diff --git a/devices.nix b/devices.nix index a4fbeb4..7313e7b 100644 --- a/devices.nix +++ b/devices.nix @@ -26,7 +26,6 @@ in }; forgejo-runner-1 = { system = "aarch64-linux"; - publicFqdn = "forgejo-runner-1.dev.zerforschen.plus"; distributedBuilds = { isBuilder = true; speedFactor = 1; diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 17c66a0..87db634 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -23,15 +23,6 @@ ]; config = { - my = { - # keep-sorted start - gnome-extensions.enable = true; - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - programs = { home-manager.enable = true; fzf.enable = true; diff --git a/homeConfigurations/ronja/default.nix b/homeConfigurations/ronja/default.nix index 4d5c5ee..0f202cd 100644 --- a/homeConfigurations/ronja/default.nix +++ b/homeConfigurations/ronja/default.nix @@ -2,14 +2,6 @@ { imports = [ ./vscode.nix ]; config = { - my = { - # keep-sorted start - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - home.packages = with pkgs; [ ## Apps telegram-desktop diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix index 20b3a70..071fa15 100644 --- a/homeModules/gnome-extensions.nix +++ b/homeModules/gnome-extensions.nix @@ -18,7 +18,7 @@ }; in { - enable = lib.mkEnableOption "gnome extended options"; + enable = mkDefaultEnabledOption "gnome extended options"; appindicator.enable = mkDefaultEnabledOption "appindicator"; caffeine.enable = mkDefaultEnabledOption "caffeine"; tailscale-qs.enable = lib.mkOption { diff --git a/homeModules/nano.nix b/homeModules/nano.nix index 2293b99..ab3e7b2 100644 --- a/homeModules/nano.nix +++ b/homeModules/nano.nix @@ -1,14 +1,9 @@ -{ lib, config, ... }: { - options.my.nano.enable = lib.mkEnableOption "nano editor config"; - - config = lib.mkIf config.my.nano.enable { - home = { - sessionVariables.EDITOR = "nano"; - file.".nanorc".text = '' - set linenumbers - set mouse - ''; - }; + home = { + sessionVariables.EDITOR = "nano"; + file.".nanorc".text = '' + set linenumbers + set mouse + ''; }; } diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix index 686bf84..34d1c3d 100644 --- a/homeModules/tailscale.nix +++ b/homeModules/tailscale.nix @@ -1,18 +1,4 @@ +{ osConfig, thisDevice, ... }: { - lib, - config, - osConfig, - thisDevice, - ... -}: -{ - options.my.tailscale.enable = lib.mkOption { - type = lib.types.bool; - default = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; - description = "Whether to enable the Tailscale system tray applet. Defaults to true on desktops with Tailscale enabled."; - }; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale-systray.enable = true; - }; + services.tailscale-systray.enable = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; } diff --git a/homeModules/templates.nix b/homeModules/templates.nix index e0a6df2..71d2e0b 100644 --- a/homeModules/templates.nix +++ b/homeModules/templates.nix @@ -1,17 +1,12 @@ -{ lib, config, ... }: { - options.my.templates.enable = lib.mkEnableOption "file templates"; - - config = lib.mkIf config.my.templates.enable { - home.file = { - "Templates/Empty file".text = ""; - "Templates/Empty bash script".text = '' - #!/usr/bin/env bash - # abort on error, undefined variables - set -eu - # print commands before execution - set -x - ''; - }; + home.file = { + "Templates/Empty file".text = ""; + "Templates/Empty bash script".text = '' + #!/usr/bin/env bash + # abort on error, undefined variables + set -eu + # print commands before execution + set -x + ''; }; } diff --git a/homeModules/zsh-basics.nix b/homeModules/zsh-basics.nix index 50e116a..0b0e281 100644 --- a/homeModules/zsh-basics.nix +++ b/homeModules/zsh-basics.nix @@ -1,18 +1,13 @@ -{ lib, config, ... }: { - options.my.zsh.enable = lib.mkEnableOption "zsh with basic settings"; + programs = { + command-not-found.enable = true; + dircolors.enable = true; - config = lib.mkIf config.my.zsh.enable { - programs = { - command-not-found.enable = true; - dircolors.enable = true; - - zsh = { - enable = true; - syntaxHighlighting.enable = true; - autosuggestion.enable = true; - enableVteIntegration = true; - }; + zsh = { + enable = true; + syntaxHighlighting.enable = true; + autosuggestion.enable = true; + enableVteIntegration = true; }; }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 55af611..c0d3a80 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -45,6 +45,10 @@ forDevice ( # keep-sorted start home-manager.nixosModules.home-manager lanzaboote.nixosModules.lanzaboote + nova-shell.nixosModules.default + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default stylix.nixosModules.stylix zerforschen-plus.nixosModules.default # keep-sorted end @@ -76,32 +80,15 @@ forDevice ( lixIsNix.enable = true; openssh.enable = true; overlays.unstable.enable = true; + overlays.vscodeExtensions.enable = true; # prometheusNode.enable = true; systemdBoot.enable = true; tailscale.enable = true; # keep-sorted end - - # keep-sorted start - enDe.enable = isDesktop; - firmwareUpdates.enable = isDesktop; - gnome.enable = isDesktop; - kdeconnect.enable = isDesktop; - modernDesktop.enable = isDesktop; - nixLd.enable = isDesktop; - overlays.vscodeExtensions.enable = isDesktop; - quietBoot.enable = isDesktop; - stylix.enable = isDesktop; - # keep-sorted end }; } ] ++ lib.optionals isDesktop [ - inputs.niri.nixosModules.niri - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - # Desktop config { home-manager = { @@ -109,7 +96,16 @@ forDevice ( useGlobalPkgs = true; useUserPackages = true; users = home-manager-users; - sharedModules = [ { home.stateVersion = "22.11"; } ] ++ builtins.attrValues self.homeModules; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.tailscale + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; }; time.timeZone = "Europe/Berlin"; @@ -119,6 +115,19 @@ forDevice ( daemonCPUSchedPolicy = "idle"; daemonIOSchedClass = "idle"; }; + + my = { + # keep-sorted start + enDe.enable = true; + firmwareUpdates.enable = true; + gnome.enable = true; + kdeconnect.enable = true; + modernDesktop.enable = true; + nixLd.enable = true; + quietBoot.enable = true; + stylix.enable = true; + # keep-sorted end + }; } ]; } diff --git a/nixosConfigurations/damocles/android-dev.nix b/nixosConfigurations/damocles/android-dev.nix index f484e6a..ea5432c 100644 --- a/nixosConfigurations/damocles/android-dev.nix +++ b/nixosConfigurations/damocles/android-dev.nix @@ -12,7 +12,7 @@ in { nixpkgs.config.android_sdk.accept_license = true; - my.allowedUnfreePackages = [ + allowedUnfreePackages = [ "android-sdk-cmdline-tools" "android-sdk-platform-tools" "android-sdk-tools" diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index aea9343..c568243 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -5,10 +5,8 @@ }: { - my = { - allowedUnfreePackages = [ "claude-code" ]; - overlays.unstable.enable = true; - }; + my.overlays.unstable.enable = true; + allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ unstable.claude-code diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index f52d735..78c9d55 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -5,17 +5,13 @@ ]; config = { - my = { - # keep-sorted start - intelGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.intelGraphics.enable = true; + my.secureBoot.enable = true; nix.settings.extra-platforms = [ "aarch64-linux" diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 42f77b3..4686ffb 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -7,17 +7,13 @@ ]; config = { - my = { - # keep-sorted start - amdGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.amdGraphics.enable = true; + my.secureBoot.enable = true; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.extra-platforms = [ diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 2a56407..85227ff 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -5,14 +5,10 @@ ]; config = { - my = { - # keep-sorted start - muedeDesktopSettings.enable = true; - steam.enable = true; - users.ronja.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; + my.users.ronja.enable = true; + my.steam.enable = true; + my.wineGaming.enable = true; + my.muedeDesktopSettings.enable = true; # Configure keymap in X11 services.xserver.xkb = { diff --git a/nixosModules/allowed-unfree-list.nix b/nixosModules/allowed-unfree-list.nix index 2aee96f..7bfa758 100644 --- a/nixosModules/allowed-unfree-list.nix +++ b/nixosModules/allowed-unfree-list.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - options.my.allowedUnfreePackages = lib.mkOption { + options.allowedUnfreePackages = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "steam" ]; @@ -10,7 +10,7 @@ nixpkgs.config = { # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 allowUnfreePredicate = lib.mkDefault ( - pkg: builtins.elem (lib.getName pkg) config.my.allowedUnfreePackages + pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages ); }; }; diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index c08d657..50d9ee6 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -21,26 +21,23 @@ let _: v: (v.distributedBuilds or { }).isBuilder or false ) allDevices; - sshHostname = m: m.publicFqdn or m.hostName; - buildServerKnownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) (lib.mapAttrs ( - name: v: { + _: v: { publicKey = v.distributedBuilds.hostPublicKey; - hostNames = [ (v.publicFqdn or name) ]; } )) ]; - remoteBuildServerDevices = builtins.filter (m: m.hostName != config.networking.hostName) ( - lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices - ); + remoteBuildServerDevices = builtins.filter ( + m: m.hostName != config.networking.hostName + ) (lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices); buildMachines = map ( m: { - hostName = sshHostname m; + hostName = m.hostName; systems = [ m.system ]; sshUser = buildUser; sshKey = clientSshKeyPath; @@ -67,23 +64,7 @@ in # All machines { - assertions = - lib.mapAttrsToList (name: v: { - assertion = v.distributedBuilds ? hostPublicKey && v.distributedBuilds ? storeSigningPublicKey; - message = "devices.${name}: isBuilder = true requires distributedBuilds.hostPublicKey and distributedBuilds.storeSigningPublicKey"; - }) buildServerDevices - ++ lib.mapAttrsToList (name: v: { - assertion = lib.hasPrefix "ssh-" v.distributedBuilds.clientPublicKey; - message = "devices.${name}: distributedBuilds.clientPublicKey must start with 'ssh-'"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey) allDevices) - ++ lib.mapAttrsToList (name: v: { - assertion = builtins.match ".+:.+" v.distributedBuilds.storeSigningPublicKey != null; - message = "devices.${name}: distributedBuilds.storeSigningPublicKey must be in ':' format"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices); - nix.settings = { - #fallback = true; - connect-timeout = 5; trusted-public-keys = lib.pipe buildServerDevices [ (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) (builtins.filter (k: k != null)) @@ -122,20 +103,11 @@ in programs.ssh = { knownHosts = buildServerKnownHosts; extraConfig = lib.concatStringsSep "\n" ( - lib.mapAttrsToList ( - name: v: - let - names = lib.unique [ - name - (v.publicFqdn or name) - ]; - in - '' - Match originalhost ${lib.concatStringsSep "," names} user ${buildUser} - IdentityFile ${clientSshKeyPath} - IdentitiesOnly yes - '' - ) buildServerDevices + lib.mapAttrsToList (name: _: '' + Match originalhost ${name} user ${buildUser} + IdentityFile ${clientSshKeyPath} + IdentitiesOnly yes + '') buildServerDevices ); }; nix = { @@ -143,7 +115,7 @@ in buildMachines = buildMachines; settings = { builders-use-substitutes = true; - substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") ( + substituters = map (m: "ssh-ng://${buildUser}@${m.hostName}") ( builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices ); }; diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index fd195e8..8311373 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -5,9 +5,9 @@ ... }: { - options.my.gnome = { - enable = lib.mkEnableOption "GNOME desktop environment"; - keep-default-apps = lib.mkEnableOption "keep gnome default apps"; + options = { + my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; + my.gnome.keep-default-apps = lib.mkEnableOption "keep gnome default apps"; }; config = lib.mkIf config.my.gnome.enable ( diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index 619af5a..b367489 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -22,6 +22,6 @@ ]; }; environment.systemPackages = with pkgs; [ nvtopPackages.intel ]; - my.allowedUnfreePackages = [ "intel-ocl" ]; + allowedUnfreePackages = [ "intel-ocl" ]; }; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 980af13..8f25f62 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -2,9 +2,12 @@ lib, config, pkgs, + niri, ... }: { + imports = [ niri.nixosModules.niri ]; + options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; config = lib.mkIf config.my.muedeDesktopSettings.enable { diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index f1ba770..bed46f8 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,10 +1,4 @@ -{ - lib, - config, - pkgs, - thisDevice, - ... -}: +{ lib, config, ... }: { options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; @@ -18,35 +12,5 @@ KbdInteractiveAuthentication = false; }; }; - - # On desktops, hold a systemd sleep inhibitor while SSH connections are active - security.pam.services.sshd.rules.session.ssh-inhibit = lib.mkIf (thisDevice.isDesktop or false) { - order = 10000; - control = "optional"; - modulePath = "${pkgs.pam}/lib/security/pam_exec.so"; - args = [ - "quiet" - "${pkgs.writeShellScript "ssh-inhibit-pam" '' - PIDFILE="/run/ssh-inhibitor-''${PPID}.pid" - case "''${PAM_TYPE:-}" in - open) - ${pkgs.systemd}/bin/systemd-inhibit \ - --what=sleep \ - --who=sshd \ - --why="SSH session active" \ - --mode=block \ - sleep infinity & - echo $! > "$PIDFILE" - ;; - close) - if [ -f "$PIDFILE" ]; then - kill "$(cat "$PIDFILE")" 2>/dev/null || true - rm -f "$PIDFILE" - fi - ;; - esac - ''}" - ]; - }; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index 3a4f25a..78bbf71 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -40,7 +40,7 @@ ]; }; - my.allowedUnfreePackages = [ + allowedUnfreePackages = [ "steam" "steam-original" "steam-run" diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 078cb96..20f9cdb 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -31,7 +31,7 @@ nix.settings.trusted-users = [ "muede" ]; - my.allowedUnfreePackages = [ + allowedUnfreePackages = [ "rider" "pycharm-professional" "jetbrains-toolbox"