From 86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5 Mon Sep 17 00:00:00 2001 From: Tim Keller Date: Thu, 21 Aug 2025 12:27:51 -0500 Subject: refactor project to prioritize correctness. place custom nixos options into existing 'modules' and prefix them with '_'. use _archetypes module for software collections, system profiles, etc. personal configs moved to _archetypes.tjkeller. probably changed or fixed or broke a few other things in the process --- derivations/crazydiskinfo/default.nix | 41 ------- derivations/lowbat/default.nix | 28 ----- derivations/st/overrides.nix | 19 ---- .../default.nix | 86 -------------- flake.nix | 4 +- modules/archetypes/headless/default.nix | 14 --- modules/home/default.nix | 2 +- modules/hosts/T430/configuration.nix | 17 --- modules/hosts/T430/hardware-configuration.nix | 33 ------ modules/hosts/T430/home.nix | 5 - modules/hosts/T495/configuration.nix | 71 ++++++++---- modules/hosts/T495/games.nix | 7 -- modules/hosts/T495/input-leap.nix | 11 -- modules/hosts/X230/configuration.nix | 27 ++++- modules/hosts/hp-envy-office/configuration.nix | 75 +++++++----- modules/hosts/libreX60/configuration.nix | 9 +- modules/hosts/optiplex/configuration.nix | 74 ++++++++---- modules/nixos/archetypes/collections/bluetooth.nix | 12 ++ modules/nixos/archetypes/collections/desktop.nix | 80 +++++++++++++ .../nixos/archetypes/collections/development.nix | 41 +++++++ modules/nixos/archetypes/collections/docker.nix | 23 ++++ modules/nixos/archetypes/collections/fonts.nix | 16 +++ modules/nixos/archetypes/collections/utilities.nix | 35 ++++++ .../archetypes/collections/virtualization.nix | 22 ++++ modules/nixos/archetypes/collections/xserver.nix | 34 ++++++ .../nixos/archetypes/profiles/desktop/default.nix | 53 +++++++++ .../nixos/archetypes/profiles/headless/default.nix | 32 ++++++ modules/nixos/archetypes/tjkeller/default.nix | 10 ++ modules/nixos/archetypes/tjkeller/hosts.nix | 16 +++ modules/nixos/archetypes/tjkeller/localization.nix | 5 + modules/nixos/archetypes/tjkeller/nas.nix | 35 ++++++ modules/nixos/archetypes/tjkeller/printing.nix | 39 +++++++ .../resources/secrets/hashed-root-password.yaml | 25 ++++ .../resources/secrets/wpa_supplicant-conf.yaml | 16 +++ modules/nixos/archetypes/tjkeller/user.nix | 22 ++++ modules/nixos/archetypes/tjkeller/wifi.nix | 38 +++++++ modules/nixos/archetypes/users/primary.nix | 37 ++++++ modules/nixos/bootloader.nix | 48 ++++++++ modules/nixos/default.nix | 39 +++++++ modules/nixos/doas.nix | 17 +++ modules/nixos/filesystems.nix | 7 ++ modules/nixos/hosts.nix | 4 + modules/nixos/net-iface-labels.nix | 28 +++++ modules/nixos/nix.nix | 11 ++ modules/nixos/pipewire.nix | 14 +++ modules/nixos/powerkeys.nix | 7 ++ modules/nixos/printing.nix | 18 +++ modules/nixos/programs/awesome.nix | 22 ++++ modules/nixos/programs/ddcutil.nix | 12 ++ modules/nixos/programs/home-manager.nix | 15 +++ modules/nixos/secrets.nix | 10 ++ modules/nixos/services/cgit.nix | 126 +++++++++++++++++++++ modules/nixos/services/gitea.nix | 60 ++++++++++ modules/nixos/services/searxng.nix | 119 +++++++++++++++++++ modules/nixos/ssh.nix | 16 +++ modules/nixos/sudo.nix | 15 +++ modules/nixos/suspend.nix | 18 +++ modules/overlays/crazydiskinfo/default.nix | 41 +++++++ modules/overlays/default.nix | 31 +++++ modules/overlays/lowbat/default.nix | 28 +++++ modules/overlays/st/overrides.nix | 19 ++++ .../default.nix | 86 ++++++++++++++ modules/overlays/xorg/overrides.nix | 20 ++++ modules/root/autologin.nix | 13 --- modules/root/bluetooth.nix | 10 -- modules/root/bootloader.nix | 43 ------- modules/root/default.nix | 55 --------- modules/root/doas.nix | 19 ---- modules/root/firewall.nix | 7 -- modules/root/fonts.nix | 14 --- modules/root/home-manager.nix | 11 -- modules/root/hosts.nix | 18 --- modules/root/localization.nix | 5 - modules/root/nas.nix | 36 ------ modules/root/net-iface-labels.nix | 27 ----- modules/root/nix.nix | 11 -- modules/root/normaluser.nix | 31 ----- modules/root/pipewire.nix | 12 -- modules/root/powerkeys.nix | 7 -- modules/root/printing.nix | 50 -------- .../resources/secrets/hashed-root-password.yaml | 25 ---- .../resources/secrets/wpa_supplicant-conf.yaml | 16 --- modules/root/secrets.nix | 8 -- modules/root/services/cgit.nix | 126 --------------------- modules/root/services/gitea.nix | 60 ---------- modules/root/services/searxng.nix | 119 ------------------- modules/root/software/awesome.nix | 20 ---- modules/root/software/ddcutil.nix | 10 -- modules/root/software/default.nix | 36 ------ modules/root/software/derivations | 1 - modules/root/software/desktop.nix | 80 ------------- modules/root/software/development.nix | 23 ---- modules/root/software/docker.nix | 21 ---- modules/root/software/overlays.nix | 30 ----- modules/root/software/system.nix | 14 --- modules/root/software/utilities.nix | 34 ------ modules/root/software/virtualization.nix | 20 ---- modules/root/ssh.nix | 8 -- modules/root/suspend.nix | 16 --- modules/root/tlp.nix | 9 -- modules/root/udev.nix | 5 - modules/root/wifi.nix | 36 ------ modules/root/x11.nix | 54 --------- modules/root/zsh.nix | 10 -- rebuild | 2 +- 105 files changed, 1594 insertions(+), 1503 deletions(-) delete mode 100644 derivations/crazydiskinfo/default.nix delete mode 100644 derivations/lowbat/default.nix delete mode 100644 derivations/st/overrides.nix delete mode 100644 derivations/xerox-workcentre-7800-series-driver/default.nix delete mode 100644 modules/archetypes/headless/default.nix delete mode 100644 modules/hosts/T430/configuration.nix delete mode 100644 modules/hosts/T430/hardware-configuration.nix delete mode 100644 modules/hosts/T430/home.nix delete mode 100644 modules/hosts/T495/games.nix delete mode 100644 modules/hosts/T495/input-leap.nix create mode 100644 modules/nixos/archetypes/collections/bluetooth.nix create mode 100644 modules/nixos/archetypes/collections/desktop.nix create mode 100644 modules/nixos/archetypes/collections/development.nix create mode 100644 modules/nixos/archetypes/collections/docker.nix create mode 100644 modules/nixos/archetypes/collections/fonts.nix create mode 100644 modules/nixos/archetypes/collections/utilities.nix create mode 100644 modules/nixos/archetypes/collections/virtualization.nix create mode 100644 modules/nixos/archetypes/collections/xserver.nix create mode 100644 modules/nixos/archetypes/profiles/desktop/default.nix create mode 100644 modules/nixos/archetypes/profiles/headless/default.nix create mode 100644 modules/nixos/archetypes/tjkeller/default.nix create mode 100644 modules/nixos/archetypes/tjkeller/hosts.nix create mode 100644 modules/nixos/archetypes/tjkeller/localization.nix create mode 100644 modules/nixos/archetypes/tjkeller/nas.nix create mode 100644 modules/nixos/archetypes/tjkeller/printing.nix create mode 100644 modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml create mode 100644 modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml create mode 100644 modules/nixos/archetypes/tjkeller/user.nix create mode 100644 modules/nixos/archetypes/tjkeller/wifi.nix create mode 100644 modules/nixos/archetypes/users/primary.nix create mode 100644 modules/nixos/bootloader.nix create mode 100644 modules/nixos/default.nix create mode 100644 modules/nixos/doas.nix create mode 100644 modules/nixos/filesystems.nix create mode 100644 modules/nixos/hosts.nix create mode 100644 modules/nixos/net-iface-labels.nix create mode 100644 modules/nixos/nix.nix create mode 100644 modules/nixos/pipewire.nix create mode 100644 modules/nixos/powerkeys.nix create mode 100644 modules/nixos/printing.nix create mode 100644 modules/nixos/programs/awesome.nix create mode 100644 modules/nixos/programs/ddcutil.nix create mode 100644 modules/nixos/programs/home-manager.nix create mode 100644 modules/nixos/secrets.nix create mode 100644 modules/nixos/services/cgit.nix create mode 100644 modules/nixos/services/gitea.nix create mode 100644 modules/nixos/services/searxng.nix create mode 100644 modules/nixos/ssh.nix create mode 100644 modules/nixos/sudo.nix create mode 100644 modules/nixos/suspend.nix create mode 100644 modules/overlays/crazydiskinfo/default.nix create mode 100644 modules/overlays/default.nix create mode 100644 modules/overlays/lowbat/default.nix create mode 100644 modules/overlays/st/overrides.nix create mode 100644 modules/overlays/xerox-workcentre-7800-series-driver/default.nix create mode 100644 modules/overlays/xorg/overrides.nix delete mode 100644 modules/root/autologin.nix delete mode 100644 modules/root/bluetooth.nix delete mode 100644 modules/root/bootloader.nix delete mode 100644 modules/root/default.nix delete mode 100644 modules/root/doas.nix delete mode 100644 modules/root/firewall.nix delete mode 100644 modules/root/fonts.nix delete mode 100644 modules/root/home-manager.nix delete mode 100644 modules/root/hosts.nix delete mode 100644 modules/root/localization.nix delete mode 100644 modules/root/nas.nix delete mode 100644 modules/root/net-iface-labels.nix delete mode 100644 modules/root/nix.nix delete mode 100644 modules/root/normaluser.nix delete mode 100644 modules/root/pipewire.nix delete mode 100644 modules/root/powerkeys.nix delete mode 100644 modules/root/printing.nix delete mode 100644 modules/root/resources/secrets/hashed-root-password.yaml delete mode 100644 modules/root/resources/secrets/wpa_supplicant-conf.yaml delete mode 100644 modules/root/secrets.nix delete mode 100644 modules/root/services/cgit.nix delete mode 100644 modules/root/services/gitea.nix delete mode 100644 modules/root/services/searxng.nix delete mode 100644 modules/root/software/awesome.nix delete mode 100644 modules/root/software/ddcutil.nix delete mode 100644 modules/root/software/default.nix delete mode 120000 modules/root/software/derivations delete mode 100644 modules/root/software/desktop.nix delete mode 100644 modules/root/software/development.nix delete mode 100644 modules/root/software/docker.nix delete mode 100644 modules/root/software/overlays.nix delete mode 100644 modules/root/software/system.nix delete mode 100644 modules/root/software/utilities.nix delete mode 100644 modules/root/software/virtualization.nix delete mode 100644 modules/root/ssh.nix delete mode 100644 modules/root/suspend.nix delete mode 100644 modules/root/tlp.nix delete mode 100644 modules/root/udev.nix delete mode 100644 modules/root/wifi.nix delete mode 100644 modules/root/x11.nix delete mode 100644 modules/root/zsh.nix diff --git a/derivations/crazydiskinfo/default.nix b/derivations/crazydiskinfo/default.nix deleted file mode 100644 index 61de338..0000000 --- a/derivations/crazydiskinfo/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib -, cmake -, fetchFromGitHub -, fetchpatch -, libatasmart -, ncurses5 -, stdenv -}: - -stdenv.mkDerivation rec { - pname = "crazydiskinfo"; - version = "1.1.0"; - - src = fetchFromGitHub { - owner = "otakuto"; - repo = pname; - rev = "refs/tags/${version}"; - sha256 = "sha256-+6ShoaggQ256sLSJDj4d16OipUYX/4JjEwLL5hswjiQ="; - }; - - patches = [ - # Patch to fix build warnings - (fetchpatch { - url = "https://github.com/otakuto/crazydiskinfo/compare/1.1.0...8563aa8.diff"; - sha256 = "sha256-z9aOQFsivu6sYgsZBOlnTvqnoR2ro/jyuO/WOimLSXk="; - }) - ]; - - nativeBuildInputs = [ cmake ]; - buildInputs = [ libatasmart ncurses5 ]; - - cmakeFlags = [ "-DCMAKE_INSTALL_PREFIX=$(out)" ]; - - meta = with lib; { - description = "CrazyDiskInfo is an interactive TUI S.M.A.R.T viewer for Unix systems"; - homepage = "https://github.com/otakuto/crazydiskinfo"; - mainProgram = "crazy"; - license = licenses.mit; - maintainers = [ maintainers.tjkeller ]; - }; -} diff --git a/derivations/lowbat/default.nix b/derivations/lowbat/default.nix deleted file mode 100644 index 64ec205..0000000 --- a/derivations/lowbat/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib -, fetchzip -, glib -, libnotify -, pkg-config -, stdenv -}: - -stdenv.mkDerivation rec { - pname = "lowbat"; - version = "1.2.2"; - - src = fetchzip { - url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; - sha256 = "sha256-utdcY9qoDcrBWnGC8m/LUsnoxQ0ilssPDF44A6D/C+8="; - }; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libnotify glib ]; - - installFlags = [ "PREFIX=$(out)" ]; - - meta = with lib; { - description = "A minimal battery level monitor daemon, written in C"; - license = licenses.mit; - maintainers = [ maintainers.tjkeller ]; - }; -} diff --git a/derivations/st/overrides.nix b/derivations/st/overrides.nix deleted file mode 100644 index 2d0a37e..0000000 --- a/derivations/st/overrides.nix +++ /dev/null @@ -1,19 +0,0 @@ -final: prev: { - st = prev.st.overrideAttrs (finalAttrs: previousAttrs: { - version = "tj-0.9.2.3"; - - src = prev.fetchgit { - url = "https://git.tjkeller.xyz/${previousAttrs.pname}"; - tag = finalAttrs.version; - sha256 = "sha256-SQ62io4LWsPBvX8e9vUwVVXs/2+THoR6ZZoldQ6IUJk="; - }; - - makeFlags = previousAttrs.makeFlags ++ [ "CFLAGS=-Ofast" ]; - buildInputs = with prev.pkgs.xorg; previousAttrs.buildInputs ++ [ libXcursor libXext ]; - - meta = with prev.lib; previousAttrs.meta // { - homepage = "https://git.tjkeller.xyz/st"; - maintainers = previousAttrs.meta.maintainers ++ [ maintainers.tjkeller ]; - }; - }); -} diff --git a/derivations/xerox-workcentre-7800-series-driver/default.nix b/derivations/xerox-workcentre-7800-series-driver/default.nix deleted file mode 100644 index cfdaaae..0000000 --- a/derivations/xerox-workcentre-7800-series-driver/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - stdenv, - lib, - fetchurl, - dpkg, - autoPatchelfHook, - cups, - xorg, -}: -let - debPlatform = - if stdenv.hostPlatform.system == "x86_64-linux" then - "x86_64" - else if stdenv.hostPlatform.system == "i686-linux" then - "i686" - else - throw "Unsupported system: ${stdenv.hostPlatform.system}"; -in -stdenv.mkDerivation rec { - pname = "xerox-workcentre-7800-series-driver"; - version = "5.20.661.4684"; - debpkg = "XeroxOfficev5Pkg-Linux${debPlatform}-${version}.deb"; - - src = fetchurl { - url = "https://download.support.xerox.com/pub/drivers/CQ8580/drivers/linux/pt_BR/${debpkg}"; - sha256 = "014k0r9ij3401mnab1qzv96bjl9x7rf11aw1ibf0q370pk9jqqjb"; # TODO correct hash for i686 - }; - - nativeBuildInputs = [ dpkg autoPatchelfHook ]; - # TODO add support for disable xorg - buildInputs = [ - cups - stdenv.cc.cc.lib - xorg.libX11 - xorg.libXrender - xorg.libXfixes - xorg.libXdamage - xorg.libXcomposite - xorg.libXcursor - xorg.libXrandr - xorg.libXext - xorg.libXinerama - ]; - - sourceRoot = "."; - unpackCmd = "dpkg-deb -x $curSrc ."; - - dontConfigure = true; - dontBuild = true; - - installPhase = '' - runHook preInstall - - mkdir -p $out - - # Copy and patch the binaries and libraries - cp -r opt $out/ - cp -r usr $out/ - - # Move the PPD to CUPS model dir - mkdir -p $out/share/cups/model - cp opt/XeroxOffice/prtsys/ppd/*.ppd $out/share/cups/model/ - - # Install the CUPS filters - mkdir -p $out/lib/cups/filter - cp usr/lib/cups/filter/* $out/lib/cups/filter/ - - # Install man pages - mkdir -p $out/share/man - cp -r usr/share/man/* $out/share/man/ - - runHook postInstall - ''; - - meta = with lib; { - description = "Xerox WorkCentre 7800 Series Linux Printer Driver"; - longDescription = '' - WorkCentre 7830/7835/7845/7855 - ''; - homepage = "https://www.support.xerox.com/en-us/product/workcentre-7800-series/downloads?platform=linux"; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - #license = licenses.unfree; - maintainers = []; - platforms = platforms.linux; - }; -} diff --git a/flake.nix b/flake.nix index bee9ee6..d2112ca 100644 --- a/flake.nix +++ b/flake.nix @@ -45,7 +45,8 @@ rec { }; modules = [ ./modules/hosts/${hostname}/configuration.nix - ./modules/root + ./modules/nixos + ./modules/overlays home-manager.nixosModules.home-manager { home-manager = { backupFileExtension = "backup"; @@ -70,7 +71,6 @@ rec { value = mkNixosConfiguration hostname; }) [ # Configured system hostnames go here - "T430" "T495" "X230" "flex-wg-router" diff --git a/modules/archetypes/headless/default.nix b/modules/archetypes/headless/default.nix deleted file mode 100644 index b0dfb71..0000000 --- a/modules/archetypes/headless/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: { - autologin.enable = lib.mkOverride 101 false; - avahi.enable = lib.mkOverride 101 false; - bluetooth.enable = lib.mkOverride 101 false; - fonts.enable = lib.mkOverride 101 false; - pipewire.enable = lib.mkOverride 101 false; - printing.enable = lib.mkOverride 101 false; - tlp.enable = lib.mkOverride 101 false; - scanning.enable = lib.mkOverride 101 false; - suspend.enable = lib.mkOverride 101 false; - wifi.enable = lib.mkOverride 101 false; - xserver.enable = lib.mkOverride 101 false; - users.setPassword.enable = lib.mkOverride 101 false; -} diff --git a/modules/home/default.nix b/modules/home/default.nix index a015cc4..022ee9f 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,7 +1,7 @@ { lib, userDetails, homeStateVersion, ... }: { home = { username = userDetails.username; - homeDirectory = userDetails.home; + homeDirectory = lib.mkForce userDetails.home; stateVersion = homeStateVersion; }; diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix deleted file mode 100644 index 7910275..0000000 --- a/modules/hosts/T430/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; - - # TODO this does not function - #boot.initrd.systemd.extraBin = { - # sh = "${pkgs.dash}/bin/dash"; - # vim = "${pkgs.neovim}/bin/nvim"; - #}; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - system.stateVersion = "24.05"; -} diff --git a/modules/hosts/T430/hardware-configuration.nix b/modules/hosts/T430/hardware-configuration.nix deleted file mode 100644 index 206a525..0000000 --- a/modules/hosts/T430/hardware-configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b991914b-3a4c-4248-9472-b5403729601a"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix deleted file mode 100644 index 15df79a..0000000 --- a/modules/hosts/T430/home.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: { - imports = [ ../../home ]; - - wallpapers.enable = true; -} diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix index 6ee62e9..171f746 100644 --- a/modules/hosts/T495/configuration.nix +++ b/modules/hosts/T495/configuration.nix @@ -1,35 +1,64 @@ { config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix - ./games.nix - #./input-leap.nix ./wg.nix + ../../nixos/archetypes/tjkeller ]; - bootloader.mode = "efi"; - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = true; - crypto.enable = true; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - software.development = { - docker.enable = true; + # Setup bootloader + boot._loader.enable = true; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop.enable = true; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + cad.enable = true; + chromium.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + android.enable = true; + c.enable = true; + docker.enable = true; + lua.enable = true; + web = { + hugo = { + enable = true; + openFirewall = true; + }; + node.enable = true; + }; + }; + bluetooth.enable = true; + }; + # Setup user + users.primary = { + enable = true; + autologin.enable = true; + }; + # Enable network drives + tjkeller = { + nas = { + enable = true; + office.enable = true; + }; + }; }; - # Enable network drives - nas.enable = true; - nas.office.enable = true; - nas.office.automount = false; + # Install spotify + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + spotify + ]; # Use amdgpu driver for x11 services.xserver.videoDrivers = [ "amdgpu" ]; - # Enable bluetooth - bluetooth.enable = true; - system.stateVersion = "24.05"; } diff --git a/modules/hosts/T495/games.nix b/modules/hosts/T495/games.nix deleted file mode 100644 index 419d854..0000000 --- a/modules/hosts/T495/games.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: { - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - #vintagestory - prismlauncher - ]; -} diff --git a/modules/hosts/T495/input-leap.nix b/modules/hosts/T495/input-leap.nix deleted file mode 100644 index cf6d018..0000000 --- a/modules/hosts/T495/input-leap.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - input-leap - ]; - - networking.firewall = { - allowedTCPPorts = [ - 24800 # input-leaps - ]; - }; -} diff --git a/modules/hosts/X230/configuration.nix b/modules/hosts/X230/configuration.nix index 9a8e6b4..accbb1c 100644 --- a/modules/hosts/X230/configuration.nix +++ b/modules/hosts/X230/configuration.nix @@ -1,14 +1,29 @@ { config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix + ../../nixos/archetypes/tjkeller ]; - bootloader.mode = "efi"; - # Enable extra software pkgs - software.desktop = { - crypto.enable = true; - graphics.enable = true; - office.enable = true; + # Setup bootloader + boot._loader.enable = true; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop.enable = true; + # Install software + collections = { + desktop = { + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + }; + # Setup user + users.primary = { + enable = true; + autologin.enable = true; + }; }; system.stateVersion = "24.05"; diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix index 9b3e173..89c5da4 100644 --- a/modules/hosts/hp-envy-office/configuration.nix +++ b/modules/hosts/hp-envy-office/configuration.nix @@ -1,42 +1,55 @@ { config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; - - # Show bootloader for longer since it usually doesn't show - boot.loader.timeout = 15; - - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = false; - crypto.enable = false; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - software.development = { - docker.enable = true; + imports = [ + ./hardware-configuration.nix + ../../nixos/archetypes/tjkeller + ]; + + # Setup bootloader + boot._loader.enable = true; + boot.loader.timeout = 15; # Show for longer since it's usually skipped + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop.enable = true; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + chromium.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + docker.enable = true; + web = { + node.enable = true; + }; + }; + virtualization.enable = true; + bluetooth.enable = true; + }; + # Setup user + users.primary = { + enable = true; + }; + tjkeller = { + nas = { + enable = true; + office.enable = true; + office.automount = true; + }; + }; }; + # Disable suspend + systemd._suspend.disable = true; + # Enable virtualization virtualization.enable = true; - # Enable network drives - nas.enable = true; - nas.office.enable = true; - nas.home.enable = false; - - networking.hosts = { - "192.168.77.3" = [ "devel" ]; - }; - # Use amdgpu driver for x11 services.xserver.videoDrivers = [ "amdgpu" ]; - # Enable bluetooth - bluetooth.enable = true; - - # Disable autologin - autologin.enable = false; - system.stateVersion = "24.11"; } diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix index 55f1774..9c83a42 100644 --- a/modules/hosts/libreX60/configuration.nix +++ b/modules/hosts/libreX60/configuration.nix @@ -2,23 +2,22 @@ imports = [ ./hardware-configuration.nix ./powertop-auto-tune.nix + ../../nixos/archetypes/tjkeller # Uncomment this module and reboot to enable bios flashing #./bios-flashing.nix ]; # Use grub - bootloader = { + boot._loader = { + enable = true; loader = "grub"; mode = "bios"; grub.biosDevice = "/dev/sda"; }; - # Use bootloader + # Use libre kernel boot.kernelPackages = pkgs.linuxPackages-libre; - # Enable network drives - nas.enable = true; - # i915 Gpu requires intel driver services.xserver.videoDrivers = [ "intel" ]; diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix index 16ba475..36241a8 100644 --- a/modules/hosts/optiplex/configuration.nix +++ b/modules/hosts/optiplex/configuration.nix @@ -1,36 +1,63 @@ { config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; - bootloader.mode = "efi"; + imports = [ + ./hardware-configuration.nix + ../../nixos/archetypes/tjkeller + ]; - # Allow unfree for nvidia + others - nixpkgs.config.allowUnfree = true; + # Setup bootloader + boot._loader.enable = true; - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = true; - crypto.enable = true; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - software.development = { - docker.enable = true; + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop.enable = true; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + cad.enable = true; + chromium.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + android.enable = true; + c.enable = true; + docker.enable = true; + lua.enable = true; + web = { + hugo = { + enable = true; + openFirewall = true; + }; + node.enable = true; + }; + }; + }; + # Setup user + users.primary = { + enable = true; + autologin.enable = true; + }; + tjkeller = { + nas.enable = true; + }; }; - # Install more programs + # Disable suspend + systemd._suspend.disable = true; + + # Allow unfree for nvidia + others + nixpkgs.config.allowUnfree = true; + + # Install more software environment.systemPackages = with pkgs; [ prismlauncher spotify #vintagestory ]; - # Enable network drives - nas.enable = true; - - # Disable wifi - wifi.enable = false; - # Use nvidia driver services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia = { @@ -42,8 +69,5 @@ forceFullCompositionPipeline = true; # Enables vsync }; - # Disable suspend - suspend.enable = false; - system.stateVersion = "24.11"; } diff --git a/modules/nixos/archetypes/collections/bluetooth.nix b/modules/nixos/archetypes/collections/bluetooth.nix new file mode 100644 index 0000000..749a9f1 --- /dev/null +++ b/modules/nixos/archetypes/collections/bluetooth.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.bluetooth; +in { + options._archetypes.collections.bluetooth = { + enable = lib.mkEnableOption "enables bluetooth and blueman"; + }; + + config = lib.mkIf cfg.enable { + hardware.bluetooth.enable = true; + services.blueman.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/modules/nixos/archetypes/collections/desktop.nix b/modules/nixos/archetypes/collections/desktop.nix new file mode 100644 index 0000000..fff8682 --- /dev/null +++ b/modules/nixos/archetypes/collections/desktop.nix @@ -0,0 +1,80 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop; +in { + options._archetypes.collections.desktop = { + utilities.enable = lib.mkEnableOption "install basic desktop utilities"; + extraUtilities.enable = lib.mkEnableOption "install extra desktop utilities"; + chromium = { + enable = lib.mkEnableOption "install chromium browser"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.ungoogled-chromium; + description = "chromium package to install"; + }; + }; + cad.enable = lib.mkEnableOption "install cad and 3d printing software"; + crypto.enable = lib.mkEnableOption "install crypto wallets"; + firefox.enable = lib.mkEnableOption "install firefox"; + graphics.enable = lib.mkEnableOption "install graphic design software"; + office.enable = lib.mkEnableOption "install office software"; + }; + + config = { + environment.systemPackages = with pkgs; [ + ] ++ lib.optionals cfg.utilities.enable [ + # Utilities + arandr + dmenu + libnotify + lowbat + mpv + pavolctld + pavucontrol + pcmanfm + redshift + scrot + st + sxiv + wpa_supplicant_gui + zathura + ] ++ lib.optionals cfg.chromium.enable [ + # Chrome + cfg.chromium.package + ] ++ lib.optionals cfg.cad.enable [ + # CAD + blender + freecad + prusa-slicer + ] ++ lib.optionals cfg.crypto.enable [ + # Crypto Wallets + sparrow + ] ++ lib.optionals cfg.graphics.enable [ + # Graphics + blender + geeqie + gimp3 + inkscape + ] ++ lib.optionals cfg.office.enable [ + # Office + hunspell # Spell checking in libreoffice + hunspellDicts.en_US + kdePackages.okular + libreoffice + pdfchain + thunderbird + ] ++ lib.optionals cfg.extraUtilities.enable [ + # Extra Utilities + jellyfin-mpv-shim + qbittorrent + qdirstat + remmina + ]; + + # Utilities + programs.localsend.enable = cfg.utilities.enable; # Installs & opens firewall + services.gvfs.enable = cfg.utilities.enable; # GVfs allows for mounting drives in a graphical file manager + + # Firefox + programs.firefox.enable = cfg.firefox.enable; + }; +} diff --git a/modules/nixos/archetypes/collections/development.nix b/modules/nixos/archetypes/collections/development.nix new file mode 100644 index 0000000..d0c979f --- /dev/null +++ b/modules/nixos/archetypes/collections/development.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development; + hugoFirewallPort = 1313; +in { + options._archetypes.collections.development = { + utilities.enable = lib.mkEnableOption "install basic dev utilities"; + android.enable = lib.mkEnableOption "install android dev tools"; + c.enable = lib.mkEnableOption "install c dev tools"; + lua.enable = lib.mkEnableOption "install lua dev tools"; + web = { + hugo = { + enable = lib.mkEnableOption "install hugo"; + openFirewall = lib.mkEnableOption "open the port ${hugoFirewallPort} for viewing content from hugo serve on other devices"; + }; + node.enable = lib.mkEnableOption "install node"; + }; + }; + + config = { + environment.systemPackages = with pkgs; [ + git + python3 + ] ++ lib.optionals cfg.android.enable [ + #adb-sync + android-tools + ] ++ lib.optionals cfg.c.enable [ + gcc + git + gnumake + pkg-config + ] ++ lib.optionals cfg.lua.enable [ + lua + ] ++ lib.optionals cfg.web.hugo.enable [ + hugo + ] ++ lib.optionals cfg.web.node.enable [ + nodejs + ]; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.web.hugo.openFirewall [ hugoFirewallPort ]; + }; +} diff --git a/modules/nixos/archetypes/collections/docker.nix b/modules/nixos/archetypes/collections/docker.nix new file mode 100644 index 0000000..629dff3 --- /dev/null +++ b/modules/nixos/archetypes/collections/docker.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development.docker; +in { + options._archetypes.collections.development.docker = { + enable = lib.mkEnableOption "enables docker"; + btrfsSupport = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Changes docker storageDriver to btrfs."; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.docker = { + enable = true; + storageDriver = lib.mkIf cfg.btrfsSupport "btrfs"; + }; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + }; +} diff --git a/modules/nixos/archetypes/collections/fonts.nix b/modules/nixos/archetypes/collections/fonts.nix new file mode 100644 index 0000000..136e31b --- /dev/null +++ b/modules/nixos/archetypes/collections/fonts.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.fonts; +in { + options._archetypes.collections.fonts = { + enable = lib.mkEnableOption "enables fonts"; + }; + + config = lib.mkIf cfg.enable { + fonts.packages = with pkgs; [ + commit-mono + inter + nerd-fonts.jetbrains-mono + tamzen + ]; + }; +} diff --git a/modules/nixos/archetypes/collections/utilities.nix b/modules/nixos/archetypes/collections/utilities.nix new file mode 100644 index 0000000..85763a4 --- /dev/null +++ b/modules/nixos/archetypes/collections/utilities.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + crazydiskinfo + dash # TODO should be default /bin/sh + entr + fastfetch + ffmpeg + htop + jq + light + lm_sensors + mediainfo + neovim + nmap + openssl + p7zip + powertop + pv + rsync + screen + smartmontools + sslscan + stress + testdisk + tmux + uhubctl + vimv-rs + wget + wireguard-tools + xxHash + yt-dlp + ]; + + services.gpm.enable = true; +} diff --git a/modules/nixos/archetypes/collections/virtualization.nix b/modules/nixos/archetypes/collections/virtualization.nix new file mode 100644 index 0000000..fda0e48 --- /dev/null +++ b/modules/nixos/archetypes/collections/virtualization.nix @@ -0,0 +1,22 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.virtualization; +in { + options._archetypes.collections.virtualization = { + enable = lib.mkEnableOption "enables virtualization and virt-manager"; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + spiceUSBRedirection.enable = true; + libvirtd.enable = true; + # Enable efi support with ovmf firmware + libvirtd.qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf.enable = true; + }; + }; + programs.virt-manager.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/modules/nixos/archetypes/collections/xserver.nix b/modules/nixos/archetypes/collections/xserver.nix new file mode 100644 index 0000000..4cbdae8 --- /dev/null +++ b/modules/nixos/archetypes/collections/xserver.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.xserver; +in { + options._archetypes.collections.desktop.xserver = { + enable = lib.mkEnableOption "installs xserver"; + utilities.enable = lib.mkEnableOption "installs basic xserver utilities"; + }; + + config = lib.mkIf cfg.enable { + services.xserver.enable = true; + services.xserver.displayManager.startx.enable = true; + services.libinput.enable = true; # Enable touchpad support + + # Install basic X utilities + environment.systemPackages = with pkgs; lib.optionals cfg.utilities.enable [ + unclutter + xcape + xclip + xdotool + xorg.setxkbmap + xorg.xinput + xorg.xkill + xorg.xrandr + xorg.xset + xwallpaper + ]; + + # Enable TearFree option by default + # Not all video drivers support this option + services.xserver.deviceSection = '' + Option "TearFree" "true" + ''; + }; +} diff --git a/modules/nixos/archetypes/profiles/desktop/default.nix b/modules/nixos/archetypes/profiles/desktop/default.nix new file mode 100644 index 0000000..d9a7dc7 --- /dev/null +++ b/modules/nixos/archetypes/profiles/desktop/default.nix @@ -0,0 +1,53 @@ +{ lib, config, pkgs, ... }: let + mkDesktop = lib.mkOverride 920; + cfg = config._archetypes.profiles.desktop; +in { + options._archetypes.profiles.desktop = { + enable = lib.mkEnableOption "enable desktop profile"; + }; + + config = lib.mkIf cfg.enable { + _archetypes.collections = { + desktop = { + utilities.enable = mkDesktop true; + firefox.enable = mkDesktop true; + xserver = { + enable = mkDesktop true; + utilities.enable = mkDesktop true; + }; + }; + development = { + utilities.enable = mkDesktop true; + }; + fonts.enable = mkDesktop true; + }; + + _archetypes.users.primary = { + enable = mkDesktop true; + }; + + security = { + _doas.enable = mkDesktop true; + }; + + programs = { + _ddcutil.enable = mkDesktop true; + _home-manager.enable = mkDesktop true; + }; + + services = { + xserver = { + windowManager._awesome.enable = mkDesktop true; + }; + _pipewire.enable = mkDesktop true; + _printing.enable = mkDesktop true; + _ssh.enable = mkDesktop true; + tlp.enable = mkDesktop true; + + # Ensure video group can change backlight + udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; + }; + }; +} diff --git a/modules/nixos/archetypes/profiles/headless/default.nix b/modules/nixos/archetypes/profiles/headless/default.nix new file mode 100644 index 0000000..ef17db0 --- /dev/null +++ b/modules/nixos/archetypes/profiles/headless/default.nix @@ -0,0 +1,32 @@ +{ lib, config, ... }: let + mkHeadless = lib.mkOverride 910; + cfg = config._archetypes.profiles.headless; +in { + options._archetypes.profiles.headless = { + enable = lib.mkEnableOption "enable headless profile"; + }; + + config = lib.mkIf cfg.enable { + _archetypes.collections = { + development = { + utilities.enable = mkHeadless true; + }; + }; + + _archetypes.users = { + primary.enable = mkHeadless true; + }; + + security = { + _doas.enable = mkHeadless true; + }; + + programs = { + _ddcutil.enable = mkHeadless true; + }; + + services = { + _ssh.enable = mkHeadless true; + }; + }; +} diff --git a/modules/nixos/archetypes/tjkeller/default.nix b/modules/nixos/archetypes/tjkeller/default.nix new file mode 100644 index 0000000..6a9bbd9 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./hosts.nix + ./localization.nix + ./nas.nix + ./printing.nix + ./user.nix + ./wifi.nix + ]; +} diff --git a/modules/nixos/archetypes/tjkeller/hosts.nix b/modules/nixos/archetypes/tjkeller/hosts.nix new file mode 100644 index 0000000..66c6ccc --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/hosts.nix @@ -0,0 +1,16 @@ +{ + networking.hosts = { + "192.168.1.9" = [ "optiplex" ]; + "192.168.1.30" = [ "localgit" ]; + "192.168.1.11" = [ "truenas-home" ]; + "192.168.77.11" = [ "truenas-office" ]; + "192.168.77.8" = [ "publicgit" "tjkeller" ]; + "192.168.77.3" = [ "devel" ]; + "173.9.253.3" = [ + "git.tjkeller.xyz" + "piped.tjkeller.xyz" + "search.tjkeller.xyz" + "tjkeller.xyz" + ]; + }; +} diff --git a/modules/nixos/archetypes/tjkeller/localization.nix b/modules/nixos/archetypes/tjkeller/localization.nix new file mode 100644 index 0000000..8313f07 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/localization.nix @@ -0,0 +1,5 @@ +{ + time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.xkb.layout = "us"; +} diff --git a/modules/nixos/archetypes/tjkeller/nas.nix b/modules/nixos/archetypes/tjkeller/nas.nix new file mode 100644 index 0000000..1ed0ca3 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/nas.nix @@ -0,0 +1,35 @@ +{ lib, config, ... } : +let + cfg = config._archetypes.tjkeller.nas; + mkNetworkFileSystem = device: automount: { + device = "${device}"; + fsType = "nfs"; + options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; + }; +in { + options._archetypes.tjkeller.nas = { + enable = lib.mkEnableOption "enable network shares"; + home = { + enable = lib.mkEnableOption "enable home network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + office = { + enable = lib.mkEnableOption "enable office network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + }; + + config = lib.mkIf cfg.enable { + fileSystems = lib.optionalAttrs cfg.home.enable { + "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" cfg.home.automount; + "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" cfg.home.automount; + "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" cfg.home.automount; + "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" cfg.home.automount; + } // lib.optionalAttrs cfg.office.enable { + "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" cfg.office.automount; + "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" cfg.office.automount; + "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" cfg.office.automount; + }; + # TODO auto mkdirz + }; +} diff --git a/modules/nixos/archetypes/tjkeller/printing.nix b/modules/nixos/archetypes/tjkeller/printing.nix new file mode 100644 index 0000000..d5cceab --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/printing.nix @@ -0,0 +1,39 @@ +{ lib, config, pkgs, ... }: { + config = lib.mkIf config.services.printing.enable { + # Printer drivers + services.printing.drivers = [ + pkgs.epson-escpr2 + pkgs.workcentre-7800-series + ]; + + # Scanning programs + environment.systemPackages = with pkgs; [ + epsonscan2 + ]; + + # Printers + networking.hosts = { + "192.168.1.35" = [ "Epson_ET-8500" ]; + "192.168.77.40" = [ "Xerox_WorkCentre_7855" ]; + }; + + # Add printers to cups + hardware.printers.ensurePrinters = [ + { + name = "Epson_ET-8500"; + description = "Epson ET-8500"; + location = "Home"; + deviceUri = "ipp://Epson_ET-8500:631/ipp/print"; + model = "epson-inkjet-printer-escpr2/Epson-ET-8500_Series-epson-escpr2-en.ppd"; + } + #{ + # name = "Xerox_WorkCentre_7855"; + # description = "Xerox WorkCentre 7855"; + # location = "Office"; + # deviceUri = "ipp://Xerox_WorkCentre_7855:631/ipp/print"; + # model = "everywhere IPP Everywhere"; + #} + ]; + hardware.printers.ensureDefaultPrinter = "Epson_ET-8500"; + }; +} diff --git a/modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml b/modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml new file mode 100644 index 0000000..a42fd42 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml @@ -0,0 +1,25 @@ +hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF + alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 + OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG + RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy + bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 + WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT + UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx + Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq + tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:34:07Z" + mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml b/modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml new file mode 100644 index 0000000..2fd7a0e --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml @@ -0,0 +1,16 @@ +wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz + ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM + b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 + ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A + +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:33:44Z" + mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/modules/nixos/archetypes/tjkeller/user.nix b/modules/nixos/archetypes/tjkeller/user.nix new file mode 100644 index 0000000..2695549 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/user.nix @@ -0,0 +1,22 @@ +{ lib, config, pkgs, userDetails, ... }: let + cfg = config._archetypes.tjkeller.setPasswords; + hashedPasswordFile = config.sops.secrets.hashed-root-password.path; +in { + options._archetypes.tjkeller.setPasswords = { + enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; + }; + + config = lib.mkIf cfg.enable { + # Load hashed root password secret + sops.secrets.hashed-root-password = { + sopsFile = ./resources/secrets/hashed-root-password.yaml; + neededForUsers = true; + }; + + # Apply password file + users.users = { + root = { inherit hashedPasswordFile; }; + ${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; }; + }; + }; +} diff --git a/modules/nixos/archetypes/tjkeller/wifi.nix b/modules/nixos/archetypes/tjkeller/wifi.nix new file mode 100644 index 0000000..32b6ef8 --- /dev/null +++ b/modules/nixos/archetypes/tjkeller/wifi.nix @@ -0,0 +1,38 @@ +{ lib, config, ... }: let + cfg = config._archetypes.tjkeller.wifi; +in { + options._archetypes.tjkeller.wifi = { + enable = lib.mkEnableOption "enables wifi"; + }; + + config = lib.mkIf cfg.enable { + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) + }; + + # Load wpa_supplicant.conf secret config + sops.secrets.wpa_supplicant-conf = { + sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; + }; + + # Link /etc/wpa_supplicant.conf -> secret config + environment.etc."wpa_supplicant.conf" = { + source = config.sops.secrets.wpa_supplicant-conf.path; + }; + + # This service is a workaround to ensure that secrets are available on + # reboot when the secret keys are on a separate subvolume + systemd.services.npcnix-force-rebuild-sops-hack = { + wantedBy = [ "multi-user.target" ]; + before = [ "wpa_supplicant.service" ]; + serviceConfig = { + ExecStart = "/run/current-system/activate"; + Type = "oneshot"; + Restart = "on-failure"; # because oneshot + RestartSec = "10s"; + }; + }; + }; +} diff --git a/modules/nixos/archetypes/users/primary.nix b/modules/nixos/archetypes/users/primary.nix new file mode 100644 index 0000000..a29c3b8 --- /dev/null +++ b/modules/nixos/archetypes/users/primary.nix @@ -0,0 +1,37 @@ +{ lib, config, pkgs, userDetails, ... }: let + cfg = config._archetypes.users.primary; +in { + options._archetypes.users.primary = { + enable = lib.mkEnableOption "create primary user"; + autologin.enable = lib.mkEnableOption "enables getty automatic login"; + }; + + config = lib.mkIf cfg.enable { + # Enable zsh + programs.zsh.enable = true; + + # Setup normal user + users.users.${userDetails.username} = { + home = userDetails.home; + description = userDetails.fullname; + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "nixbld" + "video" + "wheel" + ] ++ lib.optionals config.hardware.i2c.enable [ + "i2c" + ] ++ lib.optionals config.virtualisation.libvirtd.enable [ + "libvirtd" + ] ++ lib.optionals config.virtualisation.docker.enable [ + "docker" + ]; + }; + + # Configure automatic login with getty + services.getty = lib.mkIf cfg.autologin.enable { + autologinUser = userDetails.username; + }; + }; +} diff --git a/modules/nixos/bootloader.nix b/modules/nixos/bootloader.nix new file mode 100644 index 0000000..bb807cf --- /dev/null +++ b/modules/nixos/bootloader.nix @@ -0,0 +1,48 @@ +{ lib, config, ... }: let + cfg = config.boot._loader; + usingEfi = cfg.mode == "efi"; + usingBios = cfg.mode == "bios"; +in { + options.boot._loader = { + enable = lib.mkEnableOption "enable unified bootloader config"; + loader = lib.mkOption { + type = lib.types.enum [ "grub" "systemd-boot" ]; + default = "systemd-boot"; + description = "whether to install grub or systemd-boot as the bootloader"; + }; + mode = lib.mkOption { + type = lib.types.enum [ "efi" "bios" ]; + default = "efi"; + description = "whether to install the bootloader in efi or bios mode"; + }; + grub = { + biosDevice = lib.mkOption { + type = lib.types.str; + description = "device to install grub on"; + }; + }; + memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; + }; + + config = lib.mkIf cfg.enable { + boot.loader = { + grub = lib.mkIf (cfg.loader == "grub") { + enable = true; + efiSupport = usingEfi; + efiInstallAsRemovable = usingEfi; + device = if usingBios then cfg.grub.biosDevice else "nodev"; + enableCryptodisk = true; + memtest86.enable = cfg.memtest86.enable; + }; + systemd-boot = lib.mkIf (cfg.loader == "systemd-boot") { + enable = true; + editor = false; + memtest86.enable = cfg.memtest86.enable; + }; + efi = lib.mkIf usingEfi { + efiSysMountPoint = lib.mkIf (cfg.loader == "grub") "/boot/efi"; + canTouchEfiVariables = true; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..ed21fdc --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,39 @@ +{ + imports = [ + ./archetypes/collections/bluetooth.nix + ./archetypes/collections/desktop.nix + ./archetypes/collections/development.nix + ./archetypes/collections/docker.nix + ./archetypes/collections/fonts.nix + ./archetypes/collections/utilities.nix + ./archetypes/collections/virtualization.nix + ./archetypes/collections/xserver.nix + + ./archetypes/profiles/desktop + ./archetypes/profiles/headless + + ./archetypes/users/primary.nix + + ./programs/awesome.nix + ./programs/ddcutil.nix + ./programs/home-manager.nix + + ./services/cgit.nix + ./services/gitea.nix + ./services/searxng.nix + + ./bootloader.nix + ./doas.nix + ./filesystems.nix + ./hosts.nix + ./net-iface-labels.nix + ./nix.nix + ./pipewire.nix + ./powerkeys.nix + ./printing.nix + ./secrets.nix + ./ssh.nix + ./sudo.nix + ./suspend.nix + ]; +} diff --git a/modules/nixos/doas.nix b/modules/nixos/doas.nix new file mode 100644 index 0000000..aeed170 --- /dev/null +++ b/modules/nixos/doas.nix @@ -0,0 +1,17 @@ +{ lib, config, ... }: let + cfg = config.security._doas; +in { + options.security._doas = { + enable = lib.mkEnableOption "enables doas"; + }; + + config = lib.mkIf cfg.enable { + security.doas = { + enable = true; + wheelNeedsPassword = false; + extraRules = [ + { keepEnv = true; } + ]; + }; + }; +} diff --git a/modules/nixos/filesystems.nix b/modules/nixos/filesystems.nix new file mode 100644 index 0000000..00ab409 --- /dev/null +++ b/modules/nixos/filesystems.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + cryptsetup + exfat + ntfs3g + ]; +} diff --git a/modules/nixos/hosts.nix b/modules/nixos/hosts.nix new file mode 100644 index 0000000..a87f3b4 --- /dev/null +++ b/modules/nixos/hosts.nix @@ -0,0 +1,4 @@ +{ hostname, ... }: { + networking.hostName = hostname; # From flake.nix + environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications +} diff --git a/modules/nixos/net-iface-labels.nix b/modules/nixos/net-iface-labels.nix new file mode 100644 index 0000000..b7ac655 --- /dev/null +++ b/modules/nixos/net-iface-labels.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: let + cfg = config.networking._interfaceLabels; + validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null; + macAddressType = lib.types.str // { + check = validMac; + description = "a mac address (xx:xx:xx:xx:xx:xx)"; + }; +in { + options.networking._interfaceLabels = { + enable = lib.mkEnableOption "manually label network interfaces"; + interfaces = lib.mkOption { + type = lib.types.attrsOf macAddressType; + default = {}; + example = { + "lan0" = "00:11:22:33:44:55"; + "lan1" = "66:77:88:99:AA:BB"; + }; + description = "label network interfaces by their mac address"; + }; + }; + + config = lib.mkIf cfg.enable { + networking.usePredictableInterfaceNames = false; + services.udev.extraRules = lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') cfg.interfaces + ); + }; +} diff --git a/modules/nixos/nix.nix b/modules/nixos/nix.nix new file mode 100644 index 0000000..ff8dd28 --- /dev/null +++ b/modules/nixos/nix.nix @@ -0,0 +1,11 @@ +{ + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + use-xdg-base-directories = true; + }; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; +} diff --git a/modules/nixos/pipewire.nix b/modules/nixos/pipewire.nix new file mode 100644 index 0000000..be3eaf4 --- /dev/null +++ b/modules/nixos/pipewire.nix @@ -0,0 +1,14 @@ +{ lib, config, ... }: let + cfg = config.services._pipewire; +in { + options.services._pipewire = { + enable = lib.mkEnableOption "enables pipewire"; + }; + + config = lib.mkIf cfg.enable { + services.pipewire = { + enable = true; + pulse.enable = true; + }; + }; +} diff --git a/modules/nixos/powerkeys.nix b/modules/nixos/powerkeys.nix new file mode 100644 index 0000000..fd4aa00 --- /dev/null +++ b/modules/nixos/powerkeys.nix @@ -0,0 +1,7 @@ +{ + services.logind = { + hibernateKey = "suspend"; + powerKey = "ignore"; + powerKeyLongPress = "poweroff"; + }; +} diff --git a/modules/nixos/printing.nix b/modules/nixos/printing.nix new file mode 100644 index 0000000..a6df279 --- /dev/null +++ b/modules/nixos/printing.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: let + cfg = config.services._printing; +in { + options.services._printing = { + enable = lib.mkEnableOption "enables printing and avahi service"; + }; + + config = lib.mkIf cfg.enable { + services.printing.enable = true; + + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} + diff --git a/modules/nixos/programs/awesome.nix b/modules/nixos/programs/awesome.nix new file mode 100644 index 0000000..0856384 --- /dev/null +++ b/modules/nixos/programs/awesome.nix @@ -0,0 +1,22 @@ +{ pkgs, lib, config, ... }: let + cfg = config.services.xserver.windowManager._awesome; +in { + options.services.xserver.windowManager._awesome = { + enable = lib.mkEnableOption "installs awesome window manager"; + }; + + config = lib.mkIf cfg.enable { + services.xserver.windowManager.awesome = { + enable = true; + noArgb = true; # disables transparency. why not? + luaModules = with pkgs.luajitPackages; [ + lgi + ]; + package = with pkgs; awesome.override { + gtk3Support = true; + gtk3 = gtk3; + lua = luajit; + }; + }; + }; +} diff --git a/modules/nixos/programs/ddcutil.nix b/modules/nixos/programs/ddcutil.nix new file mode 100644 index 0000000..ef1801b --- /dev/null +++ b/modules/nixos/programs/ddcutil.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config.programs._ddcutil; +in { + options.programs._ddcutil = { + enable = lib.mkEnableOption "enables ddcutil and i2c control"; + }; + + config = lib.mkIf cfg.enable { + hardware.i2c.enable = true; + environment.systemPackages = [ pkgs.ddcutil ]; + }; +} diff --git a/modules/nixos/programs/home-manager.nix b/modules/nixos/programs/home-manager.nix new file mode 100644 index 0000000..49149d3 --- /dev/null +++ b/modules/nixos/programs/home-manager.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, ... }: let + cfg = config.programs._home-manager; +in { + options.programs._home-manager = { + enable = lib.mkEnableOption "enables home-manager"; + }; + + config = lib.mkIf cfg.enable { + # Install home manager + environment.systemPackages = with pkgs; [ home-manager git ]; # Git is needed + + # For home-manager to configure gtk + programs.dconf.enable = lib.mkDefault true; + }; +} diff --git a/modules/nixos/secrets.nix b/modules/nixos/secrets.nix new file mode 100644 index 0000000..46d8f1e --- /dev/null +++ b/modules/nixos/secrets.nix @@ -0,0 +1,10 @@ +{ inputs, config, pkgs, userDetails, ... }: { + imports = [ inputs.sops-nix.nixosModules.sops ]; + + environment.systemPackages = with pkgs; [ age sops ]; + + sops = { + defaultSopsFormat = "yaml"; + age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ]; + }; +} diff --git a/modules/nixos/services/cgit.nix b/modules/nixos/services/cgit.nix new file mode 100644 index 0000000..366c1f8 --- /dev/null +++ b/modules/nixos/services/cgit.nix @@ -0,0 +1,126 @@ +{ lib, pkgs, config, userDetails, ... }: +let + cfg = config.cgit; +in { + options = { + cgit = { + enable = lib.mkEnableOption "enables cgit service"; + hostAddress = lib.mkOption { + type = lib.types.str; + description = "hostAddress for the container"; + default = "10.0.1.1"; + }; + localAddress = lib.mkOption { + type = lib.types.str; + description = "localAddress for the container"; + default = "10.0.1.2"; + }; + rootTitle = lib.mkOption { + type = lib.types.str; + description = "cgit site title"; + default = ""; + }; + rootDesc = lib.mkOption { + type = lib.types.str; + description = "cgit site description"; + default = ""; + }; + extraConfig = lib.mkOption { + type = lib.types.str; + description = "cgitrc lines inserted verbatim at the end"; + default = ""; + }; + }; + }; + + config = lib.mkIf cfg.enable { + # Configure cgit container + containers.cgit = { + autoStart = true; + privateNetwork = true; + hostAddress = cfg.hostAddress; + localAddress = cfg.localAddress; + + specialArgs = { + authorizedKeys = userDetails.sshPublicKeys; + cgitrc = with cfg; { + inherit rootTitle; + inherit rootDesc; + inherit extraConfig; + }; + }; + + config = { lib, config, authorizedKeys, cgitrc, ... }: { + # Create git user for ssh access + users.users.git = { + isNormalUser = true; + home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo + group = "git"; + createHome = true; + homeMode = "750"; # Allow read permissions for group members + shell = pkgs.bash; + openssh.authorizedKeys.keys = authorizedKeys; + }; + users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit + + # Enable git + programs.git.enable = true; + + # Enable ssh service + services.openssh.enable = true; + + # Enable cgit service + services.lighttpd.enable = true; + services.lighttpd.cgit = { + enable = true; + #subdir = ""; # FIXME this does not work for some reason + configText = '' + # Based on joseluisq/alpine-cgit + root-title=${cgitrc.rootTitle} + root-desc=${cgitrc.rootDesc} + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + readme=:README.md + readme=:README.html + readme=:README.txt + readme=:README + readme=:INSTALL.md + readme=:INSTALL.html + readme=:INSTALL.txt + readme=:INSTALL + + # Cache + #cache-root=/var/cache/cgit + #cache-size=2000 + + enable-index-links=1 + enable-index-owner=0 + enable-remote-branches=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-git-config=1 + snapshots=tar.xz zip + + robots=noindex, nofollow + + virtual-root=/cgit + section-from-path=0 + max-repo-count=100 + scan-path=/srv/git + + # extra config + ${cgitrc.extraConfig} + ''; + }; + + # Networking, etc. + networking.firewall.allowedTCPPorts = [ 80 22 ]; + networking.hostName = "cgit"; + + system.stateVersion = "25.05"; + }; + }; + }; +} diff --git a/modules/nixos/services/gitea.nix b/modules/nixos/services/gitea.nix new file mode 100644 index 0000000..32c56db --- /dev/null +++ b/modules/nixos/services/gitea.nix @@ -0,0 +1,60 @@ +{ lib, pkgs, config, userDetails, ... }: +let + cfg = config.gitea; +in { + options = { + gitea = { + enable = lib.mkEnableOption "enables gitea service"; + hostAddress = lib.mkOption { + type = lib.types.str; + description = "hostAddress for the container"; + default = "10.0.1.1"; + }; + localAddress = lib.mkOption { + type = lib.types.str; + description = "localAddress for the container"; + default = "10.0.1.3"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + containers.gitea = { + autoStart = true; + privateNetwork = true; + hostAddress = cfg.hostAddress; + localAddress = cfg.localAddress; + + config = { lib, config, ... }: { + # Enable gitea service + services.gitea = { + enable = true; + user = "git"; # So ssh cloning uses git@gitea + settings = { + server = { + HTTP_PORT = 3000; # Can't set as 80 without root permissions, use 3000 instead + }; + }; + }; + + # Networking, etc. + # Redirect 80 to 3000 + networking.nftables = { + enable = true; + ruleset = '' + table ip nat { + chain prerouting { + type nat hook prerouting priority 0; + tcp dport 80 redirect to :3000 + } + } + ''; + }; + networking.firewall.allowedTCPPorts = [ 3000 80 22 ]; # Still need to forward 3000 for nftables rule to work + networking.hostName = "gitea"; + + system.stateVersion = "25.05"; + }; + }; + }; +} diff --git a/modules/nixos/services/searxng.nix b/modules/nixos/services/searxng.nix new file mode 100644 index 0000000..8ed632e --- /dev/null +++ b/modules/nixos/services/searxng.nix @@ -0,0 +1,119 @@ +{ pkgs, lib, config, ... }: let + environmentFile = "/run/searx/searxng.env"; + generateEnvironmentFile = '' + umask 077 + echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile} + ls /run/searx + ''; +in { + options = { + searxng.enable = lib.mkEnableOption "enables searxng service"; + searxng.uwsgi.enable = lib.mkEnableOption "enables searxng uwsgi"; + }; + + config = lib.mkIf config.searxng.enable { + # Generate secret key + systemd.services.searx-environment-file = { + description = "Generate environment file with secret key for searx"; + wantedBy = [ "searx-init.service" ]; + partOf = [ "searx-init.service" ]; + before = [ "searx-init.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "searx"; + RuntimeDirectory = "searx"; + RuntimeDirectoryMode = "750"; + ConditionPathExists = "!${environmentFile}"; + }; + script = generateEnvironmentFile; + }; + + # Configure searxng + services.searx = { + enable = true; + redisCreateLocally = true; + package = pkgs.searxng; + inherit environmentFile; # Provides secret key + + # UWSGI configuration + runInUwsgi = config.searxng.uwsgi.enable; + + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + http = ":8888"; + chmod-socket = "660"; + }; + + settings = { + general = { + instance_name = "TJK Search"; + donation_url = "https://tjkeller.xyz"; + enable_metrics = false; + }; + + # Search engine settings + search = { + safe_search = 2; # Strict + autocomplete = ""; + default_lang = "en-US"; + }; + + preferences.lock = [ "safesearch" ]; # Lock safe_search at strict + + # https://docs.searxng.org/admin/plugins.html + enabled_plugins = [ + "Tor check plugin" + "Tracker URL remover" + "Basic Calculator" + "Unit converter plugin" + "Hash plugin" + "Self Information" + "Open Access DOI rewrite" + "Hostnames plugin" + ]; + + hostnames.replace = { + "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz"; + "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz"; + "(.*\.)?reddit\.com$" = "old.reddit.com"; + }; + + # Enable / disabled search engines from default list + engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) { + # Images + "artic" = false; + "deviantart" = false; + "flickr" = false; + "library of congress" = false; + "openverse" = false; + "pinterest" = false; + "public domain image archive" = false; + "unsplash" = false; + "wallhaven" = false; + "wikicommons.images" = false; + + # Videos + "bitchute" = true; + "dailymotion" = false; + "piped" = false; + "rumble" = true; + "sepiasearch" = false; + "vimeo" = false; + "wikicommons.videos" = false; + + # Music + "piped.music" = false; + + # Files + "1337x" = true; + "annas archive" = true; + "library genesis" = true; + + # Apps + "fdroid" = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix new file mode 100644 index 0000000..8f81474 --- /dev/null +++ b/modules/nixos/ssh.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: let + cfg = config.services._ssh; +in { + options.services._ssh = { + enable = lib.mkEnableOption "enable openssh with X11 forwarding"; + }; + + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + }; + }; + }; +} diff --git a/modules/nixos/sudo.nix b/modules/nixos/sudo.nix new file mode 100644 index 0000000..5fa2727 --- /dev/null +++ b/modules/nixos/sudo.nix @@ -0,0 +1,15 @@ +{ lib, config, ... }: let + cfg = config.security._sudo; +in { + options.security._sudo = { + enable = lib.mkEnableOption "enables sudo"; + }; + + #config = lib.mkIf cfg.enable { + config = { # TODO remove once can be built from flake w git + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; +} diff --git a/modules/nixos/suspend.nix b/modules/nixos/suspend.nix new file mode 100644 index 0000000..11404de --- /dev/null +++ b/modules/nixos/suspend.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: let + cfg = config.systemd._suspend; +in { + options.systemd._suspend = { + disable = lib.mkEnableOption "disables suspend"; + }; + + config = lib.mkIf cfg.disable { + # Disable suspend targets + systemd.targets = builtins.listToAttrs (map (name: { + inherit name; + value = { + enable = false; + unitConfig.DefaultDependencies = "no"; + }; + }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); + }; +} diff --git a/modules/overlays/crazydiskinfo/default.nix b/modules/overlays/crazydiskinfo/default.nix new file mode 100644 index 0000000..61de338 --- /dev/null +++ b/modules/overlays/crazydiskinfo/default.nix @@ -0,0 +1,41 @@ +{ lib +, cmake +, fetchFromGitHub +, fetchpatch +, libatasmart +, ncurses5 +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "crazydiskinfo"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "otakuto"; + repo = pname; + rev = "refs/tags/${version}"; + sha256 = "sha256-+6ShoaggQ256sLSJDj4d16OipUYX/4JjEwLL5hswjiQ="; + }; + + patches = [ + # Patch to fix build warnings + (fetchpatch { + url = "https://github.com/otakuto/crazydiskinfo/compare/1.1.0...8563aa8.diff"; + sha256 = "sha256-z9aOQFsivu6sYgsZBOlnTvqnoR2ro/jyuO/WOimLSXk="; + }) + ]; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ libatasmart ncurses5 ]; + + cmakeFlags = [ "-DCMAKE_INSTALL_PREFIX=$(out)" ]; + + meta = with lib; { + description = "CrazyDiskInfo is an interactive TUI S.M.A.R.T viewer for Unix systems"; + homepage = "https://github.com/otakuto/crazydiskinfo"; + mainProgram = "crazy"; + license = licenses.mit; + maintainers = [ maintainers.tjkeller ]; + }; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix new file mode 100644 index 0000000..1c0ed23 --- /dev/null +++ b/modules/overlays/default.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: { + nixpkgs.overlays = with pkgs; [ + (final: prev: { + crazydiskinfo = (callPackage ./crazydiskinfo {}); + lowbat = (callPackage ./lowbat {}); + workcentre-7800-series = (callPackage ./xerox-workcentre-7800-series-driver {}); + + # Use my vimv-rs until pr gets merged + vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "vimv-rs"; + rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; + sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; + }; + }); + + # Use my tamzen until pr gets merged + tamzen = prev.tamzen.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "tamzen-font"; + rev = "middledot"; + sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs="; + }; + }); + }) + (import ./st/overrides.nix) + (import ./xorg/overrides.nix) + ]; +} diff --git a/modules/overlays/lowbat/default.nix b/modules/overlays/lowbat/default.nix new file mode 100644 index 0000000..64ec205 --- /dev/null +++ b/modules/overlays/lowbat/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchzip +, glib +, libnotify +, pkg-config +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "lowbat"; + version = "1.2.2"; + + src = fetchzip { + url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; + sha256 = "sha256-utdcY9qoDcrBWnGC8m/LUsnoxQ0ilssPDF44A6D/C+8="; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libnotify glib ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "A minimal battery level monitor daemon, written in C"; + license = licenses.mit; + maintainers = [ maintainers.tjkeller ]; + }; +} diff --git a/modules/overlays/st/overrides.nix b/modules/overlays/st/overrides.nix new file mode 100644 index 0000000..2d0a37e --- /dev/null +++ b/modules/overlays/st/overrides.nix @@ -0,0 +1,19 @@ +final: prev: { + st = prev.st.overrideAttrs (finalAttrs: previousAttrs: { + version = "tj-0.9.2.3"; + + src = prev.fetchgit { + url = "https://git.tjkeller.xyz/${previousAttrs.pname}"; + tag = finalAttrs.version; + sha256 = "sha256-SQ62io4LWsPBvX8e9vUwVVXs/2+THoR6ZZoldQ6IUJk="; + }; + + makeFlags = previousAttrs.makeFlags ++ [ "CFLAGS=-Ofast" ]; + buildInputs = with prev.pkgs.xorg; previousAttrs.buildInputs ++ [ libXcursor libXext ]; + + meta = with prev.lib; previousAttrs.meta // { + homepage = "https://git.tjkeller.xyz/st"; + maintainers = previousAttrs.meta.maintainers ++ [ maintainers.tjkeller ]; + }; + }); +} diff --git a/modules/overlays/xerox-workcentre-7800-series-driver/default.nix b/modules/overlays/xerox-workcentre-7800-series-driver/default.nix new file mode 100644 index 0000000..cfdaaae --- /dev/null +++ b/modules/overlays/xerox-workcentre-7800-series-driver/default.nix @@ -0,0 +1,86 @@ +{ + stdenv, + lib, + fetchurl, + dpkg, + autoPatchelfHook, + cups, + xorg, +}: +let + debPlatform = + if stdenv.hostPlatform.system == "x86_64-linux" then + "x86_64" + else if stdenv.hostPlatform.system == "i686-linux" then + "i686" + else + throw "Unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation rec { + pname = "xerox-workcentre-7800-series-driver"; + version = "5.20.661.4684"; + debpkg = "XeroxOfficev5Pkg-Linux${debPlatform}-${version}.deb"; + + src = fetchurl { + url = "https://download.support.xerox.com/pub/drivers/CQ8580/drivers/linux/pt_BR/${debpkg}"; + sha256 = "014k0r9ij3401mnab1qzv96bjl9x7rf11aw1ibf0q370pk9jqqjb"; # TODO correct hash for i686 + }; + + nativeBuildInputs = [ dpkg autoPatchelfHook ]; + # TODO add support for disable xorg + buildInputs = [ + cups + stdenv.cc.cc.lib + xorg.libX11 + xorg.libXrender + xorg.libXfixes + xorg.libXdamage + xorg.libXcomposite + xorg.libXcursor + xorg.libXrandr + xorg.libXext + xorg.libXinerama + ]; + + sourceRoot = "."; + unpackCmd = "dpkg-deb -x $curSrc ."; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out + + # Copy and patch the binaries and libraries + cp -r opt $out/ + cp -r usr $out/ + + # Move the PPD to CUPS model dir + mkdir -p $out/share/cups/model + cp opt/XeroxOffice/prtsys/ppd/*.ppd $out/share/cups/model/ + + # Install the CUPS filters + mkdir -p $out/lib/cups/filter + cp usr/lib/cups/filter/* $out/lib/cups/filter/ + + # Install man pages + mkdir -p $out/share/man + cp -r usr/share/man/* $out/share/man/ + + runHook postInstall + ''; + + meta = with lib; { + description = "Xerox WorkCentre 7800 Series Linux Printer Driver"; + longDescription = '' + WorkCentre 7830/7835/7845/7855 + ''; + homepage = "https://www.support.xerox.com/en-us/product/workcentre-7800-series/downloads?platform=linux"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + #license = licenses.unfree; + maintainers = []; + platforms = platforms.linux; + }; +} diff --git a/modules/overlays/xorg/overrides.nix b/modules/overlays/xorg/overrides.nix new file mode 100644 index 0000000..7225431 --- /dev/null +++ b/modules/overlays/xorg/overrides.nix @@ -0,0 +1,20 @@ +final: prev: { + xorg = prev.xorg // { + # Apply startx patch to create serverauth file in /tmp instead of home directory + xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { + version = "1.4.4"; + patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from + # Override src since is hardcoded to 1.4.2 + src = prev.fetchurl { + url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; + }; + patches = [ + (prev.fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; + sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; + }) + ]; + })); + }; +} diff --git a/modules/root/autologin.nix b/modules/root/autologin.nix deleted file mode 100644 index 6e66160..0000000 --- a/modules/root/autologin.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, userDetails, ... }: { - options = { - autologin.enable = lib.mkEnableOption "enables getty automatic login"; - #autologin.user = lib.mkEnableOption "populate username"; - #autologin.password = lib.mkEnableOption "populate password"; - }; - - config = lib.mkIf config.autologin.enable { - services.getty = { - autologinUser = userDetails.username; - }; - }; -} diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix deleted file mode 100644 index 1f41c7e..0000000 --- a/modules/root/bluetooth.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: { - options = { - bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; - }; - - config = lib.mkIf config.bluetooth.enable { - hardware.bluetooth.enable = true; - services.blueman.enable = true; - }; -} diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix deleted file mode 100644 index 0a45264..0000000 --- a/modules/root/bootloader.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, config, ... }: { - options = { - bootloader.loader = lib.mkOption { - type = lib.types.enum [ "grub" "systemd-boot" ]; - default = "systemd-boot"; - description = "whether to install grub or systemd-boot as the bootloader"; - }; - bootloader.mode = lib.mkOption { - type = lib.types.enum [ "efi" "bios" ]; - default = "efi"; - description = "whether to install the bootloader in efi or bios mode"; - }; - bootloader.grub = { - biosDevice = lib.mkOption { - type = lib.types.str; - description = "device to install grub on"; - }; - }; - bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; - }; - - config = { - boot.loader = { - grub = { - enable = config.bootloader.loader == "grub"; - efiSupport = config.bootloader.mode == "efi"; - efiInstallAsRemovable = config.bootloader.mode == "efi"; - device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev"; - enableCryptodisk = true; - memtest86.enable = config.bootloader.memtest86.enable; - }; - systemd-boot = { - enable = config.bootloader.loader == "systemd-boot"; - editor = false; - memtest86.enable = config.bootloader.memtest86.enable; - }; - efi = lib.mkIf (config.bootloader.mode == "efi") { - efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi"; - canTouchEfiVariables = true; - }; - }; - }; -} diff --git a/modules/root/default.nix b/modules/root/default.nix deleted file mode 100644 index 8072525..0000000 --- a/modules/root/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: { - imports = [ - ./software - ./autologin.nix - ./bluetooth.nix - ./bootloader.nix - ./doas.nix - ./firewall.nix - ./fonts.nix - ./home-manager.nix - ./hosts.nix - ./localization.nix - ./nas.nix - ./net-iface-labels.nix - ./nix.nix - ./normaluser.nix - ./pipewire.nix - ./powerkeys.nix - ./printing.nix - ./secrets.nix - ./ssh.nix - ./suspend.nix - ./tlp.nix - ./udev.nix - ./wifi.nix - ./x11.nix - ./zsh.nix - ]; - - autologin.enable = lib.mkDefault true; - avahi.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault false; - doas.enable = lib.mkDefault true; - fonts.enable = lib.mkDefault true; - nas = { - enable = lib.mkDefault false; - home.enable = lib.mkDefault true; - home.automount = lib.mkDefault false; - office.enable = lib.mkDefault false; - office.automount = lib.mkDefault false; - }; - bootloader = { - mode = lib.mkDefault "bios"; - memtest86.enable = lib.mkDefault true; - }; - home-manager.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - printing.enable = lib.mkDefault true; - tlp.enable = lib.mkDefault true; - scanning.enable = lib.mkDefault true; - suspend.enable = lib.mkDefault true; - wifi.enable = lib.mkDefault true; - xserver.enable = lib.mkDefault true; - zsh.enable = lib.mkDefault true; -} diff --git a/modules/root/doas.nix b/modules/root/doas.nix deleted file mode 100644 index c6707ce..0000000 --- a/modules/root/doas.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, ... }: { - options = { - doas.enable = lib.mkEnableOption "enables doas"; - sudo.enable = lib.mkEnableOption "enables sudo"; - }; - - config = { - security = { - #sudo.enable = config.sudo.enable; - sudo.enable = true; # TODO remove once can be built from flake w git - sudo.wheelNeedsPassword = false; - doas.enable = config.doas.enable; - doas.extraRules = lib.mkIf config.doas.enable [{ - keepEnv = true; - }]; - doas.wheelNeedsPassword = false; - }; - }; -} diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix deleted file mode 100644 index e038cbe..0000000 --- a/modules/root/firewall.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - networking.firewall = { - allowedTCPPorts = [ - 8080 - ]; - }; -} diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix deleted file mode 100644 index 256e1ab..0000000 --- a/modules/root/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - fonts.enable = lib.mkEnableOption "enables fonts"; - }; - - config = lib.mkIf config.fonts.enable { - fonts.packages = with pkgs; [ - commit-mono - inter - nerd-fonts.jetbrains-mono - tamzen - ]; - }; -} diff --git a/modules/root/home-manager.nix b/modules/root/home-manager.nix deleted file mode 100644 index d271523..0000000 --- a/modules/root/home-manager.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - home-manager.enable = lib.mkEnableOption "enables home-manager"; - }; - - config = lib.mkIf config.home-manager.enable { - environment.systemPackages = with pkgs; [ - home-manager - ]; - }; -} diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix deleted file mode 100644 index cb526f2..0000000 --- a/modules/root/hosts.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ hostname, ... }: { - networking.hostName = hostname; # From flake.nix - networking.hosts = { - "192.168.1.9" = [ "optiplex" ]; - "192.168.1.30" = [ "localgit" ]; - "192.168.1.11" = [ "truenas-home" ]; - "192.168.77.11" = [ "truenas-office" ]; - "192.168.77.8" = [ "publicgit" "tjkeller" ]; - "192.168.77.3" = [ "devel" ]; - "173.9.253.3" = [ - "git.tjkeller.xyz" - "piped.tjkeller.xyz" - "search.tjkeller.xyz" - "tjkeller.xyz" - ]; - }; - environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications -} diff --git a/modules/root/localization.nix b/modules/root/localization.nix deleted file mode 100644 index 8313f07..0000000 --- a/modules/root/localization.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; - services.xserver.xkb.layout = "us"; -} diff --git a/modules/root/nas.nix b/modules/root/nas.nix deleted file mode 100644 index 0116ba3..0000000 --- a/modules/root/nas.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... } : -let - mkNetworkFileSystem = device: automount: { - device = "${device}"; - fsType = "nfs"; - options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; - }; -in { - options = { - nas = { - enable = lib.mkEnableOption "enable network shares"; - home = { - enable = lib.mkEnableOption "enable home network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - office = { - enable = lib.mkEnableOption "enable office network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - }; - }; - - config = lib.mkIf config.nas.enable { - fileSystems = lib.optionalAttrs config.nas.home.enable { - "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" config.nas.home.automount; - "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" config.nas.home.automount; - "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" config.nas.home.automount; - "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" config.nas.home.automount; - } // lib.optionalAttrs config.nas.office.enable { - "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" config.nas.office.automount; - "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" config.nas.office.automount; - "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" config.nas.office.automount; - }; - # TODO auto mkdirz - }; -} diff --git a/modules/root/net-iface-labels.nix b/modules/root/net-iface-labels.nix deleted file mode 100644 index 4949659..0000000 --- a/modules/root/net-iface-labels.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: let - validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null; - macAddressType = lib.types.str // { - check = validMac; - description = "a mac address (xx:xx:xx:xx:xx:xx)"; - }; -in { - options.networking.interfaceLabels = { - enable = lib.mkEnableOption "manually label network interfaces"; - interfaces = lib.mkOption { - type = lib.types.attrsOf macAddressType; - default = {}; - example = { - "lan0" = "00:11:22:33:44:55"; - "lan1" = "66:77:88:99:AA:BB"; - }; - description = "label network interfaces by their mac address"; - }; - }; - - config = lib.mkIf config.networking.interfaceLabels.enable { - networking.usePredictableInterfaceNames = false; - services.udev.extraRules = lib.concatStringsSep "\n" ( - lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') config.networking.interfaceLabels.interfaces - ); - }; -} diff --git a/modules/root/nix.nix b/modules/root/nix.nix deleted file mode 100644 index ff8dd28..0000000 --- a/modules/root/nix.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; - use-xdg-base-directories = true; - }; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; -} diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix deleted file mode 100644 index 50e9236..0000000 --- a/modules/root/normaluser.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, userDetails, ... }: { - options = { - users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; - }; - - config = { - # Load hashed root password secret - sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable { - sopsFile = ./resources/secrets/hashed-root-password.yaml; - neededForUsers = true; - }; - - # Set hashed password file if the setPassword option is enabled - users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; - - # Setup normal user - users.users.${userDetails.username} = { - home = userDetails.home; - description = userDetails.fullname; - isNormalUser = true; - extraGroups = [ - "i2c" - "libvirtd" - "nixbld" - "video" - "wheel" - ]; - hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; - }; - }; -} diff --git a/modules/root/pipewire.nix b/modules/root/pipewire.nix deleted file mode 100644 index fd97d42..0000000 --- a/modules/root/pipewire.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: { - options = { - pipewire.enable = lib.mkEnableOption "enables pipewire"; - }; - - config = lib.mkIf config.pipewire.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; -} diff --git a/modules/root/powerkeys.nix b/modules/root/powerkeys.nix deleted file mode 100644 index fd4aa00..0000000 --- a/modules/root/powerkeys.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.logind = { - hibernateKey = "suspend"; - powerKey = "ignore"; - powerKeyLongPress = "poweroff"; - }; -} diff --git a/modules/root/printing.nix b/modules/root/printing.nix deleted file mode 100644 index f0d0dd8..0000000 --- a/modules/root/printing.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - printing.enable = lib.mkEnableOption "enables printing"; - avahi.enable = lib.mkEnableOption "enables avahi"; - scanning.enable = lib.mkEnableOption "enables scanning"; - }; - - config = lib.mkIf config.printing.enable { - services.printing = { - enable = true; - drivers = [ - pkgs.epson-escpr2 - pkgs.workcentre-7800-series - ]; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - environment.systemPackages = with pkgs; pkgs.lib.optionals config.scanning.enable [ - epsonscan2 - ]; - - networking.hosts = { - "192.168.1.35" = [ "Epson_ET-8500" ]; - "192.168.77.40" = [ "Xerox_WorkCentre_7855" ]; - }; - - hardware.printers.ensurePrinters = [ - { - name = "Epson_ET-8500"; - description = "Epson ET-8500"; - location = "Home"; - deviceUri = "ipp://Epson_ET-8500:631/ipp/print"; - model = "epson-inkjet-printer-escpr2/Epson-ET-8500_Series-epson-escpr2-en.ppd"; - } - #{ - # name = "Xerox_WorkCentre_7855"; - # description = "Xerox WorkCentre 7855"; - # location = "Office"; - # deviceUri = "ipp://Xerox_WorkCentre_7855:631/ipp/print"; - # model = "everywhere IPP Everywhere"; - #} - ]; - hardware.printers.ensureDefaultPrinter = "Epson_ET-8500"; - }; -} diff --git a/modules/root/resources/secrets/hashed-root-password.yaml b/modules/root/resources/secrets/hashed-root-password.yaml deleted file mode 100644 index a42fd42..0000000 --- a/modules/root/resources/secrets/hashed-root-password.yaml +++ /dev/null @@ -1,25 +0,0 @@ -hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] -sops: - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF - alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 - OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG - RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy - bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 - WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT - UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx - Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq - tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-17T22:34:07Z" - mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/modules/root/resources/secrets/wpa_supplicant-conf.yaml b/modules/root/resources/secrets/wpa_supplicant-conf.yaml deleted file mode 100644 index 2fd7a0e..0000000 --- a/modules/root/resources/secrets/wpa_supplicant-conf.yaml +++ /dev/null @@ -1,16 +0,0 @@ -wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] -sops: - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz - ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM - b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 - ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A - +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-17T22:33:44Z" - mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix deleted file mode 100644 index 416bcde..0000000 --- a/modules/root/secrets.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ inputs, config, userDetails, ... }: { - imports = [ inputs.sops-nix.nixosModules.sops ]; - - sops = { - defaultSopsFormat = "yaml"; - age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ]; - }; -} diff --git a/modules/root/services/cgit.nix b/modules/root/services/cgit.nix deleted file mode 100644 index 366c1f8..0000000 --- a/modules/root/services/cgit.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ lib, pkgs, config, userDetails, ... }: -let - cfg = config.cgit; -in { - options = { - cgit = { - enable = lib.mkEnableOption "enables cgit service"; - hostAddress = lib.mkOption { - type = lib.types.str; - description = "hostAddress for the container"; - default = "10.0.1.1"; - }; - localAddress = lib.mkOption { - type = lib.types.str; - description = "localAddress for the container"; - default = "10.0.1.2"; - }; - rootTitle = lib.mkOption { - type = lib.types.str; - description = "cgit site title"; - default = ""; - }; - rootDesc = lib.mkOption { - type = lib.types.str; - description = "cgit site description"; - default = ""; - }; - extraConfig = lib.mkOption { - type = lib.types.str; - description = "cgitrc lines inserted verbatim at the end"; - default = ""; - }; - }; - }; - - config = lib.mkIf cfg.enable { - # Configure cgit container - containers.cgit = { - autoStart = true; - privateNetwork = true; - hostAddress = cfg.hostAddress; - localAddress = cfg.localAddress; - - specialArgs = { - authorizedKeys = userDetails.sshPublicKeys; - cgitrc = with cfg; { - inherit rootTitle; - inherit rootDesc; - inherit extraConfig; - }; - }; - - config = { lib, config, authorizedKeys, cgitrc, ... }: { - # Create git user for ssh access - users.users.git = { - isNormalUser = true; - home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo - group = "git"; - createHome = true; - homeMode = "750"; # Allow read permissions for group members - shell = pkgs.bash; - openssh.authorizedKeys.keys = authorizedKeys; - }; - users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit - - # Enable git - programs.git.enable = true; - - # Enable ssh service - services.openssh.enable = true; - - # Enable cgit service - services.lighttpd.enable = true; - services.lighttpd.cgit = { - enable = true; - #subdir = ""; # FIXME this does not work for some reason - configText = '' - # Based on joseluisq/alpine-cgit - root-title=${cgitrc.rootTitle} - root-desc=${cgitrc.rootDesc} - - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - - readme=:README.md - readme=:README.html - readme=:README.txt - readme=:README - readme=:INSTALL.md - readme=:INSTALL.html - readme=:INSTALL.txt - readme=:INSTALL - - # Cache - #cache-root=/var/cache/cgit - #cache-size=2000 - - enable-index-links=1 - enable-index-owner=0 - enable-remote-branches=1 - enable-log-filecount=1 - enable-log-linecount=1 - enable-git-config=1 - snapshots=tar.xz zip - - robots=noindex, nofollow - - virtual-root=/cgit - section-from-path=0 - max-repo-count=100 - scan-path=/srv/git - - # extra config - ${cgitrc.extraConfig} - ''; - }; - - # Networking, etc. - networking.firewall.allowedTCPPorts = [ 80 22 ]; - networking.hostName = "cgit"; - - system.stateVersion = "25.05"; - }; - }; - }; -} diff --git a/modules/root/services/gitea.nix b/modules/root/services/gitea.nix deleted file mode 100644 index 32c56db..0000000 --- a/modules/root/services/gitea.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, pkgs, config, userDetails, ... }: -let - cfg = config.gitea; -in { - options = { - gitea = { - enable = lib.mkEnableOption "enables gitea service"; - hostAddress = lib.mkOption { - type = lib.types.str; - description = "hostAddress for the container"; - default = "10.0.1.1"; - }; - localAddress = lib.mkOption { - type = lib.types.str; - description = "localAddress for the container"; - default = "10.0.1.3"; - }; - }; - }; - - config = lib.mkIf cfg.enable { - containers.gitea = { - autoStart = true; - privateNetwork = true; - hostAddress = cfg.hostAddress; - localAddress = cfg.localAddress; - - config = { lib, config, ... }: { - # Enable gitea service - services.gitea = { - enable = true; - user = "git"; # So ssh cloning uses git@gitea - settings = { - server = { - HTTP_PORT = 3000; # Can't set as 80 without root permissions, use 3000 instead - }; - }; - }; - - # Networking, etc. - # Redirect 80 to 3000 - networking.nftables = { - enable = true; - ruleset = '' - table ip nat { - chain prerouting { - type nat hook prerouting priority 0; - tcp dport 80 redirect to :3000 - } - } - ''; - }; - networking.firewall.allowedTCPPorts = [ 3000 80 22 ]; # Still need to forward 3000 for nftables rule to work - networking.hostName = "gitea"; - - system.stateVersion = "25.05"; - }; - }; - }; -} diff --git a/modules/root/services/searxng.nix b/modules/root/services/searxng.nix deleted file mode 100644 index 8ed632e..0000000 --- a/modules/root/services/searxng.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ pkgs, lib, config, ... }: let - environmentFile = "/run/searx/searxng.env"; - generateEnvironmentFile = '' - umask 077 - echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile} - ls /run/searx - ''; -in { - options = { - searxng.enable = lib.mkEnableOption "enables searxng service"; - searxng.uwsgi.enable = lib.mkEnableOption "enables searxng uwsgi"; - }; - - config = lib.mkIf config.searxng.enable { - # Generate secret key - systemd.services.searx-environment-file = { - description = "Generate environment file with secret key for searx"; - wantedBy = [ "searx-init.service" ]; - partOf = [ "searx-init.service" ]; - before = [ "searx-init.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "searx"; - RuntimeDirectory = "searx"; - RuntimeDirectoryMode = "750"; - ConditionPathExists = "!${environmentFile}"; - }; - script = generateEnvironmentFile; - }; - - # Configure searxng - services.searx = { - enable = true; - redisCreateLocally = true; - package = pkgs.searxng; - inherit environmentFile; # Provides secret key - - # UWSGI configuration - runInUwsgi = config.searxng.uwsgi.enable; - - uwsgiConfig = { - socket = "/run/searx/searx.sock"; - http = ":8888"; - chmod-socket = "660"; - }; - - settings = { - general = { - instance_name = "TJK Search"; - donation_url = "https://tjkeller.xyz"; - enable_metrics = false; - }; - - # Search engine settings - search = { - safe_search = 2; # Strict - autocomplete = ""; - default_lang = "en-US"; - }; - - preferences.lock = [ "safesearch" ]; # Lock safe_search at strict - - # https://docs.searxng.org/admin/plugins.html - enabled_plugins = [ - "Tor check plugin" - "Tracker URL remover" - "Basic Calculator" - "Unit converter plugin" - "Hash plugin" - "Self Information" - "Open Access DOI rewrite" - "Hostnames plugin" - ]; - - hostnames.replace = { - "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz"; - "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz"; - "(.*\.)?reddit\.com$" = "old.reddit.com"; - }; - - # Enable / disabled search engines from default list - engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) { - # Images - "artic" = false; - "deviantart" = false; - "flickr" = false; - "library of congress" = false; - "openverse" = false; - "pinterest" = false; - "public domain image archive" = false; - "unsplash" = false; - "wallhaven" = false; - "wikicommons.images" = false; - - # Videos - "bitchute" = true; - "dailymotion" = false; - "piped" = false; - "rumble" = true; - "sepiasearch" = false; - "vimeo" = false; - "wikicommons.videos" = false; - - # Music - "piped.music" = false; - - # Files - "1337x" = true; - "annas archive" = true; - "library genesis" = true; - - # Apps - "fdroid" = true; - }; - }; - }; - }; -} diff --git a/modules/root/software/awesome.nix b/modules/root/software/awesome.nix deleted file mode 100644 index fdc86e8..0000000 --- a/modules/root/software/awesome.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.awesome.enable = lib.mkEnableOption "enables awesomewm"; - }; - - config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) { - services.xserver.windowManager.awesome = { - enable = true; - noArgb = true; # disables transparency. why not? - luaModules = with pkgs.luajitPackages; [ - lgi - ]; - package = with pkgs; awesome.override { - gtk3Support = true; - gtk3 = gtk3; - lua = luajit; - }; - }; - }; -} diff --git a/modules/root/software/ddcutil.nix b/modules/root/software/ddcutil.nix deleted file mode 100644 index 0c62370..0000000 --- a/modules/root/software/ddcutil.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, lib, config ... }: { - options = { - programs.ddcutil.enable = lib.mkEnableOption "enables ddcutil and i2c control"; - }; - - config = lib.mkIf programs.ddcutil.enable { - hardware.i2c.enable = true; - environment.systemPackages = [ pkgs.ddcutil ]; - } -} diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix deleted file mode 100644 index 7adcb6a..0000000 --- a/modules/root/software/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: { - imports = [ - ./awesome.nix - ./ddcutil.nix - ./desktop.nix - ./development.nix - ./docker.nix - ./overlays.nix - ./system.nix - ./utilities.nix - ./virtualization.nix - ]; - - software.desktop = { - enable = lib.mkDefault config.xserver.enable; - chromium.enable = lib.mkDefault false; - cad.enable = lib.mkDefault false; - crypto.enable = lib.mkDefault false; - firefox.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault false; - office.enable = lib.mkDefault false; - utilities.enable = lib.mkDefault false; - }; - - software.development = { - enable = lib.mkDefault true; - docker = { - enable = lib.mkDefault false; - btrfsSupport = lib.mkDefault true; - }; - }; - - programs.ddcutil.enable = lib.mkDefault true; - virtualization.enable = lib.mkDefault false; - xserver.awesome.enable = lib.mkDefault true; -} diff --git a/modules/root/software/derivations b/modules/root/software/derivations deleted file mode 120000 index a075779..0000000 --- a/modules/root/software/derivations +++ /dev/null @@ -1 +0,0 @@ -../../../derivations \ No newline at end of file diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix deleted file mode 100644 index 4dcb215..0000000 --- a/modules/root/software/desktop.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.desktop = { - enable = lib.mkEnableOption "enables desktop apps"; - chromium = { - enable = lib.mkEnableOption "enables selected chromium browser package"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.ungoogled-chromium; - description = "chromium package to install"; - }; - }; - cad.enable = lib.mkEnableOption "enables cad and 3d printing apps"; - crypto.enable = lib.mkEnableOption "enables crypto wallet apps"; - firefox.enable = lib.mkEnableOption "enables firefox"; - graphics.enable = lib.mkEnableOption "enables graphic design apps"; - office.enable = lib.mkEnableOption "enables office apps"; - utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps"; - }; - }; - - config = lib.mkIf config.software.desktop.enable { - environment.systemPackages = with pkgs; [ - # Default - arandr - dmenu - libnotify - mpv - pavucontrol - pcmanfm - redshift - scrot - st - sxiv - wpa_supplicant_gui - zathura - ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ - # Chrome - config.software.desktop.chromium.package - ] ++ pkgs.lib.optionals config.software.desktop.cad.enable [ - # CAD - blender - freecad - prusa-slicer - ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ - # Crypto Wallets - sparrow - ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ - # Graphics - blender - geeqie - gimp3 - inkscape - ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ - # Office - hunspell # Spell checking in libreoffice - hunspellDicts.en_US - kdePackages.okular - libreoffice - pdfchain - thunderbird - ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [ - # Misc Utilities - jellyfin-mpv-shim - qbittorrent - qdirstat - remmina - ]; - - programs.localsend.enable = config.software.desktop.utilities.enable; # Installs & opens firewall - programs.firefox.enable = config.software.desktop.firefox.enable; - - # GVfs allows for mounting drives in a graphical file manager - services.gvfs.enable = true; - - # For home-manager to configure gtk - # TODO this should be there instead - programs.dconf.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix deleted file mode 100644 index af8a8a7..0000000 --- a/modules/root/software/development.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.development.enable = lib.mkEnableOption "enables development tools"; - }; - - config = lib.mkIf config.software.development.enable { - environment.systemPackages = with pkgs; [ - #adb-sync - android-tools - gcc - git - gnumake - hugo - lua - pkg-config - ]; - - # Open 1313 for hugo serve - networking.firewall.allowedTCPPorts = [ - 1313 - ]; - }; -} diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix deleted file mode 100644 index bf1898c..0000000 --- a/modules/root/software/docker.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, lib, config, userDetails, ... }: { - options = { - software.development.docker = { - enable = lib.mkEnableOption "enables docker"; - btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs"; - }; - }; - - config = lib.mkIf config.software.development.docker.enable { - virtualisation.docker = { - enable = true; - storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs"; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - - users.groups.docker.members = [ userDetails.username ]; - }; -} diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix deleted file mode 100644 index 2037c0d..0000000 --- a/modules/root/software/overlays.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, ... }: { - nixpkgs.overlays = with pkgs; [ - (final: prev: { - crazydiskinfo = (callPackage ./derivations/crazydiskinfo {}); - lowbat = (callPackage ./derivations/lowbat {}); - workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {}); - - # Use my vimv-rs until pr gets merged - vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { - src = fetchFromGitHub { - owner = "tjkeller-xyz"; - repo = "vimv-rs"; - rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; - sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; - }; - }); - - # Use my tamzen until pr gets merged - tamzen = prev.tamzen.overrideAttrs (oldAttrs: { - src = fetchFromGitHub { - owner = "tjkeller-xyz"; - repo = "tamzen-font"; - rev = "middledot"; - sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs="; - }; - }); - }) - (import ./derivations/st/overrides.nix) - ]; -} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix deleted file mode 100644 index 4c81596..0000000 --- a/modules/root/software/system.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - age # Secrets - cryptsetup - dash # TODO should be default /bin/sh - exfat - git # Needed for home-manager - ntfs3g - python3 - sops # Secrets - ]; - - services.gpm.enable = true; -} diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix deleted file mode 100644 index 79285a1..0000000 --- a/modules/root/software/utilities.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - crazydiskinfo - entr - fastfetch - ffmpeg - htop - jq - light - lm_sensors - lowbat - mediainfo - neovim - nmap - openssl - p7zip - pavolctld - powertop - pv - rsync - screen - smartmontools - sslscan - stress - testdisk - tmux - uhubctl - vimv-rs - wget - wireguard-tools - xxHash - yt-dlp - ]; -} diff --git a/modules/root/software/virtualization.nix b/modules/root/software/virtualization.nix deleted file mode 100644 index 36a51fc..0000000 --- a/modules/root/software/virtualization.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - virtualization.enable = lib.mkEnableOption "enables virtualization and virt-manager"; - }; - - config = lib.mkIf config.virtualization.enable { - virtualisation = { - spiceUSBRedirection.enable = true; - libvirtd.enable = true; - # Enable efi support with ovmf firmware - libvirtd.qemu = { - package = pkgs.qemu_kvm; - runAsRoot = true; - swtpm.enable = true; - ovmf.enable = true; - }; - }; - programs.virt-manager.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix deleted file mode 100644 index 9f6d54d..0000000 --- a/modules/root/ssh.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - }; - }; -} diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix deleted file mode 100644 index 814ae95..0000000 --- a/modules/root/suspend.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: { - options = { - suspend.enable = lib.mkEnableOption "enables suspend"; - }; - - config = lib.mkIf (! config.suspend.enable) { - # Disable suspend targets - systemd.targets = builtins.listToAttrs (map (name: { - inherit name; - value = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); - }; -} diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix deleted file mode 100644 index 3414c03..0000000 --- a/modules/root/tlp.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, config, ... }: { - options = { - tlp.enable = lib.mkEnableOption "enables tlp"; - }; - - config = lib.mkIf config.tlp.enable { - services.tlp.enable = true; - }; -} diff --git a/modules/root/udev.nix b/modules/root/udev.nix deleted file mode 100644 index 17ed204..0000000 --- a/modules/root/udev.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: { - services.udev.extraRules = '' - SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" - ''; -} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix deleted file mode 100644 index 9dbf233..0000000 --- a/modules/root/wifi.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... }: { - options = { - wifi.enable = lib.mkEnableOption "enables wifi"; - }; - - config = lib.mkIf config.wifi.enable { - networking.wireless = { - enable = true; # Enables wireless support via wpa_supplicant. - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) - }; - - # Load wpa_supplicant.conf secret config - sops.secrets.wpa_supplicant-conf = { - sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; - }; - - # Link /etc/wpa_supplicant.conf -> secret config - environment.etc."wpa_supplicant.conf" = { - source = config.sops.secrets.wpa_supplicant-conf.path; - }; - - # This service is a workaround to ensure that secrets are available on - # reboot when the secret keys are on a separate subvolume - systemd.services.npcnix-force-rebuild-sops-hack = { - wantedBy = [ "multi-user.target" ]; - before = [ "wpa_supplicant.service" ]; - serviceConfig = { - ExecStart = "/run/current-system/activate"; - Type = "oneshot"; - Restart = "on-failure"; # because oneshot - RestartSec = "10s"; - }; - }; - }; -} diff --git a/modules/root/x11.nix b/modules/root/x11.nix deleted file mode 100644 index f5a07b4..0000000 --- a/modules/root/x11.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.enable = lib.mkEnableOption "enables xserver"; - }; - - config = lib.mkIf config.xserver.enable { - services.xserver.enable = true; - services.xserver.displayManager.startx.enable = true; - services.libinput.enable = true; # Enable touchpad support - - # Apply startx patch to create serverauth file in /tmp instead of home directory - nixpkgs.overlays = with pkgs; [ - (final: prev: { - xorg = prev.xorg // { - xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { - version = "1.4.4"; - patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from - # Override src since is hardcoded to 1.4.2 - src = prev.fetchurl { - url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; - sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; - }; - patches = [ - (prev.fetchpatch { - url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; - sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; - }) - ]; - })); - }; - }) - ]; - - # Install basic X utilities - environment.systemPackages = with pkgs; [ - unclutter - xcape - xclip - xdotool - xorg.setxkbmap - xorg.xinput - xorg.xkill - xorg.xrandr - xorg.xset - xwallpaper - ]; - - # Enable TearFree option by default - # Not all video drivers support this option - services.xserver.deviceSection = '' - Option "TearFree" "true" - ''; - }; -} diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix deleted file mode 100644 index 697cb4c..0000000 --- a/modules/root/zsh.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - zsh.enable = lib.mkEnableOption "use zsh as default shell"; - }; - - config = lib.mkIf config.zsh.enable { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - }; -} diff --git a/rebuild b/rebuild index 7b02041..87a2a65 100755 --- a/rebuild +++ b/rebuild @@ -1,2 +1,2 @@ #!/bin/sh -nixos-rebuild switch --use-remote-sudo --flake "$(dirname "$0")/#$(hostname)" +nixos-rebuild switch --use-remote-sudo --flake "$(dirname "$0")/#$(hostname)" $@ -- cgit v1.2.3