summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.sops.yaml18
-rw-r--r--archetypes/collections/bluetooth.nix12
-rw-r--r--archetypes/collections/desktop/cad.nix15
-rw-r--r--archetypes/collections/desktop/chromium.nix18
-rw-r--r--archetypes/collections/desktop/crypto.nix13
-rw-r--r--archetypes/collections/desktop/default.nix13
-rw-r--r--archetypes/collections/desktop/extra.nix17
-rw-r--r--archetypes/collections/desktop/firefox.nix12
-rw-r--r--archetypes/collections/desktop/graphics.nix16
-rw-r--r--archetypes/collections/desktop/office.nix18
-rw-r--r--archetypes/collections/desktop/utilities.nix29
-rw-r--r--archetypes/collections/desktop/xserver.nix34
-rw-r--r--archetypes/collections/development/default.nix45
-rw-r--r--archetypes/collections/development/docker.nix23
-rw-r--r--archetypes/collections/fonts.nix16
-rw-r--r--archetypes/collections/utilities.nix (renamed from modules/root/software/utilities.nix)7
-rw-r--r--archetypes/collections/virtualization.nix22
-rw-r--r--archetypes/default.nix13
-rw-r--r--archetypes/profiles/desktop/default.nix101
-rw-r--r--archetypes/profiles/headless/default.nix31
-rw-r--r--derivations/lowbat/default.nix30
-rw-r--r--derivations/pavolctld/default.nix29
-rw-r--r--derivations/st/default.nix50
-rw-r--r--flake.lock118
-rw-r--r--flake.nix60
-rw-r--r--home-manager/clone-repos.nix40
-rw-r--r--home-manager/default.nix19
-rw-r--r--home-manager/firefox.nix91
-rw-r--r--home-manager/fontconfig.nix83
-rw-r--r--home-manager/home-cleanup.nix21
-rw-r--r--home-manager/htop.nix46
-rw-r--r--home-manager/mint-theme.nix43
-rw-r--r--home-manager/pcmanfm.nix15
-rw-r--r--home-manager/qt-gtk-theme.nix15
-rw-r--r--home-manager/redshift.nix18
-rw-r--r--home-manager/resources/activation-scripts/clone-repos.sh19
-rw-r--r--home-manager/resources/firefox/uiCustomization.json (renamed from modules/home/resources/firefox/uiCustomization.json)0
-rw-r--r--home-manager/resources/firefox/userChrome.css (renamed from modules/home/resources/firefox/userChrome.css)11
-rw-r--r--home-manager/resources/fontconfig/90-commit-mono-options.conf17
-rw-r--r--home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf14
-rw-r--r--home-manager/resources/pcmanfm/root.desktop (renamed from modules/home/resources/pcmanfm/root.desktop)0
-rw-r--r--home-manager/resources/xdg-mime/audio65
-rw-r--r--home-manager/resources/xdg-mime/email6
-rw-r--r--home-manager/resources/xdg-mime/image14
-rw-r--r--home-manager/resources/xdg-mime/pdf4
-rw-r--r--home-manager/resources/xdg-mime/text15
-rw-r--r--home-manager/resources/xdg-mime/video55
-rw-r--r--home-manager/theme-st.nix42
-rw-r--r--home-manager/wallpapers.nix17
-rw-r--r--home-manager/xdg-mime.nix42
-rw-r--r--hosts/T495/configuration.nix82
-rw-r--r--hosts/T495/hardware-configuration.nix (renamed from modules/hosts/T495/hardware-configuration.nix)0
-rw-r--r--hosts/T495/resources/secrets/wg0.yaml (renamed from modules/hosts/T495/resources/secrets/wg0.yaml)0
-rw-r--r--hosts/T495/wg.nix (renamed from modules/hosts/T495/wg.nix)0
-rw-r--r--hosts/X230/configuration.nix52
-rw-r--r--hosts/X230/hardware-configuration.nix (renamed from modules/hosts/T430/hardware-configuration.nix)21
-rw-r--r--hosts/flex-wg-router/configuration.nix17
-rw-r--r--hosts/flex-wg-router/hardware-configuration.nix45
-rw-r--r--hosts/hp-envy-office/configuration.nix63
-rw-r--r--hosts/hp-envy-office/hardware-configuration.nix (renamed from modules/hosts/hp-envy-office/hardware-configuration.nix)0
-rw-r--r--hosts/libreX60/bios-flashing.nix8
-rw-r--r--hosts/libreX60/configuration.nix63
-rw-r--r--hosts/libreX60/hardware-configuration.nix46
-rw-r--r--hosts/libreX60/powertop-auto-tune.nix17
-rw-r--r--hosts/optiplex/configuration.nix88
-rw-r--r--hosts/optiplex/hardware-configuration.nix (renamed from modules/hosts/optiplex/hardware-configuration.nix)0
-rw-r--r--hosts/poweredge/configuration.nix19
-rw-r--r--lib/default.nix3
-rw-r--r--lib/mkprofile.nix22
-rw-r--r--modules/home/alacritty.nix67
-rw-r--r--modules/home/chrome.nix28
-rw-r--r--modules/home/default.nix24
-rw-r--r--modules/home/firefox.nix80
-rw-r--r--modules/home/git.nix7
-rw-r--r--modules/home/gtk-bookmarks.nix17
-rw-r--r--modules/home/htop.nix38
-rw-r--r--modules/home/initial-home-setup.nix22
-rw-r--r--modules/home/pcmanfm.nix6
-rw-r--r--modules/home/resources/activation-scripts/clone-repos.sh24
-rw-r--r--modules/home/theme.nix74
-rw-r--r--modules/home/wallpapers.nix14
-rw-r--r--modules/hosts/T430/configuration.nix18
-rw-r--r--modules/hosts/T430/home.nix6
-rw-r--r--modules/hosts/T495/configuration.nix41
-rw-r--r--modules/hosts/T495/games.nix7
-rw-r--r--modules/hosts/T495/home.nix13
-rw-r--r--modules/hosts/T495/input-leap.nix11
-rw-r--r--modules/hosts/T495/resources/input-leap/input-leap.conf12
-rw-r--r--modules/hosts/hp-envy-office/configuration.nix39
-rw-r--r--modules/hosts/hp-envy-office/home.nix12
-rw-r--r--modules/hosts/libreX60/configuration.nix14
-rw-r--r--modules/hosts/libreX60/home.nix8
-rw-r--r--modules/hosts/optiplex/configuration.nix50
-rw-r--r--modules/hosts/optiplex/home.nix7
-rw-r--r--modules/root/autologin.nix13
-rw-r--r--modules/root/bluetooth.nix10
-rw-r--r--modules/root/bootloader.nix43
-rw-r--r--modules/root/default.nix50
-rw-r--r--modules/root/doas.nix19
-rw-r--r--modules/root/fonts.nix16
-rw-r--r--modules/root/home-manager.nix11
-rw-r--r--modules/root/localization.nix5
-rw-r--r--modules/root/nas.nix36
-rw-r--r--modules/root/normaluser.nix12
-rw-r--r--modules/root/pipewire.nix12
-rw-r--r--modules/root/resources/secrets/secrets.yaml22
-rw-r--r--modules/root/resources/x11/xinit-startx-xdg.patch14
-rw-r--r--modules/root/secrets.nix30
-rw-r--r--modules/root/software/default.nix34
l---------modules/root/software/derivations1
-rw-r--r--modules/root/software/desktop.nix79
-rw-r--r--modules/root/software/development.nix18
-rw-r--r--modules/root/software/docker.nix21
-rw-r--r--modules/root/software/system.nix13
-rw-r--r--modules/root/software/virtualisation.nix10
-rw-r--r--modules/root/ssh.nix8
-rw-r--r--modules/root/tlp.nix9
-rw-r--r--modules/root/wifi.nix18
-rw-r--r--modules/root/x11.nix30
-rw-r--r--modules/root/zsh.nix10
-rw-r--r--nixos/bootloader.nix48
-rw-r--r--nixos/default.nix26
-rw-r--r--nixos/doas.nix17
-rw-r--r--nixos/filesystems.nix (renamed from modules/root/software/ddcutil.nix)5
-rw-r--r--nixos/geoclue.nix14
-rw-r--r--nixos/hosts.nix4
-rw-r--r--nixos/net-iface-labels.nix28
-rw-r--r--nixos/nix.nix (renamed from modules/root/nix.nix)0
-rw-r--r--nixos/pipewire.nix14
-rw-r--r--nixos/powerkeys.nix (renamed from modules/root/powerkeys.nix)0
-rw-r--r--nixos/printing.nix18
-rw-r--r--nixos/programs/awesome.nix (renamed from modules/root/software/awesome.nix)10
-rw-r--r--nixos/programs/ddcutil.nix12
-rw-r--r--nixos/programs/home-manager.nix15
-rw-r--r--nixos/secrets.nix8
-rw-r--r--nixos/services/cgit.nix142
-rw-r--r--nixos/services/gitea.nix58
-rw-r--r--nixos/services/searxng.nix120
-rw-r--r--nixos/ssh.nix16
-rw-r--r--nixos/sudo.nix15
-rw-r--r--nixos/suspend.nix18
-rw-r--r--pkgs/crazydiskinfo/default.nix41
-rw-r--r--pkgs/default.nix31
-rw-r--r--pkgs/lowbat/default.nix28
-rw-r--r--pkgs/st/overrides.nix19
-rw-r--r--pkgs/xerox-workcentre-7800-series-driver/default.nix86
-rw-r--r--pkgs/xorg/overrides.nix20
-rwxr-xr-xrebuild2
-rw-r--r--users/default.nix5
-rw-r--r--users/timmy/default.nix105
-rw-r--r--users/timmy/hosts.nix (renamed from modules/root/hosts.nix)1
-rw-r--r--users/timmy/localization.nix12
-rw-r--r--users/timmy/nas.nix35
-rw-r--r--users/timmy/printing.nix (renamed from modules/root/printing.nix)30
-rw-r--r--users/timmy/resources/secrets/hashed-root-password.yaml25
-rw-r--r--users/timmy/resources/secrets/wpa_supplicant-conf.yaml16
-rw-r--r--users/timmy/user.nix22
-rw-r--r--users/timmy/wifi.nix38
158 files changed, 2855 insertions, 1450 deletions
diff --git a/.sops.yaml b/.sops.yaml
index a49783e..2a6aa9b 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,19 @@
keys:
- - &SSHDerived age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ - &general age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ - &flex-wg-router age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
creation_rules:
- - path_regex: secrets/.*.yaml$
+ - path_regex: timmy/resources/secrets/hashed-root-password.yaml
key_groups:
- age:
- - *SSHDerived
+ - *general
+ - *flex-wg-router
+
+ - path_regex: timmy/resources/secrets/wpa_supplicant-conf.yaml
+ key_groups:
+ - age:
+ - *general
+
+ - path_regex: T495/resources/secrets/wg0.yaml
+ key_groups:
+ - age:
+ - *general
diff --git a/archetypes/collections/bluetooth.nix b/archetypes/collections/bluetooth.nix
new file mode 100644
index 0000000..749a9f1
--- /dev/null
+++ b/archetypes/collections/bluetooth.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.bluetooth;
+in {
+ options._archetypes.collections.bluetooth = {
+ enable = lib.mkEnableOption "enables bluetooth and blueman";
+ };
+
+ config = lib.mkIf cfg.enable {
+ hardware.bluetooth.enable = true;
+ services.blueman.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME
+ };
+}
diff --git a/archetypes/collections/desktop/cad.nix b/archetypes/collections/desktop/cad.nix
new file mode 100644
index 0000000..33edcd5
--- /dev/null
+++ b/archetypes/collections/desktop/cad.nix
@@ -0,0 +1,15 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.cad;
+in {
+ options._archetypes.collections.desktop.cad = {
+ enable = lib.mkEnableOption "install cad and 3d printing software";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ blender
+ freecad
+ prusa-slicer
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/chromium.nix b/archetypes/collections/desktop/chromium.nix
new file mode 100644
index 0000000..b4638f0
--- /dev/null
+++ b/archetypes/collections/desktop/chromium.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.chromium;
+in {
+ options._archetypes.collections.desktop.chromium = {
+ enable = lib.mkEnableOption "install chromium browser";
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.ungoogled-chromium;
+ description = "chromium package to install";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = [
+ cfg.package
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/crypto.nix b/archetypes/collections/desktop/crypto.nix
new file mode 100644
index 0000000..f90919e
--- /dev/null
+++ b/archetypes/collections/desktop/crypto.nix
@@ -0,0 +1,13 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.crypto;
+in {
+ options._archetypes.collections.desktop.crypto = {
+ enable = lib.mkEnableOption "install crypto wallets";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ sparrow
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/default.nix b/archetypes/collections/desktop/default.nix
new file mode 100644
index 0000000..bbca8df
--- /dev/null
+++ b/archetypes/collections/desktop/default.nix
@@ -0,0 +1,13 @@
+{
+ imports = [
+ ./cad.nix
+ ./chromium.nix
+ ./crypto.nix
+ ./extra.nix
+ ./firefox.nix
+ ./graphics.nix
+ ./office.nix
+ ./utilities.nix
+ ./xserver.nix
+ ];
+}
diff --git a/archetypes/collections/desktop/extra.nix b/archetypes/collections/desktop/extra.nix
new file mode 100644
index 0000000..c3af43b
--- /dev/null
+++ b/archetypes/collections/desktop/extra.nix
@@ -0,0 +1,17 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.extraUtilities;
+in {
+ options._archetypes.collections.desktop.extraUtilities = {
+ enable = lib.mkEnableOption "install extra desktop utilities";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ jellyfin-mpv-shim
+ qbittorrent
+ qdirstat
+ qdiskinfo
+ remmina
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/firefox.nix b/archetypes/collections/desktop/firefox.nix
new file mode 100644
index 0000000..02656f6
--- /dev/null
+++ b/archetypes/collections/desktop/firefox.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.firefox;
+in {
+ options._archetypes.collections.desktop.firefox = {
+ enable = lib.mkEnableOption "install firefox";
+ };
+
+ config = lib.mkIf cfg.enable {
+ programs.firefox.enable = true;
+ };
+}
+
diff --git a/archetypes/collections/desktop/graphics.nix b/archetypes/collections/desktop/graphics.nix
new file mode 100644
index 0000000..f4242d1
--- /dev/null
+++ b/archetypes/collections/desktop/graphics.nix
@@ -0,0 +1,16 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.graphics;
+in {
+ options._archetypes.collections.desktop.graphics = {
+ enable = lib.mkEnableOption "install graphic design software";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ blender
+ geeqie
+ gimp3
+ inkscape
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/office.nix b/archetypes/collections/desktop/office.nix
new file mode 100644
index 0000000..23e6862
--- /dev/null
+++ b/archetypes/collections/desktop/office.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.office;
+in {
+ options._archetypes.collections.desktop.office = {
+ enable = lib.mkEnableOption "install office software";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ hunspell # Spell checking in libreoffice
+ hunspellDicts.en_US
+ kdePackages.okular
+ libreoffice
+ pdfchain
+ thunderbird
+ ];
+ };
+}
diff --git a/archetypes/collections/desktop/utilities.nix b/archetypes/collections/desktop/utilities.nix
new file mode 100644
index 0000000..43d4973
--- /dev/null
+++ b/archetypes/collections/desktop/utilities.nix
@@ -0,0 +1,29 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.utilities;
+in {
+ options._archetypes.collections.desktop.utilities = {
+ enable = lib.mkEnableOption "install basic desktop utilities";
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ arandr
+ dmenu
+ libnotify
+ lowbat
+ mpv
+ pavolctld
+ pavucontrol
+ pcmanfm
+ redshift
+ scrot
+ st
+ sxiv
+ wpa_supplicant_gui
+ zathura
+ ];
+
+ programs.localsend.enable = true; # Installs & opens firewall
+ services.gvfs.enable = true; # GVfs allows for mounting drives in a graphical file manager
+ };
+}
diff --git a/archetypes/collections/desktop/xserver.nix b/archetypes/collections/desktop/xserver.nix
new file mode 100644
index 0000000..4cbdae8
--- /dev/null
+++ b/archetypes/collections/desktop/xserver.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.desktop.xserver;
+in {
+ options._archetypes.collections.desktop.xserver = {
+ enable = lib.mkEnableOption "installs xserver";
+ utilities.enable = lib.mkEnableOption "installs basic xserver utilities";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.xserver.enable = true;
+ services.xserver.displayManager.startx.enable = true;
+ services.libinput.enable = true; # Enable touchpad support
+
+ # Install basic X utilities
+ environment.systemPackages = with pkgs; lib.optionals cfg.utilities.enable [
+ unclutter
+ xcape
+ xclip
+ xdotool
+ xorg.setxkbmap
+ xorg.xinput
+ xorg.xkill
+ xorg.xrandr
+ xorg.xset
+ xwallpaper
+ ];
+
+ # Enable TearFree option by default
+ # Not all video drivers support this option
+ services.xserver.deviceSection = ''
+ Option "TearFree" "true"
+ '';
+ };
+}
diff --git a/archetypes/collections/development/default.nix b/archetypes/collections/development/default.nix
new file mode 100644
index 0000000..87fe2d2
--- /dev/null
+++ b/archetypes/collections/development/default.nix
@@ -0,0 +1,45 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.development;
+ hugoFirewallPort = 1313;
+in {
+ imports = [
+ ./docker.nix
+ ];
+
+ options._archetypes.collections.development = {
+ utilities.enable = lib.mkEnableOption "install basic dev utilities";
+ android.enable = lib.mkEnableOption "install android dev tools";
+ c.enable = lib.mkEnableOption "install c dev tools";
+ lua.enable = lib.mkEnableOption "install lua dev tools";
+ web = {
+ hugo = {
+ enable = lib.mkEnableOption "install hugo";
+ openFirewall = lib.mkEnableOption "open the port ${hugoFirewallPort} for viewing content from hugo serve on other devices";
+ };
+ node.enable = lib.mkEnableOption "install node";
+ };
+ };
+
+ config = {
+ environment.systemPackages = with pkgs; [
+ git
+ python3
+ ] ++ lib.optionals cfg.android.enable [
+ #adb-sync
+ android-tools
+ ] ++ lib.optionals cfg.c.enable [
+ gcc
+ git
+ gnumake
+ pkg-config
+ ] ++ lib.optionals cfg.lua.enable [
+ lua
+ ] ++ lib.optionals cfg.web.hugo.enable [
+ hugo
+ ] ++ lib.optionals cfg.web.node.enable [
+ nodejs
+ ];
+
+ networking.firewall.allowedTCPPorts = lib.mkIf cfg.web.hugo.openFirewall [ hugoFirewallPort ];
+ };
+}
diff --git a/archetypes/collections/development/docker.nix b/archetypes/collections/development/docker.nix
new file mode 100644
index 0000000..629dff3
--- /dev/null
+++ b/archetypes/collections/development/docker.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.development.docker;
+in {
+ options._archetypes.collections.development.docker = {
+ enable = lib.mkEnableOption "enables docker";
+ btrfsSupport = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ description = "Changes docker storageDriver to btrfs.";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ virtualisation.docker = {
+ enable = true;
+ storageDriver = lib.mkIf cfg.btrfsSupport "btrfs";
+ };
+
+ environment.systemPackages = with pkgs; [
+ docker-compose
+ ];
+ };
+}
diff --git a/archetypes/collections/fonts.nix b/archetypes/collections/fonts.nix
new file mode 100644
index 0000000..136e31b
--- /dev/null
+++ b/archetypes/collections/fonts.nix
@@ -0,0 +1,16 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.fonts;
+in {
+ options._archetypes.collections.fonts = {
+ enable = lib.mkEnableOption "enables fonts";
+ };
+
+ config = lib.mkIf cfg.enable {
+ fonts.packages = with pkgs; [
+ commit-mono
+ inter
+ nerd-fonts.jetbrains-mono
+ tamzen
+ ];
+ };
+}
diff --git a/modules/root/software/utilities.nix b/archetypes/collections/utilities.nix
index dabf163..85763a4 100644
--- a/modules/root/software/utilities.nix
+++ b/archetypes/collections/utilities.nix
@@ -1,5 +1,7 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
+ crazydiskinfo
+ dash # TODO should be default /bin/sh
entr
fastfetch
ffmpeg
@@ -22,11 +24,12 @@
testdisk
tmux
uhubctl
+ vimv-rs
wget
wireguard-tools
xxHash
yt-dlp
- (callPackage ./derivations/lowbat {})
- (callPackage ./derivations/pavolctld {})
];
+
+ services.gpm.enable = true;
}
diff --git a/archetypes/collections/virtualization.nix b/archetypes/collections/virtualization.nix
new file mode 100644
index 0000000..fda0e48
--- /dev/null
+++ b/archetypes/collections/virtualization.nix
@@ -0,0 +1,22 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config._archetypes.collections.virtualization;
+in {
+ options._archetypes.collections.virtualization = {
+ enable = lib.mkEnableOption "enables virtualization and virt-manager";
+ };
+
+ config = lib.mkIf cfg.enable {
+ virtualisation = {
+ spiceUSBRedirection.enable = true;
+ libvirtd.enable = true;
+ # Enable efi support with ovmf firmware
+ libvirtd.qemu = {
+ package = pkgs.qemu_kvm;
+ runAsRoot = true;
+ swtpm.enable = true;
+ ovmf.enable = true;
+ };
+ };
+ programs.virt-manager.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME
+ };
+}
diff --git a/archetypes/default.nix b/archetypes/default.nix
new file mode 100644
index 0000000..52e5eaa
--- /dev/null
+++ b/archetypes/default.nix
@@ -0,0 +1,13 @@
+{
+ imports = [
+ ./collections/bluetooth.nix
+ ./collections/desktop
+ ./collections/development
+ ./collections/fonts.nix
+ ./collections/utilities.nix
+ ./collections/virtualization.nix
+
+ ./profiles/desktop
+ ./profiles/headless
+ ];
+}
diff --git a/archetypes/profiles/desktop/default.nix b/archetypes/profiles/desktop/default.nix
new file mode 100644
index 0000000..dd2121e
--- /dev/null
+++ b/archetypes/profiles/desktop/default.nix
@@ -0,0 +1,101 @@
+{ lib, config, pkgs, ... }: let
+ mkDesktop = lib.mkOverride 920;
+
+ nixosConfig = {
+ _archetypes.collections = {
+ desktop = {
+ utilities.enable = mkDesktop true;
+ firefox.enable = mkDesktop true;
+ xserver = {
+ enable = mkDesktop true;
+ utilities.enable = mkDesktop true;
+ };
+ };
+ development = {
+ utilities.enable = mkDesktop true;
+ };
+ fonts.enable = mkDesktop true;
+ };
+
+ security = {
+ _doas.enable = mkDesktop true;
+ };
+
+ programs = {
+ _ddcutil.enable = mkDesktop true;
+ _home-manager.enable = mkDesktop true;
+ };
+
+ services = {
+ xserver = {
+ windowManager._awesome.enable = mkDesktop true;
+ enableTearFree = mkDesktop true;
+ };
+ _geoclue2.enable = mkDesktop true;
+ _pipewire.enable = mkDesktop true;
+ _printing.enable = mkDesktop true;
+ _ssh.enable = mkDesktop true;
+ tlp.enable = mkDesktop true;
+
+ # Ensure video group can change backlight
+ udev.extraRules = mkDesktop ''
+ SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+ '';
+ };
+ };
+
+ homeConfig = {
+ gtk = {
+ enable = mkDesktop true;
+ _mintTheme.enable = mkDesktop true;
+ font.name = mkDesktop "sans-serif";
+ cursorTheme.name = mkDesktop "Adwaita";
+ };
+
+ qt._gtkPlatformTheme.enable = mkDesktop true;
+
+ fonts.fontconfig = {
+ enable = mkDesktop true;
+ defaultFonts = {
+ # These fonts are added above in fonts collection
+ sansSerif = mkDesktop [ "Inter" ];
+ monospace = mkDesktop [ "CommitMono" ];
+ };
+ };
+
+ programs = {
+ _pcmanfm.openAsRootOption.enable = mkDesktop true;
+ firefox._configure = mkDesktop true;
+ htop._configure = mkDesktop true;
+ zathura = {
+ enable = mkDesktop true;
+ options = {
+ selection-clipboard = mkDesktop "clipboard"; # Copy highlighted text
+ };
+ };
+ };
+
+ services = {
+ _redshift.enable = true;
+ };
+
+ home._repos = {
+ enable = mkDesktop true;
+ desktop = mkDesktop true;
+ };
+
+ xdg.mimeApps._defaultCategoryApplications = {
+ enable = true;
+ categoryApplications = {
+ audio = [ "mpv" ];
+ email = [ "thunderbird" ];
+ image = [ "sxiv" ];
+ pdf = [ "org.pwmt.zathura-pdf-mupdf" ];
+ text = [ "nvim" ];
+ video = [ "mpv" ];
+ };
+ };
+ };
+in {
+ imports = [ (lib._mkProfileArchetype "desktop" nixosConfig homeConfig) ];
+}
diff --git a/archetypes/profiles/headless/default.nix b/archetypes/profiles/headless/default.nix
new file mode 100644
index 0000000..b391076
--- /dev/null
+++ b/archetypes/profiles/headless/default.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }: let
+ mkHeadless = lib.mkOverride 910;
+
+ nixosConfig = {
+ _archetypes.collections = {
+ development = {
+ utilities.enable = mkHeadless true;
+ };
+ };
+
+ security = {
+ _doas.enable = mkHeadless true;
+ };
+
+ programs = {
+ _ddcutil.enable = mkHeadless true;
+ };
+
+ services = {
+ _ssh.enable = mkHeadless true;
+ };
+ };
+
+ homeConfig = {
+ home._repos = {
+ enable = mkHeadless true;
+ };
+ };
+in {
+ imports = [ (lib._mkProfileArchetype "headless" nixosConfig homeConfig) ];
+}
diff --git a/derivations/lowbat/default.nix b/derivations/lowbat/default.nix
deleted file mode 100644
index 02ff111..0000000
--- a/derivations/lowbat/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-
-pkgs.stdenv.mkDerivation rec {
- pname = "lowbat";
- version = "1.2.1";
-
- src = pkgs.fetchzip {
- url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz";
- sha256 = "sha256-xsUHdmicHX/fQQgojVjWfzI82e4NezkmlACOpdPxLE0=";
- };
-
- nativeBuildInputs = [ pkgs.pkg-config ];
- buildInputs = [ pkgs.libnotify pkgs.glib ];
-
- buildPhase = ''
- make
- '';
-
- installPhase = ''
- mkdir -p $out/bin $out/share/man/man1
- cp lowbat $out/bin/
- cp lowbat.1 $out/share/man/man1/
- '';
-
- meta = with pkgs.lib; {
- description = "A minimal battery level monitor daemon, written in C";
- license = licenses.mit;
- maintainers = [ maintainers.tjkeller ];
- };
-}
diff --git a/derivations/pavolctld/default.nix b/derivations/pavolctld/default.nix
deleted file mode 100644
index c78e3fe..0000000
--- a/derivations/pavolctld/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-
-pkgs.stdenv.mkDerivation rec {
- pname = "pavolctld";
- version = "1.0.0";
-
- src = pkgs.fetchzip {
- url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz";
- sha256 = "sha256-eJ5njP2wu2kxsNgDdULOaATJJarLh+LkM5M9+kujRt4=";
- };
-
- buildInputs = [ pkgs.libpulseaudio ];
-
- buildPhase = ''
- make
- '';
-
- installPhase = ''
- mkdir -p $out/bin $out/share/man/man1
- cp pavolctld $out/bin/
- cp pavolctld.1 $out/share/man/man1/
- '';
-
- meta = with pkgs.lib; {
- description = "A minimal PulseAudio volume control/monitoring daemon";
- license = licenses.mit;
- maintainers = [ maintainers.tjkeller ];
- };
-}
diff --git a/derivations/st/default.nix b/derivations/st/default.nix
deleted file mode 100644
index eb7c6bc..0000000
--- a/derivations/st/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
- lib,
- stdenv,
- fetchzip,
- fontconfig,
- libX11,
- libXcursor,
- libXext,
- libXft,
- ncurses,
- pkg-config,
-}:
-
-stdenv.mkDerivation rec {
- pname = "st";
- version = "tj-0.9.2.2";
-
- src = fetchzip {
- url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz";
- sha256 = "sha256-p1u7TEeLeC5Kjvi8na4YhyQQ0qdPaUWZL6hq9O4HaKA=";
- };
-
- nativeBuildInputs = [
- pkg-config
- ];
- buildInputs = [
- fontconfig
- libX11
- libXcursor
- libXext
- libXft
- ncurses
- ];
-
- installPhase = ''
- runHook preInstall
-
- TERMINFO=$out/share/terminfo make install PREFIX=$out
-
- runHook postInstall
- '';
-
- meta = with lib; {
- homepage = "https://git.tjkeller.xyz/st";
- description = "My st with various patches";
- mainProgram = "st";
- license = licenses.mit;
- maintainers = [ maintainers.tjkeller ];
- };
-}
diff --git a/flake.lock b/flake.lock
index 696cf81..5596cce 100644
--- a/flake.lock
+++ b/flake.lock
@@ -3,18 +3,17 @@
"arkenfox": {
"inputs": {
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit": "pre-commit"
},
"locked": {
- "lastModified": 1725263787,
- "narHash": "sha256-OSNjus8VSkLCSikN6Qeq+II1bwqTRJEwl6NJvFoQHoE=",
+ "lastModified": 1751321356,
+ "narHash": "sha256-7vrKgcIg7jOHVEJrpfjNjcqZnsAoXnJvKK8NuV1x2kU=",
"owner": "dwarfmaster",
"repo": "arkenfox-nixos",
- "rev": "72addd96455cce49c0c8524c53aecd02cf20adec",
+ "rev": "3f04af64f37dad55446417fc2f8c6cf754fde879",
"type": "github"
},
"original": {
@@ -26,11 +25,11 @@
"flake-compat": {
"flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "lastModified": 1747046372,
+ "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
@@ -55,24 +54,6 @@
"type": "github"
}
},
- "flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -102,27 +83,27 @@
]
},
"locked": {
- "lastModified": 1733951536,
- "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=",
+ "lastModified": 1756679287,
+ "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f",
+ "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-24.11",
+ "ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
- "lastModified": 1719082008,
- "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
+ "lastModified": 1730768919,
+ "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9693852a2070b398ee123a329e68f0dab5526681",
+ "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
@@ -132,50 +113,18 @@
"type": "github"
}
},
- "nixpkgs-stable": {
- "locked": {
- "lastModified": 1720386169,
- "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable_2": {
- "locked": {
- "lastModified": 1729357638,
- "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "release-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nixpkgs_2": {
"locked": {
- "lastModified": 1734083684,
- "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
+ "lastModified": 1756617294,
+ "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
+ "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-24.11",
+ "ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
@@ -184,15 +133,14 @@
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
- "nixpkgs": "nixpkgs",
- "nixpkgs-stable": "nixpkgs-stable"
+ "nixpkgs": "nixpkgs"
},
"locked": {
- "lastModified": 1724857454,
- "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
+ "lastModified": 1750779888,
+ "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
- "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
+ "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
@@ -213,15 +161,14 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
- ],
- "nixpkgs-stable": "nixpkgs-stable_2"
+ ]
},
"locked": {
- "lastModified": 1729394972,
- "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=",
+ "lastModified": 1754988908,
+ "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5",
+ "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
@@ -229,21 +176,6 @@
"repo": "sops-nix",
"type": "github"
}
- },
- "systems": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 547d9db..c9e7d41 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,69 +2,67 @@ rec {
description = "TimmyOS System Config";
inputs = {
- nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
-
home-manager = {
- url = "github:nix-community/home-manager/release-24.11";
+ url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
-
arkenfox = {
url = "github:dwarfmaster/arkenfox-nixos";
inputs.nixpkgs.follows = "nixpkgs";
};
};
- outputs = { nixpkgs, home-manager, arkenfox, ... }@inputs :
+ outputs = { nixpkgs, ... }@inputs :
let
system = "x86_64-linux";
- pkgs = nixpkgs.legacyPackages.${system};
- userDetails = {
- username = "timmy";
- home.root = "/home/timmy";
- home.downloads = "/home/timmy/dls";
- home.documents = "/home/timmy/docs";
- home.pictures = "/home/timmy/pics";
- email = "tjkeller.xyz";
- fullname = "Tim Keller";
- };
+ extLib = nixpkgs.lib.extend (final: prev: import ./lib);
mkNixosConfiguration = hostname: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
- inherit userDetails;
+ inherit hostname;
+ lib = extLib;
};
modules = [
- ./modules/hosts/${hostname}/configuration.nix
- ./modules/root
- home-manager.nixosModules.home-manager {
+ ./hosts/${hostname}/configuration.nix
+ ./hosts/${hostname}/hardware-configuration.nix
+ ./archetypes
+ ./nixos
+ ./pkgs
+ ./users
+ inputs.sops-nix.nixosModules.sops
+ inputs.home-manager.nixosModules.home-manager {
home-manager = {
- backupFileExtension = "backup";
+ backupFileExtension = "backup"; # In case file is overwritten
useGlobalPkgs = true;
useUserPackages = true;
- users.${userDetails.username} = import ./modules/home;
- extraSpecialArgs = {
- inherit userDetails;
- };
sharedModules = [
inputs.arkenfox.hmModules.arkenfox
- ./modules/hosts/${hostname}/home.nix
+ ./home-manager
];
};
}
];
};
in {
- nixosConfigurations = {
- T430 = mkNixosConfiguration "T430";
- T495 = mkNixosConfiguration "T495";
- hp-envy-office = mkNixosConfiguration "hp-envy-office";
- optiplex = mkNixosConfiguration "optiplex";
- };
+ nixosConfigurations = builtins.listToAttrs (map (hostname: {
+ name = hostname;
+ value = mkNixosConfiguration hostname;
+ }) [
+ # Configured system hostnames go here
+ "T495"
+ "X230"
+ "flex-wg-router"
+ "hp-envy-office"
+ "libreX60"
+ "optiplex"
+ "poweredge"
+ ]);
};
}
diff --git a/home-manager/clone-repos.nix b/home-manager/clone-repos.nix
new file mode 100644
index 0000000..fcf96f7
--- /dev/null
+++ b/home-manager/clone-repos.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.home._repos;
+ # TODO MAKE OPTIONS
+ server = "https://git.tjkeller.xyz/";
+ src = "${config.xdg.userDirs.documents}/src";
+ dotConfig = config.xdg.configHome;
+ bin = "$HOME/.local/bin";
+ cloneMissing = repo: source: target: ''clonemissing "${repo}" "${source}" "${target}"'';
+in {
+ options.home._repos = {
+ enable = lib.mkEnableOption "clone git repos";
+ desktop = lib.mkEnableOption "clone repos that are for desktop use";
+ };
+
+ config = lib.mkIf cfg.enable {
+ # TODO look into xdg.configFile.<name>
+ home.activation = {
+ cloneRepos = lib.hm.dag.entryAfter ["writeBoundary"] (''
+ export PATH="${pkgs.git}/bin:$PATH"
+ ${builtins.readFile ./resources/activation-scripts/clone-repos.sh}
+ '' + lib.strings.concatStringsSep "\n" ([
+ (cloneMissing "${server}dotconfig" "${src}/config" dotConfig)
+ (cloneMissing "${server}nixos" "${src}/nixos" "")
+ (cloneMissing "${server}nvim" "${dotConfig}/nvim" "")
+ (cloneMissing "${server}zsh" "${dotConfig}/zsh" "")
+ ] ++ lib.optionals cfg.desktop [
+ (cloneMissing "${server}scripts" "${src}/scripts" bin)
+ (cloneMissing "${server}userscripts" "${src}/userscripts" "")
+ (cloneMissing "${server}awesome" "${dotConfig}/awesome" "")
+ ]));
+ linkZshProfile = lib.hm.dag.entryAfter ["writeBoundary"] ''
+ run ln -sf $VERBOSE_ARG ${dotConfig}/zsh/zprofile $HOME/.zprofile
+ '';
+ };
+ #home.file.Zprofile = {
+ # source = "${dotConfig}/zsh/zprofile";
+ # target = ".zprofile";
+ #};
+ };
+}
diff --git a/home-manager/default.nix b/home-manager/default.nix
new file mode 100644
index 0000000..c1a105f
--- /dev/null
+++ b/home-manager/default.nix
@@ -0,0 +1,19 @@
+{
+ imports = [
+ ./clone-repos.nix
+ ./firefox.nix
+ ./fontconfig.nix
+ ./home-cleanup.nix
+ ./htop.nix
+ ./mint-theme.nix
+ ./pcmanfm.nix
+ ./qt-gtk-theme.nix
+ ./redshift.nix
+ ./theme-st.nix
+ ./wallpapers.nix
+ ./xdg-mime.nix
+ ];
+
+ # Let Home Manager install and manage itself.
+ programs.home-manager.enable = true;
+}
diff --git a/home-manager/firefox.nix b/home-manager/firefox.nix
new file mode 100644
index 0000000..cca4a19
--- /dev/null
+++ b/home-manager/firefox.nix
@@ -0,0 +1,91 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.programs.firefox;
+ search = {
+ engines = {
+ "Timmy Search" = {
+ urls = [{
+ template = "https://search.tjkeller.xyz/search";
+ params = [ { name = "q"; value = "{searchTerms}"; } ];
+ }];
+ iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work
+ };
+ "Nix Packages" = {
+ urls = [{
+ template = "https://search.nixos.org/packages";
+ params = [ { name = "query"; value = "{searchTerms}"; } ];
+ }];
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@np" ];
+ };
+ "NixOS Options" = {
+ urls = [{
+ template = "https://search.nixos.org/options";
+ params = [ { name = "query"; value = "{searchTerms}"; } ];
+ }];
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@no" ];
+ };
+ };
+ default = "Timmy Search";
+ privateDefault = "Timmy Search";
+ force = true; # Overwrite old
+ };
+ userChrome = builtins.readFile ./resources/firefox/userChrome.css;
+ arkenfox = {
+ enable = true;
+ enableAllSections = true;
+ "0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session
+ "0100"."0103"."browser.startup.homepage".enable = false;
+ "0100"."0104"."browser.newtabpage.enabled".enable = false;
+ #"2800"."2811"."privacy.clearOnShutdown.history".enable = false;
+ };
+ settings = {
+ "browser.compactmode.show" = true;
+ "browser.uiCustomization.state" = builtins.readFile ./resources/firefox/uiCustomization.json; # Toolbar etc.
+ "browser.uidensity" = 1; # Compact
+ "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # userchrome
+
+ "app.normandy.first_run" = false;
+ "browser.aboutConfig.showWarning" = false; # arkenfox does
+ #"browser.download.dir" = userDetails.userDirs.downloads;
+ "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+ "browser.newtabpage.activity-stream.feeds.topsites" = false;
+ "browser.urlbar.suggest.topsites" = false;
+ "devtools.toolbox.host" = "window";
+ "dom.push.enabled" = false; #
+ "extensions.pocket.enabled" = false;
+ "general.smoothScroll" = false;
+ #"geo.provider.use_geoclue" = true;
+ };
+ workSettings = settings // {
+ "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme
+ };
+in {
+ options.programs.firefox = {
+ _configure = lib.mkEnableOption "configure firefox profiles";
+ };
+
+ config = lib.mkIf cfg._configure {
+ programs.firefox = {
+ enable = lib.mkDefault true;
+ arkenfox.enable = lib.mkDefault true;
+ profiles = {
+ Personal = {
+ id = 0;
+ isDefault = true;
+ inherit search;
+ inherit userChrome;
+ inherit arkenfox;
+ inherit settings;
+ };
+ Work = {
+ id = 1;
+ inherit search;
+ inherit userChrome;
+ inherit arkenfox;
+ settings = workSettings;
+ };
+ };
+ };
+ };
+}
diff --git a/home-manager/fontconfig.nix b/home-manager/fontconfig.nix
new file mode 100644
index 0000000..4473d1a
--- /dev/null
+++ b/home-manager/fontconfig.nix
@@ -0,0 +1,83 @@
+{ config, lib, ... }: let
+ cfg = config.fonts.fontconfig;
+ fcConfd = "fontconfig/conf.d";
+ fcResources = ./resources/fontconfig;
+
+ extraConfigFile = lib.types.submodule ({ name, ... }: {
+ options = {
+ enable = lib.mkEnableOption "Whether this font config file should be generated.";
+ text = lib.mkOption {
+ type = lib.types.nullOr lib.types.lines;
+ default = null;
+ description = "Verbatim contents of the config file. If this option is null then the 'source' option must be set.";
+ };
+ source = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ description = "Config file to source. Alternatively, use the 'text' option instead.";
+ };
+ label = lib.mkOption {
+ type = lib.types.str;
+ default = "name";
+ description = "Label to use for the name of the config file.";
+ };
+ priority = lib.mkOption {
+ type = lib.types.addCheck lib.types.int (x: x >= 0 && x <= 99);
+ default = 90;
+ description = ''
+ Determines the order in which configs are loaded.
+ Must be a value within the range of 0-99, where priority 0 is the highest priority and 99 is the lowest.
+ '';
+ };
+ };
+ config = {
+ label = lib.mkDefault name;
+ };
+ });
+in {
+ options.fonts.fontconfig = {
+ _extraConfigFiles = lib.mkOption {
+ type = lib.types.attrsOf extraConfigFile;
+ default = {};
+ description = ''
+ Extra font config files that will be added to `~/.config/fontconfig/conf.d/`.
+ Files are added as `conf.d/{priority}-{label}.conf`.
+ '';
+ example = ''
+ {
+ tamzen = {
+ enable = true;
+ label = "tamzen-disable-antialiasing";
+ text = tamzenFontConfig; # Pretend this is defined elsewhere
+ priority = 90;
+ }; # => conf.d/90-tamzen-disable-antialiasing.conf
+ commit-mono-options = {
+ enable = true;
+ source = ./resources/fontconfig/commit-mono.conf;
+ priority = 80;
+ }; # => conf.d/80-commit-mono-options.conf
+ };
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ fonts.fontconfig._extraConfigFiles = {
+ tamzen-disable-antialiasing = {
+ enable = true;
+ text = builtins.readFile ./resources/fontconfig/90-tamzen-disable-anti-aliasing.conf;
+ priority = 90;
+ };
+ commit-mono-options = {
+ enable = true;
+ source = ./resources/fontconfig/90-commit-mono-options.conf;
+ priority = 90;
+ };
+ };
+
+ xdg.configFile = lib.mapAttrs' (name: config:
+ lib.nameValuePair "${fcConfd}/${builtins.toString config.priority}-${config.label}.conf"
+ { inherit (config) text; source = lib.mkIf (config.source != null) config.source; }
+ ) cfg._extraConfigFiles;
+ };
+}
diff --git a/home-manager/home-cleanup.nix b/home-manager/home-cleanup.nix
new file mode 100644
index 0000000..0754d95
--- /dev/null
+++ b/home-manager/home-cleanup.nix
@@ -0,0 +1,21 @@
+{ config, lib, ... }: let
+ cacheHome = config.xdg.cacheHome;
+ configHome = config.xdg.configHome;
+ dataHome = config.xdg.dataHome;
+in {
+ # Gtk 2
+ # This file may be generated by home-manager, so this will need to be set
+ # so that it ends up in the correct location
+ gtk.gtk2.configLocation = "${configHome}/gtk-2.0/gtkrc";
+
+ # Npm
+ xdg.configFile.npmrc = {
+ enable = lib.mkDefault true;
+ text = ''
+ prefix=${dataHome}/npm
+ cache=${cacheHome}/npm
+ init-module=${dataHome}/npm/npm-init.js
+ '';
+ target = "npm/npmrc";
+ };
+}
diff --git a/home-manager/htop.nix b/home-manager/htop.nix
new file mode 100644
index 0000000..36ccbac
--- /dev/null
+++ b/home-manager/htop.nix
@@ -0,0 +1,46 @@
+{ config, lib, ... }: let
+ cfg = config.programs.htop;
+in {
+ options.programs.htop = {
+ _configure = lib.mkEnableOption "apply sensible defaults to htop";
+ };
+
+ config = lib.mkIf cfg._configure {
+ programs.htop.enable = lib.mkDefault true;
+ programs.htop.settings = {
+ fields = with config.lib.htop.fields; [
+ PID
+ USER
+ 124 # EXE
+ PERCENT_CPU
+ PERCENT_MEM
+ STARTTIME
+ ELAPSED # time elapsed since process start
+ IO_READ_RATE
+ RBYTES # num read bytes
+ IO_WRITE_RATE
+ WBYTES # num written bytes
+ TIME
+ STIME # sys time
+ CSTIME # child sys time
+ NICE
+ STATE
+ PRIORITY
+ 125 # CWD
+ ];
+ } // (with config.lib.htop; leftMeters [
+ (bar "AllCPUs2")
+ (bar "CPU")
+ (bar "Memory")
+ (bar "DiskIO")
+ (bar "NetworkIO")
+ ]) // (with config.lib.htop; rightMeters [
+ (text "Hostname")
+ (text "Clock")
+ (text "Uptime")
+ (text "Battery")
+ (text "LoadAverage")
+ (text "Tasks")
+ ]);
+ };
+}
diff --git a/home-manager/mint-theme.nix b/home-manager/mint-theme.nix
new file mode 100644
index 0000000..a77be6a
--- /dev/null
+++ b/home-manager/mint-theme.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+let
+ cfg = config.gtk._mintTheme; # gtk.theme type is null or submodule under the hood so gtk.theme._mint, etc. can't be used
+ transformColorValue = color: dark:
+ "Mint-Y" + lib.optionalString dark "-Dark"
+ + lib.optionalString (color != "Green") ("-" + color)
+ ;
+in {
+ options.gtk._mintTheme = {
+ enable = lib.mkEnableOption "enables mint theme";
+ color = lib.mkOption {
+ type = lib.types.enum [
+ "Aqua" "Blue" "Green" "Grey" "Orange"
+ "Pink" "Purple" "Red" "Sand" "Teal"
+ ];
+ default = "Green";
+ description = "mint-y theme color";
+ };
+ dark = lib.mkEnableOption "whether to use dark variant of mint theme";
+ icons.color = lib.mkOption {
+ type = lib.types.enum [
+ "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red"
+ "Sand" "Teal"
+ ];
+ default = "Aqua";
+ description = "mint-y icons color eg. 'Aqua' or 'Red'";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ gtk = {
+ enable = true;
+ theme = {
+ package = pkgs.mint-themes;
+ name = transformColorValue cfg.color cfg.dark;
+ };
+ iconTheme = {
+ package = pkgs.mint-y-icons;
+ name = transformColorValue cfg.icons.color false;
+ };
+ };
+ };
+}
diff --git a/home-manager/pcmanfm.nix b/home-manager/pcmanfm.nix
new file mode 100644
index 0000000..a99fb15
--- /dev/null
+++ b/home-manager/pcmanfm.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }: let
+ cfg = config.programs._pcmanfm.openAsRootOption;
+in {
+ options.programs._pcmanfm.openAsRootOption = {
+ enable = lib.mkEnableOption "enable 'open as root' option in pcmanfm right-click menu";
+ };
+
+ config = lib.mkIf cfg.enable {
+ home.file.pcmanfm-root = {
+ target = ".local/share/file-manager/actions/root.desktop";
+ # FIXME this action uses an absolute path pls fix
+ source = ./resources/pcmanfm/root.desktop;
+ };
+ };
+}
diff --git a/home-manager/qt-gtk-theme.nix b/home-manager/qt-gtk-theme.nix
new file mode 100644
index 0000000..2e53ccc
--- /dev/null
+++ b/home-manager/qt-gtk-theme.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+let
+ cfg = config.qt._gtkPlatformTheme;
+in {
+ options.qt._gtkPlatformTheme = {
+ enable = lib.mkEnableOption "use gtk theme in qt";
+ };
+
+ config = lib.mkIf cfg.enable {
+ qt = {
+ enable = lib.mkDefault true;
+ platformTheme.name = "gtk3";
+ };
+ };
+}
diff --git a/home-manager/redshift.nix b/home-manager/redshift.nix
new file mode 100644
index 0000000..4bae599
--- /dev/null
+++ b/home-manager/redshift.nix
@@ -0,0 +1,18 @@
+{ config, lib, ... }: let
+ cfg = config.services._redshift;
+in {
+ options.services._redshift = {
+ enable = lib.mkEnableOption "configure redshift";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.redshift = {
+ enable = true;
+ provider = lib.mkDefault "geoclue2";
+ temperature = {
+ day = lib.mkDefault 6500; # Redshift default, the hm module defaults to 5500
+ night = lib.mkDefault 3600;
+ };
+ };
+ };
+}
diff --git a/home-manager/resources/activation-scripts/clone-repos.sh b/home-manager/resources/activation-scripts/clone-repos.sh
new file mode 100644
index 0000000..adf8fd7
--- /dev/null
+++ b/home-manager/resources/activation-scripts/clone-repos.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+clonemissing() {
+ # pull and return if already existing
+ if [ -d "$2"/.git ]; then
+ run cd $VERBOSE_ARG "$2"
+ run git pull $VERBOSE_ARG || echo "$2: failed to pull from remote"
+ return
+ fi
+
+ # clone $1 to $2
+ run mkdir -p $VERBOSE_ARG "$2"
+ run git clone $VERBOSE_ARG "$1" "$2"
+
+ # link files to $3
+ [ -z "$3" ] && return
+ run mkdir -p $VERBOSE_ARG "$3"
+ run ln -sf $VERBOSE_ARG "$2"/* "$3"
+}
diff --git a/modules/home/resources/firefox/uiCustomization.json b/home-manager/resources/firefox/uiCustomization.json
index 339b716..339b716 100644
--- a/modules/home/resources/firefox/uiCustomization.json
+++ b/home-manager/resources/firefox/uiCustomization.json
diff --git a/modules/home/resources/firefox/userChrome.css b/home-manager/resources/firefox/userChrome.css
index de0e112..624ab26 100644
--- a/modules/home/resources/firefox/userChrome.css
+++ b/home-manager/resources/firefox/userChrome.css
@@ -14,6 +14,17 @@
background: var(--toolbar-field-border-color) !important;
}
+/* Change background color of bookmarks toolbar */
+#PersonalToolbar {
+ background: var(--toolbox-bgcolor) !important;
+}
+
+/* Adjust spacing of toolbar items */
+#PlacesToolbarItems {
+ gap: .35rem;
+ margin-block: .2rem;
+}
+
/* Fix vertical spacing of tabs */
#TabsToolbar {
margin-top: -1px;
diff --git a/home-manager/resources/fontconfig/90-commit-mono-options.conf b/home-manager/resources/fontconfig/90-commit-mono-options.conf
new file mode 100644
index 0000000..9c7373a
--- /dev/null
+++ b/home-manager/resources/fontconfig/90-commit-mono-options.conf
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+
+<fontconfig>
+ <description>Enable opentype features for CommitMono to make it match better with Inter as its monospace counterpart</description>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>CommitMono</string>
+ </test>
+ <edit name="fontfeatures" mode="append">
+ <string>ss03 on</string> <!-- smart case -->
+ <string>ss04 on</string> <!-- symbol spacing -->
+ <string>cv02 on</string> <!-- alt g -->
+ <string>cv06 on</string> <!-- alt 6 & 9 -->
+ </edit>
+ </match>
+</fontconfig>
diff --git a/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf b/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf
new file mode 100644
index 0000000..5bf94d7
--- /dev/null
+++ b/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+
+<fontconfig>
+ <description>Disable anti-aliasing for Tamzen since it is a bitmap font</description>
+ <match target="pattern">
+ <test name="family" compare="eq" qual="any">
+ <string>Tamzen</string>
+ </test>
+ <edit name="antialias" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
diff --git a/modules/home/resources/pcmanfm/root.desktop b/home-manager/resources/pcmanfm/root.desktop
index 4b4d263..4b4d263 100644
--- a/modules/home/resources/pcmanfm/root.desktop
+++ b/home-manager/resources/pcmanfm/root.desktop
diff --git a/home-manager/resources/xdg-mime/audio b/home-manager/resources/xdg-mime/audio
new file mode 100644
index 0000000..fd00b26
--- /dev/null
+++ b/home-manager/resources/xdg-mime/audio
@@ -0,0 +1,65 @@
+application/x-cue
+application/x-extension-m4a
+application/x-ogm-audio
+application/x-shorten
+audio/3gpp
+audio/3gpp2
+audio/AMR
+audio/aac
+audio/ac3
+audio/aiff
+audio/amr-wb
+audio/dv
+audio/eac3
+audio/flac
+audio/m3u
+audio/m4a
+audio/mp1
+audio/mp2
+audio/mp3
+audio/mp4
+audio/mpeg
+audio/mpeg2
+audio/mpeg3
+audio/mpegurl
+audio/mpg
+audio/musepack
+audio/ogg
+audio/opus
+audio/rn-mpeg
+audio/scpls
+audio/vnd.dolby.heaac.1
+audio/vnd.dolby.heaac.2
+audio/vnd.dts
+audio/vnd.dts.hd
+audio/vnd.rn-realaudio
+audio/vorbis
+audio/wav
+audio/webm
+audio/x-aac
+audio/x-adpcm
+audio/x-aiff
+audio/x-ape
+audio/x-m4a
+audio/x-matroska
+audio/x-mp1
+audio/x-mp2
+audio/x-mp3
+audio/x-mpegurl
+audio/x-mpg
+audio/x-ms-asf
+audio/x-ms-wma
+audio/x-musepack
+audio/x-pls
+audio/x-pn-au
+audio/x-pn-realaudio
+audio/x-pn-wav
+audio/x-pn-windows-pcm
+audio/x-realaudio
+audio/x-scpls
+audio/x-shorten
+audio/x-tta
+audio/x-vorbis
+audio/x-vorbis+ogg
+audio/x-wav
+audio/x-wavpack
diff --git a/home-manager/resources/xdg-mime/email b/home-manager/resources/xdg-mime/email
new file mode 100644
index 0000000..db65256
--- /dev/null
+++ b/home-manager/resources/xdg-mime/email
@@ -0,0 +1,6 @@
+application/mbox
+application/vnd.ms-outlook
+message/rfc822
+text/calendar
+x-scheme-handler/mailto
+x-scheme-handler/mid
diff --git a/home-manager/resources/xdg-mime/image b/home-manager/resources/xdg-mime/image
new file mode 100644
index 0000000..4401ebb
--- /dev/null
+++ b/home-manager/resources/xdg-mime/image
@@ -0,0 +1,14 @@
+image/bmp
+image/gif
+image/jpeg
+image/jpg
+image/png
+image/tiff
+image/x-bmp
+image/x-portable-anymap
+image/x-portable-bitmap
+image/x-portable-graymap
+image/x-tga
+image/x-xpixmap
+image/svg+xml
+image/svg+xml-compressed
diff --git a/home-manager/resources/xdg-mime/pdf b/home-manager/resources/xdg-mime/pdf
new file mode 100644
index 0000000..73bd5d0
--- /dev/null
+++ b/home-manager/resources/xdg-mime/pdf
@@ -0,0 +1,4 @@
+application/epub+zip
+application/oxps
+application/pdf
+application/x-fictionbook
diff --git a/home-manager/resources/xdg-mime/text b/home-manager/resources/xdg-mime/text
new file mode 100644
index 0000000..709cb57
--- /dev/null
+++ b/home-manager/resources/xdg-mime/text
@@ -0,0 +1,15 @@
+application/x-shellscript
+text/english
+text/plain
+text/x-c
+text/x-c++
+text/x-c++hdr
+text/x-c++src
+text/x-chdr
+text/x-csrc
+text/x-java
+text/x-makefile
+text/x-moc
+text/x-pascal
+text/x-tcl
+text/x-tex
diff --git a/home-manager/resources/xdg-mime/video b/home-manager/resources/xdg-mime/video
new file mode 100644
index 0000000..6a0839e
--- /dev/null
+++ b/home-manager/resources/xdg-mime/video
@@ -0,0 +1,55 @@
+application/mxf
+application/ogg
+application/sdp
+application/smil
+application/streamingmedia
+application/vnd.apple.mpegurl
+application/vnd.ms-asf
+application/vnd.rn-realmedia
+application/vnd.rn-realmedia-vbr
+application/x-extension-mp4
+application/x-matroska
+application/x-mpegurl
+application/x-ogg
+application/x-ogm
+application/x-ogm-video
+application/x-smil
+application/x-streamingmedia
+video/3gp
+video/3gpp
+video/3gpp2
+video/avi
+video/divx
+video/dv
+video/fli
+video/flv
+video/mkv
+video/mp2t
+video/mp4
+video/mp4v-es
+video/mpeg
+video/msvideo
+video/ogg
+video/quicktime
+video/vnd.divx
+video/vnd.mpegurl
+video/vnd.rn-realvideo
+video/webm
+video/x-avi
+video/x-flc
+video/x-flic
+video/x-flv
+video/x-m4v
+video/x-matroska
+video/x-mpeg2
+video/x-mpeg3
+video/x-ms-afs
+video/x-ms-asf
+video/x-ms-wmv
+video/x-ms-wmx
+video/x-ms-wvxvideo
+video/x-msvideo
+video/x-ogm
+video/x-ogm+ogg
+video/x-theora
+video/x-theora+ogg
diff --git a/home-manager/theme-st.nix b/home-manager/theme-st.nix
new file mode 100644
index 0000000..110c9d6
--- /dev/null
+++ b/home-manager/theme-st.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.programs._st;
+ toString = x: if lib.isBool x then (if x then "true" else "false") else builtins.toString x;
+ generateXftFontString = name: attrs:
+ name + lib.optionalString (attrs != {}) (
+ ":" + lib.concatStringsSep ":" (
+ lib.mapAttrsToList (key: value: "${key}=${toString value}") attrs
+ )
+ )
+ ;
+ themed-st = pkgs.st.overrideAttrs (old: {
+ buildInputs = old.buildInputs or [] ++ [ pkgs.makeWrapper ];
+ postInstall = old.postInstall or "" + ''
+ wrapProgram $out/bin/st \
+ --add-flags '-f"${generateXftFontString cfg.font.name cfg.font.attrs}"'
+ '';
+ });
+in {
+ options.programs._st = {
+ enable = lib.mkEnableOption "enables theming st with home manager";
+ font = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ example = "JetBrainsMonoNL Nerd Font Mono";
+ default = "monospace";
+ };
+ attrs = lib.mkOption {
+ type = lib.types.attrs;
+ default = {};
+ example = {
+ size = 12;
+ antialias = true;
+ autohint = true;
+ };
+ };
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ home.packages = [ themed-st ];
+ };
+}
diff --git a/home-manager/wallpapers.nix b/home-manager/wallpapers.nix
new file mode 100644
index 0000000..de64d76
--- /dev/null
+++ b/home-manager/wallpapers.nix
@@ -0,0 +1,17 @@
+{ lib, config, pkgs, ... }: let
+ cfg = config.programs._seasonalwallpaper.wallpapers;
+in {
+ options.programs._seasonalwallpaper.wallpapers = {
+ download = lib.mkEnableOption "enables all wallpapers";
+ };
+
+ config = lib.mkIf cfg.download {
+ home.file.wallpapers = {
+ target = ".local/share/wallpaper";
+ source = pkgs.fetchzip {
+ url = "https://tjkeller.xyz/permalinks/wallpapers.tar";
+ hash = "sha256-lhj9wUMZfd0XOrUtWY9HB64oXrS/EjsvsaJHzu4ucFg=";
+ };
+ };
+ };
+}
diff --git a/home-manager/xdg-mime.nix b/home-manager/xdg-mime.nix
new file mode 100644
index 0000000..420510f
--- /dev/null
+++ b/home-manager/xdg-mime.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.xdg.mimeApps._defaultCategoryApplications;
+
+ # Mime-type category files are stored here
+ mimeResources = ./resources/xdg-mime;
+
+ # Files present in mimeResources with newline separated mime-types
+ # Would be more fun to load these dynamically with builtins.readDir, but I will be disciplined
+ categories = [ "audio" "email" "image" "pdf" "text" "video" ];
+
+ # Dynamically generate categories
+ categoryApplications = (lib.genAttrs categories (category: lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ description = "set the default application used for ${category} files. omit '.desktop'";
+ }));
+
+ # Create list of mime-types from the category file
+ getCategoryMimeTypes = category: lib.filter (s: s != "") (lib.splitString "\n" (builtins.readFile "${mimeResources}/${category}"));
+
+ # Structure default applications for a specified category how home-manager expects
+ assignMimeTypes = applications: category: lib.map (mimetype:
+ { "${mimetype}" = lib.mkIf (applications != []) (lib.map (app: "${app}.desktop") applications); }
+ ) (getCategoryMimeTypes category);
+
+ # Combine all category applications
+ defaultApplications = lib.mkMerge (lib.flatten (
+ lib.map (category: assignMimeTypes cfg.categoryApplications.${category} category) categories
+ ));
+in {
+ options.xdg.mimeApps._defaultCategoryApplications = {
+ enable = lib.mkEnableOption "set default applications as defined in the resources dir";
+ inherit categoryApplications;
+ };
+
+ config = lib.mkIf cfg.enable {
+ xdg.mimeApps = {
+ enable = lib.mkDefault true;
+ inherit defaultApplications;
+ };
+ };
+}
diff --git a/hosts/T495/configuration.nix b/hosts/T495/configuration.nix
new file mode 100644
index 0000000..40c3489
--- /dev/null
+++ b/hosts/T495/configuration.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }: {
+ imports = [ ./wg.nix ];
+
+ # Setup bootloader
+ boot._loader.enable = true;
+
+ # Enable common options
+ _archetypes = {
+ # Use desktop profile
+ profiles.desktop = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ # Install software
+ collections = {
+ desktop = {
+ extraUtilities.enable = true;
+ cad.enable = true;
+ chromium.enable = true;
+ crypto.enable = true;
+ graphics.enable = true;
+ office.enable = true;
+ };
+ development = {
+ android.enable = true;
+ c.enable = true;
+ docker.enable = true;
+ lua.enable = true;
+ web = {
+ hugo = {
+ enable = true;
+ openFirewall = true;
+ };
+ node.enable = true;
+ };
+ };
+ bluetooth.enable = true;
+ };
+ };
+
+ # Enable user timmy
+ _users.timmy = {
+ enable = true;
+ autologin.enable = true;
+ nas = {
+ enable = true;
+ office.enable = true;
+ };
+ };
+
+ # Install spotify
+ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+ "spotify"
+ ];
+ environment.systemPackages = with pkgs; [
+ spotify
+ ];
+
+ # Use amdgpu driver for x11
+ services.xserver.videoDrivers = [ "amdgpu" ];
+
+ # Configure home
+ home-manager.users.timmy = {
+ gtk._mintTheme = {
+ dark = true;
+ color = "Purple";
+ icons.color = "Purple";
+ };
+ programs._st = {
+ enable = true;
+ font = {
+ name = "TamzenForPowerline";
+ attrs = {
+ pixelsize = 20;
+ };
+ };
+ };
+ programs._seasonalwallpaper.wallpapers.download = true;
+ };
+
+ system.stateVersion = "24.05";
+}
diff --git a/modules/hosts/T495/hardware-configuration.nix b/hosts/T495/hardware-configuration.nix
index 6258a83..6258a83 100644
--- a/modules/hosts/T495/hardware-configuration.nix
+++ b/hosts/T495/hardware-configuration.nix
diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/hosts/T495/resources/secrets/wg0.yaml
index 6df5ff6..6df5ff6 100644
--- a/modules/hosts/T495/resources/secrets/wg0.yaml
+++ b/hosts/T495/resources/secrets/wg0.yaml
diff --git a/modules/hosts/T495/wg.nix b/hosts/T495/wg.nix
index 3881b63..3881b63 100644
--- a/modules/hosts/T495/wg.nix
+++ b/hosts/T495/wg.nix
diff --git a/hosts/X230/configuration.nix b/hosts/X230/configuration.nix
new file mode 100644
index 0000000..af0ef25
--- /dev/null
+++ b/hosts/X230/configuration.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }: {
+ # Setup bootloader
+ boot._loader.enable = true;
+
+ # Enable common options
+ _archetypes = {
+ # Use desktop profile
+ profiles.desktop = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ # Install software
+ collections = {
+ desktop = {
+ crypto.enable = true;
+ graphics.enable = true;
+ office.enable = true;
+ };
+ };
+ # Setup user
+ users.primary = {
+ enable = true;
+ autologin.enable = true;
+ };
+ };
+
+ # Configure home
+ home-manager.users.timmy = {
+ gtk._mintTheme = {
+ dark = true;
+ color = "Teal";
+ icons.color = "Teal";
+ };
+ fonts.fontconfig.defaultFonts.monospace = [ "TamzenForPowerline" ];
+ gtk = {
+ font.name = "monospace";
+ font.size = 8;
+ cursorTheme.size = 24;
+ };
+ programs._st = {
+ enable = true;
+ font = {
+ name = "TamzenForPowerline";
+ attrs = {
+ pixelsize = 14;
+ };
+ };
+ };
+ };
+
+ system.stateVersion = "24.05";
+}
diff --git a/modules/hosts/T430/hardware-configuration.nix b/hosts/X230/hardware-configuration.nix
index 206a525..0791585 100644
--- a/modules/hosts/T430/hardware-configuration.nix
+++ b/hosts/X230/hardware-configuration.nix
@@ -8,14 +8,29 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
- { device = "/dev/disk/by-uuid/b991914b-3a4c-4248-9472-b5403729601a";
+ { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8";
fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/6019772f-4a1c-4abd-9c70-b1d71cc2de65";
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/72D4-F66A";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
diff --git a/hosts/flex-wg-router/configuration.nix b/hosts/flex-wg-router/configuration.nix
new file mode 100644
index 0000000..b09c3f0
--- /dev/null
+++ b/hosts/flex-wg-router/configuration.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }: {
+ # Setup bootloader
+ boot._loader.enable = true;
+
+ _archetypes = {
+ # Use headless profile
+ profiles.headless.enable = true;
+ # Install software
+ collections = {
+ development = {
+ docker.enable = true;
+ };
+ };
+ }
+
+ system.stateVersion = "25.05";
+}
diff --git a/hosts/flex-wg-router/hardware-configuration.nix b/hosts/flex-wg-router/hardware-configuration.nix
new file mode 100644
index 0000000..01cff6d
--- /dev/null
+++ b/hosts/flex-wg-router/hardware-configuration.nix
@@ -0,0 +1,45 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef";
+ fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/345A-436A";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/hp-envy-office/configuration.nix b/hosts/hp-envy-office/configuration.nix
new file mode 100644
index 0000000..02ca48d
--- /dev/null
+++ b/hosts/hp-envy-office/configuration.nix
@@ -0,0 +1,63 @@
+{ config, lib, pkgs, ... }: {
+ # Setup bootloader
+ boot._loader.enable = true;
+ boot.loader.timeout = 15; # Show for longer since it's usually skipped
+
+ # Enable common options
+ _archetypes = {
+ # Use desktop profile
+ profiles.desktop = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ # Install software
+ collections = {
+ desktop = {
+ extraUtilities.enable = true;
+ chromium.enable = true;
+ graphics.enable = true;
+ office.enable = true;
+ };
+ development = {
+ docker.enable = true;
+ web = {
+ node.enable = true;
+ };
+ };
+ virtualization.enable = true;
+ };
+ };
+
+ # Enable user timmy
+ _users.timmy = {
+ enable = true;
+ nas = {
+ enable = true;
+ office.enable = true;
+ office.automount = true;
+ };
+ };
+
+ # Disable suspend
+ systemd._suspend.disable = true;
+
+ # Use amdgpu driver for x11
+ services.xserver.videoDrivers = [ "amdgpu" ];
+
+ # Configure home
+ home-manager.users.timmy = {
+ gtk._mintTheme = {
+ dark = true;
+ color = "Green";
+ icons.color = "Green";
+ };
+ programs._seasonalwallpaper.wallpapers.download = true;
+
+ gtk.gtk3.bookmarks = [
+ "file:///home/timmy/docs/src/sites/admin Admin"
+ "file:///media/chexx/chexx cHEXx"
+ ];
+ };
+
+ system.stateVersion = "24.11";
+}
diff --git a/modules/hosts/hp-envy-office/hardware-configuration.nix b/hosts/hp-envy-office/hardware-configuration.nix
index 22a8c24..22a8c24 100644
--- a/modules/hosts/hp-envy-office/hardware-configuration.nix
+++ b/hosts/hp-envy-office/hardware-configuration.nix
diff --git a/hosts/libreX60/bios-flashing.nix b/hosts/libreX60/bios-flashing.nix
new file mode 100644
index 0000000..6117813
--- /dev/null
+++ b/hosts/libreX60/bios-flashing.nix
@@ -0,0 +1,8 @@
+# https://libreboot.org/docs/install/#thinkpad-t60x60x60tabletx60s
+
+{ pkgs, ... }: {
+ environment.systemPackages = [ pkgs.flashprog ];
+
+ boot.kernelParams = [ "iomem=relaxed" ];
+}
+
diff --git a/hosts/libreX60/configuration.nix b/hosts/libreX60/configuration.nix
new file mode 100644
index 0000000..2ebb333
--- /dev/null
+++ b/hosts/libreX60/configuration.nix
@@ -0,0 +1,63 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ./powertop-auto-tune.nix
+ # Uncomment this module and reboot to enable bios flashing
+ #./bios-flashing.nix
+ ];
+
+ # Use grub
+ boot._loader = {
+ enable = true;
+ loader = "grub";
+ mode = "bios";
+ grub.biosDevice = "/dev/sda";
+ };
+
+ # Use libre kernel
+ boot.kernelPackages = pkgs.linuxPackages-libre;
+
+ # Enable common options
+ _archetypes = {
+ # Use desktop profile
+ profiles.desktop = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ };
+
+ # Enable user timmy
+ _users.timmy = {
+ enable = true;
+ autologin.enable = true;
+ wifi.enable = true;
+ };
+
+ # i915 Gpu requires intel driver
+ services.xserver.videoDrivers = [ "intel" ];
+
+ # Configure home
+ home-manager.users.timmy = {
+ gtk._mintTheme = {
+ dark = true;
+ color = "Red";
+ icons.color = "Red";
+ };
+ fonts.fontconfig.defaultFonts.monospace = [ "TamzenForPowerline" ];
+ gtk = {
+ font.name = "monospace";
+ font.size = 8;
+ cursorTheme.size = 24;
+ };
+ programs._st = {
+ enable = true;
+ font = {
+ name = "TamzenForPowerline";
+ attrs = {
+ pixelsize = 14;
+ };
+ };
+ };
+ };
+
+ system.stateVersion = "24.11";
+}
diff --git a/hosts/libreX60/hardware-configuration.nix b/hosts/libreX60/hardware-configuration.nix
new file mode 100644
index 0000000..b0a7868
--- /dev/null
+++ b/hosts/libreX60/hardware-configuration.nix
@@ -0,0 +1,46 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e";
+ fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/F618-D6C2";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+ networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/libreX60/powertop-auto-tune.nix b/hosts/libreX60/powertop-auto-tune.nix
new file mode 100644
index 0000000..0eb9578
--- /dev/null
+++ b/hosts/libreX60/powertop-auto-tune.nix
@@ -0,0 +1,17 @@
+# https://en.wikibooks.org/wiki/Libreboot/ThinkPad_X60#Remove_High_Pitched_Whining_Noise
+# TLDR; running `powertop --auto-tune` is supposed to kill the high pitched noises produced by the X60
+
+{ pkgs, ... }: {
+ environment.systemPackages = [ pkgs.powertop ];
+
+ # Create systemd service
+ systemd.services.powertop-autotune = {
+ description = "Powertop Auto-Tune";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.powertop}/bin/powertop --auto-tune";
+ };
+ };
+}
diff --git a/hosts/optiplex/configuration.nix b/hosts/optiplex/configuration.nix
new file mode 100644
index 0000000..c6483d1
--- /dev/null
+++ b/hosts/optiplex/configuration.nix
@@ -0,0 +1,88 @@
+{ config, lib, pkgs, home-manager, ... }: {
+ # Setup bootloader
+ boot._loader.enable = true;
+
+ # Enable common options
+ _archetypes = {
+ # Use desktop profile
+ profiles.desktop = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ # Install software
+ collections = {
+ desktop = {
+ extraUtilities.enable = true;
+ cad.enable = true;
+ chromium.enable = true;
+ crypto.enable = true;
+ graphics.enable = true;
+ office.enable = true;
+ };
+ development = {
+ android.enable = true;
+ c.enable = true;
+ docker.enable = true;
+ lua.enable = true;
+ web = {
+ hugo = {
+ enable = true;
+ openFirewall = true;
+ };
+ node.enable = true;
+ };
+ };
+ };
+ };
+
+ # Enable user timmy
+ _users.timmy = {
+ enable = true;
+ autologin.enable = true;
+ nas = {
+ enable = true;
+ home.enable = true;
+ home.automount = true;
+ };
+ };
+
+ # Disable suspend
+ systemd._suspend.disable = true;
+
+ # Allow unfree for nvidia + others
+ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+ "nvidia-x11"
+ "nvidia-settings"
+ "spotify"
+ ];
+
+ # Install more software
+ environment.systemPackages = with pkgs; [
+ prismlauncher
+ spotify
+ #vintagestory
+ ];
+
+ # Use nvidia driver
+ services.xserver.videoDrivers = [ "nvidia" ];
+ hardware.nvidia = {
+ modesetting.enable = true; # Required
+ powerManagement.enable = false; # Can cause bugs
+ nvidiaSettings = true;
+ open = false; # Not compatible w/ GTX-1050
+ package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050
+ forceFullCompositionPipeline = true; # Enables vsync
+ };
+
+ # Configure home
+ home-manager.users.timmy = {
+ gtk._mintTheme = {
+ dark = true;
+ color = "Green";
+ icons.color = "Green";
+ };
+ programs._seasonalwallpaper.wallpapers.download = true;
+ };
+
+ system.stateVersion = "24.11";
+}
diff --git a/modules/hosts/optiplex/hardware-configuration.nix b/hosts/optiplex/hardware-configuration.nix
index 3d9651e..3d9651e 100644
--- a/modules/hosts/optiplex/hardware-configuration.nix
+++ b/hosts/optiplex/hardware-configuration.nix
diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix
new file mode 100644
index 0000000..08e392d
--- /dev/null
+++ b/hosts/poweredge/configuration.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }: {
+ imports = [ ./hardware-configuration.nix ];
+
+ # ZFS bootloader
+ bootloader.loader = "grub";
+ bootloader.mode = "efi";
+ boot.loader.grub = {
+ zfsSupport = true;
+ efiInstallAsRemovable = true;
+ mirroredBoots = [
+ { devices = [ "nodev" ]; path = "/boot"; }
+ ];
+ };
+
+ # Disable suspend
+ suspend.enable = false;
+
+ system.stateVersion = "25.05";
+}
diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..01801a2
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,3 @@
+{
+ _mkProfileArchetype = import ./mkprofile.nix;
+}
diff --git a/lib/mkprofile.nix b/lib/mkprofile.nix
new file mode 100644
index 0000000..ec851de
--- /dev/null
+++ b/lib/mkprofile.nix
@@ -0,0 +1,22 @@
+profileName: nixosConfig: homeConfig: { config, lib, ... }: let
+ cfg = config._archetypes.profiles.${profileName};
+ enabledUsers = lib.filterAttrs (user: userCfg: userCfg.enable) cfg.home.users;
+ homeConfigs = {
+ home-manager.users = lib.mapAttrs (user: userCfg: homeConfig) enabledUsers;
+ };
+in {
+ options._archetypes.profiles.${profileName} = {
+ enable = lib.mkEnableOption "enable nixos profile ${profileName}";
+ home.users = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ enable = lib.mkEnableOption "home-manager profile ${profileName} for user";
+ };
+ });
+ default = {};
+ description = "enable home-manager profile ${profileName} for user the specified user";
+ };
+ };
+
+ config = lib.mkIf cfg.enable (lib.mkMerge [ nixosConfig homeConfigs ]);
+}
diff --git a/modules/home/alacritty.nix b/modules/home/alacritty.nix
deleted file mode 100644
index f60fe01..0000000
--- a/modules/home/alacritty.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, ... }: {
- options = {
- alacritty = {
- enable = lib.mkEnableOption "enables creation of alacritty config file";
- font.size = lib.mkOption {
- type = lib.types.int;
- default = 12;
- };
- font.family = lib.mkOption {
- type = lib.types.str;
- default = "JetBrainsMonoNL Nerd Font Mono";
- };
- };
- };
-
- config = {
- programs.alacritty.enable = config.alacritty.enable;
- programs.alacritty.settings = lib.mkIf config.alacritty.enable {
- colors = {
- bright = {
- black = "#7f7f7f";
- blue = "#1578c1";
- cyan = "#00c4a3";
- green = "#2bb500";
- magenta = "#b14ff7";
- red = "#ed1207";
- white = "#ffffff";
- yellow = "#fc9700";
- };
- normal = {
- black = "#101010";
- blue = "#1578c1";
- cyan = "#00c4a3";
- green = "#2bb500";
- magenta = "#b14ff7";
- red = "#ed1207";
- white = "#ffffff";
- yellow = "#fc9700";
- };
- primary = {
- background = "#101010";
- foreground = "#ffffff";
- };
- };
- cursor.style.blinking = "Never";
- env.TERM = "xterm-256color";
- font = {
- size = config.alacritty.font.size;
- normal.family = config.alacritty.font.family;
- };
- mouse.bindings = [{
- action = "PasteSelection";
- mouse = "Right";
- }];
- window = {
- dynamic_padding = true;
- dynamic_title = true;
- title = "Terminal";
- # Pretend to be st
- class = {
- general = "st";
- instance = "st";
- };
- };
- };
- };
-}
diff --git a/modules/home/chrome.nix b/modules/home/chrome.nix
deleted file mode 100644
index 976a74b..0000000
--- a/modules/home/chrome.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ pkgs, lib, ... }: {
- programs.chromium = {
- enable = true;
- package = pkgs.ungoogled-chromium;
- };
- programs.chromium.extensions =
- let
- createChromiumExtensionFor = browserVersion: { id, sha256, version }:
- {
- inherit id;
- crxPath = builtins.fetchurl {
- url = "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=${browserVersion}&x=id%3D${id}%26installsource%3Dondemand%26uc";
- name = "${id}.crx";
- inherit sha256;
- };
- inherit version;
- };
- createChromiumExtension = createChromiumExtensionFor (lib.versions.major pkgs.ungoogled-chromium.version);
- in
- [
- (createChromiumExtension {
- # ublock origin
- id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
- sha256 = "sha256:1i0668xhq5iflb4fn0ghwp79iz6mwspgxdqwp6incbvsyzr596kg";
- version = "1.61.0";
- })
- ];
-}
diff --git a/modules/home/default.nix b/modules/home/default.nix
deleted file mode 100644
index b44f360..0000000
--- a/modules/home/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ lib, userDetails, ... }: {
- home = {
- username = userDetails.username;
- homeDirectory = userDetails.home.root;
- stateVersion = "24.05";
- };
-
- imports = [
- ./alacritty.nix
- #./chrome.nix
- ./firefox.nix
- ./git.nix
- ./gtk-bookmarks.nix
- ./htop.nix
- ./initial-home-setup.nix
- ./pcmanfm.nix # TODO mk name changeable & doesn't seem to work right now
- ./theme.nix
- ./wallpapers.nix
- ];
-
- alacritty.enable = lib.mkDefault true;
- theme.mint.enable = lib.mkDefault true;
- wallpapers.enable = lib.mkDefault false;
-}
diff --git a/modules/home/firefox.nix b/modules/home/firefox.nix
deleted file mode 100644
index 5e015ff..0000000
--- a/modules/home/firefox.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{ pkgs, userDetails, ... }: {
- programs.firefox = {
- # TODO see if there is way to login to moz account in profile
- enable = true;
- arkenfox = {
- enable = true;
- };
- profiles = let
- search = {
- engines = {
- "Timmy Search" = {
- urls = [{ template = "https://search.tjkeller.xyz/search?q={searchTerms}"; }]; # Don't know how to do w/ POST but I prefer GET anyways
- iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work
- };
- "Nix Packages" = {
- urls = [{
- template = "https://search.nixos.org/packages";
- params = [
- { name = "type"; value = "packages"; }
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@np" ];
- };
- };
- default = "Timmy Search";
- privateDefault = "Timmy Search";
- force = true; # Overwrite old
- };
- userChrome = builtins.readFile ./resources/firefox/userChrome.css;
- arkenfox = {
- enable = true;
- enableAllSections = true;
- "0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session
- "0100"."0103"."browser.startup.homepage".enable = false;
- "0100"."0104"."browser.newtabpage.enabled".enable = false;
- "2800"."2811"."privacy.clearOnShutdown.history".enable = false;
- };
- settings = {
- "browser.compactmode.show" = true;
- "browser.uiCustomization.state" = builtins.readFile ./resources/firefox/uiCustomization.json; # Toolbar etc.
- "browser.uidensity" = 1; # Compact
- "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # userchrome
-
- "app.normandy.first_run" = false;
- "browser.aboutConfig.showWarning" = false; # arkenfox does
- "browser.download.dir" = userDetails.home.downloads; # FF will create this dir if it doesn't exist
- "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
- "browser.newtabpage.activity-stream.feeds.topsites" = false;
- "browser.urlbar.suggest.topsites" = false;
- "devtools.toolbox.host" = "window";
- "dom.push.enabled" = false; #
- "extensions.pocket.enabled" = false;
- "general.smoothScroll" = false;
- #identity.fxaccounts.account.device.name = "timmy’s Firefox on nixos"; # HOSTNAME
- };
- workSettings = settings // {
- "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme
- };
- in {
- Personal = {
- id = 0;
- isDefault = true;
- inherit search;
- inherit userChrome;
- inherit arkenfox;
- inherit settings;
- };
- Work = {
- id = 1;
- inherit search;
- inherit userChrome;
- inherit arkenfox;
- settings = workSettings;
- };
- };
- };
-}
diff --git a/modules/home/git.nix b/modules/home/git.nix
deleted file mode 100644
index 9d15a90..0000000
--- a/modules/home/git.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ userDetails, ... }: {
- programs.git = {
- enable = true;
- userName = userDetails.fullname;
- userEmail = userDetails.email;
- };
-}
diff --git a/modules/home/gtk-bookmarks.nix b/modules/home/gtk-bookmarks.nix
deleted file mode 100644
index 067543d..0000000
--- a/modules/home/gtk-bookmarks.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, userDetails, ... }: {
- options = {
- additional-gtk-bookmarks = lib.mkOption {
- type = with lib.types; listOf str;
- default = [];
- description = "gtk bookmarks for file managers, etc.";
- };
- };
-
- config = {
- gtk.gtk3.bookmarks = with userDetails; [
- "file://${home.downloads} Downloads"
- "file://${home.documents} Documents"
- "file://${home.pictures} Pictures"
- ] ++ config.additional-gtk-bookmarks;
- };
-}
diff --git a/modules/home/htop.nix b/modules/home/htop.nix
deleted file mode 100644
index 523fee8..0000000
--- a/modules/home/htop.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, ... }: {
- programs.htop.enable = true;
- programs.htop.settings = {
- fields = with config.lib.htop.fields; [
- PID
- USER
- 124 # EXE
- PERCENT_CPU
- PERCENT_MEM
- STARTTIME
- ELAPSED # time elapsed since process start
- IO_READ_RATE
- RBYTES # num read bytes
- IO_WRITE_RATE
- WBYTES # num written bytes
- TIME
- STIME # sys time
- CSTIME # child sys time
- NICE
- STATE
- PRIORITY
- 125 # CWD
- ];
- } // (with config.lib.htop; leftMeters [
- (bar "AllCPUs2")
- (bar "CPU")
- (bar "Memory")
- (bar "DiskIO")
- (bar "NetworkIO")
- ]) // (with config.lib.htop; rightMeters [
- (text "Hostname")
- (text "Clock")
- (text "Uptime")
- (text "Battery")
- (text "LoadAverage")
- (text "Tasks")
- ]);
-}
diff --git a/modules/home/initial-home-setup.nix b/modules/home/initial-home-setup.nix
deleted file mode 100644
index 046f5a5..0000000
--- a/modules/home/initial-home-setup.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, userDetails, ... }: {
- home.activation = {
- cloneRepos = lib.hm.dag.entryAfter ["writeBoundary"] ''
- export PATH="${config.home.path}/bin:$PATH"
- ${builtins.readFile ./resources/activation-scripts/clone-repos.sh}
- '';
- linkZshProfile = lib.hm.dag.entryAfter ["writeBoundary"] ''
- run ln -sf $VERBOSE_ARG $HOME/.config/zsh/zprofile $HOME/.zprofile
- '';
- cleanupHome = lib.hm.dag.entryAfter ["writeBoundary"] ''
- run rm -f $VERBOSE_ARG $HOME/{.zcompdump,.zshrc,.zsh_history,.bash_history}
- '';
- mimewiz = lib.hm.dag.entryAfter ["writeBoundary"] ''
- export PATH="${pkgs.xdg-utils}/bin:$PATH"
- export PATH="$HOME/.local/bin/misc:$PATH"
- run mimewiz -i # already verbose
- '';
- createDirs = lib.hm.dag.entryAfter ["writeBoundary"] ''
- run mkdir -p $VERBOSE_ARG "${userDetails.home.downloads}"
- '';
- };
-}
diff --git a/modules/home/pcmanfm.nix b/modules/home/pcmanfm.nix
deleted file mode 100644
index 3c70521..0000000
--- a/modules/home/pcmanfm.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- home.file.pcmanfm-root = {
- target = ".local/share/file-manager/actions/root.desktop";
- source = ./resources/pcmanfm/root.desktop;
- };
-}
diff --git a/modules/home/resources/activation-scripts/clone-repos.sh b/modules/home/resources/activation-scripts/clone-repos.sh
deleted file mode 100644
index 887968b..0000000
--- a/modules/home/resources/activation-scripts/clone-repos.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-server="https://git.tjkeller.xyz/"
-
-clonemissing() {
- # clone to $2
- [ -d "$2"/.git ] && return
- run mkdir -p $VERBOSE_ARG "$2"
- run git clone $VERBOSE_ARG "$server$1" "$2"
-
- # link to $3
- [ -z "$3" ] && return
- run mkdir -p $VERBOSE_ARG "$3"
- run ln -sf $VERBOSE_ARG "$2"/* "$3"
-}
-
-# # repo # clone to # link to
-clonemissing scripts $HOME/docs/src/scripts $HOME/.local/bin
-clonemissing dotconfig $HOME/docs/src/config $HOME/.config
-clonemissing userscripts $HOME/docs/src/userscripts ''
-clonemissing nixos $HOME/docs/src/nixos ''
-clonemissing awesome $HOME/.config/awesome ''
-clonemissing nvim $HOME/.config/nvim ''
-clonemissing zsh $HOME/.config/zsh ''
diff --git a/modules/home/theme.nix b/modules/home/theme.nix
deleted file mode 100644
index a1c4f9b..0000000
--- a/modules/home/theme.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- transformColorValue = color :
- if color == "Green" then "Mint-Y"
- else if color == "Dark-Green" then "Mint-Y-Dark"
- else "Mint-Y-${color}"
- ;
-in {
- options = {
- theme.mint = {
- enable = lib.mkEnableOption "enables mint theme";
- # TODO add theme.dark option instead of specifying Dark-Color
- theme.color = lib.mkOption {
- type = lib.types.enum [
- "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red"
- "Sand" "Teal" "Dark-Aqua" "Dark-Blue" "Dark-Green"
- "Dark-Grey" "Dark-Orange" "Dark-Pink" "Dark-Purple"
- "Dark-Red" "Dark-Sand" "Dark-Teal"
- ];
- default = "Dark-Aqua";
- description = "mint-y theme color eg. 'Dark-Aqua' or 'Red'";
- };
- icons.color = lib.mkOption {
- type = lib.types.enum [
- "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red"
- "Sand" "Teal"
- ];
- default = "Aqua";
- description = "mint-y icons color eg. 'Aqua' or 'Red'";
- };
- };
- theme.font = {
- sansSerif = lib.mkOption {
- type = lib.types.str;
- default = "Inter";
- description = "default sans serif font";
- };
- monospace = lib.mkOption {
- type = lib.types.str;
- default = "CommitMono";
- description = "default monospace font";
- };
- };
- };
-
- config = {
- gtk = {
- enable = true;
- theme = lib.mkIf config.theme.mint.enable {
- package = pkgs.mint-themes;
- name = transformColorValue config.theme.mint.theme.color;
- };
- iconTheme = lib.mkIf config.theme.mint.enable {
- package = pkgs.mint-y-icons;
- name = transformColorValue config.theme.mint.icons.color;
- };
- font = {
- name = config.theme.font.sansSerif;
- };
- cursorTheme = {
- name = "Adwaita";
- };
- gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
- };
- qt = {
- enable = true;
- platformTheme.name = "gtk3";
- };
- fonts.fontconfig.defaultFonts = {
- sansSerif = [ config.theme.font.sansSerif ];
- monospace = [ config.theme.font.monospace ];
- };
- };
-}
diff --git a/modules/home/wallpapers.nix b/modules/home/wallpapers.nix
deleted file mode 100644
index d7e067a..0000000
--- a/modules/home/wallpapers.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ lib, config, pkgs, ... }: {
- options = {
- wallpapers.enable = lib.mkEnableOption "enables all wallpapers";
- };
-
- config = lib.mkIf config.wallpapers.enable {
- home.file.".local/share/wallpaper" = {
- source = pkgs.fetchzip {
- url = "https://tjkeller.xyz/permalinks/wallpapers.tar";
- hash = "sha256-lhj9wUMZfd0XOrUtWY9HB64oXrS/EjsvsaJHzu4ucFg=";
- };
- };
- };
-}
diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix
deleted file mode 100644
index 282515d..0000000
--- a/modules/hosts/T430/configuration.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, lib, pkgs, ... }: {
- imports = [ ./hardware-configuration.nix ];
- networking.hostName = "T430";
-
- # TODO this does not function
- #boot.initrd.systemd.extraBin = {
- # sh = "${pkgs.dash}/bin/dash";
- # vim = "${pkgs.neovim}/bin/nvim";
- #};
-
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
- system.stateVersion = "24.05";
-}
diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix
deleted file mode 100644
index 9885a06..0000000
--- a/modules/hosts/T430/home.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ ... }: {
- imports = [ ../../home ];
-
- alacritty.font.size = 9;
- wallpapers.enable = true;
-}
diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix
deleted file mode 100644
index 526b7bb..0000000
--- a/modules/hosts/T495/configuration.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }: {
- imports = [
- ./hardware-configuration.nix
- ./games.nix
- ./input-leap.nix
- ./wg.nix
- ];
- networking.hostName = "T495";
-
- bootloader.mode = "efi";
-
- # Enable extra software pkgs
- software.desktop = {
- chromium.enable = true;
- cad.enable = true;
- crypto.enable = true;
- graphics.enable = true;
- office.enable = true;
- utilities.enable = true;
- };
- software.development = {
- docker.enable = true;
- };
-
- # Enable network drives
- nas.enable = true;
- nas.office.enable = true;
- nas.office.automount = false;
-
- networking.hosts = {
- "192.168.77.3" = [ "devel" ];
- };
-
- # Use amdgpu driver for x11
- services.xserver.videoDrivers = [ "amdgpu" ];
-
- # Enable bluetooth
- bluetooth.enable = true;
-
- system.stateVersion = "24.05";
-}
diff --git a/modules/hosts/T495/games.nix b/modules/hosts/T495/games.nix
deleted file mode 100644
index 419d854..0000000
--- a/modules/hosts/T495/games.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs, ... }: {
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- #vintagestory
- prismlauncher
- ];
-}
diff --git a/modules/hosts/T495/home.nix b/modules/hosts/T495/home.nix
deleted file mode 100644
index 817b0c0..0000000
--- a/modules/hosts/T495/home.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }: {
- imports = [ ../../home ];
-
- theme.mint.theme.color = "Dark-Purple";
- theme.mint.icons.color = "Purple";
- wallpapers.enable = true;
-
- home.file.input-leap-config = {
- source = ./resources/input-leap;
- recursive = true;
- target = "./.config/input-leap";
- };
-}
diff --git a/modules/hosts/T495/input-leap.nix b/modules/hosts/T495/input-leap.nix
deleted file mode 100644
index cf6d018..0000000
--- a/modules/hosts/T495/input-leap.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, ... }: {
- environment.systemPackages = with pkgs; [
- input-leap
- ];
-
- networking.firewall = {
- allowedTCPPorts = [
- 24800 # input-leaps
- ];
- };
-}
diff --git a/modules/hosts/T495/resources/input-leap/input-leap.conf b/modules/hosts/T495/resources/input-leap/input-leap.conf
deleted file mode 100644
index c2d5176..0000000
--- a/modules/hosts/T495/resources/input-leap/input-leap.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-section: screens
- T495:
- optiplex:
-end
-
-section: links
- T495:
- up = optiplex
-
- optiplex:
- down = T495
-end
diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix
deleted file mode 100644
index 9a7a43a..0000000
--- a/modules/hosts/hp-envy-office/configuration.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }: {
- imports = [
- ./hardware-configuration.nix
- ];
- networking.hostName = "hp-envy-office";
-
- # Enable extra software pkgs
- software.desktop = {
- chromium.enable = true;
- cad.enable = false;
- crypto.enable = false;
- graphics.enable = true;
- office.enable = true;
- utilities.enable = true;
- };
- software.development = {
- docker.enable = true;
- };
-
- # Enable network drives
- nas.enable = true;
- nas.office.enable = true;
- nas.home.enable = false;
-
- networking.hosts = {
- "192.168.77.3" = [ "devel" ];
- };
-
- # Use amdgpu driver for x11
- services.xserver.videoDrivers = [ "amdgpu" ];
-
- # Enable bluetooth
- bluetooth.enable = true;
-
- # Disable autologin
- autologin.enable = false;
-
- system.stateVersion = "24.11";
-}
diff --git a/modules/hosts/hp-envy-office/home.nix b/modules/hosts/hp-envy-office/home.nix
deleted file mode 100644
index ed02130..0000000
--- a/modules/hosts/hp-envy-office/home.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ userDetails, ... }: {
- imports = [ ../../home ];
-
- theme.mint.theme.color = "Dark-Green";
- theme.mint.icons.color = "Green";
- wallpapers.enable = true;
-
- additional-gtk-bookmarks = with userDetails; [
- "file://${home.documents}/src/sites/admin Admin"
- "file:///media/chexx/chexx cHEXx"
- ];
-}
diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix
deleted file mode 100644
index 942793d..0000000
--- a/modules/hosts/libreX60/configuration.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }: {
- imports = [ ./hardware-configuration.nix ];
- networking.hostName = "libreX60";
-
- # Enable extra software pkgs
- software.desktop = {
- office.enable = true;
- };
-
- # Enable network drives
- nas.enable = true;
-
- system.stateVersion = "24.11";
-}
diff --git a/modules/hosts/libreX60/home.nix b/modules/hosts/libreX60/home.nix
deleted file mode 100644
index 453bfd6..0000000
--- a/modules/hosts/libreX60/home.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }: {
- imports = [ ../../home ];
-
- theme.mint.theme.color = "Dark-Red";
- theme.mint.icons.color = "Red";
- theme.font.sansSerif = "Tamzen";
- theme.font.monospace = "Tamzen";
-}
diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix
deleted file mode 100644
index cbde612..0000000
--- a/modules/hosts/optiplex/configuration.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, lib, pkgs, ... }: {
- imports = [
- ./hardware-configuration.nix
- ];
- networking.hostName = "optiplex";
-
- bootloader.mode = "efi";
-
- # Allow unfree for nvidia + others
- nixpkgs.config.allowUnfree = true;
-
- # Enable extra software pkgs
- software.desktop = {
- chromium.enable = true;
- cad.enable = true;
- crypto.enable = true;
- graphics.enable = true;
- office.enable = true;
- utilities.enable = true;
- };
-
- # Install more programs
- environment.systemPackages = with pkgs; [
- prismlauncher
- spotify
- #vintagestory
- ];
-
- # Enable network drives
- nas.enable = true;
-
- # Disable wifi
- wifi.enable = false;
-
- networking.hosts = {
- "192.168.77.3" = [ "devel" ];
- };
-
- # Use nvidia driver
- services.xserver.videoDrivers = [ "nvidia" ];
- hardware.nvidia = {
- modesetting.enable = true; # Required
- powerManagement.enable = false; # Can cause bugs
- nvidiaSettings = true;
- open = false; # Not compatible w/ GTX-1050
- package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050
- };
-
- system.stateVersion = "24.11";
-}
diff --git a/modules/hosts/optiplex/home.nix b/modules/hosts/optiplex/home.nix
deleted file mode 100644
index ee56dc6..0000000
--- a/modules/hosts/optiplex/home.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ ... }: {
- imports = [ ../../home ];
-
- theme.mint.theme.color = "Dark-Green";
- theme.mint.icons.color = "Green";
- wallpapers.enable = true;
-}
diff --git a/modules/root/autologin.nix b/modules/root/autologin.nix
deleted file mode 100644
index 6e66160..0000000
--- a/modules/root/autologin.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ lib, config, userDetails, ... }: {
- options = {
- autologin.enable = lib.mkEnableOption "enables getty automatic login";
- #autologin.user = lib.mkEnableOption "populate username";
- #autologin.password = lib.mkEnableOption "populate password";
- };
-
- config = lib.mkIf config.autologin.enable {
- services.getty = {
- autologinUser = userDetails.username;
- };
- };
-}
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix
deleted file mode 100644
index d55eade..0000000
--- a/modules/root/bluetooth.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, ... }: {
- options = {
- bluetooth.enable = lib.mkEnableOption "enables bluetooth support";
- };
-
- config = {
- hardware.bluetooth.enable = true;
- services.blueman.enable = true;
- };
-}
diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix
deleted file mode 100644
index 0a45264..0000000
--- a/modules/root/bootloader.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ lib, config, ... }: {
- options = {
- bootloader.loader = lib.mkOption {
- type = lib.types.enum [ "grub" "systemd-boot" ];
- default = "systemd-boot";
- description = "whether to install grub or systemd-boot as the bootloader";
- };
- bootloader.mode = lib.mkOption {
- type = lib.types.enum [ "efi" "bios" ];
- default = "efi";
- description = "whether to install the bootloader in efi or bios mode";
- };
- bootloader.grub = {
- biosDevice = lib.mkOption {
- type = lib.types.str;
- description = "device to install grub on";
- };
- };
- bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader";
- };
-
- config = {
- boot.loader = {
- grub = {
- enable = config.bootloader.loader == "grub";
- efiSupport = config.bootloader.mode == "efi";
- efiInstallAsRemovable = config.bootloader.mode == "efi";
- device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev";
- enableCryptodisk = true;
- memtest86.enable = config.bootloader.memtest86.enable;
- };
- systemd-boot = {
- enable = config.bootloader.loader == "systemd-boot";
- editor = false;
- memtest86.enable = config.bootloader.memtest86.enable;
- };
- efi = lib.mkIf (config.bootloader.mode == "efi") {
- efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi";
- canTouchEfiVariables = true;
- };
- };
- };
-}
diff --git a/modules/root/default.nix b/modules/root/default.nix
deleted file mode 100644
index e108318..0000000
--- a/modules/root/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ lib, ... }: {
- imports = [
- ./software
- ./autologin.nix
- ./bluetooth.nix
- ./bootloader.nix
- ./doas.nix
- ./fonts.nix
- ./home-manager.nix
- ./hosts.nix
- ./localization.nix
- ./nas.nix
- ./nix.nix
- ./normaluser.nix
- ./pipewire.nix
- ./powerkeys.nix
- ./printing.nix
- ./secrets.nix
- ./ssh.nix
- ./tlp.nix
- ./wifi.nix
- ./x11.nix
- ./zsh.nix
- ];
-
- autologin.enable = lib.mkDefault true;
- avahi.enable = lib.mkDefault true;
- bluetooth.enable = lib.mkDefault false;
- doas.enable = lib.mkDefault true;
- fonts.enable = lib.mkDefault true;
- nas = {
- enable = lib.mkDefault false;
- home.enable = lib.mkDefault true;
- home.automount = lib.mkDefault false;
- office.enable = lib.mkDefault false;
- office.automount = lib.mkDefault false;
- };
- bootloader = {
- mode = lib.mkDefault "bios";
- memtest86.enable = lib.mkDefault true;
- };
- home-manager.enable = lib.mkDefault true;
- pipewire.enable = lib.mkDefault true;
- printing.enable = lib.mkDefault true;
- tlp.enable = lib.mkDefault true;
- scanning.enable = lib.mkDefault true;
- wifi.enable = lib.mkDefault true;
- xserver.enable = lib.mkDefault true;
- zsh.enable = lib.mkDefault true;
-}
diff --git a/modules/root/doas.nix b/modules/root/doas.nix
deleted file mode 100644
index c6707ce..0000000
--- a/modules/root/doas.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ lib, config, ... }: {
- options = {
- doas.enable = lib.mkEnableOption "enables doas";
- sudo.enable = lib.mkEnableOption "enables sudo";
- };
-
- config = {
- security = {
- #sudo.enable = config.sudo.enable;
- sudo.enable = true; # TODO remove once can be built from flake w git
- sudo.wheelNeedsPassword = false;
- doas.enable = config.doas.enable;
- doas.extraRules = lib.mkIf config.doas.enable [{
- keepEnv = true;
- }];
- doas.wheelNeedsPassword = false;
- };
- };
-}
diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix
deleted file mode 100644
index 3ae8eef..0000000
--- a/modules/root/fonts.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ pkgs, lib, config, ... }: {
- options = {
- fonts.enable = lib.mkEnableOption "enables fonts";
- };
-
- config = lib.mkIf config.fonts.enable {
- fonts.packages = with pkgs; [
- commit-mono
- inter
- tamzen
- (nerdfonts.override {
- fonts = [ "JetBrainsMono" ];
- })
- ];
- };
-}
diff --git a/modules/root/home-manager.nix b/modules/root/home-manager.nix
deleted file mode 100644
index d271523..0000000
--- a/modules/root/home-manager.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, lib, config, ... }: {
- options = {
- home-manager.enable = lib.mkEnableOption "enables home-manager";
- };
-
- config = lib.mkIf config.home-manager.enable {
- environment.systemPackages = with pkgs; [
- home-manager
- ];
- };
-}
diff --git a/modules/root/localization.nix b/modules/root/localization.nix
deleted file mode 100644
index 8313f07..0000000
--- a/modules/root/localization.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- time.timeZone = "America/Chicago";
- i18n.defaultLocale = "en_US.UTF-8";
- services.xserver.xkb.layout = "us";
-}
diff --git a/modules/root/nas.nix b/modules/root/nas.nix
deleted file mode 100644
index 0116ba3..0000000
--- a/modules/root/nas.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ lib, config, ... } :
-let
- mkNetworkFileSystem = device: automount: {
- device = "${device}";
- fsType = "nfs";
- options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ];
- };
-in {
- options = {
- nas = {
- enable = lib.mkEnableOption "enable network shares";
- home = {
- enable = lib.mkEnableOption "enable home network shares";
- automount = lib.mkEnableOption "automount home network shares";
- };
- office = {
- enable = lib.mkEnableOption "enable office network shares";
- automount = lib.mkEnableOption "automount home network shares";
- };
- };
- };
-
- config = lib.mkIf config.nas.enable {
- fileSystems = lib.optionalAttrs config.nas.home.enable {
- "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" config.nas.home.automount;
- "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" config.nas.home.automount;
- "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" config.nas.home.automount;
- "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" config.nas.home.automount;
- } // lib.optionalAttrs config.nas.office.enable {
- "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" config.nas.office.automount;
- "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" config.nas.office.automount;
- "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" config.nas.office.automount;
- };
- # TODO auto mkdirz
- };
-}
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
deleted file mode 100644
index fc243ea..0000000
--- a/modules/root/normaluser.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, userDetails, ... }: {
- users.users.root = {
- hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
- };
- users.users.${userDetails.username} = {
- description = userDetails.fullname;
- #home = userDetails.home.root;
- isNormalUser = true;
- hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
- extraGroups = [ "wheel" "nixbld" ];
- };
-}
diff --git a/modules/root/pipewire.nix b/modules/root/pipewire.nix
deleted file mode 100644
index fd97d42..0000000
--- a/modules/root/pipewire.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ lib, config, ... }: {
- options = {
- pipewire.enable = lib.mkEnableOption "enables pipewire";
- };
-
- config = lib.mkIf config.pipewire.enable {
- services.pipewire = {
- enable = true;
- pulse.enable = true;
- };
- };
-}
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
deleted file mode 100644
index 03f9517..0000000
--- a/modules/root/resources/secrets/secrets.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str]
-hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUlBZXQ5Z080UUxoUGdr
- dm9hRE5uTzFwWXhOWkJnbXNvazd1UnplcUdZCnRKQ3RVT1RGZURLYUxINStBSU4x
- bUZudFp2SC9DSkVhNTRHV0MrRFFMckEKLS0tIGNBb3FLQVJsTGVsY3hMdy94WWZx
- UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
- nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-01-09T16:42:38Z"
- mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.9.2
diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch
deleted file mode 100644
index c1bca97..0000000
--- a/modules/root/resources/x11/xinit-startx-xdg.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/startx.cpp b/startx.cpp
-index dfbebe1..472a1b0 100644
---- a/startx.cpp
-+++ b/startx.cpp
-@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then
- dummy=0
-
- XCOMM create a file with auth information for the server. ':0' is a dummy.
-- xserverauthfile=$HOME/.serverauth.$$
-+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}"
- trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM
- xauth -q -f "$xserverauthfile" << EOF
- add :$dummy . $mcookie
-
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
deleted file mode 100644
index 47262fd..0000000
--- a/modules/root/secrets.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, inputs, config, userDetails, ... }: {
- imports = [ inputs.sops-nix.nixosModules.sops ];
-
- sops = {
- defaultSopsFile = ./resources/secrets/secrets.yaml;
- defaultSopsFormat = "yaml";
- age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
-
- secrets = {
- wpa_supplicant-conf = { };
- hashed-root-password = { };
- };
- };
-
- # This service is a workaround to ensure that secrets are available on
- # reboot when the secret keys are on a separate subvolume
- systemd.services.npcnix-force-rebuild-sops-hack = {
- wantedBy = [ "multi-user.target" ];
- before = [
- # List all services that require secrets
- "wpa_supplicant.service"
- ];
- serviceConfig = {
- ExecStart = "/run/current-system/activate";
- Type = "oneshot";
- Restart = "on-failure"; # because oneshot
- RestartSec = "10s";
- };
- };
-}
diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix
deleted file mode 100644
index 8d1e987..0000000
--- a/modules/root/software/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ lib, config, ... }: {
- imports = [
- ./awesome.nix
- ./ddcutil.nix
- ./desktop.nix
- ./development.nix
- ./docker.nix
- ./system.nix
- ./utilities.nix
- ./virtualisation.nix
- ];
-
- software.desktop = {
- enable = lib.mkDefault config.xserver.enable;
- chromium.enable = lib.mkDefault false;
- cad.enable = lib.mkDefault false;
- crypto.enable = lib.mkDefault false;
- firefox.enable = lib.mkDefault true;
- graphics.enable = lib.mkDefault false;
- office.enable = lib.mkDefault false;
- utilities.enable = lib.mkDefault false;
- };
-
- software.development = {
- enable = lib.mkDefault true;
- docker = {
- enable = lib.mkDefault false;
- btrfsSupport = lib.mkDefault true;
- };
- };
-
- virtualisation.enable = lib.mkDefault false;
- xserver.awesome.enable = lib.mkDefault true;
-}
diff --git a/modules/root/software/derivations b/modules/root/software/derivations
deleted file mode 120000
index a075779..0000000
--- a/modules/root/software/derivations
+++ /dev/null
@@ -1 +0,0 @@
-../../../derivations \ No newline at end of file
diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix
deleted file mode 100644
index 88101d8..0000000
--- a/modules/root/software/desktop.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ pkgs, lib, config, ... }: {
- options = {
- software.desktop = {
- enable = lib.mkEnableOption "enables desktop apps";
- chromium = {
- enable = lib.mkEnableOption "enables selected chromium browser package";
- package = lib.mkOption {
- type = lib.types.package;
- default = pkgs.ungoogled-chromium;
- description = "chromium package to install";
- };
- };
- cad.enable = lib.mkEnableOption "enables cad and 3d printing apps";
- crypto.enable = lib.mkEnableOption "enables crypto wallet apps";
- firefox.enable = lib.mkEnableOption "enables firefox";
- graphics.enable = lib.mkEnableOption "enables graphic design apps";
- office.enable = lib.mkEnableOption "enables office apps";
- utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps";
- };
- };
-
- config = lib.mkIf config.software.desktop.enable {
- environment.systemPackages = with pkgs; [
- # Default
- arandr
- dmenu
- libnotify
- mpv
- pavucontrol
- pcmanfm
- redshift
- scrot
- sxiv
- wpa_supplicant_gui
- zathura
- (callPackage ./derivations/st {})
- ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [
- # Chrome
- config.software.desktop.chromium.package
- ] ++ pkgs.lib.optionals config.software.desktop.cad.enable [
- # CAD
- blender
- freecad
- prusa-slicer
- ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [
- # Crypto Wallets
- bisq2
- electrum
- monero-gui
- ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [
- # Graphics
- blender
- geeqie
- gimp
- inkscape
- ] ++ pkgs.lib.optionals config.software.desktop.office.enable [
- # Office
- libreoffice
- pdfchain
- thunderbird
- ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [
- # Misc Utilities
- jellyfin-mpv-shim
- qbittorrent
- qdirstat
- remmina
- ];
-
- programs.localsend.enable = config.software.desktop.utilities.enable; # Installs & opens firewall
- programs.firefox.enable = config.software.desktop.firefox.enable;
-
- # GVfs allows for mounting drives in a graphical file manager
- services.gvfs.enable = true;
-
- # For home-manager to configure gtk
- # TODO this should be there instead
- programs.dconf.enable = config.software.desktop.enable;
- };
-}
diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix
deleted file mode 100644
index 2a4dfba..0000000
--- a/modules/root/software/development.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ pkgs, lib, config, ... }: {
- options = {
- software.development.enable = lib.mkEnableOption "enables development tools";
- };
-
- config = lib.mkIf config.software.development.enable {
- environment.systemPackages = with pkgs; [
- adb-sync
- android-tools
- gcc
- git
- gnumake
- hugo
- lua
- pkg-config
- ];
- };
-}
diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix
deleted file mode 100644
index bf1898c..0000000
--- a/modules/root/software/docker.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, lib, config, userDetails, ... }: {
- options = {
- software.development.docker = {
- enable = lib.mkEnableOption "enables docker";
- btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs";
- };
- };
-
- config = lib.mkIf config.software.development.docker.enable {
- virtualisation.docker = {
- enable = true;
- storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs";
- };
-
- environment.systemPackages = with pkgs; [
- docker-compose
- ];
-
- users.groups.docker.members = [ userDetails.username ];
- };
-}
diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix
deleted file mode 100644
index f0a31f2..0000000
--- a/modules/root/software/system.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }: {
- environment.systemPackages = with pkgs; [
- age # Secrets
- cryptsetup
- dash # TODO should be default /bin/sh
- exfat
- git # Needed for home-manager
- python3
- sops # Secrets
- ];
-
- services.gpm.enable = true;
-}
diff --git a/modules/root/software/virtualisation.nix b/modules/root/software/virtualisation.nix
deleted file mode 100644
index 4ae15f5..0000000
--- a/modules/root/software/virtualisation.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, ... }: {
- options = {
- virtualisation.enable = lib.mkEnableOption "enables virtualisation and virt-manager";
- };
-
- config = lib.mkIf config.virtualisation.enable {
- virtualisation.libvirtd.enable = true;
- programs.virt-manager.enable = config.software.desktop.enable;
- };
-}
diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix
deleted file mode 100644
index 9f6d54d..0000000
--- a/modules/root/ssh.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- services.openssh = {
- enable = true;
- settings = {
- X11Forwarding = true;
- };
- };
-}
diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix
deleted file mode 100644
index 3414c03..0000000
--- a/modules/root/tlp.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib, config, ... }: {
- options = {
- tlp.enable = lib.mkEnableOption "enables tlp";
- };
-
- config = lib.mkIf config.tlp.enable {
- services.tlp.enable = true;
- };
-}
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
deleted file mode 100644
index 542cfd7..0000000
--- a/modules/root/wifi.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ lib, config, ... }: {
- options = {
- wifi.enable = lib.mkEnableOption "enables wifi";
- };
-
- config = lib.mkIf config.wifi.enable {
- networking.wireless = {
- enable = true; # Enables wireless support via wpa_supplicant.
- userControlled.enable = true;
- allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
- };
-
- # Link /etc/wpa_supplicant.conf -> secret config
- environment.etc."wpa_supplicant.conf" = {
- source = config.sops.secrets.wpa_supplicant-conf.path;
- };
- };
-}
diff --git a/modules/root/x11.nix b/modules/root/x11.nix
deleted file mode 100644
index fd15c52..0000000
--- a/modules/root/x11.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, lib, config, ... }: {
- options = {
- xserver.enable = lib.mkEnableOption "enables xserver";
- };
-
- config = lib.mkIf config.xserver.enable {
- services.xserver.enable = true;
- services.xserver.displayManager.startx.enable = true;
- services.libinput.enable = true; # Enable touchpad support
-
- environment.systemPackages = with pkgs; [
- unclutter
- xcape
- xclip
- xdotool
- xorg.setxkbmap
- xorg.xinput
- xorg.xkill
- xorg.xrandr
- xorg.xset
- xwallpaper
- # Patch startx to be compliant with xdg base dir spec
- (xorg.xinit.overrideAttrs (old: rec {
- patches = [
- ./resources/x11/xinit-startx-xdg.patch
- ];
- }))
- ];
- };
-}
diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix
deleted file mode 100644
index 697cb4c..0000000
--- a/modules/root/zsh.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, pkgs, ... }: {
- options = {
- zsh.enable = lib.mkEnableOption "use zsh as default shell";
- };
-
- config = lib.mkIf config.zsh.enable {
- programs.zsh.enable = true;
- users.defaultUserShell = pkgs.zsh;
- };
-}
diff --git a/nixos/bootloader.nix b/nixos/bootloader.nix
new file mode 100644
index 0000000..bb807cf
--- /dev/null
+++ b/nixos/bootloader.nix
@@ -0,0 +1,48 @@
+{ lib, config, ... }: let
+ cfg = config.boot._loader;
+ usingEfi = cfg.mode == "efi";
+ usingBios = cfg.mode == "bios";
+in {
+ options.boot._loader = {
+ enable = lib.mkEnableOption "enable unified bootloader config";
+ loader = lib.mkOption {
+ type = lib.types.enum [ "grub" "systemd-boot" ];
+ default = "systemd-boot";
+ description = "whether to install grub or systemd-boot as the bootloader";
+ };
+ mode = lib.mkOption {
+ type = lib.types.enum [ "efi" "bios" ];
+ default = "efi";
+ description = "whether to install the bootloader in efi or bios mode";
+ };
+ grub = {
+ biosDevice = lib.mkOption {
+ type = lib.types.str;
+ description = "device to install grub on";
+ };
+ };
+ memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader";
+ };
+
+ config = lib.mkIf cfg.enable {
+ boot.loader = {
+ grub = lib.mkIf (cfg.loader == "grub") {
+ enable = true;
+ efiSupport = usingEfi;
+ efiInstallAsRemovable = usingEfi;
+ device = if usingBios then cfg.grub.biosDevice else "nodev";
+ enableCryptodisk = true;
+ memtest86.enable = cfg.memtest86.enable;
+ };
+ systemd-boot = lib.mkIf (cfg.loader == "systemd-boot") {
+ enable = true;
+ editor = false;
+ memtest86.enable = cfg.memtest86.enable;
+ };
+ efi = lib.mkIf usingEfi {
+ efiSysMountPoint = lib.mkIf (cfg.loader == "grub") "/boot/efi";
+ canTouchEfiVariables = true;
+ };
+ };
+ };
+}
diff --git a/nixos/default.nix b/nixos/default.nix
new file mode 100644
index 0000000..4a027e0
--- /dev/null
+++ b/nixos/default.nix
@@ -0,0 +1,26 @@
+{
+ imports = [
+ ./programs/awesome.nix
+ ./programs/ddcutil.nix
+ ./programs/home-manager.nix
+
+ ./services/cgit.nix
+ ./services/gitea.nix
+ ./services/searxng.nix
+
+ ./bootloader.nix
+ ./doas.nix
+ ./filesystems.nix
+ ./geoclue.nix
+ ./hosts.nix
+ ./net-iface-labels.nix
+ ./nix.nix
+ ./pipewire.nix
+ ./powerkeys.nix
+ ./printing.nix
+ ./secrets.nix
+ ./ssh.nix
+ ./sudo.nix
+ ./suspend.nix
+ ];
+}
diff --git a/nixos/doas.nix b/nixos/doas.nix
new file mode 100644
index 0000000..aeed170
--- /dev/null
+++ b/nixos/doas.nix
@@ -0,0 +1,17 @@
+{ lib, config, ... }: let
+ cfg = config.security._doas;
+in {
+ options.security._doas = {
+ enable = lib.mkEnableOption "enables doas";
+ };
+
+ config = lib.mkIf cfg.enable {
+ security.doas = {
+ enable = true;
+ wheelNeedsPassword = false;
+ extraRules = [
+ { keepEnv = true; }
+ ];
+ };
+ };
+}
diff --git a/modules/root/software/ddcutil.nix b/nixos/filesystems.nix
index 93e0af5..00ab409 100644
--- a/modules/root/software/ddcutil.nix
+++ b/nixos/filesystems.nix
@@ -1,6 +1,7 @@
{ pkgs, ... }: {
- hardware.i2c.enable = true;
environment.systemPackages = with pkgs; [
- ddcutil
+ cryptsetup
+ exfat
+ ntfs3g
];
}
diff --git a/nixos/geoclue.nix b/nixos/geoclue.nix
new file mode 100644
index 0000000..344ef24
--- /dev/null
+++ b/nixos/geoclue.nix
@@ -0,0 +1,14 @@
+{ config, lib, ... }: let
+ cfg = config.services._geoclue2;
+in {
+ options.services._geoclue2 = {
+ enable = lib.mkEnableOption "enable geoclue2 service with minimal sources and set timezone automatically";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.geoclue2 = {
+ enable = true;
+ };
+ services.automatic-timezoned.enable = lib.mkDefault true;
+ };
+}
diff --git a/nixos/hosts.nix b/nixos/hosts.nix
new file mode 100644
index 0000000..a87f3b4
--- /dev/null
+++ b/nixos/hosts.nix
@@ -0,0 +1,4 @@
+{ hostname, ... }: {
+ networking.hostName = hostname; # From flake.nix
+ environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications
+}
diff --git a/nixos/net-iface-labels.nix b/nixos/net-iface-labels.nix
new file mode 100644
index 0000000..b7ac655
--- /dev/null
+++ b/nixos/net-iface-labels.nix
@@ -0,0 +1,28 @@
+{ config, lib, ... }: let
+ cfg = config.networking._interfaceLabels;
+ validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null;
+ macAddressType = lib.types.str // {
+ check = validMac;
+ description = "a mac address (xx:xx:xx:xx:xx:xx)";
+ };
+in {
+ options.networking._interfaceLabels = {
+ enable = lib.mkEnableOption "manually label network interfaces";
+ interfaces = lib.mkOption {
+ type = lib.types.attrsOf macAddressType;
+ default = {};
+ example = {
+ "lan0" = "00:11:22:33:44:55";
+ "lan1" = "66:77:88:99:AA:BB";
+ };
+ description = "label network interfaces by their mac address";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ networking.usePredictableInterfaceNames = false;
+ services.udev.extraRules = lib.concatStringsSep "\n" (
+ lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') cfg.interfaces
+ );
+ };
+}
diff --git a/modules/root/nix.nix b/nixos/nix.nix
index ff8dd28..ff8dd28 100644
--- a/modules/root/nix.nix
+++ b/nixos/nix.nix
diff --git a/nixos/pipewire.nix b/nixos/pipewire.nix
new file mode 100644
index 0000000..be3eaf4
--- /dev/null
+++ b/nixos/pipewire.nix
@@ -0,0 +1,14 @@
+{ lib, config, ... }: let
+ cfg = config.services._pipewire;
+in {
+ options.services._pipewire = {
+ enable = lib.mkEnableOption "enables pipewire";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.pipewire = {
+ enable = true;
+ pulse.enable = true;
+ };
+ };
+}
diff --git a/modules/root/powerkeys.nix b/nixos/powerkeys.nix
index fd4aa00..fd4aa00 100644
--- a/modules/root/powerkeys.nix
+++ b/nixos/powerkeys.nix
diff --git a/nixos/printing.nix b/nixos/printing.nix
new file mode 100644
index 0000000..a6df279
--- /dev/null
+++ b/nixos/printing.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }: let
+ cfg = config.services._printing;
+in {
+ options.services._printing = {
+ enable = lib.mkEnableOption "enables printing and avahi service";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.printing.enable = true;
+
+ services.avahi = {
+ enable = true;
+ nssmdns4 = true;
+ openFirewall = true;
+ };
+ };
+}
+
diff --git a/modules/root/software/awesome.nix b/nixos/programs/awesome.nix
index fdc86e8..0856384 100644
--- a/modules/root/software/awesome.nix
+++ b/nixos/programs/awesome.nix
@@ -1,9 +1,11 @@
-{ pkgs, lib, config, ... }: {
- options = {
- xserver.awesome.enable = lib.mkEnableOption "enables awesomewm";
+{ pkgs, lib, config, ... }: let
+ cfg = config.services.xserver.windowManager._awesome;
+in {
+ options.services.xserver.windowManager._awesome = {
+ enable = lib.mkEnableOption "installs awesome window manager";
};
- config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) {
+ config = lib.mkIf cfg.enable {
services.xserver.windowManager.awesome = {
enable = true;
noArgb = true; # disables transparency. why not?
diff --git a/nixos/programs/ddcutil.nix b/nixos/programs/ddcutil.nix
new file mode 100644
index 0000000..ef1801b
--- /dev/null
+++ b/nixos/programs/ddcutil.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config.programs._ddcutil;
+in {
+ options.programs._ddcutil = {
+ enable = lib.mkEnableOption "enables ddcutil and i2c control";
+ };
+
+ config = lib.mkIf cfg.enable {
+ hardware.i2c.enable = true;
+ environment.systemPackages = [ pkgs.ddcutil ];
+ };
+}
diff --git a/nixos/programs/home-manager.nix b/nixos/programs/home-manager.nix
new file mode 100644
index 0000000..49149d3
--- /dev/null
+++ b/nixos/programs/home-manager.nix
@@ -0,0 +1,15 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config.programs._home-manager;
+in {
+ options.programs._home-manager = {
+ enable = lib.mkEnableOption "enables home-manager";
+ };
+
+ config = lib.mkIf cfg.enable {
+ # Install home manager
+ environment.systemPackages = with pkgs; [ home-manager git ]; # Git is needed
+
+ # For home-manager to configure gtk
+ programs.dconf.enable = lib.mkDefault true;
+ };
+}
diff --git a/nixos/secrets.nix b/nixos/secrets.nix
new file mode 100644
index 0000000..0691255
--- /dev/null
+++ b/nixos/secrets.nix
@@ -0,0 +1,8 @@
+{ inputs, config, pkgs, ... }: {
+ environment.systemPackages = with pkgs; [ age sops ];
+
+ sops = {
+ defaultSopsFormat = "yaml";
+ age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ];
+ };
+}
diff --git a/nixos/services/cgit.nix b/nixos/services/cgit.nix
new file mode 100644
index 0000000..66de1d8
--- /dev/null
+++ b/nixos/services/cgit.nix
@@ -0,0 +1,142 @@
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.services._cgit;
+in {
+ options.services._cgit = {
+ enable = lib.mkEnableOption "enables cgit service";
+ hostAddress = lib.mkOption {
+ type = lib.types.str;
+ description = "hostAddress for the container";
+ default = "10.0.1.1";
+ };
+ localAddress = lib.mkOption {
+ type = lib.types.str;
+ description = "localAddress for the container";
+ default = "10.0.1.2";
+ };
+ rootTitle = lib.mkOption {
+ type = lib.types.str;
+ description = "cgit site title";
+ default = "";
+ };
+ rootDesc = lib.mkOption {
+ type = lib.types.str;
+ description = "cgit site description";
+ default = "";
+ };
+ extraConfig = lib.mkOption {
+ type = lib.types.str;
+ description = "cgitrc lines inserted verbatim at the end";
+ default = "";
+ };
+ ssh.authorizedKeys = {
+ keys = lib.mkOption {
+ type = lib.types.listOf lib.types.singleLineStr;
+ default = [ ];
+ description = ''
+ see `options.openssh.authorizedKeys.keys`.
+ ssh authorized keys for git user in container.
+ '';
+ };
+ keyFiles = lib.mkOption {
+ type = lib.types.listOf lib.types.path;
+ default = [ ];
+ description = ''
+ see `options.openssh.authorizedKeys.keyFiles`.
+ ssh authorized keys for git user in container.
+ '';
+ };
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ # Configure cgit container
+ containers.cgit = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress = cfg.hostAddress;
+ localAddress = cfg.localAddress;
+
+ specialArgs = {
+ authorizedKeys = cfg.ssh.authorizedKeys;
+ cgitrc = with cfg; {
+ inherit rootTitle;
+ inherit rootDesc;
+ inherit extraConfig;
+ };
+ };
+
+ config = { lib, config, authorizedKeys, cgitrc, ... }: {
+ # Create git user for ssh access
+ users.users.git = {
+ isNormalUser = true;
+ home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo
+ group = "git";
+ createHome = true;
+ homeMode = "750"; # Allow read permissions for group members
+ shell = pkgs.bash;
+ openssh = { inherit authorizedKeys; };
+ };
+ users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit
+
+ # Enable git
+ programs.git.enable = true;
+
+ # Enable ssh service
+ services.openssh.enable = true;
+
+ # Enable cgit service
+ services.lighttpd.enable = true;
+ services.lighttpd.cgit = {
+ enable = true;
+ #subdir = ""; # FIXME this does not work for some reason
+ configText = ''
+ # Based on joseluisq/alpine-cgit
+ root-title=${cgitrc.rootTitle}
+ root-desc=${cgitrc.rootDesc}
+
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+ readme=:README.md
+ readme=:README.html
+ readme=:README.txt
+ readme=:README
+ readme=:INSTALL.md
+ readme=:INSTALL.html
+ readme=:INSTALL.txt
+ readme=:INSTALL
+
+ # Cache
+ #cache-root=/var/cache/cgit
+ #cache-size=2000
+
+ enable-index-links=1
+ enable-index-owner=0
+ enable-remote-branches=1
+ enable-log-filecount=1
+ enable-log-linecount=1
+ enable-git-config=1
+ snapshots=tar.xz zip
+
+ robots=noindex, nofollow
+
+ virtual-root=/cgit
+ section-from-path=0
+ max-repo-count=100
+ scan-path=/srv/git
+
+ # extra config
+ ${cgitrc.extraConfig}
+ '';
+ };
+
+ # Networking, etc.
+ networking.firewall.allowedTCPPorts = [ 80 22 ];
+ networking.hostName = "cgit";
+
+ system.stateVersion = "25.05";
+ };
+ };
+ };
+}
diff --git a/nixos/services/gitea.nix b/nixos/services/gitea.nix
new file mode 100644
index 0000000..5586979
--- /dev/null
+++ b/nixos/services/gitea.nix
@@ -0,0 +1,58 @@
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.services._gitea;
+in {
+ options.services._gitea = {
+ enable = lib.mkEnableOption "enables gitea service";
+ hostAddress = lib.mkOption {
+ type = lib.types.str;
+ description = "hostAddress for the container";
+ default = "10.0.1.1";
+ };
+ localAddress = lib.mkOption {
+ type = lib.types.str;
+ description = "localAddress for the container";
+ default = "10.0.1.3";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ containers.gitea = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress = cfg.hostAddress;
+ localAddress = cfg.localAddress;
+
+ config = { lib, config, ... }: {
+ # Enable gitea service
+ services.gitea = {
+ enable = true;
+ user = "git"; # So ssh cloning uses git@gitea
+ settings = {
+ server = {
+ HTTP_PORT = 3000; # Can't set as 80 without root permissions, use 3000 instead
+ };
+ };
+ };
+
+ # Networking, etc.
+ # Redirect 80 to 3000
+ networking.nftables = {
+ enable = true;
+ ruleset = ''
+ table ip nat {
+ chain prerouting {
+ type nat hook prerouting priority 0;
+ tcp dport 80 redirect to :3000
+ }
+ }
+ '';
+ };
+ networking.firewall.allowedTCPPorts = [ 3000 80 22 ]; # Still need to forward 3000 for nftables rule to work
+ networking.hostName = "gitea";
+
+ system.stateVersion = "25.05";
+ };
+ };
+ };
+}
diff --git a/nixos/services/searxng.nix b/nixos/services/searxng.nix
new file mode 100644
index 0000000..f90ad4e
--- /dev/null
+++ b/nixos/services/searxng.nix
@@ -0,0 +1,120 @@
+{ pkgs, lib, config, ... }: let
+ cfg = config.services._searxng;
+ environmentFile = "/run/searx/searxng.env";
+ generateEnvironmentFile = ''
+ umask 077
+ echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile}
+ ls /run/searx
+ '';
+in {
+ options.services._searxng = {
+ enable = lib.mkEnableOption "enables searxng service";
+ uwsgi.enable = lib.mkEnableOption "enables searxng uwsgi";
+ };
+
+ config = lib.mkIf cfg.enable {
+ # Generate secret key
+ systemd.services.searx-environment-file = {
+ description = "Generate environment file with secret key for searx";
+ wantedBy = [ "searx-init.service" ];
+ partOf = [ "searx-init.service" ];
+ before = [ "searx-init.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ User = "searx";
+ RuntimeDirectory = "searx";
+ RuntimeDirectoryMode = "750";
+ ConditionPathExists = "!${environmentFile}";
+ };
+ script = generateEnvironmentFile;
+ };
+
+ # Configure searxng
+ services.searx = {
+ enable = true;
+ redisCreateLocally = true;
+ package = pkgs.searxng;
+ inherit environmentFile; # Provides secret key
+
+ # UWSGI configuration
+ runInUwsgi = cfg.uwsgi.enable;
+
+ uwsgiConfig = {
+ socket = "/run/searx/searx.sock";
+ http = ":8888";
+ chmod-socket = "660";
+ };
+
+ settings = {
+ general = {
+ instance_name = "TJK Search";
+ donation_url = "https://tjkeller.xyz";
+ enable_metrics = false;
+ };
+
+ # Search engine settings
+ search = {
+ safe_search = 2; # Strict
+ autocomplete = "";
+ default_lang = "en-US";
+ };
+
+ preferences.lock = [ "safesearch" ]; # Lock safe_search at strict
+
+ # https://docs.searxng.org/admin/plugins.html
+ enabled_plugins = [
+ "Tor check plugin"
+ "Tracker URL remover"
+ "Basic Calculator"
+ "Unit converter plugin"
+ "Hash plugin"
+ "Self Information"
+ "Open Access DOI rewrite"
+ "Hostnames plugin"
+ ];
+
+ hostnames.replace = {
+ "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz";
+ "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz";
+ "(.*\.)?reddit\.com$" = "old.reddit.com";
+ };
+
+ # Enable / disabled search engines from default list
+ engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) {
+ # Images
+ "artic" = false;
+ "deviantart" = false;
+ "flickr" = false;
+ "library of congress" = false;
+ "openverse" = false;
+ "pinterest" = false;
+ "public domain image archive" = false;
+ "unsplash" = false;
+ "wallhaven" = false;
+ "wikicommons.images" = false;
+
+ # Videos
+ "bitchute" = true;
+ "dailymotion" = false;
+ "piped" = false;
+ "rumble" = true;
+ "sepiasearch" = false;
+ "vimeo" = false;
+ "wikicommons.videos" = false;
+
+ # Music
+ "piped.music" = false;
+
+ # Files
+ "1337x" = true;
+ "annas archive" = true;
+ "library genesis" = true;
+
+ # Apps
+ "fdroid" = true;
+ };
+ };
+ };
+ };
+}
diff --git a/nixos/ssh.nix b/nixos/ssh.nix
new file mode 100644
index 0000000..8f81474
--- /dev/null
+++ b/nixos/ssh.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: let
+ cfg = config.services._ssh;
+in {
+ options.services._ssh = {
+ enable = lib.mkEnableOption "enable openssh with X11 forwarding";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.openssh = {
+ enable = true;
+ settings = {
+ X11Forwarding = true;
+ };
+ };
+ };
+}
diff --git a/nixos/sudo.nix b/nixos/sudo.nix
new file mode 100644
index 0000000..5fa2727
--- /dev/null
+++ b/nixos/sudo.nix
@@ -0,0 +1,15 @@
+{ lib, config, ... }: let
+ cfg = config.security._sudo;
+in {
+ options.security._sudo = {
+ enable = lib.mkEnableOption "enables sudo";
+ };
+
+ #config = lib.mkIf cfg.enable {
+ config = { # TODO remove once can be built from flake w git
+ security.sudo = {
+ enable = true;
+ wheelNeedsPassword = false;
+ };
+ };
+}
diff --git a/nixos/suspend.nix b/nixos/suspend.nix
new file mode 100644
index 0000000..11404de
--- /dev/null
+++ b/nixos/suspend.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }: let
+ cfg = config.systemd._suspend;
+in {
+ options.systemd._suspend = {
+ disable = lib.mkEnableOption "disables suspend";
+ };
+
+ config = lib.mkIf cfg.disable {
+ # Disable suspend targets
+ systemd.targets = builtins.listToAttrs (map (name: {
+ inherit name;
+ value = {
+ enable = false;
+ unitConfig.DefaultDependencies = "no";
+ };
+ }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]);
+ };
+}
diff --git a/pkgs/crazydiskinfo/default.nix b/pkgs/crazydiskinfo/default.nix
new file mode 100644
index 0000000..61de338
--- /dev/null
+++ b/pkgs/crazydiskinfo/default.nix
@@ -0,0 +1,41 @@
+{ lib
+, cmake
+, fetchFromGitHub
+, fetchpatch
+, libatasmart
+, ncurses5
+, stdenv
+}:
+
+stdenv.mkDerivation rec {
+ pname = "crazydiskinfo";
+ version = "1.1.0";
+
+ src = fetchFromGitHub {
+ owner = "otakuto";
+ repo = pname;
+ rev = "refs/tags/${version}";
+ sha256 = "sha256-+6ShoaggQ256sLSJDj4d16OipUYX/4JjEwLL5hswjiQ=";
+ };
+
+ patches = [
+ # Patch to fix build warnings
+ (fetchpatch {
+ url = "https://github.com/otakuto/crazydiskinfo/compare/1.1.0...8563aa8.diff";
+ sha256 = "sha256-z9aOQFsivu6sYgsZBOlnTvqnoR2ro/jyuO/WOimLSXk=";
+ })
+ ];
+
+ nativeBuildInputs = [ cmake ];
+ buildInputs = [ libatasmart ncurses5 ];
+
+ cmakeFlags = [ "-DCMAKE_INSTALL_PREFIX=$(out)" ];
+
+ meta = with lib; {
+ description = "CrazyDiskInfo is an interactive TUI S.M.A.R.T viewer for Unix systems";
+ homepage = "https://github.com/otakuto/crazydiskinfo";
+ mainProgram = "crazy";
+ license = licenses.mit;
+ maintainers = [ maintainers.tjkeller ];
+ };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
new file mode 100644
index 0000000..1c0ed23
--- /dev/null
+++ b/pkgs/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }: {
+ nixpkgs.overlays = with pkgs; [
+ (final: prev: {
+ crazydiskinfo = (callPackage ./crazydiskinfo {});
+ lowbat = (callPackage ./lowbat {});
+ workcentre-7800-series = (callPackage ./xerox-workcentre-7800-series-driver {});
+
+ # Use my vimv-rs until pr gets merged
+ vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: {
+ src = fetchFromGitHub {
+ owner = "tjkeller-xyz";
+ repo = "vimv-rs";
+ rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769";
+ sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA=";
+ };
+ });
+
+ # Use my tamzen until pr gets merged
+ tamzen = prev.tamzen.overrideAttrs (oldAttrs: {
+ src = fetchFromGitHub {
+ owner = "tjkeller-xyz";
+ repo = "tamzen-font";
+ rev = "middledot";
+ sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs=";
+ };
+ });
+ })
+ (import ./st/overrides.nix)
+ (import ./xorg/overrides.nix)
+ ];
+}
diff --git a/pkgs/lowbat/default.nix b/pkgs/lowbat/default.nix
new file mode 100644
index 0000000..64ec205
--- /dev/null
+++ b/pkgs/lowbat/default.nix
@@ -0,0 +1,28 @@
+{ lib
+, fetchzip
+, glib
+, libnotify
+, pkg-config
+, stdenv
+}:
+
+stdenv.mkDerivation rec {
+ pname = "lowbat";
+ version = "1.2.2";
+
+ src = fetchzip {
+ url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz";
+ sha256 = "sha256-utdcY9qoDcrBWnGC8m/LUsnoxQ0ilssPDF44A6D/C+8=";
+ };
+
+ nativeBuildInputs = [ pkg-config ];
+ buildInputs = [ libnotify glib ];
+
+ installFlags = [ "PREFIX=$(out)" ];
+
+ meta = with lib; {
+ description = "A minimal battery level monitor daemon, written in C";
+ license = licenses.mit;
+ maintainers = [ maintainers.tjkeller ];
+ };
+}
diff --git a/pkgs/st/overrides.nix b/pkgs/st/overrides.nix
new file mode 100644
index 0000000..2d0a37e
--- /dev/null
+++ b/pkgs/st/overrides.nix
@@ -0,0 +1,19 @@
+final: prev: {
+ st = prev.st.overrideAttrs (finalAttrs: previousAttrs: {
+ version = "tj-0.9.2.3";
+
+ src = prev.fetchgit {
+ url = "https://git.tjkeller.xyz/${previousAttrs.pname}";
+ tag = finalAttrs.version;
+ sha256 = "sha256-SQ62io4LWsPBvX8e9vUwVVXs/2+THoR6ZZoldQ6IUJk=";
+ };
+
+ makeFlags = previousAttrs.makeFlags ++ [ "CFLAGS=-Ofast" ];
+ buildInputs = with prev.pkgs.xorg; previousAttrs.buildInputs ++ [ libXcursor libXext ];
+
+ meta = with prev.lib; previousAttrs.meta // {
+ homepage = "https://git.tjkeller.xyz/st";
+ maintainers = previousAttrs.meta.maintainers ++ [ maintainers.tjkeller ];
+ };
+ });
+}
diff --git a/pkgs/xerox-workcentre-7800-series-driver/default.nix b/pkgs/xerox-workcentre-7800-series-driver/default.nix
new file mode 100644
index 0000000..cfdaaae
--- /dev/null
+++ b/pkgs/xerox-workcentre-7800-series-driver/default.nix
@@ -0,0 +1,86 @@
+{
+ stdenv,
+ lib,
+ fetchurl,
+ dpkg,
+ autoPatchelfHook,
+ cups,
+ xorg,
+}:
+let
+ debPlatform =
+ if stdenv.hostPlatform.system == "x86_64-linux" then
+ "x86_64"
+ else if stdenv.hostPlatform.system == "i686-linux" then
+ "i686"
+ else
+ throw "Unsupported system: ${stdenv.hostPlatform.system}";
+in
+stdenv.mkDerivation rec {
+ pname = "xerox-workcentre-7800-series-driver";
+ version = "5.20.661.4684";
+ debpkg = "XeroxOfficev5Pkg-Linux${debPlatform}-${version}.deb";
+
+ src = fetchurl {
+ url = "https://download.support.xerox.com/pub/drivers/CQ8580/drivers/linux/pt_BR/${debpkg}";
+ sha256 = "014k0r9ij3401mnab1qzv96bjl9x7rf11aw1ibf0q370pk9jqqjb"; # TODO correct hash for i686
+ };
+
+ nativeBuildInputs = [ dpkg autoPatchelfHook ];
+ # TODO add support for disable xorg
+ buildInputs = [
+ cups
+ stdenv.cc.cc.lib
+ xorg.libX11
+ xorg.libXrender
+ xorg.libXfixes
+ xorg.libXdamage
+ xorg.libXcomposite
+ xorg.libXcursor
+ xorg.libXrandr
+ xorg.libXext
+ xorg.libXinerama
+ ];
+
+ sourceRoot = ".";
+ unpackCmd = "dpkg-deb -x $curSrc .";
+
+ dontConfigure = true;
+ dontBuild = true;
+
+ installPhase = ''
+ runHook preInstall
+
+ mkdir -p $out
+
+ # Copy and patch the binaries and libraries
+ cp -r opt $out/
+ cp -r usr $out/
+
+ # Move the PPD to CUPS model dir
+ mkdir -p $out/share/cups/model
+ cp opt/XeroxOffice/prtsys/ppd/*.ppd $out/share/cups/model/
+
+ # Install the CUPS filters
+ mkdir -p $out/lib/cups/filter
+ cp usr/lib/cups/filter/* $out/lib/cups/filter/
+
+ # Install man pages
+ mkdir -p $out/share/man
+ cp -r usr/share/man/* $out/share/man/
+
+ runHook postInstall
+ '';
+
+ meta = with lib; {
+ description = "Xerox WorkCentre 7800 Series Linux Printer Driver";
+ longDescription = ''
+ WorkCentre 7830/7835/7845/7855
+ '';
+ homepage = "https://www.support.xerox.com/en-us/product/workcentre-7800-series/downloads?platform=linux";
+ sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+ #license = licenses.unfree;
+ maintainers = [];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/xorg/overrides.nix b/pkgs/xorg/overrides.nix
new file mode 100644
index 0000000..7225431
--- /dev/null
+++ b/pkgs/xorg/overrides.nix
@@ -0,0 +1,20 @@
+final: prev: {
+ xorg = prev.xorg // {
+ # Apply startx patch to create serverauth file in /tmp instead of home directory
+ xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: {
+ version = "1.4.4";
+ patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from
+ # Override src since is hardcoded to 1.4.2
+ src = prev.fetchurl {
+ url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz";
+ sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk=";
+ };
+ patches = [
+ (prev.fetchpatch {
+ url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff";
+ sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda";
+ })
+ ];
+ }));
+ };
+}
diff --git a/rebuild b/rebuild
new file mode 100755
index 0000000..87a2a65
--- /dev/null
+++ b/rebuild
@@ -0,0 +1,2 @@
+#!/bin/sh
+nixos-rebuild switch --use-remote-sudo --flake "$(dirname "$0")/#$(hostname)" $@
diff --git a/users/default.nix b/users/default.nix
new file mode 100644
index 0000000..8eb5373
--- /dev/null
+++ b/users/default.nix
@@ -0,0 +1,5 @@
+{
+ imports = [
+ ./timmy
+ ];
+}
diff --git a/users/timmy/default.nix b/users/timmy/default.nix
new file mode 100644
index 0000000..659efde
--- /dev/null
+++ b/users/timmy/default.nix
@@ -0,0 +1,105 @@
+{ lib, config, pkgs, home-manager, ... }: let
+ cfg = config._users.timmy;
+ username = "timmy";
+ email = "tjk@tjkeller.xyz";
+ fullname = "Tim Keller";
+ home = "/home/${username}";
+ userDirs = {
+ desktop = "${home}";
+ download = "${home}/dls";
+ documents = "${home}/docs";
+ pictures = "${home}/pics";
+ # Set these as null so they're not created
+ music = null;
+ publicShare = null;
+ templates = null;
+ videos = null;
+ };
+ sshKeyPaths = [ "${home}/.ssh/id_ed25519" ];
+ sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths;
+ sshPublicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnsnAWcz46OVi1MWSxpOIUtUvwalijDwvW+oEvNjzep" ];
+in {
+ imports = [
+ ./hosts.nix
+ ./localization.nix
+ ./nas.nix
+ ./printing.nix
+ ./user.nix
+ ./wifi.nix
+ ];
+
+ options._users.timmy = {
+ enable = lib.mkEnableOption "create user timmy";
+ autologin.enable = lib.mkEnableOption "enables getty automatic login";
+ };
+
+ #config = lib.mkIf cfg.enable {
+ config = {
+ # Setup zsh
+ programs.zsh.enable = true;
+ #environment.systemPackages = [ pkgs.zsh-fast-syntax-highlighting ]; # TODO
+
+ # Setup normal user
+ users.users.timmy = {
+ home = home;
+ description = fullname;
+ isNormalUser = true;
+ shell = pkgs.zsh;
+ extraGroups = [
+ "nixbld"
+ "video"
+ "wheel"
+ ] ++ lib.optionals config.hardware.i2c.enable [
+ "i2c"
+ ] ++ lib.optionals config.virtualisation.libvirtd.enable [
+ "libvirtd"
+ ] ++ lib.optionals config.virtualisation.docker.enable [
+ "docker"
+ ];
+ };
+
+ # Configure automatic login with getty
+ services.getty = lib.mkIf cfg.autologin.enable {
+ autologinUser = username;
+ };
+
+ # Configure sops age key paths since age keys are generated via ssh private key
+ sops.age = { inherit sshKeyPaths; };
+
+ # Add authorizedKeys to cgit service
+ services._cgit.ssh.authorizedKeys = {
+ keys = sshPublicKeys;
+ keyFiles = sshPublicKeyPaths;
+ };
+
+ # Configure user home
+ home-manager.users.timmy = {
+ # Setup home-manager
+ home = {
+ username = username;
+ homeDirectory = home;
+ stateVersion = "24.05";
+ };
+
+ # Setup userdirs
+ xdg.userDirs = {
+ enable = true;
+ createDirectories = true;
+ } // userDirs;
+
+ # Setup git
+ programs.git = {
+ enable = true;
+ userName = fullname;
+ userEmail = email;
+ };
+
+ # Setup gtk bookmarks
+ gtk.gtk3.bookmarks = (
+ lib.mapAttrsToList (name: dir:
+ lib.mkIf (dir != null) "file://${dir} ${lib.toUpper (lib.substring 0 1 name)}${lib.substring 1 (-1) name}" # Make first letter upper case
+ ) userDirs
+ );
+ };
+ };
+}
diff --git a/modules/root/hosts.nix b/users/timmy/hosts.nix
index 14daaf1..66c6ccc 100644
--- a/modules/root/hosts.nix
+++ b/users/timmy/hosts.nix
@@ -5,6 +5,7 @@
"192.168.1.11" = [ "truenas-home" ];
"192.168.77.11" = [ "truenas-office" ];
"192.168.77.8" = [ "publicgit" "tjkeller" ];
+ "192.168.77.3" = [ "devel" ];
"173.9.253.3" = [
"git.tjkeller.xyz"
"piped.tjkeller.xyz"
diff --git a/users/timmy/localization.nix b/users/timmy/localization.nix
new file mode 100644
index 0000000..6762161
--- /dev/null
+++ b/users/timmy/localization.nix
@@ -0,0 +1,12 @@
+{ lib, ... }: {
+ time.timeZone = lib.mkDefault "America/Chicago"; # Overwritten by automatic-timezoned
+ i18n.defaultLocale = "en_US.UTF-8";
+ services.xserver.xkb.layout = "us";
+ #services.geoclue2 = {
+ # enableStatic = true;
+ # staticLatitude = 41.881832;
+ # staticLongitude = -87.623177;
+ # staticAltitude = 100;
+ # staticAccuracy = 500;
+ #};
+}
diff --git a/users/timmy/nas.nix b/users/timmy/nas.nix
new file mode 100644
index 0000000..8fa28c3
--- /dev/null
+++ b/users/timmy/nas.nix
@@ -0,0 +1,35 @@
+{ lib, config, ... } :
+let
+ cfg = config._users.timmy.nas;
+ mkNetworkFileSystem = device: automount: {
+ device = "${device}";
+ fsType = "nfs";
+ options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ];
+ };
+in {
+ options._users.timmy.nas = {
+ enable = lib.mkEnableOption "enable network shares";
+ home = {
+ enable = lib.mkEnableOption "enable home network shares";
+ automount = lib.mkEnableOption "automount home network shares";
+ };
+ office = {
+ enable = lib.mkEnableOption "enable office network shares";
+ automount = lib.mkEnableOption "automount home network shares";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ fileSystems = lib.optionalAttrs cfg.home.enable {
+ "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" cfg.home.automount;
+ "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" cfg.home.automount;
+ "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" cfg.home.automount;
+ "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" cfg.home.automount;
+ } // lib.optionalAttrs cfg.office.enable {
+ "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" cfg.office.automount;
+ "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" cfg.office.automount;
+ "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" cfg.office.automount;
+ };
+ # TODO auto mkdirz
+ };
+}
diff --git a/modules/root/printing.nix b/users/timmy/printing.nix
index 69ff573..d5cceab 100644
--- a/modules/root/printing.nix
+++ b/users/timmy/printing.nix
@@ -1,33 +1,23 @@
{ lib, config, pkgs, ... }: {
- options = {
- printing.enable = lib.mkEnableOption "enables printing";
- avahi.enable = lib.mkEnableOption "enables avahi";
- scanning.enable = lib.mkEnableOption "enables scanning";
- };
-
- config = lib.mkIf config.printing.enable {
- services.printing = {
- enable = true;
- drivers = [
- pkgs.epson-escpr2
- ];
- };
-
- services.avahi = {
- enable = true;
- nssmdns4 = true;
- openFirewall = true;
- };
+ config = lib.mkIf config.services.printing.enable {
+ # Printer drivers
+ services.printing.drivers = [
+ pkgs.epson-escpr2
+ pkgs.workcentre-7800-series
+ ];
- environment.systemPackages = with pkgs; pkgs.lib.optionals config.scanning.enable [
+ # Scanning programs
+ environment.systemPackages = with pkgs; [
epsonscan2
];
+ # Printers
networking.hosts = {
"192.168.1.35" = [ "Epson_ET-8500" ];
"192.168.77.40" = [ "Xerox_WorkCentre_7855" ];
};
+ # Add printers to cups
hardware.printers.ensurePrinters = [
{
name = "Epson_ET-8500";
diff --git a/users/timmy/resources/secrets/hashed-root-password.yaml b/users/timmy/resources/secrets/hashed-root-password.yaml
new file mode 100644
index 0000000..a42fd42
--- /dev/null
+++ b/users/timmy/resources/secrets/hashed-root-password.yaml
@@ -0,0 +1,25 @@
+hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str]
+sops:
+ age:
+ - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF
+ alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005
+ OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG
+ RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy
+ bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6
+ WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT
+ UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx
+ Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq
+ tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-07-17T22:34:07Z"
+ mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/users/timmy/resources/secrets/wpa_supplicant-conf.yaml b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml
new file mode 100644
index 0000000..2fd7a0e
--- /dev/null
+++ b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml
@@ -0,0 +1,16 @@
+wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str]
+sops:
+ age:
+ - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz
+ ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM
+ b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4
+ ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A
+ +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-07-17T22:33:44Z"
+ mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/users/timmy/user.nix b/users/timmy/user.nix
new file mode 100644
index 0000000..2695549
--- /dev/null
+++ b/users/timmy/user.nix
@@ -0,0 +1,22 @@
+{ lib, config, pkgs, userDetails, ... }: let
+ cfg = config._archetypes.tjkeller.setPasswords;
+ hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+in {
+ options._archetypes.tjkeller.setPasswords = {
+ enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
+ };
+
+ config = lib.mkIf cfg.enable {
+ # Load hashed root password secret
+ sops.secrets.hashed-root-password = {
+ sopsFile = ./resources/secrets/hashed-root-password.yaml;
+ neededForUsers = true;
+ };
+
+ # Apply password file
+ users.users = {
+ root = { inherit hashedPasswordFile; };
+ ${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; };
+ };
+ };
+}
diff --git a/users/timmy/wifi.nix b/users/timmy/wifi.nix
new file mode 100644
index 0000000..9afcbc7
--- /dev/null
+++ b/users/timmy/wifi.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }: let
+ cfg = config._users.timmy.wifi;
+in {
+ options._users.timmy.wifi = {
+ enable = lib.mkEnableOption "enables wifi";
+ };
+
+ config = lib.mkIf cfg.enable {
+ networking.wireless = {
+ enable = true; # Enables wireless support via wpa_supplicant.
+ userControlled.enable = true;
+ allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
+ };
+
+ # Load wpa_supplicant.conf secret config
+ sops.secrets.wpa_supplicant-conf = {
+ sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
+ };
+
+ # Link /etc/wpa_supplicant.conf -> secret config
+ environment.etc."wpa_supplicant.conf" = {
+ source = config.sops.secrets.wpa_supplicant-conf.path;
+ };
+
+ # This service is a workaround to ensure that secrets are available on
+ # reboot when the secret keys are on a separate subvolume
+ systemd.services.npcnix-force-rebuild-sops-hack = {
+ wantedBy = [ "multi-user.target" ];
+ before = [ "wpa_supplicant.service" ];
+ serviceConfig = {
+ ExecStart = "/run/current-system/activate";
+ Type = "oneshot";
+ Restart = "on-failure"; # because oneshot
+ RestartSec = "10s";
+ };
+ };
+ };
+}