monologiq/systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: monologiq:aca581facc48bd290fb37ca07c2d58a6c00a812b
Branches Tags
monologiq:master
..
compare: monologiq:62778d85194d9d3149a09896fe8891471a83791a
Branches Tags
monologiq:master

10 commits
aca581facc ... 62778d8519

Author SHA1 Message Date
monologiq
62778d8519 WIP2 2025-12-27 14:53:12 +01:00
monologiq
92f83235e0 WIP 2025-12-26 17:22:54 +01:00
monologiq
e06b409221 Add first implementation of home-manager 2025-12-24 22:35:23 +01:00
monologiq
bf6d3fb257 persephone: Install Brave 2025-12-24 21:06:52 +01:00
Paul-Mathias Logue
4a2dfb8e6e Fix up for hermes 2025-12-24 20:54:34 +01:00
monologiq
abd055702b Merge networking.nix and cleanup 2025-12-24 16:56:09 +01:00
monologiq
7c553dbf9a Add hostName option 2025-12-24 16:35:35 +01:00
monologiq
b5d23b1ddc Rename options.machines -> options.machine 2025-12-24 16:34:32 +01:00
monologiq
95c39f896c Merge hardware.nix 2025-12-24 16:29:05 +01:00
monologiq
7ff397a7c0 Add env variable for EDITOR and LESS 2025-12-24 16:11:49 +01:00
32 changed files with 893 additions and 468 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -11,3 +11,9 @@ sudo nixos-install --root /mnt --flake .#hermes
```bash ```bash
nix run nix-darwin/release-* -- switch --flake .#mercure nix run nix-darwin/release-* -- switch --flake .#mercure
``` ```
# TODO
1. Create a configuration path for the directory `config`
2. Create `mkSystem` that:
1. Inject `options.machine`
2. Auto-import the related configurations

0
machines/persephone/off.orp → config/openrgb/off.orp
View file

22
flake.lock generated
View file

@ -53,6 +53,27 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1766553861,
"narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -139,6 +160,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"

180
flake.nix
View file

@ -1,81 +1,128 @@
{ {
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote?ref=master";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = outputs =
{ self, nixpkgs, ... }@inputs: { self, nixpkgs, ... }@inputs:
let let
supportedSystems = [ lib = import ./lib { inherit nixpkgs; };
"x86_64-linux"
"aarch64-darwin"
];
lib = import ./lib { inherit (inputs.nixpkgs) lib; }; inherit (lib) forEachSupportedSystem pkgsFor;
pkgsFor =
system:
import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
forEachSupportedSystem = systems =
f: let
inputs.nixpkgs.lib.genAttrs supportedSystems ( inherit (inputs)
home-manager
lanzaboote
nix-darwin
nixpkgs
;
inherit (nixpkgs.lib)
flatten
hasSuffix
mkAliasOptionModule
strings
mkOption
types
;
systemFn =
system: system:
f { if hasSuffix "darwin" system then
inherit system; nix-darwin.lib.darwinSystem
pkgs = pkgsFor system; else if hasSuffix "linux" system then
} nixpkgs.lib.nixosSystem
); else
throw "System: ${system} not supported.";
homeModule =
system:
if hasSuffix "darwin" system then
home-manager.darwinModules.home-manager
else if hasSuffix "linux" system then
home-manager.nixosModules.home-manager
else
throw "System: ${system} not supported.";
in in
{ {
nixosConfigurations."persephone" = nixpkgs.lib.nixosSystem { mkSystem =
modules = [ system:
inputs.lanzaboote.nixosModules.lanzaboote
./machines/persephone.nix
(
{ lib, ... }:
{ {
options.machines = { machine ? { },
fs = { modules ? [ ],
bootUUID = lib.mkOption { specialArgs ? { },
type = lib.types.str; }:
description = "The UUID of the XBOOTLDR partition."; systemFn system {
default = "9c2d7380-571d-4bc5-9ad2-e4888ce351be"; inherit specialArgs;
};
efiUUID = lib.mkOption { modules = flatten (
type = lib.types.str; modules
description = "The UUID of the ESP."; ++ [
default = "71E7-7A63"; (
}; if hasSuffix "darwin" system then
luuksUUID = lib.mkOption { home-manager.darwinModules.home-manager
type = lib.types.str; else if hasSuffix "linux" system then
description = "The UUID of the encrypted root partition."; [
default = "b0ace3a0-64f0-461e-a604-7f6788384d12"; lanzaboote.nixosModules.lanzaboote
}; ]
cryptrootUUID = lib.mkOption { else
type = lib.types.str; throw "System: ${system} not supported."
description = "The UUID of the decrypted root partition."; )
default = "769362f6-43d4-4b83-a12c-d006c9bd6613";
{ nixpkgs.hostPlatform = "${system}"; }
{
options.machine = {
mainUser = mkOption {
type = types.str;
description = "The main user of the machine";
}; };
hostName = mkOption {
type = types.str;
description = "The name of the machine";
}; };
}; };
} }
) { config.machine = machine; }
./modules/common/environment.nix
./modules/common/nix.nix
./modules/common/nixpkgs.nix
./modules/common/programs.nix
./machines/${machine.hostName}.nix
]
);
};
};
in
{
nixosConfigurations."persephone" = systems.mkSystem "x86_64-linux" {
machine = {
hostName = "persephone";
mainUser = "pml";
};
modules = [
./modules/nixos/boot.nix
./modules/nixos/environment.nix
./modules/nixos/filesystems.nix
./modules/nixos/fonts.nix
./modules/nixos/hardware.nix
./modules/nixos/networking.nix
./modules/nixos/programs.nix
./modules/nixos/security.nix
./modules/nixos/services.nix
./modules/nixos/system.nix
]; ];
}; };
darwinConfigurations."hermes" = inputs.nix-darwin.lib.darwinSystem { darwinConfigurations."hermes" = systems.mkSystem "aarch64-darwin" {
machine = {
hostName = "hermes";
mainUser = "pml";
};
modules = [ modules = [
{ system.configurationRevision = self.rev or self.dirtyRev or null; } ./modules/darwin/homebrew.nix
./machines/hermes.nix ./modules/darwin/programs.nix
]; ];
}; };
@ -93,4 +140,17 @@
formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style); formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style);
}; };
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
nix-darwin.url = "github:nix-darwin/nix-darwin?ref=nix-darwin-25.11";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager?ref=release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote?ref=master";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
};
} }

32
lib/default.nix
View file

@ -1,3 +1,33 @@
{ lib, ... }: { {
nixpkgs,
supportedSystems ? [
"x86_64-linux"
"aarch64-darwin"
],
...
}:
let
inherit (nixpkgs.lib) genAttrs;
forEachSupportedSystem =
f:
genAttrs supportedSystems (
system:
f {
inherit system;
pkgs = pkgsFor system;
}
);
pkgsFor =
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
nixpkgs.lib
// {
inherit forEachSupportedSystem pkgsFor;
} }

5
machines/hermes.nix
View file

@ -1,11 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
../profiles/minimal.nix
../profiles/desktop.darwin.nix
];
environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems"; environment.darwinConfig = "/Users/${config.system.primaryUser}/Development/systems";
system.primaryUser = "pml"; system.primaryUser = "pml";

13
machines/hermes/default.nix
View file

@ -1,13 +0,0 @@
{ self, pkgs, ... }:
{
environment.systemPackages = [
pkgs.vim
];
nix.settings.experimental-features = "nix-command flakes";
system.stateVersion = 6;
nixpkgs.hostPlatform = "aarch64-darwin";
}

77
machines/persephone.nix
View file

@ -2,26 +2,30 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: }:
let
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{ {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./persephone/hardware.nix
./persephone/networking.nix
../profiles/minimal.linux.nix
../profiles/desktop.linux.nix
];
boot = { boot = {
blacklistedKernelModules = [
"spd5118"
];
extraModulePackages = [ ]; extraModulePackages = [ ];
kernelModules = [ "kvm-intel" ]; kernelModules = [
"i2c-dev"
"kvm-intel"
];
kernelPackages = pkgs.linuxPackages_6_17; kernelPackages = pkgs.linuxPackages_6_17;
kernelParams = [ "i915.enable_guc=3" ]; kernelParams = [ "i915.enable_guc=3" ];
}; };
boot.initrd.availableKernelModules = [
boot.initrd = {
availableKernelModules = [
"xhci_pci" "xhci_pci"
"thunderbolt" "thunderbolt"
"nvme" "nvme"
@ -29,6 +33,9 @@
"usbhid" "usbhid"
"sd_mod" "sd_mod"
]; ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}";
};
console = { console = {
keyMap = "us"; keyMap = "us";
@ -37,6 +44,18 @@
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
fileSystems."/".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/boot".device = "/dev/disk/by-uuid/${boot}";
fileSystems."/efi".device = "/dev/disk/by-uuid/${esp}";
fileSystems."/home".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/nix".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/cache".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/machines".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/lib/portables".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/log".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/spool".device = "/dev/disk/by-uuid/${cryptroot}";
fileSystems."/var/tmp".device = "/dev/disk/by-uuid/${cryptroot}";
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
@ -48,6 +67,8 @@
]; ];
}; };
hardware.i2c.enable = true;
hardware.nvidia = { hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
open = true; open = true;
@ -109,23 +130,27 @@
VDPAU_DRIVER = "va_gl"; VDPAU_DRIVER = "va_gl";
}; };
environment.systemPackages = with pkgs; [
i2c-tools
lm_sensors
];
networking.wireless.iwd.enable = true;
nix.settings = { nix.settings = {
substituters = [ "https://cache.nixos-cuda.org" ]; substituters = [ "https://cache.nixos-cuda.org" ];
trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ];
}; };
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"1password"
"1password-cli"
"nvidia-x11"
"nvidia-settings"
];
programs._1password.enable = true; programs._1password.enable = true;
services.hardware.openrgb = {
enable = true;
startupProfile = "off";
};
services.pipewire.enable = true; services.pipewire.enable = true;
services.udev.packages = [ pkgs.openrgb ];
services.xserver.videoDrivers = [ services.xserver.videoDrivers = [
"modesetting" "modesetting"
@ -141,16 +166,6 @@
"i2c" "i2c"
"wheel" "wheel"
]; ];
packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
jnoortheen.nix-ide
mkhl.direnv
yzhang.markdown-all-in-one
];
})
];
}; };
# DO NOT EDIT # DO NOT EDIT

34
machines/persephone/hardware.nix
View file

@ -1,34 +0,0 @@
{ pkgs, ... }:
{
# I2C
environment.systemPackages = with pkgs; [
i2c-tools
lm_sensors
];
boot.kernelModules = [ "i2c-dev" ];
boot.blacklistedKernelModules = [
# The spd5118 driver is in conflict with openrgb by holding onto I2C adresses when using Kingston Fury DRAM.
# On boot, I need to access those i2c regions in other to poweroff the RGB lighting.
# Then, I manually enable the kernel module in any script.
# It's possible to let this module disabled, but I lose the ability to get temperature values for the DIMMs.
# https://gitlab.com/CalcProgrammer1/OpenRGB/-/merge_requests/2557
"spd5118"
];
hardware.i2c.enable = true;
# OpenRGB
services.udev.packages = [ pkgs.openrgb ];
services.hardware.openrgb = {
enable = true;
startupProfile = "off";
};
system.activationScripts.openrgbOff = ''
mkdir -p /var/lib/OpenRGB
cp ${./off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
}

51
machines/persephone/networking.nix
View file

@ -1,51 +0,0 @@
{ lib, ... }:
{
networking.hostName = "persephone";
networking.useDHCP = lib.mkDefault true;
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = false; # Let dhcpcd handle this
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
networking.dhcpcd = {
enable = true;
extraConfig = ''
nohook resolv.conf # Don't let dhcpcd manage resolv.conf
'';
};
networking.resolvconf.enable = false;
services.avahi.enable = true;
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
services.openssh.enable = true;
}

17
machines/persephone/remove_systemd_service.patch
View file

@ -1,17 +0,0 @@
diff --git a/OpenRGB.pro b/OpenRGB.pro
index df7082b6..0022e5fa 100644
--- a/OpenRGB.pro
+++ b/OpenRGB.pro
@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) {
icon.files+=qt/org.openrgb.OpenRGB.png
metainfo.path=$$PREFIX/share/metainfo/
metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml
- systemd_service.path=/etc/systemd/system
- systemd_service.files+=qt/openrgb.service
- INSTALLS += target desktop icon metainfo udev_rules systemd_service
+ # systemd_service.path=/etc/systemd/system
+ # systemd_service.files+=qt/openrgb.service
+ INSTALLS += target desktop icon metainfo udev_rules # systemd_service
}
#-----------------------------------------------------------------------------------------------#

49
modules/common/environment.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
getName
mkIf
mkMerge
optionalAttrs
;
cfg = config;
in
{
config = mkMerge [
{
environment.systemPackages = with pkgs; [
chezmoi
direnv
git
curl
vim
wget
];
users.users."${config.machine.mainUser}".packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
jnoortheen.nix-ide
mkhl.direnv
ms-azuretools.vscode-docker
ms-python.python
ms-vscode-remote.remote-ssh
yzhang.markdown-all-in-one
];
})
];
}
(mkIf cfg.programs.zsh.enable {
environment.pathsToLink = [ "/share/zsh" ];
})
];
}

24
modules/common/nix.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
nix = {
package = pkgs.lixPackageSets.stable.lix;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
};
}
];
}

32
modules/common/nixpkgs.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge optionalAttrs;
in
{
config = mkMerge [
{
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (getName pkg) [
"1password-cli"
"1password"
"nvidia-settings"
"nvidia-x11"
"obsidian"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
}
(optionalAttrs (builtins.pathExists ../../overlays) {
nixpkgs.overlays = [
(import ../../overlays)
];
})
];
}

16
modules/common/programs.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh.enable = true;
}
];
}

23
modules/darwin/homebrew.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, pkgs, ... }:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
homebrew = {
enable = true;
casks = [
"1password-cli"
"1password"
"adguard"
"alacritty"
"brave-browser"
"figma"
"firefox"
];
};
}
];
}

22
modules/darwin/programs.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getName mkMerge;
in
{
config = mkMerge [
{
programs.zsh = {
shellInit = ''
if [ -e "/opt/homebrew/bin/brew" ]; then
eval "$(/opt/homebrew/bin/brew shellenv)"
fi
'';
};
}
];
}

73
modules/machine.nix Normal file
View file

@ -0,0 +1,73 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkAliasOptionModule
mkOption
types
;
in
{
options.machine = {
mainUser = mkOption {
type = types.str;
description = "The main user of the machine";
};
hostName = mkOption {
type = types.str;
description = "The name of the machine";
};
filesystem.uuid = {
boot = mkOption {
type = types.nullOr types.str;
description = "The UUID of the XBOOTLDR partition.";
default = null;
};
esp = mkOption {
type = types.nullOr types.str;
description = "The UUID of the ESP.";
default = null;
};
luks = mkOption {
type = types.nullOr types.str;
description = "The UUID of the encrypted root partition.";
default = null;
};
cryptroot = mkOption {
type = types.nullOr types.str;
description = "The UUID of the decrypted root partition.";
default = null;
};
};
};
config = lib.mkIf pkgs.stdenv.hostPlatform.isLinux {
assertions = [
{
assertion = config.machine.filesystem.uuid.boot != null;
message = "machine.filesystem.uuid.boot must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.esp != null;
message = "machine.filesystem.uuid.esp must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.luks != null;
message = "machine.filesystem.uuid.luks must be set on Linux systems";
}
{
assertion = config.machine.filesystem.uuid.cryptroot != null;
message = "machine.filesystem.cryptroot.esp must be set on Linux systems";
}
];
};
}

40
modules/nixos/boot.nix Normal file
View file

@ -0,0 +1,40 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
}
];
}

54
modules/nixos/environment.nix Normal file
View file

@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
{
environment.sessionVariables = {
EDITOR = "${pkgs.vim}/bin/vim";
PAGER = "${pkgs.less}/bin/less";
};
environment.systemPackages = with pkgs; [
alacritty
brave
firefox
foliate
fuzzel
loupe
mpv
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
loupe
sbctl
vdpauinfo
];
}
(mkIf config.programs.niri.enable {
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
})
(mkIf config.programs._1password.enable {
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
})
];
}

94
modules/nixos/filesystems.nix Normal file
View file

@ -0,0 +1,94 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkMerge
mkOption
optionalAttrs
types
;
boot = "cb03cf78-715e-4030-ba82-189ff8897eaf";
esp = "4E4C-1139";
luks = "0cf52ea1-16d1-4dec-a69a-bdac82bbcf25";
cryptroot = "6fb9ce3c-c870-4eb7-8199-6536ff898701";
in
{
config = mkMerge [
{
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${boot}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${esp}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptroot}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
}
];
}

37
modules/nixos/fonts.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
}
];
}

27
modules/nixos/hardware.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge;
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = mkMerge [
{
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth = {
settings = {
General.Experimental = true;
};
};
}
];
}

37
modules/nixos/networking.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault mkMerge optionalString;
in
{
config = mkMerge [
{
networking.dhcpcd = {
enable = config.networking.wireless.iwd.enable;
extraConfig = ''
${optionalString config.services.resolved.enable "nohook resolv.conf"}
'';
};
networking.hostName = "${config.machine.hostName}";
networking.resolvconf.enable = !config.services.resolved.enable;
networking.useDHCP = mkDefault true;
networking.wireless.iwd = {
settings = {
General = {
EnableNetworkConfiguration = !config.services.resolved.enable;
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
}
];
}

47
modules/nixos/programs.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkForce
mkIf
mkMerge
optionalAttrs
;
in
{
config = mkMerge [
{
programs.dconf.enable = config.programs.niri.enable;
programs.firefox = {
enable = true;
nativeMessagingHosts.packages = with pkgs; [ vdhcoapp ];
};
programs.niri.enable = true;
programs.regreet = {
enable = config.programs.niri.enable;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
}
(mkIf config.programs._1password.enable {
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
})
];
}

17
modules/nixos/security.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge;
in
{
config = mkMerge [
{
security.polkit.enable = config.programs.niri.enable;
security.rtkit.enable = config.services.pipewire.enable;
}
];
}

39
modules/nixos/services.nix Normal file
View file

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkMerge optionalAttrs;
in
{
config = mkMerge [
{
services.avahi.enable = true;
services.openssh.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
}
];
}

20
modules/nixos/system.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkMerge;
in
{
config = mkMerge [
(mkIf config.services.hardware.openrgb.enable {
system.activationScripts.openrgbOff = ''
mkdir -p /var/lib/OpenRGB
cp ${../../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
chmod 0644 /var/lib/OpenRGB/off.orp
'';
})
];
}

5
profiles/desktop.darwin.nix
View file

@ -1,5 +0,0 @@
{ ... }:
{
}

104
profiles/desktop.linux.nix
View file

@ -1,104 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkForce mkIf;
sessionVariables = {
NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs; [
adwaita-icon-theme
ddcutil
gsettings-desktop-schemas
libva-utils
sbctl
vdpauinfo
];
in
{
environment = {
inherit sessionVariables systemPackages;
};
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [
"SF Pro"
"DejaVu Serif"
];
sansSerif = [
"SF Pro"
"DejaVu Sans"
];
monospace = [
"Iosevka Cavalier"
"DejaVu Sans Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
hardware.bluetooth = mkIf config.hardware.bluetooth.enable {
settings = {
General.Experimental = true;
};
};
programs.dconf.enable = config.programs.niri.enable;
security.polkit.enable = config.programs.niri.enable;
programs._1password-gui = mkIf config.programs._1password.enable {
enable = true;
polkitPolicyOwners = [ "pml" ];
};
environment.etc = mkIf config.programs._1password-gui.enable {
"1password/custom_allowed_browsers" = {
text = ''
firefox
brave
'';
mode = "0755";
};
};
programs.niri.enable = true;
programs.regreet = {
enable = true;
font.name = "SF Pro";
font.size = 16;
font.package = pkgs.apple-fonts.sf-pro;
settings = {
GTK = {
font_name = mkForce "SF Pro 16";
};
};
};
programs.zsh.enable = true;
security.rtkit.enable = config.services.pipewire.enable;
services.pipewire = mkIf config.services.pipewire.enable {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
}

107
profiles/minimal.linux.nix
View file

@ -1,107 +0,0 @@
{ config, lib, ... }:
let
bootUUID = config.machines.fs.bootUUID;
efiUUID = config.machines.fs.efiUUID;
luuksUUID = config.machines.fs.luuksUUID;
cryptrootUUID = config.machines.fs.cryptrootUUID;
in
{
imports = [ ./minimal.nix ];
boot.bootspec.enable = true;
boot.initrd = {
kernelModules = [ ];
systemd.enable = true;
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "efi";
};
boot.loader.systemd-boot = {
enable = lib.mkForce false;
xbootldrMountPoint = "/boot";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${bootUUID}";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/${efiUUID}";
fsType = "vfat";
options = [
"fmask=0137"
"dmask=0027"
];
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
fileSystems."/" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" = {
device = "/dev/disk/by-uuid/${cryptrootUUID}";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

23
profiles/minimal.nix
View file

@ -1,23 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
curl
git
vim
wget
];
nix.package = pkgs.lixPackageSets.stable.lix;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
nixpkgs.overlays = [
(import ../overlays)
];
}