restructure system configuration

system/base/auto-upgrade.nix

@@ -0,0 +1,31 @@
+{ config, inputs, pkgs, lib, ... }:
+
+let
+  inherit (config.networking) hostName;
+  isClean = inputs.self ? rev;
+in
+{
+  system.autoUpgrade = {
+    enable = isClean;
+    dates = "hourly";
+    flags = [
+      "--refresh"
+    ];
+    flake = "github:ooks-io/nix#${hostName};
+  };
+
+# Only run if current config (self) is older than the new one.
+
+  systemd.services.nixos-upgrade = lib.mkIf config.system.autoUpgrade.enable {
+    serviceConfig.ExecCondition = lib.getExe (
+      pkgs.writeShellScriptBin "check-date" ''
+        lastModified() {
+          nix flake metadata "$1" --refresh --json | ${lib.getExe pkgs.jq} '.lastModified'
+        }
+        test "$(lastModified "${config.system.autoUpgrade.flake}")"  -gt "$(lastModified "self")"
+      ''
+    );
+  };
+}
+
+

system/base/default.nix

@@ -0,0 +1,18 @@
+{ inputs, outputs, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./nix.nix
+    ./fish.nix
+    ./locale.nix
+    ./security.nix
+    ./systemdboot.nix
+    ./pipewire.nix
+  # ./auto-upgrade.nix # still needs some work
+    ];
+
+  home-manager.extraSpecialArgs = { inherit inputs outputs; };
+    
+  #hardware.enableRedistibutableFirmware = true;
+  environment.enableAllTerminfo = true;
+
+  }

system/base/fish.nix

@@ -0,0 +1,10 @@
+{
+  programs.fish = {
+    enable = true;
+    vendor = {
+      completions.enable = true;
+      config.enable = true;
+      functions.enable = true;
+    };
+  };
+}

system/base/locale.nix

@@ -0,0 +1,10 @@
+{ lib, ... }: {
+  i18n = {
+    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    supportedLocales = lib.mkDefault [
+      "en_US.UTF-8/UTF-8"
+    ];
+  };
+  time.timeZone = lib.mkDefault "Pacific/Auckland";
+  services.geoclue2.enable = true;
+}

system/base/pipewire.nix

@@ -0,0 +1,11 @@
+{
+  security.rtkit.enable = true;
+  hardware.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}

system/base/security.nix

@@ -0,0 +1,58 @@
+
+
+
+
+{ config, pkgs, ... }:
+
+
+{
+
+  environment.systemPackages = with pkgs; [
+    polkit_gnome
+];
+
+  programs = {
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    _1password = {
+      enable = true;
+    };
+    _1password-gui = {
+      enable = true;
+      polkitPolicyOwners = [ "ooks" ];
+    };
+  };
+  security = {
+    polkit = {
+      enable = true;
+    };
+    pam.services = { swaylock = { }; };
+    sudo = {
+      enable = true;
+      extraConfig = ''
+        ooks ALL=(ALL) NOPASSWD:ALL
+        '';
+    };
+  };
+  
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+
+      };
+    };
+  };
+
+
+}

system/base/systemdboot.nix

@@ -0,0 +1,9 @@
+{
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      consoleMode = "max";
+    };
+    efi.canTouchEfiVariables = true;
+  };
+}

system/modules/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./hardware
+    ./networking
+    ./nix
+    ./programs
+    ./user
+  ];
+}

system/modules/hardware/backlight.nix

@@ -0,0 +1,14 @@
+{
+  hardware.brillo.enable = true;
+  services.clight = {
+    enable = true;
+    settings = {
+      verbose = true;
+      backlight.disabled = true;
+      dpms.timeouts = [900 300];
+      dimmer.timeouts = [870 270];
+      gamma.long_transition = true;
+      screen.disabled = true;
+    };
+  };
+}

system/modules/hardware/bluetooth/default.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  hardware.bluetooth = {
+    enable = true;
+    package = pkgs.bluez5-experimental;
+  };
+  
+  environment.systemPackages = with pkgs; [
+  	galaxy-buds-client
+    live-buds-cli
+	  bluetuith
+	];
+
+   # https://github.com/NixOS/nixpkgs/issues/114222
+  systemd.user.services.telephony_client.enable = false;
+}

system/modules/networking/default.nix

@@ -0,0 +1,18 @@
+{ lib, ... }:
+{
+  networking.networkmanager = {
+    enable = true;
+    dns = "systemd-resolved";
+  };
+  networking.firewall.allowedTCPPorts = [57621];
+
+  services = {
+    openssh = {
+      enable = true;
+      settings.UseDns = true;
+    };
+    resolved.enable = true;
+  };
+
+  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
+}

system/modules/nix/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./nh.nix
+    ./nix.nix
+    ./nixpkgs
+    ./subs.nix
+  ];
+}

system/modules/nix/nh.nix

@@ -0,0 +1,16 @@
+{ inputs, ... }: {
+
+  imports = [
+    inputs.nh.nixosModules.default
+  ];
+
+  environment.variables.FLAKE = "/home/ooks/Coding/nix/ooks-io/nix";
+
+  nh = {
+    enable = true;
+    clean = {
+      enable = true;
+      extraArgs = "--keep-since 30d";
+    };
+  };
+}

system/modules/nix/nix.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, inputs, ... }: {
+
+  nix = {
+    settings = {
+      trusted-users = [ "root" "@wheel" ];
+      auto-optimise-store = lib.mkDefault true;
+      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      warn-dirty = false;
+      system-features = [ "kvm" "big-parallel" "nixos-test" ];
+      flake-registry = "";
+    };
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+    nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+  }; 
+}

system/modules/nix/nixpkgs.nix

@@ -0,0 +1,13 @@
+{ outputs, ... }: {
+
+  nixpkgs = {
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssl-1.1.1u"
+        "electron-25.9.0"
+      ];
+    };
+  };
+}

system/modules/nix/subs.nix

@@ -0,0 +1,18 @@
+{
+  nix.settings = {
+    substituters = [
+      "https://cache.nixos.org?priority=10"
+      "https://fufexan.cachix.org"
+      "https://helix.cachix.org"
+      "https://hyprland.cachix.org"
+      "https://nix-community.cachix.org"
+    ];
+
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+}

system/modules/programs/greetd.nix

@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+let
+  tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet";
+in
+{
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${tuigreet} --time --remember --cmd Hyprland";
+        user = "greeter";
+      };
+    };
+  };
+
+  # this is a life saver.
+  # literally no documentation about this anywhere.
+  # might be good to write about this...
+  # https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
+  systemd.services.greetd.serviceConfig = {
+    Type = "idle";
+    StandardInput = "tty";
+    StandardOutput = "tty";
+    StandardError = "journal"; # Without this errors will spam on screen
+    # Without these bootlogs will spam on screen
+    TTYReset = true;
+    TTYVHangup = true;
+    TTYVTDisallocate = true;
+  };
+
+  #environment.etc."greetd/environments".text = ''
+  #  Hyprland
+  #  fish
+  #  bash
+  #'';
+}

system/modules/programs/vm.nix

@@ -0,0 +1,28 @@
+{config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    virt-manager
+    virt-viewer
+    spice 
+    spice-gtk
+    spice-protocol
+    win-virtio
+    win-spice
+    gnome.adwaita-icon-theme
+  ];
+  
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu = {
+        swtpm.enable = true;
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
+      };
+    };
+    spiceUSBRedirection.enable = true;
+  };
+  services.spice-vdagentd.enable = true;
+}
+

system/profiles/laptop/default.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+let
+  cfg = config.system.profile.laptop;
+in 
+{
+  imports = [
+    ../modules
+  ];
+  config = cfg.enable {
+    system = {
+      hardware = {
+        bluetooth.enable = true;
+        powerSettings.enable = true
+        backlight.enable = true;
+      };
+    };
+  };
+}

system/user/ooks/default.nix

@@ -0,0 +1,23 @@
+{ pkgs, config, ... }:
+let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+  users.users.ooks = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = [
+    "wheel"
+    "video"
+    "audio"
+    ] ++ ifTheyExist [
+    "git"
+    "network"
+    "libvirtd"
+    "deluge"
+    ];
+
+  packages = [ pkgs.home-manager ];
+  };
+
+  home-manager.users.ooks = import ../../../../home/user/ooks/${config.networking.hostName};
+}