kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

snowfall lib migration WIP

Browse source
This commit is contained in:
Aleksandr Lebedev 2025-08-06 12:18:08 +02:00
parent dc2440015e
commit b9dadac2af
31 changed files with 9106 additions and 382 deletions
Download patch file Download diff file Expand all files Collapse all files

207
flake.lock generated
View file

@ -545,6 +545,55 @@
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"ref": "v1.0.1",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_9": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -702,6 +751,44 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_4"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
@ -720,6 +807,39 @@
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -3982,6 +4102,8 @@
"nixpkgs": "nixpkgs_14",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable",
"snowfall-flake": "snowfall-flake",
"snowfall-lib": "snowfall-lib_2",
"sops-nix": "sops-nix",
"stylix": "stylix"
}
@ -4084,6 +4206,74 @@
"type": "github"
}
},
"snowfall-flake": {
"inputs": {
"flake-compat": "flake-compat_7",
"nixpkgs": [
"nixpkgs"
],
"snowfall-lib": "snowfall-lib"
},
"locked": {
"lastModified": 1749330936,
"narHash": "sha256-uy1G+/KeI+9nVsNupTFSe0Fvt18PYOiQKroP+JOoucA=",
"owner": "snowfallorg",
"repo": "flake",
"rev": "4b2adcd54b0d194cf2a859f5dfe8d16d0d264bf6",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "flake",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_8",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"snowfall-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716675292,
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"ref": "v3.0.2",
"repo": "lib",
"type": "github"
}
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_9",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736130495,
"narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "02d941739f98a09e81f3d2d9b3ab08918958beac",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_15"
@ -4113,7 +4303,7 @@
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_16",
"nur": "nur",
"systems": "systems_4",
"systems": "systems_5",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -4195,6 +4385,21 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {

334
flake.nix
View file

@ -69,294 +69,56 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
lanzaboote.url = "github:nix-community/lanzaboote";
};
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
...
} @ inputs: let
systems = ["aarch64-linux" "x86_64-linux"];
eachSystem = nixpkgs.lib.genAttrs systems;
pkgsFor = eachSystem (system:
import nixpkgs {
localSystem = system;
overlays = [
];
});
arm = "aarch64-linux";
x86 = "x86_64-linux";
ladybirdMaster = self: super: {
ladybird = super.ladybird.overrideAttrs (old: {
src = super.fetchFromGitHub {
owner = "LadybirdWebBrowser";
repo = "ladybird";
rev = "71222df4c4103d306fd05b9b0bffb1c1b8e5485e";
hash = "sha256-hJkK7nag3Z9E8etPFCo0atUEJJnPjjkl7sle/UwkzbE=";
};
version = "0-unstable-2025-05-22";
});
# The name "snowfall-lib" is required due to how Snowfall Lib processes your
# flake's inputs.
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
nativePackagesOverlay = self: super: {
stdenv = super.impureUseNativeOptimizations super.stdenv;
};
kylekrein-homepc-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
(final: prev: {
#https://github.com/NixOS/nixpkgs/issues/388681
pythonPackagesExtensions =
prev.pythonPackagesExtensions
++ [
(
python-final: python-prev: {
onnxruntime = python-prev.onnxruntime.overridePythonAttrs (
oldAttrs: {
buildInputs = prev.lib.lists.remove prev.onnxruntime oldAttrs.buildInputs;
}
);
}
)
];
})
#nativePackagesOverlay
#ladybirdMaster
];
config = {
allowBroken = true;
allowUnfree = true;
cudaSupport = true;
};
};
kylekrein-server-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
(self: super: {
conduwuit = inputs.conduwuit.packages."${x86}".all-features;
})
#nativePackagesOverlay
#ladybirdMaster
];
config = {
allowBroken = true;
allowUnfree = true;
};
};
kylekrein-framework12-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
];
config = {
allowBroken = true;
allowUnfree = true;
};
};
kylekrein-mac-pkgs = nixpkgs:
import nixpkgs {
system = arm;
overlays = [
inputs.beeengine.overlays.${arm}
#nativePackagesOverlay
#(import ./nixos/macos/widevine.nix)
];
#config.replaceStdenv = {pkgs}: pkgs.impureUseNativeOptimizations pkgs.stdenv;
config = {
allowBroken = true;
allowUnfree = true;
allowUnsupportedSystem = true;
};
};
kylekrein-wsl-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
#nativePackagesOverlay
];
config = {
allowUnfree = true;
};
};
andrej-pc-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
#nativePackagesOverlay
];
config = {
#allowBroken = true;
allowUnfree = true;
#cudaSupport = true;
};
};
first-nixos-install = "1729112485"; #stat -c %W /
in {
formatter = eachSystem (
system: let
pkgs = pkgsFor.${system};
in
pkgs.alejandra
);
nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [inputs.nix-on-droid.overlays.default];
};
modules = [./nixos/hosts/android];
home-manager-path = inputs.home-manager.outPath;
extraSpecialArgs = {
inherit inputs;
inherit first-nixos-install;
};
};
darwinConfigurations = {
"kylekrein-air" = inputs.nix-darwin.lib.darwinSystem {
specialArgs = {
inherit self;
inherit inputs;
};
modules = [./nixos/hosts/kylekrein-air];
};
};
nixosConfigurations = {
"kylekrein-homepc" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "kylekrein-homepc";
isLaptop = false;
hasTouchscreen = false;
system = x86;
useImpermanence = true;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = kylekrein-homepc-pkgs nixpkgs-unstable;
};
system = x86;
pkgs = kylekrein-homepc-pkgs nixpkgs;
modules = [
(import ./disko/impermanence-btrfs.nix {device = "/dev/nvme0n1";})
./nixos/configuration.nix
];
};
"kylekrein-framework12" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "kylekrein-framework12";
isLaptop = true;
hasTouchscreen = true;
system = x86;
useImpermanence = true;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = kylekrein-framework12-pkgs nixpkgs-unstable;
};
system = x86;
pkgs = kylekrein-framework12-pkgs nixpkgs;
modules = [
(import ./disko/impermanence-btrfs-luks.nix {
device = "/dev/nvme0n1";
lib = (kylekrein-framework12-pkgs nixpkgs).lib;
})
./nixos/configuration.nix
];
};
"kylekrein-mac" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "kylekrein-mac";
isLaptop = true;
hasTouchscreen = false;
system = arm;
useImpermanence = true;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = kylekrein-mac-pkgs nixpkgs-unstable;
};
system = arm;
pkgs = kylekrein-mac-pkgs nixpkgs;
modules = [
./nixos/configuration.nix
];
};
"kylekrein-server" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "kylekrein-server";
isLaptop = false;
hasTouchscreen = false;
system = x86;
useImpermanence = false;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = kylekrein-server-pkgs nixpkgs-unstable;
};
system = x86;
pkgs = kylekrein-server-pkgs nixpkgs;
modules = [
./nixos/hosts/kylekrein-server
];
};
"kylekrein-wsl" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "kylekrein-wsl";
isLaptop = true;
hasTouchscreen = false;
system = x86;
useImpermanence = false;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = kylekrein-wsl-pkgs nixpkgs-unstable;
};
system = x86;
pkgs = kylekrein-wsl-pkgs nixpkgs;
modules = [
inputs.nixos-wsl.nixosModules.default
./nixos/wsl.nix
];
};
"andrej-pc" = nixpkgs.lib.nixosSystem {
specialArgs = {
hwconfig = {
hostname = "andrej-pc";
isLaptop = false;
hasTouchscreen = false;
system = x86;
useImpermanence = false;
};
inherit first-nixos-install;
inherit inputs;
unstable-pkgs = andrej-pc-pkgs nixpkgs-unstable;
};
system = x86;
pkgs = andrej-pc-pkgs nixpkgs;
modules = [
(import ./disko/ext4-swap.nix {
device = "/dev/sda";
swapSize = "16G";
})
(import ./disko/ext4.nix {device = "/dev/sdb";})
./nixos/hosts/andrej-pc/configuration.nix
];
};
snowfall-flake = {
url = "github:snowfallorg/flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
channels-config = {
allowUnfree = true;
};
overlays = with inputs; [
niri-flake.overlays.niri
snowfall-flake.overlays.default
];
systems.modules.nixos = with inputs; [
nix-flatpak.nixosModules.nix-flatpak
niri-flake.nixosModules.niri
nixos-wsl.nixosModules.default
sops-nix.nixosModules.sops
nixos-facter-modules.nixosModules.facter
home-manager.nixosModules.default
disko.nixosModules.default
chaotic.nixosModules.nyx-cache
chaotic.nixosModules.nyx-overlay
chaotic.nixosModules.nyx-registry
lanzaboote.nixosModules.lanzaboote
impermanence.nixosModules.impermanence
];
templates = import ./templates {};
snowfall = {
namespace = "custom";
meta = {
name = "KyleKrein's awesome Nix Flake";
title = "KyleKrein's awesome Nix Flake";
};
};
};
}

15
lib/module/default.nix Normal file
View file

@ -0,0 +1,15 @@
{lib, ...}:
with lib; rec {
mkOpt = type: default: description:
mkOption {inherit type default description;};
mkOpt' = type: default: mkOpt type default null;
mkBoolOpt = mkOpt types.bool;
mkBoolOpt' = mkOpt' types.bool;
enabled = {enable = true;};
disabled = {enable = false;};
}

30
modules/nixos/gpg/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.gpg;
in {
options.${namespace}.gpg = with types; {
enable = mkBoolOpt false "Enable gpg with emacs/terminal support";
};
config = mkIf cfg.enable {
programs.gnupg.agent = {
enable = true;
settings = {
pinentry-program = lib.mkForce "${pkgs.pinentry-curses}/bin/pinentry-curses";
};
};
};
}

35
modules/nixos/hardware/bluetooth/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.hardware.bluetooth;
in {
options.${namespace}.hardware.bluetooth = with types; {
enable = mkBoolOpt false "Enable bluetooth support";
};
config =
mkIf cfg.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
};
};
};
services.blueman.enable = true;
};
}

34
modules/nixos/hardware/printing/default.nix Normal file
View file

@ -0,0 +1,34 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.hardware.printing;
in {
options.${namespace}.hardware.printing = with types; {
enable = mkBoolOpt false "Enable printers support";
};
config =
mkIf cfg.enable {
environment.systemPackages = with pkgs; [
system-config-printer
];
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
}

116
modules/nixos/impermanence/default.nix Normal file
View file

@ -0,0 +1,116 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.impermanence;
persist = cfg.persistentStorage;
rootIsBtrfs = config.fileSystems."/".fsType == "btrfs";
in {
options.${namespace}.impermanence = with types; {
enable = mkBoolOpt false "Enable impermanence";
persistentStorage = lib.mkOption {
type = lib.types.path;
default = "/persist";
description = ''
Volume with persistent information, that won't be destroyed after reboot
'';
};
};
config = mkIf cfg.enable {
fileSystems.${persist}.neededForBoot = true;
environment.persistence."${persist}/system" = {
hideMounts = true;
directories = [
"/var/lib/sbctl"
"/etc/nixos"
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/flatpak"
"/var/lib/zerotier-one"
"/var/lib/systemd/coredump"
"/var/lib/acme"
#"/var/lib/conduwuit"
"/etc/NetworkManager/system-connections"
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
];
files = [
"/etc/machine-id"
{
file = "/var/keys/secret_file";
parentDirectory = {mode = "u=rwx,g=,o=";};
}
];
};
systemd.tmpfiles.rules = [
"d ${persist}/home/ 0777 root root -" # /persist/home created, owned by root
"d ${persist}/ollama/ 0755 ollama ollama"
"d ${persist}/open-webui/ 0755 ollama ollama"
"d ${persist}/conduwuit/ 0755 conduwuit conduwuit"
#"d /persist/home/${username} 0700 ${username} users -" # /persist/home/<user> created, owned by that user
#"d /persist/nixos-config 0700 ${username} users -"
];
programs.fuse.userAllowOther = true;
#https://blog.decent.id/post/nixos-systemd-initrd/
boot.initrd.systemd.services.btrfs-rollback-impermanence = lib.mkIf (rootIsBtrfs && config.boot.initrd.systemd.enable) {
description = "Rollback BTRFS root dataset to blank snapshot";
wantedBy = ["initrd.target"];
requires = ["initrd-root-device.target"];
after = [
"initrd-root-device.target"
# LUKS/TPM process
"systemd-cryptsetup@root_vg.service"
"local-fs-pre.target"
];
before = [
"sysroot.mount"
"create-needed-for-boot-dirs.service"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /btrfs_tmp
mount /dev/mapper/root_vg /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +7); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
}

46
modules/nixos/loginManagers/sddm/default.nix Normal file
View file

@ -0,0 +1,46 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.loginManagers.sddm;
in {
options.${namespace}.loginManagers.sddm = with types; {
enable = mkBoolOpt false "Enable sddm as login manager";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
(catppuccin-sddm.override {
flavor = "mocha";
# font = "";
fontSize = "16";
#background;
loginBackground = false;
})
wvkbd
];
services.xserver.enable = true;
services.displayManager.sddm = {
enable = true;
theme = "catppuccin-mocha";
package = mkDefault pkgs.kdePackages.sddm;
wayland.enable = mkDefault config.${username}.presets.wayland.enable;
settings = {
General = {
InputMethod = "wvkbd-mobintl"; # Enables optional virtual keyboard at login (SDDM). Useful for touchscreens or accessibility.
};
};
};
};
}

79
modules/nixos/presets/default/default.nix Normal file
View file

@ -0,0 +1,79 @@
{
lib,
pkgs,
namespace,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.presets.default;
in {
options.${namespace}.presets.default = with types; {
enable = mkBoolOpt false "Enable preset with all the default settings - locale, time, etc";
};
config = mkIf cfg.enable {
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "ru_RU.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/etc/nixos-config";
};
environment.systemPackages = with pkgs; [
nix-output-monitor
fzf
lazygit
git
btop
comma
snowfallorg.flake
];
programs.bash = {
shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons=always";
};
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us,ru";
variant = "";
options = "grp:caps_toggle";
};
console.keyMap = "us";
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
substituters = [
"https://nix-gaming.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
};
}

62
modules/nixos/presets/gaming/default.nix Normal file
View file

@ -0,0 +1,62 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.presets.gaming;
in {
options.${namespace}.presets.gaming = with types; {
enable = mkBoolOpt false "Enable everything that you need for gaming";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
unzip
wget
xdotool
xorg.xprop
xorg.xrandr
unixtools.xxd
xorg.xwininfo
yad
protonup-qt
protontricks
bottles
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
package = pkgs.steam.override {
extraPkgs = pkgs:
with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
sdl3
SDL2
stdenv.cc.cc.lib
libkrb5
keyutils
gamescope
];
};
};
programs.gamemode.enable = true;
};
}

33
modules/nixos/presets/wayland/default.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.presets.wayland;
in {
options.${namespace}.presets.wayland = with types; {
enable = mkBoolOpt false "Enable preset with MUST HAVE wayland things";
};
config = mkIf cfg.enable {
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
environment.systemPackages = with pkgs; [
wl-clipboard
git-credential-manager
egl-wayland
];
hardware.graphics.enable = true;
};
}

114
modules/nixos/presets/workstation/default.nix Normal file
View file

@ -0,0 +1,114 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.presets.workstation;
in {
options.${namespace}.presets.workstation = with types; {
enable = mkBoolOpt false "Enable workstation preset";
};
config = mkIf cfg.enable {
${namespace} = {
presets.default = enabled;
presets.wayland = enabled;
hardware.printing = enabled;
hardware.bluetooth = enabled;
gpg = enabled;
services.syncthing = {
enable = true;
user = "kylekrein";
};
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
networking.networkmanager.enable = true;
services.udisks2.enable = true;
environment.systemPackages = with pkgs;
with pkgs.${namespace}; [
libreoffice
root-files
pass
gparted
qdirstat
exfatprogs
kitty
tealdeer
telegram-desktop
vlc
git-credential-manager
kitty-themes
solaar
pdfarranger
densify
gimp3
#kde
kdePackages.gwenview
kdePackages.ark
# user packages
obs-studio
neovim
localsend
gdb
element-desktop
];
programs.kdeconnect.enable = true;
programs.kdeconnect.package = lib.mkDefault pkgs.kdePackages.kdeconnect-kde;
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
font-awesome
nerd-fonts.symbols-only
hack-font
# microsoft fonts:
#corefonts
#vistafonts
];
environment.sessionVariables = {
MANPAGER = "emacsclient -c";
EDITOR = "emacsclient -c";
};
hardware = {
logitech.wireless.enable = true;
};
security.polkit.enable = true;
#programs.thunar = {
# enable = true;
# plugins = with pkgs.xfce; [
# thunar-archive-plugin
# thunar-volman
# ];
# };
#programs.xfconf.enable = true; # so thunar can save config
#services.gvfs.enable = true; # Mount, trash, and other functionalities
#services.tumbler.enable = true; # Thumbnail support for images
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
}

71
modules/nixos/programs/dolphin/default.nix Normal file
View file

@ -0,0 +1,71 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.programs.dolphin;
in {
options.${namespace}.programs.dolphin = with types; {
enable = mkBoolOpt false "Enable dolphin on non Kde environments";
};
config =
mkIf cfg.enable {
environment.systemPackages = with pkgs; [
kdePackages.qtwayland
kdePackages.qtsvg
kdePackages.kio-fuse #to mount remote filesystems via FUSE
kdePackages.kio-extras #extra protocols support (sftp, fish and more)
kdePackages.kio-admin
libheif #https://github.com/NixOS/nixpkgs/issues/164021
libheif.out
#kde
kdePackages.breeze-icons
kdePackages.breeze
kdePackages.kdesdk-thumbnailers
kdePackages.kdegraphics-thumbnailers
kdePackages.kservice
kdePackages.kdbusaddons
kdePackages.kfilemetadata
kdePackages.kconfig
kdePackages.kcoreaddons
kdePackages.kcrash
kdePackages.kguiaddons
kdePackages.ki18n
kdePackages.kitemviews
kdePackages.kwidgetsaddons
kdePackages.kwindowsystem
shared-mime-info
#kde support tools
#libsForQt5.qt5ct
#qt6ct
kdePackages.kimageformats
kdePackages.dolphin
kdePackages.dolphin-plugins
];
xdg = {
menus.enable = true;
mime.enable = true;
};
#https://discourse.nixos.org/t/dolphin-does-not-have-mime-associations/48985/3
# This fixes the unpopulated MIME menus
environment.etc."/xdg/menus/plasma-applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
environment.etc."/xdg/menus/applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
#environment.pathsToLink = [
# "share/thumbnailers"
#];
};
}

13
modules/nixos/programs/sops/.sops.yaml Normal file
View file

@ -0,0 +1,13 @@
keys:
- &primary age1l8euy4w4nccrpdmfdfct468parcrulkqcts2jcljajs2as0k7passdv2x4
- &kylekrein-framework12 age10s6c9har9pg2a0md30fhpp2mfy89xxrrnu5dwrjtqzh3lktcdaysq7st65
- &kylekrein-mac age12apyh4f5m002npnfq5kansrzme6umtzsvc6m96fjz752gg8c7a8s8e48xd
- &kylekrein-homepc age1z6d8gk5fhm5mkkcrm4dycs4ugqaar3ls2h5ehwul9qcqhl9x4q8szmz6c7
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary
- *kylekrein-framework12
- *kylekrein-mac
- *kylekrein-homepc

36
modules/nixos/programs/sops/default.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.programs.sops;
impermanence = config.${namespace}.impermanence;
keyPath =
if impermanence.enable
then "${impermanence.persistentStorage}/sops/age/keys.txt"
else "/var/lib/sops/age/keys.txt";
in {
options.${namespace}.programs.sops = with types; {
enable = mkBoolOpt true "Enable KyleKrein's default sops settings";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [sops];
sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key" "${impermanence.persistentStorage}/home/kylekrein/.ssh/id_ed25519" "/home/kylekrein/.ssh/id_ed25519"];
sops.age.keyFile = keyPath;
# This will generate a new key if the key specified above does not exist
sops.age.generateKey = true;
};
}

58
modules/nixos/programs/sops/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
users:
kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str]
tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str]
andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str]
services:
conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str]
gitlab:
dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str]
rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str]
secret: ENC[AES256_GCM,data:W7PfRh80hzMZrJebHgs4CJeeABWIVVkh3ByTF1Yfavw=,iv:WnLEACeCZOf+YpF4RzQCXG6uPEq7zrE6u7DQQLZjL/Q=,tag:3qjnIeoptMsIxIbTh5TR+Q==,type:str]
dbsecret: ENC[AES256_GCM,data:5VJdhvr1z3sYlXJz0u1eKk5UBt9rKzMiTQcawA64/K0dL6A3WCppnmHeLw6X0vJPnZ6uqJuEDyV7DU5nEg==,iv:fk0oDjYfxzWD2SmVSlwrvJeiHrMxUhR41bqQJ5IXs18=,tag:9cSlRX+bvr8vjBtxwqbeFw==,type:str]
otpsecret: ENC[AES256_GCM,data:enBP2fsr+VaHuK93GGDtgGMSf20yxgLloHIHIibFfLo=,iv:iLLVuypLXySsw363Y9CSz5Kqa3CCNQFwURdOoi5Ig20=,tag:CgUMcT+x/134JJaScHLlOQ==,type:str]
activeRecordSalt: ENC[AES256_GCM,data:kbIImurv4lpcJJMQlEVJJpuuBTw/OUG+PW3Y9kQlIVM=,iv:1ymv3gmRhff49uaTLrIkWA0rX1wtRdfpa0551zHvsko=,tag:KDrDNg9sKRomGH8psS17gA==,type:str]
activeRecordPrimaryKey: ENC[AES256_GCM,data:AfL5kKmD2uqzq07xCCELDPLtZinE4b4RAmqd9xWAxgg=,iv:3Mhadey/k6k3/Ysb2KQ4eb9lDzHQJRAKP8R1Fw4wFdg=,tag:/0wS7lVkuoYTMCut8UEXWg==,type:str]
activeRecordDeterministicKey: ENC[AES256_GCM,data:pJBZAL60XeCrW7CPx76WcWpsYOwlR4OWmIP/61vNL3k=,iv:t/YmnVFge6kLiQjXD6RKNn7r5Oy1Aeyi3ZIaP57Nhig=,tag:L4aU4h4KdbsSNDpgybaV3g==,type:str]
oidcKeyBase: ENC[AES256_GCM,data:hHBdaIynMg8eWiwDjDfN+8PcUjOPl9VzG6lu2Z1eRrC2PaVXORg1Eh6YPi83efqhaSbONHeiORGsLM/NYHFcviEvQ8aZXb9y/ojKPHdyjYvkedIU1alyfWqiz8+xP/H2JFPgMdDsO6Tt4IswTMCfbNOXY2+RwImLACxTDoeY9LX2wklrGWh7F7DqAYymM2T6PrulJqGtbrep3yEylb5kqPZU34aJQzdZ7/zA5EW68xTOWEElCcxfkr2ThCywk6quUQaaCsqVAjZhULRDYfDA/umF8r6S7eNh0eFm6X17xsLTgkSMkx4gLvaUxtLG9bGM/5FJ6823hyRSTNXZx0cV7f195mqeUhn6rvUIl6qC8O7Ln6auWxjuJDRo+1Phr4J3dQMBXBaG2WpQFufgXNw8qWpMEqpiN6CjXhFYWJT/TxCZR+Bdxqt8Fegk0DjcEQFbJDOKKV3/JMu1hIsydeVRTmyy06EbBKSfAIgFddQIA7DmxqK6tqLRtITQ1K9xGnt4msiqgfv1XiyeTo+vmptYVDGLSLtB6yfOKvs/U31RlNESwcHwIqlisl1bex5HV10OCcMkFVhhffoiT1Swdj9ilMhd3TkgL2uJstC26QuyB4Gdnmz28MWU28JXP7qVf0rvq6nNPYAKpO3LgNPx5JrCz6DGCxSZiJOQ0fYDxz5QC2EznAbmZachg8tBb4Hmd/CvEtMMvWfkxueadTV7fWR0l3R4H1cizUF8j2NIfqWb6TQLIy25PaOSNnyZ+a4NFZDgZQcpl4zbCLVKHEKGDGhMr4SpEtKzasZSwv1jw7TZoiN8I2g1hSdZRCq3KJ2nAIGvlZd8NUTsksxsIXcxaoM1rfl4dIOfHm3H+HcKmnMYafnCH0EgdRZeAv1sonDzUOEl2G8myUTa3xNlR43lauIG0ipat83UO6INFh4N0TFJtirPHjm72ZMfUK89ut5fWnYqiKopkJEtAy7Bk1EUbXwuRfBDB34m8AFdDGbVWWVaoVJkSuIr8PHMsFhJRGn1TUit7tDQfgPvLpPD0Wiq2PBgoExZ8qLYUDdOCvTxWnZ+gpTRghiBebulNR0xGOCeopg4qiMZ7rWfUJHsqNUazpak1JPIWC8wYIJ4vojjIH1TCpl11lYUvXy1ffFkcWBYplsGYBuY3qpXG/Od3yrdwPKzhHPjPpWDdxZJBW91HRdq0qhq9mYIr28kqGF4Mg60cGGdin+/O0jcfzWzwhjibEfrfuzBqhHknTPXDTlKPBctdvcQZRUsOS0d6SrNRXOvvzlSTrUowaQTSrZNzNDpAt3VKYJDnXGgwnAZSk8zhRM7J6bc9artgm75qBWuZCxLHbcqyBeWVRALYPkWp5h1bLCaGHgC7x986d0mGxfU9p2szIRyacbJN/ITIuDuDmvBt9NWydkkdT3GZE9uhbxQMgfkKyLyXvf7LrF1iSmIos15tYCZrxAcu0LMo2mqW51e92uc4AXE8rVB4k7z2j19F5sW9GMQgKOk6qT1CSpzfHvPpVdKQ5cVVj4X5GZOao5flo1tO/sNwE92Jpc/jLw96737rRDGe9vSkdbyhSS1wrF4+P59QPxsdelSAYZF6YMgSN0yCJFuRLWfj6IpxpBIEEuB5QACCHnDiWi9cFEwRaq6EX6f87Joznd9o1kwASmMXpkXqv/rLorjlqdXajwdFXEmNUFMqX90va7LvlZJPHhvXmgJCwdHAKacQj1m0Ji4EqSZhM/I1uEhG6zTc2jE46N2peVf2JytEGpbgF/m2pyGJDDQ5SDIfG+4AdUXVTk68wl0Q2SSjBb4d/N8XNfPHHToXEuNsNmHZx/4Yt9b+RJqzl3Mi+HOvJP/mz8wR7TxceHnuqE0RTvl9TYN0MXkXVfh6ECj6AaDuiL930IYabRZ5do7eMaA2OYZoPvZA4udoctDApyzs0Dn0gVu9sFXUgmNV7YnkETeEtjKEn/sjWmkMFQ+vJoK27H4OuILxYj5jtBhWbjNYeheBVo5jXmANakDO95vlLhlp2t11LrEoR59dNVVvvN3zDuX1/EYI0OvS4Isl7HTk8ud0+8tfzywGAY3LtEhpEffe91gqEleu2atKYWZQ8917ugvmGkNQ5SNJloDFtUFvAAjJypoovQ6JxQOgFGSsgKMMUMSyuUQnjkxThrGL6oMavAGKElJn6xFc48xSvS4dluTotqwzN2gaV5a98PFbw4zda3ltx2uJD3XxYqr1J92P39YMjKihFIALrcXIESV0Aehfap3WATjlRLikTq726wo2n+k,iv:P8C/7NUd1G/VbKz7iWjTVXxMFOxZQxX5d0V4Tj6KeCw=,tag:iq4s3ahqkmf4e7BffjlIcQ==,type:str]
sops:
age:
- recipient: age1l8euy4w4nccrpdmfdfct468parcrulkqcts2jcljajs2as0k7passdv2x4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU2dMcDZjNHhFMmltNkRJ
VlZiYk1hdE1Dczhya3J4Q1EyUlY3ekZtVUFnCkpvN2Y0OFNUTnFtbFIxZVhDdnc3
YWh3S3FWeXFHTlU4Y0ZOZmI5d1F1dTAKLS0tIFhWSWp1d29ORnJGYWZxMDJib0ho
NTFaWFE0Rk4yU2hXYjRsUFhZY3pTR2cKoQkn7UJVh7uIyCEezrd34arkRxScIL3O
4P/6eDoqXJBkvzwDgidqLLcwuu1nanJpbmr662gRuZmnybwEVp504g==
-----END AGE ENCRYPTED FILE-----
- recipient: age10s6c9har9pg2a0md30fhpp2mfy89xxrrnu5dwrjtqzh3lktcdaysq7st65
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXRU8vd0I0bjRma1pveWVn
ZWFKci9ld2NuRmFla3R0azgzaHl0N20rMHlzCmpaaE1HYmYzVW1RWUw1L0hBclJk
eUlDTWk3ZXJ5Z25HYXJFODQ4T1lHMFUKLS0tIDg0QlhoQll1Q01BY2thSEFTN0RH
cGd4ZG9VUWVxeFlZL2VuVlFsRWVseDQKHKkQONzFlbKMFFzNeATkpUqJdWIAlEL8
QqUvujs1mMCWw9dqXhlT2ik7LHQO6yp5Oh4gxLg8nhZqs5O+leNdQQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12apyh4f5m002npnfq5kansrzme6umtzsvc6m96fjz752gg8c7a8s8e48xd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Wmc1alppT1BSS0NKcDZ0
TWNOKzVmQkpmeG1YZ0p4Tm5BVlBxaS81VW44CllubzREc3g0dVB4dUhuMWJDMGtm
UTVBYlZjT3JEWExoSDV5a1BzYk1BMUUKLS0tICtnK2xNalBEWjFPZis2UFRubWxl
aDdZNVZqRnM5U3hRK1gyNFllRVJXMEkKko3YM1MtoWR01/YN/1QtTgtWsGf+r8MH
dZaWrIyAbRMeR/aBSZ3VjiuP1d2G7YtT1fa7/jaXd0igiYu2gWDu9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z6d8gk5fhm5mkkcrm4dycs4ugqaar3ls2h5ehwul9qcqhl9x4q8szmz6c7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheDVNcVRKTHdxa01zTjJi
NUxGVVlleTNaZnJ6QVhreU9XbGkwaVh6R1N3CkR5T0VKTnd6N0hteDlOUHdKcS9p
YWwzL2lwTExyaUcrcXQ2dG4xOGpZN0UKLS0tIFJZU1hXMUtOSklXYjdtWkt6UTFl
MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi
f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-30T16:15:59Z"
mac: ENC[AES256_GCM,data:mmJH3BEqsrboGaQM7yWuHF1MWREC4bLc+RAZgsqlNvhgoWLoaVDLuBjEfuXCDPdnvDPesbUrI8HHA5gz523C0PoJdkoFcRoVOwhLqj6tJjT4JnlaTgpBMN5UqBqt9Gm68mqekE0bm7ihdc3lnn/OkRrxJI3Th5KzUC4zMmdjVsI=,iv:K0f75ft3PQdQ1AUFzrannvLv03fl6FS6se/muMcyQkY=,tag:y3FJQDthKoWvoMHdmcvRQA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

44
modules/nixos/security/users/default.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.security.users;
in {
options.${namespace}.security.users = with types; {
enable = mkBoolOpt true "Enable security measures for users, that include immutable users, disabled root access and ssh rules";
};
config = mkIf cfg.enable {
users = {
mutableUsers = false;
users = {
root = {
# disable root login here, and also when installing nix by running nixos-install --no-root-passwd
# https://discourse.nixos.org/t/how-to-disable-root-user-account-in-configuration-nix/13235/3
hashedPassword = "!"; # disable root logins, nothing hashes to !
};
};
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedUDPPorts = [22];
};
}

40
modules/nixos/services/syncthing/default.nix Normal file
View file

@ -0,0 +1,40 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.services.syncthing;
impermanence = config.${namespace}.impermanence;
in {
options.${namespace}.services.syncthing = with types; {
enable = mkBoolOpt false "Enable syncthing service for the user";
user = lib.mkOption {
type = lib.types.singleLineStr;
default = "";
example = "nixos";
description = ''
User, that will use the syncthing service (only one at a time)
'';
};
};
config =
mkIf cfg.enable {
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder
services.syncthing = {
inherit (cfg) user;
configDir = optional (impermanence.enable) "${impermanence.persistentStorage}/home/${cfg.user}/.config/syncthing";
enable = true;
};
};
}

42
modules/nixos/windowManagers/niri/default.nix Normal file
View file

@ -0,0 +1,42 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.windowManagers.niri;
in {
options.${namespace}.windowManagers.niri = with types; {
enable = mkBoolOpt false "Enable Niri as your window manager";
};
config =
mkIf cfg.enable {
${namespace} = {
loginManagers.sddm.enable = mkDefault true;
security.pam.services.hyprlock = {};
programs.niri = {
enable = true;
package = pkgs.niri-unstable;
};
niri-flake.cache.enable = true;
environment.systemPackages = with pkgs; [
wl-clipboard
wayland-utils
libsecret
gamescope
xwayland-satellite-unstable
swaybg
];
};
};
}

2
nixos/modules/impermanence/default.nix
View file

@ -5,7 +5,7 @@
pkgs,
...
}: let
isBtrfs = config.fileSystems."/".fsType == "btrfs";
rootIsBtrfs = config.fileSystems."/".fsType == "btrfs";
in {
imports = [
inputs.impermanence.nixosModules.impermanence

133
nixos/modules/steam/default.nix
View file

@ -7,104 +7,49 @@
...
}: let
cfg = config.kk.steam;
containerPath =
if hwconfig.useImpermanence
then "/persist/home/containers/steam"
else "/var/containers/steam";
containerName = "fedora-steam";
in {
options.kk.steam = {
enable = lib.mkEnableOption "Enable steam";
};
config = lib.mkIf cfg.enable (
if hwconfig.system == "aarch64-linux"
then {
virtualisation.podman = {
enable = true;
dockerCompat = true;
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
unzip
wget
xdotool
xorg.xprop
xorg.xrandr
unixtools.xxd
xorg.xwininfo
yad
protonup-qt
protontricks
bottles
];
programs.steam = {
enable = true; #!hwconfig.useImpermanence;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
package = pkgs.steam.override {
extraPkgs = pkgs:
with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
sdl3
SDL2
stdenv.cc.cc.lib
libkrb5
keyutils
gamescope
];
};
environment.systemPackages = with pkgs; [
distrobox
(pkgs.writeShellScriptBin "steam-install" ''
set -e
echo "Проверяем контейнер Steam..."
if [ ! -d "${containerPath}" ]; then
echo "Контейнер не найден, создаем новый с Fedora..."
# Создаём контейнер с Fedora
export PATH=${pkgs.podman}/bin:$PATH
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-create --name "${containerName}" --image registry.fedoraproject.org/fedora:latest --home ${containerPath} --hostname ${containerName} --yes
echo "Контейнер ${containerName} создан, устанавливаем Steam..."
# Устанавливаем Steam внутри контейнера
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf upgrade --refresh -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/steam
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/fedora-remix-branding
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/fedora-remix-scripts
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/kernel
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/mesa
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/kernel-edge
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/packit-builds
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/u-boot
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/rawhide-rebuilds
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/mesa
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/mesa
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf upgrade --refresh -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true asahi-repos -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true steam -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf remove dhcpcd -y
fi
echo "Экспортируем Steam..."
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox enter "${containerName}" -- distrobox-export --app steam
'')
];
}
else {
environment.systemPackages = with pkgs; [
unzip
wget
xdotool
xorg.xprop
xorg.xrandr
unixtools.xxd
xorg.xwininfo
yad
protonup-qt
protontricks
bottles
];
programs.steam = {
enable = true; #!hwconfig.useImpermanence;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
package = pkgs.steam.override {
extraPkgs = pkgs:
with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
sdl3
SDL2
stdenv.cc.cc.lib
libkrb5
keyutils
gamescope
];
};
};
programs.gamemode.enable = true;
}
);
};
programs.gamemode.enable = true;
};
}

7
overlays/pass/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: (final: prev: {
pass = prev.pass.withExtensions (exts:
with exts; [
pass-otp
pass-import
]);
})

11
packages/root-files/default.nix Normal file
View file

@ -0,0 +1,11 @@
# helps to find files that will be deleted after the reboot when using impermanence
{
writeShellScriptBin,
fd,
lib,
}:
writeShellScriptBin "root-files" ''
${lib.getExe fd} --one-file-system --base-directory / --type f --hidden --exclude "{tmp,etc/passwd}"
''
# https://www.reddit.com/r/NixOS/comments/1d1apm0/comment/l5tgbwz/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

20
systems/x86_64-linux/kylekrein-homepc/default.nix Normal file
View file

@ -0,0 +1,20 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}: with lib;{
custom.windowManagers.niri = enabled;
custom.loginManagers.sddm = enabled;
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "25.05";
# ======================== DO NOT CHANGE THIS ========================
}

7663
systems/x86_64-linux/kylekrein-homepc/facter.json Normal file
View file

File diff suppressed because it is too large Load diff

132
systems/x86_64-linux/kylekrein-wsl-wm/default.nix Normal file
View file

@ -0,0 +1,132 @@
{
lib,
pkgs,
inputs,
...
}:
with lib.custom; {
custom.presets.default = enabled;
custom.gpg = enabled;
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
docker.enable = true;
};
users.extraGroups.docker.members = ["nixos"];
environment.systemPackages = with pkgs; [
inputs.emacs-kylekrein.packages.${pkgs.system}.with-lsps-native
nix-output-monitor
eza
fd
tealdeer
docker-compose
fzf
lazygit
fastfetch
wl-clipboard
git
#git-credential-manager
egl-wayland
xclip
btop
comma
csharp-ls
];
wsl = {
enable = true;
defaultUser = "nixos";
useWindowsDriver = true;
};
programs.nh = {
flake = lib.mkForce "/home/nixos/nixos-config";
};
services.ollama = {
enable = true;
loadModels = ["llama3.1" "qwen2.5-coder:7b"];
acceleration = "cuda";
user = "ollama";
group = "ollama";
};
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
font-awesome
nerd-fonts.symbols-only
hack-font
# microsoft fonts:
corefonts
vistafonts
];
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
XDG_RUNTIME_DIR = "/mnt/wslg/runtime-dir"; #sometimes gui apps stop working in wsl. This option makes GUI apps load much slower but at least they work https://github.com/microsoft/wslg/issues/1303#issuecomment-2764300164
EDITOR = "emacsclient -c";
};
hardware = {
graphics = {
enable = true;
};
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
programs.bash = {
shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons=always";
};
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedUDPPorts = [22];
# Or disable the firewall altogether.
#networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
substituters = [
"https://hyprland.cachix.org"
"https://nix-gaming.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
}

21
templates/default.nix Normal file
View file

@ -0,0 +1,21 @@
{...}: {
#lib = {
# path = ./lib;
#};
module = {
path = ./module;
description = "Snowfall module";
};
overlay = {
path = ./overlay;
description = "Snowfall overlay";
};
system = {
path = ./system;
description = "Snowfall system(host)";
};
home = {
path = ./home;
description = "Snowfall home";
};
}

23
templates/home/default.nix Normal file
View file

@ -0,0 +1,23 @@
{
lib,
pkgs,
config,
...
}:
# User information gathered by Snowfall Lib is available.
let
name = config.snowfallorg.user.name;
home = config.snowfallorg.user.home.directory;
in {
home = {
packages = with pkgs; [
librewolf
];
sessionVariables = {
EDITOR = "emacsclient -c";
};
stateVersion = "25.05";
};
}

25
templates/module/default.nix Normal file
View file

@ -0,0 +1,25 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.${namespace}; let
cfg = config.${namespace}.module;
in {
options.${namespace}.module = with types; {
enable = mkBoolOpt false "Enable module";
};
config =
mkIf cfg.enable {
};
}

3
templates/overlay/default.nix Normal file
View file

@ -0,0 +1,3 @@
_: (final: prev: {
package = prev.package.override {};
})

39
templates/system/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}: {
imports = [./hardware-configuration.nix];
# Enable Bootloader (EFI or BIOS)
#system.boot.efi.enable = true;
#system.boot.bios.enable = true;
# Better battery life on laptops
# system.battery.enable = true;
# suites.desktop.enable = true;
# suites.development.enable = true;
# suites.server.enable = true;
# Nvidia Drivers
# hardware.nvidia.enable = true;
# Add packages (custom for ones in these dotfiles)
# environment.systemPackages = with pkgs; [
# ${namespace}.package
# ];
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "25.05";
# ======================== DO NOT CHANGE THIS ========================
}