ooks/ooknet
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(treewide): format with alejandra

Browse source
This commit is contained in:
ooks-io 2024-07-29 15:00:38 +12:00
parent 7fefb94400
commit 61cef505da
216 changed files with 5995 additions and 3969 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/base/boot/loader/default.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) types mkOption;
in
{
in {
imports = [
./systemd.nix
# ./grub

12
nixos/modules/base/boot/loader/systemd.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
bootloader = config.ooknet.boot.loader;
in
{
in {
config = mkIf (bootloader == "systemd") {
boot.loader = {
systemd-boot = {

13
nixos/modules/base/boot/plymouth.nix
View file

@ -1,11 +1,12 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sys.boot.plymouth;
in
{
in {
options.sys.boot.plymouth.enable = mkEnableOption "";
config = mkIf cfg.enable {

11
nixos/modules/base/displayManager/tuigreet.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet";
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
services.greetd = {
enable = true;

8
nixos/modules/base/locale.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) mkDefault;
in
{
in {
i18n = {
defaultLocale = mkDefault "en_US.UTF-8";
supportedLocales = mkDefault [

12
nixos/modules/base/networking/default.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
imports = [
./firewall.nix
./tools.nix

12
nixos/modules/base/networking/firewall.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
networking.firewall = {
enable = true;

14
nixos/modules/base/networking/resolved.nix
View file

@ -1,18 +1,18 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
services.resolved = {
enable = true;
fallbackDns = ["9.9.9.9"];
# allow-downgrade is vulnerable to downgrade attacks
extraConfig = ''
DNSOverTLS=yes # or allow-downgrade
DNSOverTLS=yes # or allow-downgrade
'';
};
};

12
nixos/modules/base/networking/ssh.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf mkDefault;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
services.openssh = {
enable = true;

15
nixos/modules/base/networking/tailscale.nix
View file

@ -1,12 +1,13 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
cfg = config.ooknet.host.networking.tailscale;
inherit (config.services) tailscale;
inherit (lib) mkIf mkDefault mkBefore;
in
{
in {
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
@ -29,7 +30,7 @@ in
};
systemd.network.wait-online.ignoredInterfaces = ["${tailscale.interfaceName}"];
environment.systemPackages = [ pkgs.tailscale ];
environment.systemPackages = [pkgs.tailscale];
# disable tailscale logging
systemd.services.tailscaled.serviceConfig.Environment = mkBefore ["TS_NO_LOGS_NO_SUPPORT"];

12
nixos/modules/base/networking/tcp.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
# nyx module
config = mkIf (host.type != "phone") {
boot = {

4
nixos/modules/base/networking/tools.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
traceroute
mtr

22
nixos/modules/base/nix/default.nix
View file

@ -1,11 +1,13 @@
{ lib, config, pkgs, inputs, ... }:
let
{
lib,
config,
pkgs,
inputs,
...
}: let
inherit (lib) mkIf mapAttrs mapAttrsToList;
host = config.ooknet.host;
in
{
in {
imports = [
./nh.nix
./nixpkgs.nix
@ -31,7 +33,7 @@ in
nixPath = mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
optimise = {
automatic = true;
dates = [ "18:00" ];
dates = ["18:00"];
};
gc = {
automatic = true;
@ -40,9 +42,9 @@ in
};
settings = {
flake-registry = "/etc/nix/registry.json";
allowed-users = [ "root" "@wheel" ];
trusted-users = [ "root" "@wheel" ];
experimental-features = [ "nix-command" "flakes" ];
allowed-users = ["root" "@wheel"];
trusted-users = ["root" "@wheel"];
experimental-features = ["nix-command" "flakes"];
builders-use-substitutes = true;
};
};

13
nixos/modules/base/nix/nh.nix
View file

@ -1,12 +1,13 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
admin = host.admin;
in
{
in {
config = mkIf (host.type != "phone") {
environment.variables.FLAKE = mkIf admin.homeManager "/home/${admin.name}/.config/ooknet/";

13
nixos/modules/base/nix/nixpkgs.nix
View file

@ -1,11 +1,12 @@
{ lib, config, inputs, ... }:
let
{
lib,
config,
inputs,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
nixpkgs = {
config = {

12
nixos/modules/base/nix/subs.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
nix.settings = {
substituters = [

13
nixos/modules/base/secrets.nix
View file

@ -1,14 +1,15 @@
{ config, lib, self, ... }:
let
{
config,
lib,
self,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
admin = host.admin;
tailscale = host.networking.tailscale;
in
{
in {
age.identityPaths = [
"/home/${admin.name}/.ssh/id_ed25519"
];

23
nixos/modules/base/security/kernel.nix
View file

@ -1,18 +1,18 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) optionals mkForce concatLists;
inherit (builtins) elem;
features = config.ooknet.host.hardware.features;
in
{
in {
security = {
# Protects the kernel from being tampered with at runtime. prevents the ability to hibernate.
protectKernelImage = true;
protectKernelImage = true;
# page table isolation (PTI) is a kernel option designed to protect against
# side-channel attacks, including Meltdown & Spectre vunerabilities.
# side-channel attacks, including Meltdown & Spectre vunerabilities.
forcePageTableIsolation = true;
# locking kernel modules during runtime breaks certain services by stopping them from being
@ -41,7 +41,7 @@ in
# limits the exposer of the kernel memory address via dmesg
"kernel.dmesg_restrict" = 1;
# we are not a kernel developer so we disable this to prevent potential information leaks & attacks
"kernel.ftrace_enabled" = false;
@ -100,7 +100,7 @@ in
# disables a common interface that contains sensitive info on the kernel
"debugfs=off"
# prevent kernel from blanking plymouth out of the frame buffer console
# prevent kernel from blanking plymouth out of the frame buffer console
"fbcon=nodefer"
# enables auditing of integrity measurement events
@ -112,11 +112,10 @@ in
# disables the legacy vyscall mechanism, reducing attack surface.
"vsyscall=none"
# reduce exposure to heap attacks by preventing different slab caches from being merged.
"slab_nomerge"
"rootflags=noatime"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
];

13
nixos/modules/base/security/polkit.nix
View file

@ -1,11 +1,10 @@
{ lib, config, ... }:
let
inherit (lib) mkDefault mkIf;
in
{
lib,
config,
...
}: let
inherit (lib) mkDefault mkIf;
in {
security.polkit = {
enable = true;
debug = mkDefault true;

24
nixos/modules/base/security/sudo.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) mkDefault mkForce;
in
{
in {
# nyx module
security = {
sudo-rs.enable = mkForce false; # we don't want the rust sudo fork
@ -12,12 +8,16 @@ in
enable = true;
wheelNeedsPassword = mkDefault false; # only use false here if the extraRules below are enabled
execWheelOnly = mkForce true; # only allow wheel to execute sudo
extraConfig = /* shell */ ''
Defaults lecture = never # disable sudo lecture
Defaults pwfeedback # password feedback
Defaults env_keep += "EDITOR PATH DISPLAY" # variables to be passes to root
Defaults timestamp_timeout = 300 # asks for sudo password ever 300s
'';
extraConfig =
/*
shell
*/
''
Defaults lecture = never # disable sudo lecture
Defaults pwfeedback # password feedback
Defaults env_keep += "EDITOR PATH DISPLAY" # variables to be passes to root
Defaults timestamp_timeout = 300 # asks for sudo password ever 300s
'';
extraRules = [
{
# allow wheel group to run nixos-rebuild without password

15
nixos/modules/base/shell/bash/default.nix
View file

@ -1,16 +1,15 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
adminShell = config.ooknet.host.admin.shell;
in
{
config = mkIf (adminShell == "bash" ) {
in {
config = mkIf (adminShell == "bash") {
programs.bash = {
enable = true;
};
environment.pathsToLink = ["/share/bash-completion"];
};
}

12
nixos/modules/base/shell/fish/default.nix
View file

@ -1,12 +1,12 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
adminShell = config.ooknet.host.admin.shell;
cfg = config.ooknet.shell.fish;
in
{
in {
options.ooknet.shell.fish.enable = mkEnableOption "Enable fish module";
config = mkIf (adminShell == "fish" || cfg.enable) {

16
nixos/modules/base/shell/zsh/default.nix
View file

@ -1,14 +1,14 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
adminShell = config.ooknet.host.admin.shell;
in
{
in {
config = mkIf (adminShell == "zsh") {
# enable nixpkgs module if zsh is the main users login shell
# configure with home-manager module
# enable nixpkgs module if zsh is the main users login shell
# configure with home-manager module
programs.zsh = {
enable = true;

13
nixos/modules/gaming/gamemode.nix
View file

@ -1,11 +1,12 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.gaming.gamemode;
in
{
in {
config = mkIf cfg.enable {
programs.gamemode = {
enable = true;

15
nixos/modules/gaming/gamescope.nix
View file

@ -1,13 +1,14 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.gaming.gamescope;
in
{
in {
config = mkIf cfg.enable {
hardware.opengl.extraPackages = [ pkgs.gamescope ];
hardware.opengl.extraPackages = [pkgs.gamescope];
programs.gamescope = {
enable = true;
capSysNice = true;

14
nixos/modules/gaming/openPorts.nix
View file

@ -1,14 +1,14 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.gaming.openPorts;
in
{
in {
config = mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [ 3074 ];
allowedTCPPorts = [3074];
allowedUDPPorts = [
88
500

50
nixos/modules/gaming/steam.nix
View file

@ -1,35 +1,37 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.gaming.steam;
steamFix = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib
libkrb5
keyutils
mangohud
winetricks
protontricks
gtk3
gtk3-x11
];
extraPkgs = pkgs:
with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib
libkrb5
keyutils
mangohud
winetricks
protontricks
gtk3
gtk3-x11
];
};
in
{
in {
config = mkIf cfg.enable {
programs.steam = {
enable = true;
package = steamFix;
extraCompatPackages = [ pkgs.proton-ge-bin.steamcompattool ];
extraCompatPackages = [pkgs.proton-ge-bin.steamcompattool];
};
};
}

51
nixos/modules/host/admin.nix
View file

@ -1,40 +1,47 @@
{ lib, config, pkgs, inputs, outputs, self, keys, ... }:
let
{
lib,
config,
pkgs,
inputs,
outputs,
self,
keys,
...
}: let
cfg = config.ooknet.host.admin;
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
inherit (lib) mkIf;
in
{
in {
config = {
users.users.${cfg.name} = {
isNormalUser = true;
shell = pkgs.${cfg.shell};
initialPassword = "password";
openssh.authorizedKeys.keys = [ (keys.users."${cfg.name}") ];
extraGroups = [
"wheel"
"video"
"audio"
] ++ ifTheyExist [
"git"
"media"
"network"
"libvirtd"
"deluge"
"streamer"
"torrenter"
];
openssh.authorizedKeys.keys = [(keys.users."${cfg.name}")];
extraGroups =
[
"wheel"
"video"
"audio"
]
++ ifTheyExist [
"git"
"media"
"network"
"libvirtd"
"deluge"
"streamer"
"torrenter"
];
};
home-manager = mkIf cfg.homeManager {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "hm.old";
verbose = true;
extraSpecialArgs = { inherit inputs outputs self; };
extraSpecialArgs = {inherit inputs outputs self;};
users.${cfg.name} = {
imports = [ "${self}/home" ];
imports = ["${self}/home"];
};
};
};

12
nixos/modules/host/hardware/common.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type != "phone") {
hardware = {
enableRedistributableFirmware = true;

19
nixos/modules/host/hardware/cpu/amd.nix
View file

@ -1,16 +1,17 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkMerge mkIf versionAtLeast versionOlder;
inherit (builtins) elem;
cpu = config.ooknet.host.hardware.cpu;
cpu = config.ooknet.host.hardware.cpu;
cfg = cpu.amd;
kernelVersion = config.boot.kernelPackages.kernel.version;
kernelVersionAtLeast = versionAtLeast kernelVersion;
kernelVersionOlder= versionOlder kernelVersion;
in
{
kernelVersionOlder = versionOlder kernelVersion;
in {
config = mkIf (elem cpu.type ["amd"]) {
environment.systemPackages = [pkgs.amdctl];
hardware.cpu.amd.updateMicrocode = true;
@ -22,7 +23,7 @@ in
"msr" # required for amdctl
];
}
(mkIf (cfg.pstate.enable && (kernelVersionAtLeast "5.27") && (kernelVersionOlder "6.1")) {
kernelParams = ["initcall_blacklist-acpi_cpufreq_init"];
kernelModules = ["amd-pstate"];

13
nixos/modules/host/hardware/cpu/intel.nix
View file

@ -1,12 +1,13 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf;
inherit (builtins) elem;
cpu = config.ooknet.host.hardware.cpu;
in
{
in {
# TODO: put kvm/gvt behind virtualization module flag
config = mkIf (elem cpu.type ["intel"]) {

45
nixos/modules/host/hardware/features/audio.nix
View file

@ -1,25 +1,24 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf;
inherit (lib.generators) toLua;
inherit (lib.lists) elem optionals;
# inherit (builtins) elem;
features = config.ooknet.host.hardware.features;
hasBT = (elem "bluetooth" features);
in
{
hasBT = elem "bluetooth" features;
in {
config = mkIf (elem "audio" features) {
hardware.pulseaudio.enable = !config.services.pipewire.enable;
security.rtkit.enable = config.services.pipewire.enable;
services.pipewire =
let
services.pipewire = let
quantum = 64;
rate = 48000;
qr = "${toString quantum}/${toString rate}";
in
{
in {
enable = true;
alsa.enable = true;
@ -89,14 +88,18 @@ in
'')
]
++ optionals hasBT [
(pkgs.writeTextDir "share/bluetooth.lua.d/51-bluez-config.lua" /* lua */ ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
(pkgs.writeTextDir "share/bluetooth.lua.d/51-bluez-config.lua"
/*
lua
*/
''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
};
};
@ -106,6 +109,4 @@ in
pipewire-pulse.wantedBy = ["default.target"];
};
};
}
}

12
nixos/modules/host/hardware/features/backlight.nix
View file

@ -1,12 +1,12 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
features = config.ooknet.host.hardware.features;
inherit (lib) mkIf;
inherit (builtins) elem;
in
{
in {
config = mkIf (elem "backlight" features) {
hardware.brillo.enable = true;
};

14
nixos/modules/host/hardware/features/battery.nix
View file

@ -1,15 +1,15 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
features = config.ooknet.host.hardware.features;
cfg = config.ooknet.host.hardware.battery;
inherit (lib) mkIf mkDefault;
inherit (builtins) elem;
MHz = x: x * 1000;
in
{
in {
config = mkIf (elem "battery" features) {
boot = {
kernelModules = ["acpi_call"];

20
nixos/modules/host/hardware/features/bluetooth.nix
View file

@ -1,22 +1,24 @@
{ config, lib, pkgs, self, ... }:
let
{
config,
lib,
pkgs,
self,
...
}: let
features = config.ooknet.host.hardware.features;
inherit (lib) mkIf;
inherit (builtins) elem;
in
{
in {
config = mkIf (elem "bluetooth" features) {
hardware.bluetooth = {
enable = true;
package = pkgs.bluez5-experimental;
};
environment.systemPackages = with pkgs; [
self.packages.${pkgs.system}.live-buds-cli
bluetuith
];
bluetuith
];
# https://github.com/NixOS/nixpkgs/issues/114222
systemd.user.services.telephony_client.enable = false;

14
nixos/modules/host/hardware/features/ssd.nix
View file

@ -1,12 +1,12 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
features = config.ooknet.host.hardware.features;
inherit (lib) mkIf;
inherit (builtins) elem;
in
{
in {
config = mkIf (elem "ssd" features) {
services.fstrim = {
enable = true;
@ -18,6 +18,6 @@ in
Nice = 19;
IOSchedulingClass = "idle";
};
};
};
};
}

14
nixos/modules/host/hardware/features/video.nix
View file

@ -1,13 +1,15 @@
{ lib, inputs, config, pkgs, ... }:
let
{
lib,
inputs,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
inherit (builtins) elem;
isx86Linux = pkgs: with pkgs.stdenv; hostPlatform.isLinux && hostPlatform.isx86;
features = config.ooknet.host.hardware.features;
in
{
in {
config = mkIf (elem "video" features) {
hardware = {
opengl = {

17
nixos/modules/host/hardware/gpu/amd.nix
View file

@ -1,12 +1,13 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
gpu = config.ooknet.host.hardware.gpu;
inherit (lib) mkIf mkDefault;
inherit (builtins) elem;
in
{
in {
config = mkIf (elem gpu.type ["amd"]) {
hardware.opengl = {
extraPackages = with pkgs; [
@ -17,13 +18,13 @@ in
# amdvlk
mesa
];
extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
extraPackages32 = [pkgs.driversi686Linux.amdvlk];
};
boot = {
initrd.kernelModules = ["amdgpu"];
kernelModules = ["amdgpu"];
};
environment.systemPackages = [ pkgs.nvtopPackages.amd ];
environment.systemPackages = [pkgs.nvtopPackages.amd];
services.xserver.videoDrivers = mkDefault ["modesetting" "amdgpu"];
};
}

17
nixos/modules/host/hardware/gpu/intel.nix
View file

@ -1,16 +1,15 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
gpu = config.ooknet.host.hardware.gpu;
inherit (lib) mkIf;
inherit (builtins) elem;
# vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
in
{
in {
config = mkIf (elem gpu.type ["intel"]) {
services.xserver.videoDrivers = ["modesetting"];
hardware.opengl = {
extraPackages = with pkgs; [
@ -29,7 +28,7 @@ in
intel-media-driver
];
};
boot.initrd.kernelModules = ["i915"];
boot.initrd.kernelModules = ["i915"];
environment.variables = mkIf config.hardware.opengl.enable {
VDPAU_DRIVER = "va_gl";
};

20
nixos/modules/host/hardware/gpu/nvidia.nix
View file

@ -1,15 +1,16 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
gpu = config.ooknet.host.hardware.gpu;
inherit (lib) mkIf mkDefault;
inherit (builtins) elem;
production = config.boot.kernelPackages.nvidiaPackages.production;
# beta = config.boot.kernelPackages.nvidiaPackages.beta;
in
{
# TODO: make option to choose nvidia package
in {
# TODO: make option to choose nvidia package
config = mkIf (elem gpu.type ["nvidia"]) {
hardware = {
nvidia = {
@ -25,12 +26,11 @@ in
};
};
opengl = {
extraPackages = with pkgs; [ nvidia-vaapi-driver ];
extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ];
extraPackages = with pkgs; [nvidia-vaapi-driver];
extraPackages32 = with pkgs.pkgsi686Linux; [nvidia-vaapi-driver];
};
};
environment.systemPackages = with pkgs; [
libva
libva-utils

8
nixos/modules/host/name.nix
View file

@ -1,10 +1,6 @@
{ config, ... }:
let
{config, ...}: let
cfg = config.ooknet.host;
in
{
in {
config = {
networking.hostName = cfg.name;
environment.sessionVariables.HN = cfg.name;

14
nixos/modules/programs/1password.nix
View file

@ -1,18 +1,18 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
admin = config.ooknet.host.admin;
cfg = config.ooknet.programs._1password;
in
{
in {
config = mkIf cfg.enable {
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "${admin.name}" ];
polkitPolicyOwners = ["${admin.name}"];
};
};
};

12
nixos/modules/programs/dconf.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.programs.dconf;
in
{
in {
config = mkIf cfg.enable {
programs.dconf.enable = true;
};

12
nixos/modules/programs/kdeconnect.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.programs.kdeconnect;
in
{
in {
config = mkIf cfg.enable {
programs.kdeconnect = {
enable = true;

15
nixos/modules/services/dbus.nix
View file

@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.services.dbus;
in
{
in {
config = mkIf cfg.enable {
services.dbus = {
enable = true;
packages = with pkgs; [ dconf gcr udisks2 ];
packages = with pkgs; [dconf gcr udisks2];
implementation = "broker";
};
};

2
nixos/modules/services/default.nix
View file

@ -1,5 +1,5 @@
{
imports = [
imports = [
./system76Scheduler.nix
./dbus.nix
./gnome.nix

12
nixos/modules/services/flatpak.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.services.flatpak;
in
{
in {
config = mkIf cfg.enable {
services.flatpak.enable = true;
};

17
nixos/modules/services/gnome.nix
View file

@ -1,18 +1,19 @@
{ lib, config, pkgs, ... }:
let
inherit (lib) mkIf;
cfg = config.ooknet.services.gnomeServices;
in
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.services.gnomeServices;
in {
config = mkIf cfg.enable {
services = {
gnome = {
glib-networking.enable = true;
gnome-keyring.enable = true;
};
udev.packages = [ pkgs.gnome.gnome-settings-daemon ];
udev.packages = [pkgs.gnome.gnome-settings-daemon];
};
};
}

12
nixos/modules/services/gvfs.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.services.gvfs;
in
{
in {
config = mkIf cfg.enable {
services.gvfs.enable = true;
};

12
nixos/modules/services/system76Scheduler.nix
View file

@ -1,11 +1,11 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
cfg = config.ooknet.services.system76Scheduler;
in
{
in {
config = mkIf cfg.enable {
services.system76-scheduler = {
enable = true;

19
nixos/modules/virtualization/default.nix
View file

@ -1,29 +1,30 @@
{ lib, config, pkgs, ... }:
let
cfg = config.ooknet.virtualisation;
in
{
lib,
config,
pkgs,
...
}: let
cfg = config.ooknet.virtualisation;
in {
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
spice
spice
spice-gtk
spice-protocol
win-virtio
win-spice
gnome.adwaita-icon-theme
];
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;

8
nixos/options/gaming.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) mkEnableOption;
in
{
in {
options.ooknet.gaming = {
steam.enable = mkEnableOption "";
gamescope.enable = mkEnableOption "";

38
nixos/options/host.nix
View file

@ -1,6 +1,8 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkOption mkEnableOption;
inherit (lib.types) bool enum listOf int submodule nullOr str;
inherit (lib.lists) optionals concatLists;
@ -8,15 +10,13 @@ let
admin = config.ooknet.host.admin;
hardware = config.ooknet.host.hardware;
tailscale = config.ooknet.host.networking.tailscale;
in
{
in {
options.ooknet.host = {
name = mkOption {
type = str;
default = "ooksgeneric";
};
type = mkOption {
type = enum ["desktop" "laptop" "phone" "micro" "vm"];
default = "desktop";
@ -73,8 +73,9 @@ in
};
tags = mkOption {
type = listOf str;
default =
if tailscale.server then ["tag:server"]
default =
if tailscale.server
then ["tag:server"]
else [];
description = "Sets host tag depending on if server/client";
};
@ -121,8 +122,8 @@ in
};
features = mkOption {
type = listOf (enum ["audio" "video" "bluetooth" "backlight" "battery" "ssd"]);
default = [ "ssd" ];
type = listOf (enum ["audio" "video" "bluetooth" "backlight" "battery" "ssd"]);
default = ["ssd"];
};
battery = {
@ -197,16 +198,19 @@ in
};
};
});
default = [ ];
default = [];
};
};
};
config = {
assertions = [{
assertion = ((lib.length hardware.monitors) != 0) ->
((lib.length (lib.filter (m: m.primary) hardware.monitors)) == 1);
message = "At least 1 primary monitor is required";
}];
assertions = [
{
assertion =
((lib.length hardware.monitors) != 0)
-> ((lib.length (lib.filter (m: m.primary) hardware.monitors)) == 1);
message = "At least 1 primary monitor is required";
}
];
};
}

8
nixos/options/programs.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) mkEnableOption;
in
{
in {
options.ooknet.programs = {
_1password.enable = mkEnableOption "";
dconf.enable = mkEnableOption "";

10
nixos/options/services.nix
View file

@ -1,12 +1,8 @@
{ lib, ... }:
let
{lib, ...}: let
inherit (lib) mkEnableOption;
in
{
in {
options.ooknet.services = {
nixarr.enable = mkEnableOption "";
nixarr.enable = mkEnableOption "";
gnomeServices.enable = mkEnableOption "";
gvfs.enable = mkEnableOption "";
dbus.enable = mkEnableOption "";

14
nixos/profiles/gaming.nix
View file

@ -1,12 +1,12 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (builtins) elem;
profiles = config.ooknet.host.profiles;
in
{
in {
config = mkIf (elem "gaming" profiles) {
ooknet.gaming = {
steam.enable = true;
@ -14,5 +14,5 @@ in
gamemode.enable = true;
};
ooknet.services.flatpak.enable = true;
};
};
}

12
nixos/profiles/media-server.nix
View file

@ -1,12 +1,12 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
inherit (builtins) elem;
profiles = config.ooknet.host.profiles;
in
{
in {
config = mkIf (elem "media-server" profiles) {
ooknet.services.nixarr.enable = true;
};

14
nixos/roles/desktop-workstation.nix
View file

@ -1,18 +1,18 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type == "desktop" && host.role == "workstation") {
ooknet = {
services = {
gnomeServices.enable = true;
gvfs.enable = true;
dbus.enable = true;
system76Scheduler.enable = true;
system76Scheduler.enable = true;
};
programs = {
_1password.enable = true;

14
nixos/roles/laptop-workstation.nix
View file

@ -1,18 +1,18 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf;
host = config.ooknet.host;
in
{
in {
config = mkIf (host.type == "laptop" && host.role == "workstation") {
ooknet = {
services = {
gnomeServices.enable = true;
gvfs.enable = true;
dbus.enable = true;
system76Scheduler.enable = true;
system76Scheduler.enable = true;
};
programs = {
_1password.enable = true;