mira/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more stuff moved to options and some more consistency

Browse source
This commit is contained in:
twoneis 2025-03-09 14:52:03 +01:00
parent 6d9dbe38cb
commit 4ab970aea9
28 changed files with 394 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

64
devices/ellaca/options.nix
View file

@ -1,12 +1,60 @@
{...}: { {...}: let
email-domain = "chpu.eu";
web-domain = "twoneis.site";
in {
conf = { conf = {
ssh.enable = true; host = "server";
nginx.enable = true; nginx = {
mail.enable = true; # broken domains = [
website.enable = true; email-domain
fedi.enable = true; web-domain
matrix.enable = true; ];
git.enable = true; email = "mira@${email-domain}";
};
email = {
domain = email-domain;
ports = {
smtp = 25;
imaps = 993;
smtps = 465;
local = 9000;
};
};
website = {
domain = {
full = web-domain;
base = web-domain;
};
};
fedi = {
domain = {
full = "fedi.${web-domain}";
base = web-domain;
};
email = "akkoma@${email-domain}";
};
matrix = {
domain = {
full = "matrix.${web-domain}";
base = web-domain;
};
email = "matrix@${email-domain}";
};
git = {
domain = {
full = "git.${web-domain}";
base = web-domain;
};
ports = {
local = 3000;
};
};
stateVersion = "25.05"; stateVersion = "25.05";
hmStateVersion = "25.05"; hmStateVersion = "25.05";

8
devices/inkvine/options.nix
View file

@ -1,13 +1,7 @@
{...}: { {...}: {
conf = { conf = {
apps.enable = true; host = "laptop";
niri.enable = true;
extraLayout.enable = true;
fonts.enable = true;
secureboot.enable = true; secureboot.enable = true;
containers.enable = true;
networkmanager.enable = true;
yubikey.enable = true;
yubikey.login = true; yubikey.login = true;
stateVersion = "24.11"; stateVersion = "24.11";

12
modules/apps/android.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf;
inherit (config) conf;
in
mkIf conf.apps.enable {
programs.adb.enable = true;
users.users.${conf.username}.extraGroups = ["adbusers"];
}

5
modules/apps/default.nix
View file

@ -10,13 +10,12 @@ in {
imports = [ imports = [
./firefox.nix ./firefox.nix
./media.nix ./media.nix
./notes.nix
./programs.nix ./programs.nix
./themes.nix ./themes.nix
./android.nix
]; ];
config = mkIf conf.apps.enable { config = mkIf (conf.host
!= "server") {
# Audio # Audio
security.rtkit.enable = true; security.rtkit.enable = true;

2
modules/apps/firefox.nix
View file

@ -7,7 +7,7 @@
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
in in
mkIf conf.apps.enable { mkIf (conf.host != "server") {
home-manager.users.${conf.username} = { home-manager.users.${conf.username} = {
programs.firefox = { programs.firefox = {
enable = true; enable = true;

2
modules/apps/media.nix
View file

@ -7,7 +7,7 @@
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
in in
mkIf conf.apps.enable { mkIf (conf.host != "server") {
home-manager.users.${conf.username} = { home-manager.users.${conf.username} = {
home.packages = with pkgs; [ home.packages = with pkgs; [
loupe loupe

31
modules/apps/notes.nix
View file

@ -1,31 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkIf;
inherit (config) conf;
inherit (config.conf) keys;
in
mkIf conf.apps.enable {
home-manager.users.${conf.username} = {
home.packages = with pkgs; [
rnote
];
programs.sioyek = {
enable = true;
bindings = {
"move_up" = keys.up;
"move_down" = keys.down;
"move_left" = keys.left;
"move_right" = keys.right;
};
};
programs.fish.shellAbbrs = {
pdf = "sioyek";
};
};
}

2
modules/apps/programs.nix
View file

@ -13,7 +13,7 @@
exec = "alacritty -e ${pkgs.peaclock}/bin/peaclock"; exec = "alacritty -e ${pkgs.peaclock}/bin/peaclock";
}; };
in in
mkIf conf.apps.enable { mkIf (conf.host != "server") {
services = { services = {
# Needed for some features in nautilus such as auto-mounting and trash # Needed for some features in nautilus such as auto-mounting and trash
gvfs.enable = true; gvfs.enable = true;

2
modules/apps/themes.nix
View file

@ -7,7 +7,7 @@
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
in in
mkIf conf.apps.enable { mkIf (conf.host != "server") {
home-manager.users.${conf.username} = { home-manager.users.${conf.username} = {
home.packages = with pkgs; [ home.packages = with pkgs; [
adwaita-icon-theme adwaita-icon-theme

7
modules/containers/default.nix
View file

@ -1,17 +1,14 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; cfg = config.conf.containers;
in in
mkIf conf.containers.enable { mkIf cfg.enable {
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
}; };
environment.systemPackages = [pkgs.distrobox];
} }

4
modules/default.nix
View file

@ -4,6 +4,7 @@ in {
imports = [ imports = [
./apps ./apps
./containers ./containers
./email
./fedi ./fedi
./firewall ./firewall
./fonts ./fonts
@ -11,7 +12,6 @@ in {
./git ./git
./home ./home
./layout ./layout
./mail
./matrix ./matrix
./networking ./networking
./nginx ./nginx
@ -35,7 +35,7 @@ in {
users.users.${conf.username} = { users.users.${conf.username} = {
isNormalUser = true; isNormalUser = true;
description = conf.username; description = conf.username;
extraGroups = ["networkmanager" "wheel"]; extraGroups = ["wheel"];
}; };
system.stateVersion = conf.stateVersion; system.stateVersion = conf.stateVersion;

40
modules/mail/default.nix → modules/email/default.nix
View file

@ -3,24 +3,22 @@
lib, lib,
... ...
}: let }: let
inherit (config) conf;
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (lib.lists) forEach;
cfg = config.conf.email;
in in
mkIf conf.mail.enable { mkIf cfg.enable {
services.nginx = { services.nginx = {
virtualHosts."chpu.eu" = { virtualHosts.${cfg.domain} = {
serverName = "chpu.eu"; serverName = cfg.domain;
serverAliases = [ serverAliases =
"mail.chpu.eu" forEach ["mail" "webadmin" "autoconfig" "autodiscover"]
"webadmin.chpu.eu" (sub: "${sub}.${cfg.domain}");
"autoconfig.chpu.eu"
"autodiscover.chpu.eu"
];
forceSSL = true; forceSSL = true;
useACMEHost = "chpu.eu"; useACMEHost = cfg.domain;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:9090"; proxyPass = "http://localhost:${toString cfg.ports.local}";
}; };
}; };
}; };
@ -38,7 +36,7 @@ in
"authentication.fallback-admin.secret" "authentication.fallback-admin.secret"
]; ];
server = { server = {
hostname = "chpu.eu"; hostname = cfg.domain;
tls = { tls = {
enable = true; enable = true;
implicit = true; implicit = true;
@ -46,30 +44,30 @@ in
listener = { listener = {
smtp = { smtp = {
protocol = "smtp"; protocol = "smtp";
bind = ["[::]:25"]; bind = ["[::]:${toString cfg.ports.smtp}"];
}; };
imaps = { imaps = {
protocol = "imap"; protocol = "imap";
bind = ["[::]:993"]; bind = ["[::]:${toString cfg.ports.imaps}"];
}; };
submissions = { submissions = {
protocol = "smtp"; protocol = "smtp";
bind = ["[::]:465"]; bind = ["[::]:${toString cfg.ports.smtps}"];
}; };
management = { management = {
protocol = "http"; protocol = "http";
bind = "127.0.0.1:9090"; bind = "127.0.0.1:${toString cfg.ports.local}";
}; };
}; };
}; };
lookup.default = { lookup.default = {
hostname = "chpu.eu"; hostname = cfg.domain;
domain = "chpu.eu"; domain = cfg.domain;
}; };
certificate.default = { certificate.default = {
default = true; default = true;
cert = "%{file:/var/lib/acme/chpu.eu/cert.pem}%"; cert = "%{file:/var/lib/acme/${cfg.domain}/cert.pem}%";
private-key = "%{file:/var/lib/acme/chpu.eu/key.pem}%"; private-key = "%{file:/var/lib/acme/${cfg.domain}/key.pem}%";
}; };
storage = { storage = {
data = "db"; data = "db";

15
modules/fedi/default.nix
View file

@ -5,8 +5,9 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf;
inherit ((pkgs.formats.elixirConf {}).lib) mkMap; inherit ((pkgs.formats.elixirConf {}).lib) mkMap;
cfg = config.conf.fedi;
akkoma-fe = pkgs.callPackage ./akkoma-fe.nix {}; akkoma-fe = pkgs.callPackage ./akkoma-fe.nix {};
neocat = pkgs.callPackage ./neocat.nix {}; neocat = pkgs.callPackage ./neocat.nix {};
neofox = pkgs.callPackage ./neofox.nix {}; neofox = pkgs.callPackage ./neofox.nix {};
@ -15,7 +16,7 @@
blobhajFlags = pkgs.callPackage ./blobhajFlags.nix {}; blobhajFlags = pkgs.callPackage ./blobhajFlags.nix {};
favicon = pkgs.callPackage ./favicon.nix {}; favicon = pkgs.callPackage ./favicon.nix {};
in in
mkIf conf.fedi.enable { mkIf cfg.enable {
services.akkoma = { services.akkoma = {
enable = true; enable = true;
frontends.primary = { frontends.primary = {
@ -28,7 +29,7 @@ in
":instance" = { ":instance" = {
name = "miras fedi"; name = "miras fedi";
description = "miras akkoma instance"; description = "miras akkoma instance";
email = "akkoma@chpu.eu"; email = cfg.email;
registration_open = false; registration_open = false;
}; };
@ -45,11 +46,11 @@ in
}; };
"Pleroma.Web.Endpoint" = { "Pleroma.Web.Endpoint" = {
url.host = "fedi.twoneis.site"; url.host = cfg.domain.full;
}; };
"Pleroma.Upload" = { "Pleroma.Upload" = {
base_url = "https://fedi.twoneis.site/media/"; base_url = "https://${cfg.domain.full}/media/";
}; };
}; };
}; };
@ -66,8 +67,8 @@ in
}; };
nginx = { nginx = {
serverName = "fedi.twoneis.site"; serverName = cfg.domain.full;
useACMEHost = "twoneis.site"; useACMEHost = cfg.domain.base;
forceSSL = true; forceSSL = true;
}; };
}; };

4
modules/fonts/default.nix
View file

@ -5,9 +5,9 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; cfg = config.conf.fonts;
in in
mkIf conf.fonts.enable { mkIf cfg.enable {
fonts = { fonts = {
packages = with pkgs; [ packages = with pkgs; [
alegreya alegreya

3
modules/games/default.nix
View file

@ -6,6 +6,7 @@
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
cfg = config.conf.games;
mkXwlWrapper = import ../niri/xwl-wrapper.nix; mkXwlWrapper = import ../niri/xwl-wrapper.nix;
holo-script = pkgs.writeShellApplication { holo-script = pkgs.writeShellApplication {
name = "holo-script"; name = "holo-script";
@ -25,7 +26,7 @@
pkg = "steam"; pkg = "steam";
}; };
in in
mkIf conf.games.enable { mkIf cfg.enable {
programs.steam.enable = true; programs.steam.enable = true;
programs.gamescope.enable = true; programs.gamescope.enable = true;
programs.gamemode.enable = true; programs.gamemode.enable = true;

21
modules/git/default.nix
View file

@ -4,21 +4,18 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; cfg = config.conf.git;
cfg = config.services.forgejo.settings.server;
in in
mkIf conf.git.enable { mkIf cfg.enable {
services = { services = {
nginx = { nginx = {
virtualHosts.${cfg.DOMAIN} = { virtualHosts.${cfg.domain.full} = {
serverName = cfg.domain.full;
useACMEHost = cfg.domain.base;
forceSSL = true; forceSSL = true;
useACMEHost = "twoneis.site";
extraConfig = ''
client_max_body_size 512M;
'';
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:${toString cfg.HTTP_PORT}"; proxyPass = "http://localhost:${toString cfg.ports.local}";
}; };
}; };
}; };
@ -33,9 +30,9 @@ in
lfs.enable = true; lfs.enable = true;
settings = { settings = {
server = { server = {
DOMAIN = "git.twoneis.site"; DOMAIN = cfg.domain.full;
ROOT_URL = "https://${cfg.DOMAIN}"; ROOT_URL = "https://${cfg.domain.full}";
HTTP_PORT = 3000; HTTP_PORT = cfg.ports.local;
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
actions = { actions = {

4
modules/layout/default.nix
View file

@ -4,9 +4,9 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config.conf) extraLayout; cfg = config.conf.extraLayout;
in in
mkIf extraLayout.enable { mkIf cfg.enable {
services.xserver.xkb = { services.xserver.xkb = {
layout = "custom,us"; layout = "custom,us";
options = "compose:ralt"; options = "compose:ralt";

58
modules/matrix/default.nix
View file

@ -3,55 +3,35 @@
lib, lib,
... ...
}: let }: let
inherit (config) conf;
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (lib.attrsets) genAttrs;
cfg = config.conf.matrix;
in in
mkIf conf.matrix.enable { mkIf cfg.enable {
services.nginx.virtualHosts = { services.nginx.virtualHosts = genAttrs [cfg.domain.base cfg.domain.full] (domain: {
"twoneis.site" = { serverName = domain;
serverName = "twoneis.site"; useACMEHost = cfg.domain.base;
useACMEHost = "twoneis.site"; forceSSL = true;
forceSSL = true; locations = {
locations = { "/.well-known/matrix/server" = {
"/.well-known/matrix/server" = { return = "200 '{\"m.server\": \"${cfg.domain.full}:443\"}'";
return = "200 '{\"m.server\": \"matrix.twoneis.site:443\"}'"; };
}; "/.well-known/matrix/client" = {
"/.well-known/matrix/client" = { return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${cfg.domain.full}\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://${cfg.domain.full}\"}}'";
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.twoneis.site\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.twoneis.site\"}}'"; };
}; "/.well-known/matrix/support" = {
"/.well-known/matrix/support" = { return = "200 '{\"contacts\": [{\"matrix_id\": \"@admin:${cfg.domain.full}\", \"email_address\": \"${cfg.email}\", \"role\": \"m.role.admin\"}]}'";
return = "200 '{\"contacts\": [{\"matrix_id\": \"@mira:twoneis.site\", \"email_address\": \"matrix@chpu.eu\", \"role\": \"m.role.admin\"}]}'";
};
}; };
}; };
"matrix.twoneis.site" = { });
serverName = "matrix.twoneis.site";
forceSSL = true;
useACMEHost = "twoneis.site";
locations = {
"/" = {
proxyPass = "http://localhost:6167";
};
"/.well-known/matrix/server" = {
return = "200 '{\"m.server\": \"matrix.twoneis.site:443\"}'";
};
"/.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.twoneis.site\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.twoneis.site\"}}'";
};
"/.well-known/matrix/support" = {
return = "200 '{\"contacts\": [{\"matrix_id\": \"@mira:twoneis.site\", \"email_address\": \"matrix@chpu.eu\", \"role\": \"m.role.admin\"}]}'";
};
};
};
};
services.conduwuit = { services.conduwuit = {
enable = true; enable = true;
settings.global = { settings.global = {
server_name = "matrix.twoneis.site"; server_name = cfg.domain.full;
allow_registration = false; allow_registration = false;
}; };
}; };
networking.firewall.allowedTCPPorts = [443 8448]; networking.firewall.allowedTCPPorts = [8448];
} }

5
modules/networking/default.nix
View file

@ -6,8 +6,11 @@
}: let }: let
inherit (config) conf; inherit (config) conf;
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.conf.networkmanager;
in in
mkIf conf.networkmanager.enable { mkIf cfg.enable {
users.users.${conf.username}.extraGroups = ["networkmanager"];
home-manager.users.${conf.username}.home.packages = [pkgs.networkmanagerapplet]; home-manager.users.${conf.username}.home.packages = [pkgs.networkmanagerapplet];
networking = { networking = {
networkmanager = { networkmanager = {

52
modules/nginx/default.nix
View file

@ -3,32 +3,22 @@
lib, lib,
... ...
}: let }: let
inherit (config) conf;
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (lib.attrsets) genAttrs;
cfg = config.conf.nginx;
in in
mkIf conf.nginx.enable { mkIf cfg.enable {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "mira@chpu.eu"; defaults.email = cfg.email;
certs = { certs = genAttrs cfg.domains (domain: {
"twoneis.site" = { group = "nginx";
group = "nginx"; domain = domain;
domain = "twoneis.site"; extraDomainNames = ["*.${domain}"];
extraDomainNames = ["*.twoneis.site"]; dnsProvider = "porkbun";
dnsProvider = "porkbun"; email = cfg.email;
email = "mira@chpu.eu"; environmentFile = "/root/porkbun-creds";
environmentFile = "/root/porkbun-creds"; });
};
"chpu.eu" = {
group = "nginx";
domain = "chpu.eu";
extraDomainNames = ["*.chpu.eu"];
dnsProvider = "porkbun";
email = "mira@chpu.eu";
environmentFile = "/root/porkbun-creds";
};
};
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = ["acme"];
@ -38,22 +28,14 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = genAttrs cfg.domains (domain: {
"chpu.eu" = { serverName = domain;
serverName = "chpu.eu"; useACMEHost = domain;
useACMEHost = "chpu.eu"; forceSSL = true;
forceSSL = true; });
};
"twoneis.site" = {
serverName = "twoneis.site";
useACMEHost = "twoneis.site";
forceSSL = true;
};
};
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80
443 443
]; ];
} }

20
modules/niri/default.nix
View file

@ -5,22 +5,14 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf theme;
cfg = config.conf.niri;
in in
mkIf conf.niri.enable { mkIf cfg.enable {
environment.sessionVariables = { environment.sessionVariables = {
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
}; };
environment.systemPackages = [
(pkgs.catppuccin-sddm.override {
flavor = "mocha";
font = "Fira Code Nerd Font";
background = "${./sddm.wallpaper.png}";
loginBackground = true;
})
];
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = import ./greetd.nix { settings = import ./greetd.nix {
@ -115,9 +107,9 @@ in
defaultTimeout = 5000; defaultTimeout = 5000;
maxVisible = 3; maxVisible = 3;
font = "AlegreyaSans"; font = "AlegreyaSans";
backgroundColor = config.theme.base; backgroundColor = theme.base;
borderColor = config.theme.muted; borderColor = theme.muted;
textColor = config.theme.text; textColor = theme.text;
borderSize = 1; borderSize = 1;
borderRadius = 8; borderRadius = 8;
icons = false; icons = false;

4
modules/secureboot/default.nix
View file

@ -5,9 +5,9 @@
... ...
}: let }: let
inherit (lib) mkIf mkForce; inherit (lib) mkIf mkForce;
inherit (config) conf; cfg = config.conf.secureboot;
in in
mkIf conf.secureboot.enable { mkIf cfg.enable {
environment.systemPackages = [pkgs.sbctl]; environment.systemPackages = [pkgs.sbctl];
boot.loader.systemd-boot.enable = mkForce false; boot.loader.systemd-boot.enable = mkForce false;

3
modules/ssh/default.nix
View file

@ -5,8 +5,9 @@
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
cfg = config.conf.ssh;
in in
mkIf conf.ssh.enable { mkIf cfg.enable {
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {

7
modules/utils/default.nix
View file

@ -15,8 +15,6 @@ in {
home.packages = with pkgs; [ home.packages = with pkgs; [
man-pages man-pages
man-pages-posix man-pages-posix
tree
file
]; ];
home.file = { home.file = {
@ -47,11 +45,6 @@ in {
}; };
}; };
programs.gh = {
enable = true;
gitCredentialHelper.enable = true;
};
programs.helix = { programs.helix = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;

3
modules/vm/default.nix
View file

@ -6,8 +6,9 @@
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; inherit (config) conf;
cfg = config.conf.vm;
in in
mkIf conf.vm.enable { mkIf cfg.enable {
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
qemu.vhostUserPackages = [pkgs.virtiofsd]; qemu.vhostUserPackages = [pkgs.virtiofsd];

10
modules/website/default.nix
View file

@ -4,14 +4,14 @@
... ...
}: let }: let
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (config) conf; cfg = config.conf.website;
in in
mkIf conf.website.enable { mkIf cfg.enable {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"twoneis.site" = { ${cfg.domain.full} = {
default = true; default = true;
serverName = "twoneis.site"; serverName = cfg.domain.full;
useACMEHost = "twoneis.site"; useACMEHost = cfg.domain.base;
forceSSL = true; forceSSL = true;
root = "/var/lib/website/"; root = "/var/lib/website/";
}; };

5
modules/yubikey/default.nix
View file

@ -6,10 +6,11 @@
}: let }: let
inherit (lib) mkMerge mkIf; inherit (lib) mkMerge mkIf;
inherit (config) conf; inherit (config) conf;
cfg = config.conf.yubikey;
in in
mkMerge [ mkMerge [
(mkIf (mkIf
conf.yubikey.enable cfg.enable
{ {
services.udev.packages = [pkgs.yubikey-personalization]; services.udev.packages = [pkgs.yubikey-personalization];
services.pcscd.enable = true; services.pcscd.enable = true;
@ -24,7 +25,7 @@ in
]; ];
}) })
(mkIf (mkIf
conf.yubikey.login cfg.login
{ {
security.pam.u2f = { security.pam.u2f = {
enable = true; enable = true;

299
options.nix
View file

@ -1,89 +1,257 @@
{lib, ...}: let {
inherit (lib) mkOption mkEnableOption; config,
inherit (lib.types) nullOr attrsOf str; lib,
...
}: let
inherit (lib) mkOption;
inherit (lib.types) nullOr attrsOf listOf enum str bool port;
inherit (config) conf;
inherit (config.conf) host;
in { in {
options = { options = {
conf = { conf = {
# Generally client options host = mkOption {
apps.enable = mkEnableOption "Enable complete configuration for end-user machine."; type = nullOr (enum ["server" "laptop" "desktop" "phone"]);
niri.enable = mkEnableOption "Enable niri compositor."; default = null;
vm.enable = mkEnableOption "Enable VM related configuration.";
containers.enable = mkEnableOption "Enable container support.";
games.enable = mkEnableOption "Enable games.";
secureboot.enable = mkEnableOption "Enable secure boot utilities (manual key-enrolling required).";
extraLayout.enable = mkEnableOption "Enable additional custom layout.";
fonts.enable = mkEnableOption "Install and set preferred fonts.";
networkmanager.enable = mkEnableOption "Enable network manager and some related configuration.";
yubikey = {
enable = mkEnableOption "Enable support for yubikey.";
login = mkEnableOption "Enable login with yubikey, make sure ~/.config/Yubico/u2f_keys is set up.";
}; };
# Generally server options niri = {
ssh.enable = mkEnableOption "Install my public key to allow accessing this machine via ssh."; enable = mkOption {
nginx.enable = mkEnableOption "Enable nginx. All the following options expect this to be enabled."; type = bool;
mail.enable = mkEnableOption "Enable mail server."; default = host == "laptop" || host == "desktop";
website.enable = mkEnableOption "Serve website through nginx."; };
fedi.enable = mkEnableOption "Host a fedi server on this machine."; };
matrix.enable = mkEnableOption "Host a matrix server on this machine.";
git.enable = mkEnableOption "Host a git server on this machine."; vm = {
enable = mkOption {
type = bool;
default = false;
};
};
containers = {
enable = mkOption {
type = bool;
default = false;
};
};
games = {
enable = mkOption {
type = bool;
default = false;
};
};
secureboot = {
enable = mkOption {
type = bool;
default = false;
};
};
extraLayout = {
enable = mkOption {
type = bool;
default = true;
};
};
fonts = {
enable = mkOption {
type = bool;
default = conf.host != "server";
};
};
networkmanager = {
enable = mkOption {
type = bool;
default = conf.host != "server";
};
};
yubikey = {
enable = mkOption {
type = bool;
default = conf.host != "server";
};
login = mkOption {
type = bool;
default = false;
};
};
ssh = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
};
nginx = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domains = mkOption {
type = listOf str;
default = [];
};
email = mkOption {
type = nullOr str;
default = null;
};
};
email = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domain = mkOption {
type = nullOr str;
default = null;
};
ports = {
smtp = mkOption {
type = nullOr port;
default = null;
};
imaps = mkOption {
type = nullOr port;
default = null;
};
smtps = mkOption {
type = nullOr port;
default = null;
};
local = mkOption {
type = nullOr port;
default = null;
};
};
};
website = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domain = {
full = mkOption {
type = nullOr str;
default = null;
};
base = mkOption {
type = nullOr str;
default = null;
};
};
};
fedi = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domain = {
full = mkOption {
type = nullOr str;
default = null;
};
base = mkOption {
type = nullOr str;
default = null;
};
};
email = mkOption {
type = nullOr str;
default = null;
};
};
matrix = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domain = {
full = mkOption {
type = nullOr str;
default = null;
};
base = mkOption {
type = nullOr str;
default = null;
};
};
email = mkOption {
type = nullOr str;
default = null;
};
};
git = {
enable = mkOption {
type = bool;
default = conf.host == "server";
};
domain = {
full = mkOption {
type = nullOr str;
default = null;
};
base = mkOption {
type = nullOr str;
default = null;
};
};
ports = {
local = mkOption {
type = nullOr port;
default = null;
};
};
};
# Mixed and more complex options
username = mkOption { username = mkOption {
type = str; type = str;
description = "Username of the default user (single user setup).";
default = "twoneis"; default = "twoneis";
example = "anna";
}; };
stateVersion = mkOption { stateVersion = mkOption {
type = nullOr str; type = nullOr str;
description = "Nixos state version. Set to newest on first install and then don't change.";
default = null; default = null;
example = "24.05";
}; };
hmStateVersion = mkOption { hmStateVersion = mkOption {
type = nullOr str; type = nullOr str;
description = "Home-Manager state version. Set to newest on first install and then don't change.";
default = null; default = null;
example = "24.11";
}; };
keys = mkOption { keys = {
type = attrsOf str; up = mkOption {
description = - "Default key binds."; type = str;
default = { default = "t";
up = "t";
down = "n";
left = "h";
right = "s";
}; };
example = { down = mkOption {
up = "k"; type = str;
down = "j"; default = "n";
left = "h";
right = "l";
}; };
}; left = mkOption {
}; type = str;
default = "h";
device = { };
disks = mkOption { right = mkOption {
type = attrsOf str; type = str;
description = "A set of UUIDs of the partitions/lvms/... that can be used easily reused in the config. In this config boot and root are assumed to be always present."; default = "s";
default = {};
example = {
boot = "4672-C1A9";
crypt = "747ae319-f189-44f5-9737-a42672e2c02d";
root = "04255623-c061-4cf0-89fa-b3d8eb239d59";
}; };
}; };
}; };
theme = mkOption { theme = mkOption {
type = attrsOf str; type = attrsOf str;
description = "Colors to be used for theming, the names and colors are from the rose-pine theme.";
default = { default = {
base = "#191724"; base = "#191724";
surface = "#1f1d2e"; surface = "#1f1d2e";
@ -101,23 +269,6 @@ in {
highlight-med = "#403d52"; highlight-med = "#403d52";
highlight-high = "#524f67"; highlight-high = "#524f67";
}; };
example = {
base = "#191724";
surface = "#1f1d2e";
overlay = "#26233a";
muted = "#6e6a86";
subtle = "#908caa";
text = "#e0def4";
love = "#eb6f92";
gold = "#f6c177";
rose = "#ebbcba";
pine = "#31748f";
foam = "#9ccfd8";
iris = "#c4a7e7";
highlight-low = "#21202e";
highlight-med = "#403d52";
highlight-high = "#524f67";
};
}; };
}; };
} }