mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
mjallen18
2025-09-03 17:54:33 -05:00
parent 67b840c40f
commit c4911b9d5f
31 changed files with 339 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/home/sops/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}:
let

72
modules/nixos/boot/common/default.nix
View File

@@ -1,35 +1,69 @@
{
config,
pkgs,
system,
lib,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt mkBoolOpt;
cfg = config.${namespace}.boot.common;
isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
in
{
boot = {
kernelParams = [
"quiet"
];
options.${namespace}.boot.common = {
enable = mkBoolOpt true "Enable common boot stuff";
binfmt = lib.mkIf isArm {
registrations."x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${lib.getExe pkgs.box64}";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
yubikeyEncryption = mkBoolOpt false "Enable Yubikey root encryption";
yubikeyGracePeriod = mkOpt types.int 180 "Time to wait for yubikey in seconds";
};
config = mkIf cfg.enable {
boot = {
kernelParams = [
"quiet"
];
binfmt = lib.mkIf isArm {
registrations."x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${lib.getExe pkgs.box64}";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
supportedFilesystems = [ "bcachefs" ];
consoleLogLevel = lib.mkForce 3;
bootspec.enable = (!isArm);
initrd = {
luks = mkIf cfg.yubikeyEncryption {
devices = {
"${config.disko.devices.disk.main.content.partitions.root.name}" = {
yubikey = {
storage = {
device = "/dev/disk/by-label/${config.disko.devices.disk.main.content.partitions.root.name}";
fsType = config.${namespace}.hardware.disko.filesystem;
path = "/";
};
slot = 2;
twoFactor = false;
gracePeriod = yubikeyGracePeriod;
};
};
};
};
};
};
supportedFilesystems = [ "bcachefs" ];
consoleLogLevel = lib.mkForce 3;
bootspec.enable = (!isArm);
zramSwap.enable = lib.mkDefault true;
};
zramSwap.enable = lib.mkDefault true;
}

9
modules/nixos/boot/systemd-boot/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
@@ -26,4 +31,4 @@ in
};
};
};
}
}

13
modules/nixos/desktop/hyprland/options.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, namespace, ... }:
{
lib,
pkgs,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
@@ -14,9 +19,9 @@ in
enable = mkEnableOption "enable hyprland desktop environment";
wallpaperSource = mkOpt (types.enum [
"bing"
"nasa"
]) "bing" "Source for the wallpaper (bing or nasa)";
"bing"
"nasa"
]) "bing" "Source for the wallpaper (bing or nasa)";
wallpaper = mkOpt types.path "/var/lib/wallpapers/current.jpg" "Path to the wallpaper folder";

10
modules/nixos/desktop/hyprland/wallpapers/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
@@ -173,4 +179,4 @@ in
};
};
};
}
}

1
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -58,6 +58,7 @@ let
# BCacheFS root partition configuration
bcachefsRoot = {
name = "bcachefs-root";
size = "100%";
content = {
type = "bcachefs";

26
modules/nixos/hardware/raspberry-pi/default.nix
View File

@@ -23,20 +23,18 @@ in
config = lib.mkIf cfg.enable {
# Common Raspberry Pi packages
environment.systemPackages =
with pkgs;
[
i2c-tools
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
erofs-utils
fex
squashfuse
squashfsTools
];
environment.systemPackages = with pkgs; [
i2c-tools
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
erofs-utils
fex
squashfuse
squashfsTools
];
# Common Bluetooth configuration
systemd.services.btattach = {

56
modules/nixos/impermanence/default.nix
View File

@@ -19,29 +19,33 @@ in
};
# extraDirectories = mkOpt (types.listOf types.path) [ ] "Extra directory paths to add to impermanence";
extraDirectories = mkOpt (types.listOf (types.either types.str (types.submodule {
options = {
directory = mkOption {
type = types.str;
description = "Directory path";
};
user = mkOption {
type = types.str;
default = "root";
description = "Directory owner";
};
group = mkOption {
type = types.str;
default = "root";
description = "Directory group";
};
mode = mkOption {
type = types.str;
default = "u=rwx,g=rx,o=";
description = "Directory permissions";
};
};
}))) [ ] "Extra directory paths to add to impermanence";
extraDirectories = mkOpt (types.listOf (
types.either types.str (
types.submodule {
options = {
directory = mkOption {
type = types.str;
description = "Directory path";
};
user = mkOption {
type = types.str;
default = "root";
description = "Directory owner";
};
group = mkOption {
type = types.str;
default = "root";
description = "Directory group";
};
mode = mkOption {
type = types.str;
default = "u=rwx,g=rx,o=";
description = "Directory permissions";
};
};
}
)
)) [ ] "Extra directory paths to add to impermanence";
extraFiles = mkOpt (types.listOf types.path) [ ] "Extra file paths to add to impermanence";
};
@@ -79,10 +83,12 @@ in
group = "jallen-nas";
mode = "u=rwx,g=rx,o=rx";
}
] ++ cfg.extraDirectories;
]
++ cfg.extraDirectories;
files = [
"/etc/machine-id"
] ++ cfg.extraFiles;
]
++ cfg.extraFiles;
};
security.sudo.extraConfig = ''

25
modules/nixos/network/default.nix
View File

@@ -8,7 +8,7 @@ with lib;
let
cfg = config.${namespace}.network;
profiles =
profiles =
let
make =
name: profile:
@@ -21,16 +21,19 @@ let
autoconnect-priority = profile.priority;
interface-name = cfg.ipv4.interface;
};
ipv4 =
{
method = cfg.ipv4.method;
} // (if (cfg.ipv4.method == "auto") then { }
else
{
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
});
ipv4 = {
method = cfg.ipv4.method;
}
// (
if (cfg.ipv4.method == "auto") then
{ }
else
{
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
}
);
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";

42
modules/nixos/network/options.nix
View File

@@ -53,30 +53,40 @@ in
powersave = mkBoolOpt false "Whether to enable WiFi power saving.";
profiles = mkOpt (types.attrsOf (
types.submodule {
options = {
ssid = mkOpt types.str "" "SSID of the WiFi network.";
profiles =
mkOpt
(types.attrsOf (
types.submodule {
options = {
ssid = mkOpt types.str "" "SSID of the WiFi network.";
type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)";
type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)";
autoconnect = mkBoolOpt true "autoconnect to this connection";
autoconnect = mkBoolOpt true "autoconnect to this connection";
autoconnect-retries = mkOpt types.int (-1) "The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden)";
autoconnect-retries =
mkOpt types.int (-1)
"The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden)";
priority = mkOpt types.int 0 "connection priority in range -999 to 999. The higher number means higher priority.";
priority =
mkOpt types.int 0
"connection priority in range -999 to 999. The higher number means higher priority.";
psk = mkOpt types.str "$PSK" "PSK environment variable for the WiFi password.";
psk = mkOpt types.str "$PSK" "PSK environment variable for the WiFi password.";
keyMgmt = mkOpt types.str "sae" "Key management type (e.g., sae, wpa-psk).";
keyMgmt = mkOpt types.str "sae" "Key management type (e.g., sae, wpa-psk).";
};
}
))
{
"Joey's Jungle 6G" = {
priority = -900;
};
"Joey's Jungle 5G" = {
priority = -999;
};
}
))
{
"Joey's Jungle 6G" = { priority = -900; };
"Joey's Jungle 5G" = { priority = -999; };
}
"network profiles.";
"network profiles.";
};
hostId = mkOpt types.str "" "Host ID for ZFS and other services.";

9
modules/nixos/power/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
@@ -60,4 +65,4 @@ in
};
};
};
}
}

9
modules/nixos/security/tpm/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
# inherit (lib.${namespace}) mkOpt;
@@ -30,4 +35,4 @@ in
};
};
};
}
}

2
modules/nixos/services/nextcloud/default.nix
View File

@@ -138,7 +138,7 @@ in
soft_auto_provision = false;
allow_multiple_user_backends = false; # auto redirect to authentik for login
};
social_login_auto_redirect = true;
};
};

7
modules/nixos/services/samba/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, namespace, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.samba;

5
modules/nixos/sops/options.nix
View File

@@ -28,7 +28,10 @@ with lib;
type = types.listOf types.str;
default = [ "/etc/ssh/ssh_host_ed25519_key" ];
description = "List of SSH key paths to use for age decryption.";
example = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_rsa_key" ];
example = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
];
};
validateSopsFiles = mkOption {