diff --git a/home/packages/cli/desktop.nix b/home/packages/cli/desktop.nix
index 6c44aba..e129e43 100644
--- a/home/packages/cli/desktop.nix
+++ b/home/packages/cli/desktop.nix
@@ -1,26 +1,15 @@
-{
- osConfig,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkIf;
-
- devType = osConfig.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem devType acceptedTypes) {
- home.packages = with pkgs; [
- libnotify # send desktop notifications
- imagemagick # create/edit images
- trash-cli # interface to freedesktop trashcan
- bitwarden-cli # pw manager
- slides # terminal based presentation tool
- brightnessctl # brightness control
- pulsemixer # manage audio (TUI)
- nix-tree # interactively browse nix store
- glow # render markdown
- ffmpeg # record, convert and stream audio and video
- ];
- };
+{pkgs, ...}: {
+ # TODO: Only apply this to workstations
+ home.packages = with pkgs; [
+ libnotify # send desktop notifications
+ imagemagick # create/edit images
+ trash-cli # interface to freedesktop trashcan
+ bitwarden-cli # pw manager
+ slides # terminal based presentation tool
+ brightnessctl # brightness control
+ pulsemixer # manage audio (TUI)
+ nix-tree # interactively browse nix store
+ glow # render markdown
+ ffmpeg # record, convert and stream audio and video
+ ];
}
diff --git a/hosts/default.nix b/hosts/default.nix
index ae296c6..741df93 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need
shared = [
- ../system
+ ../system/shared
../home
../options
];
+
+ workstationRole = ../system/roles/workstation;
+ laptopRole = ../system/roles/laptop;
+ uniRole = ../system/roles/uni;
in {
herugrim = lib.nixosSystem {
system = "x86_64-linux";
@@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
+ workstationRole
+ laptopRole
]
++ shared;
};
@@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
+ workstationRole
+ laptopRole
+ uniRole
]
++ shared;
};
diff --git a/hosts/voyager/default.nix b/hosts/voyager/default.nix
index 10f6cf0..a4de64a 100644
--- a/hosts/voyager/default.nix
+++ b/hosts/voyager/default.nix
@@ -143,11 +143,7 @@
};
device = {
- roles = {
- type = "laptop";
- virtual-machine = false;
- isUniMachine = true;
- };
+ roles.virtual-machine = false;
cpu.type = "amd";
gpu.type = "amd";
hasTPM = true;
diff --git a/options/device/roles.nix b/options/device/roles.nix
index 992c54c..305f9b0 100644
--- a/options/device/roles.nix
+++ b/options/device/roles.nix
@@ -1,49 +1,11 @@
-{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkOption types;
-
- cfg = config.myOptions.device.roles;
+{lib, ...}: let
+ inherit (lib) mkOption;
in {
options.myOptions.device.roles = {
- type = mkOption {
- type = types.enum ["laptop" "desktop" "server"];
- default = "";
- description = ''
- The type/purpoes of the device that will be used within the rest of the configuration.
- - laptop: portable devices with battery optimizations
- - desktop: stationary devices configured for maximum performance
- - server: server and infrastructure
- '';
- };
-
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
-
- isWorkstation = mkOption {
- type = lib.types.bool;
- default = builtins.elem cfg.type ["laptop" "desktop"];
- readOnly = true;
- description = ''
- Is this machine a workstation?
-
- Workstation machines are meant for regular day-to-day use.
- '';
- };
-
- isUniMachine = mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Should University specific configuration be applied?
-
- (Things like University specific software, etc.)
- '';
- };
};
}
diff --git a/system/roles/default.nix b/system/roles/default.nix
deleted file mode 100644
index 3b6c8c2..0000000
--- a/system/roles/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- # We import all of the roles here, with the type checks being handled
- # in the individual files each time. This is a bit ugly, but necessary
- # as NixOS doesn't support optional imports, due to circual imports
- # (there might be a change of the config value inside one of the
- # imported files).
- imports = [
- ./workstation
- ./laptop
- ./uni
- ];
-}
diff --git a/system/roles/laptop/power/acpi.nix b/system/roles/laptop/power/acpi.nix
index c4924bc..a8acfde 100644
--- a/system/roles/laptop/power/acpi.nix
+++ b/system/roles/laptop/power/acpi.nix
@@ -1,27 +1,20 @@
{
pkgs,
- lib,
config,
...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- hardware.acpilight.enable = true;
+}: {
+ hardware.acpilight.enable = true;
- environment.systemPackages = with pkgs; [acpi];
+ environment.systemPackages = with pkgs; [acpi];
- # handle ACPI events
- services.acpid.enable = true;
+ # handle ACPI events
+ services.acpid.enable = true;
- boot = {
- kernelModules = ["acpi_call"];
- extraModulePackages = with config.boot.kernelPackages; [
- acpi_call
- cpupower
- ];
- };
+ boot = {
+ kernelModules = ["acpi_call"];
+ extraModulePackages = with config.boot.kernelPackages; [
+ acpi_call
+ cpupower
+ ];
};
}
diff --git a/system/roles/laptop/power/default.nix b/system/roles/laptop/power/default.nix
index 7f96826..2f2cd48 100644
--- a/system/roles/laptop/power/default.nix
+++ b/system/roles/laptop/power/default.nix
@@ -1,13 +1,4 @@
-{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop"];
-in {
+{pkgs, ...}: {
imports = [
./power-profiles-daemon
./upower.nix
@@ -15,7 +6,7 @@ in {
./systemd.nix
];
- config = mkIf (builtins.elem deviceType acceptedTypes) {
+ config = {
environment.systemPackages = with pkgs; [powertop];
};
}
diff --git a/system/roles/laptop/power/power-profiles-daemon/default.nix b/system/roles/laptop/power/power-profiles-daemon/default.nix
index bc74e65..84cc7c9 100644
--- a/system/roles/laptop/power/power-profiles-daemon/default.nix
+++ b/system/roles/laptop/power/power-profiles-daemon/default.nix
@@ -1,43 +1,37 @@
{
pkgs,
lib,
- config,
...
}: let
- inherit (lib) mkIf;
inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop"];
in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # allows changing system behavior based upon user-selected power profiles
- # (with `powerprofilesctl` command)
- services.power-profiles-daemon.enable = true;
+ # allows changing system behavior based upon user-selected power profiles
+ # (with `powerprofilesctl` command)
+ services.power-profiles-daemon.enable = true;
- # Power state monitor. Switches power profiles based on charging state.
- # Plugged in - performance (if available, falls back to balance)
- # Unplugged - balanced, until below 50%, then power-saver
- systemd.services."power-monitor" = let
- dependencies = with pkgs; [
- coreutils
- gnugrep
- power-profiles-daemon
- inotify-tools
- jaq
- ];
- in {
- description = "Power Monitoring Service";
- environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
- script = builtins.readFile ./power_monitor.sh;
+ # Power state monitor. Switches power profiles based on charging state.
+ # Plugged in - performance (if available, falls back to balance)
+ # Unplugged - balanced, until below 50%, then power-saver
+ systemd.services."power-monitor" = let
+ dependencies = with pkgs; [
+ coreutils
+ gnugrep
+ power-profiles-daemon
+ inotify-tools
+ jaq
+ ];
+ in {
+ description = "Power Monitoring Service";
+ environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
+ script = builtins.readFile ./power_monitor.sh;
- serviceConfig = {
- Type = "simple";
- Restart = "on-failure";
- };
-
- wants = ["power-profiles-daemon.service"];
- wantedBy = ["default.target"];
+ serviceConfig = {
+ Type = "simple";
+ Restart = "on-failure";
};
+
+ wants = ["power-profiles-daemon.service"];
+ wantedBy = ["default.target"];
};
}
diff --git a/system/roles/laptop/power/upower.nix b/system/roles/laptop/power/upower.nix
index 0f0c1d5..5db061e 100644
--- a/system/roles/laptop/power/upower.nix
+++ b/system/roles/laptop/power/upower.nix
@@ -1,23 +1,12 @@
{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services = {
- # DBus service that provides power management support to applications
- upower = {
- enable = true;
- percentageLow = 15;
- percentageCritical = 5;
- percentageAction = 3;
- criticalPowerAction = "Hibernate";
- };
+ services = {
+ # DBus service that provides power management support to applications
+ upower = {
+ enable = true;
+ percentageLow = 15;
+ percentageCritical = 5;
+ percentageAction = 3;
+ criticalPowerAction = "Hibernate";
};
};
}
diff --git a/system/roles/laptop/touchpad.nix b/system/roles/laptop/touchpad.nix
index 9bb8a99..8a08cd7 100644
--- a/system/roles/laptop/touchpad.nix
+++ b/system/roles/laptop/touchpad.nix
@@ -1,32 +1,22 @@
{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services.libinput = {
- # enable libinput
- enable = true;
+ services.libinput = {
+ # enable libinput
+ enable = true;
- # disable mouse acceleration
- mouse = {
- accelProfile = "flat";
- accelSpeed = "0";
- middleEmulation = false;
- };
+ # disable mouse acceleration
+ mouse = {
+ accelProfile = "flat";
+ accelSpeed = "0";
+ middleEmulation = false;
+ };
- # touchpad settings
- touchpad = {
- naturalScrolling = false; # I'm not natural
- tapping = true;
- clickMethod = "clickfinger";
- horizontalScrolling = true;
- disableWhileTyping = true;
- };
+ # touchpad settings
+ touchpad = {
+ naturalScrolling = false; # I'm not natural
+ tapping = true;
+ clickMethod = "clickfinger";
+ horizontalScrolling = true;
+ disableWhileTyping = true;
};
};
}
diff --git a/system/roles/uni/android.nix b/system/roles/uni/android.nix
index 9dfb60e..58a1ca5 100644
--- a/system/roles/uni/android.nix
+++ b/system/roles/uni/android.nix
@@ -1,13 +1,3 @@
-{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- inherit (config.myOptions.device.roles) isUniMachine;
-in {
- config = mkIf isUniMachine {
- environment.systemPackages = [pkgs.android-studio];
- };
+{pkgs, ...}: {
+ environment.systemPackages = [pkgs.android-studio];
}
diff --git a/system/roles/workstation/display/login/greetd.nix b/system/roles/workstation/display/login/greetd.nix
index 22d9157..fbb8168 100644
--- a/system/roles/workstation/display/login/greetd.nix
+++ b/system/roles/workstation/display/login/greetd.nix
@@ -4,12 +4,9 @@
lib,
...
}: let
- inherit (lib) mkIf getExe;
+ inherit (lib) getExe;
inherit (lib.strings) concatStringsSep;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-
greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@@ -46,33 +43,31 @@
];
};
in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services.greetd = {
- enable = true;
- vt = 1;
+ services.greetd = {
+ enable = true;
+ vt = 1;
- #
- settings = {
- # default session is what will be used if no session is selected
- # in this case it'll be a TUI greeter
- default_session = defaultSession;
- };
+ #
+ settings = {
+ # default session is what will be used if no session is selected
+ # in this case it'll be a TUI greeter
+ default_session = defaultSession;
};
-
- # Suppress error messages on tuigreet. They sometimes obscure the TUI
- # boundaries of the greeter.
- # See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
- systemd.services.greetd.serviceConfig = {
- Type = "idle";
- StandardInput = "tty";
- StandardOutput = "tty";
- StandardError = "journal";
- TTYReset = true;
- TTYVHangup = true;
- TTYVTDisallocate = true;
- };
-
- # Persist info about previous session & user
- myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
};
+
+ # Suppress error messages on tuigreet. They sometimes obscure the TUI
+ # boundaries of the greeter.
+ # See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
+ systemd.services.greetd.serviceConfig = {
+ Type = "idle";
+ StandardInput = "tty";
+ StandardOutput = "tty";
+ StandardError = "journal";
+ TTYReset = true;
+ TTYVHangup = true;
+ TTYVTDisallocate = true;
+ };
+
+ # Persist info about previous session & user
+ myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
}
diff --git a/system/roles/workstation/display/login/pam.nix b/system/roles/workstation/display/login/pam.nix
index 16b4e77..7395b51 100644
--- a/system/roles/workstation/display/login/pam.nix
+++ b/system/roles/workstation/display/login/pam.nix
@@ -1,35 +1,25 @@
{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # unlock GPG keyring on login
- security.pam.services = let
- gnupg = {
- enable = true;
- noAutostart = true;
- storeOnly = true;
- };
- in {
- login = {
- enableGnomeKeyring = true;
- inherit gnupg;
- };
+ # unlock GPG keyring on login
+ security.pam.services = let
+ gnupg = {
+ enable = true;
+ noAutostart = true;
+ storeOnly = true;
+ };
+ in {
+ login = {
+ enableGnomeKeyring = true;
+ inherit gnupg;
+ };
- greetd = {
- enableGnomeKeyring = true;
- inherit gnupg;
- };
+ greetd = {
+ enableGnomeKeyring = true;
+ inherit gnupg;
+ };
- tuigreet = {
- enableGnomeKeyring = true;
- inherit gnupg;
- };
+ tuigreet = {
+ enableGnomeKeyring = true;
+ inherit gnupg;
};
};
}
diff --git a/system/roles/workstation/fonts.nix b/system/roles/workstation/fonts.nix
index 395a27b..4d41250 100644
--- a/system/roles/workstation/fonts.nix
+++ b/system/roles/workstation/fonts.nix
@@ -1,120 +1,109 @@
-{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- fonts = {
- enableDefaultPackages = false;
+{pkgs, ...}: {
+ fonts = {
+ enableDefaultPackages = false;
- fontconfig = {
- defaultFonts = let
- common = [
- "Iosevka Nerd Font"
- "Symbols Nerd Font"
+ fontconfig = {
+ defaultFonts = let
+ common = [
+ "Iosevka Nerd Font"
+ "Symbols Nerd Font"
+ "Noto Color Emoji"
+ ];
+ in {
+ monospace =
+ [
+ "Monaspace Krypton"
+ "Source Code Pro Medium"
+ "Source Han Mono"
+ ]
+ ++ common;
+
+ sansSerif =
+ [
+ "Noto Sans"
+ "Jost"
+ "Lexend"
+ ]
+ ++ common;
+
+ serif =
+ [
+ "Noto Serif"
+ ]
+ ++ common;
+
+ emoji =
+ [
"Noto Color Emoji"
- ];
- in {
- monospace =
- [
- "Monaspace Krypton"
- "Source Code Pro Medium"
- "Source Han Mono"
- ]
- ++ common;
-
- sansSerif =
- [
- "Noto Sans"
- "Jost"
- "Lexend"
- ]
- ++ common;
-
- serif =
- [
- "Noto Serif"
- ]
- ++ common;
-
- emoji =
- [
- "Noto Color Emoji"
- ]
- ++ common;
- };
+ ]
+ ++ common;
};
-
- fontDir = {
- enable = true;
- decompressFonts = true;
- };
-
- packages = with pkgs; [
- # programming fonts
- sarasa-gothic
- source-code-pro
- monaspace
-
- # desktop fonts
- corefonts # MS fonts
- b612 # high legibility
- material-icons
- material-design-icons
- roboto
- work-sans
- comic-neue
- source-sans
- inter
- lato
- lexend
- jost
- dejavu_fonts
- noto-fonts
- noto-fonts-cjk
-
- # emojis
- noto-fonts-color-emoji
- twemoji-color-font
- openmoji-color
- openmoji-black
- font-awesome
- material-symbols
-
- # defaults worth keeping
- dejavu_fonts
- freefont_ttf
- gyre-fonts
- liberation_ttf
- unifont
-
- # specific nerd fonts only
- # (installing all nerd fonts is slow and takes gigabytes)
- # see:
- # for all available fonts
- (nerdfonts.override {
- fonts = [
- "JetBrainsMono"
- "Iosevka"
- "NerdFontsSymbolsOnly"
- "FiraCode"
- "FiraMono"
- "Hack"
- "HeavyData"
- "Gohu"
- ];
- })
- ];
};
- environment.systemPackages = with pkgs; [
- # Tool for searching and previewing installed fonts
- font-manager
+ fontDir = {
+ enable = true;
+ decompressFonts = true;
+ };
+
+ packages = with pkgs; [
+ # programming fonts
+ sarasa-gothic
+ source-code-pro
+ monaspace
+
+ # desktop fonts
+ corefonts # MS fonts
+ b612 # high legibility
+ material-icons
+ material-design-icons
+ roboto
+ work-sans
+ comic-neue
+ source-sans
+ inter
+ lato
+ lexend
+ jost
+ dejavu_fonts
+ noto-fonts
+ noto-fonts-cjk
+
+ # emojis
+ noto-fonts-color-emoji
+ twemoji-color-font
+ openmoji-color
+ openmoji-black
+ font-awesome
+ material-symbols
+
+ # defaults worth keeping
+ dejavu_fonts
+ freefont_ttf
+ gyre-fonts
+ liberation_ttf
+ unifont
+
+ # specific nerd fonts only
+ # (installing all nerd fonts is slow and takes gigabytes)
+ # see:
+ # for all available fonts
+ (nerdfonts.override {
+ fonts = [
+ "JetBrainsMono"
+ "Iosevka"
+ "NerdFontsSymbolsOnly"
+ "FiraCode"
+ "FiraMono"
+ "Hack"
+ "HeavyData"
+ "Gohu"
+ ];
+ })
];
};
+
+ environment.systemPackages = with pkgs; [
+ # Tool for searching and previewing installed fonts
+ font-manager
+ ];
}
diff --git a/system/roles/workstation/programs/misc.nix b/system/roles/workstation/programs/misc.nix
index 2348696..b29a85b 100644
--- a/system/roles/workstation/programs/misc.nix
+++ b/system/roles/workstation/programs/misc.nix
@@ -1,28 +1,18 @@
{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- programs = {
- # allow non-root users to mount fuse filesystems with allow_other
- fuse.userAllowOther = true;
+ programs = {
+ # allow non-root users to mount fuse filesystems with allow_other
+ fuse.userAllowOther = true;
- # show network usage
- bandwhich.enable = true;
+ # show network usage
+ bandwhich.enable = true;
- # network inspection utility
- wireshark.enable = true;
+ # network inspection utility
+ wireshark.enable = true;
- # gnome's keyring manager
- seahorse.enable = true;
+ # gnome's keyring manager
+ seahorse.enable = true;
- # registry for linux (thanks to Gnome)
- dconf.enable = true;
- };
+ # registry for linux (thanks to Gnome)
+ dconf.enable = true;
};
}
diff --git a/system/roles/workstation/programs/physlock.nix b/system/roles/workstation/programs/physlock.nix
index a853a18..0972f05 100644
--- a/system/roles/workstation/programs/physlock.nix
+++ b/system/roles/workstation/programs/physlock.nix
@@ -1,27 +1,17 @@
{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # Screen locker which works across all virtual terminals
- # Use `systemctl start physlock` to securely lock the screen
- services.physlock = {
- enable = true;
- lockMessage = "System is locked...";
+ # Screen locker which works across all virtual terminals
+ # Use `systemctl start physlock` to securely lock the screen
+ services.physlock = {
+ enable = true;
+ lockMessage = "System is locked...";
- # I only use physlock manually in some circumstances
- lockOn = {
- # Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
- suspend = false;
- # Do use physlock on resuming from hibernation though, as this just restored RAM,
- # potentially bypassing the login screen and even initial disk encryption password
- hibernate = true;
- };
+ # I only use physlock manually in some circumstances
+ lockOn = {
+ # Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
+ suspend = false;
+ # Do use physlock on resuming from hibernation though, as this just restored RAM,
+ # potentially bypassing the login screen and even initial disk encryption password
+ hibernate = true;
};
};
}
diff --git a/system/roles/workstation/programs/steam.nix b/system/roles/workstation/programs/steam.nix
index c976970..658879c 100644
--- a/system/roles/workstation/programs/steam.nix
+++ b/system/roles/workstation/programs/steam.nix
@@ -5,10 +5,8 @@
}: let
inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
in {
- config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+ config = mkIf cfg.enable {
programs.steam = {
enable = true;
remotePlay.openFirewall = false;
diff --git a/system/roles/workstation/programs/thunar.nix b/system/roles/workstation/programs/thunar.nix
index 820df05..6209711 100644
--- a/system/roles/workstation/programs/thunar.nix
+++ b/system/roles/workstation/programs/thunar.nix
@@ -1,36 +1,25 @@
-{
- lib,
- pkgs,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # Unconditionally enable thunar file manager here as a relatively
- # lightweight fallback option for my default file manager.
- programs.thunar = {
- enable = true;
+{pkgs, ...}: {
+ # Unconditionally enable thunar file manager here as a relatively
+ # lightweight fallback option for my default file manager.
+ programs.thunar = {
+ enable = true;
- plugins = with pkgs.xfce; [
- thunar-archive-plugin
- thunar-media-tags-plugin
- ];
- };
-
- environment = {
- systemPackages = with pkgs; [
- # packages necessery for thunar thumbnails
- xfce.tumbler
- libgsf # odf files
- ffmpegthumbnailer
- ark # GUI archiver for thunar archive plugin
- ];
- };
-
- # thumbnail support on thunar
- services.tumbler.enable = true;
+ plugins = with pkgs.xfce; [
+ thunar-archive-plugin
+ thunar-media-tags-plugin
+ ];
};
+
+ environment = {
+ systemPackages = with pkgs; [
+ # packages necessery for thunar thumbnails
+ xfce.tumbler
+ libgsf # odf files
+ ffmpegthumbnailer
+ ark # GUI archiver for thunar archive plugin
+ ];
+ };
+
+ # thumbnail support on thunar
+ services.tumbler.enable = true;
}
diff --git a/system/roles/workstation/programs/virtualbox.nix b/system/roles/workstation/programs/virtualbox.nix
index d764732..960127f 100644
--- a/system/roles/workstation/programs/virtualbox.nix
+++ b/system/roles/workstation/programs/virtualbox.nix
@@ -6,10 +6,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
in {
- config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+ config = mkIf cfg.enable {
virtualisation.virtualbox.host = {
enable = true;
diff --git a/system/roles/workstation/programs/wireshark.nix b/system/roles/workstation/programs/wireshark.nix
index d3978c9..5a15f56 100644
--- a/system/roles/workstation/programs/wireshark.nix
+++ b/system/roles/workstation/programs/wireshark.nix
@@ -7,10 +7,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
in {
- config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+ config = mkIf cfg.enable {
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
diff --git a/system/roles/workstation/runners.nix b/system/roles/workstation/runners.nix
index f1fec0e..3ab2863 100644
--- a/system/roles/workstation/runners.nix
+++ b/system/roles/workstation/runners.nix
@@ -1,57 +1,49 @@
{
- config,
pkgs,
lib,
...
-}: let
- inherit (lib) mkIf;
+}: {
+ environment.systemPackages = [pkgs.appimage-run];
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- environment.systemPackages = [pkgs.appimage-run];
+ # run appimages with appimage-run
+ boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
+ wrapInterpreterInShell = false;
+ interpreter = "${pkgs.appimage-run}/bin/appimage-run";
+ recognitionType = "magic";
+ offset = 0;
+ mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
+ magicOrExtension = "\\x7fELF....AI\\x02";
+ });
- # run appimages with appimage-run
- boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
- wrapInterpreterInShell = false;
- interpreter = "${pkgs.appimage-run}/bin/appimage-run";
- recognitionType = "magic";
- offset = 0;
- mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
- magicOrExtension = "\\x7fELF....AI\\x02";
- });
-
- # run unpatched linux binaries with nix-ld
- programs.nix-ld = {
- enable = true;
- libraries = with pkgs; [
- stdenv.cc.cc
- openssl
- curl
- glib
- util-linux
- glibc
- icu
- libunwind
- libuuid
- zlib
- libsecret
- # graphical
- freetype
- libglvnd
- libnotify
- SDL2
- vulkan-loader
- gdk-pixbuf
- xorg.libX11
- ];
- };
-
- # Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
- # instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
- # symlink there for compatibility.
- # - For example the rye installed python binaries look there
- environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
+ # run unpatched linux binaries with nix-ld
+ programs.nix-ld = {
+ enable = true;
+ libraries = with pkgs; [
+ stdenv.cc.cc
+ openssl
+ curl
+ glib
+ util-linux
+ glibc
+ icu
+ libunwind
+ libuuid
+ zlib
+ libsecret
+ # graphical
+ freetype
+ libglvnd
+ libnotify
+ SDL2
+ vulkan-loader
+ gdk-pixbuf
+ xorg.libX11
+ ];
};
+
+ # Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
+ # instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
+ # symlink there for compatibility.
+ # - For example the rye installed python binaries look there
+ environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
}
diff --git a/system/roles/workstation/services/earlyoom.nix b/system/roles/workstation/services/earlyoom.nix
index 8972be7..d934c3f 100644
--- a/system/roles/workstation/services/earlyoom.nix
+++ b/system/roles/workstation/services/earlyoom.nix
@@ -1,33 +1,22 @@
-{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
- # avoid the linux kernel locking itself when we're putting too much strain on the memory
- # this helps avoid having to shut down forcefully when we OOM
- services.earlyoom = {
- enable = true;
- enableNotifications = true; # annoying, but we want to know what's killed
- freeSwapThreshold = 2;
- freeMemThreshold = 2;
- extraArgs = [
- "-g" # kill all processes within a process group
- "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
- "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
- ];
+{pkgs, ...}: {
+ # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
+ # avoid the linux kernel locking itself when we're putting too much strain on the memory
+ # this helps avoid having to shut down forcefully when we OOM
+ services.earlyoom = {
+ enable = true;
+ enableNotifications = true; # annoying, but we want to know what's killed
+ freeSwapThreshold = 2;
+ freeMemThreshold = 2;
+ extraArgs = [
+ "-g" # kill all processes within a process group
+ "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
+ "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
+ ];
- # we should ideally write the logs into a designated log file; or even better, to the journal
- # for now we can hope this echo sends the log to somewhere we can observe later
- killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
- echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
- '';
- };
+ # we should ideally write the logs into a designated log file; or even better, to the journal
+ # for now we can hope this echo sends the log to somewhere we can observe later
+ killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
+ echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
+ '';
};
}
diff --git a/system/roles/workstation/services/gnome-keyring.nix b/system/roles/workstation/services/gnome-keyring.nix
index 4d7a6a5..e2cb6f1 100644
--- a/system/roles/workstation/services/gnome-keyring.nix
+++ b/system/roles/workstation/services/gnome-keyring.nix
@@ -1,25 +1,14 @@
-{
- pkgs,
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services = {
- udev.packages = with pkgs; [gnome.gnome-settings-daemon];
- gnome.gnome-keyring.enable = true;
- };
+{pkgs, ...}: {
+ services = {
+ udev.packages = with pkgs; [gnome.gnome-settings-daemon];
+ gnome.gnome-keyring.enable = true;
+ };
- # seahorse is an application for managing encryption keys
- # and passwords in the gnome keyring
- programs.seahorse.enable = true;
+ # seahorse is an application for managing encryption keys
+ # and passwords in the gnome keyring
+ programs.seahorse.enable = true;
- xdg.portal.config.common = {
- "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
- };
+ xdg.portal.config.common = {
+ "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
}
diff --git a/system/roles/workstation/services/logind.nix b/system/roles/workstation/services/logind.nix
index 28a598b..54e36a4 100644
--- a/system/roles/workstation/services/logind.nix
+++ b/system/roles/workstation/services/logind.nix
@@ -1,22 +1,12 @@
{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- # despite being under logind, this has nothing to do with login
- # it's about power management
- services.logind = {
- lidSwitch = "suspend";
- lidSwitchExternalPower = "suspend";
- extraConfig = ''
- HandlePowerKey=suspend
- HibernateDelaySec=3600
- '';
- };
+ # despite being under logind, this has nothing to do with login
+ # it's about power management
+ services.logind = {
+ lidSwitch = "suspend";
+ lidSwitchExternalPower = "suspend";
+ extraConfig = ''
+ HandlePowerKey=suspend
+ HibernateDelaySec=3600
+ '';
};
}
diff --git a/system/roles/workstation/services/misc.nix b/system/roles/workstation/services/misc.nix
index 99d263e..0955c00 100644
--- a/system/roles/workstation/services/misc.nix
+++ b/system/roles/workstation/services/misc.nix
@@ -1,20 +1,9 @@
{
- config,
- lib,
- ...
-}: let
- inherit (lib) mkIf;
+ services = {
+ # enable GVfs - a userspace virtual filesystem
+ gvfs.enable = true;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services = {
- # enable GVfs - a userspace virtual filesystem
- gvfs.enable = true;
-
- # storage daemon required for udiskie auto-mount
- udisks2.enable = true;
- };
+ # storage daemon required for udiskie auto-mount
+ udisks2.enable = true;
};
}
diff --git a/system/roles/workstation/services/mount.nix b/system/roles/workstation/services/mount.nix
index 0f77780..8ad1400 100644
--- a/system/roles/workstation/services/mount.nix
+++ b/system/roles/workstation/services/mount.nix
@@ -1,20 +1,10 @@
-{
- lib,
- config,
- ...
-}: let
- inherit (lib) mkIf;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
-in {
- config = mkIf (builtins.elem deviceType acceptedTypes) {
- services = {
- # enable GVfs, a userspace virtual filesystem
- # (allows viewing ftp,sftp,... directly from the file manager)
- gvfs.enable = true;
+{config, ...}: {
+ services = {
+ # enable GVfs, a userspace virtual filesystem
+ # (allows viewing ftp,sftp,... directly from the file manager)
+ gvfs.enable = true;
- # Storage daemon required for udiskie auto-mount
- udisks2.enable = !config.boot.isContainer;
- };
+ # Storage daemon required for udiskie auto-mount
+ udisks2.enable = !config.boot.isContainer;
};
}
diff --git a/system/roles/workstation/services/printing.nix b/system/roles/workstation/services/printing.nix
index fd785d5..f123d7c 100644
--- a/system/roles/workstation/services/printing.nix
+++ b/system/roles/workstation/services/printing.nix
@@ -5,13 +5,11 @@
...
}: let
inherit (lib) mkIf optional;
- deviceType = config.myOptions.device.roles.type;
- acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username;
in {
- config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
+ config = mkIf cfg.enable {
# enable cups and add some drivers for common printers
services = {
printing = {