ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2024-11-12 23:57:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use roles properly

Browse source 
Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.
This commit is contained in:
ItsDrike 2024-09-24 11:40:42 +02:00
parent c6c3ecb1e9
commit 00016063fe
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
27 changed files with 375 additions and 610 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
home/packages/cli/desktop.nix
View file

@ -1,26 +1,15 @@
{
osConfig,
lib,
pkgs,
...
}: let
inherit (lib) mkIf;
devType = osConfig.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem devType acceptedTypes) {
home.packages = with pkgs; [
libnotify # send desktop notifications
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
};
{pkgs, ...}: {
# TODO: Only apply this to workstations
home.packages = with pkgs; [
libnotify # send desktop notifications
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
}

11
hosts/default.nix
View file

@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need
shared = [
../system
../system/shared
../home
../options
];
workstationRole = ../system/roles/workstation;
laptopRole = ../system/roles/laptop;
uniRole = ../system/roles/uni;
in {
herugrim = lib.nixosSystem {
system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
]
++ shared;
};
@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
uniRole
]
++ shared;
};

6
hosts/voyager/default.nix
View file

@ -143,11 +143,7 @@
};
device = {
roles = {
type = "laptop";
virtual-machine = false;
isUniMachine = true;
};
roles.virtual-machine = false;
cpu.type = "amd";
gpu.type = "amd";
hasTPM = true;

42
options/device/roles.nix
View file

@ -1,49 +1,11 @@
{
lib,
config,
...
}: let
inherit (lib) mkOption types;
cfg = config.myOptions.device.roles;
{lib, ...}: let
inherit (lib) mkOption;
in {
options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
isUniMachine = mkOption {
type = lib.types.bool;
default = false;
description = ''
Should University specific configuration be applied?
(Things like University specific software, etc.)
'';
};
};
}

12
system/roles/default.nix
View file

@ -1,12 +0,0 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop
./uni
];
}

29
system/roles/laptop/power/acpi.nix
View file

@ -1,27 +1,20 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
}: {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [acpi];
environment.systemPackages = with pkgs; [acpi];
# handle ACPI events
services.acpid.enable = true;
# handle ACPI events
services.acpid.enable = true;
boot = {
kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
boot = {
kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
}

13
system/roles/laptop/power/default.nix
View file

@ -1,13 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
{pkgs, ...}: {
imports = [
./power-profiles-daemon
./upower.nix
@ -15,7 +6,7 @@ in {
./systemd.nix
];
config = mkIf (builtins.elem deviceType acceptedTypes) {
config = {
environment.systemPackages = with pkgs; [powertop];
};
}

54
system/roles/laptop/power/power-profiles-daemon/default.nix
View file

@ -1,43 +1,37 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# allows changing system behavior based upon user-selected power profiles
# (with `powerprofilesctl` command)
services.power-profiles-daemon.enable = true;
# allows changing system behavior based upon user-selected power profiles
# (with `powerprofilesctl` command)
services.power-profiles-daemon.enable = true;
# Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let
dependencies = with pkgs; [
coreutils
gnugrep
power-profiles-daemon
inotify-tools
jaq
];
in {
description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh;
# Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let
dependencies = with pkgs; [
coreutils
gnugrep
power-profiles-daemon
inotify-tools
jaq
];
in {
description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh;
serviceConfig = {
Type = "simple";
Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
serviceConfig = {
Type = "simple";
Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
};
}

27
system/roles/laptop/power/upower.nix
View file

@ -1,23 +1,12 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
};
}

42
system/roles/laptop/touchpad.nix
View file

@ -1,32 +1,22 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.libinput = {
# enable libinput
enable = true;
services.libinput = {
# enable libinput
enable = true;
# disable mouse acceleration
mouse = {
accelProfile = "flat";
accelSpeed = "0";
middleEmulation = false;
};
# disable mouse acceleration
mouse = {
accelProfile = "flat";
accelSpeed = "0";
middleEmulation = false;
};
# touchpad settings
touchpad = {
naturalScrolling = false; # I'm not natural
tapping = true;
clickMethod = "clickfinger";
horizontalScrolling = true;
disableWhileTyping = true;
};
# touchpad settings
touchpad = {
naturalScrolling = false; # I'm not natural
tapping = true;
clickMethod = "clickfinger";
horizontalScrolling = true;
disableWhileTyping = true;
};
};
}

14
system/roles/uni/android.nix
View file

@ -1,13 +1,3 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (config.myOptions.device.roles) isUniMachine;
in {
config = mkIf isUniMachine {
environment.systemPackages = [pkgs.android-studio];
};
{pkgs, ...}: {
environment.systemPackages = [pkgs.android-studio];
}

55
system/roles/workstation/display/login/greetd.nix
View file

@ -4,12 +4,9 @@
lib,
...
}: let
inherit (lib) mkIf getExe;
inherit (lib) getExe;
inherit (lib.strings) concatStringsSep;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,33 +43,31 @@
];
};
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.greetd = {
enable = true;
vt = 1;
services.greetd = {
enable = true;
vt = 1;
# <https://man.sr.ht/~kennylevinsen/greetd/>
settings = {
# default session is what will be used if no session is selected
# in this case it'll be a TUI greeter
default_session = defaultSession;
};
# <https://man.sr.ht/~kennylevinsen/greetd/>
settings = {
# default session is what will be used if no session is selected
# in this case it'll be a TUI greeter
default_session = defaultSession;
};
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
};
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
}

48
system/roles/workstation/display/login/pam.nix
View file

@ -1,35 +1,25 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# unlock GPG keyring on login
security.pam.services = let
gnupg = {
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
# unlock GPG keyring on login
security.pam.services = let
gnupg = {
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = {
enableGnomeKeyring = true;
inherit gnupg;
};
tuigreet = {
enableGnomeKeyring = true;
inherit gnupg;
};
tuigreet = {
enableGnomeKeyring = true;
inherit gnupg;
};
};
}

213
system/roles/workstation/fonts.nix
View file

@ -1,120 +1,109 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
{pkgs, ...}: {
fonts = {
enableDefaultPackages = false;
fontconfig = {
defaultFonts = let
common = [
"Iosevka Nerd Font"
"Symbols Nerd Font"
fontconfig = {
defaultFonts = let
common = [
"Iosevka Nerd Font"
"Symbols Nerd Font"
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
]
++ common;
};
]
++ common;
};
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
};
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
};
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
];
}

32
system/roles/workstation/programs/misc.nix
View file

@ -1,28 +1,18 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage
bandwhich.enable = true;
# show network usage
bandwhich.enable = true;
# network inspection utility
wireshark.enable = true;
# network inspection utility
wireshark.enable = true;
# gnome's keyring manager
seahorse.enable = true;
# gnome's keyring manager
seahorse.enable = true;
# registry for linux (thanks to Gnome)
dconf.enable = true;
};
# registry for linux (thanks to Gnome)
dconf.enable = true;
};
}

34
system/roles/workstation/programs/physlock.nix
View file

@ -1,27 +1,17 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# I only use physlock manually in some circumstances
lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password
hibernate = true;
};
# I only use physlock manually in some circumstances
lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password
hibernate = true;
};
};
}

4
system/roles/workstation/programs/steam.nix
View file

@ -5,10 +5,8 @@
}: let
inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.steam = {
enable = true;
remotePlay.openFirewall = false;

55
system/roles/workstation/programs/thunar.nix
View file

@ -1,36 +1,25 @@
{
lib,
pkgs,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
{pkgs, ...}: {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-media-tags-plugin
];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-media-tags-plugin
];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
}

4
system/roles/workstation/programs/virtualbox.nix
View file

@ -6,10 +6,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
virtualisation.virtualbox.host = {
enable = true;

4
system/roles/workstation/programs/wireshark.nix
View file

@ -7,10 +7,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.wireshark = {
enable = true;
package = pkgs.wireshark;

90
system/roles/workstation/runners.nix
View file

@ -1,57 +1,49 @@
{
config,
pkgs,
lib,
...
}: let
inherit (lib) mkIf;
}: {
environment.systemPackages = [pkgs.appimage-run];
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
environment.systemPackages = [pkgs.appimage-run];
# run appimages with appimage-run
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run appimages with appimage-run
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run unpatched linux binaries with nix-ld
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
openssl
curl
glib
util-linux
glibc
icu
libunwind
libuuid
zlib
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
# run unpatched linux binaries with nix-ld
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
openssl
curl
glib
util-linux
glibc
icu
libunwind
libuuid
zlib
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
}

49
system/roles/workstation/services/earlyoom.nix
View file

@ -1,33 +1,22 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
{pkgs, ...}: {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
# we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
}

31
system/roles/workstation/services/gnome-keyring.nix
View file

@ -1,25 +1,14 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
{pkgs, ...}: {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
# seahorse is an application for managing encryption keys
# and passwords in the gnome keyring
programs.seahorse.enable = true;
# seahorse is an application for managing encryption keys
# and passwords in the gnome keyring
programs.seahorse.enable = true;
xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
}

28
system/roles/workstation/services/logind.nix
View file

@ -1,22 +1,12 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
}

21
system/roles/workstation/services/misc.nix
View file

@ -1,20 +1,9 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf;
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
}

24
system/roles/workstation/services/mount.nix
View file

@ -1,20 +1,10 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
{config, ...}: {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
}

4
system/roles/workstation/services/printing.nix
View file

@ -5,13 +5,11 @@
...
}: let
inherit (lib) mkIf optional;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username;
in {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
config = mkIf cfg.enable {
# enable cups and add some drivers for common printers
services = {
printing = {