lily/nixos
lily/nixos
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions

add core configuration

Browse source
This commit is contained in:
Chance 2025-03-29 21:03:07 -04:00 committed by lily
parent 74c78e1c68
commit f40517cff1
Signed by: lily
GPG key ID: 601F3263FBCBC4B9
94 changed files with 2816 additions and 959 deletions
Download patch file Download diff file Expand all files Collapse all files

47
modules/common/common.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.lily.common;
in {
options.lily.common.enable = lib.mkEnableOption "activate common";
config = lib.mkIf cfg.enable {
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true;
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
git
neovim
toybox
util-linux
tmux
ghostty
# encryption and filesystem
cryptsetup
age
# network tools
wget
curl
# FS-tools
unzip
gnutar
xz
bzip2
p7zip
netcat-gnu
dnsutils
fd
file
tree
];
environment.shells = with pkgs; [zsh];
};
}

17
modules/common/default.nix Normal file
View file

@ -0,0 +1,17 @@
{lib, ...}: let
# recursively construct attr-set of a directory
getDir = dir:
lib.mapAttrs (file: type:
if type == "directory"
then getDir "${dir}/${file}"
else type) (
builtins.readDir dir
);
files = dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir));
validFiles = dir:
map (file: ./. + "/${file}") (
lib.filter (file: lib.hasSuffix ".nix" file && file != "default.nix") (files dir)
);
in {
imports = validFiles ./.;
}

82
modules/common/desktop.nix Normal file
View file

@ -0,0 +1,82 @@
{
pkgs,
lib,
config,
flake-self,
...
}: let
cfg = config.lily.desktop;
in {
options.lily.desktop = {
enable = lib.mkEnableOption "activate desktop";
plasma.enable = lib.mkEnableOption "activate plasma desktop environment";
hyprland.enable = lib.mkEnableOption "activate hyprland desktop";
};
config = lib.mkIf cfg.enable {
lily = {
plasma.enable = cfg.plasma.enable;
hyprland.enable = cfg.hyprland.enable;
};
programs = {
dconf.enable = true;
kdeconnect.enable = true;
};
environment.systemPackages = with pkgs; [
vulkan-tools
jq
libqalculate
envsubst
glib
headsetcontrol
];
networking = {
networkmanager.enable = true;
};
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
jetbrains-mono
noto-fonts-color-emoji
garamond-libre
helvetica-neue-lt-std
# nerd-fonts.jetbrains-mono
];
fontDir.enable = true;
fontconfig = {
defaultFonts = {
monospace = ["JetBrainsMono Bold"];
serif = ["Garamond Libre"];
sansSerif = ["Helvetica Neue LT Std"];
emoji = ["Noto Color Emoji"];
};
};
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
audio.enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
};
# services.printing.enable = true;
# services.flatpak.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.udev.packages = [pkgs.headsetcontrol];
# environment.sessionVariables = {
# MOZ_DISABLE_RDD_SANDBOX = "1";
# };
};
}

18
modules/common/locale.nix Normal file
View file

@ -0,0 +1,18 @@
{...}: {
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
time.timeZone = "America/Detroit";
}

49
modules/common/nixcommon.nix Normal file
View file

@ -0,0 +1,49 @@
{
inputs,
outputs,
config,
pkgs,
...
}: {
nixpkgs.config.allowUnfree = true;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
useGlobalPkgs = true;
useUserPackages = true;
};
nix = {
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
package = pkgs.nixVersions.stable;
optimise.automatic = true;
gc = {
persistent = true;
automatic = true;
};
extraOptions = ''
# If set to true, Nix will fall back to building from source if a binary substitute fails.
fallback = true
# the timeout (in seconds) for establishing connections in the binary cache substituter.
connect-timeout = 10
# these log lines are only shown on a failed build
log-lines = 25
'';
settings = {
auto-optimise-store = true;
trusted-users = ["root" "@wheel"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11";
}

48
modules/containers/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.lily.containers;
in {
options.lily.containers = {
enable = lib.mkEnableOption "activate containers";
docker = lib.mkEnableOption "activate docker";
podman = lib.mkEnableOption "activate podman";
};
config = lib.mkMerge [
# (lib.mkIf (cfg.enable && cfg.docker && cfg.podman)
# (builtins.throw "You can't enable both docker and podman at the same time"))
{
assertions = [
{
assertion = !(cfg.docker && cfg.podman);
message = "You cannot enable docker and podman at the same time";
}
];
}
(lib.mkIf (cfg.enable && cfg.docker) {
# Enable docker support:
virtualisation.containers.enable = true;
virtualisation.docker.enable = true;
})
(lib.mkIf (cfg.enable && cfg.podman) {
# Enable podman support:
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman
podman-compose
];
})
];
}

17
modules/fileshare/default.nix Normal file
View file

@ -0,0 +1,17 @@
{lib, ...}: let
# recursively construct attr-set of a directory
getDir = dir:
lib.mapAttrs (file: type:
if type == "directory"
then getDir "${dir}/${file}"
else type) (
builtins.readDir dir
);
files = dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir));
validFiles = dir:
map (file: ./. + "/${file}") (
lib.filter (file: lib.hasSuffix ".nix" file && file != "default.nix") (files dir)
);
in {
imports = validFiles ./.;
}

55
modules/fileshare/samba.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
lib,
...
}: let
cfg = config.lily.fileshare;
in {
options.lily.fileshare.enable = lib.mkEnableOption "activate local filesharing";
config = lib.mkIf cfg.enable {
services.samba = {
enable = true;
securityType = "user"; #Keep user, but use guest account.
openFirewall = true;
settings = {
global = {
workgroup = "WORKGROUP"; #Ensure this matches your network's workgroup.
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user"; #Keep this as user, but guest will be used for access.
"hosts allow" = "192.168.1. 127.0.0.1 localhost"; #Adjust to your LAN.
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody"; #Important for guest access.
"map to guest" = "bad user"; #Maps unknown users to guest.
};
"public" = {
"path" = "/ext/share";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes"; #Allows guest access.
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
enable = true;
nssmdns = true;
nssmdns4 = true;
openFirewall = true;
reflector = true;
publish = {
domain = true;
enable = true;
userServices = true;
addresses = true;
};
};
};
}

17
modules/hardware/default.nix Normal file
View file

@ -0,0 +1,17 @@
{lib, ...}: let
# recursively construct attr-set of a directory
getDir = dir:
lib.mapAttrs (file: type:
if type == "directory"
then getDir "${dir}/${file}"
else type) (
builtins.readDir dir
);
files = dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir));
validFiles = dir:
map (file: ./. + "/${file}") (
lib.filter (file: lib.hasSuffix ".nix" file && file != "default.nix") (files dir)
);
in {
imports = validFiles ./.;
}

33
modules/hardware/laptop.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
...
}: let
cfg = config.lily.laptop;
in {
options.lily.laptop.enable = lib.mkEnableOption "activate laptop hardware";
config = lib.mkIf cfg.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
Enable = "Source,Sink,Media,Socket";
};
};
};
powerManagement.enable = true;
services = {
libinput.enable = true;
};
systemd.sleep.extraConfig = ''
AllowSuspend=yes
AllowHibernation=yes
AllowHybridSleep=yes
AllowSuspendThenHibernate=yes
'';
};
}

67
modules/hardware/nvidia.nix Normal file
View file

@ -0,0 +1,67 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.lily.nvidia;
in {
options.lily.nvidia.enable = lib.mkEnableOption "activate Nvidia GPU support";
config = lib.mkIf cfg.enable {
services.xserver.videoDrivers = ["nvidia"];
environment.systemPackages = with pkgs; [
libva-utils
nvidia-vaapi-driver
nvtopPackages.nvidia
pciutils
vdpauinfo
cudaPackages.cudatoolkit
cudaPackages.cudnn
cudaPackages.cutensor
];
# environment.sessionVariables = lib.mkIf config.lily.wayland.enable {
# GBM_BACKEND = "nvidia-drm";
# __GLX_VENDOR_LIBRARY_NAME = "nvidia";
# __GL_GSYNC_ALLOWED = "1";
# };
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
nvidia-vaapi-driver
ocl-icd
];
extraPackages32 = with pkgs; [vaapiVdpau];
};
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
};
}

141
modules/hyprland/default.nix Normal file
View file

@ -0,0 +1,141 @@
{
config,
lib,
pkgs,
inputs,
...
}: let
cfg = config.lily.hyprland;
in {
options.lily.hyprland = {
enable = lib.mkEnableOption "activate hyprland";
};
config = lib.mkIf cfg.enable {
lily = {
wayland.enable = true;
};
services.displayManager.sddm = lib.mkDefault {
enable = true;
wayland.enable = true;
package = pkgs.kdePackages.sddm;
theme = "breeze";
wayland.compositor = "kwin";
extraPackages = with pkgs.kdePackages; [
breeze-icons
kirigami
libplasma
plasma5support
qtsvg
qtvirtualkeyboard
];
};
programs.hyprland = {
enable = true;
withUWSM = true;
systemd.setPath.enable = true;
};
programs.waybar.enable = true;
services.blueman.enable = true;
qt.enable = true;
qt.platformTheme = "kde";
environment.systemPackages = with pkgs; [
# KDE APPLICATIONS
kdePackages.dolphin
kdePackages.systemsettings
kdePackages.qtwayland
kdePackages.kwallet # provides helper service
kdePackages.kwallet-pam # provides helper service
kdePackages.kwalletmanager # provides KCMs and stuff
# FRAMEWORKS AND BASES
kdePackages.plasma-desktop
kdePackages.plasma-workspace
kdePackages.frameworkintegration # For qt plugins
kdePackages.plasma-integration # kde platform theme
kdePackages.sonnet
kdePackages.libplasma
kdePackages.qtsvg
kdePackages.ksvg
kdePackages.knewstuff
kdePackages.kdeplasma-addons
kdePackages.qtsvg
kdePackages.qtdeclarative
kdePackages.kcoreaddons
kdePackages.kguiaddons
kdePackages.kirigami-addons
kdePackages.plasma-integration.qt5
kdePackages.qtlocation
# artwork, makes appliations which require org.kde.destkop work
kdePackages.breeze
kdePackages.breeze-icons
kdePackages.breeze-gtk
kdePackages.ocean-sound-theme
kdePackages.plasma-workspace-wallpapers
hicolor-icon-theme # fallback icons
kdePackages.qqc2-breeze-style
kdePackages.qqc2-desktop-style
kdePackages.breeze.qt5
kdePackages.plasma-integration.qt5
plasma5Packages.kwayland-integration
];
environment.sessionVariables = {
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
KPACKAGE_DEP_RESOLVERS_PATH = "${pkgs.kdePackages.frameworkintegration.out}/libexec/kf6/kpackagehandlers";
};
services.udisks2.enable = true;
services.upower.enable = true;
services.power-profiles-daemon.enable = true;
# make open menu work
environment.etc."xdg/menus/applications.menu" = {
source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
};
#
programs.ssh.askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass.out}/bin/ksshaskpass";
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
security.pam.services = {
login.kwallet = {
enable = true;
package = lib.mkDefault pkgs.kdePackages.kwallet-pam;
};
};
programs.dconf.enable = true;
programs.kdeconnect.package = lib.mkForce pkgs.kdePackages.kdeconnect-kde;
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
user.services.powerdevil = {
description = "powerdevil";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.kdePackages.powerdevil}/libexec/org_kde_powerdevil";
};
};
};
};
}

18
modules/plasma/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
config,
...
}: let
cfg = config.lily.plasma;
in {
options.lily.plasma.enable = lib.mkEnableOption "activate plasma";
config = lib.mkIf cfg.enable {
services = {
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
desktopManager.plasma6.enable = true;
};
};
}

32
modules/runners/default.nix Normal file
View file

@ -0,0 +1,32 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.lily.runners;
in {
options.lily.runners.enable = lib.mkEnableOption "activate plasma";
config = lib.mkIf cfg.enable {
# Example
# age.secrets.lily.file = ./secrets/lily.age;
# services.gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances = {
# lilyvex = {
# enable = true;
# name = "caz-runner";
# # token = runner-key;
# tokenFile = config.age.secrets.lily.path;
# url = "https://git.lilyvex.dev/";
# labels = [
# "node-22:docker://node:22-bookworm"
# "nixos-latest:docker://nixos/nix"
# "ubuntu-latest:docker://node:16-bullseye"
# ];
# #settings = { ... };
# };
# };
# };
};
}

7
modules/runners/secrets/lily.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 gwCq6Q YfhZEEqe8nFJInm13FuPk3lAS5MpTHeTbPYE2czQJmk
YApzb5JSzg+hGULtJGOzH04XWuzjTtf4jB9rPnweBzU
-> ssh-ed25519 TvHG8g o8lSKhyOUvW8lz303Z6b5/TasTiN4ENcS0Bg1ZAugFA
e5tvFv819718uInabUIRJYOC45f/MYQkI4jep+DA+6o
--- Hw3Q1yUIXUmajkeK0sBRjLQcR4GjFh97hTu9jTIopIM
.<2E><>-<2D>ԓN1<4E>3$<24>0<EFBFBD>\ <09><>2<EFBFBD>p<EFBFBD><70><EFBFBD>|/<2F>y<EFBFBD><79>7S<08>X5bLdI<64>t<EFBFBD><74><EFBFBD><EFBFBD><EFBFBD><16><><EFBFBD>r <0B>F<EFBFBD>2`<60>X<1B>s<><73><EFBFBD><EFBFBD><EFBFBD>#<08>

BIN
modules/runners/secrets/potato.age Normal file
View file

Binary file not shown.

19
modules/runners/secrets/secrets.nix Normal file
View file

@ -0,0 +1,19 @@
let
lily = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHj4f4GlA+DP491i9ssmm+Ys/TLikz6ALk1kkglhcywY lily@GreenMachine";
users = [lily];
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/rgN3hR4K2Mu/Oy3tgaGfDfCss3CrNJn2jTTQJQKKn root@nixos";
systems = [system];
in {
# age.secrets.potato.file = ./potato.age;
# age.secrets.lily.file = ./lily.age;
"potato.age".publicKeys = [
lily
system
];
"lily.age".publicKeys = [
lily
system
];
}

17
modules/users/default.nix Normal file
View file

@ -0,0 +1,17 @@
{lib, ...}: let
# recursively construct attr-set of a directory
getDir = dir:
lib.mapAttrs (file: type:
if type == "directory"
then getDir "${dir}/${file}"
else type) (
builtins.readDir dir
);
files = dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir));
validFiles = dir:
map (file: ./. + "/${file}") (
lib.filter (file: lib.hasSuffix ".nix" file && file != "default.nix") (files dir)
);
in {
imports = validFiles ./.;
}

21
modules/users/lily.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.lily.users.lily;
# interpolated_secrets = import ../../secrets/interpolated_secrets.nix;
in {
options.lily.users.lily.enable = lib.mkEnableOption "activate user lily";
config = lib.mkIf cfg.enable {
users.users.lily = {
home = "/home/lily";
isNormalUser = true;
# hashedPasswordFile = lib.mkIf config.lily.sops config.sops.secrets."users/lily/hashedPassword".path;
extraGroups = ["wheel" "openrazer" "docker"] ++ lib.optionals config.networking.networkmanager.enable ["networkmanager"];
shell = pkgs.zsh;
};
# sops.secrets."users/lily/hashedPassword" = lib.mkIf config.lily.sops { neededForUsers = true; };
};
}

37
modules/wayland/default.nix Normal file
View file

@ -0,0 +1,37 @@
{
lib,
pkgs,
config,
...
}: let
cfg = config.lily.wayland;
in {
options.lily.wayland.enable = lib.mkEnableOption "activate wayland";
config = lib.mkIf cfg.enable {
programs.xwayland.enable = true;
environment.systemPackages = with pkgs;
[
wl-clipboard
xwayland
xwaylandvideobridge
wayland-utils
wev
]
++ lib.optionals (config.lily.plasma.enable) [kdePackages.plasma-wayland-protocols];
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
MOZ_ENABLE_WAYLAND = "1";
QT_QUICK_CONTROLS_STYLE = "org.kde.desktop";
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
QT_QPA_PLATFORM = "wayland;xcb";
XDG_SESSION_TYPE = "wayland";
GDK_BACKEND = "wayland,x11";
};
services.dbus.enable = true;
security = {
polkit.enable = true;
rtkit.enable = true;
};
};
}