now. enableTray = false; # Recent versions of STT don't recognize Gnome's tray. Uninstalling for now.
}; };
}; };
gremlin = { gremlin = {
enable = true; enable = true;
services.syncthing = { services.syncthing = {
enable = true; enable = true;
enableTray = false; enableTray = false;
}; };
}; };
}; };
}; };
# Move files into target system # Move files into target system
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# Use gremlin user's monitor config for GDM (defined above) # Use gremlin user's monitor config for GDM (defined above)
"L+ /run/gdm/.config/monitors.xml - - - - ${monitorsConfig}" "L+ /run/gdm/.config/monitors.xml - - - - ${monitorsConfig}"
# Install Bluetooth device profiles # Install Bluetooth device profiles
"d /var/lib/bluetooth/AC:50:DE:9F:AB:88/ 0700 root root" # First, make sure the directory exists "d /var/lib/bluetooth/AC:50:DE:9F:AB:88/ 0700 root root" # First, make sure the directory exists
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}"
]; ];
# Configure the virtual machine created by nixos-rebuild build-vm # Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = { virtualisation.vmVariant.virtualisation = {
memorySize = 4096; memorySize = 4096;
cores = 4; cores = 4;
}; };
} }

137
hosts/Shura/hardware-configuration.nix
View file

@ -1,68 +1,89 @@
# Lenovo Legion Slim 7 Gen 7 AMD (16ARHA7) # Lenovo Legion Slim 7 Gen 7 AMD (16ARHA7)
{ config, lib, pkgs, modulesPath, ... }: { {
imports = [ config,
(modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Configure the kernel. # Configure the kernel.
boot = { boot = {
# First, install the latest Zen kernel # First, install the latest Zen kernel
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
# Hardware defaults detected by nixos-generate-configuration # Hardware defaults detected by nixos-generate-configuration
initrd = { initrd = {
# SystemD in the initrd is required for TPM auto-unlocking. # SystemD in the initrd is required for TPM auto-unlocking.
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2 # See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
# If the LUKS volume is recently created, run this command to bind it to the TPM: # If the LUKS volume is recently created, run this command to bind it to the TPM:
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device> # sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
systemd.enable = true; systemd.enable = true;
availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "tpm_crb" ]; availableKernelModules = [
kernelModules = [ "amdgpu" "tpm_crb" ]; "nvme"
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = { "xhci_pci"
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248"; "usbhid"
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking "usb_storage"
}; "sd_mod"
}; "rtsx_pci_sdmmc"
"tpm_crb"
kernelModules = [ "kvm-amd" ]; ];
}; kernelModules = [
"amdgpu"
"tpm_crb"
];
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
};
fileSystems = { kernelModules = [ "kvm-amd" ];
"/" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7"; };
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
swapDevices = [{ fileSystems = {
device = "/swap/swapfile"; "/" = {
size = 16384; device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
}]; fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
networking = { swapDevices = [
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking {
# (the default) this is the recommended approach. When using systemd-networkd it's device = "/swap/swapfile";
# still possible to use this option, but it's recommended to use it in conjunction size = 16384;
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. }
useDHCP = lib.mkDefault true; ];
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
# Set the hostname. networking = {
hostName = "Shura"; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
}; # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; # Set the hostname.
hostName = "Shura";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

27
hosts/default.nix
View file

@ -1,15 +1,16 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let let
# Fetch secrets # Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first! # IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit { nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets"; url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main"; ref = "main";
rev = "55fc814d477d956ab885e157f24c2d43f433dc7a"; rev = "55fc814d477d956ab885e157f24c2d43f433dc7a";
}; };
in{ in
imports = [ {
"${nix-secrets}/default.nix" imports = [
../modules/autoimport.nix "${nix-secrets}/default.nix"
]; ../modules/autoimport.nix
];
} }

63
modules/apps/development.nix
View file

@ -1,36 +1,41 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.host.apps.development; cfg = config.host.apps.development;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.development = { host.apps.development = {
enable = mkEnableOption (mdDoc "Enables development tools"); enable = mkEnableOption (mdDoc "Enables development tools");
kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools."); kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools.");
}; };
}; };
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [
"com.vscodium.codium" "com.vscodium.codium"
"dev.k8slens.OpenLens" "dev.k8slens.OpenLens"
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
statix # Nix linting tool statix # Nix linting tool
]; ];
}) })
(mkIf cfg.kubernetes.enable { (mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kubectl kubectl
kubernetes-helm kubernetes-helm
kubevirt # Virtctl command-line tool kubevirt # Virtctl command-line tool
]; ];
}) })
]; ];
} }

22
modules/apps/dj.nix
View file

@ -1,19 +1,17 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.host.apps.dj; cfg = config.host.apps.dj;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)"); host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [ "org.mixxx.Mixxx" ];
"org.mixxx.Mixxx" };
]; }
};
}

41
modules/apps/gaming.nix
View file

@ -1,27 +1,32 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
# Gaming-related settings # Gaming-related settings
let let
cfg = config.host.apps.gaming; cfg = config.host.apps.gaming;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features"); host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [
"gg.minion.Minion" "gg.minion.Minion"
"com.valvesoftware.Steam" "com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer" "org.firestormviewer.FirestormViewer"
]; ];
# Enable Xbox controller driver (XPadNeo) # Enable Xbox controller driver (XPadNeo)
boot = { boot = {
extraModulePackages = with config.boot.kernelPackages; [ xpadneo ]; extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
kernelModules = [ "hid_xpadneo" ]; kernelModules = [ "hid_xpadneo" ];
}; };
}; };
} }

43
modules/apps/kdeconnect.nix
View file

@ -1,22 +1,35 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.apps.kdeconnect; cfg = config.host.apps.kdeconnect;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect"); host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ gnomeExtensions.gsconnect ];
gnomeExtensions.gsconnect
];
networking.firewall = { networking.firewall = {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; allowedTCPPortRanges = [
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; {
}; from = 1714;
}; to = 1764;
} }
];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
};
};
}

42
modules/apps/media.nix
View file

@ -1,28 +1,28 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.host.apps.media; cfg = config.host.apps.media;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps"); host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak = { services.flatpak = {
packages = [ packages = [
"com.calibre_ebook.calibre" "com.calibre_ebook.calibre"
"com.github.unrud.VideoDownloader" "com.github.unrud.VideoDownloader"
"io.github.celluloid_player.Celluloid" "io.github.celluloid_player.Celluloid"
"org.kde.krita" "org.kde.krita"
"org.kde.KStyle.Adwaita//5.15-23.08" # Retrieved from https://docs.flatpak.org/en/latest/desktop-integration.html "org.kde.KStyle.Adwaita//5.15-23.08" # Retrieved from https://docs.flatpak.org/en/latest/desktop-integration.html
"org.kde.KStyle.Adwaita//6.6" "org.kde.KStyle.Adwaita//6.6"
"org.kde.WaylandDecoration.QAdwaitaDecorations//5.15-23.08" # Replaced deprecated QGnomePlatform https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications "org.kde.WaylandDecoration.QAdwaitaDecorations//5.15-23.08" # Replaced deprecated QGnomePlatform https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications
"org.kde.WaylandDecoration.QAdwaitaDecorations//6.6" "org.kde.WaylandDecoration.QAdwaitaDecorations//6.6"
]; ];
}; };
}; };
} }

24
modules/apps/office.nix
View file

@ -1,20 +1,20 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.host.apps.office; cfg = config.host.apps.office;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps"); host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [
"org.libreoffice.LibreOffice" "org.libreoffice.LibreOffice"
"us.zoom.Zoom" "us.zoom.Zoom"
]; ];
}; };
} }

56
modules/apps/recording.nix
View file

@ -1,36 +1,36 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.host.apps.recording; cfg = config.host.apps.recording;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools"); host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak = { services.flatpak = {
packages = [ packages = [
"com.obsproject.Studio" "com.obsproject.Studio"
"com.obsproject.Studio.Plugin.DroidCam" "com.obsproject.Studio.Plugin.DroidCam"
"org.kde.kdenlive" "org.kde.kdenlive"
]; ];
}; };
# Add a virtual camera to use with Droidcam # Add a virtual camera to use with Droidcam
boot = { boot = {
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ]; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ];
kernelModules = [ "v4l2loopback" ]; kernelModules = [ "v4l2loopback" ];
# Note on v4l2loopback kernel module parameters: # Note on v4l2loopback kernel module parameters:
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming. This MUST be set to 1 for Chrome to detect virtual cameras. # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming. This MUST be set to 1 for Chrome to detect virtual cameras.
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback # https://github.com/umlaeute/v4l2loopback
extraModprobeConfig = '' extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
''; '';
}; };
}; };
} }

35
modules/apps/social.nix
View file

@ -1,24 +1,27 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.apps.social; cfg = config.host.apps.social;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps"); host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1 # Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
beeper beeper
]; ];
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [ "com.discordapp.Discord" ];
"com.discordapp.Discord" };
];
};
} }

31
modules/apps/tmux.nix
View file

@ -1,19 +1,24 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.apps.tmux; cfg = config.host.apps.tmux;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer"); host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.tmux = { programs.tmux = {
enable = true; enable = true;
newSession = true; newSession = true;
clock24 = true; clock24 = true;
}; };
}; };
} }

49
modules/apps/writing.nix
View file

@ -1,29 +1,34 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.apps.writing; cfg = config.host.apps.writing;
in in
with lib; with lib;
{ {
options = { options = {
host.apps.writing.enable = mkEnableOption (mdDoc "Enables writing and editing tools"); host.apps.writing.enable = mkEnableOption (mdDoc "Enables writing and editing tools");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Install packages for building ebooks # Install packages for building ebooks
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
haskellPackages.pandoc haskellPackages.pandoc
haskellPackages.pandoc-cli haskellPackages.pandoc-cli
haskellPackages.pandoc-crossref haskellPackages.pandoc-crossref
texliveSmall texliveSmall
]; ];
# Spelling and grammer checking: hosted on localhost:8081 # Spelling and grammer checking: hosted on localhost:8081
services.languagetool = { services.languagetool = {
enable = true; enable = true;
port = 8090; port = 8090;
public = false; public = false;
allowOrigin = "*"; allowOrigin = "*";
}; };
}; };
} }

37
modules/autoimport.nix
View file

@ -3,24 +3,27 @@
{ lib, ... }: { lib, ... }:
with lib; with lib;
let let
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir = dir: mapAttrs getDir =
(file: type: dir:
if type == "directory" then getDir "${dir}/${file}" else type mapAttrs (file: type: if type == "directory" then getDir "${dir}/${file}" else type) (
) builtins.readDir dir
(builtins.readDir dir); );
# Collects all files of a directory as a list of strings of paths # Collects all files of a directory as a list of strings of paths
files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); files =
dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir));
# Filters out directories that belong to home-manager, and don't end with .nix or are this file. # Filters out directories that belong to home-manager, and don't end with .nix or are this file.
# Also, make the strings absolute # Also, make the strings absolute
validFiles = dir: map validFiles =
(file: ./. + "/${file}") dir:
(filter map (file: ./. + "/${file}") (
(file: ! hasInfix "home-manager" file && file != "autoimport.nix" && hasSuffix ".nix" file) filter (file: !hasInfix "home-manager" file && file != "autoimport.nix" && hasSuffix ".nix" file) (
(files dir)); files dir
)
);
in in
{ {
imports = validFiles ./.; imports = validFiles ./.;
} }

55
modules/base/bluetooth.nix
View file

@ -1,34 +1,37 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.host.ui.bluetooth; cfg = config.host.ui.bluetooth;
in in
with lib; with lib;
{ {
options = { options = {
host.ui.bluetooth = { host.ui.bluetooth = {
enable = mkEnableOption (mdDoc "Enables bluetooth"); enable = mkEnableOption (mdDoc "Enables bluetooth");
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Set up Bluetooth # Set up Bluetooth
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
settings = { settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
Experimental = true; Experimental = true;
KernelExperimental = true; KernelExperimental = true;
}; };
}; };
}; };
# Add Bluetooth LE audio support # Add Bluetooth LE audio support
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ liblc3 ];
liblc3 };
]; }
};
}

105
modules/base/bootloader.nix
View file

@ -1,62 +1,67 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
# Bootloader # Bootloader
let let
cfg = config.host.boot; cfg = config.host.boot;
in in
with lib; with lib;
{ {
options = { options = {
host.boot = { host.boot = {
enable = mkOption { enable = mkOption {
description = "Automatically configures the bootloader. Set to false to configure manually."; description = "Automatically configures the bootloader. Set to false to configure manually.";
type = types.bool; type = types.bool;
default = true; default = true;
}; };
secureboot.enable = mkOption {
description = "Enables Secureboot";
type = types.bool;
default = true;
};
};
};
config = mkIf cfg.enable (mkMerge[ secureboot.enable = mkOption {
(mkIf cfg.secureboot.enable { description = "Enables Secureboot";
boot = { type = types.bool;
# Enable Secure Boot default = true;
bootspec.enable = true; };
};
# Disable systemd-boot. We lanzaboote now. };
loader.systemd-boot.enable = false;
loader.efi.canTouchEfiVariables = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# Increase bootloader font size config = mkIf cfg.enable (mkMerge [
lanzaboote.settings.console-mode = "auto"; (mkIf cfg.secureboot.enable {
}; boot = {
# Enable Secure Boot
bootspec.enable = true;
# Set up TPM. See https://nixos.wiki/wiki/TPM # Disable systemd-boot. We lanzaboote now.
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module loader.systemd-boot.enable = false;
environment.systemPackages = with pkgs; [ tpm2-tss ]; loader.efi.canTouchEfiVariables = true;
security.tpm2 = { lanzaboote = {
enable = true; enable = true;
pkcs11.enable = true; pkiBundle = "/etc/secureboot";
tctiEnvironment.enable = true; };
};
})
# Plain boot # Increase bootloader font size
(mkIf (!cfg.secureboot.enable) { lanzaboote.settings.console-mode = "auto";
boot = { };
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; # Set up TPM. See https://nixos.wiki/wiki/TPM
}; # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
}) environment.systemPackages = with pkgs; [ tpm2-tss ];
]); security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
})
# Plain boot
(mkIf (!cfg.secureboot.enable) {
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
})
]);
} }

16
modules/base/network.nix
View file

@ -1,10 +1,10 @@
_: { _: {
networking = { networking = {
# Enable networking via NetworkManager # Enable networking via NetworkManager
networkmanager.enable = true; networkmanager.enable = true;
# Enable firewall # Enable firewall
nftables.enable = true; nftables.enable = true;
firewall.enable = true; firewall.enable = true;
}; };
} }

86
modules/base/nix.nix
View file

@ -1,45 +1,57 @@
# Nix configuration # Nix configuration
{ pkgs, config, lib, inputs, ... }: { {
nix = { pkgs,
settings = { config,
# Enable Flakes lib,
experimental-features = [ "nix-command" "flakes" ]; inputs,
...
}:
{
nix = {
settings = {
# Enable Flakes
experimental-features = [
"nix-command"
"flakes"
];
# Use Lix instead of Nix # Use Lix instead of Nix
extra-substituters = [ "https://cache.lix.systems" ]; extra-substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Avoid signature verification messages when doing remote builds # Avoid signature verification messages when doing remote builds
trusted-users = [ "${config.users.users.aires.name}" ]; trusted-users = [ "${config.users.users.aires.name}" ];
}; };
# Enable periodic nix store optimization # Enable periodic nix store optimization
optimise.automatic = true; optimise.automatic = true;
# Configure NixOS to use the same software channel as Flakes # Configure NixOS to use the same software channel as Flakes
registry = lib.mapAttrs (_: value: { flake = value; }) inputs; registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# Configure remote build machines (mainly Haven) # Configure remote build machines (mainly Haven)
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
buildMachines = [{ buildMachines = [
hostName = "haven"; {
systems = [ hostName = "haven";
"x86_64-linux" systems = [
"aarch64-linux" "x86_64-linux"
]; "aarch64-linux"
protocol = "ssh-ng"; ];
supportedFeatures = [ protocol = "ssh-ng";
"nixos-test" supportedFeatures = [
"kvm" "nixos-test"
"benchmark" "kvm"
"big-parllel" "benchmark"
]; "big-parllel"
}]; ];
}
];
# When using a builder, use its package store # When using a builder, use its package store
extraOptions = '' extraOptions = ''
builders-use-substitutes = true builders-use-substitutes = true
''; '';
}; };
} }

53
modules/base/programs.nix
View file

@ -1,29 +1,30 @@
# Set up program defaults # Set up program defaults
{ config, ... }: { { config, ... }:
# Set up base apps {
programs = { # Set up base apps
direnv.enable = true; programs = {
direnv.enable = true;
nano = { nano = {
enable = true; enable = true;
syntaxHighlight = true; syntaxHighlight = true;
nanorc = '' nanorc = ''
set linenumbers set linenumbers
set tabsize 4 set tabsize 4
set softwrap set softwrap
''; '';
}; };
nh = { nh = {
enable = true; enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration"; flake = "${config.users.users.aires.home}/Development/nix-configuration";
# Alternative garbage collection system to nix.gc.automatic # Alternative garbage collection system to nix.gc.automatic
clean = { clean = {
enable = true; enable = true;
dates = "daily"; dates = "daily";
extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries
}; };
}; };
}; };
} }

10
modules/base/shell.nix
View file

@ -1,10 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Install ZSH for all users # Install ZSH for all users
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
# Show a neat system statistics screen when opening a terminal # Show a neat system statistics screen when opening a terminal
environment.systemPackages = with pkgs; [ fastfetch ]; environment.systemPackages = with pkgs; [ fastfetch ];
} }

93
modules/base/system.nix
View file

@ -1,54 +1,55 @@
# System options # System options
{ pkgs, config, ... }: { { pkgs, config, ... }:
# Set up the environment {
environment = { # Set up the environment
# Install base packages environment = {
systemPackages = with pkgs; [ # Install base packages
bash systemPackages = with pkgs; [
dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113 bash
direnv dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113
git direnv
home-manager git
nano home-manager
p7zip nano
fastfetch p7zip
nh # Nix Helper: https://github.com/viperML/nh fastfetch
]; nh # Nix Helper: https://github.com/viperML/nh
];
variables = { variables = {
EDITOR = "nano"; # Set default editor to nano EDITOR = "nano"; # Set default editor to nano
}; };
}; };
# Configure automatic updates # Configure automatic updates
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration"; flake = "${config.users.users.aires.home}/Development/nix-configuration";
dates = "daily"; dates = "daily";
allowReboot = false; allowReboot = false;
operation = "boot"; # Don't switch, just create a boot entry operation = "boot"; # Don't switch, just create a boot entry
}; };
# Enable fwupd (firmware updater) # Enable fwupd (firmware updater)
services.fwupd.enable = true; services.fwupd.enable = true;
# Set your time zone. # Set your time zone.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
# Select internationalisation properties. # Select internationalisation properties.
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
}; };
} }

20
modules/roles/default.nix
View file

@ -1,13 +1,13 @@
{lib, ...}: { lib, ... }:
with lib; with lib;
{ {
options = { options = {
host.role = mkOption { host.role = mkOption {
type = types.enum [ type = types.enum [
"server" "server"
"workstation" "workstation"
]; ];
}; };
}; };
} }

32
modules/roles/server.nix
View file

@ -1,16 +1,22 @@
{ config, lib, modulesPath, pkgs, ... }:
let
inherit (config.host) role;
in
with lib;
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "server") { config = mkIf (role == "server") {
host.apps.tmux.enable = true; host.apps.tmux.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
htop htop
mdadm mdadm
]; ];
}; };
} }

58
modules/roles/workstation.nix
View file

@ -1,31 +1,35 @@
{ config, lib, modulesPath, pkgs, ... }:
let
inherit (config.host) role;
in
with lib;
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "workstation") { config = mkIf (role == "workstation") {
host.ui = { host.ui = {
audio.enable = true; audio.enable = true;
bluetooth.enable = true; bluetooth.enable = true;
gnome.enable = true; gnome.enable = true;
flatpak.enable = true; flatpak.enable = true;
}; };
boot = { boot = {
# Enable Plymouth # Enable Plymouth
plymouth.enable = true; plymouth.enable = true;
plymouth.theme = "bgrt"; plymouth.theme = "bgrt";
# Increase minimum log level. This removes ACPI errors from the boot screen. # Increase minimum log level. This removes ACPI errors from the boot screen.
consoleLogLevel = 1; consoleLogLevel = 1;
# Add kernel parameters # Add kernel parameters
kernelParams = [ kernelParams = [ "quiet" ];
"quiet" };
]; };
}; }
};
}

29
modules/services/apcupsd.nix
View file

@ -1,17 +1,22 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.services.apcupsd; cfg = config.host.services.apcupsd;
in in
with lib; with lib;
{ {
options = { options = {
host.services.apcupsd.enable = mkEnableOption (mdDoc "Enables apcupsd"); host.services.apcupsd.enable = mkEnableOption (mdDoc "Enables apcupsd");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.apcupsd = { services.apcupsd = {
enable = true; enable = true;
configText = builtins.readFile ./etc/apcupsd.conf; configText = builtins.readFile ./etc/apcupsd.conf;
}; };
}; };
} }

15
modules/services/btrfs.nix
View file

@ -1,9 +1,10 @@
# Services to run on BTRFS filesystems. # Services to run on BTRFS filesystems.
# Only run if the root partition is BTRFS. # Only run if the root partition is BTRFS.
{ config, lib, ... }: { { config, lib, ... }:
services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { {
enable = true; services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
interval = "weekly"; enable = true;
fileSystems = [ "/" ]; interval = "weekly";
}; fileSystems = [ "/" ];
} };
}

90
modules/services/duplicacy-web.nix
View file

@ -1,52 +1,58 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.host.services.duplicacy-web; cfg = config.host.services.duplicacy-web;
duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; }; duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; };
in in
with lib; with lib;
rec { rec {
options = { options = {
host.services.duplicacy-web = { host.services.duplicacy-web = {
enable = mkEnableOption (mdDoc "Enables duplicacy-web"); enable = mkEnableOption (mdDoc "Enables duplicacy-web");
autostart = mkOption { autostart = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
description = "Whether to auto-start duplicacy-web on boot"; description = "Whether to auto-start duplicacy-web on boot";
}; };
environment = mkOption { environment = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
description = "Environment where duplicacy-web stores its config files"; description = "Environment where duplicacy-web stores its config files";
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ environment.systemPackages = [ duplicacy-web ];
duplicacy-web
];
networking.firewall.allowedTCPPorts = [ 3875 ]; networking.firewall.allowedTCPPorts = [ 3875 ];
# Install systemd service. # Install systemd service.
systemd.services."duplicacy-web" = { systemd.services."duplicacy-web" = {
enable = true; enable = true;
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "syslog.target" "network-online.target" ]; after = [
description = "Start the Duplicacy backup service and web UI"; "syslog.target"
serviceConfig = { "network-online.target"
Type = "simple"; ];
ExecStart = ''${duplicacy-web}/duplicacy-web''; description = "Start the Duplicacy backup service and web UI";
Restart = "on-failure"; serviceConfig = {
RestartSrc = 10; Type = "simple";
KillMode = "process"; ExecStart = ''${duplicacy-web}/duplicacy-web'';
}; Restart = "on-failure";
environment = { RestartSrc = 10;
HOME = cfg.environment; KillMode = "process";
}; };
} // optionalAttrs cfg.autostart { wantedBy = ["multi-user.target"]; }; # Start at boot if autostart is enabled. environment = {
}; HOME = cfg.environment;
};
} // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
};
} }

101
modules/services/k3s.nix
View file

@ -1,57 +1,60 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.host.services.k3s; cfg = config.host.services.k3s;
in in
with lib; with lib;
{ {
options = { options = {
host.services.k3s = { host.services.k3s = {
enable = mkEnableOption (mdDoc "Enables K3s"); enable = mkEnableOption (mdDoc "Enables K3s");
role = mkOption { role = mkOption {
default = "server"; default = "server";
type = types.enum [ type = types.enum [
"agent" "agent"
"server" "server"
]; ];
description = "Which K3s role to use"; description = "Which K3s role to use";
}; };
serverAddr = mkOption { serverAddr = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
description = "If an agent, this is the address of the server."; description = "If an agent, this is the address of the server.";
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Add packages for developing with K3s. # Add packages for developing with K3s.
# For details, see https://nixos.wiki/wiki/K3s # For details, see https://nixos.wiki/wiki/K3s
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ k3s ];
k3s
];
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking # 8472 # k3s, flannel: required if using multi-node for inter-node networking
]; ];
}; };
services.k3s = { services.k3s = {
enable = true; enable = true;
inherit (cfg) role; inherit (cfg) role;
extraFlags = toString [ extraFlags = toString [
# "--kubelet-arg=v=4" # Optionally add additional args to k3s # "--kubelet-arg=v=4" # Optionally add additional args to k3s
]; ];
} // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; }; } // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; };
# Increase number of open file handlers so K3s doesn't exhaust them...again. # Increase number of open file handlers so K3s doesn't exhaust them...again.
systemd.extraConfig = '' systemd.extraConfig = ''
DefaultLimitNOFILE=8192:1048576 DefaultLimitNOFILE=8192:1048576
''; '';
}; };
} }

22
modules/services/msmtp.nix
View file

@ -2,18 +2,18 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.host.services.msmtp; cfg = config.host.services.msmtp;
in in
with lib; with lib;
{ {
options = { options = {
host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server"); host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.msmtp = { programs.msmtp = {
enable = true; enable = true;
# Authentication details set in nix-secrets # Authentication details set in nix-secrets
}; };
}; };
} }

12
modules/services/smartd.nix
View file

@ -1,8 +1,8 @@
# Configure SMART monitoring # Configure SMART monitoring
_: { _: {
services.smartd = { services.smartd = {
enable = true; enable = true;
autodetect = true; autodetect = true;
notifications.wall.enable = true; notifications.wall.enable = true;
}; };
} }

28
modules/services/systemd.nix
View file

@ -1,17 +1,17 @@
# Configure systemD # Configure systemD
_: { _: {
services = { services = {
# Allow systemd user services to keep running after the user has logged out # Allow systemd user services to keep running after the user has logged out
logind.killUserProcesses = false; logind.killUserProcesses = false;
}; };
# Reduce systemd logout time to 30s # Reduce systemd logout time to 30s
environment.etc = { environment.etc = {
"systemd/system.conf.d/10-reduce-logout-wait-time.conf" = { "systemd/system.conf.d/10-reduce-logout-wait-time.conf" = {
text = '' text = ''
[Manager] [Manager]
DefaultTimeoutStopSec=30s DefaultTimeoutStopSec=30s
''; '';
}; };
}; };
} }

81
modules/ui/audio.nix
View file

@ -1,48 +1,53 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
cfg = config.host.ui.audio; cfg = config.host.ui.audio;
in in
with lib; with lib;
{ {
options = { options = {
host.ui.audio = { host.ui.audio = {
enable = mkEnableOption (mdDoc "Enables audio"); enable = mkEnableOption (mdDoc "Enables audio");
enableLowLatency = mkEnableOption (mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup "); enableLowLatency = mkEnableOption (
}; mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup "
}; );
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true; sound.enable = true;
security.rtkit.enable = true; security.rtkit.enable = true;
hardware.pulseaudio = { hardware.pulseaudio = {
enable = false; enable = false;
package = pkgs.pulseaudioFull; # Enable extra audio codecs package = pkgs.pulseaudioFull; # Enable extra audio codecs
}; };
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
# Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup # Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup
extraConfig.pipewire = mkIf cfg.enableLowLatency { extraConfig.pipewire = mkIf cfg.enableLowLatency {
"92-low-latency.conf" = { "92-low-latency.conf" = {
"context.properties" = { "context.properties" = {
"default.clock.rate" = 48000; "default.clock.rate" = 48000;
"default.clock.quantum" = 32; "default.clock.quantum" = 32;
"default.clock.min-quantum" = 32; "default.clock.min-quantum" = 32;
"default.clock.max-quantum" = 32; "default.clock.max-quantum" = 32;
}; };
}; };
}; };
}; };
services.flatpak.packages = mkIf config.host.ui.flatpak.enable [ services.flatpak.packages = mkIf config.host.ui.flatpak.enable [ "com.github.wwmm.easyeffects" ];
"com.github.wwmm.easyeffects" };
];
};
} }

135
modules/ui/flatpak.nix
View file

@ -1,73 +1,88 @@
{ nix-flatpak, pkgs, config, lib, ... }: {
nix-flatpak,
pkgs,
config,
lib,
...
}:
# Flatpak support and options # Flatpak support and options
let let
cfg = config.host.ui.flatpak; cfg = config.host.ui.flatpak;
in in
with lib; with lib;
{ {
options = { options = {
host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak"); host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Enable Flatpak # Enable Flatpak
services.flatpak = { services.flatpak = {
enable = true; enable = true;
# Manage all Flatpak packages and remotes # Manage all Flatpak packages and remotes
uninstallUnmanaged = true; uninstallUnmanaged = true;
# Enable daily automatic updates # Enable daily automatic updates
update.auto = { update.auto = {
enable = true; enable = true;
onCalendar = "daily"; onCalendar = "daily";
}; };
# Add remote(s) # Add remote(s)
remotes = [ remotes = [
{ name = "flathub"; location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; } {
]; name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
# Install Flatpaks. For details, see https://github.com/gmodena/nix-flatpak # Install Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
packages = [ packages = [
"com.github.tchx84.Flatseal" "com.github.tchx84.Flatseal"
"md.obsidian.Obsidian" "md.obsidian.Obsidian"
"net.waterfox.waterfox" "net.waterfox.waterfox"
"org.keepassxc.KeePassXC" "org.keepassxc.KeePassXC"
"org.mozilla.firefox" "org.mozilla.firefox"
]; ];
}; };
# Workaround for getting Flatpak apps to use system fonts, icons, and cursors # Workaround for getting Flatpak apps to use system fonts, icons, and cursors
# For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263 # For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263
# NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache: # NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache:
# flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v # flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v
system.fsPackages = [ pkgs.bindfs ]; system.fsPackages = [ pkgs.bindfs ];
fileSystems = let fileSystems =
mkRoSymBind = path: { let
device = path; mkRoSymBind = path: {
fsType = "fuse.bindfs"; device = path;
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ]; fsType = "fuse.bindfs";
}; options = [
aggregatedIcons = pkgs.buildEnv { "ro"
name = "system-icons"; "resolve-symlinks"
paths = with pkgs; [ "x-gvfs-hide"
#libsForQt5.breeze-qt5 # for plasma ];
gnome.gnome-themes-extra };
papirus-icon-theme aggregatedIcons = pkgs.buildEnv {
qogir-icon-theme name = "system-icons";
]; paths = with pkgs; [
pathsToLink = [ "/share/icons" ]; #libsForQt5.breeze-qt5 # for plasma
}; gnome.gnome-themes-extra
aggregatedFonts = pkgs.buildEnv { papirus-icon-theme
name = "system-fonts"; qogir-icon-theme
paths = config.fonts.packages; ];
pathsToLink = [ "/share/fonts" ]; pathsToLink = [ "/share/icons" ];
}; };
in { aggregatedFonts = pkgs.buildEnv {
"/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons"; name = "system-fonts";
"/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts"; paths = config.fonts.packages;
}; pathsToLink = [ "/share/fonts" ];
}; };
in
{
"/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
"/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
};
};
} }

237
modules/ui/gnome.nix
View file

@ -1,134 +1,139 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
# UI and desktop-related options # UI and desktop-related options
let let
cfg = config.host.ui.gnome; cfg = config.host.ui.gnome;
in in
with lib; with lib;
{ {
options = { options = {
host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome"); host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
host.ui = { host.ui = {
audio.enable = true; audio.enable = true;
flatpak.enable = true; flatpak.enable = true;
}; };
services = {
# Configure the xserver
xserver = {
# Enable the X11 windowing system.
enable = true;
# Configure keymap in X11 services = {
xkb = { # Configure the xserver
layout = "us"; xserver = {
variant = ""; # Enable the X11 windowing system.
}; enable = true;
# Enable Gnome # Configure keymap in X11
desktopManager.gnome.enable = true; xkb = {
displayManager = { layout = "us";
gdm.enable = true; variant = "";
}; };
# Remove default packages that came with the install # Enable Gnome
excludePackages = with pkgs; [ desktopManager.gnome.enable = true;
xterm displayManager = {
]; gdm.enable = true;
}; };
# Install Flatpaks # Remove default packages that came with the install
flatpak.packages = [ excludePackages = with pkgs; [ xterm ];
"com.mattjakeman.ExtensionManager" };
"dev.geopjr.Tuba"
"org.bluesabre.MenuLibre"
"org.gnome.baobab"
"org.gnome.Calculator"
"org.gnome.Characters"
"org.gnome.Calendar"
"org.gnome.Evince"
"org.gnome.Evolution"
"org.gnome.FileRoller"
"org.gnome.Firmware"
"org.gnome.gitg"
"org.gnome.Loupe" # Gnome's fancy new image viewer
"org.gnome.Music"
"org.gnome.seahorse.Application"
"org.gnome.TextEditor"
"org.gnome.World.Secrets"
"org.gtk.Gtk3theme.Adwaita-dark"
];
# Disable CUPS - not needed # Install Flatpaks
printing.enable = false; flatpak.packages = [
}; "com.mattjakeman.ExtensionManager"
"dev.geopjr.Tuba"
environment = { "org.bluesabre.MenuLibre"
# Remove default Gnome packages that came with the install, then install the ones I actually use "org.gnome.baobab"
gnome.excludePackages = (with pkgs; [ "org.gnome.Calculator"
gnome-photos "org.gnome.Characters"
gnome-tour "org.gnome.Calendar"
gnomeExtensions.extension-list "org.gnome.Evince"
gedit # text editor "org.gnome.Evolution"
]) ++ (with pkgs.gnome; [ "org.gnome.FileRoller"
cheese # webcam tool "org.gnome.Firmware"
gnome-music "org.gnome.gitg"
gnome-calendar "org.gnome.Loupe" # Gnome's fancy new image viewer
epiphany # web browser "org.gnome.Music"
geary # email reader "org.gnome.seahorse.Application"
evince # document viewer "org.gnome.TextEditor"
gnome-characters "org.gnome.World.Secrets"
gnome-software "org.gtk.Gtk3theme.Adwaita-dark"
totem # video player ];
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
# Install additional Gnome packages # Disable CUPS - not needed
systemPackages = with pkgs; [ printing.enable = false;
# Gnome tweak tools };
gnome.gnome-tweaks
# Gnome extensions
# FIXME: Disable temporarily due to broken version in Nixpkgs
#gnomeExtensions.appindicator
#gnomeExtensions.dash-to-panel
#gnomeExtensions.forge
# Themeing
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
};
# Manage fonts environment = {
fonts = { # Remove default Gnome packages that came with the install, then install the ones I actually use
# Install extra fonts gnome.excludePackages =
packages = with pkgs; [ (with pkgs; [
noto-fonts gnome-photos
noto-fonts-cjk gnome-tour
noto-fonts-emoji gnomeExtensions.extension-list
liberation_ttf gedit # text editor
fira-code ])
fira-code-symbols ++ (with pkgs.gnome; [
fira cheese # webcam tool
roboto-slab gnome-music
]; gnome-calendar
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
gnome-software
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
# Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts # Install additional Gnome packages
fontDir.enable = true; systemPackages = with pkgs; [
}; # Gnome tweak tools
gnome.gnome-tweaks
# Gnome extensions
# FIXME: Disable temporarily due to broken version in Nixpkgs
#gnomeExtensions.appindicator
#gnomeExtensions.dash-to-panel
#gnomeExtensions.forge
# Themeing
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
};
# Gnome UI integration for KDE apps # Manage fonts
qt = { fonts = {
enable = true; # Install extra fonts
platformTheme = "gnome"; packages = with pkgs; [
style = "adwaita-dark"; noto-fonts
}; noto-fonts-cjk
}; noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
fira
roboto-slab
];
# Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
fontDir.enable = true;
};
# Gnome UI integration for KDE apps
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita-dark";
};
};
} }

239
modules/users/aires/default.nix
View file

@ -1,89 +1,98 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
# Define 'aires' # Define 'aires'
let let
cfg = config.host.users.aires; cfg = config.host.users.aires;
in in
with lib; with lib;
{ {
options = { options = {
host.users.aires = { host.users.aires = {
enable = mkEnableOption (mdDoc "Enables aires user account"); enable = mkEnableOption (mdDoc "Enables aires user account");
autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot"); autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot");
services.syncthing = { services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing"); enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application"); enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption { autostart = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
description = "Whether to auto-start Syncthing on boot"; description = "Whether to auto-start Syncthing on boot";
}; };
}; };
}; };
}; };
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
users.users.aires = { users.users.aires = {
isNormalUser = true; isNormalUser = true;
description = "Aires"; description = "Aires";
uid = 1000; uid = 1000;
extraGroups = [ "input" "networkmanager" "plugdev" "tss" "wheel" ]; # tss group has access to TPM devices extraGroups = [
"input"
"networkmanager"
"plugdev"
"tss"
"wheel"
]; # tss group has access to TPM devices
# Allow systemd services to run even while aires is logged out # Allow systemd services to run even while aires is logged out
linger = true; linger = true;
}; };
# Install aires-specific Flatpaks # Install aires-specific Flatpaks
services.flatpak.packages = mkIf config.services.flatpak.enable [ services.flatpak.packages = mkIf config.services.flatpak.enable [
"com.discordapp.Discord" "com.discordapp.Discord"
"org.telegram.desktop" "org.telegram.desktop"
]; ];
# Configure home-manager # Configure home-manager
home-manager.users.aires = { home-manager.users.aires = {
imports = [ imports = [
../common/home-manager/gnome.nix ../common/home-manager/gnome.nix
../common/home-manager/zsh.nix ../common/home-manager/zsh.nix
]; ];
home = { home = {
# The state version is required and should stay at the version you originally installed. # The state version is required and should stay at the version you originally installed.
stateVersion = "24.05"; stateVersion = "24.05";
# Basic setup # Basic setup
username = "aires"; username = "aires";
homeDirectory = "/home/aires"; homeDirectory = "/home/aires";
# Install extra packages, specifically gnome extensions # Install extra packages, specifically gnome extensions
packages = lib.mkIf config.host.ui.gnome.enable [ packages = lib.mkIf config.host.ui.gnome.enable [ pkgs.gnomeExtensions.wallpaper-slideshow ];
pkgs.gnomeExtensions.wallpaper-slideshow
];
# Set environment variables # Set environment variables
sessionVariables = { sessionVariables = {
KUBECONFIG = "/home/aires/.kube/config"; KUBECONFIG = "/home/aires/.kube/config";
}; };
}; };
programs = { programs = {
# Let home Manager install and manage itself. # Let home Manager install and manage itself.
home-manager.enable = true; home-manager.enable = true;
# Set up git # Set up git
git = { git = {
enable = true; enable = true;
# Username and email set in nix-secrets # Username and email set in nix-secrets
extraConfig = { extraConfig = {
push.autoSetupRemote = "true"; push.autoSetupRemote = "true";
}; };
}; };
# Set up Zsh # Set up Zsh
zsh = { zsh = {
oh-my-zsh = { oh-my-zsh = {
theme = "gentoo"; theme = "gentoo";
}; };
shellAliases = { shellAliases = {
update = "upgrade"; update = "upgrade";
@ -95,61 +104,59 @@ with lib;
}; };
}; };
# SSH set up in nix-secrets # SSH set up in nix-secrets
# Gnome settings specific to aires on Shura # Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") { dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
# Increase font scaling; # Increase font scaling;
text-scaling-factor = 1.3; text-scaling-factor = 1.3;
# Dark mode # Dark mode
color-scheme = "prefer-dark"; color-scheme = "prefer-dark";
}; };
}; };
}; };
} }
# Autologin aires # Autologin aires
(mkIf cfg.autologin { (mkIf cfg.autologin {
services.displayManager.autoLogin = { services.displayManager.autoLogin = {
enable = true; enable = true;
user = "aires"; user = "aires";
}; };
systemd.services = { systemd.services = {
"getty@tty1".enable = false; "getty@tty1".enable = false;
"autovt@tty1".enable = false; "autovt@tty1".enable = false;
}; };
}) })
# Enable Syncthing # Enable Syncthing
(mkIf cfg.services.syncthing.enable { (mkIf cfg.services.syncthing.enable {
users.users.aires.packages = [ users.users.aires.packages = [
pkgs.syncthing pkgs.syncthing
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray) (mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
]; ];
# Open port 8080 # Open port 8080
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [ 8080 ];
8080
];
home-manager.users.aires = { home-manager.users.aires = {
# Syncthing options # Syncthing options
services.syncthing = { services.syncthing = {
enable = true; enable = true;
extraOptions = [ extraOptions = [
"--gui-address=0.0.0.0:8080" "--gui-address=0.0.0.0:8080"
"--home=${config.users.users.aires.home}/.config/syncthing" "--home=${config.users.users.aires.home}/.config/syncthing"
"--no-default-folder" "--no-default-folder"
]; ];
}; };
# Override the default Syncthing settings so it doesn't start on boot # Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) { systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce {}; Install = lib.mkForce { };
}; };
}; };
}) })
]); ]);
} }

252
modules/users/common/home-manager/gnome.nix
View file

@ -1,134 +1,140 @@
{ lib, pkgs, osConfig, ... }: { {
# Additional Gnome configurations via home-manager. lib,
dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable { pkgs,
"org/gnome/mutter" = { osConfig,
edge-tiling = true; ...
workspaces-only-on-primary = false; }:
experimental-features = [ {
"scale-monitor-framebuffer" # Fractional scaling # Additional Gnome configurations via home-manager.
"variable-refresh-rate" dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable {
]; "org/gnome/mutter" = {
}; edge-tiling = true;
workspaces-only-on-primary = false;
experimental-features = [
"scale-monitor-framebuffer" # Fractional scaling
"variable-refresh-rate"
];
};
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
# Configure fonts # Configure fonts
font-name = "Fira Sans Semi-Light 11"; font-name = "Fira Sans Semi-Light 11";
document-font-name = "Roboto Slab 11"; document-font-name = "Roboto Slab 11";
monospace-font-name = "Liberation Mono 11"; monospace-font-name = "Liberation Mono 11";
titlebar-font = "Fira Sans Semi-Bold 11"; titlebar-font = "Fira Sans Semi-Bold 11";
# Configure hinting # Configure hinting
font-hinting = "slight"; font-hinting = "slight";
font-antialiasing = "rgba"; font-antialiasing = "rgba";
# Configure workspace # Configure workspace
enable-hot-corners = true; enable-hot-corners = true;
# Set icon theme # Set icon theme
icon-theme = "Papirus-Dark"; icon-theme = "Papirus-Dark";
# Set legacy application theme # Set legacy application theme
gtk-theme = "Adwaita-dark"; gtk-theme = "Adwaita-dark";
}; };
# Configure touchpad scroll & tap behavior # Configure touchpad scroll & tap behavior
"org/gnome/desktop/peripherals/touchpad" = { "org/gnome/desktop/peripherals/touchpad" = {
disable-while-typing = true; disable-while-typing = true;
click-method = "fingers"; click-method = "fingers";
tap-to-click = true; tap-to-click = true;
natural-scroll = true; natural-scroll = true;
two-finger-scrolling-enabled = true; two-finger-scrolling-enabled = true;
}; };
# Tweak window management # Tweak window management
"org/gnome/desktop/wm/preferences" = { "org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:minimize,maximize,close"; button-layout = "appmenu:minimize,maximize,close";
resize-with-right-button = true; resize-with-right-button = true;
focus-mode = "click"; focus-mode = "click";
}; };
# Make alt-tab switch windows, not applications # Make alt-tab switch windows, not applications
"org/gnome/desktop/wm/keybindings" = { "org/gnome/desktop/wm/keybindings" = {
switch-tab = []; switch-tab = [ ];
switch-windows = [ "<Alt>Tab" ]; switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ]; switch-windows-backward = [ "<Shift><Alt>Tab" ];
}; };
"org/gnome/shell" = { "org/gnome/shell" = {
disable-user-extensions = false; disable-user-extensions = false;
}; };
/* /*
FIXME: Still needs work FIXME: Still needs work
"org/gnome/shell/extensions/dash-to-panel" = { "org/gnome/shell/extensions/dash-to-panel" = {
animate-appicon-hover = false; animate-appicon-hover = false;
animate-appicon-hover-animation-extent = { animate-appicon-hover-animation-extent = {
RIPPLE = 4; RIPPLE = 4;
PLANK = 4; PLANK = 4;
SIMPLE = 1; SIMPLE = 1;
}; };
appicon-margin = 8; appicon-margin = 8;
appicon-padding = 8; appicon-padding = 8;
available-monitors= [0]; available-monitors= [0];
dot-position = "BOTTOM"; dot-position = "BOTTOM";
hotkeys-overlay-combo= "TEMPORARILY"; hotkeys-overlay-combo= "TEMPORARILY";
leftbox-padding = -1; leftbox-padding = -1;
panel-anchors = {"0" = "MIDDLE"; }; panel-anchors = {"0" = "MIDDLE"; };
panel-element-positions={ panel-element-positions={
"0" = [{ "0" = [{
"element" = "dateMenu"; "element" = "dateMenu";
"visible" = true; "visible" = true;
"position" = "stackedTL"; "position" = "stackedTL";
} }
{ {
"element" = "activitiesButton"; "element" = "activitiesButton";
"visible" = true; "visible" = true;
"position" = "stackedTL"; "position" = "stackedTL";
} }
{ {
"element" = "showAppsButton"; "element" = "showAppsButton";
"visible" = true; "visible" = true;
"position" = "centerMonitor"; "position" = "centerMonitor";
} }
{ {
"element" = "leftBox"; "element" = "leftBox";
"visible" = false; "visible" = false;
"position" = "stackedTL"; "position" = "stackedTL";
} }
{ {
"element" = "taskbar"; "element" = "taskbar";
"visible" = true; "visible" = true;
"position" = "centerMonitor"; "position" = "centerMonitor";
} }
{ {
"element" = "centerBox"; "element" = "centerBox";
"visible" = false; "visible" = false;
"position" = "stackedBR"; "position" = "stackedBR";
} }
{ {
"element" = "rightBox"; "element" = "rightBox";
"visible" = false; "visible" = false;
"position" = "stackedBR"; "position" = "stackedBR";
} }
{ {
"element" = "systemMenu"; "element" = "systemMenu";
"visible" = true; "visible" = true;
"position"= "stackedBR"; "position"= "stackedBR";
} }
{ {
"element" = "desktopButton"; "element" = "desktopButton";
"visible" = false; "visible" = false;
"position" = "stackedBR"; "position" = "stackedBR";
}]; }];
}; };
panel-lengths = { "0" = 100; }; panel-lengths = { "0" = 100; };
panel-positions = { "0" = "TOP"; }; panel-positions = { "0" = "TOP"; };
panel-sizes = { "0" = 64; }; panel-sizes = { "0" = 64; };
primary-monitor = 0; primary-monitor = 0;
status-icon-padding = -1; status-icon-padding = -1;
tray-padding = -1; tray-padding = -1;
window-preview-title-position = "TOP"; window-preview-title-position = "TOP";
}; };
*/ */
}; };
} }

57
modules/users/common/home-manager/zsh.nix
View file

@ -1,30 +1,29 @@
# Additional ZSH settings via Home Manager # Additional ZSH settings via Home Manager
{ pkgs, ... }: { { pkgs, ... }:
programs.zsh = { {
enable = true; programs.zsh = {
autosuggestion.enable = true; enable = true;
syntaxHighlighting.enable = true; autosuggestion.enable = true;
history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event. syntaxHighlighting.enable = true;
prezto = { history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked. prezto = {
}; git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
plugins = [ };
{ plugins = [
name = "zsh-nix-shell"; {
file = "nix-shell.plugin.zsh"; name = "zsh-nix-shell";
src = pkgs.fetchFromGitHub { file = "nix-shell.plugin.zsh";
owner = "chisui"; src = pkgs.fetchFromGitHub {
repo = "zsh-nix-shell"; owner = "chisui";
rev = "v0.8.0"; repo = "zsh-nix-shell";
sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7"; rev = "v0.8.0";
}; sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
} };
]; }
oh-my-zsh = { ];
enable = true; oh-my-zsh = {
plugins = [ enable = true;
"git" plugins = [ "git" ];
]; };
}; };
}; }
}

224
modules/users/gremlin/default.nix
View file

@ -1,126 +1,140 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
# Define 'gremlin' user # Define 'gremlin' user
let let
cfg = config.host.users.gremlin; cfg = config.host.users.gremlin;
in in
with lib; with lib;
{ {
options = { options = {
host.users.gremlin = { host.users.gremlin = {
enable = mkEnableOption (mdDoc "Enables gremlin user account"); enable = mkEnableOption (mdDoc "Enables gremlin user account");
services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start Syncthing on boot";
};
};
};
};
config = mkMerge [ services.syncthing = {
(mkIf cfg.enable { enable = mkEnableOption (mdDoc "Enables Syncthing");
# Add Gremlin account enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
users.users.gremlin = { autostart = mkOption {
isNormalUser = true; default = true;
description = "Gremlin"; type = types.bool;
uid = 1001; description = "Whether to auto-start Syncthing on boot";
extraGroups = [ "networkmanager" "input" ]; };
};
};
};
# Allow systemd services to keep running even while gremlin is logged out config = mkMerge [
linger = true; (mkIf cfg.enable {
}; # Add Gremlin account
users.users.gremlin = {
isNormalUser = true;
description = "Gremlin";
uid = 1001;
extraGroups = [
"networkmanager"
"input"
];
# Install gremlin-specific flatpaks # Allow systemd services to keep running even while gremlin is logged out
services.flatpak.packages = lib.mkIf config.services.flatpak.enable [ linger = true;
"com.google.Chrome" };
"com.slack.Slack"
];
home-manager.users.gremlin = { # Install gremlin-specific flatpaks
imports = [ services.flatpak.packages = lib.mkIf config.services.flatpak.enable [
../common/home-manager/gnome.nix "com.google.Chrome"
../common/home-manager/zsh.nix "com.slack.Slack"
]; ];
home = { home-manager.users.gremlin = {
# Basic setup imports = [
username = "gremlin"; ../common/home-manager/gnome.nix
homeDirectory = "/home/gremlin"; ../common/home-manager/zsh.nix
];
# The state version is required and should stay at the version you originally installed. home = {
stateVersion = "24.05"; # Basic setup
username = "gremlin";
homeDirectory = "/home/gremlin";
# Set environment variables # The state version is required and should stay at the version you originally installed.
sessionVariables = { stateVersion = "24.05";
KUBECONFIG = "/home/gremlin/.kube/config";
};
# Install packages specific to Gremlin
packages = [
pkgs.awscli2
];
};
programs = { # Set environment variables
# Let home Manager install and manage itself. sessionVariables = {
home-manager.enable = true; KUBECONFIG = "/home/gremlin/.kube/config";
};
# Set up git # Install packages specific to Gremlin
git = { packages = [ pkgs.awscli2 ];
# Name and email set in nix-secrets };
enable = true;
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Set up Zsh programs = {
zsh = { # Let home Manager install and manage itself.
# Install and source the p10k theme home-manager.enable = true;
plugins = [
{ name = "powerlevel10k"; src = pkgs.zsh-powerlevel10k; file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; }
{ name = "powerlevel10k-config"; src = ./p10k-config; file = "p10k.zsh"; }
];
shellAliases = {
please = "sudo";
};
};
};
# SSH entries set in nix-secrets # Set up git
}; git = {
}) # Name and email set in nix-secrets
enable = true;
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Enable Syncthing # Set up Zsh
(mkIf cfg.services.syncthing.enable { zsh = {
users.users.gremlin = { # Install and source the p10k theme
packages = [ plugins = [
pkgs.syncthing {
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray) name = "powerlevel10k";
]; src = pkgs.zsh-powerlevel10k;
}; file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "powerlevel10k-config";
src = ./p10k-config;
file = "p10k.zsh";
}
];
shellAliases = {
please = "sudo";
};
};
};
home-manager.users.gremlin = { # SSH entries set in nix-secrets
# Syncthing options };
services.syncthing = { })
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8081"
"--home=${config.users.users.gremlin.home}/.config/syncthing"
"--no-default-folder"
];
};
# Override the default Syncthing settings so it doesn't start on boot # Enable Syncthing
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) { (mkIf cfg.services.syncthing.enable {
Install = lib.mkForce {}; users.users.gremlin = {
}; packages = [
}; pkgs.syncthing
}) (mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
]; ];
};
home-manager.users.gremlin = {
# Syncthing options
services.syncthing = {
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8081"
"--home=${config.users.users.gremlin.home}/.config/syncthing"
"--no-default-folder"
];
};
# Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce { };
};
};
})
];
} }

45
modules/users/media/default.nix
View file

@ -1,29 +1,34 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
# Define user for managing media on Haven # Define user for managing media on Haven
let let
cfg = config.host.users.media; cfg = config.host.users.media;
in in
with lib; with lib;
{ {
options = { options = {
host.users.media = { host.users.media = {
enable = mkEnableOption (mdDoc "Enables media user account"); enable = mkEnableOption (mdDoc "Enables media user account");
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.groups."media" = { users.groups."media" = {
gid = 1001; gid = 1001;
}; };
users.users.media = { users.users.media = {
isNormalUser = false; isNormalUser = false;
isSystemUser = true; isSystemUser = true;
description = "Media manager"; description = "Media manager";
uid = 1001; uid = 1001;
group = "media"; group = "media";
}; };
}; };
} }

2
nix-secrets

@ -1 +1 @@
Subproject commit b08463a68a07f237232a5951b9e0e58071b9f479 Subproject commit d7db8c62406e2389138e8aaaeb6e9e94494ae1ae

36
packages/duplicacy-web.nix
View file

@ -1,27 +1,27 @@
{ pkgs, lib }: { pkgs, lib }:
pkgs.stdenv.mkDerivation rec { pkgs.stdenv.mkDerivation rec {
pname = "duplicacy-web"; pname = "duplicacy-web";
version = "1.8.0"; version = "1.8.0";
src = builtins.fetchurl { src = builtins.fetchurl {
url = "https://acrosync.com/duplicacy-web/duplicacy_web_linux_x64_${version}"; url = "https://acrosync.com/duplicacy-web/duplicacy_web_linux_x64_${version}";
sha256 = "f0b4d4c16781a6ccb137f161df9de86574e7a55660c582682c63062e26476c4a"; sha256 = "f0b4d4c16781a6ccb137f161df9de86574e7a55660c582682c63062e26476c4a";
}; };
doCheck = false; doCheck = false;
dontUnpack = true; dontUnpack = true;
installPhase = '' installPhase = ''
install -D $src $out/duplicacy-web install -D $src $out/duplicacy-web
chmod a+x $out/duplicacy-web chmod a+x $out/duplicacy-web
''; '';
meta = with lib; { meta = with lib; {
homepage = "https://duplicacy.com"; homepage = "https://duplicacy.com";
description = "A new generation cloud backup tool"; description = "A new generation cloud backup tool";
platforms = platforms.linux; platforms = platforms.linux;
license = licenses.unfreeRedistributable; license = licenses.unfreeRedistributable;
}; };
} }