From 1d7c63dbe5b2aed98cba9c57b9bfcfbc4d049031 Mon Sep 17 00:00:00 2001 From: Milo Moisson Date: Mon, 1 Jan 2024 18:49:41 +0100 Subject: [PATCH] feat: factorize nixos config and centralize unfree predicate --- flake.nix | 2 +- home-manager/profiles/desktop.nix | 311 ++++++++++++------------- lib/unfree.nix | 22 ++ nixos/hardware/archaic-wiro-laptop.nix | 2 + nixos/hardware/neo-wiro-laptop.nix | 2 + nixos/modules/agenix.nix | 13 ++ nixos/modules/backup.nix | 2 +- nixos/modules/gaming.nix | 19 ++ nixos/modules/logiops.nix | 85 +++++++ nixos/modules/nix.nix | 51 ++++ nixos/modules/security.nix | 50 ++++ nixos/modules/virtualisation.nix | 21 ++ nixos/modules/wireless.nix | 30 +++ nixos/profiles/laptop.nix | 198 +--------------- overlays/default.nix | 11 +- 15 files changed, 463 insertions(+), 356 deletions(-) create mode 100644 lib/unfree.nix create mode 100644 nixos/modules/agenix.nix create mode 100644 nixos/modules/gaming.nix create mode 100644 nixos/modules/logiops.nix create mode 100644 nixos/modules/nix.nix create mode 100644 nixos/modules/security.nix create mode 100644 nixos/modules/virtualisation.nix create mode 100644 nixos/modules/wireless.nix diff --git a/flake.nix b/flake.nix index d801224..6b72d03 100644 --- a/flake.nix +++ b/flake.nix @@ -44,7 +44,7 @@ { formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixpkgs-fmt); - packages = forAllSystems (system: import ./pkgs (import nixpkgs { inherit system; config.allowUnfree = true; })); + packages = forAllSystems (system: import ./pkgs (import nixpkgs { inherit system; config.allowUnfreePredicate = import ../lib/unfree nixpkgs.legacyPackages.${system}; })); apps = forAllSystems (system: import ./apps (nixpkgs.legacyPackages.${system} // { inherit self; })); overlays = import ./overlays (nixpkgs // { inherit self; }); diff --git a/home-manager/profiles/desktop.nix b/home-manager/profiles/desktop.nix index b0a2ca5..9160752 100644 --- a/home-manager/profiles/desktop.nix +++ b/home-manager/profiles/desktop.nix @@ -2,6 +2,7 @@ , lib , config , pkgs + # Provides the NixOS configuration if HM was loaded through the NixOS module , osConfig ? null , ... }: @@ -12,9 +13,6 @@ let inherit (self.inputs) agenix nix-index-database nix-colors; inherit (self.outputs) overlays; - # Says is the config has been loaded by the NixOS HM module or is it a standalone installation. - isNixosManaged = osConfig != null; - tomlFormat = pkgs.formats.toml { }; in { @@ -37,192 +35,187 @@ in ../modules/shell.nix ]; - nixpkgs = { - overlays = [ overlays.all ]; - - config = { - allowUnfreePredicate = pkg: builtins.elem (getName pkg) [ - "authy" - "discord" - "spotify" - "vscode" - "thorium-browser" - "unrar" - "geogebra" - ]; + config = { + nixpkgs = { + overlays = [ overlays.all ]; + config.allowUnfreePredicate = import ../../lib/unfree.nix pkgs; }; - }; - programs.home-manager.enable = !isNixosManaged; + programs.home-manager.enable = osConfig == null; - home = { - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - stateVersion = "23.05"; - username = "milomoisson"; - homeDirectory = "/home/milomoisson"; + home = { + stateVersion = + if osConfig != null + then osConfig.system.stateVersion + else "23.11"; - sessionVariables = { - XDG_DESKTOP_DIR = "$HOME"; + username = "milomoisson"; + homeDirectory = "/home/milomoisson"; - # Respect XDG spec - BUN_INSTALL = "${config.xdg.dataHome}/bun"; - CALCHISTFILE = "${config.xdg.cacheHome}/calc_history"; - HISTFILE = "${config.xdg.dataHome}/bash_history"; - RUSTUP_HOME = "${config.xdg.dataHome}/rustup"; - WAKATIME_HOME = "${config.xdg.configHome}/wakatime"; - }; + sessionVariables = { + XDG_DESKTOP_DIR = "$HOME"; - # Respect XDG spec - file.".npmrc".text = '' - prefix=${config.xdg.dataHome}/npm - cache=${config.xdg.cacheHome}/npm - init-module=${config.xdg.configHome}/npm/config/npm-init.js - logs-dir=${config.xdg.stateHome}/npm/logs - ''; - - packages = with pkgs; [ - # Unfree packages - authy - discord - spotify - thorium - geogebra6 - - # GUIs - cinnamon.nemo - transmission-gtk - gnome.gnome-disk-utility - greenlight - cura - blender - element-desktop - - xdg-utils - rustup # TODO: not sure to keep rustup in path - spotify-tui - - # CLI tools - bat - fd - delta - ripgrep - glow - fzf - btop - tealdeer - jq - calc - - imv - mpv - wl-clipboard - wf-recorder - ]; - }; + NIXOS_OZONE_WL = "1"; - xdg.configFile."tealdeer/config.toml".source = tomlFormat.generate "tealdeer-config" { - updates.auto_update = true; - }; + # Respect XDG spec + BUN_INSTALL = "${config.xdg.dataHome}/bun"; + CALCHISTFILE = "${config.xdg.cacheHome}/calc_history"; + HISTFILE = "${config.xdg.dataHome}/bash_history"; + RUSTUP_HOME = "${config.xdg.dataHome}/rustup"; + WAKATIME_HOME = "${config.xdg.configHome}/wakatime"; + }; - programs.broot.enable = true; + # Respect XDG spec + file.".npmrc".text = '' + prefix=${config.xdg.dataHome}/npm + cache=${config.xdg.cacheHome}/npm + init-module=${config.xdg.configHome}/npm/config/npm-init.js + logs-dir=${config.xdg.stateHome}/npm/logs + ''; + + packages = with pkgs; [ + authy + discord + spotify + thorium + geogebra6 + + # GUIs + cinnamon.nemo + transmission-gtk + gnome.gnome-disk-utility + greenlight + cura + blender + element-desktop + + xdg-utils + rustup # TODO: not sure to keep rustup in path + spotify-tui + + # CLI tools + bat + fd + delta + ripgrep + glow + fzf + btop + tealdeer + jq + calc + + imv + mpv + wl-clipboard + wf-recorder + ]; + }; - programs.yazi = { - enable = true; + xdg.configFile."tealdeer/config.toml".source = tomlFormat.generate "tealdeer-config" { + updates.auto_update = true; + }; - enableBashIntegration = true; - enableFishIntegration = true; - enableNushellIntegration = true; - enableZshIntegration = true; - }; + programs.broot.enable = true; - programs.go = { - enable = true; - goPath = ".local/share/go"; - }; + programs.yazi = { + enable = true; - home.file.".cargo/config.toml".source = tomlFormat.generate "cargo-config" { - build.rustc-wrapper = getExe' pkgs.sccache "sccache"; + enableBashIntegration = true; + enableFishIntegration = true; + enableNushellIntegration = true; + enableZshIntegration = true; + }; - source = { - local-mirror.registry = "sparse+http://local.crates.io:8080/index/"; - # crates-io.replace-with = "local-mirror"; + programs.go = { + enable = true; + goPath = ".local/share/go"; }; - target = { - x86_64-unknown-linux-gnu = { - linker = getExe pkgs.llvmPackages.clang; - rustflags = [ "-Clink-arg=--ld-path=${getExe pkgs.mold}" "-Ctarget-cpu=native" ]; + home.file.".cargo/config.toml".source = tomlFormat.generate "cargo-config" { + build.rustc-wrapper = getExe' pkgs.sccache "sccache"; + + source = { + local-mirror.registry = "sparse+http://local.crates.io:8080/index/"; + # crates-io.replace-with = "local-mirror"; }; - x86_64-apple-darwin.rustflags = [ "-Clink-arg=-fuse-ld=${getExe' pkgs.llvmPackages.lld "lld"}" "-Ctarget-cpu=native" ]; - aarch64-apple-darwin.rustflags = [ "-Clink-arg=-fuse-ld=${getExe' pkgs.llvmPackages.lld "lld"}" "-Ctarget-cpu=native" ]; - }; - unstable.gc = true; - }; + target = { + x86_64-unknown-linux-gnu = { + linker = getExe pkgs.llvmPackages.clang; + rustflags = [ "-Clink-arg=--ld-path=${getExe pkgs.mold}" "-Ctarget-cpu=native" ]; + }; + x86_64-apple-darwin.rustflags = [ "-Clink-arg=-fuse-ld=${getExe' pkgs.llvmPackages.lld "lld"}" "-Ctarget-cpu=native" ]; + aarch64-apple-darwin.rustflags = [ "-Clink-arg=-fuse-ld=${getExe' pkgs.llvmPackages.lld "lld"}" "-Ctarget-cpu=native" ]; + }; - xdg.mimeApps = { - enable = true; - associations.added = { - "application/pdf" = [ "firefox.desktop" ]; + unstable.gc = true; }; - defaultApplications = { - "application/pdf" = [ "firefox.desktop" ]; - }; - }; - # Nicely reload system units when changing configs - systemd.user.startServices = "sd-switch"; - - programs.firefox = { - enable = true; - package = (pkgs.firefox.override { - nativeMessagingHosts = with pkgs; [ tridactyl-native ]; - }); - profiles.default = { - isDefault = true; - settings = { - "browser.newtabpage.pinned" = [{ title = "NixOS"; url = "https://nixos.org"; }]; + xdg.mimeApps = { + enable = true; + associations.added = { + "application/pdf" = [ "firefox.desktop" ]; + }; + defaultApplications = { + "application/pdf" = [ "firefox.desktop" ]; }; }; - }; - programs.qutebrowser.enable = true; - programs.kitty = { - enable = true; - settings = { - confirm_os_window_close = 0; - enable_audio_bell = "no"; - - # foreground = "#${config.colorScheme.colors.base05}"; - # background = "#${config.colorScheme.colors.base00}"; + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; + + programs.firefox = { + enable = true; + package = (pkgs.firefox.override { + nativeMessagingHosts = with pkgs; [ tridactyl-native ]; + }); + profiles.default = { + isDefault = true; + settings = { + "browser.newtabpage.pinned" = [{ title = "NixOS"; url = "https://nixos.org"; }]; + }; + }; }; - }; + programs.qutebrowser.enable = true; - # TODO: configure - services.spotifyd.enable = true; + programs.kitty = { + enable = true; + settings = { + confirm_os_window_close = 0; + enable_audio_bell = "no"; - programs.gpg.enable = true; + # foreground = "#${config.colorScheme.colors.base05}"; + # background = "#${config.colorScheme.colors.base00}"; + }; + }; - programs.topgrade = { - enable = true; - package = pkgs.unstable.topgrade; - settings = { - misc = { - # Don't ask for confirmations - assume_yes = true; + # TODO: configure + services.spotifyd.enable = true; - # Run `sudo -v` to cache credentials at the start of the run; this avoids a - # blocking password prompt in the middle of a possibly-unattended run. - pre_sudo = true; + programs.gpg.enable = true; - skip_notify = true; - disable = [ "rustup" ]; - no_retry = true; - cleanup = true; + programs.topgrade = { + enable = true; + package = pkgs.unstable.topgrade; + settings = { + misc = { + # Don't ask for confirmations + assume_yes = true; + + # Run `sudo -v` to cache credentials at the start of the run; this avoids a + # blocking password prompt in the middle of a possibly-unattended run. + pre_sudo = true; + + skip_notify = true; + disable = [ "rustup" ]; + no_retry = true; + cleanup = true; + }; + + # TODO: sepcify via global config + git.repos = [ "~/Developement/*/*" "~/.config/dotfiles" ]; }; - - # TODO: sepcify via global config - git.repos = [ "~/Developement/*/*" "~/.config/dotfiles" ]; }; }; } diff --git a/lib/unfree.nix b/lib/unfree.nix new file mode 100644 index 0000000..ea24ccd --- /dev/null +++ b/lib/unfree.nix @@ -0,0 +1,22 @@ +pkgs: + +# List of all unfree packages authorized + +let + inherit (builtins) elem; + inherit (pkgs.lib) getName; +in +package: elem (getName package) [ + # NixOS + "steam" + "steam-original" + "steam-run" + + # Home Manager + "authy" + "discord" + "spotify" + "thorium-browser" + "unrar" + "geogebra" +] diff --git a/nixos/hardware/archaic-wiro-laptop.nix b/nixos/hardware/archaic-wiro-laptop.nix index 675f1c6..07929ae 100644 --- a/nixos/hardware/archaic-wiro-laptop.nix +++ b/nixos/hardware/archaic-wiro-laptop.nix @@ -38,4 +38,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + system.stateVersion = "23.05"; } diff --git a/nixos/hardware/neo-wiro-laptop.nix b/nixos/hardware/neo-wiro-laptop.nix index 6cab307..c097698 100644 --- a/nixos/hardware/neo-wiro-laptop.nix +++ b/nixos/hardware/neo-wiro-laptop.nix @@ -20,4 +20,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + system.stateVersion = "23.05"; } diff --git a/nixos/modules/agenix.nix b/nixos/modules/agenix.nix new file mode 100644 index 0000000..9a79534 --- /dev/null +++ b/nixos/modules/agenix.nix @@ -0,0 +1,13 @@ +{ self +, config +, ... +}: + +let + inherit (self.inputs) agenix; +in +{ + imports = [ agenix.nixosModules.default ../../secrets ]; + config.age.identityPaths = [ "/home/${config.local.user.username}/.ssh/id_ed25519" ]; +} + diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 862c7cc..8c20378 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -13,7 +13,7 @@ let in { - services.restic.backups = { + config.services.restic.backups = { # Backup documents and repos code google-drive = { repository = "rclone:googledrive:/Backups/${hostname}"; diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix new file mode 100644 index 0000000..d0daa95 --- /dev/null +++ b/nixos/modules/gaming.nix @@ -0,0 +1,19 @@ +{ lib +, config +, pkgs +, ... +}: + +with lib; + +{ + config = { + programs.steam = { + enable = true; + + # Open ports in the firewall for Steam Remote Play and Source Dedicated Server + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + }; +} diff --git a/nixos/modules/logiops.nix b/nixos/modules/logiops.nix new file mode 100644 index 0000000..84c79cd --- /dev/null +++ b/nixos/modules/logiops.nix @@ -0,0 +1,85 @@ +{ self +, lib +, config +, pkgs +, ... +}: + +with lib; + +let + inherit (self.outputs) nixosModules; +in +{ + imports = [ nixosModules.logiops ]; + + config.services.logiops = { + enable = true; + settings = + let + cid = { + # Control IDs │ reprog? │ fn key? │ mouse key? │ gesture support? + leftMouse = 80; # 0x50 │ │ │ YES │ + rightMouse = 81; # 0x51 │ │ │ YES │ + middleMouse = 81; # 0x52 │ YES │ │ YES │ YES + back = 83; # 0x53 │ YES │ │ YES │ YES + forward = 86; # 0x56 │ YES │ │ YES │ YES + switchRecievers = 215; # 0xD7 │ YES │ │ │ YES + mouseSensitivity = 253; # 0xFD │ YES │ │ YES │ YES + }; + in + { + devices = [{ + name = "MX Vertical Advanced Ergonomic Mouse"; + + dpi = 1500; + + hiresscroll = { + hires = true; + invert = false; + target = false; + }; + + buttons = [ + { + cid = cid.forward; + action = { + type = "Keypress"; + keys = [ "KEY_FORWARD" ]; + # type = "Gestures"; + # gestures = [ + # { + # direction = "Left"; + # mode = "OnTreshold"; + # action = { + # type = "Keypress"; + # keys = ["KEY_LEFTMETA" "KEY_LEFTCTRL" "KEY_LEFTSHIFT" "KEY_TAB"]; + # }; + # } + # ]; + }; + } + { + cid = cid.back; + action = { + type = "Keypress"; + keys = [ "KEY_BACK" ]; + }; + } + { + cid = cid.mouseSensitivity; + action = { + type = "Keypress"; + keys = [ "KEY_LEFTMETA" ]; + }; + } + { + cid = cid.switchRecievers; + action.type = "None"; + } + ]; + }]; + }; + }; +} + diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix new file mode 100644 index 0000000..ade4892 --- /dev/null +++ b/nixos/modules/nix.nix @@ -0,0 +1,51 @@ +{ self +, lib +, config +, pkgs +, ... +}: + +with lib; + +let + inherit (self.outputs) overlays; +in +{ + config = { + nixpkgs = { + overlays = [ overlays.all ]; + config.allowUnfreePredicate = import ../../lib/unfree.nix pkgs; + }; + + nix = { + # Make system registry consistent with flake inputs + # Add `self` registry input that refers to flake + registry = mapAttrs (_: value: { flake = value; }) (self.inputs // { inherit self; }); + + # Make NixOS system's legacy channels consistent with registry and flake inputs + nixPath = mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + gc = { + automatic = true; + dates = "weekly"; + }; + + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + + keep-going = true; + + trusted-users = [ config.local.user.username ]; + extra-substituters = [ + "https://nix-community.cachix.org" + "https://mrnossiom.cachix.org" + ]; + extra-trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg=" + ]; + }; + }; + }; +} diff --git a/nixos/modules/security.nix b/nixos/modules/security.nix new file mode 100644 index 0000000..6b43be4 --- /dev/null +++ b/nixos/modules/security.nix @@ -0,0 +1,50 @@ +{ lib +, config +, pkgs +, ... +}: + +with lib; + +{ + config = { + # Sudo + security.sudo.enable = false; + security.sudo-rs.enable = true; + + # Security Kits + security.polkit.enable = true; + security.rtkit.enable = true; + + # Systemd Login + services.logind = { + lidSwitch = "lock"; + lidSwitchDocked = "suspend"; + lidSwitchExternalPower = "lock"; + extraConfig = lib.generators.toKeyValue { } { + IdleAction = "lock"; + # Don’t shutdown when power button is short-pressed + HandlePowerKey = "lock"; + HandlePowerKeyLongPress = "suspend"; + }; + }; + + security.pam.services.swaylock.text = "auth include login"; + + # Signing + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + services.gnome.gnome-keyring.enable = true; + + # SSH + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + }; +} diff --git a/nixos/modules/virtualisation.nix b/nixos/modules/virtualisation.nix new file mode 100644 index 0000000..cf2dfd7 --- /dev/null +++ b/nixos/modules/virtualisation.nix @@ -0,0 +1,21 @@ +{ lib +, config +, pkgs +, ... +}: + +with lib; + +{ + config = { + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + + virtualisation.waydroid.enable = true; + }; +} diff --git a/nixos/modules/wireless.nix b/nixos/modules/wireless.nix new file mode 100644 index 0000000..4bbb673 --- /dev/null +++ b/nixos/modules/wireless.nix @@ -0,0 +1,30 @@ +{ lib +, config +, pkgs +, ... +}: + +with lib; + +{ + config = { + # Wifi + networking.networkmanager.enable = true; + networking.nameservers = [ "1.1.1.1" "8.8.8.8" "9.9.9.9" ]; + + programs.nm-applet.enable = true; + + # Bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; + + # Printing + services.printing.enable = true; + + services.avahi = { + enable = true; + nssmdns = true; + openFirewall = true; + }; + }; +} diff --git a/nixos/profiles/laptop.nix b/nixos/profiles/laptop.nix index c82e182..e39aaad 100644 --- a/nixos/profiles/laptop.nix +++ b/nixos/profiles/laptop.nix @@ -14,52 +14,16 @@ in { # Hardware is imported in the flake to be machine specific imports = [ + ../modules/agenix.nix ../modules/backup.nix - - agenix.nixosModules.default - { age.identityPaths = [ "/home/${config.local.user.username}/.ssh/id_ed25519" ]; } - ../../secrets - - nixosModules.logiops + ../modules/gaming.nix + ../modules/logiops.nix + ../modules/nix.nix + ../modules/security.nix + ../modules/virtualisation.nix + ../modules/wireless.nix ]; - - nix = { - # Make system registry consistent with flake inputs - # Add `self` registry input that refers to flake - registry = mapAttrs (_: value: { flake = value; }) (self.inputs // { inherit self; }); - - # Make NixOS system's legacy channels consistent with registry and flake inputs - nixPath = mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - gc = { - automatic = true; - dates = "weekly"; - }; - - settings = { - experimental-features = [ "nix-command" "flakes" ]; - auto-optimise-store = true; - - keep-going = true; - - trusted-users = [ config.local.user.username ]; - extra-substituters = [ - "https://nix-community.cachix.org" - "https://mrnossiom.cachix.org" - ]; - extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg=" - ]; - }; - }; - - nixpkgs = { - overlays = [ overlays.all ]; - config.allowUnfree = true; - }; - hardware.opengl = { enable = true; driSupport = true; @@ -72,14 +36,8 @@ in boot.extraModulePackages = with config.boot.kernelPackages; [ xone ]; - security.pam.services.swaylock.text = "auth include login"; programs.dconf.enable = true; - services.blueman.enable = true; - - networking.networkmanager.enable = true; - networking.nameservers = [ "1.1.1.1" "8.8.8.8" "9.9.9.9" ]; - time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; @@ -115,88 +73,8 @@ in services.udev.packages = with pkgs; [ numworks-udev-rules ]; - services.logiops = { - enable = true; - settings = - let - cid = { - # Control IDs │ reprog? │ fn key? │ mouse key? │ gesture support? - leftMouse = 80; # 0x50 │ │ │ YES │ - rightMouse = 81; # 0x51 │ │ │ YES │ - middleMouse = 81; # 0x52 │ YES │ │ YES │ YES - back = 83; # 0x53 │ YES │ │ YES │ YES - forward = 86; # 0x56 │ YES │ │ YES │ YES - switchRecievers = 215; # 0xD7 │ YES │ │ │ YES - mouseSensitivity = 253; # 0xFD │ YES │ │ YES │ YES - }; - in - { - devices = [{ - name = "MX Vertical Advanced Ergonomic Mouse"; - - dpi = 1500; - - hiresscroll = { - hires = true; - invert = false; - target = false; - }; - - buttons = [ - { - cid = cid.forward; - action = { - type = "Keypress"; - keys = [ "KEY_FORWARD" ]; - # type = "Gestures"; - # gestures = [ - # { - # direction = "Left"; - # mode = "OnTreshold"; - # action = { - # type = "Keypress"; - # keys = ["KEY_LEFTMETA" "KEY_LEFTCTRL" "KEY_LEFTSHIFT" "KEY_TAB"]; - # }; - # } - # ]; - }; - } - { - cid = cid.back; - action = { - type = "Keypress"; - keys = [ "KEY_BACK" ]; - }; - } - { - cid = cid.mouseSensitivity; - action = { - type = "Keypress"; - keys = [ "KEY_LEFTMETA" ]; - }; - } - { - cid = cid.switchRecievers; - action.type = "None"; - } - ]; - }]; - }; - }; - - services.flatpak.enable = true; - services.devmon.enable = true; - security.sudo.enable = false; - security.sudo-rs.enable = true; - - programs.nm-applet.enable = true; - - security.polkit.enable = true; - - security.rtkit.enable = true; - services.pipewire = { enable = true; alsa.enable = true; @@ -205,76 +83,14 @@ in jack.enable = true; }; - virtualisation.waydroid.enable = true; - - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - - # TODO: see if it works on neo laptop - services.fprintd.enable = true; - - services.gnome.gnome-keyring.enable = true; - - # TODO: should not be here - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; - services.upower.enable = true; - # TODO: maybe useful for printing - services.avahi = { - enable = true; - nssmdns = true; - openFirewall = true; - }; - - services.printing.enable = true; - xdg.portal = { enable = true; wlr.enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; - xdgOpenUsePortal = true; config.common.default = "*"; }; - - services.logind = { - lidSwitch = "lock"; - lidSwitchDocked = "suspend"; - lidSwitchExternalPower = "lock"; - extraConfig = lib.generators.toKeyValue { } { - IdleAction = "lock"; - # Don’t shutdown when power button is short-pressed - HandlePowerKey = "lock"; - HandlePowerKeyLongPress = "suspend"; - }; - }; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; - - hardware.bluetooth.enable = true; - - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "23.05"; } diff --git a/overlays/default.nix b/overlays/default.nix index 87b22d7..5d0294d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,10 @@ -{ self, lib, ... }: +{ self +, lib +, ... +}: let - inherit (self) inputs; + inherit (self.inputs) nixpkgs-unstable; inherit (lib) composeManyExtensions; in rec { @@ -19,7 +22,7 @@ rec { patches = import ./patches.nix; # Makes the unstable nixpkgs set accessible through `pkgs.unstable` - unstable-packages = final: _prev: { - unstable = import inputs.nixpkgs-unstable { system = final.system; config.allowUnfree = true; }; + unstable-packages = final: prev: { + unstable = import nixpkgs-unstable { inherit (final) system config; }; }; }