mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2026-03-18 20:59:27 -05:00
parent f4fd826c90
commit 5d1d3dc850
10 changed files with 52 additions and 239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/nixos/desktop/gnome/default.nix
View File

@@ -10,16 +10,16 @@ let
cfg = config.${namespace}.desktop.gnome; cfg = config.${namespace}.desktop.gnome;
in in
{ {
imports = [ ../../../home/desktop/gnome/options.nix ]; options.${namespace}.desktop.gnome = {
enable = lib.mkEnableOption "GNOME desktop environment";
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
# Enable Desktop Environment.
desktopManager.gnome = enabled; desktopManager.gnome = enabled;
# Enable Desktop Environment. displayManager.gdm = {
displayManager = { enable = lib.mkDefault true;
gdm = lib.mkDefault enabled; wayland = lib.mkDefault true;
gdm.wayland = lib.mkDefault true;
}; };
gnome = { gnome = {
@@ -49,11 +49,9 @@ in
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs = { programs.kdeconnect = {
kdeconnect = { enable = false;
enable = false; package = pkgs.gnomeExtensions.gsconnect;
package = pkgs.gnomeExtensions.gsconnect;
};
}; };
}; };
} }

38
modules/nixos/hardware/amd/default.nix
View File

@@ -12,15 +12,13 @@ let
in in
{ {
options.${namespace}.hardware.amd = { options.${namespace}.hardware.amd = {
enable = mkEnableOption "amd hardware config"; enable = mkEnableOption "AMD hardware configuration";
corectrl.enable = mkBoolOpt false "Enable Corectl"; corectrl.enable = mkBoolOpt false "Enable CoreCtrl GPU control";
corectrl.enablePolkit = mkBoolOpt false "Enable CoreCtrl polkit rules";
corectrl.polkitGroup = mkOpt types.str "wheel" "Group allowed to use CoreCtrl without password";
corectrl.enablePolkit = mkBoolOpt false "Enable Corectl Polkit"; lact.enable = mkBoolOpt false "Enable LACT daemon (AMD GPU control)";
corectrl.polkitGroup = mkOpt types.str "wheel" "Corectl Polkit Group";
lact.enable = mkBoolOpt false "Enable Lact daemon";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@@ -29,26 +27,23 @@ in
"nct6775" "nct6775"
"k10temp" "k10temp"
]; ];
kernelParams = [ (if cfg.enable then "amdgpu.ppfeaturemask=0xffffffff" else null) ]; kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
}; };
# Configure programs
programs.corectrl = { programs.corectrl = {
enable = cfg.corectrl.enable; enable = cfg.corectrl.enable;
package = pkgs.corectrl; package = pkgs.corectrl;
}; };
# Configure environment
environment = { environment = {
# Force radv
variables = { variables = {
AMD_VULKAN_ICD = "RADV"; AMD_VULKAN_ICD = "RADV";
STEAM_FORCE_DESKTOPUI_SCALING = "1.0"; STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1"; GDK_SCALE = "1";
}; };
systemPackages = lib.mkIf cfg.lact.enable [ pkgs.lact ];
}; };
# Configure polkit
security.polkit = lib.mkIf cfg.corectrl.enablePolkit { security.polkit = lib.mkIf cfg.corectrl.enablePolkit {
extraConfig = '' extraConfig = ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
@@ -63,13 +58,13 @@ in
''; '';
}; };
# nixpkg is broken so need to manually define # k10temp is listed in kernelModules above, but the module doesn't always
# load early enough for sensors to be available. This service ensures it
# is loaded after multi-user.target.
systemd.services = { systemd.services = {
load-k10temp = { load-k10temp = {
description = "Load k10temp manually cause it wont otherwise"; description = "Load k10temp kernel module";
script = '' script = "${pkgs.kmod}/bin/modprobe k10temp";
${pkgs.kmod}/bin/modprobe k10temp
'';
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
lactd = lib.mkIf cfg.lact.enable { lactd = lib.mkIf cfg.lact.enable {
@@ -78,17 +73,10 @@ in
bash bash
lact lact
]; ];
script = '' script = "lact daemon";
lact daemon
'';
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ]; after = [ "multi-user.target" ];
}; };
}; };
# Configure environment
environment = {
systemPackages = with pkgs; lib.mkIf cfg.lact.enable [ lact ];
};
}; };
} }

5
modules/nixos/power/default.nix
View File

@@ -59,10 +59,5 @@ in
}; };
}; };
services = {
apcupsd = {
enable = true;
};
};
}; };
} }

31
modules/nixos/services/authentik/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.authentik = {
enable = mkEnableOption "authentik identity provider";
port = mkOption {
type = types.port;
default = 9000;
description = "Port for authentik web interface";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for authentik";
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to environment file containing authentik secrets";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/authentik";
description = "Data directory for authentik";
};
};
}

6
modules/nixos/services/mongodb/default.nix
View File

@@ -14,11 +14,11 @@ let
description = "mongodb"; description = "mongodb";
options = { }; options = { };
moduleConfig = { moduleConfig = {
virtualisation.oci-containers.containers."${cfg.name}" = { virtualisation.oci-containers.containers."${name}" = {
autoStart = true; autoStart = true;
image = "mongo"; image = "mongo";
ports = [ "${cfg.port}:27017" ]; ports = [ "${toString cfg.port}:27017" ];
volumes = [ "${cfg.configPath}/mongodb:/data/db" ]; volumes = [ "${cfg.configDir}/mongodb:/data/db" ];
extraOptions = [ "--network-alias=mongo" ]; extraOptions = [ "--network-alias=mongo" ];
# environmentFiles = cfg.environmentFiles; # environmentFiles = cfg.environmentFiles;
environment = { environment = {

2
modules/nixos/services/nebula-lighthouse/sops.nix
View File

@@ -37,7 +37,7 @@ in
sopsFile = (lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"); sopsFile = (lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml");
owner = "nebula-jallen-nebula"; owner = "nebula-jallen-nebula";
group = "nebula-jallen-nebula"; group = "nebula-jallen-nebula";
restartUnits = [ "nebula@v-nebula.service" ]; restartUnits = [ "nebula@jallen-nebula.service" ];
}; };
}; };
}; };

47
modules/nixos/services/owncloud/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.free-games-claimer = {
enable = mkEnableOption "free-games-claimer docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
httpPort = mkOption {
type = types.str;
default = "6080";
};
name = mkOption {
type = types.str;
default = "free-games-claimer";
};
image = mkOption {
type = types.str;
default = "ghcr.io/vogler/free-games-claimer";
};
dataPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/free-games-claimer";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

15
modules/nixos/shell/default.nix
View File

@@ -1,15 +0,0 @@
{ lib, ... }:
{
programs = {
zsh.enable = lib.mkForce true;
gnupg.agent = {
enable = lib.mkDefault true;
enableSSHSupport = lib.mkDefault true;
};
nix-index = {
enable = lib.mkDefault true;
enableBashIntegration = lib.mkDefault false;
enableZshIntegration = lib.mkDefault true;
};
};
}

125
modules/nixos/sops/default.nix
View File

@@ -6,114 +6,39 @@
... ...
}: }:
let let
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); cfg = config.${namespace}.sops;
defaultSops = lib.snowfall.fs.get-file "secrets/secrets.yaml";
isx86 = system == "x86_64-linux"; isx86 = system == "x86_64-linux";
user = config.${namespace}.user.name; user = config.${namespace}.user.name;
in in
{ {
# Permission modes are in octal representation (same as chmod), config = lib.mkIf cfg.enable {
# the digits represent: user|group|others sops = {
# 7 - full (rwx) defaultSopsFile = if cfg.defaultSopsFile != null then cfg.defaultSopsFile else defaultSops;
# 6 - read and write (rw-) age.sshKeyPaths = cfg.sshKeyPaths;
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ secrets = {
# Secrets "wifi" = { };
# ------------------------------
secrets = {
"wifi" = { };
"matt_password" = { "matt_password" = {
neededForUsers = true; neededForUsers = true;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
};
"disk-key".mode = "0600";
"secureboot/GUID" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/db-key" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/db-pem" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/KEK-key" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/KEK-pem" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/PK-key" = lib.mkIf isx86 { mode = "0600"; };
"secureboot/keys/PK-pem" = lib.mkIf isx86 { mode = "0600"; };
}; };
"disk-key" = { templates = { };
mode = "0600";
};
# ------------------------------
# SSH keys
# ------------------------------
# "ssh-keys-public/desktop-nixos" = {
# sopsFile = sharedSops;
# mode = "0644";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos" = {
# sopsFile = sharedSops;
# mode = "0600";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-public/desktop-nixos-root" = {
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519.pub";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos-root" = {
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = lib.mkIf isx86 {
# path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = lib.mkIf isx86 {
# path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
# ------------------------------
# Templates
# ------------------------------
templates = {
# ...
}; };
}; };
} }

2
modules/nixos/virtualization/default.nix
View File

@@ -4,6 +4,6 @@
virtualisation = { virtualisation = {
libvirtd.enable = lib.mkDefault true; libvirtd.enable = lib.mkDefault true;
podman.enable = lib.mkDefault true; podman.enable = lib.mkDefault true;
waydroid.enable = lib.mkDefault true; waydroid.enable = lib.mkDefault false;
}; };
} }