mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

desktop is building I guess, idk, need to start commiting stuff eventually lmao

Browse Source
This commit is contained in:
mjallen18
2025-07-17 20:57:18 -05:00
parent 6c7c76887b
commit 442c24997d
219 changed files with 3166 additions and 3583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
systems/x86_64-linux/desktop/boot.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, namespace, ... }:
let
configLimit = 5;
# default = "@saved";
@@ -40,16 +40,6 @@ in
enable = true;
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
# default = default;
console-mode = "max";
};
configurationLimit = configLimit;
};
kernelPackages = kernel;
kernelParams = [

8
systems/x86_64-linux/desktop/configuration.nix
View File

@@ -28,15 +28,15 @@ let
# brscan5
ddcui
ddcutil
ddccontrol
ddccontrol-db
# ddccontrol
# ddccontrol-db
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
os-prober
nil
qemu_full
qemu
rclone
rclone-browser
restic
@@ -49,8 +49,6 @@ let
udisks2
unzip
winetricks
inputs.desktop-lsfg.packages."x86_64-linux".default
];
in
{

11
systems/x86_64-linux/desktop/default.nix
View File

@@ -21,16 +21,17 @@
{
imports = [
./boot.nix
./configuration.nix
./filesystems.nix
./hardware-configuration.nix
./networking.nix
./nix.nix
./services.nix
./sops.nix
./users.nix
({ ... }: {
_module.args.hyprlandSettings = import ./hyprland-settings.nix;
})
];
${namespace} = {
bootloader.lanzaboote.enable = true;
desktop.gnome.enable = true;
};
}

155
systems/x86_64-linux/desktop/services.nix
View File

@@ -1,155 +0,0 @@
{ config, lib, pkgs, ... }:
let
pkgsVersion = pkgs; #.unstable;
in
{
services = {
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
keyd = {
enable = false;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
# Use ⌘ key (leftmeta) to activate macOS-like layer
leftmeta = "layer(meta_mac)";
};
meta_mac = {
# Tab switching
tab = "swapm(app_switch_state, M-tab)";
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";
"3" = "A-3";
"4" = "A-4";
"5" = "A-5";
"6" = "A-6";
"7" = "A-7";
"8" = "A-8";
"9" = "A-9";
# Move to line start/end
left = "home";
right = "end";
};
app_switch_state = {
tab = "M-tab";
right = "M-tab";
"`" = "M-S-tab";
left = "M-S-tab";
};
};
};
};
};
};
systemd = {
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
rsync
openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
}

13
systems/x86_64-linux/desktop/services/btrfs/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ lib, ... }:
{
services.btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
}

49
systems/x86_64-linux/desktop/services/keyd/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{ ... }:
{
services.keyd = {
enable = false;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
# Use ⌘ key (leftmeta) to activate macOS-like layer
leftmeta = "layer(meta_mac)";
};
meta_mac = {
# Tab switching
tab = "swapm(app_switch_state, M-tab)";
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";
"3" = "A-3";
"4" = "A-4";
"5" = "A-5";
"6" = "A-6";
"7" = "A-7";
"8" = "A-8";
"9" = "A-9";
# Move to line start/end
left = "home";
right = "end";
};
app_switch_state = {
tab = "M-tab";
right = "M-tab";
"`" = "M-S-tab";
left = "M-S-tab";
};
};
};
};
};
}

4
systems/x86_64-linux/desktop/services/ratbagd/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
services.ratbagd.enable = lib.mkDefault true;
}

53
systems/x86_64-linux/desktop/services/restic/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{ config, ... }:
{
services.restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
}

26
systems/x86_64-linux/desktop/sops.nix
View File

@@ -18,7 +18,7 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/desktop-secrets.yaml;
defaultSopsFile = ../../../secrets/desktop-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
@@ -44,34 +44,34 @@ in
mode = "0600";
};
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
};
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
@@ -81,37 +81,37 @@ in
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};

12
systems/x86_64-linux/desktop/specialisations/cosmic/default.nix Executable file
View File

@@ -0,0 +1,12 @@
{ namespace, ... }:
{
specialisation.cosmic.configuration = {
${namespace} = {
desktop = {
cosmic.enable = true;
gnome.enable = true;
};
};
environment.etc."specialisation".text = "cosmic";
};
}

12
systems/x86_64-linux/desktop/specialisations/hyprland/default.nix Executable file
View File

@@ -0,0 +1,12 @@
{ namespace, ... }:
{
specialisation.hyprland.configuration = {
${namespace} = {
desktop = {
hyprland.enable = true;
gnome.enable = false;
};
};
environment.etc."specialisation".text = "hyprland";
};
}