diff --git a/common/default.nix b/common/default.nix deleted file mode 100644 index 5d7d18c..0000000 --- a/common/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ var, inputs, ... }: -{ - imports = [ - inputs.agenix.nixosModules.default - ../mod - ../desktop - ./locale.nix - ./nix.nix - ./security.nix - ./shell.nix - ./users.nix - ]; - - environment.defaultPackages = [ ]; - networking.extraHosts = var.lan-dns.hostsFile; -} diff --git a/common/locale.nix b/common/locale.nix deleted file mode 100644 index a01e002..0000000 --- a/common/locale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - time.timeZone = "Europe/Berlin"; - - i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - - console.keyMap = "de"; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "de"; - variant = ""; - }; -} diff --git a/common/nix.nix b/common/nix.nix deleted file mode 100644 index 95417d2..0000000 --- a/common/nix.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - inputs, - config, - ... -}: -{ - nix.settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - trusted-users = [ "root" ]; - auto-optimise-store = true; - }; - nix.registry = { - hd.flake = inputs.self; - nixpkgs.flake = inputs.nixpkgs; - }; - nixpkgs.config.allowUnfree = false; -} diff --git a/common/security.nix b/common/security.nix deleted file mode 100644 index 2556f06..0000000 --- a/common/security.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - boot = { - kernel.sysctl = { - "net.ipv4.icmp_ignore_bogus_error_responses" = 1; - - "net.ipv4.conf.default.rp_filter" = 1; - "net.ipv4.conf.all.rp_filter" = 1; - - "net.ipv4.conf.all.accept_source_route" = 0; - "net.ipv6.conf.all.accept_source_route" = 0; - "net.ipv4.conf.all.send_redirects" = 0; - "net.ipv4.conf.default.send_redirects" = 0; - "net.ipv4.conf.all.accept_redirects" = 0; - "net.ipv4.conf.default.accept_redirects" = 0; - "net.ipv4.conf.all.secure_redirects" = 0; - "net.ipv4.conf.default.secure_redirects" = 0; - "net.ipv6.conf.all.accept_redirects" = 0; - "net.ipv6.conf.default.accept_redirects" = 0; - - "net.ipv4.tcp_syncookies" = 1; - "net.ipv4.tcp_rfc1337" = 1; - - "net.ipv4.tcp_fastopen" = 3; - - "kernel.kptr_restrict" = 2; - "randomize_kstack_offset" = "on"; - "spec_store_bypass_disable" = "on"; - }; - # otherwise /tmp is on disk. This *may* be problematic as nix - # builds in /tmp but I think my swap is large enough... - tmp.useTmpfs = lib.mkDefault true; - tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); - - kernelParams = [ - "init_on_free=1" # zero freed pages - "page_alloc.shuffle=1" - "page_poison=1" - "slab_nomerge" - # "slub_debug=FZ" # disabled due to https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u - "vsyscall=none" # diable virtual syscalls - ]; - - blacklistedKernelModules = [ - "ax25" - "netrom" - "rose" - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" - ]; - }; - - security = { - protectKernelImage = true; - forcePageTableIsolation = true; - - apparmor.enable = true; - apparmor.killUnconfinedConfinables = true; - - sudo.enable = false; - - doas = { - enable = true; - extraRules = [ - { - groups = [ "wheel" ]; - persist = true; - keepEnv = true; - } - ]; - }; - - pki.certificateFiles = [ ../pki/ca.cert ]; - }; -} diff --git a/common/shell.nix b/common/shell.nix deleted file mode 100644 index 134c8a3..0000000 --- a/common/shell.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ pkgs, inputs, ... }: -{ - environment.shells = with pkgs; [ - bashInteractive - fish - ]; - - environment.systemPackages = with pkgs; [ - colmena - dnsutils - fd - htop - killall - nettools - podman-compose - podman-tui - ripgrep - unison - unzip - wget - ]; - - programs = { - fish.enable = true; - tmux = { - enable = true; - clock24 = true; - }; - neovim = { - enable = true; - defaultEditor = true; - viAlias = true; - vimAlias = true; - }; - }; - - # --- Excludes --- - programs.nano.enable = false; - - # Enabled by fish but takes soooo long. - # This is apparently used by some of fish's - # autocomplete features. - documentation.man.generateCaches = false; - - # To stop the annoying error on entering wrong commands - programs.command-not-found.enable = false; -} diff --git a/common/users.nix b/common/users.nix deleted file mode 100644 index 4ddeb79..0000000 --- a/common/users.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - lib, - options, - pkgs, - secrets, - var, - ... -}: -{ - age.secrets.hd-password = { - file = secrets."hd-password.age"; - }; - - users = { - mutableUsers = false; - users."hd" = { - description = "Henri"; - isNormalUser = true; - createHome = true; - home = "/home/hd"; - extraGroups = [ "wheel" ]; - shell = pkgs.fish; - packages = [ ]; - openssh.authorizedKeys.keys = var.ssh-keys.trusted; - hashedPasswordFile = config.age.secrets.hd-password.path; - }; - users.root = { - hashedPassword = "!"; - openssh.authorizedKeys.keys = var.ssh-keys.root; - }; - }; -} diff --git a/desktop/default.nix b/desktop/default.nix deleted file mode 100644 index 90887a8..0000000 --- a/desktop/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - inputs, - lib, - config, - options, - ... -}: -let - cfg = config.hd.desktop; - inherit (lib) mkEnableOption mkIf; -in -{ - imports = [ - ./accounts.nix - ./audio.nix - ./fonts.nix - ./gpg.nix - ./network.nix - ./security.nix - ./services.nix - ./software - ./window-manager.nix - ]; - - options = { - hd.desktop.enable = mkEnableOption "Desktop Configuration"; - home = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - description = "home-manager configuration."; - }; - }; - - config = mkIf cfg.enable { - hd.desktop = { - accounts.enable = lib.mkDefault true; - audio.enable = lib.mkDefault true; - fonts.enable = lib.mkDefault true; - gpg.enable = lib.mkDefault true; - network.enable = lib.mkDefault true; - security.enable = lib.mkDefault true; - services.enable = lib.mkDefault true; - software.enable = lib.mkDefault true; - wm.enable = lib.mkDefault true; - }; - - nixpkgs.config.allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "nvidia-x11" - ]; - - programs.nix-ld.enable = true; - }; -} diff --git a/flake.nix b/flake.nix index 619249c..2906965 100644 --- a/flake.nix +++ b/flake.nix @@ -73,7 +73,7 @@ modules = [ ./host/solo ./home - ./common + ./mod overlays ]; }; @@ -86,7 +86,7 @@ modules = [ ./host/c2 ./home - ./common + ./mod overlays ]; }; @@ -99,7 +99,7 @@ modules = [ ./host/fw ./home - ./common + ./mod overlays ]; }; @@ -119,7 +119,7 @@ }; imports = [ ./host/roam - ./common + ./mod overlays ]; }; diff --git a/home/default.nix b/home/default.nix index 557faca..99db1f0 100644 --- a/home/default.nix +++ b/home/default.nix @@ -7,6 +7,9 @@ ... }: { + # `options.home` is declared in /mod/desktop/default.nix s.t. it is accessible + # even when no home-manager is loaded. + imports = [ inputs.home-manager.nixosModules.home-manager ]; diff --git a/host/c2/default.nix b/host/c2/default.nix index eac23c5..f57e573 100644 --- a/host/c2/default.nix +++ b/host/c2/default.nix @@ -1,6 +1,7 @@ { inputs, pkgs, ... }: { networking.hostName = "c2"; + hd.desktop.enable = true; age.identityPaths = [ "/root/.ssh/id_ed25519" @@ -8,7 +9,6 @@ imports = with inputs.nixos-hardware.nixosModules; [ ./hardware-configuration.nix - # common-cpu-intel common-pc-laptop common-pc-laptop-ssd ]; @@ -23,12 +23,9 @@ device = "nodev"; }; }; - resumeDevice = "/dev/disk/by-label/nixswap"; - kernelPackages = pkgs.linuxPackages_6_12; kernel.sysctl."kernel.sysrq" = 1; - initrd.systemd.network.wait-online.enable = false; }; @@ -40,36 +37,6 @@ cpuFreqGovernor = "ondemand"; }; - hd.desktop.enable = true; - - nix = { - buildMachines = [ - { - hostName = "noravm"; - sshUser = "nixremote"; - system = "x86_64-linux"; - protocol = "ssh-ng"; - maxJobs = 32; - speedFactor = 2; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - ]; - mandatoryFeatures = [ ]; - } - ]; - distributedBuilds = true; - extraOptions = '' - builders-use-substitutes = true - ''; - }; - - networking.firewall = { - enable = true; - }; - # ====== DON'T CHANGE ====== system.stateVersion = "25.05"; } diff --git a/host/fw/default.nix b/host/fw/default.nix index 6404080..dc3becb 100644 --- a/host/fw/default.nix +++ b/host/fw/default.nix @@ -6,6 +6,10 @@ }: { networking.hostName = "fw"; + hd = { + desktop.enable = true; + buildMachines.enable = true; + }; age.identityPaths = [ "/root/.ssh/id_ed25519" @@ -34,8 +38,6 @@ ]; services.fprintd.enable = true; - # services.fprintd.tod.enable = true; - # security.pam.enableFscrypt = true; boot = { lanzaboote = { @@ -45,15 +47,10 @@ loader = { systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true; - # grub = { - # enable = false; - # efiSupport = true; - # }; }; kernelPackages = pkgs.linuxPackages_6_18; kernel.sysctl."kernel.sysrq" = 1; - initrd.systemd.network.wait-online.enable = false; }; @@ -62,37 +59,6 @@ cpuFreqGovernor = "ondemand"; }; - nix = { - buildMachines = [ - { - hostName = "noravm"; - sshUser = "nixremote"; - system = "x86_64-linux"; - protocol = "ssh-ng"; - maxJobs = 32; - speedFactor = 2; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - ]; - mandatoryFeatures = [ ]; - } - ]; - distributedBuilds = true; - extraOptions = '' - builders-use-substitutes = true - ''; - }; - - hd.desktop.enable = true; - - networking = { - useDHCP = lib.mkDefault true; - firewall.enable = true; - }; - # ====== DON'T CHANGE ====== system.stateVersion = "25.05"; } diff --git a/host/roam/default.nix b/host/roam/default.nix index d0f2e25..882247c 100644 --- a/host/roam/default.nix +++ b/host/roam/default.nix @@ -27,7 +27,6 @@ }; kernelPackages = pkgs.linuxPackages_6_12; - initrd.systemd.network.wait-online.enable = false; }; diff --git a/host/solo/default.nix b/host/solo/default.nix index a22d3d4..5c82724 100644 --- a/host/solo/default.nix +++ b/host/solo/default.nix @@ -2,14 +2,10 @@ { networking = { hostName = "solo"; - useDHCP = false; interfaces.enp4s0.useDHCP = true; - - firewall = { - enable = true; - }; }; + hd.desktop.enable = true; age.identityPaths = [ "/root/.ssh/id_ed25519" @@ -30,10 +26,8 @@ device = "nodev"; }; }; - kernelPackages = pkgs.linuxPackages_6_18; kernel.sysctl."kernel.sysrq" = 1; - initrd.systemd.network.wait-online.enable = false; }; @@ -42,32 +36,6 @@ cpuFreqGovernor = "performance"; }; - hd.desktop.enable = true; - - nix = { - buildMachines = [ - { - hostName = "noravm"; - sshUser = "nixremote"; - system = "x86_64-linux"; - protocol = "ssh-ng"; - maxJobs = 32; - speedFactor = 2; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - ]; - mandatoryFeatures = [ ]; - } - ]; - distributedBuilds = true; - extraOptions = '' - builders-use-substitutes = true - ''; - }; - environment.systemPackages = with pkgs; [ prismlauncher ]; diff --git a/mod/build-machines.nix b/mod/build-machines.nix new file mode 100644 index 0000000..6128da1 --- /dev/null +++ b/mod/build-machines.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +with lib; +{ + options.hd.buildMachines.enable = mkEnableOption "Use standard remote builders"; + config = mkIf config.hd.buildMachines.enable { + nix = { + buildMachines = [ + { + hostName = "noravm"; # TODO: do not rely on mutable ssh config + sshUser = "nixremote"; + system = "x86_64-linux"; + protocol = "ssh-ng"; + maxJobs = 32; + speedFactor = 2; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + mandatoryFeatures = [ ]; + } + ]; + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + }; + }; +} diff --git a/mod/common/default.nix b/mod/common/default.nix new file mode 100644 index 0000000..fe17135 --- /dev/null +++ b/mod/common/default.nix @@ -0,0 +1,71 @@ +{ + var, + inputs, + lib, + config, + ... +}: +with lib; +{ + options.hd.common.enable = mkOption { + type = types.bool; + default = true; + description = "Common options that are used on every host by default."; + }; + + options.hd.common = { + locale = { + enable = mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enable locale settings"; + }; + }; + + nix = { + enable = mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enable Nix-related configuration"; + }; + }; + + security = { + enable = mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enable security-related configuration"; + }; + }; + + shell = { + enable = mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enable basic shell utilities"; + }; + }; + + users = { + enable = mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enable default user accounts"; + }; + }; + }; + + imports = [ + inputs.agenix.nixosModules.default + ./locale.nix + ./nix.nix + ./security.nix + ./shell.nix + ./users.nix + ]; + + config = mkIf config.hd.common.enable { + environment.defaultPackages = [ ]; + networking.extraHosts = var.lan-dns.hostsFile; + }; +} diff --git a/mod/common/locale.nix b/mod/common/locale.nix new file mode 100644 index 0000000..8b413d5 --- /dev/null +++ b/mod/common/locale.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: +with lib; +{ + config = mkIf config.hd.common.locale.enable { + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + console.keyMap = "de"; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "de"; + variant = ""; + }; + }; +} diff --git a/mod/common/nix.nix b/mod/common/nix.nix new file mode 100644 index 0000000..ee66458 --- /dev/null +++ b/mod/common/nix.nix @@ -0,0 +1,24 @@ +{ + lib, + inputs, + config, + ... +}: +with lib; +{ + config = mkIf config.hd.common.nix.enable { + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ "root" ]; + auto-optimise-store = true; + }; + nix.registry = { + hd.flake = inputs.self; + nixpkgs.flake = inputs.nixpkgs; + }; + nixpkgs.config.allowUnfree = false; + }; +} diff --git a/mod/common/security.nix b/mod/common/security.nix new file mode 100644 index 0000000..f4e7657 --- /dev/null +++ b/mod/common/security.nix @@ -0,0 +1,104 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +{ + config = mkIf config.hd.common.security.enable { + boot = { + kernel.sysctl = { + "net.ipv4.icmp_ignore_bogus_error_responses" = 1; + + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_rfc1337" = 1; + + "net.ipv4.tcp_fastopen" = 3; + + "kernel.kptr_restrict" = 2; + "randomize_kstack_offset" = "on"; + "spec_store_bypass_disable" = "on"; + }; + # otherwise /tmp is on disk. This *may* be problematic as nix + # builds in /tmp but I think my swap is large enough... + tmp.useTmpfs = lib.mkDefault true; + tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); + + kernelParams = [ + "init_on_free=1" # zero freed pages + "page_alloc.shuffle=1" + "page_poison=1" + "slab_nomerge" + # "slub_debug=FZ" # disabled due to https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u + "vsyscall=none" # diable virtual syscalls + ]; + + blacklistedKernelModules = [ + "ax25" + "netrom" + "rose" + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" + ]; + }; + + networking.firewall.enable = true; + + security = { + protectKernelImage = true; + forcePageTableIsolation = true; + + apparmor.enable = true; + apparmor.killUnconfinedConfinables = true; + + sudo.enable = false; + + doas = { + enable = true; + extraRules = [ + { + groups = [ "wheel" ]; + persist = true; + keepEnv = true; + } + ]; + }; + + pki.certificateFiles = [ ../../pki/ca.cert ]; + }; + }; +} diff --git a/mod/common/shell.nix b/mod/common/shell.nix new file mode 100644 index 0000000..9c40b68 --- /dev/null +++ b/mod/common/shell.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: +with lib; +{ + config = mkIf config.hd.common.shell.enable { + environment.shells = with pkgs; [ + bashInteractive + fish + ]; + + environment.systemPackages = with pkgs; [ + colmena + dnsutils + fd + htop + killall + nettools + podman-compose + podman-tui + ripgrep + unison + unzip + wget + ]; + + programs = { + fish.enable = true; + tmux = { + enable = true; + clock24 = true; + }; + neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; + }; + + # --- Excludes --- + programs.nano.enable = false; + + # Enabled by fish but takes soooo long. + # This is apparently used by some of fish's + # autocomplete features. + documentation.man.generateCaches = false; + + # To stop the annoying error on entering wrong commands + programs.command-not-found.enable = false; + }; +} diff --git a/mod/common/users.nix b/mod/common/users.nix new file mode 100644 index 0000000..d9ce540 --- /dev/null +++ b/mod/common/users.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + options, + pkgs, + secrets, + var, + ... +}: +with lib; +{ + config = mkIf config.hd.common.users.enable { + age.secrets.hd-password = { + file = secrets."hd-password.age"; + }; + + users = { + mutableUsers = false; + users."hd" = { + description = "Henri"; + isNormalUser = true; + createHome = true; + home = "/home/hd"; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + packages = [ ]; + openssh.authorizedKeys.keys = var.ssh-keys.trusted; + hashedPasswordFile = config.age.secrets.hd-password.path; + }; + users.root = { + hashedPassword = "!"; + openssh.authorizedKeys.keys = var.ssh-keys.root; + }; + }; + }; +} diff --git a/mod/default.nix b/mod/default.nix index 589b276..466ed6a 100644 --- a/mod/default.nix +++ b/mod/default.nix @@ -1,6 +1,9 @@ { ... }: { imports = [ + ./build-machines.nix + ./common + ./desktop ./nginx.nix ]; } diff --git a/desktop/accounts.nix b/mod/desktop/accounts.nix similarity index 97% rename from desktop/accounts.nix rename to mod/desktop/accounts.nix index f2652f6..0e957a7 100644 --- a/desktop/accounts.nix +++ b/mod/desktop/accounts.nix @@ -4,7 +4,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.accounts.enable = mkEnableOption "Accounts"; config = mkIf cfg.enable { home = { accounts.email.accounts = { diff --git a/desktop/audio.nix b/mod/desktop/audio.nix similarity index 87% rename from desktop/audio.nix rename to mod/desktop/audio.nix index 9ee9b3b..b1d4abe 100644 --- a/desktop/audio.nix +++ b/mod/desktop/audio.nix @@ -9,8 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.audio.enable = mkEnableOption "Audio"; - config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ pavucontrol diff --git a/mod/desktop/default.nix b/mod/desktop/default.nix new file mode 100644 index 0000000..87c112e --- /dev/null +++ b/mod/desktop/default.nix @@ -0,0 +1,126 @@ +{ + inputs, + lib, + config, + options, + ... +}: +with lib; +{ + options.home = lib.mkOption { + # used by /home/default.nix + type = lib.types.attrsOf lib.types.str; + default = { }; + description = "Home Manager configuration for user `hd`. Has no effect if `/home` is not loaded"; + }; + + options.hd.desktop = { + enable = mkOption { + type = types.bool; + default = false; + description = "Common NixOS configuration of all desktops."; + }; + + audio = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable audio configuration"; + }; + }; + + gpg = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable GPG configuration"; + }; + }; + + network = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable network configuration"; + }; + }; + + security = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable desktop security configuration"; + }; + }; + + software = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable software installation"; + }; + + development = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.software.enable; + description = "Enable development software"; + }; + }; + }; + + windowManager = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable window manager configuration"; + }; + }; + + accounts = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable desktop user accounts"; + }; + }; + + fonts = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable font configuration"; + }; + }; + + services = { + enable = mkOption { + type = types.bool; + default = config.hd.desktop.enable; + description = "Enable desktop services"; + }; + }; + }; + + imports = [ + ./accounts.nix + ./audio.nix + ./fonts.nix + ./gpg.nix + ./network.nix + ./security.nix + ./services.nix + ./software + ./window-manager.nix + ]; + + config = mkIf config.hd.desktop.enable { + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "nvidia-x11" + ]; + + programs.nix-ld.enable = true; + }; +} diff --git a/desktop/fonts.nix b/mod/desktop/fonts.nix similarity index 87% rename from desktop/fonts.nix rename to mod/desktop/fonts.nix index db688df..50e277d 100644 --- a/desktop/fonts.nix +++ b/mod/desktop/fonts.nix @@ -9,7 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.fonts.enable = mkEnableOption "Fonts"; config = mkIf cfg.enable { fonts = { packages = with pkgs; [ diff --git a/desktop/gpg.nix b/mod/desktop/gpg.nix similarity index 80% rename from desktop/gpg.nix rename to mod/desktop/gpg.nix index 3b877a2..9ea9f4c 100644 --- a/desktop/gpg.nix +++ b/mod/desktop/gpg.nix @@ -9,7 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.gpg.enable = mkEnableOption "GPG"; config = mkIf cfg.enable { home = { home.packages = with pkgs; [ @@ -20,11 +19,11 @@ in enable = true; publicKeys = [ { - source = ../pgp/id-priv.pgp; + source = ../../pgp/id-priv.pgp; trust = 5; } { - source = ../pgp/id-uni.pgp; + source = ../../pgp/id-uni.pgp; trust = 5; } ]; diff --git a/desktop/network.nix b/mod/desktop/network.nix similarity index 95% rename from desktop/network.nix rename to mod/desktop/network.nix index a99599f..670f335 100644 --- a/desktop/network.nix +++ b/mod/desktop/network.nix @@ -11,10 +11,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.network = { - enable = mkEnableOption "All Network Options"; - }; - config = mkIf cfg.enable { hardware.bluetooth.enable = true; diff --git a/desktop/security.nix b/mod/desktop/security.nix similarity index 83% rename from desktop/security.nix rename to mod/desktop/security.nix index 51dab61..ea85444 100644 --- a/desktop/security.nix +++ b/mod/desktop/security.nix @@ -9,7 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.security.enable = mkEnableOption "Security"; config = mkIf cfg.enable { security.pam = { services.login.enableGnomeKeyring = true; diff --git a/desktop/services.nix b/mod/desktop/services.nix similarity index 93% rename from desktop/services.nix rename to mod/desktop/services.nix index 2108de7..c7b5798 100644 --- a/desktop/services.nix +++ b/mod/desktop/services.nix @@ -9,8 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.services.enable = mkEnableOption "Services"; - config = mkIf cfg.enable { services = { printing.enable = true; diff --git a/desktop/software/default.nix b/mod/desktop/software/default.nix similarity index 98% rename from desktop/software/default.nix rename to mod/desktop/software/default.nix index 42ddbd0..312b6f5 100644 --- a/desktop/software/default.nix +++ b/mod/desktop/software/default.nix @@ -11,8 +11,6 @@ in { imports = [ ./development.nix ]; - options.hd.desktop.software.enable = mkEnableOption "Software"; - config = mkIf cfg.enable { hd.desktop.software.development.enable = true; diff --git a/desktop/software/development.nix b/mod/desktop/software/development.nix similarity index 94% rename from desktop/software/development.nix rename to mod/desktop/software/development.nix index 64b1c1e..edee24a 100644 --- a/desktop/software/development.nix +++ b/mod/desktop/software/development.nix @@ -9,8 +9,6 @@ let inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.software.development.enable = mkEnableOption "Dev Software"; - config = mkIf cfg.enable { documentation.dev.enable = true; @@ -72,7 +70,7 @@ in which-key yaml-mode ]; - extraConfig = builtins.readFile ../../dotfiles/emacs/init.el; + extraConfig = builtins.readFile ../../../dotfiles/emacs/init.el; }; programs.vscode = { enable = true; diff --git a/desktop/window-manager.nix b/mod/desktop/window-manager.nix similarity index 76% rename from desktop/window-manager.nix rename to mod/desktop/window-manager.nix index 122987d..2315e64 100644 --- a/desktop/window-manager.nix +++ b/mod/desktop/window-manager.nix @@ -5,12 +5,10 @@ ... }: let - cfg = config.hd.desktop.wm; + cfg = config.hd.desktop.windowManager; inherit (lib) mkEnableOption mkIf; in { - options.hd.desktop.wm.enable = mkEnableOption "Window Manager"; - config = mkIf cfg.enable { # Enable the KDE Plasma Desktop Environment. services.displayManager.sddm = {