vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:c2aa932494fbab644471b96089b88bcc3113b5df
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg
..
compare: vinzenz:c2d4ce78de05fc554e767cc9ee9050832944246a
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg

No commits in common. "c2aa932494fbab644471b96089b88bcc3113b5df" and "c2d4ce78de05fc554e767cc9ee9050832944246a" have entirely different histories.
c2aa932494 ... c2d4ce78de

45 changed files with 834 additions and 1072 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.nix
View file

@ -9,6 +9,7 @@
}; };
#keep-sorted start block=yes #keep-sorted start block=yes
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs"; #inputs.nixpkgs.follows = "nixpkgs";
@ -96,18 +97,28 @@
inputs@{ inputs@{
self, self,
nixpkgs, nixpkgs,
home-manager,
# keep-sorted start # keep-sorted start
lanzaboote,
niri, niri,
nix-vscode-extensions, nix-vscode-extensions,
nixos-generators,
nixos-raspberrypi,
nixpkgs-unstable, nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
treefmt-nix, treefmt-nix,
zerforschen-plus,
# keep-sorted end # keep-sorted end
... ...
}: }:
let let
devices = import ./devices.nix { inherit self; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
treefmt-config = { treefmt-config = {
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs = { programs = {
@ -136,17 +147,37 @@
in in
{ {
overlays = { overlays = {
unstable = final: prev: { unstable-packages = final: prev: {
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
localSystem = prev.stdenv.hostPlatform; localSystem = prev.stdenv.hostPlatform;
inherit (prev) config; inherit (prev) config;
}; };
}; };
vscodeExtensions = nix-vscode-extensions.overlays.default;
niri = niri.overlays.niri;
}; };
nixosModules = importModuleDir ./nixosModules; nixosModules = (importModuleDir ./nixosModules) // {
niri =
{ pkgs, ... }:
{
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
};
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = importModuleDir ./homeModules; homeModules = importModuleDir ./homeModules;
homeConfigurations = { homeConfigurations = {
@ -154,7 +185,38 @@
ronja = ./homeConfigurations/ronja; ronja = ./homeConfigurations/ronja;
}; };
inherit nixosConfigurations; nixosConfigurations = forDevice (
{
device,
system,
home-manager-users ? { },
nixosSystem ? nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
{
imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
nixpkgs = {
hostPlatform = lib.mkDefault system;
};
}
];
}
);
formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);

2
homeConfigurations/muede/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, self, ... }:
{ {
imports = [ imports = [
# keep-sorted start # keep-sorted start

6
homeModules/git.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.git = {
enable = true;
settings.init.defaultBranch = "main";
};
}

127
nixosConfigurations.nix
View file

@ -1,127 +0,0 @@
{
inputs,
lib,
}:
let
devices = import ./devices.nix { inherit (inputs) self; };
inherit (inputs)
self
home-manager
lanzaboote
nova-shell
servicepoint-cli
servicepoint-simulator
servicepoint-tanks
stylix
zerforschen-plus
;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
in
forDevice (
{
device,
system,
home-manager-users ? { },
nixosSystem ? inputs.nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
./nixosConfigurations/${device}
self.nixosModules.default
# keep-sorted start
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
nova-shell.nixosModules.default
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
zerforschen-plus.nixosModules.default
# keep-sorted end
# Base config
{
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false;
doc.enable = false;
};
my = {
# keep-sorted start
autoupdate.enable = true;
distributedBuilds.enable = true;
extraCaches.enable = true;
git.enable = true;
globalinstalls.enable = true;
lixIsNix.enable = true;
openssh.enable = true;
overlays.unstable.enable = true;
overlays.vscodeExtensions.enable = true;
# prometheusNode.enable = true;
systemdBoot.enable = true;
tailscale.enable = true;
# keep-sorted end
};
}
]
++ lib.optionals (home-manager-users != { }) [
# Desktop config
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
my = {
# keep-sorted start
enDe.enable = true;
firmwareUpdates.enable = true;
gnome.enable = true;
kdeconnect.enable = true;
modernDesktop.enable = true;
nixLd.enable = true;
quietBoot.enable = true;
stylix.enable = true;
# keep-sorted end
};
}
];
}
)

8
nixosConfigurations/aur0ra/hardware.nix
View file

@ -10,9 +10,11 @@
# No one got time for xz compression. # No one got time for xz compression.
#isoImage.squashfsCompression = "zstd"; #isoImage.squashfsCompression = "zstd";
boot.loader.raspberry-pi.bootloader = "kernel"; boot.loader = {
raspberry-pi.bootloader = "kernel";
my.systemdBoot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
#generic-extlinux-compatible.enable = lib.mkForce false;
};
/* /*
fileSystems = { fileSystems = {

3
nixosConfigurations/damocles/claude-container.nix
View file

@ -1,11 +1,12 @@
{ {
pkgs, pkgs,
self,
lib, lib,
... ...
}: }:
{ {
my.overlays.unstable.enable = true; nixpkgs.overlays = [ self.overlays.unstable-packages ];
allowedUnfreePackages = [ "claude-code" ]; allowedUnfreePackages = [ "claude-code" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

9
nixosConfigurations/epimetheus/default.nix
View file

@ -1,13 +1,8 @@
{ modulesPath, ... }: { self, ... }:
{ {
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; imports = [ self.nixosModules.pxvirt-guest ];
config = { config = {
my.pxvirtGuest.enable = true;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
}; };
} }

5
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,13 +1,12 @@
{ ... }: { self, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
./forgejo-runner.nix ./forgejo-runner.nix
self.nixosModules.podman
]; ];
config = { config = {
my.podman.enable = true;
# uncomment for build check on non arm system (requires --impure) # uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem; # nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both"; services.tailscale.useRoutingFeatures = "both";

16
nixosConfigurations/muede-lpt2/default.nix
View file

@ -2,17 +2,17 @@
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.intelGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [ nix.settings.extra-platforms = [
"aarch64-linux" "aarch64-linux"
"i686-linux" "i686-linux"

19
nixosConfigurations/muede-pc2/default.nix
View file

@ -1,20 +1,21 @@
{ pkgs, ... }: { pkgs, self, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
# ./vscode-server.nix # ./vscode-server.nix
# ./hass.nix # ./hass.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.amdGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [ nix.settings.extra-platforms = [
"aarch64-linux" "aarch64-linux"
"i686-linux" "i686-linux"

19
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,15 +1,20 @@
{ pkgs, ... }: {
config,
pkgs,
self,
...
}:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.muede-desktop-settings
]; ];
config = { config = {
my.users.ronja.enable = true;
my.steam.enable = true;
my.wineGaming.enable = true;
my.muedeDesktopSettings.enable = true;
# Configure keymap in X11 # Configure keymap in X11
services.xserver.xkb = { services.xserver.xkb = {
layout = "de"; layout = "de";
@ -19,6 +24,8 @@
# Configure console keymap # Configure console keymap
console.keyMap = "de"; console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget # wget

29
nixosModules/amd-graphics.nix
View file

@ -1,24 +1,15 @@
{ pkgs, ... }:
{ {
lib, boot.kernelModules = [ "amdgpu" ];
config, services.xserver.videoDrivers = [ "amdgpu" ];
pkgs,
...
}:
{
options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
config = lib.mkIf config.my.amdGraphics.enable { hardware = {
boot.kernelModules = [ "amdgpu" ]; graphics.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ]; amdgpu = {
opencl.enable = true;
hardware = { overdrive.enable = true;
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
}; };
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
}; };
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
} }

27
nixosModules/autoupdate.nix
View file

@ -1,21 +1,16 @@
{ lib, config, ... }:
{ {
options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; nix = {
optimise.automatic = true;
config = lib.mkIf config.my.autoupdate.enable { gc = {
nix = { automatic = true;
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily"; dates = "daily";
# do not forget to set `flake` when using this module! options = "--delete-older-than 7d";
}; };
}; };
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
} }

39
nixosModules/default.nix
View file

@ -1,39 +0,0 @@
{ ... }:
{
imports = [
# keep-sorted start
./allowed-unfree-list.nix
./amd-graphics.nix
./autoupdate.nix
./distributed-builds.nix
./en-de.nix
./extra-caches.nix
./firmware-updates.nix
./git.nix
./globalinstalls.nix
./gnome.nix
./intel-graphics.nix
./kdeconnect.nix
./latex.nix
./lix-is-nix.nix
./modern-desktop.nix
./muede-desktop-settings.nix
./nix-ld.nix
./nixpkgs-overlays.nix
./openssh.nix
./podman.nix
./printing.nix
./prometheus-node.nix
./pxvirt-guest.nix
./quiet-boot.nix
./secure-boot.nix
./steam.nix
./stylix.nix
./systemd-boot.nix
./tailscale.nix
./user-muede.nix
./user-ronja.nix
./wine-gaming.nix
# keep-sorted end
];
}

105
nixosModules/distributed-builds.nix
View file

@ -32,77 +32,62 @@ let
# distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname> # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname>
# All machines automatically discover and use it after the next rebuild. # All machines automatically discover and use it after the next rebuild.
buildServerDevices = lib.filterAttrs ( buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices;
_: v: (v.distributedBuilds or { }).isBuilder or false
) devices;
knownHosts = lib.pipe buildServerDevices [ knownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs ( (lib.mapAttrs (hostName: v: {
_: v: { publicKey = v.distributedBuilds.hostPublicKey;
publicKey = v.distributedBuilds.hostPublicKey; }))
}
))
]; ];
buildMachineList = lib.mapAttrsToList ( buildMachineList = lib.mapAttrsToList (hostName: v: {
hostName: v: inherit hostName;
{ systems = [ v.system ];
inherit hostName; sshUser = buildUser;
systems = [ v.system ]; sshKey = sshKeyPath;
sshUser = buildUser; protocol = "ssh-ng";
sshKey = sshKeyPath; } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
protocol = "ssh-ng"; speedFactor = v.distributedBuilds.speedFactor;
} } // {
// lib.optionalAttrs (v.distributedBuilds ? speedFactor) { supportedFeatures = [
speedFactor = v.distributedBuilds.speedFactor; "nixos-test"
} "big-parallel"
// { "kvm"
supportedFeatures = [ "benchmark"
"nixos-test" ];
"big-parallel" }) buildServerDevices;
"kvm"
"benchmark"
];
}
) buildServerDevices;
remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
in in
{ {
options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; # Dedicated user for receiving distributed build connections
programs.ssh.knownHosts = knownHosts;
config = lib.mkIf config.my.distributedBuilds.enable { users.users.${buildUser} = {
programs.ssh.knownHosts = knownHosts; isSystemUser = true;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
};
users.groups.${buildUser} = { };
# Dedicated user for receiving distributed build connections nix = {
users.users.${buildUser} = { distributedBuilds = remoteMachines != [ ];
isSystemUser = true; buildMachines = remoteMachines;
group = buildUser; settings = {
useDefaultShell = true; trusted-users = [ buildUser ];
openssh.authorizedKeys.keys = map ( builders-use-substitutes = true;
k: ''command="nix daemon --stdio",restrict ${k}'' max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto";
) authorizedPublicKeys; cores = 0;
}; min-free = 10 * 1024 * 1024;
users.groups.${buildUser} = { }; max-free = 200 * 1024 * 1024;
nix = {
distributedBuilds = remoteMachines != [ ];
buildMachines = remoteMachines;
settings = {
trusted-users = [ buildUser ];
builders-use-substitutes = true;
max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto";
cores = 0;
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
}; };
}; };
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
} }

63
nixosModules/en-de.nix
View file

@ -1,40 +1,31 @@
{ pkgs, ... }:
{ {
lib, i18n = {
config, defaultLocale = "en_US.UTF-8";
pkgs, extraLocales = [
... "de_DE.UTF-8/UTF-8"
}: ];
{ extraLocaleSettings = {
options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
config = lib.mkIf config.my.enDe.enable { LC_MEASUREMENT = "de_DE.UTF-8";
i18n = { LC_MONETARY = "de_DE.UTF-8";
defaultLocale = "en_US.UTF-8"; LC_NAME = "de_DE.UTF-8";
extraLocales = [ LC_NUMERIC = "de_DE.UTF-8";
"de_DE.UTF-8/UTF-8" LC_PAPER = "de_DE.UTF-8";
]; LC_TELEPHONE = "de_DE.UTF-8";
extraLocaleSettings = { LC_TIME = "de_DE.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
}; };
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}; };
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
} }

43
nixosModules/extra-caches.nix
View file

@ -1,27 +1,22 @@
{ lib, config, ... }:
{ {
options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; nix.settings = {
substituters = [
config = lib.mkIf config.my.extraCaches.enable { # keep-sorted start
nix.settings = { "https://cache.lix.systems"
substituters = [ "https://cache.nixos.org/"
# keep-sorted start "https://niri.cachix.org"
"https://cache.lix.systems" "https://nix-community.cachix.org"
"https://cache.nixos.org/" "https://nixos-raspberrypi.cachix.org"
"https://niri.cachix.org" # keep-sorted end
"https://nix-community.cachix.org" ];
"https://nixos-raspberrypi.cachix.org" trusted-public-keys = [
# keep-sorted end # keep-sorted start
]; "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
# keep-sorted start "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" # keep-sorted end
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
];
};
}; };
} }

19
nixosModules/firmware-updates.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{ {
options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; hardware = {
enableRedistributableFirmware = true;
config = lib.mkIf config.my.firmwareUpdates.enable { cpu = {
hardware = { amd.updateMicrocode = true;
enableRedistributableFirmware = true; intel.updateMicrocode = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
}; };
services.fwupd.enable = true;
}; };
services.fwupd.enable = true;
} }

24
nixosModules/git.nix
View file

@ -1,24 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.git.enable = lib.mkEnableOption "git with credential helper";
config = lib.mkIf config.my.git.enable {
environment.systemPackages = [ pkgs.git-credential-oauth ];
programs.git = {
enable = true;
config = {
init.defaultBranch = "main";
credential = {
helper = "oauth";
credentialStore = "cache";
};
};
};
};
}

61
nixosModules/global-settings-desktop.nix Normal file
View file

@ -0,0 +1,61 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
nova-shell,
...
}:
{
imports = [
# keep-sorted start
home-manager.nixosModules.home-manager
nova-shell.nixosModules.default
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
config = {
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
};
}

44
nixosModules/global-settings.nix Normal file
View file

@ -0,0 +1,44 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.distributed-builds
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

51
nixosModules/globalinstalls.nix
View file

@ -1,31 +1,30 @@
{ pkgs, ... }:
{ {
lib, environment.systemPackages = with pkgs; [
config, ncdu
pkgs, glances
... lsof
}: dig
{ screen
options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; tldr
nix-output-monitor
git-credential-oauth
];
config = lib.mkIf config.my.globalinstalls.enable { programs = {
environment.systemPackages = with pkgs; [ zsh.enable = true;
ncdu htop.enable = true;
glances iotop.enable = true;
lsof git.enable = true;
dig nano = {
screen enable = true;
tldr syntaxHighlight = true;
nix-output-monitor
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
}; };
}; };
environment.etc."gitconfig".text = ''
[credential]
helper = oauth
credentialStore = cache
'';
} }

101
nixosModules/gnome.nix
View file

@ -1,65 +1,62 @@
{ {
pkgs,
lib, lib,
config, config,
pkgs,
... ...
}: }:
{ {
options = { options.muede = {
my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
}; };
config = lib.mkIf config.my.gnome.enable ( config = lib.mkMerge [
lib.mkMerge [ {
{ services = {
services = { xserver.excludePackages = [ pkgs.xterm ];
xserver.excludePackages = [ pkgs.xterm ];
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome = { desktopManager.gnome = {
enable = true; enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ]; extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = '' extraGSettingsOverrides = ''
[org.gnome.mutter] [org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer'] experimental-features=['scale-monitor-framebuffer']
''; '';
};
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
}; };
programs = { gnome = {
dconf.enable = true; tinysparql.enable = false;
gpaste.enable = true; localsearch.enable = false;
sushi.enable = true;
}; };
} };
(lib.mkIf (!config.muede.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [ programs = {
cheese # photo booth dconf.enable = true;
epiphany # web browser gpaste.enable = true;
evince # document viewer };
geary # email client }
gnome-maps (lib.mkIf (!config.muede.keep-gnome-default-apps) {
gnome-weather environment.gnome.excludePackages = with pkgs; [
gnome-tour cheese # photo booth
sysprof epiphany # web browser
orca # screen reader evince # document viewer
gnome-weather geary # email client
gnome-backgrounds gnome-maps
gnome-user-docs gnome-weather
yelp # help app gnome-tour
gnome-music sysprof
totem # video player orca # screen reader
snapshot # camera gnome-weather
baobab # disk usage gnome-backgrounds
]; gnome-user-docs
}) yelp # help app
] gnome-music
); totem # video player
snapshot # camera
baobab # disk usage
];
})
];
} }

11
nixosModules/intel-graphics.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{ {
lib, config = {
config,
pkgs,
...
}:
{
options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
config = lib.mkIf config.my.intelGraphics.enable {
hardware.graphics = { hardware.graphics = {
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver

84
nixosModules/kdeconnect.nix
View file

@ -5,53 +5,49 @@
... ...
}: }:
{ {
options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; config = lib.mkMerge [
{
config = lib.mkIf config.my.kdeconnect.enable ( networking.firewall =
lib.mkMerge [ let
{ kdeconnect-range = {
networking.firewall = from = 1714;
let to = 1764;
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
}; };
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
home-manager.sharedModules = [ home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
];
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{ {
services.kdeconnect = { home.packages = [ pkgs.gnomeExtensions.gsconnect ];
enable = true; # enable gsconnect extension
# this still shows up in gnome session starting with 25.05 dconf.settings = {
# indicator = true; "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
}; };
} }
]; )
} ];
})
(lib.mkIf config.services.desktopManager.gnome.enable { ];
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
]
);
} }

11
nixosModules/latex.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{ {
lib, config = {
config,
pkgs,
...
}:
{
options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
config = lib.mkIf config.my.latex.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fontconfig fontconfig
texliveFull texliveFull

33
nixosModules/lix-is-nix.nix
View file

@ -1,24 +1,15 @@
{ pkgs, ... }:
{ {
lib, nixpkgs.overlays = [
config, (final: prev: {
pkgs, inherit (prev.lixPackageSets.stable)
... nixpkgs-review
}: nix-eval-jobs
{ nix-fast-build
options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; colmena
;
})
];
config = lib.mkIf config.my.lixIsNix.enable { nix.package = pkgs.lixPackageSets.latest.lix;
nixpkgs.overlays = [
(_: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
};
} }

91
nixosModules/modern-desktop.nix
View file

@ -1,52 +1,47 @@
{ lib, config, ... }:
{ {
options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; services = {
xserver.enable = true;
config = lib.mkIf config.my.modernDesktop.enable { libinput.enable = true;
services = { flatpak.enable = true;
xserver.enable = true; fstrim.enable = true;
libinput.enable = true; earlyoom = {
flatpak.enable = true; enable = true;
fstrim.enable = true; freeMemThreshold = 5;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
}; };
}; };
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
} }

45
nixosModules/muede-desktop-settings.nix
View file

@ -1,36 +1,21 @@
{ pkgs, ... }:
{ {
lib, programs.firefox.enable = true;
config,
pkgs,
niri,
...
}:
{
imports = [ niri.nixosModules.niri ];
options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
usbutils
];
config = lib.mkIf config.my.muedeDesktopSettings.enable { fonts.enableDefaultPackages = true;
my.overlays.niri.enable = true;
programs.niri.enable = true;
programs.firefox.enable = true; hardware.logitech.wireless = {
enable = true;
environment.systemPackages = with pkgs; [ enableGraphical = true;
lm_sensors
libreoffice-qt6
usbutils
];
fonts.enableDefaultPackages = true;
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}; };
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
} }

49
nixosModules/nix-ld.nix
View file

@ -1,32 +1,23 @@
{ pkgs, ... }:
{ {
lib, programs.nix-ld = {
config, enable = true;
pkgs, libraries = with pkgs; [
... stdenv.cc.cc
}: zlib
{ zstd
options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; curl
openssl
config = lib.mkIf config.my.nixLd.enable { attr
programs.nix-ld = { libssh
enable = true; bzip2
libraries = with pkgs; [ libxml2
stdenv.cc.cc acl
zlib libsodium
zstd util-linux
curl xz
openssl systemd
attr icu
libssh ];
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
};
}; };
} }

33
nixosModules/nixpkgs-overlays.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
self,
...
}:
{
options.my.overlays = {
enableAll = lib.mkEnableOption "all nixpkgs overlays";
}
// lib.mapAttrs (_: _: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}) self.overlays;
config = lib.mkMerge (
[
{
my.overlays = lib.mapAttrs (_: _: {
enable = lib.mkDefault config.my.overlays.enableAll;
}) self.overlays;
}
]
++ lib.mapAttrsToList (
name: overlay:
lib.mkIf config.my.overlays.${name}.enable {
nixpkgs.overlays = [ overlay ];
}
) self.overlays
);
}

19
nixosModules/openssh.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{ {
options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; services.openssh = {
enable = true;
config = lib.mkIf config.my.openssh.enable { openFirewall = true;
services.openssh = { settings = {
enable = true; PermitRootLogin = "prohibit-password";
openFirewall = true; PasswordAuthentication = false;
settings = { KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
}; };
}; };
} }

19
nixosModules/podman.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{ {
options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; virtualisation = {
containers.enable = true;
config = lib.mkIf config.my.podman.enable { podman = {
virtualisation = { enable = true;
containers.enable = true; dockerCompat = true;
podman = { dockerSocket.enable = true;
enable = true; autoPrune.enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
}; };
}; };
} }

19
nixosModules/printing.nix
View file

@ -1,17 +1,12 @@
{ lib, config, ... }:
{ {
options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; services = {
# Enable CUPS to print documents.
printing.enable = true;
config = lib.mkIf config.my.printing.enable { avahi = {
services = { enable = true; # runs the Avahi daemon
# Enable CUPS to print documents. nssmdns4 = true; # enables the mDNS NSS plug-in
printing.enable = true; openFirewall = true; # opens the firewall for UDP port 5353
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
}; };
}; };
} }

37
nixosModules/prometheus-node.nix
View file

@ -1,25 +1,20 @@
{ lib, config, ... }:
{ {
options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; services.prometheus.exporters = {
node = {
config = lib.mkIf config.my.prometheusNode.enable { enable = true;
services.prometheus.exporters = { openFirewall = true;
node = { port = 9190;
enable = true; enabledCollectors = [
openFirewall = true; # keep-sorted start
port = 9190; "cgroups"
enabledCollectors = [ "interrupts"
# keep-sorted start "softirqs"
"cgroups" "swap"
"interrupts" "systemd"
"softirqs" "tcpstat"
"swap" "wifi"
"systemd" # keep-sorted end
"tcpstat" ];
"wifi"
# keep-sorted end
];
};
}; };
}; };
} }

18
nixosModules/pxvirt-guest.nix
View file

@ -1,12 +1,16 @@
{ modulesPath, lib, ... }:
{ {
lib, imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config,
... config = {
}: # TODO is this needed?
{ # nix.settings.sandbox = false;
options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
config = lib.mkIf config.my.pxvirtGuest.enable {
# Let Proxmox host handle fstrim # Let Proxmox host handle fstrim
services.fstrim.enable = false; services.fstrim.enable = false;

49
nixosModules/quiet-boot.nix
View file

@ -1,34 +1,25 @@
{ pkgs, ... }:
{ {
lib, boot = {
config, kernelParams = [
pkgs, "quiet"
... "udev.log_level=3"
}: "udev.log_priority=3"
{ "rd.systemd.show_status=auto"
options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; ];
consoleLogLevel = 0;
config = lib.mkIf config.my.quietBoot.enable { initrd = {
boot = { verbose = false;
kernelParams = [ systemd.enable = true; # required fpr graphical LUKS prompt
"quiet" };
"udev.log_level=3" plymouth = {
"udev.log_priority=3" enable = true;
"rd.systemd.show_status=auto" theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
]; ];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
];
};
}; };
}; };
} }

53
nixosModules/secure-boot.nix
View file

@ -1,37 +1,28 @@
{ pkgs, lib, ... }:
{ {
lib, # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
config, # To enroll:
pkgs, # 1. sudo sbctl create-keys
... # 2. import this module, rebuild
}: # 3. Put Secure Boot in Setup mode
{ # 4. sudo sbctl verify
options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; # 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
config = lib.mkIf config.my.secureBoot.enable { environment.systemPackages = [
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md # For debugging and troubleshooting Secure Boot.
# To enroll: pkgs.sbctl
# 1. sudo sbctl create-keys ];
# 2. enable this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
environment.systemPackages = [ # Lanzaboote currently replaces the systemd-boot module.
# For debugging and troubleshooting Secure Boot. # This setting is usually set to true in configuration.nix
pkgs.sbctl # generated at installation time. So we force it to false
]; # for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
# Lanzaboote currently replaces the systemd-boot module. boot.lanzaboote = {
# This setting is usually set to true in configuration.nix enable = true;
# generated at installation time. So we force it to false pkiBundle = "/var/lib/sbctl";
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}; };
} }

77
nixosModules/steam.nix
View file

@ -1,50 +1,45 @@
{ lib, config, ... }:
{ {
options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; hardware.steam-hardware.enable = true;
config = lib.mkIf config.my.steam.enable { programs = {
hardware.steam-hardware.enable = true; steam = {
enable = true;
programs = { remotePlay.openFirewall = true;
steam = { dedicatedServer.openFirewall = true;
enable = true; localNetworkGameTransfers.openFirewall = true;
remotePlay.openFirewall = true; gamescopeSession.enable = false;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
}; };
gamemode.enable = true;
};
# steam network transfer # steam network transfer
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 3478 ]; allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ]; allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 27015; from = 27015;
to = 27050; to = 27050;
} }
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
from = 4379; from = 4379;
to = 4380; to = 4380;
} }
{ {
from = 27000; from = 27000;
to = 27100; to = 27100;
} }
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
]; ];
}; };
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
} }

169
nixosModules/stylix.nix
View file

@ -1,95 +1,86 @@
{ pkgs, config, ... }:
{ {
lib, stylix = {
config, enable = true;
pkgs, base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
... override = {
}: scheme = "Catppuccin Mocha Pride";
{
options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
config = lib.mkIf config.my.stylix.enable { base09 = "#6f9dff";
stylix = { base0A = "#d162a4";
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true; enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; dark = "Adwaita";
override = { light = "Adwaita";
scheme = "Catppuccin Mocha Pride"; package = pkgs.adwaita-icon-theme;
};
base09 = "#6f9dff"; cursor = {
base0A = "#d162a4"; name = "Adwaita";
base0B = "#a8c9ff"; size = 16;
base0C = "#a30262"; package = pkgs.adwaita-icon-theme;
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true;
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
};
}; };
}; };
} }

19
nixosModules/systemd-boot.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{ {
options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; boot.loader = {
timeout = 3;
config = lib.mkIf config.my.systemdBoot.enable { efi.canTouchEfiVariables = true;
boot.loader = { systemd-boot = {
timeout = 3; enable = true;
efi.canTouchEfiVariables = true; editor = false; # do not allow changing kernel parameters
systemd-boot = { consoleMode = "max";
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
}; };
}; };
} }

15
nixosModules/tailscale.nix
View file

@ -1,13 +1,8 @@
{ lib, config, ... }:
{ {
options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; services.tailscale = {
enable = true;
config = lib.mkIf config.my.tailscale.enable { openFirewall = true;
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
}; };
networking.firewall.checkReversePath = "loose";
} }

75
nixosModules/user-muede.nix
View file

@ -1,46 +1,37 @@
{ pkgs, ... }:
{ {
lib, users.users.muede = {
config, isNormalUser = true;
pkgs, uid = 1000;
... name = "muede";
}: description = "müde";
{ extraGroups = [
options.my.users.muede.enable = lib.mkEnableOption "muede user account"; "networkmanager"
"wheel"
config = lib.mkIf config.my.users.muede.enable { "games"
users.users.muede = { "dialout"
isNormalUser = true; "podman"
uid = 1000; "nginx"
name = "muede"; "adbusers"
description = "müde"; "kvm"
extraGroups = [ "input"
"networkmanager" "video"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
]; ];
shell = pkgs.zsh;
autoSubUidGidRange = true;
}; };
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
];
} }

41
nixosModules/user-ronja.nix
View file

@ -1,28 +1,19 @@
{ pkgs, ... }:
{ {
lib, users.users.ronja = {
config, isNormalUser = true;
pkgs, name = "ronja";
... description = "Ronja";
}: home = "/home/ronja";
{ extraGroups = [
options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; "networkmanager"
"wheel"
config = lib.mkIf config.my.users.ronja.enable { "games"
users.users.ronja = { "podman"
isNormalUser = true; "openvscode-server"
name = "ronja"; ];
description = "Ronja"; shell = pkgs.zsh;
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
}; };
nix.settings.trusted-users = [ "ronja" ];
} }

43
nixosModules/wine-gaming.nix
View file

@ -1,31 +1,22 @@
{ pkgs, ... }:
{ {
lib, hardware = {
config, graphics = {
pkgs, enable32Bit = true;
... extraPackages = with pkgs; [ mangohud ];
}: extraPackages32 = with pkgs; [ mangohud ];
{
options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
config = lib.mkIf config.my.wineGaming.enable {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
}; };
environment.systemPackages = with pkgs; [ xpadneo.enable = true;
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
}; };
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
} }