ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2025-01-23 20:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ItsDrike:e79a5d7cde768a3690e448758e7bae5966eba52b
Branches Tags
ItsDrike:main
ItsDrike:fix-wayland
ItsDrike:temp
ItsDrike:polymouth
ItsDrike:boot-opts
..
compare: ItsDrike:575e6ae979f4ad10735e6fcaba9e42790960726d
Branches Tags
ItsDrike:main
ItsDrike:fix-wayland
ItsDrike:temp
ItsDrike:polymouth
ItsDrike:boot-opts

5 commits
e79a5d7cde ... 575e6ae979

Author SHA1 Message Date
ItsDrike 575e6ae979
Add ninja 2024-09-26 16:34:27 +02:00
ItsDrike 00016063fe
Use roles properly 
Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.
 2024-09-24 11:42:40 +02:00
ItsDrike c6c3ecb1e9
Install flatpak 2024-09-24 11:23:13 +02:00
ItsDrike 0c996b540f
Add kotlin lsp & linter pkgs for nvim 2024-09-24 11:20:09 +02:00
ItsDrike 50015511a8
Add android studio 2024-09-24 11:19:54 +02:00
33 changed files with 398 additions and 588 deletions
Show stats Expand all files Collapse all files

39
home/packages/cli/desktop.nix
View file

@ -1,26 +1,15 @@
{ {pkgs, ...}: {
osConfig, # TODO: Only apply this to workstations
lib, home.packages = with pkgs; [
pkgs, libnotify # send desktop notifications
... imagemagick # create/edit images
}: let trash-cli # interface to freedesktop trashcan
inherit (lib) mkIf; bitwarden-cli # pw manager
slides # terminal based presentation tool
devType = osConfig.myOptions.device.roles.type; brightnessctl # brightness control
acceptedTypes = ["laptop" "desktop"]; pulsemixer # manage audio (TUI)
in { nix-tree # interactively browse nix store
config = mkIf (builtins.elem devType acceptedTypes) { glow # render markdown
home.packages = with pkgs; [ ffmpeg # record, convert and stream audio and video
libnotify # send desktop notifications ];
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
};
} }

3
home/programs/terminal/coding/cpp.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
home.packages = with pkgs; [ninja];
}

1
home/programs/terminal/coding/default.nix
View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./python ./python
./cpp.nix
]; ];
} }

2
home/programs/terminal/editors/neovim/default.nix
View file

@ -33,6 +33,7 @@
nixd nixd
emmet-language-server emmet-language-server
vscode-langservers-extracted vscode-langservers-extracted
kotlin-language-server
# Linters / formatters # Linters / formatters
stylua stylua
@ -49,6 +50,7 @@
alejandra alejandra
deadnix deadnix
statix statix
ktlint
# Other tools / utilities # Other tools / utilities
ripgrep ripgrep

11
hosts/default.nix
View file

@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need # A list of shared modules that ALL systems need
shared = [ shared = [
../system ../system/shared
../home ../home
../options ../options
]; ];
workstationRole = ../system/roles/workstation;
laptopRole = ../system/roles/laptop;
uniRole = ../system/roles/uni;
in { in {
herugrim = lib.nixosSystem { herugrim = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
] ]
++ shared; ++ shared;
}; };
@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
uniRole
] ]
++ shared; ++ shared;
}; };

14
hosts/voyager/default.nix
View file

@ -98,6 +98,11 @@
".local/share/cargo" ".local/share/cargo"
".local/share/go" ".local/share/go"
".config/rye" ".config/rye"
# University crap
"Android/Sdk"
"AndroidStudioProjects"
".android"
]; ];
extraFiles = [ extraFiles = [
".config/gtk-3.0/bookmarks" ".config/gtk-3.0/bookmarks"
@ -138,10 +143,7 @@
}; };
device = { device = {
roles = { roles.virtual-machine = false;
type = "laptop";
virtual-machine = false;
};
cpu.type = "amd"; cpu.type = "amd";
gpu.type = "amd"; gpu.type = "amd";
hasTPM = true; hasTPM = true;
@ -182,10 +184,10 @@
"eDP-1, 1920x1200@60, 0x1080, 1" "eDP-1, 1920x1200@60, 0x1080, 1"
# HDMI-A-1 above primary # HDMI-A-1 above primary
"HDMI-A-1, 1920x1080@60, 0x0, 1" #"HDMI-A-1, 1920x1080@60, 0x0, 1"
# HDMI-A-1 left to primary # HDMI-A-1 left to primary
#"HDMI-A-1, 1920x1080@60, 1920x1080, 1" "HDMI-A-1, 1920x1080@60, 1920x1080, 1"
# Mirror the primary (laptop) monitor on externals # Mirror the primary (laptop) monitor on externals
", preferred, auto, 1, mirror, eDP-1" ", preferred, auto, 1, mirror, eDP-1"

32
options/device/roles.nix
View file

@ -1,39 +1,11 @@
{ {lib, ...}: let
lib, inherit (lib) mkOption;
config,
...
}: let
inherit (lib) mkOption types;
cfg = config.myOptions.device.roles;
in { in {
options.myOptions.device.roles = { options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption { virtual-machine = mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Is this system a virtual machine?"; description = "Is this system a virtual machine?";
}; };
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
}; };
} }

11
system/roles/default.nix
View file

@ -1,11 +0,0 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop
];
}

29
system/roles/laptop/power/acpi.nix
View file

@ -1,27 +1,20 @@
{ {
pkgs, pkgs,
lib,
config, config,
... ...
}: let }: {
inherit (lib) mkIf; hardware.acpilight.enable = true;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [acpi]; environment.systemPackages = with pkgs; [acpi];
# handle ACPI events # handle ACPI events
services.acpid.enable = true; services.acpid.enable = true;
boot = { boot = {
kernelModules = ["acpi_call"]; kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [ extraModulePackages = with config.boot.kernelPackages; [
acpi_call acpi_call
cpupower cpupower
]; ];
};
}; };
} }

13
system/roles/laptop/power/default.nix
View file

@ -1,13 +1,4 @@
{ {pkgs, ...}: {
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
imports = [ imports = [
./power-profiles-daemon ./power-profiles-daemon
./upower.nix ./upower.nix
@ -15,7 +6,7 @@ in {
./systemd.nix ./systemd.nix
]; ];
config = mkIf (builtins.elem deviceType acceptedTypes) { config = {
environment.systemPackages = with pkgs; [powertop]; environment.systemPackages = with pkgs; [powertop];
}; };
} }

54
system/roles/laptop/power/power-profiles-daemon/default.nix
View file

@ -1,43 +1,37 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: let }: let
inherit (lib) mkIf;
inherit (lib.modules) mkForce; inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath; inherit (lib.strings) makeBinPath;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { # allows changing system behavior based upon user-selected power profiles
# allows changing system behavior based upon user-selected power profiles # (with `powerprofilesctl` command)
# (with `powerprofilesctl` command) services.power-profiles-daemon.enable = true;
services.power-profiles-daemon.enable = true;
# Power state monitor. Switches power profiles based on charging state. # Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance) # Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver # Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let systemd.services."power-monitor" = let
dependencies = with pkgs; [ dependencies = with pkgs; [
coreutils coreutils
gnugrep gnugrep
power-profiles-daemon power-profiles-daemon
inotify-tools inotify-tools
jaq jaq
]; ];
in { in {
description = "Power Monitoring Service"; description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}"; environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh; script = builtins.readFile ./power_monitor.sh;
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
Restart = "on-failure"; Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
}; };
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
}; };
} }

27
system/roles/laptop/power/upower.nix
View file

@ -1,23 +1,12 @@
{ {
pkgs, services = {
lib, # DBus service that provides power management support to applications
config, upower = {
... enable = true;
}: let percentageLow = 15;
inherit (lib) mkIf; percentageCritical = 5;
deviceType = config.myOptions.device.roles.type; percentageAction = 3;
acceptedTypes = ["laptop"]; criticalPowerAction = "Hibernate";
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
}; };
}; };
} }

42
system/roles/laptop/touchpad.nix
View file

@ -1,32 +1,22 @@
{ {
lib, services.libinput = {
config, # enable libinput
... enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.libinput = {
# enable libinput
enable = true;
# disable mouse acceleration # disable mouse acceleration
mouse = { mouse = {
accelProfile = "flat"; accelProfile = "flat";
accelSpeed = "0"; accelSpeed = "0";
middleEmulation = false; middleEmulation = false;
}; };
# touchpad settings # touchpad settings
touchpad = { touchpad = {
naturalScrolling = false; # I'm not natural naturalScrolling = false; # I'm not natural
tapping = true; tapping = true;
clickMethod = "clickfinger"; clickMethod = "clickfinger";
horizontalScrolling = true; horizontalScrolling = true;
disableWhileTyping = true; disableWhileTyping = true;
};
}; };
}; };
} }

3
system/roles/uni/android.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.android-studio];
}

5
system/roles/uni/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./android.nix
];
}

55
system/roles/workstation/display/login/greetd.nix
View file

@ -4,12 +4,9 @@
lib, lib,
... ...
}: let }: let
inherit (lib) mkIf getExe; inherit (lib) getExe;
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
greetingMsg = "'Access is restricted to authorized personnel only.'"; greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'"; tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,33 +43,31 @@
]; ];
}; };
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { services.greetd = {
services.greetd = { enable = true;
enable = true; vt = 1;
vt = 1;
# <https://man.sr.ht/~kennylevinsen/greetd/> # <https://man.sr.ht/~kennylevinsen/greetd/>
settings = { settings = {
# default session is what will be used if no session is selected # default session is what will be used if no session is selected
# in this case it'll be a TUI greeter # in this case it'll be a TUI greeter
default_session = defaultSession; default_session = defaultSession;
};
}; };
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
}; };
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
} }

48
system/roles/workstation/display/login/pam.nix
View file

@ -1,35 +1,25 @@
{ {
lib, # unlock GPG keyring on login
config, security.pam.services = let
... gnupg = {
}: let enable = true;
inherit (lib) mkIf; noAutostart = true;
deviceType = config.myOptions.device.roles.type; storeOnly = true;
acceptedTypes = ["laptop" "desktop"]; };
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes) { login = {
# unlock GPG keyring on login enableGnomeKeyring = true;
security.pam.services = let inherit gnupg;
gnupg = { };
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = { greetd = {
enableGnomeKeyring = true; enableGnomeKeyring = true;
inherit gnupg; inherit gnupg;
}; };
tuigreet = { tuigreet = {
enableGnomeKeyring = true; enableGnomeKeyring = true;
inherit gnupg; inherit gnupg;
};
}; };
}; };
} }

213
system/roles/workstation/fonts.nix
View file

@ -1,120 +1,109 @@
{ {pkgs, ...}: {
pkgs, fonts = {
lib, enableDefaultPackages = false;
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
fontconfig = { fontconfig = {
defaultFonts = let defaultFonts = let
common = [ common = [
"Iosevka Nerd Font" "Iosevka Nerd Font"
"Symbols Nerd Font" "Symbols Nerd Font"
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji" "Noto Color Emoji"
]; ]
in { ++ common;
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
]
++ common;
};
}; };
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
}; };
environment.systemPackages = with pkgs; [ fontDir = {
# Tool for searching and previewing installed fonts enable = true;
font-manager decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
]; ];
}; };
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
];
} }

32
system/roles/workstation/programs/misc.nix
View file

@ -1,28 +1,18 @@
{ {
lib, programs = {
config, # allow non-root users to mount fuse filesystems with allow_other
... fuse.userAllowOther = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage # show network usage
bandwhich.enable = true; bandwhich.enable = true;
# network inspection utility # network inspection utility
wireshark.enable = true; wireshark.enable = true;
# gnome's keyring manager # gnome's keyring manager
seahorse.enable = true; seahorse.enable = true;
# registry for linux (thanks to Gnome) # registry for linux (thanks to Gnome)
dconf.enable = true; dconf.enable = true;
};
}; };
} }

34
system/roles/workstation/programs/physlock.nix
View file

@ -1,27 +1,17 @@
{ {
lib, # Screen locker which works across all virtual terminals
config, # Use `systemctl start physlock` to securely lock the screen
... services.physlock = {
}: let enable = true;
inherit (lib) mkIf; lockMessage = "System is locked...";
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# I only use physlock manually in some circumstances # I only use physlock manually in some circumstances
lockOn = { lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers # Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false; suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM, # Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password # potentially bypassing the login screen and even initial disk encryption password
hibernate = true; hibernate = true;
};
}; };
}; };
} }

4
system/roles/workstation/programs/steam.nix
View file

@ -5,10 +5,8 @@
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam; cfg = config.myOptions.home-manager.programs.games.steam;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = false; remotePlay.openFirewall = false;

55
system/roles/workstation/programs/thunar.nix
View file

@ -1,36 +1,25 @@
{ {pkgs, ...}: {
lib, # Unconditionally enable thunar file manager here as a relatively
pkgs, # lightweight fallback option for my default file manager.
config, programs.thunar = {
... enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ plugins = with pkgs.xfce; [
thunar-archive-plugin thunar-archive-plugin
thunar-media-tags-plugin thunar-media-tags-plugin
]; ];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
}; };
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
} }

4
system/roles/workstation/programs/virtualbox.nix
View file

@ -6,10 +6,8 @@
inherit (lib) mkIf; inherit (lib) mkIf;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox; cfg = config.myOptions.home-manager.programs.applications.virtualbox;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
virtualisation.virtualbox.host = { virtualisation.virtualbox.host = {
enable = true; enable = true;

4
system/roles/workstation/programs/wireshark.nix
View file

@ -7,10 +7,8 @@
inherit (lib) mkIf; inherit (lib) mkIf;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark; cfg = config.myOptions.home-manager.programs.applications.wireshark;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in { in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) { config = mkIf cfg.enable {
programs.wireshark = { programs.wireshark = {
enable = true; enable = true;
package = pkgs.wireshark; package = pkgs.wireshark;

90
system/roles/workstation/runners.nix
View file

@ -1,57 +1,49 @@
{ {
config,
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
inherit (lib) mkIf; environment.systemPackages = [pkgs.appimage-run];
deviceType = config.myOptions.device.roles.type; # run appimages with appimage-run
acceptedTypes = ["laptop" "desktop"]; boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
in { wrapInterpreterInShell = false;
config = mkIf (builtins.elem deviceType acceptedTypes) { interpreter = "${pkgs.appimage-run}/bin/appimage-run";
environment.systemPackages = [pkgs.appimage-run]; recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run appimages with appimage-run # run unpatched linux binaries with nix-ld
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: { programs.nix-ld = {
wrapInterpreterInShell = false; enable = true;
interpreter = "${pkgs.appimage-run}/bin/appimage-run"; libraries = with pkgs; [
recognitionType = "magic"; stdenv.cc.cc
offset = 0; openssl
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff"; curl
magicOrExtension = "\\x7fELF....AI\\x02"; glib
}); util-linux
glibc
# run unpatched linux binaries with nix-ld icu
programs.nix-ld = { libunwind
enable = true; libuuid
libraries = with pkgs; [ zlib
stdenv.cc.cc libsecret
openssl # graphical
curl freetype
glib libglvnd
util-linux libnotify
glibc SDL2
icu vulkan-loader
libunwind gdk-pixbuf
libuuid xorg.libX11
zlib ];
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
}; };
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
} }

1
system/roles/workstation/services/default.nix
View file

@ -6,5 +6,6 @@
./misc.nix ./misc.nix
./logind.nix ./logind.nix
./gnome-keyring.nix ./gnome-keyring.nix
./flatpak.nix
]; ];
} }

49
system/roles/workstation/services/earlyoom.nix
View file

@ -1,33 +1,22 @@
{ {pkgs, ...}: {
pkgs, # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
lib, # avoid the linux kernel locking itself when we're putting too much strain on the memory
config, # this helps avoid having to shut down forcefully when we OOM
... services.earlyoom = {
}: let enable = true;
inherit (lib) mkIf; enableNotifications = true; # annoying, but we want to know what's killed
deviceType = config.myOptions.device.roles.type; freeSwapThreshold = 2;
acceptedTypes = ["laptop" "desktop"]; freeMemThreshold = 2;
in { extraArgs = [
config = mkIf (builtins.elem deviceType acceptedTypes) { "-g" # kill all processes within a process group
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
# avoid the linux kernel locking itself when we're putting too much strain on the memory "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
# this helps avoid having to shut down forcefully when we OOM ];
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal # we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later # for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" '' killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
''; '';
};
}; };
} }

3
system/roles/workstation/services/flatpak.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

31
system/roles/workstation/services/gnome-keyring.nix
View file

@ -1,25 +1,14 @@
{ {pkgs, ...}: {
pkgs, services = {
lib, udev.packages = with pkgs; [gnome.gnome-settings-daemon];
config, gnome.gnome-keyring.enable = true;
... };
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
# seahorse is an application for managing encryption keys # seahorse is an application for managing encryption keys
# and passwords in the gnome keyring # and passwords in the gnome keyring
programs.seahorse.enable = true; programs.seahorse.enable = true;
xdg.portal.config.common = { xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
}; };
} }

28
system/roles/workstation/services/logind.nix
View file

@ -1,22 +1,12 @@
{ {
lib, # despite being under logind, this has nothing to do with login
config, # it's about power management
... services.logind = {
}: let lidSwitch = "suspend";
inherit (lib) mkIf; lidSwitchExternalPower = "suspend";
deviceType = config.myOptions.device.roles.type; extraConfig = ''
acceptedTypes = ["laptop" "desktop"]; HandlePowerKey=suspend
in { HibernateDelaySec=3600
config = mkIf (builtins.elem deviceType acceptedTypes) { '';
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
}; };
} }

21
system/roles/workstation/services/misc.nix
View file

@ -1,20 +1,9 @@
{ {
config, services = {
lib, # enable GVfs - a userspace virtual filesystem
... gvfs.enable = true;
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type; # storage daemon required for udiskie auto-mount
acceptedTypes = ["laptop" "desktop"]; udisks2.enable = true;
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
}; };
} }

24
system/roles/workstation/services/mount.nix
View file

@ -1,20 +1,10 @@
{ {config, ...}: {
lib, services = {
config, # enable GVfs, a userspace virtual filesystem
... # (allows viewing ftp,sftp,... directly from the file manager)
}: let gvfs.enable = true;
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount # Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer; udisks2.enable = !config.boot.isContainer;
};
}; };
} }

4
system/roles/workstation/services/printing.nix
View file

@ -5,13 +5,11 @@
... ...
}: let }: let
inherit (lib) mkIf optional; inherit (lib) mkIf optional;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing; cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username; cfgUser = config.myOptions.system.username;
in { in {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) { config = mkIf cfg.enable {
# enable cups and add some drivers for common printers # enable cups and add some drivers for common printers
services = { services = {
printing = { printing = {