vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:c2d4ce78de05fc554e767cc9ee9050832944246a
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg
...
compare: vinzenz:c2aa932494fbab644471b96089b88bcc3113b5df
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg

6 commits
c2d4ce78de ... c2aa932494

Author SHA1 Message Date
müde
c2aa932494 move git to own mod 2026-05-01 23:43:24 +02:00
müde
29ab335879 deadnix fixes 2026-05-01 23:38:08 +02:00
müde
ec5b785a8a refactor: move out nixosConfigurations 2026-05-01 23:20:46 +02:00
müde
a7cc61a624 refactor: move niri enable to desktop settings 2026-05-01 23:15:02 +02:00
müde
281d763c62 refactor: automatic options for overlays, fix build 2026-05-01 23:07:26 +02:00
müde
850d673035 refactor: import nixosModules unconditionally, add enable options 2026-05-01 22:39:21 +02:00
45 changed files with 1068 additions and 830 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.nix
View file

@ -9,7 +9,6 @@
}; };
#keep-sorted start block=yes #keep-sorted start block=yes
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs"; #inputs.nixpkgs.follows = "nixpkgs";
@ -97,28 +96,18 @@
inputs@{ inputs@{
self, self,
nixpkgs, nixpkgs,
home-manager,
# keep-sorted start # keep-sorted start
lanzaboote,
niri, niri,
nix-vscode-extensions, nix-vscode-extensions,
nixos-generators,
nixos-raspberrypi,
nixpkgs-unstable, nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
treefmt-nix, treefmt-nix,
zerforschen-plus,
# keep-sorted end # keep-sorted end
... ...
}: }:
let let
devices = import ./devices.nix { inherit self; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; };
supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations);
treefmt-config = { treefmt-config = {
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs = { programs = {
@ -147,37 +136,17 @@
in in
{ {
overlays = { overlays = {
unstable-packages = final: prev: { unstable = final: prev: {
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
localSystem = prev.stdenv.hostPlatform; localSystem = prev.stdenv.hostPlatform;
inherit (prev) config; inherit (prev) config;
}; };
}; };
vscodeExtensions = nix-vscode-extensions.overlays.default;
niri = niri.overlays.niri;
}; };
nixosModules = (importModuleDir ./nixosModules) // { nixosModules = importModuleDir ./nixosModules;
niri =
{ pkgs, ... }:
{
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
};
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = importModuleDir ./homeModules; homeModules = importModuleDir ./homeModules;
homeConfigurations = { homeConfigurations = {
@ -185,38 +154,7 @@
ronja = ./homeConfigurations/ronja; ronja = ./homeConfigurations/ronja;
}; };
nixosConfigurations = forDevice ( inherit nixosConfigurations;
{
device,
system,
home-manager-users ? { },
nixosSystem ? nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
{
imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
nixpkgs = {
hostPlatform = lib.mkDefault system;
};
}
];
}
);
formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);

2
homeConfigurations/muede/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, self, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
# keep-sorted start # keep-sorted start

6
homeModules/git.nix
View file

@ -1,6 +0,0 @@
{
programs.git = {
enable = true;
settings.init.defaultBranch = "main";
};
}

127
nixosConfigurations.nix Normal file
View file

@ -0,0 +1,127 @@
{
inputs,
lib,
}:
let
devices = import ./devices.nix { inherit (inputs) self; };
inherit (inputs)
self
home-manager
lanzaboote
nova-shell
servicepoint-cli
servicepoint-simulator
servicepoint-tanks
stylix
zerforschen-plus
;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
in
forDevice (
{
device,
system,
home-manager-users ? { },
nixosSystem ? inputs.nixpkgs.lib.nixosSystem,
...
}:
let
specialArgs = inputs // {
inherit device home-manager-users devices;
};
in
nixosSystem {
inherit specialArgs;
modules = [
./nixosConfigurations/${device}
self.nixosModules.default
# keep-sorted start
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
nova-shell.nixosModules.default
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
zerforschen-plus.nixosModules.default
# keep-sorted end
# Base config
{
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false;
doc.enable = false;
};
my = {
# keep-sorted start
autoupdate.enable = true;
distributedBuilds.enable = true;
extraCaches.enable = true;
git.enable = true;
globalinstalls.enable = true;
lixIsNix.enable = true;
openssh.enable = true;
overlays.unstable.enable = true;
overlays.vscodeExtensions.enable = true;
# prometheusNode.enable = true;
systemdBoot.enable = true;
tailscale.enable = true;
# keep-sorted end
};
}
]
++ lib.optionals (home-manager-users != { }) [
# Desktop config
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
my = {
# keep-sorted start
enDe.enable = true;
firmwareUpdates.enable = true;
gnome.enable = true;
kdeconnect.enable = true;
modernDesktop.enable = true;
nixLd.enable = true;
quietBoot.enable = true;
stylix.enable = true;
# keep-sorted end
};
}
];
}
)

8
nixosConfigurations/aur0ra/hardware.nix
View file

@ -10,11 +10,9 @@
# No one got time for xz compression. # No one got time for xz compression.
#isoImage.squashfsCompression = "zstd"; #isoImage.squashfsCompression = "zstd";
boot.loader = { boot.loader.raspberry-pi.bootloader = "kernel";
raspberry-pi.bootloader = "kernel";
systemd-boot.enable = lib.mkForce false; my.systemdBoot.enable = lib.mkForce false;
#generic-extlinux-compatible.enable = lib.mkForce false;
};
/* /*
fileSystems = { fileSystems = {

3
nixosConfigurations/damocles/claude-container.nix
View file

@ -1,12 +1,11 @@
{ {
pkgs, pkgs,
self,
lib, lib,
... ...
}: }:
{ {
nixpkgs.overlays = [ self.overlays.unstable-packages ]; my.overlays.unstable.enable = true;
allowedUnfreePackages = [ "claude-code" ]; allowedUnfreePackages = [ "claude-code" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

9
nixosConfigurations/epimetheus/default.nix
View file

@ -1,8 +1,13 @@
{ self, ... }: { modulesPath, ... }:
{ {
imports = [ self.nixosModules.pxvirt-guest ]; imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config = { config = {
my.pxvirtGuest.enable = true;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
}; };
} }

5
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,12 +1,13 @@
{ self, ... }: { ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
./forgejo-runner.nix ./forgejo-runner.nix
self.nixosModules.podman
]; ];
config = { config = {
my.podman.enable = true;
# uncomment for build check on non arm system (requires --impure) # uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem; # nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both"; services.tailscale.useRoutingFeatures = "both";

16
nixosConfigurations/muede-lpt2/default.nix
View file

@ -2,17 +2,17 @@
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.intelGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [ nix.settings.extra-platforms = [
"aarch64-linux" "aarch64-linux"
"i686-linux" "i686-linux"

19
nixosConfigurations/muede-pc2/default.nix
View file

@ -1,21 +1,20 @@
{ pkgs, self, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
# ./vscode-server.nix # ./vscode-server.nix
# ./hass.nix # ./hass.nix
self.nixosModules.user-muede
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.muede-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
my.users.muede.enable = true;
my.wineGaming.enable = true;
my.steam.enable = true;
my.podman.enable = true;
my.muedeDesktopSettings.enable = true;
my.amdGraphics.enable = true;
my.secureBoot.enable = true;
nix.settings.extra-platforms = [ nix.settings.extra-platforms = [
"aarch64-linux" "aarch64-linux"
"i686-linux" "i686-linux"

19
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,20 +1,15 @@
{ { pkgs, ... }:
config,
pkgs,
self,
...
}:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.muede-desktop-settings
]; ];
config = { config = {
my.users.ronja.enable = true;
my.steam.enable = true;
my.wineGaming.enable = true;
my.muedeDesktopSettings.enable = true;
# Configure keymap in X11 # Configure keymap in X11
services.xserver.xkb = { services.xserver.xkb = {
layout = "de"; layout = "de";
@ -24,8 +19,6 @@
# Configure console keymap # Configure console keymap
console.keyMap = "de"; console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget # wget

29
nixosModules/amd-graphics.nix
View file

@ -1,15 +1,24 @@
{ pkgs, ... }:
{ {
boot.kernelModules = [ "amdgpu" ]; lib,
services.xserver.videoDrivers = [ "amdgpu" ]; config,
pkgs,
...
}:
{
options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
hardware = { config = lib.mkIf config.my.amdGraphics.enable {
graphics.enable = true; boot.kernelModules = [ "amdgpu" ];
amdgpu = { services.xserver.videoDrivers = [ "amdgpu" ];
opencl.enable = true;
overdrive.enable = true; hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
}; };
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
} }

27
nixosModules/autoupdate.nix
View file

@ -1,16 +1,21 @@
{ lib, config, ... }:
{ {
nix = { options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
optimise.automatic = true;
gc = { config = lib.mkIf config.my.autoupdate.enable {
automatic = true; nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily"; dates = "daily";
options = "--delete-older-than 7d"; # do not forget to set `flake` when using this module!
}; };
}; };
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
} }

39
nixosModules/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
imports = [
# keep-sorted start
./allowed-unfree-list.nix
./amd-graphics.nix
./autoupdate.nix
./distributed-builds.nix
./en-de.nix
./extra-caches.nix
./firmware-updates.nix
./git.nix
./globalinstalls.nix
./gnome.nix
./intel-graphics.nix
./kdeconnect.nix
./latex.nix
./lix-is-nix.nix
./modern-desktop.nix
./muede-desktop-settings.nix
./nix-ld.nix
./nixpkgs-overlays.nix
./openssh.nix
./podman.nix
./printing.nix
./prometheus-node.nix
./pxvirt-guest.nix
./quiet-boot.nix
./secure-boot.nix
./steam.nix
./stylix.nix
./systemd-boot.nix
./tailscale.nix
./user-muede.nix
./user-ronja.nix
./wine-gaming.nix
# keep-sorted end
];
}

105
nixosModules/distributed-builds.nix
View file

@ -32,62 +32,77 @@ let
# distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname> # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 <hostname>
# All machines automatically discover and use it after the next rebuild. # All machines automatically discover and use it after the next rebuild.
buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; buildServerDevices = lib.filterAttrs (
_: v: (v.distributedBuilds or { }).isBuilder or false
) devices;
knownHosts = lib.pipe buildServerDevices [ knownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs (hostName: v: { (lib.mapAttrs (
publicKey = v.distributedBuilds.hostPublicKey; _: v: {
})) publicKey = v.distributedBuilds.hostPublicKey;
}
))
]; ];
buildMachineList = lib.mapAttrsToList (hostName: v: { buildMachineList = lib.mapAttrsToList (
inherit hostName; hostName: v:
systems = [ v.system ]; {
sshUser = buildUser; inherit hostName;
sshKey = sshKeyPath; systems = [ v.system ];
protocol = "ssh-ng"; sshUser = buildUser;
} // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { sshKey = sshKeyPath;
speedFactor = v.distributedBuilds.speedFactor; protocol = "ssh-ng";
} // { }
supportedFeatures = [ // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
"nixos-test" speedFactor = v.distributedBuilds.speedFactor;
"big-parallel" }
"kvm" // {
"benchmark" supportedFeatures = [
]; "nixos-test"
}) buildServerDevices; "big-parallel"
"kvm"
"benchmark"
];
}
) buildServerDevices;
remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
in in
{ {
# Dedicated user for receiving distributed build connections options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
programs.ssh.knownHosts = knownHosts;
users.users.${buildUser} = { config = lib.mkIf config.my.distributedBuilds.enable {
isSystemUser = true; programs.ssh.knownHosts = knownHosts;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
};
users.groups.${buildUser} = { };
nix = { # Dedicated user for receiving distributed build connections
distributedBuilds = remoteMachines != [ ]; users.users.${buildUser} = {
buildMachines = remoteMachines; isSystemUser = true;
settings = { group = buildUser;
trusted-users = [ buildUser ]; useDefaultShell = true;
builders-use-substitutes = true; openssh.authorizedKeys.keys = map (
max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; k: ''command="nix daemon --stdio",restrict ${k}''
cores = 0; ) authorizedPublicKeys;
min-free = 10 * 1024 * 1024; };
max-free = 200 * 1024 * 1024; users.groups.${buildUser} = { };
nix = {
distributedBuilds = remoteMachines != [ ];
buildMachines = remoteMachines;
settings = {
trusted-users = [ buildUser ];
builders-use-substitutes = true;
max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto";
cores = 0;
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
}; };
}; };
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
} }

63
nixosModules/en-de.nix
View file

@ -1,31 +1,40 @@
{ pkgs, ... }:
{ {
i18n = { lib,
defaultLocale = "en_US.UTF-8"; config,
extraLocales = [ pkgs,
"de_DE.UTF-8/UTF-8" ...
]; }:
extraLocaleSettings = { {
LC_ADDRESS = "de_DE.UTF-8"; options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8"; config = lib.mkIf config.my.enDe.enable {
LC_MONETARY = "de_DE.UTF-8"; i18n = {
LC_NAME = "de_DE.UTF-8"; defaultLocale = "en_US.UTF-8";
LC_NUMERIC = "de_DE.UTF-8"; extraLocales = [
LC_PAPER = "de_DE.UTF-8"; "de_DE.UTF-8/UTF-8"
LC_TELEPHONE = "de_DE.UTF-8"; ];
LC_TIME = "de_DE.UTF-8"; extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
}; };
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}; };
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
} }

43
nixosModules/extra-caches.nix
View file

@ -1,22 +1,27 @@
{ lib, config, ... }:
{ {
nix.settings = { options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
substituters = [
# keep-sorted start config = lib.mkIf config.my.extraCaches.enable {
"https://cache.lix.systems" nix.settings = {
"https://cache.nixos.org/" substituters = [
"https://niri.cachix.org" # keep-sorted start
"https://nix-community.cachix.org" "https://cache.lix.systems"
"https://nixos-raspberrypi.cachix.org" "https://cache.nixos.org/"
# keep-sorted end "https://niri.cachix.org"
]; "https://nix-community.cachix.org"
trusted-public-keys = [ "https://nixos-raspberrypi.cachix.org"
# keep-sorted start # keep-sorted end
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" trusted-public-keys = [
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" # keep-sorted start
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
# keep-sorted end "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
]; "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
];
};
}; };
} }

21
nixosModules/firmware-updates.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{ {
hardware = { options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
services.fwupd.enable = true; config = lib.mkIf config.my.firmwareUpdates.enable {
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
services.fwupd.enable = true;
};
} }

24
nixosModules/git.nix Normal file
View file

@ -0,0 +1,24 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.git.enable = lib.mkEnableOption "git with credential helper";
config = lib.mkIf config.my.git.enable {
environment.systemPackages = [ pkgs.git-credential-oauth ];
programs.git = {
enable = true;
config = {
init.defaultBranch = "main";
credential = {
helper = "oauth";
credentialStore = "cache";
};
};
};
};
}

61
nixosModules/global-settings-desktop.nix
View file

@ -1,61 +0,0 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
nova-shell,
...
}:
{
imports = [
# keep-sorted start
home-manager.nixosModules.home-manager
nova-shell.nixosModules.default
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
config = {
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
};
}

44
nixosModules/global-settings.nix
View file

@ -1,44 +0,0 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.distributed-builds
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

51
nixosModules/globalinstalls.nix
View file

@ -1,30 +1,31 @@
{ pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ lib,
ncdu config,
glances pkgs,
lsof ...
dig }:
screen {
tldr options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
nix-output-monitor
git-credential-oauth
];
programs = { config = lib.mkIf config.my.globalinstalls.enable {
zsh.enable = true; environment.systemPackages = with pkgs; [
htop.enable = true; ncdu
iotop.enable = true; glances
git.enable = true; lsof
nano = { dig
enable = true; screen
syntaxHighlight = true; tldr
nix-output-monitor
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
}; };
}; };
environment.etc."gitconfig".text = ''
[credential]
helper = oauth
credentialStore = cache
'';
} }

101
nixosModules/gnome.nix
View file

@ -1,62 +1,65 @@
{ {
pkgs,
lib, lib,
config, config,
pkgs,
... ...
}: }:
{ {
options.muede = { options = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; my.gnome.enable = lib.mkEnableOption "GNOME desktop environment";
muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
}; };
config = lib.mkMerge [ config = lib.mkIf config.my.gnome.enable (
{ lib.mkMerge [
services = { {
xserver.excludePackages = [ pkgs.xterm ]; services = {
xserver.excludePackages = [ pkgs.xterm ];
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome = { desktopManager.gnome = {
enable = true; enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ]; extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = '' extraGSettingsOverrides = ''
[org.gnome.mutter] [org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer'] experimental-features=['scale-monitor-framebuffer']
''; '';
};
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
}; };
gnome = { programs = {
tinysparql.enable = false; dconf.enable = true;
localsearch.enable = false; gpaste.enable = true;
sushi.enable = true;
}; };
}; }
(lib.mkIf (!config.muede.keep-gnome-default-apps) {
programs = { environment.gnome.excludePackages = with pkgs; [
dconf.enable = true; cheese # photo booth
gpaste.enable = true; epiphany # web browser
}; evince # document viewer
} geary # email client
(lib.mkIf (!config.muede.keep-gnome-default-apps) { gnome-maps
environment.gnome.excludePackages = with pkgs; [ gnome-weather
cheese # photo booth gnome-tour
epiphany # web browser sysprof
evince # document viewer orca # screen reader
geary # email client gnome-weather
gnome-maps gnome-backgrounds
gnome-weather gnome-user-docs
gnome-tour yelp # help app
sysprof gnome-music
orca # screen reader totem # video player
gnome-weather snapshot # camera
gnome-backgrounds baobab # disk usage
gnome-user-docs ];
yelp # help app })
gnome-music ]
totem # video player );
snapshot # camera
baobab # disk usage
];
})
];
} }

11
nixosModules/intel-graphics.nix
View file

@ -1,6 +1,13 @@
{ pkgs, ... }:
{ {
config = { lib,
config,
pkgs,
...
}:
{
options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
config = lib.mkIf config.my.intelGraphics.enable {
hardware.graphics = { hardware.graphics = {
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver

86
nixosModules/kdeconnect.nix
View file

@ -5,49 +5,53 @@
... ...
}: }:
{ {
config = lib.mkMerge [ options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true; config = lib.mkIf config.my.kdeconnect.enable (
home-manager.sharedModules = [ lib.mkMerge [
{ {
services.kdeconnect = { networking.firewall =
enable = true; let
# this still shows up in gnome session starting with 25.05 kdeconnect-range = {
# indicator = true; from = 1714;
}; to = 1764;
} };
]; in
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{ {
home.packages = [ pkgs.gnomeExtensions.gsconnect ]; allowedTCPPortRanges = [ kdeconnect-range ];
# enable gsconnect extension allowedUDPPortRanges = [ kdeconnect-range ];
dconf.settings = { };
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true; programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
}; };
} }
) ];
]; }
})
]; (lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
]
);
} }

11
nixosModules/latex.nix
View file

@ -1,6 +1,13 @@
{ pkgs, ... }:
{ {
config = { lib,
config,
pkgs,
...
}:
{
options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
config = lib.mkIf config.my.latex.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fontconfig fontconfig
texliveFull texliveFull

33
nixosModules/lix-is-nix.nix
View file

@ -1,15 +1,24 @@
{ pkgs, ... }:
{ {
nixpkgs.overlays = [ lib,
(final: prev: { config,
inherit (prev.lixPackageSets.stable) pkgs,
nixpkgs-review ...
nix-eval-jobs }:
nix-fast-build {
colmena options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix; config = lib.mkIf config.my.lixIsNix.enable {
nixpkgs.overlays = [
(_: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
};
} }

79
nixosModules/modern-desktop.nix
View file

@ -1,47 +1,52 @@
{ lib, config, ... }:
{ {
services = { options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
xserver.enable = true;
libinput.enable = true; config = lib.mkIf config.my.modernDesktop.enable {
flatpak.enable = true; services = {
fstrim.enable = true; xserver.enable = true;
earlyoom = { libinput.enable = true;
enable = true; flatpak.enable = true;
freeMemThreshold = 5; fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
}; };
};
# Enable sound with pipewire. # Enable sound with pipewire.
security.rtkit.enable = true; security.rtkit.enable = true;
services = { services = {
pulseaudio.enable = false; pulseaudio.enable = false;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
#jack.enable = true; #jack.enable = true;
};
}; };
};
systemd = { systemd = {
# save some boot time because nothing actually requires network connectivity # save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false; services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s) # prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s"; settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
}; };
};
system.autoUpgrade = { programs = {
allowReboot = false; xwayland.enable = true;
operation = "boot";
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
}; };
} }

45
nixosModules/muede-desktop-settings.nix
View file

@ -1,21 +1,36 @@
{ pkgs, ... }:
{ {
programs.firefox.enable = true; lib,
config,
pkgs,
niri,
...
}:
{
imports = [ niri.nixosModules.niri ];
environment.systemPackages = with pkgs; [ options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
lm_sensors
libreoffice-qt6
usbutils
];
fonts.enableDefaultPackages = true; config = lib.mkIf config.my.muedeDesktopSettings.enable {
my.overlays.niri.enable = true;
programs.niri.enable = true;
hardware.logitech.wireless = { programs.firefox.enable = true;
enable = true;
enableGraphical = true; environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
usbutils
];
fonts.enableDefaultPackages = true;
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}; };
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
} }

49
nixosModules/nix-ld.nix
View file

@ -1,23 +1,32 @@
{ pkgs, ... }:
{ {
programs.nix-ld = { lib,
enable = true; config,
libraries = with pkgs; [ pkgs,
stdenv.cc.cc ...
zlib }:
zstd {
curl options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
openssl
attr config = lib.mkIf config.my.nixLd.enable {
libssh programs.nix-ld = {
bzip2 enable = true;
libxml2 libraries = with pkgs; [
acl stdenv.cc.cc
libsodium zlib
util-linux zstd
xz curl
systemd openssl
icu attr
]; libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
};
}; };
} }

33
nixosModules/nixpkgs-overlays.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
config,
self,
...
}:
{
options.my.overlays = {
enableAll = lib.mkEnableOption "all nixpkgs overlays";
}
// lib.mapAttrs (_: _: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}) self.overlays;
config = lib.mkMerge (
[
{
my.overlays = lib.mapAttrs (_: _: {
enable = lib.mkDefault config.my.overlays.enableAll;
}) self.overlays;
}
]
++ lib.mapAttrsToList (
name: overlay:
lib.mkIf config.my.overlays.${name}.enable {
nixpkgs.overlays = [ overlay ];
}
) self.overlays
);
}

19
nixosModules/openssh.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{ {
services.openssh = { options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
enable = true;
openFirewall = true; config = lib.mkIf config.my.openssh.enable {
settings = { services.openssh = {
PermitRootLogin = "prohibit-password"; enable = true;
PasswordAuthentication = false; openFirewall = true;
KbdInteractiveAuthentication = false; settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
}; };
}; };
} }

19
nixosModules/podman.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{ {
virtualisation = { options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
containers.enable = true;
podman = { config = lib.mkIf config.my.podman.enable {
enable = true; virtualisation = {
dockerCompat = true; containers.enable = true;
dockerSocket.enable = true; podman = {
autoPrune.enable = true; enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
}; };
}; };
} }

19
nixosModules/printing.nix
View file

@ -1,12 +1,17 @@
{ lib, config, ... }:
{ {
services = { options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
# Enable CUPS to print documents.
printing.enable = true;
avahi = { config = lib.mkIf config.my.printing.enable {
enable = true; # runs the Avahi daemon services = {
nssmdns4 = true; # enables the mDNS NSS plug-in # Enable CUPS to print documents.
openFirewall = true; # opens the firewall for UDP port 5353 printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
}; };
}; };
} }

37
nixosModules/prometheus-node.nix
View file

@ -1,20 +1,25 @@
{ lib, config, ... }:
{ {
services.prometheus.exporters = { options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
node = {
enable = true; config = lib.mkIf config.my.prometheusNode.enable {
openFirewall = true; services.prometheus.exporters = {
port = 9190; node = {
enabledCollectors = [ enable = true;
# keep-sorted start openFirewall = true;
"cgroups" port = 9190;
"interrupts" enabledCollectors = [
"softirqs" # keep-sorted start
"swap" "cgroups"
"systemd" "interrupts"
"tcpstat" "softirqs"
"wifi" "swap"
# keep-sorted end "systemd"
]; "tcpstat"
"wifi"
# keep-sorted end
];
};
}; };
}; };
} }

18
nixosModules/pxvirt-guest.nix
View file

@ -1,16 +1,12 @@
{ modulesPath, lib, ... }:
{ {
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; lib,
config,
config = { ...
# TODO is this needed? }:
# nix.settings.sandbox = false; {
options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
config = lib.mkIf config.my.pxvirtGuest.enable {
# Let Proxmox host handle fstrim # Let Proxmox host handle fstrim
services.fstrim.enable = false; services.fstrim.enable = false;

49
nixosModules/quiet-boot.nix
View file

@ -1,25 +1,34 @@
{ pkgs, ... }:
{ {
boot = { lib,
kernelParams = [ config,
"quiet" pkgs,
"udev.log_level=3" ...
"udev.log_priority=3" }:
"rd.systemd.show_status=auto" {
]; options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
consoleLogLevel = 0;
initrd = { config = lib.mkIf config.my.quietBoot.enable {
verbose = false; boot = {
systemd.enable = true; # required fpr graphical LUKS prompt kernelParams = [
}; "quiet"
plymouth = { "udev.log_level=3"
enable = true; "udev.log_priority=3"
theme = "catppuccin-mocha"; "rd.systemd.show_status=auto"
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
]; ];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
];
};
}; };
}; };
} }

53
nixosModules/secure-boot.nix
View file

@ -1,28 +1,37 @@
{ pkgs, lib, ... }:
{ {
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md lib,
# To enroll: config,
# 1. sudo sbctl create-keys pkgs,
# 2. import this module, rebuild ...
# 3. Put Secure Boot in Setup mode }:
# 4. sudo sbctl verify {
# 5. sudo sbctl enroll-keys --microsoft options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
# 6, reboot
# 7. sudo sbctl status
environment.systemPackages = [ config = lib.mkIf config.my.secureBoot.enable {
# For debugging and troubleshooting Secure Boot. # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
pkgs.sbctl # To enroll:
]; # 1. sudo sbctl create-keys
# 2. enable this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
# Lanzaboote currently replaces the systemd-boot module. environment.systemPackages = [
# This setting is usually set to true in configuration.nix # For debugging and troubleshooting Secure Boot.
# generated at installation time. So we force it to false pkgs.sbctl
# for now. ];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = { # Lanzaboote currently replaces the systemd-boot module.
enable = true; # This setting is usually set to true in configuration.nix
pkiBundle = "/var/lib/sbctl"; # generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}; };
} }

77
nixosModules/steam.nix
View file

@ -1,45 +1,50 @@
{ lib, config, ... }:
{ {
hardware.steam-hardware.enable = true; options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
programs = { config = lib.mkIf config.my.steam.enable {
steam = { hardware.steam-hardware.enable = true;
enable = true;
remotePlay.openFirewall = true; programs = {
dedicatedServer.openFirewall = true; steam = {
localNetworkGameTransfers.openFirewall = true; enable = true;
gamescopeSession.enable = false; remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
}; };
gamemode.enable = true;
};
# steam network transfer # steam network transfer
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 3478 ]; allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ]; allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 27015; from = 27015;
to = 27050; to = 27050;
} }
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
from = 4379; from = 4379;
to = 4380; to = 4380;
} }
{ {
from = 27000; from = 27000;
to = 27100; to = 27100;
} }
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
]; ];
}; };
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
} }

169
nixosModules/stylix.nix
View file

@ -1,86 +1,95 @@
{ pkgs, config, ... }:
{ {
stylix = { lib,
enable = true; config,
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; pkgs,
override = { ...
scheme = "Catppuccin Mocha Pride"; }:
{
options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
base09 = "#6f9dff"; config = lib.mkIf config.my.stylix.enable {
base0A = "#d162a4"; stylix = {
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true; enable = true;
dark = "Adwaita"; base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
light = "Adwaita"; override = {
package = pkgs.adwaita-icon-theme; scheme = "Catppuccin Mocha Pride";
};
cursor = { base09 = "#6f9dff";
name = "Adwaita"; base0A = "#d162a4";
size = 16; base0B = "#a8c9ff";
package = pkgs.adwaita-icon-theme; base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true;
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
};
}; };
}; };
} }

19
nixosModules/systemd-boot.nix
View file

@ -1,11 +1,16 @@
{ lib, config, ... }:
{ {
boot.loader = { options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
timeout = 3;
efi.canTouchEfiVariables = true; config = lib.mkIf config.my.systemdBoot.enable {
systemd-boot = { boot.loader = {
enable = true; timeout = 3;
editor = false; # do not allow changing kernel parameters efi.canTouchEfiVariables = true;
consoleMode = "max"; systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
}; };
}; };
} }

15
nixosModules/tailscale.nix
View file

@ -1,8 +1,13 @@
{ lib, config, ... }:
{ {
services.tailscale = { options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose"; config = lib.mkIf config.my.tailscale.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
};
} }

75
nixosModules/user-muede.nix
View file

@ -1,37 +1,46 @@
{ pkgs, ... }:
{ {
users.users.muede = { lib,
isNormalUser = true; config,
uid = 1000; pkgs,
name = "muede"; ...
description = "müde"; }:
extraGroups = [ {
"networkmanager" options.my.users.muede.enable = lib.mkEnableOption "muede user account";
"wheel"
"games" config = lib.mkIf config.my.users.muede.enable {
"dialout" users.users.muede = {
"podman" isNormalUser = true;
"nginx" uid = 1000;
"adbusers" name = "muede";
"kvm" description = "müde";
"input" extraGroups = [
"video" "networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
]; ];
shell = pkgs.zsh;
autoSubUidGidRange = true;
}; };
nix.settings.trusted-users = [ "muede" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
];
} }

41
nixosModules/user-ronja.nix
View file

@ -1,19 +1,28 @@
{ pkgs, ... }:
{ {
users.users.ronja = { lib,
isNormalUser = true; config,
name = "ronja"; pkgs,
description = "Ronja"; ...
home = "/home/ronja"; }:
extraGroups = [ {
"networkmanager" options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ]; config = lib.mkIf config.my.users.ronja.enable {
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
};
} }

43
nixosModules/wine-gaming.nix
View file

@ -1,22 +1,31 @@
{ pkgs, ... }:
{ {
hardware = { lib,
graphics = { config,
enable32Bit = true; pkgs,
extraPackages = with pkgs; [ mangohud ]; ...
extraPackages32 = with pkgs; [ mangohud ]; }:
{
options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
config = lib.mkIf config.my.wineGaming.enable {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
}; };
xpadneo.enable = true; environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
}; };
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
} }