lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dragon check passes
Some checks failed
/ check (push) Failing after 22s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2025-02-16 10:43:53 -06:00
parent aa128e65fa
commit 0bc0ba43a2
23 changed files with 1670 additions and 1693 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -9,7 +9,7 @@
packages = uGenPkgs (import ./packages); packages = uGenPkgs (import ./packages);
nixosConfigurations = import ./packages/hosts inputs; nixosConfigurations = import ./packages/hosts inputs;
# homeConfigurations = import ./packages/users; homeConfigurations = import ./packages/home inputs;
templates = import ./lib/templates; templates = import ./lib/templates;

1455
lib/modules/home/default.nix
View file

File diff suppressed because it is too large Load diff

175
lib/modules/home/fish.nix
View file

@ -1,91 +1,94 @@
{ pkgs, ... }:
{ {
home = { lib,
packages = [ config,
pkgs.gawk # used in prompt pkgs,
]; ...
}; }:
{
programs.eza = { config = lib.mkIf config.programs.fish.enable {
enable = true; home = {
}; packages = [
pkgs.gawk # used in prompt
programs.fish = { ];
enable = true;
# I load long scripts from files for a better editing experience
shellInit = builtins.readFile ./fish/shellInit.fish;
interactiveShellInit = builtins.readFile ./fish/interactiveShellInit.fish;
loginShellInit = "";
functions = {
# TODO: I think these should be loaded from fish files too for better editor experience?
d = ''
# --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files."
if count $argv > /dev/null
cd $argv
else
cd $NICE_HOME
end
la
'';
c = ''
if count $argv > /dev/null
cd $NICE_HOME && d $argv
else
d $NICE_HOME
end
'';
ltl = ''
set d $argv[1] .
set -l l ""
for f in $d[1]/*
if test -z $l; set l $f; continue; end
if command test $f -nt $l; and test ! -d $f
set l $f
end
end
echo $l
'';
has_command = "command --quiet --search $argv[1]";
}; };
shellAbbrs = { };
shellAliases = { programs.fish = {
# TODO: an alias that wraps `rm` such that if we run it without git committing first (when in a git repo) # enable = true;
ls = "eza --group-directories-first --classify"; # I load long scripts from files for a better editing experience
l = "ls"; shellInit = builtins.readFile ./fish/shellInit.fish;
ll = "ls --long --group"; interactiveShellInit = builtins.readFile ./fish/interactiveShellInit.fish;
la = "ll --all"; loginShellInit = "";
lA = "la --all"; # --all twice to show . and .. functions = {
tree = "ls --tree --level=3"; # TODO: I think these should be loaded from fish files too for better editor experience?
lt = "ll --sort=modified"; d = ''
lat = "la --sort=modified"; # --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files."
lc = "lt --sort=accessed"; if count $argv > /dev/null
lT = "lt --reverse"; cd $argv
lC = "lc --reverse"; else
lD = "la --only-dirs"; cd $NICE_HOME
"cd.." = "d .."; end
"cdc" = "d $XDG_CONFIG_HOME"; la
"cdn" = "d $NOTES_PATH"; '';
"cdl" = "d $XDG_DOWNLOAD_DIR";
"cdg" = "d $XDG_GAMES_DIR"; c = ''
".." = "d .."; if count $argv > /dev/null
"..." = "d ../.."; cd $NICE_HOME && d $argv
"...." = "d ../../.."; else
"....." = "d ../../../.."; d $NICE_HOME
"......" = "d ../../../../.."; end
"......." = "d ../../../../../.."; '';
"........" = "d ../../../../../../..";
"........." = "d ../../../../../../../.."; ltl = ''
p = "ping"; set d $argv[1] .
dc = "docker compose"; set -l l ""
pc = "podman-compose"; for f in $d[1]/*
k = "kubectl"; if test -z $l; set l $f; continue; end
kg = "kubectl get"; if command test $f -nt $l; and test ! -d $f
v = "$EDITOR"; set l $f
sv = "sudo $EDITOR"; end
kssh = "kitty +kitten ssh"; end
echo $l
'';
has_command = "command --quiet --search $argv[1]";
};
shellAbbrs = { };
shellAliases = {
# TODO: an alias that wraps `rm` such that if we run it without git committing first (when in a git repo)
ls = "eza --group-directories-first --classify";
l = "ls";
ll = "ls --long --group";
la = "ll --all";
lA = "la --all"; # --all twice to show . and ..
tree = "ls --tree --level=3";
lt = "ll --sort=modified";
lat = "la --sort=modified";
lc = "lt --sort=accessed";
lT = "lt --reverse";
lC = "lc --reverse";
lD = "la --only-dirs";
"cd.." = "d ..";
"cdc" = "d $XDG_CONFIG_HOME";
"cdn" = "d $NOTES_PATH";
"cdl" = "d $XDG_DOWNLOAD_DIR";
"cdg" = "d $XDG_GAMES_DIR";
".." = "d ..";
"..." = "d ../..";
"...." = "d ../../..";
"....." = "d ../../../..";
"......" = "d ../../../../..";
"......." = "d ../../../../../..";
"........" = "d ../../../../../../..";
"........." = "d ../../../../../../../..";
p = "ping";
dc = "docker compose";
pc = "podman-compose";
k = "kubectl";
kg = "kubectl get";
v = "$EDITOR";
sv = "sudo $EDITOR";
kssh = "kitty +kitten ssh";
};
}; };
}; };
} }

192
lib/modules/nixos/default-module.nix Normal file
View file

@ -0,0 +1,192 @@
{
sops-nix,
disko,
slippi,
self,
...
}:
{
home-manager,
modulesPath,
lib,
config,
...
}:
{
imports = with self.outputs.nixosModules; [
(modulesPath + "/installer/scan/not-detected.nix")
# home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
disko.nixosModules.disko
slippi.nixosModules.default
# deno-netlify-ddns-client
# shell-defaults-and-applications
# desktop
# wifi
# printing
# podman
# virtual-machines
# postgres
# gaming
# daniel
];
config = {
nixpkgs = {
config.allowUnfree = lib.mkDefault true;
overlays = [ self.flakeLib.forSelfOverlay ];
};
nix = {
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
settings = {
trusted-users = lib.mkDefault [ "@wheel" ];
extra-experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
auto-optimise-store = lib.mkDefault true;
};
};
sops = {
age = {
sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
generateKey = lib.mkDefault true;
};
};
# TODO: for each non-system user on the machine?
# home-manager = {
#
# useGlobalPkgs = lib.mkDefault true;
# backupFileExtension = lib.mkDefault "hm-backup";
# sharedModules = with self.outputs.homeManagerModules; [
# default
# ];
# users = {
# root = {
# home.stateVersion = lib.mkDefault config.system.stateVersion;
# # imports = with self.outputs.homeManagerModules; [
# # ];
# };
# daniel = {
# home.stateVersion = lib.mkDefault config.system.stateVersion;
# imports = with self.outputs.homeManagerModules; [
# daniel
# ];
# };
# };
# };
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
boot.tmp.cleanOnBoot = lib.mkDefault true;
programs.gnupg.agent.enable = lib.mkDefault true;
time.timeZone = lib.mkDefault "America/Chicago";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
hardware.enableRedistributableFirmware = lib.mkDefault true;
users.users.root = {
openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];
};
services = {
openssh = {
enable = lib.mkDefault true;
settings = {
PasswordAuthentication = lib.mkDefault false;
KbdInteractiveAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
openFirewall = lib.mkDefault true;
/*
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
*/
};
avahi = {
enable = lib.mkDefault true;
reflector = lib.mkDefault true;
openFirewall = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
};
tailscale = {
enable = lib.mkDefault true;
useRoutingFeatures = lib.mkDefault "client";
};
journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";
xserver.xkb = {
layout = lib.mkDefault "us";
# have the caps-lock key instead be a ctrl key
options = lib.mkDefault "ctrl:nocaps";
};
smartd.enable = lib.mkDefault true;
fwupd.enable = lib.mkDefault true;
};
console = {
useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true;
colors =
with self.outputs.style.colors;
lib.mkDefault [
bg
red
green
orange
blue
purple
yellow
fg3
fgdim
red
green
orange
blue
purple
yellow
fg
];
};
networking = {
hostName = lib.mkDefault "set-a-hostname-dingus";
useDHCP = lib.mkDefault true;
firewall = {
enable = lib.mkDefault true;
allowPing = lib.mkDefault true;
};
};
users.groups.daniel = { };
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
description = "Daniel Flanagan";
createHome = true;
openssh.authorizedKeys.keys = [ self.outputs.pubkey ];
group = "daniel";
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
"kvm"
];
packages = [ ];
};
};
}

705
lib/modules/nixos/default.nix
View file

@ -1,42 +1,31 @@
{ self, ... }: inputs: {
let
inherit (self) outputs;
inherit (outputs)
nixosModules
# overlays
pubkey
;
in
{
common = {
imports = with nixosModules; [
deno-netlify-ddns-client
shell-defaults-and-applications
desktop
wifi
printing
podman
virtual-machines
postgres
gaming
gnome
daniel
root
];
};
nix-config = (import ../../../flake.nix).nixConfig;
shell-defaults-and-applications = import ./shell-config.nix;
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
# boot.tmp.useTmpfs = true; # boot.tmp.useTmpfs = true;
# boot.uki.tries = 3; # boot.uki.tries = 3;
# services.irqbalance.enable = true; # services.irqbalance.enable = true;
nix-config = (import ../../../flake.nix).nixConfig;
default = import ./default-module.nix inputs;
shell-defaults-and-applications = import ./shell-config.nix;
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
gnome = import ./gnome.nix;
laptop = import ./laptop.nix;
plasma6 = import ./plasma.nix;
lutris = import ./lutris.nix;
gaming = import ./gaming.nix;
pipewire = import ./pipewire.nix;
podman = import ./podman.nix;
virtual-machines = import ./virtual-machines.nix;
postgres = import ./postgres.nix;
desktop = import ./desktop.nix;
printing = import ./printing.nix;
wifi = import ./wifi.nix;
steam = import ./steam.nix;
remote-disk-key-entry-on-boot = remote-disk-key-entry-on-boot =
{ {
lib, # lib,
pkgs, # pkgs,
... ...
}: }:
{ {
@ -54,99 +43,13 @@ in
ssh = { ssh = {
enable = true; enable = true;
port = 22; port = 22;
authorizedKeys = [ pubkey ]; authorizedKeys = [ inputs.self.outputs.pubkey ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
}; };
}; };
}; };
}; };
laptop =
# TODO: modularize
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
acpi
];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
'';
services.upower.enable = true;
# NOTE: I previously let plasma settings handle this
services.logind = {
lidSwitch = "suspend-then-hibernate";
extraConfig = ''
KillUserProcesses=no
HandlePowerKey=suspend
HandlePowerKeyLongPress=poweroff
HandleRebootKey=reboot
HandleRebootKeyLongPress=poweroff
HandleSuspendKey=suspend
HandleSuspendKeyLongPress=hibernate
HandleHibernateKey=hibernate
HandleHibernateKeyLongPress=ignore
HandleLidSwitch=suspend
HandleLidSwitchExternalPower=suspend
HandleLidSwitchDocked=suspend
HandleLidSwitchDocked=suspend
IdleActionSec=11m
IdleAction=ignore
'';
};
};
gnome =
{
pkgs,
lib,
config,
...
}:
{
config = lib.mkIf config.services.xserver.desktopManager.gnome.enable {
services = {
xserver = {
enable = true;
displayManager.gdm.enable = true;
# desktopManager.gnome.enable = true;
};
udev.packages = [ pkgs.gnome-settings-daemon ];
};
environment = {
variables.GSK_RENDERER = "gl";
systemPackages = with pkgs; [
bitwarden
# adwaita-gtk-theme
papirus-icon-theme
adwaita-icon-theme
adwaita-icon-theme-legacy
hydrapaper
];
};
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
networking.firewall = rec {
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = allowedTCPPortRanges;
};
};
};
radio-tools = radio-tools =
{ pkgs, ... }: { pkgs, ... }:
{ {
@ -156,566 +59,4 @@ in
]; ];
}; };
}; };
kde-connect = {
programs.kdeconnect.enable = true;
/*
# handled by enabling
networking.firewall = {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
};
*/
};
fonts =
{ pkgs, ... }:
{
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
};
plasma6 =
{
pkgs,
lib,
...
}:
{
imports = with nixosModules; [
kde-connect
pipewire
];
services.xserver.enable = true;
services.displayManager.sddm = {
enable = true;
# package = lib.mkForce pkgs.kdePackages.sddm;
settings = { };
# theme = "";
enableHidpi = true;
wayland = {
enable = true;
compositor = "weston";
};
};
services.desktopManager.plasma6.enable = true;
programs.dconf.enable = true;
services.xrdp.enable = false;
services.xrdp.defaultWindowManager = "plasma";
services.xrdp.openFirewall = false;
environment.systemPackages = with pkgs; [
wl-clipboard
inkscape
krita
noto-fonts
vlc
wl-clipboard
kdePackages.qtvirtualkeyboard
maliit-keyboard
maliit-framework
kdePackages.kate
kdePackages.kcalc
kdePackages.filelight
kdePackages.krdc
kdePackages.krfb
kdePackages.kclock
kdePackages.kweather
kdePackages.ktorrent
kdePackages.kdeplasma-addons
unstable-packages.kdePackages.krdp
/*
kdePackages.kdenlive
kdePackages.merkuro
kdePackages.neochat
kdePackages.kdevelop
kdePackages.kdialog
*/
];
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
};
lutris =
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
wineWowPackages.waylandFull
lutris
winetricks
];
};
};
gaming =
{ pkgs, ... }:
{
imports = with nixosModules; [
lutris # TODO: use the flatpak?
steam # TODO: use the flatpak?
];
environment = {
systemPackages = with pkgs; [
ludusavi
# ludusavi uses rclone
rclone
];
};
};
pipewire = {
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# wireplumber.enable = true; # this is default now
wireplumber.extraConfig = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.pipewire."91-null-sinks" = {
"context.objects" = [
{
# A default dummy driver. This handles nodes marked with the "node.always-driver"
# properyty when no other driver is currently active. JACK clients need this.
factory = "spa-node-factory";
args = {
"factory.name" = "support.node.driver";
"node.name" = "Dummy-Driver";
"priority.driver" = 8000;
};
}
{
factory = "adapter";
args = {
"factory.name" = "support.null-audio-sink";
"node.name" = "Microphone-Proxy";
"node.description" = "Microphone";
"media.class" = "Audio/Source/Virtual";
"audio.position" = "MONO";
};
}
{
factory = "adapter";
args = {
"factory.name" = "support.null-audio-sink";
"node.name" = "Main-Output-Proxy";
"node.description" = "Main Output";
"media.class" = "Audio/Sink";
"audio.position" = "FL,FR";
};
}
];
};
/*
extraConfig.pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
*/
};
# recommended by https://nixos.wiki/wiki/PipeWire
security.rtkit.enable = true;
/*
services.pipewire = {
enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
hardware = {
pulseaudio = {
enable = false;
support32Bit = true;
};
};
security = {
# I forget why I need these exactly...
polkit.enable = true;
rtkit.enable = true;
};
*/
};
podman =
{
pkgs,
config,
lib,
...
}:
{
config = lib.mkIf config.virtualisation.podman.enable {
environment = {
systemPackages = with pkgs; [
podman-compose
];
};
virtualisation = {
podman = {
dockerCompat = config.virtualisation.podman.enable;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
networking = {
extraHosts = ''
127.0.0.1 host.docker.internal
::1 host.docker.internal
127.0.0.1 host.containers.internal
::1 host.containers.internal
'';
};
};
};
virtual-machines =
{
lib,
config,
...
}:
{
config = lib.mkIf config.virtualisation.libvirtd.enable {
users.users.daniel.extraGroups = [ "libvirtd" ];
};
};
postgres =
{
pkgs,
lib,
config,
...
}:
{
config = lib.mkIf config.services.postgresql.enable {
# this is really just for development usage
services.postgresql = {
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensureDBOwnership = true;
}
];
# enableTCPIP = true;
# package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
superuser_map /^(.*)$ \1 # Let other names login as themselves
'';
};
environment.systemPackages = with pkgs; [
pgcli
];
};
};
desktop =
{
pkgs,
lib,
config,
options,
...
}:
let
cfg = config.lyte.desktop;
in
{
options = {
lyte = {
desktop = {
enable = lib.mkEnableOption "Enable my default desktop configuration and applications";
};
};
};
config = lib.mkIf cfg.enable {
# services.xserver.desktopManager.gnome.enable = true;
xdg.portal.enable = true;
hardware =
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
# enable32Bit = true;
/*
driSupport32Bit = true;
driSupport = true;
*/
};
}
else
{
opengl = {
enable = true;
# driSupport32Bit = true;
driSupport = true;
};
};
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
services.flatpak.enable = true;
programs.appimage.binfmt = true;
services.printing.enable = true;
programs.virt-manager.enable = config.virtualisation.libvirtd.enable;
};
};
printing =
{
pkgs,
lib,
config,
...
}:
{
config = lib.mkIf config.services.printing.enable {
services.printing.browsing = true;
services.printing.browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
services.printing.drivers = [ pkgs.gutenprint ];
};
};
wifi =
{
lib,
config,
...
}:
let
inherit (lib) mkDefault;
cfg = config.networking.wifi;
in
{
options = {
networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager";
};
config = lib.mkIf cfg.enable {
networking.networkmanager = {
enable = true;
# ensureProfiles = {
# profiles = {
# home-wifi = {
# id="home-wifi";
# permissions = "";
# type = "wifi";
# };
# wifi = {
# ssid = "";
# };
# wifi-security = {
# # auth-alg = "";
# # key-mgmt = "";
# psk = "";
# };
# };
# };
};
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
/*
TODO: networking.networkmanager.wifi.backend = "iwd"; ?
TODO: powersave?
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
*/
hardware.wirelessRegulatoryDatabase = true;
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="US"
'';
};
};
steam =
{ pkgs, options, ... }:
{
programs.gamescope.enable = true;
services.pipewire = {
alsa.support32Bit = true;
};
programs.steam = {
enable = true;
extest.enable = true;
gamescopeSession.enable = true;
extraPackages = with pkgs; [
gamescope
];
extraCompatPackages = with pkgs; [
proton-ge-bin
];
localNetworkGameTransfers.openFirewall = true;
remotePlay.openFirewall = true;
};
hardware =
(
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
enable32Bit = true;
};
}
else
{
opengl = {
enable = true;
driSupport32Bit = true;
};
}
)
// {
steam-hardware.enable = true;
};
services.udev.packages = with pkgs; [ steam ];
environment.systemPackages = with pkgs; [
dualsensectl # for interfacing with dualsense controllers programmatically
];
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
/*
networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
*/
};
root =
{
pkgs,
lib,
...
}:
{
users.users.root = {
home = "/root";
createHome = true;
openssh.authorizedKeys.keys = [ pubkey ];
shell = lib.mkForce pkgs.fish;
};
};
daniel =
{
pkgs,
lib,
config,
...
}:
{
users.groups.daniel = { };
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
description = "Daniel Flanagan";
createHome = true;
openssh.authorizedKeys.keys = [ pubkey ];
group = "daniel";
extraGroups = [
"users"
"wheel"
"video"
"dialout"
"uucp"
"kvm"
];
packages = [ ];
};
};
} }

64
lib/modules/nixos/desktop.nix Normal file
View file

@ -0,0 +1,64 @@
{
pkgs,
lib,
config,
options,
...
}:
let
cfg = config.lyte.desktop;
in
{
imports = with nixosModules; [
gnome
];
options = {
lyte = {
desktop = {
enable = lib.mkEnableOption "Enable my default desktop configuration and applications";
};
};
};
config = lib.mkIf cfg.enable {
# services.xserver.desktopManager.gnome.enable = true;
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
xdg.portal.enable = true;
hardware =
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
# enable32Bit = true;
/*
driSupport32Bit = true;
driSupport = true;
*/
};
}
else
{
opengl = {
enable = true;
# driSupport32Bit = true;
driSupport = true;
};
};
services.flatpak.enable = true;
programs.appimage.binfmt = true;
services.printing.enable = true;
programs.virt-manager.enable = config.virtualisation.libvirtd.enable;
};
}

15
lib/modules/nixos/gaming.nix Normal file
View file

@ -0,0 +1,15 @@
{ self, pkgs, ... }:
{
imports = with self.outputs.nixosModules; [
lutris # TODO: use the flatpak?
steam # TODO: use the flatpak?
];
environment = {
systemPackages = with pkgs; [
ludusavi
# ludusavi uses rclone
rclone
];
};
}

46
lib/modules/nixos/gnome.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
lib,
config,
...
}:
{
config = lib.mkIf config.services.xserver.desktopManager.gnome.enable {
services = {
xserver = {
enable = true;
displayManager.gdm.enable = true;
# desktopManager.gnome.enable = true;
};
udev.packages = [ pkgs.gnome-settings-daemon ];
};
environment = {
variables.GSK_RENDERER = "gl";
systemPackages = with pkgs; [
bitwarden
# adwaita-gtk-theme
papirus-icon-theme
adwaita-icon-theme
adwaita-icon-theme-legacy
hydrapaper
];
};
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
networking.firewall = rec {
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = allowedTCPPortRanges;
};
};
}

42
lib/modules/nixos/laptop.nix Normal file
View file

@ -0,0 +1,42 @@
{
lib,
config,
pkgs,
...
}:
{
config = lib.mkIf config.lyte.laptop.enable {
environment.systemPackages = with pkgs; [
acpi
];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
'';
services.upower.enable = true;
# NOTE: I previously let plasma settings handle this
services.logind = {
lidSwitch = "suspend-then-hibernate";
extraConfig = ''
KillUserProcesses=no
HandlePowerKey=suspend
HandlePowerKeyLongPress=poweroff
HandleRebootKey=reboot
HandleRebootKeyLongPress=poweroff
HandleSuspendKey=suspend
HandleSuspendKeyLongPress=hibernate
HandleHibernateKey=hibernate
HandleHibernateKeyLongPress=ignore
HandleLidSwitch=suspend
HandleLidSwitchExternalPower=suspend
HandleLidSwitchDocked=suspend
HandleLidSwitchDocked=suspend
IdleActionSec=11m
IdleAction=ignore
'';
};
};
}

10
lib/modules/nixos/lutris.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
wineWowPackages.waylandFull
lutris
winetricks
];
};
}

99
lib/modules/nixos/pipewire.nix Normal file
View file

@ -0,0 +1,99 @@
{
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# wireplumber.enable = true; # this is default now
wireplumber.extraConfig = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.pipewire."91-null-sinks" = {
"context.objects" = [
{
# A default dummy driver. This handles nodes marked with the "node.always-driver"
# properyty when no other driver is currently active. JACK clients need this.
factory = "spa-node-factory";
args = {
"factory.name" = "support.node.driver";
"node.name" = "Dummy-Driver";
"priority.driver" = 8000;
};
}
{
factory = "adapter";
args = {
"factory.name" = "support.null-audio-sink";
"node.name" = "Microphone-Proxy";
"node.description" = "Microphone";
"media.class" = "Audio/Source/Virtual";
"audio.position" = "MONO";
};
}
{
factory = "adapter";
args = {
"factory.name" = "support.null-audio-sink";
"node.name" = "Main-Output-Proxy";
"node.description" = "Main Output";
"media.class" = "Audio/Sink";
"audio.position" = "FL,FR";
};
}
];
};
/*
extraConfig.pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
*/
};
# recommended by https://nixos.wiki/wiki/PipeWire
security.rtkit.enable = true;
/*
services.pipewire = {
enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
hardware = {
pulseaudio = {
enable = false;
support32Bit = true;
};
};
security = {
# I forget why I need these exactly...
polkit.enable = true;
rtkit.enable = true;
};
*/
}

68
lib/modules/nixos/plasma.nix Normal file
View file

@ -0,0 +1,68 @@
{
self,
pkgs,
lib,
...
}:
{
imports = with self.outputs.nixosModules; [
pipewire
];
programs.kdeconnect.enable = true;
services.xserver.enable = true;
services.displayManager.sddm = {
enable = true;
# package = lib.mkForce pkgs.kdePackages.sddm;
settings = { };
# theme = "";
enableHidpi = true;
wayland = {
enable = true;
compositor = "weston";
};
};
services.desktopManager.plasma6.enable = true;
programs.dconf.enable = true;
services.xrdp.enable = false;
services.xrdp.defaultWindowManager = "plasma";
services.xrdp.openFirewall = false;
environment.systemPackages = with pkgs; [
wl-clipboard
inkscape
krita
noto-fonts
vlc
wl-clipboard
kdePackages.qtvirtualkeyboard
maliit-keyboard
maliit-framework
kdePackages.kate
kdePackages.kcalc
kdePackages.filelight
kdePackages.krdc
kdePackages.krfb
kdePackages.kclock
kdePackages.kweather
kdePackages.ktorrent
kdePackages.kdeplasma-addons
unstable-packages.kdePackages.krdp
/*
kdePackages.kdenlive
kdePackages.merkuro
kdePackages.neochat
kdePackages.kdevelop
kdePackages.kdialog
*/
];
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
}

36
lib/modules/nixos/podman.nix Normal file
View file

@ -0,0 +1,36 @@
{
pkgs,
config,
lib,
...
}:
{
config = lib.mkIf config.virtualisation.podman.enable {
environment = {
systemPackages = with pkgs; [
podman-compose
];
};
virtualisation = {
podman = {
dockerCompat = config.virtualisation.podman.enable;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
networking = {
extraHosts = ''
127.0.0.1 host.docker.internal
::1 host.docker.internal
127.0.0.1 host.containers.internal
::1 host.containers.internal
'';
};
};
}

64
lib/modules/nixos/postgres.nix Normal file
View file

@ -0,0 +1,64 @@
{
pkgs,
lib,
config,
options,
...
}:
let
cfg = config.lyte.desktop;
in
{
imports = with nixosModules; [
gnome
];
options = {
lyte = {
desktop = {
enable = lib.mkEnableOption "Enable my default desktop configuration and applications";
};
};
};
config = lib.mkIf cfg.enable {
# services.xserver.desktopManager.gnome.enable = true;
fonts.packages = [
(
# allow nixpkgs 24.11 and unstable to both work
if builtins.hasAttr "nerd-fonts" pkgs then
(pkgs.nerd-fonts.symbols-only)
else
(pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
)
pkgs.iosevkaLyteTerm
];
xdg.portal.enable = true;
hardware =
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
# enable32Bit = true;
/*
driSupport32Bit = true;
driSupport = true;
*/
};
}
else
{
opengl = {
enable = true;
# driSupport32Bit = true;
driSupport = true;
};
};
services.flatpak.enable = true;
programs.appimage.binfmt = true;
services.printing.enable = true;
programs.virt-manager.enable = config.virtualisation.libvirtd.enable;
};
}

20
lib/modules/nixos/printing.nix Normal file
View file

@ -0,0 +1,20 @@
{
pkgs,
lib,
config,
...
}:
{
config = lib.mkIf config.services.printing.enable {
services.printing.browsing = true;
services.printing.browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
services.printing.drivers = [ pkgs.gutenprint ];
};
}

6
lib/modules/nixos/shell-config.nix
View file

@ -17,7 +17,11 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home-manager.users.daniel = { }; programs.eza = {
enable = true;
};
config.lyte.shell.enable = lib.mkDefault true;
programs.nix-index.enable = true; programs.nix-index.enable = true;
programs.command-not-found.enable = false; programs.command-not-found.enable = false;

65
lib/modules/nixos/steam.nix Normal file
View file

@ -0,0 +1,65 @@
{
config,
lib,
pkgs,
options,
...
}:
{
config = lib.mkIf config.programs.steam.enable {
programs.gamescope.enable = true;
services.pipewire = {
alsa.support32Bit = true;
};
programs.steam = {
extest.enable = true;
gamescopeSession.enable = true;
extraPackages = with pkgs; [
gamescope
];
extraCompatPackages = with pkgs; [
proton-ge-bin
];
localNetworkGameTransfers.openFirewall = true;
remotePlay.openFirewall = true;
};
hardware =
(
if builtins.hasAttr "graphics" options.hardware then
{
graphics = {
enable = true;
enable32Bit = true;
};
}
else
{
opengl = {
enable = true;
driSupport32Bit = true;
};
}
)
// {
steam-hardware.enable = true;
};
services.udev.packages = with pkgs; [ steam ];
environment.systemPackages = with pkgs; [
dualsensectl # for interfacing with dualsense controllers programmatically
];
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
/*
networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
*/
};
}

10
lib/modules/nixos/virtual-machines.nix Normal file
View file

@ -0,0 +1,10 @@
{
lib,
config,
...
}:
{
config = lib.mkIf config.virtualisation.libvirtd.enable {
users.users.daniel.extraGroups = [ "libvirtd" ];
};
}

47
lib/modules/nixos/wifi.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
config,
...
}:
let
inherit (lib) mkDefault;
cfg = config.networking.wifi;
in
{
options = {
networking.wifi.enable = lib.mkEnableOption "Enable wifi via NetworkManager";
};
config = lib.mkIf cfg.enable {
networking.networkmanager = {
enable = true;
# ensureProfiles = {
# profiles = {
# home-wifi = {
# id="home-wifi";
# permissions = "";
# type = "wifi";
# };
# wifi = {
# ssid = "";
# };
# wifi-security = {
# # auth-alg = "";
# # key-mgmt = "";
# psk = "";
# };
# };
# };
};
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
/*
TODO: networking.networkmanager.wifi.backend = "iwd"; ?
TODO: powersave?
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
*/
hardware.wirelessRegulatoryDatabase = true;
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="US"
'';
};
}

2
packages/hosts/beefcake.nix
View file

@ -19,7 +19,7 @@
}: }:
{ {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
home-manager.users.daniel.home.stateVersion = "24.05"; # home-manager.users.daniel.home.stateVersion = "24.05";
networking.hostName = "beefcake"; networking.hostName = "beefcake";
imports = [ imports = [

193
packages/hosts/default.nix
View file

@ -1,15 +1,4 @@
{ inputs:
hardware,
self,
nixpkgs,
sops-nix,
disko,
slippi,
home-manager,
nixpkgs-unstable,
home-manager-unstable,
...
}:
let let
baseHost = baseHost =
{ {
@ -26,189 +15,25 @@ let
(nixpkgs.lib.nixosSystem { (nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
hardware = hardware.outputs.nixosModules; inherit home-manager;
diskoConfigurations = self.outputs.diskoConfigurations; hardware = inputs.hardware.outputs.nixosModules;
diskoConfigurations = inputs.self.outputs.diskoConfigurations;
}; };
modules = [ modules = [
( inputs.self.outputs.nixosModules.default
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
disko.nixosModules.disko
slippi.nixosModules.default
self.outputs.nixosModules.common
];
config = {
lyte.shell.enable = lib.mkDefault true;
nixpkgs = {
config.allowUnfree = lib.mkDefault true;
overlays = [ self.flakeLib.forSelfOverlay ];
};
sops = {
age = {
sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
generateKey = lib.mkDefault true;
};
};
# TODO: for each non-system user on the machine?
home-manager = {
extraSpecialArgs = {
config.lyte = config.lyte;
};
sharedModules = with self.outputs.homeManagerModules; [
common
linux
];
users = {
root = {
home.stateVersion = lib.mkDefault config.system.stateVersion;
imports = with self.outputs.homeManagerModules; [
];
};
daniel = {
home.stateVersion = lib.mkDefault config.system.stateVersion;
imports = with self.outputs.homeManagerModules; [
daniel
];
};
};
};
nix = {
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
settings = {
trusted-users = lib.mkDefault [ "@wheel" ];
extra-experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
auto-optimise-store = lib.mkDefault true;
};
};
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
boot.tmp.cleanOnBoot = lib.mkDefault true;
programs.gnupg.agent.enable = lib.mkDefault true;
time.timeZone = lib.mkDefault "America/Chicago";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
hardware.enableRedistributableFirmware = lib.mkDefault true;
home-manager.useGlobalPkgs = lib.mkDefault true;
home-manager.backupFileExtension = lib.mkDefault "hm-backup";
users.users.root = {
openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];
};
services = {
openssh = {
enable = lib.mkDefault true;
settings = {
PasswordAuthentication = lib.mkDefault false;
KbdInteractiveAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
openFirewall = lib.mkDefault true;
/*
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
*/
};
avahi = {
enable = lib.mkDefault true;
reflector = lib.mkDefault true;
openFirewall = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
};
tailscale = {
enable = lib.mkDefault true;
useRoutingFeatures = lib.mkDefault "client";
};
journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";
xserver.xkb = {
layout = lib.mkDefault "us";
# have the caps-lock key instead be a ctrl key
options = lib.mkDefault "ctrl:nocaps";
};
smartd.enable = lib.mkDefault true;
fwupd.enable = lib.mkDefault true;
};
console = {
useXkbConfig = lib.mkDefault true;
earlySetup = lib.mkDefault true;
colors =
with self.outputs.style.colors;
lib.mkDefault [
bg
red
green
orange
blue
purple
yellow
fg3
fgdim
red
green
orange
blue
purple
yellow
fg
];
};
networking = {
hostName = lib.mkDefault "set-a-hostname-dingus";
useDHCP = lib.mkDefault true;
firewall = {
enable = lib.mkDefault true;
allowPing = lib.mkDefault true;
};
};
};
}
)
(import path) (import path)
]; ];
}) })
) )
); );
stableHost = baseHost { inherit nixpkgs home-manager; }; stableHost = baseHost { inherit (inputs) nixpkgs home-manager; };
host = baseHost { host = baseHost {
nixpkgs = nixpkgs-unstable; nixpkgs = inputs.nixpkgs-unstable;
home-manager = home-manager-unstable; home-manager = inputs.home-manager-unstable;
}; };
in in
{ {
# beefcake = stableHost ./beefcake.nix { }; beefcake = stableHost ./beefcake.nix { };
dragon = host ./dragon.nix { }; dragon = host ./dragon.nix { };
# arm-dragon = host ./dragon.nix { system = "aarch64-linux"; }; # arm-dragon = host ./dragon.nix { system = "aarch64-linux"; };
} }

37
packages/hosts/dragon.nix
View file

@ -3,6 +3,7 @@
config, config,
hardware, hardware,
diskoConfigurations, diskoConfigurations,
homeConfigurations,
... ...
}: }:
{ {
@ -30,28 +31,30 @@
common-pc-ssd common-pc-ssd
]; ];
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
networking.wifi.enable = true;
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
lyte.desktop.enable = true;
sops = { sops = {
defaultSopsFile = ../../secrets/dragon/secrets.yml; defaultSopsFile = ../../secrets/dragon/secrets.yml;
secrets.ddns-pass.mode = "0400"; secrets.ddns-pass.mode = "0400";
}; };
services.deno-netlify-ddns-client = { # services.deno-netlify-ddns-client = {
passwordFile = config.sops.secrets.ddns-pass.path; # passwordFile = config.sops.secrets.ddns-pass.path;
enable = true; # enable = true;
username = "dragon.h"; # username = "dragon.h";
# TODO: router doesn't even do ipv6 yet... # # TODO: router doesn't even do ipv6 yet...
ipv6 = false; # ipv6 = false;
}; # };
home-manager.users.daniel = { # networking.wifi.enable = true;
slippi-launcher = { # lyte.desktop.enable = true;
enable = true;
isoPath = "${config.users.users.daniel.home}/../games/roms/dolphin/melee.iso"; # home-manager.users.daniel = {
launchMeleeOnPlay = false; # lyte.shell.enable = true;
}; # lyte.desktop.enable = true;
}; # slippi-launcher = {
# enable = true;
# isoPath = "${config.users.users.daniel.home}/../games/roms/dolphin/melee.iso";
# launchMeleeOnPlay = false;
# };
# };
} }

10
packages/machines.nix
View file

@ -1,3 +1,13 @@
{
nixpkgs-unstable,
nixpkgs,
self,
...
}:
let
inherit (self) outputs;
inherit (outputs) nixosModules;
in
{ {
beefcake = beefcake =
let let