vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:c2aa932494fbab644471b96089b88bcc3113b5df
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg
..
compare: vinzenz:c2d4ce78de05fc554e767cc9ee9050832944246a
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg

No commits in common. "c2aa932494fbab644471b96089b88bcc3113b5df" and "c2d4ce78de05fc554e767cc9ee9050832944246a" have entirely different histories.
c2aa932494 ... c2d4ce78de

45 changed files with 834 additions and 1072 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.nix
View file

@ -9,6 +9,7 @@
};
#keep-sorted start block=yes
flake-parts = {
url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs";
@ -96,18 +97,28 @@
inputs@{
self,
nixpkgs,
home-manager,
# keep-sorted start
lanzaboote,
niri,
nix-vscode-extensions,
nixos-generators,
nixos-raspberrypi,
nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
treefmt-nix,
zerforschen-plus,
# keep-sorted end
...
}:
let
devices = import ./devices.nix { inherit self; };
inherit (nixpkgs) lib;
nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; };
supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations);
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
treefmt-config = {
projectRootFile = "flake.nix";
programs = {
@ -136,17 +147,37 @@
in
{
overlays = {
unstable = final: prev: {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
localSystem = prev.stdenv.hostPlatform;
inherit (prev) config;
};
};
vscodeExtensions = nix-vscode-extensions.overlays.default;
niri = niri.overlays.niri;
};
nixosModules = importModuleDir ./nixosModules;
nixosModules = (importModuleDir ./nixosModules) // {
niri =
{ pkgs, ... }:
{
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
};
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = importModuleDir ./homeModules;
homeConfigurations = {
@ -154,7 +185,38 @@
ronja = ./homeConfigurations/ronja;
};
inherit nixosConfigurations;
nixosConfigurations = forDevice (
{
device,
system,
home-manager-users ? { },
nixosSystem ? nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
{
imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
nixpkgs = {
hostPlatform = lib.mkDefault system;
};
}
];
}
);
formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);

2
homeConfigurations/muede/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, self, ... }:
{
imports = [
# keep-sorted start

6
homeModules/git.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.git = {
enable = true;
settings.init.defaultBranch = "main";
};
}

127
nixosConfigurations.nix
View file

@ -1,127 +0,0 @@
{
inputs,
lib,
}:
let
devices = import ./devices.nix { inherit (inputs) self; };
inherit (inputs)
self
home-manager
lanzaboote
nova-shell
servicepoint-cli
servicepoint-simulator
servicepoint-tanks
stylix
zerforschen-plus
;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
in
forDevice (
{
device,
system,
home-manager-users ? { },
nixosSystem ? inputs.nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
./nixosConfigurations/${device}
self.nixosModules.default
# keep-sorted start
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
nova-shell.nixosModules.default
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
zerforschen-plus.nixosModules.default
# keep-sorted end
# Base config
{
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false;
doc.enable = false;
};
my = {
# keep-sorted start
autoupdate.enable = true;
distributedBuilds.enable = true;
extraCaches.enable = true;
git.enable = true;
globalinstalls.enable = true;
lixIsNix.enable = true;
openssh.enable = true;
overlays.unstable.enable = true;
overlays.vscodeExtensions.enable = true;
# prometheusNode.enable = true;
systemdBoot.enable = true;
tailscale.enable = true;
# keep-sorted end
};
}
]
++ lib.optionals (home-manager-users != { }) [
# Desktop config
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
my = {
# keep-sorted start
enDe.enable = true;
firmwareUpdates.enable = true;
gnome.enable = true;
kdeconnect.enable = true;
modernDesktop.enable = true;
nixLd.enable = true;
quietBoot.enable = true;
stylix.enable = true;
# keep-sorted end
};
}
];
}
)

8
nixosConfigurations/aur0ra/hardware.nix
View file

@ -10,9 +10,11 @@
# No one got time for xz compression.
#isoImage.squashfsCompression = "zstd";
boot.loader.raspberry-pi.bootloader = "kernel";
my.systemdBoot.enable = lib.mkForce false;
boot.loader = {
raspberry-pi.bootloader = "kernel";
systemd-boot.enable = lib.mkForce false;
#generic-extlinux-compatible.enable = lib.mkForce false;
};
/*
fileSystems = {

3
nixosConfigurations/damocles/claude-container.nix
View file

@ -1,11 +1,12 @@
{
pkgs,
self,
lib,
...
}:
{
my.overlays.unstable.enable = true;
nixpkgs.overlays = [ self.overlays.unstable-packages ];
allowedUnfreePackages = [ "claude-code" ];
environment.systemPackages = with pkgs; [

9
nixosConfigurations/epimetheus/default.nix
View file

@ -1,13 +1,8 @@
{ modulesPath, ... }:
{ self, ... }:
{
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
imports = [ self.nixosModules.pxvirt-guest ];
config = {
my.pxvirtGuest.enable = true;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
};
}

5
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,13 +1,12 @@
{ ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./forgejo-runner.nix
self.nixosModules.podman
];
config = {
my.podman.enable = true;
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";

16
nixosConfigurations/muede-lpt2/default.nix
View file

@ -2,17 +2,17 @@
{
imports = [
./hardware.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
];
config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.intelGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"

19
nixosConfigurations/muede-pc2/default.nix
View file

@ -1,20 +1,21 @@
{ pkgs, ... }:
{ pkgs, self, ... }:
{
imports = [
./hardware.nix
# ./vscode-server.nix
# ./hass.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
];
config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.amdGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"

19
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,15 +1,20 @@
{ pkgs, ... }:
{
config,
pkgs,
self,
...
}:
{
imports = [
./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.muede-desktop-settings
];
config = {
my.users.ronja.enable = true;
my.steam.enable = true;
my.wineGaming.enable = true;
my.muedeDesktopSettings.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
@ -19,6 +24,8 @@
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget

11
nixosModules/amd-graphics.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
config = lib.mkIf config.my.amdGraphics.enable {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
@ -20,5 +12,4 @@
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
}

5
nixosModules/autoupdate.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
config = lib.mkIf config.my.autoupdate.enable {
nix = {
optimise.automatic = true;
gc = {
@ -17,5 +13,4 @@
dates = "daily";
# do not forget to set `flake` when using this module!
};
};
}

39
nixosModules/default.nix
View file

@ -1,39 +0,0 @@
{ ... }:
{
imports = [
# keep-sorted start
./allowed-unfree-list.nix
./amd-graphics.nix
./autoupdate.nix
./distributed-builds.nix
./en-de.nix
./extra-caches.nix
./firmware-updates.nix
./git.nix
./globalinstalls.nix
./gnome.nix
./intel-graphics.nix
./kdeconnect.nix
./latex.nix
./lix-is-nix.nix
./modern-desktop.nix
./muede-desktop-settings.nix
./nix-ld.nix
./nixpkgs-overlays.nix
./openssh.nix
./podman.nix
./printing.nix
./prometheus-node.nix
./pxvirt-guest.nix
./quiet-boot.nix
./secure-boot.nix
./steam.nix
./stylix.nix
./systemd-boot.nix
./tailscale.nix
./user-muede.nix
./user-ronja.nix
./wine-gaming.nix
# keep-sorted end
];
}

33
nixosModules/distributed-builds.nix
View file

@ -32,57 +32,43 @@ let
# distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname>
# All machines automatically discover and use it after the next rebuild.
buildServerDevices = lib.filterAttrs (
_: v: (v.distributedBuilds or { }).isBuilder or false
) devices;
buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices;
knownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs (
_: v: {
(lib.mapAttrs (hostName: v: {
publicKey = v.distributedBuilds.hostPublicKey;
}
))
}))
];
buildMachineList = lib.mapAttrsToList (
hostName: v:
{
buildMachineList = lib.mapAttrsToList (hostName: v: {
inherit hostName;
systems = [ v.system ];
sshUser = buildUser;
sshKey = sshKeyPath;
protocol = "ssh-ng";
}
// lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
} // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
speedFactor = v.distributedBuilds.speedFactor;
}
// {
} // {
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
"benchmark"
];
}
) buildServerDevices;
}) buildServerDevices;
remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
in
{
options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
config = lib.mkIf config.my.distributedBuilds.enable {
# Dedicated user for receiving distributed build connections
programs.ssh.knownHosts = knownHosts;
# Dedicated user for receiving distributed build connections
users.users.${buildUser} = {
isSystemUser = true;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (
k: ''command="nix daemon --stdio",restrict ${k}''
) authorizedPublicKeys;
openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
};
users.groups.${buildUser} = { };
@ -104,5 +90,4 @@ in
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
};
}

11
nixosModules/en-de.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
config = lib.mkIf config.my.enDe.enable {
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
@ -36,5 +28,4 @@
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
};
}

5
nixosModules/extra-caches.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
config = lib.mkIf config.my.extraCaches.enable {
nix.settings = {
substituters = [
# keep-sorted start
@ -23,5 +19,4 @@
# keep-sorted end
];
};
};
}

5
nixosModules/firmware-updates.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
config = lib.mkIf config.my.firmwareUpdates.enable {
hardware = {
enableRedistributableFirmware = true;
cpu = {
@ -12,5 +8,4 @@
};
services.fwupd.enable = true;
};
}

24
nixosModules/git.nix
View file

@ -1,24 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.git.enable = lib.mkEnableOption "git with credential helper";
config = lib.mkIf config.my.git.enable {
environment.systemPackages = [ pkgs.git-credential-oauth ];
programs.git = {
enable = true;
config = {
init.defaultBranch = "main";
credential = {
helper = "oauth";
credentialStore = "cache";
};
};
};
};
}

61
nixosModules/global-settings-desktop.nix Normal file
View file

@ -0,0 +1,61 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
nova-shell,
...
}:
{
imports = [
# keep-sorted start
home-manager.nixosModules.home-manager
nova-shell.nixosModules.default
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
config = {
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
};
}

44
nixosModules/global-settings.nix Normal file
View file

@ -0,0 +1,44 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.distributed-builds
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

19
nixosModules/globalinstalls.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
config = lib.mkIf config.my.globalinstalls.enable {
environment.systemPackages = with pkgs; [
ncdu
glances
@ -16,16 +8,23 @@
screen
tldr
nix-output-monitor
git-credential-oauth
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
};
environment.etc."gitconfig".text = ''
[credential]
helper = oauth
credentialStore = cache
'';
}

13
nixosModules/gnome.nix
View file

@ -1,17 +1,15 @@
{
pkgs,
lib,
config,
pkgs,
...
}:
{
options = {
my.gnome.enable = lib.mkEnableOption "GNOME desktop environment";
muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
options.muede = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
};
config = lib.mkIf config.my.gnome.enable (
lib.mkMerge [
config = lib.mkMerge [
{
services = {
xserver.excludePackages = [ pkgs.xterm ];
@ -60,6 +58,5 @@
baobab # disk usage
];
})
]
);
];
}

11
nixosModules/intel-graphics.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
config = lib.mkIf config.my.intelGraphics.enable {
config = {
hardware.graphics = {
extraPackages = with pkgs; [
intel-media-driver

8
nixosModules/kdeconnect.nix
View file

@ -5,10 +5,7 @@
...
}:
{
options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
config = lib.mkIf config.my.kdeconnect.enable (
lib.mkMerge [
config = lib.mkMerge [
{
networking.firewall =
let
@ -52,6 +49,5 @@
)
];
})
]
);
];
}

11
nixosModules/latex.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
config = lib.mkIf config.my.latex.enable {
config = {
environment.systemPackages = with pkgs; [
fontconfig
texliveFull

13
nixosModules/lix-is-nix.nix
View file

@ -1,15 +1,7 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
config = lib.mkIf config.my.lixIsNix.enable {
nixpkgs.overlays = [
(_: prev: {
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
@ -20,5 +12,4 @@
];
nix.package = pkgs.lixPackageSets.latest.lix;
};
}

5
nixosModules/modern-desktop.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
config = lib.mkIf config.my.modernDesktop.enable {
services = {
xserver.enable = true;
libinput.enable = true;
@ -48,5 +44,4 @@
allowReboot = false;
operation = "boot";
};
};
}

17
nixosModules/muede-desktop-settings.nix
View file

@ -1,19 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
niri,
...
}:
{
imports = [ niri.nixosModules.niri ];
options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
config = lib.mkIf config.my.muedeDesktopSettings.enable {
my.overlays.niri.enable = true;
programs.niri.enable = true;
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
@ -32,5 +18,4 @@
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
};
}

11
nixosModules/nix-ld.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
config = lib.mkIf config.my.nixLd.enable {
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
@ -28,5 +20,4 @@
icu
];
};
};
}

33
nixosModules/nixpkgs-overlays.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
self,
...
}:
{
options.my.overlays = {
enableAll = lib.mkEnableOption "all nixpkgs overlays";
}
// lib.mapAttrs (_: _: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}) self.overlays;
config = lib.mkMerge (
[
{
my.overlays = lib.mapAttrs (_: _: {
enable = lib.mkDefault config.my.overlays.enableAll;
}) self.overlays;
}
]
++ lib.mapAttrsToList (
name: overlay:
lib.mkIf config.my.overlays.${name}.enable {
nixpkgs.overlays = [ overlay ];
}
) self.overlays
);
}

5
nixosModules/openssh.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
config = lib.mkIf config.my.openssh.enable {
services.openssh = {
enable = true;
openFirewall = true;
@ -12,5 +8,4 @@
KbdInteractiveAuthentication = false;
};
};
};
}

5
nixosModules/podman.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
config = lib.mkIf config.my.podman.enable {
virtualisation = {
containers.enable = true;
podman = {
@ -12,5 +8,4 @@
autoPrune.enable = true;
};
};
};
}

5
nixosModules/printing.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
config = lib.mkIf config.my.printing.enable {
services = {
# Enable CUPS to print documents.
printing.enable = true;
@ -13,5 +9,4 @@
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

5
nixosModules/prometheus-node.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
config = lib.mkIf config.my.prometheusNode.enable {
services.prometheus.exporters = {
node = {
enable = true;
@ -21,5 +17,4 @@
];
};
};
};
}

18
nixosModules/pxvirt-guest.nix
View file

@ -1,12 +1,16 @@
{ modulesPath, lib, ... }:
{
lib,
config,
...
}:
{
options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config = {
# TODO is this needed?
# nix.settings.sandbox = false;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
config = lib.mkIf config.my.pxvirtGuest.enable {
# Let Proxmox host handle fstrim
services.fstrim.enable = false;

11
nixosModules/quiet-boot.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
config = lib.mkIf config.my.quietBoot.enable {
boot = {
kernelParams = [
"quiet"
@ -30,5 +22,4 @@
];
};
};
};
}

13
nixosModules/secure-boot.nix
View file

@ -1,17 +1,9 @@
{ pkgs, lib, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
config = lib.mkIf config.my.secureBoot.enable {
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
# To enroll:
# 1. sudo sbctl create-keys
# 2. enable this module, rebuild
# 2. import this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
@ -33,5 +25,4 @@
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
}

5
nixosModules/steam.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
config = lib.mkIf config.my.steam.enable {
hardware.steam-hardware.enable = true;
programs = {
@ -46,5 +42,4 @@
"steam-run"
"steam-unwrapped"
];
};
}

11
nixosModules/stylix.nix
View file

@ -1,13 +1,5 @@
{ pkgs, config, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
config = lib.mkIf config.my.stylix.enable {
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
@ -91,5 +83,4 @@
package = pkgs.adwaita-icon-theme;
};
};
};
}

5
nixosModules/systemd-boot.nix
View file

@ -1,8 +1,4 @@
{ lib, config, ... }:
{
options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
config = lib.mkIf config.my.systemdBoot.enable {
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
@ -12,5 +8,4 @@
consoleMode = "max";
};
};
};
}

5
nixosModules/tailscale.nix
View file

@ -1,13 +1,8 @@
{ lib, config, ... }:
{
options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
config = lib.mkIf config.my.tailscale.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
};
}

11
nixosModules/user-muede.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.users.muede.enable = lib.mkEnableOption "muede user account";
config = lib.mkIf config.my.users.muede.enable {
users.users.muede = {
isNormalUser = true;
uid = 1000;
@ -42,5 +34,4 @@
"claude-code"
];
};
}

11
nixosModules/user-ronja.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
config = lib.mkIf config.my.users.ronja.enable {
users.users.ronja = {
isNormalUser = true;
name = "ronja";
@ -24,5 +16,4 @@
};
nix.settings.trusted-users = [ "ronja" ];
};
}

11
nixosModules/wine-gaming.nix
View file

@ -1,13 +1,5 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
config = lib.mkIf config.my.wineGaming.enable {
hardware = {
graphics = {
enable32Bit = true;
@ -27,5 +19,4 @@
vulkan-tools
mesa-demos
];
};
}