alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-21 20:33:55 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

ported modules/ system/ and user/ to nixosModules with enable options

Browse source
This commit is contained in:
Aly Raffauf 2024-03-28 16:13:46 -04:00
parent 09611e3b18
commit 31d11dd424
50 changed files with 695 additions and 593 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
flake.nix
View file

@ -52,6 +52,7 @@
nixos-hardware.nixosModules.framework-13-7040-amd
home-manager-unstable.nixosModules.home-manager
./hosts/lavaridge
./nixosModules
];
};
@ -61,6 +62,7 @@
modules = [
home-manager-unstable.nixosModules.home-manager
./hosts/mauville
./nixosModules
];
};
@ -72,6 +74,7 @@
nixos-hardware.nixosModules.common-cpu-intel
home-manager-unstable.nixosModules.home-manager
./hosts/petalburg
./nixosModules
];
};
@ -82,6 +85,7 @@
nixos-hardware.nixosModules.lenovo-thinkpad-t440p
home-manager-unstable.nixosModules.home-manager
./hosts/rustboro
./nixosModules
];
};
};

55
hosts/lavaridge/default.nix
View file

@ -4,53 +4,42 @@
{
imports = [
../../modules/homelab/virtualization.nix
../../modules/hyprland.nix
../../modules/plymouth.nix
../../modules/steam.nix
../../modules/zram_swap.nix
../../system
../../users/aly.nix
./hardware-configuration.nix # Include the results of the hardware scan.
# ../../modules/gnome
# ../../modules/gnome/fingerprint.nix
# ../../modules/gnome/fractional_scaling.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
# Bootloader.
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
# Pull latest Linux kernel.
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use latest Linux kernel.
kernelPackages = pkgs.linuxPackages_latest;
};
networking.hostName = "lavaridge"; # Define your hostname.
services.fwupd.enable = true;
# # we need fwupd 1.9.7 to downgrade the fingerprint sensor firmware
# services.fwupd.package = (import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
# sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
# }) {
# inherit (pkgs) system;
# }).fwupd;
# nixpkgs.config.chromium.commandLineArgs = "--ozone-platform=wayland";
# environment.sessionVariables.NIXOS_OZONE_WL = "1";
services.fprintd.package = pkgs.fprintd.overrideAttrs {
mesonCheckFlags = [ "--no-suite" "fprintd:TestPamFprintd" ];
};
# services.fprintd.enable = false;
home-manager.users.aly = import ../../home/aly-hyprland.nix;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
desktopConfig = {
enable = true;
windowManagers.hyprland.enable = true;
};
programs = {
flatpakSupport.enable = true;
steamGames.enable = true;
};
homeLab.virtualization.enable = true;
systemConfig.plymouth.enable = true;
systemConfig.zramSwap.enable = true;
system.stateVersion = "23.11"; # Did you read the comment?
}

11
hosts/mauville/default.nix
View file

@ -4,13 +4,6 @@
{
imports = [
# ../../modules/gnome
# ../../modules/kde.nix
../../modules/hyprland.nix
../../modules/homelab
../../modules/steam.nix
../../system
../../users/aly.nix
./hardware-configuration.nix
];
@ -37,5 +30,9 @@
home-manager.users.aly = import ../../home/aly-hyprland.nix;
homeLab.enable = true;
programs.steamGames.enable = true;
desktopConfig.enable = true;
system.stateVersion = "23.11";
}

45
hosts/petalburg/default.nix
View file

@ -53,22 +53,17 @@ let
in {
imports = [
# ../../modules/kde.nix
../../modules/gnome
../../modules/plymouth.nix
../../modules/zram_swap.nix
../../system
../../users/aly.nix
../../users/dustin.nix
./hardware-configuration.nix # Include the results of the hardware scan.
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
# Bootloader.
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
# Pull latest Linux kernel.
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use latest Linux kernel.
kernelPackages = pkgs.linuxPackages_latest;
};
networking.hostName = "petalburg"; # Define your hostname.
@ -82,11 +77,23 @@ in {
environment.systemPackages = [ cs-adjuster cs-adjuster-plasma pp-adjuster ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
userConfig.dustin.enable = true;
desktopConfig = {
enable = true;
windowManagers.hyprland.enable = false;
gnome.enable = true;
};
programs = {
flatpakSupport.enable = true;
steamGames.enable = false;
};
homeLab.virtualization.enable = true;
systemConfig.plymouth.enable = true;
systemConfig.zramSwap.enable = true;
system.stateVersion = "23.11";
}

24
hosts/rustboro/default.nix
View file

@ -5,12 +5,6 @@
{
imports = [
./hardware-configuration.nix # Include the results of the hardware scan.
../../users/aly.nix
../../system
../../modules/plymouth.nix
# ../../modules/kde.nix
# ../../modules/sway.nix
../../modules/hyprland.nix
];
# Bootloader.
@ -24,11 +18,17 @@
home-manager.users.aly = import ../../home/aly-hyprland.nix;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
desktopConfig = {
enable = true;
windowManagers.hyprland.enable = true;
};
programs = {
flatpakSupport.enable = true;
};
systemConfig.plymouth.enable = true;
systemConfig.zramSwap.enable = true;
system.stateVersion = "23.11"; # Did you read the comment?
}

56
modules/desktop.nix
View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }:
{
## Enable the X11 windowing system.
services.xserver = {
enable = true;
xkb.layout = "us";
xkb.variant = "";
excludePackages = with pkgs; [ xterm ];
};
## Needed for Flatpaks
xdg.portal.enable = true;
services.flatpak.enable = true;
environment.systemPackages = with pkgs; [
firefox
fractal
github-desktop
gnome.gnome-software
google-chrome
obsidian
tauon
vscode
webcord
zoom-us
];
fonts.packages = with pkgs; [
(nerdfonts.override { fonts = [ "Hack" "DroidSansMono" "Noto" ]; })
fira-code
fira-code-symbols
liberation_ttf
];
fonts.fontDir.enable = true;
system.fsPackages = [ pkgs.bindfs ];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = [ "/share/fonts" ];
};
in {
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
};
}

31
modules/gnome/default.nix
View file

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ # Include X settings.
../desktop.nix
];
environment.systemPackages = with pkgs; [
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.gsconnect
gnomeExtensions.light-shell
gnomeExtensions.night-theme-switcher
gnomeExtensions.noannoyance-fork
gnomeExtensions.tailscale-status
gnomeExtensions.tiling-assistant
];
# Enable keyring support for KDE apps in GNOME.
security.pam.services.gdm.enableKwallet = true;
# Enable GNOME and GDM.
services = {
gnome.tracker-miners.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
};
}

27
modules/gnome/fingerprint.nix
View file

@ -1,27 +0,0 @@
{ config, pkgs, ... }:
{
# Need to change the order pam loads its modules
# to get proper fingerprint behavior on GDM and the lockscreen.
security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint =
lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
}

5
modules/gnome/fractional_scaling.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, ... }:
{
environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

18
modules/gnome/triplebuffering.nix
View file

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
gnome = prev.gnome.overrideScope (gnomeFinal: gnomePrev: {
mutter = gnomePrev.mutter.overrideAttrs (old: {
src = pkgs.fetchgit {
url = "https://gitlab.gnome.org/vanvugt/mutter.git";
# GNOME 45: triple-buffering-v4-45
rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
};
});
});
})
];
}

9
modules/homelab/binary_cache.nix
View file

@ -1,9 +0,0 @@
{ config, pkgs, ... }:
{
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
}

15
modules/homelab/default.nix
View file

@ -1,15 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./binary_cache.nix
./nginx_proxy.nix
./nix_containers.nix
./oci_containers.nix
./samba.nix
./virtualization.nix
];
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
}

85
modules/homelab/nginx_proxy.nix
View file

@ -1,85 +0,0 @@
{ config, pkgs, ... }:
{
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = {
firewall = {
allowedTCPPorts = [ 80 443 51413 9091 ];
allowedUDPPorts = [ 51413 ];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
}

23
modules/homelab/nix_containers.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
containers.navidrome = {
autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "24.05";
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
Port = 4533;
MusicFolder = "/Music";
DefaultTheme = "Auto";
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
};
};
};
};
}

49
modules/homelab/oci_containers.nix
View file

@ -1,49 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = [ "0.0.0.0:13378:80" ];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = { TZ = "America/New_York"; };
volumes =
[ "abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media" ];
};
plex-server = {
ports = [ "0.0.0.0:32400:32400" ];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = [ "0.0.0.0:9091:9091" "0.0.0.0:51413:51413" ];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = [ "0.0.0.0:8096:8096" ];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
};
}

36
modules/homelab/samba.nix
View file

@ -1,36 +0,0 @@
{ config, pkgs, ... }:
{
services = {
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @Mauville";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
}

15
modules/homelab/virtualization.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
programs.virt-manager.enable = true;
virtualisation = {
libvirtd.enable = true;
oci-containers = { backend = "podman"; };
podman = {
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
enable = true;
};
};
}

55
modules/hyprland.nix
View file

@ -1,55 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ # Include X settings.
./desktop.nix
];
services.xserver.displayManager.lightdm = {
enable = true;
greeters.slick = {
enable = true;
theme.name = "Catppuccin-Frappe-Compact-Mauve-Dark";
theme.package = pkgs.catppuccin-gtk.override {
accents = [ "mauve" ];
size = "compact";
variant = "frappe";
tweaks = [ "normal" ];
};
iconTheme.name = "Papirus-Dark";
iconTheme.package = pkgs.catppuccin-papirus-folders.override {
flavor = "frappe";
accent = "mauve";
};
font.name = "NotoSans Nerd Font Regular";
cursorTheme.package = pkgs.catppuccin-cursors.frappeDark;
cursorTheme.name = "Catppuccin-Frappe-Dark-Cursors";
cursorTheme.size = 32;
extraConfig = ''
background=#ca9ee6
enable-hidpi=on
'';
};
};
programs.hyprland.enable = true;
services.power-profiles-daemon.enable = true;
services.upower.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.gnome.gnome-keyring.enable = true;
security.pam.services.gdm.enableKwallet = true;
security.pam.services.gdm.enableGnomeKeyring = true;
# programs.xfconf.enable = true;
# programs.thunar = {
# enable = true;
# plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
# };
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

34
modules/kde.nix
View file

@ -1,34 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ # Include X settings.
./desktop.nix
];
# Enable SDDM + Plasma Desktop.
services = {
desktopManager.plasma6.enable = true;
xserver = {
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
};
environment.systemPackages = with pkgs; [
kdePackages.kate
kdePackages.kimageformats
kdePackages.kio-gdrive
kdePackages.sddm-kcm
maliit-keyboard
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.kdeconnect.enable = true;
# nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
}

9
modules/plymouth.nix
View file

@ -1,9 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
}

12
modules/steam.nix
View file

@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall =
true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall =
true; # Open ports in the firewall for Source Dedicated Server
};
}

16
modules/sway.nix
View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ # Include X settings.
./desktop.nix
];
services.xserver.displayManager = { sessionPackages = [ pkgs.sway ]; };
programs.light.enable = true; # Brightness and volume control.
programs.dconf.enable = true;
services.xserver.libinput.enable = true;
services.gnome.gnome-keyring.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.config.common.default = "*";
}

6
modules/zram_swap.nix
View file

@ -1,6 +0,0 @@
{ config, pkgs, ... }:
{
zramSwap.enable = true;
zramSwap.memoryPercent = 25;
}

6
nixosModules/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
imports = [ ./desktopConfig ./homeLab ./programs ./systemConfig ./userConfig ];
}

43
nixosModules/desktopConfig/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ pkgs, lib, config, ... }: {
imports = [ ./gnome ./plasma ./windowManagers/hyprland ];
options = {
desktopConfig.enable =
lib.mkEnableOption "Enables basic GUI X11 and Wayland environment.";
};
config = lib.mkIf config.desktopConfig.enable {
# Enable the X11 windowing system.
services.xserver = {
enable = true;
xkb.layout = "us";
xkb.variant = "";
excludePackages = with pkgs; [ xterm ];
};
# Install pretty fonts.
fonts.packages = with pkgs; [
(nerdfonts.override { fonts = [ "Hack" "DroidSansMono" "Noto" ]; })
fira-code
fira-code-symbols
liberation_ttf
];
# Enable basic assortment of GUI apps.
environment.systemPackages = with pkgs; [
firefox
fractal
github-desktop
google-chrome
obsidian
tauon
vscode
webcord
zoom-us
];
desktopConfig.windowManagers.hyprland.enable = lib.mkDefault true;
};
}

37
nixosModules/desktopConfig/gnome/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ pkgs, lib, config, ... }: {
imports = [ # Include X settings.
./fprintdFix.nix ./tripleBuffering.nix
];
options = {
desktopConfig.gnome.enable =
lib.mkEnableOption "Enables GNOME desktop session.";
};
config = lib.mkIf config.desktopConfig.gnome.enable {
environment.systemPackages = with pkgs; [
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.gsconnect
gnomeExtensions.light-shell
gnomeExtensions.night-theme-switcher
gnomeExtensions.noannoyance-fork
gnomeExtensions.tailscale-status
gnomeExtensions.tiling-assistant
];
# Enable keyring support for KDE apps in GNOME.
security.pam.services.gdm.enableKwallet = true;
# Enable GNOME and GDM.
services = {
gnome.tracker-miners.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
};
};
}

33
nixosModules/desktopConfig/gnome/fprintdFix.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, lib, config, ... }: {
options = {
desktopConfig.gnome.fprintdFix.enable =
lib.mkEnableOption "Fixes fprintd and pam issues with GNOME Display Manager.";
};
config = lib.mkIf config.desktopConfig.gnome.fprintdFix.enable {
# Need to change the order pam loads its modules
# to get proper fingerprint behavior on GDM and the lockscreen.
security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint =
lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
};
}

24
nixosModules/desktopConfig/gnome/tripleBuffering.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, lib, config, ... }: {
options = {
desktopConfig.gnome.tripleBuffering.enable =
lib.mkEnableOption "Enables dynamic triple buffering for GNOME.";
};
config = lib.mkIf config.desktopConfig.gnome.tripleBuffering.enable {
nixpkgs.overlays = [
(final: prev: {
gnome = prev.gnome.overrideScope (gnomeFinal: gnomePrev: {
mutter = gnomePrev.mutter.overrideAttrs (old: {
src = pkgs.fetchgit {
url = "https://gitlab.gnome.org/vanvugt/mutter.git";
# GNOME 45: triple-buffering-v4-45
rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
};
});
});
})
];
};
}

36
nixosModules/desktopConfig/plasma/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, lib, config, ... }: {
options = {
desktopConfig.plasma.enable =
lib.mkEnableOption "Enables plasma desktop session.";
};
config = lib.mkIf config.desktopConfig.plasma.enable {
# Enable SDDM + Plasma Desktop.
services = {
desktopManager.plasma6.enable = true;
xserver = {
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
};
environment.systemPackages = with pkgs; [
kdePackages.kate
kdePackages.kimageformats
kdePackages.kio-gdrive
kdePackages.sddm-kcm
maliit-keyboard
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.kdeconnect.enable = true;
# nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
};
}

52
nixosModules/desktopConfig/windowManagers/hyprland/default.nix Normal file
View file

@ -0,0 +1,52 @@
{ pkgs, lib, config, ... }: {
options = {
desktopConfig.windowManagers.hyprland.enable =
lib.mkEnableOption "Enables hyprland window manager session with lightdm.";
};
config = lib.mkIf config.desktopConfig.windowManagers.hyprland.enable {
services.xserver.displayManager.lightdm = {
enable = true;
greeters.slick = {
enable = true;
theme.name = "Catppuccin-Frappe-Compact-Mauve-Dark";
theme.package = pkgs.catppuccin-gtk.override {
accents = [ "mauve" ];
size = "compact";
variant = "frappe";
tweaks = [ "normal" ];
};
iconTheme.name = "Papirus-Dark";
iconTheme.package = pkgs.catppuccin-papirus-folders.override {
flavor = "frappe";
accent = "mauve";
};
font.name = "NotoSans Nerd Font Regular";
cursorTheme.package = pkgs.catppuccin-cursors.frappeDark;
cursorTheme.name = "Catppuccin-Frappe-Dark-Cursors";
cursorTheme.size = 32;
extraConfig = ''
background=#ca9ee6
enable-hidpi=on
'';
};
};
programs.hyprland.enable = true;
services.power-profiles-daemon.enable = true;
services.upower.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.gnome.gnome-keyring.enable = true;
security.pam.services.gdm.enableKwallet = true;
security.pam.services.gdm.enableGnomeKeyring = true;
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
environment.sessionVariables.NIXOS_OZONE_WL = "1";
};
}

14
nixosModules/homeLab/binaryCache/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.binaryCache.enable =
lib.mkEnableOption "Enables nixpkgs cache.";
};
config = lib.mkIf config.homeLab.binaryCache.enable {
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
};
}

25
nixosModules/homeLab/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, lib, config, ... }: {
imports = [
./binaryCache
./reverseProxy
./nixContainers
./ociContainers
./samba
./virtualization
];
options = {
homeLab.enable =
lib.mkEnableOption "Enables fully functional HomeLab.";
};
config = lib.mkIf config.homeLab.enable {
homeLab.binaryCache.enable = lib.mkDefault true;
homeLab.nixContainers.enable = lib.mkDefault true;
homeLab.ociContainers.enable = lib.mkDefault true;
homeLab.reverseProxy.enable = lib.mkDefault true;
homeLab.samba.enable = lib.mkDefault true;
homeLab.virtualization.enable = lib.mkDefault true;
};
}

29
nixosModules/homeLab/nixContainers/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.nixContainers.enable =
lib.mkEnableOption "Enables select nix containers.";
};
config = lib.mkIf config.homeLab.nixContainers.enable {
containers.navidrome = {
autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "24.05";
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
Port = 4533;
MusicFolder = "/Music";
DefaultTheme = "Auto";
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
};
};
};
};
};
}

55
nixosModules/homeLab/ociContainers/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.ociContainers.enable =
lib.mkEnableOption "Enables select OCI containers.";
};
config = lib.mkIf config.homeLab.ociContainers.enable {
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = [ "0.0.0.0:13378:80" ];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = { TZ = "America/New_York"; };
volumes =
[ "abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media" ];
};
plex-server = {
ports = [ "0.0.0.0:32400:32400" ];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = [ "0.0.0.0:9091:9091" "0.0.0.0:51413:51413" ];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = [ "0.0.0.0:8096:8096" ];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
};
};
}

91
nixosModules/homeLab/reverseProxy/default.nix Normal file
View file

@ -0,0 +1,91 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.reverseProxy.enable =
lib.mkEnableOption "Enables nginx reverse proxy.";
};
config = lib.mkIf config.homeLab.reverseProxy.enable {
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = {
firewall = {
allowedTCPPorts = [ 80 443 51413 9091 ];
allowedUDPPorts = [ 51413 ];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
};
}

41
nixosModules/homeLab/samba/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.samba.enable =
lib.mkEnableOption "Enables /Archive and /Media samba shares.";
};
config = lib.mkIf config.homeLab.samba.enable {
services = {
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @Mauville";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
};
}

21
nixosModules/homeLab/virtualization/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, lib, config, ... }: {
options = {
homeLab.virtualization.enable =
lib.mkEnableOption "Enables podman and virt-manager virtualization.";
};
config = lib.mkIf config.homeLab.virtualization.enable {
programs.virt-manager.enable = true;
virtualisation = {
libvirtd.enable = true;
oci-containers = { backend = "podman"; };
podman = {
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
enable = true;
};
};
};
}

6
nixosModules/programs/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, lib, config, ... }: {
imports = [ ./flatpakSupport ./steamGames ];
}

33
nixosModules/programs/flatpakSupport/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, lib, config, ... }: {
options = {
programs.flatpakSupport.enable = lib.mkEnableOption "Enables flatpak support with GUI.";
};
config = lib.mkIf config.programs.flatpakSupport.enable {
# Needed for Flatpaks
xdg.portal.enable = true;
services.flatpak.enable = true;
fonts.fontDir.enable = true;
# Allow access to system fonts.
system.fsPackages = [ pkgs.bindfs ];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = [ "/share/fonts" ];
};
in {
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
};
environment.systemPackages = with pkgs; [ gnome.gnome-software ];
};
}

17
nixosModules/programs/steamGames/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, lib, config, ... }: {
options = {
programs.steamGames.enable = lib.mkEnableOption "Enables Steam for video games.";
};
config = lib.mkIf config.programs.steamGames.enable {
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall =
true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall =
true; # Open ports in the firewall for Source Dedicated Server
};
};
}

2
system/default.nix → nixosModules/systemConfig/default.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ./network.nix ./sound.nix ];
imports = [ ./network.nix ./sound.nix ./plymouth ./zramSwap ];
# Set your time zone.
time.timeZone = "America/New_York";

0
system/network.nix → nixosModules/systemConfig/network.nix
View file

14
nixosModules/systemConfig/plymouth/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, lib, config, ... }: {
options = {
systemConfig.plymouth.enable = lib.mkEnableOption "Enables plymouth boot screen with reduced text verbosity.";
};
config = lib.mkIf config.systemConfig.plymouth.enable {
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
};
}

0
system/sound.nix → nixosModules/systemConfig/sound.nix
View file

13
nixosModules/systemConfig/zramSwap/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, lib, config, ... }: {
options = {
systemConfig.zramSwap.enable = lib.mkEnableOption "Enables zram swap.";
};
config = lib.mkIf config.systemConfig.zramSwap.enable {
zramSwap = {
enable = true;
memoryPercent = 25;
};
};
}

15
nixosModules/userConfig/aly/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, lib, config, ... }: {
options = {
userConfig.aly.enable = lib.mkEnableOption "Enables Aly's user.";
};
config = lib.mkIf config.userConfig.aly.enable {
# Define a user account. Don't forget to set a password with passwd.
users.users.aly = {
isNormalUser = true;
description = "Aly Raffauf";
extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "video" ];
};
};
}

6
nixosModules/userConfig/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, lib, config, ... }: {
imports = [ ./aly ./dustin ];
userConfig.aly.enable = lib.mkDefault true;
}

15
nixosModules/userConfig/dustin/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, lib, config, ... }: {
options = {
userConfig.dustin.enable = lib.mkEnableOption "Enables Dustin's user.";
};
config = lib.mkIf config.userConfig.dustin.enable {
# Define a user account. Don't forget to set a password with passwd.
users.users.dustin = {
isNormalUser = true;
description = "Dustin Raffauf";
extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "video" ];
};
};
}

10
users/aly.nix
View file

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.aly = {
isNormalUser = true;
description = "Aly Raffauf";
extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "video" ];
};
}

10
users/dustin.nix
View file

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.dustin = {
isNormalUser = true;
description = "Dustin Raffauf";
extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "video" ];
};
}