mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

so much organization

Browse Source
This commit is contained in:
mjallen18
2025-06-29 14:50:34 -05:00
parent ca155505be
commit 532c97cf00
58 changed files with 354 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/base/base-gui/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./hardware.nix
./programs.nix
./services.nix
];
}

11
hosts/base/base-gui/hardware.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, ... }:
{
# Hardware configs
hardware = {
# Enable graphics
graphics = {
enable = lib.mkDefault true;
enable32Bit = lib.mkDefault true;
};
};
}

31
hosts/base/base-gui/programs.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, pkgs, ... }:
{
programs = {
nix-ld = {
enable = lib.mkDefault true;
libraries = with pkgs; [
alsa-lib
bash
expat
fontconfig
freetype
icu
glib
gtk3
libgcc
libgdiplus
libGL
libpulseaudio
SDL2
vulkan-loader
xorg.libX11
xorg.libICE
xorg.libSM
xorg.libXcursor
xorg.libXrandr
xorg.libXi
zlib
];
};
seahorse.enable = lib.mkDefault true;
};}

17
hosts/base/base-gui/services.nix Normal file
View File

@@ -0,0 +1,17 @@
{ lib, ... }:
{
services = {
kmscon.enable = lib.mkForce false;
# configure pipewire
pipewire = {
enable = lib.mkDefault true;
alsa.enable = lib.mkDefault true;
alsa.support32Bit = lib.mkDefault true;
pulse.enable = lib.mkDefault true;
};
# Enable CUPS to print documents.
printing.enable = lib.mkDefault true;
};
}

14
hosts/base/base-nogui/boot.nix Normal file
View File

@@ -0,0 +1,14 @@
{ lib, pkgs, ... }:
{
boot = {
# Enable AppImage
binfmt.registrations.appimage = {
wrapInterpreterInShell = lib.mkDefault false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
};
}

36
hosts/base/base-nogui/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{ lib, pkgs, ... }:
let
timezone = "America/Chicago";
in
{
imports = [
./boot.nix
./environment.nix
./hardware.nix
./nix-settings.nix
./programs.nix
./security.nix
./services.nix
];
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
fonts.packages = with pkgs; [
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [
"Noto Color Emoji"
];
};
system.stateVersion = "23.11";
}

13
hosts/base/base-nogui/environment.nix Normal file
View File

@@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
attic-client
uutils-coreutils
uutils-diffutils
uutils-findutils
coreutils
nixd
];
};
}

12
hosts/base/base-nogui/hardware.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, ... }:
{
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
i2c.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
}

41
hosts/base/base-nogui/nix-settings.nix Normal file
View File

@@ -0,0 +1,41 @@
{ lib, outputs, ... }:
{
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
# Nixpkgs configuration
nixpkgs = {
# add unstable and stable overlays
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
allowUnfree = lib.mkForce true;
permittedInsecurePackages = [
# ...
];
};
};
}

15
hosts/base/base-nogui/programs.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, ... }:
{
programs = {
zsh.enable = lib.mkDefault true;
gnupg.agent = {
enable = lib.mkDefault true;
enableSSHSupport = lib.mkDefault true;
};
nix-index = {
enable = lib.mkDefault true;
enableBashIntegration = lib.mkDefault false;
enableZshIntegration = lib.mkDefault true;
};
};
}

31
hosts/base/base-nogui/security.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, pkgs, ... }:
{
security = {
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
}

42
hosts/base/base-nogui/services.nix Normal file
View File

@@ -0,0 +1,42 @@
{ lib, pkgs, ... }:
{
services = {
kmscon = {
enable = lib.mkDefault true;
hwRender = true;
fonts = [
{
name = "JetBrainsMono NFM";
package = pkgs.nerd-fonts.jetbrains-mono;
}
];
};
openssh = {
enable = lib.mkDefault true;
settings = {
UseDns = true;
};
};
# Enable firmware updates
fwupd.enable = lib.mkForce true;
fstrim.enable = lib.mkDefault true;
pcscd.enable = lib.mkDefault true;
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
publish = {
enable = lib.mkDefault true;
addresses = lib.mkDefault true;
domain = lib.mkDefault true;
workstation = lib.mkDefault true;
};
};
};
}

27
hosts/base/default.nix Normal file
View File

@@ -0,0 +1,27 @@
# { lib, config, ... }:
# let
# cfg = config.base;
# cosmicPath =
# if cfg.desktopEnvironments.cosmic.enableSpecialisation then
# ../../modules/desktop-environments/cosmic/specialisation.nix
# else
# ../../modules/desktop-environments/cosmic/default.nix;
# hyprlandPath =
# if cfg.desktopEnvironments.hyprland.enableSpecialisation then
# ../../modules/desktop-environments/hyprland/specialisation.nix
# else
# ../../modules/desktop-environments/hyprland/default.nix;
# extraImports = lib.optionals cfg.enable (
# [ ./base-nogui ]
# ++ lib.optional cfg.baseGui.enable ./base-gui
# ++ lib.optional cfg.desktopEnvironments.cosmic.enable cosmicPath
# ++ lib.optional cfg.desktopEnvironments.hyprland.enable hyprlandPath
# );
# in
# {
# imports = [ ./options.nix ] ++ extraImports;
# }

35
hosts/base/options.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, ... }:
with lib;
{
options.base = {
enable = mkEnableOption "base config";
baseGui.enable = mkOption {
type = types.bool;
default = false;
};
desktopEnvironments = {
cosmic = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
hyprland = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
};
};
}

1
hosts/deck/configuration.nix
View File

@@ -7,7 +7,6 @@
{
imports =
[
../default.nix
./boot.nix
./jovian.nix
./networking.nix

2
hosts/deck/home.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, ... }:
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18";

233
hosts/default.nix
View File

@@ -1,233 +0,0 @@
{ lib, pkgs, outputs, ... }:
let
timezone = "America/Chicago";
update-script = pkgs.writeScriptBin "update" ''
#!/usr/bin/env bash
set -euo pipefail
# ===== Config =====
REPO_DIR="/etc/nixos"
HOST=$(hostname)
FLAKE="$REPO_DIR#$HOST"
PROFILE_DIR="/nix/var/nix/profiles/system-profiles"
# ===== Parse arguments =====
MODE=''${1:-"switch"}
VALID_MODES=("boot" "switch" "test" "build")
if [[ ! " ''${VALID_MODES[*]} " =~ " $MODE " ]]; then
echo " Invalid mode: '$MODE'. Use one of: $VALID_MODES[*]"
exit 1
fi
# ===== Git status check =====
cd "$REPO_DIR"
DIRTY_TAG=
if [[ -n "$(git status --porcelain)" ]]; then
echo " Git repo is dirty rebuilding with dirty tag."
DIRTY_TAG="dirty-"
fi
SHORT_HASH=$(git rev-parse --short HEAD)
COMMIT_MSG=$(git log -1 --pretty=%s | tr ' ' '_' | tr -dc '[:alnum:]_-')
TIMESTAMP=$(date -u +%Y%m%dT%H%M%SZ)
PROFILE_NAME=$TIMESTAMP-$DIRTY_TAG$SHORT_HASH-$COMMIT_MSG
echo " Building profile: $PROFILE_NAME"
# Use --profile-name only when MODE is 'switch' or 'boot'
if [[ "$MODE" == "switch" || "$MODE" == "boot" ]]; then
sudo nixos-rebuild "$MODE" --flake "$FLAKE" --profile-name "$PROFILE_NAME"
else
sudo nixos-rebuild "$MODE" --flake "$FLAKE"
fi
'';
in
{
imports = [
../share
];
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
# Nixpkgs configuration
nixpkgs = {
# add unstable and stable overlays
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
allowUnfree = lib.mkForce true;
permittedInsecurePackages = [
# ...
];
};
};
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
# Services configs
services = {
openssh.enable = lib.mkDefault true;
# Enable firmware updates
fwupd.enable = lib.mkForce true;
fstrim.enable = lib.mkDefault true;
pcscd.enable = lib.mkDefault true;
# Enable CUPS to print documents.
printing.enable = lib.mkDefault true;
# configure pipewire
pipewire = {
enable = lib.mkDefault true;
alsa.enable = lib.mkDefault true;
alsa.support32Bit = lib.mkDefault true;
pulse.enable = lib.mkDefault true;
};
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
publish = {
enable = lib.mkDefault true;
addresses = lib.mkDefault true;
domain = lib.mkDefault true;
workstation = lib.mkDefault true;
};
};
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
boot = {
# Enable AppImage
binfmt.registrations.appimage = {
wrapInterpreterInShell = lib.mkDefault false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
};
programs = {
zsh.enable = lib.mkDefault true;
gnupg.agent = {
enable = lib.mkDefault true;
enableSSHSupport = lib.mkDefault true;
};
command-not-found.enable = lib.mkForce false;
nix-index = {
enable = true;
enableBashIntegration = false;
enableZshIntegration = true;
};
};
environment.systemPackages = with pkgs; [
uutils-coreutils
uutils-diffutils
uutils-findutils
coreutils
update-script
nixd
pinentry-curses
];
# users.mutableUsers = lib.mkDefault false;
# Security config
security = {
wrappers."mount.nfs" = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
};
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

58
hosts/desktop/configuration.nix
View File

@@ -33,7 +33,6 @@ let
kdePackages.ksvg
memtest86-efi
memtest86plus
# occt
os-prober
nil
qemu_full
@@ -50,57 +49,6 @@ let
unzip
winetricks
];
lactConfig = ''
daemon:
log_level: info
admin_groups:
- wheel
- sudo
disable_clocks_cleanup: false
apply_settings_timer: 5
gpus:
1002:73BF-1002:0E3A-0000:03:00.0:
fan_control_enabled: true
fan_control_settings:
mode: curve
static_speed: 1.0
temperature_key: edge
interval_ms: 500
curve:
30: 0.0
40: 0.2
50: 0.35
60: 0.5
70: 0.75
80: 1.0
spindown_delay_ms: 0
change_threshold: 0
pmfw_options: {}
power_cap: 293.0
performance_level: auto
voltage_offset: 0
power_states: {}
'';
# occt = pkgs.stdenv.mkDerivation {
# pname = "occt";
# version = "14.0.10";
# src = pkgs.fetchurl {
# url = "https://www.ocbase.com/download-bin/edition:Personal/os:Linux";
# sha256 = "sha256-AomQNi7ODGaznFaHqxlFUcrV36QeLNC65MoCV2y6HZ8=";
# };
# dontUnpack = true;
# buildPhase = ''
# mkdir -p $out/bin
# cp $src $out/bin/OCCT
# chmod +x $out/bin/OCCT
# '';
# installPhase = "true";
# };
in
{
imports = [
@@ -112,10 +60,6 @@ in
./services.nix
./sops.nix
./users.nix
../default.nix
../../modules/desktop-environments/cosmic/specialisation.nix
../../modules/desktop-environments/hyprland/specialisation.nix
../../share/amd
];
nix = {
@@ -135,8 +79,6 @@ in
environment = {
systemPackages = systemPackages;
# etc."lact/config.yaml".text = lactConfig;
variables = environmentVariables;
};

206
hosts/desktop/netboot.nix
View File

@@ -1,206 +0,0 @@
{ config, lib, pkgs, ... }:
let
pkgsVersion = pkgs; #.unstable;
kernel = pkgs.linuxPackages_cachyos;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
systemPackages = with pkgsVersion; [
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
borgbackup
# brscan5
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
# occt
os-prober
nil
qemu_full
rclone
rclone-browser
restic
restic-browser
restic-integrity
sane-frontends
sbctl
tpm2-tools
tpm2-tss
udisks2
unzip
winetricks
edk2-uefi-shell
];
lactConfig = ''
daemon:
log_level: info
admin_groups:
- wheel
- sudo
disable_clocks_cleanup: false
apply_settings_timer: 5
gpus:
1002:73BF-1002:0E3A-0000:03:00.0:
fan_control_enabled: true
fan_control_settings:
mode: curve
static_speed: 1.0
temperature_key: edge
interval_ms: 500
curve:
30: 0.0
40: 0.2
50: 0.35
60: 0.5
70: 0.75
80: 1.0
spindown_delay_ms: 0
change_threshold: 0
pmfw_options: {}
power_cap: 293.0
performance_level: auto
voltage_offset: 0
power_states: {}
'';
in
{
imports = [
./filesystems.nix
./networking.nix
./nix.nix
./services.nix
./sops.nix
./users.nix
../default.nix
../../share/amd
];
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
};
};
chaotic.mesa-git.enable = true;
# Environment configuration
environment = {
systemPackages = systemPackages;
etc."lact/config.yaml".text = lactConfig;
variables = environmentVariables;
};
# Hardware configuration
hardware = {
# Enable the QMK firmware flashing tool.
keyboard = {
qmk.enable = true;
};
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
# extraBackends = [ pkgsVersion.brscan5 ];
};
};
# Common Configuration
share = {
gaming.enable = true;
hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
};
};
programs.coolercontrol.enable = true;
# Time configuration
time = {
hardwareClockInLocalTime = lib.mkDefault false;
};
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
waydroid.enable = lib.mkDefault true;
};
# Network boot specifics
boot = {
initrd = {
network.enable = true;
supportedFilesystems = [ "tmpfs" "squashfs" ];
# extraFiles."/.ro-store".source = "${config.system.build.toplevel}";
systemd.enable = true;
availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
"uas"
"usb_storage"
"sd_mod"
];
};
loader = {
grub.enable = lib.mkForce false;
systemd-boot.enable = lib.mkForce false; # already replaced by lanzaboote; included explicitly for clarity
generic-extlinux-compatible.enable = lib.mkForce true; # required for PXE NetBoot
timeout = 0;
efi.canTouchEfiVariables = lib.mkForce false;
};
kernelModules = [
"nct6775"
"kvm-amd"
];
kernelParams = [
"ip=dhcp"
"boot.shell_on_fail"
"quiet"
"splash"
# needed cause ssd powersaving is broken af I guess
"nvme_core.default_ps_max_latency_us=0"
"pcie_aspm=off"
];
plymouth = {
enable = true;
};
};
zramSwap.enable = true;
networking.hostName = lib.mkForce "matt-netboot";
# Stateless filesystem (tmpfs)
fileSystems = lib.mkForce {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=25%" ];
};
# "/nix" = {
# device = "/.ro-store";
# fsType = "none";
# options = [ "bind" "ro" ];
# };
};
}

3
hosts/desktop/nix.nix
View File

@@ -7,12 +7,9 @@ in
settings = {
substituters = [
"https://cache.mjallen.dev/nas-cache"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [

1
hosts/nas/configuration.nix
View File

@@ -72,7 +72,6 @@
llama-cpp
ninja
inputs.nas-nixai.packages.x86_64-linux.nixai
inputs.edit.packages.${pkgs.system}.edit
networkmanagerapplet
nmon
nut

6
hosts/pi4/configuration.nix
View File

@@ -11,11 +11,9 @@ in
{
imports = [
./adguard.nix
# ./argononed.nix
./boot.nix
./impermanence.nix
./networking.nix
# ./pi4-hw.nix
./sops.nix
];
@@ -86,10 +84,6 @@ in
raspberrypiWirelessFirmware
raspberrypi-armstubs
];
# etc = {
# "ssh/ssh_host_ed25519_key".source = config.sops.secrets."pi4/sys-priv-key".path;
# "ssh/ssh_host_ed25519_key.pub".source = config.sops.secrets."pi4/sys-public-key".path;
# };
};
users = {

1
hosts/pi5/configuration.nix
View File

@@ -11,7 +11,6 @@ in
{
imports = [
./boot.nix
# ./hardware-configuration.nix
./impermanence.nix
./networking.nix
./services.nix