emmet/nixos-config
0
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Major config overhaul: use custom modules, setup for multi-host config, and less boilerplate

Browse Source
This commit is contained in:
Emmet K
2025-02-09 16:50:26 -06:00
parent 1fa8b17b07
commit 0453901d17
303 changed files with 3560 additions and 5566 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
modules/system/README.org Normal file
View File

@@ -0,0 +1,29 @@
#+title: System-level Nix Modules
#+author: Emmet
Separate Nix files can be imported as modules using an import block:
#+BEGIN_SRC nix
imports = [ import1.nix
import2.nix
...
];
#+END_SRC
My system-level Nix modules are organized into this directory:
- [[./hardware-configuration.nix][hardware-configuration]] - Default hardware config generated for my system
- [[./bin][bin]] - My own scripts
- [[./bin/phoenix.nix][phoenix]] - My nix command wrapper
- [[./app][app]] - Necessary system-level configuration to get various apps working
- [[./hardware][hardware]] - Hardware configurations I may need to use
- [[./security][security]] - System-level security stuff
- [[./style][style]] - Stylix setup (system-wide base16 theme generation)
- [[./wm][wm]] - Necessary system-level configuration to get various window managers, wayland compositors, and/or desktop environments working
** Variables imported from flake.nix
Variables can be imported from [[../flake.nix][flake.nix]] by setting the =specialArgs= block inside the flake (see [[../flake.nix][my flake]] for more details). This allows variables to merely be managed in one place ([[../flake.nix][flake.nix]]) rather than having to manage them in multiple locations.
I use this to pass a few attribute sets:
- =userSettings= - Settings for the normal user (see [[../flake.nix][flake.nix]] for more details)
- =systemSettings= - Settings for the system (see [[../flake.nix][flake.nix]] for more details)
- =inputs= - Flake inputs (see [[../flake.nix][flake.nix]] for more details)
- =pkgs-stable= - Allows me to include stable versions of packages along with (my default) unstable versions of packages

16
modules/system/bluetooth/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, config, ... }:
let
cfg = config.systemSettings.bluetooth;
in {
options = {
systemSettings.bluetooth = {
enable = lib.mkEnableOption "Enable bluetooth";
};
};
config = lib.mkIf cfg.enable {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
};
}

85
modules/system/configuration.nix Normal file
View File

@@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }:
{
config = {
# Journal
services.journald.extraConfig = "SystemMaxUse=50M\nSystemMaxFiles=5";
services.journald.rateLimitBurst = 500;
services.journald.rateLimitInterval = "30s";
# Locale and TZ
time.timeZone = "America/Chicago";
services.timesyncd.enable = true;
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = config.i18n.defaultLocale;
LC_IDENTIFICATION = config.i18n.defaultLocale;
LC_MEASUREMENT = config.i18n.defaultLocale;
LC_MONETARY = config.i18n.defaultLocale;
LC_NAME = config.i18n.defaultLocale;
LC_NUMERIC = config.i18n.defaultLocale;
LC_PAPER = config.i18n.defaultLocale;
LC_TELEPHONE = config.i18n.defaultLocale;
LC_TIME = config.i18n.defaultLocale;
};
# Use zsh
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
# Fix nix path
nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=$HOME/dotfiles/system/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
# Ensure nix flakes are enabled
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# Substituters
nix.settings = {
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# wheel group gets trusted access to nix daemon
nix.settings.trusted-users = [ "@wheel" ];
# Bootloader
# Use systemd-boot if uefi, default to grub otherwise
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.editor = false;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
# Silent Boot
# https://wiki.archlinux.org/title/Silent_boot
boot.kernelParams = [
"quiet"
"splash"
"vga=current"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
boot.initrd.systemd.enable = true;
boot.initrd.verbose = false;
boot.plymouth.enable = true;
# Networking
networking.networkmanager.enable = true; # Use networkmanager
# Remove bloat
programs.nano.enable = lib.mkForce false;
};
}

29
modules/system/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, ... }:
with lib;
let
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir = dir: mapAttrs
(file: type:
if type == "directory" then getDir "${dir}/${file}" else type
)
(builtins.readDir dir);
# Collects all files of a directory as a list of strings of paths
files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir));
# Filters out directories that don't end with .nix or are this file, also makes the strings absolute
importAll = dir: map
(file: ./. + "/${file}")
(filter
(file: hasSuffix ".nix" file && file != "default.nix" &&
! lib.hasPrefix "x/taffybar/" file &&
! lib.hasSuffix "-hm.nix" file)
(files dir));
in
{
imports = importAll ./.;
}

16
modules/system/flatpak/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, config, ... }:
let
cfg = config.systemSettings.flatpak;
in {
options = {
systemSettings.flatpak = {
enable = lib.mkEnableOption "Enable flatpaks";
};
};
config = lib.mkIf cfg.enable {
services.flatpak.enable = true;
xdg.portal.enable = true;
};
}

20
modules/system/gaming/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ lib, config, pkgs, ... }:
let
cfg = config.systemSettings.gaming;
in {
options = {
systemSettings.gaming = {
enable = lib.mkEnableOption "Enable Steam and games";
};
};
config = lib.mkIf cfg.enable {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "steam" "steam-unwrapped" ];
hardware.opengl.driSupport32Bit = true;
programs.steam.enable = true;
environment.systemPackages = with pkgs; [ pkgs.steam gamemode prismlauncher ];
programs.gamemode.enable = true;
};
}

98
modules/system/hyprland/default.nix Normal file
View File

@@ -0,0 +1,98 @@
{ inputs, pkgs, pkgs-stable, config, lib, ... }:
let
cfg = config.systemSettings.hyprland;
in
{
options = {
systemSettings.hyprland = {
enable = lib.mkEnableOption "Enable hyprland";
};
};
config = lib.mkIf cfg.enable {
# Hyprland
programs = {
hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
xwayland = {
enable = true;
};
portalPackage = pkgs.xdg-desktop-portal-hyprland;
};
};
# Necessary packages
environment.systemPackages = with pkgs; [
jq
(sddm-chili-theme.override {
themeConfig = {
background = config.stylix.image;
ScreenWidth = 1920;
ScreenHeight = 1080;
blur = true;
recursiveBlurLoops = 3;
recursiveBlurRadius = 5;
# TODO fix icons with svgs patched from stylix colors
};})
];
# Display manager
services.xserver.displayManager.sddm = {
enable = true;
wayland.enable = true;
enableHidpi = true;
theme = "chili";
package = pkgs.sddm;
};
# xwayland
services.xserver = {
enable = true;
xkb = {
layout = "us";
variant = "";
options = "caps:escape";
};
excludePackages = [ pkgs.xterm ];
};
# Keyring
security.pam.services.login.enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true;
# Dbus
services.dbus = {
enable = true;
packages = [ pkgs.dconf ];
};
programs.dconf.enable = true;
# Pipewire
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
# Some fancy fonts
fonts.packages = with pkgs-stable; [
# Fonts
nerdfonts
powerline
];
# Auto rotate screen
programs.iio-hyprland = {
enable = true;
package = pkgs.iio-hyprland.overrideAttrs {
patches = [ ./iio-hyprland-hyprpaper.patch ];
};
};
};
}

12
modules/system/hyprland/iio-hyprland-hyprpaper.patch Normal file
View File

@@ -0,0 +1,12 @@
diff --git a/main.c b/main.c
index 2e858dd..2cd43e8 100644
--- a/main.c
+++ b/main.c
@@ -123,6 +123,7 @@ void handle_orientation(enum Orientation orientation, const char* monitor_id) {
system_fmt("hyprctl --batch \"keyword monitor %s,transform,%d ; keyword input:touchdevice:transform %d ; keyword input:tablet:transform %d\"", output, orientation, orientation, orientation);
}
+ system_fmt("pkill hyprpaper; hyprpaper & disown;");
}
DBusMessage* request_orientation(DBusConnection* conn) {

29
modules/system/kernel/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
let
cfg = config.systemSettings.cachy;
in
{
options = {
systemSettings.cachy = {
enable = lib.mkEnableOption "Enable cachyos kernel";
variant = lib.mkOption {
default = null;
type = lib.types.nullOr (lib.types.enum ["lto" "server" "hardened"]);
description = ''
This option determines the CachyOS kernel variant to use.
'';
};
};
};
config = lib.mkIf cfg.enable {
boot.kernelPackages = lib.mkMerge [
(lib.mkIf (cfg.variant == null) pkgs.linuxPackages_cachyos)
(lib.mkIf (cfg.variant == "lto") pkgs.linuxPackages_cachyos-lto)
(lib.mkIf (cfg.variant == "server") pkgs.linuxPackages_cachyos-server)
(lib.mkIf (cfg.variant == "hardened") pkgs.linuxPackages_cachyos-hardened)
];
boot.consoleLogLevel = 0;
};
}

31
modules/system/nix/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, lib, pkgs, inputs, ... }:
let
caches = import inputs.secrets.caches;
in {
config = {
nix = {
package = pkgs.nix;
settings = {
substituters =
(lib.optionals (caches ? urls) caches.urls) ++
[
"https://cache.nixos.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys =
(lib.optionals (caches ? publicKeys) caches.publicKeys) ++
[
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = config.systemSettings.adminUsers ++ [ "@wheel" ];
auto-optimise-store = true;
download-buffer-size = 500000000;
};
};
system.stateVersion = "22.11";
};
}

80
modules/system/phoenix/default.nix Normal file
View File

@@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
{
options = {
systemSettings.dotfilesDir = lib.mkOption {
default = "/etc/nixos";
description = "Absolute path to the dotfiles directory";
type = lib.types.path;
};
};
# TODO disabled for debugging
# config = {
# environment.systemPackages = [
# # TODO update script for config schema change
# (pkgs.writeScriptBin "phoenix" ''
# if [ "$1" = "sync" ]; then
# if [ "$#" = 1 ]; then
# ''+config.systemSettings.dotfilesDir+''/scripts/sync.sh;
# exit 0;
# elif [ "$2" = "user" ]; then
# ''+config.systemSettings.dotfilesDir+''/scripts/sync-user.sh;
# exit 0;
# elif [ "$2" = "system" ]; then
# ''+config.systemSettings.dotfilesDir+''/scripts/sync-system.sh;
# exit 0;
# else
# echo "Please pass 'system' or 'user' if supplying a second argument"
# fi
# elif [ "$1" = "refresh" ]; then
# if [ "$#" -gt 1 ]; then
# echo "Warning: The 'refresh' command has no subcommands (no $2 subcommand)";
# fi
# ''+config.systemSettings.dotfilesDir+''/scripts/sync-posthook.sh;
# exit 0;
# elif [ "$1" = "update" ]; then
# ''+config.systemSettings.dotfilesDir+''/scripts/update.sh "''${@:2}";
# exit 0;
# elif [ "$1" = "upgrade" ]; then
# if [ "$#" -gt 1 ]; then
# echo "Warning: The 'upgrade' command has no subcommands (no $2 subcommand)";
# fi
# ''+config.systemSettings.dotfilesDir+''/scripts/upgrade.sh;
# exit 0;
# elif [ "$1" = "pull" ]; then
# if [ "$#" -gt 1 ]; then
# echo "Warning: The 'pull' command has no subcommands (no $2 subcommand)";
# fi
# ''+config.systemSettings.dotfilesDir+''/scripts/pull.sh;
# exit 0;
# elif [ "$1" = "harden" ]; then
# if [ "$#" -gt 1 ]; then
# echo "Warning: The 'harden' command has no subcommands (no $2 subcommand)";
# fi
# ''+config.systemSettings.dotfilesDir+''/scripts/harden.sh;
# exit 0;
# elif [ "$1" = "soften" ]; then
# if [ "$#" -gt 1 ]; then
# echo "Warning: The 'soften' command has no subcommands (no $2 subcommand)";
# fi
# ''+config.systemSettings.dotfilesDir+''/scripts/soften.sh;
# exit 0;
# elif [ "$1" = "gc" ]; then
# if [ "$#" -gt 2 ]; then
# echo "Warning: The 'gc' command only accepts one argument (collect_older_than)";
# fi
# if [ "$2" = "full" ]; then
# sudo nix-collect-garbage --delete-old;
# nix-collect-garbage --delete-old;
# elif [ "$2" ]; then
# sudo nix-collect-garbage --delete-older-than $2;
# nix-collect-garbage --delete-older-than $2;
# else
# sudo nix-collect-garbage --delete-older-than 30d;
# nix-collect-garbage --delete-older-than 30d;
# fi
# fi
# '')
# ];
# };
}

20
modules/system/printing/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, lib, config, ... }:
let
cfg = config.systemSettings.printing;
in {
options = {
systemSettings.printing = {
enable = lib.mkEnableOption "Enable printing";
};
};
config = lib.mkIf cfg.enable {
# Enable printing
services.printing.enable = true;
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
services.avahi.openFirewall = true;
environment.systemPackages = [ pkgs.cups-filters ];
};
}

17
modules/system/security/automount/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.systemSettings.security.automount;
in {
options = {
systemSettings.security.automount = {
enable = lib.mkEnableOption "Enable automount";
};
};
config = lib.mkIf cfg.enable {
services.devmon.enable = true;
services.gvfs.enable = true;
services.udisks2.enable = true;
};
}

18
modules/system/security/blocklist/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, inputs, ... }:
let
blocklist = builtins.readFile "${inputs.blocklist-hosts}/alternates/gambling-porn/hosts";
cfg = config.systemSettings.security.blocklist;
in {
options = {
systemSettings.security.blocklist = {
enable = lib.mkEnableOption "Enable basic host blocking for bad websites";
};
};
config = lib.mkIf cfg.enable {
networking.extraHosts = ''
"${blocklist}"
'';
};
}

42
modules/system/security/doas/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:
let
cfg = config.systemSettings.security.doas;
adminUsers = config.systemSettings.adminUsers;
in {
options = {
systemSettings.security.doas = {
enable = lib.mkEnableOption "Replace sudo with doas";
};
};
config = lib.mkIf cfg.enable {
# Doas instead of sudo
security.doas.enable = true;
security.sudo.enable = false;
security.doas.extraRules = [
{
users = adminUsers;
cmd = "nix";
noPass = true;
keepEnv = true;
}
{
users = adminUsers;
cmd = "nixos-rebuild";
noPass = true;
keepEnv = true;
}
{
users = adminUsers;
cmd = "nix-collect-garbage";
noPass = true;
keepEnv = true;
}
];
environment.systemPackages = [
pkgs.doas-sudo-shim
];
};
}

30
modules/system/security/firejail/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{ lib, config, pkgs, ... }:
let
cfg = config.systemSettings.security.firejail;
in {
options = {
systemSettings.security.firejail = {
enable = lib.mkEnableOption "Use firejail on some apps for extra security";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ firejail ];
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
#prismlauncher = {
# executable = "${pkgs.prismlauncher}/bin/prismlauncher";
# profile = ./firejail-profiles/prismlauncher.profile;
#};
#steam = {
# executable = "${pkgs.steam}/bin/steam";
# profile = "${pkgs.firejail}/etc/firejail/steam.profile";
#};
#steam-run = {
# executable = "${pkgs.steam}/bin/steam-run";
# profile = "${pkgs.firejail}/etc/firejail/steam.profile";
#};
};
};
}

51
modules/system/security/firejail/profiles/prismlauncher.profile Normal file
View File

@@ -0,0 +1,51 @@
# Firejail profile for prismlauncher
# Description: An Open Source Minecraft launcher that can manage multiple instances
# This file is overwritten after every install/update
# Persistent global definitions
include globals.local
ignore noexec ${HOME}
noblacklist ${HOME}/.local/share/PrismLauncher
include allow-java.inc
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
mkdir ${HOME}/.local/share/PrismLauncher
whitelist ${HOME}/.local/share/PrismLauncher
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
caps.drop all
netfilter
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
tracelog
disable-mnt
private-bin java,java-config,minecraft-launcher,prismlauncher
private-cache
private-dev
# If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>'
# or 'ignore private-etc' to your minecraft-launcher.local.
private-tmp
dbus-system none
restrict-namespaces

22
modules/system/security/firewall/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, lib, ... }:
let
cfg = config.systemSettings.security.firewall;
in {
options = {
systemSettings.security.firewall = {
# TODO make this more granular and better :|
enable = lib.mkEnableOption "Actvate firewall with ports open only for syncthing";
};
};
config = lib.mkIf cfg.enable {
# Firewall
networking.firewall.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22000 21027 ]; # syncthing
networking.firewall.allowedUDPPorts = [ 22000 21027 ]; # syncthing
# Or disable the firewall altogether.
# networking.firewall.enable = false;
};
}

18
modules/system/security/gpg/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ lib, config, ... }:
let
cfg = config.systemSettings.security.gpg;
in {
options = {
systemSettings.security.gpg = {
enable = lib.mkEnableOption "Enable gpg";
};
};
config = lib.mkIf cfg.enable {
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
}

16
modules/system/security/openvpn/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
let
cfg = config.systemSettings.security.openvpn;
in {
options = {
systemSettings.security.openvpn = {
enable = lib.mkEnableOption "Enable openvpn";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.openvpn ];
environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
};
}

25
modules/system/security/sshd/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{ config, lib, ... }:
let
cfg = config.systemSettings.security.sshd;
in {
options = {
systemSettings.security.sshd = {
enable = lib.mkEnableOption "Enable incoming ssh connections";
};
};
config = lib.mkIf cfg.enable {
# Enable incoming ssh
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
# Don't forget to set:
# users.users.${username}.openssh.authorizedKeys.keys = "myAuthorizedKey";
};
}

56
modules/system/stylix/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{ lib, config, pkgs, inputs, ... }:
let
cfg = config.systemSettings.stylix;
theme = import (./. + "../../../themes"+("/"+config.systemSettings.stylix.theme));
in
{
options = {
systemSettings.stylix = {
enable = lib.mkEnableOption "Enable stylix theming";
};
systemSettings.stylix.theme = lib.mkOption {
default = "io";
type = lib.types.enum (builtins.attrNames (lib.filterAttrs (name: type: type == "directory") (builtins.readDir ../../themes)));
description = "Theme for stylix to use system wide. A list of themes can be found in the `themes` directory.";
};
};
imports = [ inputs.stylix.nixosModules.stylix ];
config = lib.mkIf cfg.enable {
stylix.enable = true;
stylix.autoEnable = false;
stylix.polarity = theme.polarity;
stylix.image = pkgs.fetchurl {
url = theme.backgroundUrl;
sha256 = theme.backgroundSha256;
};
stylix.base16Scheme = theme;
stylix.fonts = {
# TODO abstract fonts into an option
monospace = {
name = "FiraCode Nerd Font";
package = pkgs.nerd-fonts.fira-code;
};
serif = {
name = "FiraCode Nerd Font";
package = pkgs.nerd-fonts.fira-code;
};
sansSerif = {
name = "FiraCode Nerd Font";
package = pkgs.nerd-fonts.fira-code;
};
emoji = {
name = "Noto Color Emoji";
package = pkgs.noto-fonts-emoji-blob-bin;
};
};
stylix.targets.console.enable = true;
environment.sessionVariables = {
QT_QPA_PLATFORMTHEME = "qt5ct";
};
};
}

58
modules/system/tlp/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{ config, lib, ... }:
let
cfg = config.systemSettings.tlp;
in {
options = {
systemSettings.tlp = {
enable = lib.mkEnableOption "Enable tlp power management";
};
};
config = lib.mkIf cfg.enable {
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "balance";
CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
CPU_DRIVER_OPMODE_ON_AC = "active";
CPU_DRIVER_OPMODE_ON_BAT = "active";
WIFI_PWR_ON_AC = "on";
WIFI_PWR_ON_BAT = "on";
RUNTIME_PM_ON_AC = "auto";
RUNTIME_PM_ON_BAT = "auto";
CPU_MIN_PERF_ON_AC = 10;
CPU_MAX_PERF_ON_AC = 90;
CPU_MIN_PERF_ON_BAT = 10;
CPU_MAX_PERF_ON_BAT = 50;
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
CPU_HWP_DYN_BOOST_ON_AC = 1;
CPU_HWP_DYN_BOOST_ON_BAT = 0;
START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0 = 80;
MEM_SLEEP_ON_AC = "deep";
MEM_SLEEP_ON_BAT = "deep";
PLATFORM_PROFILE_ON_AC = "performance";
PLATFORM_PROFILE_ON_BAT = "low-power";
RADEON_DPM_STATE_ON_AC = "performance";
RADEON_DPM_STATE_ON_BAT = "battery";
RADEON_POWER_PROFILE_ON_AC = "high";
RADEON_POWER_PROFILE_ON_BAT = "low";
INTEL_GPU_MIN_FREQ_ON_AC = 600;
INTEL_GPU_MIN_FREQ_ON_BAT = 600;
};
};
};
}

41
modules/system/users/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, lib, inputs, ... }:
let
userInfo = import inputs.secrets.userInfo;
in {
options = {
systemSettings = {
users = lib.mkOption {
description = "List of desktop users to create on the system";
type = lib.types.listOf lib.types.str;
};
adminUsers = lib.mkOption {
description = "List of desktop users to grant admin (sudo) access on the system";
type = lib.types.listOf lib.types.str;
};
};
};
config = {
users.users = builtins.listToAttrs
(map (user: {
name = user;
value = {
description = userInfo.${user}.name;
isNormalUser = true;
extraGroups = [ "networkmanager" "input" "dialout" "video" "render" ] ++ (lib.optionals (lib.any (x: x == user) config.systemSettings.adminUsers) [ "wheel" ]);
createHome = true;
};
}) config.systemSettings.users);
home-manager.users = builtins.listToAttrs
(map (user: {
name = user;
value = {
home.username = user;
home.homeDirectory = "/home/"+user;
userSettings.name = lib.mkIf (userInfo.${user} ? name) userInfo.${user}.name;
userSettings.email = lib.mkIf (userInfo.${user} ? email ) userInfo.${user}.email;
};
}) config.systemSettings.users);
};
}

26
modules/system/virtualization/docker/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let
cfg = config.systemSettings.virtualization.docker;
adminUsers = config.systemSettings.adminUsers;
in {
options = {
systemSettings.virtualization.docker = {
enable = lib.mkEnableOption "Enable docker";
};
};
config = {
virtualisation.docker = {
enable = true;
enableOnBoot = true;
autoPrune.enable = true;
};
users.users = builtins.listToAttrs (map (user: { name = user; value = { extraGroups = [ "docker" ];};}) adminUsers);
environment.systemPackages = with pkgs; [
docker
docker-compose
lazydocker
];
};
}

23
modules/system/virtualization/virtual-machines/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ lib, config, pkgs, ... }:
let cfg = config.systemSettings.virtualization.virtualMachines;
in {
options = {
systemSettings.virtualization.virtualMachines = {
enable = lib.mkEnableOption "Enable qemu virtual machines, distrobox, and waydroid";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ virt-manager distrobox ];
virtualisation.libvirtd = {
allowedBridges = [
"nm-bridge"
"virbr0"
];
enable = true;
qemu.runAsRoot = false;
};
virtualisation.waydroid.enable = true;
};
}