talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restructure flake.nix for a simpler config for building different images off the same NixOS config.

Browse Source
This commit is contained in:
Tom Alexander
2025-10-11 00:08:02 -04:00
parent 69b5cf9217
commit 3bf84445a3
121 changed files with 2937 additions and 3074 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
nix/configuration/roles/2ship2harkinian/default.nix
View File

@@ -17,32 +17,27 @@
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
config = lib.mkIf (config.me.ship2harkinian.enable && config.me.graphical) {
allowedUnfree = [ "2ship2harkinian" ];
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
};
};
};
}

27
nix/configuration/roles/alacritty/default.nix
View File

@@ -7,6 +7,7 @@
{
imports = [ ];
options.me = {
alacritty.enable = lib.mkOption {
type = lib.types.bool;
@@ -16,21 +17,17 @@
};
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
config = lib.mkIf (config.me.alacritty.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
me.install.user.talexander.file = {
".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);
me.install.user.talexander.file = {
".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
};
}

46
nix/configuration/roles/amd_s2idle/default.nix
View File

@@ -17,31 +17,27 @@
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
config = lib.mkIf config.me.amd_s2idle.enable {
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
}
]
);
})
];
};
}

130
nix/configuration/roles/ansible/default.nix
View File

@@ -17,73 +17,69 @@
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ansible
];
config = lib.mkIf config.me.ansible.enable {
environment.systemPackages = with pkgs; [
ansible
];
nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
}
]
);
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
};
}

41
nix/configuration/roles/ares/default.nix
View File

@@ -17,28 +17,23 @@
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ares
];
config = lib.mkIf (config.me.ares.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
};
}

50
nix/configuration/roles/base/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
base.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install base.";
};
};
config = lib.mkIf config.me.base.enable {
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
};
}

42
nix/configuration/roles/bluetooth/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,30 +16,23 @@
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
config = lib.mkIf config.me.bluetooth.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
};
}

162
nix/configuration/roles/boot/default.nix
View File

@@ -9,90 +9,96 @@
{
imports = [ ];
options = {
me.secureBoot = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Enable to use secure boot.
'';
};
options.me = {
boot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install boot.";
};
boot.secure = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Enable to use secure boot.";
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
sbctl # For debugging and troubleshooting Secure Boot.
];
}
(lib.mkIf (!config.me.buildingIso) {
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
config = lib.mkIf config.me.boot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
sbctl # For debugging and troubleshooting Secure Boot.
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
}
(lib.mkIf (!config.me.buildingPortable) {
# boot.loader.systemd-boot.extraEntries = {
# "windows.conf" = ''
# title Windows
# efi /EFI/Microsoft/Boot/bootmgfw.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
# boot.loader.systemd-boot.extraEntries = {
# "windows.conf" = ''
# title Windows
# efi /EFI/Microsoft/Boot/bootmgfw.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
(lib.mkIf (config.me.boot.secure) {
environment.systemPackages = with pkgs; [
sbctl
];
};
})
(lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [
sbctl
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
})
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
})
]
);
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'

16
nix/configuration/roles/chromecast/default.nix
View File

@@ -17,15 +17,9 @@
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
config = lib.mkIf config.me.chromecast.enable {
environment.systemPackages = with pkgs; [
catt
];
};
}

99
nix/configuration/roles/chromium/default.nix
View File

@@ -17,59 +17,54 @@
};
};
config = lib.mkIf config.me.chromium.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
chromium
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
config = lib.mkIf (config.me.chromium.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
chromium
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
})
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
})
]
);
];
};
}

14
nix/configuration/roles/d2/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
config = lib.mkIf config.me.d2.enable {
environment.systemPackages = with pkgs; [
d2
];
};
}

48
nix/configuration/roles/direnv/default.nix
View File

@@ -25,31 +25,27 @@ in
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
config = lib.mkIf config.me.direnv.enable {
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
};
};
};
}

1
nix/configuration/roles/distributed_build/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:

32
nix/configuration/roles/doas/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
doas.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install doas.";
};
};
config = lib.mkIf config.me.doas.enable {
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
};
}

141
nix/configuration/roles/docker/default.nix
View File

@@ -17,82 +17,77 @@
};
};
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
config = lib.mkIf config.me.docker.enable {
assertions = [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
};
}

11
nix/configuration/roles/ecc/default.nix
View File

@@ -2,7 +2,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -18,11 +17,7 @@
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
hardware.rasdaemon.enable = true;
}
]
);
config = lib.mkIf config.me.ecc.enable {
hardware.rasdaemon.enable = true;
};
}

2
nix/configuration/roles/emacs/default.nix
View File

@@ -68,7 +68,7 @@ in
(e_shorthand my_emacs)
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

2
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -110,8 +110,6 @@
project-mode-line t
)
;; (setq-default fringes-outside-margins t)
;; Typed text replaces selection
(delete-selection-mode)

2
nix/configuration/roles/emacs/files/emacs/elisp/util-tree-sitter.el
View File

@@ -1,3 +1,5 @@
;; (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(use-package treesit
:pin manual
:ensure nil

22
nix/configuration/roles/emulate_isa/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,17 +16,12 @@
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
}
]
);
config = lib.mkIf config.me.emulate_isa.enable {
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
};
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

222
nix/configuration/roles/firefox/default.nix
View File

@@ -17,123 +17,119 @@
};
};
config = lib.mkIf config.me.firefox.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
config = lib.mkIf (config.me.firefox.enable && config.me.graphical) {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
# "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed";
# };
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
# "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed";
# };
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
})
]
);
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
};
}

30
nix/configuration/roles/firewall/default.nix
View File

@@ -1,20 +1,30 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
];
networking.firewall.allowedUDPPorts = [
5353 # mDNS
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
options.me = {
firewall.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firewall.";
};
};
config = lib.mkIf config.me.firewall.enable {
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
];
networking.firewall.allowedUDPPorts = [
5353 # mDNS
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
};
}

14
nix/configuration/roles/flux/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
config = lib.mkIf config.me.flux.enable {
environment.systemPackages = with pkgs; [
fluxcd
];
};
}

11
nix/configuration/roles/fonts/default.nix
View File

@@ -8,7 +8,16 @@
{
imports = [ ];
config = lib.mkIf config.me.graphical {
options.me = {
font.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install font.";
};
};
config = lib.mkIf (config.me.font.enable && config.me.graphical) {
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [

40
nix/configuration/roles/gcloud/default.nix
View File

@@ -17,27 +17,23 @@
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
config = lib.mkIf config.me.gcloud.enable {
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
};
}

99
nix/configuration/roles/git/default.nix
View File

@@ -21,6 +21,13 @@ in
imports = [ ];
options.me = {
git.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install git.";
};
git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
@@ -29,51 +36,53 @@ in
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_git
];
}
(lib.mkIf (config.me.git.config != null) {
me.install.user.talexander.file = {
".gitconfig" = {
source = config.me.git.config;
config = lib.mkIf config.me.git.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_git
];
}
(lib.mkIf (config.me.git.config != null) {
me.install.user.talexander.file = {
".gitconfig" = {
source = config.me.git.config;
};
};
};
})
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = (
pkgs.buildEnv {
name = prev.git.name;
version = prev.git.version;
paths =
(builtins.map (git_wrapped prev.git) [
"git"
])
++ [
prev.git
})
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = (
pkgs.buildEnv {
name = prev.git.name;
version = prev.git.version;
paths =
(builtins.map (git_wrapped prev.git) [
"git"
])
++ [
prev.git
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
nativeBuildInputs = [ final.makeWrapper ];
ignoreCollisions = true;
}
);
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = prev.git;
})
];
})
];
nativeBuildInputs = [ final.makeWrapper ];
ignoreCollisions = true;
}
);
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = prev.git;
})
];
})
]
);
}

14
nix/configuration/roles/gnuplot/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
config = lib.mkIf config.me.gnuplot.enable {
environment.systemPackages = with pkgs; [
gnuplot
];
};
}

198
nix/configuration/roles/gpg/default.nix
View File

@@ -25,109 +25,105 @@ in
};
};
config = lib.mkIf config.me.gpg.enable (
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz
config = lib.mkIf config.me.gpg.enable {
# Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
services.pcscd.enable = true;
};
};
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
programs.gnupg.agent.enableExtraSocket = true;
};
}

53
nix/configuration/roles/hydra/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,33 +16,29 @@
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
config = lib.mkIf config.me.hydra.enable {
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
}
]
);
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
};
}

29
nix/configuration/roles/image_based_appliance/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
image_based_appliance.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install image_based_appliance.";
};
};
config = lib.mkIf config.me.image_based_appliance.enable (
lib.mkMerge [
{
# Do not install nix. A full new image must be built to update
# the machine.
nix.enable = false;
system.switch.enable = false;
}
]
);
}

12
nix/configuration/roles/iso/default.nix
View File

@@ -1,18 +1,22 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me.buildingIso = lib.mkOption {
options.me.buildingPortable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we are building an ISO image.";
description = "Whether we are building a portable image (iso/sd). This would disable CPU-specific optimizations and persistent file mounts.";
};
options.me.mountPersistence = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we should mount persistent directories.";
};
}

16
nix/configuration/roles/iso_mount/default.nix
View File

@@ -32,14 +32,10 @@ in
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
config = lib.mkIf config.me.iso_mount.enable {
environment.systemPackages = [
iso_mount
iso_unmount
];
};
}

34
nix/configuration/roles/kanshi/default.nix
View File

@@ -26,27 +26,19 @@ in
};
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
config = lib.mkIf (config.me.kanshi.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
me.swayIncludes = [
exec_kanshi
];
me.install.user.talexander.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
})
]
);
me.install.user.talexander.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
};
}

130
nix/configuration/roles/kodi/default.nix
View File

@@ -17,75 +17,67 @@
};
};
config = lib.mkIf config.me.kodi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
config = lib.mkIf (config.me.kodi.enable && config.me.graphical) {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
nixpkgs.overlays = [
(final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [
joystick
vfs-sftp
]
);
})
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
nixpkgs.overlays = [
(final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [
joystick
vfs-sftp
]
);
})
]
);
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
};
}

62
nix/configuration/roles/kubernetes/default.nix
View File

@@ -56,38 +56,34 @@ in
};
};
config = lib.mkIf config.me.kubernetes.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
stern
alias_kx
alias_ks
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
decrypt_k8s_secret
ingress2gateway # Convert ingress yaml to gateway yaml
];
config = lib.mkIf config.me.kubernetes.enable {
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
stern
alias_kx
alias_ks
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
decrypt_k8s_secret
ingress2gateway # Convert ingress yaml to gateway yaml
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
}
]
);
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
};
}

68
nix/configuration/roles/latex/default.nix
View File

@@ -17,42 +17,36 @@
};
};
config = lib.mkIf config.me.latex.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tex
];
}
{
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
config = lib.mkIf config.me.latex.enable {
environment.systemPackages = with pkgs; [
tex
];
}
]
);
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
};
}

48
nix/configuration/roles/launch_keyboard/default.nix
View File

@@ -17,32 +17,28 @@
};
};
config = lib.mkIf config.me.launch_keyboard.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
config = lib.mkIf (config.me.launch_keyboard.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
})
]
);
};
};
};
}

2
nix/configuration/roles/lvfs/default.nix
View File

@@ -22,7 +22,7 @@
{
# TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{

34
nix/configuration/roles/memtest86/default.nix
View File

@@ -7,15 +7,27 @@
{
imports = [ ];
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true;
# })
];
options.me = {
memtest.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install memtest.";
};
};
config = lib.mkIf config.me.memtest.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingPortable) {
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true;
# })
]
);
}

205
nix/configuration/roles/network/default.nix
View File

@@ -2,7 +2,6 @@
config,
lib,
pkgs,
pkgs-dda3dcd3f,
...
}:
@@ -19,114 +18,108 @@
{
imports = [ ];
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
10.216.1.12 odo
10.216.1.14 neelix
10.216.1.15 quark
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
options.me = {
network.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install network.";
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
config = lib.mkIf config.me.network.enable {
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
boot.kernel.sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
"net.ipv4.tcp_mtu_probing" = 1;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
"net.ipv4.tcp_congestion_control" = "bbr";
# Don't do a slow start after a connection has been idle for a single RTO.
"net.ipv4.tcp_slow_start_after_idle" = 0;
# 3x time to accumulate filesystem changes before flushing to disk.
"vm.dirty_writeback_centisecs" = 1500;
# Adjust ttl
"net.ipv4.ip_default_ttl" = 65;
"net.ipv6.conf.all.hop_limit" = 65;
"net.ipv6.conf.default.hop_limit" = 65;
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
10.216.1.12 odo
10.216.1.14 neelix
10.216.1.15 quark
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
boot.kernel.sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
"net.ipv4.tcp_mtu_probing" = 1;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
"net.ipv4.tcp_congestion_control" = "bbr";
# Don't do a slow start after a connection has been idle for a single RTO.
"net.ipv4.tcp_slow_start_after_idle" = 0;
# 3x time to accumulate filesystem changes before flushing to disk.
"vm.dirty_writeback_centisecs" = 1500;
# Adjust ttl
"net.ipv4.ip_default_ttl" = 65;
"net.ipv6.conf.all.hop_limit" = 65;
"net.ipv6.conf.default.hop_limit" = 65;
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
];
};
};
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
}

41
nix/configuration/roles/nix_index/default.nix
View File

@@ -17,28 +17,23 @@
};
};
config = lib.mkIf config.me.nix_index.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
nix-index-unwrapped
config = lib.mkIf config.me.nix_index.enable {
environment.systemPackages = with pkgs; [
nix-index-unwrapped
];
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
};
};
};
}

45
nix/configuration/roles/nix_worker/default.nix
View File

@@ -13,7 +13,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -29,29 +28,25 @@
};
};
config = lib.mkIf config.me.nix_worker.enable (
lib.mkMerge [
{
nix.settings.trusted-users = [ "nixworker" ];
config = lib.mkIf config.me.nix_worker.enable {
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker";
# extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
};
users.groups.nixworker = { };
}
]
);
users.users.nixworker = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker";
# extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
};
users.groups.nixworker = { };
};
}

17
nix/configuration/roles/nvme/default.nix
View File

@@ -8,7 +8,18 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
nvme-cli
];
options.me = {
nvme.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nvme.";
};
};
config = lib.mkIf config.me.nvme.enable {
environment.systemPackages = with pkgs; [
nvme-cli
];
};
}

44
nix/configuration/roles/openpgp_card_tools/default.nix
View File

@@ -19,31 +19,27 @@
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
config = lib.mkIf config.me.openpgp_card_tools.enable {
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
};
}

6
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix
View File

@@ -9,13 +9,7 @@
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in

5
nix/configuration/roles/optimized_build/default.nix
View File

@@ -31,7 +31,6 @@
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
@@ -99,9 +98,10 @@
)
(final: prev: {
inherit (pkgs-unoptimized)
assimp
binaryen
gsl
rapidjson
assimp
;
})
];
@@ -115,6 +115,5 @@
}
]
))
];
}

136
nix/configuration/roles/pcsx2/default.nix
View File

@@ -17,77 +17,73 @@
};
};
config = lib.mkIf config.me.pcsx2.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
pcsx2
config = lib.mkIf (config.me.pcsx2.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
pcsx2
];
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Shaders, games list, and achievement data.
directory = ".config/PCSX2/cache";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Save states.
directory = ".config/PCSX2/sstates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Screenshots.
directory = ".config/PCSX2/snaps";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game covers.
directory = ".config/PCSX2/covers";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Video recordings.
directory = ".config/PCSX2/videos";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Shaders, games list, and achievement data.
directory = ".config/PCSX2/cache";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Save states.
directory = ".config/PCSX2/sstates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Screenshots.
directory = ".config/PCSX2/snaps";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game covers.
directory = ".config/PCSX2/covers";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Video recordings.
directory = ".config/PCSX2/videos";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Game saves
directory = ".config/PCSX2/memcards";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Game saves
directory = ".config/PCSX2/memcards";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
me.install.user.talexander.file = {
".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
};
})
]
);
me.install.user.talexander.file = {
".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
};
};
}

107
nix/configuration/roles/podman/default.nix
View File

@@ -17,64 +17,59 @@
};
};
config = lib.mkIf config.me.podman.enable (
lib.mkMerge [
config = lib.mkIf config.me.podman.enable {
assertions = [
{
assertions = [
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
}
{
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
};
};
};
}

63
nix/configuration/roles/python/default.nix
View File

@@ -17,38 +17,35 @@
};
};
config = lib.mkIf config.me.python.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
]))
poetry
pyright
isort
black
uv
];
config = lib.mkIf config.me.python.enable {
environment.systemPackages = with pkgs; [
# (python3.withPackages (python-pkgs: [
# python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# ]))
python3
poetry
pyright
isort
black
uv
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Poetry virtual environments.
directory = ".cache/pypoetry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Poetry virtual environments.
directory = ".cache/pypoetry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
};
}

16
nix/configuration/roles/qemu/default.nix
View File

@@ -52,14 +52,10 @@ in
};
};
config = lib.mkIf config.me.qemu.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
qemu
qemurc_wrapped
];
}
]
);
config = lib.mkIf config.me.qemu.enable {
environment.systemPackages = with pkgs; [
qemu
qemurc_wrapped
];
};
}

2
nix/configuration/roles/reset/default.nix
View File

@@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
...
}:

252
nix/configuration/roles/rpcs3/default.nix
View File

@@ -48,139 +48,135 @@ in
};
};
config = lib.mkIf config.me.rpcs3.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
rpcs3
];
config = lib.mkIf (config.me.rpcs3.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
rpcs3
];
security.pam.loginLimits = [
security.pam.loginLimits = [
{
domain = "@wheel";
item = "memlock";
type = "hard";
value = "unlimited";
}
{
domain = "@wheel";
item = "memlock";
type = "soft";
value = "unlimited";
}
];
me.install.user.talexander.file = {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
domain = "@wheel";
item = "memlock";
type = "hard";
value = "unlimited";
# Location of ROMs.
directory = ".config/rpcs3/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
domain = "@wheel";
item = "memlock";
type = "soft";
value = "unlimited";
directory = ".config/rpcs3/dev_hdd0";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
me.install.user.talexander.file = {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".config/rpcs3/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd0";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
};
}

184
nix/configuration/roles/rust/default.nix
View File

@@ -35,105 +35,101 @@ in
};
};
config = lib.mkIf config.me.rust.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
musl # for building static binaries
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
config = lib.mkIf config.me.rust.enable {
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
musl # for building static binaries
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
];
me.install.user.talexander.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".rustup";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".cargo/registry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
me.install.user.talexander.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
systemd.services.link-rust-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-rust-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
fi
'';
preStop = ''
rm -f /home/talexander/.cargo/credentials.toml
'';
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".rustup";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".cargo/registry";
user = "talexander";
group = "talexander";
mode = "0755";
}
nixpkgs.overlays = [
(final: prev: {
rustup = pkgs.symlinkJoin {
name = "rustup";
paths =
(builtins.map (cargo_wrapped prev.rustup) [
"cargo"
"cargo-clippy"
"cargo-fmt"
"cargo-miri"
"clippy-driver"
"rls"
"rust-analyzer"
"rust-gdb"
"rust-gdbgui"
"rust-lldb"
"rustc"
"rustdoc"
"rustfmt"
"rustup"
])
++ [
prev.rustup
];
};
nativeBuildInputs = [ pkgs.makeWrapper ];
};
systemd.services.link-rust-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-rust-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
fi
'';
preStop = ''
rm -f /home/talexander/.cargo/credentials.toml
'';
};
nixpkgs.overlays = [
(final: prev: {
rustup = pkgs.symlinkJoin {
name = "rustup";
paths =
(builtins.map (cargo_wrapped prev.rustup) [
"cargo"
"cargo-clippy"
"cargo-fmt"
"cargo-miri"
"clippy-driver"
"rls"
"rust-analyzer"
"rust-gdb"
"rust-gdbgui"
"rust-lldb"
"rustc"
"rustdoc"
"rustfmt"
"rustup"
])
++ [
prev.rustup
];
nativeBuildInputs = [ pkgs.makeWrapper ];
};
})
];
}
]
);
})
];
};
}
# TODO: Install clippy, cranelift, rust-src

14
nix/configuration/roles/sequoia/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.sequoia.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sequoia-sq
];
}
]
);
config = lib.mkIf config.me.sequoia.enable {
environment.systemPackages = with pkgs; [
sequoia-sq
];
};
}

188
nix/configuration/roles/shadps4/default.nix
View File

@@ -17,94 +17,118 @@
};
};
config = lib.mkIf config.me.shadps4.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shadps4
config = lib.mkIf (config.me.shadps4.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
shadps4
];
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.11.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHAD_PS4_PLUS_0_11_0";
hash = "sha256-puyINtFBTdMkOE2E9OnUlZ526vXHCWyKIWsZBaojQRk=";
fetchSubmodules = true;
};
};
});
})
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
fetchSubmodules = true;
};
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
shiboken2 = python-prev.shiboken2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2 = python-prev.pyside2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2-tools = python-prev.pyside2-tools.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
})
];
})
]
);
];
};
}

30
nix/configuration/roles/shikane/default.nix
View File

@@ -25,23 +25,19 @@ in
};
};
config = lib.mkIf config.me.shikane.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shikane
];
config = lib.mkIf (config.me.shikane.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
shikane
];
me.swayIncludes = [
exec_shikane
];
me.swayIncludes = [
exec_shikane
];
me.install.user.talexander.file = {
".config/shikane/config.toml" = {
source = ./files/config.toml;
};
};
})
]
);
me.install.user.talexander.file = {
".config/shikane/config.toml" = {
source = ./files/config.toml;
};
};
};
}

49
nix/configuration/roles/shipwright/default.nix
View File

@@ -17,32 +17,27 @@
};
};
config = lib.mkIf config.me.shipwright.enable (
lib.mkMerge [
{
allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shipwright
config = lib.mkIf (config.me.shipwright.enable && config.me.graphical) {
allowedUnfree = [ "shipwright" ];
environment.systemPackages = with pkgs; [
shipwright
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
};
};
};
}

74
nix/configuration/roles/sm64ex/default.nix
View File

@@ -17,47 +17,43 @@
};
};
config = lib.mkIf config.me.sm64ex.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ];
config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [
sm64ex
];
environment.systemPackages = with pkgs; [
sm64ex
];
# nixpkgs.overlays = [
# (final: prev: {
# sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64";
# };
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64";
# };
# })
# ];
nixpkgs.overlays = [
(final: prev: {
sm64ex = prev.sm64ex.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ final.libGL ];
});
})
];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
sm64ex = prev.sm64ex.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ final.libGL ];
});
})
]
);
];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
};
}

14
nix/configuration/roles/sops/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.sops.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sops # For encrypting kubernetes secrets.
];
}
]
);
config = lib.mkIf config.me.sops.enable {
environment.systemPackages = with pkgs; [
sops # For encrypting kubernetes secrets.
];
};
}

2
nix/configuration/roles/sound/default.nix
View File

@@ -72,7 +72,7 @@
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

50
nix/configuration/roles/spaghettikart/default.nix
View File

@@ -17,33 +17,27 @@
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
spaghettikart
config = lib.mkIf (config.me.spaghettikart.enable && config.me.graphical) {
allowedUnfree = [ "spaghettikart" ];
environment.systemPackages = with pkgs; [
spaghettikart
];
me.install.user.talexander.file = {
".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
me.install.user.talexander.file = {
".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
};
})
]
);
};
};
};
}

57
nix/configuration/roles/ssh/default.nix
View File

@@ -8,33 +8,44 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
sshfs
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
options.me = {
ssh.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ssh.";
};
};
me.install.user.root.file = {
".ssh/config" = {
source = ./files/ssh_config_root;
config = lib.mkIf config.me.ssh.enable {
environment.systemPackages = with pkgs; [
sshfs
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
};
};
};
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config;
me.install.user.root.file = {
".ssh/config" = {
source = ./files/ssh_config_root;
};
};
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config;
};
};
};
}

49
nix/configuration/roles/sshd/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
sshd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sshd.";
};
};
config = lib.mkIf config.me.sshd.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
files = [
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
}

55
nix/configuration/roles/steam/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,34 +16,30 @@
};
};
config = lib.mkIf config.me.steam.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
config = lib.mkIf (config.me.steam.enable && config.me.graphical) {
allowedUnfree = [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
".local/share/Steam"
".steam"
".factorio"
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/share/Steam"
".steam"
".factorio"
];
};
};
})
]
);
};
};
};
}

14
nix/configuration/roles/steam_run_free/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.steam_run_free.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
steam-run-free
];
}
]
);
config = lib.mkIf config.me.steam_run_free.enable {
environment.systemPackages = with pkgs; [
steam-run-free
];
};
}

6
nix/configuration/roles/sway/default.nix
View File

@@ -313,7 +313,7 @@ in
# Probably would be cleaner to use environment.sessionVariables but programs.sway.extraSessionCommands is sway-specific.
programs.sway.extraSessionCommands =
if config.me.buildingIso then
if config.me.buildingPortable then
''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export NIXOS_OZONE_WL=1 # Wayland support for chromium and electron
@@ -330,7 +330,7 @@ in
enable = true;
wrapperFeatures.gtk = true;
extraOptions =
if config.me.buildingIso then
if config.me.buildingPortable then
[
"--config"
"${sway-config}"
@@ -343,7 +343,7 @@ in
];
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [

9
nix/configuration/roles/sway/graphical_session_target.nix
View File

@@ -18,8 +18,9 @@ in
{
imports = [ ];
me.swayIncludes = lib.mkAfter [
start_sway_session
];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = lib.mkAfter [
start_sway_session
];
};
}

2
nix/configuration/roles/sway/iso.nix
View File

@@ -16,7 +16,7 @@ in
{
imports = [ ];
config = lib.mkIf (config.me.buildingIso && config.me.graphical && config.me.sway.enable) {
config = lib.mkIf (config.me.buildingPortable && config.me.graphical && config.me.sway.enable) {
# Launch a terminal at boot in the live ISO for when hotkeys don't work.
me.swayIncludes = [
launch_terminal

2
nix/configuration/roles/sway/rofimoji.nix
View File

@@ -22,7 +22,7 @@ in
rofimoji_sway_config
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

14
nix/configuration/roles/tekton/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.tekton.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tektoncd-cli
];
}
]
);
config = lib.mkIf config.me.tekton.enable {
environment.systemPackages = with pkgs; [
tektoncd-cli
];
};
}

2
nix/configuration/roles/terraform/default.nix
View File

@@ -34,7 +34,7 @@ in
"terraform"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

14
nix/configuration/roles/thunderbolt/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.thunderbolt.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
bolt # For boltctl
];
}
]
);
config = lib.mkIf config.me.thunderbolt.enable {
environment.systemPackages = with pkgs; [
bolt # For boltctl
];
};
}

59
nix/configuration/roles/user/default.nix Normal file
View File

@@ -0,0 +1,59 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
user.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to create my user.";
};
};
config = lib.mkIf config.me.user.enable {
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
};
}

23
nix/configuration/roles/uutils/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,17 +16,13 @@
};
};
config = lib.mkIf config.me.uutils.enable (
lib.mkMerge [
{
# environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
nixpkgs.overlays = [
(final: prev: {
coreutils = final.uutils-coreutils-noprefix;
coreutils-full = final.uutils-coreutils-noprefix;
})
];
}
]
);
config = lib.mkIf config.me.uutils.enable {
# environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
nixpkgs.overlays = [
(final: prev: {
coreutils = final.uutils-coreutils-noprefix;
coreutils-full = final.uutils-coreutils-noprefix;
})
];
};
}

14
nix/configuration/roles/vnc_client/default.nix
View File

@@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.vnc_client.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
wlvncc
];
})
]
);
config = lib.mkIf (config.me.vnc_client.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
wlvncc
];
};
}

76
nix/configuration/roles/vscode/default.nix
View File

@@ -17,46 +17,42 @@
};
};
config = lib.mkIf config.me.vscode.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"vscode"
"vscode-x86_64-unknown-linux-gnu-with-extensions"
"vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
config = lib.mkIf (config.me.vscode.enable && config.me.graphical) {
allowedUnfree = [
"vscode"
"vscode-x86_64-unknown-linux-gnu-with-extensions"
"vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
esbenp.prettier-vscode
]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "remote-ssh-edit";
# publisher = "ms-vscode-remote";
# version = "0.47.2";
# sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
# }
# ]
;
})
];
me.install.user.talexander.file = {
".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
esbenp.prettier-vscode
]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "remote-ssh-edit";
# publisher = "ms-vscode-remote";
# version = "0.47.2";
# sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
# }
# ]
;
})
]
);
];
me.install.user.talexander.file = {
".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
};
}

27
nix/configuration/roles/wasm/default.nix
View File

@@ -2,7 +2,6 @@
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
@@ -18,23 +17,11 @@
};
};
config = lib.mkIf config.me.wasm.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
binaryen # for wasm-opt
];
nixpkgs.overlays = [
(final: prev: {
inherit (pkgs-unoptimized)
binaryen
;
})
];
}
]
);
config = lib.mkIf config.me.wasm.enable {
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
binaryen # for wasm-opt
];
};
}

60
nix/configuration/roles/waybar/default.nix
View File

@@ -89,39 +89,35 @@ in
};
};
config = lib.mkIf config.me.waybar.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
waybar
waybar_available_memory
waybar_battery
waybar_clock
waybar_night_mode
waybar_sound
waybar_temperature
python3 # for clock TODO python should not be in the system packages, maybe switch to a venv? ref https://nixos.wiki/wiki/Python
bc # for temperature and sound
jq # for memory, battery, sound, night mode, and temperature
upower # for battery
wlsunset # for night mode
];
config = lib.mkIf (config.me.waybar.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
waybar
waybar_available_memory
waybar_battery
waybar_clock
waybar_night_mode
waybar_sound
waybar_temperature
python3 # for clock TODO python should not be in the system packages, maybe switch to a venv? ref https://nixos.wiki/wiki/Python
bc # for temperature and sound
jq # for memory, battery, sound, night mode, and temperature
upower # for battery
wlsunset # for night mode
];
me.swayIncludes = [
waybar_sway_config
];
me.swayIncludes = [
waybar_sway_config
];
services.upower.enable = true; # for battery
services.upower.enable = true; # for battery
me.install.user.talexander.file = {
".config/waybar/config" = {
source = ./files/waybar_config.json;
};
".config/waybar/style.css" = {
source = ./files/style.css;
};
};
})
]
);
me.install.user.talexander.file = {
".config/waybar/config" = {
source = ./files/waybar_config.json;
};
".config/waybar/style.css" = {
source = ./files/style.css;
};
};
};
}

90
nix/configuration/roles/wireguard/default.nix
View File

@@ -5,52 +5,72 @@
...
}:
let
activatedWg = name: {
networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf";
systemd.services."wg-quick-${name}" = {
after = [
"network-online.target"
"nss-lookup.target"
];
preStart = "${pkgs.toybox}/bin/sleep 3";
};
};
deactivatedWg = name: {
networking.wg-quick.interfaces."${name}" = {
configFile = "/persist/manual/wireguard/${name}.conf";
autostart = false;
};
};
wireguard_enable = (config.me.wireguard.activated != [ ] || config.me.wireguard.deactivated != [ ]);
wireguard_enable = (
(lib.attrsets.filterAttrs (name: value: value) config.me.wireguard.activated) != [ ]
|| (lib.attrsets.filterAttrs (name: value: value) config.me.wireguard.deactivated) != [ ]
);
in
{
imports = [ ];
options.me = {
wireguard.activated = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = false;
example = true;
default = { };
example = lib.literalExpression ''
{
wgh = true;
colo = lib.mkForce false;
}
'';
type = lib.types.coercedTo (lib.types.listOf lib.types.str) (
enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled)
) (lib.types.attrsOf lib.types.bool);
description = "List of wireguard config names that should be activated at boot.";
};
wireguard.deactivated = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = false;
example = true;
default = { };
example = lib.literalExpression ''
{
wgf = true;
drmario = lib.mkForce false;
}
'';
type = lib.types.coercedTo (lib.types.listOf lib.types.str) (
enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled)
) (lib.types.attrsOf lib.types.bool);
description = "List of wireguard config names that are not activated at boot but can be manually activated later.";
};
};
config = lib.mkIf wireguard_enable (
lib.mkMerge [
{
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
}
(activatedWg "drmario")
(activatedWg "wgh")
(activatedWg "colo")
(deactivatedWg "wgf")
]
);
config = lib.mkIf wireguard_enable {
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
networking.wg-quick.interfaces =
(builtins.mapAttrs (
name: value:
(lib.attrsets.optionalAttrs value {
configFile = "/persist/manual/wireguard/${name}.conf";
})
) config.me.wireguard.activated)
// (builtins.mapAttrs (
name: value:
(lib.attrsets.optionalAttrs value {
configFile = "/persist/manual/wireguard/${name}.conf";
autostart = false;
})
) config.me.wireguard.deactivated);
systemd.services = lib.attrsets.mapAttrs' (
name: value:
(lib.attrsets.nameValuePair "wg-quick-${name}" {
after = [
"network-online.target"
"nss-lookup.target"
];
preStart = "${pkgs.toybox}/bin/sleep 3";
})
) config.me.wireguard.activated;
};
}

16
nix/configuration/roles/yubikey/default.nix
View File

@@ -17,14 +17,10 @@
};
};
config = lib.mkIf config.me.yubikey.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
}
]
);
config = lib.mkIf config.me.yubikey.enable {
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
};
}

46
nix/configuration/roles/zfs/default.nix
View File

@@ -29,26 +29,40 @@ in
{
imports = [ ];
boot.zfs.devNodes = "/dev/disk/by-partuuid";
services.zfs = {
autoScrub = {
enable = true;
interval = "monthly";
options.me = {
zfs.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install zfs.";
};
trim.enable = true;
};
environment.systemPackages = with pkgs; [
zfs_clone_send
zfs_clone_recv
zfs_clone_resume
];
config = lib.mkIf config.me.zfs.enable {
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/etc/zfs/zpool.cache" # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools.
boot.zfs.devNodes = "/dev/disk/by-partuuid";
services.zfs = {
autoScrub = {
enable = true;
interval = "monthly";
};
trim.enable = true;
};
environment.systemPackages = [
zfs_clone_send
zfs_clone_recv
zfs_clone_resume
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/etc/zfs/zpool.cache" # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools.
];
};
};
}

77
nix/configuration/roles/zrepl/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -17,44 +16,40 @@
};
};
config = lib.mkIf config.me.zrepl.enable (
lib.mkMerge [
{
services.zrepl = {
enable = true;
settings = {
jobs = [
{
name = "snapjob";
type = "snap";
filesystems = {
"zroot/linux/nix/persist<" = true;
"zroot/bridge<" = true;
};
snapshotting = {
type = "periodic";
interval = "15m";
prefix = "zrepl_";
};
pruning = {
keep = [
{
type = "grid";
grid = "1x1h(keep=all) | 24x1h | 14x1d";
regex = "^zrepl_.*";
}
{
type = "regex";
negate = true;
regex = "^zrepl_.*";
}
];
};
}
];
};
};
}
]
);
config = lib.mkIf config.me.zrepl.enable {
services.zrepl = {
enable = true;
settings = {
jobs = [
{
name = "snapjob";
type = "snap";
filesystems = {
"zroot/linux/nix/persist<" = true;
"zroot/bridge<" = true;
};
snapshotting = {
type = "periodic";
interval = "15m";
prefix = "zrepl_";
};
pruning = {
keep = [
{
type = "grid";
grid = "1x1h(keep=all) | 24x1h | 14x1d";
regex = "^zrepl_.*";
}
{
type = "regex";
negate = true;
regex = "^zrepl_.*";
}
];
};
}
];
};
};
};
}

76
nix/configuration/roles/zsh/default.nix
View File

@@ -76,46 +76,42 @@ in
};
};
config = lib.mkIf config.me.zsh.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
zsh
config = lib.mkIf config.me.zsh.enable {
environment.systemPackages = with pkgs; [
zsh
];
users.users.talexander.shell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
};
me.install.user.talexander.file = {
".zshrc" = {
source = "${zshrc}";
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".histdb";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
users.users.talexander.shell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
};
me.install.user.talexander.file = {
".zshrc" = {
source = "${zshrc}";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".histdb";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
zsh-histdb = (final.callPackage ./package/zsh-histdb/package.nix { });
})
];
}
]
);
nixpkgs.overlays = [
(final: prev: {
zsh-histdb = (final.callPackage ./package/zsh-histdb/package.nix { });
})
];
};
}