osbm/flake
1
0
Fork 0
Code Issues Pull requests Wiki Activity

fuck it

Browse source
This commit is contained in:
Osman Faruk Bayram 2025-10-19 16:13:59 +03:00
parent b1cce6ca82
commit 3501857f2a
78 changed files with 1383 additions and 913 deletions
Download patch file Download diff file Expand all files Collapse all files

65
README.md
View file

@ -12,6 +12,71 @@ I didnt get these setup yet.
- Raspberry Pi Zero 2W **harmonica** (small machine for small tasks and cronjobs) (not setup yet)
- Android phone (termux) **android** (not setup yet)
My options:
I implemented a module system for my configurations. Each machine has its own set of options that can be enabled or disabled. The options are defined in the `modules/options.nix` file. Each option is a module that can be imported into the machine configuration.
I am containing my options in the `osbmModules` attribute set. I dont like to interfere with the global configuration namespace. Here is all the available options:
```nix
osbmModules = {
desktopEnvironment = "plasma"; # options: "plasma", "none"
homeManager.enable = true;
machineType = "desktop"; # options: "desktop", "laptop", "server", "embedded", "mobile"
users = [ "osbm" "bayram" ];
defaultUser = "osbm";
agenix.enable = true;
nixSettings.enable = true;
programs = {
steam.enable = true;
graphical.enable = true;
commandLine.enable = true;
neovim.enable = true;
arduino.enable = true;
adbFastboot.enable = true;
};
services = {
# list services to enable
};
hardware = {
sound.enable = true;
nvidiaDriver.enable = false;
hibernation.enable = false;
disko = {
enable = true;
fileSystem = "zfs"; # options: "zfs", "ext4"
systemd-boot = true;
initrd-ssh = {
enable = true;
ethernetDrivers = [ "igc" ];
};
zfs = {
enable = true;
hostID = "49e95c43";
root = {
disk1 = "nvme0n1";
disk2 = "nvme1n1";
reservation = "200G";
impermanenceRoot = true;
};
storage = {
enable = true;
disks = [
"sda"
"sdb"
];
reservation = "1500G";
mirror = true;
#amReinstalling = true;
};
};
};
}
};
```
<details>
<summary> How to bootstrap raspberry pi 5</summary>

35
home/alacritty.nix
View file

@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options.enableAlacritty = lib.mkEnableOption "Alacritty terminal emulator";
config = {
programs.alacritty = {
enable = config.enableAlacritty;
settings = {
font = {
size = 14.0;
normal.family = "Cascadia Code";
};
terminal.shell = {
args = [
"new-session"
"-A"
"-s"
"general"
];
program = lib.getExe pkgs.tmux;
};
window = {
decorations = "None";
opacity = 1;
startup_mode = "Maximized";
};
env.TERM = "xterm-256color";
};
};
};
}

8
home/direnv.nix
View file

@ -1,8 +0,0 @@
{
programs.direnv = {
enable = true;
# enableFishIntegration = true; # why add a read-only option?
nix-direnv.enable = true;
silent = true;
};
}

19
home/ghostty.nix
View file

@ -1,19 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.enableGhostty = lib.mkEnableOption "Ghostty terminal emulator";
config = {
programs.ghostty = {
enable = config.enableGhostty;
settings = {
maximize = true;
window-decoration = false;
command = lib.getExe pkgs.tmux;
};
};
};
}

15
home/gpg.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
services.gpg-agent = {
enable = true;
enableFishIntegration = true;
enableSshSupport = true;
# extraConfig = ''
# allow-loopback-pinentry
# '';
pinentry.package = pkgs.pinentry-tty;
};
programs.gpg.enable = true;
# home.packages = [ pkgs.pinentry-curses ];
}

35
home/gtk.nix
View file

@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options = {
# Enable the GTK theme
enableGTK = lib.mkEnableOption "enableGTK";
};
config = lib.mkIf config.enableGTK {
home.pointerCursor = {
name = "Dracula";
package = pkgs.dracula-theme;
gtk.enable = true;
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = 1;
gtk-cursor-theme-size = 8;
};
gtk4.extraConfig = {
gtk-application-prefer-dark-theme = 1;
gtk-cursor-theme-size = 8;
};
};
};
}

44
home/home.nix
View file

@ -1,44 +0,0 @@
{
username,
homeDirectory,
stateVersion,
config,
enableGTK ? config.myModules.enableKDE,
enableGhostty ? config.myModules.enableKDE,
pkgs,
...
}:
{
imports = [
./alacritty.nix
./tmux
./ghostty.nix
./git.nix
./gpg.nix
./gtk.nix
./ssh.nix
./bash.nix
./direnv.nix
./firefox.nix
./fish.nix
./tlrc.nix
./starship.nix
./wezterm.nix
./zoxide.nix
];
home.username = username;
home.homeDirectory = homeDirectory;
home.packages = [
pkgs.lazygit
];
home.stateVersion = stateVersion;
enableGTK = enableGTK;
enableFirefox = config.myModules.enableKDE;
enableAlacritty = config.myModules.enableKDE;
enableGhostty = enableGhostty;
enableWezterm = config.myModules.enableKDE;
}

5
home/mpv.nix
View file

@ -1,5 +0,0 @@
{
programs.mpv = {
enable = true;
};
}

2
hosts/darwinHosts/prometheus/configuration.nix
View file

@ -128,7 +128,7 @@
programs.fish.enable = true;
# myModules.setUsers = false;
# osbmModules.setUsers = false;
users.users.osbm = {
description = "osbm";
shell = pkgs.fish;

2
hosts/darwinHosts/prometheus/dummy-module.nix
View file

@ -1,7 +1,7 @@
{ lib, ... }:
{
options = {
myModules.enableKDE = lib.mkOption {
osbmModules.enableKDE = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable KDE Plasma";

2
hosts/nixos/apollo/configuration.nix
View file

@ -14,7 +14,7 @@
inputs.impermanence.nixosModules.impermanence
];
# myModules = {
# osbmModules = {
# enableKDE = false;
# enableFonts = false;
# blockYoutube = false;

2
hosts/nixos/harmonica-sd/configuration.nix
View file

@ -11,7 +11,7 @@
../../../modules
];
myModules = {
osbmModules = {
enableKDE = false;
enableFonts = false;
blockYoutube = false;

2
hosts/nixos/harmonica/configuration.nix
View file

@ -9,7 +9,7 @@
../../../modules
];
myModules = {
osbmModules = {
enableKDE = false;
enableFonts = false;
blockYoutube = false;

2
hosts/nixos/pochita/configuration.nix
View file

@ -12,7 +12,7 @@
inputs.nixos-hardware.nixosModules.raspberry-pi-5
];
myModules = {
osbmModules = {
enableKDE = false;
enableFonts = false;
blockYoutube = false;

2
hosts/nixos/tartarus/configuration.nix
View file

@ -10,7 +10,7 @@
../../../modules
];
myModules = {
osbmModules = {
blockYoutube = false;
blockTwitter = true;
blockBluesky = false;

2
hosts/nixos/wallfacer/configuration.nix
View file

@ -4,7 +4,7 @@
./hardware-configuration.nix
../../../modules
];
myModules = {
osbmModules = {
enableKDE = false;
enableFonts = false;
enableNextcloud = true;

2
hosts/nixos/ymir/configuration.nix
View file

@ -9,7 +9,7 @@
../../../modules
];
myModules = {
osbmModules = {
blockYoutube = false;
blockTwitter = true;
blockBluesky = false;

62
modules/common-packages.nix
View file

@ -1,62 +0,0 @@
{
pkgs,
inputs,
...
}:
{
environment.systemPackages = with pkgs; [
inputs.osbm-nvim.packages."${pkgs.stdenv.hostPlatform.system}".default
wget
nano
git
lazygit
lazysql
git-lfs
gnumake
zip
fish
trash-cli
tmux
zoxide
htop
unzip
tlrc
(pkgs.writeShellScriptBin "wake-ymir" ''
echo waking up ymir
${pkgs.wakeonlan}/bin/wakeonlan 04:7c:16:e6:d9:13
'')
btop
pciutils
# lm_sensors
cloc
neofetch
pfetch
inxi
jq
dig
onefetch
just
nixd
eza
gh
starship
tree
nix-output-monitor
yazi
ripgrep
nh
comma
nix-inspect
bat
fd
dust
# dysk
gnupg
attic-client
];
environment.variables = {
EDITOR = "nvim";
VISUAL = "nvim";
};
}

56
modules/concentration.nix
View file

@ -1,56 +0,0 @@
{
lib,
config,
...
}:
{
options = {
myModules = {
blockYoutube = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Disables youtube using /etc/hosts file";
};
blockTwitter = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Disables twitter using /etc/hosts file";
};
blockBluesky = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Disables bluesky using /etc/hosts file";
};
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.blockYoutube {
networking.extraHosts = ''
0.0.0.0 youtube.com
::0 youtube.com
0.0.0.0 www.youtube.com
::0 www.youtube.com
'';
})
(lib.mkIf config.myModules.blockTwitter {
networking.extraHosts = ''
0.0.0.0 twitter.com
::0 twitter.com
0.0.0.0 www.twitter.com
::0 www.twitter.com
'';
})
(lib.mkIf config.myModules.blockBluesky {
networking.extraHosts = ''
0.0.0.0 bsky.app
::0 bsky.app
0.0.0.0 www.bsky.app
::0 www.bsky.app
'';
})
];
}

26
modules/default.nix
View file

@ -1,26 +0,0 @@
{
imports = [
./services
./adb.nix
./arduino.nix
./common-packages.nix
./concentration.nix
./disable-hibernation.nix
./emulation.nix
./fonts.nix
./graphical-interface.nix
./home.nix
./i18n.nix
# ./minegrub.nix
./nix-index.nix
./nix-settings.nix
./remote-builds.nix
./secrets.nix
./security.nix
./sound.nix
./users.nix
./virtualisation.nix
./wake-on-lan.nix
./getty.nix
];
}

39
modules/disable-hibernation.nix
View file

@ -1,39 +0,0 @@
{
lib,
config,
...
}:
{
options = {
myModules.disableHibernation = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Disable hibernation";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.disableHibernation {
systemd = {
targets = {
sleep = {
enable = false;
unitConfig.DefaultDependencies = "no";
};
suspend = {
enable = false;
unitConfig.DefaultDependencies = "no";
};
hibernate = {
enable = false;
unitConfig.DefaultDependencies = "no";
};
"hybrid-sleep" = {
enable = false;
unitConfig.DefaultDependencies = "no";
};
};
};
})
];
}

21
modules/emulation.nix
View file

@ -1,21 +0,0 @@
{
lib,
config,
...
}:
{
options = {
myModules.enableAarch64Emulation = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Aarch64 emulation";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableAarch64Emulation {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
})
];
}

69
modules/fonts.nix
View file

@ -1,69 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options = {
myModules.enableFonts = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable my favorite fonts";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableFonts {
fonts.packages = with pkgs; [
cascadia-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
dina-font
nerd-fonts.fira-code
nerd-fonts.ubuntu
nerd-fonts.droid-sans-mono
proggyfonts
source-sans
source-han-sans
source-han-mono
source-sans-pro
source-serif-pro
font-awesome
font-awesome_5
roboto
twitter-color-emoji
iosevka
dejavu_fonts
];
# to fix firefox
fonts.fontconfig.useEmbeddedBitmaps = true;
# fonts.fontconfig = {
# defaultFonts.emoji = ["Noto Color Emoji"];
# };
fonts.fontconfig.defaultFonts = {
serif = [
"Source Han Serif SC"
"Source Han Serif TC"
"Noto Color Emoji"
];
sansSerif = [
"Source Han Sans SC"
"Source Han Sans TC"
"Noto Color Emoji"
];
monospace = [
"Droid Sans Mono"
"DejaVu Sans Mono"
"Source Han Mono"
"Cascadia Code"
];
emoji = [ "Noto Color Emoji" ];
};
})
];
}

3
modules/getty.nix
View file

@ -1,3 +0,0 @@
{
services.getty.greetingLine = "hello";
}

99
modules/graphical-interface.nix
View file

@ -1,99 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options = {
myModules.enableKDE = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable KDE Plasma Desktop Environment with my favorite packages";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableKDE {
# Enable the X11 windowing system.
# You can disable this if you're only using the Wayland session.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
# theme = "sugar-dark"; # looks ugly i give up
# wayland.enable = true;
};
services.desktopManager.plasma6.enable = true;
environment.plasma6.excludePackages = [
pkgs.kdePackages.kate
pkgs.kdePackages.konsole
];
# Enable CUPS to print documents.
services.printing.enable = true;
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
environment.systemPackages = with pkgs; [
blender
inkscape
sddm-sugar-dark
screenkey
vscode
alacritty
ghostty
obsidian
mpv
pomodoro-gtk
libreoffice
gimp
kitty
obs-studio
qbittorrent
ani-cli
prismlauncher
element-desktop
qbittorrent
discord
(pkgs.writeShellApplication {
name = "sync-terraria";
runtimeInputs = [
pkgs.python3Packages.huggingface-hub
pkgs.zip
];
text = ''
# check if logged in to huggingface
if [ "$(huggingface-cli whoami)" == "Not logged in" ]; then
echo "Please log in to huggingface"
exit 1
fi
cd ~/.local/share
timestamp=$(date +%Y-%m-%d_%H-%M)
echo "$timestamp"
zip -r "Terraria_$timestamp.zip" Terraria/
huggingface-cli upload --repo-type dataset osbm/terraria-backups "Terraria_$timestamp.zip" "Terraria_$timestamp.zip"
'';
})
code-cursor
ungoogled-chromium
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.steam = {
enable = true;
# Open ports in the firewall for Steam Remote Play
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
# Open ports in the firewall for Steam Local Network Game Transfers
localNetworkGameTransfers.openFirewall = true;
};
networking.firewall.allowedTCPPorts = [ 51513 ];
})
];
}

16
modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
{
# Import all home-manager modules
imports = [
./programs
./services
];
# Basic home-manager configuration
home.sessionVariables = {
EDITOR = lib.mkDefault "nvim";
};
# Enable basic programs that most users want
programs.home-manager.enable = true;
}

18
modules/home-manager/programs/alacritty.nix Normal file
View file

@ -0,0 +1,18 @@
{ lib, ... }:
{
programs.alacritty = {
enable = lib.mkDefault false;
settings = {
window = {
opacity = 0.95;
padding = {
x = 10;
y = 10;
};
};
font = {
size = 11.0;
};
};
};
}

0
home/bash.nix → modules/home-manager/programs/bash.nix
View file

16
modules/home-manager/programs/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
imports = [
./fish.nix
./starship.nix
./git.nix
./tmux.nix
./zoxide.nix
./direnv.nix
./alacritty.nix
./ghostty.nix
./wezterm.nix
./firefox.nix
./mpv.nix
];
}

6
modules/home-manager/programs/direnv.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

0
home/firefox.nix → modules/home-manager/programs/firefox.nix
View file

0
home/fish.nix → modules/home-manager/programs/fish.nix
View file

7
modules/home-manager/programs/ghostty.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }:
{
programs.ghostty = {
enable = lib.mkDefault false;
# Configuration can be added as needed
};
}

0
home/git.nix → modules/home-manager/programs/git.nix
View file

10
modules/home-manager/programs/mpv.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, ... }:
{
programs.mpv = {
enable = lib.mkDefault false;
config = {
hwdec = "auto";
vo = "gpu";
};
};
}

0
home/ssh.nix → modules/home-manager/programs/ssh.nix
View file

0
home/starship.nix → modules/home-manager/programs/starship.nix
View file

0
home/tlrc.nix → modules/home-manager/programs/tlrc.nix
View file

0
home/tmux/default.nix → modules/home-manager/programs/tmux.nix
View file

0
home/wezterm.nix → modules/home-manager/programs/wezterm.nix
View file

0
home/zoxide.nix → modules/home-manager/programs/zoxide.nix
View file

24
modules/home.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
inputs,
...
}:
{
imports = [
inputs.home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
verbose = true;
backupFileExtension = "hmbak";
users.osbm = import ../home/home.nix {
inherit config pkgs;
# fuck you macos
username = "osbm";
homeDirectory = "/home/osbm";
inherit (config.system) stateVersion;
};
};
}

35
modules/i18n.nix
View file

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
time.timeZone = "Europe/Istanbul";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "tr_TR.UTF-8";
LC_IDENTIFICATION = "tr_TR.UTF-8";
LC_MEASUREMENT = "tr_TR.UTF-8";
LC_MONETARY = "tr_TR.UTF-8";
LC_NAME = "tr_TR.UTF-8";
LC_NUMERIC = "tr_TR.UTF-8";
LC_PAPER = "tr_TR.UTF-8";
LC_TELEPHONE = "tr_TR.UTF-8";
LC_TIME = "ja_JP.UTF-8";
# LC_ALL = "en_US.UTF-8";
};
services.xserver.xkb = {
layout = "us";
variant = "";
};
i18n.inputMethod = {
type = "fcitx5";
enable = true;
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-gtk
fcitx5-nord # a color theme
];
};
}

9
modules/nix-index.nix
View file

@ -1,9 +0,0 @@
{ inputs, ... }:
{
imports = [
inputs.nix-index-database.nixosModules.nix-index
];
programs.nix-index-database.comma.enable = true;
programs.command-not-found.enable = false; # TODO fix ts
}

109
modules/nix-settings.nix
View file

@ -1,109 +0,0 @@
{
inputs,
lib,
pkgs,
...
}:
{
# Allow unfree packages
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"vscode" # TODO: remove this
"discord"
"obsidian"
"steam"
"steam-unwrapped"
"open-webui"
"vscode-extension-github-copilot"
"spotify"
"cursor"
# nvidia related (i have to)
"nvidia-x11"
"cuda_cudart"
"libcublas"
"cuda_cccl"
"cuda_nvcc"
"nvidia-settings"
"cuda-merged"
];
nixpkgs.config.allowAliases = false;
# enable nix flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
nix.channel.enable = false;
nix.registry = {
self.flake = inputs.self;
nixpkgs.flake = inputs.nixpkgs;
# Commented out because i want to make sure it works if i switch a system
# to another nixpkgs with a different flake input name
# nixpkgs = {
# from = { type = "indirect"; id = "nixpkgs"; };
# to = {
# path = pkgs.path;
# type = "path";
# };
# };
osbm-nvim.flake = inputs.osbm-nvim;
my-nixpkgs = {
from = { type = "indirect"; id = "my-nixpkgs"; };
to = {
owner = "osbm";
repo = "nixpkgs";
type = "github";
};
};
osbm-dev = {
from = { type = "indirect"; id = "osbm-dev"; };
to = {
owner = "osbm";
repo = "osbm.dev";
type = "github";
};
};
devshells = {
from = { type = "indirect"; id = "devshells"; };
to = {
owner = "osbm";
repo = "devshells";
type = "github";
};
};
};
nix.settings.trusted-users = [
"root"
"osbm"
];
nix.settings = {
substituters = [
"https://nix-community.cachix.org" # nix-community cache
# "http://wallfacer.curl-boga.ts.net:7080/main" # personal attic cache
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
# "main:2AjPdIsbKyoTGuw+4x2ZXMUT/353CXosW9pdbTQtjqw="
];
};
nix.gc = {
automatic = true;
dates = "01:37";
options = "--delete-older-than 7d";
};
# nix.nixPath = ["nixpkgs=${pkgs.path}"];
system.configurationRevision = inputs.self.rev or "dirty";
}

9
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./options.nix
./programs
./hardware
./services
./system
];
}

9
modules/nixos/hardware/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./sound.nix
./nvidia.nix
./hibernation.nix
./wake-on-lan.nix
./disko.nix
];
}

325
modules/nixos/hardware/disko.nix Normal file
View file

@ -0,0 +1,325 @@
{ config, lib, pkgs, ... }:
let
cfg = config.osbmModules.hardware.disko;
inherit (config.networking) hostName;
# Default authorized keys for initrd SSH
defaultAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF1TFwXbqdC1UyG75q3HO1n7/L3yxpeRLIq2kQ9DalI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo"
];
authorizedKeys = if cfg.initrd-ssh.authorizedKeys != []
then cfg.initrd-ssh.authorizedKeys
else defaultAuthorizedKeys;
in
{
config = lib.mkMerge [
# Systemd-boot setup
(lib.mkIf (cfg.enable && cfg.systemd-boot) {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
})
# Initrd SSH for remote unlocking
(lib.mkIf (cfg.enable && cfg.initrd-ssh.enable) {
boot.initrd.network.enable = true;
boot.initrd.availableKernelModules = cfg.initrd-ssh.ethernetDrivers;
boot.kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ];
boot.initrd.network.ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
authorizedKeys = authorizedKeys;
hostKeys = [ "/etc/ssh/initrd" ];
};
boot.initrd.secrets = {
"/etc/ssh/initrd" = "/etc/ssh/initrd";
};
})
# ZFS Configuration
(lib.mkIf (cfg.enable && cfg.zfs.enable) {
networking.hostId = cfg.zfs.hostID;
environment.systemPackages = [ pkgs.zfs-prune-snapshots ];
boot = {
# ZFS does not support swapfiles
kernelParams = [
"nohibernate"
"zfs.zfs_arc_max=17179869184" # 16GB ARC max
];
supportedFilesystems = [ "vfat" "zfs" ];
zfs = {
devNodes = "/dev/disk/by-id/";
forceImportAll = true;
requestEncryptionCredentials = cfg.zfs.root.encrypt;
};
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
# Disko configuration for ZFS
disko.devices = {
disk = lib.mkMerge [
# Storage pool disks (if enabled and not reinstalling)
(lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) (
lib.mkMerge (
map (diskname: {
"${diskname}" = {
type = "disk";
device = "/dev/${diskname}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "stg${diskname}";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "zfs";
pool = "zstorage";
};
};
};
};
};
};
}) cfg.zfs.storage.disks
)
))
# Root disk 1 (primary)
{
one = lib.mkIf (cfg.zfs.root.disk1 != "") {
type = "disk";
device = "/dev/${cfg.zfs.root.disk1}";
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "2048M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" "umask=0077" ];
};
};
# Encrypted root partition
luks = lib.mkIf cfg.zfs.root.encrypt {
size = "100%";
content = {
type = "luks";
name = "crypted1";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "zfs";
pool = "zroot";
};
};
};
# Unencrypted root partition
notluks = lib.mkIf (!cfg.zfs.root.encrypt) {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
# Root disk 2 (mirror)
two = lib.mkIf (cfg.zfs.root.disk2 != "") {
type = "disk";
device = "/dev/${cfg.zfs.root.disk2}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted2";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
}
];
# ZFS pools
zpool = {
# Root pool
zroot = {
type = "zpool";
mode = lib.mkIf cfg.zfs.root.mirror "mirror";
rootFsOptions = {
canmount = "off";
checksum = "edonr";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
relatime = "on";
"com.sun:auto-snapshot" = "false";
};
options = {
ashift = "12";
autotrim = "on";
};
datasets = {
# Reserved space for ZFS CoW operations
reserved = {
type = "zfs_fs";
options = {
canmount = "off";
mountpoint = "none";
reservation = cfg.zfs.root.reservation;
};
};
# SSH keys dataset
etcssh = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/etc/ssh";
options."com.sun:auto-snapshot" = "false";
postCreateHook = "zfs snapshot zroot/etcssh@empty";
};
# Persistent data
persist = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
options."com.sun:auto-snapshot" = "false";
postCreateHook = "zfs snapshot zroot/persist@empty";
};
# Persistent save data
persistSave = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist/save";
options."com.sun:auto-snapshot" = "false";
postCreateHook = "zfs snapshot zroot/persistSave@empty";
};
# Nix store
nix = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
options = {
atime = "off";
canmount = "on";
"com.sun:auto-snapshot" = "false";
};
postCreateHook = "zfs snapshot zroot/nix@empty";
};
# Root filesystem
root = {
type = "zfs_fs";
options.mountpoint = "legacy";
options."com.sun:auto-snapshot" = "false";
mountpoint = "/";
postCreateHook = "zfs snapshot zroot/root@empty";
};
};
};
# Storage pool (if enabled and not reinstalling)
zstorage = lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) {
type = "zpool";
mode = lib.mkIf cfg.zfs.storage.mirror "mirror";
rootFsOptions = {
canmount = "off";
checksum = "edonr";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
relatime = "on";
"com.sun:auto-snapshot" = "false";
};
options = {
ashift = "12";
autotrim = "on";
};
datasets = {
# Reserved space
reserved = {
type = "zfs_fs";
options = {
canmount = "off";
mountpoint = "none";
reservation = cfg.zfs.storage.reservation;
};
};
# Main storage
storage = {
type = "zfs_fs";
mountpoint = "/storage";
options = {
atime = "off";
canmount = "on";
"com.sun:auto-snapshot" = "false";
};
};
# Persistent save in storage
persistSave = {
type = "zfs_fs";
mountpoint = "/storage/save";
options = {
atime = "off";
canmount = "on";
"com.sun:auto-snapshot" = "false";
};
};
};
};
};
};
# Needed for agenix - SSH keys must be available before ZFS mounts
fileSystems."/etc/ssh".neededForBoot = true;
# Needed for impermanence
fileSystems."/persist".neededForBoot = true;
fileSystems."/persist/save".neededForBoot = true;
})
# Impermanence: wipe root on boot
(lib.mkIf (cfg.enable && cfg.zfs.enable && cfg.zfs.root.impermanenceRoot) {
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r zroot/root@empty
'';
})
];
}

10
modules/nixos/hardware/hibernation.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
config = lib.mkIf (!config.osbmModules.hardware.hibernation.enable) {
# Disable hibernation/suspend
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;
};
}

33
modules/nixos/hardware/nvidia.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.hardware.nvidiaDriver.enable {
# Enable OpenGL
hardware.graphics = {
enable = true;
};
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Modesetting is required
modesetting.enable = true;
# Nvidia power management
powerManagement.enable = false;
powerManagement.finegrained = false;
# Use the open source kernel module
open = false;
# Enable the Nvidia settings menu
nvidiaSettings = true;
# Select appropriate driver version
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# Enable nvidia-container-toolkit if virtualization is enabled
hardware.nvidia-container-toolkit.enable = lib.mkIf config.osbmModules.virtualization.docker.enable true;
};
}

20
modules/nixos/hardware/sound.nix Normal file
View file

@ -0,0 +1,20 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.hardware.sound.enable {
# Disable PulseAudio
services.pulseaudio.enable = false;
# Enable rtkit for realtime audio
security.rtkit.enable = true;
# Enable PipeWire
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications:
# jack.enable = true;
};
};
}

364
modules/nixos/options.nix Normal file
View file

@ -0,0 +1,364 @@
{ lib, ... }:
{
options.osbmModules = {
# Desktop Environment
desktopEnvironment = lib.mkOption {
type = lib.types.enum [ "plasma" "none" ];
default = "none";
description = "Which desktop environment to use";
};
# Machine Type
machineType = lib.mkOption {
type = lib.types.enum [ "desktop" "laptop" "server" "embedded" "mobile" ];
default = "server";
description = "Type of machine for appropriate defaults";
};
# Users
users = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "osbm" "bayram" ];
description = "List of users to create. `osbm` is my main user, and `bayram` is for my family.";
};
defaultUser = lib.mkOption {
type = lib.types.str;
default = "osbm";
description = "Default user for the system";
};
# Home Manager
homeManager = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable home-manager integration";
};
};
# Agenix
agenix = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable agenix for secrets management";
};
};
# Nix Settings
nixSettings = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable custom nix settings";
};
};
# Programs
programs = {
steam = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Steam gaming platform";
};
};
graphical = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable graphical applications";
};
};
commandLine = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable common command line tools";
};
};
neovim = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable neovim with custom configuration";
};
};
arduino = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Arduino IDE and development tools";
};
};
adbFastboot = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ADB and Fastboot for Android development";
};
};
};
# Services
services = {
openssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable OpenSSH server";
};
};
tailscale = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable Tailscale VPN";
};
};
syncthing.enable = lib.mkEnableOption "syncthing";
jellyfin.enable = lib.mkEnableOption "jellyfin";
nextcloud.enable = lib.mkEnableOption "nextcloud";
vaultwarden.enable = lib.mkEnableOption "vaultwarden";
ollama.enable = lib.mkEnableOption "ollama";
forgejo.enable = lib.mkEnableOption "forgejo";
caddy.enable = lib.mkEnableOption "caddy";
attic.enable = lib.mkEnableOption "attic";
cloudflared.enable = lib.mkEnableOption "cloudflared";
cloudflare-dyndns.enable = lib.mkEnableOption "cloudflare-dyndns";
glance.enable = lib.mkEnableOption "glance";
hydra.enable = lib.mkEnableOption "hydra";
vscode-server.enable = lib.mkEnableOption "vscode-server";
};
# Hardware
hardware = {
sound = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable sound with pipewire";
};
};
nvidiaDriver = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable NVIDIA proprietary drivers";
};
};
hibernation = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable hibernation support";
};
};
wakeOnLan = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable wake-on-LAN support";
};
};
# Disko configuration (inspired by ZFS.nix)
disko = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable custom disk configuration with disko";
};
amReinstalling = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Am I reinstalling and want to save the storage pool";
};
fileSystem = lib.mkOption {
type = lib.types.enum [ "zfs" "ext4" ];
default = "ext4";
description = "Root filesystem type";
};
systemd-boot = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Use systemd-boot bootloader";
};
initrd-ssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable SSH in initrd for remote unlocking";
};
authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "SSH public keys for initrd access";
};
ethernetDrivers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Ethernet drivers to load in initrd";
};
};
zfs = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ZFS filesystem";
};
hostID = lib.mkOption {
type = lib.types.str;
default = "";
description = "ZFS host ID (8 hex characters)";
};
root = {
encrypt = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Encrypt root ZFS pool";
};
disk1 = lib.mkOption {
type = lib.types.str;
default = "";
description = "First disk device name (e.g., nvme0n1)";
};
disk2 = lib.mkOption {
type = lib.types.str;
default = "";
description = "Second disk device name for mirroring";
};
reservation = lib.mkOption {
type = lib.types.str;
default = "20G";
description = "ZFS reservation size";
};
mirror = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Mirror the root ZFS pool";
};
impermanenceRoot = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Wipe the root directory on boot (impermanence)";
};
};
storage = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable separate storage ZFS pool";
};
disks = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Storage pool disk device names";
};
reservation = lib.mkOption {
type = lib.types.str;
default = "20G";
description = "Storage pool ZFS reservation";
};
mirror = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Mirror the storage ZFS pool";
};
};
};
};
};
# Virtualization
virtualization = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable virtualization support (libvirt, docker, etc.)";
};
docker = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Docker";
};
};
podman = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Podman";
};
};
libvirt = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable libvirt/KVM";
};
};
};
# Internationalization
i18n = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable internationalization settings";
};
};
# Fonts
fonts = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable custom fonts";
};
};
# Nix Index
nixIndex = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable nix-index for command-not-found";
};
};
};
}

48
modules/nixos/programs/command-line.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, inputs, lib, config, ... }:
{
config = lib.mkIf config.osbmModules.programs.commandLine.enable {
environment.systemPackages = with pkgs; [
wget
nano
git
lazygit
lazysql
git-lfs
gnumake
zip
fish
trash-cli
tmux
zoxide
htop
unzip
tlrc
btop
pciutils
cloc
neofetch
pfetch
inxi
jq
dig
onefetch
just
nixd
eza
gh
starship
tree
nix-output-monitor
yazi
ripgrep
nh
comma
nix-inspect
bat
fd
du-dust
duf
ncdu
];
};
}

10
modules/nixos/programs/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
imports = [
./adb-fastboot.nix
./arduino.nix
./command-line.nix
./graphical.nix
./neovim.nix
./steam.nix
];
}

17
modules/nixos/programs/graphical.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.osbmModules.programs.graphical.enable {
environment.systemPackages = with pkgs; [
mpv
gimp
inkscape
libreoffice
discord
telegram-desktop
obs-studio
blender
vscode
chromium
];
};
}

8
modules/nixos/programs/neovim.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib, inputs, config, pkgs, ... }:
{
config = lib.mkIf config.osbmModules.programs.neovim.enable {
environment.systemPackages = [
inputs.osbm-nvim.packages."${pkgs.stdenv.hostPlatform.system}".default
];
};
}

14
modules/nixos/programs/steam.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.programs.steam.enable {
programs.steam = {
enable = true;
# Open ports in the firewall for Steam Remote Play
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
# Open ports in the firewall for Steam Local Network Game Transfers
localNetworkGameTransfers.openFirewall = true;
};
};
}

10
modules/nixos/system/agenix.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.agenix.enable {
# Agenix will be configured via the agenix input
# This module exists to enable agenix-related configurations
age.identityPaths = lib.mkDefault [
"/etc/ssh/ssh_host_ed25519_key"
];
};
}

34
modules/nixos/system/concentration.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, config, ... }:
let
cfg = config.osbmModules.concentration;
blockedSites = lib.flatten [
(lib.optional cfg.blockYoutube [
"youtube.com"
"www.youtube.com"
"m.youtube.com"
"youtu.be"
])
(lib.optional cfg.blockTwitter [
"twitter.com"
"www.twitter.com"
"x.com"
"www.x.com"
"mobile.twitter.com"
"mobile.x.com"
])
(lib.optional cfg.blockBluesky [
"bsky.app"
"www.bsky.app"
"bluesky.app"
"www.bluesky.app"
])
];
hostsEntries = lib.concatMapStrings (site: "127.0.0.1 ${site}\n") blockedSites;
in
{
config = lib.mkIf (blockedSites != []) {
networking.extraHosts = hostsEntries;
};
}

17
modules/nixos/system/default.nix Normal file
View file

@ -0,0 +1,17 @@
{
imports = [
./users.nix
./desktop-environment.nix
./nix-settings.nix
./agenix.nix
./home-manager.nix
./virtualization.nix
./emulation.nix
./concentration.nix
./remote-builds.nix
./i18n.nix
./fonts.nix
./security.nix
./nix-index.nix
];
}

63
modules/nixos/system/desktop-environment.nix Normal file
View file

@ -0,0 +1,63 @@
{ pkgs, lib, config, ... }:
let
cfg = config.osbmModules;
in
{
config = lib.mkMerge [
# Plasma Desktop Environment
(lib.mkIf (cfg.desktopEnvironment == "plasma") {
services.xserver.enable = true;
services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [
kate
konsole
];
# Enable printing
services.printing.enable = true;
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Desktop packages
environment.systemPackages = with pkgs; [
alacritty
ghostty
obsidian
mpv
kitty
qbittorrent
element-desktop
];
# Wayland support
environment.sessionVariables.NIXOS_OZONE_WL = "1";
})
# GNOME Desktop Environment
(lib.mkIf (cfg.desktopEnvironment == "gnome") {
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Enable printing
services.printing.enable = true;
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
})
# Common settings for any desktop environment
(lib.mkIf (cfg.desktopEnvironment != "none") {
# Enable X11 keymap
services.xserver.xkb = {
layout = lib.mkDefault "us";
variant = lib.mkDefault "";
};
})
];
}

7
modules/nixos/system/emulation.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.emulation.aarch64.enable {
# Enable binfmt for aarch64 emulation
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
};
}

27
modules/nixos/system/fonts.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.osbmModules.fonts.enable {
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
jetbrains-mono
(nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" "Iosevka" ]; })
];
fonts.fontconfig = {
defaultFonts = {
serif = [ "Noto Serif" ];
sansSerif = [ "Noto Sans" ];
monospace = [ "JetBrainsMono Nerd Font" "Fira Code" ];
emoji = [ "Noto Color Emoji" ];
};
};
};
}

21
modules/nixos/system/home-manager.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib, config, inputs, ... }:
let
cfg = config.osbmModules;
in
{
config = lib.mkIf (cfg.homeManager.enable && inputs ? home-manager) {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
# Pass inputs and outputs to home-manager modules
extraSpecialArgs = { inherit inputs; };
# Configure home-manager for each user
users = lib.genAttrs cfg.users (username: {
home.stateVersion = lib.mkDefault "24.05";
imports = [ ../../home-manager ];
});
};
};
}

22
modules/nixos/system/i18n.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.i18n.enable {
# Set your time zone
time.timeZone = lib.mkDefault "Europe/Istanbul";
# Select internationalisation properties
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
i18n.extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "tr_TR.UTF-8";
LC_IDENTIFICATION = "tr_TR.UTF-8";
LC_MEASUREMENT = "tr_TR.UTF-8";
LC_MONETARY = "tr_TR.UTF-8";
LC_NAME = "tr_TR.UTF-8";
LC_NUMERIC = "tr_TR.UTF-8";
LC_PAPER = "tr_TR.UTF-8";
LC_TELEPHONE = "tr_TR.UTF-8";
LC_TIME = "tr_TR.UTF-8";
};
};
}

7
modules/nixos/system/nix-index.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, config, inputs, ... }:
{
config = lib.mkIf (config.osbmModules.nixIndex.enable && inputs ? nix-index-database) {
programs.nix-index-database.comma.enable = true;
programs.command-not-found.enable = false;
};
}

78
modules/nixos/system/nix-settings.nix Normal file
View file

@ -0,0 +1,78 @@
{ inputs, lib, config, ... }:
{
config = lib.mkIf config.osbmModules.nixSettings.enable {
# Allow unfree packages
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"vscode"
"discord"
"obsidian"
"steam"
"steam-unwrapped"
"open-webui"
"vscode-extension-github-copilot"
"spotify"
"cursor"
# NVIDIA related
"nvidia-x11"
"cuda_cudart"
"libcublas"
"cuda_cccl"
"cuda_nvcc"
"nvidia-settings"
"cuda-merged"
];
nixpkgs.config.allowAliases = false;
# Enable Nix flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.channel.enable = false;
# Nix registry configuration
nix.registry = lib.mkIf (inputs ? self && inputs ? nixpkgs) {
self.flake = inputs.self;
nixpkgs.flake = inputs.nixpkgs;
osbm-nvim = lib.mkIf (inputs ? osbm-nvim) {
flake = inputs.osbm-nvim;
};
};
# Trusted users
nix.settings.trusted-users = [
"root"
config.osbmModules.defaultUser
];
# Binary cache configuration
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# Garbage collection
nix.gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
# Optimize store automatically
nix.settings.auto-optimise-store = lib.mkDefault true;
# Environment variables
environment.variables = {
EDITOR = lib.mkDefault "nvim";
VISUAL = lib.mkDefault "nvim";
};
};
}

9
modules/nixos/system/remote-builds.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.remoteBuild.enable {
# Remote build configuration
# This should be customized per-host
nix.buildMachines = lib.mkDefault [];
nix.distributedBuilds = lib.mkDefault true;
};
}

12
modules/nixos/system/security.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, config, ... }:
{
config = lib.mkIf config.osbmModules.security.enable {
# Security hardening
security.sudo.wheelNeedsPassword = lib.mkDefault true;
# Polkit for privilege escalation
security.polkit.enable = lib.mkDefault true;
# Additional security settings can be added here
};
}

32
modules/nixos/system/users.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, config, ... }:
let
cfg = config.osbmModules;
in
{
config = lib.mkIf (cfg.users != []) {
users.users = lib.mkMerge [
# Create users based on the list
(lib.genAttrs cfg.users (username: {
isNormalUser = true;
description = username;
extraGroups = [ "networkmanager" ]
++ lib.optional (username == cfg.defaultUser) "wheel"
++ lib.optional config.osbmModules.virtualization.docker.enable "docker"
++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
}))
# Additional configuration for default user
{
${cfg.defaultUser} = {
openssh.authorizedKeys.keys = lib.mkDefault [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k"
];
};
}
];
# Set default shell
users.defaultUserShell = lib.mkDefault config.pkgs.fish;
programs.fish.enable = lib.mkDefault true;
};
}

28
modules/nixos/system/virtualization.nix Normal file
View file

@ -0,0 +1,28 @@
{ lib, config, ... }:
let
cfg = config.osbmModules.virtualization;
in
{
config = lib.mkMerge [
# Docker
(lib.mkIf cfg.docker.enable {
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = lib.mkDefault "overlay2";
})
# Podman
(lib.mkIf cfg.podman.enable {
virtualisation.podman = {
enable = true;
dockerCompat = lib.mkDefault true;
defaultNetwork.settings.dns_enabled = true;
};
})
# Libvirt/KVM
(lib.mkIf cfg.libvirt.enable {
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
})
];
}

35
modules/remote-builds.nix
View file

@ -1,35 +0,0 @@
{
config,
outputs,
lib,
...
}:
{
config = lib.mkMerge [
(lib.mkIf (config.networking.hostName == "pochita") {
nix.distributedBuilds = true;
# nix.settings.builders-use-substitutes = true;
nix.buildMachines = [
{
hostName = "ymir";
systems = [
"x86_64-linux"
"aarch64-linux"
];
supportedFeatures = outputs.nixosConfigurations.ymir.config.nix.settings.system-features;
sshKey = config.age.secrets.ssh-key-private.path;
sshUser = "osbm";
protocol = "ssh-ng";
}
{
hostName = "wallfacer";
systems = [ "x86_64-linux" ];
supportedFeatures = outputs.nixosConfigurations.wallfacer.config.nix.settings.system-features;
sshKey = config.age.secrets.ssh-key-private.path;
sshUser = "osbm";
protocol = "ssh-ng";
}
];
})
];
}

46
modules/secrets.nix
View file

@ -1,46 +0,0 @@
{
config,
pkgs,
inputs,
lib,
...
}:
{
imports = [
inputs.agenix.nixosModules.default
];
options = {
myModules.enableSecrets = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable agenix secrets management";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableSecrets {
environment.systemPackages = [
inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.agenix
pkgs.age
];
age.secrets = {
network-manager.file = ../secrets/network-manager.age;
ssh-key-private = {
file = ../secrets/ssh-key-private.age;
path = "/home/osbm/.ssh/id_ed25519";
owner = "osbm";
group = "users";
mode = "600";
};
ssh-key-public = {
file = ../secrets/ssh-key-public.age;
path = "/home/osbm/.ssh/id_ed25519.pub";
owner = "osbm";
group = "users";
mode = "644";
};
};
})
];
}

5
modules/security.nix
View file

@ -1,5 +0,0 @@
{
security.sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
}

28
modules/sound.nix
View file

@ -1,28 +0,0 @@
{
lib,
config,
...
}:
{
options = {
myModules.enableSound = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable sound with pipewire.";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableFonts {
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
})
];
}

39
modules/users.nix
View file

@ -1,39 +0,0 @@
{ lib, config, ... }:
{
options = {
myModules.setUsers = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable user management.";
};
};
config = lib.mkIf config.myModules.setUsers {
users.users = {
osbm = {
isNormalUser = true;
description = "osbm";
initialHashedPassword = "$6$IamAbigfailure$irfkAsWev8CMAr78wUwUggclplXL98sbI21fpGY9nMDz47bU88RZWFLO7FcN5SdRA18ZSidkMqS76uLCMH68f.";
extraGroups = [
"networkmanager"
"wheel"
"docker"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k"
];
packages = [
];
};
bayram = {
isNormalUser = true;
description = "bayram";
initialHashedPassword = "$6$IamAbigfailure$3BP231DVwbqUtZ.mq33nM/JitBrT2u26Y25VpsfBwhZbezMHz4XbySrOMnaMcCYdsb3wZFL3Ppcp0L.R8nonT.";
extraGroups = [ "networkmanager" ];
packages = [
];
};
root.initialHashedPassword = "$6$IamAbigfailure$irfkAsWev8CMAr78wUwUggclplXL98sbI21fpGY9nMDz47bU88RZWFLO7FcN5SdRA18ZSidkMqS76uLCMH68f.";
};
};
}

3
modules/virtualisation.nix
View file

@ -1,3 +0,0 @@
{
virtualisation.docker.enable = true;
}

33
modules/wake-on-lan.nix
View file

@ -1,33 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options = {
myModules.enableWakeOnLan = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Wake on LAN";
};
};
config = lib.mkMerge [
(lib.mkIf config.myModules.enableWakeOnLan {
networking.interfaces.enp3s0.wakeOnLan.enable = true;
# The services doesn't actually work atm, define an additional service
# see https://github.com/NixOS/nixpkgs/issues/91352
systemd.services.wakeonlan = {
description = "Reenable wake on lan every boot";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
RemainAfterExit = "true";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp3s0 wol g";
};
wantedBy = [ "default.target" ];
};
})
];
}