mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-08-24 18:56:51 -05:00
parent cfaf900db6
commit 2ea82a643d
22 changed files with 338 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@@ -263,6 +263,10 @@
title = "mjallen Flake"; title = "mjallen Flake";
}; };
}; };
channels-config = {
allowUnfree = true;
};
outputs-builder = channels: { outputs-builder = channels: {
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix; formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;

119
homes/x86_64-linux/matt@desktop/default.nix
View File

@@ -1,4 +1,16 @@
{ pkgs, ... }: { pkgs, ... }:
let
displayLeft = {
input = "DP-1";
resolution = "3840x2160";
refreshRate = "240.00000";
};
displayRight = {
input = "DP-2";
resolution = "3840x2160";
refreshRate = "240.00000";
};
in
{ {
home.username = "matt"; home.username = "matt";
@@ -19,6 +31,113 @@
"desktop-steam-rom-manager" "desktop-steam-rom-manager"
]; ];
}; };
programs = {
hyprland = {
enable = true;
primaryDisplay = "DP-1";
wallpaper = [
"${displayLeft.input}, /run/wallpaper.jpg"
"${displayRight.input}, /run/wallpaper.jpg"
];
monitor = [
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 7680, tag:horizonrdp"
];
extraConfig = ''
exec-once = nm-applet
exec-once = [silent] firefox
exec-once = [silent] vesktop
exec-once = [silent] chromium --app="https://music.apple.com"
exec-once = [silent] steam
'';
defaultApps = {
browser = pkgs.firefox;
};
};
btop.enable = true;
kitty = {
enable = true;
font = {
name = "JetBrainsMono NFM";
package = pkgs.nerd-fonts.jetbrains-mono;
};
};
mako = {
enable = true;
fontName = "JetBrainsMono NFM";
};
nwg-dock.enable = true;
nwg-drawer.enable = true;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
networkInterface = "wlp9s0";
modules-right = [
"custom/lights"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"wireplumber#source"
"bluetooth"
"network"
"idle_inhibitor"
"clock"
"custom/weather"
];
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: #88c0d0;
background-color: #2e3440;
opacity: 0.8;
border-left: 5px solid #88c0d0;
}
#custom-lights:hover {
background: #4c566a;
}
'';
};
wlogout.enable = true;
wofi.enable = true;
};
}; };
services = { services = {

10
modules/nixos/amd/default.nix
View File

@@ -2,11 +2,11 @@
lib, lib,
pkgs, pkgs,
config, config,
namespace,
... ...
}: }:
let let
cfg = config.share.hardware.amd; cfg = config.${namespace}.hardware.amd;
pkgsVersion = pkgs; # .unstable;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -20,7 +20,7 @@ in
# Configure programs # Configure programs
programs.corectrl = { programs.corectrl = {
enable = cfg.corectrl.enable; enable = cfg.corectrl.enable;
package = pkgsVersion.corectrl; package = pkgs.corectrl;
}; };
# Configure environment # Configure environment
@@ -51,7 +51,7 @@ in
# nixpkg is broken so need to manually define # nixpkg is broken so need to manually define
systemd.services.lactd = lib.mkIf cfg.lact.enable { systemd.services.lactd = lib.mkIf cfg.lact.enable {
description = "AMDGPU Control Daemon"; description = "AMDGPU Control Daemon";
path = with pkgsVersion; [ path = with pkgs; [
bash bash
lact lact
]; ];
@@ -64,7 +64,7 @@ in
# Configure environment # Configure environment
environment = { environment = {
systemPackages = with pkgsVersion; lib.mkIf cfg.lact.enable [ lact ]; systemPackages = with pkgs; lib.mkIf cfg.lact.enable [ lact ];
}; };
}; };
} }

4
modules/nixos/amd/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.share.hardware.amd = { options.${namespace}.hardware.amd = {
enable = mkEnableOption "amd hardware config"; enable = mkEnableOption "amd hardware config";
corectrl.enable = mkOption { corectrl.enable = mkOption {

15
modules/nixos/gaming/default.nix
View File

@@ -2,11 +2,11 @@
lib, lib,
config, config,
pkgs, pkgs,
namespace,
... ...
}: }:
let let
cfg = config.share.gaming; cfg = config.${namespace}.gaming;
pkgsVersion = pkgs; # .unstable;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -22,7 +22,7 @@ in
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server # Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
extraCompatPackages = with pkgsVersion; [ proton-ge-bin ]; extraCompatPackages = with pkgs; [ proton-ge-bin ];
gamescopeSession = { gamescopeSession = {
enable = true; enable = true;
args = [ args = [
@@ -49,6 +49,7 @@ in
gamemode.enable = true; gamemode.enable = true;
}; };
# Hardware configs # Hardware configs
hardware = { hardware = {
# Xbox controllers # Xbox controllers
@@ -58,11 +59,17 @@ in
steam-hardware.enable = true; steam-hardware.enable = true;
}; };
environment = {
variables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
};
};
# Configure nixpkgs # Configure nixpkgs
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override { steam = pkgs.steam.override {
extraPkgs = extraPkgs =
_pkgs: with pkgsVersion; [ _pkgs: with pkgs; [
xorg.libXcursor xorg.libXcursor
xorg.libXi xorg.libXi
xorg.libXinerama xorg.libXinerama

4
modules/nixos/gaming/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.share.gaming = { options.${namespace}.gaming = {
enable = mkEnableOption "enable gaming stuffs"; enable = mkEnableOption "enable gaming stuffs";
}; };
} }

11
modules/nixos/hardware/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, system, ... }: { lib, system, pkgs, ... }:
let let
isArm = "aarch64-linux" == system; isArm = "aarch64-linux" == system;
in in
@@ -17,5 +17,14 @@ in
enable = lib.mkDefault true; enable = lib.mkDefault true;
enable32Bit = lib.mkDefault (!isArm); enable32Bit = lib.mkDefault (!isArm);
}; };
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
extraBackends = [ pkgs.brscan5 ];
};
flipperzero.enable = true;
}; };
} }

44
modules/nixos/sops/default.nix
View File

@@ -1,7 +1,8 @@
{ lib, ... }: { config, lib, system, namespace, ... }:
let let
# defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
isx86 = system == "x86_64-linux";
user = config.${namespace}.user.name;
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -28,6 +29,13 @@ in
secrets = { secrets = {
"wifi" = { }; "wifi" = { };
"matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
# ------------------------------ # ------------------------------
# SSH keys # SSH keys
# ------------------------------ # ------------------------------
@@ -57,6 +65,38 @@ in
# mode = "0600"; # mode = "0600";
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = lib.mkIf isx86 {
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = lib.mkIf isx86 {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
}; };
# ------------------------------ # ------------------------------

36
modules/nixos/system/default.nix
View File

@@ -1,8 +1,42 @@
{ ... }: { pkgs, system, ... }:
let let
timezone = "America/Chicago"; timezone = "America/Chicago";
isArm = system == "aarch64-linux";
in in
{ {
environment.systemPackages = with pkgs; [
nil
qemu
udisks2
unzip
] ++
(if isArm then
[ ]
else
[
acpilight
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
brightnessctl
ddcui
ddcutil
ddccontrol
ddccontrol-db
efibootmgr
memtest86-efi
memtest86plus
os-prober
sbctl
tpm2-tools
tpm2-tss
winetricks
]
);
# Time config # Time config
time = { time = {
# Set your time zone. # Set your time zone.

131
modules/nixos/user/default.nix
View File

@@ -7,6 +7,7 @@
}: }:
with lib; with lib;
let let
inherit (lib.mjallen) mkOpt mkBoolOpt;
cfg = config.${namespace}.user; cfg = config.${namespace}.user;
isRoot = (cfg.name == "root"); isRoot = (cfg.name == "root");
@@ -22,79 +23,38 @@ let
# Yubikey # Yubikey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuzZfywCSde/3J1zRWH0s7OMEhHIwZeNWdKHUxMAYE/5hzFRtl5LYuNU68zxj7Aj67VF8VGwBbMEU6X/ebiNAxahmjf4mtioby5b4TIy+0Xvdbayoch938bP7UhskzobaJF6epg3vyATnJGr6i0EOXiDSkJU8vL1oeue0HN7WmwzIqxw0BTaSh6HJvjhhFhs20dBHc2x9behIfSmKFe9gBlPcIriUtpXNgasm14QCMk537dlSgGUFxPGIzZRAUSn5wqFjbiNK0rP/1MJzhGtXhHFJ8irI4TiVEk3cOm5nMoJxTP4KScfmHU+niU1Al+d0KOBsHb71AWutazRudKvsqrPsbG6vT4gGMVjOCTN9e89jcapz5GEQsVQR6s1HUjh4G+2PFbHOFmR8Mks+TIumqHIWsXgQnFBadblDRGPwrSH3zulvRzghyfTyU/bX28iGvpli2ckso5nJmG8D1LO7Y/E8U8ZGW4hC75+iP90cu9G1Ff1hETkrv6xpbNTGL61U= cardno:33_720_987" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuzZfywCSde/3J1zRWH0s7OMEhHIwZeNWdKHUxMAYE/5hzFRtl5LYuNU68zxj7Aj67VF8VGwBbMEU6X/ebiNAxahmjf4mtioby5b4TIy+0Xvdbayoch938bP7UhskzobaJF6epg3vyATnJGr6i0EOXiDSkJU8vL1oeue0HN7WmwzIqxw0BTaSh6HJvjhhFhs20dBHc2x9behIfSmKFe9gBlPcIriUtpXNgasm14QCMk537dlSgGUFxPGIzZRAUSn5wqFjbiNK0rP/1MJzhGtXhHFJ8irI4TiVEk3cOm5nMoJxTP4KScfmHU+niU1Al+d0KOBsHb71AWutazRudKvsqrPsbG6vT4gGMVjOCTN9e89jcapz5GEQsVQR6s1HUjh4G+2PFbHOFmR8Mks+TIumqHIWsXgQnFBadblDRGPwrSH3zulvRzghyfTyU/bX28iGvpli2ckso5nJmG8D1LO7Y/E8U8ZGW4hC75+iP90cu9G1Ff1hETkrv6xpbNTGL61U= cardno:33_720_987"
]; ];
defaultPasswordFile = config.sops.secrets."matt_password".path;
in in
{ {
options.${namespace}.user = with types; { options.${namespace}.user = with types; {
email = lib.mkOption { email = mkOpt str "jalle008@proton.me" "The email of the user.";
type = str;
default = "jalle008@proton.me"; extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
description = "The email of the user.";
}; extraOptions = mkOpt attrs { } "Extra options passed to <option>users.users.<name></option>.";
extraGroups = lib.mkOption {
type = (listOf str); fullName = mkOpt str "Matt Jallen" "The full name of the user.";
default = [ ];
description = "Groups for the user to be assigned."; name = mkOpt str "matt" "The name to use for the user account.";
};
extraOptions = lib.mkOption { sshKeys = mkOpt (listOf str) [ ] "List of SSH public keys for the user.";
type = attrs;
default = { }; enableCommonSshKeys = mkBoolOpt true "Whether to include common SSH keys used across systems.";
description = "Extra options passed to <option>users.users.<name></option>.";
}; uid = mkOpt int (if isRoot then ids.uids.root else 1000) "The user ID for the user account.";
fullName = lib.mkOption {
type = str; packages = mkOpt (listOf package) [ ] "List of packages to install for this user.";
default = "Matt Jallen";
description = "The full name of the user."; linger = mkBoolOpt false "Whether to enable systemd user service persistence.";
};
name = lib.mkOption { password = mkOpt (nullOr str) null "Plain text password for the user (development only).";
type = str;
default = "matt"; hashedPassword = mkOpt (nullOr str) null "Hashed password for the user.";
description = "The name to use for the user account.";
}; hashedPasswordFile = mkOpt (nullOr path) defaultPasswordFile "Path to the password file for this user account";
passwordFile = lib.mkOption {
type = nullOr path; mutableUsers = mkBoolOpt false "Whether users are mutable (can be modified after creation).";
default = null;
description = "Path to the password file for this user account";
};
sshKeys = lib.mkOption {
type = listOf str;
default = [ ];
description = "List of SSH public keys for the user.";
};
enableCommonSshKeys = lib.mkOption {
type = bool;
default = true;
description = "Whether to include common SSH keys used across systems.";
};
uid = lib.mkOption {
type = int;
default = if isRoot then ids.uids.root else 1000;
description = "The user ID for the user account.";
};
packages = lib.mkOption {
type = listOf package;
default = [ ];
description = "List of packages to install for this user.";
};
linger = lib.mkOption {
type = bool;
default = false;
description = "Whether to enable systemd user service persistence.";
};
password = lib.mkOption {
type = nullOr str;
default = null;
description = "Plain text password for the user (development only).";
};
hashedPassword = lib.mkOption {
type = nullOr str;
default = null;
description = "Hashed password for the user.";
};
mutableUsers = lib.mkOption {
type = bool;
default = false;
description = "Whether users are mutable (can be modified after creation).";
};
}; };
config = { config = {
@@ -106,6 +66,9 @@ in
uid uid
linger linger
packages packages
password
hashedPassword
hashedPasswordFile
; ;
extraGroups = [ extraGroups = [
@@ -136,16 +99,26 @@ in
# SSH keys - combine user-specific and common keys # SSH keys - combine user-specific and common keys
openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys); openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
# Authentication - priority: passwordFile > hashedPassword > password
hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
hashedPassword = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword != null
) cfg.hashedPassword;
password = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
) cfg.password;
} }
// cfg.extraOptions; // cfg.extraOptions;
assertions = [
{
assertion = (cfg.password != null) || (cfg.hashedPassword != null) || (cfg.hashedPasswordFile != null);
message = "User '${cfg.name}' requires at least one password method (password, hashedPassword, or hashedPasswordFile).";
}
{
assertion =
let
passwordMethods = lib.count (x: x != null) [ cfg.password cfg.hashedPassword cfg.hashedPasswordFile ];
in
passwordMethods <= 1;
message = "User '${cfg.name}' can only use one password method at a time. Found multiple: ${lib.concatStringsSep ", " (lib.filter (x: x != null) [
(if cfg.password != null then "password" else null)
(if cfg.hashedPassword != null then "hashedPassword" else null)
(if cfg.hashedPasswordFile != null then "hashedPasswordFile" else null)
])}";
}
];
}; };
} }

9
modules/nixos/virtualization/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, ... }:
{
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
podman.enable = lib.mkDefault true;
waydroid.enable = lib.mkDefault true;
};
}

5
secrets/secrets.yaml
View File

@@ -1,5 +1,6 @@
#ENC[AES256_GCM,data:HkOno2ohMSLs46g=,iv:7KHzoElBP/GMIVubcIBya42SoFKVyt/+YRIxkgRE3Cw=,tag:U87dYHrKu/qqbLf5r7XEiA==,type:comment] #ENC[AES256_GCM,data:HkOno2ohMSLs46g=,iv:7KHzoElBP/GMIVubcIBya42SoFKVyt/+YRIxkgRE3Cw=,tag:U87dYHrKu/qqbLf5r7XEiA==,type:comment]
wifi: ENC[AES256_GCM,data:Rs+4Km4DogO7XatA,iv:JUv9HkNWsv/l4Fli5sFeUeYuWG1Yju95G59FJ/Q5W50=,tag:gRFCG4d5OBMRx1QayRV8Zg==,type:str] wifi: ENC[AES256_GCM,data:Rs+4Km4DogO7XatA,iv:JUv9HkNWsv/l4Fli5sFeUeYuWG1Yju95G59FJ/Q5W50=,tag:gRFCG4d5OBMRx1QayRV8Zg==,type:str]
matt_password: ENC[AES256_GCM,data:/8utn5xMoWIxXitfg2kFZCQwbqqn6rH7Pt5KYeTyGintjg5jF8T9eqdqrBGlqMdKh/YjUTwZZg4/PkNG9/gqk86pjaUtg+8C6w==,iv:BDbThvyXmzB9eKfuK0V2eR8p20g7rOOTOA3AYNCM6TI=,tag:KvIKOLFW9NMmQy97QWRfQA==,type:str]
age-keys-private: age-keys-private:
matt-desktop-nix: ENC[AES256_GCM,data:7/UO2Oq096iJHSpwA2cflRoiPWrKFJA2RhcuH0bJKM/MO15GbW1VktPZieEVrj+3KTYnhrWr5mEHx+uekhyL2W98SO0JkIJ/c24=,iv:w9lt2rQzkys2HSR8ls4RKJlkNsAb61a+6eB/joKDEtQ=,tag:OYkFVP9HGHumE/3PUP64PA==,type:str] matt-desktop-nix: ENC[AES256_GCM,data:7/UO2Oq096iJHSpwA2cflRoiPWrKFJA2RhcuH0bJKM/MO15GbW1VktPZieEVrj+3KTYnhrWr5mEHx+uekhyL2W98SO0JkIJ/c24=,iv:w9lt2rQzkys2HSR8ls4RKJlkNsAb61a+6eB/joKDEtQ=,tag:OYkFVP9HGHumE/3PUP64PA==,type:str]
admin-jallen-nas: ENC[AES256_GCM,data:lKXCpyB0+wViUYsJgxxe7a4dD24a80xe1XEfvVLoazEb/qmoUClhXU4FI1o8ATvpND4XG/vlq8IsZ3V3Yr2FQSOQTrUxs+Yz1po=,iv:Po0jpfoHNMu4s6EePwD20Kc0HQhnY+YKnwovkqCzviI=,tag:0YHI6cNWV21OH2gMOX/Gmw==,type:str] admin-jallen-nas: ENC[AES256_GCM,data:lKXCpyB0+wViUYsJgxxe7a4dD24a80xe1XEfvVLoazEb/qmoUClhXU4FI1o8ATvpND4XG/vlq8IsZ3V3Yr2FQSOQTrUxs+Yz1po=,iv:Po0jpfoHNMu4s6EePwD20Kc0HQhnY+YKnwovkqCzviI=,tag:0YHI6cNWV21OH2gMOX/Gmw==,type:str]
@@ -153,8 +154,8 @@ sops:
RU04T3g1Z3JNekJFQ1h4N1ZueUJHN3cK1PmEv0F4IFT5gKOzfOwSmyw/nQcIxSaD RU04T3g1Z3JNekJFQ1h4N1ZueUJHN3cK1PmEv0F4IFT5gKOzfOwSmyw/nQcIxSaD
60qSMPExbM+HOMaRD79zHKIbnzGUnheiuWjlIt+fAjnv+mdiIIQuzw== 60qSMPExbM+HOMaRD79zHKIbnzGUnheiuWjlIt+fAjnv+mdiIIQuzw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-29T02:27:34Z" lastmodified: "2025-08-24T23:01:20Z"
mac: ENC[AES256_GCM,data:GqBTWeckU/ERKV/5OiPuFOSfUXUTEN7OpKKhGbWCl5oTUE1/CkmMheWJy5WiTlk89KAd66+gBK5kG29PQhEOkUcjoLZTdwghOiJVi90+zPdfz1fGkjs570GtNRulEBL13Ld9KRMHbRSOijM33jmgSpHY8Tcb7RzFTVQs6ZpJ6Fk=,iv:groe/8rbUW9PJTyI457u+LQsiBEzc0YKvKpNToTBrdQ=,tag:OvUbSTSR664p+hBa+BQ++A==,type:str] mac: ENC[AES256_GCM,data:XBGjbC4kieO4ygvGnQz/pyTmkfSRNzEsy1ifGpqfUMrB84kNMu1IX1SHm4Vvl2UrBj13yOn9/9poRwH8BnoEHcjh9HfYZusTV2hw29vPtEHN1ZX4VRA69pkXnBV6r+Scy2hhNTWE34fafHS/plRGnI2423LlfAOsUv118QCe1Ho=,iv:Wer5tHVAnI4GKKSaJODSazoXLUeN6IVkIF1k4x9/k34=,tag:dnWXCUrxcnoDJnj+Dh6kAg==,type:str]
pgp: pgp:
- created_at: "2025-08-24T02:21:39Z" - created_at: "2025-08-24T02:21:39Z"
enc: |- enc: |-

105
systems/x86_64-linux/desktop/configuration.nix
View File

@@ -1,105 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
...
}:
let
pkgsVersion = pkgs; # .unstable;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
systemPackages = with pkgsVersion; [
acpilight
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
borgbackup
brightnessctl
# brscan5
ddcui
ddcutil
# ddccontrol
# ddccontrol-db
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
os-prober
nil
qemu
rclone
rclone-browser
restic
restic-browser
restic-integrity
sane-frontends
sbctl
tpm2-tools
tpm2-tss
udisks2
unzip
winetricks
];
in
{
chaotic.mesa-git.enable = false;
# Environment configuration
environment = {
systemPackages = systemPackages;
variables = environmentVariables;
};
# Hardware configuration
hardware = {
# Enable the QMK firmware flashing tool.
keyboard = {
qmk.enable = false;
};
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
# extraBackends = [ pkgsVersion.brscan5 ];
};
flipperzero.enable = true;
};
# Common Configuration
share = {
gaming.enable = true;
hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
};
};
programs.coolercontrol.enable = true;
# Time configuration
time = {
hardwareClockInLocalTime = lib.mkDefault false;
};
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
podman.enable = true;
waydroid.enable = lib.mkDefault true;
};
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
}

48
systems/x86_64-linux/desktop/default.nix
View File

@@ -2,8 +2,8 @@
{ {
# as well as the libraries available from your flake's inputs. # as well as the libraries available from your flake's inputs.
# lib, # lib,
# # An instance of `pkgs` with your overlays and packages applied is also available. # An instance of `pkgs` with your overlays and packages applied is also available.
# pkgs, pkgs,
# # You also have access to your flake's inputs. # # You also have access to your flake's inputs.
# inputs, # inputs,
@@ -16,32 +16,41 @@
# systems, # An attribute map of your defined hosts. # systems, # An attribute map of your defined hosts.
# All other arguments come from the system system. # All other arguments come from the system system.
config, # config,
... ...
}: }:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
in
{ {
imports = [ imports = [
./boot.nix ./boot.nix
./configuration.nix
./filesystems.nix ./filesystems.nix
./hardware-configuration.nix ./hardware-configuration.nix
# ./networking.nix - moved to modules/nixos/network
./nix.nix
./sops.nix ./sops.nix
./services/lsfg-vk ./services/lsfg-vk
./specialisations/hyprland
]; ];
${namespace} = { ${namespace} = {
hardware.disko.enable = false;
bootloader.lanzaboote.enable = true; bootloader.lanzaboote.enable = true;
desktop = {
hyprland = {
enable = true;
wallpaperSource = "nasa";
};
gnome.enable = false;
};
gaming.enable = true;
hardware = {
disko.enable = false;
amd = {
enable = true;
lact.enable = true;
};
};
impermanence.enable = true; impermanence.enable = true;
desktop.gnome.enable = true;
network = { network = {
hostName = "matt-nixos"; hostName = "matt-nixos";
wifi = { wifi = {
@@ -55,8 +64,13 @@ in
}; };
}; };
}; };
user = { };
passwordFile = passwordFile;
}; programs.coolercontrol.enable = true;
environment.variables = {
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
}; };
} }

46
systems/x86_64-linux/desktop/networking.nix
View File

@@ -1,46 +0,0 @@
{ lib, config, ... }:
let
hostname = "matt-nixos";
in
{
# Networking configs
networking = {
hostName = lib.mkDefault hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

38
systems/x86_64-linux/desktop/nix.nix
View File

@@ -1,38 +0,0 @@
{ lib, ... }:
let
user = "matt";
in
{
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev/nas-cache"
];
trusted-public-keys = [
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ user ];
};
# settings.builders-use-substitutes = true;
# distributedBuilds = true;
buildMachines = [
{
hostName = "jallen-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
}

8
systems/x86_64-linux/desktop/services/restic/default.nix
View File

@@ -1,5 +1,11 @@
{ config, ... }: { config, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [
restic
restic-browser
restic-integrity
];
services.restic.backups = { services.restic.backups = {
jallen-nas = { jallen-nas = {
initialize = true; initialize = true;

65
systems/x86_64-linux/desktop/sops.nix
View File

@@ -1,8 +1,7 @@
{ config, lib, ... }: { config, lib, namespace, ... }:
let let
user = "matt"; user = config.${namespace}.user.name;
desktopSopsFile = (lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml"); desktopSopsFile = (lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml");
commonSopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -20,103 +19,51 @@ in
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = lib.mkForce desktopSopsFile; # todo
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
# Secrets # Secrets
# ------------------------------ # ------------------------------
secrets = { secrets = {
"desktop/hass_token" = { "desktop/hass_token" = {
sopsFile = desktopSopsFile;
mode = "0777"; mode = "0777";
}; };
"desktop/matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"desktop/restic/user" = { "desktop/restic/user" = {
sopsFile = desktopSopsFile;
mode = "0644"; mode = "0644";
}; };
"desktop/restic/password" = { "desktop/restic/password" = {
sopsFile = desktopSopsFile;
mode = "0600"; mode = "0600";
}; };
"desktop/restic/repo" = { "desktop/restic/repo" = {
sopsFile = desktopSopsFile;
mode = "0600"; mode = "0600";
}; };
"wifi" = {
sopsFile = commonSopsFile;
};
# ------------------------------ # ------------------------------
# SSH keys # SSH keys
# ------------------------------ # ------------------------------
"ssh-keys-public/desktop-nixos" = { "ssh-keys-public/desktop-nixos" = {
sopsFile = commonSopsFile;
mode = "0644"; mode = "0644";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/desktop-nixos" = { "ssh-keys-private/desktop-nixos" = {
sopsFile = commonSopsFile;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-public/desktop-nixos-root" = { "ssh-keys-public/desktop-nixos-root" = {
sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519.pub"; path = "/root/.ssh/id_ed25519.pub";
mode = "0600"; mode = "0600";
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/desktop-nixos-root" = { "ssh-keys-private/desktop-nixos-root" = {
sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519"; path = "/root/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
}; };
# ------------------------------ # ------------------------------

12
systems/x86_64-linux/desktop/specialisations/cosmic/default.nix
View File

@@ -1,12 +0,0 @@
{ namespace, ... }:
{
specialisation.cosmic.configuration = {
${namespace} = {
desktop = {
cosmic.enable = true;
gnome.enable = true;
};
};
environment.etc."specialisation".text = "cosmic";
};
}

17
systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
View File

@@ -1,17 +0,0 @@
{ lib, namespace, ... }:
{
specialisation.hyprland.inheritParentConfig = true;
specialisation.hyprland.configuration = {
home-manager.users.matt = import ./home/default.nix;
${namespace} = {
desktop = {
hyprland = {
enable = true;
wallpaperSource = "nasa";
};
gnome.enable = lib.mkForce false;
};
};
environment.etc."specialisation".text = "hyprland";
};
}

124
systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
View File

@@ -1,124 +0,0 @@
{ pkgs, lib, ... }:
let
displayLeft = {
input = "DP-1";
resolution = "3840x2160";
refreshRate = "240.00000";
};
displayRight = {
input = "DP-2";
resolution = "3840x2160";
refreshRate = "240.00000";
};
in
{
mjallen = {
programs.hyprland = {
enable = true;
primaryDisplay = "DP-1";
wallpaper = [
"${displayLeft.input}, /run/wallpaper.jpg"
"${displayRight.input}, /run/wallpaper.jpg"
];
monitor = [
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 7680, tag:horizonrdp"
];
extraConfig = ''
exec-once = nm-applet
exec-once = [silent] firefox
exec-once = [silent] vesktop
exec-once = [silent] chromium --app="https://music.apple.com"
exec-once = [silent] steam
'';
defaultApps = {
browser = pkgs.firefox;
};
};
programs = {
btop.enable = true;
kitty = {
enable = true;
font = {
name = "JetBrainsMono NFM";
package = pkgs.nerd-fonts.jetbrains-mono;
};
};
mako = {
enable = true;
fontName = "JetBrainsMono NFM";
};
nwg-dock.enable = true;
nwg-drawer.enable = true;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
networkInterface = "wlp9s0";
modules-right = [
"custom/lights"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"wireplumber#source"
"bluetooth"
"network"
"idle_inhibitor"
"clock"
"custom/weather"
];
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: #88c0d0;
background-color: #2e3440;
opacity: 0.8;
border-left: 5px solid #88c0d0;
}
#custom-lights:hover {
background: #4c566a;
}
'';
};
wlogout.enable = true;
wofi.enable = true;
};
};
}

14
systems/x86_64-linux/desktop/users.nix
View File

@@ -1,14 +0,0 @@
{
config,
namespace,
lib,
...
}:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
in
{
${namespace}.user = {
passwordFile = lib.mkForce passwordFile;
};
}