diff options
Diffstat (limited to 'archetypes')
29 files changed, 680 insertions, 0 deletions
diff --git a/archetypes/collections/bluetooth.nix b/archetypes/collections/bluetooth.nix new file mode 100644 index 0000000..749a9f1 --- /dev/null +++ b/archetypes/collections/bluetooth.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.bluetooth; +in { + options._archetypes.collections.bluetooth = { + enable = lib.mkEnableOption "enables bluetooth and blueman"; + }; + + config = lib.mkIf cfg.enable { + hardware.bluetooth.enable = true; + services.blueman.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/archetypes/collections/desktop/cad.nix b/archetypes/collections/desktop/cad.nix new file mode 100644 index 0000000..33edcd5 --- /dev/null +++ b/archetypes/collections/desktop/cad.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.cad; +in { + options._archetypes.collections.desktop.cad = { + enable = lib.mkEnableOption "install cad and 3d printing software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + blender + freecad + prusa-slicer + ]; + }; +} diff --git a/archetypes/collections/desktop/chromium.nix b/archetypes/collections/desktop/chromium.nix new file mode 100644 index 0000000..b4638f0 --- /dev/null +++ b/archetypes/collections/desktop/chromium.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.chromium; +in { + options._archetypes.collections.desktop.chromium = { + enable = lib.mkEnableOption "install chromium browser"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.ungoogled-chromium; + description = "chromium package to install"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + }; +} diff --git a/archetypes/collections/desktop/crypto.nix b/archetypes/collections/desktop/crypto.nix new file mode 100644 index 0000000..f90919e --- /dev/null +++ b/archetypes/collections/desktop/crypto.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.crypto; +in { + options._archetypes.collections.desktop.crypto = { + enable = lib.mkEnableOption "install crypto wallets"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + sparrow + ]; + }; +} diff --git a/archetypes/collections/desktop/default.nix b/archetypes/collections/desktop/default.nix new file mode 100644 index 0000000..bbca8df --- /dev/null +++ b/archetypes/collections/desktop/default.nix @@ -0,0 +1,13 @@ +{ + imports = [ + ./cad.nix + ./chromium.nix + ./crypto.nix + ./extra.nix + ./firefox.nix + ./graphics.nix + ./office.nix + ./utilities.nix + ./xserver.nix + ]; +} diff --git a/archetypes/collections/desktop/extra.nix b/archetypes/collections/desktop/extra.nix new file mode 100644 index 0000000..699b20f --- /dev/null +++ b/archetypes/collections/desktop/extra.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.extraUtilities; +in { + options._archetypes.collections.desktop.extraUtilities = { + enable = lib.mkEnableOption "install extra desktop utilities"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + jellyfin-mpv-shim + qbittorrent + qdirstat + remmina + ]; + }; +} diff --git a/archetypes/collections/desktop/firefox.nix b/archetypes/collections/desktop/firefox.nix new file mode 100644 index 0000000..02656f6 --- /dev/null +++ b/archetypes/collections/desktop/firefox.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.firefox; +in { + options._archetypes.collections.desktop.firefox = { + enable = lib.mkEnableOption "install firefox"; + }; + + config = lib.mkIf cfg.enable { + programs.firefox.enable = true; + }; +} + diff --git a/archetypes/collections/desktop/graphics.nix b/archetypes/collections/desktop/graphics.nix new file mode 100644 index 0000000..f4242d1 --- /dev/null +++ b/archetypes/collections/desktop/graphics.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.graphics; +in { + options._archetypes.collections.desktop.graphics = { + enable = lib.mkEnableOption "install graphic design software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + blender + geeqie + gimp3 + inkscape + ]; + }; +} diff --git a/archetypes/collections/desktop/office.nix b/archetypes/collections/desktop/office.nix new file mode 100644 index 0000000..23e6862 --- /dev/null +++ b/archetypes/collections/desktop/office.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.office; +in { + options._archetypes.collections.desktop.office = { + enable = lib.mkEnableOption "install office software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + hunspell # Spell checking in libreoffice + hunspellDicts.en_US + kdePackages.okular + libreoffice + pdfchain + thunderbird + ]; + }; +} diff --git a/archetypes/collections/desktop/utilities.nix b/archetypes/collections/desktop/utilities.nix new file mode 100644 index 0000000..43d4973 --- /dev/null +++ b/archetypes/collections/desktop/utilities.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.utilities; +in { + options._archetypes.collections.desktop.utilities = { + enable = lib.mkEnableOption "install basic desktop utilities"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + arandr + dmenu + libnotify + lowbat + mpv + pavolctld + pavucontrol + pcmanfm + redshift + scrot + st + sxiv + wpa_supplicant_gui + zathura + ]; + + programs.localsend.enable = true; # Installs & opens firewall + services.gvfs.enable = true; # GVfs allows for mounting drives in a graphical file manager + }; +} diff --git a/archetypes/collections/desktop/xserver.nix b/archetypes/collections/desktop/xserver.nix new file mode 100644 index 0000000..4cbdae8 --- /dev/null +++ b/archetypes/collections/desktop/xserver.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.xserver; +in { + options._archetypes.collections.desktop.xserver = { + enable = lib.mkEnableOption "installs xserver"; + utilities.enable = lib.mkEnableOption "installs basic xserver utilities"; + }; + + config = lib.mkIf cfg.enable { + services.xserver.enable = true; + services.xserver.displayManager.startx.enable = true; + services.libinput.enable = true; # Enable touchpad support + + # Install basic X utilities + environment.systemPackages = with pkgs; lib.optionals cfg.utilities.enable [ + unclutter + xcape + xclip + xdotool + xorg.setxkbmap + xorg.xinput + xorg.xkill + xorg.xrandr + xorg.xset + xwallpaper + ]; + + # Enable TearFree option by default + # Not all video drivers support this option + services.xserver.deviceSection = '' + Option "TearFree" "true" + ''; + }; +} diff --git a/archetypes/collections/development/default.nix b/archetypes/collections/development/default.nix new file mode 100644 index 0000000..87fe2d2 --- /dev/null +++ b/archetypes/collections/development/default.nix @@ -0,0 +1,45 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development; + hugoFirewallPort = 1313; +in { + imports = [ + ./docker.nix + ]; + + options._archetypes.collections.development = { + utilities.enable = lib.mkEnableOption "install basic dev utilities"; + android.enable = lib.mkEnableOption "install android dev tools"; + c.enable = lib.mkEnableOption "install c dev tools"; + lua.enable = lib.mkEnableOption "install lua dev tools"; + web = { + hugo = { + enable = lib.mkEnableOption "install hugo"; + openFirewall = lib.mkEnableOption "open the port ${hugoFirewallPort} for viewing content from hugo serve on other devices"; + }; + node.enable = lib.mkEnableOption "install node"; + }; + }; + + config = { + environment.systemPackages = with pkgs; [ + git + python3 + ] ++ lib.optionals cfg.android.enable [ + #adb-sync + android-tools + ] ++ lib.optionals cfg.c.enable [ + gcc + git + gnumake + pkg-config + ] ++ lib.optionals cfg.lua.enable [ + lua + ] ++ lib.optionals cfg.web.hugo.enable [ + hugo + ] ++ lib.optionals cfg.web.node.enable [ + nodejs + ]; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.web.hugo.openFirewall [ hugoFirewallPort ]; + }; +} diff --git a/archetypes/collections/development/docker.nix b/archetypes/collections/development/docker.nix new file mode 100644 index 0000000..629dff3 --- /dev/null +++ b/archetypes/collections/development/docker.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development.docker; +in { + options._archetypes.collections.development.docker = { + enable = lib.mkEnableOption "enables docker"; + btrfsSupport = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Changes docker storageDriver to btrfs."; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.docker = { + enable = true; + storageDriver = lib.mkIf cfg.btrfsSupport "btrfs"; + }; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + }; +} diff --git a/archetypes/collections/fonts.nix b/archetypes/collections/fonts.nix new file mode 100644 index 0000000..136e31b --- /dev/null +++ b/archetypes/collections/fonts.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.fonts; +in { + options._archetypes.collections.fonts = { + enable = lib.mkEnableOption "enables fonts"; + }; + + config = lib.mkIf cfg.enable { + fonts.packages = with pkgs; [ + commit-mono + inter + nerd-fonts.jetbrains-mono + tamzen + ]; + }; +} diff --git a/archetypes/collections/utilities.nix b/archetypes/collections/utilities.nix new file mode 100644 index 0000000..85763a4 --- /dev/null +++ b/archetypes/collections/utilities.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + crazydiskinfo + dash # TODO should be default /bin/sh + entr + fastfetch + ffmpeg + htop + jq + light + lm_sensors + mediainfo + neovim + nmap + openssl + p7zip + powertop + pv + rsync + screen + smartmontools + sslscan + stress + testdisk + tmux + uhubctl + vimv-rs + wget + wireguard-tools + xxHash + yt-dlp + ]; + + services.gpm.enable = true; +} diff --git a/archetypes/collections/virtualization.nix b/archetypes/collections/virtualization.nix new file mode 100644 index 0000000..fda0e48 --- /dev/null +++ b/archetypes/collections/virtualization.nix @@ -0,0 +1,22 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.virtualization; +in { + options._archetypes.collections.virtualization = { + enable = lib.mkEnableOption "enables virtualization and virt-manager"; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + spiceUSBRedirection.enable = true; + libvirtd.enable = true; + # Enable efi support with ovmf firmware + libvirtd.qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf.enable = true; + }; + }; + programs.virt-manager.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/archetypes/default.nix b/archetypes/default.nix new file mode 100644 index 0000000..f201fc3 --- /dev/null +++ b/archetypes/default.nix @@ -0,0 +1,15 @@ +{ + imports = [ + ./collections/bluetooth.nix + ./collections/desktop + ./collections/development + ./collections/fonts.nix + ./collections/utilities.nix + ./collections/virtualization.nix + + ./profiles/desktop + ./profiles/headless + + ./users/primary.nix + ]; +} diff --git a/archetypes/profiles/desktop/default.nix b/archetypes/profiles/desktop/default.nix new file mode 100644 index 0000000..d9a7dc7 --- /dev/null +++ b/archetypes/profiles/desktop/default.nix @@ -0,0 +1,53 @@ +{ lib, config, pkgs, ... }: let + mkDesktop = lib.mkOverride 920; + cfg = config._archetypes.profiles.desktop; +in { + options._archetypes.profiles.desktop = { + enable = lib.mkEnableOption "enable desktop profile"; + }; + + config = lib.mkIf cfg.enable { + _archetypes.collections = { + desktop = { + utilities.enable = mkDesktop true; + firefox.enable = mkDesktop true; + xserver = { + enable = mkDesktop true; + utilities.enable = mkDesktop true; + }; + }; + development = { + utilities.enable = mkDesktop true; + }; + fonts.enable = mkDesktop true; + }; + + _archetypes.users.primary = { + enable = mkDesktop true; + }; + + security = { + _doas.enable = mkDesktop true; + }; + + programs = { + _ddcutil.enable = mkDesktop true; + _home-manager.enable = mkDesktop true; + }; + + services = { + xserver = { + windowManager._awesome.enable = mkDesktop true; + }; + _pipewire.enable = mkDesktop true; + _printing.enable = mkDesktop true; + _ssh.enable = mkDesktop true; + tlp.enable = mkDesktop true; + + # Ensure video group can change backlight + udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; + }; + }; +} diff --git a/archetypes/profiles/headless/default.nix b/archetypes/profiles/headless/default.nix new file mode 100644 index 0000000..ef17db0 --- /dev/null +++ b/archetypes/profiles/headless/default.nix @@ -0,0 +1,32 @@ +{ lib, config, ... }: let + mkHeadless = lib.mkOverride 910; + cfg = config._archetypes.profiles.headless; +in { + options._archetypes.profiles.headless = { + enable = lib.mkEnableOption "enable headless profile"; + }; + + config = lib.mkIf cfg.enable { + _archetypes.collections = { + development = { + utilities.enable = mkHeadless true; + }; + }; + + _archetypes.users = { + primary.enable = mkHeadless true; + }; + + security = { + _doas.enable = mkHeadless true; + }; + + programs = { + _ddcutil.enable = mkHeadless true; + }; + + services = { + _ssh.enable = mkHeadless true; + }; + }; +} diff --git a/archetypes/tjkeller/default.nix b/archetypes/tjkeller/default.nix new file mode 100644 index 0000000..6a9bbd9 --- /dev/null +++ b/archetypes/tjkeller/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./hosts.nix + ./localization.nix + ./nas.nix + ./printing.nix + ./user.nix + ./wifi.nix + ]; +} diff --git a/archetypes/tjkeller/hosts.nix b/archetypes/tjkeller/hosts.nix new file mode 100644 index 0000000..66c6ccc --- /dev/null +++ b/archetypes/tjkeller/hosts.nix @@ -0,0 +1,16 @@ +{ + networking.hosts = { + "192.168.1.9" = [ "optiplex" ]; + "192.168.1.30" = [ "localgit" ]; + "192.168.1.11" = [ "truenas-home" ]; + "192.168.77.11" = [ "truenas-office" ]; + "192.168.77.8" = [ "publicgit" "tjkeller" ]; + "192.168.77.3" = [ "devel" ]; + "173.9.253.3" = [ + "git.tjkeller.xyz" + "piped.tjkeller.xyz" + "search.tjkeller.xyz" + "tjkeller.xyz" + ]; + }; +} diff --git a/archetypes/tjkeller/localization.nix b/archetypes/tjkeller/localization.nix new file mode 100644 index 0000000..8313f07 --- /dev/null +++ b/archetypes/tjkeller/localization.nix @@ -0,0 +1,5 @@ +{ + time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.xkb.layout = "us"; +} diff --git a/archetypes/tjkeller/nas.nix b/archetypes/tjkeller/nas.nix new file mode 100644 index 0000000..1ed0ca3 --- /dev/null +++ b/archetypes/tjkeller/nas.nix @@ -0,0 +1,35 @@ +{ lib, config, ... } : +let + cfg = config._archetypes.tjkeller.nas; + mkNetworkFileSystem = device: automount: { + device = "${device}"; + fsType = "nfs"; + options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; + }; +in { + options._archetypes.tjkeller.nas = { + enable = lib.mkEnableOption "enable network shares"; + home = { + enable = lib.mkEnableOption "enable home network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + office = { + enable = lib.mkEnableOption "enable office network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + }; + + config = lib.mkIf cfg.enable { + fileSystems = lib.optionalAttrs cfg.home.enable { + "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" cfg.home.automount; + "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" cfg.home.automount; + "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" cfg.home.automount; + "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" cfg.home.automount; + } // lib.optionalAttrs cfg.office.enable { + "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" cfg.office.automount; + "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" cfg.office.automount; + "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" cfg.office.automount; + }; + # TODO auto mkdirz + }; +} diff --git a/archetypes/tjkeller/printing.nix b/archetypes/tjkeller/printing.nix new file mode 100644 index 0000000..d5cceab --- /dev/null +++ b/archetypes/tjkeller/printing.nix @@ -0,0 +1,39 @@ +{ lib, config, pkgs, ... }: { + config = lib.mkIf config.services.printing.enable { + # Printer drivers + services.printing.drivers = [ + pkgs.epson-escpr2 + pkgs.workcentre-7800-series + ]; + + # Scanning programs + environment.systemPackages = with pkgs; [ + epsonscan2 + ]; + + # Printers + networking.hosts = { + "192.168.1.35" = [ "Epson_ET-8500" ]; + "192.168.77.40" = [ "Xerox_WorkCentre_7855" ]; + }; + + # Add printers to cups + hardware.printers.ensurePrinters = [ + { + name = "Epson_ET-8500"; + description = "Epson ET-8500"; + location = "Home"; + deviceUri = "ipp://Epson_ET-8500:631/ipp/print"; + model = "epson-inkjet-printer-escpr2/Epson-ET-8500_Series-epson-escpr2-en.ppd"; + } + #{ + # name = "Xerox_WorkCentre_7855"; + # description = "Xerox WorkCentre 7855"; + # location = "Office"; + # deviceUri = "ipp://Xerox_WorkCentre_7855:631/ipp/print"; + # model = "everywhere IPP Everywhere"; + #} + ]; + hardware.printers.ensureDefaultPrinter = "Epson_ET-8500"; + }; +} diff --git a/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml b/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml new file mode 100644 index 0000000..a42fd42 --- /dev/null +++ b/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml @@ -0,0 +1,25 @@ +hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF + alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 + OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG + RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy + bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 + WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT + UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx + Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq + tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:34:07Z" + mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml b/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml new file mode 100644 index 0000000..2fd7a0e --- /dev/null +++ b/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml @@ -0,0 +1,16 @@ +wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz + ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM + b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 + ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A + +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:33:44Z" + mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/archetypes/tjkeller/user.nix b/archetypes/tjkeller/user.nix new file mode 100644 index 0000000..2695549 --- /dev/null +++ b/archetypes/tjkeller/user.nix @@ -0,0 +1,22 @@ +{ lib, config, pkgs, userDetails, ... }: let + cfg = config._archetypes.tjkeller.setPasswords; + hashedPasswordFile = config.sops.secrets.hashed-root-password.path; +in { + options._archetypes.tjkeller.setPasswords = { + enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; + }; + + config = lib.mkIf cfg.enable { + # Load hashed root password secret + sops.secrets.hashed-root-password = { + sopsFile = ./resources/secrets/hashed-root-password.yaml; + neededForUsers = true; + }; + + # Apply password file + users.users = { + root = { inherit hashedPasswordFile; }; + ${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; }; + }; + }; +} diff --git a/archetypes/tjkeller/wifi.nix b/archetypes/tjkeller/wifi.nix new file mode 100644 index 0000000..32b6ef8 --- /dev/null +++ b/archetypes/tjkeller/wifi.nix @@ -0,0 +1,38 @@ +{ lib, config, ... }: let + cfg = config._archetypes.tjkeller.wifi; +in { + options._archetypes.tjkeller.wifi = { + enable = lib.mkEnableOption "enables wifi"; + }; + + config = lib.mkIf cfg.enable { + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) + }; + + # Load wpa_supplicant.conf secret config + sops.secrets.wpa_supplicant-conf = { + sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; + }; + + # Link /etc/wpa_supplicant.conf -> secret config + environment.etc."wpa_supplicant.conf" = { + source = config.sops.secrets.wpa_supplicant-conf.path; + }; + + # This service is a workaround to ensure that secrets are available on + # reboot when the secret keys are on a separate subvolume + systemd.services.npcnix-force-rebuild-sops-hack = { + wantedBy = [ "multi-user.target" ]; + before = [ "wpa_supplicant.service" ]; + serviceConfig = { + ExecStart = "/run/current-system/activate"; + Type = "oneshot"; + Restart = "on-failure"; # because oneshot + RestartSec = "10s"; + }; + }; + }; +} diff --git a/archetypes/users/primary.nix b/archetypes/users/primary.nix new file mode 100644 index 0000000..a29c3b8 --- /dev/null +++ b/archetypes/users/primary.nix @@ -0,0 +1,37 @@ +{ lib, config, pkgs, userDetails, ... }: let + cfg = config._archetypes.users.primary; +in { + options._archetypes.users.primary = { + enable = lib.mkEnableOption "create primary user"; + autologin.enable = lib.mkEnableOption "enables getty automatic login"; + }; + + config = lib.mkIf cfg.enable { + # Enable zsh + programs.zsh.enable = true; + + # Setup normal user + users.users.${userDetails.username} = { + home = userDetails.home; + description = userDetails.fullname; + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "nixbld" + "video" + "wheel" + ] ++ lib.optionals config.hardware.i2c.enable [ + "i2c" + ] ++ lib.optionals config.virtualisation.libvirtd.enable [ + "libvirtd" + ] ++ lib.optionals config.virtualisation.docker.enable [ + "docker" + ]; + }; + + # Configure automatic login with getty + services.getty = lib.mkIf cfg.autologin.enable { + autologinUser = userDetails.username; + }; + }; +} |