nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = {
- url = "github:nix-community/home-manager/release-24.11";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/home-manager/release-24.11";
+ inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
- url = "github:nix-community/disko";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/disko";
+ inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
- url = "github:nix-community/lanzaboote/v0.4.1";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/lanzaboote/v0.4.1";
+ inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: {
nixosConfigurations = {
- installer = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- (
- { pkgs, modulesPath, ... }:
- {
- imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
- }
- )
- ./systems/installer/default.nix
- ];
- };
-
- continuity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
-
- ./modules/sda-simple.nix
- ./systems/continuity/default.nix
- ];
- };
-
- spontaneity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
- };
-
- affinity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
- };
+ installer = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ (
+ { pkgs, modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+ }
+ )
+ ./systems/installer/default.nix
+ ];
+ };
+
+ continuity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+
+ ./modules/sda-simple.nix
+ ./systems/continuity/default.nix
+ ];
+ };
+
+ affinity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+ ./modules/nvme-simple.nix
+ ./systems/affinity/default.nix
+ ];
+ };
+
+ spontaneity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [];
+ };
};
};
}
Again, these are self documenting variables that you may see used below. These are to be used
under ~default.nix~ in the ~systems~ folder.
#+begin_src nix :tangle ../nix/modules/default.nix
-{ lib, config, pkgs, ... }:
-{
- imports = [
- ./configuration.nix
- ./home/home.nix
- ./vars.nix
- ];
+ { lib, config, pkgs, ... }:
+ {
+ imports = [
+ ./configuration.nix
+ ./home/home.nix
+ ./vars.nix
+ ];
- options = {
- monorepo = {
- profiles = {
- cuda.enable = lib.mkEnableOption "Enables CUDA support";
- documentation.enable = lib.mkEnableOption "Enables documentation on system.";
- secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl.";
- pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup";
- tor.enable = lib.mkEnableOption "Enables tor along with torsocks";
- home.enable = lib.mkEnableOption "Enables home user";
+ options = {
+ monorepo = {
+ profiles = {
+ cuda.enable = lib.mkEnableOption "Enables CUDA support";
+ documentation.enable = lib.mkEnableOption "Enables documentation on system.";
+ secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl.";
+ pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup";
+ tor.enable = lib.mkEnableOption "Enables tor along with torsocks";
+ home.enable = lib.mkEnableOption "Enables home user";
+ server.enable = lib.mkEnableOption "Enables server services";
+ };
};
};
- };
-
- config = {
- home-manager.users."${config.monorepo.vars.userName}" = {
- programs.home-manager.enable = config.monorepo.profiles.home.enable;
- };
- environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [
- linux-manual
- man-pages
- man-pages-posix
- ]);
+ config = {
+ home-manager.users."${config.monorepo.vars.userName}" = {
+ programs.home-manager.enable = config.monorepo.profiles.home.enable;
+ };
- monorepo = {
- profiles = {
- documentation.enable = lib.mkDefault true;
- pipewire.enable = lib.mkDefault true;
- tor.enable = lib.mkDefault true;
- home.enable = lib.mkDefault true;
+ environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [
+ linux-manual
+ man-pages
+ man-pages-posix
+ ]);
+
+ monorepo = {
+ profiles = {
+ documentation.enable = lib.mkDefault true;
+ pipewire.enable = lib.mkDefault true;
+ tor.enable = lib.mkDefault true;
+ home.enable = lib.mkDefault true;
+ };
};
};
- };
-}
+ }
#+end_src
** X11
My Xorg configuration is used as a backup for when wayland applications don't work. Note that
using this configuration is extremely inefficient and my i3 configuration is unoptimized.
Still, it is suitable for using Krita.
#+begin_src nix :tangle ../nix/modules/xserver.nix
-{ lib, pkgs, ... }:
-{
- services.xserver = {
- enable = lib.mkDefault true;
- displayManager = {
- startx.enable = true;
- };
+ { lib, config, pkgs, ... }:
+ {
+ services.xserver = {
+ enable = lib.mkDefault true;
+ displayManager = {
+ startx.enable = true;
+ };
- windowManager = {
- i3 = {
- enable = true;
- package = pkgs.i3-gaps;
+ windowManager = {
+ i3 = {
+ enable = true;
+ package = pkgs.i3-gaps;
+ };
};
- };
- desktopManager = {
- runXdgAutostartIfNone = true;
- };
+ desktopManager = {
+ runXdgAutostartIfNone = true;
+ };
- xkb = {
- layout = "us";
- variant = "";
- options = "caps:escape";
- };
+ xkb = {
+ layout = "us";
+ variant = "";
+ options = "caps:escape";
+ };
- videoDrivers = [];
- };
-}
+ videoDrivers = (if config.monorepo.profiles.cuda.enable then [ "nvidia" ] else []);
+ };
+ }
#+end_src
You should add your own video drivers in a custom machine configuration.
** Pipewire
};
}
#+end_src
+** i2pd
+I use i2p for some p2p connections. We enable it with the server profile:
+#+begin_src nix :tangle ../nix/modules/i2pd.nix
+ { config, lib, ... }:
+ {
+ services.i2pd = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ address = "0.0.0.0";
+ inTunnels = {
+ };
+ outTunnels = {
+ };
+ };
+ }
+#+end_src
+** Ollama
+Use ollama for serving large language models to my other computers.
+#+begin_src nix :tangle ../nix/modules/ollama.nix
+ { config, lib, ... }:
+ {
+ services.ollama = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ acceleration = "cuda";
+ host = "0.0.0.0";
+ };
+ }
+#+end_src
+** Dovecot
+My server sets up dovecot in order to use imaps.
+#+begin_src nix :tangle ../nix/modules/dovecot.nix
+ { config, lib, ... }:
+ {
+ services.dovecot2 = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ enableImap = true;
+ enablePop3 = true;
+ };
+ }
+#+end_src
+** Postfix
+Use postfix as an smtps server.
+#+begin_src nix :tangle ../nix/modules/postfix.nix
+ { config, lib, ... }:
+ {
+ services.postfix = {
+ enable = true;
+ config = {
+ };
+ };
+ }
+#+end_src
+** Git Server
+#+begin_src nix :tangle ../nix/modules/git-daemon.nix
+ { config, lib, ... }:
+ {
+ services.gitDaemon = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ exportAll = true;
+ listenAddress = "0.0.0.0";
+ basePath = "/srv/git";
+ };
+ }
+#+end_src
+** Nginx
+#+begin_src nix :tangle ../nix/modules/nginx.nix
+ { config, services, ... }:
+ {
+ services.nginx = {
+ enable = true;
+
+ # Use recommended settings
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+
+ # Only allow PFS-enabled ciphers with AES256
+ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+ appendHttpConfig = ''
+ # Add HSTS header with preloading to HTTPS requests.
+ # Adding this header to HTTP requests is discouraged
+ map $scheme $hsts_header {
+ https "max-age=31536000; includeSubdomains; preload";
+ }
+ add_header Strict-Transport-Security $hsts_header;
+
+ # Enable CSP for your services.
+ #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+
+ # Minimize information leaked to other domains
+ add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+ # Disable embedding as a frame
+ add_header X-Frame-Options DENY;
+
+ # Prevent injection of code in other mime types (XSS Attacks)
+ add_header X-Content-Type-Options nosniff;
+
+ # This might create errors
+ proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+ '';
+
+ virtualHosts = {
+ "ret2pop.net" = {
+ # addSSL = true;
+ # enableACME = true;
+ root = "/home/preston/ret2pop-website/";
+ };
+ };
+ };
+ }
+#+end_src
+** Nvidia
+#+begin_src nix :tangle ../nix/modules/nvidia.nix
+ { config, lib, pkgs, ... }:
+ {
+ hardware = {
+ graphics.extraPackages = with pkgs; [
+ vaapiVdpau
+ libvdpau-va-gl
+ nvidia-vaapi-driver
+ ];
+
+ nvidia = {
+ modesetting.enable = true;
+ powerManagement = {
+ enable = true;
+ finegrained = false;
+ };
+ nvidiaSettings = true;
+ open = false;
+ package = config.boot.kernelPackages.nvidiaPackages.stable;
+ };
+ };
+ }
+#+end_src
+** CUDA
+#+begin_src nix :tangle ../nix/modules/cuda.nix
+ { config, lib, pkgs, ... }:
+ {
+ environment.systemPackages = with pkgs; [
+ cudatoolkit
+ cudaPackages.cudnn
+ cudaPackages.libcublas
+ linuxPackages.nvidia_x11
+ ];
+ }
+#+end_src
** Main Configuration
This is the backbone of the all the NixOS configurations, with all these options being shared
because they enhance security.
./pipewire.nix
./tor.nix
./kubo.nix
+ ./nvidia.nix
+ ./cuda.nix
+ ./nginx.nix
+ ./git-daemon.nix
+ ./postfix.nix
+ ./dovecot.nix
+ ./ollama.nix
+ ./i2pd.nix
];
documentation = {
environment = {
etc = {
- securetty.text = ''
- # /etc/securetty: list of terminals on which root is allowed to login.
- # See securetty(5) and login(1).
- '';
+ securetty.text = ''
+ # /etc/securetty: list of terminals on which root is allowed to login.
+ # See securetty(5) and login(1).
+ '';
};
};
coredump.enable = false;
network.config.networkConfig.IPv6PrivacyExtensions = "kernel";
tmpfiles.settings = {
- "restricthome"."/home/*".Z.mode = "~0700";
+ "restricthome"."/home/*".Z.mode = "~0700";
- "restrictetcnixos"."/etc/nixos/*".Z = {
- mode = "0000";
- user = "root";
- group = "root";
- };
+ "restrictetcnixos"."/etc/nixos/*".Z = {
+ mode = "0000";
+ user = "root";
+ group = "root";
+ };
};
};
extraModulePackages = [ ];
initrd = {
- availableKernelModules = [
- "xhci_pci"
- "ahci"
- "usb_storage"
- "sd_mod"
- "nvme"
- "sd_mod"
- "ehci_pci"
- "rtsx_pci_sdmmc"
- "usbhid"
- ];
-
- kernelModules = [ ];
+ availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "sd_mod"
+ "nvme"
+ "sd_mod"
+ "ehci_pci"
+ "rtsx_pci_sdmmc"
+ "usbhid"
+ ];
+
+ kernelModules = [ ];
};
lanzaboote = {
- enable = config.monorepo.profiles.secureBoot.enable;
- pkiBundle = "/etc/secureboot";
+ enable = config.monorepo.profiles.secureBoot.enable;
+ pkiBundle = "/etc/secureboot";
};
loader = {
- systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable);
- efi.canTouchEfiVariables = true;
+ systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable);
+ efi.canTouchEfiVariables = true;
};
-
+
kernelModules = [
- "snd-seq"
- "snd-rawmidi"
- "xhci_hcd"
- "kvm_intel"
+ "snd-seq"
+ "snd-rawmidi"
+ "xhci_hcd"
+ "kvm_intel"
];
kernelParams = [
- "debugfs=off"
- "page_alloc.shuffle=1"
- "slab_nomerge"
- "page_poison=1"
-
- # madaidan
- "pti=on"
- "randomize_kstack_offset=on"
- "vsyscall=none"
- "module.sig_enforce=1"
- "lockdown=confidentiality"
-
- # cpu
- "spectre_v2=on"
- "spec_store_bypass_disable=on"
- "tsx=off"
- "tsx_async_abort=full,nosmt"
- "mds=full,nosmt"
- "l1tf=full,force"
- "nosmt=force"
- "kvm.nx_huge_pages=force"
-
- # hardened
- "extra_latent_entropy"
-
- # mineral
- "init_on_alloc=1"
- "random.trust_cpu=off"
- "random.trust_bootloader=off"
- "intel_iommu=on"
- "amd_iommu=force_isolation"
- "iommu=force"
- "iommu.strict=1"
- "init_on_free=1"
- "quiet"
- "loglevel=0"
+ "debugfs=off"
+ "page_alloc.shuffle=1"
+ "slab_nomerge"
+ "page_poison=1"
+
+ # madaidan
+ "pti=on"
+ "randomize_kstack_offset=on"
+ "vsyscall=none"
+ "module.sig_enforce=1"
+ "lockdown=confidentiality"
+
+ # cpu
+ "spectre_v2=on"
+ "spec_store_bypass_disable=on"
+ "tsx=off"
+ "tsx_async_abort=full,nosmt"
+ "mds=full,nosmt"
+ "l1tf=full,force"
+ "nosmt=force"
+ "kvm.nx_huge_pages=force"
+
+ # hardened
+ "extra_latent_entropy"
+
+ # mineral
+ "init_on_alloc=1"
+ "random.trust_cpu=off"
+ "random.trust_bootloader=off"
+ "intel_iommu=on"
+ "amd_iommu=force_isolation"
+ "iommu=force"
+ "iommu.strict=1"
+ "init_on_free=1"
+ "quiet"
+ "loglevel=0"
];
blacklistedKernelModules = [
- "netrom"
- "rose"
-
- "adfs"
- "affs"
- "bfs"
- "befs"
- "cramfs"
- "efs"
- "erofs"
- "exofs"
- "freevxfs"
- "f2fs"
- "hfs"
- "hpfs"
- "jfs"
- "minix"
- "nilfs2"
- "ntfs"
- "omfs"
- "qnx4"
- "qnx6"
- "sysv"
- "ufs"
+ "netrom"
+ "rose"
+
+ "adfs"
+ "affs"
+ "bfs"
+ "befs"
+ "cramfs"
+ "efs"
+ "erofs"
+ "exofs"
+ "freevxfs"
+ "f2fs"
+ "hfs"
+ "hpfs"
+ "jfs"
+ "minix"
+ "nilfs2"
+ "ntfs"
+ "omfs"
+ "qnx4"
+ "qnx6"
+ "sysv"
+ "ufs"
];
kernel.sysctl = {
- "kernel.ftrace_enabled" = false;
- "net.core.bpf_jit_enable" = false;
- "kernel.kptr_restrict" = 2;
-
- # madaidan
- "vm.swappiness" = 1;
- "vm.unprivileged_userfaultfd" = 0;
- "dev.tty.ldisc_autoload" = 0;
- "kernel.kexec_load_disabled" = 1;
- "kernel.sysrq" = 4;
- "kernel.perf_event_paranoid" = 3;
-
- # net
- "net.ipv4.icmp_echo_ignore_broadcasts" = true;
-
- "net.ipv4.conf.all.accept_redirects" = false;
- "net.ipv4.conf.all.secure_redirects" = false;
- "net.ipv4.conf.default.accept_redirects" = false;
- "net.ipv4.conf.default.secure_redirects" = false;
- "net.ipv6.conf.all.accept_redirects" = false;
- "net.ipv6.conf.default.accept_redirects" = false;
+ "kernel.ftrace_enabled" = false;
+ "net.core.bpf_jit_enable" = false;
+ "kernel.kptr_restrict" = 2;
+
+ # madaidan
+ "vm.swappiness" = 1;
+ "vm.unprivileged_userfaultfd" = 0;
+ "dev.tty.ldisc_autoload" = 0;
+ "kernel.kexec_load_disabled" = 1;
+ "kernel.sysrq" = 4;
+ "kernel.perf_event_paranoid" = 3;
+
+ # net
+ "net.ipv4.icmp_echo_ignore_broadcasts" = true;
+
+ "net.ipv4.conf.all.accept_redirects" = false;
+ "net.ipv4.conf.all.secure_redirects" = false;
+ "net.ipv4.conf.default.accept_redirects" = false;
+ "net.ipv4.conf.default.secure_redirects" = false;
+ "net.ipv6.conf.all.accept_redirects" = false;
+ "net.ipv6.conf.default.accept_redirects" = false;
};
};
useDHCP = lib.mkDefault true;
hostName = config.monorepo.vars.hostName;
networkmanager = {
- enable = true;
- # wifi.macAddress = "";
+ enable = true;
+ # wifi.macAddress = "";
};
firewall = {
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ ];
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
};
};
pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable;
bluetooth = {
- enable = true;
- powerOnBoot = true;
+ enable = true;
+ powerOnBoot = true;
};
};
services = {
chrony = {
- enable = true;
- enableNTS = true;
- servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+ enable = true;
+ enableNTS = true;
+ servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
};
jitterentropy-rngd.enable = true;
# Misc.
udev = {
- extraRules = '''';
- packages = with pkgs; [
- platformio-core
- platformio-core.udev
- openocd
- ];
+ extraRules = '''';
+ packages = with pkgs; [
+ platformio-core
+ platformio-core.udev
+ openocd
+ ];
};
printing.enable = true;
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
- allowUnfree = true;
- cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
+ allowUnfree = true;
+ cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
};
};
security = {
apparmor = {
- enable = true;
- killUnconfinedConfinables = true;
+ enable = true;
+ killUnconfinedConfinables = true;
};
pam.loginLimits = [
- { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
- { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
];
rtkit.enable = true;
forcePageTableIsolation = true;
tpm2 = {
- enable = true;
- pkcs11.enable = true;
- tctiEnvironment.enable = true;
+ enable = true;
+ pkcs11.enable = true;
+ tctiEnvironment.enable = true;
};
auditd.enable = true;
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
- xdg-desktop-portal-gtk
- xdg-desktop-portal
- xdg-desktop-portal-hyprland
+ xdg-desktop-portal-gtk
+ xdg-desktop-portal
+ xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
vim
curl
];
-
+
users.users = {
root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
];
+ git = {
+ isSystemUser = true;
+ home = "/srv/git";
+ shell = "${pkgs.git}/bin/git-shell";
+ };
"${config.monorepo.vars.userName}" = {
- initialPassword = "${config.monorepo.vars.userName}";
- isNormalUser = true;
- description = config.monorepo.vars.fullName;
- extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
- shell = pkgs.zsh;
- packages = [];
+ initialPassword = "${config.monorepo.vars.userName}";
+ isNormalUser = true;
+ description = config.monorepo.vars.fullName;
+ extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
+ shell = pkgs.zsh;
+ packages = [];
};
};
};
}
#+end_src
+*** NVME
+For my nvme drives.
+#+begin_src nix :tangle ../nix/modules/nvme-simple.nix
+{
+ disko.devices = {
+ disk = {
+ my-disk = {
+ device = "/dev/nvme0n1";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ type = "EF00";
+ size = "500M";
+ priority = 1;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ root = {
+ size = "100%";
+ priority = 2;
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
+#+end_src
** Home
Time for my home user configuration, which is managed by home-manager. First we start off with
this module to enter us into the home-manager namespace:
As you can see, I have my installed home packages installed based on the profiles enabled. Also,
I have many imports that we'll go through next.
#+begin_src nix :tangle ../nix/modules/home/default.nix
-{ lib, config, pkgs, ... }:
-{
- imports = [
- ../vars.nix
- ./fcitx.nix
- ./secrets.nix
- ./emacs.nix
- ./firefox.nix
- ./git.nix
- ./hyprland.nix
- ./mpv.nix
- ./yt-dlp.nix
- ./wofi.nix
- ./kitty.nix
- ./waybar.nix
- ./zsh.nix
- ./mbsync.nix
- ./msmtp.nix
- ./gammastep.nix
- ./mpd.nix
- ./mako.nix
- ./user.nix
- ];
+ { lib, config, pkgs, ... }:
+ {
+ imports = [
+ ../vars.nix
+ ./fcitx.nix
+ ./secrets.nix
+ ./emacs.nix
+ ./firefox.nix
+ ./git.nix
+ ./hyprland.nix
+ ./mpv.nix
+ ./yt-dlp.nix
+ ./wofi.nix
+ ./kitty.nix
+ ./waybar.nix
+ ./zsh.nix
+ ./mbsync.nix
+ ./msmtp.nix
+ ./gammastep.nix
+ ./mpd.nix
+ ./mako.nix
+ ./user.nix
+ ];
- options = {
- monorepo.profiles = {
- enable = lib.mkEnableOption "Enables home manager desktop configuration";
- # Programs
- lang-c.enable = lib.mkEnableOption "Enables C language support";
- lang-sh.enable = lib.mkEnableOption "Enables sh language support";
- lang-rust.enable = lib.mkEnableOption "Enables Rust language support";
- lang-python.enable = lib.mkEnableOption "Enables python language support";
- lang-sol.enable = lib.mkEnableOption "Enables solidity language support";
- lang-openscad.enable = lib.mkEnableOption "Enables openscad language support";
- lang-js.enable = lib.mkEnableOption "Enables javascript language support";
- lang-nix.enable = lib.mkEnableOption "Enables nix language support";
- lang-coq.enable = lib.mkEnableOption "Enables coq language support";
-
- crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets";
- art.enable = lib.mkEnableOption "Enables various art programs";
- music.enable = lib.mkEnableOption "Enables mpd";
-
- hyprland = {
- enable = lib.mkEnableOption "Enables hyprland";
- monitors = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- default = [
- "HDMI-A-1"
- "eDP-1"
- "DP-2"
- "DP-3"
- "LVDS-1"
- ];
- example = [];
- description = "Hyprland monitors";
- };
- };
- email = {
- email = lib.mkOption {
- type = lib.types.str;
- default = "ret2pop@gmail.com";
- example = "john@example.com";
- description = "Email address and imaps/smtps account";
- };
- imapsServer = lib.mkOption {
- type = lib.types.str;
- default = "imap.gmail.com";
- example = "imap.example.com";
- description = "imaps server address";
- };
- smtpsServer = lib.mkOption {
- type = lib.types.str;
- default = "smtp.gmail.com";
- example = "smtp.example.com";
- description = "smtp server address";
- };
- enable = lib.mkEnableOption "Enables email";
+ options = {
+ monorepo.profiles = {
+ enable = lib.mkEnableOption "Enables home manager desktop configuration";
+ # Programs
+ lang-c.enable = lib.mkEnableOption "Enables C language support";
+ lang-sh.enable = lib.mkEnableOption "Enables sh language support";
+ lang-rust.enable = lib.mkEnableOption "Enables Rust language support";
+ lang-python.enable = lib.mkEnableOption "Enables python language support";
+ lang-sol.enable = lib.mkEnableOption "Enables solidity language support";
+ lang-openscad.enable = lib.mkEnableOption "Enables openscad language support";
+ lang-js.enable = lib.mkEnableOption "Enables javascript language support";
+ lang-nix.enable = lib.mkEnableOption "Enables nix language support";
+ lang-coq.enable = lib.mkEnableOption "Enables coq language support";
+
+ crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets";
+ art.enable = lib.mkEnableOption "Enables various art programs";
+ music.enable = lib.mkEnableOption "Enables mpd";
+ workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)";
+
+ hyprland = {
+ enable = lib.mkEnableOption "Enables hyprland";
+ monitors = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [
+ "HDMI-A-1"
+ "eDP-1"
+ "DP-2"
+ "DP-3"
+ "LVDS-1"
+ ];
+ example = [];
+ description = "Hyprland monitors";
+ };
+ };
+ email = {
+ email = lib.mkOption {
+ type = lib.types.str;
+ default = "ret2pop@gmail.com";
+ example = "john@example.com";
+ description = "Email address and imaps/smtps account";
+ };
+ imapsServer = lib.mkOption {
+ type = lib.types.str;
+ default = "imap.gmail.com";
+ example = "imap.example.com";
+ description = "imaps server address";
+ };
+ smtpsServer = lib.mkOption {
+ type = lib.types.str;
+ default = "smtp.gmail.com";
+ example = "smtp.example.com";
+ description = "smtp server address";
+ };
+ enable = lib.mkEnableOption "Enables email";
+ };
};
};
- };
- config = {
- home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else [])
- ++
- (if config.monorepo.profiles.lang-c.enable then (with pkgs; [
- autobuild
- clang
- gdb
- gnumake
- bear
- clang-tools
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-js.enable then (with pkgs; [
- nodejs
- bun
- yarn
- typescript
- vscode-langservers-extracted
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-rust.enable then (with pkgs; [
- cargo
- rust-analyzer
- rustfmt
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-python.enable then (with pkgs; [
- poetry
- python3
- python312Packages.jedi
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-sol.enable then (with pkgs; [
- solc
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-openscad.enable then (with pkgs; [
- openscad
- openscad-lsp
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-sh.enable then (with pkgs; [
- bash-language-server
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-coq.enable then (with pkgs; [
- coq
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
- nil
- nixd
- nixfmt-rfc-style
- ]) else [])
- ++
- (if config.monorepo.profiles.crypto.enable then (with pkgs; [
- bitcoin
- electrum
- monero-cli
- monero-gui
- ]) else [])
- ++
- (if config.monorepo.profiles.art.enable then (with pkgs; [
- inkscape
- krita
- ]) else [])
- ++
- (if config.monorepo.profiles.music.enable then (with pkgs; [
- mpc-cli
- sox
- ]) else []);
-
- monorepo.profiles = {
- enable = lib.mkDefault true;
- music.enable = lib.mkDefault true;
- hyprland.enable = lib.mkDefault true;
- email.enable = lib.mkDefault true;
-
- # Programming
- lang-c.enable = lib.mkDefault true;
- lang-rust.enable = lib.mkDefault true;
- lang-python.enable = lib.mkDefault true;
- lang-sol.enable = lib.mkDefault true;
- lang-sh.enable = lib.mkDefault true;
- lang-openscad.enable = lib.mkDefault true;
- lang-js.enable = lib.mkDefault true;
- lang-nix.enable = lib.mkDefault true;
- lang-coq.enable = lib.mkDefault true;
-
- crypto.enable = lib.mkDefault true;
- art.enable = lib.mkDefault true;
+ config = {
+ home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else [])
+ ++
+ (if config.monorepo.profiles.lang-c.enable then (with pkgs; [
+ autobuild
+ clang
+ gdb
+ gnumake
+ bear
+ clang-tools
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-js.enable then (with pkgs; [
+ nodejs
+ bun
+ yarn
+ typescript
+ vscode-langservers-extracted
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-rust.enable then (with pkgs; [
+ cargo
+ rust-analyzer
+ rustfmt
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-python.enable then (with pkgs; [
+ poetry
+ python3
+ python312Packages.jedi
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-sol.enable then (with pkgs; [
+ solc
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-openscad.enable then (with pkgs; [
+ openscad
+ openscad-lsp
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-sh.enable then (with pkgs; [
+ bash-language-server
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-coq.enable then (with pkgs; [
+ coq
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
+ nil
+ nixd
+ nixfmt-rfc-style
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.crypto.enable then (with pkgs; [
+ bitcoin
+ electrum
+ monero-cli
+ monero-gui
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.art.enable then (with pkgs; [
+ inkscape
+ krita
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.music.enable then (with pkgs; [
+ mpc-cli
+ sox
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.workstation.enable then (with pkgs; [
+ alsa-utils
+ alsa-scarlett-gui
+ ardour
+ audacity
+ blender
+ fluidsynth
+ qjackctl
+ qsynth
+ qpwgraph
+ imagemagick
+ inkscape
+ kdenlive
+ kicad
+ ]) else []);
+
+ monorepo.profiles = {
+ enable = lib.mkDefault true;
+ music.enable = lib.mkDefault true;
+ hyprland.enable = lib.mkDefault true;
+ email.enable = lib.mkDefault true;
+
+ # Programming
+ lang-c.enable = lib.mkDefault true;
+ lang-rust.enable = lib.mkDefault true;
+ lang-python.enable = lib.mkDefault true;
+ lang-sol.enable = lib.mkDefault true;
+ lang-sh.enable = lib.mkDefault true;
+ lang-openscad.enable = lib.mkDefault true;
+ lang-js.enable = lib.mkDefault true;
+ lang-nix.enable = lib.mkDefault true;
+ lang-coq.enable = lib.mkDefault true;
+
+ crypto.enable = lib.mkDefault true;
+ art.enable = lib.mkDefault true;
+ workstation.enable = lib.mkDefault true;
+ };
};
- };
-}
+ }
#+end_src
*** Firefox
I conditionally enable metamask based on the cryptocurrency option. Everything else here should
];
}
#+end_src
+** Affinity
+#+begin_src nix :tangle ../nix/systems/affinity/default.nix
+ { config, lib, ... }:
+ {
+ imports = [
+ ../../modules/default.nix
+ ];
+ config.monorepo = {
+ profiles = {
+ server.enable = true;
+ cuda.enable = true;
+ };
+ vars.hostName = "affinity";
+ };
+ }
+#+end_src
** Installer
My installer installs my systems almost completely without interaction. You can also make them
install the exact version of the system that you want it to by pinning the commits to make it
projects / monorepo.git / commitdiff