diff --git a/flake.lock b/flake.lock index b846b7a..b3613b3 100644 --- a/flake.lock +++ b/flake.lock @@ -464,6 +464,22 @@ "type": "github" } }, + "flake-compat_10": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { "flake": false, "locked": { @@ -530,6 +546,22 @@ } }, "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1747046372, @@ -545,7 +577,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1696426674, @@ -562,22 +594,6 @@ "type": "github" } }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_9": { "flake": false, "locked": { @@ -698,6 +714,27 @@ } }, "flake-parts_6": { + "inputs": { + "nixpkgs-lib": [ + "nix-schemes", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -732,6 +769,21 @@ "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" } }, + "flake-schemas_2": { + "locked": { + "lastModified": 1747430042, + "narHash": "sha256-FXBkQaQ2wptf06JpD9d8FsQcyj1wmSttq7eZIXxqiz4=", + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "rev": "d0e74ee9a30eda4cc153b7f1e347043680834180", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -884,6 +936,37 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": [ + "nix-schemes" + ], + "gitignore": [ + "nix-schemes" + ], + "nixpkgs": [ + "nix-schemes", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nix-schemes", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -1426,6 +1509,32 @@ "type": "github" } }, + "nix-schemes": { + "inputs": { + "flake-compat": "flake-compat_6", + "flake-parts": "flake-parts_6", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1741125032, + "narHash": "sha256-Yy1Cd3Xm4UJTctYsVQfD5jY5z7pVncvLu8cq0cjjYT4=", + "owner": "DeterminateSystems", + "repo": "nix-src", + "rev": "271926aa5997c3120c8ef0962ce1c7f29fee1a05", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "ref": "flake-schemas", + "repo": "nix-src", + "type": "github" + } + }, "nixos-facter-modules": { "locked": { "lastModified": 1750412875, @@ -1459,7 +1568,7 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "nixpkgs": "nixpkgs_13" }, "locked": { @@ -1493,6 +1602,22 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, "nixpkgs-docs": { "locked": { "lastModified": 1705957679, @@ -1568,6 +1693,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -4087,6 +4228,7 @@ "conduwuit": "conduwuit", "disko": "disko", "emacs-kylekrein": "emacs-kylekrein", + "flake-schemas": "flake-schemas_2", "home-manager": "home-manager_2", "impermanence": "impermanence", "lanzaboote": "lanzaboote", @@ -4096,6 +4238,7 @@ "nix-flatpak": "nix-flatpak", "nix-gaming": "nix-gaming", "nix-on-droid": "nix-on-droid", + "nix-schemes": "nix-schemes", "nixos-facter-modules": "nixos-facter-modules", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", @@ -4208,7 +4351,7 @@ }, "snowfall-flake": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "nixpkgs": [ "nixpkgs" ], @@ -4230,7 +4373,7 @@ }, "snowfall-lib": { "inputs": { - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_9", "flake-utils-plus": "flake-utils-plus", "nixpkgs": [ "snowfall-flake", @@ -4254,7 +4397,7 @@ }, "snowfall-lib_2": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_10", "flake-utils-plus": "flake-utils-plus_2", "nixpkgs": [ "nixpkgs" @@ -4299,7 +4442,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_16", "nur": "nur", diff --git a/flake.nix b/flake.nix index edf51fd..11dfcae 100644 --- a/flake.nix +++ b/flake.nix @@ -80,6 +80,11 @@ url = "github:snowfallorg/flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-schemes = { + url = "github:DeterminateSystems/nix-src/flake-schemas"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-schemas.url = "github:DeterminateSystems/flake-schemas"; }; outputs = inputs: @@ -94,12 +99,12 @@ overlays = with inputs; [ niri-flake.overlays.niri snowfall-flake.overlays.default + nix-schemes.overlays.default ]; systems.modules.nixos = with inputs; [ nix-flatpak.nixosModules.nix-flatpak niri-flake.nixosModules.niri - nixos-wsl.nixosModules.default sops-nix.nixosModules.sops nixos-facter-modules.nixosModules.facter home-manager.nixosModules.default @@ -113,6 +118,12 @@ templates = import ./templates {}; + outputs-builder = channels: { + formatter = channels.nixpkgs.alejandra; + }; + + schemas = inputs.flake-schemas.schemas; + snowfall = { namespace = "custom"; meta = { diff --git a/lib/users/default.nix b/lib/users/default.nix new file mode 100644 index 0000000..c194d06 --- /dev/null +++ b/lib/users/default.nix @@ -0,0 +1,85 @@ +{ + lib, + namespace, + ... +}: +with lib; rec { + mkHomeManagerConfigOpt = config: + mkOption { + # HM-compatible options taken from: + # https://github.com/nix-community/home-manager/blob/0ee5ab611dc1fbb5180bd7d88d2aeb7841a4d179/nixos/common.nix#L14 + # NOTE: This has been adapted to support documentation generation without + # having home-manager options fully declared. + type = types.submoduleWith { + specialArgs = + { + osConfig = config; + modulesPath = "${inputs.home-manager or "/"}/modules"; + } + // (config.home-manager.extraSpecialArgs or {}); + modules = + [ + ({ + lib, + modulesPath, + ... + }: + if inputs ? home-manager + then { + imports = import "${modulesPath}/modules.nix" { + inherit pkgs lib; + useNixpkgsModule = !(config.home-manager.useGlobalPkgs or false); + }; + + config = { + submoduleSupport.enable = true; + submoduleSupport.externalPackageInstall = config.home-manager.useUserPackages; + + home.username = config.users.users.${name}.name; + home.homeDirectory = config.users.users.${name}.home; + + nix.package = config.nix.package; + }; + } + else {}) + ] + ++ (config.home-manager.sharedModules or []); + }; + }; + + mkUser = { + config, + enable, + homeConfig, + username, + admin, + extraGroups, + trustedSshKeys, + }: let + impermanence = config.${namespace}.impermanence; + persist = impermanence.persistentStorage; + in { + snowfallorg.users.${username} = { + create = enable; + inherit admin; + + home = { + enable = enable; + config = homeConfig; + }; + }; + users.users.${username} = mkIf enable { + extraGroups = extraGroups ++ optionals admin ["wheel"]; + hashedPasswordFile = config.sops.secrets."users/${username}".path; + openssh.authorizedKeys.keys = trustedSshKeys; + }; + sops.secrets."users/${username}" = mkIf enable { + neededForUsers = true; + }; + systemd.tmpfiles.rules = optionals (impermanence.enable) ["d ${persist}/home/${username} 0700 ${username} users -"]; # /persist/home/ created, owned by that user + + nix.settings.trusted-users = optionals admin [ + username + ]; + }; +} diff --git a/modules/home/programs/default.nix b/modules/home/programs/default.nix new file mode 100644 index 0000000..64d1644 --- /dev/null +++ b/modules/home/programs/default.nix @@ -0,0 +1,147 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.programs.fastfetch; +in { + options.${namespace}.programs.fastfetch = with types; { + enable = mkBoolOpt false "Enable fastfetch with custom settings"; + firstNixOSInstall = mkOption { + type = nullOr int; + default = null; + description = '' + Unix time of the first install of NixOS to use for age. Can be aquired with "stat -c %W /" + ''; + }; + }; + + config = mkIf cfg.enable { + programs.fastfetch = { + enable = true; + + settings = { + display = { + color = { + keys = "35"; + output = "1000"; + }; + }; + + logo = { + source = ./nixos.png; + type = "kitty-direct"; + height = 15; + width = 30; + padding = { + top = 3; + left = 3; + }; + }; + + modules = [ + "break" + { + type = "custom"; + format = "┌──────────────────────Hardware──────────────────────┐"; + } + { + type = "cpu"; + key = "│  "; + } + { + type = "gpu"; + key = "│ 󰍛 "; + } + { + type = "memory"; + key = "│ 󰑭 "; + } + { + type = "custom"; + format = "└────────────────────────────────────────────────────┘"; + } + "break" + { + type = "custom"; + format = "┌──────────────────────Software──────────────────────┐"; + } + { + type = "custom"; + format = " OS -> NixOS btw"; + } + { + type = "kernel"; + key = "│ ├ "; + } + { + type = "packages"; + key = "│ ├󰏖 "; + } + { + type = "shell"; + key = "└ └ "; + } + "break" + { + type = "wm"; + key = " WM"; + } + { + type = "wmtheme"; + key = "│ ├󰉼 "; + } + { + type = "terminal"; + key = "└ └ "; + } + { + type = "custom"; + format = "└────────────────────────────────────────────────────┘"; + } + "break" + { + type = "custom"; + format = "┌────────────────────Age / Uptime────────────────────┐"; + } + { + type = "command"; + key = "│  "; + text = + #bash + '' + birth_install=${ + if cfg.firstNixOSInstall != null + then "${builtins.toString cfg.firstNixOSInstall}" + else "$(stat -c %W /)" + } + current=$(date +%s) + delta=$((current - birth_install)) + delta_days=$((delta / 86400)) + echo $delta_days days + ''; + } + { + type = "uptime"; + key = "│  "; + } + { + type = "custom"; + format = "└────────────────────────────────────────────────────┘"; + } + "break" + ]; + }; + }; + }; +} diff --git a/modules/nixos/gpg/default.nix b/modules/nixos/gpg/default.nix index df35309..ab00be0 100644 --- a/modules/nixos/gpg/default.nix +++ b/modules/nixos/gpg/default.nix @@ -26,5 +26,12 @@ in { pinentry-program = lib.mkForce "${pkgs.pinentry-curses}/bin/pinentry-curses"; }; }; + environment.systemPackages = [ + (pkgs.pass.withExtensions (exts: + with exts; [ + pass-otp + pass-import + ])) + ]; }; } diff --git a/modules/nixos/hardware/asahi/default.nix b/modules/nixos/hardware/asahi/default.nix new file mode 100644 index 0000000..7defe70 --- /dev/null +++ b/modules/nixos/hardware/asahi/default.nix @@ -0,0 +1,35 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.hardware.asahi; +in { + options.${namespace}.hardware.asahi = with types; { + enable = mkBoolOpt false "Enable hardware support for Apple Silicon (M Chips)"; + imports = [ + inputs.apple-silicon-support.nixosModules.default + ({pkgs, ...}: { + hardware.asahi = { + peripheralFirmwareDirectory = ./firmware; + useExperimentalGPUDriver = true; #deprecated + #experimentalGPUInstallMode = "overlay"; + setupAsahiSound = true; + }; + environment.systemPackages = with pkgs; [ + mesa-asahi-edge + ]; + }) + ]; + }; +} diff --git a/modules/nixos/hardware/asahi/firmware/all_firmware.tar.gz b/modules/nixos/hardware/asahi/firmware/all_firmware.tar.gz new file mode 100755 index 0000000..6550b7b Binary files /dev/null and b/modules/nixos/hardware/asahi/firmware/all_firmware.tar.gz differ diff --git a/modules/nixos/hardware/asahi/firmware/kernelcache.release.mac13g b/modules/nixos/hardware/asahi/firmware/kernelcache.release.mac13g new file mode 100755 index 0000000..9d48281 Binary files /dev/null and b/modules/nixos/hardware/asahi/firmware/kernelcache.release.mac13g differ diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index e326b48..329087c 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -19,9 +19,8 @@ in { enable = mkBoolOpt false "Enable bluetooth support"; }; - config = - mkIf cfg.enable { - hardware.bluetooth = { + config = mkIf cfg.enable { + hardware.bluetooth = { enable = true; powerOnBoot = true; settings = { @@ -30,6 +29,6 @@ in { }; }; }; - services.blueman.enable = true; - }; + services.blueman.enable = true; + }; } diff --git a/modules/nixos/hardware/framework12/default.nix b/modules/nixos/hardware/framework12/default.nix new file mode 100644 index 0000000..e1234bf --- /dev/null +++ b/modules/nixos/hardware/framework12/default.nix @@ -0,0 +1,49 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.hardware.framework12; +in { + options.${namespace}.hardware.framework12 = with types; { + enable = mkBoolOpt false "Enable hardware support for framework 12. P.s. you still need to import inputs.nixos-hardware.nixosModules.framework-12-13th-gen-intel yourself"; + }; + config = mkIf cfg.enable { + # Ensure that the `pinctrl_tigerlake` kernel module is loaded before `soc_button_array`. + # This is required for correcly switching to tablet mode when the display is folded back. + boot.extraModprobeConfig = '' + softdep soc_button_array pre: pinctrl_tigerlake + ''; + boot.initrd.kernelModules = ["pinctrl_tigerlake"]; + # Patch the `udev` rules shipping with `iio-sensor-proxy` according to: + # https://github.com/FrameworkComputer/linux-docs/blob/main/framework12/Ubuntu-25-04-accel-ubuntu25.04.md + nixpkgs.overlays = [ + (final: prev: { + iio-sensor-proxy = prev.iio-sensor-proxy.overrideAttrs (old: { + postInstall = '' + ${old.postInstall or ""} + sed -i 's/.*iio-buffer-accel/#&/' $out/lib/udev/rules.d/80-iio-sensor-proxy.rules + ''; + }); + }) + ]; + hardware.enableRedistributableFirmware = true; + environment.systemPackages = [ + pkgs.framework-tool + ]; + users.groups.touchscreen = {}; + services.udev.extraRules = '' + KERNEL=="event*", ATTRS{name}=="ILIT2901:00 222A:5539", SYMLINK+="touchscreen", MODE="0660", GROUP="touchscreen" + ''; + }; +} diff --git a/modules/nixos/hardware/nvidia/default.nix b/modules/nixos/hardware/nvidia/default.nix new file mode 100644 index 0000000..8ab6064 --- /dev/null +++ b/modules/nixos/hardware/nvidia/default.nix @@ -0,0 +1,66 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.hardware.nvidia; +in { + options.${namespace}.hardware.nvidia = with types; { + enable = mkBoolOpt false "Enable Nvidia GPU Drivers"; + }; + + config = mkIf cfg.enable { + hardware = { + graphics = { + enable = true; + extraPackages = with pkgs; [ + nvidia-vaapi-driver + ]; + }; + nvidia = { + # https://nixos.wiki/wiki/Nvidia + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = true; #false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.latest; + }; + + logitech.wireless.enable = true; + }; + services.xserver.videoDrivers = ["nvidia"]; + }; +} diff --git a/modules/nixos/hardware/printing/default.nix b/modules/nixos/hardware/printing/default.nix index 5b4e8d9..8332b36 100644 --- a/modules/nixos/hardware/printing/default.nix +++ b/modules/nixos/hardware/printing/default.nix @@ -19,16 +19,15 @@ in { enable = mkBoolOpt false "Enable printers support"; }; - config = - mkIf cfg.enable { - environment.systemPackages = with pkgs; [ -system-config-printer -]; - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + system-config-printer + ]; + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; }; + }; } diff --git a/modules/nixos/hardware/secureBoot/default.nix b/modules/nixos/hardware/secureBoot/default.nix new file mode 100644 index 0000000..1c40463 --- /dev/null +++ b/modules/nixos/hardware/secureBoot/default.nix @@ -0,0 +1,38 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.hardware.secureBoot; +in { + options.${namespace}.hardware.secureBoot = with types; { + enable = mkBoolOpt false "Enable support for secure boot. Note: Secure boot should still be configured imperatively. This module only handles the declarative part."; + }; + + config = mkIf cfg.enable { + boot = { + initrd.systemd.enable = true; + + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }; + environment.systemPackages = with pkgs; [ + # For debugging and troubleshooting Secure Boot. + sbctl + # For tpm auto unlock + tpm2-tss + ]; + }; +} diff --git a/modules/nixos/loginManagers/sddm/default.nix b/modules/nixos/loginManagers/sddm/default.nix index ecb8922..01a73bb 100644 --- a/modules/nixos/loginManagers/sddm/default.nix +++ b/modules/nixos/loginManagers/sddm/default.nix @@ -35,7 +35,7 @@ in { enable = true; theme = "catppuccin-mocha"; package = mkDefault pkgs.kdePackages.sddm; - wayland.enable = mkDefault config.${username}.presets.wayland.enable; + wayland.enable = mkDefault config.${namespace}.presets.wayland.enable; settings = { General = { InputMethod = "wvkbd-mobintl"; # Enables optional virtual keyboard at login (SDDM). Useful for touchscreens or accessibility. diff --git a/modules/nixos/presets/default/default.nix b/modules/nixos/presets/default/default.nix index b55098c..d464610 100644 --- a/modules/nixos/presets/default/default.nix +++ b/modules/nixos/presets/default/default.nix @@ -14,6 +14,20 @@ in { }; config = mkIf cfg.enable { + zramSwap = { + enable = true; # Hopefully? helps with freezing when using swap + }; + boot = { + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + loader = { + systemd-boot.enable = !config.${namespace}.hardware.secureBoot.enable; + efi.canTouchEfiVariables = !config.${namespace}.hardware.asahi.enable; + }; + # Hide the OS choice for bootloaders. + # It's still possible to open the bootloader list by pressing any key + # It will just not appear on screen unless a key is pressed + loader.timeout = 0; + }; # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/modules/nixos/presets/disko/impermanenceBtrfs/default.nix b/modules/nixos/presets/disko/impermanenceBtrfs/default.nix new file mode 100644 index 0000000..55bd161 --- /dev/null +++ b/modules/nixos/presets/disko/impermanenceBtrfs/default.nix @@ -0,0 +1,121 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.presets.disko.impermanenceBtrfs; +in { + options.${namespace}.presets.disko.impermanenceBtrfs = with types; { + enable = mkBoolOpt false "Enable preset"; + device = mkOpt' str "/dev/nvme0n1"; + swapSize = mkOpt' int 32; + }; + + config = mkIf cfg.enable { + disko.devices = { + disk.main = { + inherit (cfg) device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "${builtins.toString cfg.swapSize}G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + }; + lvm_vg = { + root_vg = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + + "/persist" = { + mountOptions = ["subvol=persist" "noatime"]; + mountpoint = "/persist"; + }; + + "/nix" = { + mountOptions = ["subvol=nix" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + boot.initrd.postDeviceCommands = '' + mkdir -p /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + }; +} diff --git a/modules/nixos/presets/workstation/default.nix b/modules/nixos/presets/workstation/default.nix index bd9cc7c..6c61745 100644 --- a/modules/nixos/presets/workstation/default.nix +++ b/modules/nixos/presets/workstation/default.nix @@ -25,10 +25,14 @@ in { presets.wayland = enabled; hardware.printing = enabled; hardware.bluetooth = enabled; + #programs.fastfetch = { + # enable = true; + # firstNixOSInstall = 1729112485; + #}; gpg = enabled; services.syncthing = { - enable = true; - user = "kylekrein"; + enable = true; + user = "kylekrein"; }; }; @@ -71,44 +75,44 @@ in { element-desktop ]; programs.kdeconnect.enable = true; - programs.kdeconnect.package = lib.mkDefault pkgs.kdePackages.kdeconnect-kde; + programs.kdeconnect.package = lib.mkDefault pkgs.kdePackages.kdeconnect-kde; fonts.packages = with pkgs; [ - nerd-fonts.jetbrains-mono - font-awesome - nerd-fonts.symbols-only - hack-font - # microsoft fonts: - #corefonts - #vistafonts - ]; + nerd-fonts.jetbrains-mono + font-awesome + nerd-fonts.symbols-only + hack-font + # microsoft fonts: + #corefonts + #vistafonts + ]; environment.sessionVariables = { - MANPAGER = "emacsclient -c"; - EDITOR = "emacsclient -c"; - }; + MANPAGER = "emacsclient -c"; + EDITOR = "emacsclient -c"; + }; hardware = { - logitech.wireless.enable = true; - }; + logitech.wireless.enable = true; + }; - security.polkit.enable = true; + security.polkit.enable = true; - #programs.thunar = { - # enable = true; - # plugins = with pkgs.xfce; [ - # thunar-archive-plugin - # thunar-volman - # ]; - # }; - #programs.xfconf.enable = true; # so thunar can save config - #services.gvfs.enable = true; # Mount, trash, and other functionalities - #services.tumbler.enable = true; # Thumbnail support for images + #programs.thunar = { + # enable = true; + # plugins = with pkgs.xfce; [ + # thunar-archive-plugin + # thunar-volman + # ]; + # }; + #programs.xfconf.enable = true; # so thunar can save config + #services.gvfs.enable = true; # Mount, trash, and other functionalities + #services.tumbler.enable = true; # Thumbnail support for images - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; }; } diff --git a/modules/nixos/programs/dolphin/default.nix b/modules/nixos/programs/dolphin/default.nix index 5e9e24c..a47b25b 100644 --- a/modules/nixos/programs/dolphin/default.nix +++ b/modules/nixos/programs/dolphin/default.nix @@ -19,53 +19,52 @@ in { enable = mkBoolOpt false "Enable dolphin on non Kde environments"; }; - config = - mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - kdePackages.qtwayland - kdePackages.qtsvg - kdePackages.kio-fuse #to mount remote filesystems via FUSE - kdePackages.kio-extras #extra protocols support (sftp, fish and more) - kdePackages.kio-admin - libheif #https://github.com/NixOS/nixpkgs/issues/164021 - libheif.out + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + kdePackages.qtwayland + kdePackages.qtsvg + kdePackages.kio-fuse #to mount remote filesystems via FUSE + kdePackages.kio-extras #extra protocols support (sftp, fish and more) + kdePackages.kio-admin + libheif #https://github.com/NixOS/nixpkgs/issues/164021 + libheif.out - #kde - kdePackages.breeze-icons - kdePackages.breeze - kdePackages.kdesdk-thumbnailers - kdePackages.kdegraphics-thumbnailers - kdePackages.kservice - kdePackages.kdbusaddons - kdePackages.kfilemetadata - kdePackages.kconfig - kdePackages.kcoreaddons - kdePackages.kcrash - kdePackages.kguiaddons - kdePackages.ki18n - kdePackages.kitemviews - kdePackages.kwidgetsaddons - kdePackages.kwindowsystem - shared-mime-info + #kde + kdePackages.breeze-icons + kdePackages.breeze + kdePackages.kdesdk-thumbnailers + kdePackages.kdegraphics-thumbnailers + kdePackages.kservice + kdePackages.kdbusaddons + kdePackages.kfilemetadata + kdePackages.kconfig + kdePackages.kcoreaddons + kdePackages.kcrash + kdePackages.kguiaddons + kdePackages.ki18n + kdePackages.kitemviews + kdePackages.kwidgetsaddons + kdePackages.kwindowsystem + shared-mime-info - #kde support tools - #libsForQt5.qt5ct - #qt6ct - kdePackages.kimageformats - kdePackages.dolphin - kdePackages.dolphin-plugins - ]; - xdg = { - menus.enable = true; - mime.enable = true; - }; - - #https://discourse.nixos.org/t/dolphin-does-not-have-mime-associations/48985/3 - # This fixes the unpopulated MIME menus - environment.etc."/xdg/menus/plasma-applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; - environment.etc."/xdg/menus/applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; - #environment.pathsToLink = [ - # "share/thumbnailers" - #]; + #kde support tools + #libsForQt5.qt5ct + #qt6ct + kdePackages.kimageformats + kdePackages.dolphin + kdePackages.dolphin-plugins + ]; + xdg = { + menus.enable = true; + mime.enable = true; }; + + #https://discourse.nixos.org/t/dolphin-does-not-have-mime-associations/48985/3 + # This fixes the unpopulated MIME menus + environment.etc."/xdg/menus/plasma-applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; + environment.etc."/xdg/menus/applications.menu".text = builtins.readFile "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; + #environment.pathsToLink = [ + # "share/thumbnailers" + #]; + }; } diff --git a/modules/nixos/programs/fastfetch/nixos.png b/modules/nixos/programs/fastfetch/nixos.png new file mode 100644 index 0000000..571410a Binary files /dev/null and b/modules/nixos/programs/fastfetch/nixos.png differ diff --git a/modules/nixos/services/ai/default.nix b/modules/nixos/services/ai/default.nix new file mode 100644 index 0000000..4f31a0a --- /dev/null +++ b/modules/nixos/services/ai/default.nix @@ -0,0 +1,72 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + cfg = config.${namespace}.services.ai; + impermanence = config.${namespace}.impermanence; + nvidia = config.${namespace}.hardware.nvidia; + persist = impermanence.persistentStorage; +in { + options.${namespace}.services.ai = with types; { + enable = mkBoolOpt false "Enable local ai powered by ollama"; + models = lib.mkOption { + type = types.listOf types.str; + default = []; + description = '' + Download these models using `ollama pull` as soon as `ollama.service` has started. + + This creates a systemd unit `ollama-model-loader.service`. + + Search for models of your choice from: + ''; + }; + ui.enable = mkBoolOpt true "Enable openwebui at localhost:8080"; + ui.port = mkOption { + type = types.port; + default = 8080; + description = '' + Port for ui + ''; + }; + }; + + config = mkIf cfg.enable { + services.ollama = { + enable = true; + loadModels = cfg.models; + acceleration = + if nvidia.enable + then "cuda" + else null; + home = + if impermanence.enable + then "${persist}/ollama" + else "/var/lib/ollama"; + user = "ollama"; + group = "ollama"; + }; + + services.open-webui.enable = cfg.ui.enable; + services.open-webui.openFirewall = false; + services.open-webui.host = "0.0.0.0"; + services.open-webui.port = cfg.ui.port; + services.open-webui.stateDir = + if impermanence.enable + then "${persist}/open-webui" + else "/var/lib/open-webui"; + systemd.services.open-webui.serviceConfig.User = "ollama"; + systemd.services.open-webui.serviceConfig.Group = "ollama"; + systemd.services.open-webui.serviceConfig.DynamicUser = lib.mkForce false; + }; +} diff --git a/modules/nixos/services/syncthing/default.nix b/modules/nixos/services/syncthing/default.nix index c05cc6a..4903018 100644 --- a/modules/nixos/services/syncthing/default.nix +++ b/modules/nixos/services/syncthing/default.nix @@ -19,22 +19,24 @@ in { options.${namespace}.services.syncthing = with types; { enable = mkBoolOpt false "Enable syncthing service for the user"; user = lib.mkOption { - type = lib.types.singleLineStr; - default = ""; - example = "nixos"; - description = '' - User, that will use the syncthing service (only one at a time) - ''; - }; + type = lib.types.singleLineStr; + default = ""; + example = "nixos"; + description = '' + User, that will use the syncthing service (only one at a time) + ''; + }; }; - config = - mkIf cfg.enable { - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder - services.syncthing = { - inherit (cfg) user; - configDir = optional (impermanence.enable) "${impermanence.persistentStorage}/home/${cfg.user}/.config/syncthing"; - enable = true; - }; + config = mkIf cfg.enable { + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder + services.syncthing = { + inherit (cfg) user; + configDir = + if impermanence.enable + then "${impermanence.persistentStorage}/home/${cfg.user}/.config/syncthing" + else "/home/${cfg.user}/.config.syncthing"; + enable = true; }; + }; } diff --git a/modules/nixos/users/kylekrein/default.nix b/modules/nixos/users/kylekrein/default.nix new file mode 100644 index 0000000..4dd4a25 --- /dev/null +++ b/modules/nixos/users/kylekrein/default.nix @@ -0,0 +1,41 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + username = "kylekrein"; + admin = true; + extraGroups = ["networkmanager" "touchscreen"]; + trustedSshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMt3PWVvmEL6a0HHTsxL4KMq1UGKFdzgX5iIkm6owGQ kylekrein@kylekrein-mac" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDdxZ5OyGcfD1JwEa4RWw86HWZ2dKFR0syrRckl7EvG kylekrein@kylekrein-homepc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILt+CDDU4gDo12IO2dc50fceIWkn26/NuTq4j25hiGre kylekrein@kylekrein-framework12" + ]; + + cfg = config.${namespace}.users.${username}; +in { + options.${namespace}.users.${username} = with types; { + enable = mkBoolOpt false "Enable ${username} user"; + config = mkHomeManagerConfigOpt config; + }; + + config = mkUser { + inherit config; + inherit (cfg) enable; + homeConfig = cfg.config; + inherit username; + inherit admin; + inherit extraGroups; + inherit trustedSshKeys; + }; +} diff --git a/modules/nixos/windowManagers/niri/default.nix b/modules/nixos/windowManagers/niri/default.nix index a8925b2..687bb4e 100644 --- a/modules/nixos/windowManagers/niri/default.nix +++ b/modules/nixos/windowManagers/niri/default.nix @@ -19,24 +19,21 @@ in { enable = mkBoolOpt false "Enable Niri as your window manager"; }; - config = - mkIf cfg.enable { - ${namespace} = { - loginManagers.sddm.enable = mkDefault true; - security.pam.services.hyprlock = {}; - programs.niri = { - enable = true; - package = pkgs.niri-unstable; - }; - niri-flake.cache.enable = true; - environment.systemPackages = with pkgs; [ - wl-clipboard - wayland-utils - libsecret - gamescope - xwayland-satellite-unstable - swaybg - ]; - }; + config = mkIf cfg.enable { + ${namespace}.loginManagers.sddm.enable = mkDefault true; + security.pam.services.hyprlock = {}; + programs.niri = { + enable = true; + package = pkgs.niri-unstable; }; + niri-flake.cache.enable = true; + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + gamescope + xwayland-satellite-unstable + swaybg + ]; + }; } diff --git a/nixos/hardware/nvidia/default.nix b/nixos/hardware/nvidia/default.nix index 029d730..a2e5c04 100644 --- a/nixos/hardware/nvidia/default.nix +++ b/nixos/hardware/nvidia/default.nix @@ -46,11 +46,4 @@ logitech.wireless.enable = true; }; services.xserver.videoDrivers = ["nvidia"]; - #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.mkDriver { #fixes https://github.com/NixOS/nixpkgs/issues/375730 temporary - # version = "570.133.07"; # use new 570 drivers - # sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY="; - # openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM="; - # settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8="; - # usePersistenced = false; - #}; } diff --git a/nixos/hosts/kylekrein-homepc/default.nix b/nixos/hosts/kylekrein-homepc/default.nix index f60527e..a1d22b1 100644 --- a/nixos/hosts/kylekrein-homepc/default.nix +++ b/nixos/hosts/kylekrein-homepc/default.nix @@ -78,7 +78,6 @@ boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; services.open-webui.enable = true; - #services.open-webui.package = unstable-pkgs.open-webui; services.open-webui.openFirewall = false; services.open-webui.host = "0.0.0.0"; services.open-webui.stateDir = "/persist/open-webui"; diff --git a/overlays/pass/default.nix b/overlays/pass/default.nix deleted file mode 100644 index a78ff93..0000000 --- a/overlays/pass/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: (final: prev: { - pass = prev.pass.withExtensions (exts: - with exts; [ - pass-otp - pass-import - ]); -}) diff --git a/systems/x86_64-linux/kylekrein-homepc/default.nix b/systems/x86_64-linux/kylekrein-homepc/default.nix index 62c924c..b5749b4 100644 --- a/systems/x86_64-linux/kylekrein-homepc/default.nix +++ b/systems/x86_64-linux/kylekrein-homepc/default.nix @@ -10,9 +10,45 @@ systems, config, ... -}: with lib;{ +}: +with lib; +with lib.${namespace}; { + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; + services.scx.enable = true; # by default uses scx_rustland scheduler + custom.impermanence = enabled; + custom.presets.workstation = enabled; + custom.presets.gaming = enabled; + custom.presets.disko.impermanenceBtrfs = { + enable = true; + device = "/dev/nvme0n1"; + swapSize = 32; + }; custom.windowManagers.niri = enabled; custom.loginManagers.sddm = enabled; + custom.services.ai = { + enable = true; + models = ["qwq" "llama3.1" "qwen2.5-coder:7b" "gpt-oss:20b" "gpt-oss:120b"]; + }; + + custom.users = { + kylekrein = enabled; + }; + + environment.systemPackages = with pkgs; [ + blender + ]; + + services.zerotierone = { + enable = true; + port = 9994; + joinNetworks = [ + "A84AC5C10AD269CA" + "db64858fed285e0f" + ]; + }; + #Chat host + networking.firewall.allowedTCPPorts = [80 443 22 8448 9993 8081] ++ [config.services.zerotierone.port]; + networking.firewall.allowedUDPPorts = [config.services.zerotierone.port]; # ======================== DO NOT CHANGE THIS ======================== system.stateVersion = "25.05"; diff --git a/systems/x86_64-linux/kylekrein-wsl-wm/default.nix b/systems/x86_64-linux/kylekrein-wsl-wm/default.nix index 46e5834..9747c92 100644 --- a/systems/x86_64-linux/kylekrein-wsl-wm/default.nix +++ b/systems/x86_64-linux/kylekrein-wsl-wm/default.nix @@ -4,8 +4,12 @@ inputs, ... }: +with lib; with lib.custom; { + imports = [inputs.nixos-wsl.nixosModules.default]; + boot.loader.systemd-boot.enable = mkForce false; custom.presets.default = enabled; + custom.security.users = disabled; custom.gpg = enabled; programs.direnv = { diff --git a/templates/default.nix b/templates/default.nix index 307dd02..687bcb9 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -18,4 +18,8 @@ path = ./home; description = "Snowfall home"; }; + user = { + path = ./user; + description = "Snowfall user"; + }; } diff --git a/templates/overlay/default.nix b/templates/overlay/default.nix index b08dfc4..8ccc207 100644 --- a/templates/overlay/default.nix +++ b/templates/overlay/default.nix @@ -1,3 +1,3 @@ -_: (final: prev: { +channels: (final: prev: { package = prev.package.override {}; }) diff --git a/templates/user/default.nix b/templates/user/default.nix new file mode 100644 index 0000000..93ef90b --- /dev/null +++ b/templates/user/default.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.${namespace}; let + username = ""; + admin = false; + extraGroups = ["networkmanager"]; + trustedSshKeys = []; + + cfg = config.${namespace}.users.${username}; +in { + options.${namespace}.users.${username} = with types; { + enable = mkBoolOpt false "Enable ${username} user"; + config = mkHomeManagerConfigOpt config; + }; + + config = mkUser { + inherit config; + inherit (cfg) enable; + homeConfig = cfg.config; + inherit username; + inherit admin; + inherit extraGroups; + inherit trustedSshKeys; + }; +}