cleanup

modules/nixos/amd/default.nix

@@ -2,11 +2,11 @@
   lib,
   pkgs,
   config,
+  namespace,
   ...
 }:
 let
-  cfg = config.share.hardware.amd;
-  pkgsVersion = pkgs; # .unstable;
+  cfg = config.${namespace}.hardware.amd;
 in
 {
   imports = [ ./options.nix ];
@@ -20,7 +20,7 @@ in
     # Configure programs
     programs.corectrl = {
       enable = cfg.corectrl.enable;
-      package = pkgsVersion.corectrl;
+      package = pkgs.corectrl;
     };
 
     # Configure environment
@@ -51,7 +51,7 @@ in
     # nixpkg is broken so need to manually define
     systemd.services.lactd = lib.mkIf cfg.lact.enable {
       description = "AMDGPU Control Daemon";
-      path = with pkgsVersion; [
+      path = with pkgs; [
         bash
         lact
       ];
@@ -64,7 +64,7 @@ in
 
     # Configure environment
     environment = {
-      systemPackages = with pkgsVersion; lib.mkIf cfg.lact.enable [ lact ];
+      systemPackages = with pkgs; lib.mkIf cfg.lact.enable [ lact ];
     };
   };
 }

modules/nixos/amd/options.nix

@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, namespace, ... }:
 with lib;
 {
-  options.share.hardware.amd = {
+  options.${namespace}.hardware.amd = {
     enable = mkEnableOption "amd hardware config";
 
     corectrl.enable = mkOption {

modules/nixos/gaming/default.nix

@@ -2,11 +2,11 @@
   lib,
   config,
   pkgs,
+  namespace,
   ...
 }:
 let
-  cfg = config.share.gaming;
-  pkgsVersion = pkgs; # .unstable;
+  cfg = config.${namespace}.gaming;
 in
 {
   imports = [ ./options.nix ];
@@ -22,7 +22,7 @@ in
       remotePlay.openFirewall = true;
       # Open ports in the firewall for Source Dedicated Server
       dedicatedServer.openFirewall = true;
-      extraCompatPackages = with pkgsVersion; [ proton-ge-bin ];
+      extraCompatPackages = with pkgs; [ proton-ge-bin ];
       gamescopeSession = {
         enable = true;
         args = [
@@ -49,6 +49,7 @@ in
 
       gamemode.enable = true;
     };
+
     # Hardware configs
     hardware = {
       # Xbox controllers
@@ -58,11 +59,17 @@ in
       steam-hardware.enable = true;
     };
 
+    environment = {
+      variables = {
+        STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
+      };
+    };
+
     # Configure nixpkgs
     nixpkgs.config.packageOverrides = pkgs: {
       steam = pkgs.steam.override {
         extraPkgs =
-          _pkgs: with pkgsVersion; [
+          _pkgs: with pkgs; [
             xorg.libXcursor
             xorg.libXi
             xorg.libXinerama

modules/nixos/gaming/options.nix

@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, namespace, ... }:
 with lib;
 {
-  options.share.gaming = {
+  options.${namespace}.gaming = {
     enable = mkEnableOption "enable gaming stuffs";
   };
 }

modules/nixos/hardware/default.nix

@@ -1,4 +1,4 @@
-{ lib, system, ... }:
+{ lib, system, pkgs, ... }:
 let
   isArm = "aarch64-linux" == system;
 in
@@ -17,5 +17,14 @@ in
       enable = lib.mkDefault true;
       enable32Bit = lib.mkDefault (!isArm);
     };
+
+    # Enable Sane and Brother printer support.
+    sane = {
+      enable = true;
+      brscan5.enable = false;
+      extraBackends = [ pkgs.brscan5 ];
+    };
+
+    flipperzero.enable = true;
   };
 }

modules/nixos/sops/default.nix

@@ -1,7 +1,8 @@
-{ lib, ... }:
+{ config, lib, system, namespace, ... }:
 let
-  # defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
   defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
+  isx86 = system == "x86_64-linux";
+  user = config.${namespace}.user.name;
 in
 {
   # Permission modes are in octal representation (same as chmod),
@@ -28,6 +29,13 @@ in
     secrets = {
       "wifi" = { };
 
+      "matt_password" = {
+        neededForUsers = true;
+        mode = "0600";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+      };
+
       # ------------------------------
       # SSH keys
       # ------------------------------
@@ -57,6 +65,38 @@ in
       #   mode = "0600";
       #   restartUnits = [ "sshd.service" ];
       # };
+
+      # ------------------------------
+      # Secureboot keys
+      # ------------------------------
+      "secureboot/GUID" = lib.mkIf isx86 {
+        path = "/etc/secureboot/GUID";
+        mode = "0600";
+      };
+      "secureboot/keys/db-key" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/db/db.key";
+        mode = "0600";
+      };
+      "secureboot/keys/db-pem" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/db/db.pem";
+        mode = "0600";
+      };
+      "secureboot/keys/KEK-key" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/KEK/KEK.key";
+        mode = "0600";
+      };
+      "secureboot/keys/KEK-pem" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/KEK/KEK.pem";
+        mode = "0600";
+      };
+      "secureboot/keys/PK-key" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/PK/PK.key";
+        mode = "0600";
+      };
+      "secureboot/keys/PK-pem" = lib.mkIf isx86 {
+        path = "/etc/secureboot/keys/PK/PK.pem";
+        mode = "0600";
+      };
     };
 
     # ------------------------------

modules/nixos/system/default.nix

@@ -1,8 +1,42 @@
-{ ... }:
+{ pkgs, system, ... }:
 let
   timezone = "America/Chicago";
+  isArm = system == "aarch64-linux";
 in
 {
+
+  environment.systemPackages = with pkgs; [
+    nil
+    qemu
+    udisks2
+    unzip
+  ] ++ 
+  (if isArm then 
+    [ ] 
+  else 
+    [ 
+      acpilight
+      aha
+      aspell
+      aspellDicts.en
+      aspellDicts.en-computers
+      aspellDicts.en-science
+      brightnessctl
+      ddcui
+      ddcutil
+      ddccontrol
+      ddccontrol-db
+      efibootmgr
+      memtest86-efi
+      memtest86plus
+      os-prober
+      sbctl
+      tpm2-tools
+      tpm2-tss
+      winetricks
+    ]
+  );
+
   # Time config
   time = {
     # Set your time zone.

modules/nixos/user/default.nix

@@ -7,6 +7,7 @@
 }:
 with lib;
 let
+  inherit (lib.mjallen) mkOpt mkBoolOpt;
   cfg = config.${namespace}.user;
 
   isRoot = (cfg.name == "root");
@@ -22,79 +23,38 @@ let
     # Yubikey
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuzZfywCSde/3J1zRWH0s7OMEhHIwZeNWdKHUxMAYE/5hzFRtl5LYuNU68zxj7Aj67VF8VGwBbMEU6X/ebiNAxahmjf4mtioby5b4TIy+0Xvdbayoch938bP7UhskzobaJF6epg3vyATnJGr6i0EOXiDSkJU8vL1oeue0HN7WmwzIqxw0BTaSh6HJvjhhFhs20dBHc2x9behIfSmKFe9gBlPcIriUtpXNgasm14QCMk537dlSgGUFxPGIzZRAUSn5wqFjbiNK0rP/1MJzhGtXhHFJ8irI4TiVEk3cOm5nMoJxTP4KScfmHU+niU1Al+d0KOBsHb71AWutazRudKvsqrPsbG6vT4gGMVjOCTN9e89jcapz5GEQsVQR6s1HUjh4G+2PFbHOFmR8Mks+TIumqHIWsXgQnFBadblDRGPwrSH3zulvRzghyfTyU/bX28iGvpli2ckso5nJmG8D1LO7Y/E8U8ZGW4hC75+iP90cu9G1Ff1hETkrv6xpbNTGL61U= cardno:33_720_987"
   ];
+
+  defaultPasswordFile = config.sops.secrets."matt_password".path;
 in
 {
   options.${namespace}.user = with types; {
-    email = lib.mkOption {
-      type = str;
-      default = "jalle008@proton.me";
-      description = "The email of the user.";
-    };
-    extraGroups = lib.mkOption {
-      type = (listOf str);
-      default = [ ];
-      description = "Groups for the user to be assigned.";
-    };
-    extraOptions = lib.mkOption {
-      type = attrs;
-      default = { };
-      description = "Extra options passed to <option>users.users.<name></option>.";
-    };
-    fullName = lib.mkOption {
-      type = str;
-      default = "Matt Jallen";
-      description = "The full name of the user.";
-    };
-    name = lib.mkOption {
-      type = str;
-      default = "matt";
-      description = "The name to use for the user account.";
-    };
-    passwordFile = lib.mkOption {
-      type = nullOr path;
-      default = null;
-      description = "Path to the password file for this user account";
-    };
-    sshKeys = lib.mkOption {
-      type = listOf str;
-      default = [ ];
-      description = "List of SSH public keys for the user.";
-    };
-    enableCommonSshKeys = lib.mkOption {
-      type = bool;
-      default = true;
-      description = "Whether to include common SSH keys used across systems.";
-    };
-    uid = lib.mkOption {
-      type = int;
-      default = if isRoot then ids.uids.root else 1000;
-      description = "The user ID for the user account.";
-    };
-    packages = lib.mkOption {
-      type = listOf package;
-      default = [ ];
-      description = "List of packages to install for this user.";
-    };
-    linger = lib.mkOption {
-      type = bool;
-      default = false;
-      description = "Whether to enable systemd user service persistence.";
-    };
-    password = lib.mkOption {
-      type = nullOr str;
-      default = null;
-      description = "Plain text password for the user (development only).";
-    };
-    hashedPassword = lib.mkOption {
-      type = nullOr str;
-      default = null;
-      description = "Hashed password for the user.";
-    };
-    mutableUsers = lib.mkOption {
-      type = bool;
-      default = false;
-      description = "Whether users are mutable (can be modified after creation).";
-    };
+    email = mkOpt str "jalle008@proton.me" "The email of the user.";
+
+    extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
+
+    extraOptions = mkOpt attrs { } "Extra options passed to <option>users.users.<name></option>.";
+
+    fullName = mkOpt str "Matt Jallen" "The full name of the user.";
+
+    name = mkOpt str "matt" "The name to use for the user account.";
+
+    sshKeys = mkOpt (listOf str) [ ] "List of SSH public keys for the user.";
+
+    enableCommonSshKeys = mkBoolOpt true "Whether to include common SSH keys used across systems.";
+
+    uid = mkOpt int (if isRoot then ids.uids.root else 1000) "The user ID for the user account.";
+
+    packages = mkOpt (listOf package) [ ] "List of packages to install for this user.";
+
+    linger = mkBoolOpt false "Whether to enable systemd user service persistence.";
+
+    password = mkOpt (nullOr str) null "Plain text password for the user (development only).";
+
+    hashedPassword = mkOpt (nullOr str) null "Hashed password for the user.";
+
+    hashedPasswordFile = mkOpt (nullOr path) defaultPasswordFile "Path to the password file for this user account";
+
+    mutableUsers = mkBoolOpt false "Whether users are mutable (can be modified after creation).";
   };
 
   config = {
@@ -106,6 +66,9 @@ in
         uid
         linger
         packages
+        password
+        hashedPassword
+        hashedPasswordFile
         ;
 
       extraGroups = [
@@ -136,16 +99,26 @@ in
 
       # SSH keys - combine user-specific and common keys
       openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
-
-      # Authentication - priority: passwordFile > hashedPassword > password
-      hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
-      hashedPassword = lib.mkIf (
-        cfg.passwordFile == null && cfg.hashedPassword != null
-      ) cfg.hashedPassword;
-      password = lib.mkIf (
-        cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
-      ) cfg.password;
     }
     // cfg.extraOptions;
+
+    assertions = [
+      {
+        assertion = (cfg.password != null) || (cfg.hashedPassword != null) || (cfg.hashedPasswordFile != null);
+        message = "User '${cfg.name}' requires at least one password method (password, hashedPassword, or hashedPasswordFile).";
+      }
+      {
+        assertion = 
+          let
+            passwordMethods = lib.count (x: x != null) [ cfg.password cfg.hashedPassword cfg.hashedPasswordFile ];
+          in
+          passwordMethods <= 1;
+        message = "User '${cfg.name}' can only use one password method at a time. Found multiple: ${lib.concatStringsSep ", " (lib.filter (x: x != null) [
+          (if cfg.password != null then "password" else null)
+          (if cfg.hashedPassword != null then "hashedPassword" else null)
+          (if cfg.hashedPasswordFile != null then "hashedPasswordFile" else null)
+        ])}";
+      }
+    ];
   };
 }

modules/nixos/virtualization/default.nix

@@ -0,0 +1,9 @@
+{ lib, ... }:
+{
+  # Virtualisation configuration
+  virtualisation = {
+    libvirtd.enable = lib.mkDefault true;
+    podman.enable = lib.mkDefault true;
+    waydroid.enable = lib.mkDefault true;
+  };
+}