modules: massive code cleanup and style improvements

2024-11-22 09:13:55 -05:00 · 2024-03-16 13:18:17 -04:00 · 2024-03-16 13:18:17 -04:00 · e8d8a01070
parent 155a84003c
commit e8d8a01070
12 changed files with 170 additions and 157 deletions
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@ -2,15 +2,13 @@

 {
  ## Enable the X11 windowing system.
-  services.xserver.enable = true;
-  services.xserver.excludePackages = with pkgs; [
-    xterm
-  ];
-
-  # Configure keymap in X11
  services.xserver = {
+    enable = true;
    xkb.layout = "us";
    xkb.variant = "";
+    desktopManager = {
+      xterm.enable = false;
+    };
  };

  ## Needed for Flatpaks
--- a/modules/gnome/default.nix
+++ b/modules/gnome/default.nix
@ -6,16 +6,6 @@
      ../desktop.nix
    ];

-  # Enable Gnome and GDM.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-
-  security.pam.services.gdm.enableKwallet = true;
-
-  services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
-
-  services.gnome.tracker-miners.enable = true;
-
  environment.systemPackages = with pkgs; [
    fractal
    gnome.gnome-software
@ -28,4 +18,17 @@
    gnomeExtensions.tailscale-status
    gnomeExtensions.tiling-assistant
  ];
+
+  # Enable keyring support for KDE apps in GNOME.
+  security.pam.services.gdm.enableKwallet = true;
+
+  # Enable GNOME and GDM.
+  services = {
+    gnome.tracker-miners.enable = true;
+    udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
+    xserver = {
+      desktopManager.gnome.enable = true;
+      displayManager.gdm.enable = true;
+    };
+  };
 }
--- a/modules/homelab/default.nix
+++ b/modules/homelab/default.nix
@ -10,10 +10,6 @@
    # services.ddclient.enable = true;
    # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";

-    # Open TCP ports for transmission-server.
-    networking.firewall.allowedTCPPorts = [ 51413 9091 ];
-    networking.firewall.allowedUDPPorts = [ 51413 ];
-
    virtualisation.oci-containers.containers = {
        audiobookshelf = {
            ports = ["0.0.0.0:13378:80"];
@ -73,7 +69,7 @@
                    MusicFolder = "/Music";
                    DefaultTheme = "Auto";
                    SubsonicArtistParticipations = true;
-                    UIWelcomeMessage = "Welcome to Navidrome on Raffauf Labs.";
+                    UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
                };
            };
        };
--- a/modules/homelab/nginx_proxy.nix
+++ b/modules/homelab/nginx_proxy.nix
@ -5,14 +5,19 @@
    # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";

    # Open TCP ports for audiobookshelf, plex-server, and transmission-server.
-    networking.firewall.allowedTCPPorts = [ 80 443 51413 9091 ];
-    networking.firewall.allowedUDPPorts = [ 51413 ];
-
-    networking.extraHosts = ''
-        127.0.0.1 music.raffauflabs.com
-        127.0.0.1 podcasts.raffauflabs.com
-        127.0.0.1 plex.raffauflabs.com
-    '';
+    networking = {
+        firewall = {
+            allowedTCPPorts = [ 80 443 51413 9091 ];
+            allowedUDPPorts = [ 51413 ];
+        };
+        # My router doesn't expose settings for NAT loopback
+        # So we have to use this workaround.
+        extraHosts = ''
+            127.0.0.1 music.raffauflabs.com
+            127.0.0.1 podcasts.raffauflabs.com
+            127.0.0.1 plex.raffauflabs.com
+        '';
+    };

    security.acme = {
        acceptTerms = true;
--- a/modules/homelab/samba.nix
+++ b/modules/homelab/samba.nix
@ -1,36 +1,36 @@
 { config, pkgs, ... }:

 {
-    services.avahi.nssmdns = true;
-    services.samba = {
-      enable = true;
-      securityType = "user";
-      openFirewall = true;
-      shares = {
-        Media = {
-          comment = "Media @Mauville";
-          path = "/mnt/Media";
-          browseable = "yes";
-          "read only" = "no";
-          "guest ok" = "yes";
-          "create mask" = "0755";
-          "directory mask" = "0755";
+    services = {
+        samba = {
+            enable = true;
+            securityType = "user";
+            openFirewall = true;
+            shares = {
+                Media = {
+                    comment = "Media @Mauville";
+                    path = "/mnt/Media";
+                    browseable = "yes";
+                    "read only" = "no";
+                    "guest ok" = "yes";
+                    "create mask" = "0755";
+                    "directory mask" = "0755";
+                };
+                Archive = {
+                    comment = "Archive @Mauville";
+                    path = "/mnt/Archive";
+                    browseable = "yes";
+                    "read only" = "no";
+                    "guest ok" = "yes";
+                    "create mask" = "0755";
+                    "directory mask" = "0755";
+                };
+            };
        };
-        Archive = {
-          comment = "Archive @Mauville";
-          path = "/mnt/Archive";
-          browseable = "yes";
-          "read only" = "no";
-          "guest ok" = "yes";
-          "create mask" = "0755";
-          "directory mask" = "0755";
+        samba-wsdd = {
+            enable = true;
+            openFirewall = true;
        };
-      };
-    };
-    
-    services.samba-wsdd = {
-      enable = true;
-      openFirewall = true;
    };
 }

--- a/modules/homelab/virtualization.nix
+++ b/modules/homelab/virtualization.nix
@ -5,17 +5,13 @@

  virtualisation = {
    libvirtd.enable = true;
-    podman = {
-      enable = true;
-
-      # Create a `docker` alias for podman, to use it as a drop-in replacement
-      dockerCompat = true;
-
-      # Required for containers under podman-compose to be able to talk to each other.
-      defaultNetwork.settings.dns_enabled = true;
-    };
    oci-containers = {
      backend = "podman";
    };
+    podman = {
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+      enable = true;
+    };
  };
 }
--- a/modules/kde.nix
+++ b/modules/kde.nix
@ -6,9 +6,13 @@
      ./desktop.nix
    ];

-  # Enable the KDE Plasma Desktop Environment.
-  services.xserver.displayManager.sddm.wayland.enable = true;
-  services.xserver.desktopManager.plasma6.enable = true;
+  # Enable SDDM + Plasma Desktop.
+  services = {
+    desktopManager.plasma6.enable = true;
+    xserver = {
+      displayManager.sddm.wayland.enable = true;
+    };
+  };

  environment.systemPackages = with pkgs; [
    kdePackages.kate
--- a/modules/plymouth.nix
+++ b/modules/plymouth.nix
@ -1,8 +1,9 @@
 { config, pkgs, ... }:

 {
-    boot.initrd.verbose = false;
-    boot.consoleLogLevel = 0;
-
-    boot.plymouth.enable = true;
+    boot = {
+        consoleLogLevel = 0;
+        initrd.verbose = false;
+        plymouth.enable = true;
+    };
 }
--- a/modules/steam.nix
+++ b/modules/steam.nix
@ -3,8 +3,8 @@
 {
    hardware.steam-hardware.enable = true;
    programs.steam = {
-      enable = true;
-      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+        enable = true;
+        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
    };
 }
--- a/system/default.nix
+++ b/system/default.nix
@ -6,64 +6,77 @@
      ./network.nix
      ./sound.nix
    ];
+
  # Set your time zone.
  time.timeZone = "America/New_York";

  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "en_US.UTF-8";
+      LC_IDENTIFICATION = "en_US.UTF-8";
+      LC_MEASUREMENT = "en_US.UTF-8";
+      LC_MONETARY = "en_US.UTF-8";
+      LC_NAME = "en_US.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "en_US.UTF-8";
+      LC_TELEPHONE = "en_US.UTF-8";
+      LC_TIME = "en_US.UTF-8";
+    };
  };

-  # Add support for logitech unifying receivers.
-  hardware.logitech.wireless.enable = true;
-  hardware.logitech.wireless.enableGraphical = true;
-
-  # Add support for configuring QMK keyboards with Via.
-  hardware.keyboard.qmk.enable = true;
+  hardware = {
+    # Enable Bluetooth connections.
+    bluetooth.enable = true;
+    # Add support for logitech unifying receivers.
+    logitech.wireless = {
+      enable = true;
+      enableGraphical = true;
+    };
+    # Add support for configuring QMK keyboards with Via.
+    keyboard.qmk.enable = true;
+  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  system.autoUpgrade = {
-    enable = true;
    allowReboot = true;
-    flake = "github:alyraffauf/nixcfg";
    dates = "daily";
+    enable = true;
+    flake = "github:alyraffauf/nixcfg";
    operation = "boot";
    rebootWindow = {
-      lower = "01:00";
+      lower = "02:00";
      upper = "05:00";
    };
  };

-  # Delete generations older than 7 days.
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 7d";
+
+  nix = {
+    gc = {
+      # Delete generations older than 7 days.
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 7d";
+      randomizedDelaySec = "60min";
+    };
+    # Run GC when there is less than 100MiB left.
+    extraOptions = ''
+      min-free = ${toString (100 * 1024 * 1024)}
+      max-free = ${toString (1024 * 1024 * 1024)}
+    '';
+    settings = {
+      # Automatically optimize the Nix store in the background.
+      auto-optimise-store = true;
+      # Enable experimental `nix` command and flakes.
+      experimental-features = [ "nix-command" "flakes" ];
+    };
  };

-  # Automatically optimize the Nix store in the background.
-  nix.settings.auto-optimise-store = true;
-
-  # Run GC when there is less than 100MiB left.
-  nix.extraOptions = ''
-    min-free = ${toString (100 * 1024 * 1024)}
-    max-free = ${toString (1024 * 1024 * 1024)}
-  '';
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
 }
--- a/system/network.nix
+++ b/system/network.nix
@ -2,50 +2,49 @@

 {
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true;
-  
-  # Enable tailscale
-  services.tailscale.enable = true;
-
-  # Enable avahi.
-  services.avahi.enable = true;
-  services.avahi.publish.enable = true;
-  services.avahi.publish.addresses = true;
-  services.avahi.publish.workstation = true;
-
-  # for a WiFi printer
-  services.avahi.openFirewall = true;
-
-  hardware.bluetooth.enable = true;
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
+  networking = {
+    networkmanager.enable = true;
+    firewall.allowedTCPPortRanges = [
+      # KDE Connect
+      { from = 1714; to = 1764; }
+      # Soulseek
+      { from = 2234; to = 2239; }
+    ];
+    firewall.allowedUDPPortRanges = [
+      # KDE/GS Connect
+      { from = 1714; to = 1764; }
+      # Soulseek
+      { from = 2234; to = 2239; }
+    ];
+  };

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Open TCP ports for SSH and Syncthing.
-  networking.firewall.allowedTCPPorts = [ 22 8384 22000 ];
-  
-  # Open UDP ports for Syncthing.
-  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
-
-  networking.firewall.allowedTCPPortRanges = [
-    # KDE Connect
-    { from = 1714; to = 1764; }
-    # Soulseek
-    { from = 2234; to = 2239; }
-  ];
-
-  networking.firewall.allowedUDPPortRanges = [
-    # KDE Connect
-    { from = 1714; to = 1764; }
-    # Soulseek
-    { from = 2234; to = 2239; }
-  ];
+  services = {
+    # Enable avahi for auto network discovery.
+    avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+      publish = {
+        addresses = true;
+        enable = true;
+        workstation = true;
+      };
+    };
+    # Enable remote connections with SSH.
+    openssh = {
+      enable = true;
+      openFirewall = true;
+    };
+    # Enable printing.
+    printing.enable = true;
+    # Syncthing runs as a user service, but needs its ports open here.
+    syncthing.openDefaultPorts = true;
+    # Enable tailscale for easy Wireguard VPNs on a tailnet.
+    tailscale.enable = true;
+  };
 }
--- a/system/sound.nix
+++ b/system/sound.nix
@ -14,7 +14,5 @@
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
  };
 }