vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: import nixosModules unconditionally, add enable options

Browse source
This commit is contained in:
müde 2026-05-01 22:39:21 +02:00
parent c2d4ce78de
commit 850d673035
38 changed files with 959 additions and 761 deletions
Download patch file Download diff file Expand all files Collapse all files

110
flake.nix
View file

@ -9,7 +9,6 @@
};
#keep-sorted start block=yes
flake-parts = {
url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs";
@ -103,8 +102,8 @@
niri,
nix-vscode-extensions,
nixos-generators,
nixos-raspberrypi,
nixpkgs-unstable,
nova-shell,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
@ -157,14 +156,18 @@
nixosModules = (importModuleDir ./nixosModules) // {
niri =
{ pkgs, ... }:
{ lib, config, ... }:
{
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
options.my.niri.enable = lib.mkEnableOption "niri wayland compositor";
config = lib.mkIf config.my.niri.enable {
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
};
};
};
pkgs-unstable = {
@ -173,10 +176,6 @@
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = importModuleDir ./homeModules;
@ -201,18 +200,87 @@
nixosSystem {
inherit specialArgs;
modules = [
{
imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
./nixosConfigurations/${device}
self.nixosModules.default
nixpkgs = {
hostPlatform = lib.mkDefault system;
# keep-sorted start
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
nova-shell.nixosModules.default
self.nixosModules.niri
self.nixosModules.pkgs-vscode-extensions
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
zerforschen-plus.nixosModules.default
# keep-sorted end
# Base config (replaces global-settings.nix)
{
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false;
doc.enable = false;
};
my.autoupdate.enable = true;
my.distributedBuilds.enable = true;
my.extraCaches.enable = true;
my.globalinstalls.enable = true;
my.lixIsNix.enable = true;
my.openssh.enable = true;
my.prometheusNode.enable = true;
my.systemdBoot.enable = true;
my.tailscale.enable = true;
}
]
++ lib.optionals (home-manager-users != { }) [
# Desktop config (replaces global-settings-desktop.nix)
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
my.enDe.enable = true;
my.firmwareUpdates.enable = true;
my.gnome.enable = true;
my.kdeconnect.enable = true;
my.modernDesktop.enable = true;
my.niri.enable = true;
my.nixLd.enable = true;
my.quietBoot.enable = true;
my.stylix.enable = true;
}
];
}

6
nixosConfigurations/epimetheus/default.nix
View file

@ -1,8 +1,6 @@
{ self, ... }:
{ ... }:
{
imports = [ self.nixosModules.pxvirt-guest ];
config = {
my.pxvirtGuest.enable = true;
};
}

5
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,12 +1,13 @@
{ self, ... }:
{ ... }:
{
imports = [
./hardware.nix
./forgejo-runner.nix
self.nixosModules.podman
];
config = {
my.podman.enable = true;
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";

16
nixosConfigurations/muede-lpt2/default.nix
View file

@ -2,17 +2,17 @@
{
imports = [
./hardware.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
];
config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.intelGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"

19
nixosConfigurations/muede-pc2/default.nix
View file

@ -1,21 +1,20 @@
{ pkgs, self, ... }:
{ pkgs, ... }:
{
imports = [
./hardware.nix
# ./vscode-server.nix
# ./hass.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
];
config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.amdGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"

19
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,20 +1,15 @@
{
config,
pkgs,
self,
...
}:
{ pkgs, ... }:
{
imports = [
./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.muede-desktop-settings
];
config = {
my.users.ronja.enable = true;
my.steam.enable = true;
my.wineGaming.enable = true;
my.muedeDesktopSettings.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
@ -24,8 +19,6 @@
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget

29
nixosModules/amd-graphics.nix
View file

@ -1,15 +1,24 @@
{ pkgs, ... }:
{
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
lib,
config,
pkgs,
...
}:
{
options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
config = lib.mkIf config.my.amdGraphics.enable {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
}

27
nixosModules/autoupdate.nix
View file

@ -1,16 +1,21 @@
{ lib, config, ... }:
{
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
config = lib.mkIf config.my.autoupdate.enable {
nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
options = "--delete-older-than 7d";
# do not forget to set `flake` when using this module!
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
}

37
nixosModules/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ ... }:
{
imports = [
# keep-sorted start
./allowed-unfree-list.nix
./amd-graphics.nix
./autoupdate.nix
./distributed-builds.nix
./en-de.nix
./extra-caches.nix
./firmware-updates.nix
./globalinstalls.nix
./gnome.nix
./intel-graphics.nix
./kdeconnect.nix
./latex.nix
./lix-is-nix.nix
./modern-desktop.nix
./muede-desktop-settings.nix
./nix-ld.nix
./openssh.nix
./podman.nix
./printing.nix
./prometheus-node.nix
./pxvirt-guest.nix
./quiet-boot.nix
./secure-boot.nix
./steam.nix
./stylix.nix
./systemd-boot.nix
./tailscale.nix
./user-muede.nix
./user-ronja.nix
./wine-gaming.nix
# keep-sorted end
];
}

105
nixosModules/distributed-builds.nix
View file

@ -32,62 +32,77 @@ let
# distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname>
# All machines automatically discover and use it after the next rebuild.
buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices;
buildServerDevices = lib.filterAttrs (
_: v: (v.distributedBuilds or { }).isBuilder or false
) devices;
knownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs (hostName: v: {
publicKey = v.distributedBuilds.hostPublicKey;
}))
(lib.mapAttrs (
_: v: {
publicKey = v.distributedBuilds.hostPublicKey;
}
))
];
buildMachineList = lib.mapAttrsToList (hostName: v: {
inherit hostName;
systems = [ v.system ];
sshUser = buildUser;
sshKey = sshKeyPath;
protocol = "ssh-ng";
} // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
speedFactor = v.distributedBuilds.speedFactor;
} // {
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
"benchmark"
];
}) buildServerDevices;
buildMachineList = lib.mapAttrsToList (
hostName: v:
{
inherit hostName;
systems = [ v.system ];
sshUser = buildUser;
sshKey = sshKeyPath;
protocol = "ssh-ng";
}
// lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
speedFactor = v.distributedBuilds.speedFactor;
}
// {
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
"benchmark"
];
}
) buildServerDevices;
remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
in
{
# Dedicated user for receiving distributed build connections
programs.ssh.knownHosts = knownHosts;
options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
users.users.${buildUser} = {
isSystemUser = true;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
};
users.groups.${buildUser} = { };
config = lib.mkIf config.my.distributedBuilds.enable {
programs.ssh.knownHosts = knownHosts;
nix = {
distributedBuilds = remoteMachines != [ ];
buildMachines = remoteMachines;
settings = {
trusted-users = [ buildUser ];
builders-use-substitutes = true;
max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto";
cores = 0;
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
# Dedicated user for receiving distributed build connections
users.users.${buildUser} = {
isSystemUser = true;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (
k: ''command="nix daemon --stdio",restrict ${k}''
) authorizedPublicKeys;
};
users.groups.${buildUser} = { };
nix = {
distributedBuilds = remoteMachines != [ ];
buildMachines = remoteMachines;
settings = {
trusted-users = [ buildUser ];
builders-use-substitutes = true;
max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto";
cores = 0;
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
}

63
nixosModules/en-de.nix
View file

@ -1,31 +1,40 @@
{ pkgs, ... }:
{
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
lib,
config,
pkgs,
...
}:
{
options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
config = lib.mkIf config.my.enDe.enable {
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}

43
nixosModules/extra-caches.nix
View file

@ -1,22 +1,27 @@
{ lib, config, ... }:
{
nix.settings = {
substituters = [
# keep-sorted start
"https://cache.lix.systems"
"https://cache.nixos.org/"
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# keep-sorted end
];
trusted-public-keys = [
# keep-sorted start
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
];
options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
config = lib.mkIf config.my.extraCaches.enable {
nix.settings = {
substituters = [
# keep-sorted start
"https://cache.lix.systems"
"https://cache.nixos.org/"
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# keep-sorted end
];
trusted-public-keys = [
# keep-sorted start
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
];
};
};
}

21
nixosModules/firmware-updates.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
services.fwupd.enable = true;
config = lib.mkIf config.my.firmwareUpdates.enable {
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
services.fwupd.enable = true;
};
}

61
nixosModules/global-settings-desktop.nix
View file

@ -1,61 +0,0 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
nova-shell,
...
}:
{
imports = [
# keep-sorted start
home-manager.nixosModules.home-manager
nova-shell.nixosModules.default
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
config = {
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
};
}

44
nixosModules/global-settings.nix
View file

@ -1,44 +0,0 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.distributed-builds
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

59
nixosModules/globalinstalls.nix
View file

@ -1,30 +1,39 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
git-credential-oauth
];
lib,
config,
pkgs,
...
}:
{
options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
config = lib.mkIf config.my.globalinstalls.enable {
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
git-credential-oauth
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
};
environment.etc."gitconfig".text = ''
[credential]
helper = oauth
credentialStore = cache
'';
environment.etc."gitconfig".text = ''
[credential]
helper = oauth
credentialStore = cache
'';
};
}

101
nixosModules/gnome.nix
View file

@ -1,62 +1,65 @@
{
pkgs,
lib,
config,
pkgs,
...
}:
{
options.muede = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
options = {
my.gnome.enable = lib.mkEnableOption "GNOME desktop environment";
muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
};
config = lib.mkMerge [
{
services = {
xserver.excludePackages = [ pkgs.xterm ];
config = lib.mkIf config.my.gnome.enable (
lib.mkMerge [
{
services = {
xserver.excludePackages = [ pkgs.xterm ];
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
};
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
programs = {
dconf.enable = true;
gpaste.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
};
}
(lib.mkIf (!config.muede.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
];
}
(lib.mkIf (!config.muede.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
]
);
}

11
nixosModules/intel-graphics.nix
View file

@ -1,6 +1,13 @@
{ pkgs, ... }:
{
config = {
lib,
config,
pkgs,
...
}:
{
options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
config = lib.mkIf config.my.intelGraphics.enable {
hardware.graphics = {
extraPackages = with pkgs; [
intel-media-driver

86
nixosModules/kdeconnect.nix
View file

@ -5,49 +5,53 @@
...
}:
{
config = lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
];
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
config = lib.mkIf config.my.kdeconnect.enable (
lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
)
];
})
];
];
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
]
);
}

11
nixosModules/latex.nix
View file

@ -1,6 +1,13 @@
{ pkgs, ... }:
{
config = {
lib,
config,
pkgs,
...
}:
{
options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
config = lib.mkIf config.my.latex.enable {
environment.systemPackages = with pkgs; [
fontconfig
texliveFull

33
nixosModules/lix-is-nix.nix
View file

@ -1,15 +1,24 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
lib,
config,
pkgs,
...
}:
{
options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
nix.package = pkgs.lixPackageSets.latest.lix;
config = lib.mkIf config.my.lixIsNix.enable {
nixpkgs.overlays = [
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
};
}

79
nixosModules/modern-desktop.nix
View file

@ -1,47 +1,52 @@
{ lib, config, ... }:
{
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
config = lib.mkIf config.my.modernDesktop.enable {
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
};
}

39
nixosModules/muede-desktop-settings.nix
View file

@ -1,21 +1,30 @@
{ pkgs, ... }:
{
programs.firefox.enable = true;
lib,
config,
pkgs,
...
}:
{
options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
usbutils
];
config = lib.mkIf config.my.muedeDesktopSettings.enable {
programs.firefox.enable = true;
fonts.enableDefaultPackages = true;
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
usbutils
];
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
fonts.enableDefaultPackages = true;
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}

49
nixosModules/nix-ld.nix
View file

@ -1,23 +1,32 @@
{ pkgs, ... }:
{
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
lib,
config,
pkgs,
...
}:
{
options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
config = lib.mkIf config.my.nixLd.enable {
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
};
};
}

19
nixosModules/openssh.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
config = lib.mkIf config.my.openssh.enable {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
}

19
nixosModules/podman.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
config = lib.mkIf config.my.podman.enable {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
};
};
}

19
nixosModules/printing.nix
View file

@ -1,12 +1,17 @@
{ lib, config, ... }:
{
services = {
# Enable CUPS to print documents.
printing.enable = true;
options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
config = lib.mkIf config.my.printing.enable {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

37
nixosModules/prometheus-node.nix
View file

@ -1,20 +1,25 @@
{ lib, config, ... }:
{
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
port = 9190;
enabledCollectors = [
# keep-sorted start
"cgroups"
"interrupts"
"softirqs"
"swap"
"systemd"
"tcpstat"
"wifi"
# keep-sorted end
];
options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
config = lib.mkIf config.my.prometheusNode.enable {
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
port = 9190;
enabledCollectors = [
# keep-sorted start
"cgroups"
"interrupts"
"softirqs"
"swap"
"systemd"
"tcpstat"
"wifi"
# keep-sorted end
];
};
};
};
}

12
nixosModules/pxvirt-guest.nix
View file

@ -1,8 +1,16 @@
{ modulesPath, lib, ... }:
{
modulesPath,
lib,
config,
...
}:
{
# Import unconditionally — the module only defines options, activating nothing by default.
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config = {
options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
config = lib.mkIf config.my.pxvirtGuest.enable {
# TODO is this needed?
# nix.settings.sandbox = false;

49
nixosModules/quiet-boot.nix
View file

@ -1,25 +1,34 @@
{ pkgs, ... }:
{
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
lib,
config,
pkgs,
...
}:
{
options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
config = lib.mkIf config.my.quietBoot.enable {
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
];
};
};
};
}

53
nixosModules/secure-boot.nix
View file

@ -1,28 +1,37 @@
{ pkgs, lib, ... }:
{
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
# To enroll:
# 1. sudo sbctl create-keys
# 2. import this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
lib,
config,
pkgs,
...
}:
{
options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
config = lib.mkIf config.my.secureBoot.enable {
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
# To enroll:
# 1. sudo sbctl create-keys
# 2. enable this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
}

77
nixosModules/steam.nix
View file

@ -1,45 +1,50 @@
{ lib, config, ... }:
{
hardware.steam-hardware.enable = true;
options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
config = lib.mkIf config.my.steam.enable {
hardware.steam-hardware.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
gamemode.enable = true;
};
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
}

169
nixosModules/stylix.nix
View file

@ -1,86 +1,95 @@
{ pkgs, config, ... }:
{
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
override = {
scheme = "Catppuccin Mocha Pride";
lib,
config,
pkgs,
...
}:
{
options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
base09 = "#6f9dff";
base0A = "#d162a4";
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
config = lib.mkIf config.my.stylix.enable {
stylix = {
enable = true;
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
override = {
scheme = "Catppuccin Mocha Pride";
base09 = "#6f9dff";
base0A = "#d162a4";
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true;
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
};
};
};
}

19
nixosModules/systemd-boot.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
config = lib.mkIf config.my.systemdBoot.enable {
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
};
}

15
nixosModules/tailscale.nix
View file

@ -1,8 +1,13 @@
{ lib, config, ... }:
{
services.tailscale = {
enable = true;
openFirewall = true;
};
options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
networking.firewall.checkReversePath = "loose";
config = lib.mkIf config.my.tailscale.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
};
}

75
nixosModules/user-muede.nix
View file

@ -1,37 +1,46 @@
{ pkgs, ... }:
{
users.users.muede = {
isNormalUser = true;
uid = 1000;
name = "muede";
description = "müde";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
lib,
config,
pkgs,
...
}:
{
options.my.users.muede.enable = lib.mkEnableOption "muede user account";
config = lib.mkIf config.my.users.muede.enable {
users.users.muede = {
isNormalUser = true;
uid = 1000;
name = "muede";
description = "müde";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
];
}

41
nixosModules/user-ronja.nix
View file

@ -1,19 +1,28 @@
{ pkgs, ... }:
{
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
lib,
config,
pkgs,
...
}:
{
options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
nix.settings.trusted-users = [ "ronja" ];
config = lib.mkIf config.my.users.ronja.enable {
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
};
}

43
nixosModules/wine-gaming.nix
View file

@ -1,22 +1,31 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
lib,
config,
pkgs,
...
}:
{
options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
config = lib.mkIf config.my.wineGaming.enable {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
};
xpadneo.enable = true;
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
}