Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create users desktop module

Browse Source
This commit is contained in:
Kabbone
2026-04-25 10:20:16 +02:00
parent 5fb7ab4ee0
commit 62b68a333f
7 changed files with 704 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/default.nix
View File

@@ -60,8 +60,8 @@ in
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./desktop ./desktop # myDesktop options set inside
./configuration_desktop.nix ./configuration_common.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
@@ -75,8 +75,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./lifebook ./lifebook # myDesktop options set inside
./configuration_desktop.nix ./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home.nix ./lifebook/home.nix ]); ] ++ (mkHM home-manager [ ./home.nix ./lifebook/home.nix ]);

128
hosts/desktop/default.nix
View File

@@ -1,104 +1,50 @@
# #
# Specific system configuration settings for desktop # Hades desktop — system configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# #
{ inputs, lib, config, pkgs, user, nixpkgs, pkgs-kabbone, ... }: { lib, pkgs, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = [
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix ./hardware-configuration.nix
[(import ../../modules/wm/niri/default.nix)] ++ # Window Manager ../../modules/desktop
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker ];
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
#[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options # ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.openrgb.enable = true;
myDesktop.openrgb.motherboard = "amd";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ];
ignorePerms = false;
};
};
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot systemd-boot.enable = lib.mkForce false;
systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true;
efi = { efi.efiSysMountPoint = "/boot";
canTouchEfiVariables = true; timeout = 1;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
# hardware.sane = { # Used for scanning with Xsane environment.systemPackages = [ pkgs.linux-firmware ];
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
environment = {
systemPackages = [
pkgs.linux-firmware
#pkgs-kabbone.corosync-qdevice
];
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
} }

57
hosts/desktop/home.nix
View File

@@ -1,52 +1,29 @@
# #
# Home-manager configuration for laptop # Hades desktop — home-manager host-specific additions
# # (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
# #
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[ ../../modules/home.nix # cmds / theme options
#../../modules/wm/hyprland/home.nix # Window Manager ];
../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop home.packages = with pkgs; [
packages = with pkgs; [ chromium
# Applications thunderbird
#freecad # Office packages streamlink
#firefox streamlink-twitch-gui-bin
chromium pulsemixer
thunderbird nitrokey-app
streamlink kicad
streamlink-twitch-gui-bin ];
#nheko
pulsemixer
#yubioath-flutter
nitrokey-app
kicad
# Power Management services = {
#auto-cpufreq # Power management blueman-applet.enable = true;
#tlp # Power management network-manager-applet.enable = true;
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

130
hosts/lifebook/default.nix
View File

@@ -1,99 +1,57 @@
# #
# Specific system configuration settings for desktop # Lifebook laptop — system configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# #
{ inputs, lib, config, pkgs, user, ... }: { lib, pkgs, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = [
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix ./hardware-configuration.nix
[(import ../../modules/wm/niri/default.nix)] ++ # Window Manager ../../modules/desktop
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker ];
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options # ── Desktop module options ──────────────────────────────────────────────
kernelPackages = pkgs.linuxPackages_latest; myDesktop.windowManager = "niri";
initrd.prepend = [ "${./patched-SSDT4}" ]; myDesktop.cpu = "intel";
myDesktop.virtualisation.enable = true;
loader = { # EFI Boot myDesktop.laptop.enable = true;
systemd-boot.enable = lib.mkForce false; myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
efi = { myDesktop.laptop.hibernateDelaySec = "1h";
canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; myDesktop.nitrokey.enable = true;
};
timeout = 1; # Grub auto select time myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ];
ignorePerms = false;
}; };
};
myDesktop.extraSystemPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
];
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
loader = {
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
};
};
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
intel-compute-runtime
];
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
}; };
}; };
} }

54
hosts/lifebook/home.nix
View File

@@ -1,49 +1,29 @@
# #
# Home-manager configuration for laptop # Lifebook laptop — home-manager host-specific additions
# # (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
# #
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[ ../../modules/home.nix # cmds / theme options
#../../modules/wm/hyprland/home.nix # Window Manager ];
../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop home.packages = with pkgs; [
packages = with pkgs; [ libreoffice
# Applications chromium
libreoffice # Office packages thunderbird
#firefox streamlink
chromium streamlink-twitch-gui-bin
thunderbird intel-gpu-tools
streamlink pulsemixer
streamlink-twitch-gui-bin ];
intel-gpu-tools
pulsemixer
# Power Management services = {
#auto-cpufreq # Power management blueman-applet.enable = true;
#tlp # Power management network-manager-applet.enable = true;
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

583
modules/desktop/default.nix Normal file
View File

@@ -0,0 +1,583 @@
#
# Desktop module — import this instead of manual WM/virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/desktop
# ];
#
# myDesktop.windowManager = "niri"; # niri (default) | hyprland | sway | kde | gnome
# myDesktop.cpu = "amd"; # amd | intel | none (default)
#
# myDesktop.virtualisation.enable = true;
#
# myDesktop.syncthing.enable = true;
# myDesktop.syncthing.devices = { "jupiter.home.example.de" = { id = "XXXXX-..."; }; };
# myDesktop.syncthing.folders = { "Sync" = { path = "/home/user/Sync"; devices = [...]; }; };
#
# myDesktop.openrgb.enable = true;
# myDesktop.openrgb.motherboard = "amd"; # or "intel"
#
# myDesktop.laptop.enable = true;
# myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
# myDesktop.laptop.hibernateDelaySec = "1h";
#
# myDesktop.nitrokey.enable = true;
#
# myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
#
{ config, lib, pkgs, pkgs-stable, inputs, user, ... }:
let
cfg = config.myDesktop;
in
{
# Hardware modules that are always useful on desktops (bluetooth, …)
imports = (import ../hardware);
# ── Options ──────────────────────────────────────────────────────────────
options.myDesktop = with lib; {
windowManager = mkOption {
type = types.enum [ "niri" "hyprland" "sway" "kde" "gnome" ];
default = "niri";
description = "Window manager / desktop environment for this host.";
};
cpu = mkOption {
type = types.enum [ "amd" "intel" "none" ];
default = "none";
description = "CPU type selects the matching KVM kernel parameters.";
};
virtualisation.enable =
mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)";
syncthing = {
enable = mkEnableOption "syncthing continuous file synchronisation";
devices = mkOption {
type = types.attrs;
default = {};
example = literalExpression
''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
description = "Syncthing peer devices.";
};
folders = mkOption {
type = types.attrs;
default = {};
example = literalExpression
''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
description = "Syncthing shared folders.";
};
};
openrgb = {
enable = mkEnableOption "OpenRGB RGB motherboard control";
motherboard = mkOption {
type = types.str;
default = "amd";
description = "Motherboard vendor string passed to OpenRGB (amd or intel).";
};
};
laptop = {
enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
lidSwitch = mkOption {
type = types.str;
default = "suspend-then-hibernate";
description = "systemd-logind action on lid close.";
};
hibernateDelaySec = mkOption {
type = types.str;
default = "1h";
description = "Delay before transitioning from suspend to hibernate.";
};
};
nitrokey.enable = mkEnableOption "Nitrokey hardware security key support";
git.signingKey = mkOption {
type = types.str;
default = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
description = "SSH key used for git commit signing on this host.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base desktop config (replaces configuration_desktop.nix) ───────────
{
users.users.${user} = {
isNormalUser = true;
uid = 2000;
extraGroups = [
"wheel" "video" "audio" "camera" "networkmanager"
"lp" "kvm" "libvirtd" "adb" "dialout" "tss"
];
};
security = {
pam.services.login.enableGnomeKeyring = true;
# swaylock PAM is harmless on non-sway WMs
pam.services.swaylock = {};
rtkit.enable = true;
};
environment.systemPackages = with pkgs;
[
file
powertop
cpufrequtils
lm_sensors
libva-utils
at-spi2-core
qmk-udev-rules
gptfdisk
age-plugin-yubikey
pwgen
sbctl
ausweisapp
e2fsprogs
]
++ (with pkgs-stable; [ orca-slicer ])
++ cfg.extraSystemPackages;
nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ];
services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = with pkgs; [ yubikey-personalization nitrokey-udev-rules ];
flatpak.enable = true;
gvfs.enable = true;
fwupd.enable = true;
blueman.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
programs.dconf.enable = true;
system.autoUpgrade.enable = false;
home-manager.users.${user}.programs.git.signing.key =
cfg.git.signingKey;
}
# ── Niri ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "niri") {
environment = {
systemPackages = with pkgs; [
alacritty
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
swaylock
swayidle
slurp
grim
lxqt.lxqt-openssh-askpass
clinfo
glib
brightnessctl
playerctl
xwayland-satellite
breeze-hacked-cursor-theme
pwvucontrol
];
loginShellInit = ''
export GTK_IM_MODULE="simple"
export ELECTRON_OZONE_PLATFORM_HINT="auto"
export NIXOS_OZONE_WL="1"
export WLR_RENDERER="vulkan"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
services = {
iio-niri.enable = false;
greetd = {
enable = true;
useTextGreeter = true;
settings.default_session.command =
"${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
tuned.enable = true;
upower.enable = true;
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword =
"${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
# Noctalia shell + niri home config via home-manager
home-manager.users.${user} = {
imports = [
inputs.noctalia.homeModules.default
../wm/niri/home.nix
];
services = {
mako.enable = true;
polkit-gnome.enable = true;
};
programs = {
fuzzel.enable = true;
noctalia-shell = {
enable = true;
systemd.enable = true;
settings = {
appLauncher.terminalCommand = "alacritty -e";
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{ id = "ControlCenter"; useDistroLogo = true; }
{ hideUnoccupied = false; id = "Workspace";
labelMode = "index"; showApplications = true; }
{ id = "ActiveWindow"; }
];
center = [
{ formatHorizontal = "HH:mm\\ndd-MM-yy";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true; }
];
right = [
{ id = "MediaMini"; }
{ id = "SystemMonitor"; showNetworkStats = true; compactMode = false; }
{ id = "WiFi"; }
{ id = "Bluetooth"; }
{ id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; }
{ id = "Volume"; displayMode = "alwaysShow"; }
{ id = "NotificationHistory"; hideWhenZero = true; }
{ id = "Tray"; }
];
};
};
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/${user}/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
enforceMinimum = true;
brightnessStep = 5;
};
controlCenter.shortcuts.left = [
{ id = "WiFi"; }
{ id = "Bluetooth"; }
{ id = "ScreenRecorder"; }
{ id = "PowerProfile"; }
{ id = "KeepAwake"; }
];
dock.enabled = false;
sessionMenu.enableCountdown = false;
templates = {
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
};
};
};
};
home.file.".cache/noctalia/wallpapers.json".text = builtins.toJSON {
defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
};
};
})
# ── Hyprland ───────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "hyprland") {
hardware.opengl.enable = true;
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
exec Hyprland
fi
'';
variables = {
MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
MOZ_USE_XINPUT2 = "2";
MOZ_DBUS_REMOTE = "1";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "Unity";
GST_VAAPI_ALL_DRIVERS = "1";
GTK_THEME = "Arc";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
systemPackages = with pkgs; [
xdg-desktop-portal-wlr
swaylock
swayidle
slurp
grim
];
};
programs.hyprland.enable = true;
xdg.portal.wlr.enable = true;
home-manager.users.${user}.imports = [ ../wm/hyprland/home.nix ];
})
# ── Sway ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "sway") {
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
exec sway
fi
'';
systemPackages = with pkgs; [
xdg-desktop-portal-wlr
sway
swaylock
swayidle
slurp
grim
bemenu
lxqt.lxqt-openssh-askpass
clinfo
waybar
glib
];
};
programs = {
sway = {
enable = true;
extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1"
export MOZ_WEBRENDER="1"
export WLR_RENDERER="vulkan"
export XDG_SESSION_TYPE="wayland"
export GTK_THEME="Arc"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
ssh.enableAskPassword = true;
ssh.askPassword =
"${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
home-manager.users.${user}.imports = [
../wm/sway/home.nix
../wm/waybar.nix # sway uses waybar for the bar
];
})
# ── KDE Plasma ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "kde") {
environment.systemPackages = with pkgs; [
kdePackages.discover
maliit-keyboard
maliit-framework
kdePackages.ksshaskpass
];
programs.ssh = {
enableAskPassword = true;
askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
};
services = {
packagekit.enable = true;
desktopManager.plasma6.enable = true;
udev.packages = with pkgs; [ gnome-settings-daemon ];
};
qt.platformTheme = "kde";
home-manager.users.${user}.imports = [ ../wm/kde/home.nix ];
})
# ── GNOME ──────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "gnome") {
hardware.pulseaudio.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [
gnome.gnome-terminal
gnomeExtensions.dash-to-dock
gnomeExtensions.appindicator
rocmPackages.clr.icd
rocmPackages.clr
clinfo
];
services = {
xserver = {
enable = true;
desktopManager.gnome.enable = true;
displayManager = {
gdm.wayland = true;
gdm.enable = true;
gdm.autoLogin.delay = 5;
gdm.settings.security.DisallowTCP = true;
defaultSession = "gnome";
autoLogin.enable = true;
autoLogin.user = user;
};
};
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};
home-manager.users.${user}.imports = [ ../wm/gnome/home.nix ];
})
# ── Virtualisation (podman/docker-compat + qemu/libvirt) ───────────────
(lib.mkIf cfg.virtualisation.enable {
users.groups = {
docker.members = [ user ];
libvirtd.members = [ "root" user ];
};
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
libvirtd = {
enable = true;
onShutdown = "shutdown";
qemu.runAsRoot = false;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
qemu
OVMF
OVMF-cloud-hypervisor
gvfs
cloud-hypervisor
];
})
# ── KVM AMD ──────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Syncthing ──────────────────────────────────────────────────────────
(lib.mkIf cfg.syncthing.enable {
services.syncthing = {
enable = true;
group = "users";
user = user;
dataDir = "/home/${user}/Sync";
configDir = "/home/${user}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = cfg.syncthing.devices;
folders = cfg.syncthing.folders;
};
};
})
# ── OpenRGB ────────────────────────────────────────────────────────────
(lib.mkIf cfg.openrgb.enable {
services.hardware.openrgb = {
enable = true;
motherboard = cfg.openrgb.motherboard;
};
})
# ── Laptop ─────────────────────────────────────────────────────────────
(lib.mkIf cfg.laptop.enable {
systemd.sleep.extraConfig =
"HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
services.logind.settings.Login.HandleLidSwitch =
cfg.laptop.lidSwitch;
})
# ── Nitrokey ───────────────────────────────────────────────────────────
(lib.mkIf cfg.nitrokey.enable {
hardware.nitrokey.enable = true;
})
];
}

4
modules/shell/git.nix
View File

@@ -1,7 +1,7 @@
# #
# Git # Git
# #
{ user, ... }: { lib, user, ... }:
{ {
programs = { programs = {
@@ -17,7 +17,7 @@
}; };
signing = { signing = {
format = "ssh"; format = "ssh";
key = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; key = lib.mkDefault "/home/${user}/.ssh/id_ed25519_sk_rk_red";
signByDefault = true; signByDefault = true;
}; };
}; };