monologiq/systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: monologiq:62778d85194d9d3149a09896fe8891471a83791a
Branches Tags
monologiq:master
..
compare: monologiq:aca581facc48bd290fb37ca07c2d58a6c00a812b
Branches Tags
monologiq:master

No commits in common. "62778d85194d9d3149a09896fe8891471a83791a" and "aca581facc48bd290fb37ca07c2d58a6c00a812b" have entirely different histories.
62778d8519 ... aca581facc

32 changed files with 468 additions and 893 deletions
Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -10,10 +10,4 @@ sudo nixos-install --root /mnt --flake .#hermes
```bash ```bash
nix run nix-darwin/release-* -- switch --flake .#mercure nix run nix-darwin/release-* -- switch --flake .#mercure
``` ```
# TODO
1. Create a configuration path for the directory `config`
2. Create `mkSystem` that:
1. Inject `options.machine`
2. Auto-import the related configurations

22
flake.lock generated
View file

@ -53,27 +53,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1766553861,
"narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -160,7 +139,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"

192
flake.nix
View file

@ -1,129 +1,82 @@
{ {
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote?ref=master";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = outputs =
{ self, nixpkgs, ... }@inputs: { self, nixpkgs, ... }@inputs:
let let
lib = import ./lib { inherit nixpkgs; }; supportedSystems = [
"x86_64-linux"
"aarch64-darwin"
];
inherit (lib) forEachSupportedSystem pkgsFor; lib = import ./lib { inherit (inputs.nixpkgs) lib; };
pkgsFor =
systems = system:
let import inputs.nixpkgs {
inherit (inputs) inherit system;
home-manager config.allowUnfree = true;
lanzaboote
nix-darwin
nixpkgs
;
inherit (nixpkgs.lib)
flatten
hasSuffix
mkAliasOptionModule
strings
mkOption
types
;
systemFn =
system:
if hasSuffix "darwin" system then
nix-darwin.lib.darwinSystem
else if hasSuffix "linux" system then
nixpkgs.lib.nixosSystem
else
throw "System: ${system} not supported.";
homeModule =
system:
if hasSuffix "darwin" system then
home-manager.darwinModules.home-manager
else if hasSuffix "linux" system then
home-manager.nixosModules.home-manager
else
throw "System: ${system} not supported.";
in
{
mkSystem =
system:
{
machine ? { },
modules ? [ ],
specialArgs ? { },
}:
systemFn system {
inherit specialArgs;
modules = flatten (
modules
++ [
(
if hasSuffix "darwin" system then
home-manager.darwinModules.home-manager
else if hasSuffix "linux" system then
[
lanzaboote.nixosModules.lanzaboote
]
else
throw "System: ${system} not supported."
)
{ nixpkgs.hostPlatform = "${system}"; }
{
options.machine = {
mainUser = mkOption {
type = types.str;
description = "The main user of the machine";
};
hostName = mkOption {
type = types.str;
description = "The name of the machine";
};
};
}
{ config.machine = machine; }
./modules/common/environment.nix
./modules/common/nix.nix
./modules/common/nixpkgs.nix
./modules/common/programs.nix
./machines/${machine.hostName}.nix
]
);
};
}; };
forEachSupportedSystem =
f:
inputs.nixpkgs.lib.genAttrs supportedSystems (
system:
f {
inherit system;
pkgs = pkgsFor system;
}
);
in in
{ {
nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" { nixosConfigurations."persephone" = nixpkgs.lib.nixosSystem {
machine = {
hostName = "persephone";
mainUser = "pml";
};
modules = [ modules = [
./modules/nixos/boot.nix inputs.lanzaboote.nixosModules.lanzaboote
./modules/nixos/environment.nix ./machines/persephone.nix
./modules/nixos/filesystems.nix (
./modules/nixos/fonts.nix { lib, ... }:
./modules/nixos/hardware.nix {
./modules/nixos/networking.nix options.machines = {
./modules/nixos/programs.nix fs = {
./modules/nixos/security.nix bootUUID = lib.mkOption {
./modules/nixos/services.nix type = lib.types.str;
./modules/nixos/system.nix description = "The UUID of the XBOOTLDR partition.";
default = "9c2d7380-571d-4bc5-9ad2-e4888ce351be";
};
efiUUID = lib.mkOption {
type = lib.types.str;
description = "The UUID of the ESP.";
default = "71E7-7A63";
};
luuksUUID = lib.mkOption {
type = lib.types.str;
description = "The UUID of the encrypted root partition.";
default = "b0ace3a0-64f0-461e-a604-7f6788384d12";
};
cryptrootUUID = lib.mkOption {
type = lib.types.str;
description = "The UUID of the decrypted root partition.";
default = "769362f6-43d4-4b83-a12c-d006c9bd6613";
};
};
};
}
)
]; ];
}; };
darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" { darwinConfigurations."hermes" = inputs.nix-darwin.lib.darwinSystem {
machine = {
hostName = "hermes";
mainUser = "pml";
};
modules = [ modules = [
./modules/darwin/homebrew.nix { system.configurationRevision = self.rev or self.dirtyRev or null; }
./modules/darwin/programs.nix ./machines/hermes.nix
]; ];
}; };
devShells = forEachSupportedSystem ( devShells = forEachSupportedSystem (
@ -140,17 +93,4 @@
formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style); formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style);
}; };
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager?ref=release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote?ref=master";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
};
} }

36
lib/default.nix
View file

@ -1,33 +1,3 @@
{ { lib, ... }: {
nixpkgs,
supportedSystems ? [ }
"x86_64-linux"
"aarch64-darwin"
],
...
}:
let
inherit (nixpkgs.lib) genAttrs;
forEachSupportedSystem =
f:
genAttrs supportedSystems (
system:
f {
inherit system;
pkgs = pkgsFor system;
}
);
pkgsFor =
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
nixpkgs.lib
// {
inherit forEachSupportedSystem pkgsFor;
}

5
machines/hermes.nix
View file

@ -1,6 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
../profiles/minimal.nix
../profiles/desktop.darwin.nix
];
environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems"; environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems";
system.primaryUser = "pml"; system.primaryUser = "pml";

13
machines/hermes/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ self, pkgs, ... }:
{
environment.systemPackages = [
pkgs.vim
];
nix.settings.experimental-features = "nix-command flakes";
system.stateVersion = 6;
nixpkgs.hostPlatform = "aarch64-darwin";
}

93
machines/persephone.nix
View file

@ -2,60 +2,41 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: }:
let
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{ {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./persephone/hardware.nix
./persephone/networking.nix
../profiles/minimal.linux.nix
../profiles/desktop.linux.nix
];
boot = { boot = {
blacklistedKernelModules = [
"spd5118"
];
extraModulePackages = [ ]; extraModulePackages = [ ];
kernelModules = [ kernelModules = [ "kvm-intel" ];
"i2c-dev"
"kvm-intel"
];
kernelPackages = pkgs.linuxPackages_6_17; kernelPackages = pkgs.linuxPackages_6_17;
kernelParams = [ "i915.enable_guc=3" ]; kernelParams = [ "i915.enable_guc=3" ];
}; };
boot.initrd.availableKernelModules = [
boot.initrd = { "xhci_pci"
availableKernelModules = [ "thunderbolt"
"xhci_pci" "nvme"
"thunderbolt" "ahci"
"nvme" "usbhid"
"ahci" "sd_mod"
"usbhid" ];
"sd_mod"
];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}";
};
console = { console = {
keyMap = "us"; keyMap = "us";
font = "${pkgs.terminus_font}/share/consolefonts/ter-v28b.psf.gz"; font = "${pkgs.terminus_font}/share/consolefonts/ter-v28b.psf.gz";
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
fileSystems."/".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/boot".device = "/dev/disk/by-uuid/${boot}";
fileSystems."/efi".device = "/dev/disk/by-uuid/${esp}";
fileSystems."/home".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/nix".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/cache".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/machines".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/portables".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/log".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/spool".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/tmp".device = "/dev/disk/by-uuid/${cryptroot}";
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
@ -67,8 +48,6 @@ in
]; ];
}; };
hardware.i2c.enable = true;
hardware.nvidia = { hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
open = true; open = true;
@ -130,27 +109,23 @@ in
VDPAU_DRIVER = "va_gl"; VDPAU_DRIVER = "va_gl";
}; };
environment.systemPackages = with pkgs; [
i2c-tools
lm_sensors
];
networking.wireless.iwd.enable = true;
nix.settings = { nix.settings = {
substituters = [ "https://cache.nixos-cuda.org" ]; substituters = [ "https://cache.nixos-cuda.org" ];
trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ];
}; };
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"1password"
"1password-cli"
"nvidia-x11"
"nvidia-settings"
];
programs._1password.enable = true; programs._1password.enable = true;
services.hardware.openrgb = {
enable = true;
startupProfile = "off";
};
services.pipewire.enable = true; services.pipewire.enable = true;
services.udev.packages = [ pkgs.openrgb ];
services.xserver.videoDrivers = [ services.xserver.videoDrivers = [
"modesetting" "modesetting"
@ -166,6 +141,16 @@ in
"i2c" "i2c"
"wheel" "wheel"
]; ];
packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
jnoortheen.nix-ide
mkhl.direnv
yzhang.markdown-all-in-one
];
})
];
}; };
# DO NOT EDIT # DO NOT EDIT

34
machines/persephone/hardware.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, ... }:
{
# I2C
environment.systemPackages = with pkgs; [
i2c-tools
lm_sensors
];
boot.kernelModules = [ "i2c-dev" ];
boot.blacklistedKernelModules = [
# The spd5118 driver is in conflict with openrgb by holding onto I2C adresses when using Kingston Fury DRAM.
# On boot, I need to access those i2c regions in other to poweroff the RGB lighting.
# Then, I manually enable the kernel module in any script.
# It's possible to let this module disabled, but I lose the ability to get temperature values for the DIMMs.
# https://gitlab.com/CalcProgrammer1/OpenRGB/-/merge_requests/2557
"spd5118"
];
hardware.i2c.enable = true;
# OpenRGB
services.udev.packages = [ pkgs.openrgb ];
services.hardware.openrgb = {
enable = true;
startupProfile = "off";
};
system.activationScripts.openrgbOff = ''
mkdir -p /var/lib/OpenRGB
cp ${./off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
}

51
machines/persephone/networking.nix Normal file
View file

@ -0,0 +1,51 @@
{ lib, ... }:
{
networking.hostName = "persephone";
networking.useDHCP = lib.mkDefault true;
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = false; # Let dhcpcd handle this
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
networking.dhcpcd = {
enable = true;
extraConfig = ''
nohook resolv.conf # Don't let dhcpcd manage resolv.conf
'';
};
networking.resolvconf.enable = false;
services.avahi.enable = true;
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
services.openssh.enable = true;
}

0
config/openrgb/off.orp → machines/persephone/off.orp
View file

17
machines/persephone/remove_systemd_service.patch Normal file
View file

@ -0,0 +1,17 @@
diff --git a/OpenRGB.pro b/OpenRGB.pro
index df7082b6..0022e5fa 100644
--- a/OpenRGB.pro
+++ b/OpenRGB.pro
@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) {
icon.files+=qt/org.openrgb.OpenRGB.png
metainfo.path=$$PREFIX/share/metainfo/
metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml
- systemd_service.path=/etc/systemd/system
- systemd_service.files+=qt/openrgb.service
- INSTALLS += target desktop icon metainfo udev_rules systemd_service
+ # systemd_service.path=/etc/systemd/system
+ # systemd_service.files+=qt/openrgb.service
+ INSTALLS += target desktop icon metainfo udev_rules # systemd_service
}
#-----------------------------------------------------------------------------------------------#

49
modules/common/environment.nix
View file

@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
getName
mkIf
mkMerge
optionalAttrs
;
cfg = config;
in
{
config = mkMerge [
{
environment.systemPackages = with pkgs; [
chezmoi
direnv
git
curl
vim
wget
];
users.users."${config.machine.mainUser}".packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
jnoortheen.nix-ide
mkhl.direnv
ms-azuretools.vscode-docker
ms-python.python
ms-vscode-remote.remote-ssh
yzhang.markdown-all-in-one
];
})
];
}
(mkIf cfg.programs.zsh.enable {
environment.pathsToLink = [ "/share/zsh" ];
})
];
}

24
modules/common/nix.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
nix = {
package = pkgs.lixPackageSets.stable.lix;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
};
}
];
}

32
modules/common/nixpkgs.nix
View file

@ -1,32 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge optionalAttrs;
in
{
config = mkMerge [
{
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (getName pkg) [
"1password-cli"
"1password"
"nvidia-settings"
"nvidia-x11"
"obsidian"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
}
(optionalAttrs (builtins.pathExists ../../overlays) {
nixpkgs.overlays = [
(import ../../overlays)
];
})
];
}

16
modules/common/programs.nix
View file

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh.enable = true;
}
];
}

23
modules/darwin/homebrew.nix
View file

@ -1,23 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
homebrew = {
enable = true;
casks = [
"1password-cli"
"1password"
"adguard"
"alacritty"
"brave-browser"
"figma"
"firefox"
];
};
}
];
}

22
modules/darwin/programs.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh = {
shellInit = ''
if [ -e "/opt/homebrew/bin/brew" ]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
};
}
];
}

73
modules/machine.nix
View file

@ -1,73 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkAliasOptionModule
mkOption
types
;
in
{
options.machine = {
mainUser = mkOption {
type = types.str;
description = "The main user of the machine";
};
hostName = mkOption {
type = types.str;
description = "The name of the machine";
};
filesystem.uuid = {
boot = mkOption {
type = types.nullOr types.str;
description = "The UUID of the XBOOTLDR partition.";
default = null;
};
esp = mkOption {
type = types.nullOr types.str;
description = "The UUID of the ESP.";
default = null;
};
luks = mkOption {
type = types.nullOr types.str;
description = "The UUID of the encrypted root partition.";
default = null;
};
cryptroot = mkOption {
type = types.nullOr types.str;
description = "The UUID of the decrypted root partition.";
default = null;
};
};
};
config = lib.mkIf pkgs.stdenv.hostPlatform.isLinux {
assertions = [
{
assertion = config.machine.filesystem.uuid.boot != null;
message = "machine.filesystem.uuid.boot must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.esp != null;
message = "machine.filesystem.uuid.esp must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.luks != null;
message = "machine.filesystem.uuid.luks must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.cryptroot != null;
message = "machine.filesystem.cryptroot.esp must be set on Linux systems";
}
];
};
}

40
modules/nixos/boot.nix
View file

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
}
];
}

54
modules/nixos/environment.nix
View file

@ -1,54 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
{
environment.sessionVariables = {
EDITOR = "${pkgs.vim}/bin/vim";
PAGER = "${pkgs.less}/bin/less";
};
environment.systemPackages = with pkgs; [
alacritty
brave
firefox
foliate
fuzzel
loupe
mpv
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
loupe
sbctl
vdpauinfo
];
}
(mkIf config.programs.niri.enable {
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
})
(mkIf config.programs._1password.enable {
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
})
];
}

94
modules/nixos/filesystems.nix
View file

@ -1,94 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkMerge
mkOption
optionalAttrs
types
;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${boot}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${esp}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
}
];
}

37
modules/nixos/fonts.nix
View file

@ -1,37 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
}
];
}

27
modules/nixos/hardware.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge;
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = mkMerge [
{
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth = {
settings = {
General.Experimental = true;
};
};
}
];
}

37
modules/nixos/networking.nix
View file

@ -1,37 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge optionalString;
in
{
config = mkMerge [
{
networking.dhcpcd = {
enable = config.networking.wireless.iwd.enable;
extraConfig = ''
${optionalString config.services.resolved.enable "nohook resolv.conf"}
'';
};
networking.hostName = "${config.machine.hostName}";
networking.resolvconf.enable = !config.services.resolved.enable;
networking.useDHCP = mkDefault true;
networking.wireless.iwd = {
settings = {
General = {
EnableNetworkConfiguration = !config.services.resolved.enable;
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
}
];
}

47
modules/nixos/programs.nix
View file

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkForce
mkIf
mkMerge
optionalAttrs
;
in
{
config = mkMerge [
{
programs.dconf.enable = config.programs.niri.enable;
programs.firefox = {
enable = true;
nativeMessagingHosts.packages = with pkgs; [ vdhcoapp ];
};
programs.niri.enable = true;
programs.regreet = {
enable = config.programs.niri.enable;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
}
(mkIf config.programs._1password.enable {
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
})
];
}

17
modules/nixos/security.nix
View file

@ -1,17 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
security.polkit.enable = config.programs.niri.enable;
security.rtkit.enable = config.services.pipewire.enable;
}
];
}

39
modules/nixos/services.nix
View file

@ -1,39 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge optionalAttrs;
in
{
config = mkMerge [
{
services.avahi.enable = true;
services.openssh.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
}
];
}

20
modules/nixos/system.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
(mkIf config.services.hardware.openrgb.enable {
system.activationScripts.openrgbOff = ''
mkdir -p /var/lib/OpenRGB
cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
})
];
}

5
profiles/desktop.darwin.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
}

104
profiles/desktop.linux.nix Normal file
View file

@ -0,0 +1,104 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkForce mkIf;
sessionVariables = {
NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs; [
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
sbctl
vdpauinfo
];
in
{
environment = {
inherit sessionVariables systemPackages;
};
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
hardware.bluetooth = mkIf config.hardware.bluetooth.enable {
settings = {
General.Experimental = true;
};
};
programs.dconf.enable = config.programs.niri.enable;
security.polkit.enable = config.programs.niri.enable;
programs._1password-gui = mkIf config.programs._1password.enable {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
environment.etc = mkIf config.programs._1password-gui.enable {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
programs.niri.enable = true;
programs.regreet = {
enable = true;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
programs.zsh.enable = true;
security.rtkit.enable = config.services.pipewire.enable;
services.pipewire = mkIf config.services.pipewire.enable {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
}

107
profiles/minimal.linux.nix Normal file
View file

@ -0,0 +1,107 @@
{ config, lib, ... }:
let
bootUUID = config.machines.fs.bootUUID;
efiUUID = config.machines.fs.efiUUID;
luuksUUID = config.machines.fs.luuksUUID;
cryptrootUUID = config.machines.fs.cryptrootUUID;
in
{
imports = [ ./minimal.nix ];
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${bootUUID}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${efiUUID}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

23
profiles/minimal.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
curl
git
vim
wget
];
nix.package = pkgs.lixPackageSets.stable.lix;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
nixpkgs.overlays = [
(import ../overlays)
];
}