diff --git a/README.md b/README.md index 4bb3ee8..a7a7871 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,9 @@ sudo nixos-rebuild switch --flake .#Shura ### Running updates -All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `host.services.autoUpgrade = false;` to a hosts config. +All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config. -Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `host.services.autoUpgrade.pushUpdates = true;`. +Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`. #### Manually updating @@ -129,7 +129,7 @@ This config uses two systems: Flakes, and Home-manager. - Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined. - Home-manager configs live in the `users/` folders. -- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `host.ui.flatpak.enable = true;`. +- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`. - After adding a new module, make sure to `git add` it. ### Features diff --git a/flake.lock b/flake.lock index c423bed..0452fb8 100644 --- a/flake.lock +++ b/flake.lock @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1719037157, - "narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=", + "lastModified": 1719180626, + "narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=", "owner": "nix-community", "repo": "home-manager", - "rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511", + "rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb", "type": "github" }, "original": { @@ -181,39 +181,35 @@ "locked": { "lastModified": 1718590005, "narHash": "sha256-fiWc1ZyMlTXXSjcmoEQ+NHhIgtcImPHszbOu5c515cU=", - "ref": "release-2.90", "rev": "98d0249d5c7f5dcc1d2436c4829f073fca668f80", - "revCount": 15785, - "type": "git", - "url": "https://git@git.lix.systems/lix-project/lix" + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/98d0249d5c7f5dcc1d2436c4829f073fca668f80.tar.gz" }, "original": { - "ref": "release-2.90", - "type": "git", - "url": "https://git@git.lix.systems/lix-project/lix" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.90.tar.gz" } }, "lix-module": { "inputs": { "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1718778751, - "narHash": "sha256-DdcMvX9r29uHMlz7P1Shgs5xZw9WkZ4ObMGYzwROAiw=", - "ref": "refs/heads/main", - "rev": "909e593ae9f5fe338ab19b4ed9d52bb0ea09bad8", - "revCount": 90, + "lastModified": 1718778660, + "narHash": "sha256-1xP1r7tNTSJYYQr+6wwhkJk3P5REuN8WHARa7Re8T/0=", + "ref": "release-2.90", + "rev": "376ecb80385642329ce274abda2da0bc7b7906c9", + "revCount": 89, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, "original": { + "ref": "release-2.90", "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" } @@ -237,11 +233,10 @@ "nix-secrets": { "flake": false, "locked": { + "dirtyRev": "2d4a2ed35119a4d17b06cc5e378d72ec7f1926b3-dirty", + "dirtyShortRev": "2d4a2ed-dirty", "lastModified": 1718889003, - "narHash": "sha256-VROhiB20ZgngCPVcYy1ZRmLZm3DmFbEjVjQPP55AMQc=", - "ref": "refs/heads/main", - "rev": "2d4a2ed35119a4d17b06cc5e378d72ec7f1926b3", - "revCount": 46, + "narHash": "sha256-lXuHgFvK+QxBQd4LM8XMeFwp6QUgGVC9ccaY+q+piWY=", "type": "git", "url": "file:./nix-secrets" }, @@ -252,18 +247,18 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719069430, - "narHash": "sha256-d9KzCJv3UG6nX9Aur5OSEf4Uj+ywuxojhiCiRKYVzXA=", - "ref": "master", - "rev": "e8232c132a95ddc62df9d404120ad4ff53862910", - "revCount": 1741, - "type": "git", - "url": "https://github.com/NixOS/nixos-hardware" + "lastModified": 1719145664, + "narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e", + "type": "github" }, "original": { + "owner": "NixOS", "ref": "master", - "type": "git", - "url": "https://github.com/NixOS/nixos-hardware" + "repo": "nixos-hardware", + "type": "github" } }, "nixpkgs": { @@ -300,15 +295,15 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1718895438, - "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", - "owner": "NixOS", + "lastModified": 1719075281, + "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", + "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -345,7 +340,6 @@ "inputs": { "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix": "lix", "lix-module": "lix-module", "nix-flatpak": "nix-flatpak", "nix-secrets": "nix-secrets", diff --git a/flake.nix b/flake.nix index 394a38f..9580dfe 100644 --- a/flake.nix +++ b/flake.nix @@ -4,35 +4,32 @@ description = "Aires' system Flake"; inputs = { - # Track base packagese - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # Import the desired Nix channel. Defaults to unstable, which uses a fully tested rolling release model. + # You can find a list of channels at https://nixos.wiki/wiki/Nix_channels + # To follow a different channel, replace `nixos-unstable` with the channel name, e.g. `nixos-24.05`. + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # Replace Nix with Lix: https://lix.systems/ - lix = { - #url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1"; - url = "git+https://git@git.lix.systems/lix-project/lix?ref=release-2.90"; - flake = false; - }; + # Use Lix in place of Nix. + # If you'd rather use regular Nix, remove `lix-module.nixosModules.default` from the `modules` section below. + # To learn more about Lix, see https://lix.systems/ lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module"; - inputs.lix.follows = "lix"; + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.90"; inputs.nixpkgs.follows = "nixpkgs"; }; - # SecureBoot support - lanzaboote.url = "github:nix-community/lanzaboote/v0.4.0"; - # Flatpak support nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1"; - # Hardware configurations - #nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; - nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; + # SecureBoot support + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.0"; - # Home-manager + # NixOS hardware quirks + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # Home-manager support home-manager = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available + inputs.nixpkgs.follows = "nixpkgs"; }; # "Secrets management" @@ -47,12 +44,12 @@ outputs = inputs@{ self, - nixpkgs, - lanzaboote, - nix-flatpak, home-manager, - nixos-hardware, + lanzaboote, lix-module, + nix-flatpak, + nixos-hardware, + nixpkgs, nix-secrets, ... }: @@ -63,15 +60,9 @@ "x86_64-linux" "aarch64-linux" ] (system: function nixpkgs.legacyPackages.${system}); - config.allowUnfree = true; # Define shared modules and imports defaultModules = [ - { - _module.args = { - inherit inputs; - }; - } ./modules/autoimport.nix (import nix-secrets) lix-module.nixosModules.default @@ -79,6 +70,9 @@ nix-flatpak.nixosModules.nix-flatpak home-manager.nixosModules.home-manager { + _module.args = { + inherit inputs; + }; home-manager = { /* When running, Home Manager will use the global package cache. diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index b48a0a7..cb452ad 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -4,7 +4,7 @@ system.stateVersion = "24.05"; - host = { + aux.system = { role = "workstation"; apps = { development.enable = true; diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 3a745dc..2b6f704 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -22,8 +22,8 @@ in system.stateVersion = "24.05"; - host = { - role = "server"; + aux.system = { + apps.tmux.enable = true; services = { acme = { enable = true; diff --git a/hosts/Khanda/default.nix b/hosts/Khanda/default.nix index b42b261..b77aef6 100644 --- a/hosts/Khanda/default.nix +++ b/hosts/Khanda/default.nix @@ -1,27 +1,63 @@ -{ pkgs, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: + +let + # Do not change this value! This tracks when NixOS was installed on your system. + stateVersion = "24.05"; +in { imports = [ ./hardware-configuration.nix ]; - system.stateVersion = "24.05"; - system.autoUpgrade.enable = lib.mkForce false; + system.stateVersion = stateVersion; - host = { - role = "workstation"; - apps = { - development.enable = true; - media.enable = true; - office.enable = true; - recording.enable = true; - social.enable = true; - writing = { - enable = true; - languagetool.enable = false; - }; - }; - ui = { - flatpak.enable = true; - gnome.enable = true; + ###*** Configure your system below this line. ***### + # Set your time zone. + # To see all available timezones, run `timedatectl list-timezones`. + time.timeZone = "America/New_York"; + + # Configure the system. + aux.system = { + # Enable to allow unfree (e.g. closed source) packages. + # Some settings may override this (e.g. enabling Nvidia GPU support). + # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree + allowUnfree = false; + + # Enable Secure Boot support. + # IMPORTANT: Read the README before enabling this option! + bootloader.secureboot.enable = false; + + # Change the default text editor. Options are "emacs", "nano", or "vim". + editor = "nano"; + + ui.flatpak = { + # Enable Flatpak support. + enable = true; + + # Define Flatpak packages to install. + packages = [ + "com.github.tchx84.Flatseal" + "com.github.wwmm.easyeffects" + "md.obsidian.Obsidian" + "net.waterfox.waterfox" + "org.keepassxc.KeePassXC" + ]; }; + + # Additional system packages to install. + packages = [ ]; + + # Change how long old generations are kept for. + retentionPeriod = "30d"; + + # Enable GPU support. + gpu.intel.enable = true; + + ui.desktops.gnome.enable = true; + users.aires = { enable = true; services = { @@ -37,9 +73,6 @@ # Build remotely nix.distributedBuilds = true; - # Enable thermal control - services.thermald.enable = true; - # Limit the number of cores Nix can use nix.settings.cores = 10; diff --git a/hosts/Khanda/default.old.nix b/hosts/Khanda/default.old.nix new file mode 100644 index 0000000..a323ac2 --- /dev/null +++ b/hosts/Khanda/default.old.nix @@ -0,0 +1,51 @@ +{ pkgs, lib, ... }: +{ + imports = [ ./hardware-configuration.nix ]; + + system.stateVersion = "24.05"; + system.autoUpgrade.enable = lib.mkForce false; + + aux.system = { + role = "workstation"; + apps = { + development.enable = true; + media.enable = true; + office.enable = true; + recording.enable = true; + social.enable = true; + writing = { + enable = true; + languagetool.enable = false; + }; + }; + ui = { + flatpak.enable = true; + gnome.enable = true; + }; + users.aires = { + enable = true; + services = { + syncthing = { + enable = true; + autostart = true; + enableTray = false; + }; + }; + }; + }; + + # Build remotely + nix.distributedBuilds = true; + + # Enable thermal control + services.thermald.enable = true; + + # Limit the number of cores Nix can use + nix.settings.cores = 10; + + # Configure the virtual machine created by nixos-rebuild build-vm + virtualisation.vmVariant.virtualisation = { + memorySize = 2048; + cores = 2; + }; +} diff --git a/hosts/Khanda/hardware-configuration.nix b/hosts/Khanda/hardware-configuration.nix index 8e5dfc1..2e16278 100644 --- a/hosts/Khanda/hardware-configuration.nix +++ b/hosts/Khanda/hardware-configuration.nix @@ -111,10 +111,6 @@ # Install/configure additional drivers, particularly for touch environment.systemPackages = with pkgs; [ libwacom-surface ]; - microsoft-surface = { - ipts.enable = true; - surface-control.enable = true; - }; # NOTE: Use a default kernel to skip full kernel rebuilds # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; diff --git a/hosts/Pihole/default.nix b/hosts/Pihole/default.nix index 4dbda66..d2c400a 100644 --- a/hosts/Pihole/default.nix +++ b/hosts/Pihole/default.nix @@ -10,8 +10,8 @@ system.stateVersion = "24.05"; - host = { - role = "server"; + aux.system = { + apps.tmux.enable = true; users.aires.enable = true; boot.enable = false; services.ssh = { diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index d371b0f..9f7fc38 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -28,7 +28,7 @@ in system.stateVersion = "24.05"; - host = { + aux.system = { role = "workstation"; apps = { development.enable = true; diff --git a/hosts/configuration.nix.template b/hosts/configuration.nix.template index 539cd47..6bc16a4 100644 --- a/hosts/configuration.nix.template +++ b/hosts/configuration.nix.template @@ -13,7 +13,7 @@ system.stateVersion = "24.05"; - host = { + aux.system = { role = "workstation"; apps = { # Define applications here diff --git a/modules/apps/development.nix b/modules/apps/development.nix index 8545542..e0969d4 100644 --- a/modules/apps/development.nix +++ b/modules/apps/development.nix @@ -6,12 +6,12 @@ }: let - cfg = config.host.apps.development; + cfg = config.aux.system.apps.development; in with lib; { options = { - host.apps.development = { + aux.system.apps.development = { enable = mkEnableOption (mdDoc "Enables development tools"); kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools."); }; @@ -19,7 +19,7 @@ with lib; config = mkMerge [ (mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "com.vscodium.codium" ]; }) diff --git a/modules/apps/dj.nix b/modules/apps/dj.nix index 73edf47..18a762b 100644 --- a/modules/apps/dj.nix +++ b/modules/apps/dj.nix @@ -1,16 +1,16 @@ { config, lib, ... }: let - cfg = config.host.apps.dj; + cfg = config.aux.system.apps.dj; in with lib; { options = { - host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)"); + aux.system.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)"); }; config = mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "org.mixxx.Mixxx" ]; }; diff --git a/modules/apps/gaming.nix b/modules/apps/gaming.nix index 545dd4b..3649641 100644 --- a/modules/apps/gaming.nix +++ b/modules/apps/gaming.nix @@ -7,7 +7,7 @@ # Gaming-related settings let - cfg = config.host.apps.gaming; + cfg = config.aux.system.apps.gaming; reset-controllers-script = pkgs.writeShellScriptBin "reset-controllers" '' #!/usr/bin/env bash sudo rmmod hid_xpadneo && sudo modprobe hid_xpadneo @@ -17,11 +17,11 @@ in with lib; { options = { - host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features"); + aux.system.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features"); }; config = mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "gg.minion.Minion" "com.valvesoftware.Steam" diff --git a/modules/apps/kdeconnect.nix b/modules/apps/kdeconnect.nix index 4e29315..5d50efa 100644 --- a/modules/apps/kdeconnect.nix +++ b/modules/apps/kdeconnect.nix @@ -6,12 +6,12 @@ }: let - cfg = config.host.apps.kdeconnect; + cfg = config.aux.system.apps.kdeconnect; in with lib; { options = { - host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect"); + aux.system.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect"); }; config = mkIf cfg.enable { diff --git a/modules/apps/media.nix b/modules/apps/media.nix index b695dc1..21e0e2d 100644 --- a/modules/apps/media.nix +++ b/modules/apps/media.nix @@ -1,16 +1,16 @@ { config, lib, ... }: let - cfg = config.host.apps.media; + cfg = config.aux.system.apps.media; in with lib; { options = { - host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps"); + aux.system.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps"); }; config = mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak = { packages = [ diff --git a/modules/apps/office.nix b/modules/apps/office.nix index 6d7ab54..32a0583 100644 --- a/modules/apps/office.nix +++ b/modules/apps/office.nix @@ -1,16 +1,16 @@ { config, lib, ... }: let - cfg = config.host.apps.office; + cfg = config.aux.system.apps.office; in with lib; { options = { - host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps"); + aux.system.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps"); }; config = mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "org.onlyoffice.desktopeditors" diff --git a/modules/apps/recording.nix b/modules/apps/recording.nix index 5ae62c1..6eebd99 100644 --- a/modules/apps/recording.nix +++ b/modules/apps/recording.nix @@ -1,16 +1,16 @@ { config, lib, ... }: let - cfg = config.host.apps.recording; + cfg = config.aux.system.apps.recording; in with lib; { options = { - host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools"); + aux.system.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools"); }; config = mkIf cfg.enable { - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "com.obsproject.Studio" diff --git a/modules/apps/social.nix b/modules/apps/social.nix index cc1b0f4..9e8ec03 100644 --- a/modules/apps/social.nix +++ b/modules/apps/social.nix @@ -6,12 +6,12 @@ }: let - cfg = config.host.apps.social; + cfg = config.aux.system.apps.social; in with lib; { options = { - host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps"); + aux.system.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps"); }; config = mkIf cfg.enable { @@ -21,7 +21,7 @@ with lib; beeper ]; - host.ui.flatpak.enable = true; + aux.system.ui.flatpak.enable = true; services.flatpak.packages = [ "com.discordapp.Discord" ]; }; } diff --git a/modules/apps/tmux.nix b/modules/apps/tmux.nix index e76bf24..eddad14 100644 --- a/modules/apps/tmux.nix +++ b/modules/apps/tmux.nix @@ -6,12 +6,12 @@ }: let - cfg = config.host.apps.tmux; + cfg = config.aux.system.apps.tmux; in with lib; { options = { - host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer"); + aux.system.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer"); }; config = mkIf cfg.enable { diff --git a/modules/apps/writing.nix b/modules/apps/writing.nix index d014295..71f0f54 100644 --- a/modules/apps/writing.nix +++ b/modules/apps/writing.nix @@ -6,11 +6,11 @@ }: let - cfg = config.host.apps.writing; + cfg = config.aux.system.apps.writing; in { options = { - host.apps.writing = { + aux.system.apps.writing = { enable = lib.mkEnableOption (lib.mdDoc "Enables writing and editing tools"); languagetool = { enable = lib.mkEnableOption (lib.mdDoc "Enables local Language Tool server."); diff --git a/modules/base/bootloader.nix b/modules/base/bootloader.nix deleted file mode 100644 index 053125b..0000000 --- a/modules/base/bootloader.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -# Bootloader -let - cfg = config.host.boot; -in -with lib; -{ - - options = { - host.boot = { - enable = mkOption { - description = "Automatically configures the bootloader. Set to false to configure manually."; - type = types.bool; - default = true; - }; - - secureboot.enable = mkOption { - description = "Enables Secureboot"; - type = types.bool; - default = true; - }; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - (mkIf cfg.secureboot.enable { - boot = { - # Enable Secure Boot - bootspec.enable = true; - - # Disable systemd-boot. We lanzaboote now. - loader.systemd-boot.enable = false; - loader.efi.canTouchEfiVariables = true; - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - - # Increase bootloader font size - lanzaboote.settings.console-mode = "auto"; - }; - - # Set up TPM. See https://nixos.wiki/wiki/TPM - # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module - environment.systemPackages = with pkgs; [ tpm2-tss ]; - security.tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; - }; - }) - - # Plain boot - (mkIf (!cfg.secureboot.enable) { - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - }) - ]); -} diff --git a/modules/base/nix.nix b/modules/base/nix.nix deleted file mode 100644 index d77e320..0000000 --- a/modules/base/nix.nix +++ /dev/null @@ -1,65 +0,0 @@ -# Nix configuration -{ - pkgs, - config, - lib, - inputs, - ... -}: -{ - nix = { - settings = { - # Enable Flakes - experimental-features = [ - "nix-command" - "flakes" - ]; - - # Use Lix instead of Nix - substituters = [ "https://cache.lix.systems" ]; - trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; - - # Only allow these users to use Nix - allowed-users = [ - "root" - config.users.users.aires.name - ]; - - # Avoid signature verification messages when doing remote builds - trusted-users = [ - config.users.users.aires.name - ] ++ lib.optionals (config.host.users.gremlin.enable) [ config.users.users.gremlin.name ]; - }; - - # Enable periodic nix store optimization - optimise.automatic = true; - - # Configure NixOS to use the same software channel as Flakes - registry = lib.mapAttrs (_: value: { flake = value; }) inputs; - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - # Configure remote build machines (mainly Haven) - # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config - buildMachines = [ - { - hostName = "haven"; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - protocol = "ssh-ng"; - supportedFeatures = [ - "nixos-test" - "kvm" - "benchmark" - "big-parallel" - ]; - } - ]; - - # When using a builder, use its package store - extraOptions = '' - builders-use-substitutes = true - ''; - }; -} diff --git a/modules/base/roles.nix b/modules/base/roles.nix deleted file mode 100644 index a154f05..0000000 --- a/modules/base/roles.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: - -let - cfg = config.host.role; -in -{ - options = { - host.role = lib.mkOption { - type = lib.types.enum [ - "server" - "workstation" - ]; - }; - }; - - config = lib.mkMerge [ - # Servers - (lib.mkIf (cfg == "server") { - host.apps.tmux.enable = true; - environment.systemPackages = with pkgs; [ - htop - mdadm - ]; - }) - - # Workstations - (lib.mkIf (cfg == "workstation") { - host.ui = { - audio.enable = true; - bluetooth.enable = true; - gnome.enable = true; - flatpak.enable = true; - }; - - boot = { - # Enable Plymouth - plymouth.enable = true; - plymouth.theme = "bgrt"; - - # Increase minimum log level. This removes ACPI errors from the boot screen. - consoleLogLevel = 1; - - # Add kernel parameters - kernelParams = [ - "quiet" - "splash" - ]; - initrd.verbose = false; - }; - }) - ]; -} diff --git a/modules/base/system.nix b/modules/base/system.nix deleted file mode 100644 index 01ecb86..0000000 --- a/modules/base/system.nix +++ /dev/null @@ -1,86 +0,0 @@ -# System options -{ - pkgs, - config, - lib, - ... -}: -{ - # Set up the environment - environment = { - # Install base packages - systemPackages = with pkgs; [ - bash - dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113 - direnv - git - home-manager - nano - p7zip - fastfetch - nh # Nix Helper: https://github.com/viperML/nh - ]; - - variables = { - EDITOR = "nano"; # Set default editor to nano - }; - }; - - # Configure automatic updates for all hosts - host.services.autoUpgrade = { - enable = true; - configDir = config.secrets.nixConfigFolder; - onCalendar = "daily"; - user = config.users.users.aires.name; - }; - - services = { - # Enable fwupd (firmware updater) - fwupd.enable = true; - - # Enable trim on supported drives - fstrim.enable = true; - - # Autoscrub BTRFS partitions - btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { - enable = true; - interval = "weekly"; - fileSystems = [ "/" ]; - }; - - # Allow systemd user services to keep running after the user has logged out - logind.killUserProcesses = false; - - # Enable disk monitoring - smartd = { - enable = true; - autodetect = true; - notifications.wall.enable = true; - }; - }; - - # Reduce logout stop timer duration - systemd.extraConfig = '' - DefaultTimeoutStopSec=30s - ''; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n = { - defaultLocale = "en_US.UTF-8"; - - extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - }; -} diff --git a/modules/module.nix.template b/modules/module.nix.template index 229ae6d..de44950 100644 --- a/modules/module.nix.template +++ b/modules/module.nix.template @@ -2,11 +2,11 @@ { config, lib, ... }: let - cfg = config.host.services.myModule; + cfg = config.aux.system.services.myModule; in { options = { - host.services.myModule = { + aux.system.services.myModule = { enable = lib.mkEnableOption (lib.mdDoc "Enables this example module."); attributes = lib.mkOption { default = { }; diff --git a/modules/services/acme.nix b/modules/services/acme.nix index 9fcd6c7..ebd2455 100644 --- a/modules/services/acme.nix +++ b/modules/services/acme.nix @@ -1,11 +1,11 @@ { config, lib, ... }: let - cfg = config.host.services.acme; + cfg = config.aux.system.services.acme; in { options = { - host.services.acme = { + aux.system.services.acme = { enable = lib.mkEnableOption ( lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)." ); @@ -34,6 +34,6 @@ in # /var/lib/acme/.challenges must be writable by the ACME user # and readable by the Nginx user. The easiest way to achieve # this is to add the Nginx user to the ACME group. - users.users.nginx.extraGroups = lib.mkIf config.host.services.nginx.enable [ "acme" ]; + users.users.nginx.extraGroups = lib.mkIf config.aux.system.services.nginx.enable [ "acme" ]; }; } diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix index 8d5490c..a78a69a 100644 --- a/modules/services/airsonic.nix +++ b/modules/services/airsonic.nix @@ -5,11 +5,11 @@ ... }: let - cfg = config.host.services.airsonic; + cfg = config.aux.system.services.airsonic; in { options = { - host.services.airsonic = { + aux.system.services.airsonic = { autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Airsonic at boot."); enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service."); home = lib.mkOption { @@ -21,7 +21,7 @@ in }; config = lib.mkIf cfg.enable { - host.users.media.enable = true; + aux.system.users.media.enable = true; users.users.airsonic.extraGroups = [ "media" ]; services = { diff --git a/modules/services/apcupsd.nix b/modules/services/apcupsd.nix index 2c3ba7a..cd89ca3 100644 --- a/modules/services/apcupsd.nix +++ b/modules/services/apcupsd.nix @@ -5,12 +5,12 @@ ... }: let - cfg = config.host.services.apcupsd; + cfg = config.aux.system.services.apcupsd; in with lib; { options = { - host.services.apcupsd = { + aux.system.services.apcupsd = { enable = mkEnableOption (mdDoc "Enables apcupsd"); configText = lib.mkOption { type = lib.types.str; diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 38b53d7..f96019f 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -7,7 +7,7 @@ }: let - cfg = config.host.services.autoUpgrade; + cfg = config.aux.system.services.autoUpgrade; # List of packages to include in each service's $PATH pathPkgs = with pkgs; [ @@ -25,7 +25,7 @@ let in { options = { - host.services.autoUpgrade = { + aux.system.services.autoUpgrade = { enable = lib.mkOption { default = true; type = lib.types.bool; diff --git a/modules/services/boinc.nix b/modules/services/boinc.nix index 6b835de..df70b93 100644 --- a/modules/services/boinc.nix +++ b/modules/services/boinc.nix @@ -6,11 +6,11 @@ }: let - cfg = config.host.services.boinc; + cfg = config.aux.system.services.boinc; in { options = { - host.services.boinc.enable = lib.mkEnableOption ( + aux.system.services.boinc.enable = lib.mkEnableOption ( lib.mdDoc "Enables BOINC distributed computing service." ); }; diff --git a/modules/services/cache.nix b/modules/services/cache.nix index d38f374..6a9c6be 100644 --- a/modules/services/cache.nix +++ b/modules/services/cache.nix @@ -7,11 +7,11 @@ }: let - cfg = config.host.services.cache; + cfg = config.aux.system.services.cache; in { options = { - host.services.cache = { + aux.system.services.cache = { enable = lib.mkEnableOption (lib.mdDoc "Enables binary cache hosting."); secretKeyFile = lib.mkOption { default = "/var/cache-priv-key.pem"; diff --git a/modules/services/duplicacy-web.nix b/modules/services/duplicacy-web.nix index 5fc3e1c..2932b68 100644 --- a/modules/services/duplicacy-web.nix +++ b/modules/services/duplicacy-web.nix @@ -6,13 +6,13 @@ }: let - cfg = config.host.services.duplicacy-web; + cfg = config.aux.system.services.duplicacy-web; duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; }; in with lib; rec { options = { - host.services.duplicacy-web = { + aux.system.services.duplicacy-web = { enable = mkEnableOption (mdDoc "Enables duplicacy-web"); autostart = mkOption { default = true; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 4a0a897..92c302c 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -5,7 +5,7 @@ ... }: let - cfg = config.host.services.forgejo; + cfg = config.aux.system.services.forgejo; cli-cfg = config.services.forgejo; forgejo-cli = pkgs.writeScriptBin "forgejo-cli" '' @@ -23,7 +23,7 @@ let in { options = { - host.services.forgejo = { + aux.system.services.forgejo = { autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot."); enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service."); domain = lib.mkOption { diff --git a/modules/services/k3s.nix b/modules/services/k3s.nix index db6c1c2..7388792 100644 --- a/modules/services/k3s.nix +++ b/modules/services/k3s.nix @@ -5,12 +5,12 @@ ... }: let - cfg = config.host.services.k3s; + cfg = config.aux.system.services.k3s; in with lib; { options = { - host.services.k3s = { + aux.system.services.k3s = { enable = mkEnableOption (mdDoc "Enables K3s"); role = mkOption { default = "server"; diff --git a/modules/services/msmtp.nix b/modules/services/msmtp.nix index 252887f..5302de1 100644 --- a/modules/services/msmtp.nix +++ b/modules/services/msmtp.nix @@ -2,19 +2,19 @@ { config, lib, ... }: let - cfg = config.host.services.msmtp; + cfg = config.aux.system.services.msmtp; in with lib; { options = { - host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server"); + aux.system.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server"); }; config = mkIf cfg.enable { programs.msmtp = { enable = true; accounts.default = { - host = config.secrets.services.msmtp.host; + aux.system = config.secrets.services.msmtp.host; user = config.secrets.services.msmtp.user; password = config.secrets.services.msmtp.password; auth = true; diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index e54c98b..b624c92 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,11 +1,11 @@ { config, lib, ... }: let - cfg = config.host.services.nginx; + cfg = config.aux.system.services.nginx; in { options = { - host.services.nginx = { + aux.system.services.nginx = { autostart = lib.mkEnableOption (lib.mdDoc "Whether to autostart Nginx at boot."); enable = lib.mkEnableOption (lib.mdDoc "Enable the Nginx web server."); diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index e88e287..36eb0a1 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -1,11 +1,11 @@ { config, lib, ... }: let - cfg = config.host.services.ssh; + cfg = config.aux.system.services.ssh; in { options = { - host.services.ssh = { + aux.system.services.ssh = { enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server."); ports = lib.mkOption { default = [ 22 ]; diff --git a/modules/services/virtualization.nix b/modules/services/virtualization.nix index 9528d64..a82690e 100644 --- a/modules/services/virtualization.nix +++ b/modules/services/virtualization.nix @@ -7,12 +7,12 @@ }: let - cfg = config.host.services.virtualization; + cfg = config.aux.system.services.virtualization; in { options = { - host.services.virtualization = { - enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host."); + aux.system.services.virtualization = { + enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this aux.system."); user = lib.mkOption { default = ""; type = lib.types.str; diff --git a/modules/base/bluetooth.nix b/modules/system/bluetooth.nix similarity index 70% rename from modules/base/bluetooth.nix rename to modules/system/bluetooth.nix index 5ff8d29..8eecd22 100644 --- a/modules/base/bluetooth.nix +++ b/modules/system/bluetooth.nix @@ -1,3 +1,4 @@ +# Configures bluetooth. { lib, config, @@ -6,18 +7,17 @@ }: let - cfg = config.host.ui.bluetooth; + cfg = config.aux.system.bluetooth; in -with lib; { options = { - host.ui.bluetooth = { - enable = mkEnableOption (mdDoc "Enables bluetooth"); + aux.system.bluetooth = { + enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth"); }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Set up Bluetooth hardware.bluetooth = { enable = true; diff --git a/modules/system/bootloader.nix b/modules/system/bootloader.nix new file mode 100644 index 0000000..b6f803a --- /dev/null +++ b/modules/system/bootloader.nix @@ -0,0 +1,66 @@ +# Configuration options specific to bootloader management. +# SecureBoot is handled via Lanzaboote. See https://github.com/nix-community/lanzaboote +{ + config, + lib, + pkgs, + ... +}: + +# Bootloader +let + cfg = config.aux.system.bootloader; +in +{ + + options = { + aux.system.bootloader = { + enable = lib.mkOption { + description = "Automatically configures the bootloader. Set to false to configure manually."; + type = lib.types.bool; + default = true; + }; + + secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support."); + tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support."); + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.secureboot.enable { + boot = { + # Enable Secure Boot + bootspec.enable = true; + + # Use Lanzaboote in place of systemd-boot. + loader.systemd-boot.enable = false; + loader.efi.canTouchEfiVariables = true; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; + }) + + # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM + (lib.mkIf (cfg.tpm2.enable) { + # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module + environment.systemPackages = with pkgs; [ tpm2-tss ]; + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + }) + + # Use the default systemd-boot bootloader. + (lib.mkIf (!cfg.secureboot.enable) { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }) + ] + ); +} diff --git a/modules/system/editor.nix b/modules/system/editor.nix new file mode 100644 index 0000000..0d38083 --- /dev/null +++ b/modules/system/editor.nix @@ -0,0 +1,42 @@ +# Basic system-wide text editor configuration. +{ + pkgs, + config, + lib, + inputs, + ... +}: + +let + cfg = config.aux.system.editor; +in +{ + options = { + aux.system.editor = lib.mkOption { + description = "Selects the default text editor."; + default = "nano"; + type = lib.types.enum [ + "vim" + "nano" + "emacs" + ]; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf (cfg == "emacs") { + services.emacs = { + enable = true; + defaultEditor = true; + }; + }) + (lib.mkIf (cfg == "nano") { + programs.nano = { + enable = true; + syntaxHighlight = true; + }; + environment.variables."EDITOR" = "nano"; + }) + (lib.mkIf (cfg == "vim") { programs.vim.defaultEditor = true; }) + ]; +} diff --git a/modules/system/gpu/amd.nix b/modules/system/gpu/amd.nix new file mode 100644 index 0000000..543571b --- /dev/null +++ b/modules/system/gpu/amd.nix @@ -0,0 +1,30 @@ +# Enables AMD GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.amd; +in +{ + options = { + aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support."); + }; + + config = lib.mkIf cfg.enable { + boot.initrd.kernelModules = [ "amdgpu" ]; + services.xserver = { + enable = true; + videoDrivers = [ "amdgpu" ]; + }; + + hardware.opengl = { + extraPackages = [ pkgs.amdvlk ]; + # 32-bit application compatibility + driSupport32Bit = true; + extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; + }; + }; +} diff --git a/modules/system/gpu/intel.nix b/modules/system/gpu/intel.nix new file mode 100644 index 0000000..59c7737 --- /dev/null +++ b/modules/system/gpu/intel.nix @@ -0,0 +1,44 @@ +# Enables Intel GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.intel; +in +{ + options = { + aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support."); + }; + + config = lib.mkIf cfg.enable { + # Configuration options from NixOS-Hardware: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/intel/default.nix + boot.initrd.kernelModules = [ "i915" ]; + + environment.variables.VDPAU_DRIVER = "va_gl"; + + hardware.opengl.extraPackages = with pkgs; [ + ( + if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then + vaapiIntel + else + intel-vaapi-driver + ) + libvdpau-va-gl + intel-media-driver + ]; + + hardware.opengl.extraPackages32 = with pkgs.driversi686Linux; [ + ( + if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then + vaapiIntel + else + intel-vaapi-driver + ) + libvdpau-va-gl + intel-media-driver + ]; + }; +} diff --git a/modules/system/gpu/nvidia.nix b/modules/system/gpu/nvidia.nix new file mode 100644 index 0000000..72d734a --- /dev/null +++ b/modules/system/gpu/nvidia.nix @@ -0,0 +1,81 @@ +# Enables Nvidia GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.nvidia; +in +{ + options = { + aux.system.gpu.nvidia = { + enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support."); + hybrid = { + enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support."); + sync = lib.mkEnableOption ( + lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage." + ); + busIDs = { + nvidia = lib.mkOption { + description = "The bus ID for your Nvidia GPU."; + type = lib.types.str; + example = "PCI:0:2:0"; + default = ""; + }; + intel = lib.mkOption { + description = "The bus ID for your integrated Intel GPU. If you don't have an Intel GPU, you can leave this blank."; + type = lib.types.str; + example = "PCI:14:0:0"; + default = ""; + }; + amd = lib.mkOption { + description = "The bus ID for your integrated AMD GPU. If you don't have an AMD GPU, you can leave this blank."; + type = lib.types.str; + example = "PCI:54:0:0"; + default = ""; + }; + }; + }; + }; + + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = (cfg.busIDs.nvidia == ""); + message = "You need to define a bus ID for your Nvidia GPU. To learn how to find the bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29."; + } + { + assertion = (cfg.busIDs.intel == "" && cfg.busIDs.amd == ""); + message = "You need to define a bus ID for your non-Nvidia GPU. To learn how to find your bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29."; + } + ]; + + aux.system.allowUnfree = true; + + services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ]; + hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau ]; + + hardware.nvidia = { + modesetting.enable = true; + nvidiaSettings = lib.mkIf (config.aux.system.ui.desktops.enable) true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + prime = lib.mkIf cfg.hybrid.enable { + + offload = lib.mkIf (!cfg.hybrid.sync) { + enable = true; + enableOffloadCmd = true; # Provides `nvidia-offload` command. + }; + + sync.enable = lib.mkIf cfg.hybrid.sync true; + + nvidiaBusId = cfg.hybrid.busIDs.nvidia; + intelBusId = lib.mkIf (cfg.hybrid.busIDs.intel != "") cfg.hybrid.busIDs.intel; + amdgpuBusId = lib.mkIf (cfg.hybrid.busIDs.amd != "") cfg.hybrid.busIDs.amd; + }; + }; + }; +} diff --git a/modules/base/network.nix b/modules/system/networking.nix similarity index 82% rename from modules/base/network.nix rename to modules/system/networking.nix index c69e0d2..ccee94f 100644 --- a/modules/base/network.nix +++ b/modules/system/networking.nix @@ -1,3 +1,4 @@ +# Configure basic networking options. _: { networking = { # Enable networking via NetworkManager diff --git a/modules/system/nix.nix b/modules/system/nix.nix new file mode 100644 index 0000000..ebfdb3b --- /dev/null +++ b/modules/system/nix.nix @@ -0,0 +1,83 @@ +# Core Nix configuration +{ + pkgs, + config, + lib, + inputs, + ... +}: + +let + cfg = config.aux.system; +in +{ + options = { + aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install."); + aux.system.retentionPeriod = lib.mkOption { + description = "How long to retain NixOS generations. Defaults to 30 days (30d)."; + type = lib.types.str; + default = "30d"; + }; + }; + config = { + nixpkgs.config.allowUnfree = cfg.allowUnfree; + nix = { + settings = { + # Enable Flakes + experimental-features = [ + "nix-command" + "flakes" + ]; + + # Use Lix instead of Nix + substituters = [ "https://cache.lix.systems" ]; + trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; + + # Only allow these users to use Nix + allowed-users = [ + "root" + config.users.users.aires.name + ]; + + # Avoid signature verification messages when doing remote builds + trusted-users = [ + config.users.users.aires.name + ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ]; + }; + + # Enable periodic nix store optimization + optimise.automatic = true; + + # Configure NixOS to use the same software channel as Flakes + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + # Configure remote build machines (mainly Haven) + # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config + buildMachines = [ + { + hostName = "haven"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + protocol = "ssh-ng"; + supportedFeatures = [ + "nixos-test" + "kvm" + "benchmark" + "big-parallel" + ]; + } + ]; + + # When using a builder, use its package store + extraOptions = '' + builders-use-substitutes = true + ''; + }; + + # Support for standard, dynamically-linked executables + programs.nix-ld.enable = true; + }; +} diff --git a/modules/base/programs.nix b/modules/system/programs.nix similarity index 100% rename from modules/base/programs.nix rename to modules/system/programs.nix diff --git a/modules/base/shell.nix b/modules/system/shell.nix similarity index 100% rename from modules/base/shell.nix rename to modules/system/shell.nix diff --git a/modules/system/system.nix b/modules/system/system.nix new file mode 100644 index 0000000..4a75e6a --- /dev/null +++ b/modules/system/system.nix @@ -0,0 +1,95 @@ +# System options +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system; +in +{ + options = { + aux.system.packages = lib.mkOption { + description = "Additional system packages to install. This is just a wrapper for environment.systemPackages."; + type = lib.types.listOf lib.types.package; + default = [ ]; + example = lib.literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; + }; + }; + config = { + # Set up the environment + environment = { + # Install base packages + systemPackages = with pkgs; [ + bash + dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113 + direnv + git + home-manager + nano + p7zip + fastfetch + nh # Nix Helper: https://github.com/viperML/nh + ]; + }; + + # Configure automatic updates for all hosts + aux.system.services.autoUpgrade = { + enable = true; + configDir = config.secrets.nixConfigFolder; + onCalendar = "daily"; + user = config.users.users.aires.name; + }; + + services = { + # Enable fwupd (firmware updater) + fwupd.enable = true; + + # Enable trim on supported drives + fstrim.enable = true; + + # Autoscrub BTRFS partitions + btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { + enable = true; + interval = "weekly"; + fileSystems = [ "/" ]; + }; + + # Allow systemd user services to keep running after the user has logged out + logind.killUserProcesses = false; + + # Enable disk monitoring + smartd = { + enable = true; + autodetect = true; + notifications.wall.enable = true; + }; + }; + + # Reduce logout stop timer duration + systemd.extraConfig = '' + DefaultTimeoutStopSec=30s + ''; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + }; + }; +} diff --git a/modules/ui/audio.nix b/modules/ui/audio.nix index d1caaca..08b8562 100644 --- a/modules/ui/audio.nix +++ b/modules/ui/audio.nix @@ -1,3 +1,4 @@ +# Enables audio support. { pkgs, lib, @@ -6,20 +7,19 @@ }: let - cfg = config.host.ui.audio; + cfg = config.aux.system.ui.audio; in -with lib; { options = { - host.ui.audio = { - enable = mkEnableOption (mdDoc "Enables audio"); - enableLowLatency = mkEnableOption ( - mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup " + aux.system.ui.audio = { + enable = lib.mkEnableOption (lib.mdDoc "Enables audio."); + enableLowLatency = lib.mkEnableOption ( + lib.mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup." ); }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Enable sound with pipewire. sound.enable = true; security.rtkit.enable = true; @@ -36,7 +36,7 @@ with lib; jack.enable = true; # Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup - extraConfig.pipewire = mkIf cfg.enableLowLatency { + extraConfig.pipewire = lib.mkIf cfg.enableLowLatency { "92-low-latency.conf" = { "context.properties" = { "default.clock.rate" = 48000; @@ -47,7 +47,5 @@ with lib; }; }; }; - - services.flatpak.packages = mkIf config.host.ui.flatpak.enable [ "com.github.wwmm.easyeffects" ]; }; } diff --git a/modules/ui/desktops/budgie.nix b/modules/ui/desktops/budgie.nix new file mode 100644 index 0000000..dbfe0ff --- /dev/null +++ b/modules/ui/desktops/budgie.nix @@ -0,0 +1,32 @@ +# Enables the Budgie desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.budgie; +in +{ + options = { + aux.system.ui.desktops.budgie.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Budgie desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + + services.xserver = { + enable = true; + desktopManager.budgie.enable = true; + displayManager.lightdm.enable = lib.mkIf ( + !( + config.services.xserver.displayManager.gdm.enable + || config.services.xserver.displayManager.sddm.enable + ) + ) true; + }; + }; +} diff --git a/modules/ui/desktops/common.nix b/modules/ui/desktops/common.nix new file mode 100644 index 0000000..ca6dc02 --- /dev/null +++ b/modules/ui/desktops/common.nix @@ -0,0 +1,104 @@ +# Common desktop environment modules +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.system.ui.desktops; +in +{ + options = { + aux.system.ui.desktops = { + enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support."); + xkb = lib.mkOption { + description = "The keyboard layout to use by default. Defaults to us."; + type = lib.types.attrs; + default = { + layout = "us"; + variant = ""; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + aux.system = { + bluetooth.enable = true; + ui.audio.enable = true; + }; + + boot = { + # Enable Plymouth for graphical bootsplash. + plymouth = { + enable = true; + theme = "bgrt"; + }; + + # Add kernel parameters + kernelParams = [ + "quiet" + "splash" + ]; + }; + + # Manage fonts + fonts = { + # Install extra fonts + packages = with pkgs; [ + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + fira-code + fira-code-symbols + fira + roboto-slab + ]; + + # Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts + fontDir.enable = true; + }; + + services = { + # Configure the xserver + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case). + libinput.enable = true; + + # Configure keymap in X11 + xkb = config.aux.system.ui.desktops.xkb; + }; + }; + + # Support for AppImage files + programs.appimage = { + enable = true; + binfmt = true; + }; + + # Install full GStreamer capabilities. + # References: + # https://wiki.nixos.org/wiki/GStreamer + # https://github.com/NixOS/nixpkgs/issues/195936 + environment = { + sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" ( + with pkgs.gst_all_1; + [ + gstreamer + gst-plugins-base + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + gst-vaapi + ] + ); + }; + }; +} diff --git a/modules/ui/gnome.nix b/modules/ui/desktops/gnome.nix similarity index 64% rename from modules/ui/gnome.nix rename to modules/ui/desktops/gnome.nix index 6db33a3..e50a5ca 100644 --- a/modules/ui/gnome.nix +++ b/modules/ui/desktops/gnome.nix @@ -1,3 +1,4 @@ +# Enables the Gnome desktop environment. { pkgs, config, @@ -5,41 +6,29 @@ ... }: -# UI and desktop-related options let - cfg = config.host.ui.gnome; + cfg = config.aux.system.ui.desktops.gnome; in -with lib; { options = { - host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome"); + aux.system.ui.desktops.gnome.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Gnome Desktop Environment." + ); }; - config = mkIf cfg.enable { - host.ui = { - audio.enable = true; - flatpak.enable = true; - }; + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + # Enable Gnome services = { - # Configure the xserver xserver = { - # Enable the X11 windowing system. - enable = true; - - # Configure keymap in X11 - xkb = { - layout = "us"; - variant = ""; - }; + # Remove default packages that came with the install + excludePackages = [ pkgs.xterm ]; # Enable Gnome desktopManager.gnome.enable = true; displayManager.gdm.enable = true; - - # Remove default packages that came with the install - excludePackages = [ pkgs.xterm ]; }; # Install Flatpaks @@ -107,41 +96,6 @@ with lib; papirus-icon-theme qogir-icon-theme ]; - - # Install GStreamer plugins - # References: - # https://wiki.nixos.org/wiki/GStreamer - # https://github.com/NixOS/nixpkgs/issues/195936 - sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" ( - with pkgs.gst_all_1; - [ - gstreamer - gst-plugins-base - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - gst-vaapi - ] - ); - }; - - # Manage fonts - fonts = { - # Install extra fonts - packages = with pkgs; [ - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - liberation_ttf - fira-code - fira-code-symbols - fira - roboto-slab - ]; - - # Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts - fontDir.enable = true; }; # Gnome UI integration for KDE apps diff --git a/modules/ui/desktops/hyprland.nix b/modules/ui/desktops/hyprland.nix new file mode 100644 index 0000000..18f06f0 --- /dev/null +++ b/modules/ui/desktops/hyprland.nix @@ -0,0 +1,28 @@ +# Enables the Hyprland desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.hyprland; +in +{ + options = { + aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Hyprland desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + # Optional: hint Electron apps to use Wayland: + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + }; +} diff --git a/modules/ui/desktops/kde.nix b/modules/ui/desktops/kde.nix new file mode 100644 index 0000000..d5b6f32 --- /dev/null +++ b/modules/ui/desktops/kde.nix @@ -0,0 +1,54 @@ +# Enables the KDE desktop environment. +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.system.ui.desktops.kde; +in +{ + options = { + aux.system.ui.desktops.kde = { + enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment."); + useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland."); + }; + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + + programs.dconf.enable = true; + + # Fix blank messages in KMail. See https://nixos.wiki/wiki/KDE#KMail_Renders_Blank_Messages + environment.sessionVariables = { + NIX_PROFILES = "${pkgs.lib.concatStringsSep " " ( + pkgs.lib.reverseList config.environment.profiles + )}"; + }; + + services = { + displayManager.sddm.enable = true; + desktopManager.plasma6.enable = true; + + xserver.displayManager = lib.mkIf cfg.useX11 { + defaultSession = "plasmaX11"; + sddm.wayland.enable = lib.mkIf ( + !( + config.services.xserver.displayManager.gdm.enable + || config.services.xserver.displayManager.lightdm.enable + ) + ) true; + }; + }; + + # Enable Gnome integration + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +} diff --git a/modules/ui/desktops/xfce.nix b/modules/ui/desktops/xfce.nix new file mode 100644 index 0000000..c6583b2 --- /dev/null +++ b/modules/ui/desktops/xfce.nix @@ -0,0 +1,30 @@ +# Enables the XFCE desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.xfce; +in +{ + options = { + aux.system.ui.desktops.xfce.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the XFCE desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + + services.xserver = { + enable = true; + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + displayManager.defaultSession = "xfce"; + }; + }; +} diff --git a/modules/ui/flatpak.nix b/modules/ui/flatpak.nix index 3bae906..91a4aeb 100644 --- a/modules/ui/flatpak.nix +++ b/modules/ui/flatpak.nix @@ -8,12 +8,20 @@ # Flatpak support and options let - cfg = config.host.ui.flatpak; + cfg = config.aux.system.ui.flatpak; in with lib; { options = { - host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak"); + aux.system.ui.flatpak = { + enable = mkEnableOption (mdDoc "Enables Flatpak support."); + packages = lib.mkOption { + description = "Flatpak packages to install."; + type = lib.types.listOf lib.types.str; + default = [ ]; + example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]"; + }; + }; }; config = mkIf cfg.enable { @@ -36,12 +44,7 @@ with lib; ]; # Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak - packages = [ - "com.github.tchx84.Flatseal" - "md.obsidian.Obsidian" - "net.waterfox.waterfox" - "org.keepassxc.KeePassXC" - ]; + packages = cfg.packages; }; # Workaround for getting Flatpak apps to use system fonts, icons, and cursors @@ -63,8 +66,8 @@ with lib; aggregatedIcons = pkgs.buildEnv { name = "system-icons"; paths = with pkgs; [ - #libsForQt5.breeze-qt5 # for plasma - gnome.gnome-themes-extra + (lib.mkIf config.aux.system.ui.desktops.gnome.enable gnome.gnome-themes-extra) + (lib.mkIf config.aux.system.ui.desktops.kde.enable kdePackages.breeze-icons) papirus-icon-theme qogir-icon-theme ]; diff --git a/modules/users/aires/default.nix b/modules/users/aires/default.nix index ce8e307..f4214d6 100644 --- a/modules/users/aires/default.nix +++ b/modules/users/aires/default.nix @@ -7,12 +7,12 @@ # Define 'aires' let - cfg = config.host.users.aires; + cfg = config.aux.system.users.aires; in with lib; { options = { - host.users.aires = { + aux.system.users.aires = { enable = mkEnableOption (mdDoc "Enables aires user account"); autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot"); @@ -63,7 +63,9 @@ with lib; homeDirectory = "/home/aires"; # Install extra packages, specifically gnome extensions - packages = lib.mkIf config.host.ui.gnome.enable [ pkgs.gnomeExtensions.wallpaper-slideshow ]; + packages = lib.mkIf config.aux.system.ui.desktops.gnome.enable [ + pkgs.gnomeExtensions.wallpaper-slideshow + ]; # Set environment variables sessionVariables = { diff --git a/modules/users/common/home-manager/gnome.nix b/modules/users/common/home-manager/gnome.nix index 56d0744..a05b0e2 100644 --- a/modules/users/common/home-manager/gnome.nix +++ b/modules/users/common/home-manager/gnome.nix @@ -6,7 +6,7 @@ }: { # Additional Gnome configurations via home-manager. - dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable { + dconf.settings = lib.mkIf osConfig.aux.system.ui.desktops.gnome.enable { "org/gnome/mutter" = { edge-tiling = true; workspaces-only-on-primary = false; diff --git a/modules/users/gremlin/default.nix b/modules/users/gremlin/default.nix index 4bb14a3..b5f5289 100644 --- a/modules/users/gremlin/default.nix +++ b/modules/users/gremlin/default.nix @@ -7,12 +7,12 @@ # Define 'gremlin' user let - cfg = config.host.users.gremlin; + cfg = config.aux.system.users.gremlin; in with lib; { options = { - host.users.gremlin = { + aux.system.users.gremlin = { enable = mkEnableOption (mdDoc "Enables gremlin user account"); services.syncthing = { diff --git a/modules/users/media/default.nix b/modules/users/media/default.nix index 64a33d3..be5d532 100644 --- a/modules/users/media/default.nix +++ b/modules/users/media/default.nix @@ -7,13 +7,13 @@ # Define user for managing media on Haven let - cfg = config.host.users.media; + cfg = config.aux.system.users.media; in with lib; { options = { - host.users.media = { + aux.system.users.media = { enable = mkEnableOption (mdDoc "Enables media user account"); }; };