summaryrefslogtreecommitdiff
path: root/modules/root
diff options
context:
space:
mode:
Diffstat (limited to 'modules/root')
-rw-r--r--modules/root/bluetooth.nix2
-rw-r--r--modules/root/default.nix4
-rw-r--r--modules/root/firewall.nix7
-rw-r--r--modules/root/fonts.nix4
-rw-r--r--modules/root/hosts.nix5
-rw-r--r--modules/root/normaluser.nix9
-rw-r--r--modules/root/printing.nix1
-rw-r--r--modules/root/resources/secrets/secrets.yaml13
-rw-r--r--modules/root/resources/x11/xinit-startx-xdg.patch14
-rw-r--r--modules/root/secrets.nix2
-rw-r--r--modules/root/software/default.nix1
-rw-r--r--modules/root/software/desktop.nix9
-rw-r--r--modules/root/software/development.nix7
-rw-r--r--modules/root/software/overlays.nix20
-rw-r--r--modules/root/software/system.nix1
-rw-r--r--modules/root/software/utilities.nix6
-rw-r--r--modules/root/suspend.nix16
-rw-r--r--modules/root/udev.nix5
-rw-r--r--modules/root/x11.nix36
19 files changed, 117 insertions, 45 deletions
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix
index d55eade..1f41c7e 100644
--- a/modules/root/bluetooth.nix
+++ b/modules/root/bluetooth.nix
@@ -3,7 +3,7 @@
bluetooth.enable = lib.mkEnableOption "enables bluetooth support";
};
- config = {
+ config = lib.mkIf config.bluetooth.enable {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
};
diff --git a/modules/root/default.nix b/modules/root/default.nix
index e108318..7f647b5 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -5,6 +5,7 @@
./bluetooth.nix
./bootloader.nix
./doas.nix
+ ./firewall.nix
./fonts.nix
./home-manager.nix
./hosts.nix
@@ -17,7 +18,9 @@
./printing.nix
./secrets.nix
./ssh.nix
+ ./suspend.nix
./tlp.nix
+ ./udev.nix
./wifi.nix
./x11.nix
./zsh.nix
@@ -44,6 +47,7 @@
printing.enable = lib.mkDefault true;
tlp.enable = lib.mkDefault true;
scanning.enable = lib.mkDefault true;
+ suspend.enable = lib.mkDefault true;
wifi.enable = lib.mkDefault true;
xserver.enable = lib.mkDefault true;
zsh.enable = lib.mkDefault true;
diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix
new file mode 100644
index 0000000..e038cbe
--- /dev/null
+++ b/modules/root/firewall.nix
@@ -0,0 +1,7 @@
+{
+ networking.firewall = {
+ allowedTCPPorts = [
+ 8080
+ ];
+ };
+}
diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix
index 3ae8eef..256e1ab 100644
--- a/modules/root/fonts.nix
+++ b/modules/root/fonts.nix
@@ -7,10 +7,8 @@
fonts.packages = with pkgs; [
commit-mono
inter
+ nerd-fonts.jetbrains-mono
tamzen
- (nerdfonts.override {
- fonts = [ "JetBrainsMono" ];
- })
];
};
}
diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix
index 14daaf1..cb526f2 100644
--- a/modules/root/hosts.nix
+++ b/modules/root/hosts.nix
@@ -1,10 +1,12 @@
-{
+{ hostname, ... }: {
+ networking.hostName = hostname; # From flake.nix
networking.hosts = {
"192.168.1.9" = [ "optiplex" ];
"192.168.1.30" = [ "localgit" ];
"192.168.1.11" = [ "truenas-home" ];
"192.168.77.11" = [ "truenas-office" ];
"192.168.77.8" = [ "publicgit" "tjkeller" ];
+ "192.168.77.3" = [ "devel" ];
"173.9.253.3" = [
"git.tjkeller.xyz"
"piped.tjkeller.xyz"
@@ -12,4 +14,5 @@
"tjkeller.xyz"
];
};
+ environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications
}
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index fc243ea..88eb338 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -4,9 +4,14 @@
};
users.users.${userDetails.username} = {
description = userDetails.fullname;
- #home = userDetails.home.root;
+ #home = userDetails.home;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
- extraGroups = [ "wheel" "nixbld" ];
+ extraGroups = [
+ "i2c"
+ "nixbld"
+ "video"
+ "wheel"
+ ];
};
}
diff --git a/modules/root/printing.nix b/modules/root/printing.nix
index 69ff573..f0d0dd8 100644
--- a/modules/root/printing.nix
+++ b/modules/root/printing.nix
@@ -10,6 +10,7 @@
enable = true;
drivers = [
pkgs.epson-escpr2
+ pkgs.workcentre-7800-series
];
};
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
index 03f9517..fcba4a6 100644
--- a/modules/root/resources/secrets/secrets.yaml
+++ b/modules/root/resources/secrets/secrets.yaml
@@ -1,10 +1,6 @@
-wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str]
+wpa_supplicant-conf: ENC[AES256_GCM,data:fvYez82qSJ1LXiOVtgGiJuwzFC++V5rNJ3x5zK1PDUf0ohwpOVrC+P3A0Rob5LURBZL0KFSIBIbJ5Iq/bRtsAD6ZgIwsKQxi3fLRanUbx2PM6JFpDYWgKlvxWMPtNp0hlicdZny7ayRXXA3Y4FOFScLPfl+5perzw8+6M3YRoeTAeDQAlhkA9BzOmg3UHZsZgKvuNYhSO2oQubEyYRhBMN5opACyyC8E96lPIplZytuvB7L4LH4VQHnqryUqXdVjXv/UIhZx4QU+jkTR5KHG0M9oG9pcWi/gpQD69hesQhOhKF+K71Bg507F29rM6WK2m6mdg5xA2BX3WQeddxc1m/hkBpQBDUk1SC58z4fQ4feITy4pAJLYzHyvMVm7CSDv0mSgfOAS/i4GdMArHG2FYSPnJ0/pfOpOQgH73PuDqgjMyRepiwUC6DILsqvmjMEXp3DZrYxvuGTbhahd/EHUzuNrOe9Wcw5NH+vucmdDzihsJ6UO56mQ7Dr+/4QFiQ8MHA+wm63MvS16YG3bDOJXIt7mTPREdFGG2YtXJfnZLLYXzsnNJGihwyCXkC0QFJRRPZyr6bYpxdEWyDnNXFzkajYlP/+EqC8RbIFYAYz3aJogjCPtp5P5JI7dqmJ8ALkFFBY=,iv:b5hJnjKOJx1I13QCNJsKGDbQ7g+27eX1XkSVaGcJhA4=,tag:6QumSrB7myeS/SU5bEAKRQ==,type:str]
hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
age:
- recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
enc: |
@@ -15,8 +11,7 @@ sops:
UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-01-09T16:42:38Z"
- mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str]
- pgp: []
+ lastmodified: "2025-07-10T02:39:52Z"
+ mac: ENC[AES256_GCM,data:dn9v2ur5/sIrQL4HrQvTYcXpja+JwE2TMheT/AasZlhcYHI2NhLNwgpcDzITQbnnf+WAWYz3vjyEnP8tYuxO1Bggu+dDjAHMV8AfceYHnqJFPK4L9Kb8hBK93+7uOE38kjfsV3fZ3JS7dU3DkpNV6Geqa8cQ0u2bN3Yiz8YnaiQ=,iv:GGoDCZ/l4s7atWmRsbopq/WgxhQipaKHhSVQWi0TK8U=,tag:gkYht8PMOcTFhHOABKj4Ig==,type:str]
unencrypted_suffix: _unencrypted
- version: 3.9.2
+ version: 3.10.2
diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch
deleted file mode 100644
index c1bca97..0000000
--- a/modules/root/resources/x11/xinit-startx-xdg.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/startx.cpp b/startx.cpp
-index dfbebe1..472a1b0 100644
---- a/startx.cpp
-+++ b/startx.cpp
-@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then
- dummy=0
-
- XCOMM create a file with auth information for the server. ':0' is a dummy.
-- xserverauthfile=$HOME/.serverauth.$$
-+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}"
- trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM
- xauth -q -f "$xserverauthfile" << EOF
- add :$dummy . $mcookie
-
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index 47262fd..045e3f4 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -4,7 +4,7 @@
sops = {
defaultSopsFile = ./resources/secrets/secrets.yaml;
defaultSopsFormat = "yaml";
- age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
+ age.keyFile = "${userDetails.home}/.config/sops/age/keys.txt";
secrets = {
wpa_supplicant-conf = { };
diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix
index 8d1e987..5f6494d 100644
--- a/modules/root/software/default.nix
+++ b/modules/root/software/default.nix
@@ -5,6 +5,7 @@
./desktop.nix
./development.nix
./docker.nix
+ ./overlays.nix
./system.nix
./utilities.nix
./virtualisation.nix
diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix
index 88101d8..b8cd1e7 100644
--- a/modules/root/software/desktop.nix
+++ b/modules/root/software/desktop.nix
@@ -30,10 +30,10 @@
pcmanfm
redshift
scrot
+ st
sxiv
wpa_supplicant_gui
zathura
- (callPackage ./derivations/st {})
] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [
# Chrome
config.software.desktop.chromium.package
@@ -44,17 +44,16 @@
prusa-slicer
] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [
# Crypto Wallets
- bisq2
- electrum
- monero-gui
+ sparrow
] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [
# Graphics
blender
geeqie
- gimp
+ gimp3
inkscape
] ++ pkgs.lib.optionals config.software.desktop.office.enable [
# Office
+ kdePackages.okular
libreoffice
pdfchain
thunderbird
diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix
index 2a4dfba..af8a8a7 100644
--- a/modules/root/software/development.nix
+++ b/modules/root/software/development.nix
@@ -5,7 +5,7 @@
config = lib.mkIf config.software.development.enable {
environment.systemPackages = with pkgs; [
- adb-sync
+ #adb-sync
android-tools
gcc
git
@@ -14,5 +14,10 @@
lua
pkg-config
];
+
+ # Open 1313 for hugo serve
+ networking.firewall.allowedTCPPorts = [
+ 1313
+ ];
};
}
diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix
new file mode 100644
index 0000000..bdb23fd
--- /dev/null
+++ b/modules/root/software/overlays.nix
@@ -0,0 +1,20 @@
+{ pkgs, ... }: {
+ nixpkgs.overlays = with pkgs; [
+ (final: prev: {
+ crazydiskinfo = (callPackage ./derivations/crazydiskinfo {});
+ lowbat = (callPackage ./derivations/lowbat {});
+ workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {});
+
+ # Use my vimv-rs until pr gets merged
+ vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: {
+ src = fetchFromGitHub {
+ owner = "tjkeller-xyz";
+ repo = "vimv-rs";
+ rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769";
+ sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA=";
+ };
+ });
+ })
+ (import ./derivations/st/overrides.nix)
+ ];
+}
diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix
index f0a31f2..4c81596 100644
--- a/modules/root/software/system.nix
+++ b/modules/root/software/system.nix
@@ -5,6 +5,7 @@
dash # TODO should be default /bin/sh
exfat
git # Needed for home-manager
+ ntfs3g
python3
sops # Secrets
];
diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix
index dabf163..79285a1 100644
--- a/modules/root/software/utilities.nix
+++ b/modules/root/software/utilities.nix
@@ -1,5 +1,6 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
+ crazydiskinfo
entr
fastfetch
ffmpeg
@@ -7,11 +8,13 @@
jq
light
lm_sensors
+ lowbat
mediainfo
neovim
nmap
openssl
p7zip
+ pavolctld
powertop
pv
rsync
@@ -22,11 +25,10 @@
testdisk
tmux
uhubctl
+ vimv-rs
wget
wireguard-tools
xxHash
yt-dlp
- (callPackage ./derivations/lowbat {})
- (callPackage ./derivations/pavolctld {})
];
}
diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix
new file mode 100644
index 0000000..814ae95
--- /dev/null
+++ b/modules/root/suspend.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: {
+ options = {
+ suspend.enable = lib.mkEnableOption "enables suspend";
+ };
+
+ config = lib.mkIf (! config.suspend.enable) {
+ # Disable suspend targets
+ systemd.targets = builtins.listToAttrs (map (name: {
+ inherit name;
+ value = {
+ enable = false;
+ unitConfig.DefaultDependencies = "no";
+ };
+ }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]);
+ };
+}
diff --git a/modules/root/udev.nix b/modules/root/udev.nix
new file mode 100644
index 0000000..17ed204
--- /dev/null
+++ b/modules/root/udev.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+ services.udev.extraRules = ''
+ SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+ '';
+}
diff --git a/modules/root/x11.nix b/modules/root/x11.nix
index fd15c52..f5a07b4 100644
--- a/modules/root/x11.nix
+++ b/modules/root/x11.nix
@@ -8,6 +8,30 @@
services.xserver.displayManager.startx.enable = true;
services.libinput.enable = true; # Enable touchpad support
+ # Apply startx patch to create serverauth file in /tmp instead of home directory
+ nixpkgs.overlays = with pkgs; [
+ (final: prev: {
+ xorg = prev.xorg // {
+ xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: {
+ version = "1.4.4";
+ patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from
+ # Override src since is hardcoded to 1.4.2
+ src = prev.fetchurl {
+ url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz";
+ sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk=";
+ };
+ patches = [
+ (prev.fetchpatch {
+ url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff";
+ sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda";
+ })
+ ];
+ }));
+ };
+ })
+ ];
+
+ # Install basic X utilities
environment.systemPackages = with pkgs; [
unclutter
xcape
@@ -19,12 +43,12 @@
xorg.xrandr
xorg.xset
xwallpaper
- # Patch startx to be compliant with xdg base dir spec
- (xorg.xinit.overrideAttrs (old: rec {
- patches = [
- ./resources/x11/xinit-startx-xdg.patch
- ];
- }))
];
+
+ # Enable TearFree option by default
+ # Not all video drivers support this option
+ services.xserver.deviceSection = ''
+ Option "TearFree" "true"
+ '';
};
}