aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Standardize formatting using the Nix RFC style, even though it means using spaces 🤢

Browse source
This commit is contained in:
Aires 2024-05-07 18:02:59 -04:00
parent f0ddde868d
commit 0a412d6f26
50 changed files with 2049 additions and 1770 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

218
flake.nix
View file

@ -1,116 +1,132 @@
# Based on the Auxolotl template: https://github.com/auxolotl/templates
# For info on Flakes, see: https://nixos-and-flakes.thiscute.world/nixos-with-flakes/nixos-with-flakes-enabled
{
description = "Aires' system Flake";
inputs = {
# Track base packages against unstable
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
description = "Aires' system Flake";
# Replace Nix with Lix: https://lix.systems/
lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs = {
# Track base packages against unstable
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# SecureBoot support
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
# Replace Nix with Lix: https://lix.systems/
lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Flatpak support
nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1";
# SecureBoot support
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
# Hardware configurations
nixos-hardware.url = "github:NixOS/nixos-hardware";
# Flatpak support
nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1";
# Home-manager
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
};
# TODO: Add Disko - https://github.com/nix-community/disko
};
# Hardware configurations
nixos-hardware.url = "github:NixOS/nixos-hardware";
outputs = inputs@{ self, nixpkgs, lanzaboote, nix-flatpak, home-manager, nixos-hardware, lix-module, ... }:
let
forAllSystems = function:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system: function nixpkgs.legacyPackages.${system});
config.allowUnfree = true;
# Define shared modules and imports
defaultModules = {
base = [
{ _module.args = { inherit inputs; }; }
./hosts/default.nix
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager {
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
};
in {
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
nixosConfigurations = {
# Home-manager
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
};
Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga
];
};
# TODO: Add Disko - https://github.com/nix-community/disko
};
Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Haven
];
};
outputs =
inputs@{
self,
nixpkgs,
lanzaboote,
nix-flatpak,
home-manager,
nixos-hardware,
lix-module,
...
}:
let
forAllSystems =
function:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system: function nixpkgs.legacyPackages.${system});
config.allowUnfree = true;
Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-intel
./hosts/Khanda
];
};
# Define shared modules and imports
defaultModules = {
base = [
{
_module.args = {
inherit inputs;
};
}
./hosts/default.nix
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager
{
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
};
in
{
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
nixosConfigurations = {
Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole
];
};
Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga
];
};
Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura
];
};
};
};
}
Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Haven
];
};
Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-intel
./hosts/Khanda
];
};
Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole
];
};
Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura
];
};
};
};
}

71
hosts/Dimaga/default.nix
View file

@ -1,39 +1,40 @@
{ pkgs, ... }: {
imports = [ ./hardware-configuration.nix ];
{ pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
system.stateVersion = "24.05";
host = {
role = "workstation";
apps = {
development.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
host = {
role = "workstation";
apps = {
development.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
}

93
hosts/Dimaga/hardware-configuration.nix
View file

@ -1,49 +1,62 @@
# Surface Laptop Go 1st gen
{ config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ ];
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
};
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0C53-A645";
fsType = "vfat";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0C53-A645";
fsType = "vfat";
};
};
swapDevices = [{
device = "/swapfile";
size = 4096;
}];
swapDevices = [
{
device = "/swapfile";
size = 4096;
}
];
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
# Set the hostname.
hostName = "Dimaga";
};
# Set the hostname.
hostName = "Dimaga";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

120
hosts/Haven/default.nix
View file

@ -1,69 +1,73 @@
{ pkgs, home-manager, lib, config, ... }:
{
pkgs,
home-manager,
lib,
config,
...
}:
let
start-haven = pkgs.writeShellScriptBin "start-haven" (builtins.readFile ./start-haven.sh);
start-haven = pkgs.writeShellScriptBin "start-haven" (builtins.readFile ./start-haven.sh);
in
{
imports = [ ./hardware-configuration.nix ];
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false;
system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false;
host = {
role = "server";
apps.development.kubernetes.enable = true;
services = {
apcupsd.enable = true;
duplicacy-web = {
enable = true;
autostart = false;
environment = "${config.users.users.aires.home}";
};
k3s = {
enable = true;
role = "server";
};
msmtp.enable = true;
};
users = {
aires = {
enable = true;
services = {
syncthing = {
enable = true;
autostart = false;
};
};
};
media.enable = true;
};
};
host = {
role = "server";
apps.development.kubernetes.enable = true;
services = {
apcupsd.enable = true;
duplicacy-web = {
enable = true;
autostart = false;
environment = "${config.users.users.aires.home}";
};
k3s = {
enable = true;
role = "server";
};
msmtp.enable = true;
};
users = {
aires = {
enable = true;
services = {
syncthing = {
enable = true;
autostart = false;
};
};
};
media.enable = true;
};
};
# Enable SSH
services.openssh = {
enable = true;
ports = [ 33105 ];
# Enable SSH
services.openssh = {
enable = true;
ports = [ 33105 ];
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PubkeyAuthentication = true;
PermitRootLogin = "without-password";
};
};
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PubkeyAuthentication = true;
# Enable mdadm and Sapana (RAID 5 primary storage)
boot.swraid = {
enable = true;
# mdadmConf configured in nix-secrets
};
PermitRootLogin = "without-password";
};
};
# Open port for OpenVPN
networking.firewall.allowedUDPPorts = [ 1194 ];
# Enable mdadm and Sapana (RAID 5 primary storage)
boot.swraid = {
enable = true;
# mdadmConf configured in nix-secrets
};
# Add script for booting Haven
environment.systemPackages = [
start-haven
];
# Open port for OpenVPN
networking.firewall.allowedUDPPorts = [ 1194 ];
# Add script for booting Haven
environment.systemPackages = [ start-haven ];
}

102
hosts/Haven/hardware-configuration.nix
View file

@ -1,51 +1,67 @@
# Minisforum UM340
{ config, lib, pkgs, modulesPath, ... }: {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix") ];
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
boot = {
supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = {
supportedFilesystems = [ "btrfs" ];
availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "btrfs" ];
kernelModules = [ ];
};
};
initrd = {
supportedFilesystems = [ "btrfs" ];
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"btrfs"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0120-A755";
fsType = "vfat";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0120-A755";
fsType = "vfat";
};
};
swapDevices = [{
device = "/swap/swapfile";
size = 16384;
}];
swapDevices = [
{
device = "/swap/swapfile";
size = 16384;
}
];
networking = {
useDHCP = lib.mkDefault true;
hostName = "Haven";
};
networking = {
useDHCP = lib.mkDefault true;
hostName = "Haven";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

79
hosts/Khanda/default.nix
View file

@ -1,44 +1,45 @@
{ pkgs, lib, ... }: {
imports = [ ./hardware-configuration.nix ];
{ pkgs, lib, ... }:
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false;
system.stateVersion = "24.05";
system.autoUpgrade.enable = lib.mkForce false;
host = {
role = "workstation";
apps = {
development.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
social.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
host = {
role = "workstation";
apps = {
development.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
social.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
# Build remotely
nix.distributedBuilds = true;
# Build remotely
nix.distributedBuilds = true;
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
}

135
hosts/Khanda/hardware-configuration.nix
View file

@ -1,56 +1,103 @@
# Surface Pro 9
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "tpm_crb" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "surface_kbd" "pinctrl_tigerlake" ];
kernelModules = [ "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ];
boot = {
initrd = {
availableKernelModules = [
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"tpm_crb"
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
"surface_kbd"
"pinctrl_tigerlake"
];
kernelModules = [
"tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"surface_hid"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"surface_kbd"
"pinctrl_tigerlake"
];
luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = {
device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = {
device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
kernelModules = [ "kvm-intel" "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ];
extraModulePackages = [ ];
};
kernelModules = [
"kvm-intel"
"tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
"surface_hid_core"
"surface_hid"
"hid_multitouch"
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"surface_kbd"
"pinctrl_tigerlake"
];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/DD2A-9C83";
fsType = "vfat";
};
};
"/boot" = {
device = "/dev/disk/by-uuid/DD2A-9C83";
fsType = "vfat";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; }
];
swapDevices = [ { device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; } ];
networking = {
useDHCP = lib.mkDefault true;
hostName = "Khanda";
};
networking = {
useDHCP = lib.mkDefault true;
hostName = "Khanda";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Install/configure additional drivers, particularly for touch
environment.systemPackages = with pkgs; [
libwacom-surface
];
microsoft-surface = {
ipts.enable = true;
surface-control.enable = true;
};
# Install/configure additional drivers, particularly for touch
environment.systemPackages = with pkgs; [ libwacom-surface ];
microsoft-surface = {
ipts.enable = true;
surface-control.enable = true;
};
# FIXME: Use default kernel to avoid full kernel rebuilds
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# NOTE: Use a default kernel to skip full kernel rebuilds
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

57
hosts/Pihole/default.nix
View file

@ -1,36 +1,37 @@
{ pkgs, lib, ... }: {
imports = [ ./hardware-configuration.nix ];
{ pkgs, lib, ... }:
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
system.stateVersion = "24.05";
host = {
role = "server";
users.aires.enable = true;
boot.enable = false;
};
host = {
role = "server";
users.aires.enable = true;
boot.enable = false;
};
networking.hostName = "Pihole";
time.timeZone = "America/New_York";
networking.hostName = "Pihole";
time.timeZone = "America/New_York";
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypifw
raspberrypi-eeprom
linuxKernel.kernels.linux_rpi4
];
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypifw
raspberrypi-eeprom
linuxKernel.kernels.linux_rpi4
];
# Connect to the network automagically
networking.networkmanager.enable = lib.mkForce false;
# Connect to the network automagically
networking.networkmanager.enable = lib.mkForce false;
# Enable SSH
services.openssh = {
enable = true;
ports = [ 33105 ];
# Enable SSH
services.openssh = {
enable = true;
ports = [ 33105 ];
settings = {
PasswordAuthentication = true;
AllowUsers = ["aires"];
PermitRootLogin = "no";
};
};
settings = {
PasswordAuthentication = true;
AllowUsers = [ "aires" ];
PermitRootLogin = "no";
};
};
}

67
hosts/Pihole/hardware-configuration.nix
View file

@ -1,42 +1,49 @@
# Raspberry Pi 4B
# See https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4
{ config, lib, pkgs, modulesPath, nixos-hardware, ... }:
{
config,
lib,
pkgs,
modulesPath,
nixos-hardware,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.loader = lib.mkForce {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
boot.loader = lib.mkForce {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
#boot.kernelParams = [
# "console=serial0,115200n8"
#];
#boot.kernelParams = [
# "console=serial0,115200n8"
#];
fileSystems ."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [{
device = "/swapfile";
size = 2048;
}];
swapDevices = [
{
device = "/swapfile";
size = 2048;
}
];
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
};
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
};
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
};
};
}

137
hosts/Shura/default.nix
View file

@ -1,72 +1,83 @@
{ config, pkgs, lib, ... }:
let
# Copy bluetooth device configs
shure-aonic-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/shure-aonic-bluetooth-params);
xbox-elite-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/xbox-elite-controller-bluetooth-params);
mano-touchpad-bluetooth = pkgs.writeText "info" (builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params);
{
config,
pkgs,
lib,
...
}:
let
# Copy bluetooth device configs
shure-aonic-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/shure-aonic-bluetooth-params
);
xbox-elite-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/xbox-elite-controller-bluetooth-params
);
mano-touchpad-bluetooth = pkgs.writeText "info" (
builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params
);
# Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4
monitorsXmlContent = builtins.readFile ./monitors.xml;
monitorsConfig = pkgs.writeText "gdm_monitors.xml" monitorsXmlContent;
# Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4
monitorsXmlContent = builtins.readFile ./monitors.xml;
monitorsConfig = pkgs.writeText "gdm_monitors.xml" monitorsXmlContent;
in
{
imports = [ ./hardware-configuration.nix ];
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
system.stateVersion = "24.05";
host = {
role = "workstation";
apps = {
development = {
enable = true;
kubernetes.enable = true;
};
dj.enable = true;
gaming.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
recording.enable = true;
social.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
services.syncthing = {
enable = true;
enableTray = false; # Recent versions of STT don't recognize Gnome's tray. Uninstalling for now.
};
};
gremlin = {
enable = true;
services.syncthing = {
enable = true;
enableTray = false;
};
};
};
};
host = {
role = "workstation";
apps = {
development = {
enable = true;
kubernetes.enable = true;
};
dj.enable = true;
gaming.enable = true;
kdeconnect.enable = true;
media.enable = true;
office.enable = true;
recording.enable = true;
social.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
services.syncthing = {
enable = true;
enableTray = false; # Recent versions of STT don't recognize Gnome's tray. Uninstalling for now.
};
};
gremlin = {
enable = true;
services.syncthing = {
enable = true;
enableTray = false;
};
};
};
};
# Move files into target system
systemd.tmpfiles.rules = [
# Use gremlin user's monitor config for GDM (defined above)
"L+ /run/gdm/.config/monitors.xml - - - - ${monitorsConfig}"
# Move files into target system
systemd.tmpfiles.rules = [
# Use gremlin user's monitor config for GDM (defined above)
"L+ /run/gdm/.config/monitors.xml - - - - ${monitorsConfig}"
# Install Bluetooth device profiles
"d /var/lib/bluetooth/AC:50:DE:9F:AB:88/ 0700 root root" # First, make sure the directory exists
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}"
];
# Install Bluetooth device profiles
"d /var/lib/bluetooth/AC:50:DE:9F:AB:88/ 0700 root root" # First, make sure the directory exists
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}"
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}"
];
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
};
}

137
hosts/Shura/hardware-configuration.nix
View file

@ -1,68 +1,89 @@
# Lenovo Legion Slim 7 Gen 7 AMD (16ARHA7)
{ config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Configure the kernel.
boot = {
# First, install the latest Zen kernel
kernelPackages = pkgs.linuxPackages_zen;
# Configure the kernel.
boot = {
# First, install the latest Zen kernel
kernelPackages = pkgs.linuxPackages_zen;
# Hardware defaults detected by nixos-generate-configuration
initrd = {
# SystemD in the initrd is required for TPM auto-unlocking.
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
# If the LUKS volume is recently created, run this command to bind it to the TPM:
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
systemd.enable = true;
# Hardware defaults detected by nixos-generate-configuration
initrd = {
# SystemD in the initrd is required for TPM auto-unlocking.
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
# If the LUKS volume is recently created, run this command to bind it to the TPM:
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
systemd.enable = true;
availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "tpm_crb" ];
kernelModules = [ "amdgpu" "tpm_crb" ];
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
};
kernelModules = [ "kvm-amd" ];
};
availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"tpm_crb"
];
kernelModules = [
"amdgpu"
"tpm_crb"
];
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
};
fileSystems = {
"/" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = { device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
kernelModules = [ "kvm-amd" ];
};
swapDevices = [{
device = "/swap/swapfile";
size = 16384;
}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
swapDevices = [
{
device = "/swap/swapfile";
size = 16384;
}
];
# Set the hostname.
hostName = "Shura";
};
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Set the hostname.
hostName = "Shura";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

27
hosts/default.nix
View file

@ -1,15 +1,16 @@
{ lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
# Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main";
rev = "55fc814d477d956ab885e157f24c2d43f433dc7a";
};
in{
imports = [
"${nix-secrets}/default.nix"
../modules/autoimport.nix
];
# Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main";
rev = "55fc814d477d956ab885e157f24c2d43f433dc7a";
};
in
{
imports = [
"${nix-secrets}/default.nix"
../modules/autoimport.nix
];
}

63
modules/apps/development.nix
View file

@ -1,36 +1,41 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.host.apps.development;
let
cfg = config.host.apps.development;
in
with lib;
{
options = {
host.apps.development = {
enable = mkEnableOption (mdDoc "Enables development tools");
kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools.");
};
};
options = {
host.apps.development = {
enable = mkEnableOption (mdDoc "Enables development tools");
kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools.");
};
};
config = mkMerge [
(mkIf cfg.enable {
host.ui.flatpak.enable = true;
config = mkMerge [
(mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"com.vscodium.codium"
"dev.k8slens.OpenLens"
];
services.flatpak.packages = [
"com.vscodium.codium"
"dev.k8slens.OpenLens"
];
environment.systemPackages = with pkgs; [
statix # Nix linting tool
];
})
(mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [
kubectl
kubernetes-helm
kubevirt # Virtctl command-line tool
];
})
];
}
environment.systemPackages = with pkgs; [
statix # Nix linting tool
];
})
(mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [
kubectl
kubernetes-helm
kubevirt # Virtctl command-line tool
];
})
];
}

22
modules/apps/dj.nix
View file

@ -1,19 +1,17 @@
{ config, lib, ... }:
let
cfg = config.host.apps.dj;
let
cfg = config.host.apps.dj;
in
with lib;
{
options = {
host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)");
};
options = {
host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)");
};
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"org.mixxx.Mixxx"
];
};
}
services.flatpak.packages = [ "org.mixxx.Mixxx" ];
};
}

41
modules/apps/gaming.nix
View file

@ -1,27 +1,32 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
# Gaming-related settings
let
cfg = config.host.apps.gaming;
cfg = config.host.apps.gaming;
in
with lib;
{
options = {
host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features");
};
options = {
host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features");
};
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"gg.minion.Minion"
"com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer"
];
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"gg.minion.Minion"
"com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer"
];
# Enable Xbox controller driver (XPadNeo)
boot = {
extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
kernelModules = [ "hid_xpadneo" ];
};
};
# Enable Xbox controller driver (XPadNeo)
boot = {
extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
kernelModules = [ "hid_xpadneo" ];
};
};
}

43
modules/apps/kdeconnect.nix
View file

@ -1,22 +1,35 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.apps.kdeconnect;
cfg = config.host.apps.kdeconnect;
in
with lib;
{
options = {
host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect");
};
options = {
host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect");
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
gnomeExtensions.gsconnect
];
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ gnomeExtensions.gsconnect ];
networking.firewall = {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
};
};
}
networking.firewall = {
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
};
};
}

42
modules/apps/media.nix
View file

@ -1,28 +1,28 @@
{ config, lib, ... }:
let
cfg = config.host.apps.media;
let
cfg = config.host.apps.media;
in
with lib;
{
options = {
host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps");
};
options = {
host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps");
};
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak = {
packages = [
"com.calibre_ebook.calibre"
"com.github.unrud.VideoDownloader"
"io.github.celluloid_player.Celluloid"
"org.kde.krita"
"org.kde.KStyle.Adwaita//5.15-23.08" # Retrieved from https://docs.flatpak.org/en/latest/desktop-integration.html
"org.kde.KStyle.Adwaita//6.6"
"org.kde.WaylandDecoration.QAdwaitaDecorations//5.15-23.08" # Replaced deprecated QGnomePlatform https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications
"org.kde.WaylandDecoration.QAdwaitaDecorations//6.6"
];
};
};
}
services.flatpak = {
packages = [
"com.calibre_ebook.calibre"
"com.github.unrud.VideoDownloader"
"io.github.celluloid_player.Celluloid"
"org.kde.krita"
"org.kde.KStyle.Adwaita//5.15-23.08" # Retrieved from https://docs.flatpak.org/en/latest/desktop-integration.html
"org.kde.KStyle.Adwaita//6.6"
"org.kde.WaylandDecoration.QAdwaitaDecorations//5.15-23.08" # Replaced deprecated QGnomePlatform https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications
"org.kde.WaylandDecoration.QAdwaitaDecorations//6.6"
];
};
};
}

24
modules/apps/office.nix
View file

@ -1,20 +1,20 @@
{ config, lib, ... }:
let
cfg = config.host.apps.office;
let
cfg = config.host.apps.office;
in
with lib;
{
options = {
host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps");
};
options = {
host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps");
};
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"org.libreoffice.LibreOffice"
"us.zoom.Zoom"
];
};
services.flatpak.packages = [
"org.libreoffice.LibreOffice"
"us.zoom.Zoom"
];
};
}

56
modules/apps/recording.nix
View file

@ -1,36 +1,36 @@
{ config, lib, ... }:
let
cfg = config.host.apps.recording;
let
cfg = config.host.apps.recording;
in
with lib;
{
options = {
host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools");
};
options = {
host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools");
};
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
config = mkIf cfg.enable {
host.ui.flatpak.enable = true;
services.flatpak = {
packages = [
"com.obsproject.Studio"
"com.obsproject.Studio.Plugin.DroidCam"
"org.kde.kdenlive"
];
};
services.flatpak = {
packages = [
"com.obsproject.Studio"
"com.obsproject.Studio.Plugin.DroidCam"
"org.kde.kdenlive"
];
};
# Add a virtual camera to use with Droidcam
boot = {
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ];
kernelModules = [ "v4l2loopback" ];
# Note on v4l2loopback kernel module parameters:
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming. This MUST be set to 1 for Chrome to detect virtual cameras.
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
};
};
}
# Add a virtual camera to use with Droidcam
boot = {
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ];
kernelModules = [ "v4l2loopback" ];
# Note on v4l2loopback kernel module parameters:
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming. This MUST be set to 1 for Chrome to detect virtual cameras.
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
};
};
}

35
modules/apps/social.nix
View file

@ -1,24 +1,27 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.apps.social;
cfg = config.host.apps.social;
in
with lib;
{
options = {
host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps");
};
options = {
host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps");
};
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
beeper
];
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
beeper
];
host.ui.flatpak.enable = true;
services.flatpak.packages = [
"com.discordapp.Discord"
];
};
host.ui.flatpak.enable = true;
services.flatpak.packages = [ "com.discordapp.Discord" ];
};
}

31
modules/apps/tmux.nix
View file

@ -1,19 +1,24 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.apps.tmux;
cfg = config.host.apps.tmux;
in
with lib;
{
options = {
host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer");
};
options = {
host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer");
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
newSession = true;
clock24 = true;
};
};
}
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
newSession = true;
clock24 = true;
};
};
}

49
modules/apps/writing.nix
View file

@ -1,29 +1,34 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.apps.writing;
cfg = config.host.apps.writing;
in
with lib;
{
options = {
host.apps.writing.enable = mkEnableOption (mdDoc "Enables writing and editing tools");
};
options = {
host.apps.writing.enable = mkEnableOption (mdDoc "Enables writing and editing tools");
};
config = mkIf cfg.enable {
# Install packages for building ebooks
environment.systemPackages = with pkgs; [
haskellPackages.pandoc
haskellPackages.pandoc-cli
haskellPackages.pandoc-crossref
texliveSmall
];
config = mkIf cfg.enable {
# Install packages for building ebooks
environment.systemPackages = with pkgs; [
haskellPackages.pandoc
haskellPackages.pandoc-cli
haskellPackages.pandoc-crossref
texliveSmall
];
# Spelling and grammer checking: hosted on localhost:8081
services.languagetool = {
enable = true;
port = 8090;
public = false;
allowOrigin = "*";
};
};
}
# Spelling and grammer checking: hosted on localhost:8081
services.languagetool = {
enable = true;
port = 8090;
public = false;
allowOrigin = "*";
};
};
}

37
modules/autoimport.nix
View file

@ -3,24 +3,27 @@
{ lib, ... }:
with lib;
let
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir = dir: mapAttrs
(file: type:
if type == "directory" then getDir "${dir}/${file}" else type
)
(builtins.readDir dir);
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir =
dir:
mapAttrs (file: type: if type == "directory" then getDir "${dir}/${file}" else type) (
builtins.readDir dir
);
# Collects all files of a directory as a list of strings of paths
files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir));
# Collects all files of a directory as a list of strings of paths
files =
dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir));
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
# Also, make the strings absolute
validFiles = dir: map
(file: ./. + "/${file}")
(filter
(file: ! hasInfix "home-manager" file && file != "autoimport.nix" && hasSuffix ".nix" file)
(files dir));
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
# Also, make the strings absolute
validFiles =
dir:
map (file: ./. + "/${file}") (
filter (file: !hasInfix "home-manager" file && file != "autoimport.nix" && hasSuffix ".nix" file) (
files dir
)
);
in
{
imports = validFiles ./.;
}
imports = validFiles ./.;
}

55
modules/base/bluetooth.nix
View file

@ -1,34 +1,37 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.host.ui.bluetooth;
cfg = config.host.ui.bluetooth;
in
with lib;
{
options = {
host.ui.bluetooth = {
enable = mkEnableOption (mdDoc "Enables bluetooth");
};
};
options = {
host.ui.bluetooth = {
enable = mkEnableOption (mdDoc "Enables bluetooth");
};
};
config = mkIf cfg.enable {
# Set up Bluetooth
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
KernelExperimental = true;
};
};
};
config = mkIf cfg.enable {
# Set up Bluetooth
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
KernelExperimental = true;
};
};
};
# Add Bluetooth LE audio support
environment.systemPackages = with pkgs; [
liblc3
];
};
}
# Add Bluetooth LE audio support
environment.systemPackages = with pkgs; [ liblc3 ];
};
}

105
modules/base/bootloader.nix
View file

@ -1,62 +1,67 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
# Bootloader
let
cfg = config.host.boot;
cfg = config.host.boot;
in
with lib;
{
options = {
host.boot = {
enable = mkOption {
description = "Automatically configures the bootloader. Set to false to configure manually.";
type = types.bool;
default = true;
};
secureboot.enable = mkOption {
description = "Enables Secureboot";
type = types.bool;
default = true;
};
};
};
options = {
host.boot = {
enable = mkOption {
description = "Automatically configures the bootloader. Set to false to configure manually.";
type = types.bool;
default = true;
};
config = mkIf cfg.enable (mkMerge[
(mkIf cfg.secureboot.enable {
boot = {
# Enable Secure Boot
bootspec.enable = true;
# Disable systemd-boot. We lanzaboote now.
loader.systemd-boot.enable = false;
loader.efi.canTouchEfiVariables = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
secureboot.enable = mkOption {
description = "Enables Secureboot";
type = types.bool;
default = true;
};
};
};
# Increase bootloader font size
lanzaboote.settings.console-mode = "auto";
};
config = mkIf cfg.enable (mkMerge [
(mkIf cfg.secureboot.enable {
boot = {
# Enable Secure Boot
bootspec.enable = true;
# Set up TPM. See https://nixos.wiki/wiki/TPM
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
environment.systemPackages = with pkgs; [ tpm2-tss ];
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
})
# Disable systemd-boot. We lanzaboote now.
loader.systemd-boot.enable = false;
loader.efi.canTouchEfiVariables = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# Plain boot
(mkIf (!cfg.secureboot.enable) {
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
})
]);
# Increase bootloader font size
lanzaboote.settings.console-mode = "auto";
};
# Set up TPM. See https://nixos.wiki/wiki/TPM
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
environment.systemPackages = with pkgs; [ tpm2-tss ];
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
})
# Plain boot
(mkIf (!cfg.secureboot.enable) {
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
})
]);
}

16
modules/base/network.nix
View file

@ -1,10 +1,10 @@
_: {
networking = {
# Enable networking via NetworkManager
networkmanager.enable = true;
networking = {
# Enable networking via NetworkManager
networkmanager.enable = true;
# Enable firewall
nftables.enable = true;
firewall.enable = true;
};
}
# Enable firewall
nftables.enable = true;
firewall.enable = true;
};
}

86
modules/base/nix.nix
View file

@ -1,45 +1,57 @@
# Nix configuration
{ pkgs, config, lib, inputs, ... }: {
nix = {
settings = {
# Enable Flakes
experimental-features = [ "nix-command" "flakes" ];
{
pkgs,
config,
lib,
inputs,
...
}:
{
nix = {
settings = {
# Enable Flakes
experimental-features = [
"nix-command"
"flakes"
];
# Use Lix instead of Nix
extra-substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Use Lix instead of Nix
extra-substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Avoid signature verification messages when doing remote builds
trusted-users = [ "${config.users.users.aires.name}" ];
};
# Avoid signature verification messages when doing remote builds
trusted-users = [ "${config.users.users.aires.name}" ];
};
# Enable periodic nix store optimization
optimise.automatic = true;
# Enable periodic nix store optimization
optimise.automatic = true;
# Configure NixOS to use the same software channel as Flakes
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# Configure NixOS to use the same software channel as Flakes
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# Configure remote build machines (mainly Haven)
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
buildMachines = [{
hostName = "haven";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"kvm"
"benchmark"
"big-parllel"
];
}];
# Configure remote build machines (mainly Haven)
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
buildMachines = [
{
hostName = "haven";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"kvm"
"benchmark"
"big-parllel"
];
}
];
# When using a builder, use its package store
extraOptions = ''
builders-use-substitutes = true
'';
};
# When using a builder, use its package store
extraOptions = ''
builders-use-substitutes = true
'';
};
}

53
modules/base/programs.nix
View file

@ -1,29 +1,30 @@
# Set up program defaults
{ config, ... }: {
# Set up base apps
programs = {
direnv.enable = true;
{ config, ... }:
{
# Set up base apps
programs = {
direnv.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
nanorc = ''
set linenumbers
set tabsize 4
set softwrap
'';
};
nano = {
enable = true;
syntaxHighlight = true;
nanorc = ''
set linenumbers
set tabsize 4
set softwrap
'';
};
nh = {
enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration";
# Alternative garbage collection system to nix.gc.automatic
clean = {
enable = true;
dates = "daily";
extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries
};
};
};
}
nh = {
enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration";
# Alternative garbage collection system to nix.gc.automatic
clean = {
enable = true;
dates = "daily";
extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries
};
};
};
}

10
modules/base/shell.nix
View file

@ -1,10 +1,10 @@
{ pkgs, ... }:
{
# Install ZSH for all users
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Install ZSH for all users
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Show a neat system statistics screen when opening a terminal
environment.systemPackages = with pkgs; [ fastfetch ];
# Show a neat system statistics screen when opening a terminal
environment.systemPackages = with pkgs; [ fastfetch ];
}

93
modules/base/system.nix
View file

@ -1,54 +1,55 @@
# System options
{ pkgs, config, ... }: {
# Set up the environment
environment = {
# Install base packages
systemPackages = with pkgs; [
bash
dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113
direnv
git
home-manager
nano
p7zip
fastfetch
nh # Nix Helper: https://github.com/viperML/nh
];
{ pkgs, config, ... }:
{
# Set up the environment
environment = {
# Install base packages
systemPackages = with pkgs; [
bash
dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113
direnv
git
home-manager
nano
p7zip
fastfetch
nh # Nix Helper: https://github.com/viperML/nh
];
variables = {
EDITOR = "nano"; # Set default editor to nano
};
};
variables = {
EDITOR = "nano"; # Set default editor to nano
};
};
# Configure automatic updates
system.autoUpgrade = {
enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration";
dates = "daily";
allowReboot = false;
operation = "boot"; # Don't switch, just create a boot entry
};
# Configure automatic updates
system.autoUpgrade = {
enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration";
dates = "daily";
allowReboot = false;
operation = "boot"; # Don't switch, just create a boot entry
};
# Enable fwupd (firmware updater)
services.fwupd.enable = true;
# Enable fwupd (firmware updater)
services.fwupd.enable = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

20
modules/roles/default.nix
View file

@ -1,13 +1,13 @@
{lib, ...}:
{ lib, ... }:
with lib;
{
options = {
host.role = mkOption {
type = types.enum [
"server"
"workstation"
];
};
};
}
options = {
host.role = mkOption {
type = types.enum [
"server"
"workstation"
];
};
};
}

32
modules/roles/server.nix
View file

@ -1,16 +1,22 @@
{ config, lib, modulesPath, pkgs, ... }:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "server") {
host.apps.tmux.enable = true;
environment.systemPackages = with pkgs; [
htop
mdadm
];
};
config = mkIf (role == "server") {
host.apps.tmux.enable = true;
environment.systemPackages = with pkgs; [
htop
mdadm
];
};
}

58
modules/roles/workstation.nix
View file

@ -1,31 +1,35 @@
{ config, lib, modulesPath, pkgs, ... }:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "workstation") {
host.ui = {
audio.enable = true;
bluetooth.enable = true;
gnome.enable = true;
flatpak.enable = true;
};
config = mkIf (role == "workstation") {
host.ui = {
audio.enable = true;
bluetooth.enable = true;
gnome.enable = true;
flatpak.enable = true;
};
boot = {
# Enable Plymouth
plymouth.enable = true;
plymouth.theme = "bgrt";
boot = {
# Enable Plymouth
plymouth.enable = true;
plymouth.theme = "bgrt";
# Increase minimum log level. This removes ACPI errors from the boot screen.
consoleLogLevel = 1;
# Add kernel parameters
kernelParams = [
"quiet"
];
};
};
}
# Increase minimum log level. This removes ACPI errors from the boot screen.
consoleLogLevel = 1;
# Add kernel parameters
kernelParams = [ "quiet" ];
};
};
}

29
modules/services/apcupsd.nix
View file

@ -1,17 +1,22 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.services.apcupsd;
cfg = config.host.services.apcupsd;
in
with lib;
{
options = {
host.services.apcupsd.enable = mkEnableOption (mdDoc "Enables apcupsd");
};
options = {
host.services.apcupsd.enable = mkEnableOption (mdDoc "Enables apcupsd");
};
config = mkIf cfg.enable {
services.apcupsd = {
enable = true;
configText = builtins.readFile ./etc/apcupsd.conf;
};
};
}
config = mkIf cfg.enable {
services.apcupsd = {
enable = true;
configText = builtins.readFile ./etc/apcupsd.conf;
};
};
}

15
modules/services/btrfs.nix
View file

@ -1,9 +1,10 @@
# Services to run on BTRFS filesystems.
# Only run if the root partition is BTRFS.
{ config, lib, ... }: {
services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
enable = true;
interval = "weekly";
fileSystems = [ "/" ];
};
}
{ config, lib, ... }:
{
services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
enable = true;
interval = "weekly";
fileSystems = [ "/" ];
};
}

90
modules/services/duplicacy-web.nix
View file

@ -1,52 +1,58 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
cfg = config.host.services.duplicacy-web;
duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; };
cfg = config.host.services.duplicacy-web;
duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; };
in
with lib;
rec {
options = {
host.services.duplicacy-web = {
enable = mkEnableOption (mdDoc "Enables duplicacy-web");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start duplicacy-web on boot";
};
options = {
host.services.duplicacy-web = {
enable = mkEnableOption (mdDoc "Enables duplicacy-web");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start duplicacy-web on boot";
};
environment = mkOption {
default = "";
type = types.str;
description = "Environment where duplicacy-web stores its config files";
};
};
};
environment = mkOption {
default = "";
type = types.str;
description = "Environment where duplicacy-web stores its config files";
};
};
};
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
duplicacy-web
];
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ];
networking.firewall.allowedTCPPorts = [ 3875 ];
# Install systemd service.
systemd.services."duplicacy-web" = {
enable = true;
wants = [ "network-online.target" ];
after = [ "syslog.target" "network-online.target" ];
description = "Start the Duplicacy backup service and web UI";
serviceConfig = {
Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure";
RestartSrc = 10;
KillMode = "process";
};
environment = {
HOME = cfg.environment;
};
} // optionalAttrs cfg.autostart { wantedBy = ["multi-user.target"]; }; # Start at boot if autostart is enabled.
};
# Install systemd service.
systemd.services."duplicacy-web" = {
enable = true;
wants = [ "network-online.target" ];
after = [
"syslog.target"
"network-online.target"
];
description = "Start the Duplicacy backup service and web UI";
serviceConfig = {
Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure";
RestartSrc = 10;
KillMode = "process";
};
environment = {
HOME = cfg.environment;
};
} // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
};
}

101
modules/services/k3s.nix
View file

@ -1,57 +1,60 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.host.services.k3s;
cfg = config.host.services.k3s;
in
with lib;
{
options = {
host.services.k3s = {
enable = mkEnableOption (mdDoc "Enables K3s");
role = mkOption {
default = "server";
type = types.enum [
"agent"
"server"
];
description = "Which K3s role to use";
};
serverAddr = mkOption {
default = "";
type = types.str;
description = "If an agent, this is the address of the server.";
};
};
};
options = {
host.services.k3s = {
enable = mkEnableOption (mdDoc "Enables K3s");
role = mkOption {
default = "server";
type = types.enum [
"agent"
"server"
];
description = "Which K3s role to use";
};
serverAddr = mkOption {
default = "";
type = types.str;
description = "If an agent, this is the address of the server.";
};
};
};
config = mkIf cfg.enable {
# Add packages for developing with K3s.
# For details, see https://nixos.wiki/wiki/K3s
environment.systemPackages = with pkgs; [
k3s
];
config = mkIf cfg.enable {
# Add packages for developing with K3s.
# For details, see https://nixos.wiki/wiki/K3s
environment.systemPackages = with pkgs; [ k3s ];
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
services.k3s = {
enable = true;
inherit (cfg) role;
extraFlags = toString [
# "--kubelet-arg=v=4" # Optionally add additional args to k3s
];
} // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; };
services.k3s = {
enable = true;
inherit (cfg) role;
extraFlags = toString [
# "--kubelet-arg=v=4" # Optionally add additional args to k3s
];
} // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; };
# Increase number of open file handlers so K3s doesn't exhaust them...again.
systemd.extraConfig = ''
DefaultLimitNOFILE=8192:1048576
'';
};
}
# Increase number of open file handlers so K3s doesn't exhaust them...again.
systemd.extraConfig = ''
DefaultLimitNOFILE=8192:1048576
'';
};
}

22
modules/services/msmtp.nix
View file

@ -2,18 +2,18 @@
{ config, lib, ... }:
let
cfg = config.host.services.msmtp;
cfg = config.host.services.msmtp;
in
with lib;
{
options = {
host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server");
};
options = {
host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server");
};
config = mkIf cfg.enable {
programs.msmtp = {
enable = true;
# Authentication details set in nix-secrets
};
};
}
config = mkIf cfg.enable {
programs.msmtp = {
enable = true;
# Authentication details set in nix-secrets
};
};
}

12
modules/services/smartd.nix
View file

@ -1,8 +1,8 @@
# Configure SMART monitoring
_: {
services.smartd = {
enable = true;
autodetect = true;
notifications.wall.enable = true;
};
}
services.smartd = {
enable = true;
autodetect = true;
notifications.wall.enable = true;
};
}

28
modules/services/systemd.nix
View file

@ -1,17 +1,17 @@
# Configure systemD
_: {
services = {
# Allow systemd user services to keep running after the user has logged out
logind.killUserProcesses = false;
};
services = {
# Allow systemd user services to keep running after the user has logged out
logind.killUserProcesses = false;
};
# Reduce systemd logout time to 30s
environment.etc = {
"systemd/system.conf.d/10-reduce-logout-wait-time.conf" = {
text = ''
[Manager]
DefaultTimeoutStopSec=30s
'';
};
};
}
# Reduce systemd logout time to 30s
environment.etc = {
"systemd/system.conf.d/10-reduce-logout-wait-time.conf" = {
text = ''
[Manager]
DefaultTimeoutStopSec=30s
'';
};
};
}

81
modules/ui/audio.nix
View file

@ -1,48 +1,53 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
cfg = config.host.ui.audio;
cfg = config.host.ui.audio;
in
with lib;
{
options = {
host.ui.audio = {
enable = mkEnableOption (mdDoc "Enables audio");
enableLowLatency = mkEnableOption (mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup ");
};
};
options = {
host.ui.audio = {
enable = mkEnableOption (mdDoc "Enables audio");
enableLowLatency = mkEnableOption (
mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup "
);
};
};
config = mkIf cfg.enable {
# Enable sound with pipewire.
sound.enable = true;
security.rtkit.enable = true;
hardware.pulseaudio = {
enable = false;
package = pkgs.pulseaudioFull; # Enable extra audio codecs
};
config = mkIf cfg.enable {
# Enable sound with pipewire.
sound.enable = true;
security.rtkit.enable = true;
hardware.pulseaudio = {
enable = false;
package = pkgs.pulseaudioFull; # Enable extra audio codecs
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup
extraConfig.pipewire = mkIf cfg.enableLowLatency {
"92-low-latency.conf" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 32;
"default.clock.min-quantum" = 32;
"default.clock.max-quantum" = 32;
};
};
};
};
# Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup
extraConfig.pipewire = mkIf cfg.enableLowLatency {
"92-low-latency.conf" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 32;
"default.clock.min-quantum" = 32;
"default.clock.max-quantum" = 32;
};
};
};
};
services.flatpak.packages = mkIf config.host.ui.flatpak.enable [
"com.github.wwmm.easyeffects"
];
};
services.flatpak.packages = mkIf config.host.ui.flatpak.enable [ "com.github.wwmm.easyeffects" ];
};
}

135
modules/ui/flatpak.nix
View file

@ -1,73 +1,88 @@
{ nix-flatpak, pkgs, config, lib, ... }:
{
nix-flatpak,
pkgs,
config,
lib,
...
}:
# Flatpak support and options
let
cfg = config.host.ui.flatpak;
cfg = config.host.ui.flatpak;
in
with lib;
{
options = {
host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak");
};
options = {
host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak");
};
config = mkIf cfg.enable {
# Enable Flatpak
services.flatpak = {
enable = true;
config = mkIf cfg.enable {
# Enable Flatpak
services.flatpak = {
enable = true;
# Manage all Flatpak packages and remotes
uninstallUnmanaged = true;
# Manage all Flatpak packages and remotes
uninstallUnmanaged = true;
# Enable daily automatic updates
update.auto = {
enable = true;
onCalendar = "daily";
};
# Enable daily automatic updates
update.auto = {
enable = true;
onCalendar = "daily";
};
# Add remote(s)
remotes = [
{ name = "flathub"; location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; }
];
# Add remote(s)
remotes = [
{
name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
# Install Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
packages = [
"com.github.tchx84.Flatseal"
"md.obsidian.Obsidian"
"net.waterfox.waterfox"
"org.keepassxc.KeePassXC"
"org.mozilla.firefox"
];
};
# Install Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
packages = [
"com.github.tchx84.Flatseal"
"md.obsidian.Obsidian"
"net.waterfox.waterfox"
"org.keepassxc.KeePassXC"
"org.mozilla.firefox"
];
};
# Workaround for getting Flatpak apps to use system fonts, icons, and cursors
# For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263
# NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache:
# flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v
system.fsPackages = [ pkgs.bindfs ];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
};
aggregatedIcons = pkgs.buildEnv {
name = "system-icons";
paths = with pkgs; [
#libsForQt5.breeze-qt5 # for plasma
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
pathsToLink = [ "/share/icons" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = [ "/share/fonts" ];
};
in {
"/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
"/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
};
};
# Workaround for getting Flatpak apps to use system fonts, icons, and cursors
# For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263
# NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache:
# flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v
system.fsPackages = [ pkgs.bindfs ];
fileSystems =
let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [
"ro"
"resolve-symlinks"
"x-gvfs-hide"
];
};
aggregatedIcons = pkgs.buildEnv {
name = "system-icons";
paths = with pkgs; [
#libsForQt5.breeze-qt5 # for plasma
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
pathsToLink = [ "/share/icons" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = [ "/share/fonts" ];
};
in
{
"/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
"/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
};
};
}

237
modules/ui/gnome.nix
View file

@ -1,134 +1,139 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
# UI and desktop-related options
let
cfg = config.host.ui.gnome;
cfg = config.host.ui.gnome;
in
with lib;
{
options = {
host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome");
};
options = {
host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome");
};
config = mkIf cfg.enable {
host.ui = {
audio.enable = true;
flatpak.enable = true;
};
services = {
# Configure the xserver
xserver = {
# Enable the X11 windowing system.
enable = true;
config = mkIf cfg.enable {
host.ui = {
audio.enable = true;
flatpak.enable = true;
};
# Configure keymap in X11
xkb = {
layout = "us";
variant = "";
};
services = {
# Configure the xserver
xserver = {
# Enable the X11 windowing system.
enable = true;
# Enable Gnome
desktopManager.gnome.enable = true;
displayManager = {
gdm.enable = true;
};
# Configure keymap in X11
xkb = {
layout = "us";
variant = "";
};
# Remove default packages that came with the install
excludePackages = with pkgs; [
xterm
];
};
# Enable Gnome
desktopManager.gnome.enable = true;
displayManager = {
gdm.enable = true;
};
# Install Flatpaks
flatpak.packages = [
"com.mattjakeman.ExtensionManager"
"dev.geopjr.Tuba"
"org.bluesabre.MenuLibre"
"org.gnome.baobab"
"org.gnome.Calculator"
"org.gnome.Characters"
"org.gnome.Calendar"
"org.gnome.Evince"
"org.gnome.Evolution"
"org.gnome.FileRoller"
"org.gnome.Firmware"
"org.gnome.gitg"
"org.gnome.Loupe" # Gnome's fancy new image viewer
"org.gnome.Music"
"org.gnome.seahorse.Application"
"org.gnome.TextEditor"
"org.gnome.World.Secrets"
"org.gtk.Gtk3theme.Adwaita-dark"
];
# Remove default packages that came with the install
excludePackages = with pkgs; [ xterm ];
};
# Disable CUPS - not needed
printing.enable = false;
};
environment = {
# Remove default Gnome packages that came with the install, then install the ones I actually use
gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnomeExtensions.extension-list
gedit # text editor
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-calendar
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
gnome-software
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
# Install Flatpaks
flatpak.packages = [
"com.mattjakeman.ExtensionManager"
"dev.geopjr.Tuba"
"org.bluesabre.MenuLibre"
"org.gnome.baobab"
"org.gnome.Calculator"
"org.gnome.Characters"
"org.gnome.Calendar"
"org.gnome.Evince"
"org.gnome.Evolution"
"org.gnome.FileRoller"
"org.gnome.Firmware"
"org.gnome.gitg"
"org.gnome.Loupe" # Gnome's fancy new image viewer
"org.gnome.Music"
"org.gnome.seahorse.Application"
"org.gnome.TextEditor"
"org.gnome.World.Secrets"
"org.gtk.Gtk3theme.Adwaita-dark"
];
# Install additional Gnome packages
systemPackages = with pkgs; [
# Gnome tweak tools
gnome.gnome-tweaks
# Gnome extensions
# FIXME: Disable temporarily due to broken version in Nixpkgs
#gnomeExtensions.appindicator
#gnomeExtensions.dash-to-panel
#gnomeExtensions.forge
# Themeing
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
};
# Disable CUPS - not needed
printing.enable = false;
};
# Manage fonts
fonts = {
# Install extra fonts
packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
fira
roboto-slab
];
environment = {
# Remove default Gnome packages that came with the install, then install the ones I actually use
gnome.excludePackages =
(with pkgs; [
gnome-photos
gnome-tour
gnomeExtensions.extension-list
gedit # text editor
])
++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-calendar
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
gnome-software
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
# Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
fontDir.enable = true;
};
# Install additional Gnome packages
systemPackages = with pkgs; [
# Gnome tweak tools
gnome.gnome-tweaks
# Gnome extensions
# FIXME: Disable temporarily due to broken version in Nixpkgs
#gnomeExtensions.appindicator
#gnomeExtensions.dash-to-panel
#gnomeExtensions.forge
# Themeing
gnome.gnome-themes-extra
papirus-icon-theme
qogir-icon-theme
];
};
# Gnome UI integration for KDE apps
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita-dark";
};
};
# Manage fonts
fonts = {
# Install extra fonts
packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
fira
roboto-slab
];
# Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
fontDir.enable = true;
};
# Gnome UI integration for KDE apps
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita-dark";
};
};
}

239
modules/users/aires/default.nix
View file

@ -1,89 +1,98 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
# Define 'aires'
let
cfg = config.host.users.aires;
cfg = config.host.users.aires;
in
with lib;
{
options = {
host.users.aires = {
enable = mkEnableOption (mdDoc "Enables aires user account");
autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot");
options = {
host.users.aires = {
enable = mkEnableOption (mdDoc "Enables aires user account");
autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot");
services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start Syncthing on boot";
};
};
};
};
services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start Syncthing on boot";
};
};
};
};
config = mkIf cfg.enable (mkMerge [
{
users.users.aires = {
isNormalUser = true;
description = "Aires";
uid = 1000;
extraGroups = [ "input" "networkmanager" "plugdev" "tss" "wheel" ]; # tss group has access to TPM devices
config = mkIf cfg.enable (mkMerge [
{
users.users.aires = {
isNormalUser = true;
description = "Aires";
uid = 1000;
extraGroups = [
"input"
"networkmanager"
"plugdev"
"tss"
"wheel"
]; # tss group has access to TPM devices
# Allow systemd services to run even while aires is logged out
linger = true;
};
# Allow systemd services to run even while aires is logged out
linger = true;
};
# Install aires-specific Flatpaks
services.flatpak.packages = mkIf config.services.flatpak.enable [
"com.discordapp.Discord"
"org.telegram.desktop"
];
# Install aires-specific Flatpaks
services.flatpak.packages = mkIf config.services.flatpak.enable [
"com.discordapp.Discord"
"org.telegram.desktop"
];
# Configure home-manager
home-manager.users.aires = {
imports = [
../common/home-manager/gnome.nix
../common/home-manager/zsh.nix
];
# Configure home-manager
home-manager.users.aires = {
imports = [
../common/home-manager/gnome.nix
../common/home-manager/zsh.nix
];
home = {
# The state version is required and should stay at the version you originally installed.
stateVersion = "24.05";
home = {
# The state version is required and should stay at the version you originally installed.
stateVersion = "24.05";
# Basic setup
username = "aires";
homeDirectory = "/home/aires";
# Basic setup
username = "aires";
homeDirectory = "/home/aires";
# Install extra packages, specifically gnome extensions
packages = lib.mkIf config.host.ui.gnome.enable [
pkgs.gnomeExtensions.wallpaper-slideshow
];
# Install extra packages, specifically gnome extensions
packages = lib.mkIf config.host.ui.gnome.enable [ pkgs.gnomeExtensions.wallpaper-slideshow ];
# Set environment variables
sessionVariables = {
KUBECONFIG = "/home/aires/.kube/config";
};
};
# Set environment variables
sessionVariables = {
KUBECONFIG = "/home/aires/.kube/config";
};
};
programs = {
# Let home Manager install and manage itself.
home-manager.enable = true;
programs = {
# Let home Manager install and manage itself.
home-manager.enable = true;
# Set up git
git = {
enable = true;
# Username and email set in nix-secrets
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Set up git
git = {
enable = true;
# Username and email set in nix-secrets
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Set up Zsh
zsh = {
oh-my-zsh = {
theme = "gentoo";
oh-my-zsh = {
theme = "gentoo";
};
shellAliases = {
update = "upgrade";
@ -95,61 +104,59 @@ with lib;
};
};
# SSH set up in nix-secrets
# SSH set up in nix-secrets
# Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = {
# Increase font scaling;
text-scaling-factor = 1.3;
# Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = {
# Increase font scaling;
text-scaling-factor = 1.3;
# Dark mode
color-scheme = "prefer-dark";
};
};
};
}
# Dark mode
color-scheme = "prefer-dark";
};
};
};
}
# Autologin aires
(mkIf cfg.autologin {
services.displayManager.autoLogin = {
enable = true;
user = "aires";
};
systemd.services = {
"getty@tty1".enable = false;
"autovt@tty1".enable = false;
};
})
# Autologin aires
(mkIf cfg.autologin {
services.displayManager.autoLogin = {
enable = true;
user = "aires";
};
systemd.services = {
"getty@tty1".enable = false;
"autovt@tty1".enable = false;
};
})
# Enable Syncthing
(mkIf cfg.services.syncthing.enable {
users.users.aires.packages = [
pkgs.syncthing
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
];
# Enable Syncthing
(mkIf cfg.services.syncthing.enable {
users.users.aires.packages = [
pkgs.syncthing
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
];
# Open port 8080
networking.firewall.allowedTCPPorts = [
8080
];
# Open port 8080
networking.firewall.allowedTCPPorts = [ 8080 ];
home-manager.users.aires = {
# Syncthing options
services.syncthing = {
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8080"
"--home=${config.users.users.aires.home}/.config/syncthing"
"--no-default-folder"
];
};
home-manager.users.aires = {
# Syncthing options
services.syncthing = {
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8080"
"--home=${config.users.users.aires.home}/.config/syncthing"
"--no-default-folder"
];
};
# Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce {};
};
};
})
]);
# Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce { };
};
};
})
]);
}

252
modules/users/common/home-manager/gnome.nix
View file

@ -1,134 +1,140 @@
{ lib, pkgs, osConfig, ... }: {
# Additional Gnome configurations via home-manager.
dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable {
"org/gnome/mutter" = {
edge-tiling = true;
workspaces-only-on-primary = false;
experimental-features = [
"scale-monitor-framebuffer" # Fractional scaling
"variable-refresh-rate"
];
};
{
lib,
pkgs,
osConfig,
...
}:
{
# Additional Gnome configurations via home-manager.
dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable {
"org/gnome/mutter" = {
edge-tiling = true;
workspaces-only-on-primary = false;
experimental-features = [
"scale-monitor-framebuffer" # Fractional scaling
"variable-refresh-rate"
];
};
"org/gnome/desktop/interface" = {
# Configure fonts
font-name = "Fira Sans Semi-Light 11";
document-font-name = "Roboto Slab 11";
monospace-font-name = "Liberation Mono 11";
titlebar-font = "Fira Sans Semi-Bold 11";
"org/gnome/desktop/interface" = {
# Configure fonts
font-name = "Fira Sans Semi-Light 11";
document-font-name = "Roboto Slab 11";
monospace-font-name = "Liberation Mono 11";
titlebar-font = "Fira Sans Semi-Bold 11";
# Configure hinting
font-hinting = "slight";
font-antialiasing = "rgba";
# Configure hinting
font-hinting = "slight";
font-antialiasing = "rgba";
# Configure workspace
enable-hot-corners = true;
# Configure workspace
enable-hot-corners = true;
# Set icon theme
icon-theme = "Papirus-Dark";
# Set icon theme
icon-theme = "Papirus-Dark";
# Set legacy application theme
gtk-theme = "Adwaita-dark";
};
# Set legacy application theme
gtk-theme = "Adwaita-dark";
};
# Configure touchpad scroll & tap behavior
"org/gnome/desktop/peripherals/touchpad" = {
disable-while-typing = true;
click-method = "fingers";
tap-to-click = true;
natural-scroll = true;
two-finger-scrolling-enabled = true;
};
# Configure touchpad scroll & tap behavior
"org/gnome/desktop/peripherals/touchpad" = {
disable-while-typing = true;
click-method = "fingers";
tap-to-click = true;
natural-scroll = true;
two-finger-scrolling-enabled = true;
};
# Tweak window management
"org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:minimize,maximize,close";
resize-with-right-button = true;
focus-mode = "click";
};
# Tweak window management
"org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:minimize,maximize,close";
resize-with-right-button = true;
focus-mode = "click";
};
# Make alt-tab switch windows, not applications
"org/gnome/desktop/wm/keybindings" = {
switch-tab = [];
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
};
# Make alt-tab switch windows, not applications
"org/gnome/desktop/wm/keybindings" = {
switch-tab = [ ];
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
};
"org/gnome/shell" = {
disable-user-extensions = false;
};
"org/gnome/shell" = {
disable-user-extensions = false;
};
/*
FIXME: Still needs work
"org/gnome/shell/extensions/dash-to-panel" = {
animate-appicon-hover = false;
animate-appicon-hover-animation-extent = {
RIPPLE = 4;
PLANK = 4;
SIMPLE = 1;
};
appicon-margin = 8;
appicon-padding = 8;
available-monitors= [0];
dot-position = "BOTTOM";
hotkeys-overlay-combo= "TEMPORARILY";
leftbox-padding = -1;
panel-anchors = {"0" = "MIDDLE"; };
panel-element-positions={
"0" = [{
"element" = "dateMenu";
"visible" = true;
"position" = "stackedTL";
}
{
"element" = "activitiesButton";
"visible" = true;
"position" = "stackedTL";
}
{
"element" = "showAppsButton";
"visible" = true;
"position" = "centerMonitor";
}
{
"element" = "leftBox";
"visible" = false;
"position" = "stackedTL";
}
{
"element" = "taskbar";
"visible" = true;
"position" = "centerMonitor";
}
{
"element" = "centerBox";
"visible" = false;
"position" = "stackedBR";
}
{
"element" = "rightBox";
"visible" = false;
"position" = "stackedBR";
}
{
"element" = "systemMenu";
"visible" = true;
"position"= "stackedBR";
}
{
"element" = "desktopButton";
"visible" = false;
"position" = "stackedBR";
}];
};
panel-lengths = { "0" = 100; };
panel-positions = { "0" = "TOP"; };
panel-sizes = { "0" = 64; };
primary-monitor = 0;
status-icon-padding = -1;
tray-padding = -1;
window-preview-title-position = "TOP";
};
*/
};
/*
FIXME: Still needs work
"org/gnome/shell/extensions/dash-to-panel" = {
animate-appicon-hover = false;
animate-appicon-hover-animation-extent = {
RIPPLE = 4;
PLANK = 4;
SIMPLE = 1;
};
appicon-margin = 8;
appicon-padding = 8;
available-monitors= [0];
dot-position = "BOTTOM";
hotkeys-overlay-combo= "TEMPORARILY";
leftbox-padding = -1;
panel-anchors = {"0" = "MIDDLE"; };
panel-element-positions={
"0" = [{
"element" = "dateMenu";
"visible" = true;
"position" = "stackedTL";
}
{
"element" = "activitiesButton";
"visible" = true;
"position" = "stackedTL";
}
{
"element" = "showAppsButton";
"visible" = true;
"position" = "centerMonitor";
}
{
"element" = "leftBox";
"visible" = false;
"position" = "stackedTL";
}
{
"element" = "taskbar";
"visible" = true;
"position" = "centerMonitor";
}
{
"element" = "centerBox";
"visible" = false;
"position" = "stackedBR";
}
{
"element" = "rightBox";
"visible" = false;
"position" = "stackedBR";
}
{
"element" = "systemMenu";
"visible" = true;
"position"= "stackedBR";
}
{
"element" = "desktopButton";
"visible" = false;
"position" = "stackedBR";
}];
};
panel-lengths = { "0" = 100; };
panel-positions = { "0" = "TOP"; };
panel-sizes = { "0" = 64; };
primary-monitor = 0;
status-icon-padding = -1;
tray-padding = -1;
window-preview-title-position = "TOP";
};
*/
};
}

57
modules/users/common/home-manager/zsh.nix
View file

@ -1,30 +1,29 @@
# Additional ZSH settings via Home Manager
{ pkgs, ... }: {
programs.zsh = {
enable = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
prezto = {
git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
};
plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.8.0";
sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
};
}
];
oh-my-zsh = {
enable = true;
plugins = [
"git"
];
};
};
}
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
prezto = {
git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
};
plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.8.0";
sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
};
}
];
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
};
};
}

224
modules/users/gremlin/default.nix
View file

@ -1,126 +1,140 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
# Define 'gremlin' user
let
cfg = config.host.users.gremlin;
cfg = config.host.users.gremlin;
in
with lib;
{
options = {
host.users.gremlin = {
enable = mkEnableOption (mdDoc "Enables gremlin user account");
services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start Syncthing on boot";
};
};
};
};
options = {
host.users.gremlin = {
enable = mkEnableOption (mdDoc "Enables gremlin user account");
config = mkMerge [
(mkIf cfg.enable {
# Add Gremlin account
users.users.gremlin = {
isNormalUser = true;
description = "Gremlin";
uid = 1001;
extraGroups = [ "networkmanager" "input" ];
services.syncthing = {
enable = mkEnableOption (mdDoc "Enables Syncthing");
enableTray = mkEnableOption (mdDoc "Enables the Syncthing Tray application");
autostart = mkOption {
default = true;
type = types.bool;
description = "Whether to auto-start Syncthing on boot";
};
};
};
};
# Allow systemd services to keep running even while gremlin is logged out
linger = true;
};
config = mkMerge [
(mkIf cfg.enable {
# Add Gremlin account
users.users.gremlin = {
isNormalUser = true;
description = "Gremlin";
uid = 1001;
extraGroups = [
"networkmanager"
"input"
];
# Install gremlin-specific flatpaks
services.flatpak.packages = lib.mkIf config.services.flatpak.enable [
"com.google.Chrome"
"com.slack.Slack"
];
# Allow systemd services to keep running even while gremlin is logged out
linger = true;
};
home-manager.users.gremlin = {
imports = [
../common/home-manager/gnome.nix
../common/home-manager/zsh.nix
];
# Install gremlin-specific flatpaks
services.flatpak.packages = lib.mkIf config.services.flatpak.enable [
"com.google.Chrome"
"com.slack.Slack"
];
home = {
# Basic setup
username = "gremlin";
homeDirectory = "/home/gremlin";
home-manager.users.gremlin = {
imports = [
../common/home-manager/gnome.nix
../common/home-manager/zsh.nix
];
# The state version is required and should stay at the version you originally installed.
stateVersion = "24.05";
home = {
# Basic setup
username = "gremlin";
homeDirectory = "/home/gremlin";
# Set environment variables
sessionVariables = {
KUBECONFIG = "/home/gremlin/.kube/config";
};
# Install packages specific to Gremlin
packages = [
pkgs.awscli2
];
};
# The state version is required and should stay at the version you originally installed.
stateVersion = "24.05";
programs = {
# Let home Manager install and manage itself.
home-manager.enable = true;
# Set environment variables
sessionVariables = {
KUBECONFIG = "/home/gremlin/.kube/config";
};
# Set up git
git = {
# Name and email set in nix-secrets
enable = true;
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Install packages specific to Gremlin
packages = [ pkgs.awscli2 ];
};
# Set up Zsh
zsh = {
# Install and source the p10k theme
plugins = [
{ name = "powerlevel10k"; src = pkgs.zsh-powerlevel10k; file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; }
{ name = "powerlevel10k-config"; src = ./p10k-config; file = "p10k.zsh"; }
];
shellAliases = {
please = "sudo";
};
};
};
programs = {
# Let home Manager install and manage itself.
home-manager.enable = true;
# SSH entries set in nix-secrets
};
})
# Set up git
git = {
# Name and email set in nix-secrets
enable = true;
extraConfig = {
push.autoSetupRemote = "true";
};
};
# Enable Syncthing
(mkIf cfg.services.syncthing.enable {
users.users.gremlin = {
packages = [
pkgs.syncthing
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
];
};
# Set up Zsh
zsh = {
# Install and source the p10k theme
plugins = [
{
name = "powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "powerlevel10k-config";
src = ./p10k-config;
file = "p10k.zsh";
}
];
shellAliases = {
please = "sudo";
};
};
};
home-manager.users.gremlin = {
# Syncthing options
services.syncthing = {
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8081"
"--home=${config.users.users.gremlin.home}/.config/syncthing"
"--no-default-folder"
];
};
# SSH entries set in nix-secrets
};
})
# Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce {};
};
};
})
];
# Enable Syncthing
(mkIf cfg.services.syncthing.enable {
users.users.gremlin = {
packages = [
pkgs.syncthing
(mkIf cfg.services.syncthing.enableTray pkgs.syncthingtray)
];
};
home-manager.users.gremlin = {
# Syncthing options
services.syncthing = {
enable = true;
extraOptions = [
"--gui-address=0.0.0.0:8081"
"--home=${config.users.users.gremlin.home}/.config/syncthing"
"--no-default-folder"
];
};
# Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = mkIf (!cfg.services.syncthing.autostart) {
Install = lib.mkForce { };
};
};
})
];
}

45
modules/users/media/default.nix
View file

@ -1,29 +1,34 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
# Define user for managing media on Haven
let
cfg = config.host.users.media;
cfg = config.host.users.media;
in
with lib;
{
options = {
host.users.media = {
enable = mkEnableOption (mdDoc "Enables media user account");
};
};
options = {
host.users.media = {
enable = mkEnableOption (mdDoc "Enables media user account");
};
};
config = mkIf cfg.enable {
users.groups."media" = {
gid = 1001;
};
config = mkIf cfg.enable {
users.groups."media" = {
gid = 1001;
};
users.users.media = {
isNormalUser = false;
isSystemUser = true;
description = "Media manager";
uid = 1001;
group = "media";
};
};
}
users.users.media = {
isNormalUser = false;
isSystemUser = true;
description = "Media manager";
uid = 1001;
group = "media";
};
};
}

2
nix-secrets

@ -1 +1 @@
Subproject commit b08463a68a07f237232a5951b9e0e58071b9f479
Subproject commit d7db8c62406e2389138e8aaaeb6e9e94494ae1ae

36
packages/duplicacy-web.nix
View file

@ -1,27 +1,27 @@
{ pkgs, lib }:
pkgs.stdenv.mkDerivation rec {
pname = "duplicacy-web";
version = "1.8.0";
pname = "duplicacy-web";
version = "1.8.0";
src = builtins.fetchurl {
url = "https://acrosync.com/duplicacy-web/duplicacy_web_linux_x64_${version}";
sha256 = "f0b4d4c16781a6ccb137f161df9de86574e7a55660c582682c63062e26476c4a";
};
src = builtins.fetchurl {
url = "https://acrosync.com/duplicacy-web/duplicacy_web_linux_x64_${version}";
sha256 = "f0b4d4c16781a6ccb137f161df9de86574e7a55660c582682c63062e26476c4a";
};
doCheck = false;
doCheck = false;
dontUnpack = true;
dontUnpack = true;
installPhase = ''
install -D $src $out/duplicacy-web
chmod a+x $out/duplicacy-web
'';
installPhase = ''
install -D $src $out/duplicacy-web
chmod a+x $out/duplicacy-web
'';
meta = with lib; {
homepage = "https://duplicacy.com";
description = "A new generation cloud backup tool";
platforms = platforms.linux;
license = licenses.unfreeRedistributable;
};
meta = with lib; {
homepage = "https://duplicacy.com";
description = "A new generation cloud backup tool";
platforms = platforms.linux;
license = licenses.unfreeRedistributable;
};
}