diff --git a/flake.nix b/flake.nix
index 60d4723..c82973c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -263,6 +263,10 @@
title = "mjallen Flake";
};
};
+
+ channels-config = {
+ allowUnfree = true;
+ };
outputs-builder = channels: {
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
diff --git a/homes/x86_64-linux/matt@desktop/default.nix b/homes/x86_64-linux/matt@desktop/default.nix
index ee65782..ecd6eeb 100755
--- a/homes/x86_64-linux/matt@desktop/default.nix
+++ b/homes/x86_64-linux/matt@desktop/default.nix
@@ -1,4 +1,16 @@
{ pkgs, ... }:
+let
+ displayLeft = {
+ input = "DP-1";
+ resolution = "3840x2160";
+ refreshRate = "240.00000";
+ };
+ displayRight = {
+ input = "DP-2";
+ resolution = "3840x2160";
+ refreshRate = "240.00000";
+ };
+in
{
home.username = "matt";
@@ -19,6 +31,113 @@
"desktop-steam-rom-manager"
];
};
+
+ programs = {
+ hyprland = {
+ enable = true;
+ primaryDisplay = "DP-1";
+
+ wallpaper = [
+ "${displayLeft.input}, /run/wallpaper.jpg"
+ "${displayRight.input}, /run/wallpaper.jpg"
+ ];
+
+ monitor = [
+ "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
+ "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
+ ];
+
+ workspace = [
+ "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
+ "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
+ "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
+ ];
+
+ windowRule = [
+ "size 2160 7680, tag:horizonrdp"
+ ];
+
+ extraConfig = ''
+ exec-once = nm-applet
+ exec-once = [silent] firefox
+ exec-once = [silent] vesktop
+ exec-once = [silent] chromium --app="https://music.apple.com"
+ exec-once = [silent] steam
+ '';
+
+ defaultApps = {
+ browser = pkgs.firefox;
+ };
+ };
+ btop.enable = true;
+ kitty = {
+ enable = true;
+ font = {
+ name = "JetBrainsMono NFM";
+ package = pkgs.nerd-fonts.jetbrains-mono;
+ };
+ };
+ mako = {
+ enable = true;
+ fontName = "JetBrainsMono NFM";
+ };
+ nwg-dock.enable = true;
+ nwg-drawer.enable = true;
+ nwg-panel = {
+ enable = true;
+ defaultApps = {
+ browser = pkgs.firefox;
+ };
+ };
+ waybar = {
+ enable = true;
+
+ layer = "bottom";
+
+ networkInterface = "wlp9s0";
+
+ modules-right = [
+ "custom/lights"
+ "temperature"
+ "temperature#gpu"
+ "keyboard-state#capslock"
+ "keyboard-state#numlock"
+ "wireplumber#sink"
+ "wireplumber#source"
+ "bluetooth"
+ "network"
+ "idle_inhibitor"
+ "clock"
+ "custom/weather"
+ ];
+
+ extraModules = {
+ "custom/lights" = {
+ tooltip = false;
+ exec = "waybar-hass --get_light light.living_room_lights";
+ interval = "once";
+ format = "{text}"; # "";
+ on-click = "waybar-hass --toggle_light light.living_room_lights";
+ return-type = "json";
+ };
+ };
+
+ extraModulesStyle = ''
+ #custom-lights {
+ color: #88c0d0;
+ background-color: #2e3440;
+ opacity: 0.8;
+ border-left: 5px solid #88c0d0;
+ }
+
+ #custom-lights:hover {
+ background: #4c566a;
+ }
+ '';
+ };
+ wlogout.enable = true;
+ wofi.enable = true;
+ };
};
services = {
diff --git a/modules/nixos/amd/default.nix b/modules/nixos/amd/default.nix
index 85b8a44..11a60f7 100755
--- a/modules/nixos/amd/default.nix
+++ b/modules/nixos/amd/default.nix
@@ -2,11 +2,11 @@
lib,
pkgs,
config,
+ namespace,
...
}:
let
- cfg = config.share.hardware.amd;
- pkgsVersion = pkgs; # .unstable;
+ cfg = config.${namespace}.hardware.amd;
in
{
imports = [ ./options.nix ];
@@ -20,7 +20,7 @@ in
# Configure programs
programs.corectrl = {
enable = cfg.corectrl.enable;
- package = pkgsVersion.corectrl;
+ package = pkgs.corectrl;
};
# Configure environment
@@ -51,7 +51,7 @@ in
# nixpkg is broken so need to manually define
systemd.services.lactd = lib.mkIf cfg.lact.enable {
description = "AMDGPU Control Daemon";
- path = with pkgsVersion; [
+ path = with pkgs; [
bash
lact
];
@@ -64,7 +64,7 @@ in
# Configure environment
environment = {
- systemPackages = with pkgsVersion; lib.mkIf cfg.lact.enable [ lact ];
+ systemPackages = with pkgs; lib.mkIf cfg.lact.enable [ lact ];
};
};
}
diff --git a/modules/nixos/amd/options.nix b/modules/nixos/amd/options.nix
index 7fa24bf..d95553e 100755
--- a/modules/nixos/amd/options.nix
+++ b/modules/nixos/amd/options.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, namespace, ... }:
with lib;
{
- options.share.hardware.amd = {
+ options.${namespace}.hardware.amd = {
enable = mkEnableOption "amd hardware config";
corectrl.enable = mkOption {
diff --git a/modules/nixos/gaming/default.nix b/modules/nixos/gaming/default.nix
index 4640192..0ed0156 100755
--- a/modules/nixos/gaming/default.nix
+++ b/modules/nixos/gaming/default.nix
@@ -2,11 +2,11 @@
lib,
config,
pkgs,
+ namespace,
...
}:
let
- cfg = config.share.gaming;
- pkgsVersion = pkgs; # .unstable;
+ cfg = config.${namespace}.gaming;
in
{
imports = [ ./options.nix ];
@@ -22,7 +22,7 @@ in
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
- extraCompatPackages = with pkgsVersion; [ proton-ge-bin ];
+ extraCompatPackages = with pkgs; [ proton-ge-bin ];
gamescopeSession = {
enable = true;
args = [
@@ -49,6 +49,7 @@ in
gamemode.enable = true;
};
+
# Hardware configs
hardware = {
# Xbox controllers
@@ -58,11 +59,17 @@ in
steam-hardware.enable = true;
};
+ environment = {
+ variables = {
+ STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
+ };
+ };
+
# Configure nixpkgs
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs =
- _pkgs: with pkgsVersion; [
+ _pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
diff --git a/modules/nixos/gaming/options.nix b/modules/nixos/gaming/options.nix
index 7cadef1..83812c7 100755
--- a/modules/nixos/gaming/options.nix
+++ b/modules/nixos/gaming/options.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, namespace, ... }:
with lib;
{
- options.share.gaming = {
+ options.${namespace}.gaming = {
enable = mkEnableOption "enable gaming stuffs";
};
}
diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix
index 3149ba0..21942b7 100644
--- a/modules/nixos/hardware/default.nix
+++ b/modules/nixos/hardware/default.nix
@@ -1,4 +1,4 @@
-{ lib, system, ... }:
+{ lib, system, pkgs, ... }:
let
isArm = "aarch64-linux" == system;
in
@@ -17,5 +17,14 @@ in
enable = lib.mkDefault true;
enable32Bit = lib.mkDefault (!isArm);
};
+
+ # Enable Sane and Brother printer support.
+ sane = {
+ enable = true;
+ brscan5.enable = false;
+ extraBackends = [ pkgs.brscan5 ];
+ };
+
+ flipperzero.enable = true;
};
}
diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix
index 972367e..5bccfa9 100644
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -1,7 +1,8 @@
-{ lib, ... }:
+{ config, lib, system, namespace, ... }:
let
- # defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
+ isx86 = system == "x86_64-linux";
+ user = config.${namespace}.user.name;
in
{
# Permission modes are in octal representation (same as chmod),
@@ -28,6 +29,13 @@ in
secrets = {
"wifi" = { };
+ "matt_password" = {
+ neededForUsers = true;
+ mode = "0600";
+ owner = config.users.users."${user}".name;
+ group = config.users.users."${user}".group;
+ };
+
# ------------------------------
# SSH keys
# ------------------------------
@@ -57,6 +65,38 @@ in
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
+
+ # ------------------------------
+ # Secureboot keys
+ # ------------------------------
+ "secureboot/GUID" = lib.mkIf isx86 {
+ path = "/etc/secureboot/GUID";
+ mode = "0600";
+ };
+ "secureboot/keys/db-key" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/db/db.key";
+ mode = "0600";
+ };
+ "secureboot/keys/db-pem" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/db/db.pem";
+ mode = "0600";
+ };
+ "secureboot/keys/KEK-key" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/KEK/KEK.key";
+ mode = "0600";
+ };
+ "secureboot/keys/KEK-pem" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/KEK/KEK.pem";
+ mode = "0600";
+ };
+ "secureboot/keys/PK-key" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/PK/PK.key";
+ mode = "0600";
+ };
+ "secureboot/keys/PK-pem" = lib.mkIf isx86 {
+ path = "/etc/secureboot/keys/PK/PK.pem";
+ mode = "0600";
+ };
};
# ------------------------------
diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix
index 7e71760..700b7ba 100644
--- a/modules/nixos/system/default.nix
+++ b/modules/nixos/system/default.nix
@@ -1,8 +1,42 @@
-{ ... }:
+{ pkgs, system, ... }:
let
timezone = "America/Chicago";
+ isArm = system == "aarch64-linux";
in
{
+
+ environment.systemPackages = with pkgs; [
+ nil
+ qemu
+ udisks2
+ unzip
+ ] ++
+ (if isArm then
+ [ ]
+ else
+ [
+ acpilight
+ aha
+ aspell
+ aspellDicts.en
+ aspellDicts.en-computers
+ aspellDicts.en-science
+ brightnessctl
+ ddcui
+ ddcutil
+ ddccontrol
+ ddccontrol-db
+ efibootmgr
+ memtest86-efi
+ memtest86plus
+ os-prober
+ sbctl
+ tpm2-tools
+ tpm2-tss
+ winetricks
+ ]
+ );
+
# Time config
time = {
# Set your time zone.
diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix
index 6947bdb..9cb451b 100644
--- a/modules/nixos/user/default.nix
+++ b/modules/nixos/user/default.nix
@@ -7,6 +7,7 @@
}:
with lib;
let
+ inherit (lib.mjallen) mkOpt mkBoolOpt;
cfg = config.${namespace}.user;
isRoot = (cfg.name == "root");
@@ -22,79 +23,38 @@ let
# Yubikey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuzZfywCSde/3J1zRWH0s7OMEhHIwZeNWdKHUxMAYE/5hzFRtl5LYuNU68zxj7Aj67VF8VGwBbMEU6X/ebiNAxahmjf4mtioby5b4TIy+0Xvdbayoch938bP7UhskzobaJF6epg3vyATnJGr6i0EOXiDSkJU8vL1oeue0HN7WmwzIqxw0BTaSh6HJvjhhFhs20dBHc2x9behIfSmKFe9gBlPcIriUtpXNgasm14QCMk537dlSgGUFxPGIzZRAUSn5wqFjbiNK0rP/1MJzhGtXhHFJ8irI4TiVEk3cOm5nMoJxTP4KScfmHU+niU1Al+d0KOBsHb71AWutazRudKvsqrPsbG6vT4gGMVjOCTN9e89jcapz5GEQsVQR6s1HUjh4G+2PFbHOFmR8Mks+TIumqHIWsXgQnFBadblDRGPwrSH3zulvRzghyfTyU/bX28iGvpli2ckso5nJmG8D1LO7Y/E8U8ZGW4hC75+iP90cu9G1Ff1hETkrv6xpbNTGL61U= cardno:33_720_987"
];
+
+ defaultPasswordFile = config.sops.secrets."matt_password".path;
in
{
options.${namespace}.user = with types; {
- email = lib.mkOption {
- type = str;
- default = "jalle008@proton.me";
- description = "The email of the user.";
- };
- extraGroups = lib.mkOption {
- type = (listOf str);
- default = [ ];
- description = "Groups for the user to be assigned.";
- };
- extraOptions = lib.mkOption {
- type = attrs;
- default = { };
- description = "Extra options passed to .";
- };
- fullName = lib.mkOption {
- type = str;
- default = "Matt Jallen";
- description = "The full name of the user.";
- };
- name = lib.mkOption {
- type = str;
- default = "matt";
- description = "The name to use for the user account.";
- };
- passwordFile = lib.mkOption {
- type = nullOr path;
- default = null;
- description = "Path to the password file for this user account";
- };
- sshKeys = lib.mkOption {
- type = listOf str;
- default = [ ];
- description = "List of SSH public keys for the user.";
- };
- enableCommonSshKeys = lib.mkOption {
- type = bool;
- default = true;
- description = "Whether to include common SSH keys used across systems.";
- };
- uid = lib.mkOption {
- type = int;
- default = if isRoot then ids.uids.root else 1000;
- description = "The user ID for the user account.";
- };
- packages = lib.mkOption {
- type = listOf package;
- default = [ ];
- description = "List of packages to install for this user.";
- };
- linger = lib.mkOption {
- type = bool;
- default = false;
- description = "Whether to enable systemd user service persistence.";
- };
- password = lib.mkOption {
- type = nullOr str;
- default = null;
- description = "Plain text password for the user (development only).";
- };
- hashedPassword = lib.mkOption {
- type = nullOr str;
- default = null;
- description = "Hashed password for the user.";
- };
- mutableUsers = lib.mkOption {
- type = bool;
- default = false;
- description = "Whether users are mutable (can be modified after creation).";
- };
+ email = mkOpt str "jalle008@proton.me" "The email of the user.";
+
+ extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
+
+ extraOptions = mkOpt attrs { } "Extra options passed to .";
+
+ fullName = mkOpt str "Matt Jallen" "The full name of the user.";
+
+ name = mkOpt str "matt" "The name to use for the user account.";
+
+ sshKeys = mkOpt (listOf str) [ ] "List of SSH public keys for the user.";
+
+ enableCommonSshKeys = mkBoolOpt true "Whether to include common SSH keys used across systems.";
+
+ uid = mkOpt int (if isRoot then ids.uids.root else 1000) "The user ID for the user account.";
+
+ packages = mkOpt (listOf package) [ ] "List of packages to install for this user.";
+
+ linger = mkBoolOpt false "Whether to enable systemd user service persistence.";
+
+ password = mkOpt (nullOr str) null "Plain text password for the user (development only).";
+
+ hashedPassword = mkOpt (nullOr str) null "Hashed password for the user.";
+
+ hashedPasswordFile = mkOpt (nullOr path) defaultPasswordFile "Path to the password file for this user account";
+
+ mutableUsers = mkBoolOpt false "Whether users are mutable (can be modified after creation).";
};
config = {
@@ -106,6 +66,9 @@ in
uid
linger
packages
+ password
+ hashedPassword
+ hashedPasswordFile
;
extraGroups = [
@@ -136,16 +99,26 @@ in
# SSH keys - combine user-specific and common keys
openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
-
- # Authentication - priority: passwordFile > hashedPassword > password
- hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
- hashedPassword = lib.mkIf (
- cfg.passwordFile == null && cfg.hashedPassword != null
- ) cfg.hashedPassword;
- password = lib.mkIf (
- cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
- ) cfg.password;
}
// cfg.extraOptions;
+
+ assertions = [
+ {
+ assertion = (cfg.password != null) || (cfg.hashedPassword != null) || (cfg.hashedPasswordFile != null);
+ message = "User '${cfg.name}' requires at least one password method (password, hashedPassword, or hashedPasswordFile).";
+ }
+ {
+ assertion =
+ let
+ passwordMethods = lib.count (x: x != null) [ cfg.password cfg.hashedPassword cfg.hashedPasswordFile ];
+ in
+ passwordMethods <= 1;
+ message = "User '${cfg.name}' can only use one password method at a time. Found multiple: ${lib.concatStringsSep ", " (lib.filter (x: x != null) [
+ (if cfg.password != null then "password" else null)
+ (if cfg.hashedPassword != null then "hashedPassword" else null)
+ (if cfg.hashedPasswordFile != null then "hashedPasswordFile" else null)
+ ])}";
+ }
+ ];
};
}
diff --git a/modules/nixos/virtualization/default.nix b/modules/nixos/virtualization/default.nix
new file mode 100644
index 0000000..4b82498
--- /dev/null
+++ b/modules/nixos/virtualization/default.nix
@@ -0,0 +1,9 @@
+{ lib, ... }:
+{
+ # Virtualisation configuration
+ virtualisation = {
+ libvirtd.enable = lib.mkDefault true;
+ podman.enable = lib.mkDefault true;
+ waydroid.enable = lib.mkDefault true;
+ };
+}
\ No newline at end of file
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 449544d..6363768 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,5 +1,6 @@
#ENC[AES256_GCM,data:HkOno2ohMSLs46g=,iv:7KHzoElBP/GMIVubcIBya42SoFKVyt/+YRIxkgRE3Cw=,tag:U87dYHrKu/qqbLf5r7XEiA==,type:comment]
wifi: ENC[AES256_GCM,data:Rs+4Km4DogO7XatA,iv:JUv9HkNWsv/l4Fli5sFeUeYuWG1Yju95G59FJ/Q5W50=,tag:gRFCG4d5OBMRx1QayRV8Zg==,type:str]
+matt_password: ENC[AES256_GCM,data:/8utn5xMoWIxXitfg2kFZCQwbqqn6rH7Pt5KYeTyGintjg5jF8T9eqdqrBGlqMdKh/YjUTwZZg4/PkNG9/gqk86pjaUtg+8C6w==,iv:BDbThvyXmzB9eKfuK0V2eR8p20g7rOOTOA3AYNCM6TI=,tag:KvIKOLFW9NMmQy97QWRfQA==,type:str]
age-keys-private:
matt-desktop-nix: ENC[AES256_GCM,data:7/UO2Oq096iJHSpwA2cflRoiPWrKFJA2RhcuH0bJKM/MO15GbW1VktPZieEVrj+3KTYnhrWr5mEHx+uekhyL2W98SO0JkIJ/c24=,iv:w9lt2rQzkys2HSR8ls4RKJlkNsAb61a+6eB/joKDEtQ=,tag:OYkFVP9HGHumE/3PUP64PA==,type:str]
admin-jallen-nas: ENC[AES256_GCM,data:lKXCpyB0+wViUYsJgxxe7a4dD24a80xe1XEfvVLoazEb/qmoUClhXU4FI1o8ATvpND4XG/vlq8IsZ3V3Yr2FQSOQTrUxs+Yz1po=,iv:Po0jpfoHNMu4s6EePwD20Kc0HQhnY+YKnwovkqCzviI=,tag:0YHI6cNWV21OH2gMOX/Gmw==,type:str]
@@ -153,8 +154,8 @@ sops:
RU04T3g1Z3JNekJFQ1h4N1ZueUJHN3cK1PmEv0F4IFT5gKOzfOwSmyw/nQcIxSaD
60qSMPExbM+HOMaRD79zHKIbnzGUnheiuWjlIt+fAjnv+mdiIIQuzw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-05-29T02:27:34Z"
- mac: ENC[AES256_GCM,data:GqBTWeckU/ERKV/5OiPuFOSfUXUTEN7OpKKhGbWCl5oTUE1/CkmMheWJy5WiTlk89KAd66+gBK5kG29PQhEOkUcjoLZTdwghOiJVi90+zPdfz1fGkjs570GtNRulEBL13Ld9KRMHbRSOijM33jmgSpHY8Tcb7RzFTVQs6ZpJ6Fk=,iv:groe/8rbUW9PJTyI457u+LQsiBEzc0YKvKpNToTBrdQ=,tag:OvUbSTSR664p+hBa+BQ++A==,type:str]
+ lastmodified: "2025-08-24T23:01:20Z"
+ mac: ENC[AES256_GCM,data:XBGjbC4kieO4ygvGnQz/pyTmkfSRNzEsy1ifGpqfUMrB84kNMu1IX1SHm4Vvl2UrBj13yOn9/9poRwH8BnoEHcjh9HfYZusTV2hw29vPtEHN1ZX4VRA69pkXnBV6r+Scy2hhNTWE34fafHS/plRGnI2423LlfAOsUv118QCe1Ho=,iv:Wer5tHVAnI4GKKSaJODSazoXLUeN6IVkIF1k4x9/k34=,tag:dnWXCUrxcnoDJnj+Dh6kAg==,type:str]
pgp:
- created_at: "2025-08-24T02:21:39Z"
enc: |-
diff --git a/systems/x86_64-linux/desktop/configuration.nix b/systems/x86_64-linux/desktop/configuration.nix
deleted file mode 100755
index 0c8e916..0000000
--- a/systems/x86_64-linux/desktop/configuration.nix
+++ /dev/null
@@ -1,105 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{
- lib,
- pkgs,
- ...
-}:
-let
- pkgsVersion = pkgs; # .unstable;
- environmentVariables = {
- STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
- GDK_SCALE = "1";
- EDITOR = "${pkgs.vscodium}/bin/codium --wait";
- VISUAL = "${pkgs.vscodium}/bin/codium --wait";
- };
- systemPackages = with pkgsVersion; [
- acpilight
- aha
- aspell
- aspellDicts.en
- aspellDicts.en-computers
- aspellDicts.en-science
- borgbackup
- brightnessctl
- # brscan5
- ddcui
- ddcutil
- # ddccontrol
- # ddccontrol-db
- efibootmgr
- kdePackages.ksvg
- memtest86-efi
- memtest86plus
- os-prober
- nil
- qemu
- rclone
- rclone-browser
- restic
- restic-browser
- restic-integrity
- sane-frontends
- sbctl
- tpm2-tools
- tpm2-tss
- udisks2
- unzip
- winetricks
- ];
-in
-{
- chaotic.mesa-git.enable = false;
-
- # Environment configuration
- environment = {
- systemPackages = systemPackages;
-
- variables = environmentVariables;
- };
-
- # Hardware configuration
- hardware = {
- # Enable the QMK firmware flashing tool.
- keyboard = {
- qmk.enable = false;
- };
-
- # Enable Sane and Brother printer support.
- sane = {
- enable = true;
- brscan5.enable = false;
- # extraBackends = [ pkgsVersion.brscan5 ];
- };
- flipperzero.enable = true;
- };
-
- # Common Configuration
- share = {
- gaming.enable = true;
- hardware.amd = {
- enable = lib.mkDefault true;
- lact.enable = lib.mkDefault true;
- };
- };
-
- programs.coolercontrol.enable = true;
-
- # Time configuration
- time = {
- hardwareClockInLocalTime = lib.mkDefault false;
- };
-
- # Virtualisation configuration
- virtualisation = {
- libvirtd.enable = lib.mkDefault true;
- podman.enable = true;
- waydroid.enable = lib.mkDefault true;
- };
-
- services.udev.extraRules = ''
- KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
- '';
-}
diff --git a/systems/x86_64-linux/desktop/default.nix b/systems/x86_64-linux/desktop/default.nix
index 42a1d69..bb1091a 100644
--- a/systems/x86_64-linux/desktop/default.nix
+++ b/systems/x86_64-linux/desktop/default.nix
@@ -2,8 +2,8 @@
{
# as well as the libraries available from your flake's inputs.
# lib,
- # # An instance of `pkgs` with your overlays and packages applied is also available.
- # pkgs,
+ # An instance of `pkgs` with your overlays and packages applied is also available.
+ pkgs,
# # You also have access to your flake's inputs.
# inputs,
@@ -16,32 +16,41 @@
# systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
- config,
+ # config,
...
}:
-let
- passwordFile = config.sops.secrets."desktop/matt_password".path;
-in
{
imports = [
./boot.nix
- ./configuration.nix
./filesystems.nix
./hardware-configuration.nix
- # ./networking.nix - moved to modules/nixos/network
- ./nix.nix
./sops.nix
-
./services/lsfg-vk
-
- ./specialisations/hyprland
];
${namespace} = {
- hardware.disko.enable = false;
bootloader.lanzaboote.enable = true;
+
+ desktop = {
+ hyprland = {
+ enable = true;
+ wallpaperSource = "nasa";
+ };
+ gnome.enable = false;
+ };
+
+ gaming.enable = true;
+
+ hardware = {
+ disko.enable = false;
+ amd = {
+ enable = true;
+ lact.enable = true;
+ };
+ };
+
impermanence.enable = true;
- desktop.gnome.enable = true;
+
network = {
hostName = "matt-nixos";
wifi = {
@@ -55,8 +64,13 @@ in
};
};
};
- user = {
- passwordFile = passwordFile;
- };
+ };
+
+ programs.coolercontrol.enable = true;
+
+ environment.variables = {
+ GDK_SCALE = "1";
+ EDITOR = "${pkgs.vscodium}/bin/codium --wait";
+ VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
}
diff --git a/systems/x86_64-linux/desktop/networking.nix b/systems/x86_64-linux/desktop/networking.nix
deleted file mode 100755
index 35b474b..0000000
--- a/systems/x86_64-linux/desktop/networking.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ lib, config, ... }:
-let
- hostname = "matt-nixos";
-in
-{
- # Networking configs
- networking = {
- hostName = lib.mkDefault hostname;
-
- # Enable Network Manager
- networkmanager = {
- enable = lib.mkDefault true;
- wifi.powersave = lib.mkDefault false;
- settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
- ensureProfiles = {
- environmentFiles = [
- config.sops.secrets.wifi.path
- ];
-
- profiles = {
- "Joey's Jungle 6G" = {
- connection = {
- id = "Joey's Jungle 6G";
- type = "wifi";
- };
- ipv4 = {
- method = "auto";
- };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "auto";
- };
- wifi = {
- mode = "infrastructure";
- ssid = "Joey's Jungle 6G";
- };
- wifi-security = {
- key-mgmt = "sae";
- psk = "$PSK";
- };
- };
- };
- };
- };
- };
-}
diff --git a/systems/x86_64-linux/desktop/nix.nix b/systems/x86_64-linux/desktop/nix.nix
deleted file mode 100644
index 1e9faec..0000000
--- a/systems/x86_64-linux/desktop/nix.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ lib, ... }:
-let
- user = "matt";
-in
-{
- nix = {
- settings = {
- substituters = [
- "https://cache.mjallen.dev/nas-cache"
- ];
- trusted-public-keys = [
- "nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
- ];
- warn-dirty = lib.mkForce false;
- experimental-features = lib.mkForce [
- "nix-command"
- "flakes"
- ];
- trusted-users = [ user ];
- };
- # settings.builders-use-substitutes = true;
- # distributedBuilds = true;
- buildMachines = [
- {
- hostName = "jallen-nas.local";
- system = "x86_64-linux";
- maxJobs = 10;
- sshUser = "admin";
- supportedFeatures = [
- "nixos-test"
- "benchmark"
- "big-parallel"
- "kvm"
- ];
- }
- ];
- };
-}
diff --git a/systems/x86_64-linux/desktop/services/restic/default.nix b/systems/x86_64-linux/desktop/services/restic/default.nix
index 928520c..48e721e 100644
--- a/systems/x86_64-linux/desktop/services/restic/default.nix
+++ b/systems/x86_64-linux/desktop/services/restic/default.nix
@@ -1,5 +1,11 @@
-{ config, ... }:
+{ config, pkgs, ... }:
{
+ environment.systemPackages = with pkgs; [
+ restic
+ restic-browser
+ restic-integrity
+ ];
+
services.restic.backups = {
jallen-nas = {
initialize = true;
diff --git a/systems/x86_64-linux/desktop/sops.nix b/systems/x86_64-linux/desktop/sops.nix
index 4680dc5..6734e5a 100755
--- a/systems/x86_64-linux/desktop/sops.nix
+++ b/systems/x86_64-linux/desktop/sops.nix
@@ -1,8 +1,7 @@
-{ config, lib, ... }:
+{ config, lib, namespace, ... }:
let
- user = "matt";
+ user = config.${namespace}.user.name;
desktopSopsFile = (lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml");
- commonSopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{
# Permission modes are in octal representation (same as chmod),
@@ -20,103 +19,51 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration
sops = {
- defaultSopsFile = lib.mkForce desktopSopsFile; # todo
- age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"desktop/hass_token" = {
+ sopsFile = desktopSopsFile;
mode = "0777";
};
- "desktop/matt_password" = {
- neededForUsers = true;
- mode = "0600";
- owner = config.users.users."${user}".name;
- group = config.users.users."${user}".group;
- };
"desktop/restic/user" = {
+ sopsFile = desktopSopsFile;
mode = "0644";
};
"desktop/restic/password" = {
+ sopsFile = desktopSopsFile;
mode = "0600";
};
"desktop/restic/repo" = {
+ sopsFile = desktopSopsFile;
mode = "0600";
};
- "wifi" = {
- sopsFile = commonSopsFile;
- };
-
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
- sopsFile = commonSopsFile;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
- sopsFile = commonSopsFile;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
- sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
- sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
-
- # ------------------------------
- # Secureboot keys
- # ------------------------------
- "secureboot/GUID" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/GUID";
- mode = "0600";
- };
- "secureboot/keys/db-key" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/db/db.key";
- mode = "0600";
- };
- "secureboot/keys/db-pem" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/db/db.pem";
- mode = "0600";
- };
- "secureboot/keys/KEK-key" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/KEK/KEK.key";
- mode = "0600";
- };
- "secureboot/keys/KEK-pem" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/KEK/KEK.pem";
- mode = "0600";
- };
- "secureboot/keys/PK-key" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/PK/PK.key";
- mode = "0600";
- };
- "secureboot/keys/PK-pem" = {
- sopsFile = commonSopsFile;
- path = "/etc/secureboot/keys/PK/PK.pem";
- mode = "0600";
- };
};
# ------------------------------
diff --git a/systems/x86_64-linux/desktop/specialisations/cosmic/default.nix b/systems/x86_64-linux/desktop/specialisations/cosmic/default.nix
deleted file mode 100755
index acd13ee..0000000
--- a/systems/x86_64-linux/desktop/specialisations/cosmic/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ namespace, ... }:
-{
- specialisation.cosmic.configuration = {
- ${namespace} = {
- desktop = {
- cosmic.enable = true;
- gnome.enable = true;
- };
- };
- environment.etc."specialisation".text = "cosmic";
- };
-}
diff --git a/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix b/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
deleted file mode 100755
index 4235cd3..0000000
--- a/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, namespace, ... }:
-{
- specialisation.hyprland.inheritParentConfig = true;
- specialisation.hyprland.configuration = {
- home-manager.users.matt = import ./home/default.nix;
- ${namespace} = {
- desktop = {
- hyprland = {
- enable = true;
- wallpaperSource = "nasa";
- };
- gnome.enable = lib.mkForce false;
- };
- };
- environment.etc."specialisation".text = "hyprland";
- };
-}
diff --git a/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix b/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
deleted file mode 100644
index de68912..0000000
--- a/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
+++ /dev/null
@@ -1,124 +0,0 @@
-{ pkgs, lib, ... }:
-let
- displayLeft = {
- input = "DP-1";
- resolution = "3840x2160";
- refreshRate = "240.00000";
- };
- displayRight = {
- input = "DP-2";
- resolution = "3840x2160";
- refreshRate = "240.00000";
- };
-in
-{
- mjallen = {
- programs.hyprland = {
- enable = true;
- primaryDisplay = "DP-1";
-
- wallpaper = [
- "${displayLeft.input}, /run/wallpaper.jpg"
- "${displayRight.input}, /run/wallpaper.jpg"
- ];
-
- monitor = [
- "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
- "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
- ];
-
- workspace = [
- "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
- "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
- "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
- ];
-
- windowRule = [
- "size 2160 7680, tag:horizonrdp"
- ];
-
- extraConfig = ''
- exec-once = nm-applet
- exec-once = [silent] firefox
- exec-once = [silent] vesktop
- exec-once = [silent] chromium --app="https://music.apple.com"
- exec-once = [silent] steam
- '';
-
- defaultApps = {
- browser = pkgs.firefox;
- };
- };
-
- programs = {
- btop.enable = true;
- kitty = {
- enable = true;
- font = {
- name = "JetBrainsMono NFM";
- package = pkgs.nerd-fonts.jetbrains-mono;
- };
- };
- mako = {
- enable = true;
- fontName = "JetBrainsMono NFM";
- };
- nwg-dock.enable = true;
- nwg-drawer.enable = true;
- nwg-panel = {
- enable = true;
- defaultApps = {
- browser = pkgs.firefox;
- };
- };
- waybar = {
- enable = true;
-
- layer = "bottom";
-
- networkInterface = "wlp9s0";
-
- modules-right = [
- "custom/lights"
- "temperature"
- "temperature#gpu"
- "keyboard-state#capslock"
- "keyboard-state#numlock"
- "wireplumber#sink"
- "wireplumber#source"
- "bluetooth"
- "network"
- "idle_inhibitor"
- "clock"
- "custom/weather"
- ];
-
- extraModules = {
- "custom/lights" = {
- tooltip = false;
- exec = "waybar-hass --get_light light.living_room_lights";
- interval = "once";
- format = "{text}"; # "";
- on-click = "waybar-hass --toggle_light light.living_room_lights";
- return-type = "json";
- };
- };
-
- extraModulesStyle = ''
- #custom-lights {
- color: #88c0d0;
- background-color: #2e3440;
- opacity: 0.8;
- border-left: 5px solid #88c0d0;
- }
-
- #custom-lights:hover {
- background: #4c566a;
- }
- '';
- };
- wlogout.enable = true;
- wofi.enable = true;
- };
- };
-}
diff --git a/systems/x86_64-linux/desktop/users.nix b/systems/x86_64-linux/desktop/users.nix
deleted file mode 100644
index 8df4f8a..0000000
--- a/systems/x86_64-linux/desktop/users.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
- config,
- namespace,
- lib,
- ...
-}:
-let
- passwordFile = config.sops.secrets."desktop/matt_password".path;
-in
-{
- ${namespace}.user = {
- passwordFile = lib.mkForce passwordFile;
- };
-}