diff --git a/README.md b/README.md index a6e80b8..9f2e2c9 100644 --- a/README.md +++ b/README.md @@ -10,4 +10,10 @@ sudo nixos-install --root /mnt --flake .#hermes ```bash nix run nix-darwin/release-* -- switch --flake .#mercure -``` \ No newline at end of file +``` + +# TODO +1. Create a configuration path for the directory `config` +2. Create `mkSystem` that: + 1. Inject `options.machine` + 2. Auto-import the related configurations \ No newline at end of file diff --git a/machines/persephone/off.orp b/config/openrgb/off.orp similarity index 100% rename from machines/persephone/off.orp rename to config/openrgb/off.orp diff --git a/flake.lock b/flake.lock index 8585b0e..68fbab4 100644 --- a/flake.lock +++ b/flake.lock @@ -53,6 +53,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766553861, + "narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -139,6 +160,7 @@ }, "root": { "inputs": { + "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs" diff --git a/flake.nix b/flake.nix index de6ddf8..9addcce 100644 --- a/flake.nix +++ b/flake.nix @@ -1,82 +1,129 @@ { - inputs = { - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; - - nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11"; - nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - - lanzaboote.url = "github:nix-community/lanzaboote?ref=master"; - lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - }; - outputs = { self, nixpkgs, ... }@inputs: let - supportedSystems = [ - "x86_64-linux" - "aarch64-darwin" - ]; + lib = import ./lib { inherit nixpkgs; }; - lib = import ./lib { inherit (inputs.nixpkgs) lib; }; - pkgsFor = - system: - import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; + inherit (lib) forEachSupportedSystem pkgsFor; + + systems = + let + inherit (inputs) + home-manager + lanzaboote + nix-darwin + nixpkgs + ; + inherit (nixpkgs.lib) + flatten + hasSuffix + mkAliasOptionModule + strings + mkOption + types + ; + + systemFn = + system: + if hasSuffix "darwin" system then + nix-darwin.lib.darwinSystem + else if hasSuffix "linux" system then + nixpkgs.lib.nixosSystem + else + throw "System: ${system} not supported."; + + homeModule = + system: + if hasSuffix "darwin" system then + home-manager.darwinModules.home-manager + else if hasSuffix "linux" system then + home-manager.nixosModules.home-manager + else + throw "System: ${system} not supported."; + + in + { + mkSystem = + system: + { + machine ? { }, + modules ? [ ], + specialArgs ? { }, + }: + systemFn system { + inherit specialArgs; + + modules = flatten ( + modules + ++ [ + ( + if hasSuffix "darwin" system then + home-manager.darwinModules.home-manager + else if hasSuffix "linux" system then + [ + lanzaboote.nixosModules.lanzaboote + ] + else + throw "System: ${system} not supported." + ) + + { nixpkgs.hostPlatform = "${system}"; } + + { + options.machine = { + mainUser = mkOption { + type = types.str; + description = "The main user of the machine"; + }; + + hostName = mkOption { + type = types.str; + description = "The name of the machine"; + }; + }; + } + { config.machine = machine; } + + ./modules/common/environment.nix + ./modules/common/nix.nix + ./modules/common/nixpkgs.nix + ./modules/common/programs.nix + + ./machines/${machine.hostName}.nix + ] + ); + }; }; - - forEachSupportedSystem = - f: - inputs.nixpkgs.lib.genAttrs supportedSystems ( - system: - f { - inherit system; - pkgs = pkgsFor system; - } - ); in { - nixosConfigurations."persephone" = nixpkgs.lib.nixosSystem { + nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" { + machine = { + hostName = "persephone"; + mainUser = "pml"; + }; modules = [ - inputs.lanzaboote.nixosModules.lanzaboote - ./machines/persephone.nix - ( - { lib, ... }: - { - options.machines = { - fs = { - bootUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the XBOOTLDR partition."; - default = "9c2d7380-571d-4bc5-9ad2-e4888ce351be"; - }; - efiUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the ESP."; - default = "71E7-7A63"; - }; - luuksUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the encrypted root partition."; - default = "b0ace3a0-64f0-461e-a604-7f6788384d12"; - }; - cryptrootUUID = lib.mkOption { - type = lib.types.str; - description = "The UUID of the decrypted root partition."; - default = "769362f6-43d4-4b83-a12c-d006c9bd6613"; - }; - }; - }; - } - ) + ./modules/nixos/boot.nix + ./modules/nixos/environment.nix + ./modules/nixos/filesystems.nix + ./modules/nixos/fonts.nix + ./modules/nixos/hardware.nix + ./modules/nixos/networking.nix + ./modules/nixos/programs.nix + ./modules/nixos/security.nix + ./modules/nixos/services.nix + ./modules/nixos/system.nix ]; }; - darwinConfigurations."hermes" = inputs.nix-darwin.lib.darwinSystem { + darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" { + machine = { + hostName = "hermes"; + mainUser = "pml"; + }; modules = [ - { system.configurationRevision = self.rev or self.dirtyRev or null; } - ./machines/hermes.nix - ]; + ./modules/darwin/homebrew.nix + ./modules/darwin/programs.nix + ]; }; devShells = forEachSupportedSystem ( @@ -93,4 +140,17 @@ formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style); }; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + + nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + + home-manager.url = "github:nix-community/home-manager?ref=release-25.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + lanzaboote.url = "github:nix-community/lanzaboote?ref=master"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + }; } diff --git a/lib/default.nix b/lib/default.nix index 3350e55..0df675e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,3 +1,33 @@ -{ lib, ... }: { - - } +{ + nixpkgs, + supportedSystems ? [ + "x86_64-linux" + "aarch64-darwin" + ], + ... +}: +let + inherit (nixpkgs.lib) genAttrs; + + forEachSupportedSystem = + f: + genAttrs supportedSystems ( + system: + f { + inherit system; + pkgs = pkgsFor system; + } + ); + + pkgsFor = + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + }; + +in +nixpkgs.lib +// { + inherit forEachSupportedSystem pkgsFor; +} diff --git a/machines/hermes.nix b/machines/hermes.nix index 7290392..7a20466 100644 --- a/machines/hermes.nix +++ b/machines/hermes.nix @@ -1,11 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ../profiles/minimal.nix - ../profiles/desktop.darwin.nix - ]; - environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems"; system.primaryUser = "pml"; diff --git a/machines/hermes/default.nix b/machines/hermes/default.nix deleted file mode 100644 index 918d775..0000000 --- a/machines/hermes/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ self, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.vim - ]; - - nix.settings.experimental-features = "nix-command flakes"; - - system.stateVersion = 6; - - nixpkgs.hostPlatform = "aarch64-darwin"; -} diff --git a/machines/persephone.nix b/machines/persephone.nix index 188f7a0..c638620 100644 --- a/machines/persephone.nix +++ b/machines/persephone.nix @@ -2,41 +2,60 @@ config, lib, pkgs, - modulesPath, ... }: - +let + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./persephone/hardware.nix - ./persephone/networking.nix - ../profiles/minimal.linux.nix - ../profiles/desktop.linux.nix - ]; - boot = { + blacklistedKernelModules = [ + "spd5118" + ]; extraModulePackages = [ ]; - kernelModules = [ "kvm-intel" ]; + kernelModules = [ + "i2c-dev" + "kvm-intel" + ]; kernelPackages = pkgs.linuxPackages_6_17; kernelParams = [ "i915.enable_guc=3" ]; }; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "thunderbolt" - "nvme" - "ahci" - "usbhid" - "sd_mod" - ]; + + boot.initrd = { + availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "ahci" + "usbhid" + "sd_mod" + ]; + luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}"; + + }; console = { keyMap = "us"; font = "${pkgs.terminus_font}/share/consolefonts/ter-v28b.psf.gz"; }; - + i18n.defaultLocale = "en_US.UTF-8"; + fileSystems."/".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/boot".device = "/dev/disk/by-uuid/${boot}"; + fileSystems."/efi".device = "/dev/disk/by-uuid/${esp}"; + fileSystems."/home".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/nix".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/cache".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/lib/machines".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/lib/portables".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/log".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/spool".device = "/dev/disk/by-uuid/${cryptroot}"; + fileSystems."/var/tmp".device = "/dev/disk/by-uuid/${cryptroot}"; + hardware.enableRedistributableFirmware = true; hardware.bluetooth.enable = true; @@ -48,6 +67,8 @@ ]; }; + hardware.i2c.enable = true; + hardware.nvidia = { package = config.boot.kernelPackages.nvidiaPackages.stable; open = true; @@ -109,23 +130,27 @@ VDPAU_DRIVER = "va_gl"; }; + environment.systemPackages = with pkgs; [ + i2c-tools + lm_sensors + ]; + + networking.wireless.iwd.enable = true; + nix.settings = { substituters = [ "https://cache.nixos-cuda.org" ]; trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; }; - nixpkgs.config.allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "1password" - "1password-cli" - "nvidia-x11" - "nvidia-settings" - ]; - programs._1password.enable = true; + services.hardware.openrgb = { + enable = true; + startupProfile = "off"; + }; + services.pipewire.enable = true; + services.udev.packages = [ pkgs.openrgb ]; services.xserver.videoDrivers = [ "modesetting" @@ -141,16 +166,6 @@ "i2c" "wheel" ]; - packages = with pkgs; [ - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with vscode-extensions; [ - jnoortheen.nix-ide - mkhl.direnv - yzhang.markdown-all-in-one - ]; - }) - ]; }; # DO NOT EDIT diff --git a/machines/persephone/hardware.nix b/machines/persephone/hardware.nix deleted file mode 100644 index 31c60b0..0000000 --- a/machines/persephone/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, ... }: - -{ - # I2C - environment.systemPackages = with pkgs; [ - i2c-tools - lm_sensors - ]; - - boot.kernelModules = [ "i2c-dev" ]; - boot.blacklistedKernelModules = [ - # The spd5118 driver is in conflict with openrgb by holding onto I2C adresses when using Kingston Fury DRAM. - # On boot, I need to access those i2c regions in other to poweroff the RGB lighting. - # Then, I manually enable the kernel module in any script. - # It's possible to let this module disabled, but I lose the ability to get temperature values for the DIMMs. - # https://gitlab.com/CalcProgrammer1/OpenRGB/-/merge_requests/2557 - "spd5118" - ]; - - hardware.i2c.enable = true; - - # OpenRGB - services.udev.packages = [ pkgs.openrgb ]; - services.hardware.openrgb = { - enable = true; - startupProfile = "off"; - }; - - system.activationScripts.openrgbOff = '' - mkdir -p /var/lib/OpenRGB - cp ${./off.orp} /var/lib/OpenRGB/off.orp - chmod 0644 /var/lib/OpenRGB/off.orp - ''; -} diff --git a/machines/persephone/networking.nix b/machines/persephone/networking.nix deleted file mode 100644 index 263f66b..0000000 --- a/machines/persephone/networking.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, ... }: - -{ - - networking.hostName = "persephone"; - - networking.useDHCP = lib.mkDefault true; - - networking.wireless.iwd = { - enable = true; - settings = { - General = { - EnableNetworkConfiguration = false; # Let dhcpcd handle this - }; - Network = { - EnableIPv6 = true; - NameResolvingService = "systemd"; - }; - }; - }; - - networking.dhcpcd = { - enable = true; - extraConfig = '' - nohook resolv.conf # Don't let dhcpcd manage resolv.conf - ''; - }; - - networking.resolvconf.enable = false; - - services.avahi.enable = true; - - services.resolved = { - enable = true; - - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "2620:fe::fe#dns.quad9.net" - "2620:fe::9#dns.quad9.net" - ]; - - extraConfig = '' - DNSOverTLS=yes - ''; - }; - - services.openssh.enable = true; -} diff --git a/machines/persephone/remove_systemd_service.patch b/machines/persephone/remove_systemd_service.patch deleted file mode 100644 index bc9fbdf..0000000 --- a/machines/persephone/remove_systemd_service.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/OpenRGB.pro b/OpenRGB.pro -index df7082b6..0022e5fa 100644 ---- a/OpenRGB.pro -+++ b/OpenRGB.pro -@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) { - icon.files+=qt/org.openrgb.OpenRGB.png - metainfo.path=$$PREFIX/share/metainfo/ - metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml -- systemd_service.path=/etc/systemd/system -- systemd_service.files+=qt/openrgb.service -- INSTALLS += target desktop icon metainfo udev_rules systemd_service -+ # systemd_service.path=/etc/systemd/system -+ # systemd_service.files+=qt/openrgb.service -+ INSTALLS += target desktop icon metainfo udev_rules # systemd_service - } - - #-----------------------------------------------------------------------------------------------# diff --git a/modules/common/environment.nix b/modules/common/environment.nix new file mode 100644 index 0000000..5eaa263 --- /dev/null +++ b/modules/common/environment.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + getName + mkIf + mkMerge + optionalAttrs + ; + + cfg = config; +in +{ + config = mkMerge [ + { + environment.systemPackages = with pkgs; [ + chezmoi + direnv + git + curl + vim + wget + ]; + + users.users."${config.machine.mainUser}".packages = with pkgs; [ + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with vscode-extensions; [ + bbenoist.nix + jnoortheen.nix-ide + mkhl.direnv + ms-azuretools.vscode-docker + ms-python.python + ms-vscode-remote.remote-ssh + yzhang.markdown-all-in-one + ]; + }) + ]; + } + + (mkIf cfg.programs.zsh.enable { + environment.pathsToLink = [ "/share/zsh" ]; + }) + ]; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..2152dd9 --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + nix = { + package = pkgs.lixPackageSets.stable.lix; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + } + ]; +} diff --git a/modules/common/nixpkgs.nix b/modules/common/nixpkgs.nix new file mode 100644 index 0000000..b39820f --- /dev/null +++ b/modules/common/nixpkgs.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge optionalAttrs; +in +{ + config = mkMerge [ + { + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (getName pkg) [ + "1password-cli" + "1password" + "nvidia-settings" + "nvidia-x11" + "obsidian" + "vscode-extension-ms-vscode-remote-remote-ssh" + ]; + + } + + (optionalAttrs (builtins.pathExists ../../overlays) { + nixpkgs.overlays = [ + (import ../../overlays) + ]; + }) + ]; +} diff --git a/modules/common/programs.nix b/modules/common/programs.nix new file mode 100644 index 0000000..84a3051 --- /dev/null +++ b/modules/common/programs.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + programs.zsh.enable = true; + } + ]; +} diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix new file mode 100644 index 0000000..8ef53c5 --- /dev/null +++ b/modules/darwin/homebrew.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, ... }: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + homebrew = { + enable = true; + + casks = [ + "1password-cli" + "1password" + "adguard" + "alacritty" + "brave-browser" + "figma" + "firefox" + ]; + }; + } + ]; +} diff --git a/modules/darwin/programs.nix b/modules/darwin/programs.nix new file mode 100644 index 0000000..85dc430 --- /dev/null +++ b/modules/darwin/programs.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) getName mkMerge; +in +{ + config = mkMerge [ + { + programs.zsh = { + shellInit = '' + if [ -e "/opt/homebrew/bin/brew" ]; then + eval "$(/opt/homebrew/bin/brew shellenv)" + fi + ''; + }; + } + ]; +} diff --git a/modules/machine.nix b/modules/machine.nix new file mode 100644 index 0000000..12e9e32 --- /dev/null +++ b/modules/machine.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkAliasOptionModule + mkOption + types + ; +in +{ + options.machine = { + mainUser = mkOption { + type = types.str; + description = "The main user of the machine"; + }; + + hostName = mkOption { + type = types.str; + description = "The name of the machine"; + }; + + filesystem.uuid = { + boot = mkOption { + type = types.nullOr types.str; + description = "The UUID of the XBOOTLDR partition."; + default = null; + }; + + esp = mkOption { + type = types.nullOr types.str; + description = "The UUID of the ESP."; + default = null; + }; + + luks = mkOption { + type = types.nullOr types.str; + description = "The UUID of the encrypted root partition."; + default = null; + }; + + cryptroot = mkOption { + type = types.nullOr types.str; + description = "The UUID of the decrypted root partition."; + default = null; + }; + }; + }; + + config = lib.mkIf pkgs.stdenv.hostPlatform.isLinux { + assertions = [ + { + assertion = config.machine.filesystem.uuid.boot != null; + message = "machine.filesystem.uuid.boot must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.esp != null; + message = "machine.filesystem.uuid.esp must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.luks != null; + message = "machine.filesystem.uuid.luks must be set on Linux systems"; + } + { + assertion = config.machine.filesystem.uuid.cryptroot != null; + message = "machine.filesystem.cryptroot.esp must be set on Linux systems"; + } + ]; + }; +} diff --git a/modules/nixos/boot.nix b/modules/nixos/boot.nix new file mode 100644 index 0000000..1c44dbe --- /dev/null +++ b/modules/nixos/boot.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge; + + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in +{ + config = mkMerge [ + { + boot.bootspec.enable = true; + boot.initrd = { + kernelModules = [ ]; + systemd.enable = true; + }; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "efi"; + }; + + boot.loader.systemd-boot = { + enable = lib.mkForce false; + xbootldrMountPoint = "/boot"; + }; + } + ]; +} diff --git a/modules/nixos/environment.nix b/modules/nixos/environment.nix new file mode 100644 index 0000000..bf4c650 --- /dev/null +++ b/modules/nixos/environment.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkIf mkMerge; +in +{ + config = mkMerge [ + { + environment.sessionVariables = { + EDITOR = "${pkgs.vim}/bin/vim"; + PAGER = "${pkgs.less}/bin/less"; + }; + + environment.systemPackages = with pkgs; [ + alacritty + brave + firefox + foliate + fuzzel + loupe + mpv + adwaita-icon-theme + ddcutil + gsettings-desktop-schemas + libva-utils + loupe + sbctl + vdpauinfo + ]; + } + + (mkIf config.programs.niri.enable { + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; + }) + + (mkIf config.programs._1password.enable { + environment.etc = { + "1password/custom_allowed_browsers" = { + text = '' + firefox + brave + ''; + mode = "0755"; + }; + }; + }) + ]; +} diff --git a/modules/nixos/filesystems.nix b/modules/nixos/filesystems.nix new file mode 100644 index 0000000..8f7f5b8 --- /dev/null +++ b/modules/nixos/filesystems.nix @@ -0,0 +1,94 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkMerge + mkOption + optionalAttrs + types + ; + + boot = "cb03cf78-715e-4030-ba82-189ff8897eaf"; + esp = "4E4C-1139"; + luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25"; + cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701"; +in +{ + config = mkMerge [ + { + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/${boot}"; + fsType = "ext4"; + }; + + fileSystems."/efi" = { + device = "/dev/disk/by-uuid/${esp}"; + fsType = "vfat"; + options = [ + "fmask=0137" + "dmask=0027" + ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@root" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@nix" ]; + }; + + fileSystems."/var/cache" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_cache" ]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_log" ]; + }; + + fileSystems."/var/spool" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_spool" ]; + }; + + fileSystems."/var/tmp" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_tmp" ]; + }; + + fileSystems."/var/lib/machines" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_machines" ]; + }; + + fileSystems."/var/lib/portables" = { + device = "/dev/disk/by-uuid/${cryptroot}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_portables" ]; + }; + + swapDevices = [ ]; + } + ]; +} diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..7ec8c60 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, ... }: +let + inherit (lib) mkMerge; +in +{ + config = mkMerge [ + { + fonts.fontconfig = { + enable = true; + antialias = true; + hinting = { + enable = true; + style = "slight"; + }; + subpixel = { + rgba = "rgb"; + lcdfilter = "default"; + }; + defaultFonts = { + serif = [ + "SF Pro" + "DejaVu Serif" + ]; + sansSerif = [ + "SF Pro" + "DejaVu Sans" + ]; + monospace = [ + "Iosevka Cavalier" + "DejaVu Sans Mono" + ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + } + ]; +} diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix new file mode 100644 index 0000000..26bdb57 --- /dev/null +++ b/modules/nixos/hardware.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + modulesPath, + pkgs, + ... +}: +let + inherit (lib) mkDefault mkMerge; +in +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + config = mkMerge [ + { + hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; + + hardware.bluetooth = { + settings = { + General.Experimental = true; + }; + }; + } + ]; +} diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix new file mode 100644 index 0000000..049d464 --- /dev/null +++ b/modules/nixos/networking.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkDefault mkMerge optionalString; +in +{ + config = mkMerge [ + { + networking.dhcpcd = { + enable = config.networking.wireless.iwd.enable; + extraConfig = '' + ${optionalString config.services.resolved.enable "nohook resolv.conf"} + ''; + }; + + networking.hostName = "${config.machine.hostName}"; + networking.resolvconf.enable = !config.services.resolved.enable; + + networking.useDHCP = mkDefault true; + networking.wireless.iwd = { + settings = { + General = { + EnableNetworkConfiguration = !config.services.resolved.enable; + }; + Network = { + EnableIPv6 = true; + NameResolvingService = "systemd"; + }; + }; + }; + } + ]; +} diff --git a/modules/nixos/programs.nix b/modules/nixos/programs.nix new file mode 100644 index 0000000..df971c2 --- /dev/null +++ b/modules/nixos/programs.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + mkForce + mkIf + mkMerge + optionalAttrs + ; +in +{ + config = mkMerge [ + { + programs.dconf.enable = config.programs.niri.enable; + + programs.firefox = { + enable = true; + nativeMessagingHosts.packages = with pkgs; [ vdhcoapp ]; + }; + + programs.niri.enable = true; + + programs.regreet = { + enable = config.programs.niri.enable; + font.name = "SF Pro"; + font.size = 16; + font.package = pkgs.apple-fonts.sf-pro; + settings = { + GTK = { + font_name = mkForce "SF Pro 16"; + }; + }; + }; + } + + (mkIf config.programs._1password.enable { + programs._1password-gui = { + enable = true; + polkitPolicyOwners = [ "pml" ]; + }; + }) + ]; +} diff --git a/modules/nixos/security.nix b/modules/nixos/security.nix new file mode 100644 index 0000000..ccb7b55 --- /dev/null +++ b/modules/nixos/security.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge; +in +{ + config = mkMerge [ + { + security.polkit.enable = config.programs.niri.enable; + security.rtkit.enable = config.services.pipewire.enable; + } + ]; +} diff --git a/modules/nixos/services.nix b/modules/nixos/services.nix new file mode 100644 index 0000000..4a984f8 --- /dev/null +++ b/modules/nixos/services.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkMerge optionalAttrs; +in +{ + config = mkMerge [ + { + services.avahi.enable = true; + services.openssh.enable = true; + + services.pipewire = { + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "2620:fe::fe#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + ]; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + } + ]; +} diff --git a/modules/nixos/system.nix b/modules/nixos/system.nix new file mode 100644 index 0000000..be90d4a --- /dev/null +++ b/modules/nixos/system.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkIf mkMerge; +in +{ + config = mkMerge [ + (mkIf config.services.hardware.openrgb.enable { + system.activationScripts.openrgbOff = '' + mkdir -p /var/lib/OpenRGB + cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp + chmod 0644 /var/lib/OpenRGB/off.orp + ''; + }) + ]; +} diff --git a/profiles/desktop.darwin.nix b/profiles/desktop.darwin.nix deleted file mode 100644 index 1ea63d5..0000000 --- a/profiles/desktop.darwin.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - -} \ No newline at end of file diff --git a/profiles/desktop.linux.nix b/profiles/desktop.linux.nix deleted file mode 100644 index 50cabd3..0000000 --- a/profiles/desktop.linux.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkForce mkIf; - - sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - - systemPackages = with pkgs; [ - adwaita-icon-theme - ddcutil - gsettings-desktop-schemas - libva-utils - sbctl - vdpauinfo - ]; -in -{ - environment = { - inherit sessionVariables systemPackages; - }; - - fonts.fontconfig = { - enable = true; - antialias = true; - hinting = { - enable = true; - style = "slight"; - }; - subpixel = { - rgba = "rgb"; - lcdfilter = "default"; - }; - defaultFonts = { - serif = [ - "SF Pro" - "DejaVu Serif" - ]; - sansSerif = [ - "SF Pro" - "DejaVu Sans" - ]; - monospace = [ - "Iosevka Cavalier" - "DejaVu Sans Mono" - ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - - hardware.bluetooth = mkIf config.hardware.bluetooth.enable { - settings = { - General.Experimental = true; - }; - }; - - programs.dconf.enable = config.programs.niri.enable; - security.polkit.enable = config.programs.niri.enable; - - programs._1password-gui = mkIf config.programs._1password.enable { - enable = true; - polkitPolicyOwners = [ "pml" ]; - }; - - environment.etc = mkIf config.programs._1password-gui.enable { - "1password/custom_allowed_browsers" = { - text = '' - firefox - brave - ''; - mode = "0755"; - }; - }; - - programs.niri.enable = true; - - programs.regreet = { - enable = true; - font.name = "SF Pro"; - font.size = 16; - font.package = pkgs.apple-fonts.sf-pro; - settings = { - GTK = { - font_name = mkForce "SF Pro 16"; - }; - }; - }; - - programs.zsh.enable = true; - - security.rtkit.enable = config.services.pipewire.enable; - - services.pipewire = mkIf config.services.pipewire.enable { - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; -} diff --git a/profiles/minimal.linux.nix b/profiles/minimal.linux.nix deleted file mode 100644 index acf51eb..0000000 --- a/profiles/minimal.linux.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, lib, ... }: -let - bootUUID = config.machines.fs.bootUUID; - efiUUID = config.machines.fs.efiUUID; - luuksUUID = config.machines.fs.luuksUUID; - cryptrootUUID = config.machines.fs.cryptrootUUID; -in -{ - imports = [ ./minimal.nix ]; - - boot.bootspec.enable = true; - boot.initrd = { - kernelModules = [ ]; - systemd.enable = true; - }; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - - boot.loader.efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "efi"; - }; - - boot.loader.systemd-boot = { - enable = lib.mkForce false; - xbootldrMountPoint = "/boot"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/${bootUUID}"; - fsType = "ext4"; - }; - - fileSystems."/efi" = { - device = "/dev/disk/by-uuid/${efiUUID}"; - fsType = "vfat"; - options = [ - "fmask=0137" - "dmask=0027" - ]; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@root" ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@nix" ]; - }; - - fileSystems."/var/cache" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_cache" ]; - }; - - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_log" ]; - }; - - fileSystems."/var/spool" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_spool" ]; - }; - - fileSystems."/var/tmp" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_tmp" ]; - }; - - fileSystems."/var/lib/machines" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_machines" ]; - }; - - fileSystems."/var/lib/portables" = { - device = "/dev/disk/by-uuid/${cryptrootUUID}"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_portables" ]; - }; - - swapDevices = [ ]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/profiles/minimal.nix b/profiles/minimal.nix deleted file mode 100644 index 0a68c4c..0000000 --- a/profiles/minimal.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - curl - git - vim - wget - ]; - - nix.package = pkgs.lixPackageSets.stable.lix; - - nix.settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - - nixpkgs.overlays = [ - (import ../overlays) - ]; -}