diff options
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/default.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/desktop/budgie/default.nix | 101 | ||||
| -rw-r--r-- | modules/nixos/desktop/default.nix | 95 | ||||
| -rw-r--r-- | modules/nixos/desktop/gnome/default.nix | 43 | ||||
| -rw-r--r-- | modules/nixos/desktop/plasma/default.nix | 37 | ||||
| -rw-r--r-- | modules/nixos/features/containers.nix (renamed from modules/nixos/features/virtualisation.nix) | 6 | ||||
| -rw-r--r-- | modules/nixos/features/default.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/features/tailscale.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/server/acme.nix | 27 | ||||
| -rw-r--r-- | modules/nixos/server/default.nix | 43 | ||||
| -rw-r--r-- | modules/nixos/server/secrets.nix | 23 | ||||
| -rw-r--r-- | modules/nixos/services/hercules.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/services/promtail.nix | 2 |
13 files changed, 228 insertions, 162 deletions
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 80b0ae1..8d838bf 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,9 +3,6 @@ default = ./base.nix; desktop = ./desktop; features = ./features; - gnome = ./desktop/gnome; - plasma = ./desktop/plasma; - budgie = ./desktop/budgie; server = ./server; services = ./services; }; diff --git a/modules/nixos/desktop/budgie/default.nix b/modules/nixos/desktop/budgie/default.nix index cb236b5..dbd3715 100644 --- a/modules/nixos/desktop/budgie/default.nix +++ b/modules/nixos/desktop/budgie/default.nix @@ -1,54 +1,65 @@ -{pkgs, ...}: { - environment = { - budgie.excludePackages = with pkgs; [ - qogir-theme - qogir-icon-theme +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.desktop.budgie; +in { + options.desktop.budgie.enable = lib.mkEnableOption "budgie desktop"; - # i don't like mates apps. fedora doesn't use them either :/ - mate.atril - mate.pluma - mate.engrampa - mate.mate-calc - mate.mate-terminal - mate.mate-system-monitor - vlc - ]; + config = lib.mkIf cfg.enable { + environment = { + budgie.excludePackages = with pkgs; [ + qogir-theme + qogir-icon-theme - systemPackages = with pkgs; [ - materia-theme - papirus-icon-theme + # i don't like mates apps. fedora doesn't use them either :/ + mate.atril + mate.pluma + mate.engrampa + mate.mate-calc + mate.mate-terminal + mate.mate-system-monitor + vlc + ]; - # replacements for mate stuff - evince - gedit - cinnamon.nemo-fileroller - gnome.gnome-calculator - blackbox-terminal - gnome.gnome-system-monitor - celluloid - ]; - }; + systemPackages = with pkgs; [ + materia-theme + papirus-icon-theme - services.xserver = { - displayManager.lightdm.greeters.slick = { - theme = { - name = "Materia-dark"; - package = pkgs.materia-theme; - }; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; + # replacements for mate stuff + evince + gedit + cinnamon.nemo-fileroller + gnome.gnome-calculator + blackbox-terminal + gnome.gnome-system-monitor + celluloid + ]; }; - desktopManager.budgie = { - enable = true; - extraGSettingsOverrides = '' - [org.gnome.desktop.interface:Budgie] - color-scheme='prefer-dark' - gtk-theme='Materia-dark' - icon-theme='Papirus-Dark' - ''; + services.xserver = { + displayManager.lightdm.greeters.slick = { + theme = { + name = "Materia-dark"; + package = pkgs.materia-theme; + }; + iconTheme = { + name = "Papirus-Dark"; + package = pkgs.papirus-icon-theme; + }; + }; + + desktopManager.budgie = { + enable = true; + extraGSettingsOverrides = '' + [org.gnome.desktop.interface:Budgie] + color-scheme='prefer-dark' + gtk-theme='Materia-dark' + icon-theme='Papirus-Dark' + ''; + }; }; }; } diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 68e9d65..12023ef 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,55 +1,68 @@ { + config, lib, pkgs, ... -}: { - environment = { - noXlibs = lib.mkForce false; - systemPackages = with pkgs; [wl-clipboard xclip]; - }; +}: let + cfg = config.desktop; +in { + options.desktop.enable = lib.mkEnableOption "base desktop settings"; + + imports = [ + ./budgie + ./gnome + ./plasma + ]; + + config = lib.mkIf cfg.enable { + environment = { + noXlibs = lib.mkForce false; + systemPackages = with pkgs; [wl-clipboard xclip]; + }; + + fonts = { + enableDefaultPackages = lib.mkDefault true; + + packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode" "Hack" "Noto"];}) + noto-fonts + noto-fonts-extra + noto-fonts-color-emoji + noto-fonts-cjk-sans + ]; - fonts = { - enableDefaultPackages = lib.mkDefault true; - - packages = with pkgs; [ - (nerdfonts.override {fonts = ["FiraCode" "Hack" "Noto"];}) - noto-fonts - noto-fonts-extra - noto-fonts-color-emoji - noto-fonts-cjk-sans - ]; - - fontconfig = { - enable = lib.mkDefault true; - cache32Bit = true; - defaultFonts = lib.mkDefault { - serif = ["Noto Serif"]; - sansSerif = ["Noto Sans"]; - emoji = ["Noto Color Emoji"]; - monospace = ["Noto Sans Mono"]; + fontconfig = { + enable = lib.mkDefault true; + cache32Bit = true; + defaultFonts = lib.mkDefault { + serif = ["Noto Serif"]; + sansSerif = ["Noto Sans"]; + emoji = ["Noto Color Emoji"]; + monospace = ["Noto Sans Mono"]; + }; }; }; - }; - hardware.pulseaudio.enable = false; + hardware.pulseaudio.enable = false; - programs = { - chromium.enable = lib.mkDefault true; - firefox.enable = lib.mkDefault true; - xwayland.enable = lib.mkDefault true; - }; + programs = { + chromium.enable = lib.mkDefault true; + firefox.enable = lib.mkDefault true; + xwayland.enable = lib.mkDefault true; + }; - services = { - pipewire = lib.mkDefault { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - jack.enable = true; - pulse.enable = true; + services = { + pipewire = lib.mkDefault { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + jack.enable = true; + pulse.enable = true; + }; + + xserver.enable = lib.mkDefault true; }; - xserver.enable = lib.mkDefault true; + xdg.portal.enable = lib.mkDefault true; }; - - xdg.portal.enable = lib.mkDefault true; } diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index 18f023f..a925199 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -1,21 +1,32 @@ -{pkgs, ...}: { - environment = { - gnome.excludePackages = with pkgs; [ - gnome-tour - ]; +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.desktop.gnome; +in { + options.desktop.gnome.enable = lib.mkEnableOption "GNOME desktop"; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; + config = lib.mkIf cfg.enable { + environment = { + gnome.excludePackages = with pkgs; [ + gnome-tour + ]; - systemPackages = with pkgs; [ - adw-gtk3 - blackbox-terminal - ]; - }; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; - services.xserver = { - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; + systemPackages = with pkgs; [ + adw-gtk3 + blackbox-terminal + ]; + }; + + services.xserver = { + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; }; } diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix index d580e3f..df9fe38 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma/default.nix @@ -1,17 +1,28 @@ -{pkgs, ...}: { - environment = { - plasma5.excludePackages = with pkgs.libsForQt5; [ - khelpcenter - plasma-browser-integration - print-manager - ]; - }; +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.desktop.plasma; +in { + options.desktop.plasma.enable = lib.mkEnableOption "Plasma desktop"; + + config = lib.mkIf cfg.enable { + environment = { + plasma5.excludePackages = with pkgs.libsForQt5; [ + khelpcenter + plasma-browser-integration + print-manager + ]; + }; - services.xserver = { - displayManager.sddm.enable = true; - desktopManager.plasma5 = { - enable = true; - useQtScaling = true; + services.xserver = { + displayManager.sddm.enable = true; + desktopManager.plasma5 = { + enable = true; + useQtScaling = true; + }; }; }; } diff --git a/modules/nixos/features/virtualisation.nix b/modules/nixos/features/containers.nix index 3ecc9a5..290f7b0 100644 --- a/modules/nixos/features/virtualisation.nix +++ b/modules/nixos/features/containers.nix @@ -4,10 +4,10 @@ pkgs, ... }: let - cfg = config.features.virtualisation; + cfg = config.features.containers; in { - options.features.virtualisation = { - enable = lib.mkEnableOption "enable podman"; + options.features.containers = { + enable = lib.mkEnableOption "containers support"; }; config.virtualisation = lib.mkIf cfg.enable { diff --git a/modules/nixos/features/default.nix b/modules/nixos/features/default.nix index 3ef81c3..607277f 100644 --- a/modules/nixos/features/default.nix +++ b/modules/nixos/features/default.nix @@ -1,7 +1,7 @@ { imports = [ + ./containers.nix ./nvk ./tailscale.nix - ./virtualisation.nix ]; } diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 22168f3..9eba428 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -7,8 +7,8 @@ cfg = config.features.tailscale; in { options.features.tailscale = { - enable = lib.mkEnableOption "enable support for tailscale"; - ssh.enable = lib.mkEnableOption "enable support for tailscale ssh"; + enable = lib.mkEnableOption "Tailscale"; + ssh.enable = lib.mkEnableOption "Tailscale SSH"; }; config = lib.mkIf cfg.enable { diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix index edb499c..a08c8ae 100644 --- a/modules/nixos/server/acme.nix +++ b/modules/nixos/server/acme.nix @@ -1,18 +1,25 @@ { config, + lib, secretsDir, ... -}: { - age.secrets = { - cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age"; - }; +}: let + cfg = config.server.acme; +in { + options.server.acme.enable = lib.mkEnableOption "ACME support"; + + config = lib.mkIf cfg.enable { + age.secrets = { + cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age"; + }; - security.acme = { - acceptTerms = true; - defaults = { - email = "[email protected]"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflareApiKey.path; + security.acme = { + acceptTerms = true; + defaults = { + email = "[email protected]"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflareApiKey.path; + }; }; }; } diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index d503eae..d412067 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -4,33 +4,38 @@ pkgs, inputs, ... -}: { +}: let + cfg = config.server; +in { + options.server.enable = lib.mkEnableOption "base server settings"; + imports = [ - # disabled since i use cloudflare tunnels - #./acme.nix + ./acme.nix ./secrets.nix ]; - _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; + config = lib.mkIf cfg.enable { + _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; - boot = { - tmp.cleanOnBoot = lib.mkDefault true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; - }; + boot = { + tmp.cleanOnBoot = lib.mkDefault true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; + }; - documentation = { - enable = false; - man.enable = false; - }; + documentation = { + enable = false; + man.enable = false; + }; - environment.defaultPackages = lib.mkForce []; + environment.defaultPackages = lib.mkForce []; - nix = { - gc = { - dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; - options = "-d --delete-older-than 2d"; - }; + nix = { + gc = { + dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; + options = "-d --delete-older-than 2d"; + }; - settings.allowed-users = [config.networking.hostName]; + settings.allowed-users = [config.networking.hostName]; + }; }; } diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix index 1d572bd..0f38995 100644 --- a/modules/nixos/server/secrets.nix +++ b/modules/nixos/server/secrets.nix @@ -1,10 +1,21 @@ -{secretsDir, ...}: { - age = { - identityPaths = ["/etc/age/key"]; +{ + config, + lib, + secretsDir, + ... +}: let + cfg = config.server.secrets; +in { + options.server.secrets.enable = lib.mkEnableOption "secrets management"; - secrets = { - rootPassword.file = secretsDir + "/rootPassword.age"; - userPassword.file = secretsDir + "/userPassword.age"; + config = lib.mkIf cfg.enable { + age = { + identityPaths = ["/etc/age/key"]; + + secrets = { + rootPassword.file = secretsDir + "/rootPassword.age"; + userPassword.file = secretsDir + "/userPassword.age"; + }; }; }; } diff --git a/modules/nixos/services/hercules.nix b/modules/nixos/services/hercules.nix index c394da0..879367c 100644 --- a/modules/nixos/services/hercules.nix +++ b/modules/nixos/services/hercules.nix @@ -15,8 +15,8 @@ }; in { options.server.services.hercules-ci = { - enable = mkEnableOption "enable hercules-ci"; - secrets.enable = mkEnableOption "manage secrets for hercules-ci"; + enable = mkEnableOption "hercules-ci"; + secrets.enable = mkEnableOption "secrets management for hercules-ci"; }; config = mkIf cfg.enable { diff --git a/modules/nixos/services/promtail.nix b/modules/nixos/services/promtail.nix index 63faf15..ced1ece 100644 --- a/modules/nixos/services/promtail.nix +++ b/modules/nixos/services/promtail.nix @@ -7,7 +7,7 @@ inherit (lib) mkEnableOption mkIf mkOption types; in { options.server.services.promtail = { - enable = mkEnableOption "enable promtail"; + enable = mkEnableOption "Promtail"; clients = mkOption { type = types.listOf types.attrs; |