bwc9876.dev
Flake for my NixOS devices
NixOS config, aperture almost done
-3
flake.nix
-3
flake.nix
+1
-2
homeModules/cat.nix
+1
-2
homeModules/cat.nix
+4
-4
homeModules/comma.nix
+4
-4
homeModules/comma.nix
···
1
-
{
1
+
{inputs, ...}: {
2
2
config,
3
3
lib,
4
-
inputs,
5
4
pkgs,
6
5
...
7
6
}: {
8
7
imports = [inputs.nix-index-db.homeModules.nix-index];
9
8
10
-
options.cow.comma.enable = lib.mkEnableOption "Command With DB";
9
+
options.cow.comma.enable = lib.mkEnableOption "Comma With DB";
11
10
12
11
config = lib.mkIf config.cow.comma.enable {
13
-
nix-index.enable = true;
12
+
nixpkgs.overlays = [inputs.nix-index-db.overlays.nix-index];
13
+
programs.nix-index.enable = true;
14
14
home.packages = with pkgs; [
15
15
comma-with-db
16
16
];
+7
homeModules/default.nix
+7
homeModules/default.nix
+21
-12
homeModules/dev.nix
+21
-12
homeModules/dev.nix
···
1
-
{
1
+
{inputs, ...}: {
2
2
config,
3
-
inputs,
4
3
lib,
5
4
pkgs,
6
5
...
7
6
}: {
8
7
options.cow.dev = let
9
-
mkLangOpt = d: (lib.mkEnableOption d // {default = true;});
8
+
mkLangOpt = d: ((lib.mkEnableOption d) // {default = true;});
10
9
in {
11
10
enable = lib.mkEnableOption "Dev stuff (all on by default)";
11
+
c = mkLangOpt "C/C++ dev stuf";
12
12
rust = mkLangOpt "Rust dev stuff";
13
13
haskell = mkLangOpt "Haskell dev stuff";
14
14
js = mkLangOpt "JavaScript dev stuff";
···
21
21
conf = config.cow.dev;
22
22
in
23
23
lib.mkIf conf.enable {
24
-
nixpkgs.overlays = lib.optional conf.rust [inputs.fenix.overlays.default];
24
+
nixpkgs.overlays = lib.optional conf.rust inputs.fenix.overlays.default;
25
25
26
26
xdg.configFile = {
27
27
"astro/config.json" = lib.mkIf conf.js {
···
42
42
};
43
43
44
44
cow.imperm.keepCache =
45
-
(lib.optional conf.rust [".cargo"])
46
-
++ (lib.optional conf.js [
45
+
[
46
+
".config/gh"
47
+
]
48
+
++ (lib.optional conf.rust ".cargo")
49
+
++ (lib.optionals conf.js [
47
50
".npm"
48
51
".pnpm"
49
52
]);
50
53
51
54
programs.git = {
52
55
enable = true;
53
-
config = {
56
+
settings = {
54
57
init.defaultBranch = "main";
55
58
advice.addIgnoredFiles = false;
56
59
};
···
58
61
59
62
home.packages = with pkgs;
60
63
[gh]
61
-
++ (lib.optional conf.rust [
64
+
++ (lib.optionals (conf.rust or conf.c) [
65
+
pkg-config
66
+
gnumake
67
+
gcc
68
+
gdb
69
+
])
70
+
++ (lib.optionals conf.rust [
62
71
(pkgs.fenix.complete.withComponents [
63
72
"cargo"
64
73
"clippy"
···
71
80
mprocs
72
81
evcxr
73
82
])
74
-
++ (lib.optional conf.js [
83
+
++ (lib.optionals conf.js [
75
84
nodejs_latest
76
85
nodePackages.pnpm
77
86
yarn
78
87
deno
79
88
])
80
-
++ (lib.optional conf.haskell [
89
+
++ (lib.optionals conf.haskell [
81
90
haskell.compiler.ghc912
82
91
])
83
-
++ (lib.optional conf.python [
92
+
++ (lib.optionals conf.python [
84
93
python3
85
94
poetry
86
95
pipenv
···
88
97
ruff
89
98
black
90
99
])
91
-
++ (lib.optional conf.dotnet [
100
+
++ (lib.optionals conf.dotnet [
92
101
dotnet-sdk
93
102
dotnet-runtime
94
103
mono
+1
-5
homeModules/firefox.nix
+1
-5
homeModules/firefox.nix
+3
-3
homeModules/firewall.nix
+3
-3
homeModules/firewall.nix
···
1
-
{lib}: {
1
+
{...}: {lib, ...}: {
2
2
options.cow.firewall = {
3
-
tcp = { type = lib.types.listOf lib.types.int; };
4
-
udp = { type = lib.types.listOf lib.types.int; };
3
+
tcp = lib.mkOption {type = lib.types.listOf lib.types.int;};
4
+
udp = lib.mkOption {type = lib.types.listOf lib.types.int;};
5
5
};
6
6
}
+26
homeModules/games.nix
+26
homeModules/games.nix
···
1
+
{...}: {
2
+
pkgs,
3
+
config,
4
+
lib,
5
+
...
6
+
}: {
7
+
options.cow.games.enable = lib.mkEnableOption "playing games with Steam";
8
+
9
+
config = lib.mkIf config.cow.games.enable {
10
+
home.packages = with pkgs; [
11
+
steam
12
+
cemu
13
+
owmods-cli
14
+
owmods-gui
15
+
prismlauncher
16
+
];
17
+
18
+
cow.imperm.keepCache = [
19
+
".local/share/Steam"
20
+
".local/share/ow-mod-man"
21
+
".local/share/OuterWildsModManager"
22
+
".local/share/PrismLauncher"
23
+
".local/share/Cemu"
24
+
];
25
+
};
26
+
}
+43
-8
homeModules/gdi.nix
+43
-8
homeModules/gdi.nix
···
1
-
{
1
+
{inputs, ...}: {
2
2
config,
3
3
lib,
4
4
pkgs,
5
-
inputs',
6
5
...
7
6
}: {
8
7
options.cow.gdi = {
···
58
57
cursorTheme.package
59
58
iconTheme.package
60
59
60
+
wezterm
61
+
62
+
# Shell Components
63
+
hyprlock
64
+
hyprland-qtutils
65
+
66
+
## Waybar
67
+
qt6.qttools # For component
68
+
69
+
pavucontrol
70
+
71
+
wf-recorder
72
+
slurp
73
+
grim
74
+
xdg-utils
75
+
grimblast
76
+
tesseract
77
+
swappy
78
+
libnotify
61
79
swaynotificationcenter
62
-
swayosd
80
+
wl-clipboard
81
+
82
+
hunspell
83
+
hunspellDicts.en_US-large
63
84
];
64
85
65
86
wayland.windowManager.hyprland = {
···
118
139
"GRIMBLAST_EDITOR,swappy -f "
119
140
"QT_QPA_PLATFORM,wayland;xcb"
120
141
"QT_AUTO_SCREEN_SCALE_FACTOR,1"
142
+
"HYPRCURSOR_THEME,${hyprThemeName}"
143
+
"HYPRCURSOR_SIZE,${builtins.toJSON cursorTheme.size}"
121
144
];
122
145
windowrulev2 = [
123
146
"idleinhibit fullscreen,class:(.*),title:(.*)"
···
129
152
];
130
153
bind = let
131
154
powerMenu = "rofi -modi 'p:${pkgs.rofi-power-menu}/bin/rofi-power-menu' -show p --symbols-font \"FiraMono Nerd Font Mono\"";
132
-
screenshot = "${pkgs.nushell}/bin/nu ${../../res/screenshot.nu}";
155
+
screenshot = "${pkgs.nushell}/bin/nu ${../res/screenshot.nu}";
133
156
134
157
openTerminal = launchDesktopApp "org.wezfurlong.wezterm.desktop";
135
158
forEachWorkspace = {
···
150
173
[
151
174
"SUPER,M,submap,passthru"
152
175
]
153
-
++ lib.optional config.cow.firefox.enable [
176
+
++ lib.optionals config.cow.firefox.enable [
154
177
"SUPER,Q,exec,${launchDesktopApp "firefox-devedition.desktop"}"
155
178
]
156
179
++ [
···
178
201
"SUPER,B,exec,${runCmd "${pkgs.rofi-bluetooth}/bin/rofi-bluetooth"}"
179
202
"SUPER,Tab,exec,${runCmd "rofi -show window -show-icons"}"
180
203
]
181
-
++ lib.optional config.cow.yazi.enable ["SUPER,E,exec,${launchDesktopApp "yazi.desktop"}"]
204
+
++ lib.optionals config.cow.yazi.enable ["SUPER,E,exec,${launchDesktopApp "yazi.desktop"}"]
182
205
++ [
183
206
"SUPER,N,exec,${runCmd "${pkgs.swaynotificationcenter}/bin/swaync-client -t -sw"}"
184
207
"SUPER,A,exec,${runCmd "${pkgs.pavucontrol}/bin/pavucontrol --tab 5"}"
···
368
391
desc = "MPRIS Idle Inhibitor";
369
392
370
393
service = {
371
-
ExecStart = ''${inputs'.wayland-mpris-idle-inhibit.packages.default}/bin/wayland-mpris-idle-inhibit --ignore "kdeconnect" --ignore "playerctld"'';
394
+
ExecStart = ''${
395
+
inputs.wayland-mpris-idle-inhibit.packages.${pkgs.system}.default
396
+
}/bin/wayland-mpris-idle-inhibit --ignore "kdeconnect" --ignore "playerctld"'';
372
397
Restart = "on-failure";
373
398
RestartSec = "10";
374
399
};
···
376
401
};
377
402
378
403
fonts = {
379
-
antialiasing = true;
380
404
fontconfig = {
381
405
enable = true;
406
+
antialiasing = true;
382
407
defaultFonts = let
383
408
mainFonts = [
384
409
"FiraGO"
···
411
436
gtk.enable = true;
412
437
x11.enable = true;
413
438
};
439
+
440
+
gtk = {
441
+
enable = true;
442
+
iconTheme = lib.mkForce iconTheme;
443
+
gtk2.extraConfig = "gtk-application-prefer-dark-theme=true";
444
+
gtk3.extraConfig.gtk-application-prefer-dark-theme = true;
445
+
gtk4.extraConfig.gtk-application-prefer-dark-theme = true;
446
+
};
447
+
448
+
dconf.settings."org/gnome/desktop/interface".color-scheme = "prefer-dark";
414
449
415
450
services = {
416
451
hyprpolkitagent.enable = true;
+2
-2
homeModules/htop.nix
+2
-2
homeModules/htop.nix
···
1
-
{
1
+
{...}: {
2
2
lib,
3
3
config,
4
4
...
5
5
}: {
6
6
options.cow.htop.enable = lib.mkEnableOption "htop + customizations";
7
7
8
-
config = lib.mkIf {
8
+
config = lib.mkIf config.cow.htop.enable {
9
9
# TODO: Actually use Nix for this
10
10
xdg.configFile."htop/htoprc".text = ''
11
11
htop_version=3.3.0
+5
-6
homeModules/imperm.nix
+5
-6
homeModules/imperm.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
...
···
13
13
keepLibraries = lib.mkEnableOption "persisting library (Documents, Pictures, etc.) directories";
14
14
keepCache = listOfDirs "List of directories to persist if impermanence is enabled. These directories are *not* meant to be backed up";
15
15
keep = listOfDirs "List of directories to persist if impermanence is enabled. These directories should be backed up";
16
-
keepFiles = {
17
-
type = lib.types.listOf lib.types.str;
18
-
description = "List of files to keep. These files should be backed up";
19
-
};
16
+
keepFiles = listOfDirs "List of files to keep. These files should be backed up";
20
17
};
21
18
22
19
config = lib.mkIf config.cow.imperm.keepLibraries {
···
27
24
"Pictures"
28
25
"Documents"
29
26
".ssh"
27
+
];
28
+
cow.imperm.keepCache = [
30
29
".cache"
31
-
".local/state/wireplumber"
30
+
".local/share/wireplumber"
32
31
];
33
32
};
34
33
}
+4
-4
homeModules/kde-connect.nix
+4
-4
homeModules/kde-connect.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
...
5
5
}: {
6
-
options.cow.kde-connect.enable = "KDE connect to connect to phones";
6
+
options.cow.kde-connect.enable = lib.mkEnableOption "KDE connect to connect to phones";
7
7
8
8
config = lib.mkIf config.cow.kde-connect.enable {
9
-
cow.keepCache = [".config/kdeconnect"];
9
+
cow.imperm.keepCache = [".config/kdeconnect"];
10
10
cow.firewall.tcp = lib.range 1714 1764;
11
-
systemd.services.kdeconnect.Service.Environment = lib.mkForce [];
11
+
systemd.user.services.kdeconnect.Service.Environment = lib.mkForce [];
12
12
};
13
13
}
+3
-3
homeModules/keepassxc.nix
+3
-3
homeModules/keepassxc.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
pkgs,
···
6
6
}: {
7
7
options.cow.keepassxc = {
8
8
enable = lib.mkEnableOption "KeePassXC + autolaunch";
9
-
dbPath = {
9
+
dbPath = lib.mkOption {
10
10
type = lib.types.nullOr lib.types.str;
11
11
description = "KeePassXC DB to open on DE launch if cow.gdi is on";
12
12
default = null;
···
15
15
16
16
config = lib.mkIf config.cow.keepassxc.enable {
17
17
wayland.windowManager.hyprland.settings.exec-once =
18
-
lib.optional (config.cow.gdi.enable && config.cow.keepassxc.dbPath != null)
18
+
lib.optionals (config.cow.gdi.enable && config.cow.keepassxc.dbPath != null)
19
19
(
20
20
let
21
21
cmd = "keepassxc ${config.cow.keepassxc.dbPath}";
+7
-6
homeModules/music.nix
+7
-6
homeModules/music.nix
···
1
-
{
1
+
{inputs, ...}: {
2
+
pkgs,
2
3
lib,
3
4
config,
4
-
inputs',
5
5
...
6
6
}: {
7
7
options.cow.music = {
···
11
11
config = lib.mkIf config.cow.music.enable (
12
12
let
13
13
cat =
14
-
(builtins.fromJSON (builtins.readFile "${inputs'.catppuccin.packages.palette}/palette.json"))
15
-
.${config.catppuccin.flavor}.colors;
14
+
(builtins.fromJSON (
15
+
builtins.readFile "${inputs.catppuccin.packages.${pkgs.system}.palette}/palette.json"
16
+
)).${
17
+
config.catppuccin.flavor
18
+
}.colors;
16
19
accent = cat.${config.catppuccin.accent};
17
20
themeFile = ''
18
21
#![enable(implicit_some)]
···
336
339
)
337
340
'';
338
341
in {
339
-
cow.imperm.keepCache = [".local/share/mpd"];
340
-
341
342
programs.cava = {
342
343
enable = true;
343
344
};
+3
-3
homeModules/news.nix
+3
-3
homeModules/news.nix
···
1
-
{
1
+
{...}: {
2
2
pkgs,
3
3
config,
4
4
lib,
···
43
43
options.cow.news.enable = lib.mkEnableOption "news feeds with newsboat";
44
44
45
45
config = lib.mkIf config.cow.news.enable {
46
-
cow.imperm.keep = [".config/newsboat"];
46
+
cow.imperm.keep = [".local/share/newsboat"];
47
47
48
48
home.packages = with pkgs; [
49
49
w3m
···
59
59
60
60
programs.newsboat = {
61
61
enable = true;
62
-
browser = ''"${../../res/news-open.nu} %u"'';
62
+
browser = ''"${../res/news-open.nu} %u"'';
63
63
64
64
# notify-program ${../res/news-notify.nu}
65
65
+6
-6
homeModules/nushell.nix
+6
-6
homeModules/nushell.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
pkgs,
4
4
lib,
···
51
51
} else { $spans })
52
52
53
53
match $spans.0 {
54
-
${lib.optional conf.completers.fish ''
54
+
${lib.optionalString conf.completers.fish ''
55
55
nu => ${fishComplete}
56
56
git => ${fishComplete}
57
57
''}
···
73
73
show_banner: false,
74
74
completions: {
75
75
external: {
76
-
enable: ${doCompletions}
76
+
enable: ${builtins.toJSON doCompletions}
77
77
completer: ${
78
78
if doCompletions
79
79
then completions
···
82
82
},
83
83
},
84
84
hooks: {
85
-
${lib.optional conf.commandNotFound ''
85
+
${lib.optionalString conf.commandNotFound ''
86
86
command_not_found: ${cnf}
87
87
''}
88
88
}
···
93
93
'';
94
94
in {
95
95
enable = true;
96
-
configFile = ''
96
+
configFile.text = ''
97
97
$env.config = ${nu_config}
98
98
99
-
${lib.optional config.cow.starship.enable ''
99
+
${lib.optionalString config.cow.starship.enable ''
100
100
source ${init-starship}
101
101
''}
102
102
'';
+1
-2
homeModules/nvim.nix
+1
-2
homeModules/nvim.nix
+3
-3
homeModules/pictures.nix
+3
-3
homeModules/pictures.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
...
···
15
15
};
16
16
};
17
17
18
-
config = lib.mkIf config.cow.pfp.enable {
19
-
home.file.".face".source = config.cow.pfp.file;
18
+
config = lib.mkIf config.cow.pictures.enable {
19
+
home.file.".face".source = config.cow.pictures.pfp;
20
20
};
21
21
}
+3
-3
homeModules/sync.nix
+3
-3
homeModules/sync.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
...
···
6
6
options.cow.sync.enable = lib.mkEnableOption "syncing via SyncThing";
7
7
8
8
config = lib.mkIf config.cow.sync.enable {
9
-
cow.imperm.keepCache = [".local/share/syncthing"];
9
+
cow.imperm.keepCache = [".config/syncthing"];
10
10
11
11
cow.firewall = {
12
12
tcp = [22000];
13
13
udp = [21027 22000];
14
14
};
15
15
16
-
syncthing = {
16
+
services.syncthing = {
17
17
enable = true;
18
18
19
19
overrideFolders = false;
+33
-22
homeModules/user-bean.nix
+33
-22
homeModules/user-bean.nix
···
1
-
{
1
+
{...}: {
2
2
lib,
3
3
config,
4
4
...
5
-
}:
6
-
let
7
-
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsVzdJra+x5aEuwTjL1FBOiMh9bftvs8QwsM1xyEbdd";
8
-
in
9
-
{
10
-
11
-
options.cow.bean.enable = lib.mkEnableOption "Bean user presets";
5
+
}: {
6
+
options.cow.bean = {
7
+
enable = lib.mkEnableOption "Bean user presets";
8
+
pubkey = lib.mkOption {
9
+
type = lib.types.nullOr lib.types.str;
10
+
description = "Public key to accept for bean";
11
+
default = null;
12
+
};
13
+
};
12
14
13
15
config = lib.mkIf config.cow.bean.enable {
14
16
# My Personal config using most of my HM modules
15
17
16
18
home = {
17
-
file.".ssh/authorized_keys".text = ''
18
-
${pubkey} bean
19
+
file.".ssh/authorized_keys".text = lib.mkIf (config.cow.bean.pubkey != null) ''
20
+
${config.cow.bean.pubkey} bean
19
21
'';
20
22
username = lib.mkDefault "bean";
21
23
homeDirectory = lib.mkDefault "/home/bean";
22
24
};
23
25
24
-
programs.git.config.user = {
25
-
email = "bwc9876@gmail.com";
26
-
name = "Ben C";
27
-
signingKey = pubkey;
26
+
programs.git = {
27
+
signing = lib.mkIf (config.cow.bean.pubkey != null) {
28
+
format = "ssh";
29
+
signByDefault = true;
30
+
};
31
+
settings = {
32
+
user = {
33
+
email = "bwc9876@gmail.com";
34
+
name = "Ben C";
35
+
signingKey = lib.mkIf (config.cow.bean.pubkey != null) config.cow.bean.pubkey;
36
+
};
37
+
};
28
38
};
29
39
30
40
cow = {
31
41
libraries.enable = true;
32
-
imperm = {
42
+
imperm.keepLibraries = true;
43
+
pictures = {
33
44
enable = true;
34
-
keepLibraries = true;
35
-
};
36
-
pictures = {
37
45
pfp = ../res/pictures/cow.png;
38
46
bg = ../res/pictures/background.png;
39
47
};
···
41
49
enable = true;
42
50
commandNotFound = true;
43
51
};
44
-
nvim.enable = true;
52
+
neovim.enable = true;
45
53
htop.enable = true;
46
54
starship.enable = true;
47
55
yazi.enable = true;
···
49
57
comma.enable = true;
50
58
cat.enable = true;
51
59
52
-
firefox = config.cow.gdi.enable;
53
-
waybar = config.cow.gdi.enable;
54
-
keepassxc.dbPath = lib.mkDefault "${config.xdg.userDirs.documents}/KeePass/DB";
60
+
firefox.enable = config.cow.gdi.enable;
61
+
waybar.enable = config.cow.gdi.enable;
62
+
keepassxc = {
63
+
enable = config.cow.gdi.enable;
64
+
dbPath = lib.mkDefault "${config.xdg.userDirs.documents}/KeePass/DB";
65
+
};
55
66
};
56
67
};
57
68
}
+4
-5
homeModules/utils.nix
+4
-5
homeModules/utils.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
pkgs,
5
-
inputs',
6
5
...
7
6
}: {
8
7
options.cow.utils.enable =
9
-
lib.mkEnableOption "Handy utilities to have"
8
+
(lib.mkEnableOption "Handy utilities to have")
10
9
// {
11
10
default = true;
12
11
};
···
22
21
procfd
23
22
dust
24
23
zip
25
-
inputs'.gh-grader-preview.packages.default
24
+
inputs.gh-grader-preview.packages.${pkgs.system}.default
26
25
wol
27
26
libqalculate
28
27
p7zip
···
31
30
hyfetch
32
31
fastfetch
33
32
]
34
-
++ lib.optional config.cow.gdi.enable [wev];
33
+
++ lib.optional config.cow.gdi.enable wev;
35
34
36
35
programs.hyfetch = {
37
36
enable = true;
+4
-4
homeModules/waybar.nix
+4
-4
homeModules/waybar.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
pkgs,
···
376
376
"clock#1"
377
377
"clock#2"
378
378
]
379
-
++ lib.optional config.cow.news.enable ["custom/news"]
379
+
++ lib.optional config.cow.news.enable "custom/news"
380
380
++ [
381
381
"custom/weather"
382
382
"mpris"
···
388
388
"bluetooth"
389
389
"pulseaudio"
390
390
]
391
-
++ lib.optional config.cow.kde-connect.enable ["custom/kdeconnect"]
392
-
++ lib.optional config.cow.gdi.doIdle ["idle_inhibitor"]
391
+
++ lib.optional config.cow.kde-connect.enable "custom/kdeconnect"
392
+
++ lib.optional config.cow.gdi.doIdle "idle_inhibitor"
393
393
++ [
394
394
"custom/notification"
395
395
"privacy"
+1
-5
homeModules/yazi.nix
+1
-5
homeModules/yazi.nix
+61
nixosConfigurations/aperture.nix
+61
nixosConfigurations/aperture.nix
···
1
+
{
2
+
lib,
3
+
config,
4
+
inputs,
5
+
outputs,
6
+
...
7
+
}: {
8
+
system = "x86_64-linux";
9
+
10
+
modules =
11
+
(builtins.attrValues outputs.nixosModules)
12
+
++ [
13
+
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
14
+
{
15
+
home-manager.users.bean.home.stateVersion = "25.05";
16
+
system.stateVersion = "25.05";
17
+
networking.hostName = "aperture";
18
+
19
+
users.users = let
20
+
secureRoot = "/nix/persist/secure";
21
+
in {
22
+
bean.password = "qaswedfr";
23
+
# bean.hashedPasswordFile = "${secureRoot}/hashed-passwd";
24
+
root.hashedPasswordFile = "${secureRoot}/hashed-passwd";
25
+
};
26
+
27
+
cow = {
28
+
lanzaboote.enable = true;
29
+
role-laptop = {
30
+
enable = true;
31
+
fingerPrintSensor = true;
32
+
};
33
+
gaming.enable = true;
34
+
imperm.enable = true;
35
+
disks = {
36
+
enable = true;
37
+
luks = true;
38
+
swap = true;
39
+
};
40
+
};
41
+
42
+
boot.initrd.availableKernelModules = [
43
+
"xhci_pci"
44
+
"thunderbolt"
45
+
"nvme"
46
+
"usb_storage"
47
+
"sd_mod"
48
+
];
49
+
boot.initrd.kernelModules = [];
50
+
boot.kernelModules = ["kvm-intel"];
51
+
boot.extraModulePackages = [];
52
+
boot.binfmt.emulatedSystems = ["aarch64-linux"];
53
+
54
+
hardware.framework.enableKmod = false;
55
+
56
+
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
57
+
hardware.enableRedistributableFirmware = lib.mkDefault true;
58
+
hardware.cpu.intel.updateMicrocode = true;
59
+
}
60
+
];
61
+
}
+20
nixosModules/audio.nix
+20
nixosModules/audio.nix
···
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
...
5
+
}: {
6
+
options.cow.audio.enable = lib.mkEnableOption "audo config with Pipewire";
7
+
8
+
config = lib.mkIf config.cow.audio.enable {
9
+
services.pulseaudio.enable = false;
10
+
security.rtkit.enable = true; # Allows pipewire and friends to run realtime
11
+
services.pipewire = {
12
+
enable = true;
13
+
pulse.enable = true;
14
+
alsa = {
15
+
enable = true;
16
+
support32Bit = true;
17
+
};
18
+
};
19
+
};
20
+
}
+8
-12
nixosModules/base.nix
+8
-12
nixosModules/base.nix
···
1
-
{
1
+
{...}: {
2
2
pkgs,
3
3
inputs,
4
4
config,
5
5
lib,
6
6
...
7
-
}:
8
-
{
7
+
}: {
9
8
time.timeZone = lib.mkDefault "America/New_York";
10
9
11
10
environment.etc."machine-id".text = lib.mkDefault (
···
15
14
environment.variables."HOSTNAME" = lib.mkDefault config.networking.hostName;
16
15
environment.systemPackages = with pkgs; [
17
16
uutils-coreutils-noprefix
18
-
19
17
nh
20
18
nix-output-monitor
21
19
git
20
+
just
22
21
];
23
22
environment.etc."flake-src".source = inputs.self;
24
23
···
29
28
systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 250;
30
29
31
30
# Keep flake inputs when GC-ing
32
-
system.extraDependencies =
33
-
with builtins;
34
-
let
35
-
flakeDeps =
36
-
flake:
37
-
[ flake.outPath ] ++ (foldl' (a: b: a ++ b) [ ] (map flakeDeps (attrValues flake.inputs or { })));
38
-
in
31
+
system.extraDependencies = with builtins; let
32
+
flakeDeps = flake:
33
+
[flake.outPath] ++ (foldl' (a: b: a ++ b) [] (map flakeDeps (attrValues flake.inputs or {})));
34
+
in
39
35
flakeDeps inputs.self;
40
36
41
37
boot = {
···
45
41
46
42
# Use latest kernel with sysrqs and lockdown enabled
47
43
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
48
-
kernelParams = lib.mkDefault [ "lockdown=confidentiality" ];
44
+
kernelParams = lib.mkDefault ["lockdown=confidentiality"];
49
45
kernel.sysctl."kernel.sysrq" = lib.mkDefault 1;
50
46
};
51
47
+6
-2
nixosModules/cat.nix
+6
-2
nixosModules/cat.nix
+7
nixosModules/default.nix
+7
nixosModules/default.nix
+51
-29
nixosModules/disks.nix
+51
-29
nixosModules/disks.nix
···
1
-
{ config, lib, ... }:
2
-
{
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
...
5
+
}: {
3
6
options.cow.disks = {
4
7
enable = lib.mkEnableOption "allowing cow to create a UEFI-compatible layout";
5
8
swap = lib.mkEnableOption "look for and swapon a swap device";
6
9
luks = lib.mkEnableOption "do dev mapping for encrypted LUKS volumes";
7
-
partition-prefix = {
10
+
partition-prefix = lib.mkOption {
8
11
type = lib.types.nullOr lib.types.str;
9
12
default = null;
10
13
description = "A prefix to place before partition names (more multiboots, etc.)";
11
14
};
12
15
};
13
16
14
-
config =
15
-
let
16
-
conf = config.cow.disks;
17
-
prefix = if conf.partition-prefix == null then "" else "${conf.partition-prefix}-";
18
-
primaryPart = "/dev/disk/by-partlabel/${prefix}NIXOS";
19
-
swapPart = "/dev/disk/by-partlabel/${prefix}SWAP";
20
-
bootPart = "/dev/disk/by-partlabel/${prefix}BOOT";
21
-
cryptroot = "/dev/mapper/cryptroot";
22
-
cryptswap = "/dev/mapper/cryptswap";
23
-
in
17
+
config = let
18
+
conf = config.cow.disks;
19
+
prefix =
20
+
if conf.partition-prefix == null
21
+
then ""
22
+
else "${conf.partition-prefix}-";
23
+
primaryPart = "/dev/disk/by-partlabel/${prefix}NIXOS";
24
+
swapPart = "/dev/disk/by-partlabel/${prefix}SWAP";
25
+
bootPart = "/dev/disk/by-partlabel/${prefix}BOOT";
26
+
cryptroot = "/dev/mapper/cryptroot";
27
+
cryptswap = "/dev/mapper/cryptswap";
28
+
in
24
29
lib.mkIf config.cow.disks.enable {
25
30
boot.initrd.luks.devices = lib.mkIf conf.luks {
26
31
"cryptroot".device = primaryPart;
27
32
"cryptswap".device = swapPart;
28
33
};
29
34
swapDevices = [
30
-
{ device = if conf.luks then cryptswap else swapPart; }
35
+
{
36
+
device =
37
+
if conf.luks
38
+
then cryptswap
39
+
else swapPart;
40
+
}
31
41
];
32
42
fileSystems."/boot" = {
33
43
device = bootPart; # Boot partition is always unencrypted
···
42
52
];
43
53
};
44
54
fileSystems."/nix" = lib.mkIf config.cow.imperm.enable {
45
-
device = if conf.luks then cryptroot else primaryPart;
55
+
device =
56
+
if conf.luks
57
+
then cryptroot
58
+
else primaryPart;
46
59
fsType = "ext4";
47
60
options = [
48
61
"lazytime"
···
52
65
neededForBoot = true;
53
66
};
54
67
fileSystems."/" =
55
-
if config.cow.imperm.enable then
56
-
{
57
-
fsType = "tmpfs";
58
-
options = [
59
-
"size=512M"
60
-
"mode=755"
61
-
];
62
-
neededForBoot = true;
63
-
}
64
-
else
65
-
{
66
-
device = if conf.luks then cryptroot else primaryPart;
67
-
fsType = "ext4";
68
-
};
68
+
if config.cow.imperm.enable
69
+
then {
70
+
fsType = "tmpfs";
71
+
options = [
72
+
"size=512M"
73
+
"mode=755"
74
+
];
75
+
neededForBoot = true;
76
+
}
77
+
else {
78
+
device =
79
+
if conf.luks
80
+
then cryptroot
81
+
else primaryPart;
82
+
fsType = "ext4";
83
+
};
84
+
fileSystems."/home" = lib.mkIf config.cow.imperm.enable {
85
+
fsType = "tmpfs";
86
+
options = [
87
+
"size=2G"
88
+
];
89
+
neededForBoot = true;
90
+
};
69
91
};
70
92
}
+18
-17
nixosModules/firewall.nix
+18
-17
nixosModules/firewall.nix
···
1
-
{ config, lib, ... }:
2
-
{
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
...
5
+
}: {
3
6
options.cow.firewall.openForUsers = lib.mkEnableOption "Opening firewall from HM configs for all users";
4
7
5
-
config =
6
-
lib.mkIf config.cow.hm.enable
7
-
&& config.cow.firewall.openForUsers (
8
-
let
9
-
getFirewall = lib.attrByPath [ "cow" "firewall" ] {};
10
-
allFirewalls = map getFirewall (builtins.attrValues config.home-manager.users);
11
-
selectPortType = ty: builtins.foldl' (acc: elem: acc ++ elem.${ty}) [];
12
-
in
13
-
{
14
-
networking.firewall = {
15
-
allowedTCPPorts = selectPortType "tcp" allFirewalls;
16
-
allowedUDPPorts = selectPortType "udp" allFirewalls;
17
-
};
18
-
}
19
-
);
8
+
config = lib.mkIf (config.cow.hm.enable
9
+
&& config.cow.firewall.openForUsers) (
10
+
let
11
+
getFirewall = lib.attrByPath ["cow" "firewall"] {};
12
+
allFirewalls = map getFirewall (builtins.attrValues config.home-manager.users);
13
+
selectPortType = ty: builtins.foldl' (acc: elem: acc ++ elem.${ty}) [];
14
+
in {
15
+
networking.firewall = {
16
+
allowedTCPPorts = selectPortType "tcp" allFirewalls;
17
+
allowedUDPPorts = selectPortType "udp" allFirewalls;
18
+
};
19
+
}
20
+
);
20
21
}
+2
-3
nixosModules/gaming.nix
+2
-3
nixosModules/gaming.nix
+15
-17
nixosModules/gdi.nix
+15
-17
nixosModules/gdi.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
pkgs,
5
5
...
6
-
}:
7
-
{
6
+
}: {
8
7
options.cow.gdi = {
9
-
enable = lib.mkEnableOption "Enable Hyprland with graphical apps, etc.";
8
+
enable = lib.mkEnableOption "Hyprland with graphical apps, etc.";
9
+
doIdle = lib.mkEnableOption "Idling the system";
10
10
showGreet = lib.mkEnableOption "Show a greeter interface that runs UWSM to launch a Wayland window manager";
11
11
};
12
12
···
28
28
};
29
29
};
30
30
31
-
xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
31
+
xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk];
32
32
33
33
programs.hyprland = {
34
34
enable = true;
···
38
38
services.greetd = lib.mkIf config.cow.gdi.showGreet {
39
39
enable = true;
40
40
settings = {
41
-
default_session =
42
-
let
43
-
greeting = ''--greeting "Authenticate into ${lib.toUpper config.networking.hostName}"'';
44
-
deCmd = pkgs.writeScript "start-session.sh" ''
45
-
#!/usr/bin/env sh
46
-
exec uwsm start ${pkgs.hyprland}/share/wayland-sessions/hyprland.desktop
47
-
'';
48
-
cmd = ''--cmd "systemd-inhibit --what=handle-power-key:handle-lid-switch ${deCmd}"'';
49
-
in
50
-
{
51
-
command = "${pkgs.tuigreet}/bin/tuigreet --remember --time ${greeting} ${cmd}";
52
-
};
41
+
default_session = let
42
+
greeting = ''--greeting "Authenticate into ${lib.toUpper config.networking.hostName}"'';
43
+
deCmd = pkgs.writeScript "start-session.sh" ''
44
+
#!/usr/bin/env sh
45
+
exec uwsm start ${pkgs.hyprland}/share/wayland-sessions/hyprland.desktop
46
+
'';
47
+
cmd = ''--cmd "systemd-inhibit --what=handle-power-key:handle-lid-switch ${deCmd}"'';
48
+
in {
49
+
command = "${pkgs.tuigreet}/bin/tuigreet --remember --time ${greeting} ${cmd}";
50
+
};
53
51
};
54
52
};
55
53
};
+11
-1
nixosModules/hm.nix
+11
-1
nixosModules/hm.nix
···
1
-
{lib, inputs, ...}: {
1
+
{outputs, ...}: {
2
+
lib,
3
+
inputs,
4
+
config,
5
+
...
6
+
}: {
2
7
imports = [inputs.hm.nixosModules.default];
3
8
options.cow.hm.enable = lib.mkEnableOption "Home Manager";
9
+
10
+
config.home-manager = lib.mkIf config.cow.hm.enable {
11
+
sharedModules = builtins.attrValues outputs.homeModules;
12
+
useUserPackages = true;
13
+
};
4
14
}
+38
-33
nixosModules/imperm.nix
+38
-33
nixosModules/imperm.nix
···
1
-
{
1
+
{...}: {
2
2
config,
3
3
lib,
4
4
inputs,
5
5
...
6
-
}:
7
-
{
8
-
9
-
imports = [ inputs.imperm.nixosModules.default ];
6
+
}: {
7
+
imports = [inputs.imperm.nixosModules.default];
10
8
11
9
options.cow.imperm = {
12
10
enable = lib.mkEnableOption "Impermanence, turns off mutable users and expects you to define their password hashes";
13
-
persistRoot = {
11
+
persistRoot = lib.mkOption {
14
12
type = lib.types.str;
15
13
default = "/nix/persist";
16
14
description = "Path to store persisted data";
17
15
};
18
-
cacheRoot = {
16
+
cacheRoot = lib.mkOption {
19
17
type = lib.types.str;
20
-
default = "/nix/persist-cache";
18
+
default = "/nix/perist-cache";
21
19
description = "Path to store cache data";
22
20
};
23
-
keep = {
21
+
keep = lib.mkOption {
24
22
type = lib.types.listOf lib.types.str;
25
23
description = "Paths to keep that should be backed up";
26
24
};
27
-
keepCache = {
25
+
keepCache = lib.mkOption {
28
26
type = lib.types.listOf lib.types.str;
29
27
description = "Paths to keep that shouldn't be backed up";
30
28
};
31
29
};
32
30
33
-
config =
34
-
let
35
-
users = if config.cow.hm.enable then config.home-manager.users else { };
36
-
persistRoot = config.cow.imperm.persistRoot; # Anything important we want backed up
37
-
cacheRoot = config.cow.imperm.cacheRoot; # Anything not as important that we can stand losing
38
-
in
39
-
lib.mkIf config.cow.impem.enable {
31
+
config = let
32
+
users =
33
+
if config.cow.hm.enable
34
+
then config.home-manager.users
35
+
else {};
36
+
persistRoot = config.cow.imperm.persistRoot; # Anything important we want backed up
37
+
cacheRoot = config.cow.imperm.cacheRoot; # Anything not as important that we can stand losing
38
+
in
39
+
lib.mkIf config.cow.imperm.enable {
40
40
users.mutableUsers = false;
41
41
42
42
environment.persistence = {
43
43
"${cacheRoot}" = {
44
44
enable = true;
45
45
hideMounts = true;
46
-
directories = [
47
-
"/var/log"
48
-
"/var/lib/nixos"
49
-
"/var/lib/systemd/coredump"
50
-
"/var/lib/systemd/timers"
51
-
"/var/lib/systemd/rfkill"
52
-
"/var/lib/systemd/backlight"
53
-
]
54
-
++ config.cow.imperm.keep;
55
-
users = builtins.mapAttrs (_: v: {
56
-
directories = lib.attrByPath [ "cow" "imperm" "keepCache" ] [ ] v;
57
-
}) users;
46
+
directories =
47
+
[
48
+
"/var/log"
49
+
"/var/lib/nixos"
50
+
"/var/lib/systemd/coredump"
51
+
"/var/lib/systemd/timers"
52
+
"/var/lib/systemd/rfkill"
53
+
"/var/lib/systemd/backlight"
54
+
]
55
+
++ config.cow.imperm.keep;
56
+
users =
57
+
builtins.mapAttrs (_: v: {
58
+
directories = v.cow.imperm.keepCache or [];
59
+
})
60
+
users;
58
61
};
59
62
"${persistRoot}" = {
60
63
enable = true;
61
64
hideMounts = true;
62
65
directories = config.cow.imperm.keepCache;
63
-
users = builtins.mapAttrs (_: v: {
64
-
directories = lib.attrByPath [ "cow" "imperm" "keep" ] [ ] v;
65
-
files = lib.attrByPath [ "cow" "imperm" "keepFiles" ] [ ] v;
66
-
}) users;
66
+
users =
67
+
builtins.mapAttrs (_: v: {
68
+
directories = v.cow.imperm.keep or [];
69
+
files = v.cow.imperm.keep or [];
70
+
})
71
+
users;
67
72
};
68
73
};
69
74
};
+24
nixosModules/lanzaboote.nix
+24
nixosModules/lanzaboote.nix
···
1
+
{...}: {
2
+
inputs,
3
+
lib,
4
+
config,
5
+
...
6
+
}: {
7
+
imports = [inputs.lanzaboote.nixosModules.lanzaboote];
8
+
9
+
options.cow.lanzaboote.enable = lib.mkEnableOption "Use lanzaboote for booting and secure boot";
10
+
11
+
config.boot = lib.mkIf config.cow.lanzaboote.enable {
12
+
loader.systemd-boot.enable = lib.mkForce false;
13
+
bootspec.enable = true;
14
+
15
+
lanzaboote = {
16
+
enable = true;
17
+
pkiBundle = lib.mkDefault (
18
+
if config.cow.imperm.enable
19
+
then "/nix/persist/secure/secureboot"
20
+
else "/etc/secureboot"
21
+
);
22
+
};
23
+
};
24
+
}
+8
-7
nixosModules/network.nix
+8
-7
nixosModules/network.nix
···
1
-
{ config, lib, ... }:
2
-
{
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
...
5
+
}: {
3
6
options.cow.network = {
4
7
wireless = lib.mkEnableOption "wireless networking with IWD";
5
8
bluetooth = lib.mkEnableOption "bluetooth networking";
···
16
19
};
17
20
18
21
cow.imperm.keepCache =
19
-
(lib.optional config.cow.network.bluetooth [
20
-
"/var/lib/bluetooh"
21
-
])
22
-
++ (lib.optional config.cow.network.wireless [ "/var/lib/iwd" ]);
22
+
(lib.optional config.cow.network.bluetooth "/var/lib/bluetooh")
23
+
++ (lib.optional config.cow.network.wireless "/var/lib/iwd");
23
24
24
25
networking = lib.mkIf config.cow.network.wireless {
25
-
iwd.enable = true;
26
+
wireless.iwd.enable = true;
26
27
useNetworkd = true;
27
28
useDHCP = true;
28
29
};
+5
-2
nixosModules/print.nix
+5
-2
nixosModules/print.nix
+21
-7
nixosModules/role-laptop.nix
+21
-7
nixosModules/role-laptop.nix
···
1
-
{ config, lib, ... }:
2
-
{
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
...
5
+
}: {
3
6
options.cow.role-laptop = {
4
7
enable = lib.mkEnableOption "configuring a laptop with a GUI and bean setup for mobile use";
5
8
fingerPrintSensor = lib.mkEnableOption "fprintd and persist prints";
6
9
};
7
10
8
11
config = lib.mkIf config.cow.role-laptop.enable {
12
+
home-manager.users.bean.cow = {
13
+
music.enable = true;
14
+
news.enable = true;
15
+
qmplay2.enable = true;
16
+
sync.enable = true;
17
+
kde-connect.enable = true;
18
+
dev.enable = true;
19
+
};
20
+
9
21
cow = {
10
-
user-bean.enable = true;
11
-
firewall.openforUsers = true;
22
+
bean.enable = true;
23
+
firewall.openForUsers = true;
12
24
print.enable = true;
13
25
hm.enable = true;
14
26
network = {
···
16
28
wireless = true;
17
29
};
18
30
cat.enable = true;
19
-
gdi.enable = true;
20
-
imperm = lib.mkIf config.cow.role-laptop.fingerPrintSensor {
21
-
keep = [ "/var/lib/fprintd" ];
31
+
gdi = {
32
+
enable = true;
33
+
showGreet = true;
22
34
};
35
+
audio.enable = true;
36
+
imperm.keep = lib.optional config.cow.role-laptop.fingerPrintSensor "/var/lib/fprintd";
23
37
};
24
38
25
39
services.fprintd = lib.mkIf config.cow.role-laptop.fingerPrintSensor {
+24
-10
nixosModules/user-bean.nix
+24
-10
nixosModules/user-bean.nix
···
1
-
{config, lib, outputs, ...}: {
1
+
{...}: {
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
...
6
+
}: let
7
+
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsVzdJra+x5aEuwTjL1FBOiMh9bftvs8QwsM1xyEbdd";
8
+
in {
2
9
options.cow.bean = {
3
10
enable = lib.mkEnableOption "Bean user";
4
11
sudoer = lib.mkEnableOption "Bean being a sudoer";
5
12
};
6
13
7
-
config = lib.mkIf config.cow.bean.enable {
8
-
users.users.bean = {
14
+
config = {
15
+
users.users.bean = lib.mkIf config.cow.bean.enable {
9
16
isNormalUser = true;
10
17
description = "Ben C";
11
-
extraGroups = lib.optional config.cow.bean.sudoer ["wheel"];
12
-
};
18
+
extraGroups = lib.optional config.cow.bean.sudoer "wheel";
19
+
shell = pkgs.nushell;
20
+
openssh.authorizedKeys.keys = pubkey;
21
+
};
13
22
14
-
home-manager.users.bean = lib.mkIf config.cow.hm.enable {
15
-
imports = builtins.attrValues outputs.homeModules;
16
-
cow.bean.enable = true;
17
-
cow.gdi.enable = config.cow.gdi.enable;
18
-
home.stateVersion = "25.05";
23
+
home-manager.users.bean = {
24
+
cow.bean = {
25
+
enable = config.cow.bean.enable;
26
+
inherit pubkey;
27
+
};
28
+
cow.games.enable = config.cow.bean.enable && config.cow.gaming.enable;
29
+
cow.gdi = lib.mkIf config.cow.bean.enable {
30
+
inherit (config.cow.gdi) enable doIdle;
31
+
useUWSM = true;
32
+
};
19
33
};
20
34
};
21
35
}
+1
-1
oldNixosModules/graphics/shell.nix
+1
-1
oldNixosModules/graphics/shell.nix
···
300
300
301
301
bind = let
302
302
powerMenu = "rofi -modi 'p:${pkgs.rofi-power-menu}/bin/rofi-power-menu' -show p --symbols-font \"FiraMono Nerd Font Mono\"";
303
-
screenshot = "${pkgs.nushell}/bin/nu ${../../res/screenshot.nu}";
303
+
screenshot = "${pkgs.nushell}/bin/nu ${../res/screenshot.nu}";
304
304
in [
305
305
"SUPER,S,exec,uwsm app -- rofi -show drun -icon-theme \"candy-icons\" -show-icons"
306
306
"SUPER SHIFT,E,exec,uwsm app -- rofi -modi emoji -show emoji"