From 06385f94f672bfae18a91633e42a804a96aba633 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 22 Apr 2026 12:30:34 -0500 Subject: [PATCH] restructure --- modules/features/authentik.nix | 7 +- modules/features/avahi.nix | 9 +- modules/features/code-server.nix | 7 +- modules/features/default.nix | 52 +++--- modules/features/docker.nix | 19 +- modules/features/dynamicDNS.nix | 8 +- modules/features/gitea.nix | 14 +- .../home-assistant/home-assistant.nix | 16 +- modules/features/hyprland.nix | 9 +- modules/features/jellyfin.nix | 15 +- modules/features/kdePlasma6.nix | 9 +- modules/features/n8n.nix | 7 +- modules/features/netbird/netbird.nix | 21 +-- modules/features/nextcloud.nix | 7 +- modules/features/nginx.nix | 7 +- modules/features/novnc.nix | 14 +- modules/features/ntfy.nix | 7 +- modules/features/ollama.nix | 18 +- modules/features/openssh.nix | 9 +- modules/features/openwebui.nix | 9 +- modules/features/pihole.nix | 7 +- modules/features/pipewire.nix | 9 +- modules/features/portainer.nix | 7 +- modules/features/sandbox.nix | 7 +- modules/features/sddm.nix | 7 +- modules/features/searxng/searxng.nix | 7 +- modules/features/steam.nix | 7 +- modules/features/traefik/traefik.nix | 7 +- modules/features/users.nix | 138 -------------- modules/features/virtual-machines.nix | 9 +- modules/features/wyoming.nix | 174 +----------------- .../{default.nix => configuration.nix} | 15 -- modules/hosts/homebox/config.nix | 130 ------------- modules/hosts/homebox/configuration.nix | 125 +++++++++++++ modules/hosts/homebox/default.nix | 121 +----------- .../hosts/homebox/hardware-configuration.nix | 2 +- modules/hosts/iso/configuration.nix | 48 +++++ modules/hosts/iso/default.nix | 93 +--------- modules/hosts/jesstop/configuration.nix | 113 ++++++++++++ modules/hosts/jesstop/default.nix | 135 +------------- .../hosts/jesstop/hardware-configuration.nix | 2 +- modules/hosts/laptop/config.nix | 125 ------------- modules/hosts/laptop/configuration.nix | 135 ++++++++++++++ modules/hosts/laptop/default.nix | 121 +----------- .../hosts/laptop/hardware-configuration.nix | 2 +- modules/hosts/live/configuration.nix | 60 ++++++ modules/hosts/live/default.nix | 126 +------------ modules/hosts/pi4/configuration.nix | 87 +++++++++ modules/hosts/pi4/default.nix | 142 +------------- modules/hosts/pi4/hardware-configuration.nix | 2 +- modules/users/nathan/nathan.nix | 23 ++- 51 files changed, 698 insertions(+), 1552 deletions(-) delete mode 100644 modules/features/users.nix rename modules/hosts/container/{default.nix => configuration.nix} (89%) delete mode 100644 modules/hosts/homebox/config.nix create mode 100644 modules/hosts/homebox/configuration.nix create mode 100644 modules/hosts/iso/configuration.nix create mode 100644 modules/hosts/jesstop/configuration.nix delete mode 100644 modules/hosts/laptop/config.nix create mode 100644 modules/hosts/laptop/configuration.nix create mode 100644 modules/hosts/live/configuration.nix create mode 100644 modules/hosts/pi4/configuration.nix diff --git a/modules/features/authentik.nix b/modules/features/authentik.nix index 9fe12fa..297444d 100644 --- a/modules/features/authentik.nix +++ b/modules/features/authentik.nix @@ -10,12 +10,7 @@ in { - options.sysconfig.docker.authentik.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) { + config = { networking.firewall.interfaces = { "ve-traefik" = { diff --git a/modules/features/avahi.nix b/modules/features/avahi.nix index 6a47263..63fa6d3 100644 --- a/modules/features/avahi.nix +++ b/modules/features/avahi.nix @@ -2,14 +2,7 @@ flake.nixosModules.avahi = { config, lib, ... }: { - options = { - sysconfig.services.avahi.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.services.avahi.enable { + config = { services.avahi = { diff --git a/modules/features/code-server.nix b/modules/features/code-server.nix index da626bc..d0772cc 100644 --- a/modules/features/code-server.nix +++ b/modules/features/code-server.nix @@ -2,12 +2,7 @@ flake.nixosModules.code-server = { config, lib, ... }: { - options.sysconfig.containers.code-server.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.code-server.enable { + config = { containers.code-server = { diff --git a/modules/features/default.nix b/modules/features/default.nix index 8f548c9..bac376b 100644 --- a/modules/features/default.nix +++ b/modules/features/default.nix @@ -2,48 +2,26 @@ flake.nixosModules.default = { config, lib, pkgs, ... }: { - options.sysconfig = with lib; { - host = mkOption { - type = with types; nullOr str; - default = null; - }; - graphical = mkOption { - type = with types; bool; - default = config.hardware.graphics.enable; - }; - remoteBuildHost = mkOption { - type = with types; bool; - default = false; - }; - remoteBuildClient = mkOption { - type = with types; bool; - default = false; - }; - }; - imports = [ inputs.sops-nix.nixosModules.sops ]; config = { - networking.hostName = lib.mkDefault config.sysconfig.host; - nix = { nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; channel.enable = false; settings = { experimental-features = [ "nix-command" "flakes" ]; - builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true; - trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ]; + builders-use-substitutes = lib.mkIf true; - substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; }; - distributedBuilds = config.sysconfig.remoteBuildClient; - buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [ + distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey"); + buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [ { hostName = "esotericbytes.com"; sshUser = "remote-builder"; @@ -59,12 +37,18 @@ ]; }; - users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { + users.users."remote-builder" = lib.mkIf (builtins.any + (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) + (builtins.attrNames config.sops.secrets) + ) { isNormalUser = true; createHome = false; }; - sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { + sops.templates."remote-builder" = lib.mkIf (builtins.any + (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) + (builtins.attrNames config.sops.secrets) + ) { content = builtins.concatStringsSep ''''\n'' (builtins.map (y: config.sops.placeholder.${y}) (builtins.filter @@ -81,6 +65,14 @@ defaultSopsFormat = "yaml"; }; + programs.fuse.userAllowOther = true; + + home-manager = { + backupFileExtension = "backup"; + useUserPackages = true; + sharedModules = []; + }; + time.timeZone = lib.mkDefault "America/Chicago"; i18n = lib.mkDefault { diff --git a/modules/features/docker.nix b/modules/features/docker.nix index f8c1783..5ac0c70 100644 --- a/modules/features/docker.nix +++ b/modules/features/docker.nix @@ -2,19 +2,7 @@ flake.nixosModules.docker = { config, lib, pkgs, ... }: { - options.sysconfig.docker = { - enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - nvidia = with lib; mkOption { - type = with types; bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.docker.enable { + config = { networking.nat.internalInterfaces = [ "docker0" "docker-main" ]; @@ -29,7 +17,10 @@ }; }; - hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia; + hardware.nvidia-container-toolkit.enable = lib.mkDefault (builtins.any + (x: x == "nvidia") + config.services.xserver.videoDrivers + ); systemd.services."docker-network-setup" = { path = [ pkgs.docker ]; diff --git a/modules/features/dynamicDNS.nix b/modules/features/dynamicDNS.nix index 622fa53..dbe9be9 100644 --- a/modules/features/dynamicDNS.nix +++ b/modules/features/dynamicDNS.nix @@ -2,13 +2,7 @@ flake.nixosModules.dynamicDNS = { config, lib, pkgs, ... }: { - options.sysconfig.services.dynamicDNS.enable = with lib; mkOption { - - type = with types; bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.services.dynamicDNS.enable { + config = { systemd.timers.dynamicDNS = { diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 18f9b4d..237c650 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -2,12 +2,7 @@ flake.nixosModules.gitea = { config, lib, ... }: { - options.sysconfig.containers.gitea.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.gitea.enable { + config = { networking = { nat.internalInterfaces = [ "ve-gitea" ]; @@ -121,12 +116,7 @@ in { - options.sysconfig.docker."${name}".enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { + config = { virtualisation.oci-containers.containers."${name}" = { diff --git a/modules/features/home-assistant/home-assistant.nix b/modules/features/home-assistant/home-assistant.nix index 0b21054..c4d152f 100644 --- a/modules/features/home-assistant/home-assistant.nix +++ b/modules/features/home-assistant/home-assistant.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker.home-assistant.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) { + config = { environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml; @@ -61,14 +56,7 @@ flake.nixosModules.home-assistant-vm = { config, lib, ... }: { - options.sysconfig.virtual-machines.home-assistant = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.virtual-machines.home-assistant.enable { + config = { }; }; diff --git a/modules/features/hyprland.nix b/modules/features/hyprland.nix index 6323816..ab2d231 100644 --- a/modules/features/hyprland.nix +++ b/modules/features/hyprland.nix @@ -2,14 +2,7 @@ flake.nixosModules.hyprland = { config, lib, pkgs, ... }: { - options.sysconfig.programs.hyprland.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.programs.hyprland.enable { - - sysconfig.services.sddm.enable = lib.mkDefault true; + config = { environment.sessionVariables.NIXOS_OZONE_WL = "1"; diff --git a/modules/features/jellyfin.nix b/modules/features/jellyfin.nix index bf768fe..e221762 100644 --- a/modules/features/jellyfin.nix +++ b/modules/features/jellyfin.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker.jellyfin.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) { + config = { networking.firewall.allowedUDPPorts = [ 7359 ]; @@ -50,9 +45,11 @@ "traefik.http.services.${name}.loadbalancer.server.port" = "8096"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--device=nvidia.com/gpu=all" - "--ip=192.168.101.21" + extraOptions = lib.mkMerge [ + (lib.mkIf config.hardware.nvidia-container-toolkit.enable [ + "--device=nvidia.com/gpu=all" + ]) + [ "--ip=192.168.101.21" ] ]; environment = { diff --git a/modules/features/kdePlasma6.nix b/modules/features/kdePlasma6.nix index 52cba0a..f53385b 100644 --- a/modules/features/kdePlasma6.nix +++ b/modules/features/kdePlasma6.nix @@ -2,17 +2,10 @@ flake.nixosModules.kdePlasma6 = { config, lib, pkgs, ... }: { - options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.services.kdePlasma6.enable { + config = { services.desktopManager.plasma6.enable = true; - sysconfig.services.sddm.enable = lib.mkDefault true; - environment.systemPackages = with pkgs; [ kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice kdePackages.kcalc # Calculator diff --git a/modules/features/n8n.nix b/modules/features/n8n.nix index dfd400e..8519ff0 100644 --- a/modules/features/n8n.nix +++ b/modules/features/n8n.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker."${name}".enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { + config = { virtualisation.oci-containers.containers."${name}" = { diff --git a/modules/features/netbird/netbird.nix b/modules/features/netbird/netbird.nix index e55357f..aefa5a1 100644 --- a/modules/features/netbird/netbird.nix +++ b/modules/features/netbird/netbird.nix @@ -3,22 +3,14 @@ flake.nixosModules.netbird = { config, lib, pkgs, ... }: { - options.sysconfig = { - - services.netbird.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - config = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; - in lib.mkIf config.sysconfig.services.netbird.enable { + in { services.netbird = { - enable = lib.mkDefault config.sysconfig.services.netbird.enable; + enable = lib.mkDefault true; clients.default = { port = 51820; @@ -27,7 +19,7 @@ hardened = false; ui = { - enable = lib.mkDefault config.sysconfig.graphical; + enable = lib.mkDefault config.hardware.graphics.enable; #package = pkgs-us.netbird-ui; #package = pkgs.netbird-ui; }; @@ -41,12 +33,7 @@ flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: { - options.sysconfig.docker.netbird.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) { + config = { networking.firewall.allowedUDPPorts = [ 3478 ]; diff --git a/modules/features/nextcloud.nix b/modules/features/nextcloud.nix index c11b94e..6b3334e 100644 --- a/modules/features/nextcloud.nix +++ b/modules/features/nextcloud.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker.nextcloud.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) { + config = { virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = { image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751"; diff --git a/modules/features/nginx.nix b/modules/features/nginx.nix index 412ead2..8650e5e 100644 --- a/modules/features/nginx.nix +++ b/modules/features/nginx.nix @@ -2,12 +2,7 @@ flake.nixosModules.nginx = { config, lib, ... }: { - options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable { + config = { containers.esotericbytes-com = { diff --git a/modules/features/novnc.nix b/modules/features/novnc.nix index 73c2012..5476685 100644 --- a/modules/features/novnc.nix +++ b/modules/features/novnc.nix @@ -2,12 +2,7 @@ flake.nixosModules.novnc = { config, lib, pkgs, ... }: { - options.sysconfig.services.novnc.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.services.novnc.enable { + config = { systemd.services.novnc = { enable = true; @@ -33,12 +28,7 @@ flake.nixosModules.novnc-container = { config, lib, pkgs, ... }: { - options.sysconfig.containers.novnc.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.novnc.enable { + config = { networking = { firewall.interfaces."ve-novnc" = { diff --git a/modules/features/ntfy.nix b/modules/features/ntfy.nix index f525819..adf0bd1 100644 --- a/modules/features/ntfy.nix +++ b/modules/features/ntfy.nix @@ -2,12 +2,7 @@ flake.nixosModules.ntfy = { config, lib, ... }: { - options.sysconfig.containers.ntfy.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.ntfy.enable { + config = { containers.ntfy = { diff --git a/modules/features/ollama.nix b/modules/features/ollama.nix index 3f3add5..750c9bb 100644 --- a/modules/features/ollama.nix +++ b/modules/features/ollama.nix @@ -2,14 +2,7 @@ flake.nixosModules.ollama = { config, lib, ... }: { - options = { - sysconfig.services.ollama.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.services.ollama.enable { + config = { services.ollama = { enable = true; acceleration = "cuda"; @@ -36,12 +29,7 @@ in { - options.sysconfig.docker.ollama.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) { + config = { environment.systemPackages = with pkgs; [ ollama @@ -88,7 +76,7 @@ "traefik.http.services.${name}.loadbalancer.server.port" = "11434"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [ "--device=nvidia.com/gpu=all" "--ip=192.168.101.22" ]; diff --git a/modules/features/openssh.nix b/modules/features/openssh.nix index 087930b..bb664b4 100644 --- a/modules/features/openssh.nix +++ b/modules/features/openssh.nix @@ -2,14 +2,7 @@ flake.nixosModules.openssh = { config, lib, ... }: { - options = { - sysconfig.services.openssh.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) { + config = { services.openssh = { enable = true; diff --git a/modules/features/openwebui.nix b/modules/features/openwebui.nix index 8017051..8391bb4 100644 --- a/modules/features/openwebui.nix +++ b/modules/features/openwebui.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker.openwebui.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) { + config = { virtualisation.oci-containers.containers.openwebui = { image = "ghcr.io/open-webui/open-webui:v0.7.2"; @@ -45,7 +40,7 @@ "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [ "--device=nvidia.com/gpu=all" "--ip=192.168.101.8" ]; diff --git a/modules/features/pihole.nix b/modules/features/pihole.nix index a89e03a..3b87ab3 100644 --- a/modules/features/pihole.nix +++ b/modules/features/pihole.nix @@ -10,12 +10,7 @@ in { - options.sysconfig.docker.pihole.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) { + config = { virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ]; diff --git a/modules/features/pipewire.nix b/modules/features/pipewire.nix index 2e1aa70..8173845 100644 --- a/modules/features/pipewire.nix +++ b/modules/features/pipewire.nix @@ -2,14 +2,7 @@ flake.nixosModules.pipewire = { config, lib, pkgs, ... }: { - options = { - sysconfig.services.pipewire.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.services.pipewire.enable { + config = { # Enable sound with pipewire. #sound.enable = true; diff --git a/modules/features/portainer.nix b/modules/features/portainer.nix index 08dd469..4c5f4bf 100644 --- a/modules/features/portainer.nix +++ b/modules/features/portainer.nix @@ -10,12 +10,7 @@ in { - options.sysconfig.docker.portainer.enable = with lib; mkOption { - type = with types; bool; - default = true; - }; - - config = lib.mkIf (config.sysconfig.docker.portainer.enable && config.sysconfig.docker.enable) { + config = { networking.firewall.interfaces = { "ve-traefik" = { diff --git a/modules/features/sandbox.nix b/modules/features/sandbox.nix index d7921d7..73a3621 100644 --- a/modules/features/sandbox.nix +++ b/modules/features/sandbox.nix @@ -2,12 +2,7 @@ flake.nixosModules.sandbox = { config, lib, self, ... }: { - options.sysconfig.containers.sandbox.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.sandbox.enable { + config = { networking = { diff --git a/modules/features/sddm.nix b/modules/features/sddm.nix index e5503b8..a911d39 100644 --- a/modules/features/sddm.nix +++ b/modules/features/sddm.nix @@ -2,12 +2,7 @@ flake.nixosModules.sddm = { config, lib, pkgs, ... }: { - options.sysconfig.services.sddm.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.services.sddm.enable { + config = { qt.enable = true; diff --git a/modules/features/searxng/searxng.nix b/modules/features/searxng/searxng.nix index 0b499b4..d8f01cb 100644 --- a/modules/features/searxng/searxng.nix +++ b/modules/features/searxng/searxng.nix @@ -8,12 +8,7 @@ in { - options.sysconfig.docker.searxng.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) { + config = { environment.etc."searxng/settings.yml".source = ./settings.yml; diff --git a/modules/features/steam.nix b/modules/features/steam.nix index 23d2025..c377915 100644 --- a/modules/features/steam.nix +++ b/modules/features/steam.nix @@ -2,12 +2,7 @@ flake.nixosModules.steam = { config, lib, ... }: { - options.sysconfig.programs.steam.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.programs.steam.enable { + config = { programs.steam = { enable = true; diff --git a/modules/features/traefik/traefik.nix b/modules/features/traefik/traefik.nix index a28d5f4..479d67b 100644 --- a/modules/features/traefik/traefik.nix +++ b/modules/features/traefik/traefik.nix @@ -2,12 +2,7 @@ flake.nixosModules.traefik = { config, lib, ... }: { - options.sysconfig.docker.traefik.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) { + config = { networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ]; diff --git a/modules/features/users.nix b/modules/features/users.nix deleted file mode 100644 index da12185..0000000 --- a/modules/features/users.nix +++ /dev/null @@ -1,138 +0,0 @@ -{ self, ... }: { - - flake.nixosModules.default = { config, lib, pkgs, ... }: { - - options.sysconfig = with lib; { - - sshHostKeys = lib.mkOption { - type = with lib.types; attrsOf str; - default = {}; - }; - - users = let - - userType = types.submodule ({ name, ... }: { - options = with lib; { - name = mkOption { - type = with types; passwdEntry str; - default = name; - }; - - home-manager = { - enable = mkOption { - type = with types; bool; - default = false; - }; - - standalone = mkOption { - type = with types; bool; - default = true; - description = "is this home-manager standalone?"; - }; - - extraModules = mkOption { - type = with types; listOf raw; - default = []; - }; - }; - - isSuperuser = mkOption { - type = with types; bool; - default = false; - description = "sudo?"; - }; - - usePresets = mkOption { - type = with types; bool; - default = true; - description = "search for predefined settings?"; - }; - - ssh = { - keys = mkOption { - type = with types; listOf str; - default = []; - description = "public keys used to login as this user"; - }; - - hosts = mkOption { - type = with types; listOf str; - default = []; - description = "user@host's used to login as this user"; - }; - }; - - - uid = mkOption { - type = with types; nullOr int; - default = null; - }; - - hashedPasswordFile = mkOption { - type = with types; nullOr str; - default = null; - }; - - extraGroups = mkOption { - type = with types; listOf str; - default = []; - }; - - shell = mkOption { - type = with types; package; - default = pkgs.shadow; - }; - }; - }); - - in lib.mkOption { - type = with lib.types; attrsOf userType; - default = {}; - }; - }; - - - config = { - users.users = builtins.mapAttrs (x: y: let - cfg = config.sysconfig.users.${x}; - in { - name = cfg.name; - isNormalUser = true; - uid = cfg.uid; - hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; - shell = cfg.shell; - extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []); - openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts)); - packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ]; - }) config.sysconfig.users; - - programs.fuse.userAllowOther = true; - - home-manager = { - backupFileExtension = "backup"; - useUserPackages = true; - sharedModules = []; - users = builtins.listToAttrs (builtins.map - (x: { - name = x; - value = (lib.mkMerge ([ - - (lib.mkIf (self.homeModules ? ${x}) self.homeModules.${x}) - - ] ++ config.sysconfig.users.${x}.home-manager.extraModules)); - }) - (builtins.filter - (y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone)) - (builtins.attrNames config.sysconfig.users) - ) - ); - - }; - - nix.settings.trusted-users = (builtins.filter - (y: config.sysconfig.users.${y}.isSuperuser) - (builtins.attrNames config.sysconfig.users) - ); - }; - }; -} diff --git a/modules/features/virtual-machines.nix b/modules/features/virtual-machines.nix index 374dd6d..c15e43c 100644 --- a/modules/features/virtual-machines.nix +++ b/modules/features/virtual-machines.nix @@ -2,12 +2,7 @@ flake.nixosModules.virtual-machines = { config, lib, pkgs, ... }: { - options.sysconfig.virtual-machines.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.virtual-machines.enable { + config = { programs.virt-manager.enable = true; virtualisation = { @@ -19,7 +14,7 @@ spiceUSBRedirection.enable = true; }; - environment.systemPackages = with pkgs; lib.mkIf config.sysconfig.graphical [ + environment.systemPackages = with pkgs; lib.mkIf config.hardware.graphics.enable [ virt-viewer ]; }; diff --git a/modules/features/wyoming.nix b/modules/features/wyoming.nix index e2d4e41..cb49acb 100644 --- a/modules/features/wyoming.nix +++ b/modules/features/wyoming.nix @@ -2,44 +2,21 @@ flake.nixosModules.wyoming = { config, lib, ... }: { - options.sysconfig.services.wyoming = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - piper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - openwakeword = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - faster-whisper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - satellite = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.services.wyoming.enable { + config = { services.wyoming = { - piper = lib.mkIf config.sysconfig.services.wyoming.piper { + piper = { servers.piper = { - enable = true; + enable = lib.mkDefault true; voice = "en-us-ryan-medium"; uri = "tcp://0.0.0.0:11435"; }; }; - openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword { - enable = true; + openwakeword = { + enable = lib.mkDefault true; uri = "tcp://0.0.0.0:11432"; threshold = 0.5; @@ -48,9 +25,9 @@ ]; }; - faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper { + faster-whisper = { servers.whisper = { - enable = true; + enable = lib.mkDefault true; device = "auto"; language = "en"; model = "medium.en"; @@ -58,145 +35,12 @@ }; }; - satellite = lib.mkIf config.sysconfig.services.wyoming.satellite { - enable = true; + satellite = { + enable = lib.mkDefault true; uri = "tcp://0.0.0.0:11431"; }; }; }; }; - - flake.nixosModules.wyoming-container = { config, lib, ... }: { - - options.sysconfig.containers.wyoming = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - piper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - openwakeword = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - faster-whisper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - satellite = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.containers.wyoming.enable { - - containers.wyoming = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.26"; - - bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { - "/dev/nvidia0" = { - hostPath = "/dev/nvidia0"; - isReadOnly = false; - }; - "/dev/nvidiactl" = { - hostPath = "/dev/nvidiactl"; - isReadOnly = false; - }; - "/dev/nvidia-uvm" = { - hostPath = "/dev/nvidia-uvm"; - isReadOnly = false; - }; - "/dev/nvidia-modeset" = { - hostPath = "/dev/nvidia-modeset"; - isReadOnly = false; - }; - "/dev/nvidia-uvm-tools" = { - hostPath = "/dev/nvidia-uvm-tools"; - isReadOnly = false; - }; - }; - - allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [ - { - node = "/dev/nvidia0"; - modifier = "rw"; - } - { - node = "/dev/nvidiactl"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm"; - modifier = "rw"; - } - { - node = "/dev/nvidia-modeset"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm-tools"; - modifier = "rw"; - } - ]; - - config = { - - networking.firewall = { - allowedTCPPorts = [ 11431 11432 11433 11435 ]; - }; - - services.wyoming = { - - piper = lib.mkIf config.sysconfig.containers.wyoming.piper { - - servers.piper = { - enable = true; - voice = "en-us-ryan-medium"; - uri = "tcp://0.0.0.0:11435"; - }; - }; - - openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword { - enable = true; - uri = "tcp://0.0.0.0:11432"; - - threshold = 0.5; - customModelsDirectories = [ -#./wake_words - ]; - }; - - faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { - servers.whisper = { - enable = true; - device = "auto"; - language = "en"; - model = "medium.en"; - uri = "tcp://0.0.0.0:11433"; - }; - }; - - satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite { - enable = true; - uri = "tcp://0.0.0.0:11431"; -#user = "nathan"; - vad.enable = false; - }; - }; - - system.stateVersion = "25.05"; - }; - }; - - }; - }; - } diff --git a/modules/hosts/container/default.nix b/modules/hosts/container/configuration.nix similarity index 89% rename from modules/hosts/container/default.nix rename to modules/hosts/container/configuration.nix index c6d5ede..7321005 100644 --- a/modules/hosts/container/default.nix +++ b/modules/hosts/container/configuration.nix @@ -136,21 +136,6 @@ }; }; - sysconfig = { - opts = { - novnc.enable = true; - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; - hyprpanel.enable = false; - hyprland.enable = false; - kdePlasma6.enable = true; - git.enable = true; - nh.enable = true; - netbird.enable = true; - }; - }; - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; }; diff --git a/modules/hosts/homebox/config.nix b/modules/hosts/homebox/config.nix deleted file mode 100644 index 701f91c..0000000 --- a/modules/hosts/homebox/config.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ self, inputs, ... }: { - - flake.nixosConfigurations."homebox" = inputs.nixpkgs.lib.nixosSystem { - - modules = [ - self.nixosModules.homebox - self.diskoConfigurations.homebox - ]; - }; - - flake.nixosModules.homebox = { config, lib, pkgs, ... }: - - { - - config = { - - services = { - xserver = { - enable = false; - videoDrivers = ["nvidia"]; - }; - displayManager = { - enable = false; - defaultSession = "hyprland"; - autoLogin = { - enable = true; - user = "nathan"; - }; - }; - pulseaudio.enable = false; - - hardware.openrgb = { - enable = true; - motherboard = "amd"; - }; - }; - - hardware = { - nvidia = { - open = true; - modesetting.enable = true; - nvidiaPersistenced = true; - }; - - bluetooth = { - enable = true; - powerOnBoot = false; - }; - }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - - secrets = { - "nathan/pass" = { - neededForUsers = true; - }; - - "remoteBuildClientKeys/laptop".sopsFile = ./../../system/secrets.yaml; - "remoteBuildClientKeys/pi4".sopsFile = ./../../system/secrets.yaml; - "remoteBuildClientKeys/android".sopsFile = ./../../system/secrets.yaml; - }; - }; - - sysconfig = { - - host = "homebox"; - - docker.nvidia = true; - - remoteBuildClient = false; - - users = { - nathan = { - isSuperuser = true; - extraGroups = [ "networkmanager" "docker" ]; - ssh.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp" - ]; - shell = pkgs.zsh; - hashedPasswordFile = config.sops.secrets."nathan/pass".path; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - virtual-machines = true; - hyprland.enable = false; - hypridle.enable = false; - wal.enable = true; - mpd.enable = true; - calcurse.enable = true; - rofi.enable = false; - firefox.enable = false; - git.enable = true; - nh.enable = true; - }; - - services.hypridle.enable = lib.mkForce false; - - home.packages = with pkgs; [ - wayvnc - openrgb - ]; - } - ]; - }; - }; - }; - }; - - - -# This value determines the NixOS release from which the default -# settings for stateful data, like file locations and database versions -# on your system were taken. It‘s perfectly fine and recommended to leave -# this value at the release version of the first install of this system. -# Before changing this value read the documentation for this option -# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - }; - - }; -} diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix new file mode 100644 index 0000000..2029b8e --- /dev/null +++ b/modules/hosts/homebox/configuration.nix @@ -0,0 +1,125 @@ +{ self, inputs, ... }: { + + + flake.nixosModules.homebox = { config, pkgs, lib, ... }: + { + imports = + [ + inputs.disko.nixosModules.default + + inputs.home-manager.nixosModules.default + + self.nixosModules.default + + ]; + + config = { + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_6_18; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + binfmt.emulatedSystems = [ "aarch64-linux" ]; + }; + + systemd.settings.Manager.DefaultLimitNOFILE = 2048; + + programs.zsh.enable = true; + environment.shells = with pkgs; [ zsh bashInteractive ]; + + nixpkgs.config.allowUnfree = true; + + networking = { + nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; + networkmanager = { + enable = true; + dns = "none"; + }; + useDHCP = false; + dhcpcd.enable = false; + + nftables = {}; + nat = { + enable = true; + internalInterfaces = [ "ve-.+" ]; + externalInterface = "wlp7s0"; # wifi +#externalInterface = "enp6s0"; # ethernet + }; + }; + + services.netbird.clients.default.environment = { + NB_EXTRA_DNS_LABELS = "server"; + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + services = { + xserver = { + enable = false; + videoDrivers = ["nvidia"]; + }; + displayManager = { + enable = false; + defaultSession = "hyprland"; + autoLogin = { + enable = true; + user = "nathan"; + }; + }; + pulseaudio.enable = false; + + hardware.openrgb = { + enable = true; + motherboard = "amd"; + }; + }; + + hardware = { + nvidia = { + open = true; + modesetting.enable = true; + nvidiaPersistenced = true; + }; + + bluetooth = { + enable = true; + powerOnBoot = false; + }; + }; + + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + + secrets = { + "nathan/pass" = { + neededForUsers = true; + }; + + "remoteBuildClientKeys/laptop".sopsFile = ./../../features/secrets.yaml; + "remoteBuildClientKeys/pi4".sopsFile = ./../../features/secrets.yaml; + "remoteBuildClientKeys/android".sopsFile = ./../../features/secrets.yaml; + }; + }; + + nix = { + settings = { + trusted-users = [ "remote-builder" ]; + }; + }; + + +# This value determines the NixOS release from which the default +# settings for stateful data, like file locations and database versions +# on your system were taken. It‘s perfectly fine and recommended to leave +# this value at the release version of the first install of this system. +# Before changing this value read the documentation for this option +# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + }; + + }; +} diff --git a/modules/hosts/homebox/default.nix b/modules/hosts/homebox/default.nix index 9dc8cb0..a00ec79 100644 --- a/modules/hosts/homebox/default.nix +++ b/modules/hosts/homebox/default.nix @@ -1,120 +1,11 @@ { self, inputs, ... }: { - flake.nixosModules.homebox = { config, pkgs, lib, ... }: - - { - imports = - [ - inputs.disko.nixosModules.default - - inputs.home-manager.nixosModules.default - - self.nixosModules.default - - ]; - - config = { - - boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_6_18; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ]; - }; - - systemd.settings.Manager.DefaultLimitNOFILE = 2048; - - programs.zsh.enable = true; - environment.shells = with pkgs; [ zsh bashInteractive ]; - - nixpkgs.config.allowUnfree = true; - - networking = { - nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; - networkmanager = { - enable = true; - dns = "none"; - }; - useDHCP = false; - dhcpcd.enable = false; - - nftables = {}; - nat = { - enable = true; - internalInterfaces = [ "ve-.+" ]; - externalInterface = "wlp7s0"; # wifi -#externalInterface = "enp6s0"; # ethernet - }; - }; - - services.netbird.clients.default.environment = { - NB_EXTRA_DNS_LABELS = "server"; - }; - - sysconfig = { - remoteBuildHost = true; - graphical = false; - - services = { - sddm.enable = false; - openssh.enable = true; - pipewire.enable = true; - netbird.enable = true; - - ollama.enable = false; - avahi.enable = true; - wyoming = { - enable = true; - piper = true; - openwakeword = true; - faster-whisper = true; - }; - }; - - programs = { - hyprland.enable = false; - steam.enable = false; - }; - - docker = { - enable = true; - - portainer.enable = true; - traefik.enable = true; - pihole.enable = true; - authentik.enable = true; - netbird.enable = true; - - openwebui.enable = true; - ollama.enable = true; - searxng.enable = true; - home-assistant.enable = true; - n8n.enable = true; - - nextcloud.enable = false; - jellyfin.enable = true; - }; - - containers = { - "esotericbytes.com".enable = true; - - gitea.enable = true; - - code-server.enable = true; - - sandbox.enable = false; - }; - - virtual-machines = { - enable = true; - }; - }; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - }; + flake.nixosConfigurations."homebox" = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.homebox + self.nixosModules.homebox-hardware + self.diskoConfigurations.homebox + ]; }; } diff --git a/modules/hosts/homebox/hardware-configuration.nix b/modules/hosts/homebox/hardware-configuration.nix index 7861c1c..6569d2c 100644 --- a/modules/hosts/homebox/hardware-configuration.nix +++ b/modules/hosts/homebox/hardware-configuration.nix @@ -1,6 +1,6 @@ { ... }: { - flake.nixosModules.homebox = { config, lib, pkgs, modulesPath, ... }: + flake.nixosModules.homebox-hardware = { config, lib, pkgs, modulesPath, ... }: { imports = diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix new file mode 100644 index 0000000..ed81d84 --- /dev/null +++ b/modules/hosts/iso/configuration.nix @@ -0,0 +1,48 @@ +{ self, inputs, ... }: { + + flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: { + + imports = with inputs; [ + + (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") + + self.nixosModules.default + self.nixosModules.aurora-greeter + + home-manager.nixosModules.default + + ]; + + config = { + + fonts.fontconfig.enable = lib.mkForce true; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ]; + + system.stateVersion = "25.11"; + + nixpkgs.hostPlatform = "x86_64-linux"; + + users.users."nathan" = { + hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; + packages = with pkgs; [ + git + nerd-fonts.fira-code + ]; + }; + + users.users.nixos.enable = lib.mkForce false; + + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh bashInteractive ]; + + }; + }; +} diff --git a/modules/hosts/iso/default.nix b/modules/hosts/iso/default.nix index 7d7793e..bc619bd 100644 --- a/modules/hosts/iso/default.nix +++ b/modules/hosts/iso/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, ... }: { +{ self, inputs, ...}: { perSystem = { config, system, pkgs, self', inputs', ... }: { packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage; @@ -11,96 +11,5 @@ ]; }; - flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: { - imports = with inputs; [ - - (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") - - self.nixosModules.default - self.nixosModules.aurora-greeter - - home-manager.nixosModules.default - - ]; - - config = { - - fonts.fontconfig.enable = lib.mkForce true; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ]; - - system.stateVersion = "25.11"; - - nixpkgs.hostPlatform = "x86_64-linux"; - - users.users."nathan" = { - hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; - packages = with pkgs; [ - git - nerd-fonts.fira-code - ]; - }; - - users.users.nixos.enable = lib.mkForce false; - - networking = { - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - programs.zsh.enable = true; - - environment.shells = with pkgs; [ zsh bashInteractive ]; - - sysconfig = { - host = "iso"; - graphical = true; - users = { - nathan = { - extraGroups = [ "wheel" "networkmanager" ]; - shell = pkgs.zsh; - ssh.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - hyprland.enable = true; - wal.enable = true; - mpd.enable = true; - rofi.enable = true; - firefox.enable = true; - git.enable = false; - nh.enable = true; - - aurora.enable = true; - }; - } - ]; - }; - }; - }; - - services = { - openssh.enable = true; - pipewire.enable = true; -#kdePlasma6.enable = true; - netbird.enable = true; -#ollama.enable = true; - }; - - programs = { -#steam.enable = true; - hyprland.enable = true; - }; - }; - }; - }; } diff --git a/modules/hosts/jesstop/configuration.nix b/modules/hosts/jesstop/configuration.nix new file mode 100644 index 0000000..2215ad2 --- /dev/null +++ b/modules/hosts/jesstop/configuration.nix @@ -0,0 +1,113 @@ +{ inputs, ... }: { + + flake.nixosModules.jesstop = { config, pkgs, lib, ... }: + + { + + config = { + + nixpkgs.config = { + allowUnfree = true; + }; + +# Bootloader. + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + + hardware = { + graphics.enable = true; + +#enable bluetooth + bluetooth.enable = true; + + }; + + services.pulseaudio.enable = false; + + environment.systemPackages = with pkgs; [ + alsa-utils + ]; + +# Enable the X11 windowing system. + services.xserver = { + enable = true; + desktopManager.enlightenment.enable = true; + }; + + services.acpid.enable = true; + + services.displayManager.enable = true; + +# Enable CUPS to print documents. + services.printing.enable = true; + + system.stateVersion = "23.05"; # Did you read the comment? + +# Set your time zone. + time.timeZone = "America/Chicago"; + +# Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + networking = { + hostName = "jesstop"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + + users.users."nickelback" = { + isNormalUser = true; + description = "Thomas Jefferson"; + initialPassword = "89453712"; +#hashedPasswordFile = config.sops.secrets."nathan/pass".path; + extraGroups = [ + "wheel" + "networkmanager" + ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = []; + + packages = with pkgs; [ + (writeShellScriptBin "beets" '' + bluetoothctl connect A4:16:C0:74:1F:55 + '') + + spotify + gnome-network-displays + discord + krita + rpcs3 + ]; + }; + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + + }; + }; +} diff --git a/modules/hosts/jesstop/default.nix b/modules/hosts/jesstop/default.nix index 82320cd..511a9a0 100644 --- a/modules/hosts/jesstop/default.nix +++ b/modules/hosts/jesstop/default.nix @@ -1,132 +1,11 @@ -{ inputs, ... }: { +{ self, inputs, ... }: { + + flake.nixosConfigurations."jesstop" = inputs.nixpkgs.lib.nixosSystem { - flake.nixosModules.jesstop = { config, pkgs, lib, ... }: - - { - - imports = [ -#inputs.home-manager.nixosModules.default - - inputs.sops-nix.nixosModules.sops + modules = [ + self.nixosModules.jesstop + self.nixosModules.jesstop-hardware ]; - - config = { - - nixpkgs.config = { - allowUnfree = true; - }; - -# Bootloader. - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - - systemd.extraConfig = "DefaultLimitNOFILE=2048"; - - hardware = { - graphics.enable = true; - -#enable bluetooth - bluetooth.enable = true; - - }; - - services.pulseaudio.enable = false; - - environment.systemPackages = with pkgs; [ - alsa-utils - ]; - - sysconfig.opts = { - sddm.enable = true; - openssh.enable = false; - steam.enable = true; - pipewire.enable = true; - hyprpanel.enable = false; - hyprland.enable = false; - git.enable = false; - nh.enable = true; - - }; - - -# Enable the X11 windowing system. - services.xserver = { - enable = true; - desktopManager.enlightenment.enable = true; - }; - - services.acpid.enable = true; - - services.displayManager.enable = true; - -# Enable CUPS to print documents. - services.printing.enable = true; - - system.stateVersion = "23.05"; # Did you read the comment? - -# Set your time zone. - time.timeZone = "America/Chicago"; - -# Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - networking = { - hostName = "jesstop"; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - - users.users."nickelback" = { - isNormalUser = true; - description = "Thomas Jefferson"; - initialPassword = "89453712"; -#hashedPasswordFile = config.sops.secrets."nathan/pass".path; - extraGroups = [ - "wheel" - "networkmanager" - ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = []; - - packages = with pkgs; [ - (writeShellScriptBin "beets" '' - bluetoothctl connect A4:16:C0:74:1F:55 - '') - - spotify - gnome-network-displays - discord - krita - rpcs3 - ]; - }; - - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - settings = { - experimental-features = [ "nix-command" "flakes" ]; - }; - }; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - - }; }; + } diff --git a/modules/hosts/jesstop/hardware-configuration.nix b/modules/hosts/jesstop/hardware-configuration.nix index b6e1ad4..62a7f48 100644 --- a/modules/hosts/jesstop/hardware-configuration.nix +++ b/modules/hosts/jesstop/hardware-configuration.nix @@ -1,6 +1,6 @@ { ... }: { - flake.nixosModules.jesstop = { config, lib, pkgs, modulesPath, ... }: + flake.nixosModules.jesstop-hardware = { config, lib, pkgs, modulesPath, ... }: { imports = diff --git a/modules/hosts/laptop/config.nix b/modules/hosts/laptop/config.nix deleted file mode 100644 index cf247af..0000000 --- a/modules/hosts/laptop/config.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ self, inputs, ... }: { - - flake.nixosConfigurations."laptop" = inputs.nixpkgs.lib.nixosSystem { - - modules = [ - self.nixosModules.laptop - ]; - }; - - flake.nixosModules.laptop = { config, pkgs, ... }: - - { - - config = { - - boot.kernelParams = [ "snd-intel-dspcfg.dsp_driver=1" ]; - - hardware = { - nvidia = { - modesetting.enable = true; - powerManagement.enable = true; - powerManagement.finegrained = true; - open = false; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - - prime = { -# Make sure to use the correct Bus ID values for your system! - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:1:0:0"; -# WARNING: sync and offload are mutually exclusive. -# You can only pick one!! -#sync.enable = true; - offload = { - enable = true; - enableOffloadCmd = true; - }; - }; - }; - }; - - sops = { - defaultSopsFile = ./secrets.yaml; - secrets = { - "nathan/pass" = { - neededForUsers = true; - }; - - remoteBuildKey = {}; - }; - }; - - services.wyoming.satellite.user = "nathan"; - - sysconfig = { - - host = "laptop"; - - services = { - wyoming = { - enable = true; - satellite = true; - }; - }; - - remoteBuildClient = true; - - users = { - nathan = { - isSuperuser = true; - extraGroups = [ "networkmanager" ]; - hashedPasswordFile = config.sops.secrets."nathan/pass".path; - shell = pkgs.zsh; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - graphical = true; - - virtual-machines = true; - hyprland.enable = true; - hypridle.enable = true; - wal.enable = true; - mpd.enable = true; - calcurse.enable = true; - rofi.enable = true; - firefox.enable = true; - git.enable = true; - nh.enable = true; - - aurora.enable = true; - }; - -#monitor=eDP-1, addreserved, 40,0,0,0 - wayland.windowManager.hyprland.extraConfig = '' - monitor=eDP-1,1920x1080@60,0x0,1 - bind = CTRL SHIFT, XF86Launch2, exec, bash -c 'if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then pkexec --user root /nix/var/nix/profiles/system/bin/switch-to-configuration switch; else pkexec --user root /nix/var/nix/profiles/system/specialisation/docked/bin/switch-to-configuration switch; fi' - bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi - ''; - - } - ]; - }; - }; - }; - }; - - - services.xserver.videoDrivers = [ "nvidia" ]; - - -# This value determines the NixOS release from which the default -# settings for stateful data, like file locations and database versions -# on your system were taken. It‘s perfectly fine and recommended to leave -# this value at the release version of the first install of this system. -# Before changing this value read the documentation for this option -# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - }; - - }; -} diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix new file mode 100644 index 0000000..17f444e --- /dev/null +++ b/modules/hosts/laptop/configuration.nix @@ -0,0 +1,135 @@ +{ self, inputs, ... }: { + + flake.nixosModules.laptop = { config, pkgs, lib, ... }: + + { + + imports = with self.nixosModules; [ + inputs.home-manager.nixosModules.default + + self.nixosModules.default + aurora-greeter + hyprland + pipewire + steam + avahi + netbird + ]; + + config = { + + nixpkgs.config = { + allowUnfree = true; + }; + +# Bootloader. + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_6_18; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + timeout = null; + }; + }; + + systemd.settings.Manager.DefaultLimitNOFILE = 2048; + + hardware = { + graphics.enable = true; + + firmware = with pkgs; [ + sof-firmware + ]; + +#enable bluetooth + bluetooth.enable = true; + + }; + + programs.partition-manager.enable = true; + services.pulseaudio.enable = false; + + environment.systemPackages = with pkgs; [ + alsa-utils + ]; + +# Enable the X11 windowing system. + services.xserver = { + enable = true; + }; + + services.displayManager.enable = true; + + + environment.shells = with pkgs; [ zsh bashInteractive ]; + +# Enable CUPS to print documents. + services.printing.enable = true; + + programs.adb.enable = true; + + programs.zsh.enable = true; + + networking = { + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + networkmanager = { + enable = true; + dns = "none"; + }; + useDHCP = false; + dhcpcd.enable = false; + }; + + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + + boot.kernelParams = [ "snd-intel-dspcfg.dsp_driver=1" ]; + + hardware = { + nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = true; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + + prime = { +# Make sure to use the correct Bus ID values for your system! + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:1:0:0"; +# WARNING: sync and offload are mutually exclusive. +# You can only pick one!! +#sync.enable = true; + offload = { + enable = true; + enableOffloadCmd = true; + }; + }; + }; + }; + + sops = { + defaultSopsFile = ./secrets.yaml; + secrets = { + remoteBuildKey = {}; + }; + }; + + services.xserver.videoDrivers = [ "nvidia" ]; + +# This value determines the NixOS release from which the default +# settings for stateful data, like file locations and database versions +# on your system were taken. It‘s perfectly fine and recommended to leave +# this value at the release version of the first install of this system. +# Before changing this value read the documentation for this option +# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + }; + + }; +} diff --git a/modules/hosts/laptop/default.nix b/modules/hosts/laptop/default.nix index 2faa0be..89cad64 100644 --- a/modules/hosts/laptop/default.nix +++ b/modules/hosts/laptop/default.nix @@ -1,120 +1,11 @@ { self, inputs, ... }: { + + flake.nixosConfigurations."laptop" = inputs.nixpkgs.lib.nixosSystem { - flake.nixosModules.laptop = { config, pkgs, lib, ... }: - - { - - imports = [ - inputs.home-manager.nixosModules.default - - self.nixosModules.default - - self.nixosModules.aurora-greeter + modules = [ + self.nixosModules.laptop + self.nixosModules.laptop-hardware ]; - - config = { - - nixpkgs.config = { - allowUnfree = true; - }; - -# Bootloader. - boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_6_18; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - timeout = null; - }; - }; - - systemd.settings.Manager.DefaultLimitNOFILE = 2048; - - hardware = { - graphics.enable = true; - - firmware = with pkgs; [ - sof-firmware - ]; - -#enable bluetooth - bluetooth.enable = true; - - }; - - programs.partition-manager.enable = true; - services.pulseaudio.enable = false; - - environment.systemPackages = with pkgs; [ - alsa-utils - ]; - - sysconfig = with lib; { - remoteBuildClient = mkDefault true; - graphical = mkDefault true; - - services = { - sddm.enable = mkDefault true; - openssh.enable = mkDefault false; - pipewire.enable = mkDefault true; - netbird.enable = mkDefault true; - ollama.enable = mkDefault true; - avahi.enable = mkDefault true; - }; - - programs = { - steam.enable = mkDefault true; - hyprland.enable = mkDefault true; - }; - - - containers = { - - wyoming = { - enable = mkDefault false; - }; - }; - - virtual-machines = { - enable = true; - }; - }; - - -# Enable the X11 windowing system. - services.xserver = { - enable = true; - }; - - services.displayManager.enable = true; - - - environment.shells = with pkgs; [ zsh bashInteractive ]; - -# Enable CUPS to print documents. - services.printing.enable = true; - - programs.adb.enable = true; - - programs.zsh.enable = true; - - networking = { - nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - networkmanager = { - enable = true; - dns = "none"; - }; - useDHCP = false; - dhcpcd.enable = false; - }; - - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - }; - }; + } diff --git a/modules/hosts/laptop/hardware-configuration.nix b/modules/hosts/laptop/hardware-configuration.nix index 3892a07..db0bc93 100644 --- a/modules/hosts/laptop/hardware-configuration.nix +++ b/modules/hosts/laptop/hardware-configuration.nix @@ -1,6 +1,6 @@ { ... }: { - flake.nixosModules.laptop = { config, lib, pkgs, modulesPath, ... }: + flake.nixosModules.laptop-hardware = { config, lib, pkgs, modulesPath, ... }: { imports = diff --git a/modules/hosts/live/configuration.nix b/modules/hosts/live/configuration.nix new file mode 100644 index 0000000..9a6d6cb --- /dev/null +++ b/modules/hosts/live/configuration.nix @@ -0,0 +1,60 @@ +{ inputs, ... }: { + + flake.nixosModules.live = { pkgs, ... }: { + + imports = with inputs; [ + + disko.nixosModules.default + + (import ./disko.nix { device = "/dev/mmcblk0"; }) + + sops-nix.nixosModules.sops + + home-manager.nixosModules.default + + ]; + + config = { + + hardware.enableRedistributableFirmware = true; + hardware.enableAllHardware = true; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh bashInteractive ]; + + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + users.users."nathan" = { + hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; + packages = with pkgs; [ + git + nerd-fonts.fira-code + ]; + }; + + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; +#secrets."nathan/pass".neededForUsers = true; + }; + + system.stateVersion = "25.05"; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + }; + }; +} diff --git a/modules/hosts/live/default.nix b/modules/hosts/live/default.nix index 8f31c69..9b8af24 100644 --- a/modules/hosts/live/default.nix +++ b/modules/hosts/live/default.nix @@ -1,123 +1,11 @@ -{ inputs, ... }: { - - flake.nixosModules.live = { pkgs, ... }: { - - imports = with inputs; [ - - disko.nixosModules.default - - (import ./disko.nix { device = "/dev/mmcblk0"; }) - - sops-nix.nixosModules.sops - - home-manager.nixosModules.default +{ self, inputs, ... }: { + + flake.nixosConfigurations."live" = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.live + self.diskoConfigurations.live ]; - - config = { - - hardware.enableRedistributableFirmware = true; - hardware.enableAllHardware = true; - - programs.zsh.enable = true; - - environment.shells = with pkgs; [ zsh bashInteractive ]; - - networking = { - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - - users.users."nathan" = { - hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; - packages = with pkgs; [ - git - nerd-fonts.fira-code - ]; - }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; -#secrets."nathan/pass".neededForUsers = true; - }; - - sysconfig = { -#remoteBuildClient = true; - host = "live"; - graphical = true; - users = { - nathan = { - extraGroups = [ "wheel" "networkmanager" ]; -#hashedPasswordFile = config.sops.secrets."nathan/pass".path; - shell = pkgs.zsh; - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - hyprland.enable = true; - wal.enable = true; - mpd.enable = true; - calcurse.enable = true; - rofi.enable = true; - firefox.enable = true; -#git.enable = true; - nh.enable = true; - aurora.enable = true; - }; - } - ]; - }; - }; - }; - - services = { - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; -#kdePlasma6.enable = true; - netbird.enable = true; -#ollama.enable = true; - }; - - programs = { -#steam.enable = true; - hyprpanel.enable = true; - hyprland.enable = true; - }; - - - virtualization = { - - wyoming = { - enable = false; - }; - - homeassistant = { - enable = false; - }; - }; - }; - - system.stateVersion = "25.05"; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - }; }; + } diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix new file mode 100644 index 0000000..4a22b06 --- /dev/null +++ b/modules/hosts/pi4/configuration.nix @@ -0,0 +1,87 @@ +{ inputs, ... }: { + + flake.nixosModules.pi4 = { config, pkgs, ... }: { + + imports = [ + inputs.disko.nixosModules.default + + inputs.home-manager.nixosModules.default + ]; + + config = { + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + networking = { + hostName = "pi4"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + time.timeZone = "America/Chicago"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + hardware = { + bluetooth.enable = true; + + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh ]; + + users = { + groups.gpio = {}; + }; + + services = { + udev.extraRules = '' + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" + ''; + + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + ''; + }; + + }; + + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + }; + + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + sound.enable = true; + + security.rtkit.enable = true; + + system.stateVersion = "25.05"; + }; + }; +} diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 22a0729..90c104a 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -1,138 +1,12 @@ -{ inputs, ... }: { +{ self, inputs, ... }: { + + flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem { - flake.nixosModules.pi4 = { config, pkgs, ... }: { - - imports = [ - ./hardware-configuration.nix - - inputs.disko.nixosModules.default - - (import ./disko.nix { device1 = "/dev/mmcblk0"; }) - - inputs.home-manager.nixosModules.default - - inputs.sops-nix.nixosModules.sops + modules = [ + self.nixosModules.pi4 + self.nixosModules.pi4-hardware + self.diskoConfigurations.pi4 ]; - - config = { - - sysconfig = { - remoteBuildClient = true; - - users = { - nathan = { - hashedPasswordFile = config.sops.secrets."nathan/pass".path; - shell = pkgs.zsh; - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" - ]; - extraGroups = [ - "wheel" - "networkmanager" - "gpio" - "spi" - "audio" - "pulse" - "pulse-access" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - scripts.enable = false; - minimal = true; - mpd.enable = true; - git.enable = true; - nh.enable = true; - }; - } - ]; - }; - }; - }; - - services = { - openssh.enable = true; -#pipewire.enable = true; - netbird.enable = true; - }; - }; - - boot = { - loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; - - networking = { - hostName = "pi4"; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - hardware = { - bluetooth.enable = true; - - }; - - programs.zsh.enable = true; - - environment.shells = with pkgs; [ zsh ]; - - users = { - groups.gpio = {}; - }; - - services = { - udev.extraRules = '' - SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" - SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" - SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" - ''; - - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - ''; - }; - - }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - }; - - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - sound.enable = true; - - security.rtkit.enable = true; - - system.stateVersion = "25.05"; - }; }; + } diff --git a/modules/hosts/pi4/hardware-configuration.nix b/modules/hosts/pi4/hardware-configuration.nix index 0b6dd91..63e3034 100644 --- a/modules/hosts/pi4/hardware-configuration.nix +++ b/modules/hosts/pi4/hardware-configuration.nix @@ -1,6 +1,6 @@ { ... }: { - flake.nixosModules.pi4 = { config, lib, pkgs, modulesPath, ... }: + flake.nixosModules.pi4-hardware = { config, lib, pkgs, modulesPath, ... }: { imports = diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index c869701..9463186 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -1,10 +1,8 @@ { self, inputs, ... }: { - flake.nixosModules.user-nathan = { config, lib, pkgs, ... }: { + flake.nixosModules.user-nathan = host: { config, lib, pkgs, ... }: { - config = lib.mkIf ( - config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets - ) { + config = { sops.secrets."nathan/pass".neededForUsers = true; @@ -14,14 +12,19 @@ isNormalUser = lib.mkDefault true; #hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; extraGroups = [ "networkmanager" "docker" "libvirtd" ]; - openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable ( - ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts) - ); - packages = lib.mkIf ( - config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone - ) [ pkgs.home-manager ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp" + ]; + packages = lib.mkIf (false) [ pkgs.home-manager ]; }; + wayland.windowManager.hyprland.extraConfig = if host == "laptop" then '' + monitor=eDP-1,1920x1080@60,0x0,1 + bind = CTRL SHIFT, XF86Launch2, exec, bash -c 'if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then pkexec --user root /nix/var/nix/profiles/system/bin/switch-to-configuration switch; else pkexec --user root /nix/var/nix/profiles/system/specialisation/docked/bin/switch-to-configuration switch; fi' + bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi + '' else ''''; }; };