diff --git a/README.md b/README.md index 576ecfa..26685ac 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,71 @@ I didnt get these setup yet. - Raspberry Pi Zero 2W **harmonica** (small machine for small tasks and cronjobs) (not setup yet) - Android phone (termux) **android** (not setup yet) +My options: + +I implemented a module system for my configurations. Each machine has its own set of options that can be enabled or disabled. The options are defined in the `modules/options.nix` file. Each option is a module that can be imported into the machine configuration. + +I am containing my options in the `osbmModules` attribute set. I dont like to interfere with the global configuration namespace. Here is all the available options: + +```nix +osbmModules = { + desktopEnvironment = "plasma"; # options: "plasma", "none" + homeManager.enable = true; + machineType = "desktop"; # options: "desktop", "laptop", "server", "embedded", "mobile" + users = [ "osbm" "bayram" ]; + defaultUser = "osbm"; + agenix.enable = true; + nixSettings.enable = true; + programs = { + steam.enable = true; + graphical.enable = true; + commandLine.enable = true; + neovim.enable = true; + arduino.enable = true; + adbFastboot.enable = true; + }; + services = { + # list services to enable + }; + hardware = { + sound.enable = true; + nvidiaDriver.enable = false; + hibernation.enable = false; + disko = { + enable = true; + fileSystem = "zfs"; # options: "zfs", "ext4" + systemd-boot = true; + initrd-ssh = { + enable = true; + ethernetDrivers = [ "igc" ]; + }; + zfs = { + enable = true; + hostID = "49e95c43"; + root = { + disk1 = "nvme0n1"; + disk2 = "nvme1n1"; + reservation = "200G"; + impermanenceRoot = true; + }; + storage = { + enable = true; + disks = [ + "sda" + "sdb" + ]; + reservation = "1500G"; + mirror = true; + #amReinstalling = true; + }; + }; + }; + } +}; +``` + + +
How to bootstrap raspberry pi 5 @@ -39,7 +104,7 @@ and voila! when you plug the sd card to the raspberry pi 5 it will boot up with
build iso with: - nix build .#nixosConfigurations.myISO.config.system.build.isoImage + nix build .#nixosConfigurations.myISO.config.system.build.isoImage # To-do list diff --git a/home/alacritty.nix b/home/alacritty.nix deleted file mode 100644 index 10c431b..0000000 --- a/home/alacritty.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options.enableAlacritty = lib.mkEnableOption "Alacritty terminal emulator"; - config = { - programs.alacritty = { - enable = config.enableAlacritty; - settings = { - font = { - size = 14.0; - normal.family = "Cascadia Code"; - }; - terminal.shell = { - args = [ - "new-session" - "-A" - "-s" - "general" - ]; - program = lib.getExe pkgs.tmux; - }; - window = { - decorations = "None"; - opacity = 1; - startup_mode = "Maximized"; - }; - env.TERM = "xterm-256color"; - }; - }; - }; -} diff --git a/home/direnv.nix b/home/direnv.nix deleted file mode 100644 index dd2f637..0000000 --- a/home/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - programs.direnv = { - enable = true; - # enableFishIntegration = true; # why add a read-only option? - nix-direnv.enable = true; - silent = true; - }; -} diff --git a/home/ghostty.nix b/home/ghostty.nix deleted file mode 100644 index 66bb838..0000000 --- a/home/ghostty.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.enableGhostty = lib.mkEnableOption "Ghostty terminal emulator"; - config = { - programs.ghostty = { - enable = config.enableGhostty; - settings = { - maximize = true; - window-decoration = false; - command = lib.getExe pkgs.tmux; - }; - }; - }; -} diff --git a/home/gpg.nix b/home/gpg.nix deleted file mode 100644 index 4e6161a..0000000 --- a/home/gpg.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - - services.gpg-agent = { - enable = true; - enableFishIntegration = true; - enableSshSupport = true; - # extraConfig = '' - # allow-loopback-pinentry - # ''; - pinentry.package = pkgs.pinentry-tty; - }; - programs.gpg.enable = true; - # home.packages = [ pkgs.pinentry-curses ]; -} diff --git a/home/gtk.nix b/home/gtk.nix deleted file mode 100644 index d0bebe1..0000000 --- a/home/gtk.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options = { - # Enable the GTK theme - enableGTK = lib.mkEnableOption "enableGTK"; - }; - - config = lib.mkIf config.enableGTK { - home.pointerCursor = { - name = "Dracula"; - package = pkgs.dracula-theme; - gtk.enable = true; - }; - gtk = { - enable = true; - theme = { - name = "Dracula"; - package = pkgs.dracula-theme; - }; - gtk3.extraConfig = { - gtk-application-prefer-dark-theme = 1; - gtk-cursor-theme-size = 8; - }; - gtk4.extraConfig = { - gtk-application-prefer-dark-theme = 1; - gtk-cursor-theme-size = 8; - }; - }; - }; -} diff --git a/home/home.nix b/home/home.nix deleted file mode 100644 index c433f51..0000000 --- a/home/home.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - username, - homeDirectory, - stateVersion, - config, - enableGTK ? config.myModules.enableKDE, - enableGhostty ? config.myModules.enableKDE, - pkgs, - ... -}: -{ - imports = [ - ./alacritty.nix - ./tmux - ./ghostty.nix - ./git.nix - ./gpg.nix - ./gtk.nix - ./ssh.nix - ./bash.nix - ./direnv.nix - ./firefox.nix - ./fish.nix - ./tlrc.nix - ./starship.nix - ./wezterm.nix - ./zoxide.nix - ]; - - home.username = username; - home.homeDirectory = homeDirectory; - - home.packages = [ - pkgs.lazygit - ]; - - home.stateVersion = stateVersion; - - enableGTK = enableGTK; - enableFirefox = config.myModules.enableKDE; - enableAlacritty = config.myModules.enableKDE; - enableGhostty = enableGhostty; - enableWezterm = config.myModules.enableKDE; -} diff --git a/home/mpv.nix b/home/mpv.nix deleted file mode 100644 index 8c80492..0000000 --- a/home/mpv.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - programs.mpv = { - enable = true; - }; -} diff --git a/hosts/darwinHosts/prometheus/configuration.nix b/hosts/darwinHosts/prometheus/configuration.nix index 3261001..3d10385 100644 --- a/hosts/darwinHosts/prometheus/configuration.nix +++ b/hosts/darwinHosts/prometheus/configuration.nix @@ -88,7 +88,7 @@ # type = "path"; # }; # }; - + osbm-nvim.flake = inputs.osbm-nvim; my-nixpkgs = { from = { type = "indirect"; id = "my-nixpkgs"; }; @@ -128,7 +128,7 @@ programs.fish.enable = true; - # myModules.setUsers = false; + # osbmModules.setUsers = false; users.users.osbm = { description = "osbm"; shell = pkgs.fish; diff --git a/hosts/darwinHosts/prometheus/dummy-module.nix b/hosts/darwinHosts/prometheus/dummy-module.nix index aebd406..d4a7076 100644 --- a/hosts/darwinHosts/prometheus/dummy-module.nix +++ b/hosts/darwinHosts/prometheus/dummy-module.nix @@ -1,7 +1,7 @@ { lib, ... }: { options = { - myModules.enableKDE = lib.mkOption { + osbmModules.enableKDE = lib.mkOption { type = lib.types.bool; default = false; description = "Enable KDE Plasma"; diff --git a/hosts/nixos/apollo/configuration.nix b/hosts/nixos/apollo/configuration.nix index aca6bc4..d6f26e2 100644 --- a/hosts/nixos/apollo/configuration.nix +++ b/hosts/nixos/apollo/configuration.nix @@ -14,7 +14,7 @@ inputs.impermanence.nixosModules.impermanence ]; - # myModules = { + # osbmModules = { # enableKDE = false; # enableFonts = false; # blockYoutube = false; diff --git a/hosts/nixos/harmonica-sd/configuration.nix b/hosts/nixos/harmonica-sd/configuration.nix index 413cd46..13683b2 100644 --- a/hosts/nixos/harmonica-sd/configuration.nix +++ b/hosts/nixos/harmonica-sd/configuration.nix @@ -11,7 +11,7 @@ ../../../modules ]; - myModules = { + osbmModules = { enableKDE = false; enableFonts = false; blockYoutube = false; diff --git a/hosts/nixos/harmonica/configuration.nix b/hosts/nixos/harmonica/configuration.nix index 78f2607..ea6b6a7 100644 --- a/hosts/nixos/harmonica/configuration.nix +++ b/hosts/nixos/harmonica/configuration.nix @@ -9,7 +9,7 @@ ../../../modules ]; - myModules = { + osbmModules = { enableKDE = false; enableFonts = false; blockYoutube = false; diff --git a/hosts/nixos/pochita/configuration.nix b/hosts/nixos/pochita/configuration.nix index 0bc7a14..1895e48 100644 --- a/hosts/nixos/pochita/configuration.nix +++ b/hosts/nixos/pochita/configuration.nix @@ -12,7 +12,7 @@ inputs.nixos-hardware.nixosModules.raspberry-pi-5 ]; - myModules = { + osbmModules = { enableKDE = false; enableFonts = false; blockYoutube = false; diff --git a/hosts/nixos/tartarus/configuration.nix b/hosts/nixos/tartarus/configuration.nix index 01c9c37..6877026 100644 --- a/hosts/nixos/tartarus/configuration.nix +++ b/hosts/nixos/tartarus/configuration.nix @@ -10,7 +10,7 @@ ../../../modules ]; - myModules = { + osbmModules = { blockYoutube = false; blockTwitter = true; blockBluesky = false; diff --git a/hosts/nixos/wallfacer/configuration.nix b/hosts/nixos/wallfacer/configuration.nix index 47a2214..ebd5959 100644 --- a/hosts/nixos/wallfacer/configuration.nix +++ b/hosts/nixos/wallfacer/configuration.nix @@ -4,7 +4,7 @@ ./hardware-configuration.nix ../../../modules ]; - myModules = { + osbmModules = { enableKDE = false; enableFonts = false; enableNextcloud = true; diff --git a/hosts/nixos/ymir/configuration.nix b/hosts/nixos/ymir/configuration.nix index f02eb90..b8fe661 100644 --- a/hosts/nixos/ymir/configuration.nix +++ b/hosts/nixos/ymir/configuration.nix @@ -9,7 +9,7 @@ ../../../modules ]; - myModules = { + osbmModules = { blockYoutube = false; blockTwitter = true; blockBluesky = false; diff --git a/modules/common-packages.nix b/modules/common-packages.nix deleted file mode 100644 index cc5599f..0000000 --- a/modules/common-packages.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - pkgs, - inputs, - ... -}: -{ - environment.systemPackages = with pkgs; [ - inputs.osbm-nvim.packages."${pkgs.stdenv.hostPlatform.system}".default - wget - nano - git - lazygit - lazysql - git-lfs - gnumake - zip - fish - trash-cli - tmux - zoxide - htop - unzip - tlrc - (pkgs.writeShellScriptBin "wake-ymir" '' - echo waking up ymir - ${pkgs.wakeonlan}/bin/wakeonlan 04:7c:16:e6:d9:13 - '') - btop - pciutils - # lm_sensors - cloc - neofetch - pfetch - inxi - jq - dig - onefetch - just - nixd - eza - gh - starship - tree - nix-output-monitor - yazi - ripgrep - nh - comma - nix-inspect - bat - fd - dust - # dysk - gnupg - attic-client - ]; - - environment.variables = { - EDITOR = "nvim"; - VISUAL = "nvim"; - }; -} diff --git a/modules/concentration.nix b/modules/concentration.nix deleted file mode 100644 index 1162f75..0000000 --- a/modules/concentration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - myModules = { - blockYoutube = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Disables youtube using /etc/hosts file"; - }; - blockTwitter = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Disables twitter using /etc/hosts file"; - }; - blockBluesky = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Disables bluesky using /etc/hosts file"; - }; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.blockYoutube { - networking.extraHosts = '' - 0.0.0.0 youtube.com - ::0 youtube.com - - 0.0.0.0 www.youtube.com - ::0 www.youtube.com - ''; - }) - (lib.mkIf config.myModules.blockTwitter { - networking.extraHosts = '' - 0.0.0.0 twitter.com - ::0 twitter.com - - 0.0.0.0 www.twitter.com - ::0 www.twitter.com - ''; - }) - (lib.mkIf config.myModules.blockBluesky { - networking.extraHosts = '' - 0.0.0.0 bsky.app - ::0 bsky.app - - 0.0.0.0 www.bsky.app - ::0 www.bsky.app - ''; - }) - ]; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index cfabab4..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - imports = [ - ./services - ./adb.nix - ./arduino.nix - ./common-packages.nix - ./concentration.nix - ./disable-hibernation.nix - ./emulation.nix - ./fonts.nix - ./graphical-interface.nix - ./home.nix - ./i18n.nix - # ./minegrub.nix - ./nix-index.nix - ./nix-settings.nix - ./remote-builds.nix - ./secrets.nix - ./security.nix - ./sound.nix - ./users.nix - ./virtualisation.nix - ./wake-on-lan.nix - ./getty.nix - ]; -} diff --git a/modules/disable-hibernation.nix b/modules/disable-hibernation.nix deleted file mode 100644 index 0b7f40b..0000000 --- a/modules/disable-hibernation.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - myModules.disableHibernation = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Disable hibernation"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.disableHibernation { - systemd = { - targets = { - sleep = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - suspend = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - hibernate = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - "hybrid-sleep" = { - enable = false; - unitConfig.DefaultDependencies = "no"; - }; - }; - }; - }) - ]; -} diff --git a/modules/emulation.nix b/modules/emulation.nix deleted file mode 100644 index 84ac972..0000000 --- a/modules/emulation.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - myModules.enableAarch64Emulation = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable Aarch64 emulation"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableAarch64Emulation { - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; - }) - ]; -} diff --git a/modules/fonts.nix b/modules/fonts.nix deleted file mode 100644 index 54c8d20..0000000 --- a/modules/fonts.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options = { - myModules.enableFonts = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable my favorite fonts"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableFonts { - fonts.packages = with pkgs; [ - cascadia-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - liberation_ttf - fira-code - fira-code-symbols - mplus-outline-fonts.githubRelease - dina-font - nerd-fonts.fira-code - nerd-fonts.ubuntu - nerd-fonts.droid-sans-mono - proggyfonts - source-sans - source-han-sans - source-han-mono - source-sans-pro - source-serif-pro - font-awesome - font-awesome_5 - roboto - twitter-color-emoji - iosevka - dejavu_fonts - ]; - # to fix firefox - fonts.fontconfig.useEmbeddedBitmaps = true; - # fonts.fontconfig = { - # defaultFonts.emoji = ["Noto Color Emoji"]; - # }; - fonts.fontconfig.defaultFonts = { - serif = [ - "Source Han Serif SC" - "Source Han Serif TC" - "Noto Color Emoji" - ]; - sansSerif = [ - "Source Han Sans SC" - "Source Han Sans TC" - "Noto Color Emoji" - ]; - monospace = [ - "Droid Sans Mono" - "DejaVu Sans Mono" - "Source Han Mono" - "Cascadia Code" - ]; - emoji = [ "Noto Color Emoji" ]; - }; - }) - ]; -} diff --git a/modules/getty.nix b/modules/getty.nix deleted file mode 100644 index a51460b..0000000 --- a/modules/getty.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - services.getty.greetingLine = "hello"; -} diff --git a/modules/graphical-interface.nix b/modules/graphical-interface.nix deleted file mode 100644 index d04ac63..0000000 --- a/modules/graphical-interface.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options = { - myModules.enableKDE = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable KDE Plasma Desktop Environment with my favorite packages"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableKDE { - # Enable the X11 windowing system. - # You can disable this if you're only using the Wayland session. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm = { - enable = true; - # theme = "sugar-dark"; # looks ugly i give up - # wayland.enable = true; - }; - services.desktopManager.plasma6.enable = true; - - environment.plasma6.excludePackages = [ - pkgs.kdePackages.kate - pkgs.kdePackages.konsole - ]; - - # Enable CUPS to print documents. - services.printing.enable = true; - - hardware.bluetooth.enable = true; # enables support for Bluetooth - hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot - environment.systemPackages = with pkgs; [ - blender - inkscape - sddm-sugar-dark - screenkey - vscode - alacritty - ghostty - obsidian - mpv - pomodoro-gtk - libreoffice - gimp - kitty - obs-studio - qbittorrent - ani-cli - prismlauncher - element-desktop - qbittorrent - discord - (pkgs.writeShellApplication { - name = "sync-terraria"; - runtimeInputs = [ - pkgs.python3Packages.huggingface-hub - pkgs.zip - ]; - text = '' - # check if logged in to huggingface - if [ "$(huggingface-cli whoami)" == "Not logged in" ]; then - echo "Please log in to huggingface" - exit 1 - fi - - cd ~/.local/share - timestamp=$(date +%Y-%m-%d_%H-%M) - echo "$timestamp" - zip -r "Terraria_$timestamp.zip" Terraria/ - huggingface-cli upload --repo-type dataset osbm/terraria-backups "Terraria_$timestamp.zip" "Terraria_$timestamp.zip" - ''; - }) - code-cursor - ungoogled-chromium - ]; - - environment.sessionVariables.NIXOS_OZONE_WL = "1"; - - programs.steam = { - enable = true; - # Open ports in the firewall for Steam Remote Play - remotePlay.openFirewall = true; - # Open ports in the firewall for Source Dedicated Server - dedicatedServer.openFirewall = true; - # Open ports in the firewall for Steam Local Network Game Transfers - localNetworkGameTransfers.openFirewall = true; - }; - networking.firewall.allowedTCPPorts = [ 51513 ]; - }) - ]; -} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..067e288 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + # Import all home-manager modules + imports = [ + ./programs + ./services + ]; + + # Basic home-manager configuration + home.sessionVariables = { + EDITOR = lib.mkDefault "nvim"; + }; + + # Enable basic programs that most users want + programs.home-manager.enable = true; +} diff --git a/modules/home-manager/programs/alacritty.nix b/modules/home-manager/programs/alacritty.nix new file mode 100644 index 0000000..a3c6b41 --- /dev/null +++ b/modules/home-manager/programs/alacritty.nix @@ -0,0 +1,18 @@ +{ lib, ... }: +{ + programs.alacritty = { + enable = lib.mkDefault false; + settings = { + window = { + opacity = 0.95; + padding = { + x = 10; + y = 10; + }; + }; + font = { + size = 11.0; + }; + }; + }; +} diff --git a/home/bash.nix b/modules/home-manager/programs/bash.nix similarity index 100% rename from home/bash.nix rename to modules/home-manager/programs/bash.nix diff --git a/modules/home-manager/programs/default.nix b/modules/home-manager/programs/default.nix new file mode 100644 index 0000000..1b22c2c --- /dev/null +++ b/modules/home-manager/programs/default.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + imports = [ + ./fish.nix + ./starship.nix + ./git.nix + ./tmux.nix + ./zoxide.nix + ./direnv.nix + ./alacritty.nix + ./ghostty.nix + ./wezterm.nix + ./firefox.nix + ./mpv.nix + ]; +} diff --git a/modules/home-manager/programs/direnv.nix b/modules/home-manager/programs/direnv.nix new file mode 100644 index 0000000..2b51c9d --- /dev/null +++ b/modules/home-manager/programs/direnv.nix @@ -0,0 +1,6 @@ +{ + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; +} diff --git a/home/firefox.nix b/modules/home-manager/programs/firefox.nix similarity index 100% rename from home/firefox.nix rename to modules/home-manager/programs/firefox.nix diff --git a/home/fish.nix b/modules/home-manager/programs/fish.nix similarity index 100% rename from home/fish.nix rename to modules/home-manager/programs/fish.nix diff --git a/modules/home-manager/programs/ghostty.nix b/modules/home-manager/programs/ghostty.nix new file mode 100644 index 0000000..e5977bf --- /dev/null +++ b/modules/home-manager/programs/ghostty.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +{ + programs.ghostty = { + enable = lib.mkDefault false; + # Configuration can be added as needed + }; +} diff --git a/home/git.nix b/modules/home-manager/programs/git.nix similarity index 100% rename from home/git.nix rename to modules/home-manager/programs/git.nix diff --git a/modules/home-manager/programs/mpv.nix b/modules/home-manager/programs/mpv.nix new file mode 100644 index 0000000..f08f20c --- /dev/null +++ b/modules/home-manager/programs/mpv.nix @@ -0,0 +1,10 @@ +{ lib, ... }: +{ + programs.mpv = { + enable = lib.mkDefault false; + config = { + hwdec = "auto"; + vo = "gpu"; + }; + }; +} diff --git a/home/ssh.nix b/modules/home-manager/programs/ssh.nix similarity index 100% rename from home/ssh.nix rename to modules/home-manager/programs/ssh.nix diff --git a/home/starship.nix b/modules/home-manager/programs/starship.nix similarity index 100% rename from home/starship.nix rename to modules/home-manager/programs/starship.nix diff --git a/home/tlrc.nix b/modules/home-manager/programs/tlrc.nix similarity index 100% rename from home/tlrc.nix rename to modules/home-manager/programs/tlrc.nix diff --git a/home/tmux/default.nix b/modules/home-manager/programs/tmux.nix similarity index 100% rename from home/tmux/default.nix rename to modules/home-manager/programs/tmux.nix diff --git a/home/wezterm.nix b/modules/home-manager/programs/wezterm.nix similarity index 100% rename from home/wezterm.nix rename to modules/home-manager/programs/wezterm.nix diff --git a/home/zoxide.nix b/modules/home-manager/programs/zoxide.nix similarity index 100% rename from home/zoxide.nix rename to modules/home-manager/programs/zoxide.nix diff --git a/modules/home.nix b/modules/home.nix deleted file mode 100644 index 5fbf391..0000000 --- a/modules/home.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - pkgs, - inputs, - ... -}: -{ - imports = [ - inputs.home-manager.nixosModules.home-manager - ]; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - verbose = true; - backupFileExtension = "hmbak"; - users.osbm = import ../home/home.nix { - inherit config pkgs; - # fuck you macos - username = "osbm"; - homeDirectory = "/home/osbm"; - inherit (config.system) stateVersion; - }; - }; -} diff --git a/modules/i18n.nix b/modules/i18n.nix deleted file mode 100644 index 6860e81..0000000 --- a/modules/i18n.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, ... }: -{ - time.timeZone = "Europe/Istanbul"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "tr_TR.UTF-8"; - LC_IDENTIFICATION = "tr_TR.UTF-8"; - LC_MEASUREMENT = "tr_TR.UTF-8"; - LC_MONETARY = "tr_TR.UTF-8"; - LC_NAME = "tr_TR.UTF-8"; - LC_NUMERIC = "tr_TR.UTF-8"; - LC_PAPER = "tr_TR.UTF-8"; - LC_TELEPHONE = "tr_TR.UTF-8"; - LC_TIME = "ja_JP.UTF-8"; - # LC_ALL = "en_US.UTF-8"; - }; - - services.xserver.xkb = { - layout = "us"; - variant = ""; - }; - - i18n.inputMethod = { - type = "fcitx5"; - enable = true; - fcitx5.addons = with pkgs; [ - fcitx5-mozc - fcitx5-gtk - fcitx5-nord # a color theme - ]; - }; -} diff --git a/modules/nix-index.nix b/modules/nix-index.nix deleted file mode 100644 index 4970c07..0000000 --- a/modules/nix-index.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ inputs, ... }: -{ - imports = [ - inputs.nix-index-database.nixosModules.nix-index - ]; - programs.nix-index-database.comma.enable = true; - programs.command-not-found.enable = false; # TODO fix ts - -} diff --git a/modules/nix-settings.nix b/modules/nix-settings.nix deleted file mode 100644 index c848ff0..0000000 --- a/modules/nix-settings.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - inputs, - lib, - pkgs, - ... -}: -{ - # Allow unfree packages - nixpkgs.config.allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "vscode" # TODO: remove this - "discord" - "obsidian" - "steam" - "steam-unwrapped" - "open-webui" - "vscode-extension-github-copilot" - "spotify" - "cursor" - # nvidia related (i have to) - "nvidia-x11" - "cuda_cudart" - "libcublas" - "cuda_cccl" - "cuda_nvcc" - "nvidia-settings" - "cuda-merged" - ]; - nixpkgs.config.allowAliases = false; - - # enable nix flakes - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - # nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - - nix.channel.enable = false; - - nix.registry = { - self.flake = inputs.self; - nixpkgs.flake = inputs.nixpkgs; - - # Commented out because i want to make sure it works if i switch a system - # to another nixpkgs with a different flake input name - # nixpkgs = { - # from = { type = "indirect"; id = "nixpkgs"; }; - # to = { - # path = pkgs.path; - # type = "path"; - # }; - # }; - - osbm-nvim.flake = inputs.osbm-nvim; - my-nixpkgs = { - from = { type = "indirect"; id = "my-nixpkgs"; }; - to = { - owner = "osbm"; - repo = "nixpkgs"; - type = "github"; - }; - }; - osbm-dev = { - from = { type = "indirect"; id = "osbm-dev"; }; - to = { - owner = "osbm"; - repo = "osbm.dev"; - type = "github"; - }; - }; - devshells = { - from = { type = "indirect"; id = "devshells"; }; - to = { - owner = "osbm"; - repo = "devshells"; - type = "github"; - }; - }; - }; - - nix.settings.trusted-users = [ - "root" - "osbm" - ]; - - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" # nix-community cache - # "http://wallfacer.curl-boga.ts.net:7080/main" # personal attic cache - ]; - - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - # "main:2AjPdIsbKyoTGuw+4x2ZXMUT/353CXosW9pdbTQtjqw=" - ]; - }; - - nix.gc = { - automatic = true; - dates = "01:37"; - options = "--delete-older-than 7d"; - }; - - # nix.nixPath = ["nixpkgs=${pkgs.path}"]; - - system.configurationRevision = inputs.self.rev or "dirty"; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..7d125ae --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./options.nix + ./programs + ./hardware + ./services + ./system + ]; +} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..e952fd7 --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./sound.nix + ./nvidia.nix + ./hibernation.nix + ./wake-on-lan.nix + ./disko.nix + ]; +} diff --git a/modules/nixos/hardware/disko.nix b/modules/nixos/hardware/disko.nix new file mode 100644 index 0000000..64a71c3 --- /dev/null +++ b/modules/nixos/hardware/disko.nix @@ -0,0 +1,325 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.osbmModules.hardware.disko; + inherit (config.networking) hostName; + + # Default authorized keys for initrd SSH + defaultAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF1TFwXbqdC1UyG75q3HO1n7/L3yxpeRLIq2kQ9DalI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo" + ]; + + authorizedKeys = if cfg.initrd-ssh.authorizedKeys != [] + then cfg.initrd-ssh.authorizedKeys + else defaultAuthorizedKeys; +in +{ + config = lib.mkMerge [ + # Systemd-boot setup + (lib.mkIf (cfg.enable && cfg.systemd-boot) { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + }) + + # Initrd SSH for remote unlocking + (lib.mkIf (cfg.enable && cfg.initrd-ssh.enable) { + boot.initrd.network.enable = true; + boot.initrd.availableKernelModules = cfg.initrd-ssh.ethernetDrivers; + boot.kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ]; + boot.initrd.network.ssh = { + enable = true; + port = 22; + shell = "/bin/cryptsetup-askpass"; + authorizedKeys = authorizedKeys; + hostKeys = [ "/etc/ssh/initrd" ]; + }; + boot.initrd.secrets = { + "/etc/ssh/initrd" = "/etc/ssh/initrd"; + }; + }) + + # ZFS Configuration + (lib.mkIf (cfg.enable && cfg.zfs.enable) { + networking.hostId = cfg.zfs.hostID; + + environment.systemPackages = [ pkgs.zfs-prune-snapshots ]; + + boot = { + # ZFS does not support swapfiles + kernelParams = [ + "nohibernate" + "zfs.zfs_arc_max=17179869184" # 16GB ARC max + ]; + supportedFilesystems = [ "vfat" "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-id/"; + forceImportAll = true; + requestEncryptionCredentials = cfg.zfs.root.encrypt; + }; + }; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + # Disko configuration for ZFS + disko.devices = { + disk = lib.mkMerge [ + # Storage pool disks (if enabled and not reinstalling) + (lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) ( + lib.mkMerge ( + map (diskname: { + "${diskname}" = { + type = "disk"; + device = "/dev/${diskname}"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; + content = { + type = "luks"; + name = "stg${diskname}"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "zfs"; + pool = "zstorage"; + }; + }; + }; + }; + }; + }; + }) cfg.zfs.storage.disks + ) + )) + + # Root disk 1 (primary) + { + one = lib.mkIf (cfg.zfs.root.disk1 != "") { + type = "disk"; + device = "/dev/${cfg.zfs.root.disk1}"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "2048M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" "umask=0077" ]; + }; + }; + + # Encrypted root partition + luks = lib.mkIf cfg.zfs.root.encrypt { + size = "100%"; + content = { + type = "luks"; + name = "crypted1"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + + # Unencrypted root partition + notluks = lib.mkIf (!cfg.zfs.root.encrypt) { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + + # Root disk 2 (mirror) + two = lib.mkIf (cfg.zfs.root.disk2 != "") { + type = "disk"; + device = "/dev/${cfg.zfs.root.disk2}"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted2"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + } + ]; + + # ZFS pools + zpool = { + # Root pool + zroot = { + type = "zpool"; + mode = lib.mkIf cfg.zfs.root.mirror "mirror"; + rootFsOptions = { + canmount = "off"; + checksum = "edonr"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + relatime = "on"; + "com.sun:auto-snapshot" = "false"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + # Reserved space for ZFS CoW operations + reserved = { + type = "zfs_fs"; + options = { + canmount = "off"; + mountpoint = "none"; + reservation = cfg.zfs.root.reservation; + }; + }; + + # SSH keys dataset + etcssh = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/etc/ssh"; + options."com.sun:auto-snapshot" = "false"; + postCreateHook = "zfs snapshot zroot/etcssh@empty"; + }; + + # Persistent data + persist = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + options."com.sun:auto-snapshot" = "false"; + postCreateHook = "zfs snapshot zroot/persist@empty"; + }; + + # Persistent save data + persistSave = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist/save"; + options."com.sun:auto-snapshot" = "false"; + postCreateHook = "zfs snapshot zroot/persistSave@empty"; + }; + + # Nix store + nix = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + options = { + atime = "off"; + canmount = "on"; + "com.sun:auto-snapshot" = "false"; + }; + postCreateHook = "zfs snapshot zroot/nix@empty"; + }; + + # Root filesystem + root = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + options."com.sun:auto-snapshot" = "false"; + mountpoint = "/"; + postCreateHook = "zfs snapshot zroot/root@empty"; + }; + }; + }; + + # Storage pool (if enabled and not reinstalling) + zstorage = lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) { + type = "zpool"; + mode = lib.mkIf cfg.zfs.storage.mirror "mirror"; + rootFsOptions = { + canmount = "off"; + checksum = "edonr"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + relatime = "on"; + "com.sun:auto-snapshot" = "false"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + # Reserved space + reserved = { + type = "zfs_fs"; + options = { + canmount = "off"; + mountpoint = "none"; + reservation = cfg.zfs.storage.reservation; + }; + }; + + # Main storage + storage = { + type = "zfs_fs"; + mountpoint = "/storage"; + options = { + atime = "off"; + canmount = "on"; + "com.sun:auto-snapshot" = "false"; + }; + }; + + # Persistent save in storage + persistSave = { + type = "zfs_fs"; + mountpoint = "/storage/save"; + options = { + atime = "off"; + canmount = "on"; + "com.sun:auto-snapshot" = "false"; + }; + }; + }; + }; + }; + }; + + # Needed for agenix - SSH keys must be available before ZFS mounts + fileSystems."/etc/ssh".neededForBoot = true; + + # Needed for impermanence + fileSystems."/persist".neededForBoot = true; + fileSystems."/persist/save".neededForBoot = true; + }) + + # Impermanence: wipe root on boot + (lib.mkIf (cfg.enable && cfg.zfs.enable && cfg.zfs.root.impermanenceRoot) { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r zroot/root@empty + ''; + }) + ]; +} diff --git a/modules/nixos/hardware/hibernation.nix b/modules/nixos/hardware/hibernation.nix new file mode 100644 index 0000000..6b5e247 --- /dev/null +++ b/modules/nixos/hardware/hibernation.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + config = lib.mkIf (!config.osbmModules.hardware.hibernation.enable) { + # Disable hibernation/suspend + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + }; +} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix new file mode 100644 index 0000000..e010ea8 --- /dev/null +++ b/modules/nixos/hardware/nvidia.nix @@ -0,0 +1,33 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.hardware.nvidiaDriver.enable { + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + # Modesetting is required + modesetting.enable = true; + + # Nvidia power management + powerManagement.enable = false; + powerManagement.finegrained = false; + + # Use the open source kernel module + open = false; + + # Enable the Nvidia settings menu + nvidiaSettings = true; + + # Select appropriate driver version + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # Enable nvidia-container-toolkit if virtualization is enabled + hardware.nvidia-container-toolkit.enable = lib.mkIf config.osbmModules.virtualization.docker.enable true; + }; +} diff --git a/modules/nixos/hardware/sound.nix b/modules/nixos/hardware/sound.nix new file mode 100644 index 0000000..3a18a6f --- /dev/null +++ b/modules/nixos/hardware/sound.nix @@ -0,0 +1,20 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.hardware.sound.enable { + # Disable PulseAudio + services.pulseaudio.enable = false; + + # Enable rtkit for realtime audio + security.rtkit.enable = true; + + # Enable PipeWire + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications: + # jack.enable = true; + }; + }; +} diff --git a/modules/nixos/options.nix b/modules/nixos/options.nix new file mode 100644 index 0000000..104647a --- /dev/null +++ b/modules/nixos/options.nix @@ -0,0 +1,364 @@ +{ lib, ... }: +{ + options.osbmModules = { + # Desktop Environment + desktopEnvironment = lib.mkOption { + type = lib.types.enum [ "plasma" "none" ]; + default = "none"; + description = "Which desktop environment to use"; + }; + + # Machine Type + machineType = lib.mkOption { + type = lib.types.enum [ "desktop" "laptop" "server" "embedded" "mobile" ]; + default = "server"; + description = "Type of machine for appropriate defaults"; + }; + + # Users + users = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "osbm" "bayram" ]; + description = "List of users to create. `osbm` is my main user, and `bayram` is for my family."; + }; + + defaultUser = lib.mkOption { + type = lib.types.str; + default = "osbm"; + description = "Default user for the system"; + }; + + # Home Manager + homeManager = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable home-manager integration"; + }; + }; + + # Agenix + agenix = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable agenix for secrets management"; + }; + }; + + # Nix Settings + nixSettings = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable custom nix settings"; + }; + }; + + # Programs + programs = { + steam = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Steam gaming platform"; + }; + }; + + graphical = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable graphical applications"; + }; + }; + + commandLine = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable common command line tools"; + }; + }; + + neovim = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable neovim with custom configuration"; + }; + }; + + arduino = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Arduino IDE and development tools"; + }; + }; + + adbFastboot = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable ADB and Fastboot for Android development"; + }; + }; + }; + + # Services + services = { + openssh = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable OpenSSH server"; + }; + }; + + tailscale = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable Tailscale VPN"; + }; + }; + + syncthing.enable = lib.mkEnableOption "syncthing"; + jellyfin.enable = lib.mkEnableOption "jellyfin"; + nextcloud.enable = lib.mkEnableOption "nextcloud"; + vaultwarden.enable = lib.mkEnableOption "vaultwarden"; + ollama.enable = lib.mkEnableOption "ollama"; + forgejo.enable = lib.mkEnableOption "forgejo"; + caddy.enable = lib.mkEnableOption "caddy"; + attic.enable = lib.mkEnableOption "attic"; + cloudflared.enable = lib.mkEnableOption "cloudflared"; + cloudflare-dyndns.enable = lib.mkEnableOption "cloudflare-dyndns"; + glance.enable = lib.mkEnableOption "glance"; + hydra.enable = lib.mkEnableOption "hydra"; + vscode-server.enable = lib.mkEnableOption "vscode-server"; + }; + + # Hardware + hardware = { + sound = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable sound with pipewire"; + }; + }; + + nvidiaDriver = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable NVIDIA proprietary drivers"; + }; + }; + + hibernation = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable hibernation support"; + }; + }; + + wakeOnLan = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable wake-on-LAN support"; + }; + }; + + # Disko configuration (inspired by ZFS.nix) + disko = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable custom disk configuration with disko"; + }; + + amReinstalling = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Am I reinstalling and want to save the storage pool"; + }; + + fileSystem = lib.mkOption { + type = lib.types.enum [ "zfs" "ext4" ]; + default = "ext4"; + description = "Root filesystem type"; + }; + + systemd-boot = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Use systemd-boot bootloader"; + }; + + initrd-ssh = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable SSH in initrd for remote unlocking"; + }; + + authorizedKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "SSH public keys for initrd access"; + }; + + ethernetDrivers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "Ethernet drivers to load in initrd"; + }; + }; + + zfs = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable ZFS filesystem"; + }; + + hostID = lib.mkOption { + type = lib.types.str; + default = ""; + description = "ZFS host ID (8 hex characters)"; + }; + + root = { + encrypt = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Encrypt root ZFS pool"; + }; + + disk1 = lib.mkOption { + type = lib.types.str; + default = ""; + description = "First disk device name (e.g., nvme0n1)"; + }; + + disk2 = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Second disk device name for mirroring"; + }; + + reservation = lib.mkOption { + type = lib.types.str; + default = "20G"; + description = "ZFS reservation size"; + }; + + mirror = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Mirror the root ZFS pool"; + }; + + impermanenceRoot = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Wipe the root directory on boot (impermanence)"; + }; + }; + + storage = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable separate storage ZFS pool"; + }; + + disks = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "Storage pool disk device names"; + }; + + reservation = lib.mkOption { + type = lib.types.str; + default = "20G"; + description = "Storage pool ZFS reservation"; + }; + + mirror = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Mirror the storage ZFS pool"; + }; + }; + }; + }; + }; + + # Virtualization + virtualization = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable virtualization support (libvirt, docker, etc.)"; + }; + + docker = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Docker"; + }; + }; + + podman = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Podman"; + }; + }; + + libvirt = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable libvirt/KVM"; + }; + }; + }; + + + + # Internationalization + i18n = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable internationalization settings"; + }; + }; + + # Fonts + fonts = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable custom fonts"; + }; + }; + + # Nix Index + nixIndex = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable nix-index for command-not-found"; + }; + }; + }; +} diff --git a/modules/nixos/programs/command-line.nix b/modules/nixos/programs/command-line.nix new file mode 100644 index 0000000..94c67c6 --- /dev/null +++ b/modules/nixos/programs/command-line.nix @@ -0,0 +1,48 @@ +{ pkgs, inputs, lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.programs.commandLine.enable { + environment.systemPackages = with pkgs; [ + wget + nano + git + lazygit + lazysql + git-lfs + gnumake + zip + fish + trash-cli + tmux + zoxide + htop + unzip + tlrc + btop + pciutils + cloc + neofetch + pfetch + inxi + jq + dig + onefetch + just + nixd + eza + gh + starship + tree + nix-output-monitor + yazi + ripgrep + nh + comma + nix-inspect + bat + fd + du-dust + duf + ncdu + ]; + }; +} diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix new file mode 100644 index 0000000..f90fcd8 --- /dev/null +++ b/modules/nixos/programs/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./adb-fastboot.nix + ./arduino.nix + ./command-line.nix + ./graphical.nix + ./neovim.nix + ./steam.nix + ]; +} diff --git a/modules/nixos/programs/graphical.nix b/modules/nixos/programs/graphical.nix new file mode 100644 index 0000000..d388c0b --- /dev/null +++ b/modules/nixos/programs/graphical.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.programs.graphical.enable { + environment.systemPackages = with pkgs; [ + mpv + gimp + inkscape + libreoffice + discord + telegram-desktop + obs-studio + blender + vscode + chromium + ]; + }; +} diff --git a/modules/nixos/programs/neovim.nix b/modules/nixos/programs/neovim.nix new file mode 100644 index 0000000..2814441 --- /dev/null +++ b/modules/nixos/programs/neovim.nix @@ -0,0 +1,8 @@ +{ lib, inputs, config, pkgs, ... }: +{ + config = lib.mkIf config.osbmModules.programs.neovim.enable { + environment.systemPackages = [ + inputs.osbm-nvim.packages."${pkgs.stdenv.hostPlatform.system}".default + ]; + }; +} diff --git a/modules/nixos/programs/steam.nix b/modules/nixos/programs/steam.nix new file mode 100644 index 0000000..94dbeae --- /dev/null +++ b/modules/nixos/programs/steam.nix @@ -0,0 +1,14 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.programs.steam.enable { + programs.steam = { + enable = true; + # Open ports in the firewall for Steam Remote Play + remotePlay.openFirewall = true; + # Open ports in the firewall for Source Dedicated Server + dedicatedServer.openFirewall = true; + # Open ports in the firewall for Steam Local Network Game Transfers + localNetworkGameTransfers.openFirewall = true; + }; + }; +} diff --git a/modules/nixos/system/agenix.nix b/modules/nixos/system/agenix.nix new file mode 100644 index 0000000..e363f71 --- /dev/null +++ b/modules/nixos/system/agenix.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.agenix.enable { + # Agenix will be configured via the agenix input + # This module exists to enable agenix-related configurations + age.identityPaths = lib.mkDefault [ + "/etc/ssh/ssh_host_ed25519_key" + ]; + }; +} diff --git a/modules/nixos/system/concentration.nix b/modules/nixos/system/concentration.nix new file mode 100644 index 0000000..7212310 --- /dev/null +++ b/modules/nixos/system/concentration.nix @@ -0,0 +1,34 @@ +{ lib, config, ... }: +let + cfg = config.osbmModules.concentration; + + blockedSites = lib.flatten [ + (lib.optional cfg.blockYoutube [ + "youtube.com" + "www.youtube.com" + "m.youtube.com" + "youtu.be" + ]) + (lib.optional cfg.blockTwitter [ + "twitter.com" + "www.twitter.com" + "x.com" + "www.x.com" + "mobile.twitter.com" + "mobile.x.com" + ]) + (lib.optional cfg.blockBluesky [ + "bsky.app" + "www.bsky.app" + "bluesky.app" + "www.bluesky.app" + ]) + ]; + + hostsEntries = lib.concatMapStrings (site: "127.0.0.1 ${site}\n") blockedSites; +in +{ + config = lib.mkIf (blockedSites != []) { + networking.extraHosts = hostsEntries; + }; +} diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix new file mode 100644 index 0000000..34c6a5c --- /dev/null +++ b/modules/nixos/system/default.nix @@ -0,0 +1,17 @@ +{ + imports = [ + ./users.nix + ./desktop-environment.nix + ./nix-settings.nix + ./agenix.nix + ./home-manager.nix + ./virtualization.nix + ./emulation.nix + ./concentration.nix + ./remote-builds.nix + ./i18n.nix + ./fonts.nix + ./security.nix + ./nix-index.nix + ]; +} diff --git a/modules/nixos/system/desktop-environment.nix b/modules/nixos/system/desktop-environment.nix new file mode 100644 index 0000000..e84e89f --- /dev/null +++ b/modules/nixos/system/desktop-environment.nix @@ -0,0 +1,63 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.osbmModules; +in +{ + config = lib.mkMerge [ + # Plasma Desktop Environment + (lib.mkIf (cfg.desktopEnvironment == "plasma") { + services.xserver.enable = true; + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + kate + konsole + ]; + + # Enable printing + services.printing.enable = true; + + # Enable Bluetooth + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + # Desktop packages + environment.systemPackages = with pkgs; [ + alacritty + ghostty + obsidian + mpv + kitty + qbittorrent + element-desktop + ]; + + # Wayland support + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + }) + + # GNOME Desktop Environment + (lib.mkIf (cfg.desktopEnvironment == "gnome") { + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Enable printing + services.printing.enable = true; + + # Enable Bluetooth + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + }) + + # Common settings for any desktop environment + (lib.mkIf (cfg.desktopEnvironment != "none") { + # Enable X11 keymap + services.xserver.xkb = { + layout = lib.mkDefault "us"; + variant = lib.mkDefault ""; + }; + }) + ]; +} diff --git a/modules/nixos/system/emulation.nix b/modules/nixos/system/emulation.nix new file mode 100644 index 0000000..205474a --- /dev/null +++ b/modules/nixos/system/emulation.nix @@ -0,0 +1,7 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.emulation.aarch64.enable { + # Enable binfmt for aarch64 emulation + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + }; +} diff --git a/modules/nixos/system/fonts.nix b/modules/nixos/system/fonts.nix new file mode 100644 index 0000000..b8f68fe --- /dev/null +++ b/modules/nixos/system/fonts.nix @@ -0,0 +1,27 @@ +{ pkgs, lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.fonts.enable { + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + liberation_ttf + fira-code + fira-code-symbols + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + jetbrains-mono + (nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" "Iosevka" ]; }) + ]; + + fonts.fontconfig = { + defaultFonts = { + serif = [ "Noto Serif" ]; + sansSerif = [ "Noto Sans" ]; + monospace = [ "JetBrainsMono Nerd Font" "Fira Code" ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + }; +} diff --git a/modules/nixos/system/home-manager.nix b/modules/nixos/system/home-manager.nix new file mode 100644 index 0000000..3a1e8db --- /dev/null +++ b/modules/nixos/system/home-manager.nix @@ -0,0 +1,21 @@ +{ lib, config, inputs, ... }: +let + cfg = config.osbmModules; +in +{ + config = lib.mkIf (cfg.homeManager.enable && inputs ? home-manager) { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + + # Pass inputs and outputs to home-manager modules + extraSpecialArgs = { inherit inputs; }; + + # Configure home-manager for each user + users = lib.genAttrs cfg.users (username: { + home.stateVersion = lib.mkDefault "24.05"; + imports = [ ../../home-manager ]; + }); + }; + }; +} diff --git a/modules/nixos/system/i18n.nix b/modules/nixos/system/i18n.nix new file mode 100644 index 0000000..8a127d5 --- /dev/null +++ b/modules/nixos/system/i18n.nix @@ -0,0 +1,22 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.i18n.enable { + # Set your time zone + time.timeZone = lib.mkDefault "Europe/Istanbul"; + + # Select internationalisation properties + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + + i18n.extraLocaleSettings = lib.mkDefault { + LC_ADDRESS = "tr_TR.UTF-8"; + LC_IDENTIFICATION = "tr_TR.UTF-8"; + LC_MEASUREMENT = "tr_TR.UTF-8"; + LC_MONETARY = "tr_TR.UTF-8"; + LC_NAME = "tr_TR.UTF-8"; + LC_NUMERIC = "tr_TR.UTF-8"; + LC_PAPER = "tr_TR.UTF-8"; + LC_TELEPHONE = "tr_TR.UTF-8"; + LC_TIME = "tr_TR.UTF-8"; + }; + }; +} diff --git a/modules/nixos/system/nix-index.nix b/modules/nixos/system/nix-index.nix new file mode 100644 index 0000000..17e4ca2 --- /dev/null +++ b/modules/nixos/system/nix-index.nix @@ -0,0 +1,7 @@ +{ lib, config, inputs, ... }: +{ + config = lib.mkIf (config.osbmModules.nixIndex.enable && inputs ? nix-index-database) { + programs.nix-index-database.comma.enable = true; + programs.command-not-found.enable = false; + }; +} diff --git a/modules/nixos/system/nix-settings.nix b/modules/nixos/system/nix-settings.nix new file mode 100644 index 0000000..749c59a --- /dev/null +++ b/modules/nixos/system/nix-settings.nix @@ -0,0 +1,78 @@ +{ inputs, lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.nixSettings.enable { + # Allow unfree packages + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "vscode" + "discord" + "obsidian" + "steam" + "steam-unwrapped" + "open-webui" + "vscode-extension-github-copilot" + "spotify" + "cursor" + # NVIDIA related + "nvidia-x11" + "cuda_cudart" + "libcublas" + "cuda_cccl" + "cuda_nvcc" + "nvidia-settings" + "cuda-merged" + ]; + + nixpkgs.config.allowAliases = false; + + # Enable Nix flakes + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.channel.enable = false; + + # Nix registry configuration + nix.registry = lib.mkIf (inputs ? self && inputs ? nixpkgs) { + self.flake = inputs.self; + nixpkgs.flake = inputs.nixpkgs; + osbm-nvim = lib.mkIf (inputs ? osbm-nvim) { + flake = inputs.osbm-nvim; + }; + }; + + # Trusted users + nix.settings.trusted-users = [ + "root" + config.osbmModules.defaultUser + ]; + + # Binary cache configuration + nix.settings = { + substituters = [ + "https://nix-community.cachix.org" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + # Garbage collection + nix.gc = { + automatic = lib.mkDefault true; + dates = lib.mkDefault "weekly"; + options = lib.mkDefault "--delete-older-than 7d"; + }; + + # Optimize store automatically + nix.settings.auto-optimise-store = lib.mkDefault true; + + # Environment variables + environment.variables = { + EDITOR = lib.mkDefault "nvim"; + VISUAL = lib.mkDefault "nvim"; + }; + }; +} diff --git a/modules/nixos/system/remote-builds.nix b/modules/nixos/system/remote-builds.nix new file mode 100644 index 0000000..eb7807c --- /dev/null +++ b/modules/nixos/system/remote-builds.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.remoteBuild.enable { + # Remote build configuration + # This should be customized per-host + nix.buildMachines = lib.mkDefault []; + nix.distributedBuilds = lib.mkDefault true; + }; +} diff --git a/modules/nixos/system/security.nix b/modules/nixos/system/security.nix new file mode 100644 index 0000000..5662781 --- /dev/null +++ b/modules/nixos/system/security.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.osbmModules.security.enable { + # Security hardening + security.sudo.wheelNeedsPassword = lib.mkDefault true; + + # Polkit for privilege escalation + security.polkit.enable = lib.mkDefault true; + + # Additional security settings can be added here + }; +} diff --git a/modules/nixos/system/users.nix b/modules/nixos/system/users.nix new file mode 100644 index 0000000..07f37a2 --- /dev/null +++ b/modules/nixos/system/users.nix @@ -0,0 +1,32 @@ +{ lib, config, ... }: +let + cfg = config.osbmModules; +in +{ + config = lib.mkIf (cfg.users != []) { + users.users = lib.mkMerge [ + # Create users based on the list + (lib.genAttrs cfg.users (username: { + isNormalUser = true; + description = username; + extraGroups = [ "networkmanager" ] + ++ lib.optional (username == cfg.defaultUser) "wheel" + ++ lib.optional config.osbmModules.virtualization.docker.enable "docker" + ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers"; + })) + + # Additional configuration for default user + { + ${cfg.defaultUser} = { + openssh.authorizedKeys.keys = lib.mkDefault [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k" + ]; + }; + } + ]; + + # Set default shell + users.defaultUserShell = lib.mkDefault config.pkgs.fish; + programs.fish.enable = lib.mkDefault true; + }; +} diff --git a/modules/nixos/system/virtualization.nix b/modules/nixos/system/virtualization.nix new file mode 100644 index 0000000..cbf4142 --- /dev/null +++ b/modules/nixos/system/virtualization.nix @@ -0,0 +1,28 @@ +{ lib, config, ... }: +let + cfg = config.osbmModules.virtualization; +in +{ + config = lib.mkMerge [ + # Docker + (lib.mkIf cfg.docker.enable { + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = lib.mkDefault "overlay2"; + }) + + # Podman + (lib.mkIf cfg.podman.enable { + virtualisation.podman = { + enable = true; + dockerCompat = lib.mkDefault true; + defaultNetwork.settings.dns_enabled = true; + }; + }) + + # Libvirt/KVM + (lib.mkIf cfg.libvirt.enable { + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + }) + ]; +} diff --git a/modules/remote-builds.nix b/modules/remote-builds.nix deleted file mode 100644 index 901d928..0000000 --- a/modules/remote-builds.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - outputs, - lib, - ... -}: -{ - config = lib.mkMerge [ - (lib.mkIf (config.networking.hostName == "pochita") { - nix.distributedBuilds = true; - # nix.settings.builders-use-substitutes = true; - nix.buildMachines = [ - { - hostName = "ymir"; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - supportedFeatures = outputs.nixosConfigurations.ymir.config.nix.settings.system-features; - sshKey = config.age.secrets.ssh-key-private.path; - sshUser = "osbm"; - protocol = "ssh-ng"; - } - { - hostName = "wallfacer"; - systems = [ "x86_64-linux" ]; - supportedFeatures = outputs.nixosConfigurations.wallfacer.config.nix.settings.system-features; - sshKey = config.age.secrets.ssh-key-private.path; - sshUser = "osbm"; - protocol = "ssh-ng"; - } - ]; - }) - ]; -} diff --git a/modules/secrets.nix b/modules/secrets.nix deleted file mode 100644 index f8a0843..0000000 --- a/modules/secrets.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: -{ - imports = [ - inputs.agenix.nixosModules.default - ]; - options = { - myModules.enableSecrets = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable agenix secrets management"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableSecrets { - environment.systemPackages = [ - inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.agenix - pkgs.age - ]; - - age.secrets = { - network-manager.file = ../secrets/network-manager.age; - ssh-key-private = { - file = ../secrets/ssh-key-private.age; - path = "/home/osbm/.ssh/id_ed25519"; - owner = "osbm"; - group = "users"; - mode = "600"; - }; - ssh-key-public = { - file = ../secrets/ssh-key-public.age; - path = "/home/osbm/.ssh/id_ed25519.pub"; - owner = "osbm"; - group = "users"; - mode = "644"; - }; - }; - }) - ]; -} diff --git a/modules/security.nix b/modules/security.nix deleted file mode 100644 index 980f102..0000000 --- a/modules/security.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - security.sudo.extraConfig = '' - Defaults timestamp_timeout=30 - ''; -} diff --git a/modules/sound.nix b/modules/sound.nix deleted file mode 100644 index deb119d..0000000 --- a/modules/sound.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - myModules.enableSound = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable sound with pipewire."; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableFonts { - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - }) - ]; -} diff --git a/modules/users.nix b/modules/users.nix deleted file mode 100644 index 1858987..0000000 --- a/modules/users.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, config, ... }: -{ - options = { - myModules.setUsers = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable user management."; - }; - }; - - config = lib.mkIf config.myModules.setUsers { - users.users = { - osbm = { - isNormalUser = true; - description = "osbm"; - initialHashedPassword = "$6$IamAbigfailure$irfkAsWev8CMAr78wUwUggclplXL98sbI21fpGY9nMDz47bU88RZWFLO7FcN5SdRA18ZSidkMqS76uLCMH68f."; - extraGroups = [ - "networkmanager" - "wheel" - "docker" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k" - ]; - packages = [ - ]; - }; - bayram = { - isNormalUser = true; - description = "bayram"; - initialHashedPassword = "$6$IamAbigfailure$3BP231DVwbqUtZ.mq33nM/JitBrT2u26Y25VpsfBwhZbezMHz4XbySrOMnaMcCYdsb3wZFL3Ppcp0L.R8nonT."; - extraGroups = [ "networkmanager" ]; - packages = [ - ]; - }; - root.initialHashedPassword = "$6$IamAbigfailure$irfkAsWev8CMAr78wUwUggclplXL98sbI21fpGY9nMDz47bU88RZWFLO7FcN5SdRA18ZSidkMqS76uLCMH68f."; - }; - }; -} diff --git a/modules/virtualisation.nix b/modules/virtualisation.nix deleted file mode 100644 index a878015..0000000 --- a/modules/virtualisation.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - virtualisation.docker.enable = true; -} diff --git a/modules/wake-on-lan.nix b/modules/wake-on-lan.nix deleted file mode 100644 index 4a0f955..0000000 --- a/modules/wake-on-lan.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options = { - myModules.enableWakeOnLan = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable Wake on LAN"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.myModules.enableWakeOnLan { - networking.interfaces.enp3s0.wakeOnLan.enable = true; - # The services doesn't actually work atm, define an additional service - # see https://github.com/NixOS/nixpkgs/issues/91352 - systemd.services.wakeonlan = { - description = "Reenable wake on lan every boot"; - after = [ "network.target" ]; - serviceConfig = { - Type = "simple"; - RemainAfterExit = "true"; - ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp3s0 wol g"; - }; - wantedBy = [ "default.target" ]; - }; - }) - ]; -}