From 62b68a333ff2d4742c20b8971d9416836ff7ec2a Mon Sep 17 00:00:00 2001 From: Kabbone Date: Sat, 25 Apr 2026 10:20:16 +0200 Subject: [PATCH] create users desktop module --- hosts/default.nix | 8 +- hosts/desktop/default.nix | 128 +++----- hosts/desktop/home.nix | 57 ++-- hosts/lifebook/default.nix | 130 +++----- hosts/lifebook/home.nix | 54 ++-- modules/desktop/default.nix | 583 ++++++++++++++++++++++++++++++++++++ modules/shell/git.nix | 4 +- 7 files changed, 704 insertions(+), 260 deletions(-) create mode 100644 modules/desktop/default.nix diff --git a/hosts/default.nix b/hosts/default.nix index 9661c9d..cd1ad54 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -60,8 +60,8 @@ in agenix.nixosModules.default microvm.nixosModules.host lanzaboote.nixosModules.lanzaboote - ./desktop - ./configuration_desktop.nix + ./desktop # myDesktop options set inside + ./configuration_common.nix ../modules/hardware/remoteBuilder.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd @@ -75,8 +75,8 @@ in modules = [ agenix.nixosModules.default lanzaboote.nixosModules.lanzaboote - ./lifebook - ./configuration_desktop.nix + ./lifebook # myDesktop options set inside + ./configuration_common.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd ] ++ (mkHM home-manager [ ./home.nix ./lifebook/home.nix ]); diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index f665330..1b95c9b 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -1,104 +1,50 @@ # -# Specific system configuration settings for desktop -# -# flake.nix -# ├─ ./hosts -# │ └─ ./laptop -# │ ├─ default.nix * -# │ └─ hardware-configuration.nix -# └─ ./modules -# ├─ ./desktop -# │ └─ ./hyprland -# │ └─ hyprland.nix -# ├─ ./modules -# │ └─ ./programs -# │ └─ waybar.nix -# └─ ./hardware -# └─ default.nix +# Hades desktop — system configuration # -{ inputs, lib, config, pkgs, user, nixpkgs, pkgs-kabbone, ... }: +{ lib, pkgs, pkgs-kabbone, ... }: { - imports = # For now, if applying to other system, swap files - [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix - [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager - (import ../../modules/wm/virtualisation) ++ # libvirt + Docker - [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options - #[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum - (import ../../modules/hardware); # Hardware devices + imports = [ + ./hardware-configuration.nix + ../../modules/desktop + ]; - boot = { # Boot options + # ── Desktop module options ────────────────────────────────────────────── + myDesktop.windowManager = "niri"; + myDesktop.cpu = "amd"; + myDesktop.virtualisation.enable = true; + + myDesktop.openrgb.enable = true; + myDesktop.openrgb.motherboard = "amd"; + + myDesktop.syncthing.enable = true; + myDesktop.syncthing.devices = { + "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; + "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; }; + }; + myDesktop.syncthing.folders = { + "Sync" = { + path = "/home/kabbone/Sync"; + devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; + ignorePerms = false; + }; + }; + + # ── Host-specific settings ────────────────────────────────────────────── + boot = { kernelPackages = pkgs.linuxPackages_latest; - - loader = { # EFI Boot - systemd-boot.enable = lib.mkForce false; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - timeout = 1; # Grub auto select time + loader = { + systemd-boot.enable = lib.mkForce false; + efi.canTouchEfiVariables = true; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; + enable = true; + pkiBundle = "/etc/secureboot"; }; }; -# hardware.sane = { # Used for scanning with Xsane -# enable = false; -# extraBackends = [ pkgs.sane-airscan ]; -# }; -# hardware = { -# nitrokey.enable = true; -# }; - - environment = { - systemPackages = [ - pkgs.linux-firmware - #pkgs-kabbone.corosync-qdevice - ]; - }; - - services = { - #auto-cpufreq.enable = true; - blueman.enable = true; - avahi = { # Needed to find wireless printer - enable = true; - nssmdns4 = true; - publish = { # Needed for detecting the scanner - enable = true; - addresses = true; - userServices = true; - }; - }; - hardware.openrgb = { - enable = true; - motherboard = "amd"; - }; - syncthing = { - enable = true; - group = "users"; - user = "kabbone"; - dataDir = "/home/${config.services.syncthing.user}/Sync"; - configDir = "/home/${config.services.syncthing.user}/.config/syncthing"; - overrideDevices = true; # overrides any devices added or deleted through the WebUI - overrideFolders = true; # overrides any folders added or deleted through the WebUI - openDefaultPorts = true; - settings = { - devices = { - "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; - "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; }; - }; - folders = { - "Sync" = { # Name of folder in Syncthing, also the folder ID - path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing - devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with - ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. - }; - }; - }; - }; - }; + environment.systemPackages = [ pkgs.linux-firmware ]; } diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index e0516fc..af426c8 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -1,52 +1,29 @@ # -# Home-manager configuration for laptop -# -# flake.nix -# ├─ ./hosts -# │ └─ ./laptop -# │ └─ home.nix * -# └─ ./modules -# └─ ./desktop -# └─ ./hyprland -# └─ hyprland.nix +# Hades desktop — home-manager host-specific additions +# (WM home config is loaded by modules/desktop based on myDesktop.windowManager) # { pkgs, ... }: { - imports = - [ - #../../modules/wm/hyprland/home.nix # Window Manager - ../../modules/wm/niri/home.nix # Window Manager - ../../modules/home.nix # Window Manager - ]; + imports = [ + ../../modules/home.nix # cmds / theme options + ]; - home = { # Specific packages for laptop - packages = with pkgs; [ - # Applications - #freecad # Office packages - #firefox - chromium - thunderbird - streamlink - streamlink-twitch-gui-bin - #nheko - pulsemixer - #yubioath-flutter - nitrokey-app - kicad + home.packages = with pkgs; [ + chromium + thunderbird + streamlink + streamlink-twitch-gui-bin + pulsemixer + nitrokey-app + kicad + ]; - # Power Management - #auto-cpufreq # Power management - #tlp # Power management - ]; - }; - - services = { # Applets - blueman-applet.enable = true; # Bluetooth - network-manager-applet.enable = true; # Network + services = { + blueman-applet.enable = true; + network-manager-applet.enable = true; }; xsession.preferStatusNotifierItems = true; - } diff --git a/hosts/lifebook/default.nix b/hosts/lifebook/default.nix index 2988b2c..23a4002 100644 --- a/hosts/lifebook/default.nix +++ b/hosts/lifebook/default.nix @@ -1,99 +1,57 @@ # -# Specific system configuration settings for desktop -# -# flake.nix -# ├─ ./hosts -# │ └─ ./laptop -# │ ├─ default.nix * -# │ └─ hardware-configuration.nix -# └─ ./modules -# ├─ ./desktop -# │ └─ ./hyprland -# │ └─ hyprland.nix -# ├─ ./modules -# │ └─ ./programs -# │ └─ waybar.nix -# └─ ./hardware -# └─ default.nix +# Lifebook laptop — system configuration # -{ inputs, lib, config, pkgs, user, ... }: +{ lib, pkgs, ... }: { - imports = # For now, if applying to other system, swap files - [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix - [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager - (import ../../modules/wm/virtualisation) ++ # libvirt + Docker - [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options - (import ../../modules/hardware); # Hardware devices + imports = [ + ./hardware-configuration.nix + ../../modules/desktop + ]; - boot = { # Boot options - kernelPackages = pkgs.linuxPackages_latest; - initrd.prepend = [ "${./patched-SSDT4}" ]; + # ── Desktop module options ────────────────────────────────────────────── + myDesktop.windowManager = "niri"; + myDesktop.cpu = "intel"; + myDesktop.virtualisation.enable = true; - loader = { # EFI Boot - systemd-boot.enable = lib.mkForce false; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - timeout = 1; # Grub auto select time + myDesktop.laptop.enable = true; + myDesktop.laptop.lidSwitch = "suspend-then-hibernate"; + myDesktop.laptop.hibernateDelaySec = "1h"; + + myDesktop.nitrokey.enable = true; + + myDesktop.syncthing.enable = true; + myDesktop.syncthing.devices = { + "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; + "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; }; + }; + myDesktop.syncthing.folders = { + "Sync" = { + path = "/home/kabbone/Sync"; + devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; + ignorePerms = false; }; + }; + myDesktop.extraSystemPackages = with pkgs; [ + intel-media-driver + intel-compute-runtime + ]; + + # ── Host-specific settings ────────────────────────────────────────────── + boot = { + kernelPackages = pkgs.linuxPackages_latest; + initrd.prepend = [ "${./patched-SSDT4}" ]; + loader = { + systemd-boot.enable = lib.mkForce false; + efi.canTouchEfiVariables = true; + efi.efiSysMountPoint = "/boot"; + timeout = 1; + }; lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - }; - - hardware = { - nitrokey.enable = true; - }; - - environment = { - systemPackages = with pkgs; [ - linux-firmware - intel-media-driver - intel-compute-runtime - ]; - }; - - systemd.sleep.extraConfig = "HibernateDelaySec=1h"; - services = { - logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed - blueman.enable = true; - avahi = { # Needed to find wireless printer - enable = true; - nssmdns4 = true; - publish = { # Needed for detecting the scanner - enable = true; - addresses = true; - userServices = true; - }; - }; - #tailscale.enable = true; - syncthing = { - enable = true; - group = "users"; - user = "kabbone"; - dataDir = "/home/${config.services.syncthing.user}/Sync"; - configDir = "/home/${config.services.syncthing.user}/.config/syncthing"; - overrideDevices = true; # overrides any devices added or deleted through the WebUI - overrideFolders = true; # overrides any folders added or deleted through the WebUI - openDefaultPorts = true; - settings = { - devices = { - "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; - "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; }; - }; - folders = { - "Sync" = { # Name of folder in Syncthing, also the folder ID - path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing - devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; # Which devices to share the folder with - ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. - }; - }; - }; + enable = true; + pkiBundle = "/etc/secureboot"; }; }; } diff --git a/hosts/lifebook/home.nix b/hosts/lifebook/home.nix index 406e926..6bb5504 100644 --- a/hosts/lifebook/home.nix +++ b/hosts/lifebook/home.nix @@ -1,49 +1,29 @@ # -# Home-manager configuration for laptop -# -# flake.nix -# ├─ ./hosts -# │ └─ ./laptop -# │ └─ home.nix * -# └─ ./modules -# └─ ./desktop -# └─ ./hyprland -# └─ hyprland.nix +# Lifebook laptop — home-manager host-specific additions +# (WM home config is loaded by modules/desktop based on myDesktop.windowManager) # { pkgs, ... }: { - imports = - [ - #../../modules/wm/hyprland/home.nix # Window Manager - ../../modules/wm/niri/home.nix # Window Manager - ../../modules/home.nix # Window Manager - ]; + imports = [ + ../../modules/home.nix # cmds / theme options + ]; - home = { # Specific packages for laptop - packages = with pkgs; [ - # Applications - libreoffice # Office packages - #firefox - chromium - thunderbird - streamlink - streamlink-twitch-gui-bin - intel-gpu-tools - pulsemixer - - # Power Management - #auto-cpufreq # Power management - #tlp # Power management - ]; - }; + home.packages = with pkgs; [ + libreoffice + chromium + thunderbird + streamlink + streamlink-twitch-gui-bin + intel-gpu-tools + pulsemixer + ]; - services = { # Applets - blueman-applet.enable = true; # Bluetooth - network-manager-applet.enable = true; # Network + services = { + blueman-applet.enable = true; + network-manager-applet.enable = true; }; xsession.preferStatusNotifierItems = true; - } diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix new file mode 100644 index 0000000..0cc1744 --- /dev/null +++ b/modules/desktop/default.nix @@ -0,0 +1,583 @@ +# +# Desktop module — import this instead of manual WM/virtualisation imports. +# +# Usage in hosts//default.nix: +# +# imports = [ +# ./hardware-configuration.nix +# ../../modules/desktop +# ]; +# +# myDesktop.windowManager = "niri"; # niri (default) | hyprland | sway | kde | gnome +# myDesktop.cpu = "amd"; # amd | intel | none (default) +# +# myDesktop.virtualisation.enable = true; +# +# myDesktop.syncthing.enable = true; +# myDesktop.syncthing.devices = { "jupiter.home.example.de" = { id = "XXXXX-..."; }; }; +# myDesktop.syncthing.folders = { "Sync" = { path = "/home/user/Sync"; devices = [...]; }; }; +# +# myDesktop.openrgb.enable = true; +# myDesktop.openrgb.motherboard = "amd"; # or "intel" +# +# myDesktop.laptop.enable = true; +# myDesktop.laptop.lidSwitch = "suspend-then-hibernate"; +# myDesktop.laptop.hibernateDelaySec = "1h"; +# +# myDesktop.nitrokey.enable = true; +# +# myDesktop.extraSystemPackages = with pkgs; [ some-tool ]; +# + +{ config, lib, pkgs, pkgs-stable, inputs, user, ... }: + +let + cfg = config.myDesktop; +in +{ + # Hardware modules that are always useful on desktops (bluetooth, …) + imports = (import ../hardware); + + # ── Options ────────────────────────────────────────────────────────────── + + options.myDesktop = with lib; { + + windowManager = mkOption { + type = types.enum [ "niri" "hyprland" "sway" "kde" "gnome" ]; + default = "niri"; + description = "Window manager / desktop environment for this host."; + }; + + cpu = mkOption { + type = types.enum [ "amd" "intel" "none" ]; + default = "none"; + description = "CPU type — selects the matching KVM kernel parameters."; + }; + + virtualisation.enable = + mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)"; + + syncthing = { + enable = mkEnableOption "syncthing continuous file synchronisation"; + devices = mkOption { + type = types.attrs; + default = {}; + example = literalExpression + ''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }''; + description = "Syncthing peer devices."; + }; + folders = mkOption { + type = types.attrs; + default = {}; + example = literalExpression + ''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }''; + description = "Syncthing shared folders."; + }; + }; + + openrgb = { + enable = mkEnableOption "OpenRGB RGB motherboard control"; + motherboard = mkOption { + type = types.str; + default = "amd"; + description = "Motherboard vendor string passed to OpenRGB (amd or intel)."; + }; + }; + + laptop = { + enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)"; + lidSwitch = mkOption { + type = types.str; + default = "suspend-then-hibernate"; + description = "systemd-logind action on lid close."; + }; + hibernateDelaySec = mkOption { + type = types.str; + default = "1h"; + description = "Delay before transitioning from suspend to hibernate."; + }; + }; + + nitrokey.enable = mkEnableOption "Nitrokey hardware security key support"; + + git.signingKey = mkOption { + type = types.str; + default = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; + description = "SSH key used for git commit signing on this host."; + }; + + extraSystemPackages = mkOption { + type = types.listOf types.package; + default = []; + description = "Additional system packages specific to this host."; + }; + }; + + # ── Configuration ──────────────────────────────────────────────────────── + + config = lib.mkMerge [ + + # ── Base desktop config (replaces configuration_desktop.nix) ─────────── + { + users.users.${user} = { + isNormalUser = true; + uid = 2000; + extraGroups = [ + "wheel" "video" "audio" "camera" "networkmanager" + "lp" "kvm" "libvirtd" "adb" "dialout" "tss" + ]; + }; + + security = { + pam.services.login.enableGnomeKeyring = true; + # swaylock PAM is harmless on non-sway WMs + pam.services.swaylock = {}; + rtkit.enable = true; + }; + + environment.systemPackages = with pkgs; + [ + file + powertop + cpufrequtils + lm_sensors + libva-utils + at-spi2-core + qmk-udev-rules + gptfdisk + age-plugin-yubikey + pwgen + sbctl + ausweisapp + e2fsprogs + ] + ++ (with pkgs-stable; [ orca-slicer ]) + ++ cfg.extraSystemPackages; + + nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ]; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + wireplumber.enable = true; + }; + pcscd.enable = true; + yubikey-agent.enable = true; + udev.packages = with pkgs; [ yubikey-personalization nitrokey-udev-rules ]; + flatpak.enable = true; + gvfs.enable = true; + fwupd.enable = true; + blueman.enable = true; + avahi = { + enable = true; + nssmdns4 = true; + publish = { + enable = true; + addresses = true; + userServices = true; + }; + }; + }; + + programs.dconf.enable = true; + system.autoUpgrade.enable = false; + + home-manager.users.${user}.programs.git.signing.key = + cfg.git.signingKey; + } + + # ── Niri ─────────────────────────────────────────────────────────────── + (lib.mkIf (cfg.windowManager == "niri") { + environment = { + systemPackages = with pkgs; [ + alacritty + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + swaylock + swayidle + slurp + grim + lxqt.lxqt-openssh-askpass + clinfo + glib + brightnessctl + playerctl + xwayland-satellite + breeze-hacked-cursor-theme + pwvucontrol + ]; + loginShellInit = '' + export GTK_IM_MODULE="simple" + export ELECTRON_OZONE_PLATFORM_HINT="auto" + export NIXOS_OZONE_WL="1" + export WLR_RENDERER="vulkan" + export _JAVA_AWT_WM_NONREPARENTING="1" + ''; + }; + + services = { + iio-niri.enable = false; + greetd = { + enable = true; + useTextGreeter = true; + settings.default_session.command = + "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session"; + }; + tuned.enable = true; + upower.enable = true; + }; + + programs = { + niri.enable = true; + ssh.enableAskPassword = true; + ssh.askPassword = + "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; + }; + + # Noctalia shell + niri home config via home-manager + home-manager.users.${user} = { + imports = [ + inputs.noctalia.homeModules.default + ../wm/niri/home.nix + ]; + + services = { + mako.enable = true; + polkit-gnome.enable = true; + }; + + programs = { + fuzzel.enable = true; + + noctalia-shell = { + enable = true; + systemd.enable = true; + settings = { + appLauncher.terminalCommand = "alacritty -e"; + + bar = { + density = "compact"; + position = "top"; + showCapsule = false; + widgets = { + left = [ + { id = "ControlCenter"; useDistroLogo = true; } + { hideUnoccupied = false; id = "Workspace"; + labelMode = "index"; showApplications = true; } + { id = "ActiveWindow"; } + ]; + center = [ + { formatHorizontal = "HH:mm\\ndd-MM-yy"; + formatVertical = "HH mm"; + id = "Clock"; + useMonospacedFont = true; + usePrimaryColor = true; } + ]; + right = [ + { id = "MediaMini"; } + { id = "SystemMonitor"; showNetworkStats = true; compactMode = false; } + { id = "WiFi"; } + { id = "Bluetooth"; } + { id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; } + { id = "Volume"; displayMode = "alwaysShow"; } + { id = "NotificationHistory"; hideWhenZero = true; } + { id = "Tray"; } + ]; + }; + }; + + colorSchemes.predefinedScheme = "Catppuccin"; + + general = { + avatarImage = "/home/${user}/.face"; + radiusRatio = 0.2; + lockOnSusepnd = true; + }; + + location = { + monthBeforeDay = true; + name = "Munich, Germany"; + showWeekNumberInCalendar = true; + firstDayOfWeek = 0; + }; + + wallpaper = { + enabled = true; + overviewEnabled = false; + directory = "/home/${user}/.setup/modules/themes/"; + }; + + brightness = { + enforceMinimum = true; + brightnessStep = 5; + }; + + controlCenter.shortcuts.left = [ + { id = "WiFi"; } + { id = "Bluetooth"; } + { id = "ScreenRecorder"; } + { id = "PowerProfile"; } + { id = "KeepAwake"; } + ]; + + dock.enabled = false; + sessionMenu.enableCountdown = false; + + templates = { + fuzzel = true; + alacritty = true; + qt = true; + gtk = true; + discord = true; + code = true; + telegram = true; + niri = true; + firefox = true; + }; + }; + }; + }; + + home.file.".cache/noctalia/wallpapers.json".text = builtins.toJSON { + defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg"; + }; + }; + }) + + # ── Hyprland ─────────────────────────────────────────────────────────── + (lib.mkIf (cfg.windowManager == "hyprland") { + hardware.opengl.enable = true; + + environment = { + loginShellInit = '' + if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then + exec Hyprland + fi + ''; + variables = { + MOZ_ENABLE_WAYLAND = "1"; + MOZ_WEBRENDER = "1"; + MOZ_USE_XINPUT2 = "2"; + MOZ_DBUS_REMOTE = "1"; + XDG_SESSION_TYPE = "wayland"; + XDG_CURRENT_DESKTOP = "Unity"; + GST_VAAPI_ALL_DRIVERS = "1"; + GTK_THEME = "Arc"; + _JAVA_AWT_WM_NONREPARENTING = "1"; + }; + systemPackages = with pkgs; [ + xdg-desktop-portal-wlr + swaylock + swayidle + slurp + grim + ]; + }; + + programs.hyprland.enable = true; + xdg.portal.wlr.enable = true; + + home-manager.users.${user}.imports = [ ../wm/hyprland/home.nix ]; + }) + + # ── Sway ─────────────────────────────────────────────────────────────── + (lib.mkIf (cfg.windowManager == "sway") { + environment = { + loginShellInit = '' + if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then + exec sway + fi + ''; + systemPackages = with pkgs; [ + xdg-desktop-portal-wlr + sway + swaylock + swayidle + slurp + grim + bemenu + lxqt.lxqt-openssh-askpass + clinfo + waybar + glib + ]; + }; + + programs = { + sway = { + enable = true; + extraSessionCommands = '' + export MOZ_ENABLE_WAYLAND="1" + export MOZ_WEBRENDER="1" + export WLR_RENDERER="vulkan" + export XDG_SESSION_TYPE="wayland" + export GTK_THEME="Arc" + export _JAVA_AWT_WM_NONREPARENTING="1" + ''; + }; + ssh.enableAskPassword = true; + ssh.askPassword = + "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; + }; + + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + home-manager.users.${user}.imports = [ + ../wm/sway/home.nix + ../wm/waybar.nix # sway uses waybar for the bar + ]; + }) + + # ── KDE Plasma ───────────────────────────────────────────────────────── + (lib.mkIf (cfg.windowManager == "kde") { + environment.systemPackages = with pkgs; [ + kdePackages.discover + maliit-keyboard + maliit-framework + kdePackages.ksshaskpass + ]; + + programs.ssh = { + enableAskPassword = true; + askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass"; + }; + + services = { + packagekit.enable = true; + desktopManager.plasma6.enable = true; + udev.packages = with pkgs; [ gnome-settings-daemon ]; + }; + + qt.platformTheme = "kde"; + + home-manager.users.${user}.imports = [ ../wm/kde/home.nix ]; + }) + + # ── GNOME ────────────────────────────────────────────────────────────── + (lib.mkIf (cfg.windowManager == "gnome") { + hardware.pulseaudio.enable = lib.mkForce false; + + environment.systemPackages = with pkgs; [ + gnome.gnome-terminal + gnomeExtensions.dash-to-dock + gnomeExtensions.appindicator + rocmPackages.clr.icd + rocmPackages.clr + clinfo + ]; + + services = { + xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager = { + gdm.wayland = true; + gdm.enable = true; + gdm.autoLogin.delay = 5; + gdm.settings.security.DisallowTCP = true; + defaultSession = "gnome"; + autoLogin.enable = true; + autoLogin.user = user; + }; + }; + udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; + }; + + home-manager.users.${user}.imports = [ ../wm/gnome/home.nix ]; + }) + + # ── Virtualisation (podman/docker-compat + qemu/libvirt) ─────────────── + (lib.mkIf cfg.virtualisation.enable { + users.groups = { + docker.members = [ user ]; + libvirtd.members = [ "root" user ]; + }; + + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + libvirtd = { + enable = true; + onShutdown = "shutdown"; + qemu.runAsRoot = false; + }; + spiceUSBRedirection.enable = true; + }; + + environment.systemPackages = with pkgs; [ + virt-manager + virt-viewer + qemu + OVMF + OVMF-cloud-hypervisor + gvfs + cloud-hypervisor + ]; + }) + + # ── KVM – AMD ────────────────────────────────────────────────────────── + (lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "amd") { + boot.extraModprobeConfig = '' + options kvm_amd nested=0 avic=1 npt=1 + ''; + }) + + # ── KVM – Intel ──────────────────────────────────────────────────────── + (lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "intel") { + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + options kvm_intel emulate_invalid_guest_state=0 + options kvm ignore_nsrs=1 + ''; + }) + + # ── Syncthing ────────────────────────────────────────────────────────── + (lib.mkIf cfg.syncthing.enable { + services.syncthing = { + enable = true; + group = "users"; + user = user; + dataDir = "/home/${user}/Sync"; + configDir = "/home/${user}/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + openDefaultPorts = true; + settings = { + devices = cfg.syncthing.devices; + folders = cfg.syncthing.folders; + }; + }; + }) + + # ── OpenRGB ──────────────────────────────────────────────────────────── + (lib.mkIf cfg.openrgb.enable { + services.hardware.openrgb = { + enable = true; + motherboard = cfg.openrgb.motherboard; + }; + }) + + # ── Laptop ───────────────────────────────────────────────────────────── + (lib.mkIf cfg.laptop.enable { + systemd.sleep.extraConfig = + "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}"; + services.logind.settings.Login.HandleLidSwitch = + cfg.laptop.lidSwitch; + }) + + # ── Nitrokey ─────────────────────────────────────────────────────────── + (lib.mkIf cfg.nitrokey.enable { + hardware.nitrokey.enable = true; + }) + + ]; +} diff --git a/modules/shell/git.nix b/modules/shell/git.nix index 7cf7ae6..c5b1c86 100644 --- a/modules/shell/git.nix +++ b/modules/shell/git.nix @@ -1,7 +1,7 @@ # # Git # -{ user, ... }: +{ lib, user, ... }: { programs = { @@ -17,7 +17,7 @@ }; signing = { format = "ssh"; - key = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; + key = lib.mkDefault "/home/${user}/.ssh/id_ed25519_sk_rk_red"; signByDefault = true; }; };