ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2025-01-23 20:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ItsDrike:e79a5d7cde768a3690e448758e7bae5966eba52b
Branches Tags
ItsDrike:main
ItsDrike:fix-wayland
ItsDrike:temp
ItsDrike:polymouth
ItsDrike:boot-opts
..
compare: ItsDrike:575e6ae979f4ad10735e6fcaba9e42790960726d
Branches Tags
ItsDrike:main
ItsDrike:fix-wayland
ItsDrike:temp
ItsDrike:polymouth
ItsDrike:boot-opts

5 commits
e79a5d7cde ... 575e6ae979

Author SHA1 Message Date
ItsDrike 575e6ae979
Add ninja 2024-09-26 16:34:27 +02:00
ItsDrike 00016063fe
Use roles properly 
Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.
 2024-09-24 11:42:40 +02:00
ItsDrike c6c3ecb1e9
Install flatpak 2024-09-24 11:23:13 +02:00
ItsDrike 0c996b540f
Add kotlin lsp & linter pkgs for nvim 2024-09-24 11:20:09 +02:00
ItsDrike 50015511a8
Add android studio 2024-09-24 11:19:54 +02:00
33 changed files with 398 additions and 588 deletions
Show stats Expand all files Collapse all files

39
home/packages/cli/desktop.nix
View file

@ -1,26 +1,15 @@
{
osConfig,
lib,
pkgs,
...
}: let
inherit (lib) mkIf;
devType = osConfig.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem devType acceptedTypes) {
home.packages = with pkgs; [
libnotify # send desktop notifications
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
};
{pkgs, ...}: {
# TODO: Only apply this to workstations
home.packages = with pkgs; [
libnotify # send desktop notifications
imagemagick # create/edit images
trash-cli # interface to freedesktop trashcan
bitwarden-cli # pw manager
slides # terminal based presentation tool
brightnessctl # brightness control
pulsemixer # manage audio (TUI)
nix-tree # interactively browse nix store
glow # render markdown
ffmpeg # record, convert and stream audio and video
];
}

3
home/programs/terminal/coding/cpp.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
home.packages = with pkgs; [ninja];
}

1
home/programs/terminal/coding/default.nix
View file

@ -1,5 +1,6 @@
{
imports = [
./python
./cpp.nix
];
}

2
home/programs/terminal/editors/neovim/default.nix
View file

@ -33,6 +33,7 @@
nixd
emmet-language-server
vscode-langservers-extracted
kotlin-language-server
# Linters / formatters
stylua
@ -49,6 +50,7 @@
alejandra
deadnix
statix
ktlint
# Other tools / utilities
ripgrep

11
hosts/default.nix
View file

@ -4,10 +4,14 @@
# A list of shared modules that ALL systems need
shared = [
../system
../system/shared
../home
../options
];
workstationRole = ../system/roles/workstation;
laptopRole = ../system/roles/laptop;
uniRole = ../system/roles/uni;
in {
herugrim = lib.nixosSystem {
system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
]
++ shared;
};
@ -31,6 +37,9 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
workstationRole
laptopRole
uniRole
]
++ shared;
};

14
hosts/voyager/default.nix
View file

@ -98,6 +98,11 @@
".local/share/cargo"
".local/share/go"
".config/rye"
# University crap
"Android/Sdk"
"AndroidStudioProjects"
".android"
];
extraFiles = [
".config/gtk-3.0/bookmarks"
@ -138,10 +143,7 @@
};
device = {
roles = {
type = "laptop";
virtual-machine = false;
};
roles.virtual-machine = false;
cpu.type = "amd";
gpu.type = "amd";
hasTPM = true;
@ -182,10 +184,10 @@
"eDP-1, 1920x1200@60, 0x1080, 1"
# HDMI-A-1 above primary
"HDMI-A-1, 1920x1080@60, 0x0, 1"
#"HDMI-A-1, 1920x1080@60, 0x0, 1"
# HDMI-A-1 left to primary
#"HDMI-A-1, 1920x1080@60, 1920x1080, 1"
"HDMI-A-1, 1920x1080@60, 1920x1080, 1"
# Mirror the primary (laptop) monitor on externals
", preferred, auto, 1, mirror, eDP-1"

32
options/device/roles.nix
View file

@ -1,39 +1,11 @@
{
lib,
config,
...
}: let
inherit (lib) mkOption types;
cfg = config.myOptions.device.roles;
{lib, ...}: let
inherit (lib) mkOption;
in {
options.myOptions.device.roles = {
type = mkOption {
type = types.enum ["laptop" "desktop" "server"];
default = "";
description = ''
The type/purpoes of the device that will be used within the rest of the configuration.
- laptop: portable devices with battery optimizations
- desktop: stationary devices configured for maximum performance
- server: server and infrastructure
'';
};
virtual-machine = mkOption {
type = lib.types.bool;
default = false;
description = "Is this system a virtual machine?";
};
isWorkstation = mkOption {
type = lib.types.bool;
default = builtins.elem cfg.type ["laptop" "desktop"];
readOnly = true;
description = ''
Is this machine a workstation?
Workstation machines are meant for regular day-to-day use.
'';
};
};
}

11
system/roles/default.nix
View file

@ -1,11 +0,0 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop
];
}

29
system/roles/laptop/power/acpi.nix
View file

@ -1,27 +1,20 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
}: {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [acpi];
environment.systemPackages = with pkgs; [acpi];
# handle ACPI events
services.acpid.enable = true;
# handle ACPI events
services.acpid.enable = true;
boot = {
kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
boot = {
kernelModules = ["acpi_call"];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
}

13
system/roles/laptop/power/default.nix
View file

@ -1,13 +1,4 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
{pkgs, ...}: {
imports = [
./power-profiles-daemon
./upower.nix
@ -15,7 +6,7 @@ in {
./systemd.nix
];
config = mkIf (builtins.elem deviceType acceptedTypes) {
config = {
environment.systemPackages = with pkgs; [powertop];
};
}

54
system/roles/laptop/power/power-profiles-daemon/default.nix
View file

@ -1,43 +1,37 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (lib.modules) mkForce;
inherit (lib.strings) makeBinPath;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# allows changing system behavior based upon user-selected power profiles
# (with `powerprofilesctl` command)
services.power-profiles-daemon.enable = true;
# allows changing system behavior based upon user-selected power profiles
# (with `powerprofilesctl` command)
services.power-profiles-daemon.enable = true;
# Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let
dependencies = with pkgs; [
coreutils
gnugrep
power-profiles-daemon
inotify-tools
jaq
];
in {
description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh;
# Power state monitor. Switches power profiles based on charging state.
# Plugged in - performance (if available, falls back to balance)
# Unplugged - balanced, until below 50%, then power-saver
systemd.services."power-monitor" = let
dependencies = with pkgs; [
coreutils
gnugrep
power-profiles-daemon
inotify-tools
jaq
];
in {
description = "Power Monitoring Service";
environment.PATH = mkForce "/run/wrappers/bin:${makeBinPath dependencies}";
script = builtins.readFile ./power_monitor.sh;
serviceConfig = {
Type = "simple";
Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
serviceConfig = {
Type = "simple";
Restart = "on-failure";
};
wants = ["power-profiles-daemon.service"];
wantedBy = ["default.target"];
};
}

27
system/roles/laptop/power/upower.nix
View file

@ -1,23 +1,12 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
services = {
# DBus service that provides power management support to applications
upower = {
enable = true;
percentageLow = 15;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "Hibernate";
};
};
}

42
system/roles/laptop/touchpad.nix
View file

@ -1,32 +1,22 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.libinput = {
# enable libinput
enable = true;
services.libinput = {
# enable libinput
enable = true;
# disable mouse acceleration
mouse = {
accelProfile = "flat";
accelSpeed = "0";
middleEmulation = false;
};
# disable mouse acceleration
mouse = {
accelProfile = "flat";
accelSpeed = "0";
middleEmulation = false;
};
# touchpad settings
touchpad = {
naturalScrolling = false; # I'm not natural
tapping = true;
clickMethod = "clickfinger";
horizontalScrolling = true;
disableWhileTyping = true;
};
# touchpad settings
touchpad = {
naturalScrolling = false; # I'm not natural
tapping = true;
clickMethod = "clickfinger";
horizontalScrolling = true;
disableWhileTyping = true;
};
};
}

3
system/roles/uni/android.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.android-studio];
}

5
system/roles/uni/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./android.nix
];
}

55
system/roles/workstation/display/login/greetd.nix
View file

@ -4,12 +4,9 @@
lib,
...
}: let
inherit (lib) mkIf getExe;
inherit (lib) getExe;
inherit (lib.strings) concatStringsSep;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
greetingMsg = "'Access is restricted to authorized personnel only.'";
tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,33 +43,31 @@
];
};
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.greetd = {
enable = true;
vt = 1;
services.greetd = {
enable = true;
vt = 1;
# <https://man.sr.ht/~kennylevinsen/greetd/>
settings = {
# default session is what will be used if no session is selected
# in this case it'll be a TUI greeter
default_session = defaultSession;
};
# <https://man.sr.ht/~kennylevinsen/greetd/>
settings = {
# default session is what will be used if no session is selected
# in this case it'll be a TUI greeter
default_session = defaultSession;
};
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
};
# Suppress error messages on tuigreet. They sometimes obscure the TUI
# boundaries of the greeter.
# See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal";
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Persist info about previous session & user
myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
}

48
system/roles/workstation/display/login/pam.nix
View file

@ -1,35 +1,25 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# unlock GPG keyring on login
security.pam.services = let
gnupg = {
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
# unlock GPG keyring on login
security.pam.services = let
gnupg = {
enable = true;
noAutostart = true;
storeOnly = true;
};
in {
login = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = {
enableGnomeKeyring = true;
inherit gnupg;
};
greetd = {
enableGnomeKeyring = true;
inherit gnupg;
};
tuigreet = {
enableGnomeKeyring = true;
inherit gnupg;
};
tuigreet = {
enableGnomeKeyring = true;
inherit gnupg;
};
};
}

213
system/roles/workstation/fonts.nix
View file

@ -1,120 +1,109 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
{pkgs, ...}: {
fonts = {
enableDefaultPackages = false;
fontconfig = {
defaultFonts = let
common = [
"Iosevka Nerd Font"
"Symbols Nerd Font"
fontconfig = {
defaultFonts = let
common = [
"Iosevka Nerd Font"
"Symbols Nerd Font"
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
];
in {
monospace =
[
"Monaspace Krypton"
"Source Code Pro Medium"
"Source Han Mono"
]
++ common;
sansSerif =
[
"Noto Sans"
"Jost"
"Lexend"
]
++ common;
serif =
[
"Noto Serif"
]
++ common;
emoji =
[
"Noto Color Emoji"
]
++ common;
};
]
++ common;
};
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
};
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
fontDir = {
enable = true;
decompressFonts = true;
};
packages = with pkgs; [
# programming fonts
sarasa-gothic
source-code-pro
monaspace
# desktop fonts
corefonts # MS fonts
b612 # high legibility
material-icons
material-design-icons
roboto
work-sans
comic-neue
source-sans
inter
lato
lexend
jost
dejavu_fonts
noto-fonts
noto-fonts-cjk
# emojis
noto-fonts-color-emoji
twemoji-color-font
openmoji-color
openmoji-black
font-awesome
material-symbols
# defaults worth keeping
dejavu_fonts
freefont_ttf
gyre-fonts
liberation_ttf
unifont
# specific nerd fonts only
# (installing all nerd fonts is slow and takes gigabytes)
# see: <https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/nerdfonts/shas.nix>
# for all available fonts
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"Iosevka"
"NerdFontsSymbolsOnly"
"FiraCode"
"FiraMono"
"Hack"
"HeavyData"
"Gohu"
];
})
];
};
environment.systemPackages = with pkgs; [
# Tool for searching and previewing installed fonts
font-manager
];
}

32
system/roles/workstation/programs/misc.nix
View file

@ -1,28 +1,18 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
# show network usage
bandwhich.enable = true;
# show network usage
bandwhich.enable = true;
# network inspection utility
wireshark.enable = true;
# network inspection utility
wireshark.enable = true;
# gnome's keyring manager
seahorse.enable = true;
# gnome's keyring manager
seahorse.enable = true;
# registry for linux (thanks to Gnome)
dconf.enable = true;
};
# registry for linux (thanks to Gnome)
dconf.enable = true;
};
}

34
system/roles/workstation/programs/physlock.nix
View file

@ -1,27 +1,17 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# Screen locker which works across all virtual terminals
# Use `systemctl start physlock` to securely lock the screen
services.physlock = {
enable = true;
lockMessage = "System is locked...";
# I only use physlock manually in some circumstances
lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password
hibernate = true;
};
# I only use physlock manually in some circumstances
lockOn = {
# Don't auto-lock the system with physlock on suspend, I prefer other (gui) lockers
suspend = false;
# Do use physlock on resuming from hibernation though, as this just restored RAM,
# potentially bypassing the login screen and even initial disk encryption password
hibernate = true;
};
};
}

4
system/roles/workstation/programs/steam.nix
View file

@ -5,10 +5,8 @@
}: let
inherit (lib) mkIf;
cfg = config.myOptions.home-manager.programs.games.steam;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.steam = {
enable = true;
remotePlay.openFirewall = false;

55
system/roles/workstation/programs/thunar.nix
View file

@ -1,36 +1,25 @@
{
lib,
pkgs,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
{pkgs, ...}: {
# Unconditionally enable thunar file manager here as a relatively
# lightweight fallback option for my default file manager.
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-media-tags-plugin
];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-media-tags-plugin
];
};
environment = {
systemPackages = with pkgs; [
# packages necessery for thunar thumbnails
xfce.tumbler
libgsf # odf files
ffmpegthumbnailer
ark # GUI archiver for thunar archive plugin
];
};
# thumbnail support on thunar
services.tumbler.enable = true;
}

4
system/roles/workstation/programs/virtualbox.nix
View file

@ -6,10 +6,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.virtualbox;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
virtualisation.virtualbox.host = {
enable = true;

4
system/roles/workstation/programs/wireshark.nix
View file

@ -7,10 +7,8 @@
inherit (lib) mkIf;
cfgUser = config.myOptions.system.username;
cfg = config.myOptions.home-manager.programs.applications.wireshark;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
config = mkIf cfg.enable {
programs.wireshark = {
enable = true;
package = pkgs.wireshark;

90
system/roles/workstation/runners.nix
View file

@ -1,57 +1,49 @@
{
config,
pkgs,
lib,
...
}: let
inherit (lib) mkIf;
}: {
environment.systemPackages = [pkgs.appimage-run];
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
environment.systemPackages = [pkgs.appimage-run];
# run appimages with appimage-run
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run appimages with appimage-run
boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (_: {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
});
# run unpatched linux binaries with nix-ld
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
openssl
curl
glib
util-linux
glibc
icu
libunwind
libuuid
zlib
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
# run unpatched linux binaries with nix-ld
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
openssl
curl
glib
util-linux
glibc
icu
libunwind
libuuid
zlib
libsecret
# graphical
freetype
libglvnd
libnotify
SDL2
vulkan-loader
gdk-pixbuf
xorg.libX11
];
};
# Some pre-compiled binaries hard-code ssl cert file to /etc/ssl/cert.pem
# instead of what NixOS uses (/etc/ssl/certs/ca-certificates.crt). Make a
# symlink there for compatibility.
# - For example the rye installed python binaries look there
environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
}

1
system/roles/workstation/services/default.nix
View file

@ -6,5 +6,6 @@
./misc.nix
./logind.nix
./gnome-keyring.nix
./flatpak.nix
];
}

49
system/roles/workstation/services/earlyoom.nix
View file

@ -1,33 +1,22 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
{pkgs, ...}: {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
services.earlyoom = {
enable = true;
enableNotifications = true; # annoying, but we want to know what's killed
freeSwapThreshold = 2;
freeMemThreshold = 2;
extraArgs = [
"-g" # kill all processes within a process group
"--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
"--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
];
# we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
# we should ideally write the logs into a designated log file; or even better, to the journal
# for now we can hope this echo sends the log to somewhere we can observe later
killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
}

3
system/roles/workstation/services/flatpak.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

31
system/roles/workstation/services/gnome-keyring.nix
View file

@ -1,25 +1,14 @@
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
{pkgs, ...}: {
services = {
udev.packages = with pkgs; [gnome.gnome-settings-daemon];
gnome.gnome-keyring.enable = true;
};
# seahorse is an application for managing encryption keys
# and passwords in the gnome keyring
programs.seahorse.enable = true;
# seahorse is an application for managing encryption keys
# and passwords in the gnome keyring
programs.seahorse.enable = true;
xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
xdg.portal.config.common = {
"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
};
}

28
system/roles/workstation/services/logind.nix
View file

@ -1,22 +1,12 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
# despite being under logind, this has nothing to do with login
# it's about power management
services.logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey=suspend
HibernateDelaySec=3600
'';
};
}

21
system/roles/workstation/services/misc.nix
View file

@ -1,20 +1,9 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf;
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs - a userspace virtual filesystem
gvfs.enable = true;
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
# storage daemon required for udiskie auto-mount
udisks2.enable = true;
};
}

24
system/roles/workstation/services/mount.nix
View file

@ -1,20 +1,10 @@
{
lib,
config,
...
}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
{config, ...}: {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
gvfs.enable = true;
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
}

4
system/roles/workstation/services/printing.nix
View file

@ -5,13 +5,11 @@
...
}: let
inherit (lib) mkIf optional;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing;
cfgUser = config.myOptions.system.username;
in {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
config = mkIf cfg.enable {
# enable cups and add some drivers for common printers
services = {
printing = {