diff --git a/flake.nix b/flake.nix index 01c4906..805c81f 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ }; #keep-sorted start block=yes + flake-parts = { url = "github:hercules-ci/flake-parts"; #inputs.nixpkgs.follows = "nixpkgs"; @@ -96,18 +97,28 @@ inputs@{ self, nixpkgs, + home-manager, # keep-sorted start + lanzaboote, niri, nix-vscode-extensions, + nixos-generators, + nixos-raspberrypi, nixpkgs-unstable, + servicepoint-cli, + servicepoint-simulator, + servicepoint-tanks, + stylix, treefmt-nix, + zerforschen-plus, # keep-sorted end ... }: let + devices = import ./devices.nix { inherit self; }; inherit (nixpkgs) lib; - nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; - supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); + forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; + supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; treefmt-config = { projectRootFile = "flake.nix"; programs = { @@ -136,17 +147,37 @@ in { overlays = { - unstable = final: prev: { + unstable-packages = final: prev: { unstable = import nixpkgs-unstable { localSystem = prev.stdenv.hostPlatform; inherit (prev) config; }; }; - vscodeExtensions = nix-vscode-extensions.overlays.default; - niri = niri.overlays.niri; }; - nixosModules = importModuleDir ./nixosModules; + nixosModules = (importModuleDir ./nixosModules) // { + niri = + { pkgs, ... }: + { + imports = [ niri.nixosModules.niri ]; + nixpkgs.overlays = [ niri.overlays.niri ]; + + programs.niri = { + enable = true; + #package = pkgs.niri-stable; + }; + }; + pkgs-unstable = { + nixpkgs.overlays = [ self.overlays.unstable-packages ]; + }; + pkgs-vscode-extensions = { + nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ]; + }; + # required modules to use other modules, should not do anything on their own + default = { + imports = [ self.nixosModules.allowed-unfree-list ]; + }; + }; homeModules = importModuleDir ./homeModules; homeConfigurations = { @@ -154,7 +185,38 @@ ronja = ./homeConfigurations/ronja; }; - inherit nixosConfigurations; + nixosConfigurations = forDevice ( + { + device, + system, + home-manager-users ? { }, + nixosSystem ? nixpkgs.lib.nixosSystem, + ... + }: + let + specialArgs = inputs // { + inherit device home-manager-users devices; + }; + in + nixosSystem { + inherit specialArgs; + modules = [ + { + imports = [ + ./nixosConfigurations/${device} + self.nixosModules.global-settings + ] + ++ (lib.optionals (home-manager-users != { }) [ + self.nixosModules.global-settings-desktop + ]); + + nixpkgs = { + hostPlatform = lib.mkDefault system; + }; + } + ]; + } + ); formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 185476d..767b40e 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, self, ... }: { imports = [ # keep-sorted start diff --git a/homeModules/git.nix b/homeModules/git.nix new file mode 100644 index 0000000..2c66c82 --- /dev/null +++ b/homeModules/git.nix @@ -0,0 +1,6 @@ +{ + programs.git = { + enable = true; + settings.init.defaultBranch = "main"; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 9fb2cf2..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - inputs, - lib, -}: -let - devices = import ./devices.nix { inherit (inputs) self; }; - inherit (inputs) - self - home-manager - lanzaboote - nova-shell - servicepoint-cli - servicepoint-simulator - servicepoint-tanks - stylix - zerforschen-plus - ; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; -in -forDevice ( - { - device, - system, - home-manager-users ? { }, - nixosSystem ? inputs.nixpkgs.lib.nixosSystem, - ... - }: - let - specialArgs = inputs // { - inherit device home-manager-users devices; - }; - in - nixosSystem { - inherit specialArgs; - modules = [ - ./nixosConfigurations/${device} - self.nixosModules.default - - # keep-sorted start - home-manager.nixosModules.home-manager - lanzaboote.nixosModules.lanzaboote - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - zerforschen-plus.nixosModules.default - # keep-sorted end - - # Base config - { - nixpkgs.hostPlatform = lib.mkDefault system; - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - documentation = { - info.enable = false; - doc.enable = false; - }; - - my = { - # keep-sorted start - autoupdate.enable = true; - distributedBuilds.enable = true; - extraCaches.enable = true; - git.enable = true; - globalinstalls.enable = true; - lixIsNix.enable = true; - openssh.enable = true; - overlays.unstable.enable = true; - overlays.vscodeExtensions.enable = true; - # prometheusNode.enable = true; - systemdBoot.enable = true; - tailscale.enable = true; - # keep-sorted end - }; - } - ] - ++ lib.optionals (home-manager-users != { }) [ - # Desktop config - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - - my = { - # keep-sorted start - enDe.enable = true; - firmwareUpdates.enable = true; - gnome.enable = true; - kdeconnect.enable = true; - modernDesktop.enable = true; - nixLd.enable = true; - quietBoot.enable = true; - stylix.enable = true; - # keep-sorted end - }; - } - ]; - } -) diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix index 8642f79..8014f41 100644 --- a/nixosConfigurations/aur0ra/hardware.nix +++ b/nixosConfigurations/aur0ra/hardware.nix @@ -10,9 +10,11 @@ # No one got time for xz compression. #isoImage.squashfsCompression = "zstd"; - boot.loader.raspberry-pi.bootloader = "kernel"; - - my.systemdBoot.enable = lib.mkForce false; + boot.loader = { + raspberry-pi.bootloader = "kernel"; + systemd-boot.enable = lib.mkForce false; + #generic-extlinux-compatible.enable = lib.mkForce false; + }; /* fileSystems = { diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index c568243..17d599f 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -1,11 +1,12 @@ { pkgs, + self, lib, ... }: { - my.overlays.unstable.enable = true; + nixpkgs.overlays = [ self.overlays.unstable-packages ]; allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix index 19b6219..02c6ae8 100644 --- a/nixosConfigurations/epimetheus/default.nix +++ b/nixosConfigurations/epimetheus/default.nix @@ -1,13 +1,8 @@ -{ modulesPath, ... }: +{ self, ... }: { - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + imports = [ self.nixosModules.pxvirt-guest ]; config = { - my.pxvirtGuest.enable = true; - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; }; } diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index 41c7717..4196430 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,13 +1,12 @@ -{ ... }: +{ self, ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix + self.nixosModules.podman ]; config = { - my.podman.enable = true; - # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; services.tailscale.useRoutingFeatures = "both"; diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 78c9d55..434b046 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -2,17 +2,17 @@ { imports = [ ./hardware.nix + self.nixosModules.user-muede + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.muede-desktop-settings + self.nixosModules.intel-graphics + self.nixosModules.secure-boot ]; config = { - my.users.muede.enable = true; - my.wineGaming.enable = true; - my.steam.enable = true; - my.podman.enable = true; - my.muedeDesktopSettings.enable = true; - my.intelGraphics.enable = true; - my.secureBoot.enable = true; - nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 5a90eea..dd97b00 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -1,20 +1,21 @@ -{ pkgs, ... }: +{ pkgs, self, ... }: { imports = [ ./hardware.nix # ./vscode-server.nix # ./hass.nix + + self.nixosModules.user-muede + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.muede-desktop-settings + self.nixosModules.amd-graphics + self.nixosModules.secure-boot ]; config = { - my.users.muede.enable = true; - my.wineGaming.enable = true; - my.steam.enable = true; - my.podman.enable = true; - my.muedeDesktopSettings.enable = true; - my.amdGraphics.enable = true; - my.secureBoot.enable = true; - nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 85227ff..8e1eb52 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,15 +1,20 @@ -{ pkgs, ... }: +{ + config, + pkgs, + self, + ... +}: { imports = [ ./hardware.nix + self.nixosModules.user-ronja + self.nixosModules.gnome + self.nixosModules.steam + self.nixosModules.wine-gaming + self.nixosModules.muede-desktop-settings ]; config = { - my.users.ronja.enable = true; - my.steam.enable = true; - my.wineGaming.enable = true; - my.muedeDesktopSettings.enable = true; - # Configure keymap in X11 services.xserver.xkb = { layout = "de"; @@ -19,6 +24,8 @@ # Configure console keymap console.keyMap = "de"; + # List packages installed in system profile. To search, run: + # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget diff --git a/nixosModules/amd-graphics.nix b/nixosModules/amd-graphics.nix index 1baeb24..9bc386c 100644 --- a/nixosModules/amd-graphics.nix +++ b/nixosModules/amd-graphics.nix @@ -1,24 +1,15 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers"; + boot.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; - config = lib.mkIf config.my.amdGraphics.enable { - boot.kernelModules = [ "amdgpu" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; - - hardware = { - graphics.enable = true; - amdgpu = { - opencl.enable = true; - overdrive.enable = true; - }; + hardware = { + graphics.enable = true; + amdgpu = { + opencl.enable = true; + overdrive.enable = true; }; - - environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; }; + + environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; } diff --git a/nixosModules/autoupdate.nix b/nixosModules/autoupdate.nix index 028cfd7..0f26b7e 100644 --- a/nixosModules/autoupdate.nix +++ b/nixosModules/autoupdate.nix @@ -1,21 +1,16 @@ -{ lib, config, ... }: { - options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; - - config = lib.mkIf config.my.autoupdate.enable { - nix = { - optimise.automatic = true; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; - }; - - system.autoUpgrade = { - enable = true; + nix = { + optimise.automatic = true; + gc = { + automatic = true; dates = "daily"; - # do not forget to set `flake` when using this module! + options = "--delete-older-than 7d"; }; }; + + system.autoUpgrade = { + enable = true; + dates = "daily"; + # do not forget to set `flake` when using this module! + }; } diff --git a/nixosModules/default.nix b/nixosModules/default.nix deleted file mode 100644 index 2808b2a..0000000 --- a/nixosModules/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ ... }: -{ - imports = [ - # keep-sorted start - ./allowed-unfree-list.nix - ./amd-graphics.nix - ./autoupdate.nix - ./distributed-builds.nix - ./en-de.nix - ./extra-caches.nix - ./firmware-updates.nix - ./git.nix - ./globalinstalls.nix - ./gnome.nix - ./intel-graphics.nix - ./kdeconnect.nix - ./latex.nix - ./lix-is-nix.nix - ./modern-desktop.nix - ./muede-desktop-settings.nix - ./nix-ld.nix - ./nixpkgs-overlays.nix - ./openssh.nix - ./podman.nix - ./printing.nix - ./prometheus-node.nix - ./pxvirt-guest.nix - ./quiet-boot.nix - ./secure-boot.nix - ./steam.nix - ./stylix.nix - ./systemd-boot.nix - ./tailscale.nix - ./user-muede.nix - ./user-ronja.nix - ./wine-gaming.nix - # keep-sorted end - ]; -} diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 94ec25c..f0c45da 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -32,77 +32,62 @@ let # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 # All machines automatically discover and use it after the next rebuild. - buildServerDevices = lib.filterAttrs ( - _: v: (v.distributedBuilds or { }).isBuilder or false - ) devices; + buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; knownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs ( - _: v: { - publicKey = v.distributedBuilds.hostPublicKey; - } - )) + (lib.mapAttrs (hostName: v: { + publicKey = v.distributedBuilds.hostPublicKey; + })) ]; - buildMachineList = lib.mapAttrsToList ( - hostName: v: - { - inherit hostName; - systems = [ v.system ]; - sshUser = buildUser; - sshKey = sshKeyPath; - protocol = "ssh-ng"; - } - // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { - speedFactor = v.distributedBuilds.speedFactor; - } - // { - supportedFeatures = [ - "nixos-test" - "big-parallel" - "kvm" - "benchmark" - ]; - } - ) buildServerDevices; + buildMachineList = lib.mapAttrsToList (hostName: v: { + inherit hostName; + systems = [ v.system ]; + sshUser = buildUser; + sshKey = sshKeyPath; + protocol = "ssh-ng"; + } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { + speedFactor = v.distributedBuilds.speedFactor; + } // { + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + "benchmark" + ]; + }) buildServerDevices; remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; in { - options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; + # Dedicated user for receiving distributed build connections + programs.ssh.knownHosts = knownHosts; - config = lib.mkIf config.my.distributedBuilds.enable { - programs.ssh.knownHosts = knownHosts; + users.users.${buildUser} = { + isSystemUser = true; + group = buildUser; + useDefaultShell = true; + openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys; + }; + users.groups.${buildUser} = { }; - # Dedicated user for receiving distributed build connections - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map ( - k: ''command="nix daemon --stdio",restrict ${k}'' - ) authorizedPublicKeys; - }; - users.groups.${buildUser} = { }; - - nix = { - distributedBuilds = remoteMachines != [ ]; - buildMachines = remoteMachines; - settings = { - trusted-users = [ buildUser ]; - builders-use-substitutes = true; - max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - }; - }; - - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; + nix = { + distributedBuilds = remoteMachines != [ ]; + buildMachines = remoteMachines; + settings = { + trusted-users = [ buildUser ]; + builders-use-substitutes = true; + max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; + cores = 0; + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; }; }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; } diff --git a/nixosModules/en-de.nix b/nixosModules/en-de.nix index 4a35b28..a91780e 100644 --- a/nixosModules/en-de.nix +++ b/nixosModules/en-de.nix @@ -1,40 +1,31 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; - - config = lib.mkIf config.my.enDe.enable { - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocales = [ - "de_DE.UTF-8/UTF-8" - ]; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocales = [ + "de_DE.UTF-8/UTF-8" + ]; + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; }; - - programs.firefox.languagePacks = [ - "en-US" - "de" - ]; - - environment.systemPackages = [ - pkgs.hunspell - pkgs.hunspellDicts.de-de - pkgs.hunspellDicts.en-us - ]; }; + + programs.firefox.languagePacks = [ + "en-US" + "de" + ]; + + environment.systemPackages = [ + pkgs.hunspell + pkgs.hunspellDicts.de-de + pkgs.hunspellDicts.en-us + ]; } diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 6a72755..8b5431c 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,27 +1,22 @@ -{ lib, config, ... }: { - options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; - - config = lib.mkIf config.my.extraCaches.enable { - nix.settings = { - substituters = [ - # keep-sorted start - "https://cache.lix.systems" - "https://cache.nixos.org/" - "https://niri.cachix.org" - "https://nix-community.cachix.org" - "https://nixos-raspberrypi.cachix.org" - # keep-sorted end - ]; - trusted-public-keys = [ - # keep-sorted start - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - # keep-sorted end - ]; - }; + nix.settings = { + substituters = [ + # keep-sorted start + "https://cache.lix.systems" + "https://cache.nixos.org/" + "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://nixos-raspberrypi.cachix.org" + # keep-sorted end + ]; + trusted-public-keys = [ + # keep-sorted start + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + # keep-sorted end + ]; }; } diff --git a/nixosModules/firmware-updates.nix b/nixosModules/firmware-updates.nix index 61b2ff8..8e81b72 100644 --- a/nixosModules/firmware-updates.nix +++ b/nixosModules/firmware-updates.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; - - config = lib.mkIf config.my.firmwareUpdates.enable { - hardware = { - enableRedistributableFirmware = true; - cpu = { - amd.updateMicrocode = true; - intel.updateMicrocode = true; - }; + hardware = { + enableRedistributableFirmware = true; + cpu = { + amd.updateMicrocode = true; + intel.updateMicrocode = true; }; - - services.fwupd.enable = true; }; + + services.fwupd.enable = true; } diff --git a/nixosModules/git.nix b/nixosModules/git.nix deleted file mode 100644 index ffe5c78..0000000 --- a/nixosModules/git.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.git.enable = lib.mkEnableOption "git with credential helper"; - - config = lib.mkIf config.my.git.enable { - environment.systemPackages = [ pkgs.git-credential-oauth ]; - - programs.git = { - enable = true; - config = { - init.defaultBranch = "main"; - credential = { - helper = "oauth"; - credentialStore = "cache"; - }; - }; - }; - }; -} diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix new file mode 100644 index 0000000..a94ab80 --- /dev/null +++ b/nixosModules/global-settings-desktop.nix @@ -0,0 +1,61 @@ +{ + home-manager-users, + self, + home-manager, + servicepoint-cli, + servicepoint-simulator, + servicepoint-tanks, + stylix, + specialArgs, + nova-shell, + ... +}: +{ + imports = [ + # keep-sorted start + home-manager.nixosModules.home-manager + nova-shell.nixosModules.default + self.nixosModules.en-de + self.nixosModules.firmware-updates + self.nixosModules.gnome + self.nixosModules.kdeconnect + self.nixosModules.modern-desktop + self.nixosModules.niri + self.nixosModules.nix-ld + self.nixosModules.pkgs-vscode-extensions + self.nixosModules.quiet-boot + self.nixosModules.stylix + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + # keep-sorted end + ]; + + config = { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + users = home-manager-users; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + }; + + time.timeZone = "Europe/Berlin"; + + # on desktops, keep the device useable interactively during expensive builds + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + }; + }; +} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix new file mode 100644 index 0000000..2d1c5b3 --- /dev/null +++ b/nixosModules/global-settings.nix @@ -0,0 +1,44 @@ +{ + device, + self, + lanzaboote, + zerforschen-plus, + ... +}: +{ + imports = [ + # keep-sorted start + lanzaboote.nixosModules.lanzaboote + self.nixosModules.allowed-unfree-list + self.nixosModules.autoupdate + self.nixosModules.default + self.nixosModules.distributed-builds + self.nixosModules.extra-caches + self.nixosModules.globalinstalls + self.nixosModules.lix-is-nix + self.nixosModules.openssh + self.nixosModules.prometheus-node + self.nixosModules.systemd-boot + self.nixosModules.tailscale + zerforschen-plus.nixosModules.default + # keep-sorted end + ]; + + config = { + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + documentation = { + info.enable = false; # info pages and the info command + doc.enable = false; # documentation distributed in packages' /share/doc + }; + }; +} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 6c914c7..146d401 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -1,31 +1,30 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; + environment.systemPackages = with pkgs; [ + ncdu + glances + lsof + dig + screen + tldr + nix-output-monitor + git-credential-oauth + ]; - config = lib.mkIf config.my.globalinstalls.enable { - environment.systemPackages = with pkgs; [ - ncdu - glances - lsof - dig - screen - tldr - nix-output-monitor - ]; - - programs = { - zsh.enable = true; - htop.enable = true; - iotop.enable = true; - nano = { - enable = true; - syntaxHighlight = true; - }; + programs = { + zsh.enable = true; + htop.enable = true; + iotop.enable = true; + git.enable = true; + nano = { + enable = true; + syntaxHighlight = true; }; }; + + environment.etc."gitconfig".text = '' + [credential] + helper = oauth + credentialStore = cache + ''; } diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index b0bf406..260fbbd 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -1,65 +1,62 @@ { + pkgs, lib, config, - pkgs, ... }: { - options = { - my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; - muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; + options.muede = { + keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; }; - config = lib.mkIf config.my.gnome.enable ( - lib.mkMerge [ - { - services = { - xserver.excludePackages = [ pkgs.xterm ]; + config = lib.mkMerge [ + { + services = { + xserver.excludePackages = [ pkgs.xterm ]; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = [ pkgs.mutter ]; - extraGSettingsOverrides = '' - [org.gnome.mutter] - experimental-features=['scale-monitor-framebuffer'] - ''; - }; - - gnome = { - tinysparql.enable = false; - localsearch.enable = false; - sushi.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = [ pkgs.mutter ]; + extraGSettingsOverrides = '' + [org.gnome.mutter] + experimental-features=['scale-monitor-framebuffer'] + ''; }; - programs = { - dconf.enable = true; - gpaste.enable = true; + gnome = { + tinysparql.enable = false; + localsearch.enable = false; + sushi.enable = true; }; - } - (lib.mkIf (!config.muede.keep-gnome-default-apps) { - environment.gnome.excludePackages = with pkgs; [ - cheese # photo booth - epiphany # web browser - evince # document viewer - geary # email client - gnome-maps - gnome-weather - gnome-tour - sysprof - orca # screen reader - gnome-weather - gnome-backgrounds - gnome-user-docs - yelp # help app - gnome-music - totem # video player - snapshot # camera - baobab # disk usage - ]; - }) - ] - ); + }; + + programs = { + dconf.enable = true; + gpaste.enable = true; + }; + } + (lib.mkIf (!config.muede.keep-gnome-default-apps) { + environment.gnome.excludePackages = with pkgs; [ + cheese # photo booth + epiphany # web browser + evince # document viewer + geary # email client + gnome-maps + gnome-weather + gnome-tour + sysprof + orca # screen reader + gnome-weather + gnome-backgrounds + gnome-user-docs + yelp # help app + gnome-music + totem # video player + snapshot # camera + baobab # disk usage + ]; + }) + ]; } diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index b367489..74c6e67 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -1,13 +1,6 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers"; - - config = lib.mkIf config.my.intelGraphics.enable { + config = { hardware.graphics = { extraPackages = with pkgs; [ intel-media-driver diff --git a/nixosModules/kdeconnect.nix b/nixosModules/kdeconnect.nix index bc809c9..1a3c2f1 100644 --- a/nixosModules/kdeconnect.nix +++ b/nixosModules/kdeconnect.nix @@ -5,53 +5,49 @@ ... }: { - options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; - - config = lib.mkIf config.my.kdeconnect.enable ( - lib.mkMerge [ - { - networking.firewall = - let - kdeconnect-range = { - from = 1714; - to = 1764; - }; - in - { - allowedTCPPortRanges = [ kdeconnect-range ]; - allowedUDPPortRanges = [ kdeconnect-range ]; + config = lib.mkMerge [ + { + networking.firewall = + let + kdeconnect-range = { + from = 1714; + to = 1764; }; + in + { + allowedTCPPortRanges = [ kdeconnect-range ]; + allowedUDPPortRanges = [ kdeconnect-range ]; + }; - programs.kdeconnect.enable = true; - home-manager.sharedModules = [ + programs.kdeconnect.enable = true; + home-manager.sharedModules = [ + { + services.kdeconnect = { + enable = true; + # this still shows up in gnome session starting with 25.05 + # indicator = true; + }; + } + ]; + } + + (lib.mkIf config.services.desktopManager.gnome.enable { + # replace kdeconnect with gsconnect + programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; + + home-manager.sharedModules = [ + ( + { pkgs, ... }: { - services.kdeconnect = { - enable = true; - # this still shows up in gnome session starting with 25.05 - # indicator = true; + home.packages = [ pkgs.gnomeExtensions.gsconnect ]; + # enable gsconnect extension + dconf.settings = { + "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; + "org/gnome/shell/extensions/gsconnect".enabled = true; }; } - ]; - } - - (lib.mkIf config.services.desktopManager.gnome.enable { - # replace kdeconnect with gsconnect - programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; - - home-manager.sharedModules = [ - ( - { pkgs, ... }: - { - home.packages = [ pkgs.gnomeExtensions.gsconnect ]; - # enable gsconnect extension - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; - "org/gnome/shell/extensions/gsconnect".enabled = true; - }; - } - ) - ]; - }) - ] - ); + ) + ]; + }) + ]; } diff --git a/nixosModules/latex.nix b/nixosModules/latex.nix index ce5483d..3d097f8 100644 --- a/nixosModules/latex.nix +++ b/nixosModules/latex.nix @@ -1,13 +1,6 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)"; - - config = lib.mkIf config.my.latex.enable { + config = { environment.systemPackages = with pkgs; [ fontconfig texliveFull diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix index 2bb071e..3480d06 100644 --- a/nixosModules/lix-is-nix.nix +++ b/nixosModules/lix-is-nix.nix @@ -1,24 +1,15 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; + nixpkgs.overlays = [ + (final: prev: { + inherit (prev.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; + }) + ]; - config = lib.mkIf config.my.lixIsNix.enable { - nixpkgs.overlays = [ - (_: prev: { - inherit (prev.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; - - nix.package = pkgs.lixPackageSets.latest.lix; - }; + nix.package = pkgs.lixPackageSets.latest.lix; } diff --git a/nixosModules/modern-desktop.nix b/nixosModules/modern-desktop.nix index 7a10531..6f3ccac 100644 --- a/nixosModules/modern-desktop.nix +++ b/nixosModules/modern-desktop.nix @@ -1,52 +1,47 @@ -{ lib, config, ... }: { - options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; - - config = lib.mkIf config.my.modernDesktop.enable { - services = { - xserver.enable = true; - libinput.enable = true; - flatpak.enable = true; - fstrim.enable = true; - earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - }; - - # Enable sound with pipewire. - security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - #jack.enable = true; - }; - }; - - systemd = { - # save some boot time because nothing actually requires network connectivity - services.NetworkManager-wait-online.enable = false; - - # prevent stuck units from preventing shutdown (default is 120s) - settings.Manager.DefaultTimeoutStopSec = "10s"; - }; - - programs = { - xwayland.enable = true; - - appimage = { - enable = true; - binfmt = true; - }; - }; - - system.autoUpgrade = { - allowReboot = false; - operation = "boot"; + services = { + xserver.enable = true; + libinput.enable = true; + flatpak.enable = true; + fstrim.enable = true; + earlyoom = { + enable = true; + freeMemThreshold = 5; }; }; + + # Enable sound with pipewire. + security.rtkit.enable = true; + services = { + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + #jack.enable = true; + }; + }; + + systemd = { + # save some boot time because nothing actually requires network connectivity + services.NetworkManager-wait-online.enable = false; + + # prevent stuck units from preventing shutdown (default is 120s) + settings.Manager.DefaultTimeoutStopSec = "10s"; + }; + + programs = { + xwayland.enable = true; + + appimage = { + enable = true; + binfmt = true; + }; + }; + + system.autoUpgrade = { + allowReboot = false; + operation = "boot"; + }; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 8f25f62..27e790b 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -1,36 +1,21 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - niri, - ... -}: -{ - imports = [ niri.nixosModules.niri ]; + programs.firefox.enable = true; - options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; + environment.systemPackages = with pkgs; [ + lm_sensors + libreoffice-qt6 + usbutils + ]; - config = lib.mkIf config.my.muedeDesktopSettings.enable { - my.overlays.niri.enable = true; - programs.niri.enable = true; + fonts.enableDefaultPackages = true; - programs.firefox.enable = true; - - environment.systemPackages = with pkgs; [ - lm_sensors - libreoffice-qt6 - usbutils - ]; - - fonts.enableDefaultPackages = true; - - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; - }; - - # RDP connections - services.gnome.gnome-remote-desktop.enable = true; - networking.firewall.allowedTCPPorts = [ 3389 ]; + hardware.logitech.wireless = { + enable = true; + enableGraphical = true; }; + + # RDP connections + services.gnome.gnome-remote-desktop.enable = true; + networking.firewall.allowedTCPPorts = [ 3389 ]; } diff --git a/nixosModules/nix-ld.nix b/nixosModules/nix-ld.nix index ac7ae7b..0d09078 100644 --- a/nixosModules/nix-ld.nix +++ b/nixosModules/nix-ld.nix @@ -1,32 +1,23 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; - - config = lib.mkIf config.my.nixLd.enable { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc - zlib - zstd - curl - openssl - attr - libssh - bzip2 - libxml2 - acl - libsodium - util-linux - xz - systemd - icu - ]; - }; + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc + zlib + zstd + curl + openssl + attr + libssh + bzip2 + libxml2 + acl + libsodium + util-linux + xz + systemd + icu + ]; }; } diff --git a/nixosModules/nixpkgs-overlays.nix b/nixosModules/nixpkgs-overlays.nix deleted file mode 100644 index 7a657b1..0000000 --- a/nixosModules/nixpkgs-overlays.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - self, - ... -}: -{ - options.my.overlays = { - enableAll = lib.mkEnableOption "all nixpkgs overlays"; - } - // lib.mapAttrs (_: _: { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }) self.overlays; - - config = lib.mkMerge ( - [ - { - my.overlays = lib.mapAttrs (_: _: { - enable = lib.mkDefault config.my.overlays.enableAll; - }) self.overlays; - } - ] - ++ lib.mapAttrsToList ( - name: overlay: - lib.mkIf config.my.overlays.${name}.enable { - nixpkgs.overlays = [ overlay ]; - } - ) self.overlays - ); -} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index bed46f8..7ff8b18 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; - - config = lib.mkIf config.my.openssh.enable { - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; }; }; } diff --git a/nixosModules/podman.nix b/nixosModules/podman.nix index b962242..93540f8 100644 --- a/nixosModules/podman.nix +++ b/nixosModules/podman.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; - - config = lib.mkIf config.my.podman.enable { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; }; }; } diff --git a/nixosModules/printing.nix b/nixosModules/printing.nix index 48c41ae..c85edd7 100644 --- a/nixosModules/printing.nix +++ b/nixosModules/printing.nix @@ -1,17 +1,12 @@ -{ lib, config, ... }: { - options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; + services = { + # Enable CUPS to print documents. + printing.enable = true; - config = lib.mkIf config.my.printing.enable { - services = { - # Enable CUPS to print documents. - printing.enable = true; - - avahi = { - enable = true; # runs the Avahi daemon - nssmdns4 = true; # enables the mDNS NSS plug-in - openFirewall = true; # opens the firewall for UDP port 5353 - }; + avahi = { + enable = true; # runs the Avahi daemon + nssmdns4 = true; # enables the mDNS NSS plug-in + openFirewall = true; # opens the firewall for UDP port 5353 }; }; } diff --git a/nixosModules/prometheus-node.nix b/nixosModules/prometheus-node.nix index f5e02fc..576db81 100644 --- a/nixosModules/prometheus-node.nix +++ b/nixosModules/prometheus-node.nix @@ -1,25 +1,20 @@ -{ lib, config, ... }: { - options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; - - config = lib.mkIf config.my.prometheusNode.enable { - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - port = 9190; - enabledCollectors = [ - # keep-sorted start - "cgroups" - "interrupts" - "softirqs" - "swap" - "systemd" - "tcpstat" - "wifi" - # keep-sorted end - ]; - }; + services.prometheus.exporters = { + node = { + enable = true; + openFirewall = true; + port = 9190; + enabledCollectors = [ + # keep-sorted start + "cgroups" + "interrupts" + "softirqs" + "swap" + "systemd" + "tcpstat" + "wifi" + # keep-sorted end + ]; }; }; } diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix index a70266a..067a0ec 100644 --- a/nixosModules/pxvirt-guest.nix +++ b/nixosModules/pxvirt-guest.nix @@ -1,12 +1,16 @@ +{ modulesPath, lib, ... }: { - lib, - config, - ... -}: -{ - options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + + config = { + # TODO is this needed? + # nix.settings.sandbox = false; + + proxmoxLXC = { + manageNetwork = false; + privileged = false; + }; - config = lib.mkIf config.my.pxvirtGuest.enable { # Let Proxmox host handle fstrim services.fstrim.enable = false; diff --git a/nixosModules/quiet-boot.nix b/nixosModules/quiet-boot.nix index 84bae5f..d9b59c8 100644 --- a/nixosModules/quiet-boot.nix +++ b/nixosModules/quiet-boot.nix @@ -1,34 +1,25 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; - - config = lib.mkIf config.my.quietBoot.enable { - boot = { - kernelParams = [ - "quiet" - "udev.log_level=3" - "udev.log_priority=3" - "rd.systemd.show_status=auto" + boot = { + kernelParams = [ + "quiet" + "udev.log_level=3" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + consoleLogLevel = 0; + initrd = { + verbose = false; + systemd.enable = true; # required fpr graphical LUKS prompt + }; + plymouth = { + enable = true; + theme = "catppuccin-mocha"; + themePackages = [ + (pkgs.catppuccin-plymouth.override { + variant = "mocha"; + }) ]; - consoleLogLevel = 0; - initrd = { - verbose = false; - systemd.enable = true; # required fpr graphical LUKS prompt - }; - plymouth = { - enable = true; - theme = "catppuccin-mocha"; - themePackages = [ - (pkgs.catppuccin-plymouth.override { - variant = "mocha"; - }) - ]; - }; }; }; } diff --git a/nixosModules/secure-boot.nix b/nixosModules/secure-boot.nix index 948d1c4..9bf2c93 100644 --- a/nixosModules/secure-boot.nix +++ b/nixosModules/secure-boot.nix @@ -1,37 +1,28 @@ +{ pkgs, lib, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; + # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md + # To enroll: + # 1. sudo sbctl create-keys + # 2. import this module, rebuild + # 3. Put Secure Boot in Setup mode + # 4. sudo sbctl verify + # 5. sudo sbctl enroll-keys --microsoft + # 6, reboot + # 7. sudo sbctl status - config = lib.mkIf config.my.secureBoot.enable { - # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md - # To enroll: - # 1. sudo sbctl create-keys - # 2. enable this module, rebuild - # 3. Put Secure Boot in Setup mode - # 4. sudo sbctl verify - # 5. sudo sbctl enroll-keys --microsoft - # 6, reboot - # 7. sudo sbctl status + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index 78bbf71..b0991e6 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -1,50 +1,45 @@ -{ lib, config, ... }: { - options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; + hardware.steam-hardware.enable = true; - config = lib.mkIf config.my.steam.enable { - hardware.steam-hardware.enable = true; - - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - gamescopeSession.enable = false; - }; - gamemode.enable = true; + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = false; }; + gamemode.enable = true; + }; - # steam network transfer - networking.firewall = { - allowedUDPPorts = [ 3478 ]; - allowedTCPPorts = [ 24070 ]; + # steam network transfer + networking.firewall = { + allowedUDPPorts = [ 3478 ]; + allowedTCPPorts = [ 24070 ]; - allowedTCPPortRanges = [ - { - from = 27015; - to = 27050; - } - ]; + allowedTCPPortRanges = [ + { + from = 27015; + to = 27050; + } + ]; - allowedUDPPortRanges = [ - { - from = 4379; - to = 4380; - } - { - from = 27000; - to = 27100; - } - ]; - }; - - allowedUnfreePackages = [ - "steam" - "steam-original" - "steam-run" - "steam-unwrapped" + allowedUDPPortRanges = [ + { + from = 4379; + to = 4380; + } + { + from = 27000; + to = 27100; + } ]; }; + + allowedUnfreePackages = [ + "steam" + "steam-original" + "steam-run" + "steam-unwrapped" + ]; } diff --git a/nixosModules/stylix.nix b/nixosModules/stylix.nix index 4b30dc7..33ab6ee 100644 --- a/nixosModules/stylix.nix +++ b/nixosModules/stylix.nix @@ -1,95 +1,86 @@ +{ pkgs, config, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)"; + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + override = { + scheme = "Catppuccin Mocha Pride"; - config = lib.mkIf config.my.stylix.enable { - stylix = { + base09 = "#6f9dff"; + base0A = "#d162a4"; + base0B = "#a8c9ff"; + base0C = "#a30262"; + + # pink_light = "#d162a4"; + # pink_dark = "#a30262"; + # blue_light = "#5BCEFA"; + # blue_dark = "#4a6bb1"; + + # original values + # base00: "#1e1e2e" # base - + # base01: "#181825" # mantle + # base02: "#313244" # surface0 + # base03: "#45475a" # surface1 + # base04: "#585b70" # surface2 + # base05: "#cdd6f4" # text + # base06: "#f5e0dc" # rosewater + # base07: "#b4befe" # lavender + # base08: "#f38ba8" # red + # base09: "#fab387" # peach + # base0A: "#f9e2af" # yellow + # base0B: "#a6e3a1" # green + # base0C: "#94e2d5" # teal + # base0D: "#89b4fa" # blue + # base0E: "#cba6f7" # mauve + # base0F: "#f2cdcd" # flamingo + + # https://github.com/chriskempson/base16/blob/main/styling.md + # base00 - Default Background + # base01 - Lighter Background (Used for status bars, line number and folding marks) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + }; + image = config.lib.stylix.pixel "base00"; + polarity = "dark"; + targets = { + gnome.enable = false; + gtk.enable = false; + gtksourceview.enable = false; + fontconfig.enable = true; + plymouth.enable = false; + }; + fonts = { + sansSerif = { + name = "Inter Nerd Font"; + package = pkgs.inter-nerdfont; + }; + monospace = { + name = "FiraCode Nerd Font Mono"; + package = pkgs.nerd-fonts.fira-code; + }; + }; + icons = { enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - override = { - scheme = "Catppuccin Mocha Pride"; - - base09 = "#6f9dff"; - base0A = "#d162a4"; - base0B = "#a8c9ff"; - base0C = "#a30262"; - - # pink_light = "#d162a4"; - # pink_dark = "#a30262"; - # blue_light = "#5BCEFA"; - # blue_dark = "#4a6bb1"; - - # original values - # base00: "#1e1e2e" # base - - # base01: "#181825" # mantle - # base02: "#313244" # surface0 - # base03: "#45475a" # surface1 - # base04: "#585b70" # surface2 - # base05: "#cdd6f4" # text - # base06: "#f5e0dc" # rosewater - # base07: "#b4befe" # lavender - # base08: "#f38ba8" # red - # base09: "#fab387" # peach - # base0A: "#f9e2af" # yellow - # base0B: "#a6e3a1" # green - # base0C: "#94e2d5" # teal - # base0D: "#89b4fa" # blue - # base0E: "#cba6f7" # mauve - # base0F: "#f2cdcd" # flamingo - - # https://github.com/chriskempson/base16/blob/main/styling.md - # base00 - Default Background - # base01 - Lighter Background (Used for status bars, line number and folding marks) - # base02 - Selection Background - # base03 - Comments, Invisibles, Line Highlighting - # base04 - Dark Foreground (Used for status bars) - # base05 - Default Foreground, Caret, Delimiters, Operators - # base06 - Light Foreground (Not often used) - # base07 - Light Background (Not often used) - # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url - # base0A - Classes, Markup Bold, Search Text Background - # base0B - Strings, Inherited Class, Markup Code, Diff Inserted - # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes - # base0D - Functions, Methods, Attribute IDs, Headings - # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed - # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. - }; - image = config.lib.stylix.pixel "base00"; - polarity = "dark"; - targets = { - gnome.enable = false; - gtk.enable = false; - gtksourceview.enable = false; - fontconfig.enable = true; - plymouth.enable = false; - }; - fonts = { - sansSerif = { - name = "Inter Nerd Font"; - package = pkgs.inter-nerdfont; - }; - monospace = { - name = "FiraCode Nerd Font Mono"; - package = pkgs.nerd-fonts.fira-code; - }; - }; - icons = { - enable = true; - dark = "Adwaita"; - light = "Adwaita"; - package = pkgs.adwaita-icon-theme; - }; - cursor = { - name = "Adwaita"; - size = 16; - package = pkgs.adwaita-icon-theme; - }; + dark = "Adwaita"; + light = "Adwaita"; + package = pkgs.adwaita-icon-theme; + }; + cursor = { + name = "Adwaita"; + size = 16; + package = pkgs.adwaita-icon-theme; }; }; } diff --git a/nixosModules/systemd-boot.nix b/nixosModules/systemd-boot.nix index e44f9dc..321a26c 100644 --- a/nixosModules/systemd-boot.nix +++ b/nixosModules/systemd-boot.nix @@ -1,16 +1,11 @@ -{ lib, config, ... }: { - options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; - - config = lib.mkIf config.my.systemdBoot.enable { - boot.loader = { - timeout = 3; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; # do not allow changing kernel parameters - consoleMode = "max"; - }; + boot.loader = { + timeout = 3; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; # do not allow changing kernel parameters + consoleMode = "max"; }; }; } diff --git a/nixosModules/tailscale.nix b/nixosModules/tailscale.nix index 55295f9..e51ee7f 100644 --- a/nixosModules/tailscale.nix +++ b/nixosModules/tailscale.nix @@ -1,13 +1,8 @@ -{ lib, config, ... }: { - options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale = { - enable = true; - openFirewall = true; - }; - - networking.firewall.checkReversePath = "loose"; + services.tailscale = { + enable = true; + openFirewall = true; }; + + networking.firewall.checkReversePath = "loose"; } diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 20f9cdb..498c5a8 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -1,46 +1,37 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.users.muede.enable = lib.mkEnableOption "muede user account"; - - config = lib.mkIf config.my.users.muede.enable { - users.users.muede = { - isNormalUser = true; - uid = 1000; - name = "muede"; - description = "müde"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "dialout" - "podman" - "nginx" - "adbusers" - "kvm" - "input" - "video" - ]; - shell = pkgs.zsh; - autoSubUidGidRange = true; - }; - - nix.settings.trusted-users = [ "muede" ]; - - allowedUnfreePackages = [ - "rider" - "pycharm-professional" - "jetbrains-toolbox" - - "anydesk" - - "vscode-extension-ms-dotnettools-csharp" - - "claude-code" + users.users.muede = { + isNormalUser = true; + uid = 1000; + name = "muede"; + description = "müde"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "dialout" + "podman" + "nginx" + "adbusers" + "kvm" + "input" + "video" ]; + shell = pkgs.zsh; + autoSubUidGidRange = true; }; + + nix.settings.trusted-users = [ "muede" ]; + + allowedUnfreePackages = [ + "rider" + "pycharm-professional" + "jetbrains-toolbox" + + "anydesk" + + "vscode-extension-ms-dotnettools-csharp" + + "claude-code" + ]; } diff --git a/nixosModules/user-ronja.nix b/nixosModules/user-ronja.nix index 46319eb..b374ab9 100644 --- a/nixosModules/user-ronja.nix +++ b/nixosModules/user-ronja.nix @@ -1,28 +1,19 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; - - config = lib.mkIf config.my.users.ronja.enable { - users.users.ronja = { - isNormalUser = true; - name = "ronja"; - description = "Ronja"; - home = "/home/ronja"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "podman" - "openvscode-server" - ]; - shell = pkgs.zsh; - }; - - nix.settings.trusted-users = [ "ronja" ]; + users.users.ronja = { + isNormalUser = true; + name = "ronja"; + description = "Ronja"; + home = "/home/ronja"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "podman" + "openvscode-server" + ]; + shell = pkgs.zsh; }; + + nix.settings.trusted-users = [ "ronja" ]; } diff --git a/nixosModules/wine-gaming.nix b/nixosModules/wine-gaming.nix index 58b0099..8411114 100644 --- a/nixosModules/wine-gaming.nix +++ b/nixosModules/wine-gaming.nix @@ -1,31 +1,22 @@ +{ pkgs, ... }: { - lib, - config, - pkgs, - ... -}: -{ - options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)"; - - config = lib.mkIf config.my.wineGaming.enable { - hardware = { - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ mangohud ]; - extraPackages32 = with pkgs; [ mangohud ]; - }; - - xpadneo.enable = true; + hardware = { + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ mangohud ]; + extraPackages32 = with pkgs; [ mangohud ]; }; - environment.systemPackages = with pkgs; [ - wineWowPackages.stagingFull - wineWowPackages.fonts - winetricks - dxvk - mangohud - vulkan-tools - mesa-demos - ]; + xpadneo.enable = true; }; + + environment.systemPackages = with pkgs; [ + wineWowPackages.stagingFull + wineWowPackages.fonts + winetricks + dxvk + mangohud + vulkan-tools + mesa-demos + ]; }