diff --git a/README.md b/README.md deleted file mode 100644 index 3ad5e88..0000000 --- a/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# nixos-configuration - -Personal NixOS configuration for all machines. Devices are declared in `devices.nix`, per-device configs live in `nixosConfigurations//`, and shared modules in `nixosModules/`. - -## Distributed builds - -Machines are configured to act as build servers / binary caches for each other in devices.nix. - -### Onboarding a device as a build client - -1. Generate a key pair on the device: - - ```sh - sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" && sudo cat /etc/nix/distributed-build-key.pub - ``` - -2. Add the public key to the device entry in `devices.nix`: - - ```nix - distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; - ``` - -3. Rebuild all build machines so they pick up the new authorized key. - -### Adding a build server - -1. Add to its entry in `devices.nix`: - - ```nix - distributedBuilds.isBuilder = true; - distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 "$(hostname)" - ``` - -2. Generate a store signing key on the builder: - - ```sh - sudo nix key generate-secret --key-name "$(hostname)" | sudo tee /etc/nix/signing-key.sec | sudo nix key convert-secret-to-public - ``` - -3. Add the printed public key to `devices.nix`: - - ```nix - distributedBuilds.storeSigningPublicKey = ":"; - ``` - -4. Rebuild all machines so they trust the new signing key. diff --git a/devices.nix b/devices.nix deleted file mode 100644 index a4fbeb4..0000000 --- a/devices.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ self }: -let - nixos-raspberrypi = self.inputs.nixos-raspberrypi; -in -{ - # keep-sorted start block=yes - aur0ra = { - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosSystem; - }; - aur0ra-installer = { - # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosInstaller; - }; - damocles = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - damocles-lab = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - epimetheus = { - system = "aarch64-linux"; - }; - forgejo-runner-1 = { - system = "aarch64-linux"; - publicFqdn = "forgejo-runner-1.dev.zerforschen.plus"; - distributedBuilds = { - isBuilder = true; - speedFactor = 1; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0NLgg0sFobBWz/bjYs9WkrMvlcvJC5F6+3jQ/b+AnD forgejo-runner-1-nix-builds"; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANGC89GiT5xCsFICwrharrbV3q7acWHqk6ZwOUXbtGT"; - storeSigningPublicKey = "forgejo-runner-1:ln1FVLL8G5+IveQuBi/Kn3SaqFZ1gaiQrE3yPlMhCMA="; - }; - }; - hetzner-vpn2 = { - system = "aarch64-linux"; - }; - muede-lpt2 = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - speedFactor = 2; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; - storeSigningPublicKey = "muede-lpt2:3csut7FW6oZK/ztRLBRC80LSBfFE3qzl+aIYgOixB6U="; - }; - }; - muede-pc2 = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - speedFactor = 4; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; - storeSigningPublicKey = "muede-pc2:fqQO0E0y65MjUWlQnrgWt5ZsmQKlKCv4jls3CmUXDEQ="; - }; - }; - ronja-pc = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) ronja; - }; - }; - # keep-sorted end -} diff --git a/flake.lock b/flake.lock index a74a893..e0df6e3 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "argononed": { - "flake": false, - "locked": { - "lastModified": 1729566243, - "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", - "owner": "nvmd", - "repo": "argononed", - "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", - "type": "github" - }, - "original": { - "owner": "nvmd", - "repo": "argononed", - "type": "github" - } - }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -143,21 +127,6 @@ "type": "github" } }, - "crane_2": { - "locked": { - "lastModified": 1777830388, - "narHash": "sha256-2uoQAqUk2H0ijQtGiWAyNeQYGYc6yfAcRRLlJAz4Gp8=", - "owner": "ipetkov", - "repo": "crane", - "rev": "d459c1350e96ce1a7e3859c513ef5e9869d67d6f", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -212,31 +181,16 @@ "type": "github" } }, - "flake-compat_2": { - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -330,11 +284,11 @@ ] }, "locked": { - "lastModified": 1775425411, - "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", + "lastModified": 1768949235, + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", "type": "github" }, "original": { @@ -378,11 +332,11 @@ ] }, "locked": { - "lastModified": 1777031541, - "narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=", + "lastModified": 1768908532, + "narHash": "sha256-HIdLXEFaUVE8FiaCPJbCfBMsnF+mVtDub8Jwj2BD+mk=", "owner": "nix-community", "repo": "naersk", - "rev": "5e73301621274c44798bf6c6211ed27fc2ced201", + "rev": "8d97452673640eb7fabe428e8b6a425bc355008b", "type": "github" }, "original": { @@ -405,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1777472199, - "narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=", + "lastModified": 1769170609, + "narHash": "sha256-LiyaKNga2z/iG4pNr86iQLySEDoOytEzTCblxzRjnCk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "323a80f2ce4541c595d491acbd15a8800201cbae", + "rev": "08d6e6adf34b0af12be7eaeacc0b4c1a8580b3da", "type": "github" }, "original": { @@ -438,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1777468255, - "narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=", + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", "owner": "YaLTeR", "repo": "niri", - "rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", "type": "github" }, "original": { @@ -473,11 +427,11 @@ ] }, "locked": { - "lastModified": 1777434090, - "narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=", + "lastModified": 1769134548, + "narHash": "sha256-16UWbfkIEaG728vwCdXM5C/8f1NLqBwZc039p8Yj9CA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b", + "rev": "969bb9a90fa1365e8b5028d1b67dbd439b268675", "type": "github" }, "original": { @@ -509,11 +463,11 @@ ] }, "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", + "lastModified": 1764234087, + "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", + "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "type": "github" }, "original": { @@ -522,61 +476,13 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-raspberrypi", - "nixpkgs" - ], - "nixos-unstable": [ - "nixos-raspberrypi", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747747741, - "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", - "owner": "nvmd", - "repo": "nixos-images", - "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", - "type": "github" - }, - "original": { - "owner": "nvmd", - "ref": "sdimage-installer", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-raspberrypi": { - "inputs": { - "argononed": "argononed", - "flake-compat": "flake-compat_2", - "nixos-images": "nixos-images", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1775857096, - "narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", - "owner": "nvmd", - "repo": "nixos-raspberrypi", - "rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", - "type": "github" - }, - "original": { - "owner": "nvmd", - "ref": "main", - "repo": "nixos-raspberrypi", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1775595990, - "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", + "lastModified": 1769089682, + "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", "type": "github" }, "original": { @@ -588,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -603,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1777270315, - "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -618,22 +524,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1777077449, - "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1757545623, "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", @@ -649,29 +539,6 @@ "type": "github" } }, - "nova-shell": { - "inputs": { - "crane": "crane_2", - "nixpkgs": [ - "nixpkgs-unstable" - ], - "quickshell": "quickshell", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1778180483, - "narHash": "sha256-35cMiZn5DAnYFpKFdWg5dxW7hLO3/ey743ED6yV3pL8=", - "ref": "refs/heads/main", - "rev": "dfa3840d97186fef3480b49f289acd3ae707ee27", - "revCount": 626, - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" - } - }, "nur": { "inputs": { "flake-parts": [ @@ -682,11 +549,11 @@ ] }, "locked": { - "lastModified": 1777499139, - "narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=", + "lastModified": 1769190062, + "narHash": "sha256-HXy1M80RWBW7cIIMQ/bBV/pMa3NmK6MYOOz/kA4bHIw=", "owner": "nix-community", "repo": "NUR", - "rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc", + "rev": "82023efed13ef3c1bfe99f0cd669139b4a2d2694", "type": "github" }, "original": { @@ -721,27 +588,6 @@ "type": "github" } }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "nova-shell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776066068, - "narHash": "sha256-SwKVkgEsqsp5ki9m7fqvhncb5MjvH1hlZqbn3s+x/Uk=", - "ref": "refs/heads/master", - "rev": "fb08eced449e87e47321e95beeb890a63d2c67bd", - "revCount": 801, - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - } - }, "root": { "inputs": { "flake-parts": "flake-parts", @@ -752,16 +598,14 @@ "nix-filter": "nix-filter", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-generators": "nixos-generators", - "nixos-raspberrypi": "nixos-raspberrypi", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "nova-shell": "nova-shell", "nur": "nur", "servicepoint-cli": "servicepoint-cli", "servicepoint-simulator": "servicepoint-simulator", "servicepoint-tanks": "servicepoint-tanks", "stylix": "stylix", - "treefmt-nix": "treefmt-nix_2", + "treefmt-nix": "treefmt-nix", "zerforschen-plus": "zerforschen-plus" } }, @@ -819,11 +663,11 @@ ] }, "locked": { - "lastModified": 1771709842, - "narHash": "sha256-zbKj2waitgCFE/I4DcV4lWMRkQ7gDOa9QgPXVTao5+g=", + "lastModified": 1764875421, + "narHash": "sha256-ZO9wiokPhropwsU3BfIgjm1bc59SIyqrfjfnFCM2Q68=", "ref": "refs/heads/main", - "rev": "6c731e3f5ac0fc63e3cf1e727856f3a3327fddfb", - "revCount": 52, + "rev": "fa892558f123c5d5395663fa666466c73b997245", + "revCount": 48, "type": "git", "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git" }, @@ -840,7 +684,7 @@ "nix-filter": [ "nix-filter" ], - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1757763091, @@ -903,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1776894428, - "narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=", + "lastModified": 1768493544, + "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", "owner": "nix-community", "repo": "stylix", - "rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d", + "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", "type": "github" }, "original": { @@ -1016,36 +860,15 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ - "nova-shell", "nixpkgs" ] }, "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -1074,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1773622265, - "narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=", + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a879e5e0896a326adc79c474bf457b8b99011027", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e95af0e..5894172 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,8 @@ }; niri = { url = "github:sodiboo/niri-flake"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; - }; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; }; nix-filter.url = "github:numtide/nix-filter"; nix-vscode-extensions = { @@ -37,13 +35,6 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-raspberrypi = { - url = "github:nvmd/nixos-raspberrypi/main"; - }; - nova-shell = { - url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; nur = { url = "github:nix-community/NUR"; inputs = { @@ -96,18 +87,55 @@ inputs@{ self, nixpkgs, + home-manager, # keep-sorted start + lanzaboote, niri, nix-vscode-extensions, + nixos-generators, nixpkgs-unstable, + servicepoint-cli, + servicepoint-simulator, + servicepoint-tanks, + stylix, treefmt-nix, + zerforschen-plus, # keep-sorted end ... }: let + devices = { + vinzenz-lpt2 = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) vinzenz; + }; + }; + vinzenz-pc2 = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) vinzenz; + }; + }; + ronja-pc = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) ronja; + }; + }; + hetzner-vpn2 = { + system = "aarch64-linux"; + }; + forgejo-runner-1 = { + system = "aarch64-linux"; + }; + epimetheus = { + system = "aarch64-linux"; + }; + }; inherit (nixpkgs) lib; - nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; - supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); + forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; + supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; treefmt-config = { projectRootFile = "flake.nix"; programs = { @@ -136,29 +164,74 @@ in { overlays = { - unstable = final: prev: { + unstable-packages = final: prev: { unstable = import nixpkgs-unstable { - localSystem = prev.stdenv.hostPlatform; - inherit (prev) config; + inherit (prev) system config; }; }; - vscodeExtensions = nix-vscode-extensions.overlays.default; - niri = niri.overlays.niri; }; nixosModules = (importModuleDir ./nixosModules) // { + niri = + { pkgs, ... }: + { + imports = [ niri.nixosModules.niri ]; + nixpkgs.overlays = [ niri.overlays.niri ]; + + programs.niri = { + enable = true; + #package = pkgs.niri-stable; + }; + }; + pkgs-unstable = { + nixpkgs.overlays = [ self.overlays.unstable-packages ]; + }; + pkgs-vscode-extensions = { + nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ]; + }; + # required modules to use other modules, should not do anything on their own default = { - imports = builtins.attrValues (builtins.removeAttrs self.nixosModules [ "default" ]); + imports = [ self.nixosModules.allowed-unfree-list ]; }; }; homeModules = importModuleDir ./homeModules; homeConfigurations = { - muede = ./homeConfigurations/muede; + vinzenz = ./homeConfigurations/vinzenz; ronja = ./homeConfigurations/ronja; }; - inherit nixosConfigurations; + nixosConfigurations = forDevice ( + { + device, + system, + home-manager-users ? { }, + }: + let + specialArgs = inputs // { + inherit device home-manager-users; + }; + in + nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = [ + { + imports = [ + ./nixosConfigurations/${device} + self.nixosModules.global-settings + ] + ++ (lib.optionals (home-manager-users != { }) [ + self.nixosModules.global-settings-desktop + ]); + + nixpkgs = { + inherit system; + hostPlatform = lib.mkDefault system; + }; + } + ]; + } + ); formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); @@ -168,5 +241,22 @@ formatting = treefmt-eval.config.build.check self; } ); + + packages = forAllSystems ( + { ... }: + { + nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate { + system = "aarch64-linux"; + format = "proxmox-lxc"; + specialArgs = inputs // { + device = "nixos-aarch64-pxvirt-lxc-template"; + }; + modules = [ + self.nixosModules.global-settings + self.nixosModules.pxvirt-guest + ]; + }; + } + ); }; } diff --git a/homeConfigurations/muede/git.nix b/homeConfigurations/muede/git.nix deleted file mode 100644 index 97c8477..0000000 --- a/homeConfigurations/muede/git.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - programs = { - git = { - enable = true; - settings = { - user = { - name = "müde"; - email = "git@darkest.space"; - }; - - aliases = { - prettylog = "log --pretty=oneline --graph"; - spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; - }; - - pull.ff = "only"; - merge.tool = "kdiff3"; - push.autoSetupRemote = "true"; - credential.credentialStore = "cache"; - }; - - ignores = [ - ".direnv" - ".idea" - ".envrc" - ]; - }; - - git-credential-oauth.enable = true; - gh = { - enable = true; - gitCredentialHelper.enable = true; - }; - }; -} diff --git a/homeConfigurations/muede/podman.nix b/homeConfigurations/muede/podman.nix deleted file mode 100644 index ea5b090..0000000 --- a/homeConfigurations/muede/podman.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - services.podman = { - settings = { - policy = { - default = [ { type = "reject"; } ]; - transports = { - docker-daemon = { - "" = [ { type = "insecureAcceptAnything"; } ]; - }; - docker = { - "docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ]; - "docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ]; - }; - }; - }; - }; - }; -} diff --git a/homeConfigurations/muede/swayidle.nix b/homeConfigurations/muede/swayidle.nix deleted file mode 100644 index 73029e6..0000000 --- a/homeConfigurations/muede/swayidle.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: -{ - services.swayidle = - let - lock-command = "${pkgs.systemd}/bin/loginctl lock-session"; - in - { - enable = true; - systemdTarget = "graphical-session.target"; - timeouts = [ - { - timeout = 30; - command = lock-command; - } - { - timeout = 60 * 10; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - events = [ - { - event = "before-sleep"; - command = "${pkgs.playerctl}/bin/playerctl pause; ${lock-command}"; - } - ]; - }; -} diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix deleted file mode 100644 index f807135..0000000 --- a/homeConfigurations/muede/swaylock.nix +++ /dev/null @@ -1,28 +0,0 @@ -# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# -{ pkgs, ... }: -{ - stylix.targets.swaylock = { - enable = true; - useWallpaper = true; - }; - - programs.swaylock = { - enable = true; - package = pkgs.swaylock-effects; - # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd - settings = { - screenshot = false; - effect-blur = "9x9"; - effect-vignette = "0.2:0.2"; - fade-in = 0.5; - font-size = 75; - indicator-caps-lock = true; - clock = true; - indicator-radius = 400; - show-failed-attempts = true; - ignore-empty-password = true; - grace = 3.5; - indicator-thickness = 20; - }; - }; -} diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css deleted file mode 100644 index 0f1d38a..0000000 --- a/homeConfigurations/muede/waybar.css +++ /dev/null @@ -1,330 +0,0 @@ -/* #region stylix overrides*/ -.modules-left #workspaces button, -.modules-left #workspaces button.focused, -.modules-left #workspaces button.active, -.modules-center #workspaces button, -.modules-center #workspaces button.focused, -.modules-center #workspaces button.active, -.modules-right #workspaces button, -.modules-right #workspaces button.focused, -.modules-right #workspaces button.active { - border-bottom: unset; -} -/* #endregion */ - -* { - font-family: monospace; - font-size: 13px; -} - -window#waybar { - transition-property: background-color; - transition-duration: 0.5s; - /* Gradient border spanning the entire waybar window */ - border-bottom: 3px solid transparent; - background-clip: padding-box, border-box; - background-origin: padding-box, border-box; - background-image: - linear-gradient(135deg, @base00, @base01), - linear-gradient(135deg, @base0C, @base09); -} - -/* Common pill styling for all widgets */ -#clock, -#cpu, -#memory, -#disk, -#temperature, -#backlight, -#network, -#pulseaudio, -#wireplumber, -#custom-media, -#mode, -#scratchpad, -#mpd, -#custom-weather, -#battery, -#power-profiles-daemon, -#idle_inhibitor, -#custom-swaync, -#bluetooth, -#mpris, -#upower, -#workspaces, -#window, -#tray, -#custom-wlogout, -#privacy-item { - margin: 0px 4px 6px; - padding: 0px 8px; - background: linear-gradient(135deg, @base02, @base01); - border-radius: 15px; - border: 2px solid; - transition: all 0.3s ease; -} - -/* special treatment for weird sized widgets */ -#custom-wlogout, -#power-profiles-daemon, -#idle_inhibitor { - padding: 0px 10px 0px 8px; -} - -#workspaces { - padding-left: 0; - padding-right: 0; -} - -/* Individual widget colors */ -#workspaces, -#window, -#tray { - border-color: @base0D; -} - -#workspaces button { - padding: 0 6px; - background-color: transparent; - color: @base05; - border-radius: 15px; - border: none; - transition: all 0.3s ease; -} - -#workspaces button:hover { - background: @base03; -} - -#workspaces button.focused, -#workspaces button.active { - background-color: @base03; - color: @base07; -} - -#workspaces button.urgent { - background-color: @base08; - color: @base00; -} - -#clock { - color: @base07; - border-color: @base0D; -} - -#cpu { - color: @base09; - border-color: @base09; -} - -#memory { - color: @base0E; - border-color: @base0E; -} - -#disk { - color: @base0D; - border-color: @base0D; -} - -#temperature { - color: @base08; - border-color: @base08; -} - -#backlight { - color: @base0A; - border-color: @base0A; -} - -#network { - color: @base0B; - border-color: @base0B; -} - -#pulseaudio, -#wireplumber { - color: @base0D; - border-color: @base0D; -} - -#custom-media { - color: @base0E; - border-color: @base0E; -} - -#mode { - color: @base05; - border-color: @base03; - box-shadow: inset 0 -3px @base05; -} - -#mpd { - color: @base0E; - border-color: @base0E; -} - -#custom-weather { - color: @base0B; - border-color: @base0B; -} - -#battery, -#power-profiles-daemon, -#idle_inhibitor { - color: @base05; - border-color: @base03; -} - -#custom-swaync { - color: @base0E; - border-color: @base0E; -} - -#bluetooth { - color: @base0D; - border-color: @base0D; -} - -#mpris { - color: @base0E; - border-color: @base0E; -} - -#upower { - color: @base0B; - border-color: @base0B; -} - -/* If workspaces is the leftmost module, omit left margin */ -.modules-left > widget:first-child > #workspaces { - margin-left: 0; -} - -/* If workspaces is the rightmost module, omit right margin */ -.modules-right > widget:last-child > #workspaces { - margin-right: 0; -} - -/* Battery states with colored glows */ -#battery.charging { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -#battery.warning:not(.charging) { - box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); - border-color: @base0A; - color: @base0A; -} - -@keyframes blink { - to { - background-color: #ffffff; - color: #000000; - } -} - -#battery.critical:not(.charging) { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); - border-color: @base08; - color: @base08; - animation-name: blink; - animation-duration: 0.5s; - /* Using steps() instead of linear as a timing function to limit cpu usage */ - animation-timing-function: steps(12); - animation-iteration-count: infinite; - animation-direction: alternate; -} - -/* Bluetooth connected state */ -#bluetooth.connected { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.5); -} - -/* Power profiles with state-appropriate glows */ -#power-profiles-daemon.performance { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.6); - border-color: @base08; - color: @base08; -} - -#power-profiles-daemon.balanced { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -#power-profiles-daemon.power-saver { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -/* Idle inhibitor with state glow */ -#idle_inhibitor.activated { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -/* MPD states with glows */ -#mpd.playing { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.5); - border-color: @base0B; - color: @base0B; -} - -#mpd.paused { - box-shadow: 0 0 6px rgba(203, 166, 247, 0.5); - border-color: @base0E; - color: @base0E; -} - -#mpd.disconnected, -#mpd.stopped { - color: @base04; -} - -#tray > .passive { - -gtk-icon-effect: dim; -} - -#tray > .needs-attention { - -gtk-icon-effect: highlight; - box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); - border-color: @base08; -} - -#privacy { - padding: 0; -} - -#privacy-item.screenshare { - box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); - border-color: @base0A; - color: @base0A; -} - -#privacy-item.audio-in { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -#privacy-item.audio-out { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -/* Custom wlogout button */ -#custom-wlogout { - color: @base08; - border-color: @base08; -} - -#custom-wlogout:hover { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.5); -} diff --git a/homeConfigurations/ronja/default.nix b/homeConfigurations/ronja/default.nix index 4d5c5ee..0f202cd 100644 --- a/homeConfigurations/ronja/default.nix +++ b/homeConfigurations/ronja/default.nix @@ -2,14 +2,6 @@ { imports = [ ./vscode.nix ]; config = { - my = { - # keep-sorted start - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - home.packages = with pkgs; [ ## Apps telegram-desktop diff --git a/homeConfigurations/vinzenz/.config/containers/policy.json b/homeConfigurations/vinzenz/.config/containers/policy.json new file mode 100644 index 0000000..245b3df --- /dev/null +++ b/homeConfigurations/vinzenz/.config/containers/policy.json @@ -0,0 +1,23 @@ +{ + "default": [ + { + "type": "reject" + } + ], + "transports": { + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "docker": { + "docker.io/library/debian": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } +} diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/vinzenz/default.nix similarity index 67% rename from homeConfigurations/muede/default.nix rename to homeConfigurations/vinzenz/default.nix index c2293ca..4847729 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/vinzenz/default.nix @@ -9,32 +9,22 @@ ./git.nix ./gnome.nix ./niri.nix - ./podman.nix ./ssh.nix ./starship.nix - ./swayidle.nix - #./swaylock.nix - #./swaync.nix + ./swaylock.nix + ./swaync.nix ./vscode.nix - # ./waybar.nix - # ./wlogout.nix + ./waybar.nix + ./wlogout.nix ./zsh.nix # keep-sorted end ]; config = { - my = { - # keep-sorted start - gnome-extensions.enable = true; - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - programs = { home-manager.enable = true; fzf.enable = true; + git-credential-oauth.enable = true; direnv = { enable = true; @@ -58,50 +48,52 @@ }; chromium.enable = true; - nova-shell = { - enable = true; - theme = { - fontSize = 14; - }; - #modules.backgroundOverlay.enable = false; - #modules.screenCorners.enable = false; - }; }; home.packages = with pkgs; [ - # keep-sorted start - arduino - arduino-cli - arduino-ide - btop - claude-code - dconf2nix - foliate - fractal - geary - gnome-terminal - gparted - icu - jetbrains-toolbox - kdiff3 keepassxc - lutris nextcloud-client - onefetch - servicepoint-cli - servicepoint-simulator - telegram-desktop thunderbird - vlc + fractal + telegram-desktop + wireguard-tools wirelesstools - # keep-sorted end + tailscale + + kdiff3 + jetbrains-toolbox + + vlc + lutris + + arduino + arduino-ide + arduino-cli + + servicepoint-cli + servicepoint-simulator + + icu + + foliate + + dconf2nix + + gnome-terminal ]; home.file = { + "policy.json" = { + target = ".config/containers/policy.json"; + text = builtins.readFile ./.config/containers/policy.json; + }; "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier"; }; - services.poweralertd.enable = true; + services = { + trayscale.enable = true; + poweralertd.enable = true; + }; }; } diff --git a/homeConfigurations/muede/editorconfig.nix b/homeConfigurations/vinzenz/editorconfig.nix similarity index 100% rename from homeConfigurations/muede/editorconfig.nix rename to homeConfigurations/vinzenz/editorconfig.nix diff --git a/homeConfigurations/muede/element.nix b/homeConfigurations/vinzenz/element.nix similarity index 100% rename from homeConfigurations/muede/element.nix rename to homeConfigurations/vinzenz/element.nix diff --git a/homeConfigurations/muede/fonts.nix b/homeConfigurations/vinzenz/fonts.nix similarity index 100% rename from homeConfigurations/muede/fonts.nix rename to homeConfigurations/vinzenz/fonts.nix diff --git a/homeConfigurations/muede/fuzzel.nix b/homeConfigurations/vinzenz/fuzzel.nix similarity index 100% rename from homeConfigurations/muede/fuzzel.nix rename to homeConfigurations/vinzenz/fuzzel.nix diff --git a/homeConfigurations/vinzenz/git.nix b/homeConfigurations/vinzenz/git.nix new file mode 100644 index 0000000..ba7cd61 --- /dev/null +++ b/homeConfigurations/vinzenz/git.nix @@ -0,0 +1,27 @@ +{ + config.programs.git = { + enable = true; + settings = { + user = { + name = "müde"; + email = "git@darkest.space"; + }; + + aliases = { + prettylog = "log --pretty=oneline --graph"; + spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; + }; + + pull.ff = "only"; + merge.tool = "kdiff3"; + push.autoSetupRemote = "true"; + credential.credentialStore = "cache"; + }; + + ignores = [ + ".direnv" + ".idea" + ".envrc" + ]; + }; +} diff --git a/homeConfigurations/muede/gnome.nix b/homeConfigurations/vinzenz/gnome.nix similarity index 100% rename from homeConfigurations/muede/gnome.nix rename to homeConfigurations/vinzenz/gnome.nix diff --git a/homeConfigurations/muede/niri.nix b/homeConfigurations/vinzenz/niri.nix similarity index 99% rename from homeConfigurations/muede/niri.nix rename to homeConfigurations/vinzenz/niri.nix index d228899..ba55d2e 100644 --- a/homeConfigurations/muede/niri.nix +++ b/homeConfigurations/vinzenz/niri.nix @@ -56,7 +56,7 @@ from = pink_dark; to = pink_light; }; - gap-size = 6; + gap-size = 8; in { background-color = "transparent"; @@ -172,6 +172,10 @@ # Suggested binds for running programs: terminal, app launcher, screen locker. "Mod+T".action.spawn = "${lib.getBin pkgs.gnome-console}/bin/kgx"; "Mod+D".action.spawn = "${lib.getBin config.programs.fuzzel.package}/bin/fuzzel"; + "Super+Alt+L" = { + action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; + allow-when-locked = true; + }; # You can also use a shell. Do this if you need pipes, multiple commands, etc. # Note: the entire command goes as a single argument in the end. @@ -402,11 +406,6 @@ "Mod+W".action.toggle-column-tabbed-display = { }; "Mod+O".action.toggle-overview = { }; - - "Super+Alt+L" = { - action.spawn = "${pkgs.systemd}/bin/loginctl lock-session"; - allow-when-locked = true; - }; }; }; }; diff --git a/homeConfigurations/muede/ssh.nix b/homeConfigurations/vinzenz/ssh.nix similarity index 100% rename from homeConfigurations/muede/ssh.nix rename to homeConfigurations/vinzenz/ssh.nix diff --git a/homeConfigurations/muede/starship.nix b/homeConfigurations/vinzenz/starship.nix similarity index 97% rename from homeConfigurations/muede/starship.nix rename to homeConfigurations/vinzenz/starship.nix index 1550aac..458058d 100644 --- a/homeConfigurations/muede/starship.nix +++ b/homeConfigurations/vinzenz/starship.nix @@ -33,6 +33,9 @@ style_user = "bg:color_r fg:text_r"; style_root = "bold bg:color_r fg:text_r"; show_always = true; + aliases = { + "vinzenz" = "müde"; + }; }; os = { disabled = false; @@ -44,8 +47,8 @@ format = "$hostname"; ssh_symbol = ""; aliases = { - "muede-lpt2" = "lpt"; - "muede-pc2" = "pc"; + "vinzenz-lpt2" = "lpt"; + "vinzenz-pc2" = "pc"; }; }; container = { diff --git a/homeConfigurations/vinzenz/swaylock.nix b/homeConfigurations/vinzenz/swaylock.nix new file mode 100644 index 0000000..1b756ff --- /dev/null +++ b/homeConfigurations/vinzenz/swaylock.nix @@ -0,0 +1,54 @@ +# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# +{ pkgs, config, ... }: +{ + config = { + stylix.targets.swaylock = { + enable = true; + useWallpaper = true; + }; + programs.swaylock = { + enable = true; + package = pkgs.swaylock-effects; + # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd + settings = { + screenshot = false; + effect-blur = "9x9"; + effect-vignette = "0.2:0.2"; + fade-in = 0.5; + font-size = 75; + indicator-caps-lock = true; + clock = true; + indicator-radius = 400; + show-failed-attempts = true; + ignore-empty-password = true; + grace = 3.5; + indicator-thickness = 20; + }; + }; + + services.swayidle = { + enable = true; + systemdTarget = "graphical-session.target"; + timeouts = [ + { + timeout = 60; + command = "${config.programs.swaylock.package}/bin/swaylock"; + } + { + timeout = 60 * 10; + command = "${pkgs.systemd}/bin/systemctl suspend"; + } + ]; + events = [ + { + event = "before-sleep"; + command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; + } + { + event = "lock"; + command = "${config.programs.swaylock.package}/bin/swaylock"; + } + ]; + }; + }; +} diff --git a/homeConfigurations/muede/swaync.nix b/homeConfigurations/vinzenz/swaync.nix similarity index 100% rename from homeConfigurations/muede/swaync.nix rename to homeConfigurations/vinzenz/swaync.nix diff --git a/homeConfigurations/muede/vscode.nix b/homeConfigurations/vinzenz/vscode.nix similarity index 97% rename from homeConfigurations/muede/vscode.nix rename to homeConfigurations/vinzenz/vscode.nix index b7e01ab..a32a433 100644 --- a/homeConfigurations/muede/vscode.nix +++ b/homeConfigurations/vinzenz/vscode.nix @@ -37,10 +37,6 @@ "files.autoSave" = "afterDelay"; "files.autoSaveWhenNoErrors" = true; "files.autoSaveWorkspaceFilesOnly" = true; - "files.exclude" = [ - ".git" - ".direnv" - ]; "editor.fontLigatures" = true; "editor.formatOnSave" = true; diff --git a/homeConfigurations/vinzenz/waybar.css b/homeConfigurations/vinzenz/waybar.css new file mode 100644 index 0000000..0210f6f --- /dev/null +++ b/homeConfigurations/vinzenz/waybar.css @@ -0,0 +1,223 @@ +/* #region stylix overrides*/ +.modules-left #workspaces button, +.modules-left #workspaces button.focused, +.modules-left #workspaces button.active, +.modules-center #workspaces button, +.modules-center #workspaces button.focused, +.modules-center #workspaces button.active, +.modules-right #workspaces button, +.modules-right #workspaces button.focused, +.modules-right #workspaces button.active { + border-bottom: unset; +} +/* #endregion */ + +* { + font-family: sans-serif; +} + +window#waybar { + transition-property: background-color; + transition-duration: 0.5s; + background: transparent; +} + +window#waybar.hidden { + opacity: 0.2; +} + +window#waybar.termite { + background-color: #3f3f3f; +} + +window#waybar.chromium { + background-color: #000000; + border: none; +} + +.modules-left, +.modules-center, +.modules-right { + border: 0px solid #fff; + padding-bottom: 4px; + background-clip: content-box, padding-box; + background-image: + linear-gradient(90deg, @base01, @base01), + linear-gradient(90deg, #a30262, #4a6bb1); +} + +.modules-center, +.modules-left { + border-bottom-right-radius: 15px; + padding-right: 4px; +} + +.modules-center, +.modules-right { + border-bottom-left-radius: 15px; + padding-left: 4px; +} + +widget { + margin: 0px 4px; +} + +#workspaces, +#window, +#tray { + padding: 4px 6px; + margin-left: 6px; + margin-right: 6px; +} + +#workspaces button { + padding: 0 5px; + background-color: transparent; + color: #ffffff; + border-radius: 15px; +} + +#workspaces button:hover { + background: rgba(0, 0, 0, 0.2); +} + +#workspaces button.focused, +#workspaces button.active { + background-color: @base03; +} + +#workspaces button.urgent { + background-color: #eb4d4b; +} + +#mode { + background-color: #64727d; + box-shadow: inset 0 -3px #ffffff; +} + +#clock, +#battery, +#cpu, +#memory, +#disk, +#temperature, +#backlight, +#network, +#pulseaudio, +#wireplumber, +#custom-media, +#mode, +#idle_inhibitor, +#scratchpad, +#power-profiles-daemon, +#mpd { + padding: 0 10px; + color: #ffffff; +} + +#window, +#workspaces { + margin: 0 4px; +} + +/* If workspaces is the leftmost module, omit left margin */ +.modules-left > widget:first-child > #workspaces { + margin-left: 0; +} + +/* If workspaces is the rightmost module, omit right margin */ +.modules-right > widget:last-child > #workspaces { + margin-right: 0; +} + +@keyframes blink { + to { + background-color: #ffffff; + color: #000000; + } +} + +/* Using steps() instead of linear as a timing function to limit cpu usage */ +#battery.critical:not(.charging) { + background-color: #f53c3c; + color: #ffffff; + animation-name: blink; + animation-duration: 0.5s; + animation-timing-function: steps(12); + animation-iteration-count: infinite; + animation-direction: alternate; +} + +#power-profiles-daemon { + padding-right: 15px; +} + +#power-profiles-daemon.performance { + color: #f53c3c; +} + +#power-profiles-daemon.balanced { + color: #2980b9; +} + +#power-profiles-daemon.power-saver { + color: #2ecc71; +} + +#tray > .passive { + -gtk-icon-effect: dim; +} + +#tray > .needs-attention { + -gtk-icon-effect: highlight; + background-color: #eb4d4b; +} + +#language { + padding: 0 5px; + margin: 0 5px; + min-width: 16px; +} + +#keyboard-state { + padding: 0 0px; + margin: 0 5px; + min-width: 16px; +} + +#keyboard-state > label { + padding: 0 5px; +} + +#keyboard-state > label.locked { + background: rgba(0, 0, 0, 0.2); +} + +#scratchpad { + background: rgba(0, 0, 0, 0.2); +} + +#scratchpad.empty { + background-color: transparent; +} + +#privacy { + padding: 0; +} + +#privacy-item { + padding: 0 5px; + color: white; +} + +#privacy-item.screenshare { + background-color: #cf5700; +} + +#privacy-item.audio-in { + background-color: #1ca000; +} + +#privacy-item.audio-out { + background-color: #0069d4; +} diff --git a/homeConfigurations/muede/waybar.nix b/homeConfigurations/vinzenz/waybar.nix similarity index 84% rename from homeConfigurations/muede/waybar.nix rename to homeConfigurations/vinzenz/waybar.nix index 1f014e2..b04fd5b 100644 --- a/homeConfigurations/muede/waybar.nix +++ b/homeConfigurations/vinzenz/waybar.nix @@ -37,24 +37,37 @@ "custom/swaync" ]; modules-right = [ - "mpris" - "wireplumber" - "bluetooth" - "backlight" - "network" - "power-profiles-daemon" - "idle_inhibitor" + "group/system-tray" #"image" - "custom/weather" - "temperature" - "cpu" - "memory" - "disk" - # "battery" - "upower" + "group/status-infos" "custom/wlogout" ]; + "group/system-tray" = { + orientation = "inherit"; + modules = [ + "mpris" + "wireplumber" + "bluetooth" + "backlight" + "network" + "power-profiles-daemon" + "idle_inhibitor" + ]; + }; + "group/status-infos" = { + orientation = "inherit"; + modules = [ + "custom/weather" + "temperature" + "cpu" + "memory" + "disk" + # "battery" + "upower" + ]; + }; + "niri/workspaces" = { format = "{icon}"; }; @@ -63,17 +76,17 @@ icon = true; }; network = { - #interface = "wlo1"; + interface = "wlo1"; format = "{ifname}"; - format-wifi = " {essid}"; - format-ethernet = "󰈀"; - format-linked = "󱘖"; - format-disconnected = "󰣽"; + format-wifi = " "; + format-ethernet = "󰈀 "; + format-linked = "󱘖 "; + format-disconnected = "󰣽 "; tooltip-format = "{ifname} via {gwaddr}"; tooltip-format-wifi = "{essid} ({signalStrength}%)"; tooltip-format-ethernet = "{ifname} {ipaddr}/{cidr}"; tooltip-format-disconnected = "Disconnected"; - max-length = 20; + max-length = 50; }; clock = { format = "{:%a, %d. %b %H:%M}"; @@ -104,7 +117,7 @@ icon-size = 14; }; battery = { - format = "{icon} {capacity}%"; + format = "{capacity}% {icon}"; format-icons = [ "󰂎" # 0% "󰁺" # 10% @@ -163,20 +176,19 @@ }; cpu = { interval = 1; - format = " {usage:>2}%@{avg_frequency:>3.2f}"; + format = "{usage:3}%@{avg_frequency:4}"; }; disk = { - format = " {percentage_free}% {specific_total:>2.1f}"; - unit = "TB"; + format = "{free}/{total}"; }; "custom/wlogout" = { - format = ""; + format = " "; tooltip = false; on-click = "wlogout"; min-width = 20; }; idle_inhibitor = { - format = "{icon}"; + format = "{icon} "; format-icons = { activated = ""; deactivated = ""; @@ -201,7 +213,7 @@ # on-click = "playerctl play-pause"; # }; mpris = { - format = "{status_icon} {player}"; + format = "{status_icon} {player} "; tooltip-format = "{player} ({status_icon} {status}) {dynamic}"; status-icons = { playing = ""; @@ -210,7 +222,7 @@ }; }; memory = { - format = " {}%"; + format = "{}%  "; }; power-profiles-daemon = { format = "{icon}"; @@ -224,7 +236,7 @@ }; }; wireplumber = { - format = "{icon} {volume}%"; + format = "{volume}% {icon}"; format-muted = ""; format-icons = [ "" @@ -233,16 +245,16 @@ ]; }; temperature = { - format = " {temperatureC}°C"; + format = "{temperatureC}°C "; }; tray = { spacing = 4; show-passive-items = true; }; bluetooth = { - format = " {status}"; - format-connected = " {device_alias}"; - format-connected-battery = " {device_alias} {device_battery_percentage}%"; + format = "  {status} "; + format-connected = "  {device_alias} "; + format-connected-battery = "  {device_alias} {device_battery_percentage}% "; tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected"; tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}"; tooltip-format-enumerate-connected = "{device_alias}\t{device_address}"; @@ -254,7 +266,7 @@ in { tooltip = true; - format = "{icon} {0}"; + format = "{icon} {0} "; format-icons = { notification = "󱅫"; none = "󰂜"; @@ -272,7 +284,7 @@ escape = true; }; "custom/weather" = { - format = "{}"; + format = "{}°"; tooltip = true; interval = 3600; exec = "${lib.getBin pkgs.wttrbar}/bin/wttrbar --nerd"; diff --git a/homeConfigurations/muede/wlogout.nix b/homeConfigurations/vinzenz/wlogout.nix similarity index 100% rename from homeConfigurations/muede/wlogout.nix rename to homeConfigurations/vinzenz/wlogout.nix diff --git a/homeConfigurations/muede/zsh.nix b/homeConfigurations/vinzenz/zsh.nix similarity index 94% rename from homeConfigurations/muede/zsh.nix rename to homeConfigurations/vinzenz/zsh.nix index 16f00e1..f2fc674 100644 --- a/homeConfigurations/muede/zsh.nix +++ b/homeConfigurations/vinzenz/zsh.nix @@ -2,7 +2,7 @@ { config.programs.zsh = { initContent = '' - export PATH=$PATH:$HOME/.cargo/bin + export PATH=$PATH:/home/vinzenz/.cargo/bin bindkey "^[[1;5C" forward-word bindkey "^[[1;5D" backward-word diff --git a/homeModules/git.nix b/homeModules/git.nix new file mode 100644 index 0000000..5da1ba7 --- /dev/null +++ b/homeModules/git.nix @@ -0,0 +1,13 @@ +{ + programs = { + git = { + enable = true; + settings.init.defaultBranch = "main"; + }; + + gh = { + enable = true; + gitCredentialHelper.enable = true; + }; + }; +} diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix index 20b3a70..9c30c40 100644 --- a/homeModules/gnome-extensions.nix +++ b/homeModules/gnome-extensions.nix @@ -6,7 +6,7 @@ ... }: { - options.my.gnome-extensions = + options.vinzenz.gnome-extensions = let mkDefaultEnabledOption = name: @@ -18,7 +18,7 @@ }; in { - enable = lib.mkEnableOption "gnome extended options"; + enable = mkDefaultEnabledOption "gnome extended options"; appindicator.enable = mkDefaultEnabledOption "appindicator"; caffeine.enable = mkDefaultEnabledOption "caffeine"; tailscale-qs.enable = lib.mkOption { @@ -40,7 +40,7 @@ config = let - cfg = config.my.gnome-extensions; + cfg = config.vinzenz.gnome-extensions; in lib.mkIf cfg.enable ( lib.mkMerge [ diff --git a/homeModules/nano.nix b/homeModules/nano.nix index 2293b99..ab3e7b2 100644 --- a/homeModules/nano.nix +++ b/homeModules/nano.nix @@ -1,14 +1,9 @@ -{ lib, config, ... }: { - options.my.nano.enable = lib.mkEnableOption "nano editor config"; - - config = lib.mkIf config.my.nano.enable { - home = { - sessionVariables.EDITOR = "nano"; - file.".nanorc".text = '' - set linenumbers - set mouse - ''; - }; + home = { + sessionVariables.EDITOR = "nano"; + file.".nanorc".text = '' + set linenumbers + set mouse + ''; }; } diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix deleted file mode 100644 index 686bf84..0000000 --- a/homeModules/tailscale.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - osConfig, - thisDevice, - ... -}: -{ - options.my.tailscale.enable = lib.mkOption { - type = lib.types.bool; - default = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; - description = "Whether to enable the Tailscale system tray applet. Defaults to true on desktops with Tailscale enabled."; - }; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale-systray.enable = true; - }; -} diff --git a/homeModules/templates.nix b/homeModules/templates.nix index e0a6df2..71d2e0b 100644 --- a/homeModules/templates.nix +++ b/homeModules/templates.nix @@ -1,17 +1,12 @@ -{ lib, config, ... }: { - options.my.templates.enable = lib.mkEnableOption "file templates"; - - config = lib.mkIf config.my.templates.enable { - home.file = { - "Templates/Empty file".text = ""; - "Templates/Empty bash script".text = '' - #!/usr/bin/env bash - # abort on error, undefined variables - set -eu - # print commands before execution - set -x - ''; - }; + home.file = { + "Templates/Empty file".text = ""; + "Templates/Empty bash script".text = '' + #!/usr/bin/env bash + # abort on error, undefined variables + set -eu + # print commands before execution + set -x + ''; }; } diff --git a/homeModules/zsh-basics.nix b/homeModules/zsh-basics.nix index 50e116a..0b0e281 100644 --- a/homeModules/zsh-basics.nix +++ b/homeModules/zsh-basics.nix @@ -1,18 +1,13 @@ -{ lib, config, ... }: { - options.my.zsh.enable = lib.mkEnableOption "zsh with basic settings"; + programs = { + command-not-found.enable = true; + dircolors.enable = true; - config = lib.mkIf config.my.zsh.enable { - programs = { - command-not-found.enable = true; - dircolors.enable = true; - - zsh = { - enable = true; - syntaxHighlighting.enable = true; - autosuggestion.enable = true; - enableVteIntegration = true; - }; + zsh = { + enable = true; + syntaxHighlighting.enable = true; + autosuggestion.enable = true; + enableVteIntegration = true; }; }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 6082283..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - inputs, - lib, -}: -let - allDevices = import ./devices.nix { inherit (inputs) self; }; - inherit (inputs) - self - home-manager - lanzaboote - nova-shell - servicepoint-cli - servicepoint-simulator - servicepoint-tanks - stylix - zerforschen-plus - ; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) allDevices; -in -forDevice ( - { - device, - system, - isDesktop ? false, - home-manager-users ? { }, - nixosSystem ? inputs.nixpkgs.lib.nixosSystem, - ... - }@thisDevice: - let - specialArgs = inputs // { - inherit - device - home-manager-users - allDevices - thisDevice - ; - }; - in - nixosSystem { - inherit specialArgs; - modules = [ - ./nixosConfigurations/${device} - self.nixosModules.default - - # keep-sorted start - home-manager.nixosModules.home-manager - lanzaboote.nixosModules.lanzaboote - stylix.nixosModules.stylix - zerforschen-plus.nixosModules.default - # keep-sorted end - - # Base config - { - nixpkgs.hostPlatform = lib.mkDefault system; - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - documentation = { - info.enable = false; - doc.enable = false; - }; - - time.timeZone = lib.mkDefault "Etc/UTC"; - - my = { - # keep-sorted start - autoupdate.enable = true; - distributedBuilds.enable = true; - extraCaches.enable = true; - git.enable = true; - globalinstalls.enable = true; - lixIsNix.enable = true; - openssh.enable = true; - overlays.unstable.enable = true; - # prometheusNode.enable = true; - systemdBoot.enable = true; - tailscale.enable = true; - # keep-sorted end - - # keep-sorted start - enDe.enable = isDesktop; - firmwareUpdates.enable = isDesktop; - gnome.enable = isDesktop; - kdeconnect.enable = isDesktop; - modernDesktop.enable = isDesktop; - nixLd.enable = isDesktop; - overlays.vscodeExtensions.enable = isDesktop; - quietBoot.enable = isDesktop; - stylix.enable = isDesktop; - # keep-sorted end - }; - } - ] - ++ lib.optionals isDesktop [ - inputs.niri.nixosModules.niri - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - - # Desktop config - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ { home.stateVersion = "22.11"; } ] ++ builtins.attrValues self.homeModules; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - } - ]; - } -) diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix deleted file mode 100644 index b6c1e1a..0000000 --- a/nixosConfigurations/aur0ra-installer/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - nixos-images, - config, - lib, - modulesPath, - ... -}: -{ - imports = [ - ../aur0ra - # nixos-images.nixosModules.sdimage-installer - ]; - disabledModules = [ - # disable the sd-image module that nixos-images uses - # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") - ]; -} diff --git a/nixosConfigurations/aur0ra/default.nix b/nixosConfigurations/aur0ra/default.nix deleted file mode 100644 index 20aa8c3..0000000 --- a/nixosConfigurations/aur0ra/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./hardware.nix - ./nice-looking-console.nix - ]; - - users.users.ruth = { - # initialPassword = "setup"; - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "video" - ]; - # Allow the graphical user to login without password - initialHashedPassword = ""; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" - ]; - }; - nix.settings.trusted-users = [ "ruth" ]; - - # Don't require sudo/root to `reboot` or `poweroff`. - security.polkit.enable = true; - - # Allow passwordless sudo from nixos user - security.sudo = { - enable = true; - wheelNeedsPassword = false; - }; - - services.openssh.enable = true; - - # https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix - - networking.firewall.logRefusedConnections = lib.mkDefault false; - - # Use networkd instead of the pile of shell scripts - # NOTE: SK: is it safe to combine with NetworkManager on desktops? - networking.useNetworkd = lib.mkDefault true; - - # The notion of "online" is a broken concept - # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 - # https://github.com/NixOS/nixpkgs/issues/247608 - systemd.services.NetworkManager-wait-online.enable = false; - systemd.network.wait-online.enable = false; - - # Do not take down the network for too long when upgrading, - # This also prevents failures of services that are restarted instead of stopped. - # It will use `systemctl restart` rather than stopping it with `systemctl stop` - # followed by a delayed `systemctl start`. - systemd.services.systemd-networkd.stopIfChanged = false; - # Services that are only restarted might be not able to resolve when resolved is stopped before - systemd.services.systemd-resolved.stopIfChanged = false; -} diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix deleted file mode 100644 index 8642f79..0000000 --- a/nixosConfigurations/aur0ra/hardware.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ nixos-raspberrypi, lib, ... }: -{ - imports = with nixos-raspberrypi.nixosModules; [ - raspberry-pi-5.base - raspberry-pi-5.bluetooth - raspberry-pi-5.page-size-16k - raspberry-pi-5.display-vc4 - ]; - - # No one got time for xz compression. - #isoImage.squashfsCompression = "zstd"; - - boot.loader.raspberry-pi.bootloader = "kernel"; - - my.systemdBoot.enable = lib.mkForce false; - - /* - fileSystems = { - "/boot/firmware" = { - # TODO - device = "/dev/disk/by-uuid/2175-794E"; - fsType = "vfat"; - options = [ - "noatime" - "noauto" - "x-systemd.automount" - "x-systemd.idle-timeout=1min" - ]; - }; - "/" = { - # TODO - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - */ - - hardware.raspberry-pi.config = { - all = { - # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters - # Base DTB parameters - # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 - base-dt-params = { - - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie - pciex1 = { - enable = true; - value = "on"; - }; - # PCIe Gen 3.0 - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 - pciex1_gen = { - enable = true; - value = "3"; - }; - - }; - - }; - }; -} diff --git a/nixosConfigurations/aur0ra/nice-looking-console.nix b/nixosConfigurations/aur0ra/nice-looking-console.nix deleted file mode 100644 index 847bfc2..0000000 --- a/nixosConfigurations/aur0ra/nice-looking-console.nix +++ /dev/null @@ -1,32 +0,0 @@ -# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix -{ lib, pkgs, ... }: -{ - # The following have been borrowed from: - # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 - - console.earlySetup = true; - # ter-u22n is probably too big - console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; - - # Make colored console output more readable - # for example, `ip addr`s (blues are too dark by default) - # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ - console.colors = lib.mkDefault [ - "000000" - "CC0000" - "4E9A06" - "C4A000" - "3465A4" - "75507B" - "06989A" - "D3D7CF" - "555753" - "EF2929" - "8AE234" - "FCE94F" - "739FCF" - "AD7FA8" - "34E2E2" - "EEEEEC" - ]; -} diff --git a/nixosConfigurations/damocles-lab/default.nix b/nixosConfigurations/damocles-lab/default.nix deleted file mode 100644 index 705e31a..0000000 --- a/nixosConfigurations/damocles-lab/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ ../damocles/claude-container.nix ]; - - services.openssh = { - enable = true; - ports = [ 2222 ]; - # Path written into sshd_config as a string — not read at eval time. - # Key can be rotated without a rebuild. - authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ]; - }; - - environment.systemPackages = with pkgs; [ - - ]; -} diff --git a/nixosConfigurations/damocles/android-dev.nix b/nixosConfigurations/damocles/android-dev.nix deleted file mode 100644 index f484e6a..0000000 --- a/nixosConfigurations/damocles/android-dev.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -let - androidComposition = pkgs.androidenv.composeAndroidPackages { - buildToolsVersions = [ "36.1.0" ]; - platformVersions = [ "35" ]; - includeNDK = false; - includeEmulator = false; - includeSystemImages = false; - }; - androidSdk = androidComposition.androidsdk; -in -{ - nixpkgs.config.android_sdk.accept_license = true; - - my.allowedUnfreePackages = [ - "android-sdk-cmdline-tools" - "android-sdk-platform-tools" - "android-sdk-tools" - "android-sdk-build-tools" - "android-sdk-platforms" - - # wtf - "platform-tools" - "tools" - "build-tools" - "cmdline-tools" - "platforms" - "cmake" # android sdk repackage - ]; - - environment.systemPackages = with pkgs; [ - androidSdk - gradle - kotlin - jdk21 - ]; - - environment.variables = { - ANDROID_HOME = "${androidSdk}/libexec/android-sdk"; - ANDROID_SDK_ROOT = "${androidSdk}/libexec/android-sdk"; - JAVA_HOME = "${pkgs.jdk21}"; - }; -} diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix deleted file mode 100644 index 8093878..0000000 --- a/nixosConfigurations/damocles/claude-container.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - pkgs, - lib, - ... -}: -{ - - my = { - allowedUnfreePackages = [ "claude-code" ]; - overlays.unstable.enable = true; - }; - - environment.systemPackages = with pkgs; [ - unstable.claude-code - git - python3 - coreutils-full - gawk - gnugrep - curl - bintools - ]; - - boot.isContainer = true; - - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc.lib - zlib - ]; - }; - - # Container shares host network namespace (privateNetwork = false), so the - # host's tailscale already covers this. Running a second tailscaled in the - # same netns fights over routing and breaks connectivity after sleep/wake. - services.tailscale.enable = lib.mkForce false; - networking.firewall.checkReversePath = lib.mkForce "strict"; - - users.users.muede = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - security.sudo.wheelNeedsPassword = false; -} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix deleted file mode 100644 index a511d47..0000000 --- a/nixosConfigurations/damocles/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./android-dev.nix - ./claude-container.nix - ]; - - environment.systemPackages = with pkgs; [ - cargo - rustc - clippy - gh - buildPackages.stdenv.cc - ]; -} diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix index 19b6219..02c6ae8 100644 --- a/nixosConfigurations/epimetheus/default.nix +++ b/nixosConfigurations/epimetheus/default.nix @@ -1,13 +1,8 @@ -{ modulesPath, ... }: +{ self, ... }: { - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + imports = [ self.nixosModules.pxvirt-guest ]; config = { - my.pxvirtGuest.enable = true; - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; }; } diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index 41c7717..c64882b 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,13 +1,12 @@ -{ ... }: +{ self, ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix + self.nixosModules.podman ]; config = { - my.podman.enable = true; - # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; services.tailscale.useRoutingFeatures = "both"; @@ -15,9 +14,9 @@ users.users = { root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" ]; }; }; diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix new file mode 100644 index 0000000..367ef2b --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in +{ + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx.virtualHosts = { + "zerforschen.plus" = { + enableACME = true; + forceSSL = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; + }; +} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 5974763..5d58835 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,6 +2,8 @@ imports = [ ./hardware.nix ./nginx.nix + ./headscale.nix + ./blog.nix ]; config = { @@ -12,9 +14,9 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" ]; system.autoUpgrade.allowReboot = true; diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix new file mode 100644 index 0000000..6eac407 --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -0,0 +1,43 @@ +let + headscale-port = 8668; +in +{ + # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER + + services = { + headscale = { + enable = true; + address = "localhost"; + port = headscale-port; + settings = { + server_url = "https://uplink.darkest.space/"; + dns = { + override_local_dns = false; + base_domain = "high-gravity.space"; + }; + derp = { + server = { + enabled = true; + verify_clients = true; + stun_listen_addr = "0.0.0.0:3478"; + ipv4 = "78.46.242.90"; + ipv6 = "2a01:4f8:c013:65dd::1"; + }; + urls = [ ]; + }; + }; + }; + + nginx.virtualHosts."uplink.darkest.space" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString headscale-port}"; + proxyWebsockets = true; + }; + }; + }; + + # for DERP + networking.firewall.allowedUDPPorts = [ 3478 ]; +} diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index aa399aa..7178b0d 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,62 +1,19 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; }; networking.firewall.allowedTCPPorts = [ 80 443 - 5201 ]; } diff --git a/nixosConfigurations/muede-lpt2/containers.nix b/nixosConfigurations/muede-lpt2/containers.nix deleted file mode 100644 index 7033b52..0000000 --- a/nixosConfigurations/muede-lpt2/containers.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ self, ... }: -{ - config = { - boot.enableContainers = true; - virtualisation.containers.enable = true; - - containers.damocles = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-lab" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - }; - - containers.damocles-lab = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/workspace" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - }; - - # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn - # before it finishes halting, leaving cgroups busy and breaking restarts. - systemd.services."container@damocles".serviceConfig = { - TimeoutStopSec = "60s"; - # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. - # Without this, the immediate restart attempt fails with "Device or resource busy". - RestartSec = "5s"; - }; - - systemd.services."container@damocles-lab".serviceConfig = { - TimeoutStopSec = "60s"; - RestartSec = "5s"; - }; - }; -} diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 2a56407..7630611 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,19 +1,20 @@ -{ pkgs, ... }: +{ + config, + pkgs, + self, + ... +}: { imports = [ ./hardware.nix + self.nixosModules.user-ronja + self.nixosModules.gnome + self.nixosModules.steam + self.nixosModules.wine-gaming + self.nixosModules.vinzenz-desktop-settings ]; config = { - my = { - # keep-sorted start - muedeDesktopSettings.enable = true; - steam.enable = true; - users.ronja.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - # Configure keymap in X11 services.xserver.xkb = { layout = "de"; @@ -23,6 +24,8 @@ # Configure console keymap console.keyMap = "de"; + # List packages installed in system profile. To search, run: + # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/vinzenz-lpt2/default.nix similarity index 68% rename from nixosConfigurations/muede-lpt2/default.nix rename to nixosConfigurations/vinzenz-lpt2/default.nix index be7927c..8b2c909 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/vinzenz-lpt2/default.nix @@ -1,23 +1,18 @@ { self, ... }: { imports = [ - ./containers.nix ./hardware.nix + self.nixosModules.user-vinzenz + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.intel-graphics + self.nixosModules.secure-boot ]; config = { - my = { - # keep-sorted start - intelGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" @@ -32,9 +27,9 @@ # Configure console keymap console.keyMap = "de"; - users.users.muede.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" + users.users.vinzenz.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" ]; programs = { diff --git a/nixosConfigurations/muede-lpt2/hardware.nix b/nixosConfigurations/vinzenz-lpt2/hardware.nix similarity index 100% rename from nixosConfigurations/muede-lpt2/hardware.nix rename to nixosConfigurations/vinzenz-lpt2/hardware.nix diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/vinzenz-pc2/default.nix similarity index 55% rename from nixosConfigurations/muede-pc2/default.nix rename to nixosConfigurations/vinzenz-pc2/default.nix index 42f77b3..2c1fb29 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/vinzenz-pc2/default.nix @@ -1,25 +1,21 @@ -{ pkgs, ... }: +{ pkgs, self, ... }: { imports = [ ./hardware.nix - # ./vscode-server.nix - # ./hass.nix + ./vscode-server.nix + ./hass.nix + + self.nixosModules.user-vinzenz + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.amd-graphics + self.nixosModules.secure-boot ]; config = { - my = { - # keep-sorted start - amdGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" @@ -34,10 +30,10 @@ # Configure console keymap console.keyMap = "de"; - users.users.muede.openssh.authorizedKeys.keys = [ + users.users.vinzenz.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" ]; environment.systemPackages = with pkgs; [ lact ]; diff --git a/nixosConfigurations/muede-pc2/fstab.nix b/nixosConfigurations/vinzenz-pc2/fstab.nix similarity index 100% rename from nixosConfigurations/muede-pc2/fstab.nix rename to nixosConfigurations/vinzenz-pc2/fstab.nix diff --git a/nixosConfigurations/muede-pc2/hardware.nix b/nixosConfigurations/vinzenz-pc2/hardware.nix similarity index 100% rename from nixosConfigurations/muede-pc2/hardware.nix rename to nixosConfigurations/vinzenz-pc2/hardware.nix diff --git a/nixosConfigurations/muede-pc2/hass.nix b/nixosConfigurations/vinzenz-pc2/hass.nix similarity index 100% rename from nixosConfigurations/muede-pc2/hass.nix rename to nixosConfigurations/vinzenz-pc2/hass.nix diff --git a/nixosConfigurations/muede-pc2/vscode-server.nix b/nixosConfigurations/vinzenz-pc2/vscode-server.nix similarity index 100% rename from nixosConfigurations/muede-pc2/vscode-server.nix rename to nixosConfigurations/vinzenz-pc2/vscode-server.nix diff --git a/nixosModules/allowed-unfree-list.nix b/nixosModules/allowed-unfree-list.nix index 2aee96f..7bfa758 100644 --- a/nixosModules/allowed-unfree-list.nix +++ b/nixosModules/allowed-unfree-list.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - options.my.allowedUnfreePackages = lib.mkOption { + options.allowedUnfreePackages = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "steam" ]; @@ -10,7 +10,7 @@ nixpkgs.config = { # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 allowUnfreePredicate = lib.mkDefault ( - pkg: builtins.elem (lib.getName pkg) config.my.allowedUnfreePackages + pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages ); }; }; diff --git a/nixosModules/amd-graphics.nix b/nixosModules/amd-graphics.nix index 1baeb24..9bc386c 100644 --- a/nixosModules/amd-graphics.nix +++ b/nixosModules/amd-graphics.nix @@ -1,24 +1,15 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers"; + boot.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; - config = lib.mkIf config.my.amdGraphics.enable { - boot.kernelModules = [ "amdgpu" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; - - hardware = { - graphics.enable = true; - amdgpu = { - opencl.enable = true; - overdrive.enable = true; - }; + hardware = { + graphics.enable = true; + amdgpu = { + opencl.enable = true; + overdrive.enable = true; }; - - environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; }; + + environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; } diff --git a/nixosModules/autoupdate.nix b/nixosModules/autoupdate.nix index 028cfd7..0f26b7e 100644 --- a/nixosModules/autoupdate.nix +++ b/nixosModules/autoupdate.nix @@ -1,21 +1,16 @@ -{ lib, config, ... }: { - options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; - - config = lib.mkIf config.my.autoupdate.enable { - nix = { - optimise.automatic = true; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; - }; - - system.autoUpgrade = { - enable = true; + nix = { + optimise.automatic = true; + gc = { + automatic = true; dates = "daily"; - # do not forget to set `flake` when using this module! + options = "--delete-older-than 7d"; }; }; + + system.autoUpgrade = { + enable = true; + dates = "daily"; + # do not forget to set `flake` when using this module! + }; } diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix deleted file mode 100644 index c08d657..0000000 --- a/nixosModules/distributed-builds.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - allDevices, - thisDevice, - ... -}: -let - clientSshKeyPath = "/etc/nix/distributed-build-key"; - buildUser = "remotebuild"; - - # Collect all per-device public keys that have been registered. - allClientPublicKeys = lib.pipe allDevices [ - (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey)) - (lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey)) - ]; - - isClient = (thisDevice.distributedBuilds or { }) ? clientPublicKey; - - buildServerDevices = lib.filterAttrs ( - _: v: (v.distributedBuilds or { }).isBuilder or false - ) allDevices; - - sshHostname = m: m.publicFqdn or m.hostName; - - buildServerKnownHosts = lib.pipe buildServerDevices [ - (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs ( - name: v: { - publicKey = v.distributedBuilds.hostPublicKey; - hostNames = [ (v.publicFqdn or name) ]; - } - )) - ]; - - remoteBuildServerDevices = builtins.filter (m: m.hostName != config.networking.hostName) ( - lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices - ); - - buildMachines = map ( - m: - { - hostName = sshHostname m; - systems = [ m.system ]; - sshUser = buildUser; - sshKey = clientSshKeyPath; - protocol = "ssh-ng"; - } - // lib.optionalAttrs (m.distributedBuilds ? speedFactor) { - speedFactor = m.distributedBuilds.speedFactor; - } - // { - supportedFeatures = [ - "nixos-test" - "big-parallel" - "kvm" - "benchmark" - ]; - } - ) remoteBuildServerDevices; -in -{ - options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; - - config = lib.mkIf config.my.distributedBuilds.enable ( - lib.mkMerge [ - - # All machines - { - assertions = - lib.mapAttrsToList (name: v: { - assertion = v.distributedBuilds ? hostPublicKey && v.distributedBuilds ? storeSigningPublicKey; - message = "devices.${name}: isBuilder = true requires distributedBuilds.hostPublicKey and distributedBuilds.storeSigningPublicKey"; - }) buildServerDevices - ++ lib.mapAttrsToList (name: v: { - assertion = lib.hasPrefix "ssh-" v.distributedBuilds.clientPublicKey; - message = "devices.${name}: distributedBuilds.clientPublicKey must start with 'ssh-'"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey) allDevices) - ++ lib.mapAttrsToList (name: v: { - assertion = builtins.match ".+:.+" v.distributedBuilds.storeSigningPublicKey != null; - message = "devices.${name}: distributedBuilds.storeSigningPublicKey must be in ':' format"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices); - - nix.settings = { - #fallback = true; - connect-timeout = 5; - trusted-public-keys = lib.pipe buildServerDevices [ - (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) - (builtins.filter (k: k != null)) - ]; - max-jobs = (thisDevice.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - }; - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - } - - # Server: accept incoming build connections - (lib.mkIf (thisDevice.distributedBuilds.isBuilder or false) { - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map ( - k: ''command="nix daemon --stdio",restrict ${k}'' - ) allClientPublicKeys; - }; - users.groups.${buildUser} = { }; - nix.settings = { - trusted-users = [ buildUser ]; - secret-key-files = [ "/etc/nix/signing-key.sec" ]; - }; - }) - - # Client: connect to build servers for building and substitution - (lib.mkIf isClient { - programs.ssh = { - knownHosts = buildServerKnownHosts; - extraConfig = lib.concatStringsSep "\n" ( - lib.mapAttrsToList ( - name: v: - let - names = lib.unique [ - name - (v.publicFqdn or name) - ]; - in - '' - Match originalhost ${lib.concatStringsSep "," names} user ${buildUser} - IdentityFile ${clientSshKeyPath} - IdentitiesOnly yes - '' - ) buildServerDevices - ); - }; - nix = { - distributedBuilds = buildMachines != [ ]; - buildMachines = buildMachines; - settings = { - builders-use-substitutes = true; - substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") ( - builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices - ); - }; - }; - }) - - ] - ); -} diff --git a/nixosModules/en-de.nix b/nixosModules/en-de.nix index 4a35b28..a91780e 100644 --- a/nixosModules/en-de.nix +++ b/nixosModules/en-de.nix @@ -1,40 +1,31 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; - - config = lib.mkIf config.my.enDe.enable { - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocales = [ - "de_DE.UTF-8/UTF-8" - ]; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocales = [ + "de_DE.UTF-8/UTF-8" + ]; + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; }; - - programs.firefox.languagePacks = [ - "en-US" - "de" - ]; - - environment.systemPackages = [ - pkgs.hunspell - pkgs.hunspellDicts.de-de - pkgs.hunspellDicts.en-us - ]; }; + + programs.firefox.languagePacks = [ + "en-US" + "de" + ]; + + environment.systemPackages = [ + pkgs.hunspell + pkgs.hunspellDicts.de-de + pkgs.hunspellDicts.en-us + ]; } diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 6a72755..6af372f 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,27 +1,16 @@ -{ lib, config, ... }: { - options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; - - config = lib.mkIf config.my.extraCaches.enable { - nix.settings = { - substituters = [ - # keep-sorted start - "https://cache.lix.systems" - "https://cache.nixos.org/" - "https://niri.cachix.org" - "https://nix-community.cachix.org" - "https://nixos-raspberrypi.cachix.org" - # keep-sorted end - ]; - trusted-public-keys = [ - # keep-sorted start - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - # keep-sorted end - ]; - }; + nix.settings = { + substituters = [ + "https://cache.nixos.org/" + "https://nix-community.cachix.org" + "https://cache.lix.systems" + "https://niri.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + ]; }; } diff --git a/nixosModules/firmware-updates.nix b/nixosModules/firmware-updates.nix index 61b2ff8..8e81b72 100644 --- a/nixosModules/firmware-updates.nix +++ b/nixosModules/firmware-updates.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; - - config = lib.mkIf config.my.firmwareUpdates.enable { - hardware = { - enableRedistributableFirmware = true; - cpu = { - amd.updateMicrocode = true; - intel.updateMicrocode = true; - }; + hardware = { + enableRedistributableFirmware = true; + cpu = { + amd.updateMicrocode = true; + intel.updateMicrocode = true; }; - - services.fwupd.enable = true; }; + + services.fwupd.enable = true; } diff --git a/nixosModules/git.nix b/nixosModules/git.nix deleted file mode 100644 index ffe5c78..0000000 --- a/nixosModules/git.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.git.enable = lib.mkEnableOption "git with credential helper"; - - config = lib.mkIf config.my.git.enable { - environment.systemPackages = [ pkgs.git-credential-oauth ]; - - programs.git = { - enable = true; - config = { - init.defaultBranch = "main"; - credential = { - helper = "oauth"; - credentialStore = "cache"; - }; - }; - }; - }; -} diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix new file mode 100644 index 0000000..eda369d --- /dev/null +++ b/nixosModules/global-settings-desktop.nix @@ -0,0 +1,56 @@ +{ + home-manager-users, + self, + home-manager, + servicepoint-cli, + servicepoint-simulator, + servicepoint-tanks, + stylix, + specialArgs, + ... +}: +{ + imports = [ + # keep-sorted start + home-manager.nixosModules.home-manager + self.nixosModules.en-de + self.nixosModules.firmware-updates + self.nixosModules.gnome + self.nixosModules.kdeconnect + self.nixosModules.modern-desktop + self.nixosModules.niri + self.nixosModules.nix-ld + self.nixosModules.pkgs-unstable + self.nixosModules.pkgs-vscode-extensions + self.nixosModules.quiet-boot + self.nixosModules.stylix + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + # keep-sorted end + ]; + + config = { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + }; + + time.timeZone = "Europe/Berlin"; + + home-manager.sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + + home-manager.users = home-manager-users; + }; +} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix new file mode 100644 index 0000000..77bddae --- /dev/null +++ b/nixosModules/global-settings.nix @@ -0,0 +1,47 @@ +{ + device, + self, + lanzaboote, + zerforschen-plus, + ... +}: +{ + imports = [ + # keep-sorted start + lanzaboote.nixosModules.lanzaboote + self.nixosModules.allowed-unfree-list + self.nixosModules.autoupdate + self.nixosModules.default + self.nixosModules.extra-caches + self.nixosModules.globalinstalls + self.nixosModules.lix-is-nix + self.nixosModules.openssh + self.nixosModules.prometheus-node + self.nixosModules.systemd-boot + self.nixosModules.tailscale + zerforschen-plus.nixosModules.default + # keep-sorted end + ]; + + config = { + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + + nixpkgs.overlays = [ + self.overlays.unstable-packages + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + documentation = { + info.enable = false; # info pages and the info command + doc.enable = false; # documentation distributed in packages' /share/doc + }; + }; +} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 6c914c7..47fb343 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -1,31 +1,23 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; + environment.systemPackages = with pkgs; [ + ncdu + glances + lsof + dig + screen + tldr + nix-output-monitor + ]; - config = lib.mkIf config.my.globalinstalls.enable { - environment.systemPackages = with pkgs; [ - ncdu - glances - lsof - dig - screen - tldr - nix-output-monitor - ]; - - programs = { - zsh.enable = true; - htop.enable = true; - iotop.enable = true; - nano = { - enable = true; - syntaxHighlight = true; - }; + programs = { + zsh.enable = true; + htop.enable = true; + iotop.enable = true; + git.enable = true; + nano = { + enable = true; + syntaxHighlight = true; }; }; } diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index fd195e8..ead61d0 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -1,65 +1,62 @@ { + pkgs, lib, config, - pkgs, ... }: { - options.my.gnome = { - enable = lib.mkEnableOption "GNOME desktop environment"; - keep-default-apps = lib.mkEnableOption "keep gnome default apps"; + options.vinzenz = { + keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; }; - config = lib.mkIf config.my.gnome.enable ( - lib.mkMerge [ - { - services = { - xserver.excludePackages = [ pkgs.xterm ]; + config = lib.mkMerge [ + { + services = { + xserver.excludePackages = [ pkgs.xterm ]; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = [ pkgs.mutter ]; - extraGSettingsOverrides = '' - [org.gnome.mutter] - experimental-features=['scale-monitor-framebuffer'] - ''; - }; - - gnome = { - tinysparql.enable = false; - localsearch.enable = false; - sushi.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = [ pkgs.mutter ]; + extraGSettingsOverrides = '' + [org.gnome.mutter] + experimental-features=['scale-monitor-framebuffer'] + ''; }; - programs = { - dconf.enable = true; - gpaste.enable = true; + gnome = { + tinysparql.enable = false; + localsearch.enable = false; + sushi.enable = true; }; - } - (lib.mkIf (!config.my.gnome.keep-default-apps) { - environment.gnome.excludePackages = with pkgs; [ - cheese # photo booth - epiphany # web browser - evince # document viewer - geary # email client - gnome-maps - gnome-weather - gnome-tour - sysprof - orca # screen reader - gnome-weather - gnome-backgrounds - gnome-user-docs - yelp # help app - gnome-music - totem # video player - snapshot # camera - baobab # disk usage - ]; - }) - ] - ); + }; + + programs = { + dconf.enable = true; + gpaste.enable = true; + }; + } + (lib.mkIf (!config.vinzenz.keep-gnome-default-apps) { + environment.gnome.excludePackages = with pkgs; [ + cheese # photo booth + epiphany # web browser + evince # document viewer + geary # email client + gnome-maps + gnome-weather + gnome-tour + sysprof + orca # screen reader + gnome-weather + gnome-backgrounds + gnome-user-docs + yelp # help app + gnome-music + totem # video player + snapshot # camera + baobab # disk usage + ]; + }) + ]; } diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index 619af5a..74c6e67 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -1,13 +1,6 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers"; - - config = lib.mkIf config.my.intelGraphics.enable { + config = { hardware.graphics = { extraPackages = with pkgs; [ intel-media-driver @@ -22,6 +15,6 @@ ]; }; environment.systemPackages = with pkgs; [ nvtopPackages.intel ]; - my.allowedUnfreePackages = [ "intel-ocl" ]; + allowedUnfreePackages = [ "intel-ocl" ]; }; } diff --git a/nixosModules/kdeconnect.nix b/nixosModules/kdeconnect.nix index bc809c9..1a3c2f1 100644 --- a/nixosModules/kdeconnect.nix +++ b/nixosModules/kdeconnect.nix @@ -5,53 +5,49 @@ ... }: { - options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; - - config = lib.mkIf config.my.kdeconnect.enable ( - lib.mkMerge [ - { - networking.firewall = - let - kdeconnect-range = { - from = 1714; - to = 1764; - }; - in - { - allowedTCPPortRanges = [ kdeconnect-range ]; - allowedUDPPortRanges = [ kdeconnect-range ]; + config = lib.mkMerge [ + { + networking.firewall = + let + kdeconnect-range = { + from = 1714; + to = 1764; }; + in + { + allowedTCPPortRanges = [ kdeconnect-range ]; + allowedUDPPortRanges = [ kdeconnect-range ]; + }; - programs.kdeconnect.enable = true; - home-manager.sharedModules = [ + programs.kdeconnect.enable = true; + home-manager.sharedModules = [ + { + services.kdeconnect = { + enable = true; + # this still shows up in gnome session starting with 25.05 + # indicator = true; + }; + } + ]; + } + + (lib.mkIf config.services.desktopManager.gnome.enable { + # replace kdeconnect with gsconnect + programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; + + home-manager.sharedModules = [ + ( + { pkgs, ... }: { - services.kdeconnect = { - enable = true; - # this still shows up in gnome session starting with 25.05 - # indicator = true; + home.packages = [ pkgs.gnomeExtensions.gsconnect ]; + # enable gsconnect extension + dconf.settings = { + "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; + "org/gnome/shell/extensions/gsconnect".enabled = true; }; } - ]; - } - - (lib.mkIf config.services.desktopManager.gnome.enable { - # replace kdeconnect with gsconnect - programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; - - home-manager.sharedModules = [ - ( - { pkgs, ... }: - { - home.packages = [ pkgs.gnomeExtensions.gsconnect ]; - # enable gsconnect extension - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; - "org/gnome/shell/extensions/gsconnect".enabled = true; - }; - } - ) - ]; - }) - ] - ); + ) + ]; + }) + ]; } diff --git a/nixosModules/latex.nix b/nixosModules/latex.nix index ce5483d..3d097f8 100644 --- a/nixosModules/latex.nix +++ b/nixosModules/latex.nix @@ -1,13 +1,6 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)"; - - config = lib.mkIf config.my.latex.enable { + config = { environment.systemPackages = with pkgs; [ fontconfig texliveFull diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix index 2bb071e..3480d06 100644 --- a/nixosModules/lix-is-nix.nix +++ b/nixosModules/lix-is-nix.nix @@ -1,24 +1,15 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; + nixpkgs.overlays = [ + (final: prev: { + inherit (prev.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; + }) + ]; - config = lib.mkIf config.my.lixIsNix.enable { - nixpkgs.overlays = [ - (_: prev: { - inherit (prev.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; - - nix.package = pkgs.lixPackageSets.latest.lix; - }; + nix.package = pkgs.lixPackageSets.latest.lix; } diff --git a/nixosModules/modern-desktop.nix b/nixosModules/modern-desktop.nix index 7a10531..6f3ccac 100644 --- a/nixosModules/modern-desktop.nix +++ b/nixosModules/modern-desktop.nix @@ -1,52 +1,47 @@ -{ lib, config, ... }: { - options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; - - config = lib.mkIf config.my.modernDesktop.enable { - services = { - xserver.enable = true; - libinput.enable = true; - flatpak.enable = true; - fstrim.enable = true; - earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - }; - - # Enable sound with pipewire. - security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - #jack.enable = true; - }; - }; - - systemd = { - # save some boot time because nothing actually requires network connectivity - services.NetworkManager-wait-online.enable = false; - - # prevent stuck units from preventing shutdown (default is 120s) - settings.Manager.DefaultTimeoutStopSec = "10s"; - }; - - programs = { - xwayland.enable = true; - - appimage = { - enable = true; - binfmt = true; - }; - }; - - system.autoUpgrade = { - allowReboot = false; - operation = "boot"; + services = { + xserver.enable = true; + libinput.enable = true; + flatpak.enable = true; + fstrim.enable = true; + earlyoom = { + enable = true; + freeMemThreshold = 5; }; }; + + # Enable sound with pipewire. + security.rtkit.enable = true; + services = { + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + #jack.enable = true; + }; + }; + + systemd = { + # save some boot time because nothing actually requires network connectivity + services.NetworkManager-wait-online.enable = false; + + # prevent stuck units from preventing shutdown (default is 120s) + settings.Manager.DefaultTimeoutStopSec = "10s"; + }; + + programs = { + xwayland.enable = true; + + appimage = { + enable = true; + binfmt = true; + }; + }; + + system.autoUpgrade = { + allowReboot = false; + operation = "boot"; + }; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix deleted file mode 100644 index 980af13..0000000 --- a/nixosModules/muede-desktop-settings.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; - - config = lib.mkIf config.my.muedeDesktopSettings.enable { - my.overlays.niri.enable = true; - programs.niri.enable = true; - - programs.firefox.enable = true; - - environment.systemPackages = with pkgs; [ - lm_sensors - libreoffice-qt6 - usbutils - ]; - - fonts.enableDefaultPackages = true; - - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; - }; - - # RDP connections - services.gnome.gnome-remote-desktop.enable = true; - networking.firewall.allowedTCPPorts = [ 3389 ]; - }; -} diff --git a/nixosModules/nix-ld.nix b/nixosModules/nix-ld.nix index ac7ae7b..0d09078 100644 --- a/nixosModules/nix-ld.nix +++ b/nixosModules/nix-ld.nix @@ -1,32 +1,23 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; - - config = lib.mkIf config.my.nixLd.enable { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc - zlib - zstd - curl - openssl - attr - libssh - bzip2 - libxml2 - acl - libsodium - util-linux - xz - systemd - icu - ]; - }; + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc + zlib + zstd + curl + openssl + attr + libssh + bzip2 + libxml2 + acl + libsodium + util-linux + xz + systemd + icu + ]; }; } diff --git a/nixosModules/nixpkgs-overlays.nix b/nixosModules/nixpkgs-overlays.nix deleted file mode 100644 index 7a657b1..0000000 --- a/nixosModules/nixpkgs-overlays.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - self, - ... -}: -{ - options.my.overlays = { - enableAll = lib.mkEnableOption "all nixpkgs overlays"; - } - // lib.mapAttrs (_: _: { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }) self.overlays; - - config = lib.mkMerge ( - [ - { - my.overlays = lib.mapAttrs (_: _: { - enable = lib.mkDefault config.my.overlays.enableAll; - }) self.overlays; - } - ] - ++ lib.mapAttrsToList ( - name: overlay: - lib.mkIf config.my.overlays.${name}.enable { - nixpkgs.overlays = [ overlay ]; - } - ) self.overlays - ); -} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index 92eb5f6..7ff8b18 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,52 +1,11 @@ { - lib, - config, - pkgs, - thisDevice, - ... -}: -{ - options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; - - config = lib.mkIf config.my.openssh.enable { - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - # On desktops, hold a systemd sleep inhibitor while SSH connections are active - security.pam.services.sshd.rules.session.ssh-inhibit = lib.mkIf (thisDevice.isDesktop or false) { - order = 10000; - control = "optional"; - modulePath = "${pkgs.pam}/lib/security/pam_exec.so"; - args = [ - "quiet" - "${pkgs.writeShellScript "ssh-inhibit-pam" '' - PIDFILE="/run/ssh-inhibitor-''${PPID}.pid" - case "''${PAM_TYPE:-}" in - open_session) - ${pkgs.systemd}/bin/systemd-inhibit \ - --what=sleep \ - --who=sshd \ - --why="SSH session active" \ - --mode=block \ - sleep infinity & - echo $! > "$PIDFILE" - ;; - close_session) - if [ -f "$PIDFILE" ]; then - kill "$(cat "$PIDFILE")" 2>/dev/null || true - rm -f "$PIDFILE" - fi - ;; - esac - ''}" - ]; + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; }; }; } diff --git a/nixosModules/podman.nix b/nixosModules/podman.nix index b962242..93540f8 100644 --- a/nixosModules/podman.nix +++ b/nixosModules/podman.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; - - config = lib.mkIf config.my.podman.enable { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; }; }; } diff --git a/nixosModules/printing.nix b/nixosModules/printing.nix index 48c41ae..c85edd7 100644 --- a/nixosModules/printing.nix +++ b/nixosModules/printing.nix @@ -1,17 +1,12 @@ -{ lib, config, ... }: { - options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; + services = { + # Enable CUPS to print documents. + printing.enable = true; - config = lib.mkIf config.my.printing.enable { - services = { - # Enable CUPS to print documents. - printing.enable = true; - - avahi = { - enable = true; # runs the Avahi daemon - nssmdns4 = true; # enables the mDNS NSS plug-in - openFirewall = true; # opens the firewall for UDP port 5353 - }; + avahi = { + enable = true; # runs the Avahi daemon + nssmdns4 = true; # enables the mDNS NSS plug-in + openFirewall = true; # opens the firewall for UDP port 5353 }; }; } diff --git a/nixosModules/prometheus-node.nix b/nixosModules/prometheus-node.nix index f5e02fc..576db81 100644 --- a/nixosModules/prometheus-node.nix +++ b/nixosModules/prometheus-node.nix @@ -1,25 +1,20 @@ -{ lib, config, ... }: { - options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; - - config = lib.mkIf config.my.prometheusNode.enable { - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - port = 9190; - enabledCollectors = [ - # keep-sorted start - "cgroups" - "interrupts" - "softirqs" - "swap" - "systemd" - "tcpstat" - "wifi" - # keep-sorted end - ]; - }; + services.prometheus.exporters = { + node = { + enable = true; + openFirewall = true; + port = 9190; + enabledCollectors = [ + # keep-sorted start + "cgroups" + "interrupts" + "softirqs" + "swap" + "systemd" + "tcpstat" + "wifi" + # keep-sorted end + ]; }; }; } diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix index a70266a..067a0ec 100644 --- a/nixosModules/pxvirt-guest.nix +++ b/nixosModules/pxvirt-guest.nix @@ -1,12 +1,16 @@ +{ modulesPath, lib, ... }: { - lib, - config, - ... -}: -{ - options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + + config = { + # TODO is this needed? + # nix.settings.sandbox = false; + + proxmoxLXC = { + manageNetwork = false; + privileged = false; + }; - config = lib.mkIf config.my.pxvirtGuest.enable { # Let Proxmox host handle fstrim services.fstrim.enable = false; diff --git a/nixosModules/quiet-boot.nix b/nixosModules/quiet-boot.nix index 84bae5f..d9b59c8 100644 --- a/nixosModules/quiet-boot.nix +++ b/nixosModules/quiet-boot.nix @@ -1,34 +1,25 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; - - config = lib.mkIf config.my.quietBoot.enable { - boot = { - kernelParams = [ - "quiet" - "udev.log_level=3" - "udev.log_priority=3" - "rd.systemd.show_status=auto" + boot = { + kernelParams = [ + "quiet" + "udev.log_level=3" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + consoleLogLevel = 0; + initrd = { + verbose = false; + systemd.enable = true; # required fpr graphical LUKS prompt + }; + plymouth = { + enable = true; + theme = "catppuccin-mocha"; + themePackages = [ + (pkgs.catppuccin-plymouth.override { + variant = "mocha"; + }) ]; - consoleLogLevel = 0; - initrd = { - verbose = false; - systemd.enable = true; # required fpr graphical LUKS prompt - }; - plymouth = { - enable = true; - theme = "catppuccin-mocha"; - themePackages = [ - (pkgs.catppuccin-plymouth.override { - variant = "mocha"; - }) - ]; - }; }; }; } diff --git a/nixosModules/secure-boot.nix b/nixosModules/secure-boot.nix index 948d1c4..9bf2c93 100644 --- a/nixosModules/secure-boot.nix +++ b/nixosModules/secure-boot.nix @@ -1,37 +1,28 @@ +{ pkgs, lib, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; + # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md + # To enroll: + # 1. sudo sbctl create-keys + # 2. import this module, rebuild + # 3. Put Secure Boot in Setup mode + # 4. sudo sbctl verify + # 5. sudo sbctl enroll-keys --microsoft + # 6, reboot + # 7. sudo sbctl status - config = lib.mkIf config.my.secureBoot.enable { - # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md - # To enroll: - # 1. sudo sbctl create-keys - # 2. enable this module, rebuild - # 3. Put Secure Boot in Setup mode - # 4. sudo sbctl verify - # 5. sudo sbctl enroll-keys --microsoft - # 6, reboot - # 7. sudo sbctl status + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index 3a4f25a..b0991e6 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -1,50 +1,45 @@ -{ lib, config, ... }: { - options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; + hardware.steam-hardware.enable = true; - config = lib.mkIf config.my.steam.enable { - hardware.steam-hardware.enable = true; - - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - gamescopeSession.enable = false; - }; - gamemode.enable = true; + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = false; }; + gamemode.enable = true; + }; - # steam network transfer - networking.firewall = { - allowedUDPPorts = [ 3478 ]; - allowedTCPPorts = [ 24070 ]; + # steam network transfer + networking.firewall = { + allowedUDPPorts = [ 3478 ]; + allowedTCPPorts = [ 24070 ]; - allowedTCPPortRanges = [ - { - from = 27015; - to = 27050; - } - ]; + allowedTCPPortRanges = [ + { + from = 27015; + to = 27050; + } + ]; - allowedUDPPortRanges = [ - { - from = 4379; - to = 4380; - } - { - from = 27000; - to = 27100; - } - ]; - }; - - my.allowedUnfreePackages = [ - "steam" - "steam-original" - "steam-run" - "steam-unwrapped" + allowedUDPPortRanges = [ + { + from = 4379; + to = 4380; + } + { + from = 27000; + to = 27100; + } ]; }; + + allowedUnfreePackages = [ + "steam" + "steam-original" + "steam-run" + "steam-unwrapped" + ]; } diff --git a/nixosModules/stylix.nix b/nixosModules/stylix.nix index 4b30dc7..33ab6ee 100644 --- a/nixosModules/stylix.nix +++ b/nixosModules/stylix.nix @@ -1,95 +1,86 @@ +{ pkgs, config, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)"; + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + override = { + scheme = "Catppuccin Mocha Pride"; - config = lib.mkIf config.my.stylix.enable { - stylix = { + base09 = "#6f9dff"; + base0A = "#d162a4"; + base0B = "#a8c9ff"; + base0C = "#a30262"; + + # pink_light = "#d162a4"; + # pink_dark = "#a30262"; + # blue_light = "#5BCEFA"; + # blue_dark = "#4a6bb1"; + + # original values + # base00: "#1e1e2e" # base - + # base01: "#181825" # mantle + # base02: "#313244" # surface0 + # base03: "#45475a" # surface1 + # base04: "#585b70" # surface2 + # base05: "#cdd6f4" # text + # base06: "#f5e0dc" # rosewater + # base07: "#b4befe" # lavender + # base08: "#f38ba8" # red + # base09: "#fab387" # peach + # base0A: "#f9e2af" # yellow + # base0B: "#a6e3a1" # green + # base0C: "#94e2d5" # teal + # base0D: "#89b4fa" # blue + # base0E: "#cba6f7" # mauve + # base0F: "#f2cdcd" # flamingo + + # https://github.com/chriskempson/base16/blob/main/styling.md + # base00 - Default Background + # base01 - Lighter Background (Used for status bars, line number and folding marks) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + }; + image = config.lib.stylix.pixel "base00"; + polarity = "dark"; + targets = { + gnome.enable = false; + gtk.enable = false; + gtksourceview.enable = false; + fontconfig.enable = true; + plymouth.enable = false; + }; + fonts = { + sansSerif = { + name = "Inter Nerd Font"; + package = pkgs.inter-nerdfont; + }; + monospace = { + name = "FiraCode Nerd Font Mono"; + package = pkgs.nerd-fonts.fira-code; + }; + }; + icons = { enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - override = { - scheme = "Catppuccin Mocha Pride"; - - base09 = "#6f9dff"; - base0A = "#d162a4"; - base0B = "#a8c9ff"; - base0C = "#a30262"; - - # pink_light = "#d162a4"; - # pink_dark = "#a30262"; - # blue_light = "#5BCEFA"; - # blue_dark = "#4a6bb1"; - - # original values - # base00: "#1e1e2e" # base - - # base01: "#181825" # mantle - # base02: "#313244" # surface0 - # base03: "#45475a" # surface1 - # base04: "#585b70" # surface2 - # base05: "#cdd6f4" # text - # base06: "#f5e0dc" # rosewater - # base07: "#b4befe" # lavender - # base08: "#f38ba8" # red - # base09: "#fab387" # peach - # base0A: "#f9e2af" # yellow - # base0B: "#a6e3a1" # green - # base0C: "#94e2d5" # teal - # base0D: "#89b4fa" # blue - # base0E: "#cba6f7" # mauve - # base0F: "#f2cdcd" # flamingo - - # https://github.com/chriskempson/base16/blob/main/styling.md - # base00 - Default Background - # base01 - Lighter Background (Used for status bars, line number and folding marks) - # base02 - Selection Background - # base03 - Comments, Invisibles, Line Highlighting - # base04 - Dark Foreground (Used for status bars) - # base05 - Default Foreground, Caret, Delimiters, Operators - # base06 - Light Foreground (Not often used) - # base07 - Light Background (Not often used) - # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url - # base0A - Classes, Markup Bold, Search Text Background - # base0B - Strings, Inherited Class, Markup Code, Diff Inserted - # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes - # base0D - Functions, Methods, Attribute IDs, Headings - # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed - # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. - }; - image = config.lib.stylix.pixel "base00"; - polarity = "dark"; - targets = { - gnome.enable = false; - gtk.enable = false; - gtksourceview.enable = false; - fontconfig.enable = true; - plymouth.enable = false; - }; - fonts = { - sansSerif = { - name = "Inter Nerd Font"; - package = pkgs.inter-nerdfont; - }; - monospace = { - name = "FiraCode Nerd Font Mono"; - package = pkgs.nerd-fonts.fira-code; - }; - }; - icons = { - enable = true; - dark = "Adwaita"; - light = "Adwaita"; - package = pkgs.adwaita-icon-theme; - }; - cursor = { - name = "Adwaita"; - size = 16; - package = pkgs.adwaita-icon-theme; - }; + dark = "Adwaita"; + light = "Adwaita"; + package = pkgs.adwaita-icon-theme; + }; + cursor = { + name = "Adwaita"; + size = 16; + package = pkgs.adwaita-icon-theme; }; }; } diff --git a/nixosModules/systemd-boot.nix b/nixosModules/systemd-boot.nix index e44f9dc..321a26c 100644 --- a/nixosModules/systemd-boot.nix +++ b/nixosModules/systemd-boot.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; - - config = lib.mkIf config.my.systemdBoot.enable { - boot.loader = { - timeout = 3; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; # do not allow changing kernel parameters - consoleMode = "max"; - }; + boot.loader = { + timeout = 3; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; # do not allow changing kernel parameters + consoleMode = "max"; }; }; } diff --git a/nixosModules/tailscale.nix b/nixosModules/tailscale.nix index 55295f9..e51ee7f 100644 --- a/nixosModules/tailscale.nix +++ b/nixosModules/tailscale.nix @@ -1,13 +1,8 @@ -{ lib, config, ... }: { - options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale = { - enable = true; - openFirewall = true; - }; - - networking.firewall.checkReversePath = "loose"; + services.tailscale = { + enable = true; + openFirewall = true; }; + + networking.firewall.checkReversePath = "loose"; } diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix deleted file mode 100644 index 078cb96..0000000 --- a/nixosModules/user-muede.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.users.muede.enable = lib.mkEnableOption "muede user account"; - - config = lib.mkIf config.my.users.muede.enable { - users.users.muede = { - isNormalUser = true; - uid = 1000; - name = "muede"; - description = "müde"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "dialout" - "podman" - "nginx" - "adbusers" - "kvm" - "input" - "video" - ]; - shell = pkgs.zsh; - autoSubUidGidRange = true; - }; - - nix.settings.trusted-users = [ "muede" ]; - - my.allowedUnfreePackages = [ - "rider" - "pycharm-professional" - "jetbrains-toolbox" - - "anydesk" - - "vscode-extension-ms-dotnettools-csharp" - - "claude-code" - ]; - }; -} diff --git a/nixosModules/user-ronja.nix b/nixosModules/user-ronja.nix index 46319eb..b374ab9 100644 --- a/nixosModules/user-ronja.nix +++ b/nixosModules/user-ronja.nix @@ -1,28 +1,19 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; - - config = lib.mkIf config.my.users.ronja.enable { - users.users.ronja = { - isNormalUser = true; - name = "ronja"; - description = "Ronja"; - home = "/home/ronja"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "podman" - "openvscode-server" - ]; - shell = pkgs.zsh; - }; - - nix.settings.trusted-users = [ "ronja" ]; + users.users.ronja = { + isNormalUser = true; + name = "ronja"; + description = "Ronja"; + home = "/home/ronja"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "podman" + "openvscode-server" + ]; + shell = pkgs.zsh; }; + + nix.settings.trusted-users = [ "ronja" ]; } diff --git a/nixosModules/user-vinzenz.nix b/nixosModules/user-vinzenz.nix new file mode 100644 index 0000000..13ccf11 --- /dev/null +++ b/nixosModules/user-vinzenz.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: +{ + users.users.vinzenz = { + isNormalUser = true; + name = "vinzenz"; + description = "müde"; + home = "/home/vinzenz"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "dialout" + "podman" + "nginx" + "adbusers" + "kvm" + "input" + "video" + ]; + shell = pkgs.zsh; + autoSubUidGidRange = true; + }; + + nix.settings.trusted-users = [ "vinzenz" ]; + + allowedUnfreePackages = [ + "rider" + "pycharm-professional" + "jetbrains-toolbox" + + "anydesk" + + "vscode-extension-ms-dotnettools-csharp" + ]; +} diff --git a/nixosModules/vinzenz-desktop-settings.nix b/nixosModules/vinzenz-desktop-settings.nix new file mode 100644 index 0000000..ea02ed9 --- /dev/null +++ b/nixosModules/vinzenz-desktop-settings.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + programs.firefox.enable = true; + + environment.systemPackages = with pkgs; [ + lm_sensors + libreoffice-qt6 + ]; + + fonts.enableDefaultPackages = true; + + hardware.logitech.wireless = { + enable = true; + enableGraphical = true; + }; + + # RDP connections + services.gnome.gnome-remote-desktop.enable = true; + networking.firewall.allowedTCPPorts = [ 3389 ]; +} diff --git a/nixosModules/wine-gaming.nix b/nixosModules/wine-gaming.nix index 58b0099..8411114 100644 --- a/nixosModules/wine-gaming.nix +++ b/nixosModules/wine-gaming.nix @@ -1,31 +1,22 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)"; - - config = lib.mkIf config.my.wineGaming.enable { - hardware = { - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ mangohud ]; - extraPackages32 = with pkgs; [ mangohud ]; - }; - - xpadneo.enable = true; + hardware = { + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ mangohud ]; + extraPackages32 = with pkgs; [ mangohud ]; }; - environment.systemPackages = with pkgs; [ - wineWowPackages.stagingFull - wineWowPackages.fonts - winetricks - dxvk - mangohud - vulkan-tools - mesa-demos - ]; + xpadneo.enable = true; }; + + environment.systemPackages = with pkgs; [ + wineWowPackages.stagingFull + wineWowPackages.fonts + winetricks + dxvk + mangohud + vulkan-tools + mesa-demos + ]; }