diff --git a/devices/ellaca/options.nix b/devices/ellaca/options.nix index bdc1a55..f039ed0 100644 --- a/devices/ellaca/options.nix +++ b/devices/ellaca/options.nix @@ -1,12 +1,60 @@ -{...}: { +{...}: let + email-domain = "chpu.eu"; + web-domain = "twoneis.site"; +in { conf = { - ssh.enable = true; - nginx.enable = true; - mail.enable = true; # broken - website.enable = true; - fedi.enable = true; - matrix.enable = true; - git.enable = true; + host = "server"; + nginx = { + domains = [ + email-domain + web-domain + ]; + email = "mira@${email-domain}"; + }; + + email = { + domain = email-domain; + ports = { + smtp = 25; + imaps = 993; + smtps = 465; + local = 9000; + }; + }; + + website = { + domain = { + full = web-domain; + base = web-domain; + }; + }; + + fedi = { + domain = { + full = "fedi.${web-domain}"; + base = web-domain; + }; + email = "akkoma@${email-domain}"; + }; + + matrix = { + domain = { + full = "matrix.${web-domain}"; + base = web-domain; + }; + + email = "matrix@${email-domain}"; + }; + + git = { + domain = { + full = "git.${web-domain}"; + base = web-domain; + }; + ports = { + local = 3000; + }; + }; stateVersion = "25.05"; hmStateVersion = "25.05"; diff --git a/devices/inkvine/options.nix b/devices/inkvine/options.nix index f850b75..9a8aaf7 100644 --- a/devices/inkvine/options.nix +++ b/devices/inkvine/options.nix @@ -1,13 +1,7 @@ {...}: { conf = { - apps.enable = true; - niri.enable = true; - extraLayout.enable = true; - fonts.enable = true; + host = "laptop"; secureboot.enable = true; - containers.enable = true; - networkmanager.enable = true; - yubikey.enable = true; yubikey.login = true; stateVersion = "24.11"; diff --git a/modules/apps/android.nix b/modules/apps/android.nix deleted file mode 100644 index 5114030..0000000 --- a/modules/apps/android.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkIf; - inherit (config) conf; -in - mkIf conf.apps.enable { - programs.adb.enable = true; - users.users.${conf.username}.extraGroups = ["adbusers"]; - } diff --git a/modules/apps/default.nix b/modules/apps/default.nix index d454264..bd2cca3 100644 --- a/modules/apps/default.nix +++ b/modules/apps/default.nix @@ -10,13 +10,12 @@ in { imports = [ ./firefox.nix ./media.nix - ./notes.nix ./programs.nix ./themes.nix - ./android.nix ]; - config = mkIf conf.apps.enable { + config = mkIf (conf.host + != "server") { # Audio security.rtkit.enable = true; diff --git a/modules/apps/firefox.nix b/modules/apps/firefox.nix index 6902263..b7114b2 100644 --- a/modules/apps/firefox.nix +++ b/modules/apps/firefox.nix @@ -7,7 +7,7 @@ inherit (lib) mkIf; inherit (config) conf; in - mkIf conf.apps.enable { + mkIf (conf.host != "server") { home-manager.users.${conf.username} = { programs.firefox = { enable = true; diff --git a/modules/apps/media.nix b/modules/apps/media.nix index e533e16..c045996 100644 --- a/modules/apps/media.nix +++ b/modules/apps/media.nix @@ -7,7 +7,7 @@ inherit (lib) mkIf; inherit (config) conf; in - mkIf conf.apps.enable { + mkIf (conf.host != "server") { home-manager.users.${conf.username} = { home.packages = with pkgs; [ loupe diff --git a/modules/apps/notes.nix b/modules/apps/notes.nix deleted file mode 100644 index d5a3567..0000000 --- a/modules/apps/notes.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - inherit (lib) mkIf; - inherit (config) conf; - inherit (config.conf) keys; -in - mkIf conf.apps.enable { - home-manager.users.${conf.username} = { - home.packages = with pkgs; [ - rnote - ]; - - programs.sioyek = { - enable = true; - bindings = { - "move_up" = keys.up; - "move_down" = keys.down; - "move_left" = keys.left; - "move_right" = keys.right; - }; - }; - - programs.fish.shellAbbrs = { - pdf = "sioyek"; - }; - }; - } diff --git a/modules/apps/programs.nix b/modules/apps/programs.nix index 94a3b78..f3b3b59 100644 --- a/modules/apps/programs.nix +++ b/modules/apps/programs.nix @@ -13,7 +13,7 @@ exec = "alacritty -e ${pkgs.peaclock}/bin/peaclock"; }; in - mkIf conf.apps.enable { + mkIf (conf.host != "server") { services = { # Needed for some features in nautilus such as auto-mounting and trash gvfs.enable = true; diff --git a/modules/apps/themes.nix b/modules/apps/themes.nix index ddf067b..58a4d9b 100644 --- a/modules/apps/themes.nix +++ b/modules/apps/themes.nix @@ -7,7 +7,7 @@ inherit (lib) mkIf; inherit (config) conf; in - mkIf conf.apps.enable { + mkIf (conf.host != "server") { home-manager.users.${conf.username} = { home.packages = with pkgs; [ adwaita-icon-theme diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 985ba17..4c1c667 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -1,17 +1,14 @@ { lib, config, - pkgs, ... }: let inherit (lib) mkIf; - inherit (config) conf; + cfg = config.conf.containers; in - mkIf conf.containers.enable { + mkIf cfg.enable { virtualisation.podman = { enable = true; dockerCompat = true; }; - - environment.systemPackages = [pkgs.distrobox]; } diff --git a/modules/default.nix b/modules/default.nix index bb133f3..e5a05ff 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,6 +4,7 @@ in { imports = [ ./apps ./containers + ./email ./fedi ./firewall ./fonts @@ -11,7 +12,6 @@ in { ./git ./home ./layout - ./mail ./matrix ./networking ./nginx @@ -35,7 +35,7 @@ in { users.users.${conf.username} = { isNormalUser = true; description = conf.username; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = ["wheel"]; }; system.stateVersion = conf.stateVersion; diff --git a/modules/mail/default.nix b/modules/email/default.nix similarity index 66% rename from modules/mail/default.nix rename to modules/email/default.nix index e5a6023..4035bdf 100644 --- a/modules/mail/default.nix +++ b/modules/email/default.nix @@ -3,24 +3,22 @@ lib, ... }: let - inherit (config) conf; inherit (lib) mkIf; + inherit (lib.lists) forEach; + cfg = config.conf.email; in - mkIf conf.mail.enable { + mkIf cfg.enable { services.nginx = { - virtualHosts."chpu.eu" = { - serverName = "chpu.eu"; - serverAliases = [ - "mail.chpu.eu" - "webadmin.chpu.eu" - "autoconfig.chpu.eu" - "autodiscover.chpu.eu" - ]; + virtualHosts.${cfg.domain} = { + serverName = cfg.domain; + serverAliases = + forEach ["mail" "webadmin" "autoconfig" "autodiscover"] + (sub: "${sub}.${cfg.domain}"); forceSSL = true; - useACMEHost = "chpu.eu"; + useACMEHost = cfg.domain; locations = { "/" = { - proxyPass = "http://localhost:9090"; + proxyPass = "http://localhost:${toString cfg.ports.local}"; }; }; }; @@ -38,7 +36,7 @@ in "authentication.fallback-admin.secret" ]; server = { - hostname = "chpu.eu"; + hostname = cfg.domain; tls = { enable = true; implicit = true; @@ -46,30 +44,30 @@ in listener = { smtp = { protocol = "smtp"; - bind = ["[::]:25"]; + bind = ["[::]:${toString cfg.ports.smtp}"]; }; imaps = { protocol = "imap"; - bind = ["[::]:993"]; + bind = ["[::]:${toString cfg.ports.imaps}"]; }; submissions = { protocol = "smtp"; - bind = ["[::]:465"]; + bind = ["[::]:${toString cfg.ports.smtps}"]; }; management = { protocol = "http"; - bind = "127.0.0.1:9090"; + bind = "127.0.0.1:${toString cfg.ports.local}"; }; }; }; lookup.default = { - hostname = "chpu.eu"; - domain = "chpu.eu"; + hostname = cfg.domain; + domain = cfg.domain; }; certificate.default = { default = true; - cert = "%{file:/var/lib/acme/chpu.eu/cert.pem}%"; - private-key = "%{file:/var/lib/acme/chpu.eu/key.pem}%"; + cert = "%{file:/var/lib/acme/${cfg.domain}/cert.pem}%"; + private-key = "%{file:/var/lib/acme/${cfg.domain}/key.pem}%"; }; storage = { data = "db"; diff --git a/modules/fedi/default.nix b/modules/fedi/default.nix index 3ec5ef6..7e07d3b 100644 --- a/modules/fedi/default.nix +++ b/modules/fedi/default.nix @@ -5,8 +5,9 @@ ... }: let inherit (lib) mkIf; - inherit (config) conf; inherit ((pkgs.formats.elixirConf {}).lib) mkMap; + cfg = config.conf.fedi; + akkoma-fe = pkgs.callPackage ./akkoma-fe.nix {}; neocat = pkgs.callPackage ./neocat.nix {}; neofox = pkgs.callPackage ./neofox.nix {}; @@ -15,7 +16,7 @@ blobhajFlags = pkgs.callPackage ./blobhajFlags.nix {}; favicon = pkgs.callPackage ./favicon.nix {}; in - mkIf conf.fedi.enable { + mkIf cfg.enable { services.akkoma = { enable = true; frontends.primary = { @@ -28,7 +29,7 @@ in ":instance" = { name = "miras fedi"; description = "miras akkoma instance"; - email = "akkoma@chpu.eu"; + email = cfg.email; registration_open = false; }; @@ -45,11 +46,11 @@ in }; "Pleroma.Web.Endpoint" = { - url.host = "fedi.twoneis.site"; + url.host = cfg.domain.full; }; "Pleroma.Upload" = { - base_url = "https://fedi.twoneis.site/media/"; + base_url = "https://${cfg.domain.full}/media/"; }; }; }; @@ -66,8 +67,8 @@ in }; nginx = { - serverName = "fedi.twoneis.site"; - useACMEHost = "twoneis.site"; + serverName = cfg.domain.full; + useACMEHost = cfg.domain.base; forceSSL = true; }; }; diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 05d41ec..0c0a06f 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -5,9 +5,9 @@ ... }: let inherit (lib) mkIf; - inherit (config) conf; + cfg = config.conf.fonts; in - mkIf conf.fonts.enable { + mkIf cfg.enable { fonts = { packages = with pkgs; [ alegreya diff --git a/modules/games/default.nix b/modules/games/default.nix index eb82243..da04a4f 100644 --- a/modules/games/default.nix +++ b/modules/games/default.nix @@ -6,6 +6,7 @@ }: let inherit (lib) mkIf; inherit (config) conf; + cfg = config.conf.games; mkXwlWrapper = import ../niri/xwl-wrapper.nix; holo-script = pkgs.writeShellApplication { name = "holo-script"; @@ -25,7 +26,7 @@ pkg = "steam"; }; in - mkIf conf.games.enable { + mkIf cfg.enable { programs.steam.enable = true; programs.gamescope.enable = true; programs.gamemode.enable = true; diff --git a/modules/git/default.nix b/modules/git/default.nix index 780b51b..e8375a2 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -4,21 +4,18 @@ ... }: let inherit (lib) mkIf; - inherit (config) conf; - cfg = config.services.forgejo.settings.server; + cfg = config.conf.git; in - mkIf conf.git.enable { + mkIf cfg.enable { services = { nginx = { - virtualHosts.${cfg.DOMAIN} = { + virtualHosts.${cfg.domain.full} = { + serverName = cfg.domain.full; + useACMEHost = cfg.domain.base; forceSSL = true; - useACMEHost = "twoneis.site"; - extraConfig = '' - client_max_body_size 512M; - ''; locations = { "/" = { - proxyPass = "http://localhost:${toString cfg.HTTP_PORT}"; + proxyPass = "http://localhost:${toString cfg.ports.local}"; }; }; }; @@ -33,9 +30,9 @@ in lfs.enable = true; settings = { server = { - DOMAIN = "git.twoneis.site"; - ROOT_URL = "https://${cfg.DOMAIN}"; - HTTP_PORT = 3000; + DOMAIN = cfg.domain.full; + ROOT_URL = "https://${cfg.domain.full}"; + HTTP_PORT = cfg.ports.local; }; service.DISABLE_REGISTRATION = true; actions = { diff --git a/modules/layout/default.nix b/modules/layout/default.nix index aeb1467..5f21e85 100644 --- a/modules/layout/default.nix +++ b/modules/layout/default.nix @@ -4,9 +4,9 @@ ... }: let inherit (lib) mkIf; - inherit (config.conf) extraLayout; + cfg = config.conf.extraLayout; in - mkIf extraLayout.enable { + mkIf cfg.enable { services.xserver.xkb = { layout = "custom,us"; options = "compose:ralt"; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index 18bcadb..26991a2 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -3,55 +3,35 @@ lib, ... }: let - inherit (config) conf; inherit (lib) mkIf; + inherit (lib.attrsets) genAttrs; + cfg = config.conf.matrix; in - mkIf conf.matrix.enable { - services.nginx.virtualHosts = { - "twoneis.site" = { - serverName = "twoneis.site"; - useACMEHost = "twoneis.site"; - forceSSL = true; - locations = { - "/.well-known/matrix/server" = { - return = "200 '{\"m.server\": \"matrix.twoneis.site:443\"}'"; - }; - "/.well-known/matrix/client" = { - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.twoneis.site\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.twoneis.site\"}}'"; - }; - "/.well-known/matrix/support" = { - return = "200 '{\"contacts\": [{\"matrix_id\": \"@mira:twoneis.site\", \"email_address\": \"matrix@chpu.eu\", \"role\": \"m.role.admin\"}]}'"; - }; + mkIf cfg.enable { + services.nginx.virtualHosts = genAttrs [cfg.domain.base cfg.domain.full] (domain: { + serverName = domain; + useACMEHost = cfg.domain.base; + forceSSL = true; + locations = { + "/.well-known/matrix/server" = { + return = "200 '{\"m.server\": \"${cfg.domain.full}:443\"}'"; + }; + "/.well-known/matrix/client" = { + return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${cfg.domain.full}\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://${cfg.domain.full}\"}}'"; + }; + "/.well-known/matrix/support" = { + return = "200 '{\"contacts\": [{\"matrix_id\": \"@admin:${cfg.domain.full}\", \"email_address\": \"${cfg.email}\", \"role\": \"m.role.admin\"}]}'"; }; }; - "matrix.twoneis.site" = { - serverName = "matrix.twoneis.site"; - forceSSL = true; - useACMEHost = "twoneis.site"; - locations = { - "/" = { - proxyPass = "http://localhost:6167"; - }; - "/.well-known/matrix/server" = { - return = "200 '{\"m.server\": \"matrix.twoneis.site:443\"}'"; - }; - "/.well-known/matrix/client" = { - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.twoneis.site\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.twoneis.site\"}}'"; - }; - "/.well-known/matrix/support" = { - return = "200 '{\"contacts\": [{\"matrix_id\": \"@mira:twoneis.site\", \"email_address\": \"matrix@chpu.eu\", \"role\": \"m.role.admin\"}]}'"; - }; - }; - }; - }; + }); services.conduwuit = { enable = true; settings.global = { - server_name = "matrix.twoneis.site"; + server_name = cfg.domain.full; allow_registration = false; }; }; - networking.firewall.allowedTCPPorts = [443 8448]; + networking.firewall.allowedTCPPorts = [8448]; } diff --git a/modules/networking/default.nix b/modules/networking/default.nix index 5cb6c07..966dfb7 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -6,8 +6,11 @@ }: let inherit (config) conf; inherit (lib) mkIf; + cfg = config.conf.networkmanager; in - mkIf conf.networkmanager.enable { + mkIf cfg.enable { + users.users.${conf.username}.extraGroups = ["networkmanager"]; + home-manager.users.${conf.username}.home.packages = [pkgs.networkmanagerapplet]; networking = { networkmanager = { diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index 7c52b5e..94382c5 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -3,32 +3,22 @@ lib, ... }: let - inherit (config) conf; inherit (lib) mkIf; + inherit (lib.attrsets) genAttrs; + cfg = config.conf.nginx; in - mkIf conf.nginx.enable { + mkIf cfg.enable { security.acme = { acceptTerms = true; - defaults.email = "mira@chpu.eu"; - certs = { - "twoneis.site" = { - group = "nginx"; - domain = "twoneis.site"; - extraDomainNames = ["*.twoneis.site"]; - dnsProvider = "porkbun"; - email = "mira@chpu.eu"; - environmentFile = "/root/porkbun-creds"; - }; - - "chpu.eu" = { - group = "nginx"; - domain = "chpu.eu"; - extraDomainNames = ["*.chpu.eu"]; - dnsProvider = "porkbun"; - email = "mira@chpu.eu"; - environmentFile = "/root/porkbun-creds"; - }; - }; + defaults.email = cfg.email; + certs = genAttrs cfg.domains (domain: { + group = "nginx"; + domain = domain; + extraDomainNames = ["*.${domain}"]; + dnsProvider = "porkbun"; + email = cfg.email; + environmentFile = "/root/porkbun-creds"; + }); }; users.users.nginx.extraGroups = ["acme"]; @@ -38,22 +28,14 @@ in recommendedProxySettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; - virtualHosts = { - "chpu.eu" = { - serverName = "chpu.eu"; - useACMEHost = "chpu.eu"; - forceSSL = true; - }; - "twoneis.site" = { - serverName = "twoneis.site"; - useACMEHost = "twoneis.site"; - forceSSL = true; - }; - }; + virtualHosts = genAttrs cfg.domains (domain: { + serverName = domain; + useACMEHost = domain; + forceSSL = true; + }); }; networking.firewall.allowedTCPPorts = [ - 80 443 ]; } diff --git a/modules/niri/default.nix b/modules/niri/default.nix index 2451999..c34b1ca 100644 --- a/modules/niri/default.nix +++ b/modules/niri/default.nix @@ -5,22 +5,14 @@ ... }: let inherit (lib) mkIf; - inherit (config) conf; + inherit (config) conf theme; + cfg = config.conf.niri; in - mkIf conf.niri.enable { + mkIf cfg.enable { environment.sessionVariables = { NIXOS_OZONE_WL = "1"; }; - environment.systemPackages = [ - (pkgs.catppuccin-sddm.override { - flavor = "mocha"; - font = "Fira Code Nerd Font"; - background = "${./sddm.wallpaper.png}"; - loginBackground = true; - }) - ]; - services.greetd = { enable = true; settings = import ./greetd.nix { @@ -115,9 +107,9 @@ in defaultTimeout = 5000; maxVisible = 3; font = "AlegreyaSans"; - backgroundColor = config.theme.base; - borderColor = config.theme.muted; - textColor = config.theme.text; + backgroundColor = theme.base; + borderColor = theme.muted; + textColor = theme.text; borderSize = 1; borderRadius = 8; icons = false; diff --git a/modules/secureboot/default.nix b/modules/secureboot/default.nix index 21832cc..4805661 100644 --- a/modules/secureboot/default.nix +++ b/modules/secureboot/default.nix @@ -5,9 +5,9 @@ ... }: let inherit (lib) mkIf mkForce; - inherit (config) conf; + cfg = config.conf.secureboot; in - mkIf conf.secureboot.enable { + mkIf cfg.enable { environment.systemPackages = [pkgs.sbctl]; boot.loader.systemd-boot.enable = mkForce false; diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 6e1779a..3a4c535 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -5,8 +5,9 @@ }: let inherit (lib) mkIf; inherit (config) conf; + cfg = config.conf.ssh; in - mkIf conf.ssh.enable { + mkIf cfg.enable { services.openssh = { enable = true; settings = { diff --git a/modules/utils/default.nix b/modules/utils/default.nix index 5feac66..30a33bc 100644 --- a/modules/utils/default.nix +++ b/modules/utils/default.nix @@ -15,8 +15,6 @@ in { home.packages = with pkgs; [ man-pages man-pages-posix - tree - file ]; home.file = { @@ -47,11 +45,6 @@ in { }; }; - programs.gh = { - enable = true; - gitCredentialHelper.enable = true; - }; - programs.helix = { enable = true; defaultEditor = true; diff --git a/modules/vm/default.nix b/modules/vm/default.nix index 4225d25..df00719 100644 --- a/modules/vm/default.nix +++ b/modules/vm/default.nix @@ -6,8 +6,9 @@ }: let inherit (lib) mkIf; inherit (config) conf; + cfg = config.conf.vm; in - mkIf conf.vm.enable { + mkIf cfg.enable { virtualisation.libvirtd = { enable = true; qemu.vhostUserPackages = [pkgs.virtiofsd]; diff --git a/modules/website/default.nix b/modules/website/default.nix index 78d8324..7307b3e 100644 --- a/modules/website/default.nix +++ b/modules/website/default.nix @@ -4,14 +4,14 @@ ... }: let inherit (lib) mkIf; - inherit (config) conf; + cfg = config.conf.website; in - mkIf conf.website.enable { + mkIf cfg.enable { services.nginx.virtualHosts = { - "twoneis.site" = { + ${cfg.domain.full} = { default = true; - serverName = "twoneis.site"; - useACMEHost = "twoneis.site"; + serverName = cfg.domain.full; + useACMEHost = cfg.domain.base; forceSSL = true; root = "/var/lib/website/"; }; diff --git a/modules/yubikey/default.nix b/modules/yubikey/default.nix index e507939..b739080 100644 --- a/modules/yubikey/default.nix +++ b/modules/yubikey/default.nix @@ -6,10 +6,11 @@ }: let inherit (lib) mkMerge mkIf; inherit (config) conf; + cfg = config.conf.yubikey; in mkMerge [ (mkIf - conf.yubikey.enable + cfg.enable { services.udev.packages = [pkgs.yubikey-personalization]; services.pcscd.enable = true; @@ -24,7 +25,7 @@ in ]; }) (mkIf - conf.yubikey.login + cfg.login { security.pam.u2f = { enable = true; diff --git a/options.nix b/options.nix index d673c8c..46f8345 100644 --- a/options.nix +++ b/options.nix @@ -1,89 +1,257 @@ -{lib, ...}: let - inherit (lib) mkOption mkEnableOption; - inherit (lib.types) nullOr attrsOf str; +{ + config, + lib, + ... +}: let + inherit (lib) mkOption; + inherit (lib.types) nullOr attrsOf listOf enum str bool port; + inherit (config) conf; + inherit (config.conf) host; in { options = { conf = { - # Generally client options - apps.enable = mkEnableOption "Enable complete configuration for end-user machine."; - niri.enable = mkEnableOption "Enable niri compositor."; - vm.enable = mkEnableOption "Enable VM related configuration."; - containers.enable = mkEnableOption "Enable container support."; - games.enable = mkEnableOption "Enable games."; - secureboot.enable = mkEnableOption "Enable secure boot utilities (manual key-enrolling required)."; - extraLayout.enable = mkEnableOption "Enable additional custom layout."; - fonts.enable = mkEnableOption "Install and set preferred fonts."; - networkmanager.enable = mkEnableOption "Enable network manager and some related configuration."; - yubikey = { - enable = mkEnableOption "Enable support for yubikey."; - login = mkEnableOption "Enable login with yubikey, make sure ~/.config/Yubico/u2f_keys is set up."; + host = mkOption { + type = nullOr (enum ["server" "laptop" "desktop" "phone"]); + default = null; }; - # Generally server options - ssh.enable = mkEnableOption "Install my public key to allow accessing this machine via ssh."; - nginx.enable = mkEnableOption "Enable nginx. All the following options expect this to be enabled."; - mail.enable = mkEnableOption "Enable mail server."; - website.enable = mkEnableOption "Serve website through nginx."; - fedi.enable = mkEnableOption "Host a fedi server on this machine."; - matrix.enable = mkEnableOption "Host a matrix server on this machine."; - git.enable = mkEnableOption "Host a git server on this machine."; + niri = { + enable = mkOption { + type = bool; + default = host == "laptop" || host == "desktop"; + }; + }; + + vm = { + enable = mkOption { + type = bool; + default = false; + }; + }; + + containers = { + enable = mkOption { + type = bool; + default = false; + }; + }; + + games = { + enable = mkOption { + type = bool; + default = false; + }; + }; + + secureboot = { + enable = mkOption { + type = bool; + default = false; + }; + }; + + extraLayout = { + enable = mkOption { + type = bool; + default = true; + }; + }; + + fonts = { + enable = mkOption { + type = bool; + default = conf.host != "server"; + }; + }; + + networkmanager = { + enable = mkOption { + type = bool; + default = conf.host != "server"; + }; + }; + + yubikey = { + enable = mkOption { + type = bool; + default = conf.host != "server"; + }; + login = mkOption { + type = bool; + default = false; + }; + }; + + ssh = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + }; + + nginx = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domains = mkOption { + type = listOf str; + default = []; + }; + email = mkOption { + type = nullOr str; + default = null; + }; + }; + + email = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domain = mkOption { + type = nullOr str; + default = null; + }; + ports = { + smtp = mkOption { + type = nullOr port; + default = null; + }; + imaps = mkOption { + type = nullOr port; + default = null; + }; + smtps = mkOption { + type = nullOr port; + default = null; + }; + local = mkOption { + type = nullOr port; + default = null; + }; + }; + }; + + website = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domain = { + full = mkOption { + type = nullOr str; + default = null; + }; + base = mkOption { + type = nullOr str; + default = null; + }; + }; + }; + + fedi = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domain = { + full = mkOption { + type = nullOr str; + default = null; + }; + base = mkOption { + type = nullOr str; + default = null; + }; + }; + email = mkOption { + type = nullOr str; + default = null; + }; + }; + + matrix = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domain = { + full = mkOption { + type = nullOr str; + default = null; + }; + base = mkOption { + type = nullOr str; + default = null; + }; + }; + email = mkOption { + type = nullOr str; + default = null; + }; + }; + + git = { + enable = mkOption { + type = bool; + default = conf.host == "server"; + }; + domain = { + full = mkOption { + type = nullOr str; + default = null; + }; + base = mkOption { + type = nullOr str; + default = null; + }; + }; + ports = { + local = mkOption { + type = nullOr port; + default = null; + }; + }; + }; - # Mixed and more complex options username = mkOption { type = str; - description = "Username of the default user (single user setup)."; default = "twoneis"; - example = "anna"; }; stateVersion = mkOption { type = nullOr str; - description = "Nixos state version. Set to newest on first install and then don't change."; default = null; - example = "24.05"; }; hmStateVersion = mkOption { type = nullOr str; - description = "Home-Manager state version. Set to newest on first install and then don't change."; default = null; - example = "24.11"; }; - keys = mkOption { - type = attrsOf str; - description = - "Default key binds."; - default = { - up = "t"; - down = "n"; - left = "h"; - right = "s"; + keys = { + up = mkOption { + type = str; + default = "t"; }; - example = { - up = "k"; - down = "j"; - left = "h"; - right = "l"; + down = mkOption { + type = str; + default = "n"; }; - }; - }; - - device = { - disks = mkOption { - type = attrsOf str; - description = "A set of UUIDs of the partitions/lvms/... that can be used easily reused in the config. In this config boot and root are assumed to be always present."; - default = {}; - example = { - boot = "4672-C1A9"; - crypt = "747ae319-f189-44f5-9737-a42672e2c02d"; - root = "04255623-c061-4cf0-89fa-b3d8eb239d59"; + left = mkOption { + type = str; + default = "h"; + }; + right = mkOption { + type = str; + default = "s"; }; }; }; theme = mkOption { type = attrsOf str; - description = "Colors to be used for theming, the names and colors are from the rose-pine theme."; default = { base = "#191724"; surface = "#1f1d2e"; @@ -101,23 +269,6 @@ in { highlight-med = "#403d52"; highlight-high = "#524f67"; }; - example = { - base = "#191724"; - surface = "#1f1d2e"; - overlay = "#26233a"; - muted = "#6e6a86"; - subtle = "#908caa"; - text = "#e0def4"; - love = "#eb6f92"; - gold = "#f6c177"; - rose = "#ebbcba"; - pine = "#31748f"; - foam = "#9ccfd8"; - iris = "#c4a7e7"; - highlight-low = "#21202e"; - highlight-med = "#403d52"; - highlight-high = "#524f67"; - }; }; }; }