diff options
author | Tim Keller <tjkeller.xyz> | 2025-01-05 16:19:45 -0600 |
---|---|---|
committer | Tim Keller <tjkeller.xyz> | 2025-01-05 16:19:45 -0600 |
commit | 1835aa04051f2f0c41017423f2bcba6c549f26b0 (patch) | |
tree | b5f26e29032e9084b27eeb0688c7a3a9bb0df57f | |
parent | d0faef2f53e2e5195b2acc7cc7bba898bd7cd05b (diff) | |
download | nixos-1835aa04051f2f0c41017423f2bcba6c549f26b0.tar.xz nixos-1835aa04051f2f0c41017423f2bcba6c549f26b0.zip |
overhual
34 files changed, 383 insertions, 278 deletions
@@ -102,16 +102,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1733951536, + "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -166,16 +166,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1727540905, - "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=", + "lastModified": 1734083684, + "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbca5e745367ae7632731639de5c21f29c8744ed", + "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -1,8 +1,8 @@ -{ +rec { description = "TimmyOS System Config"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; @@ -10,7 +10,7 @@ }; home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -42,7 +42,7 @@ ./modules/root home-manager.nixosModules.home-manager { home-manager = { - backupFileExtension = "old"; + backupFileExtension = "backup"; useGlobalPkgs = true; useUserPackages = true; users.${userDetails.username} = import ./modules/home; diff --git a/modules/home/theme.nix b/modules/home/theme.nix index 630780e..b12f866 100644 --- a/modules/home/theme.nix +++ b/modules/home/theme.nix @@ -20,11 +20,11 @@ gtk = { enable = true; theme = lib.mkIf config.theme.mint.enable { - package = pkgs.cinnamon.mint-themes; + package = pkgs.mint-themes; name = "Mint-Y-${config.theme.mint.theme.color}"; }; iconTheme = lib.mkIf config.theme.mint.enable { - package = pkgs.cinnamon.mint-y-icons; + package = pkgs.mint-y-icons; name = "Mint-Y-${config.theme.mint.icons.color}"; }; font = { diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix index 31b93f1..a3bad32 100644 --- a/modules/hosts/T495/configuration.nix +++ b/modules/hosts/T495/configuration.nix @@ -2,30 +2,29 @@ imports = [ ./hardware-configuration.nix ./games.nix + ./input-leap.nix ./wg.nix ]; networking.hostName = "T495"; - # Use systemd-boot instead of grub - # grub does not recognize fs - grub.enable = false; - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; + bootloader.mode = "efi"; # Enable extra software pkgs - software = { - desktop.extra.enable = true; - dev.extra.enable = true; + software.desktop = { + chromium.enable = true; + cad.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + utilities.enable = true; + }; + software.development = { + docker.enable = true; }; - environment.systemPackages = with pkgs; [ - input-leap - ]; - docker.enable = true; # Enable network drives - fs.networkFS.enable = true; + nas.enable = true; + nas.office.enable = true; networking.hosts = { "192.168.77.3" = [ "devel" ]; @@ -34,5 +33,8 @@ # Use amdgpu driver for x11 services.xserver.videoDrivers = [ "amdgpu" ]; + # Enable bluetooth + bluetooth.enable = true; + system.stateVersion = "24.05"; } diff --git a/modules/hosts/T495/games.nix b/modules/hosts/T495/games.nix index f596fa8..419d854 100644 --- a/modules/hosts/T495/games.nix +++ b/modules/hosts/T495/games.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - vintagestory + #vintagestory + prismlauncher ]; } diff --git a/modules/hosts/T495/input-leap.nix b/modules/hosts/T495/input-leap.nix new file mode 100644 index 0000000..cf6d018 --- /dev/null +++ b/modules/hosts/T495/input-leap.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + input-leap + ]; + + networking.firewall = { + allowedTCPPorts = [ + 24800 # input-leaps + ]; + }; +} diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/modules/hosts/T495/resources/secrets/wg0.yaml index fd460a3..6df5ff6 100644 --- a/modules/hosts/T495/resources/secrets/wg0.yaml +++ b/modules/hosts/T495/resources/secrets/wg0.yaml @@ -1,4 +1,4 @@ -wg0: ENC[AES256_GCM,data:pOFkXu51VBvStuOZPgwSLUsChUxi0MPccQCufpbD9o+ZWlkOfvpko8fBnKWQ5jTXKs3JaK5ZifjjEr51HmINTjWrX1D2qjXQwjzySqv6BLPeCyK/KEFqpJHVYfTnUTaoCXlJwIMY4irpMOOdD20N5GiD79c+3djBopGT533L34XIMHAvgPg8AxP9/CcykN8i2eqdyOchqCvy/JYELxb0HRh6VHmzPMf0RV5YvWzL7Bk/4fTFiLLIn9anVWuVJ9o5rul6DSV6kS0BDmdAnIZ7YXtDn2RQtLTTB1z9PijkL5CcvK0FmwKlAP6L1tKDtwBLZ11/pAYmVooTAnc+pmlGbFRtITNEXlgngUY/lz9FSIePxarqCNPXn8MfiNAJhrSpSbRP7S5JXUwenHw4AyT77I7Ae4PV6y4qwqsBcp5kdnTG+c3tjJQ=,iv:CHY8ENBWBLgWXXF2Zv560NiUDWw00l8HvQIvhBHoNMg=,tag:IzOACow7hTSgb4uinq66tQ==,type:str] +wg0: ENC[AES256_GCM,data:Zxw98YrH2QYyU8u4sk0geOUQXfOZK9scGPECbKruehcDffJlRspmsS2k3sSahdAIcJjIjauGmZ7usXus2wKAiRnYsl2e4P/0IUVp8L8UJp52iPZVEvT9JRELPYQ9gBBNmp/HDYglxP7uHx2bzcCTvCr4fFdQZgsUSl/pd6pBtSMwupsK5U9Xfz9Sh7JNTlpgpU4jlkl676XnrCo0HyL7rXMp4S6Ruhfve8gwJYP8QLn4DiwnP69Flc54MDQRKSvlvYca8dZIrS1N3h9k6aO1eB/z4I3qPN0/p7yT9pdfemaDpEqf1+byRKGYuED1Ge8P3D0+qRWJBd5GmoSHC8NV9KVV3DrAJ/QLOLCqm8oN0UGxQW5lbWi6lIQ708kodEDOsBREexRPOzjYAjajBr6O6wCtRThgce4yOg9ZwqxVDERqIz1fR034b56LrZtKjOSlJtmkmMCuCGrVkKj4L7JvBfKtCjBN+TOyONsClY/Vhd+XzNWWk8d8FVraOE2rJN4+ss7UL+jBth3DfSbr739cEQDhHRKoMPvXy0FhPVw=,iv:CN82pOBNCtICzM0Ac9Gh+x8pUSK1Fc2v2KmM+de3A78=,tag:KuGiC+Ak550d6njSdX4muA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +14,8 @@ sops: YTNydURsOUMrSXZGdk9UOUdUQlA0SFUKxEDJRR6tpYva9qpWo9NxwCxk/xpRVoTl YJkmDZzMcXikXXiro96AprP9dXJXvMPKYPGl2Zsal8PlGFPBoHW2GA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-31T03:44:59Z" - mac: ENC[AES256_GCM,data:SOHUgah6+C1OrzMglW1i+hjZPdRcL2rLUBejVg+o+Ibk2vI3ySyZJF6p389wUOjhWLguhPHf9+8kxn7HRUXOODXSL567LgxahfTj6J8MGDzXjALJuaGphmw5zJKbWGU06sR0tZlbyk89PO54dLVdvnFPuEbkLlma3cHD+qMEK7w=,iv:rX955auFPM4LjuSc8PPItGfvqiVQu7oqNmgs3GniWHc=,tag:1w7zTYHDVDQnX2FsBXs3uQ==,type:str] + lastmodified: "2025-01-05T18:21:12Z" + mac: ENC[AES256_GCM,data:VEtpQLHMoQK7Qg4PT2DkNNMurjRE0ZadyiQ0uYsPJ0K2lS0gD8pPwb8btiq7KXXOGWWZOMYRDaRKOENy44f/k+16GOpO6jaKAfN6eEcidaWlP7zvpeNzt7LImFqn/Sjv4rq1+DmvGxyyNjuK8BwvvAfnZwG6KXbn7Bh6xgfTnLs=,iv:Jf4f5j6BTkDBmah3izIESsAn7wDMUFU6NbsqpFIdui4=,tag:yNg374unwHaDEK43+Y0eWg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2 diff --git a/modules/root/awesome.nix b/modules/root/awesome.nix deleted file mode 100644 index af1318f..0000000 --- a/modules/root/awesome.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ nixpkgs, pkgs, lib, config, ... }: { - options = { - xserver.awesome.enable = lib.mkEnableOption "enables awesomewm"; - }; - - config = lib.mkIf config.xserver.awesome.enable { - services.xserver.windowManager.awesome = { - enable = true; - noArgb = true; # disables transparency. why not? - luaModules = with pkgs; [ - luajitPackages.lgi - ]; - }; - - #getLuaPath = lib: dir: "${lib}/${dir}/lua/${pkgs.luajit.luaversion}"; - #makeSearchPath = lib.concatMapStrings ( - # path: - # " --search " - # + (getLuaPath path "share") - # + " --search " - # + (getLuaPath path "lib") - #); - - - environment.systemPackages = with pkgs; [ - (awesome.override { - gtk3Support = true; - gtk3 = gtk3; - lua = luajit; - }) - ]; - }; -} diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix new file mode 100644 index 0000000..d55eade --- /dev/null +++ b/modules/root/bluetooth.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: { + options = { + bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; + }; + + config = { + hardware.bluetooth.enable = true; + services.blueman.enable = true; + }; +} diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix new file mode 100644 index 0000000..0a45264 --- /dev/null +++ b/modules/root/bootloader.nix @@ -0,0 +1,43 @@ +{ lib, config, ... }: { + options = { + bootloader.loader = lib.mkOption { + type = lib.types.enum [ "grub" "systemd-boot" ]; + default = "systemd-boot"; + description = "whether to install grub or systemd-boot as the bootloader"; + }; + bootloader.mode = lib.mkOption { + type = lib.types.enum [ "efi" "bios" ]; + default = "efi"; + description = "whether to install the bootloader in efi or bios mode"; + }; + bootloader.grub = { + biosDevice = lib.mkOption { + type = lib.types.str; + description = "device to install grub on"; + }; + }; + bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; + }; + + config = { + boot.loader = { + grub = { + enable = config.bootloader.loader == "grub"; + efiSupport = config.bootloader.mode == "efi"; + efiInstallAsRemovable = config.bootloader.mode == "efi"; + device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev"; + enableCryptodisk = true; + memtest86.enable = config.bootloader.memtest86.enable; + }; + systemd-boot = { + enable = config.bootloader.loader == "systemd-boot"; + editor = false; + memtest86.enable = config.bootloader.memtest86.enable; + }; + efi = lib.mkIf (config.bootloader.mode == "efi") { + efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi"; + canTouchEfiVariables = true; + }; + }; + }; +} diff --git a/modules/root/default.nix b/modules/root/default.nix index 368d725..c3d2dc1 100644 --- a/modules/root/default.nix +++ b/modules/root/default.nix @@ -1,62 +1,48 @@ { lib, ... }: { imports = [ + ./software ./autologin.nix - ./awesome.nix - ./ddcutil.nix + ./bluetooth.nix + ./bootloader.nix ./doas.nix - ./docker.nix - ./filesystems.nix ./fonts.nix - ./grub.nix ./home-manager.nix ./hosts.nix ./localization.nix + ./nas.nix ./nix.nix ./normaluser.nix ./pipewire.nix ./powerkeys.nix ./printing.nix ./secrets.nix - ./software.nix + ./ssh.nix ./tlp.nix - ./virtualisation.nix ./wifi.nix ./x11.nix + ./zsh.nix ]; autologin.enable = lib.mkDefault true; avahi.enable = lib.mkDefault true; + bluetooth.enable = lib.mkDefault false; doas.enable = lib.mkDefault true; - docker = { + fonts.enable = lib.mkDefault true; + nas = { enable = lib.mkDefault false; - btrfsSupport = lib.mkDefault true; + home.enable = lib.mkDefault true; + office.enable = lib.mkDefault false; }; - fonts.enable = lib.mkDefault true; - #fs.networkFS.enable = lib.mkDefault false; - fs.networkFS.enable = lib.mkDefault false; - grub = { - enable = lib.mkDefault true; + bootloader = { mode = lib.mkDefault "bios"; - biosDevice = lib.mkDefault "/dev/sda"; + memtest86.enable = lib.mkDefault true; }; home-manager.enable = lib.mkDefault true; pipewire.enable = lib.mkDefault true; printing.enable = lib.mkDefault true; tlp.enable = lib.mkDefault true; scanning.enable = lib.mkDefault true; - software = { - desktop = { - enable = lib.mkDefault true; - extra.enable = lib.mkDefault false; - }; - dev = { - enable = lib.mkDefault true; - extra.enable = lib.mkDefault false; - }; - utils.enable = lib.mkDefault true; - }; - virtualisation.enable = lib.mkDefault false; wifi.enable = lib.mkDefault true; - xserver.awesome.enable = lib.mkDefault true; xserver.enable = lib.mkDefault true; + zsh.enable = lib.mkDefault true; } diff --git a/modules/root/doas.nix b/modules/root/doas.nix index 54cf63a..c6707ce 100644 --- a/modules/root/doas.nix +++ b/modules/root/doas.nix @@ -5,12 +5,15 @@ }; config = { - security.sudo.enable = config.sudo.enable; - security.doas.enable = config.doas.enable; - security.doas.extraRules = lib.mkIf config.doas.enable [{ - groups = ["wheel"]; - keepEnv = true; - noPass = true; - }]; + security = { + #sudo.enable = config.sudo.enable; + sudo.enable = true; # TODO remove once can be built from flake w git + sudo.wheelNeedsPassword = false; + doas.enable = config.doas.enable; + doas.extraRules = lib.mkIf config.doas.enable [{ + keepEnv = true; + }]; + doas.wheelNeedsPassword = false; + }; }; } diff --git a/modules/root/docker.nix b/modules/root/docker.nix deleted file mode 100644 index 2499699..0000000 --- a/modules/root/docker.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, lib, config, userDetails, ... }: { - options = { - docker.enable = lib.mkEnableOption "enables docker"; - docker.btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs"; - }; - - config = lib.mkIf config.docker.enable { - virtualisation.docker = { - enable = true; - storageDriver = lib.mkIf config.docker.btrfsSupport "btrfs"; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - - users.groups.docker.members = [ userDetails.username ]; - }; -} diff --git a/modules/root/grub.nix b/modules/root/grub.nix deleted file mode 100644 index 4e6a5f5..0000000 --- a/modules/root/grub.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: { - options = { - grub.enable = lib.mkEnableOption "enables grub bootloader"; - grub.mode = lib.mkOption { - type = lib.types.enum [ "efi" "bios" ]; - default = "efi"; - description = "grub mode efi or bios"; - }; - grub.biosDevice = lib.mkOption { - type = lib.types.str; - description = "device to install grub on"; - }; - }; - - config = lib.mkIf config.grub.enable { - boot.loader = { - grub = { - enable = true; - efiSupport = config.grub.mode == "efi"; - efiInstallAsRemovable = config.grub.mode == "efi"; - device = if config.grub.mode == "bios" then config.grub.biosDevice else "nodev"; - }; - efi.efiSysMountPoint = "/boot/efi"; - }; - }; -} diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix index 7ca70ad..14daaf1 100644 --- a/modules/root/hosts.nix +++ b/modules/root/hosts.nix @@ -1,12 +1,14 @@ { networking.hosts = { + "192.168.1.9" = [ "optiplex" ]; "192.168.1.30" = [ "localgit" ]; "192.168.1.11" = [ "truenas-home" ]; "192.168.77.11" = [ "truenas-office" ]; - "192.168.77.8" = [ "publicgit" ]; + "192.168.77.8" = [ "publicgit" "tjkeller" ]; "173.9.253.3" = [ "git.tjkeller.xyz" "piped.tjkeller.xyz" + "search.tjkeller.xyz" "tjkeller.xyz" ]; }; diff --git a/modules/root/filesystems.nix b/modules/root/nas.nix index 1784feb..0e11196 100644 --- a/modules/root/filesystems.nix +++ b/modules/root/nas.nix @@ -7,14 +7,20 @@ let }; in { options = { - fs.networkFS.enable = lib.mkEnableOption "enable network shares"; + nas = { + enable = lib.mkEnableOption "enable network shares"; + home.enable = lib.mkEnableOption "enable home network shares"; + office.enable = lib.mkEnableOption "enable office network shares"; + }; }; - config = { - fileSystems = lib.mkIf config.fs.networkFS.enable { + + config = lib.mkIf config.nas.enable { + fileSystems = lib.optionalAttrs config.nas.home.enable { "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media"; "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups"; "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes"; "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos"; + } // lib.optionalAttrs config.nas.office.enable { "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx"; "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller"; "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans"; diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix index 4be90e8..97e0a14 100644 --- a/modules/root/normaluser.nix +++ b/modules/root/normaluser.nix @@ -3,6 +3,6 @@ description = userDetails.fullname; #home = userDetails.home.root; isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" "nixbld" ]; }; } diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml index b28d1f6..2f0742b 100644 --- a/modules/root/resources/secrets/secrets.yaml +++ b/modules/root/resources/secrets/secrets.yaml @@ -1,4 +1,4 @@ -wireless-env: ENC[AES256_GCM,data:dUpD7WA/63Ku9V4+njANI0R6pKoG4+jBGU0OHx9rj8zLeDTTm2bD9N8Fvv/sKD46IMCDY/s6ggqbfZWZyy0umitSXDGvynenIBEcXKy2ueHewlHSzJzs5zswuid1LF/ny9mFah0/cIp7+o/aNBzwhjACzwTSZ3S4OX0qHBuqZUhMFlNQyJwTVNOwTspnSg7IggpppKPte/ryXMyUs2PWoAOUkhUEz216Eu4bf69M9lJTyUPEf7z1+pTAds4LqmtMRrE37GaJKb6HxH5+8ManonLnZMRbNNB03ZHTXw+j7EPoDO8eAEWb0+m3EygBS45e4jZXpbwByEWo3GRtoysGzm/2Xj7L4wMBVuVulV7ePLBdtHOFYIBu7S1E1S/TeCKbwsZC++asec8mH4PNohUzJCaeYavbrrnOkO7LuRzwCVsfAAzkQgpvo1tofnm2XRzHjcL7tj5yff+Ynio+Rf+jjIlbBgeNf/ZNsNpqUW3uq8Iggod1JVotgk3SFL14L4Y=,iv:EqvSQfLzHB8gP7vS7o5vNT8qFWGmXJNq5+pJMLKP7D0=,tag:1dphoQHLMFyz28lOJYWp0g==,type:str] +wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +14,8 @@ sops: UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-01T00:54:56Z" - mac: ENC[AES256_GCM,data:zwAv3vmTAhEoQpil+4tgweExbR1Vl5Vk3YJOhda2WHlVxXuZeN1wXOBOGVIFbwJOzcgY9nwcNfVlCKWXA/V3f8Znx+5mG72NbervLXmUpyBBfr9ALejlRrNT6r6r3BgPXuDHTw+66pq8L2oi3671D8rIWjddHtoJOmhNWv89ZoQ=,iv:oWdKV7bpRwGKcG0wCUUZ4qJhbk0JLkFhPRuk4JnHwQ0=,tag:A7EPpyjz2lugmkXGlnh8rQ==,type:str] + lastmodified: "2025-01-05T18:19:34Z" + mac: ENC[AES256_GCM,data:I3OlifI/TMO2Y1KZP7fku/00EN+Z9Rhu8LZmsihXK3DNVRhOQjUNOr9OkTCr+1DNVHHHMOsSXk5NyAXJA7Dv2o+8FLrgJrKBSzFetBktT6oHG0nm7l3jEt+1kPZUiXzcGvAUaxr9XdvH14iALf/zzoGHihod2j15ctx/mo5jTlg=,iv:ghPHZXdD/AUWE1kbkizZyLAUO5beOHhLIDRqDv2c33A=,tag:2J6ZTAzReSP0SYu2x2VtLQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2 diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix index bfeb542..0385a0f 100644 --- a/modules/root/secrets.nix +++ b/modules/root/secrets.nix @@ -7,7 +7,7 @@ age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt"; secrets = { - wireless-env = { }; + wpa_supplicant-conf = { }; }; }; diff --git a/modules/root/software.nix b/modules/root/software.nix deleted file mode 100644 index fcd3c00..0000000 --- a/modules/root/software.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software = { - desktop = { - enable = lib.mkEnableOption "enables desktop apps"; - extra.enable = lib.mkEnableOption "enables extra desktop apps"; - }; - dev = { - enable = lib.mkEnableOption "enables development utilities"; - extra.enable = lib.mkEnableOption "enables extra development utilities"; - }; - utils = { - enable = lib.mkEnableOption "enables general utilities"; - }; - }; - }; - - config = { - environment.systemPackages = with pkgs; pkgs.lib.optionals config.software.desktop.enable [ - # Desktop - alacritty - arandr - dmenu - firefox - libnotify - mpv - pavucontrol - pcmanfm - redshift - sxiv - wpa_supplicant_gui - zathura - ] ++ pkgs.lib.optionals config.software.desktop.extra.enable [ - # Desktop Extra - geeqie - gimp - inkscape - jellyfin-mpv-shim - libreoffice - localsend - qbittorrent - qdirstat - remmina - thunderbird - ungoogled-chromium - ] ++ pkgs.lib.optionals config.software.dev.enable [ - # Development - dash # TODO should be default /bin/sh - entr - gcc - git - gnumake - jq - lm_sensors - nmap - openssl - pkg-config - python3 - sassc - sslscan - wget - ] ++ pkgs.lib.optionals config.software.dev.extra.enable [ - # Development Extra - android-tools - cargo - hugo - lua - uhubctl - wireguard-tools - ] ++ pkgs.lib.optionals config.software.utils.enable [ - # Utilities - age - cryptsetup - fastfetch - htop - light - neovim - p7zip - powertop - pv - rsync - screen - scrot - smartmontools - sops - stress - testdisk - tmux - xxHash - (callPackage ../../derivations/lowbat {}) - (callPackage ../../derivations/pavolctld {}) - ]; - - # More desktop - programs.dconf.enable = config.software.desktop.enable; # For home-manager to configure gtk TODO this should be there instead - - # More utilities - programs.zsh.enable = config.software.utils.enable; - users.defaultUserShell = lib.mkIf config.software.utils.enable pkgs.zsh; - services.openssh.enable = config.software.utils.enable; - }; -} diff --git a/modules/root/software/awesome.nix b/modules/root/software/awesome.nix new file mode 100644 index 0000000..fdc86e8 --- /dev/null +++ b/modules/root/software/awesome.nix @@ -0,0 +1,20 @@ +{ pkgs, lib, config, ... }: { + options = { + xserver.awesome.enable = lib.mkEnableOption "enables awesomewm"; + }; + + config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) { + services.xserver.windowManager.awesome = { + enable = true; + noArgb = true; # disables transparency. why not? + luaModules = with pkgs.luajitPackages; [ + lgi + ]; + package = with pkgs; awesome.override { + gtk3Support = true; + gtk3 = gtk3; + lua = luajit; + }; + }; + }; +} diff --git a/modules/root/ddcutil.nix b/modules/root/software/ddcutil.nix index 93e0af5..93e0af5 100644 --- a/modules/root/ddcutil.nix +++ b/modules/root/software/ddcutil.nix diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix new file mode 100644 index 0000000..8d1e987 --- /dev/null +++ b/modules/root/software/default.nix @@ -0,0 +1,34 @@ +{ lib, config, ... }: { + imports = [ + ./awesome.nix + ./ddcutil.nix + ./desktop.nix + ./development.nix + ./docker.nix + ./system.nix + ./utilities.nix + ./virtualisation.nix + ]; + + software.desktop = { + enable = lib.mkDefault config.xserver.enable; + chromium.enable = lib.mkDefault false; + cad.enable = lib.mkDefault false; + crypto.enable = lib.mkDefault false; + firefox.enable = lib.mkDefault true; + graphics.enable = lib.mkDefault false; + office.enable = lib.mkDefault false; + utilities.enable = lib.mkDefault false; + }; + + software.development = { + enable = lib.mkDefault true; + docker = { + enable = lib.mkDefault false; + btrfsSupport = lib.mkDefault true; + }; + }; + + virtualisation.enable = lib.mkDefault false; + xserver.awesome.enable = lib.mkDefault true; +} diff --git a/modules/root/software/derivations b/modules/root/software/derivations new file mode 120000 index 0000000..a075779 --- /dev/null +++ b/modules/root/software/derivations @@ -0,0 +1 @@ +../../../derivations
\ No newline at end of file diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix new file mode 100644 index 0000000..eb0a5ff --- /dev/null +++ b/modules/root/software/desktop.nix @@ -0,0 +1,76 @@ +{ pkgs, lib, config, ... }: { + options = { + software.desktop = { + enable = lib.mkEnableOption "enables desktop apps"; + chromium = { + enable = lib.mkEnableOption "enables selected chromium browser package"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.ungoogled-chromium; + description = "chromium package to install"; + }; + }; + cad.enable = lib.mkEnableOption "enables cad and 3d printing apps"; + crypto.enable = lib.mkEnableOption "enables crypto wallet apps"; + firefox.enable = lib.mkEnableOption "enables firefox"; + graphics.enable = lib.mkEnableOption "enables graphic design apps"; + office.enable = lib.mkEnableOption "enables office apps"; + utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps"; + }; + }; + + config = lib.mkIf config.software.desktop.enable { + environment.systemPackages = with pkgs; [ + # Default + alacritty + arandr + dmenu + jellyfin-mpv-shim + libnotify + mpv + pavucontrol + pcmanfm + redshift + sxiv + wpa_supplicant_gui + zathura + ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ + # Chrome + config.software.desktop.chromium.package + ] ++ pkgs.lib.optionals config.software.desktop.cad.enable [ + # CAD + blender + freecad + prusa-slicer + ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ + # Crypto Wallets + bisq2 + electrum + monero-gui + ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ + # Graphics + blender + geeqie + gimp + inkscape + ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ + # Office + thunderbird + ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [ + # Misc Utilities + qbittorrent + qdirstat + remmina + ]; + + programs.localsend.enable = config.software.desktop.utilities.enable; # Installs & opens firewall + programs.firefox.enable = config.software.desktop.firefox.enable; + + # GVfs allows for mounting drives in a graphical file manager + services.gvfs.enable = true; + + # For home-manager to configure gtk + # TODO this should be there instead + programs.dconf.enable = config.software.desktop.enable; + }; +} diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix new file mode 100644 index 0000000..2a4dfba --- /dev/null +++ b/modules/root/software/development.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: { + options = { + software.development.enable = lib.mkEnableOption "enables development tools"; + }; + + config = lib.mkIf config.software.development.enable { + environment.systemPackages = with pkgs; [ + adb-sync + android-tools + gcc + git + gnumake + hugo + lua + pkg-config + ]; + }; +} diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix new file mode 100644 index 0000000..bf1898c --- /dev/null +++ b/modules/root/software/docker.nix @@ -0,0 +1,21 @@ +{ pkgs, lib, config, userDetails, ... }: { + options = { + software.development.docker = { + enable = lib.mkEnableOption "enables docker"; + btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs"; + }; + }; + + config = lib.mkIf config.software.development.docker.enable { + virtualisation.docker = { + enable = true; + storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs"; + }; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + + users.groups.docker.members = [ userDetails.username ]; + }; +} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix new file mode 100644 index 0000000..18cc8dd --- /dev/null +++ b/modules/root/software/system.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + age # Secrets + cryptsetup + dash # TODO should be default /bin/sh + exfat + git # Needed for home-manager + python3 + sops # Secrets + ]; +} diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix new file mode 100644 index 0000000..dabf163 --- /dev/null +++ b/modules/root/software/utilities.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + entr + fastfetch + ffmpeg + htop + jq + light + lm_sensors + mediainfo + neovim + nmap + openssl + p7zip + powertop + pv + rsync + screen + smartmontools + sslscan + stress + testdisk + tmux + uhubctl + wget + wireguard-tools + xxHash + yt-dlp + (callPackage ./derivations/lowbat {}) + (callPackage ./derivations/pavolctld {}) + ]; +} diff --git a/modules/root/virtualisation.nix b/modules/root/software/virtualisation.nix index d57d43e..4ae15f5 100644 --- a/modules/root/virtualisation.nix +++ b/modules/root/software/virtualisation.nix @@ -5,6 +5,6 @@ config = lib.mkIf config.virtualisation.enable { virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; + programs.virt-manager.enable = config.software.desktop.enable; }; } diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix new file mode 100644 index 0000000..9f6d54d --- /dev/null +++ b/modules/root/ssh.nix @@ -0,0 +1,8 @@ +{ + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + }; + }; +} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix index 880d436..542cfd7 100644 --- a/modules/root/wifi.nix +++ b/modules/root/wifi.nix @@ -1,18 +1,4 @@ -{ pkgs, lib, config, ... }: -let - mkNetworksFromEnvironmentFile = n: builtins.listToAttrs ( - map (i: { - name = "@SSID_${toString i}@"; - value = { - psk = "@PSK_${toString i}@"; - priority = n - i; - }; - }) (lib.lists.range 1 n) - ); - environmentFile = config.sops.secrets.wireless-env.path; - #networks = mkNetworksFromEnvironmentFile ((builtins.length (lib.strings.splitString "\n" (builtins.readFile environmentFile))) / 2); - networks = mkNetworksFromEnvironmentFile 9; # Number of networks listed in wireless-env -in { +{ lib, config, ... }: { options = { wifi.enable = lib.mkEnableOption "enables wifi"; }; @@ -21,8 +7,12 @@ in { networking.wireless = { enable = true; # Enables wireless support via wpa_supplicant. userControlled.enable = true; - inherit networks; - inherit environmentFile; + allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) + }; + + # Link /etc/wpa_supplicant.conf -> secret config + environment.etc."wpa_supplicant.conf" = { + source = config.sops.secrets.wpa_supplicant-conf.path; }; }; } diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix new file mode 100644 index 0000000..697cb4c --- /dev/null +++ b/modules/root/zsh.nix @@ -0,0 +1,10 @@ +{ lib, config, pkgs, ... }: { + options = { + zsh.enable = lib.mkEnableOption "use zsh as default shell"; + }; + + config = lib.mkIf config.zsh.enable { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + }; +} @@ -7,7 +7,7 @@ sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.ta ff violentmonkey userscripts pcmanfm config FIX fonts.fontconfig.antialias = false && gtk font override on librex60 -cursor size changing all the time +libreoffice calibre dark+svg icon theme and dark mode # Secrets fix firefox no show http/s and no hist |