phundrak/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: refactor system modules

Browse Source
This commit is contained in:
Lucien Cartier-Tilet 2025-07-05 00:02:39 +02:00
parent d64caa86ec
commit 15a39660eb
56 changed files with 549 additions and 475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
hosts/alys/configuration.nix
View File

@ -1,64 +1,41 @@
{ {inputs, ...}: {
pkgs,
inputs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./host.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
../../modules/locale.nix ../../system
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
]; ];
zramSwap.enable = true;
# networking.domain = "phundrak.com";
system = { system = {
amdgpu.enable = false;
boot = { boot = {
kernel = { kernel.hardened = true;
hardened = true;
cpuVendor = "amd";
};
systemd-boot = false; systemd-boot = false;
zfs.enable = false; zram = {
enable = true;
memoryMax = 512;
};
}; };
dev.docker.enable = true;
networking = { networking = {
hostname = "alys"; hostname = "alys";
domain = "phundrak.com"; domain = "phundrak.com";
id = "41157110"; id = "41157110";
firewall.openPorts = [
22
];
}; };
sound.enable = false; packages.nix = {
gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
endlessh.enable = true;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
users = { users = {
root.disablePassword = true; root.disablePassword = true;
phundrak = true; phundrak.enable = true;
}; };
}; };
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = false;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# networking.hostName = "alys";
# users.users.root.openssh.authorizedKeys.keys = [
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+b7BE/gHrHVkqNVfHtp2r4OCUDdohst8hb3Bz5tYtx3gvXJQCB1rFc2hgQJf8FsVyQbidS64lnhU1rUIEbFhv7itT5FGGUnfJEYs64W30wKsnPSb5WXdFXzrNi8za48i2oNl9JA9Fj9k6isyvkTup89hB+ELbXIcfz3bM93WaAt2dIgKijXaAMAAA+tHhgWvlrHlvGlU9/KxY3ZOQSoEboPXd7TDyOf1672eAibYyb5h1HIewYZ+xv1X4dxx/c9Arh4K0s8scuB7XTQQkEbRUEYKD2YXKN83Z09jfMlMYuBAKKO8zU4CM2KTbL7kEVgNc/ArY+uCAakmC5+eS7LxMuOt86+Bi4gXTJ6o6dbfUbCGiq751ni8pg44YSfwYiI05vvZ08eIyNkowumD+X4GRW4tu0I3qK8TI7exeEeoQIwlSfLXlYHEdNB8Q3feLyhHMRkxXgUskbXwWIBexLzJyY40tyqQplZWbYGrUEmjxZ7FWmaV+o8ZjnU2GfJ8JoWyCnEYfRc6Z2ILdXNDRzZ9qYOwefMHtuaYaYYximL+zdVVrm4EZuOetmaJ6zblk4ebU3GZjYykB8DmCDFDZO9koKwzPazLKQl0OWzmQqgxVNg7Mg1NZbuRQgVAhKPelnqejaXbf2/IHAYBn5LDR1Jew5+srlstM9XuYG2whEOx84w== Lucien Cartier-Tilet <lucien@phundrak.com>"
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com"
# ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

3
hosts/alys/host.nix
View File

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [neofetch vim emacs];
}

95
hosts/gampo/configuration.nix
View File

@ -7,55 +7,72 @@
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
./services # ./services
../../modules/opentablet.nix ../../system
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
]; ];
system = {
boot = {
plymouth.enable = true;
kernel = {
cpuVendor = "intel";
package = pkgs.linuxPackages;
modules = ["i915"];
};
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
hardware = {
bluetooth.enable = true;
corne.allowHidAccess = true;
ibmTrackpoint.disable = true;
opentablet.enable = true;
sound.enable = true;
};
misc.keymap = "fr-bepo";
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
packages = {
appimage.enable = true;
flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
ssh.enable = true;
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
sops.secrets.extraHosts = { sops.secrets.extraHosts = {
inherit (config.users.users.root) group; inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name; owner = config.users.users.phundrak.name;
mode = "0440"; mode = "0440";
}; };
boot.initrd.kernelModules = ["i915"];
system = {
boot.plymouth.enable = true;
docker = {
enable = true;
autoprune.enable = true;
podman.enable = true;
};
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
sound.enable = true;
};
modules = {
appimage.enable = true;
hyprland.enable = true;
};
security.rtkit.enable = true; security.rtkit.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
nix.settings.trusted-users = ["root" "phundrak"];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database # settings for stateful data, like file locations and database
# versions on your system were taken. Its perfectly fine and # versions on your system were taken. Its perfectly fine and

6
hosts/gampo/services/default.nix
View File

@ -1,7 +1,7 @@
{ {
imports = [ # imports = [
./gnome.nix # ./gnome.nix
]; # ];
services = { services = {
# Enable CUPS to print documents. # Enable CUPS to print documents.

109
hosts/marpa/configuration.nix
View File

@ -1,42 +1,48 @@
{ {
config, config,
pkgs,
inputs, inputs,
... ...
}: { }: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./system/hardware-configuration.nix ./system/hardware-configuration.nix
./services ../../system
../../modules/opentablet.nix
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
]; ];
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
security.polkit.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
system = { system = {
amdgpu.enable = true; boot = {
boot.plymouth.enable = true; extraModprobeConfig = ''
docker = { options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
plymouth.enable = true;
kernel.cpuVendor = "amd";
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
niri.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
enable = true; enable = true;
podman.enable = true; podman.enable = true;
autoprune.enable = true; autoprune.enable = true;
}; };
hardware = {
amdgpu.enable = true;
bluetooth.enable = true;
corne.allowHidAccess = true;
opentablet.enable = true;
sound = {
enable = true;
jack = true;
scarlett.enable = true;
};
};
misc.keymap = "fr-bepo";
networking = { networking = {
hostname = "marpa"; hostname = "marpa";
id = "7EA4A111"; id = "7EA4A111";
@ -49,34 +55,45 @@
} }
]; ];
}; };
sound = { packages = {
enable = true; appimage.enable = true;
jack = true; flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
printing.enable = true;
ssh.enable = true;
sunshine = {
enable = true;
autostart = true;
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
}; };
}; };
modules = { sops.secrets.extraHosts = {
appimage.enable = true; inherit (config.users.users.root) group;
hyprland.enable = true; owner = config.users.users.phundrak.name;
mode = "0440";
}; };
security.rtkit.enable = true; security = {
polkit.enable = true;
rtkit.enable = true;
};
nix.settings.trusted-users = ["root" "phundrak"]; fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
environment.systemPackages = with pkgs; [ fsType = "ext4";
clinfo # AMD };
curl
openssl
wget
alsa-scarlett-gui
];
boot.extraModprobeConfig = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
programs.nix-ld.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

43
hosts/marpa/services/default.nix
View File

@ -1,25 +1,24 @@
{ {
imports = [ # imports = [
./logind.nix # ./logind.nix
../../../modules/ssh.nix # ../../../system
../../../modules/sunshine.nix # ];
../../../modules/xserver.nix # imports = [
]; # ./logind.nix
# ../../../modules/ssh.nix
# ../../../modules/sunshine.nix
# ];
modules = { # modules = {
sunshine = { # sunshine = {
enable = true; # enable = true;
autostart = true; # autostart = true;
}; # };
xserver = { # };
amdgpu.enable = true; # services = {
de = "gnome"; # blueman.enable = true;
}; # fwupd.enable = true;
}; # printing.enable = true;
services = { # openssh.enable = true;
blueman.enable = true; # };
fwupd.enable = true;
printing.enable = true;
openssh.enable = true;
};
} }

48
hosts/tilo/configuration.nix
View File

@ -1,24 +1,15 @@
# Edit this configuration file to define what should be installed on your # Edit this configuration file to define what should be installed on your
# system. Help is available in the configuration.nix(5) man page and in # system. Help is available in the configuration.nix(5) man page and in
# the NixOS manual (accessible by running nixos-help). # the NixOS manual (accessible by running nixos-help).
{ {inputs, ...}: {
pkgs,
inputs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
../../modules/locale.nix ../../system
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
./services ./services
]; ];
system = { system = {
amdgpu.enable = false;
boot = { boot = {
kernel = { kernel = {
hardened = true; hardened = true;
@ -29,16 +20,15 @@
pools = ["tank"]; pools = ["tank"];
}; };
}; };
docker.enable = true; dev.docker.enable = true;
misc.keymap = "fr-bepo";
networking = { networking = {
hostname = "tilo"; hostname = "tilo";
id = "7110b33f"; id = "7110b33f";
firewall = { firewall = {
openPorts = [ openPorts = [
22 # SSH
80 # HTTP 80 # HTTP
443 # HTTPS 443 # HTTPS
2222 # endlessh
25565 # Minecraft 25565 # Minecraft
]; ];
extraCommands = '' extraCommands = ''
@ -47,28 +37,24 @@
''; '';
}; };
}; };
nix.gc.automatic = true; packages.nix = {
sound.enable = false; gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
endlessh.enable = true;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
users = { users = {
root.disablePassword = true; root.disablePassword = true;
phundrak = true; phundrak.enable = true;
}; };
console.keyMap = "fr-bepo";
}; };
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = true;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

6
modules/opentablet.nix
View File

@ -1,6 +0,0 @@
{
hardware.opentabletdriver = {
enable = true;
daemon.enable = true;
};
}

183
modules/system.nix
View File

@ -1,183 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.system;
in {
imports = [
./amdgpu.nix
./appimage.nix
./boot.nix
./locale.nix
./networking.nix
./nix.nix
./plymouth.nix
./sound.nix
./users.nix
./dev/docker.nix
];
options.system = with types; {
amdgpu.enable = mkEnableOption "Enables AMD GPU support";
boot = {
kernel = {
package = mkOption {
type = raw;
default = pkgs.linuxPackages_zen;
};
modules = mkOption {
type = listOf str;
default = [];
};
cpuVendor = mkOption {
description = "Intel or AMD?";
type = enum ["intel" "amd"];
default = "amd";
};
v4l2loopback = mkOption {
description = "Enables v4l2loopback";
type = bool;
default = true;
};
hardened = mkEnableOption "Enables hardened Linux kernel";
};
systemd-boot = mkOption {
type = types.bool;
default = true;
description = "Does the system use systemd-boot?";
};
plymouth.enable = mkEnableOption "Enables Plymouth";
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
type = listOf str;
default = [];
};
};
};
docker = {
enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";
autoprune.enable = mkEnableOption "Enable autoprune";
};
networking = {
hostname = mkOption {
type = str;
example = "gampo";
};
id = mkOption {
type = str;
example = "deadb33f";
};
domain = mkOption {
type = nullOr str;
example = "phundrak.com";
default = null;
};
hostFiles = mkOption {
type = listOf path;
example = [/path/to/hostFile];
default = [];
};
firewall = {
openPorts = mkOption {
type = listOf int;
example = [22 80 443];
default = [];
};
openPortRanges = mkOption {
type = listOf (attrsOf port);
default = [];
example = [
{
from = 8080;
to = 8082;
}
];
description = ''
A range of TCP and UDP ports on which incoming connections are
accepted.
'';
};
extraCommands = mkOption {
type = nullOr lines;
example = "iptables -A INPUTS -p icmp -j ACCEPT";
default = null;
};
};
};
nix = {
disableSandbox = mkOption {
type = bool;
default = false;
};
gc = {
automatic = mkOption {
type = bool;
default = true;
};
dates = mkOption {
type = str;
default = "Monday 01:00 UTC";
};
options = mkOption {
type = str;
default = "--delete-older-than 30d";
};
};
};
sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire";
alsa = mkOption {
type = bool;
example = true;
default = true;
description = "Whether to enable ALSA support with Pipewire";
};
jack = mkOption {
type = bool;
example = true;
default = false;
description = "Whether to enable JACK support with Pipewire";
};
package = mkOption {
type = package;
example = pkgs.pulseaudio;
default = pkgs.pulseaudioFull;
description = "Which base package to use for PulseAudio";
};
};
users = {
root.disablePassword = mkEnableOption "Disables root password";
phundrak = mkOption {
type = bool;
default = true;
};
};
timezone = mkOption {
type = str;
default = "Europe/Paris";
};
console.keyMap = mkOption {
type = str;
default = "fr";
};
};
config = {
boot.tmp.cleanOnBoot = true;
time.timeZone = cfg.timezone;
console.keyMap = cfg.console.keyMap;
modules = {
boot = {
inherit (cfg) amdgpu;
inherit (cfg.boot) kernel systemd-boot plymouth zfs;
};
inherit (cfg) sound users networking docker amdgpu;
};
};
}

21
programs/steam.nix
View File

@ -1,21 +0,0 @@
{pkgs, ...}: {
programs = {
steam = {
enable = true;
protontricks.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
};
gamescope = {
enable = true;
capSysNice = true;
args = [
"--rt"
"--expose-wayland"
];
};
};
hardware.steam-hardware.enable = true;
}

14
modules/boot.nix → system/boot/boot.nix
View File

@ -5,10 +5,16 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.boot; cfg = config.system.boot;
in { in {
options.modules.boot = { options.system.boot = {
amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration"; extraModprobeConfig = mkOption {
type = types.lines;
default = "";
example = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
};
kernel = { kernel = {
package = mkOption { package = mkOption {
type = types.raw; type = types.raw;
@ -45,7 +51,7 @@ in {
}; };
config.boot = { config.boot = {
initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu"; initrd.kernelModules = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
loader = { loader = {
systemd-boot.enable = cfg.systemd-boot; systemd-boot.enable = cfg.systemd-boot;
efi.canTouchEfiVariables = cfg.systemd-boot; efi.canTouchEfiVariables = cfg.systemd-boot;

7
system/boot/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [
./boot.nix
./plymouth.nix
./zram.nix
];
}

4
modules/plymouth.nix → system/boot/plymouth.nix
View File

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.boot.plymouth; cfg = config.system.boot.plymouth;
in { in {
options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot"; options.system.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
config.boot = mkIf cfg.enable { config.boot = mkIf cfg.enable {
plymouth = { plymouth = {
inherit (cfg) enable; inherit (cfg) enable;

21
system/boot/zram.nix Normal file
View File

@ -0,0 +1,21 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.boot.zram;
in {
options.system.boot.zram = {
enable = mkEnableOption "Enable ZRAM";
memoryMax = mkOption {
type = types.int;
example = "512";
description = "Maximum size allocated to ZRAM in MiB";
};
};
config.zramSwap = mkIf cfg.enable {
inherit (cfg) enable;
memoryMax = cfg.memoryMax * 1024 * 1024;
};
}

40
system/default.nix Normal file
View File

@ -0,0 +1,40 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.misc;
in {
imports = [
./boot
./desktop
./dev
./hardware
./i18n
./network
./packages
./security
./services
./users
];
options.system.misc = {
timezone = mkOption {
type = types.str;
default = "Europe/Paris";
};
keymap = mkOption {
type = types.str;
default = "fr";
example = "fr-bepo";
description = "Keymap to use in the TTY console";
};
};
config = {
boot.tmp.cleanOnBoot = true;
time.timeZone = cfg.timezone;
console.keyMap = cfg.keymap;
};
}

3
system/desktop/default.nix Normal file
View File

@ -0,0 +1,3 @@
{
imports = [./hyprland.nix ./niri.nix ./xserver.nix];
}

4
programs/hyprland.nix → system/desktop/hyprland.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.hyprland; cfg = config.system.desktop.hyprland;
in { in {
options.modules.hyprland.enable = mkEnableOption "Enables Hyprland"; options.system.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
config.programs.hyprland = mkIf cfg.enable { config.programs.hyprland = mkIf cfg.enable {
inherit (cfg) enable; inherit (cfg) enable;
withUWSM = true; withUWSM = true;

13
system/desktop/niri.nix Normal file
View File

@ -0,0 +1,13 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.system.desktop.niri;
in {
options.system.desktop.niri.enable = mkEnableOption "Enables Niri";
config.programs.niri = mkIf cfg.enable {
inherit (cfg) enable;
};
}

12
modules/xserver.nix → system/desktop/xserver.nix
View File

@ -4,10 +4,10 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.xserver; cfg = config.system.desktop.xserver;
in { in {
options.modules.xserver = { options.system.desktop.xserver = {
amdgpu.enable = mkEnableOption "Enables AMD GPU support"; enable = mkEnableOption "Enables xserver";
de = mkOption { de = mkOption {
type = types.enum ["gnome" "kde"]; type = types.enum ["gnome" "kde"];
default = "gnome"; default = "gnome";
@ -15,7 +15,7 @@ in {
description = "Which DE to enable"; description = "Which DE to enable";
}; };
}; };
config.services = { config.services = mkIf cfg.enable {
displayManager = { displayManager = {
sddm.enable = mkIf (cfg.de == "kde") true; sddm.enable = mkIf (cfg.de == "kde") true;
gdm.enable = mkIf (cfg.de == "gnome") true; gdm.enable = mkIf (cfg.de == "gnome") true;
@ -34,8 +34,8 @@ in {
}; };
xserver = { xserver = {
enable = true; inherit (cfg) enable;
videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu"; videoDrivers = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
xkb = { xkb = {
layout = "fr"; layout = "fr";
variant = "bepo_afnor"; variant = "bepo_afnor";

3
system/dev/default.nix Normal file
View File

@ -0,0 +1,3 @@
{
imports = [./docker.nix];
}

4
modules/dev/docker.nix → system/dev/docker.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.docker; cfg = config.system.dev.docker;
in { in {
options.modules.docker = { options.system.dev.docker = {
enable = mkEnableOption "Enable Docker"; enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker"; podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support"; nvidia.enable = mkEnableOption "Activate Nvidia support";

9
modules/amdgpu.nix → system/hardware/amdgpu.nix
View File

@ -5,13 +5,18 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.amdgpu; cfg = config.system.hardware.amdgpu;
in { in {
options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration"; options.system.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
]; ];
hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd]; hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
environment.systemPackages = with pkgs; [
clinfo
amdgpu_top
nvtopPackages.amd
];
}; };
} }

14
system/hardware/bluetooth.nix Normal file
View File

@ -0,0 +1,14 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.hardware.bluetooth;
in {
options.system.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
config = mkIf cfg.enable {
hardware.bluetooth.enable = cfg.enable;
services.blueman.enable = cfg.enable;
};
}

15
system/hardware/corne.nix Normal file
View File

@ -0,0 +1,15 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.hardware.corne;
in {
options.system.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
config.services.udev = mkIf cfg.allowHidAccess {
extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
};
}

10
system/hardware/default.nix Normal file
View File

@ -0,0 +1,10 @@
{
imports = [
./amdgpu.nix
./bluetooth.nix
./corne.nix
./ibm-trackpoint.nix
./opentablet.nix
./sound.nix
];
}

15
system/hardware/ibm-trackpoint.nix Normal file
View File

@ -0,0 +1,15 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.hardware.ibmTrackpoint;
in {
options.system.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBMs trackpoint on ThinkPad";
config.services.udev = mkIf cfg.disable {
extraRules = ''
ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
'';
};
}

14
system/hardware/opentablet.nix Normal file
View File

@ -0,0 +1,14 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.hardware.opentablet;
in {
options.system.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
config.hardware.opentabletdriver = mkIf cfg.enable {
inherit (cfg) enable;
daemon.enable = true;
};
}

20
modules/sound.nix → system/hardware/sound.nix
View File

@ -5,10 +5,11 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.sound; cfg = config.system.hardware.sound;
in { in {
options.modules.sound = { options.system.hardware.sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire"; enable = mkEnableOption "Whether to enable sounds with Pipewire";
scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
alsa = mkOption { alsa = mkOption {
type = types.bool; type = types.bool;
example = true; example = true;
@ -29,12 +30,15 @@ in {
}; };
}; };
config.services.pipewire = mkIf cfg.enable { config = {
enable = true; environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
alsa = mkIf cfg.alsa { services.pipewire = mkIf cfg.enable {
enable = mkDefault true; enable = true;
support32Bit = mkDefault true; alsa = mkIf cfg.alsa {
enable = mkDefault true;
support32Bit = mkDefault true;
};
jack.enable = mkDefault cfg.jack;
}; };
jack.enable = mkDefault cfg.jack;
}; };
} }

5
system/i18n/default.nix Normal file
View File

@ -0,0 +1,5 @@
{
imports = [
./locale.nix
];
}

0
modules/locale.nix → system/i18n/locale.nix
View File

5
system/network/default.nix Normal file
View File

@ -0,0 +1,5 @@
{
imports = [
./networking.nix
];
}

4
modules/networking.nix → system/network/networking.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.networking; cfg = config.system.networking;
in { in {
options.modules.networking = with types; { options.system.networking = with types; {
hostname = mkOption { hostname = mkOption {
type = str; type = str;
example = "gampo"; example = "gampo";

4
modules/appimage.nix → system/packages/appimage.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.appimage; cfg = config.system.packages.appimage;
in { in {
options.modules.appimage.enable = mkEnableOption "Enables AppImage support"; options.system.packages.appimage.enable = mkEnableOption "Enables AppImage support";
config.programs.appimage = mkIf cfg.enable { config.programs.appimage = mkIf cfg.enable {
inherit (cfg) enable; inherit (cfg) enable;
binfmt = true; binfmt = true;

15
system/packages/default.nix Normal file
View File

@ -0,0 +1,15 @@
{pkgs, ...}: {
imports = [
./appimage.nix
./flatpak.nix
./nano.nix
./nix.nix
./steam.nix
];
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
}

22
system/packages/flatpak.nix Normal file
View File

@ -0,0 +1,22 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.system.packages.flatpak;
in {
options.system.packages.flatpak = {
enable = mkEnableOption "Enable Flatpak support";
builder.enable = mkEnableOption "Enable Flatpak builder";
};
config = {
services.flatpak = mkIf cfg.enable {
inherit (cfg) enable;
};
environment.systemPackages = mkIf cfg.builder.enable [
pkgs.flatpak-buildR
];
};
}

0
programs/nano.nix → system/packages/nano.nix
View File

19
modules/nix.nix → system/packages/nix.nix
View File

@ -4,10 +4,11 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.nix; cfg = config.system.packages.nix;
in { in {
options.modules.nix = { options.system.packages.nix = {
disableSandbox = mkEnableOption "Disables Nix sandbox"; allowUnfree = mkEnableOption "Enable unfree packages";
disableSandbox = mkEnableOption "Disable Nix sandbox";
gc = { gc = {
automatic = mkOption { automatic = mkOption {
type = types.bool; type = types.bool;
@ -22,17 +23,27 @@ in {
default = "--delete-older-than 30d"; default = "--delete-older-than 30d";
}; };
}; };
nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
trusted-users = mkOption {
type = types.listOf types.str;
example = ["alice" "bob"];
default = [];
};
}; };
config = { config = {
nix = { nix = {
inherit (cfg) gc;
settings = { settings = {
inherit (cfg) trusted-users;
sandbox = cfg.disableSandbox; sandbox = cfg.disableSandbox;
experimental-features = ["nix-command" "flakes"]; experimental-features = ["nix-command" "flakes"];
auto-optimise-store = true; auto-optimise-store = true;
}; };
inherit (cfg) gc;
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
programs = {
inherit (cfg) nix-ld;
};
}; };
} }

34
system/packages/steam.nix Normal file
View File

@ -0,0 +1,34 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.system.programs.steam;
in {
options.system.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
config = mkIf cfg.enable {
programs = {
steam = {
inherit (cfg) enable;
protontricks.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
};
gamescope = {
enable = true;
capSysNice = true;
args = [
"--rt"
"--expose-wayland"
];
};
};
hardware.steam-hardware = {
inherit (cfg) enable;
};
};
}

5
system/security/default.nix Normal file
View File

@ -0,0 +1,5 @@
{
imports = [
./sops.nix
];
}

2
modules/sops.nix → system/security/sops.nix
View File

@ -1,6 +1,6 @@
{ {
sops = { sops = {
defaultSopsFile = ../secrets/secrets.yaml; defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age = { age = {
# automatically import user SSH keys as age keys # automatically import user SSH keys as age keys

9
system/services/default.nix Normal file
View File

@ -0,0 +1,9 @@
{
imports = [
./endlessh.nix
./fwupd.nix
./printing.nix
./ssh.nix
./sunshine.nix
];
}

4
modules/endlessh.nix → system/services/endlessh.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.endlessh; cfg = config.system.services.endlessh;
in { in {
options.modules.endlessh = { options.system.services.endlessh = {
enable = mkEnableOption "Enables endlessh."; enable = mkEnableOption "Enables endlessh.";
port = mkOption { port = mkOption {
type = types.port; type = types.port;

13
system/services/fwupd.nix Normal file
View File

@ -0,0 +1,13 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.services.fwupd;
in {
options.system.services.fwupd.enable = mkEnableOption "Enable fwupd";
config.services.fwupd = mkIf cfg.enable {
inherit (cfg) enable;
};
}

13
system/services/printing.nix Normal file
View File

@ -0,0 +1,13 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.system.services.printing;
in {
options.system.services.printing.enable = mkEnableOption "Enable printing with CUPS";
config.services.printing = mkIf cfg.enable {
inherit (cfg) enable;
};
}

6
modules/ssh.nix → system/services/ssh.nix
View File

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.ssh; cfg = config.system.services.ssh;
in { in {
options.modules.ssh = { options.system.services.ssh = {
enable = mkEnableOption "Enables OpenSSH"; enable = mkEnableOption "Enables OpenSSH";
allowedUsers = mkOption { allowedUsers = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
@ -20,7 +20,7 @@ in {
}; };
}; };
config.services.openssh = mkIf cfg.enable { config.services.openssh = mkIf cfg.enable {
enable = true; inherit (cfg) enable;
settings = { settings = {
AllowUsers = cfg.allowedUsers; AllowUsers = cfg.allowedUsers;
PermitRootLogin = "no"; PermitRootLogin = "no";

12
modules/sunshine.nix → system/services/sunshine.nix
View File

@ -4,19 +4,17 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.sunshine; cfg = config.system.services.sunshine;
in { in {
options.modules.sunshine = { options.system.services.sunshine = {
enable = mkEnableOption "Enables moonlight"; enable = mkEnableOption "Enables Sunshine";
autostart = mkEnableOption "Enables autostart"; autostart = mkEnableOption "Enables autostart";
}; };
config.services.sunshine = mkIf cfg.enable { config.services.sunshine = mkIf cfg.enable {
enable = true; inherit (cfg) enable;
autoStart = cfg.autostart; autoStart = cfg.autostart;
capSysAdmin = true; capSysAdmin = true;
openFirewall = true; openFirewall = true;
settings = { settings.sunshine_name = config.system.networking.hostname;
sunshine_name = "marpa";
};
}; };
} }

5
system/users/default.nix Normal file
View File

@ -0,0 +1,5 @@
{
imports = [
./phundrak.nix
];
}

2
modules/keys/id_alys.pub → system/users/keys/id_alys.pub
View File

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTv1lb6d99O84jeh6GdjPm8Gnt/HncSRhGhmoTq7BMK lucien@phundrak.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTv1lb6d99O84jeh6GdjPm8Gnt/HncSRhGhmoTq7BMK lucien@phundrak.com

0
modules/keys/id_gampo.pub → system/users/keys/id_gampo.pub
View File

0
modules/keys/id_marpa.pub → system/users/keys/id_marpa.pub
View File

0
modules/keys/id_opn4.pub → system/users/keys/id_opn4.pub
View File

0
modules/keys/id_tilo.pub → system/users/keys/id_tilo.pub
View File

11
modules/users.nix → system/users/phundrak.nix
View File

@ -5,14 +5,11 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.modules.users; cfg = config.system.users;
in { in {
options.modules.users = { options.system.users = {
root.disablePassword = mkEnableOption "Disables root password"; root.disablePassword = mkEnableOption "Disables root password";
phundrak = mkOption { phundrak.enable = mkEnableOption "Enables users phundrak";
type = types.bool;
default = true;
};
}; };
config = { config = {
@ -21,7 +18,7 @@ in {
hashedPassword = mkIf cfg.root.disablePassword "*"; hashedPassword = mkIf cfg.root.disablePassword "*";
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
phundrak = { phundrak = mkIf cfg.phundrak.enable {
isNormalUser = true; isNormalUser = true;
description = "Lucien Cartier-Tilet"; description = "Lucien Cartier-Tilet";
extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"]; extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];

0
programs/flatpak.nix → users/modules/flatpak.nix
View File

13
users/phundrak/home.nix
View File

@ -8,18 +8,7 @@
./light-home.nix ./light-home.nix
./packages.nix ./packages.nix
./email.nix ./email.nix
../modules/emacs.nix ../modules
../modules/emoji.nix
../modules/hyprland.nix
../modules/kdeconnect.nix
../modules/kitty.nix
../modules/mbsync.nix
../modules/mpd.nix
../modules/mpv.nix
../modules/ollama.nix
../modules/qt.nix
../modules/wofi.nix
../modules/yt-dlp.nix
]; ];
config = let config = let

20
users/phundrak/programs.nix
View File

@ -1,12 +1,12 @@
{ {
imports = [ modules = {
../modules/emacs.nix emacs.enable = true;
../modules/kdeconnect.nix kdeconnect.enable = true;
../modules/kitty.nix kitty.enable = true;
../modules/mbsync.nix mbsync.enable = true;
../modules/mpd.nix mpd.enable = true;
../modules/mpv.nix mpv.enable = true;
../modules/wofi.nix wofi.enable = true;
../modules/yt-dlp.nix yt-dlp.enable = true;
]; };
} }