ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2024-11-14 04:07:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use roles properly

Browse source 
Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.
This commit is contained in:
ItsDrike 2024-09-24 11:40:42 +02:00
parent c6c3ecb1e9
commit 00016063fe
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
27 changed files with 375 additions and 610 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
home/packages/cli/desktop.nix
View file

@ -1,26 +1,15 @@
{ {pkgs, ...}: {
osConfig, # TODO: Only apply this to workstations
lib, home.packages = with pkgs; [
pkgs, libnotify # send desktop notifications
... imagemagick # create/edit images
}: let trash-cli # interface to freedesktop trashcan
inherit (lib) mkIf; bitwarden-cli # pw manager
slides # terminal based presentation tool
devType = osConfig.myOptions.device.roles.type; brightnessctl # brightness control
acceptedTypes = ["laptop" "desktop"]; pulsemixer # manage audio (TUI)
in { nix-tree # interactively browse nix store
config = mkIf (builtins.elem devType acceptedTypes) { glow # render markdown
home.packages = with pkgs; [ ffmpeg # record, convert and stream audio and video
libnotify # send desktop notifications ];
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
};
} }

11
hosts/default.nix
View file

@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need # A list of shared modules that ALL systems need
shared = [ shared = [
../system ../system/shared
../home ../home
../options ../options
]; ];
workstationRole = ../system/roles/workstation;
laptopRole = ../system/roles/laptop;
uniRole = ../system/roles/uni;
in { in {
herugrim = lib.nixosSystem { herugrim = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
] ]
++ shared; ++ shared;
}; };
@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
uniRole
] ]
++ shared; ++ shared;
}; };

6
hosts/voyager/default.nix
View file

@ -143,11 +143,7 @@
}; };
device = { device = {
roles = { roles.virtual-machine = false;
type = "laptop";
virtual-machine = false;
isUniMachine = true;
};
cpu.type = "amd"; cpu.type = "amd";
gpu.type = "amd"; gpu.type = "amd";
hasTPM = true; hasTPM = true;

42
options/device/roles.nix
View file

@ -1,49 +1,11 @@
{ {lib, ...}: let
lib, inherit (lib) mkOption;
config,
...
}: let
inherit (lib) mkOption types;
cfg = config.myOptions.device.roles;
in { in {
options.myOptions.device.roles = { options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption { virtual-machine = mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Is this system a virtual machine?"; description = "Is this system a virtual machine?";
}; };
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
isUniMachine = mkOption {
type = lib.types.bool;
default = false;
description = ''
Should University specific configuration be applied?
(Things like University specific software, etc.)
'';
};
}; };
} }

12
system/roles/default.nix
View file

@ -1,12 +0,0 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop
./uni
];
}

29
system/roles/laptop/power/acpi.nix
View file

@ -1,27 +1,20 @@
{ {
pkgs, pkgs,
lib,
config, config,
... ...
}: let }: {
inherit (lib) mkIf; hardware.acpilight.enable = true;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [acpi]; environment.systemPackages = with pkgs; [acpi];
# handle ACPI events # handle ACPI events
services.acpid.enable = true; services.acpid.enable = true;
boot = { boot = {
kernelModules = ["acpi_call"]; kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [ extraModulePackages = with config.boot.kernelPackages; [
acpi_call acpi_call
cpupower cpupower
]; ];
};
}; };
} }

13
system/roles/laptop/power/default.nix
View file

@ -1,13 +1,4 @@
{ {pkgs, ...}: {
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
imports = [ imports = [
./power-profiles-daemon ./power-profiles-daemon
./upower.nix ./upower.nix
@ -15,7 +6,7 @@ in {
./systemd.nix ./systemd.nix
]; ];
config = mkIf (builtins.elem deviceType acceptedTypes) { config = {
environment.systemPackages = with pkgs; [powertop]; environment.systemPackages = with pkgs; [powertop];
}; };
} }

54
system/roles/laptop/power/power-profiles-daemon/default.nix
View file

@ -1,43 +1,37 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: let }: let
inherit (lib) mkIf;
inherit (lib.modules) mkForce; inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath; inherit (lib.strings) makeBinPath;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { # allows changing system behavior based upon user-selected power profiles
# allows changing system behavior based upon user-selected power profiles # (with `powerprofilesctl` command)
# (with `powerprofilesctl` command) services.power-profiles-daemon.enable = true;
services.power-profiles-daemon.enable = true;
# Power state monitor. Switches power profiles based on charging state. # Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance) # Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver # Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let systemd.services."power-monitor" = let
dependencies = with pkgs; [ dependencies = with pkgs; [
coreutils coreutils
gnugrep gnugrep
power-profiles-daemon power-profiles-daemon
inotify-tools inotify-tools
jaq jaq
]; ];
in { in {
description = "Power Monitoring Service"; description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}"; environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh; script = builtins.readFile ./power_monitor.sh;
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
Restart = "on-failure"; Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
}; };
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
}; };
} }

27
system/roles/laptop/power/upower.nix
View file

@ -1,23 +1,12 @@
{ {
pkgs, services = {
lib, # DBus service that provides power management support to applications
config, upower = {
... enable = true;
}: let percentageLow = 15;
inherit (lib) mkIf; percentageCritical = 5;
deviceType = config.myOptions.device.roles.type; percentageAction = 3;
acceptedTypes = ["laptop"]; criticalPowerAction = "Hibernate";
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
}; };
}; };
} }

42
system/roles/laptop/touchpad.nix
View file

@ -1,32 +1,22 @@
{ {
lib, services.libinput = {
config, # enable libinput
... enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.libinput = {
# enable libinput
enable = true;
# disable mouse acceleration # disable mouse acceleration
mouse = { mouse = {
accelProfile = "flat"; accelProfile = "flat";
accelSpeed = "0"; accelSpeed = "0";
middleEmulation = false; middleEmulation = false;
}; };
# touchpad settings # touchpad settings
touchpad = { touchpad = {
naturalScrolling = false; # I'm not natural naturalScrolling = false; # I'm not natural
tapping = true; tapping = true;
clickMethod = "clickfinger"; clickMethod = "clickfinger";
horizontalScrolling = true; horizontalScrolling = true;
disableWhileTyping = true; disableWhileTyping = true;
};
}; };
}; };
} }

14
system/roles/uni/android.nix
View file

@ -1,13 +1,3 @@
{ {pkgs, ...}: {
pkgs, environment.systemPackages = [pkgs.android-studio];
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (config.myOptions.device.roles) isUniMachine;
in {
config = mkIf isUniMachine {
environment.systemPackages = [pkgs.android-studio];
};
} }

55
system/roles/workstation/display/login/greetd.nix
View file

@ -4,12 +4,9 @@
lib, lib,
... ...
}: let }: let
inherit (lib) mkIf getExe; inherit (lib) getExe;
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
greetingMsg = "'Access is restricted to authorized personnel only.'"; greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'"; tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,33 +43,31 @@
]; ];
}; };
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { services.greetd = {
services.greetd = { enable = true;
enable = true; vt = 1;
vt = 1;
# <https://man.sr.ht/~kennylevinsen/greetd/> # <https://man.sr.ht/~kennylevinsen/greetd/>
settings = { settings = {
# default session is what will be used if no session is selected # default session is what will be used if no session is selected
# in this case it'll be a TUI greeter # in this case it'll be a TUI greeter
default_session = defaultSession; default_session = defaultSession;
};
}; };
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
}; };
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
} }

48
system/roles/workstation/display/login/pam.nix
View file

@ -1,35 +1,25 @@
{ {
lib, # unlock GPG keyring on login
config, security.pam.services = let
... gnupg = {
}: let enable = true;
inherit (lib) mkIf; noAutostart = true;
deviceType = config.myOptions.device.roles.type; storeOnly = true;
acceptedTypes = ["laptop" "desktop"]; };
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { login = {
# unlock GPG keyring on login enableGnomeKeyring = true;
security.pam.services = let inherit gnupg;
gnupg = { };
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = { greetd = {
enableGnomeKeyring = true; enableGnomeKeyring = true;
inherit gnupg; inherit gnupg;
}; };
tuigreet = { tuigreet = {
enableGnomeKeyring = true; enableGnomeKeyring = true;
inherit gnupg; inherit gnupg;
};
}; };
}; };
} }

213
system/roles/workstation/fonts.nix
View file

@ -1,120 +1,109 @@
{ {pkgs, ...}: {
pkgs, fonts = {
lib, enableDefaultPackages = false;
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
fontconfig = { fontconfig = {
defaultFonts = let defaultFonts = let
common = [ common = [
"Iosevka Nerd Font" "Iosevka Nerd Font"
"Symbols Nerd Font" "Symbols Nerd Font"
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji" "Noto Color Emoji"
]; ]
in { ++ common;
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
]
++ common;
};
}; };
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
}; };
environment.systemPackages = with pkgs; [ fontDir = {
# Tool for searching and previewing installed fonts enable = true;
font-manager decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
]; ];
}; };
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
];
} }

32
system/roles/workstation/programs/misc.nix
View file

@ -1,28 +1,18 @@
{ {
lib, programs = {
config, # allow non-root users to mount fuse filesystems with allow_other
... fuse.userAllowOther = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage # show network usage
bandwhich.enable = true; bandwhich.enable = true;
# network inspection utility # network inspection utility
wireshark.enable = true; wireshark.enable = true;
# gnome's keyring manager # gnome's keyring manager
seahorse.enable = true; seahorse.enable = true;
# registry for linux (thanks to Gnome) # registry for linux (thanks to Gnome)
dconf.enable = true; dconf.enable = true;
};
}; };
} }

34
system/roles/workstation/programs/physlock.nix
View file

@ -1,27 +1,17 @@
{ {
lib, # Screen locker which works across all virtual terminals
config, # Use `systemctl start physlock` to securely lock the screen
... services.physlock = {
}: let enable = true;
inherit (lib) mkIf; lockMessage = "System is locked...";
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# I only use physlock manually in some circumstances # I only use physlock manually in some circumstances
lockOn = { lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers # Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false; suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM, # Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password # potentially bypassing the login screen and even initial disk encryption password
hibernate = true; hibernate = true;
};
}; };
}; };
} }

4
system/roles/workstation/programs/steam.nix
View file

@ -5,10 +5,8 @@
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam; cfg = config.myOptions.home-manager.programs.games.steam;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = false; remotePlay.openFirewall = false;

55
system/roles/workstation/programs/thunar.nix
View file

@ -1,36 +1,25 @@
{ {pkgs, ...}: {
lib, # Unconditionally enable thunar file manager here as a relatively
pkgs, # lightweight fallback option for my default file manager.
config, programs.thunar = {
... enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ plugins = with pkgs.xfce; [
thunar-archive-plugin thunar-archive-plugin
thunar-media-tags-plugin thunar-media-tags-plugin
]; ];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
}; };
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
} }

4
system/roles/workstation/programs/virtualbox.nix
View file

@ -6,10 +6,8 @@
inherit (lib) mkIf; inherit (lib) mkIf;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox; cfg = config.myOptions.home-manager.programs.applications.virtualbox;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
virtualisation.virtualbox.host = { virtualisation.virtualbox.host = {
enable = true; enable = true;

4
system/roles/workstation/programs/wireshark.nix
View file

@ -7,10 +7,8 @@
inherit (lib) mkIf; inherit (lib) mkIf;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark; cfg = config.myOptions.home-manager.programs.applications.wireshark;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
programs.wireshark = { programs.wireshark = {
enable = true; enable = true;
package = pkgs.wireshark; package = pkgs.wireshark;

90
system/roles/workstation/runners.nix
View file

@ -1,57 +1,49 @@
{ {
config,
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
inherit (lib) mkIf; environment.systemPackages = [pkgs.appimage-run];
deviceType = config.myOptions.device.roles.type; # run appimages with appimage-run
acceptedTypes = ["laptop" "desktop"]; boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
in { wrapInterpreterInShell = false;
config = mkIf (builtins.elem deviceType acceptedTypes) { interpreter = "${pkgs.appimage-run}/bin/appimage-run";
environment.systemPackages = [pkgs.appimage-run]; recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run appimages with appimage-run # run unpatched linux binaries with nix-ld
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: { programs.nix-ld = {
wrapInterpreterInShell = false; enable = true;
interpreter = "${pkgs.appimage-run}/bin/appimage-run"; libraries = with pkgs; [
recognitionType = "magic"; stdenv.cc.cc
offset = 0; openssl
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff"; curl
magicOrExtension = "\\x7fELF....AI\\x02"; glib
}); util-linux
glibc
# run unpatched linux binaries with nix-ld icu
programs.nix-ld = { libunwind
enable = true; libuuid
libraries = with pkgs; [ zlib
stdenv.cc.cc libsecret
openssl # graphical
curl freetype
glib libglvnd
util-linux libnotify
glibc SDL2
icu vulkan-loader
libunwind gdk-pixbuf
libuuid xorg.libX11
zlib ];
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
}; };
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
} }

49
system/roles/workstation/services/earlyoom.nix
View file

@ -1,33 +1,22 @@
{ {pkgs, ...}: {
pkgs, # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
lib, # avoid the linux kernel locking itself when we're putting too much strain on the memory
config, # this helps avoid having to shut down forcefully when we OOM
... services.earlyoom = {
}: let enable = true;
inherit (lib) mkIf; enableNotifications = true; # annoying, but we want to know what's killed
deviceType = config.myOptions.device.roles.type; freeSwapThreshold = 2;
acceptedTypes = ["laptop" "desktop"]; freeMemThreshold = 2;
in { extraArgs = [
config = mkIf (builtins.elem deviceType acceptedTypes) { "-g" # kill all processes within a process group
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
# avoid the linux kernel locking itself when we're putting too much strain on the memory "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
# this helps avoid having to shut down forcefully when we OOM ];
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal # we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later # for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" '' killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
''; '';
};
}; };
} }

31
system/roles/workstation/services/gnome-keyring.nix
View file

@ -1,25 +1,14 @@
{ {pkgs, ...}: {
pkgs, services = {
lib, udev.packages = with pkgs; [gnome.gnome-settings-daemon];
config, gnome.gnome-keyring.enable = true;
... };
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
# seahorse is an application for managing encryption keys # seahorse is an application for managing encryption keys
# and passwords in the gnome keyring # and passwords in the gnome keyring
programs.seahorse.enable = true; programs.seahorse.enable = true;
xdg.portal.config.common = { xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
}; };
} }

28
system/roles/workstation/services/logind.nix
View file

@ -1,22 +1,12 @@
{ {
lib, # despite being under logind, this has nothing to do with login
config, # it's about power management
... services.logind = {
}: let lidSwitch = "suspend";
inherit (lib) mkIf; lidSwitchExternalPower = "suspend";
deviceType = config.myOptions.device.roles.type; extraConfig = ''
acceptedTypes = ["laptop" "desktop"]; HandlePowerKey=suspend
in { HibernateDelaySec=3600
config = mkIf (builtins.elem deviceType acceptedTypes) { '';
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
}; };
} }

21
system/roles/workstation/services/misc.nix
View file

@ -1,20 +1,9 @@
{ {
config, services = {
lib, # enable GVfs - a userspace virtual filesystem
... gvfs.enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type; # storage daemon required for udiskie auto-mount
acceptedTypes = ["laptop" "desktop"]; udisks2.enable = true;
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
}; };
} }

24
system/roles/workstation/services/mount.nix
View file

@ -1,20 +1,10 @@
{ {config, ...}: {
lib, services = {
config, # enable GVfs, a userspace virtual filesystem
... # (allows viewing ftp,sftp,... directly from the file manager)
}: let gvfs.enable = true;
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount # Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer; udisks2.enable = !config.boot.isContainer;
};
}; };
} }

4
system/roles/workstation/services/printing.nix
View file

@ -5,13 +5,11 @@
... ...
}: let }: let
inherit (lib) mkIf optional; inherit (lib) mkIf optional;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing; cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) { config = mkIf cfg.enable {
# enable cups and add some drivers for common printers # enable cups and add some drivers for common printers
services = { services = {
printing = { printing = {