diff options
Diffstat (limited to 'modules/desktop')
45 files changed, 920 insertions, 0 deletions
diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index e4fe30d..e9e2a80 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -1,7 +1,9 @@ { config, ... }: { imports = [ + ./hardware ./networking + ./software ./variables ./virtualisation ]; diff --git a/modules/desktop/hardware/bluetooth.nix b/modules/desktop/hardware/bluetooth.nix new file mode 100644 index 0000000..9737504 --- /dev/null +++ b/modules/desktop/hardware/bluetooth.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + boot.kernelParams = [ "btusb" ]; + services.blueman.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + package = pkgs.bluez5-experimental; + disabledPlugins = [ "sap" ]; + # hsphfpd.enable = true; + + settings.General = { + JustWorksRepairing = "always"; + MultiProfile = "multiple"; + Experimental = true; + }; + }; +} diff --git a/modules/desktop/hardware/cpu.nix b/modules/desktop/hardware/cpu.nix new file mode 100644 index 0000000..1ac3a27 --- /dev/null +++ b/modules/desktop/hardware/cpu.nix @@ -0,0 +1,21 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = [ pkgs.amdctl ]; + + powerManagement = { + enable = true; + cpuFreqGovernor = "performance"; + }; + + boot = { + kernelModules = [ + # "kvm-amd" + "amd-pstate" + "zenpower" + "msr" + ]; + + kernelParams = [ "amd_iommu=on" ]; + extraModulePackages = [ config.boot.kernelPackages.zenpower ]; + }; +} diff --git a/modules/desktop/hardware/default.nix b/modules/desktop/hardware/default.nix new file mode 100644 index 0000000..167e7c7 --- /dev/null +++ b/modules/desktop/hardware/default.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./cpu.nix + ./bluetooth.nix + ./usb.nix + ./tpm.nix + ./yubikey.nix + ]; + + hardware = { + enableRedistributableFirmware = true; + enableAllFirmware = true; + }; +} diff --git a/modules/desktop/hardware/tpm.nix b/modules/desktop/hardware/tpm.nix new file mode 100644 index 0000000..b84551e --- /dev/null +++ b/modules/desktop/hardware/tpm.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + security.tpm2 = { + enable = true; + applyUdevRules = true; + abrmd.enable = true; + tctiEnvironment.enable = true; + pkcs11.enable = true; + }; + + environment.systemPackages = with pkgs; [ + tpm2-tools + tpm2-tss + tpm2-abrmd + ]; + + boot.kernelModules = [ "uhid" ]; +} diff --git a/modules/desktop/hardware/usb.nix b/modules/desktop/hardware/usb.nix new file mode 100644 index 0000000..f697761 --- /dev/null +++ b/modules/desktop/hardware/usb.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + usbutils + lm_sensors + pciutils + ]; + + boot.kernelParams = [ "usbcore.autosuspend=-1" ]; +} diff --git a/modules/desktop/hardware/yubikey.nix b/modules/desktop/hardware/yubikey.nix new file mode 100644 index 0000000..6bd4a5c --- /dev/null +++ b/modules/desktop/hardware/yubikey.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + hardware.gpgSmartcards.enable = true; + + services = { + pcscd.enable = true; + udev.packages = [ pkgs.yubikey-personalization ]; + }; + + environment.systemPackages = with pkgs; [ + yubikey-manager + yubikey-manager-qt + yubikey-personalization + yubikey-personalization-gui + yubico-piv-tool + yubioath-flutter + ]; +} diff --git a/modules/desktop/software/aagl.nix b/modules/desktop/software/aagl.nix new file mode 100644 index 0000000..b164edb --- /dev/null +++ b/modules/desktop/software/aagl.nix @@ -0,0 +1,9 @@ +{ inputs, ... }: +let + inherit (inputs) aagl; +in +{ + imports = [ aagl.nixosModules.default ]; + nix.settings = aagl.nixConfig; + programs.anime-game-launcher.enable = true; +} diff --git a/modules/desktop/software/access/default.nix b/modules/desktop/software/access/default.nix new file mode 100644 index 0000000..7db7629 --- /dev/null +++ b/modules/desktop/software/access/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./gnupg.nix + ./mosh.nix + ./ssh.nix + ]; +} diff --git a/modules/desktop/software/access/gnupg.nix b/modules/desktop/software/access/gnupg.nix new file mode 100644 index 0000000..e60da30 --- /dev/null +++ b/modules/desktop/software/access/gnupg.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-curses; + enableExtraSocket = true; + enableBrowserSocket = true; + + settings = { + enable-ssh-support = ""; + ttyname = "$GPG_TTY"; + default-cache-ttl = 34560000; # 60 + max-cache-ttl = 34560000; # 120 + allow-loopback-pinentry = ""; + }; + }; +} diff --git a/modules/desktop/software/access/mosh.nix b/modules/desktop/software/access/mosh.nix new file mode 100644 index 0000000..c9af5bf --- /dev/null +++ b/modules/desktop/software/access/mosh.nix @@ -0,0 +1,6 @@ +{ + programs.mosh = { + enable = true; + openFirewall = false; + }; +} diff --git a/modules/desktop/software/access/ssh.nix b/modules/desktop/software/access/ssh.nix new file mode 100644 index 0000000..665532f --- /dev/null +++ b/modules/desktop/software/access/ssh.nix @@ -0,0 +1,39 @@ +{ lib, config, ... }: +{ + programs.ssh.startAgent = false; + security.pam.sshAgentAuth.enable = true; + + services = { + fail2ban.jails.sshd.settings = { + enabled = true; + filter = "sshd[mode=aggressive]"; + port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports); + }; + + openssh = { + enable = true; + ports = [ 22 ]; + openFirewall = false; + + settings = { + StreamLocalBindUnlink = "yes"; + GatewayPorts = "clientspecified"; + + KexAlgorithms = [ + "curve25519-sha256" + "diffie-hellman-group16-sha512" + "diffie-hellman-group18-sha512" + "diffie-hellman-group-exchange-sha256" + ]; + + Macs = [ + ]; + }; + }; + }; +} diff --git a/modules/desktop/software/boot/default.nix b/modules/desktop/software/boot/default.nix new file mode 100644 index 0000000..9fe77a0 --- /dev/null +++ b/modules/desktop/software/boot/default.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +{ + imports = [ + ./grub.nix + ./systemd-boot.nix + ]; + + boot = { + tmp.cleanOnBoot = true; + crashDump.enable = false; + consoleLogLevel = 3; + kernelPackages = pkgs.linuxPackages_zen; + binfmt.emulatedSystems = [ "aarch64-linux" ]; + + kernelParams = [ + "iommu=pt" + "threadirqs" + ]; + + loader = { + timeout = 1; + generationsDir.copyKernels = true; + + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; +} diff --git a/modules/desktop/software/boot/grub.nix b/modules/desktop/software/boot/grub.nix new file mode 100644 index 0000000..3932713 --- /dev/null +++ b/modules/desktop/software/boot/grub.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: +{ + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + memtest86.enable = true; + gfxmodeEfi = "1920x1080x32"; + gfxmodeBios = "1920x1080x32"; + gfxpayloadBios = "keep"; + gfxpayloadEfi = "keep"; + splashMode = "normal"; + + theme = pkgs.fetchFromGitHub { + owner = "Lxtharia"; + repo = "minegrub-theme"; + rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; + sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; + }; + }; +} diff --git a/modules/desktop/software/boot/systemd-boot.nix b/modules/desktop/software/boot/systemd-boot.nix new file mode 100644 index 0000000..b51a896 --- /dev/null +++ b/modules/desktop/software/boot/systemd-boot.nix @@ -0,0 +1,9 @@ +{ + boot.loader.systemd-boot = { + enable = false; + editor = true; + consoleMode = "max"; + memtest86.enable = true; + netbootxyz.enable = true; + }; +} diff --git a/modules/desktop/software/default.nix b/modules/desktop/software/default.nix new file mode 100644 index 0000000..f0de576 --- /dev/null +++ b/modules/desktop/software/default.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + imports = [ + ./access + ./boot + ./desktop + ./multimedia + ./services + ./aagl.nix + ./encryption.nix + ./gaming.nix + ./input.nix + ./locale.nix + ./programs.nix + ./shell.nix + ./systemd.nix + ./users.nix + ]; + + system = { + autoUpgrade = { + enable = false; + allowReboot = false; + }; + + switch = { + enable = false; + enableNg = true; + }; + }; + + environment.enableAllTerminfo = true; + + console = { + earlySetup = true; + keyMap = "us"; + font = "ter-v16n"; + packages = [ pkgs.terminus_font ]; + }; +} diff --git a/modules/desktop/software/desktop/default.nix b/modules/desktop/software/desktop/default.nix new file mode 100644 index 0000000..bd2c811 --- /dev/null +++ b/modules/desktop/software/desktop/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./gtk.nix + ./xdg-portal.nix + ]; +} diff --git a/modules/desktop/software/desktop/gtk.nix b/modules/desktop/software/desktop/gtk.nix new file mode 100644 index 0000000..4357e75 --- /dev/null +++ b/modules/desktop/software/desktop/gtk.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + gtk2 + gtk3 + gtk4 + ]; +} diff --git a/modules/desktop/software/desktop/xdg-portal.nix b/modules/desktop/software/desktop/xdg-portal.nix new file mode 100644 index 0000000..72bcb97 --- /dev/null +++ b/modules/desktop/software/desktop/xdg-portal.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + xdg.portal = { + enable = true; + config.common.default = "*"; + # wlr.enable = true; + # xdgOpenUsePortal = true; + + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; +} diff --git a/modules/desktop/software/encryption.nix b/modules/desktop/software/encryption.nix new file mode 100644 index 0000000..53a24bb --- /dev/null +++ b/modules/desktop/software/encryption.nix @@ -0,0 +1,16 @@ +{ + boot = { + initrd.availableKernelModules = [ + # "aesni_intel" + # "cryptd" + "usb_storage" + ]; + + # <https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Timeout> + kernelParams = [ + "luks.options=timeout=0" + "rd.luks.options=timeout=0" + "rootflags=x-systemd.device-timeout=0" + ]; + }; +} diff --git a/modules/desktop/software/gaming.nix b/modules/desktop/software/gaming.nix new file mode 100644 index 0000000..675aee9 --- /dev/null +++ b/modules/desktop/software/gaming.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +{ + programs = { + steam = + let + openFirewall = false; + in + { + enable = true; + remotePlay.openFirewall = openFirewall; + localNetworkGameTransfers.openFirewall = openFirewall; + dedicatedServer.openFirewall = openFirewall; + extest.enable = true; + # gamescopeSession.enable = true; + + package = pkgs.steam-small.override { + extraEnv = { + MANGOHUD = true; + # SDL_VIDEODRIVER = "x11"; + }; + }; + + extraCompatPackages = [ pkgs.proton-ge-bin.steamcompattool ]; + }; + + gamemode = { + enable = true; + enableRenice = false; + }; + + gamescope.enable = true; + }; + + environment.systemPackages = with pkgs; [ + mangohud + steamtinkerlaunch + ]; +} diff --git a/modules/desktop/software/input.nix b/modules/desktop/software/input.nix new file mode 100644 index 0000000..2d9f651 --- /dev/null +++ b/modules/desktop/software/input.nix @@ -0,0 +1,25 @@ +{ pkgs, secrets, ... }: +{ + i18n = { + defaultLocale = secrets.i18n.locale; + + inputMethod = { + enable = true; + type = "fcitx5"; + + fcitx5 = { + waylandFrontend = true; + + addons = with pkgs; [ + fcitx5-configtool + fcitx5-gtk + fcitx5-hangul + fcitx5-mozc + fcitx5-rime + rime-data + catppuccin-fcitx5 + ]; + }; + }; + }; +} diff --git a/modules/desktop/software/locale.nix b/modules/desktop/software/locale.nix new file mode 100644 index 0000000..8ebd49b --- /dev/null +++ b/modules/desktop/software/locale.nix @@ -0,0 +1,9 @@ +{ secrets, ... }: +{ + location.provider = "geoclue2"; + + time = { + timeZone = "${secrets.i18n.timezone}"; + hardwareClockInLocalTime = false; + }; +} diff --git a/modules/desktop/software/multimedia/audio/default.nix b/modules/desktop/software/multimedia/audio/default.nix new file mode 100644 index 0000000..f4e7f0a --- /dev/null +++ b/modules/desktop/software/multimedia/audio/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./pipewire.nix + # ./wireplumber.nix + ]; +} diff --git a/modules/desktop/software/multimedia/audio/pipewire.nix b/modules/desktop/software/multimedia/audio/pipewire.nix new file mode 100644 index 0000000..2824176 --- /dev/null +++ b/modules/desktop/software/multimedia/audio/pipewire.nix @@ -0,0 +1,164 @@ +# { lib, ... }: +# let +# inherit (lib.modules) mkBefore; +# inherit (lib.lists) singleton; +# inherit (builtins) toString; +# mapOptionDefault = lib.attrsets.mapAttrs (_: lib.modules.mkOptionDefault); +# quantum = toString 64; +# rate = toString 48000; +# qr = "${quantum}/${rate}"; +# in +{ + services.pipewire = { + enable = true; + wireplumber.enable = true; + jack.enable = true; + pulse.enable = true; + audio.enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + + extraConfig = { + pipewire = { + "10-logging" = { + "context.properties"."log.level" = 3; + }; + + # "10-defaults" = { + # "context.properties" = mapOptionDefault { + # "clock.power-of-two-quantum" = true; + # "core.daemon" = true; + # "core.name" = "pipewire-0"; + # "link.max-buffers" = 16; + # "settings.check-quantum" = true; + # }; + + # "context.spa-libs" = mapOptionDefault { + # "audio.convert.*" = "audioconvert/libspa-audioconvert"; + # "avb.*" = "avb/libspa-avb"; + # "api.alsa.*" = "alsa/libspa-alsa"; + # "api.v4l2.*" = "v4l2/libspa-v4l2"; + # "api.libcamera.*" = "libcamera/libspa-libcamera"; + # "api.bluez5.*" = "bluez5/libspa-bluez5"; + # "api.vulkan.*" = "vulkan/libspa-vulkan"; + # "api.jack.*" = "jack/libspa-jack"; + # "support.*" = "support/libspa-support"; + # "video.convert.*" = "videoconvert/libspa-videoconvert"; + # }; + # }; + }; + + # pipewire-pulse = { + # "10-defaults" = { + # "context.spa-libs" = mapOptionDefault { + # "audio.convert.*" = "audioconvert/libspa-audioconvert"; + # "support.*" = "support/libspa-support"; + # }; + + # "pulse.cmd" = mkBefore [ + # { + # cmd = "load-module"; + # args = "module-always-sink"; + # flags = [ ]; + # } + # ]; + + # "pulse.properties" = { + # "server.address" = mkBefore [ "unix:native" ]; + # }; + + # "pulse.rules" = mkBefore [ + # { + # matches = [ + # { "application.process.binary" = "teams"; } + # { "application.process.binary" = "teams-insiders"; } + # { "application.process.binary" = "skypeforlinux"; } + # ]; + + # actions.quirks = [ "force-s16-info" ]; + # } + # { + # matches = singleton { "application.process.binary" = "firefox"; }; + # actions.quirks = [ "remove-capture-dont-move" ]; + # } + # { + # matches = singleton { "application.name" = "~speech-dispatcher*"; }; + + # actions = { + # update-props = { + # "pulse.min.req" = "1024/48000"; # 21 milliseconds + # "pulse.min.quantum " = "1024/48000"; # 21 milliseconds + # }; + # }; + # } + # ]; + # }; + # }; + + # pipewire."92-low-latency" = { + # "context.properties" = { + # "default.clock.rate" = rate; + # "default.clock.quantum" = quantum; + # "default.clock.min-quantum" = quantum; + # "default.clock.max-quantum" = quantum; + # "default.clock.allowed-rates" = [ rate ]; + # }; + + # # "context.modules" = [ + # # { + # # name = "libpipewire-module-rtkit"; + + # # flags = [ + # # "ifexists" + # # "nofail" + # # ]; + + # # args = { + # # "nice.level" = -15; + # # "rt.prio" = 90; + # # "rt.time.soft" = 200000; + # # "rt.time.hard" = 200000; + # # }; + # # } + # # { + # # name = "libpipewire-module-protocol-pulse"; + + # # args = { + # # "server.address" = [ "unix:native" ]; + # # "pulse.min.quantum" = qr; + # # "pulse.min.req" = qr; + # # "pulse.min.frag" = qr; + # # }; + # # } + # # ]; + + # "stream.properties" = { + # "node.latency" = qr; + # "resample.quality" = 1; + # }; + # }; + + # pipewire-pulse."92-low-latency" = { + # "context.modules" = singleton { + # name = "libpipewire-module-protocol-pulse"; + + # args = { + # "pulse.min.req" = qr; + # "pulse.default.req" = qr; + # "pulse.max.req" = qr; + # "pulse.min.quantum" = qr; + # "pulse.max.quantum" = qr; + # }; + # }; + + # "stream.properties" = { + # "node.latency" = qr; + # "resample.quality" = 4; + # }; + # }; + }; + }; +} diff --git a/modules/desktop/software/multimedia/audio/wireplumber.nix b/modules/desktop/software/multimedia/audio/wireplumber.nix new file mode 100644 index 0000000..970396f --- /dev/null +++ b/modules/desktop/software/multimedia/audio/wireplumber.nix @@ -0,0 +1,42 @@ +let + rate = builtins.toString 48000; +in +{ + services.pipewire.wireplumber = { + enable = true; + + extraConfig = { + "10-log-level-debug" = { + "context.properties"."log.level" = "D"; + }; + + "10-default-volume" = { + "wireplumber.settings"."device.routes.default-sink-volume" = 1.0; + }; + + "92-low-latency" = { + "monitor.alsa.rules" = [ + { + matches = [ + { "device.name" = "~alsa_card.*"; } + { "node.name" = "~alsa_output.*"; } + ]; + + actions.update-props = { + "node.description" = "ALSA Low Latency Output"; + "audio.rate" = rate; + "audio.format" = "S32LE"; + "resample.quality" = 4; + "resample.disable" = false; + "session.suspend-timeout-seconds" = 0; + "api.alsa.period-size" = 2; + "api.alsa.headroom" = 128; + "api.alsa.period-num" = 2; + "api.alsa.disable-batch" = false; + }; + } + ]; + }; + }; + }; +} diff --git a/modules/desktop/software/multimedia/default.nix b/modules/desktop/software/multimedia/default.nix new file mode 100644 index 0000000..7bf261a --- /dev/null +++ b/modules/desktop/software/multimedia/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./audio + ./video + ]; +} diff --git a/modules/desktop/software/multimedia/video/default.nix b/modules/desktop/software/multimedia/video/default.nix new file mode 100644 index 0000000..31cdfd5 --- /dev/null +++ b/modules/desktop/software/multimedia/video/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + imports = [ + ./graphics.nix + ./libva.nix + ./nvidia.nix + ./vulkan.nix + ]; + + environment.systemPackages = [ pkgs.mediastreamer-openh264 ]; +} diff --git a/modules/desktop/software/multimedia/video/graphics.nix b/modules/desktop/software/multimedia/video/graphics.nix new file mode 100644 index 0000000..13da295 --- /dev/null +++ b/modules/desktop/software/multimedia/video/graphics.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + hardware.graphics = { + enable = true; + enable32Bit = true; + + extraPackages = with pkgs; [ + nvidia-vaapi-driver + vaapiVdpau + libvdpau-va-gl + ]; + + extraPackages32 = with pkgs; [ + nvidia-vaapi-driver + vaapiVdpau + libvdpau-va-gl + ]; + }; + + environment.systemPackages = [ pkgs.mesa ]; +} diff --git a/modules/desktop/software/multimedia/video/libva.nix b/modules/desktop/software/multimedia/video/libva.nix new file mode 100644 index 0000000..d420495 --- /dev/null +++ b/modules/desktop/software/multimedia/video/libva.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + libva + libva-utils + ]; +} diff --git a/modules/desktop/software/multimedia/video/nvidia.nix b/modules/desktop/software/multimedia/video/nvidia.nix new file mode 100644 index 0000000..c133bc2 --- /dev/null +++ b/modules/desktop/software/multimedia/video/nvidia.nix @@ -0,0 +1,38 @@ +{ pkgs, config, ... }: +{ + environment = { + systemPackages = with pkgs; [ + nvidia-container-toolkit + nvidia-docker + ]; + + shellAliases.nvidia-settings = "nvidia-settings --config='$XDG_CONFIG_HOME'/nvidia/settings"; + }; + + boot = { + blacklistedKernelModules = [ "nouveau" ]; + + kernelParams = [ + "nvidia-drm.fbdev=1" + "nvidia-drm.modeset=1" + "nvidia.NVreg_PreserveVideoMemoryAllocations=1" + ]; + }; + + hardware = { + nvidia-container-toolkit.enable = true; + + nvidia = { + modesetting.enable = true; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.production; + forceFullCompositionPipeline = true; + + powerManagement = { + enable = true; + finegrained = false; + }; + }; + }; +} diff --git a/modules/desktop/software/multimedia/video/vulkan.nix b/modules/desktop/software/multimedia/video/vulkan.nix new file mode 100644 index 0000000..be37e0e --- /dev/null +++ b/modules/desktop/software/multimedia/video/vulkan.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-tools + vulkan-extension-layer + ]; +} diff --git a/modules/desktop/software/programs.nix b/modules/desktop/software/programs.nix new file mode 100644 index 0000000..a1025fb --- /dev/null +++ b/modules/desktop/software/programs.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: +{ + programs = { + fish.enable = true; + mtr.enable = true; + dconf.enable = true; + ccache.enable = true; + fuse.userAllowOther = true; + + bash.interactiveShellInit = '' + export HISTFILE="$XDG_STATE_HOME/bash/history" + ''; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + git + pinentry + runc + ]; +} diff --git a/modules/desktop/software/services/adb.nix b/modules/desktop/software/services/adb.nix new file mode 100644 index 0000000..d106ead --- /dev/null +++ b/modules/desktop/software/services/adb.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + programs.adb.enable = true; + + services.udev = { + packages = [ pkgs.android-udev-rules ]; + + extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666", GROUP="adbusers" + ''; + }; +} diff --git a/modules/desktop/software/services/ananicy.nix b/modules/desktop/software/services/ananicy.nix new file mode 100644 index 0000000..bdc9bbd --- /dev/null +++ b/modules/desktop/software/services/ananicy.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + services.ananicy = { + enable = false; + package = pkgs.ananicy-cpp; + rulesProvider = pkgs.ananicy-rules-cachyos; + }; +} diff --git a/modules/desktop/software/services/dbus.nix b/modules/desktop/software/services/dbus.nix new file mode 100644 index 0000000..8b25bf9 --- /dev/null +++ b/modules/desktop/software/services/dbus.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + services.dbus = { + enable = true; + implementation = "broker"; + + packages = with pkgs; [ + dconf + gcr + udisks2 + # flatpak + # xdg-desktop-portal + ]; + }; +} diff --git a/modules/desktop/software/services/default.nix b/modules/desktop/software/services/default.nix new file mode 100644 index 0000000..4b9ccf6 --- /dev/null +++ b/modules/desktop/software/services/default.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + imports = [ + # ./adb.nix + ./ananicy.nix + ./dbus.nix + ./libinput.nix + ./logrotate.nix + ./ollama.nix + # ./printing.nix + ./xserver.nix + ]; + + services = { + printing.enable = false; + gnome.gnome-keyring.enable = true; + fstrim.enable = false; + gvfs.enable = true; + udev.packages = with pkgs; [ pkgs.logitech-udev-rules ]; + thermald.enable = true; + irqbalance.enable = true; + gpm.enable = true; + }; +} diff --git a/modules/desktop/software/services/libinput.nix b/modules/desktop/software/services/libinput.nix new file mode 100644 index 0000000..643f814 --- /dev/null +++ b/modules/desktop/software/services/libinput.nix @@ -0,0 +1,13 @@ +{ + services.libinput = { + enable = true; + + mouse = { + accelProfile = "flat"; + }; + + touchpad = { + accelProfile = "flat"; + }; + }; +} diff --git a/modules/desktop/software/services/logrotate.nix b/modules/desktop/software/services/logrotate.nix new file mode 100644 index 0000000..2dedf2e --- /dev/null +++ b/modules/desktop/software/services/logrotate.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ... }: +{ + services.logrotate.settings = { + "/var/log/audit/audit.log" = { }; + + header = { + global = true; + dateext = true; + dateformat = "-%Y-%m-%d"; + nomail = true; + missingok = true; + copytruncate = true; + priority = 1; + frequency = "daily"; + rotate = 7; + minage = 1; + compress = true; + compresscmd = "${lib.getExe' pkgs.zstd "zstd"}"; + compressoptions = " -Xcompression-level 10"; + compressext = "zst"; + uncompresscmd = "${lib.getExe' pkgs.zstd "unzstd"}"; + }; + }; +} diff --git a/modules/desktop/software/services/ollama.nix b/modules/desktop/software/services/ollama.nix new file mode 100644 index 0000000..d737250 --- /dev/null +++ b/modules/desktop/software/services/ollama.nix @@ -0,0 +1,6 @@ +{ + services.ollama = { + enable = true; + acceleration = "cuda"; + }; +} diff --git a/modules/desktop/software/services/printing.nix b/modules/desktop/software/services/printing.nix new file mode 100644 index 0000000..f7a38de --- /dev/null +++ b/modules/desktop/software/services/printing.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services = { + printing = { + enable = true; + + drivers = with pkgs; [ + gutenprint + hplip + ]; + }; + + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} diff --git a/modules/desktop/software/services/xserver.nix b/modules/desktop/software/services/xserver.nix new file mode 100644 index 0000000..f1833a4 --- /dev/null +++ b/modules/desktop/software/services/xserver.nix @@ -0,0 +1,10 @@ +{ + services.xserver = { + xkb = { + layout = "us"; + options = "caps:escape"; + }; + + videoDrivers = [ "nvidia" ]; + }; +} diff --git a/modules/desktop/software/shell.nix b/modules/desktop/software/shell.nix new file mode 100644 index 0000000..0b3508f --- /dev/null +++ b/modules/desktop/software/shell.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + environment = with pkgs; { + binsh = "${dash}/bin/dash"; + shells = [ fish ]; + }; +} diff --git a/modules/desktop/software/systemd.nix b/modules/desktop/software/systemd.nix new file mode 100644 index 0000000..c475d96 --- /dev/null +++ b/modules/desktop/software/systemd.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + boot.initrd.systemd.enable = true; + + systemd.services.containerd.path = with pkgs; [ + containerd + runc + iptables + nvidia-docker + ]; +} diff --git a/modules/desktop/software/users.nix b/modules/desktop/software/users.nix new file mode 100644 index 0000000..ab3fe03 --- /dev/null +++ b/modules/desktop/software/users.nix @@ -0,0 +1,46 @@ +{ pkgs, secrets, ... }: +let + initialHashedPassword = secrets.initial_hashed_password; +in +{ + users = { + mutableUsers = false; + + users = { + root = { + inherit initialHashedPassword; + + shell = pkgs.bash; + }; + + ebisu = { + inherit initialHashedPassword; + + isNormalUser = true; + shell = pkgs.fish; + + extraGroups = [ + "wheel" + "systemd-journal" + "audio" + "video" + "input" + "plugdev" + "lp" + "tss" + "power" + "nix" + "network" + "networkmanager" + "wireshark" + "mysql" + "docker" + "podman" + "git" + "libvirtd" + "kvm" + ]; + }; + }; + }; +} |