monologiq/systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP2

Browse source
This commit is contained in:
monologiq 2025-12-27 00:37:11 +01:00
parent 92f83235e0
commit 62778d8519
25 changed files with 647 additions and 529 deletions
Download patch file Download diff file Expand all files Collapse all files

123
flake.nix
View file

@ -19,6 +19,8 @@
hasSuffix hasSuffix
mkAliasOptionModule mkAliasOptionModule
strings strings
mkOption
types
; ;
systemFn = systemFn =
@ -44,7 +46,6 @@
mkSystem = mkSystem =
system: system:
{ {
profile ? "minimal",
machine ? { }, machine ? { },
modules ? [ ], modules ? [ ],
specialArgs ? { }, specialArgs ? { },
@ -60,117 +61,69 @@
home-manager.darwinModules.home-manager home-manager.darwinModules.home-manager
else if hasSuffix "linux" system then else if hasSuffix "linux" system then
[ [
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
] ]
else else
throw "System: ${system} not supported." throw "System: ${system} not supported."
) )
./modules/machine.nix { nixpkgs.hostPlatform = "${system}"; }
./profiles/${strings.concatStrings (lib.drop 1 (strings.splitString "-" system))}/${profile}.nix
./machines/${machine.hostName}/system.nix
{
imports = [
(mkAliasOptionModule
[ "hm" ]
[
"home-manager"
"users"
"${machine.mainUser}"
]
)
];
config = { {
machine = machine; options.machine = {
home-manager.useGlobalPkgs = true; mainUser = mkOption {
home-manager.useUserPackages = true; type = types.str;
} description = "The main user of the machine";
// lib.optionalAttrs (lib.hasSuffix "linux" system) { };
hm.home.homeDirectory = "/home/${machine.mainUser}";
} hostName = mkOption {
// lib.optionalAttrs (lib.hasSuffix "darwin" system) { type = types.str;
users.users.${machine.mainUser}.home = "/Users/pml"; description = "The name of the machine";
nixpkgs.config.allowUnfreePredicate = };
pkg:
builtins.elem (lib.getName pkg) [
"obsidian"
];
}; };
} }
{ config.machine = machine; }
./modules/common/environment.nix
./modules/common/nix.nix
./modules/common/nixpkgs.nix
./modules/common/programs.nix
./machines/${machine.hostName}.nix
] ]
); );
}; };
}; };
mkDarwinSystem =
{
modules ? [ ],
machine,
specialArgs ? { },
system ? { },
home ? { },
}:
inputs.nix-darwin.lib.darwinSystem {
specialArgs = specialArgs // {
inherit inputs;
};
modules = [
{ system.configurationRevision = self.rev or self.dirtyRev or null; }
inputs.home-manager.darwinModules.home-manager
./modules/machine.nix
./machines/${machine.hostName}/system.nix
{ config.machine = machine; }
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
environment.etc = {
"1password" = {
target = "1password/custom_allowed_browsers";
enable = true;
text = ''
firefox
brave
'';
# mode = "0755";
};
};
}
(
{ config, ... }:
{
users.users.pml.home = "/Users/pml";
hm.home.username = "pml";
}
)
]
++ modules;
};
in in
{ {
nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" { nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" {
profile = "desktop";
machine = { machine = {
hostName = "persephone"; hostName = "persephone";
mainUser = "pml"; mainUser = "pml";
filesystem.uuid = {
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
};
}; };
modules = [ ./home.nix ]; modules = [
./modules/nixos/boot.nix
./modules/nixos/environment.nix
./modules/nixos/filesystems.nix
./modules/nixos/fonts.nix
./modules/nixos/hardware.nix
./modules/nixos/networking.nix
./modules/nixos/programs.nix
./modules/nixos/security.nix
./modules/nixos/services.nix
./modules/nixos/system.nix
];
}; };
darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" { darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" {
profile = "desktop";
machine = { machine = {
hostName = "hermes"; hostName = "hermes";
mainUser = "pml"; mainUser = "pml";
}; };
modules = [ ./home.nix ]; modules = [
./modules/darwin/homebrew.nix
./modules/darwin/programs.nix
];
}; };
devShells = forEachSupportedSystem ( devShells = forEachSupportedSystem (

72
home.nix
View file

@ -1,72 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf;
in
{
hm = {
programs.alacritty = {
enable = true;
};
programs.brave = {
enable = pkgs.stdenv.hostPlatform.isLinux;
};
programs.direnv = {
enable = true;
enableZshIntegration = true;
};
programs.firefox.enable = true;
programs.fuzzel.enable = pkgs.stdenv.hostPlatform.isLinux;
programs.git = {
enable = true;
settings = {
user = {
name = "monologiq";
email = "git@pmlogue.me";
};
};
};
programs.mpv.enable = true;
programs.obsidian = {
enable = true;
defaultSettings = {
appearance = {
theme = "native";
};
};
vaults."Notes" = {
enable = true;
target = "Documents/Notes";
};
};
programs.rtorrent.enable = true;
programs.vscode = {
enable = true;
package = pkgs.vscodium;
profiles.default.extensions = with pkgs.vscode-extensions; [
jnoortheen.nix-ide
mkhl.direnv
yzhang.markdown-all-in-one
];
};
programs.zsh = {
enable = config.programs.zsh.enable;
enableCompletion = true;
};
home.stateVersion = "25.11";
};
}

2
lib/default.nix
View file

@ -8,7 +8,7 @@
}: }:
let let
inherit (nixpkgs.lib) genAttrs; inherit (nixpkgs.lib) genAttrs;
forEachSupportedSystem = forEachSupportedSystem =
f: f:
genAttrs supportedSystems ( genAttrs supportedSystems (

0
machines/hermes/system.nix → machines/hermes.nix
View file

59
machines/persephone/system.nix → machines/persephone.nix
View file

@ -4,7 +4,12 @@
pkgs, pkgs,
... ...
}: }:
let
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{ {
boot = { boot = {
blacklistedKernelModules = [ blacklistedKernelModules = [
@ -19,14 +24,18 @@
kernelParams = [ "i915.enable_guc=3" ]; kernelParams = [ "i915.enable_guc=3" ];
}; };
boot.initrd.availableKernelModules = [ boot.initrd = {
"xhci_pci" availableKernelModules = [
"thunderbolt" "xhci_pci"
"nvme" "thunderbolt"
"ahci" "nvme"
"usbhid" "ahci"
"sd_mod" "usbhid"
]; "sd_mod"
];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}";
};
console = { console = {
keyMap = "us"; keyMap = "us";
@ -35,6 +44,18 @@
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
fileSystems."/".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/boot".device = "/dev/disk/by-uuid/${boot}";
fileSystems."/efi".device = "/dev/disk/by-uuid/${esp}";
fileSystems."/home".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/nix".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/cache".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/machines".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/portables".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/log".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/spool".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/tmp".device = "/dev/disk/by-uuid/${cryptroot}";
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
@ -121,16 +142,6 @@
trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ];
}; };
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"1password"
"1password-cli"
"nvidia-x11"
"nvidia-settings"
"obsidian"
];
programs._1password.enable = true; programs._1password.enable = true;
services.hardware.openrgb = { services.hardware.openrgb = {
@ -155,16 +166,6 @@
"i2c" "i2c"
"wheel" "wheel"
]; ];
packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
jnoortheen.nix-ide
mkhl.direnv
yzhang.markdown-all-in-one
];
})
];
}; };
# DO NOT EDIT # DO NOT EDIT

49
modules/common/environment.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
getName
mkIf
mkMerge
optionalAttrs
;
cfg = config;
in
{
config = mkMerge [
{
environment.systemPackages = with pkgs; [
chezmoi
direnv
git
curl
vim
wget
];
users.users."${config.machine.mainUser}".packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
jnoortheen.nix-ide
mkhl.direnv
ms-azuretools.vscode-docker
ms-python.python
ms-vscode-remote.remote-ssh
yzhang.markdown-all-in-one
];
})
];
}
(mkIf cfg.programs.zsh.enable {
environment.pathsToLink = [ "/share/zsh" ];
})
];
}

24
modules/common/nix.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
nix = {
package = pkgs.lixPackageSets.stable.lix;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
};
}
];
}

32
modules/common/nixpkgs.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge optionalAttrs;
in
{
config = mkMerge [
{
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (getName pkg) [
"1password-cli"
"1password"
"nvidia-settings"
"nvidia-x11"
"obsidian"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
}
(optionalAttrs (builtins.pathExists ../../overlays) {
nixpkgs.overlays = [
(import ../../overlays)
];
})
];
}

16
modules/common/programs.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh.enable = true;
}
];
}

23
modules/darwin/homebrew.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, pkgs, ... }:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
homebrew = {
enable = true;
casks = [
"1password-cli"
"1password"
"adguard"
"alacritty"
"brave-browser"
"figma"
"firefox"
];
};
}
];
}

22
modules/darwin/programs.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh = {
shellInit = ''
if [ -e "/opt/homebrew/bin/brew" ]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
};
}
];
}

40
modules/nixos/boot.nix Normal file
View file

@ -0,0 +1,40 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
}
];
}

54
modules/nixos/environment.nix Normal file
View file

@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
{
environment.sessionVariables = {
EDITOR = "${pkgs.vim}/bin/vim";
PAGER = "${pkgs.less}/bin/less";
};
environment.systemPackages = with pkgs; [
alacritty
brave
firefox
foliate
fuzzel
loupe
mpv
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
loupe
sbctl
vdpauinfo
];
}
(mkIf config.programs.niri.enable {
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
})
(mkIf config.programs._1password.enable {
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
})
];
}

94
modules/nixos/filesystems.nix Normal file
View file

@ -0,0 +1,94 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkMerge
mkOption
optionalAttrs
types
;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${boot}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${esp}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
}
];
}

37
modules/nixos/fonts.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
}
];
}

27
modules/nixos/hardware.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge;
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = mkMerge [
{
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth = {
settings = {
General.Experimental = true;
};
};
}
];
}

37
modules/nixos/networking.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge optionalString;
in
{
config = mkMerge [
{
networking.dhcpcd = {
enable = config.networking.wireless.iwd.enable;
extraConfig = ''
${optionalString config.services.resolved.enable "nohook resolv.conf"}
'';
};
networking.hostName = "${config.machine.hostName}";
networking.resolvconf.enable = !config.services.resolved.enable;
networking.useDHCP = mkDefault true;
networking.wireless.iwd = {
settings = {
General = {
EnableNetworkConfiguration = !config.services.resolved.enable;
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
}
];
}

47
modules/nixos/programs.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkForce
mkIf
mkMerge
optionalAttrs
;
in
{
config = mkMerge [
{
programs.dconf.enable = config.programs.niri.enable;
programs.firefox = {
enable = true;
nativeMessagingHosts.packages = with pkgs; [ vdhcoapp ];
};
programs.niri.enable = true;
programs.regreet = {
enable = config.programs.niri.enable;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
}
(mkIf config.programs._1password.enable {
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
})
];
}

17
modules/nixos/security.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
security.polkit.enable = config.programs.niri.enable;
security.rtkit.enable = config.services.pipewire.enable;
}
];
}

39
modules/nixos/services.nix Normal file
View file

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge optionalAttrs;
in
{
config = mkMerge [
{
services.avahi.enable = true;
services.openssh.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
}
];
}

20
modules/nixos/system.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
(mkIf config.services.hardware.openrgb.enable {
system.activationScripts.openrgbOff = ''
mkdir -p /var/lib/OpenRGB
cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
})
];
}

28
profiles/darwin/desktop.nix
View file

@ -1,28 +0,0 @@
{ ... }:
{
imports = [
../minimal.nix
];
homebrew = {
enable = true;
casks = [
"1password"
"1password-cli"
"adguard"
"brave-browser"
];
};
programs.zsh = {
enable = true;
enableGlobalCompInit = false;
shellInit = ''
if [ -e "/opt/homebrew/bin/brew" ]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
};
}

151
profiles/linux/desktop.nix
View file

@ -1,151 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkForce mkIf;
in
{
imports = [
./minimal.nix
];
environment = {
sessionVariables = {
NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs; [
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
loupe
sbctl
vdpauinfo
];
};
environment.etc = mkIf config.programs._1password-gui.enable {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
hardware.bluetooth = mkIf config.hardware.bluetooth.enable {
settings = {
General.Experimental = true;
};
};
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = false; # Let dhcpcd handle this
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
networking.dhcpcd = {
enable = true;
extraConfig = ''
nohook resolv.conf # Don't let dhcpcd manage resolv.conf
'';
};
networking.resolvconf.enable = !config.services.resolved.enable;
programs._1password-gui = mkIf config.programs._1password.enable {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
programs.dconf.enable = config.programs.niri.enable;
programs.niri.enable = true;
programs.regreet = {
enable = true;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
programs.zsh.enable = true;
security.polkit.enable = config.programs.niri.enable;
security.rtkit.enable = config.services.pipewire.enable;
services.pipewire = mkIf config.services.pipewire.enable {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
system.activationScripts.openrgbOff =
mkIf (config.services.hardware.openrgb.startupProfile == "off")
''
mkdir -p /var/lib/OpenRGB
cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
}

129
profiles/linux/minimal.nix
View file

@ -1,129 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
inherit (lib) mkDefault;
inherit (config.machine.filesystem.uuid)
boot
esp
luks
cryptroot
;
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../minimal.nix
];
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}";
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
environment.sessionVariables = {
EDITOR = "${pkgs.vim}/bin/vim";
PAGER = "${pkgs.less}/bin/less";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${boot}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${esp}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
networking.useDHCP = mkDefault true;
services.avahi.enable = true;
services.openssh.enable = true;
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
}

34
profiles/minimal.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault;
in
{
environment.pathsToLink = [ "/share/zsh" ];
environment.systemPackages = with pkgs; [
curl
git
vim
wget
];
networking.hostName = "${config.machine.hostName}";
nix.package = pkgs.lixPackageSets.stable.lix;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
nixpkgs.overlays = [
(import ../overlays)
];
}