phundrak/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phundrak:main
Branches Tags
phundrak:main
phundrak:develop
..
compare: phundrak:develop
Branches Tags
phundrak:main
phundrak:develop

No commits in common. "main" and "develop" have entirely different histories.
main ... develop

151 changed files with 1257 additions and 1816 deletions
Show Stats Expand all files Collapse all files

33
README.md
View File

@ -4,12 +4,14 @@ Personal NixOS configuration for my machines, using Nix Flakes for reproducible
## Repository Structure
- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations.
- **hosts/**: Contains the host-specific NixOS configurations.
- **system/**: Holds system-wide configuration modules that can be shared across different hosts. This includes things like boot settings, desktop environments, hardware configurations, networking, packages, security, and system services.
- **users/**: Manages user-specific configurations. It's split into `modules` for reusable home-manager configurations and `phundrak` for my personal configuration.
- **keys/**: Public keys for various machines.
- **secrets/**: Encrypted secrets managed with `sops-nix`.
- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations
- **hosts/**: Host-specific NixOS configurations
- **modules/**: Custom NixOS modules reusable across different hosts
- **programs/**: System-level programs shared across hosts
- **secrets/**: Encrypted secrets managed with sops-nix
- **system/**: Common system-level configurations shared across hosts
- **users/phundrak/**: Home-manager configuration for my user
- **users/modules/**: Custom user modules reusable across configurations
## Usage
@ -49,9 +51,24 @@ nh home switch
Format Nix files (using Alejandra):
```bash
nix fmt .
nix fmt
```
## Development
For development, a devShell is provided with linting tools and git hooks:
```bash
nix develop
```
This will set up an environment with:
- alejandra (formatting)
- commitizen (commit messages)
- deadnix (dead code detection)
- statix (linting)
- Other useful git hooks
## Contributing
Feel free to fork this repository and make your own changes. If you have any improvements or suggestions, please open an issue or submit a pull request.
Feel free to fork this repository and make your own changes. If you have any improvements or suggestions, please open an issue or submit a pull request.

238
flake.lock generated
View File

@ -9,20 +9,16 @@
"devenv"
],
"git-hooks": [
"devenv",
"git-hooks"
"devenv"
],
"nixpkgs": [
"devenv",
"nixpkgs"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1748883665,
"narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
"lastModified": 1744206633,
"narHash": "sha256-pb5aYkE8FOoa4n123slgHiOf1UbNSnKe5pEZC+xXD5g=",
"owner": "cachix",
"repo": "cachix",
"rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
"rev": "8a60090640b96f9df95d1ab99e5763a586be1404",
"type": "github"
},
"original": {
@ -38,16 +34,14 @@
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1755961020,
"narHash": "sha256-Fs0CWiUA78Qgbc9zVk+zUN7pEkMPffnd//JsDtUUWBM=",
"lastModified": 1747717470,
"narHash": "sha256-tk2mRZAf8C5uOkMVJHemJ3ld09CYVp/z94/lHqsQ8ZA=",
"owner": "cachix",
"repo": "devenv",
"rev": "abb198476023189fc45a01bd6502f5ca6ea62bd0",
"rev": "c7f2256ee4a4a4ee9cbf1e82a6e49b253c374995",
"type": "github"
},
"original": {
@ -59,11 +53,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -81,11 +75,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
@ -94,29 +88,10 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"devenv",
"flake-compat"
"devenv"
],
"gitignore": "gitignore",
"nixpkgs": [
@ -125,11 +100,11 @@
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1746537231,
"narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"type": "github"
},
"original": {
@ -167,11 +142,11 @@
]
},
"locked": {
"lastModified": 1755914636,
"narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
"lastModified": 1748134483,
"narHash": "sha256-5PBK1nV8X39K3qUj8B477Aa2RdbLq3m7wRxUKRtggX4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
"rev": "c1e671036224089937e111e32ea899f59181c383",
"type": "github"
},
"original": {
@ -180,39 +155,51 @@
"type": "github"
}
},
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": [
"devenv",
"flake-compat"
"devenv"
],
"flake-parts": "flake-parts",
"git-hooks-nix": [
"devenv",
"git-hooks"
],
"nixpkgs": [
"devenv",
"nixpkgs"
],
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-23-11": [
"devenv"
],
"nixpkgs-regression": [
"devenv"
],
"pre-commit-hooks": [
"devenv"
]
},
"locked": {
"lastModified": 1755029779,
"narHash": "sha256-3+GHIYGg4U9XKUN4rg473frIVNn8YD06bjwxKS1IPrU=",
"owner": "cachix",
"lastModified": 1745930071,
"narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=",
"owner": "domenkozar",
"repo": "nix",
"rev": "b0972b0eee6726081d10b1199f54de6d2917f861",
"rev": "b455edf3505f1bf0172b39a735caef94687d0d9c",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "devenv-2.30",
"owner": "domenkozar",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
@ -224,11 +211,11 @@
]
},
"locked": {
"lastModified": 1755404379,
"narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=",
"lastModified": 1748145500,
"narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3",
"rev": "a98adbf54d663395df0b9929f6481d4d80fc8927",
"type": "github"
},
"original": {
@ -239,11 +226,59 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1746807397,
"narHash": "sha256-zU2z0jlkJGWLhdNr/8AJSxqK8XD0IlQgHp3VZcP56Aw=",
"owner": "cachix",
"repo": "devenv-nixpkgs",
"rev": "c5208b594838ea8e6cca5997fbf784b7cca1ca90",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "rolling",
"repo": "devenv-nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"type": "github"
},
"original": {
@ -255,18 +290,17 @@
},
"pumo-system-info": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1748984111,
"narHash": "sha256-SP1/+cCHnPg0UqylHCzeKNx61wGapLrYRn5UKiiDicc=",
"lastModified": 1748127405,
"narHash": "sha256-5Xh7VXmjeK5m8Dxt2bti8A2HdkpmPftHc2+WXH3tQH8=",
"ref": "refs/heads/develop",
"rev": "f9fe233b6cb669a718a0ddb529793159d39ba32e",
"revCount": 9,
"rev": "06fa652f9626590a9727f3ec8b48330ad3fcb78f",
"revCount": 6,
"type": "git",
"url": "https://labs.phundrak.com/phundrak/pumo-system-info"
},
@ -275,34 +309,13 @@
"url": "https://labs.phundrak.com/phundrak/pumo-system-info"
}
},
"quickshell": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753595452,
"narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=",
"ref": "refs/heads/master",
"rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda",
"revCount": 665,
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
},
"original": {
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
}
},
"root": {
"inputs": {
"devenv": "devenv",
"home-manager": "home-manager",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_4",
"pumo-system-info": "pumo-system-info",
"quickshell": "quickshell",
"sops-nix": "sops-nix",
"zen-browser": "zen-browser"
}
@ -315,11 +328,11 @@
]
},
"locked": {
"lastModified": 1748918260,
"narHash": "sha256-KhXNXQ5IDLvwwYfJ0pXDjwIuisZ2qM6F7fcXjIGZy/4=",
"lastModified": 1748054080,
"narHash": "sha256-rwFiLLNCwkj9bqePtH1sMqzs1xmohE0Ojq249piMzF4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c9736155bc1eb7c7cf3a925920850e61c07ab22a",
"rev": "2221d8d53c128beb69346fa3ab36da3f19bb1691",
"type": "github"
},
"original": {
@ -335,11 +348,11 @@
]
},
"locked": {
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"lastModified": 1747603214,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github"
},
"original": {
@ -348,21 +361,6 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
@ -370,11 +368,11 @@
]
},
"locked": {
"lastModified": 1754886070,
"narHash": "sha256-MZDmxOkVKL1HY72bliN8Gxh0SYkHUa3W/1fTU2ke36I=",
"lastModified": 1748059546,
"narHash": "sha256-e0jy8RU8ofOdeS5gF9Hir+M5Wn0q7D8MkpeQXsOJdu4=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "e37d2b326311320c8571111b3ef89b29d26d4b64",
"rev": "716a5af28d686d67146d01b14112c919b6133a84",
"type": "github"
},
"original": {

41
flake.nix
View File

@ -2,33 +2,24 @@
description = "Home Manager configuration of phundrak";
inputs = {
# Specify the source of Home Manager and Nixpkgs.
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
devenv = {
url = "github:cachix/devenv";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
devenv.url = "github:cachix/devenv";
pumo-system-info = {
url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
inputs.nixpkgs.follows = "nixpkgs";
};
quickshell = {
url = "git+https://git.outfoxxed.me/quickshell/quickshell";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
@ -84,23 +75,14 @@
};
homeConfigurations = {
"phundrak@alys" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
};
modules = [
./users/phundrak/host/alys.nix
inputs.sops-nix.homeManagerModules.sops
];
};
"phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "fullHome";
};
modules = [
./users/phundrak/host/marpa.nix
./users/phundrak/marpa.nix
inputs.sops-nix.homeManagerModules.sops
];
};
@ -108,9 +90,10 @@
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "fullHome";
};
modules = [
./users/phundrak/host/gampo.nix
./users/phundrak/gampo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
@ -118,22 +101,16 @@
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
home-conf = "minimal";
};
modules = [
./users/phundrak/host/tilo.nix
./users/phundrak/tilo.nix
inputs.sops-nix.homeManagerModules.sops
];
};
};
nixosConfigurations = {
alys = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [
./hosts/alys/configuration.nix
inputs.sops-nix.nixosModules.sops
];
};
gampo = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [

41
hosts/alys/configuration.nix
View File

@ -1,41 +0,0 @@
{inputs, ...}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../system
];
mySystem = {
boot = {
kernel.hardened = true;
systemd-boot = false;
zram = {
enable = true;
memoryMax = 512;
};
};
dev.docker.enable = true;
networking = {
hostname = "alys";
domain = "phundrak.com";
id = "41157110";
};
packages.nix = {
gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
endlessh.enable = true;
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
system.stateVersion = "23.11";
}

28
hosts/alys/hardware-configuration.nix
View File

@ -1,28 +0,0 @@
{
modulesPath,
lib,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot = {
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
initrd.kernelModules = ["nvme"];
};
fileSystems = {
"/" = {
device = "/dev/vda1";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/F137-8D01";
fsType = "vfat";
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

91
hosts/gampo/configuration.nix
View File

@ -7,71 +7,52 @@
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../system
./services
../../modules/opentablet.nix
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
];
mySystem = {
boot = {
plymouth.enable = true;
kernel = {
cpuVendor = "intel";
package = pkgs.linuxPackages;
modules = ["i915"];
};
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
hardware = {
bluetooth.enable = true;
corne.allowHidAccess = true;
ibmTrackpoint.disable = true;
opentablet.enable = true;
sound.enable = true;
};
misc.keymap = "fr-bepo";
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
packages = {
appimage.enable = true;
flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
ssh.enable = true;
};
users = {
root.disablePassword = true;
phundrak.enable = true;
};
};
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
boot.initrd.kernelModules = ["i915"];
system = {
boot.plymouth.enable = true;
docker = {
enable = true;
autoprune.enable = true;
podman.enable = true;
};
networking = {
hostname = "gampo";
id = "0630b33f";
hostFiles = [config.sops.secrets.extraHosts.path];
};
sound.enable = true;
};
modules.hyprland.enable = true;
security.rtkit.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
nix.settings.trusted-users = ["root" "phundrak"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database
# versions on your system were taken. Its perfectly fine and

15
hosts/gampo/services/default.nix Normal file
View File

@ -0,0 +1,15 @@
{
imports = [
./gnome.nix
];
services = {
# Enable CUPS to print documents.
printing.enable = true;
openssh.enable = true;
fwupd.enable = true;
udev.extraRules = ''
ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
'';
};
}

11
hosts/gampo/services/gnome.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb = {
layout = "fr";
variant = "bepo";
};
};
}

112
hosts/marpa/configuration.nix
View File

@ -1,48 +1,42 @@
{
config,
pkgs,
inputs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../system
./system/hardware-configuration.nix
./services
../../modules/opentablet.nix
../../modules/sops.nix
../../modules/system.nix
../../programs/flatpak.nix
../../programs/hyprland.nix
../../programs/steam.nix
];
mySystem = {
boot = {
extraModprobeConfig = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
plymouth.enable = true;
kernel.cpuVendor = "amd";
systemd-boot = true;
};
desktop = {
hyprland.enable = true;
niri.enable = true;
xserver = {
enable = true;
de = "gnome";
};
};
dev.docker = {
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
security.polkit.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
system = {
amdgpu.enable = true;
boot.plymouth.enable = true;
docker = {
enable = true;
podman.enable = true;
autoprune.enable = true;
};
hardware = {
amdgpu.enable = true;
bluetooth.enable = true;
corne.allowHidAccess = true;
opentablet.enable = true;
sound = {
enable = true;
jack = true;
scarlett.enable = true;
};
};
misc.keymap = "fr-bepo";
networking = {
hostname = "marpa";
id = "7EA4A111";
@ -55,45 +49,31 @@
}
];
};
packages = {
appimage.enable = true;
flatpak.enable = true;
nix = {
nix-ld.enable = true;
trusted-users = ["root" "phundrak"];
};
};
programs.steam.enable = true;
services = {
fwupd.enable = true;
printing.enable = true;
ssh.enable = true;
sunshine = {
enable = true;
autostart = true;
};
};
users = {
root.disablePassword = true;
phundrak.enable = true;
sound = {
enable = true;
jack = true;
};
};
sops.secrets.extraHosts = {
inherit (config.users.users.root) group;
owner = config.users.users.phundrak.name;
mode = "0440";
};
modules.hyprland.enable = true;
security = {
polkit.enable = true;
rtkit.enable = true;
};
security.rtkit.enable = true;
fileSystems."/games" = {
device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
fsType = "ext4";
};
nix.settings.trusted-users = ["root" "phundrak"];
environment.systemPackages = with pkgs; [
clinfo # AMD
curl
openssl
wget
alsa-scarlett-gui
];
boot.extraModprobeConfig = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
programs.nix-ld.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

42
hosts/marpa/services/default.nix
View File

@ -1,24 +1,24 @@
{
# imports = [
# ./logind.nix
# ../../../system
# ];
# imports = [
# ./logind.nix
# ../../../modules/ssh.nix
# ../../../modules/sunshine.nix
# ];
imports = [
../../../modules/ssh.nix
../../../modules/sunshine.nix
../../../modules/xserver.nix
];
# modules = {
# sunshine = {
# enable = true;
# autostart = true;
# };
# };
# services = {
# blueman.enable = true;
# fwupd.enable = true;
# printing.enable = true;
# openssh.enable = true;
# };
modules = {
sunshine = {
enable = true;
autostart = true;
};
xserver = {
amdgpu.enable = true;
de = "gnome";
};
};
services = {
blueman.enable = true;
fwupd.enable = true;
printing.enable = true;
openssh.enable = true;
};
}

6
hosts/marpa/services/logind.nix
View File

@ -1,6 +0,0 @@
{
services.logind = {
powerKey = "ignore";
powerKeyLongPress = "ignore";
};
}

0
hosts/marpa/hardware-configuration.nix → hosts/marpa/system/hardware-configuration.nix
View File

66
hosts/tilo/configuration.nix
View File

@ -1,15 +1,23 @@
# Edit this configuration file to define what should be installed on your
# system. Help is available in the configuration.nix(5) man page and in
# the NixOS manual (accessible by running nixos-help).
{inputs, ...}: {
{
pkgs,
inputs,
...
}: {
imports = [
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
../../system
./services
../../modules/locale.nix
../../modules/system.nix
../../modules/ssh.nix
../../modules/endlessh.nix
../../programs/nano.nix
];
mySystem = {
system = {
amdgpu.enable = false;
boot = {
kernel = {
hardened = true;
@ -20,43 +28,51 @@
pools = ["tank"];
};
};
dev.docker.enable = true;
misc.keymap = "fr-bepo";
docker.enable = true;
networking = {
hostname = "tilo";
id = "7110b33f";
firewall = {
openPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
2222 # endlessh
25565 # Minecraft
];
extraCommands = ''
iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
'';
};
};
packages.nix = {
gc.automatic = true;
trusted-users = ["root" "phundrak"];
};
services = {
calibre.enable = true;
endlessh.enable = true;
jellyfin.enable = true;
plex = {
enable = true;
dataDir = "/tank/web/stacks/plex/plex-config";
};
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
};
nix.gc.automatic = true;
sound.enable = false;
users = {
root.disablePassword = true;
phundrak.enable = true;
phundrak = true;
};
console.keyMap = "fr-bepo";
};
modules = {
ssh = {
enable = true;
allowedUsers = ["phundrak"];
passwordAuthentication = false;
};
endlessh.enable = true;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [pkgs.openssl];
# imports = [
# # Include the results of the hardware scan.
# ./services.nix
# ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

3
hosts/tilo/services/default.nix
View File

@ -1,3 +0,0 @@
{
imports = [./nextcloud-cron.nix];
}

33
hosts/tilo/services/nextcloud-cron.nix
View File

@ -1,33 +0,0 @@
{pkgs, ...}: {
systemd = {
timers."nextcloud-cron" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "20m";
Unit = "nextcloud-cron.service";
};
};
services."nextcloud-cron" = {
script = ''
CONTAINER_NAME="nextcloud-nextcloud-1"
is_container_running() {
${pkgs.docker}/bin/docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null | grep -q "true"
}
while ! is_container_running; do
echo "Waiting for $CONTAINER_NAME to start..."
sleep 10
done
echo "$CONTAINER_NAME is running. Executing CRON job..."
${pkgs.docker}/bin/docker exec -u www-data -it nextcloud-nextcloud-1 php /var/www/html/cron.php
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
}

1
keys/id_alys.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTv1lb6d99O84jeh6GdjPm8Gnt/HncSRhGhmoTq7BMK lucien@phundrak.com

9
system/hardware/amdgpu.nix → modules/amdgpu.nix
View File

@ -5,18 +5,13 @@
...
}:
with lib; let
cfg = config.mySystem.hardware.amdgpu;
cfg = config.modules.amdgpu;
in {
options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
environment.systemPackages = with pkgs; [
clinfo
amdgpu_top
nvtopPackages.amd
];
};
}

23
system/boot/boot.nix → modules/boot.nix
View File

@ -5,16 +5,10 @@
...
}:
with lib; let
cfg = config.mySystem.boot;
cfg = config.modules.boot;
in {
options.mySystem.boot = {
extraModprobeConfig = mkOption {
type = types.lines;
default = "";
example = ''
options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
'';
};
options.modules.boot = {
amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
kernel = {
package = mkOption {
type = types.raw;
@ -36,11 +30,6 @@ in {
};
hardened = mkEnableOption "Enables hardened Linux kernel";
};
systemd-boot = mkOption {
type = types.bool;
default = true;
description = "Does the system use systemd-boot?";
};
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
@ -51,10 +40,10 @@ in {
};
config.boot = {
initrd.kernelModules = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
loader = {
systemd-boot.enable = cfg.systemd-boot;
efi.canTouchEfiVariables = cfg.systemd-boot;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = mkIf cfg.zfs.enable ["zfs"];
zfs.extraPools = mkIf cfg.zfs.enable cfg.zfs.pools;

4
system/dev/docker.nix → modules/dev/docker.nix
View File

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.dev.docker;
cfg = config.modules.docker;
in {
options.mySystem.dev.docker = {
options.modules.docker = {
enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";

4
system/services/endlessh.nix → modules/endlessh.nix
View File

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.services.endlessh;
cfg = config.modules.endlessh;
in {
options.mySystem.services.endlessh = {
options.modules.endlessh = {
enable = mkEnableOption "Enables endlessh.";
port = mkOption {
type = types.port;

0
keys/id_gampo.pub → modules/keys/id_gampo.pub
View File

0
keys/id_marpa.pub → modules/keys/id_marpa.pub
View File

0
keys/id_opn4.pub → modules/keys/id_opn4.pub
View File

0
keys/id_tilo.pub → modules/keys/id_tilo.pub
View File

0
system/i18n/locale.nix → modules/locale.nix
View File

23
system/network/networking.nix → modules/networking.nix
View File

@ -4,35 +4,30 @@
...
}:
with lib; let
cfg = config.mySystem.networking;
cfg = config.modules.networking;
in {
options.mySystem.networking = with types; {
options.modules.networking = {
hostname = mkOption {
type = str;
type = types.str;
example = "gampo";
};
id = mkOption {
type = str;
type = types.str;
example = "deadb33f";
};
domain = mkOption {
type = nullOr str;
example = "phundrak.com";
default = null;
};
hostFiles = mkOption {
type = listOf path;
type = types.listOf types.path;
example = [/path/to/hostFile];
default = [];
};
firewall = {
openPorts = mkOption {
type = listOf int;
type = types.listOf types.int;
example = [22 80 443];
default = [];
};
openPortRanges = mkOption {
type = listOf (attrsOf port);
type = types.listOf (types.attrsOf types.port);
default = [];
example = [
{
@ -46,7 +41,7 @@ in {
'';
};
extraCommands = mkOption {
type = nullOr lines;
type = types.nullOr types.lines;
example = "iptables -A INPUTS -p icmp -j ACCEPT";
default = null;
};
@ -57,7 +52,7 @@ in {
hostName = cfg.hostname; # Define your hostname.
hostId = cfg.id;
networkmanager.enable = true;
inherit (cfg) hostFiles domain;
inherit (cfg) hostFiles;
firewall = {
enable = true;
allowedTCPPorts = cfg.firewall.openPorts;

19
system/packages/nix.nix → modules/nix.nix
View File

@ -4,11 +4,10 @@
...
}:
with lib; let
cfg = config.mySystem.packages.nix;
cfg = config.modules.nix;
in {
options.mySystem.packages.nix = {
allowUnfree = mkEnableOption "Enable unfree packages";
disableSandbox = mkEnableOption "Disable Nix sandbox";
options.modules.nix = {
disableSandbox = mkEnableOption "Disables Nix sandbox";
gc = {
automatic = mkOption {
type = types.bool;
@ -23,27 +22,17 @@ in {
default = "--delete-older-than 30d";
};
};
nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
trusted-users = mkOption {
type = types.listOf types.str;
example = ["alice" "bob"];
default = [];
};
};
config = {
nix = {
inherit (cfg) gc;
settings = {
inherit (cfg) trusted-users;
sandbox = cfg.disableSandbox;
experimental-features = ["nix-command" "flakes"];
auto-optimise-store = true;
};
inherit (cfg) gc;
};
nixpkgs.config.allowUnfree = true;
programs = {
inherit (cfg) nix-ld;
};
};
}

6
modules/opentablet.nix Normal file
View File

@ -0,0 +1,6 @@
{
hardware.opentabletdriver = {
enable = true;
daemon.enable = true;
};
}

4
system/boot/plymouth.nix → modules/plymouth.nix
View File

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.mySystem.boot.plymouth;
cfg = config.modules.boot.plymouth;
in {
options.mySystem.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
config.boot = mkIf cfg.enable {
plymouth = {
inherit (cfg) enable;

2
system/security/sops.nix → modules/sops.nix
View File

@ -1,6 +1,6 @@
{
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFile = ../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age = {
# automatically import user SSH keys as age keys

23
system/hardware/sound.nix → modules/sound.nix
View File

@ -5,11 +5,10 @@
...
}:
with lib; let
cfg = config.mySystem.hardware.sound;
cfg = config.modules.sound;
in {
options.mySystem.hardware.sound = {
options.modules.sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire";
scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
alsa = mkOption {
type = types.bool;
example = true;
@ -30,18 +29,12 @@ in {
};
};
config = {
environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
services.pipewire = mkIf cfg.enable {
enable = true;
alsa = mkIf cfg.alsa {
enable = mkDefault true;
support32Bit = mkDefault true;
};
jack.enable = mkDefault cfg.jack;
};
programs.noisetorch = mkIf cfg.enable {
inherit (cfg) enable;
config.services.pipewire = mkIf cfg.enable {
enable = true;
alsa = mkIf cfg.alsa {
enable = mkDefault true;
support32Bit = mkDefault true;
};
jack.enable = mkDefault cfg.jack;
};
}

6
system/services/ssh.nix → modules/ssh.nix
View File

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.services.ssh;
cfg = config.modules.ssh;
in {
options.mySystem.services.ssh = {
options.modules.ssh = {
enable = mkEnableOption "Enables OpenSSH";
allowedUsers = mkOption {
type = types.listOf types.str;
@ -20,7 +20,7 @@ in {
};
};
config.services.openssh = mkIf cfg.enable {
inherit (cfg) enable;
enable = true;
settings = {
AllowUsers = cfg.allowedUsers;
PermitRootLogin = "no";

12
system/services/sunshine.nix → modules/sunshine.nix
View File

@ -4,17 +4,19 @@
...
}:
with lib; let
cfg = config.mySystem.services.sunshine;
cfg = config.modules.sunshine;
in {
options.mySystem.services.sunshine = {
enable = mkEnableOption "Enables Sunshine";
options.modules.sunshine = {
enable = mkEnableOption "Enables moonlight";
autostart = mkEnableOption "Enables autostart";
};
config.services.sunshine = mkIf cfg.enable {
inherit (cfg) enable;
enable = true;
autoStart = cfg.autostart;
capSysAdmin = true;
openFirewall = true;
settings.sunshine_name = config.mySystem.networking.hostname;
settings = {
sunshine_name = "marpa";
};
};
}

171
modules/system.nix Normal file
View File

@ -0,0 +1,171 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.system;
in {
imports = [
./amdgpu.nix
./boot.nix
./locale.nix
./networking.nix
./nix.nix
./plymouth.nix
./sound.nix
./users.nix
./dev/docker.nix
];
options.system = {
amdgpu.enable = mkEnableOption "Enables AMD GPU support";
boot = {
kernel = {
package = mkOption {
type = types.raw;
default = pkgs.linuxPackages_zen;
};
modules = mkOption {
type = types.listOf types.str;
default = [];
};
cpuVendor = mkOption {
description = "Intel or AMD?";
type = types.enum ["intel" "amd"];
default = "amd";
};
v4l2loopback = mkOption {
description = "Enables v4l2loopback";
type = types.bool;
default = true;
};
hardened = mkEnableOption "Enables hardened Linux kernel";
};
plymouth.enable = mkEnableOption "Enables Plymouth";
zfs = {
enable = mkEnableOption "Enables ZFS";
pools = mkOption {
type = types.listOf types.str;
default = [];
};
};
};
docker = {
enable = mkEnableOption "Enable Docker";
podman.enable = mkEnableOption "Enable Podman rather than Docker";
nvidia.enable = mkEnableOption "Activate Nvidia support";
autoprune.enable = mkEnableOption "Enable autoprune";
};
networking = {
hostname = mkOption {
type = types.str;
example = "gampo";
};
id = mkOption {
type = types.str;
example = "deadb33f";
};
hostFiles = mkOption {
type = types.listOf types.path;
example = [/path/to/hostFile];
default = [];
};
firewall = {
openPorts = mkOption {
type = types.listOf types.int;
example = [22 80 443];
default = [];
};
openPortRanges = mkOption {
type = types.listOf (types.attrsOf types.port);
default = [];
example = [
{
from = 8080;
to = 8082;
}
];
description = ''
A range of TCP and UDP ports on which incoming connections are
accepted.
'';
};
extraCommands = mkOption {
type = types.nullOr types.lines;
example = "iptables -A INPUTS -p icmp -j ACCEPT";
default = null;
};
};
};
nix = {
disableSandbox = mkOption {
type = types.bool;
default = false;
};
gc = {
automatic = mkOption {
type = types.bool;
default = true;
};
dates = mkOption {
type = types.str;
default = "Monday 01:00 UTC";
};
options = mkOption {
type = types.str;
default = "--delete-older-than 30d";
};
};
};
sound = {
enable = mkEnableOption "Whether to enable sounds with Pipewire";
alsa = mkOption {
type = types.bool;
example = true;
default = true;
description = "Whether to enable ALSA support with Pipewire";
};
jack = mkOption {
type = types.bool;
example = true;
default = false;
description = "Whether to enable JACK support with Pipewire";
};
package = mkOption {
type = types.package;
example = pkgs.pulseaudio;
default = pkgs.pulseaudioFull;
description = "Which base package to use for PulseAudio";
};
};
users = {
root.disablePassword = mkEnableOption "Disables root password";
phundrak = mkOption {
type = types.bool;
default = true;
};
};
timezone = mkOption {
type = types.str;
default = "Europe/Paris";
};
console.keyMap = mkOption {
type = types.str;
default = "fr";
};
};
config = {
time.timeZone = cfg.timezone;
console.keyMap = cfg.console.keyMap;
modules = {
boot = {
inherit (cfg) amdgpu;
inherit (cfg.boot) kernel plymouth zfs;
};
inherit (cfg) sound users networking docker amdgpu;
};
};
}

18
system/users/phundrak.nix → modules/users.nix
View File

@ -5,11 +5,14 @@
...
}:
with lib; let
cfg = config.mySystem.users;
cfg = config.modules.users;
in {
options.mySystem.users = {
options.modules.users = {
root.disablePassword = mkEnableOption "Disables root password";
phundrak.enable = mkEnableOption "Enables users phundrak";
phundrak = mkOption {
type = types.bool;
default = true;
};
};
config = {
@ -18,12 +21,17 @@ in {
hashedPassword = mkIf cfg.root.disablePassword "*";
shell = pkgs.zsh;
};
phundrak = mkIf cfg.phundrak.enable {
phundrak = {
isNormalUser = true;
description = "Lucien Cartier-Tilet";
extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
openssh.authorizedKeys.keyFiles = [
./keys/id_gampo.pub
./keys/id_marpa.pub
./keys/id_tilo.pub
./keys/id_opn4.pub
];
};
};
programs.zsh.enable = true;

24
system/desktop/xserver.nix → modules/xserver.nix
View File

@ -4,10 +4,10 @@
...
}:
with lib; let
cfg = config.mySystem.desktop.xserver;
cfg = config.modules.xserver;
in {
options.mySystem.desktop.xserver = {
enable = mkEnableOption "Enables xserver";
options.modules.xserver = {
amdgpu.enable = mkEnableOption "Enables AMD GPU support";
de = mkOption {
type = types.enum ["gnome" "kde"];
default = "gnome";
@ -15,15 +15,9 @@ in {
description = "Which DE to enable";
};
};
config.services = mkIf cfg.enable {
displayManager = {
sddm.enable = mkIf (cfg.de == "kde") true;
gdm.enable = mkIf (cfg.de == "gnome") true;
};
desktopManager = {
plasma6.enable = mkIf (cfg.de == "kde") true;
gnome.enable = mkIf (cfg.de == "gnome") true;
};
config.services = {
displayManager.sddm.enable = mkIf (cfg.de == "kde") true;
desktopManager.plasma6.enable = mkIf (cfg.de == "kde") true;
gnome = mkIf (cfg.de == "gnome") {
gnome-browser-connector.enable = true;
@ -34,8 +28,10 @@ in {
};
xserver = {
inherit (cfg) enable;
videoDrivers = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
enable = true;
displayManager.gdm.enable = mkIf (cfg.de == "gnome") true;
desktopManager.gnome.enable = mkIf (cfg.de == "gnome") true;
videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
xkb = {
layout = "fr";
variant = "bepo_afnor";

3
programs/flatpak.nix Normal file
View File

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

4
system/desktop/hyprland.nix → programs/hyprland.nix
View File

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.mySystem.desktop.hyprland;
cfg = config.modules.hyprland;
in {
options.mySystem.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
options.modules.hyprland.enable = mkEnableOption "Enables Hyprland";
config.programs.hyprland = mkIf cfg.enable {
inherit (cfg) enable;
withUWSM = true;

0
system/packages/nano.nix → programs/nano.nix
View File

21
programs/steam.nix Normal file
View File

@ -0,0 +1,21 @@
{pkgs, ...}: {
programs = {
steam = {
enable = true;
protontricks.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
};
gamescope = {
enable = true;
capSysNice = true;
args = [
"--rt"
"--expose-wayland"
];
};
};
hardware.steam-hardware.enable = true;
}

8
secrets/secrets.yaml
View File

@ -1,10 +1,10 @@
extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
mopidy:
spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
ssh:
hosts: ENC[AES256_GCM,data:j7+Ua5G8dePL5GO+Tf8+hnoJsSfKo2z4I0OcVfSyJ3dc6yyYZVho8iG9bqPAqVR5d7SJr391zCLMJp/jRDpDFLkzQB54udVKI8ob0C2w2xBznPZJsC7qZMptQ+n4IHO1ZROSi/vBadCUfEWKNO9e8gsroBYmliy/31M5IlA85Vx6q4Zx0qIFylfIhBDto3jD2DRcbjWP8NvjJcY7YLrN2sv8RR7QqX1q+0ZxpgFhg+W+a5Dz8JBVsPEdjNJqFAKAmUGKXf4bpEIS5lLUxxZweizEiWgo4nYJgA0kqVYEOiErOPgtpnBKiJlR+fLGuVwdGxVOUMvttZtyIgHc4CWgOJ0h67h4eVii+zeLn0GPJl3i2g5bjOArHKLfkKGduqii4n/1p9VvVTAOn5dj0/NtD2JNJF9kUDr1nMyMa1xA35gzv1vp/U55L6ZU/BRpBPzka6i8nGnCkDVdoUG0DKhN9ooXRpUS9L+W1iz480fzb6i/tfmlhx7Ms1T9VybYFkGLNkxnsrt5Oc24o0XD5/A1j8bJgNWo6aWSA748ZWtN0mXDzB5sH4TVtaZAGlyU9r/x5oCuWPN2qhZ8d2i7g5rceZW5ang/uyXNt8Le5cKvLw3Rhf4BTFhQ6+VJ4/SpdfnLZ17djjbwZO1DT5Nb0RUObcilcwbmUwqvmLbcrdmsfQMOcetRwFpIdoX6MjkRiC1WZ4cz8bMU7ArnK/n15dsIdaiiUfuOJAiBYut1PaJBoZDe8pXzOE6U1s57sejUf1T7NHp2epyevCAYuVG71dAFLn1oLM+FWXuBm6ogFLujoFh7XCVVqdf6j348/ekzBxDIemzS4G1+zflG3AteLWcslGVTNmx0rb3GlSHGNVNZoeHvYAHIIEyWpY4Yd01R8RhjrFXQo9comnpoQXSlFDvuUGTxuUpsariAof4wKLdpqj8Dc4ZaDvd1pAGVh7RBqR4rn4kClbWUVcSFy7QWs9T5Sw0fU/bLL76N6x9Y44P5NQLAJvZ0z8rhIPl0u8OwIhhEwkhWdFLSulk/N7+DVqrRpj7bB5hB8jZWspsl44IdiZWY3UPs7zs=,iv:3q4FYxDWPGyMqeKoSTRxSPvqZXzwg/NeHZh70d38HYM=,tag:jA8/5yi74/mOuu/b83WEeg==,type:str]
hosts: ENC[AES256_GCM,data:jLLehzuBuBh22ZukRlqjQJNBg0ri8go58SJfs4GjNqNdvI/H0NWRS0apqLPzERkbpPipex3kUiFIc6BH+usSSpfh/MWico8qZDKVD7Ekx6F8k45I2Pq+mbLsMEo3XfjcnfYgDWn2I7/jyidBsvA+m9VnjU8/Cnk5O/YeIZQRvfOZ4xc8zw7C/vqmxsNi2KZr+2N23L+eetoKM4J6AigmINH41wAL3/RlB0oCpjSHSkbp7Glu2LlyJygS52p9m5pq4QBXtoiu5AJ6qG17LrypmDjfxE2zU2R3Zu6VLbs4zWQY2+W36j33Fm5nMkMMPJAEdRR27HPxM2EAEuH4OI1Jbup669sln9nJxnO2zYveplNPsAb3a16D4L9rwSzUd1s2W+NlqBSYdyAktuvtPWf1vAg9+Fob9jUgUFGTQpNF8Xj1n+DqvXlLQknsB/7EhNSSnYyQS36wHF9KBHJwexpYbhnGiMuLjN6KXbr/YYawocSA/5o8s6X/tRXKMkXtZjoEsyr1aNMj+4gSHaSUOG78r3VwAHLOXNez67xFpKMa/IQfQhj2Zng8142hhL4hPyNtuTOK3oVvPjZtAfbfxesUi+Zx2VhaJsnmj6J4gAOWU9nVpol67V0hNSD4LMUOZwwPst11IyJsXjkKKY0iy7ykFMTk6KalkVUqlYOmQRIXtBE9sD4esC+FGH1ONi3n0tbG7YivmV3YSmxk0RvQ/YlKGOchKpPH/bzN/X+NZh6A3Uk5uDsqU+GOjfDY2yIgetw4FAQ42YMxNmTJjq6MpcaETb5eQm8wee4QaVODocXHyknfWs6FYGNUjQpYp3+zxKJovHuKQcFgug3t8Si5hKnQz6KDZNaoDE0UMBR2ABbAX1Bcvu0lLHzaPXpGfXyoAe+B3MwF9/TTVkCNNYhNKm63P7qUuIbKLLCDXH6e4y5YiIF8Sl9jF/kR8v8MbLgrAROx8NlTm5CqNhQWOPQQyQXvXEl5hwHyF9ptrXUB9wIe,iv:6Lzbf+DBTfaZj7NhTJ07dVPuaViP61V4N2QHPTEFzMQ=,tag:8t4c0DJmAwg/0qRLBW4vCQ==,type:str]
sops:
age:
- recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
@ -61,7 +61,7 @@ sops:
QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-07T09:16:46Z"
mac: ENC[AES256_GCM,data:3PIJps2hoavPJ6ig+943FE73lBhCfxv8vuzmgTtooH386V12/PQN+Opt/ZoIbXU9w21XelZ/C5xPr8rcuw5ADx9K/KjdMm8jyLCO6/+iBf6SjnbC3E0DyiDit50UtWxKc32ryiJ8m5hYfX6O2H8WIGFa+6wp5KISV9pkc09CNZA=,iv:xzwEhhBJQOlde8Ib+tZpv+2CHfR83dFevdwERkYTsTE=,tag:SzdcZH19kSTnNs16754IMw==,type:str]
lastmodified: "2025-05-04T01:05:13Z"
mac: ENC[AES256_GCM,data:/wuo0bg48xlbP074JJ0rtmclWMG9vjlJnWjJnUaz45m+Gqj4IzA5ctSZdNnFTb7/CXkynJdFHme4/Nz8I/6+zzTFBeo/nVw43s1n0XmMqVYb2U/FTikvCMowHNnfMTY5Q83jD1MtE3XsRSCzxe649D4Zbcja8XG42v5rOt3geMA=,iv:n/yFp5f+LK8JaikifjRuieNtmcazl2VNz8rIzbvgBO8=,tag:Fs4+St1lxMn+VdEoP+Eo8g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

7
system/boot/default.nix
View File

@ -1,7 +0,0 @@
{
imports = [
./boot.nix
./plymouth.nix
./zram.nix
];
}

21
system/boot/zram.nix
View File

@ -1,21 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.boot.zram;
in {
options.mySystem.boot.zram = {
enable = mkEnableOption "Enable ZRAM";
memoryMax = mkOption {
type = types.int;
example = "512";
description = "Maximum size allocated to ZRAM in MiB";
};
};
config.zramSwap = mkIf cfg.enable {
inherit (cfg) enable;
memoryMax = cfg.memoryMax * 1024 * 1024;
};
}

40
system/default.nix
View File

@ -1,40 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.misc;
in {
imports = [
./boot
./desktop
./dev
./hardware
./i18n
./network
./packages
./security
./services
./users
];
options.mySystem.misc = {
timezone = mkOption {
type = types.str;
default = "Europe/Paris";
};
keymap = mkOption {
type = types.str;
default = "fr";
example = "fr-bepo";
description = "Keymap to use in the TTY console";
};
};
config = {
boot.tmp.cleanOnBoot = true;
time.timeZone = cfg.timezone;
console.keyMap = cfg.keymap;
};
}

3
system/desktop/default.nix
View File

@ -1,3 +0,0 @@
{
imports = [./hyprland.nix ./niri.nix ./xserver.nix];
}

13
system/desktop/niri.nix
View File

@ -1,13 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.mySystem.desktop.niri;
in {
options.mySystem.desktop.niri.enable = mkEnableOption "Enables Niri";
config.programs.niri = mkIf cfg.enable {
inherit (cfg) enable;
};
}

3
system/dev/default.nix
View File

@ -1,3 +0,0 @@
{
imports = [./docker.nix];
}

14
system/hardware/bluetooth.nix
View File

@ -1,14 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.hardware.bluetooth;
in {
options.mySystem.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
config = mkIf cfg.enable {
hardware.bluetooth.enable = cfg.enable;
services.blueman.enable = cfg.enable;
};
}

15
system/hardware/corne.nix
View File

@ -1,15 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.hardware.corne;
in {
options.mySystem.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
config.services.udev = mkIf cfg.allowHidAccess {
extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
};
}

10
system/hardware/default.nix
View File

@ -1,10 +0,0 @@
{
imports = [
./amdgpu.nix
./bluetooth.nix
./corne.nix
./ibm-trackpoint.nix
./opentablet.nix
./sound.nix
];
}

15
system/hardware/ibm-trackpoint.nix
View File

@ -1,15 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.hardware.ibmTrackpoint;
in {
options.mySystem.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBMs trackpoint on ThinkPad";
config.services.udev = mkIf cfg.disable {
extraRules = ''
ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
'';
};
}

14
system/hardware/opentablet.nix
View File

@ -1,14 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.hardware.opentablet;
in {
options.mySystem.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
config.hardware.opentabletdriver = mkIf cfg.enable {
inherit (cfg) enable;
daemon.enable = true;
};
}

5
system/i18n/default.nix
View File

@ -1,5 +0,0 @@
{
imports = [
./locale.nix
];
}

5
system/network/default.nix
View File

@ -1,5 +0,0 @@
{
imports = [
./networking.nix
];
}

14
system/packages/appimage.nix
View File

@ -1,14 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.packages.appimage;
in {
options.mySystem.packages.appimage.enable = mkEnableOption "Enables AppImage support";
config.programs.appimage = mkIf cfg.enable {
inherit (cfg) enable;
binfmt = true;
};
}

15
system/packages/default.nix
View File

@ -1,15 +0,0 @@
{pkgs, ...}: {
imports = [
./appimage.nix
./flatpak.nix
./nano.nix
./nix.nix
./steam.nix
];
environment.systemPackages = with pkgs; [
curl
openssl
wget
];
}

22
system/packages/flatpak.nix
View File

@ -1,22 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.packages.flatpak;
in {
options.mySystem.packages.flatpak = {
enable = mkEnableOption "Enable Flatpak support";
builder.enable = mkEnableOption "Enable Flatpak builder";
};
config = {
services.flatpak = mkIf cfg.enable {
inherit (cfg) enable;
};
environment.systemPackages = mkIf cfg.builder.enable [
pkgs.flatpak-buildR
];
};
}

34
system/packages/steam.nix
View File

@ -1,34 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.programs.steam;
in {
options.mySystem.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
config = mkIf cfg.enable {
programs = {
steam = {
inherit (cfg) enable;
protontricks.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true;
extraCompatPackages = [pkgs.proton-ge-bin];
};
gamescope = {
enable = true;
capSysNice = true;
args = [
"--rt"
"--expose-wayland"
];
};
};
hardware.steam-hardware = {
inherit (cfg) enable;
};
};
}

5
system/security/default.nix
View File

@ -1,5 +0,0 @@
{
imports = [
./sops.nix
];
}

38
system/services/calibre.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.mySystem.services.calibre;
in {
options.mySystem.services.calibre = {
enable = mkEnableOption "Enable Calibre Web";
user = mkOption {
type = types.string;
default = "phundrak";
};
group = mkOption {
type = types.string;
default = "users";
};
dataDir = mkOption {
type = types.string;
example = "/tank/calibre/conf";
default = "/tank/calibre/conf";
};
library = mkOption {
type = types.string;
example = "/tank/calibre/library";
default = "/tank/calibre/library";
};
};
config.services.calibre-web = mkIf cfg.enable {
inherit (cfg) enable user group dataDir;
options = {
calibreLibrary = cfg.library;
enableBookConversion = true;
enableBookUploading = true;
};
};
}

12
system/services/default.nix
View File

@ -1,12 +0,0 @@
{
imports = [
./calibre.nix
./endlessh.nix
./fwupd.nix
./jellyfin.nix
./plex.nix
./printing.nix
./ssh.nix
./sunshine.nix
];
}

13
system/services/fwupd.nix
View File

@ -1,13 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.fwupd;
in {
options.mySystem.services.fwupd.enable = mkEnableOption "Enable fwupd";
config.services.fwupd = mkIf cfg.enable {
inherit (cfg) enable;
};
}

28
system/services/jellyfin.nix
View File

@ -1,28 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.mySystem.services.jellyfin;
in {
options.mySystem.services.jellyfin = {
enable = mkEnableOption "Enable Jellyfin";
dataDir = mkOption {
type = types.string;
default = "/tank/jellyfin/data";
example = "/tank/jellyfin/data";
};
user = mkOption {
type = types.string;
default = "phundrak";
};
group = mkOption {
type = types.string;
default = "users";
};
};
config.services.jellyfin = mkIf cfg.enable {
inherit (cfg) enable group user dataDir;
};
}

35
system/services/plex.nix
View File

@ -1,35 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.plex;
in {
options.mySystem.services.plex = {
enable = mkEnableOption "Enable Plex";
group = mkOption {
type = types.string;
default = "users";
example = "users";
description = "Group under which Plex runs";
};
dataDir = mkOption {
type = types.string;
example = "/tank/plex-config";
};
user = mkOption {
type = types.string;
default = "phundrak";
};
};
config = {
services.plex = mkIf cfg.enable {
inherit (cfg) enable user group dataDir;
openFirewall = cfg.enable;
};
boot.kernel.sysctl = {
"kernel.unprivileged_userns_clone" = 1;
};
};
}

13
system/services/printing.nix
View File

@ -1,13 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.printing;
in {
options.mySystem.services.printing.enable = mkEnableOption "Enable printing with CUPS";
config.services.printing = mkIf cfg.enable {
inherit (cfg) enable;
};
}

5
system/users/default.nix
View File

@ -1,5 +0,0 @@
{
imports = [
./phundrak.nix
];
}

4
users/modules/cli/bat.nix → users/modules/bat.nix
View File

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.home.cli.bat;
cfg = config.modules.bat;
in {
options.home.cli.bat.extras = mkEnableOption "Enables extra packages for bat.";
options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
config.programs.bat = {
enable = true;
config = {

0
users/modules/cli/btop.nix → users/modules/btop.nix
View File

29
users/modules/cli/default.nix
View File

@ -1,29 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.cli;
in {
imports = [
./bat.nix
./btop.nix
./direnv.nix
./eza.nix
./mu.nix
./nh.nix
./nix-index.nix
./scripts
./tealdeer.nix
./yt-dlp.nix
];
options.home.cli.fullDesktop = mkEnableOption "Enable all optional modules and options";
config.home.cli = {
bat.extras = mkDefault cfg.fullDesktop;
mu.enable = mkDefault cfg.fullDesktop;
scripts.enable = mkDefault cfg.fullDesktop;
yt-dlp.enable = mkDefault cfg.fullDesktop;
};
}

11
users/modules/cli/mu.nix
View File

@ -1,11 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.cli.mu;
in {
options.home.cli.mu.enable = mkEnableOption "Enable mu";
config.programs.mu.enable = cfg.enable;
}

10
users/modules/cli/nix-index.nix
View File

@ -1,10 +0,0 @@
{inputs, ...}: {
imports = [
inputs.nix-index-database.homeModules.nix-index
];
programs = {
nix-index.enable = true;
nix-index-database.comma.enable = true;
};
}

15
users/modules/cli/scripts/default.nix
View File

@ -1,15 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.home.cli.scripts;
files = filesystem.listFilesRecursive ./.;
scriptFiles = builtins.filter (path: baseNameOf path != "default.nix") files;
scripts = map (file: (import file {inherit pkgs config;})) scriptFiles;
in {
options.home.cli.scripts.enable = mkEnableOption "Add custom scripts to PATH";
config.home.packages = mkIf cfg.enable scripts;
}

18
users/modules/cli/yt-dlp.nix
View File

@ -1,18 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.cli.yt-dlp;
in {
options.home.cli.yt-dlp.enable = mkEnableOption "Enable yt-dlp";
config.programs.yt-dlp = mkIf cfg.enable {
inherit (cfg) enable;
settings = {
embed-thumbnail = true;
embed-subs = true;
sub-langs = "all";
};
};
}

34
users/modules/default.nix
View File

@ -1,29 +1,17 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home;
in {
imports = [
./basics.nix
./cli
./desktop
./dev
./media
./services
./security
./bat.nix
./btop.nix
./direnv.nix
./eza.nix
./gpg.nix
./mopidy.nix
./nh.nix
./nix-index.nix
./shell
./ssh.nix
./tealdeer.nix
./vcs
];
options.home.fullDesktop = mkEnableOption "Enable most modules";
config.home = {
cli.fullDesktop = mkDefault cfg.fullDesktop;
desktop.fullDesktop = mkDefault cfg.fullDesktop;
dev.fullDesktop = mkDefault cfg.fullDesktop;
media.fullDesktop = mkDefault cfg.fullDesktop;
security.fullDesktop = mkDefault cfg.fullDesktop;
services.fullDesktop = mkDefault cfg.fullDesktop;
};
}

32
users/modules/desktop/default.nix
View File

@ -1,32 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.desktop;
in {
imports = [
./emoji.nix
./eww.nix
./hyprland.nix
./kdeconnect.nix
./kitty.nix
./obs.nix
./qt.nix
./swaync.nix
./waybar.nix
./wlsunset.nix
./wofi.nix
];
options.home.desktop.fullDesktop = mkEnableOption "Enable options for graphical environments";
config.home.desktop = {
eww.enable = mkDefault cfg.fullDesktop;
hyprland.enable = mkDefault cfg.fullDesktop;
kdeconnect.enable = mkDefault cfg.fullDesktop;
kitty.enable = mkDefault cfg.fullDesktop;
obs.enable = mkDefault cfg.fullDesktop;
qt.enable = mkDefault cfg.fullDesktop;
};
}

14
users/modules/desktop/eww.nix
View File

@ -1,14 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.desktop.eww;
in {
options.home.desktop.eww.enable = mkEnableOption "Enable eww support";
config.programs.eww = mkIf cfg.enable {
inherit (cfg) enable;
configDir = ./eww-config;
};
}

14
users/modules/desktop/kdeconnect.nix
View File

@ -1,14 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.desktop.kdeconnect;
in {
options.home.desktop.kdeconnect.enable = mkEnableOption "Enable KDE Connect";
config.services.kdeconnect = mkIf cfg.enable {
enable = true;
indicator = true;
};
}

23
users/modules/desktop/obs.nix
View File

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.home.desktop.obs;
in {
options.home.desktop.obs.enable = mkEnableOption "Enables OBS Studio";
config.programs.obs-studio = mkIf cfg.enable {
inherit (cfg) enable;
plugins = with pkgs.obs-studio-plugins; [
input-overlay
obs-backgroundremoval
obs-mute-filter
obs-pipewire-audio-capture
obs-source-clone
obs-source-record
obs-tuna
];
};
}

11
users/modules/desktop/qt.nix
View File

@ -1,11 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.desktop.qt;
in {
options.home.desktop.qt.enable = mkEnableOption "Enable Qt support";
config.qt.enable = cfg.enable;
}

20
users/modules/dev/default.nix
View File

@ -1,20 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.dev;
in {
imports = [
./editors
./ollama.nix
./vcs
];
options.home.dev.fullDesktop = mkEnableOption "Enables everything except AI";
config.home.dev = {
vcs.fullDesktop = mkDefault cfg.fullDesktop;
editors.fullDesktop = mkDefault cfg.fullDesktop;
};
}

20
users/modules/dev/editors/default.nix
View File

@ -1,20 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.dev.editors;
in {
imports = [
./emacs.nix
];
options.home.dev.editors.fullDesktop = mkEnableOption "Enable all editors";
config.home.dev.editors.emacs = {
enable = mkDefault cfg.fullDesktop;
service = mkDefault cfg.fullDesktop;
mu4eMime = mkDefault cfg.fullDesktop;
org-protocol = mkDefault cfg.fullDesktop;
};
}

25
users/modules/dev/ollama.nix
View File

@ -1,25 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.dev.ollama;
in {
options.home.dev.ollama = {
enable = mkEnableOption "Enables Ollama";
gpu = mkOption {
type = types.nullOr types.enum ["none" "amd" "nvidia"];
example = "amd";
default = "none";
description = "Which type of GPU should be used for hardware acceleration";
};
};
config.services.ollama = mkIf cfg.enable {
inherit (cfg) enable;
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "8192";
};
};
}

53
users/modules/dev/vcs/default.nix
View File

@ -1,53 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.home.dev.vcs;
in {
imports = [./git.nix ./jujutsu.nix];
options.home.dev.vcs = {
fullDesktop = mkEnableOption "Enable all optional values";
name = mkOption {
type = types.str;
default = "Lucien Cartier-Tilet";
};
email = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
editor = mkOption {
type = types.str;
default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
};
publicKey = {
content = mkOption {
type = types.nullOr types.str;
example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGj+J6N6SO+4P8dOZqfR1oiay2yxhhHnagH52avUqw5h";
default = null;
};
file = mkOption {
type = with types; nullOr path;
default = "/home/phundrak/.ssh/id_ed25519.pub";
};
};
};
config.home.dev.vcs = {
git = {
enable = mkDefault true;
inherit (cfg) name email editor;
publicKeyFile = cfg.publicKey.file;
cliff = mkDefault cfg.fullDesktop;
completeConfig = mkDefault cfg.fullDesktop;
};
jj = {
enable = mkDefault true;
inherit (cfg) name email editor;
signing.sshKey = mkDefault (cfg.publicKey.file or cfg.publicKey.content);
};
};
}

0
users/modules/cli/direnv.nix → users/modules/direnv.nix
View File

5
users/modules/dev/editors/emacs.nix → users/modules/emacs.nix
View File

@ -11,9 +11,9 @@ with lib; let
epkgs.pdf-tools
]
));
cfg = config.home.dev.editors.emacs;
cfg = config.modules.emacs;
in {
options.home.dev.editors.emacs = {
options.modules.emacs = {
enable = mkEnableOption "enables Emacs";
package = mkOption {
type = types.package;
@ -25,7 +25,6 @@ in {
};
config = {
home.packages = [pkgs.emacs-all-the-icons-fonts];
programs.emacs = mkIf cfg.enable {
enable = true;
inherit (cfg) package;

0
users/modules/desktop/emoji.nix → users/modules/emoji.nix
View File

0
users/modules/desktop/eww-config/eww.scss → users/modules/eww-config/eww.scss
View File

0
users/modules/desktop/eww-config/eww.yuck → users/modules/eww-config/eww.yuck
View File

0
users/modules/desktop/eww-config/test → users/modules/eww-config/test
View File

6
users/modules/eww.nix Normal file
View File

@ -0,0 +1,6 @@
{
programs.eww = {
enable = true;
configDir = ./eww-config;
};
}

0
users/modules/cli/eza.nix → users/modules/eza.nix
View File

12
users/modules/gpg.nix Normal file
View File

@ -0,0 +1,12 @@
{pkgs, ...}: {
programs.gpg = {
enable = true;
mutableKeys = true;
mutableTrust = true;
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-emacs;
};
}

63
users/modules/desktop/hyprland.nix → users/modules/hyprland.nix
View File

@ -5,9 +5,8 @@
...
}:
with lib; let
cfg = config.home.desktop.hyprland;
rofi-emoji = import ../cli/scripts/rofi-emoji.nix {inherit pkgs;};
laptops = ["gampo"];
cfg = config.modules.hyprland;
rofi-emoji = import ../scripts/rofi-emoji.nix {inherit pkgs;};
in {
imports = [
./swaync.nix
@ -15,34 +14,33 @@ in {
./wlsunset.nix
];
options.home.desktop.hyprland = {
options.modules.hyprland = {
enable = mkEnableOption "Enables Hyprland";
swaync = mkEnableOption "Enables swaync";
emacsPkg = mkOption {
type = types.package;
default = config.home.dev.editors.emacs.package or pkgs.emacs;
# default = pkgs.emacs;
example = pkgs.emacs;
default = pkgs.emacs;
};
host = mkOption {
type = types.enum ["gampo" "marpa"];
type = types.enum ["tilo" "gampo"];
default = "tilo";
description = ''
Which host is Hyprland running on.
This helps determine the monitors layout and enable battery support in waybar.
This helps determine the monitors layout.
'';
};
waybar = {
enable = mkEnableOption "Enables waybar.";
battery = mkEnableOption "Enables battery support.";
style = mkOption {
type = types.path;
example = ./style.css;
};
};
};
config = mkIf cfg.enable {
home.desktop = {
swaync.enable = mkDefault true;
waybar = {
enable = mkDefault true;
battery = mkDefault (builtins.elem cfg.host laptops);
};
wlsunset.enable = mkDefault true;
wofi.enable = mkDefault true;
};
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
@ -52,7 +50,7 @@ in {
input = {
kb_layout = "fr";
kb_variant = "bepo_afnor";
# kb_options = "caps:ctrl_modifier";
kb_options = "caps:ctrl_modifier";
numlock_by_default = true;
follow_mouse = 1;
touchpad.natural_scroll = false;
@ -60,9 +58,9 @@ in {
};
monitor =
{
"marpa" = [
"DP-1, 3440x1440@144, 1080x550, 1"
"DP-2, 2560x1080@60, 0x0, 1, transform, 1"
"tilo" = [
"DP-1, 3440x1440@144, 0x725, 1"
"DP-3, 2560x1080@60, 3440x0, 1, transform, 3"
];
"gampo" = [];
}."${cfg.host}";
@ -79,11 +77,21 @@ in {
new_status = "inherit";
};
workspace = [
"4, layoutopt:orientation:bottom"
"1, layoutopt:orientation:bottom"
"2, layoutopt:orientation:bottom"
];
decoration = {
rounding = 5;
# blur = {
# enable = true;
# size = 9;
# passes = 1;
# };
# shadow = {
# enable = true;
# color = "rgba(2e3440aa)";
# range = 4;
# render_power = 3;
# };
};
animations = {
enabled = true;
@ -288,5 +296,12 @@ in {
};
};
};
modules = {
swaync.enable = cfg.swaync;
waybar = mkIf cfg.waybar.enable {
inherit (cfg.waybar) enable battery style;
};
wlsunset.enable = true;
};
};
}

6
users/modules/kdeconnect.nix Normal file
View File

@ -0,0 +1,6 @@
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}

15
users/modules/desktop/kitty.nix → users/modules/kitty.nix
View File

@ -1,15 +1,6 @@
{
pkgs,
config,
lib,
...
}:
with lib; let
cfg = config.home.desktop.kitty;
in {
options.home.desktop.kitty.enable = mkEnableOption "Enable kitty terminal";
config.programs.kitty = mkIf cfg.enable {
inherit (cfg) enable;
{pkgs, ...}: {
programs.kitty = {
enable = true;
themeFile = "Nord";
font = {
package = pkgs.cascadia-code;

16
users/modules/services/mbsync.nix → users/modules/mbsync.nix
View File

@ -4,14 +4,26 @@
...
}:
with lib; let
cfg = config.home.services.mbsync;
cfg = config.modules.mbsync;
in {
options.home.services.mbsync = {
options.modules.mbsync = {
enable = mkEnableOption "Enables mbsync";
passwordFile = mkOption {
type = types.str;
example = "/var/email/password";
};
service.enable = mkOption {
type = types.bool;
default = true;
};
host = mkOption {
type = types.str;
default = "mail.phundrak.com";
};
user = mkOption {
type = types.str;
default = "lucien@phundrak.com";
};
};
config = mkIf cfg.enable {

22
users/modules/media/default.nix
View File

@ -1,22 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.media;
in {
imports = [
./mopidy.nix
./mpd.nix
./mpd-mpris.nix
./mpv.nix
];
options.home.media.fullDesktop = mkEnableOption "Enables everything";
config.home.media = {
mopidy.enable = mkDefault cfg.fullDesktop;
mpd.enable = mkDefault (cfg.fullDesktop or cfg.mpd-mpris.enable);
mpv.enable = mkDefault cfg.fullDesktop;
};
}

16
users/modules/media/mpd-mpris.nix
View File

@ -1,16 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.home.media.mpd-mpris;
cfgMpd = config.home.media.mpd;
in {
options.home.media.mpd-mpris.enable = mkOption {
type = types.bool;
default = cfgMpd.enable;
example = false;
};
config.services.mpd-mpris.enable = cfg.enable;
}

30
users/modules/media/mpd.nix
View File

@ -1,30 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.home.media.mpd;
in {
options.home.media.mpd.enable = mkEnableOption "Enables MPD";
config.services.mpd = mkIf cfg.enable {
inherit (cfg) enable;
musicDirectory = "${config.home.homeDirectory}/Music";
playlistDirectory = "${config.home.homeDirectory}/Music/playlists";
network.startWhenNeeded = true;
extraConfig = ''
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
bind_to_address "localhost"
auto_update "yes"
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
'';
};
}

4
users/modules/media/mopidy.nix → users/modules/mopidy.nix
View File

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.home.media.mopidy;
cfg = config.modules.mopidy;
in {
options.home.media.mopidy = {
options.modules.mopidy = {
enable = mkEnableOption "Enables Mopidy.";
};

Some files were not shown because too many files have changed in this diff Show More