diff options
Diffstat (limited to 'modules/root')
41 files changed, 0 insertions, 1150 deletions
diff --git a/modules/root/autologin.nix b/modules/root/autologin.nix deleted file mode 100644 index 6e66160..0000000 --- a/modules/root/autologin.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, userDetails, ... }: { - options = { - autologin.enable = lib.mkEnableOption "enables getty automatic login"; - #autologin.user = lib.mkEnableOption "populate username"; - #autologin.password = lib.mkEnableOption "populate password"; - }; - - config = lib.mkIf config.autologin.enable { - services.getty = { - autologinUser = userDetails.username; - }; - }; -} diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix deleted file mode 100644 index 1f41c7e..0000000 --- a/modules/root/bluetooth.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: { - options = { - bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; - }; - - config = lib.mkIf config.bluetooth.enable { - hardware.bluetooth.enable = true; - services.blueman.enable = true; - }; -} diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix deleted file mode 100644 index 0a45264..0000000 --- a/modules/root/bootloader.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, config, ... }: { - options = { - bootloader.loader = lib.mkOption { - type = lib.types.enum [ "grub" "systemd-boot" ]; - default = "systemd-boot"; - description = "whether to install grub or systemd-boot as the bootloader"; - }; - bootloader.mode = lib.mkOption { - type = lib.types.enum [ "efi" "bios" ]; - default = "efi"; - description = "whether to install the bootloader in efi or bios mode"; - }; - bootloader.grub = { - biosDevice = lib.mkOption { - type = lib.types.str; - description = "device to install grub on"; - }; - }; - bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; - }; - - config = { - boot.loader = { - grub = { - enable = config.bootloader.loader == "grub"; - efiSupport = config.bootloader.mode == "efi"; - efiInstallAsRemovable = config.bootloader.mode == "efi"; - device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev"; - enableCryptodisk = true; - memtest86.enable = config.bootloader.memtest86.enable; - }; - systemd-boot = { - enable = config.bootloader.loader == "systemd-boot"; - editor = false; - memtest86.enable = config.bootloader.memtest86.enable; - }; - efi = lib.mkIf (config.bootloader.mode == "efi") { - efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi"; - canTouchEfiVariables = true; - }; - }; - }; -} diff --git a/modules/root/default.nix b/modules/root/default.nix deleted file mode 100644 index 8072525..0000000 --- a/modules/root/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: { - imports = [ - ./software - ./autologin.nix - ./bluetooth.nix - ./bootloader.nix - ./doas.nix - ./firewall.nix - ./fonts.nix - ./home-manager.nix - ./hosts.nix - ./localization.nix - ./nas.nix - ./net-iface-labels.nix - ./nix.nix - ./normaluser.nix - ./pipewire.nix - ./powerkeys.nix - ./printing.nix - ./secrets.nix - ./ssh.nix - ./suspend.nix - ./tlp.nix - ./udev.nix - ./wifi.nix - ./x11.nix - ./zsh.nix - ]; - - autologin.enable = lib.mkDefault true; - avahi.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault false; - doas.enable = lib.mkDefault true; - fonts.enable = lib.mkDefault true; - nas = { - enable = lib.mkDefault false; - home.enable = lib.mkDefault true; - home.automount = lib.mkDefault false; - office.enable = lib.mkDefault false; - office.automount = lib.mkDefault false; - }; - bootloader = { - mode = lib.mkDefault "bios"; - memtest86.enable = lib.mkDefault true; - }; - home-manager.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - printing.enable = lib.mkDefault true; - tlp.enable = lib.mkDefault true; - scanning.enable = lib.mkDefault true; - suspend.enable = lib.mkDefault true; - wifi.enable = lib.mkDefault true; - xserver.enable = lib.mkDefault true; - zsh.enable = lib.mkDefault true; -} diff --git a/modules/root/doas.nix b/modules/root/doas.nix deleted file mode 100644 index c6707ce..0000000 --- a/modules/root/doas.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, ... }: { - options = { - doas.enable = lib.mkEnableOption "enables doas"; - sudo.enable = lib.mkEnableOption "enables sudo"; - }; - - config = { - security = { - #sudo.enable = config.sudo.enable; - sudo.enable = true; # TODO remove once can be built from flake w git - sudo.wheelNeedsPassword = false; - doas.enable = config.doas.enable; - doas.extraRules = lib.mkIf config.doas.enable [{ - keepEnv = true; - }]; - doas.wheelNeedsPassword = false; - }; - }; -} diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix deleted file mode 100644 index e038cbe..0000000 --- a/modules/root/firewall.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - networking.firewall = { - allowedTCPPorts = [ - 8080 - ]; - }; -} diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix deleted file mode 100644 index 256e1ab..0000000 --- a/modules/root/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - fonts.enable = lib.mkEnableOption "enables fonts"; - }; - - config = lib.mkIf config.fonts.enable { - fonts.packages = with pkgs; [ - commit-mono - inter - nerd-fonts.jetbrains-mono - tamzen - ]; - }; -} diff --git a/modules/root/home-manager.nix b/modules/root/home-manager.nix deleted file mode 100644 index d271523..0000000 --- a/modules/root/home-manager.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - home-manager.enable = lib.mkEnableOption "enables home-manager"; - }; - - config = lib.mkIf config.home-manager.enable { - environment.systemPackages = with pkgs; [ - home-manager - ]; - }; -} diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix deleted file mode 100644 index cb526f2..0000000 --- a/modules/root/hosts.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ hostname, ... }: { - networking.hostName = hostname; # From flake.nix - networking.hosts = { - "192.168.1.9" = [ "optiplex" ]; - "192.168.1.30" = [ "localgit" ]; - "192.168.1.11" = [ "truenas-home" ]; - "192.168.77.11" = [ "truenas-office" ]; - "192.168.77.8" = [ "publicgit" "tjkeller" ]; - "192.168.77.3" = [ "devel" ]; - "173.9.253.3" = [ - "git.tjkeller.xyz" - "piped.tjkeller.xyz" - "search.tjkeller.xyz" - "tjkeller.xyz" - ]; - }; - environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications -} diff --git a/modules/root/localization.nix b/modules/root/localization.nix deleted file mode 100644 index 8313f07..0000000 --- a/modules/root/localization.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; - services.xserver.xkb.layout = "us"; -} diff --git a/modules/root/nas.nix b/modules/root/nas.nix deleted file mode 100644 index 0116ba3..0000000 --- a/modules/root/nas.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... } : -let - mkNetworkFileSystem = device: automount: { - device = "${device}"; - fsType = "nfs"; - options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; - }; -in { - options = { - nas = { - enable = lib.mkEnableOption "enable network shares"; - home = { - enable = lib.mkEnableOption "enable home network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - office = { - enable = lib.mkEnableOption "enable office network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - }; - }; - - config = lib.mkIf config.nas.enable { - fileSystems = lib.optionalAttrs config.nas.home.enable { - "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" config.nas.home.automount; - "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" config.nas.home.automount; - "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" config.nas.home.automount; - "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" config.nas.home.automount; - } // lib.optionalAttrs config.nas.office.enable { - "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" config.nas.office.automount; - "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" config.nas.office.automount; - "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" config.nas.office.automount; - }; - # TODO auto mkdirz - }; -} diff --git a/modules/root/net-iface-labels.nix b/modules/root/net-iface-labels.nix deleted file mode 100644 index 4949659..0000000 --- a/modules/root/net-iface-labels.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: let - validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null; - macAddressType = lib.types.str // { - check = validMac; - description = "a mac address (xx:xx:xx:xx:xx:xx)"; - }; -in { - options.networking.interfaceLabels = { - enable = lib.mkEnableOption "manually label network interfaces"; - interfaces = lib.mkOption { - type = lib.types.attrsOf macAddressType; - default = {}; - example = { - "lan0" = "00:11:22:33:44:55"; - "lan1" = "66:77:88:99:AA:BB"; - }; - description = "label network interfaces by their mac address"; - }; - }; - - config = lib.mkIf config.networking.interfaceLabels.enable { - networking.usePredictableInterfaceNames = false; - services.udev.extraRules = lib.concatStringsSep "\n" ( - lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') config.networking.interfaceLabels.interfaces - ); - }; -} diff --git a/modules/root/nix.nix b/modules/root/nix.nix deleted file mode 100644 index ff8dd28..0000000 --- a/modules/root/nix.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; - use-xdg-base-directories = true; - }; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; -} diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix deleted file mode 100644 index 50e9236..0000000 --- a/modules/root/normaluser.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, userDetails, ... }: { - options = { - users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; - }; - - config = { - # Load hashed root password secret - sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable { - sopsFile = ./resources/secrets/hashed-root-password.yaml; - neededForUsers = true; - }; - - # Set hashed password file if the setPassword option is enabled - users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; - - # Setup normal user - users.users.${userDetails.username} = { - home = userDetails.home; - description = userDetails.fullname; - isNormalUser = true; - extraGroups = [ - "i2c" - "libvirtd" - "nixbld" - "video" - "wheel" - ]; - hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; - }; - }; -} diff --git a/modules/root/pipewire.nix b/modules/root/pipewire.nix deleted file mode 100644 index fd97d42..0000000 --- a/modules/root/pipewire.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: { - options = { - pipewire.enable = lib.mkEnableOption "enables pipewire"; - }; - - config = lib.mkIf config.pipewire.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; -} diff --git a/modules/root/powerkeys.nix b/modules/root/powerkeys.nix deleted file mode 100644 index fd4aa00..0000000 --- a/modules/root/powerkeys.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.logind = { - hibernateKey = "suspend"; - powerKey = "ignore"; - powerKeyLongPress = "poweroff"; - }; -} diff --git a/modules/root/printing.nix b/modules/root/printing.nix deleted file mode 100644 index f0d0dd8..0000000 --- a/modules/root/printing.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - printing.enable = lib.mkEnableOption "enables printing"; - avahi.enable = lib.mkEnableOption "enables avahi"; - scanning.enable = lib.mkEnableOption "enables scanning"; - }; - - config = lib.mkIf config.printing.enable { - services.printing = { - enable = true; - drivers = [ - pkgs.epson-escpr2 - pkgs.workcentre-7800-series - ]; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - environment.systemPackages = with pkgs; pkgs.lib.optionals config.scanning.enable [ - epsonscan2 - ]; - - networking.hosts = { - "192.168.1.35" = [ "Epson_ET-8500" ]; - "192.168.77.40" = [ "Xerox_WorkCentre_7855" ]; - }; - - hardware.printers.ensurePrinters = [ - { - name = "Epson_ET-8500"; - description = "Epson ET-8500"; - location = "Home"; - deviceUri = "ipp://Epson_ET-8500:631/ipp/print"; - model = "epson-inkjet-printer-escpr2/Epson-ET-8500_Series-epson-escpr2-en.ppd"; - } - #{ - # name = "Xerox_WorkCentre_7855"; - # description = "Xerox WorkCentre 7855"; - # location = "Office"; - # deviceUri = "ipp://Xerox_WorkCentre_7855:631/ipp/print"; - # model = "everywhere IPP Everywhere"; - #} - ]; - hardware.printers.ensureDefaultPrinter = "Epson_ET-8500"; - }; -} diff --git a/modules/root/resources/secrets/hashed-root-password.yaml b/modules/root/resources/secrets/hashed-root-password.yaml deleted file mode 100644 index a42fd42..0000000 --- a/modules/root/resources/secrets/hashed-root-password.yaml +++ /dev/null @@ -1,25 +0,0 @@ -hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] -sops: - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF - alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 - OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG - RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy - bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 - WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT - UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx - Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq - tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-17T22:34:07Z" - mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/modules/root/resources/secrets/wpa_supplicant-conf.yaml b/modules/root/resources/secrets/wpa_supplicant-conf.yaml deleted file mode 100644 index 2fd7a0e..0000000 --- a/modules/root/resources/secrets/wpa_supplicant-conf.yaml +++ /dev/null @@ -1,16 +0,0 @@ -wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] -sops: - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz - ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM - b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 - ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A - +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-17T22:33:44Z" - mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix deleted file mode 100644 index 416bcde..0000000 --- a/modules/root/secrets.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ inputs, config, userDetails, ... }: { - imports = [ inputs.sops-nix.nixosModules.sops ]; - - sops = { - defaultSopsFormat = "yaml"; - age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ]; - }; -} diff --git a/modules/root/services/cgit.nix b/modules/root/services/cgit.nix deleted file mode 100644 index 366c1f8..0000000 --- a/modules/root/services/cgit.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ lib, pkgs, config, userDetails, ... }: -let - cfg = config.cgit; -in { - options = { - cgit = { - enable = lib.mkEnableOption "enables cgit service"; - hostAddress = lib.mkOption { - type = lib.types.str; - description = "hostAddress for the container"; - default = "10.0.1.1"; - }; - localAddress = lib.mkOption { - type = lib.types.str; - description = "localAddress for the container"; - default = "10.0.1.2"; - }; - rootTitle = lib.mkOption { - type = lib.types.str; - description = "cgit site title"; - default = ""; - }; - rootDesc = lib.mkOption { - type = lib.types.str; - description = "cgit site description"; - default = ""; - }; - extraConfig = lib.mkOption { - type = lib.types.str; - description = "cgitrc lines inserted verbatim at the end"; - default = ""; - }; - }; - }; - - config = lib.mkIf cfg.enable { - # Configure cgit container - containers.cgit = { - autoStart = true; - privateNetwork = true; - hostAddress = cfg.hostAddress; - localAddress = cfg.localAddress; - - specialArgs = { - authorizedKeys = userDetails.sshPublicKeys; - cgitrc = with cfg; { - inherit rootTitle; - inherit rootDesc; - inherit extraConfig; - }; - }; - - config = { lib, config, authorizedKeys, cgitrc, ... }: { - # Create git user for ssh access - users.users.git = { - isNormalUser = true; - home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo - group = "git"; - createHome = true; - homeMode = "750"; # Allow read permissions for group members - shell = pkgs.bash; - openssh.authorizedKeys.keys = authorizedKeys; - }; - users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit - - # Enable git - programs.git.enable = true; - - # Enable ssh service - services.openssh.enable = true; - - # Enable cgit service - services.lighttpd.enable = true; - services.lighttpd.cgit = { - enable = true; - #subdir = ""; # FIXME this does not work for some reason - configText = '' - # Based on joseluisq/alpine-cgit - root-title=${cgitrc.rootTitle} - root-desc=${cgitrc.rootDesc} - - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - - readme=:README.md - readme=:README.html - readme=:README.txt - readme=:README - readme=:INSTALL.md - readme=:INSTALL.html - readme=:INSTALL.txt - readme=:INSTALL - - # Cache - #cache-root=/var/cache/cgit - #cache-size=2000 - - enable-index-links=1 - enable-index-owner=0 - enable-remote-branches=1 - enable-log-filecount=1 - enable-log-linecount=1 - enable-git-config=1 - snapshots=tar.xz zip - - robots=noindex, nofollow - - virtual-root=/cgit - section-from-path=0 - max-repo-count=100 - scan-path=/srv/git - - # extra config - ${cgitrc.extraConfig} - ''; - }; - - # Networking, etc. - networking.firewall.allowedTCPPorts = [ 80 22 ]; - networking.hostName = "cgit"; - - system.stateVersion = "25.05"; - }; - }; - }; -} diff --git a/modules/root/services/gitea.nix b/modules/root/services/gitea.nix deleted file mode 100644 index 32c56db..0000000 --- a/modules/root/services/gitea.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, pkgs, config, userDetails, ... }: -let - cfg = config.gitea; -in { - options = { - gitea = { - enable = lib.mkEnableOption "enables gitea service"; - hostAddress = lib.mkOption { - type = lib.types.str; - description = "hostAddress for the container"; - default = "10.0.1.1"; - }; - localAddress = lib.mkOption { - type = lib.types.str; - description = "localAddress for the container"; - default = "10.0.1.3"; - }; - }; - }; - - config = lib.mkIf cfg.enable { - containers.gitea = { - autoStart = true; - privateNetwork = true; - hostAddress = cfg.hostAddress; - localAddress = cfg.localAddress; - - config = { lib, config, ... }: { - # Enable gitea service - services.gitea = { - enable = true; - user = "git"; # So ssh cloning uses git@gitea - settings = { - server = { - HTTP_PORT = 3000; # Can't set as 80 without root permissions, use 3000 instead - }; - }; - }; - - # Networking, etc. - # Redirect 80 to 3000 - networking.nftables = { - enable = true; - ruleset = '' - table ip nat { - chain prerouting { - type nat hook prerouting priority 0; - tcp dport 80 redirect to :3000 - } - } - ''; - }; - networking.firewall.allowedTCPPorts = [ 3000 80 22 ]; # Still need to forward 3000 for nftables rule to work - networking.hostName = "gitea"; - - system.stateVersion = "25.05"; - }; - }; - }; -} diff --git a/modules/root/services/searxng.nix b/modules/root/services/searxng.nix deleted file mode 100644 index 8ed632e..0000000 --- a/modules/root/services/searxng.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ pkgs, lib, config, ... }: let - environmentFile = "/run/searx/searxng.env"; - generateEnvironmentFile = '' - umask 077 - echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile} - ls /run/searx - ''; -in { - options = { - searxng.enable = lib.mkEnableOption "enables searxng service"; - searxng.uwsgi.enable = lib.mkEnableOption "enables searxng uwsgi"; - }; - - config = lib.mkIf config.searxng.enable { - # Generate secret key - systemd.services.searx-environment-file = { - description = "Generate environment file with secret key for searx"; - wantedBy = [ "searx-init.service" ]; - partOf = [ "searx-init.service" ]; - before = [ "searx-init.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "searx"; - RuntimeDirectory = "searx"; - RuntimeDirectoryMode = "750"; - ConditionPathExists = "!${environmentFile}"; - }; - script = generateEnvironmentFile; - }; - - # Configure searxng - services.searx = { - enable = true; - redisCreateLocally = true; - package = pkgs.searxng; - inherit environmentFile; # Provides secret key - - # UWSGI configuration - runInUwsgi = config.searxng.uwsgi.enable; - - uwsgiConfig = { - socket = "/run/searx/searx.sock"; - http = ":8888"; - chmod-socket = "660"; - }; - - settings = { - general = { - instance_name = "TJK Search"; - donation_url = "https://tjkeller.xyz"; - enable_metrics = false; - }; - - # Search engine settings - search = { - safe_search = 2; # Strict - autocomplete = ""; - default_lang = "en-US"; - }; - - preferences.lock = [ "safesearch" ]; # Lock safe_search at strict - - # https://docs.searxng.org/admin/plugins.html - enabled_plugins = [ - "Tor check plugin" - "Tracker URL remover" - "Basic Calculator" - "Unit converter plugin" - "Hash plugin" - "Self Information" - "Open Access DOI rewrite" - "Hostnames plugin" - ]; - - hostnames.replace = { - "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz"; - "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz"; - "(.*\.)?reddit\.com$" = "old.reddit.com"; - }; - - # Enable / disabled search engines from default list - engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) { - # Images - "artic" = false; - "deviantart" = false; - "flickr" = false; - "library of congress" = false; - "openverse" = false; - "pinterest" = false; - "public domain image archive" = false; - "unsplash" = false; - "wallhaven" = false; - "wikicommons.images" = false; - - # Videos - "bitchute" = true; - "dailymotion" = false; - "piped" = false; - "rumble" = true; - "sepiasearch" = false; - "vimeo" = false; - "wikicommons.videos" = false; - - # Music - "piped.music" = false; - - # Files - "1337x" = true; - "annas archive" = true; - "library genesis" = true; - - # Apps - "fdroid" = true; - }; - }; - }; - }; -} diff --git a/modules/root/software/awesome.nix b/modules/root/software/awesome.nix deleted file mode 100644 index fdc86e8..0000000 --- a/modules/root/software/awesome.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.awesome.enable = lib.mkEnableOption "enables awesomewm"; - }; - - config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) { - services.xserver.windowManager.awesome = { - enable = true; - noArgb = true; # disables transparency. why not? - luaModules = with pkgs.luajitPackages; [ - lgi - ]; - package = with pkgs; awesome.override { - gtk3Support = true; - gtk3 = gtk3; - lua = luajit; - }; - }; - }; -} diff --git a/modules/root/software/ddcutil.nix b/modules/root/software/ddcutil.nix deleted file mode 100644 index 0c62370..0000000 --- a/modules/root/software/ddcutil.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, lib, config ... }: { - options = { - programs.ddcutil.enable = lib.mkEnableOption "enables ddcutil and i2c control"; - }; - - config = lib.mkIf programs.ddcutil.enable { - hardware.i2c.enable = true; - environment.systemPackages = [ pkgs.ddcutil ]; - } -} diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix deleted file mode 100644 index 7adcb6a..0000000 --- a/modules/root/software/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: { - imports = [ - ./awesome.nix - ./ddcutil.nix - ./desktop.nix - ./development.nix - ./docker.nix - ./overlays.nix - ./system.nix - ./utilities.nix - ./virtualization.nix - ]; - - software.desktop = { - enable = lib.mkDefault config.xserver.enable; - chromium.enable = lib.mkDefault false; - cad.enable = lib.mkDefault false; - crypto.enable = lib.mkDefault false; - firefox.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault false; - office.enable = lib.mkDefault false; - utilities.enable = lib.mkDefault false; - }; - - software.development = { - enable = lib.mkDefault true; - docker = { - enable = lib.mkDefault false; - btrfsSupport = lib.mkDefault true; - }; - }; - - programs.ddcutil.enable = lib.mkDefault true; - virtualization.enable = lib.mkDefault false; - xserver.awesome.enable = lib.mkDefault true; -} diff --git a/modules/root/software/derivations b/modules/root/software/derivations deleted file mode 120000 index a075779..0000000 --- a/modules/root/software/derivations +++ /dev/null @@ -1 +0,0 @@ -../../../derivations
\ No newline at end of file diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix deleted file mode 100644 index 4dcb215..0000000 --- a/modules/root/software/desktop.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.desktop = { - enable = lib.mkEnableOption "enables desktop apps"; - chromium = { - enable = lib.mkEnableOption "enables selected chromium browser package"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.ungoogled-chromium; - description = "chromium package to install"; - }; - }; - cad.enable = lib.mkEnableOption "enables cad and 3d printing apps"; - crypto.enable = lib.mkEnableOption "enables crypto wallet apps"; - firefox.enable = lib.mkEnableOption "enables firefox"; - graphics.enable = lib.mkEnableOption "enables graphic design apps"; - office.enable = lib.mkEnableOption "enables office apps"; - utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps"; - }; - }; - - config = lib.mkIf config.software.desktop.enable { - environment.systemPackages = with pkgs; [ - # Default - arandr - dmenu - libnotify - mpv - pavucontrol - pcmanfm - redshift - scrot - st - sxiv - wpa_supplicant_gui - zathura - ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ - # Chrome - config.software.desktop.chromium.package - ] ++ pkgs.lib.optionals config.software.desktop.cad.enable [ - # CAD - blender - freecad - prusa-slicer - ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ - # Crypto Wallets - sparrow - ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ - # Graphics - blender - geeqie - gimp3 - inkscape - ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ - # Office - hunspell # Spell checking in libreoffice - hunspellDicts.en_US - kdePackages.okular - libreoffice - pdfchain - thunderbird - ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [ - # Misc Utilities - jellyfin-mpv-shim - qbittorrent - qdirstat - remmina - ]; - - programs.localsend.enable = config.software.desktop.utilities.enable; # Installs & opens firewall - programs.firefox.enable = config.software.desktop.firefox.enable; - - # GVfs allows for mounting drives in a graphical file manager - services.gvfs.enable = true; - - # For home-manager to configure gtk - # TODO this should be there instead - programs.dconf.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix deleted file mode 100644 index af8a8a7..0000000 --- a/modules/root/software/development.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.development.enable = lib.mkEnableOption "enables development tools"; - }; - - config = lib.mkIf config.software.development.enable { - environment.systemPackages = with pkgs; [ - #adb-sync - android-tools - gcc - git - gnumake - hugo - lua - pkg-config - ]; - - # Open 1313 for hugo serve - networking.firewall.allowedTCPPorts = [ - 1313 - ]; - }; -} diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix deleted file mode 100644 index bf1898c..0000000 --- a/modules/root/software/docker.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, lib, config, userDetails, ... }: { - options = { - software.development.docker = { - enable = lib.mkEnableOption "enables docker"; - btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs"; - }; - }; - - config = lib.mkIf config.software.development.docker.enable { - virtualisation.docker = { - enable = true; - storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs"; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - - users.groups.docker.members = [ userDetails.username ]; - }; -} diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix deleted file mode 100644 index 2037c0d..0000000 --- a/modules/root/software/overlays.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, ... }: { - nixpkgs.overlays = with pkgs; [ - (final: prev: { - crazydiskinfo = (callPackage ./derivations/crazydiskinfo {}); - lowbat = (callPackage ./derivations/lowbat {}); - workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {}); - - # Use my vimv-rs until pr gets merged - vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { - src = fetchFromGitHub { - owner = "tjkeller-xyz"; - repo = "vimv-rs"; - rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; - sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; - }; - }); - - # Use my tamzen until pr gets merged - tamzen = prev.tamzen.overrideAttrs (oldAttrs: { - src = fetchFromGitHub { - owner = "tjkeller-xyz"; - repo = "tamzen-font"; - rev = "middledot"; - sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs="; - }; - }); - }) - (import ./derivations/st/overrides.nix) - ]; -} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix deleted file mode 100644 index 4c81596..0000000 --- a/modules/root/software/system.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - age # Secrets - cryptsetup - dash # TODO should be default /bin/sh - exfat - git # Needed for home-manager - ntfs3g - python3 - sops # Secrets - ]; - - services.gpm.enable = true; -} diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix deleted file mode 100644 index 79285a1..0000000 --- a/modules/root/software/utilities.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - crazydiskinfo - entr - fastfetch - ffmpeg - htop - jq - light - lm_sensors - lowbat - mediainfo - neovim - nmap - openssl - p7zip - pavolctld - powertop - pv - rsync - screen - smartmontools - sslscan - stress - testdisk - tmux - uhubctl - vimv-rs - wget - wireguard-tools - xxHash - yt-dlp - ]; -} diff --git a/modules/root/software/virtualization.nix b/modules/root/software/virtualization.nix deleted file mode 100644 index 36a51fc..0000000 --- a/modules/root/software/virtualization.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - virtualization.enable = lib.mkEnableOption "enables virtualization and virt-manager"; - }; - - config = lib.mkIf config.virtualization.enable { - virtualisation = { - spiceUSBRedirection.enable = true; - libvirtd.enable = true; - # Enable efi support with ovmf firmware - libvirtd.qemu = { - package = pkgs.qemu_kvm; - runAsRoot = true; - swtpm.enable = true; - ovmf.enable = true; - }; - }; - programs.virt-manager.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix deleted file mode 100644 index 9f6d54d..0000000 --- a/modules/root/ssh.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - }; - }; -} diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix deleted file mode 100644 index 814ae95..0000000 --- a/modules/root/suspend.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: { - options = { - suspend.enable = lib.mkEnableOption "enables suspend"; - }; - - config = lib.mkIf (! config.suspend.enable) { - # Disable suspend targets - systemd.targets = builtins.listToAttrs (map (name: { - inherit name; - value = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); - }; -} diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix deleted file mode 100644 index 3414c03..0000000 --- a/modules/root/tlp.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, config, ... }: { - options = { - tlp.enable = lib.mkEnableOption "enables tlp"; - }; - - config = lib.mkIf config.tlp.enable { - services.tlp.enable = true; - }; -} diff --git a/modules/root/udev.nix b/modules/root/udev.nix deleted file mode 100644 index 17ed204..0000000 --- a/modules/root/udev.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: { - services.udev.extraRules = '' - SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" - ''; -} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix deleted file mode 100644 index 9dbf233..0000000 --- a/modules/root/wifi.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: { - options = { - wifi.enable = lib.mkEnableOption "enables wifi"; - }; - - config = lib.mkIf config.wifi.enable { - networking.wireless = { - enable = true; # Enables wireless support via wpa_supplicant. - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) - }; - - # Load wpa_supplicant.conf secret config - sops.secrets.wpa_supplicant-conf = { - sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; - }; - - # Link /etc/wpa_supplicant.conf -> secret config - environment.etc."wpa_supplicant.conf" = { - source = config.sops.secrets.wpa_supplicant-conf.path; - }; - - # This service is a workaround to ensure that secrets are available on - # reboot when the secret keys are on a separate subvolume - systemd.services.npcnix-force-rebuild-sops-hack = { - wantedBy = [ "multi-user.target" ]; - before = [ "wpa_supplicant.service" ]; - serviceConfig = { - ExecStart = "/run/current-system/activate"; - Type = "oneshot"; - Restart = "on-failure"; # because oneshot - RestartSec = "10s"; - }; - }; - }; -} diff --git a/modules/root/x11.nix b/modules/root/x11.nix deleted file mode 100644 index f5a07b4..0000000 --- a/modules/root/x11.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.enable = lib.mkEnableOption "enables xserver"; - }; - - config = lib.mkIf config.xserver.enable { - services.xserver.enable = true; - services.xserver.displayManager.startx.enable = true; - services.libinput.enable = true; # Enable touchpad support - - # Apply startx patch to create serverauth file in /tmp instead of home directory - nixpkgs.overlays = with pkgs; [ - (final: prev: { - xorg = prev.xorg // { - xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { - version = "1.4.4"; - patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from - # Override src since is hardcoded to 1.4.2 - src = prev.fetchurl { - url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; - sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; - }; - patches = [ - (prev.fetchpatch { - url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; - sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; - }) - ]; - })); - }; - }) - ]; - - # Install basic X utilities - environment.systemPackages = with pkgs; [ - unclutter - xcape - xclip - xdotool - xorg.setxkbmap - xorg.xinput - xorg.xkill - xorg.xrandr - xorg.xset - xwallpaper - ]; - - # Enable TearFree option by default - # Not all video drivers support this option - services.xserver.deviceSection = '' - Option "TearFree" "true" - ''; - }; -} diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix deleted file mode 100644 index 697cb4c..0000000 --- a/modules/root/zsh.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - zsh.enable = lib.mkEnableOption "use zsh as default shell"; - }; - - config = lib.mkIf config.zsh.enable { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - }; -} |