diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index acd64d1..85804ec 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -10,16 +10,16 @@ let cfg = config.${namespace}.desktop.gnome; in { - imports = [ ../../../home/desktop/gnome/options.nix ]; + options.${namespace}.desktop.gnome = { + enable = lib.mkEnableOption "GNOME desktop environment"; + }; config = lib.mkIf cfg.enable { services = { - # Enable Desktop Environment. desktopManager.gnome = enabled; - # Enable Desktop Environment. - displayManager = { - gdm = lib.mkDefault enabled; - gdm.wayland = lib.mkDefault true; + displayManager.gdm = { + enable = lib.mkDefault true; + wayland = lib.mkDefault true; }; gnome = { @@ -49,11 +49,9 @@ in xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; - programs = { - kdeconnect = { - enable = false; - package = pkgs.gnomeExtensions.gsconnect; - }; + programs.kdeconnect = { + enable = false; + package = pkgs.gnomeExtensions.gsconnect; }; }; } diff --git a/modules/nixos/hardware/amd/default.nix b/modules/nixos/hardware/amd/default.nix index 3c9f377..8345887 100755 --- a/modules/nixos/hardware/amd/default.nix +++ b/modules/nixos/hardware/amd/default.nix @@ -12,15 +12,13 @@ let in { options.${namespace}.hardware.amd = { - enable = mkEnableOption "amd hardware config"; + enable = mkEnableOption "AMD hardware configuration"; - corectrl.enable = mkBoolOpt false "Enable Corectl"; + corectrl.enable = mkBoolOpt false "Enable CoreCtrl GPU control"; + corectrl.enablePolkit = mkBoolOpt false "Enable CoreCtrl polkit rules"; + corectrl.polkitGroup = mkOpt types.str "wheel" "Group allowed to use CoreCtrl without password"; - corectrl.enablePolkit = mkBoolOpt false "Enable Corectl Polkit"; - - corectrl.polkitGroup = mkOpt types.str "wheel" "Corectl Polkit Group"; - - lact.enable = mkBoolOpt false "Enable Lact daemon"; + lact.enable = mkBoolOpt false "Enable LACT daemon (AMD GPU control)"; }; config = lib.mkIf cfg.enable { @@ -29,26 +27,23 @@ in "nct6775" "k10temp" ]; - kernelParams = [ (if cfg.enable then "amdgpu.ppfeaturemask=0xffffffff" else null) ]; + kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; }; - # Configure programs programs.corectrl = { enable = cfg.corectrl.enable; package = pkgs.corectrl; }; - # Configure environment environment = { - # Force radv variables = { AMD_VULKAN_ICD = "RADV"; STEAM_FORCE_DESKTOPUI_SCALING = "1.0"; GDK_SCALE = "1"; }; + systemPackages = lib.mkIf cfg.lact.enable [ pkgs.lact ]; }; - # Configure polkit security.polkit = lib.mkIf cfg.corectrl.enablePolkit { extraConfig = '' polkit.addRule(function(action, subject) { @@ -63,13 +58,13 @@ in ''; }; - # nixpkg is broken so need to manually define + # k10temp is listed in kernelModules above, but the module doesn't always + # load early enough for sensors to be available. This service ensures it + # is loaded after multi-user.target. systemd.services = { load-k10temp = { - description = "Load k10temp manually cause it wont otherwise"; - script = '' - ${pkgs.kmod}/bin/modprobe k10temp - ''; + description = "Load k10temp kernel module"; + script = "${pkgs.kmod}/bin/modprobe k10temp"; wantedBy = [ "multi-user.target" ]; }; lactd = lib.mkIf cfg.lact.enable { @@ -78,17 +73,10 @@ in bash lact ]; - script = '' - lact daemon - ''; + script = "lact daemon"; wantedBy = [ "multi-user.target" ]; after = [ "multi-user.target" ]; }; }; - - # Configure environment - environment = { - systemPackages = with pkgs; lib.mkIf cfg.lact.enable [ lact ]; - }; }; } diff --git a/modules/nixos/power/default.nix b/modules/nixos/power/default.nix index 1d9d925..85c2781 100644 --- a/modules/nixos/power/default.nix +++ b/modules/nixos/power/default.nix @@ -59,10 +59,5 @@ in }; }; - services = { - apcupsd = { - enable = true; - }; - }; }; } diff --git a/modules/nixos/services/authentik/options.nix b/modules/nixos/services/authentik/options.nix deleted file mode 100644 index 20825c6..0000000 --- a/modules/nixos/services/authentik/options.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.authentik = { - enable = mkEnableOption "authentik identity provider"; - - port = mkOption { - type = types.port; - default = 9000; - description = "Port for authentik web interface"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for authentik"; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to environment file containing authentik secrets"; - }; - - dataDir = mkOption { - type = types.str; - default = "/var/lib/authentik"; - description = "Data directory for authentik"; - }; - }; -} diff --git a/modules/nixos/services/mongodb/default.nix b/modules/nixos/services/mongodb/default.nix index 370df54..67447df 100755 --- a/modules/nixos/services/mongodb/default.nix +++ b/modules/nixos/services/mongodb/default.nix @@ -14,11 +14,11 @@ let description = "mongodb"; options = { }; moduleConfig = { - virtualisation.oci-containers.containers."${cfg.name}" = { + virtualisation.oci-containers.containers."${name}" = { autoStart = true; image = "mongo"; - ports = [ "${cfg.port}:27017" ]; - volumes = [ "${cfg.configPath}/mongodb:/data/db" ]; + ports = [ "${toString cfg.port}:27017" ]; + volumes = [ "${cfg.configDir}/mongodb:/data/db" ]; extraOptions = [ "--network-alias=mongo" ]; # environmentFiles = cfg.environmentFiles; environment = { diff --git a/modules/nixos/services/nebula-lighthouse/sops.nix b/modules/nixos/services/nebula-lighthouse/sops.nix index 902ca73..58351ef 100644 --- a/modules/nixos/services/nebula-lighthouse/sops.nix +++ b/modules/nixos/services/nebula-lighthouse/sops.nix @@ -37,7 +37,7 @@ in sopsFile = (lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"); owner = "nebula-jallen-nebula"; group = "nebula-jallen-nebula"; - restartUnits = [ "nebula@v-nebula.service" ]; + restartUnits = [ "nebula@jallen-nebula.service" ]; }; }; }; diff --git a/modules/nixos/services/owncloud/options.nix b/modules/nixos/services/owncloud/options.nix deleted file mode 100755 index 953cd05..0000000 --- a/modules/nixos/services/owncloud/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.free-games-claimer = { - enable = mkEnableOption "free-games-claimer docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - httpPort = mkOption { - type = types.str; - default = "6080"; - }; - - name = mkOption { - type = types.str; - default = "free-games-claimer"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/vogler/free-games-claimer"; - }; - - dataPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/free-games-claimer"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/nixos/shell/default.nix b/modules/nixos/shell/default.nix deleted file mode 100644 index 814512b..0000000 --- a/modules/nixos/shell/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: -{ - programs = { - zsh.enable = lib.mkForce true; - gnupg.agent = { - enable = lib.mkDefault true; - enableSSHSupport = lib.mkDefault true; - }; - nix-index = { - enable = lib.mkDefault true; - enableBashIntegration = lib.mkDefault false; - enableZshIntegration = lib.mkDefault true; - }; - }; -} diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix index 8ef87ce..d271a75 100644 --- a/modules/nixos/sops/default.nix +++ b/modules/nixos/sops/default.nix @@ -6,114 +6,39 @@ ... }: let - defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); + cfg = config.${namespace}.sops; + defaultSops = lib.snowfall.fs.get-file "secrets/secrets.yaml"; isx86 = system == "x86_64-linux"; user = config.${namespace}.user.name; in { - # Permission modes are in octal representation (same as chmod), - # the digits represent: user|group|others - # 7 - full (rwx) - # 6 - read and write (rw-) - # 5 - read and execute (r-x) - # 4 - read only (r--) - # 3 - write and execute (-wx) - # 2 - write only (-w-) - # 1 - execute only (--x) - # 0 - none (---) - # Either a user id or group name representation of the secret owner - # It is recommended to get the user name from `config.users.users..name` to avoid misconfiguration - # Either the group id or group name representation of the secret group - # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration - sops = { - defaultSopsFile = defaultSops; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + config = lib.mkIf cfg.enable { + sops = { + defaultSopsFile = if cfg.defaultSopsFile != null then cfg.defaultSopsFile else defaultSops; + age.sshKeyPaths = cfg.sshKeyPaths; - # ------------------------------ - # Secrets - # ------------------------------ - secrets = { - "wifi" = { }; + secrets = { + "wifi" = { }; - "matt_password" = { - neededForUsers = true; - mode = "0600"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; + "matt_password" = { + neededForUsers = true; + mode = "0600"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + }; + + "disk-key".mode = "0600"; + + "secureboot/GUID" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/db-key" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/db-pem" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/KEK-key" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/KEK-pem" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/PK-key" = lib.mkIf isx86 { mode = "0600"; }; + "secureboot/keys/PK-pem" = lib.mkIf isx86 { mode = "0600"; }; }; - "disk-key" = { - mode = "0600"; - }; - - # ------------------------------ - # SSH keys - # ------------------------------ - # "ssh-keys-public/desktop-nixos" = { - # sopsFile = sharedSops; - # mode = "0644"; - # owner = config.users.users."${user}".name; - # group = config.users.users."${user}".group; - # restartUnits = [ "sshd.service" ]; - # }; - # "ssh-keys-private/desktop-nixos" = { - # sopsFile = sharedSops; - # mode = "0600"; - # owner = config.users.users."${user}".name; - # group = config.users.users."${user}".group; - # restartUnits = [ "sshd.service" ]; - # }; - # "ssh-keys-public/desktop-nixos-root" = { - # sopsFile = sharedSops; - # path = "/root/.ssh/id_ed25519.pub"; - # mode = "0600"; - # restartUnits = [ "sshd.service" ]; - # }; - # "ssh-keys-private/desktop-nixos-root" = { - # sopsFile = sharedSops; - # path = "/root/.ssh/id_ed25519"; - # mode = "0600"; - # restartUnits = [ "sshd.service" ]; - # }; - - # ------------------------------ - # Secureboot keys - # ------------------------------ - "secureboot/GUID" = lib.mkIf isx86 { - # path = "/etc/secureboot/GUID"; - mode = "0600"; - }; - "secureboot/keys/db-key" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/db/db.key"; - mode = "0600"; - }; - "secureboot/keys/db-pem" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/db/db.pem"; - mode = "0600"; - }; - "secureboot/keys/KEK-key" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/KEK/KEK.key"; - mode = "0600"; - }; - "secureboot/keys/KEK-pem" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/KEK/KEK.pem"; - mode = "0600"; - }; - "secureboot/keys/PK-key" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/PK/PK.key"; - mode = "0600"; - }; - "secureboot/keys/PK-pem" = lib.mkIf isx86 { - # path = "/etc/secureboot/keys/PK/PK.pem"; - mode = "0600"; - }; - }; - - # ------------------------------ - # Templates - # ------------------------------ - templates = { - # ... + templates = { }; }; }; } diff --git a/modules/nixos/virtualization/default.nix b/modules/nixos/virtualization/default.nix index 24a15bc..71bae1f 100644 --- a/modules/nixos/virtualization/default.nix +++ b/modules/nixos/virtualization/default.nix @@ -4,6 +4,6 @@ virtualisation = { libvirtd.enable = lib.mkDefault true; podman.enable = lib.mkDefault true; - waydroid.enable = lib.mkDefault true; + waydroid.enable = lib.mkDefault false; }; }