diff --git a/flake.nix b/flake.nix index 781469b..2aeb7ae 100644 --- a/flake.nix +++ b/flake.nix @@ -1,128 +1,154 @@ { - inputs = { - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; - - nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11"; - nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - - home-manager.url = "github:nix-community/home-manager?ref=release-25.11"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; - - lanzaboote.url = "github:nix-community/lanzaboote?ref=master"; - lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - }; - outputs = { self, nixpkgs, ... }@inputs: let - supportedSystems = [ - "x86_64-linux" - "aarch64-darwin" + lib = import ./lib { inherit nixpkgs; }; + + inherit (lib) forEachSupportedSystem pkgsFor; + + commonModules = [ + ./modules/common/environment.nix + ./modules/common/nix.nix + ./modules/common/nixpkgs.nix + ./modules/common/programs.nix ]; - lib = import ./lib { inherit (inputs.nixpkgs) lib; }; - pkgsFor = - system: - import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; + darwinModules = [ + ./modules/darwin/homebrew.nix + ./modules/darwin/programs.nix + ]; - forEachSupportedSystem = - f: - inputs.nixpkgs.lib.genAttrs supportedSystems ( - system: - f { - inherit system; - pkgs = pkgsFor system; - } - ); + nixosModules = [ + inputs.lanzaboote.nixosModules.lanzaboote + ./modules/nixos/boot.nix + ./modules/nixos/environment.nix + ./modules/nixos/filesystems.nix + ./modules/nixos/fonts.nix + ./modules/nixos/hardware.nix + ./modules/nixos/networking.nix + ./modules/nixos/programs.nix + ./modules/nixos/security.nix + ./modules/nixos/services.nix + ./modules/nixos/system.nix + ]; + + systems = + let + inherit (inputs) + home-manager + lanzaboote + nix-darwin + nixpkgs + ; + inherit (nixpkgs.lib) + flatten + hasSuffix + mkAliasOptionModule + strings + mkOption + types + ; + + systemFn = + system: + if hasSuffix "darwin" system then + nix-darwin.lib.darwinSystem + else if hasSuffix "linux" system then + nixpkgs.lib.nixosSystem + else + throw "System: ${system} not supported."; + + homeModule = + system: + if hasSuffix "darwin" system then + home-manager.darwinModules.home-manager + else if hasSuffix "linux" system then + home-manager.nixosModules.home-manager + else + throw "System: ${system} not supported."; + + in + { + mkSystem = + system: + { + machine ? { }, + modules ? [ ], + specialArgs ? { }, + }: + systemFn system { + inherit specialArgs; + + modules = flatten ( + modules + ++ [ + ( + if hasSuffix "darwin" system then + home-manager.darwinModules.home-manager + else if hasSuffix "linux" system then + [ + lanzaboote.nixosModules.lanzaboote + ] + else + throw "System: ${system} not supported." + ) + + { nixpkgs.hostPlatform = "${system}"; } + + { + options.machine = { + mainUser = mkOption { + type = types.str; + description = "The main user of the machine"; + }; + + hostName = mkOption { + type = types.str; + description = "The name of the machine"; + }; + }; + } + { config.machine = machine; } + + ./modules/common/environment.nix + ./modules/common/nix.nix + ./modules/common/nixpkgs.nix + ./modules/common/programs.nix + + ./machines/${machine.hostName}.nix + ] + ); + }; + }; in { - nixosConfigurations."persephone" = nixpkgs.lib.nixosSystem { + nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" { + machine = { + hostName = "persephone"; + mainUser = "pml"; + }; modules = [ - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.home-manager - ( - { config, lib, ... }: - { - imports = [ - (lib.mkAliasOptionModule [ "hm" ] [ "home-manager" "users" "${config.machine.mainUser}" ]) - ]; - } - ) - - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - hm.programs.bat.enable = true; - hm.home.stateVersion = "25.11"; - } - - ./machines/persephone.nix - ( - { lib, ... }: - { - options.machine = { - fs = { - bootUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the XBOOTLDR partition."; - default = "9c2d7380-571d-4bc5-9ad2-e4888ce351be"; - }; - efiUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the ESP."; - default = "71E7-7A63"; - }; - luuksUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the encrypted root partition."; - default = "b0ace3a0-64f0-461e-a604-7f6788384d12"; - }; - cryptrootUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the decrypted root partition."; - default = "769362f6-43d4-4b83-a12c-d006c9bd6613"; - }; - }; - mainUser = lib.mkOption { - type = lib.types.str; - description = "The main user of the machine"; - default = "pml"; - }; - hostName = lib.mkOption { - type = lib.types.str; - description = "The name of the machine"; - default = "persephone"; - }; - }; - } - ) + ./modules/nixos/boot.nix + ./modules/nixos/environment.nix + ./modules/nixos/filesystems.nix + ./modules/nixos/fonts.nix + ./modules/nixos/hardware.nix + ./modules/nixos/networking.nix + ./modules/nixos/programs.nix + ./modules/nixos/security.nix + ./modules/nixos/services.nix + ./modules/nixos/system.nix ]; }; - darwinConfigurations."hermes" = inputs.nix-darwin.lib.darwinSystem { + darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" { + machine = { + hostName = "hermes"; + mainUser = "pml"; + }; modules = [ - { system.configurationRevision = self.rev or self.dirtyRev or null; } - ./machines/hermes.nix - ( - { lib, ... }: - { - options.machine = { - mainUser = lib.mkOption { - type = lib.types.str; - description = "The main user of the machine"; - default = "pml"; - }; - hostName = lib.mkOption { - type = lib.types.str; - description = "The name of the machine"; - default = "hermes"; - }; - }; - } - ) + ./modules/darwin/homebrew.nix + ./modules/darwin/programs.nix ]; }; @@ -140,4 +166,17 @@ formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style); }; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + + nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + + home-manager.url = "github:nix-community/home-manager?ref=release-25.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + lanzaboote.url = "github:nix-community/lanzaboote?ref=master"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + }; } diff --git a/lib/default.nix b/lib/default.nix index 408b164..0df675e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,33 @@ -{ lib, ... }: { + nixpkgs, + supportedSystems ? [ + "x86_64-linux" + "aarch64-darwin" + ], + ... +}: +let + inherit (nixpkgs.lib) genAttrs; + forEachSupportedSystem = + f: + genAttrs supportedSystems ( + system: + f { + inherit system; + pkgs = pkgsFor system; + } + ); + + pkgsFor = + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + }; + +in +nixpkgs.lib +// { + inherit forEachSupportedSystem pkgsFor; } diff --git a/machines/hermes.nix b/machines/hermes.nix index 7290392..7a20466 100644 --- a/machines/hermes.nix +++ b/machines/hermes.nix @@ -1,11 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ../profiles/minimal.nix - ../profiles/desktop.darwin.nix - ]; - environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems"; system.primaryUser = "pml"; diff --git a/machines/hermes/default.nix b/machines/hermes/default.nix deleted file mode 100644 index 918d775..0000000 --- a/machines/hermes/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ self, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.vim - ]; - - nix.settings.experimental-features = "nix-command flakes"; - - system.stateVersion = 6; - - nixpkgs.hostPlatform = "aarch64-darwin"; -} diff --git a/machines/persephone.nix b/machines/persephone.nix index 4a1dd15..c638620 100644 --- a/machines/persephone.nix +++ b/machines/persephone.nix @@ -4,13 +4,13 @@ pkgs, ... }: - +let + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in { - imports = [ - ../profiles/minimal.linux.nix - ../profiles/desktop.linux.nix - ]; - boot = { blacklistedKernelModules = [ "spd5118" @@ -24,14 +24,18 @@ kernelParams = [ "i915.enable_guc=3" ]; }; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "thunderbolt" - "nvme" - "ahci" - "usbhid" - "sd_mod" - ]; + boot.initrd = { + availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "ahci" + "usbhid" + "sd_mod" + ]; + luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}"; + + }; console = { keyMap = "us"; @@ -40,6 +44,18 @@ i18n.defaultLocale = "en_US.UTF-8"; + fileSystems."/".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/boot".device = "/dev/disk/by-uuid/${boot}"; + fileSystems."/efi".device = "/dev/disk/by-uuid/${esp}"; + fileSystems."/home".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/nix".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/cache".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/lib/machines".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/lib/portables".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/log".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/spool".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/tmp".device = "/dev/disk/by-uuid/${cryptroot}"; + hardware.enableRedistributableFirmware = true; hardware.bluetooth.enable = true; @@ -126,15 +142,6 @@ trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; }; - nixpkgs.config.allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "1password" - "1password-cli" - "nvidia-x11" - "nvidia-settings" - ]; - programs._1password.enable = true; services.hardware.openrgb = { @@ -159,16 +166,6 @@ "i2c" "wheel" ]; - packages = with pkgs; [ - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with vscode-extensions; [ - jnoortheen.nix-ide - mkhl.direnv - yzhang.markdown-all-in-one - ]; - }) - ]; }; # DO NOT EDIT diff --git a/modules/common/environment.nix b/modules/common/environment.nix new file mode 100644 index 0000000..5eaa263 --- /dev/null +++ b/modules/common/environment.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + getName + mkIf + mkMerge + optionalAttrs + ; + + cfg = config; +in +{ + config = mkMerge [ + { + environment.systemPackages = with pkgs; [ + chezmoi + direnv + git + curl + vim + wget + ]; + + users.users."${config.machine.mainUser}".packages = with pkgs; [ + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with vscode-extensions; [ + bbenoist.nix + jnoortheen.nix-ide + mkhl.direnv + ms-azuretools.vscode-docker + ms-python.python + ms-vscode-remote.remote-ssh + yzhang.markdown-all-in-one + ]; + }) + ]; + } + + (mkIf cfg.programs.zsh.enable { + environment.pathsToLink = [ "/share/zsh" ]; + }) + ]; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..2152dd9 --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + nix = { + package = pkgs.lixPackageSets.stable.lix; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + } + ]; +} diff --git a/modules/common/nixpkgs.nix b/modules/common/nixpkgs.nix new file mode 100644 index 0000000..b39820f --- /dev/null +++ b/modules/common/nixpkgs.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge optionalAttrs; +in +{ + config = mkMerge [ + { + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (getName pkg) [ + "1password-cli" + "1password" + "nvidia-settings" + "nvidia-x11" + "obsidian" + "vscode-extension-ms-vscode-remote-remote-ssh" + ]; + + } + + (optionalAttrs (builtins.pathExists ../../overlays) { + nixpkgs.overlays = [ + (import ../../overlays) + ]; + }) + ]; +} diff --git a/modules/common/programs.nix b/modules/common/programs.nix new file mode 100644 index 0000000..84a3051 --- /dev/null +++ b/modules/common/programs.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + programs.zsh.enable = true; + } + ]; +} diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix new file mode 100644 index 0000000..8ef53c5 --- /dev/null +++ b/modules/darwin/homebrew.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, ... }: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + homebrew = { + enable = true; + + casks = [ + "1password-cli" + "1password" + "adguard" + "alacritty" + "brave-browser" + "figma" + "firefox" + ]; + }; + } + ]; +} diff --git a/modules/darwin/programs.nix b/modules/darwin/programs.nix new file mode 100644 index 0000000..85dc430 --- /dev/null +++ b/modules/darwin/programs.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + programs.zsh = { + shellInit = '' + if [ -e "/opt/homebrew/bin/brew" ]; then + eval "$(/opt/homebrew/bin/brew shellenv)" + fi + ''; + }; + } + ]; +} diff --git a/modules/machine.nix b/modules/machine.nix new file mode 100644 index 0000000..12e9e32 --- /dev/null +++ b/modules/machine.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkAliasOptionModule + mkOption + types + ; +in +{ + options.machine = { + mainUser = mkOption { + type = types.str; + description = "The main user of the machine"; + }; + + hostName = mkOption { + type = types.str; + description = "The name of the machine"; + }; + + filesystem.uuid = { + boot = mkOption { + type = types.nullOr types.str; + description = "The UUID of the XBOOTLDR partition."; + default = null; + }; + + esp = mkOption { + type = types.nullOr types.str; + description = "The UUID of the ESP."; + default = null; + }; + + luks = mkOption { + type = types.nullOr types.str; + description = "The UUID of the encrypted root partition."; + default = null; + }; + + cryptroot = mkOption { + type = types.nullOr types.str; + description = "The UUID of the decrypted root partition."; + default = null; + }; + }; + }; + + config = lib.mkIf pkgs.stdenv.hostPlatform.isLinux { + assertions = [ + { + assertion = config.machine.filesystem.uuid.boot != null; + message = "machine.filesystem.uuid.boot must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.esp != null; + message = "machine.filesystem.uuid.esp must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.luks != null; + message = "machine.filesystem.uuid.luks must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.cryptroot != null; + message = "machine.filesystem.cryptroot.esp must be set on Linux systems"; + } + ]; + }; +} diff --git a/modules/nixos/boot.nix b/modules/nixos/boot.nix new file mode 100644 index 0000000..1c44dbe --- /dev/null +++ b/modules/nixos/boot.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge; + + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in +{ + config = mkMerge [ + { + boot.bootspec.enable = true; + boot.initrd = { + kernelModules = [ ]; + systemd.enable = true; + }; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "efi"; + }; + + boot.loader.systemd-boot = { + enable = lib.mkForce false; + xbootldrMountPoint = "/boot"; + }; + } + ]; +} diff --git a/modules/nixos/environment.nix b/modules/nixos/environment.nix new file mode 100644 index 0000000..bf4c650 --- /dev/null +++ b/modules/nixos/environment.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkIf mkMerge; +in +{ + config = mkMerge [ + { + environment.sessionVariables = { + EDITOR = "${pkgs.vim}/bin/vim"; + PAGER = "${pkgs.less}/bin/less"; + }; + + environment.systemPackages = with pkgs; [ + alacritty + brave + firefox + foliate + fuzzel + loupe + mpv + adwaita-icon-theme + ddcutil + gsettings-desktop-schemas + libva-utils + loupe + sbctl + vdpauinfo + ]; + } + + (mkIf config.programs.niri.enable { + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; + }) + + (mkIf config.programs._1password.enable { + environment.etc = { + "1password/custom_allowed_browsers" = { + text = '' + firefox + brave + ''; + mode = "0755"; + }; + }; + }) + ]; +} diff --git a/modules/nixos/filesystems.nix b/modules/nixos/filesystems.nix new file mode 100644 index 0000000..8f7f5b8 --- /dev/null +++ b/modules/nixos/filesystems.nix @@ -0,0 +1,94 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkMerge + mkOption + optionalAttrs + types + ; + + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in +{ + config = mkMerge [ + { + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/${boot}"; + fsType = "ext4"; + }; + + fileSystems."/efi" = { + device = "/dev/disk/by-uuid/${esp}"; + fsType = "vfat"; + options = [ + "fmask=0137" + "dmask=0027" + ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@root" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@nix" ]; + }; + + fileSystems."/var/cache" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_cache" ]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_log" ]; + }; + + fileSystems."/var/spool" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_spool" ]; + }; + + fileSystems."/var/tmp" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_tmp" ]; + }; + + fileSystems."/var/lib/machines" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_machines" ]; + }; + + fileSystems."/var/lib/portables" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_portables" ]; + }; + + swapDevices = [ ]; + } + ]; +} diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..7ec8c60 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, ... }: +let + inherit (lib) mkMerge; +in +{ + config = mkMerge [ + { + fonts.fontconfig = { + enable = true; + antialias = true; + hinting = { + enable = true; + style = "slight"; + }; + subpixel = { + rgba = "rgb"; + lcdfilter = "default"; + }; + defaultFonts = { + serif = [ + "SF Pro" + "DejaVu Serif" + ]; + sansSerif = [ + "SF Pro" + "DejaVu Sans" + ]; + monospace = [ + "Iosevka Cavalier" + "DejaVu Sans Mono" + ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + } + ]; +} diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix new file mode 100644 index 0000000..26bdb57 --- /dev/null +++ b/modules/nixos/hardware.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + modulesPath, + pkgs, + ... +}: +let + inherit (lib) mkDefault mkMerge; +in +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + config = mkMerge [ + { + hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; + + hardware.bluetooth = { + settings = { + General.Experimental = true; + }; + }; + } + ]; +} diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix new file mode 100644 index 0000000..049d464 --- /dev/null +++ b/modules/nixos/networking.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkDefault mkMerge optionalString; +in +{ + config = mkMerge [ + { + networking.dhcpcd = { + enable = config.networking.wireless.iwd.enable; + extraConfig = '' + ${optionalString config.services.resolved.enable "nohook resolv.conf"} + ''; + }; + + networking.hostName = "${config.machine.hostName}"; + networking.resolvconf.enable = !config.services.resolved.enable; + + networking.useDHCP = mkDefault true; + networking.wireless.iwd = { + settings = { + General = { + EnableNetworkConfiguration = !config.services.resolved.enable; + }; + Network = { + EnableIPv6 = true; + NameResolvingService = "systemd"; + }; + }; + }; + } + ]; +} diff --git a/modules/nixos/programs.nix b/modules/nixos/programs.nix new file mode 100644 index 0000000..df971c2 --- /dev/null +++ b/modules/nixos/programs.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkForce + mkIf + mkMerge + optionalAttrs + ; +in +{ + config = mkMerge [ + { + programs.dconf.enable = config.programs.niri.enable; + + programs.firefox = { + enable = true; + nativeMessagingHosts.packages = with pkgs; [ vdhcoapp ]; + }; + + programs.niri.enable = true; + + programs.regreet = { + enable = config.programs.niri.enable; + font.name = "SF Pro"; + font.size = 16; + font.package = pkgs.apple-fonts.sf-pro; + settings = { + GTK = { + font_name = mkForce "SF Pro 16"; + }; + }; + }; + } + + (mkIf config.programs._1password.enable { + programs._1password-gui = { + enable = true; + polkitPolicyOwners = [ "pml" ]; + }; + }) + ]; +} diff --git a/modules/nixos/security.nix b/modules/nixos/security.nix new file mode 100644 index 0000000..ccb7b55 --- /dev/null +++ b/modules/nixos/security.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge; +in +{ + config = mkMerge [ + { + security.polkit.enable = config.programs.niri.enable; + security.rtkit.enable = config.services.pipewire.enable; + } + ]; +} diff --git a/modules/nixos/services.nix b/modules/nixos/services.nix new file mode 100644 index 0000000..4a984f8 --- /dev/null +++ b/modules/nixos/services.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge optionalAttrs; +in +{ + config = mkMerge [ + { + services.avahi.enable = true; + services.openssh.enable = true; + + services.pipewire = { + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "2620:fe::fe#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + ]; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + } + ]; +} diff --git a/modules/nixos/system.nix b/modules/nixos/system.nix new file mode 100644 index 0000000..be90d4a --- /dev/null +++ b/modules/nixos/system.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkIf mkMerge; +in +{ + config = mkMerge [ + (mkIf config.services.hardware.openrgb.enable { + system.activationScripts.openrgbOff = '' + mkdir -p /var/lib/OpenRGB + cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp + chmod 0644 /var/lib/OpenRGB/off.orp + ''; + }) + ]; +} diff --git a/profiles/desktop.darwin.nix b/profiles/desktop.darwin.nix deleted file mode 100644 index d273bd0..0000000 --- a/profiles/desktop.darwin.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: - -{ - homebrew = { - enable = true; - - casks = [ - "1password" - "1password-cli" - "adguard" - "brave-browser" - ]; - }; - - programs.zsh = { - enable = true; - enableGlobalCompInit = false; - shellInit = '' - if [ -e "/opt/homebrew/bin/brew" ]; then - eval "$(/opt/homebrew/bin/brew shellenv)" - fi - ''; - }; -} diff --git a/profiles/desktop.linux.nix b/profiles/desktop.linux.nix deleted file mode 100644 index 1e4d046..0000000 --- a/profiles/desktop.linux.nix +++ /dev/null @@ -1,146 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkForce mkIf; -in -{ - environment = { - sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - - systemPackages = with pkgs; [ - adwaita-icon-theme - ddcutil - gsettings-desktop-schemas - libva-utils - sbctl - vdpauinfo - ]; - }; - - environment.etc = mkIf config.programs._1password-gui.enable { - "1password/custom_allowed_browsers" = { - text = '' - firefox - brave - ''; - mode = "0755"; - }; - }; - - fonts.fontconfig = { - enable = true; - antialias = true; - hinting = { - enable = true; - style = "slight"; - }; - subpixel = { - rgba = "rgb"; - lcdfilter = "default"; - }; - defaultFonts = { - serif = [ - "SF Pro" - "DejaVu Serif" - ]; - sansSerif = [ - "SF Pro" - "DejaVu Sans" - ]; - monospace = [ - "Iosevka Cavalier" - "DejaVu Sans Mono" - ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - - hardware.bluetooth = mkIf config.hardware.bluetooth.enable { - settings = { - General.Experimental = true; - }; - }; - - networking.wireless.iwd = { - enable = true; - settings = { - General = { - EnableNetworkConfiguration = false; # Let dhcpcd handle this - }; - Network = { - EnableIPv6 = true; - NameResolvingService = "systemd"; - }; - }; - }; - - networking.dhcpcd = { - enable = true; - extraConfig = '' - nohook resolv.conf # Don't let dhcpcd manage resolv.conf - ''; - }; - - networking.resolvconf.enable = !config.services.resolved.enable; - - programs._1password-gui = mkIf config.programs._1password.enable { - enable = true; - polkitPolicyOwners = [ "pml" ]; - }; - - programs.dconf.enable = config.programs.niri.enable; - programs.niri.enable = true; - - programs.regreet = { - enable = true; - font.name = "SF Pro"; - font.size = 16; - font.package = pkgs.apple-fonts.sf-pro; - settings = { - GTK = { - font_name = mkForce "SF Pro 16"; - }; - }; - }; - - programs.zsh.enable = true; - - security.polkit.enable = config.programs.niri.enable; - security.rtkit.enable = config.services.pipewire.enable; - - services.pipewire = mkIf config.services.pipewire.enable { - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "2620:fe::fe#dns.quad9.net" - "2620:fe::9#dns.quad9.net" - ]; - extraConfig = '' - DNSOverTLS=yes - ''; - }; - - system.activationScripts.openrgbOff = - mkIf (config.services.hardware.openrgb.startupProfile == "off") - '' - mkdir -p /var/lib/OpenRGB - cp ${../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp - chmod 0644 /var/lib/OpenRGB/off.orp - ''; -} diff --git a/profiles/minimal.linux.nix b/profiles/minimal.linux.nix deleted file mode 100644 index 13a9ac9..0000000 --- a/profiles/minimal.linux.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -let - inherit (lib) mkDefault; - - bootUUID = config.machine.fs.bootUUID; - efiUUID = config.machine.fs.efiUUID; - luuksUUID = config.machine.fs.luuksUUID; - cryptrootUUID = config.machine.fs.cryptrootUUID; -in -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./minimal.nix - ]; - - boot.bootspec.enable = true; - boot.initrd = { - kernelModules = [ ]; - luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}"; - systemd.enable = true; - }; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - - boot.loader.efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "efi"; - }; - - boot.loader.systemd-boot = { - enable = lib.mkForce false; - xbootldrMountPoint = "/boot"; - }; - - environment.sessionVariables = { - EDITOR = "${pkgs.vim}/bin/vim"; - PAGER = "${pkgs.less}/bin/less"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/${bootUUID}"; - fsType = "ext4"; - }; - - fileSystems."/efi" = { - device = "/dev/disk/by-uuid/${efiUUID}"; - fsType = "vfat"; - options = [ - "fmask=0137" - "dmask=0027" - ]; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@root" ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@nix" ]; - }; - - fileSystems."/var/cache" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_cache" ]; - }; - - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_log" ]; - }; - - fileSystems."/var/spool" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_spool" ]; - }; - - fileSystems."/var/tmp" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_tmp" ]; - }; - - fileSystems."/var/lib/machines" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_machines" ]; - }; - - fileSystems."/var/lib/portables" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_portables" ]; - }; - - networking.useDHCP = mkDefault true; - - services.avahi.enable = true; - services.openssh.enable = true; - - swapDevices = [ ]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/profiles/minimal.nix b/profiles/minimal.nix deleted file mode 100644 index 1622c48..0000000 --- a/profiles/minimal.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkDefault; -in -{ - environment.pathsToLink = [ "/share/zsh" ]; - - environment.systemPackages = with pkgs; [ - curl - git - vim - wget - ]; - - networking.hostName = "${config.machine.hostName}"; - - nix.package = pkgs.lixPackageSets.stable.lix; - - nix.settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - - nixpkgs.overlays = [ - (import ../overlays) - ]; -}