hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modularize

Browse source
This commit is contained in:
Henri Dohmen 2025-06-30 22:39:38 +02:00
parent d3fa1821fa
commit f1a1dd5d53
27 changed files with 422 additions and 325 deletions
Download patch file Download diff file Expand all files Collapse all files

3
host/c2/default.nix
View file

@ -7,7 +7,6 @@
common-cpu-intel common-cpu-intel
common-pc-laptop common-pc-laptop
common-pc-laptop-ssd common-pc-laptop-ssd
../../pc
]; ];
boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.efiSysMountPoint = "/boot/efi";
@ -17,6 +16,8 @@
cpuFreqGovernor = "ondemand"; cpuFreqGovernor = "ondemand";
}; };
desktop.enable = true;
# ====== DON'T CHANGE ====== # ====== DON'T CHANGE ======
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

3
host/solo/default.nix
View file

@ -6,7 +6,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
./keyboard.nix ./keyboard.nix
./nvidia-gpu.nix ./nvidia-gpu.nix
../../pc
]; ];
powerManagement = { powerManagement = {
@ -14,6 +13,8 @@
cpuFreqGovernor = "performance"; cpuFreqGovernor = "performance";
}; };
desktop.enable = true;
# ====== DON'T CHANGE ====== # ====== DON'T CHANGE ======
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

5
mod/default.nix
View file

@ -1,4 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ ./nginx.nix ]; imports = [
./nginx.nix
./desktop
];
} }

28
mod/desktop/audio.nix Normal file
View file

@ -0,0 +1,28 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.desktop.audio;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.audio.enable = mkEnableOption "Audio";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
pavucontrol
alsa-utils
];
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
}

76
mod/desktop/default.nix Normal file
View file

@ -0,0 +1,76 @@
{
inputs,
lib,
config,
options,
...
}:
let
cfg = config.desktop;
inherit (lib) mkEnableOption mkIf;
in
{
imports = [
./audio.nix
./fonts.nix
./gpg.nix
./network.nix
./services.nix
./window-manager.nix
./software
inputs.nixos-config-hidden.nixosModules.pc
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."hd" = lib.mkAliasDefinitions options.home;
# install to /etc/profiles, not ~/.nix-profile
home-manager.useUserPackages = true;
# dont use home.nixpkgs
home-manager.useGlobalPkgs = true;
}
];
options = {
desktop.enable = mkEnableOption "Desktop Configuration";
home = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "home-manager configuration.";
};
};
config = mkIf cfg.enable {
desktop = {
audio.enable = true;
fonts.enable = true;
gpg.enable = true;
network.enable = true;
services.enable = true;
software.enable = true;
wm.enable = true;
};
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"vscode"
"obsidian"
"steam"
"steam-unwrapped"
"gateway" # jetbrains
"spotify"
"rust-rover"
];
programs.nix-ld.enable = true;
home = {
home.stateVersion = config.system.stateVersion;
imports = [ ../../mod-hm ];
};
security.protectKernelImage = true;
};
}

25
mod/desktop/fonts.nix Normal file
View file

@ -0,0 +1,25 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.desktop.fonts;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.fonts.enable = mkEnableOption "Fonts";
config = mkIf cfg.enable {
fonts = {
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
nerd-fonts.noto
];
fontDir.enable = true;
fontconfig.defaultFonts.monospace = [ "Noto Nerd Font Mono" ];
};
};
}

33
mod/desktop/gpg.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.desktop.gpg;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.gpg.enable = mkEnableOption "GPG";
config = mkIf cfg.enable {
home = {
home.packages = with pkgs; [
seahorse
libsecret
gnome-keyring
];
programs.gpg = {
enable = true;
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-gtk2;
};
};
services.gnome.gnome-keyring = {
enable = true;
};
};
}

87
mod/desktop/network.nix Normal file
View file

@ -0,0 +1,87 @@
{
host,
var,
config,
lib,
...
}:
let
cfg = config.desktop.network;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.network = {
enable = mkEnableOption "All Network Options";
};
config = mkIf cfg.enable {
hardware.bluetooth.enable = true;
systemd.network.wait-online.enable = false;
services = {
mullvad-vpn.enable = true;
blueman.enable = true;
resolved = {
# TODO: find out why doh breaks moodle...
enable = true;
};
};
networking = {
enableIPv6 = true;
wireguard.enable = true;
wg-quick = {
interfaces = {
"onet" = {
address = var.wg.wireguard-network.${host}.ips;
privateKeyFile = var.wg.keyFile;
peers = [ (lib.removeAttrs var.wg.wireguard-network."roam" [ "ips" ]) ];
};
};
};
networkmanager = {
enable = true;
wifi.macAddress = "random";
ensureProfiles.profiles = {
"tuda-vpn" = {
connection = {
autoconnect = "false";
id = "tuda-vpn";
type = "vpn";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
vpn = {
authtype = "password";
autoconnect-flags = "0";
certsigs-flags = "0";
cookie-flags = "2";
disable_udp = "no";
enable_csd_trojan = "no";
gateway = "vpn.hrz.tu-darmstadt.de";
gateway-flags = "2";
gwcert-flags = "2";
lasthost-flags = "0";
pem_passphrase_fsid = "no";
prevent_invalid_cert = "no";
protocol = "anyconnect";
resolve-flags = "2";
service-type = "org.freedesktop.NetworkManager.openconnect";
stoken_source = "disabled";
xmlconfig-flags = "0";
password-flags = 0;
};
};
};
};
};
};
}

49
mod/desktop/services.nix Normal file
View file

@ -0,0 +1,49 @@
{
pkgs,
lib,
config,
...
}:
let
cfg = config.desktop.services;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.services.enable = mkEnableOption "Services";
config = mkIf cfg.enable {
services = {
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
udisks2.enable = true;
emacs.enable = true;
};
home.services.protonmail-bridge = {
enable = true;
path = with pkgs; [
pass
gnome-keyring
];
};
home.services.unison' = {
# TODO: parameterize
enable = true;
pairs = {
"docs".roots = [
"/home/hd/Documents"
"ssh://roam//home/hd/Documents"
];
"desktop".roots = [
"/home/hd/Desktop"
"ssh://roam//home/hd/Desktop"
];
};
};
};
}

59
mod/desktop/software/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.desktop.software;
inherit (lib) mkEnableOption mkIf;
in
{
imports = [ ./development.nix ];
options.desktop.software.enable = mkEnableOption "Software";
config = mkIf cfg.enable {
desktop.software.development.enable = true;
environment.systemPackages = with pkgs; [
bitwarden
calibre
element-desktop
kitty
nil
obsidian
signal-desktop
spotify
tor-browser
vesktop
vlc
wireguard-tools
zotero
zulip
];
virtualisation = {
docker.enable = true;
};
programs = {
firefox.enable = true;
kdeconnect.enable = true;
};
home = {
programs.thunderbird = {
enable = true;
package = pkgs.thunderbird-latest;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
};
};
};
# Some excludes
services.xserver.excludePackages = [ pkgs.xterm ];
};
}

35
mod/desktop/software/development.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.desktop.software.development;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.software.development.enable = mkEnableOption "Dev Software";
config = mkIf cfg.enable {
documentation.dev.enable = true;
environment.systemPackages = with pkgs; [
vscode
binutils
clang
gcc
gdb
gnumake
man-pages
man-pages-posix
nixfmt-rfc-style
python313
python313Packages.mypy
rustup
emacs
jetbrains.gateway
jetbrains.rust-rover
];
};
}

22
mod/desktop/window-manager.nix Normal file
View file

@ -0,0 +1,22 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.desktop.wm;
inherit (lib) mkEnableOption mkIf;
in
{
options.desktop.wm.enable = mkEnableOption "Window Manager";
config = mkIf cfg.enable {
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.desktopManager.plasma6.enable = true;
};
}

15
pc/audio.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pavucontrol
alsa-utils
];
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

21
pc/default.nix
View file

@ -1,21 +0,0 @@
{
inputs,
lib,
config,
...
}:
{
imports = [
./audio.nix
./fonts.nix
./gpg.nix
./home-manager.nix
./network.nix
./nix.nix
./security.nix
./services.nix
./software
./sync.nix
inputs.nixos-config-hidden.nixosModules.pc
];
}

13
pc/fonts.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
fonts = {
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
nerd-fonts.noto
];
fontDir.enable = true;
fontconfig.defaultFonts.monospace = [ "Noto Nerd Font Mono" ];
};
}

21
pc/gpg.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
home = {
home.packages = with pkgs; [
seahorse
libsecret
gnome-keyring
];
programs.gpg = {
enable = true;
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-gtk2;
};
};
services.gnome.gnome-keyring = {
enable = true;
};
}

32
pc/home-manager.nix
View file

@ -1,32 +0,0 @@
{
inputs,
lib,
options,
config,
...
}:
{
options.home = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "home-manager configuration.";
};
imports = [
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."hd" = lib.mkAliasDefinitions options.home;
# install to /etc/profiles, not ~/.nix-profile
home-manager.useUserPackages = true;
# dont use home.nixpkgs
home-manager.useGlobalPkgs = true;
}
];
config = {
home = {
home.stateVersion = config.system.stateVersion;
imports = [ ../mod-hm ];
};
};
}

75
pc/network.nix
View file

@ -1,75 +0,0 @@
{
host,
var,
lib,
...
}:
{
hardware.bluetooth.enable = true;
systemd.network.wait-online.enable = false;
services = {
mullvad-vpn.enable = true;
blueman.enable = true;
resolved = {
# TODO: find out why doh breaks moodle...
enable = true;
};
};
networking = {
enableIPv6 = true;
wireguard.enable = true;
wg-quick = {
interfaces = {
"onet" = {
address = var.wg.wireguard-network.${host}.ips;
privateKeyFile = var.wg.keyFile;
peers = [ (lib.removeAttrs var.wg.wireguard-network."roam" [ "ips" ]) ];
};
};
};
networkmanager = {
enable = true;
wifi.macAddress = "random";
ensureProfiles.profiles = {
"tuda-vpn" = {
connection = {
autoconnect = "false";
id = "tuda-vpn";
type = "vpn";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
vpn = {
authtype = "password";
autoconnect-flags = "0";
certsigs-flags = "0";
cookie-flags = "2";
disable_udp = "no";
enable_csd_trojan = "no";
gateway = "vpn.hrz.tu-darmstadt.de";
gateway-flags = "2";
gwcert-flags = "2";
lasthost-flags = "0";
pem_passphrase_fsid = "no";
prevent_invalid_cert = "no";
protocol = "anyconnect";
resolve-flags = "2";
service-type = "org.freedesktop.NetworkManager.openconnect";
stoken_source = "disabled";
xmlconfig-flags = "0";
password-flags = 0;
};
};
};
};
};
}

18
pc/nix.nix
View file

@ -1,18 +0,0 @@
{ lib, ... }:
{
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"vscode"
"obsidian"
"steam"
"steam-unwrapped"
"gateway" # jetbrains
"spotify"
"rust-rover"
];
programs.nix-ld.enable = true;
}

4
pc/security.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
security.protectKernelImage = true;
}

21
pc/services.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
services = {
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
udisks2.enable = true;
emacs.enable = true;
};
home.services.protonmail-bridge = {
enable = true;
path = with pkgs; [
pass
gnome-keyring
];
};
}

9
pc/software/default.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
imports = [
./development.nix
./editors.nix
./programs.nix
./window-manager.nix
];
}

18
pc/software/development.nix
View file

@ -1,18 +0,0 @@
{ pkgs, ... }:
{
documentation.dev.enable = true;
environment.systemPackages = with pkgs; [
rustup
python313
python313Packages.mypy
gcc
clang
gdb
gnumake
binutils
nixfmt-rfc-style
man-pages
man-pages-posix
];
}

9
pc/software/editors.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
vscode
emacs
jetbrains.gateway
jetbrains.rust-rover
];
}

41
pc/software/programs.nix
View file

@ -1,41 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bitwarden
calibre
element-desktop
kitty
nil
obsidian
signal-desktop
spotify
vesktop
vlc
wireguard-tools
zotero
zulip
];
virtualisation = {
docker.enable = true;
};
programs = {
firefox.enable = true;
kdeconnect.enable = true;
};
home = {
programs.thunderbird = {
enable = true;
package = pkgs.thunderbird-latest;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
};
};
};
# Some excludes
services.xserver.excludePackages = [ pkgs.xterm ];
}

9
pc/software/window-manager.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.desktopManager.plasma6.enable = true;
}

16
pc/sync.nix
View file

@ -1,16 +0,0 @@
{ pkgs, ... }:
{
home.services.unison' = {
enable = true;
pairs = {
"docs".roots = [
"/home/hd/Documents"
"ssh://roam//home/hd/Documents"
];
"desktop".roots = [
"/home/hd/Desktop"
"ssh://roam//home/hd/Desktop"
];
};
};
}