diff options
| -rw-r--r-- | config/nix.org | 1089 | ||||
| -rw-r--r-- | nix/flake.nix | 69 | ||||
| -rw-r--r-- | nix/modules/configuration.nix | 53 | ||||
| -rw-r--r-- | nix/modules/cuda.nix | 9 | ||||
| -rw-r--r-- | nix/modules/default.nix | 21 | ||||
| -rw-r--r-- | nix/modules/dovecot.nix | 8 | ||||
| -rw-r--r-- | nix/modules/git-daemon.nix | 9 | ||||
| -rw-r--r-- | nix/modules/home/default.nix | 220 | ||||
| -rw-r--r-- | nix/modules/i2pd.nix | 11 | ||||
| -rw-r--r-- | nix/modules/nginx.nix | 47 | ||||
| -rw-r--r-- | nix/modules/nvidia.nix | 21 | ||||
| -rw-r--r-- | nix/modules/nvme-simple.nix | 35 | ||||
| -rw-r--r-- | nix/modules/ollama.nix | 8 | ||||
| -rw-r--r-- | nix/modules/postfix.nix | 8 | ||||
| -rw-r--r-- | nix/modules/xserver.nix | 8 | ||||
| -rw-r--r-- | nix/systems/affinity/default.nix | 13 |
16 files changed, 1042 insertions, 587 deletions
diff --git a/config/nix.org b/config/nix.org index aed87f6..d443470 100644 --- a/config/nix.org +++ b/config/nix.org @@ -25,18 +25,18 @@ so that adding new configurations that add modifications is made simple. nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/home-manager/release-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; }; nur.url = "github:nix-community/NUR"; @@ -48,46 +48,55 @@ so that adding new configurations that add modifications is made simple. outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: { nixosConfigurations = { - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ( - { pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; - } - ) - ./systems/installer/default.nix - ]; - }; - - continuity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - - ./modules/sda-simple.nix - ./systems/continuity/default.nix - ]; - }; - - spontaneity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = []; - }; - - affinity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = []; - }; + installer = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ( + { pkgs, modulesPath, ... }: + { + imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + } + ) + ./systems/installer/default.nix + ]; + }; + + continuity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { nixpkgs.overlays = [ nur.overlays.default ]; } + { home-manager.extraSpecialArgs = attrs; } + + ./modules/sda-simple.nix + ./systems/continuity/default.nix + ]; + }; + + affinity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { nixpkgs.overlays = [ nur.overlays.default ]; } + { home-manager.extraSpecialArgs = attrs; } + ./modules/nvme-simple.nix + ./systems/affinity/default.nix + ]; + }; + + spontaneity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = []; + }; }; }; } @@ -176,82 +185,83 @@ largely self-documenting. Again, these are self documenting variables that you may see used below. These are to be used under ~default.nix~ in the ~systems~ folder. #+begin_src nix :tangle ../nix/modules/default.nix -{ lib, config, pkgs, ... }: -{ - imports = [ - ./configuration.nix - ./home/home.nix - ./vars.nix - ]; + { lib, config, pkgs, ... }: + { + imports = [ + ./configuration.nix + ./home/home.nix + ./vars.nix + ]; - options = { - monorepo = { - profiles = { - cuda.enable = lib.mkEnableOption "Enables CUDA support"; - documentation.enable = lib.mkEnableOption "Enables documentation on system."; - secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl."; - pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup"; - tor.enable = lib.mkEnableOption "Enables tor along with torsocks"; - home.enable = lib.mkEnableOption "Enables home user"; + options = { + monorepo = { + profiles = { + cuda.enable = lib.mkEnableOption "Enables CUDA support"; + documentation.enable = lib.mkEnableOption "Enables documentation on system."; + secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl."; + pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup"; + tor.enable = lib.mkEnableOption "Enables tor along with torsocks"; + home.enable = lib.mkEnableOption "Enables home user"; + server.enable = lib.mkEnableOption "Enables server services"; + }; }; }; - }; - - config = { - home-manager.users."${config.monorepo.vars.userName}" = { - programs.home-manager.enable = config.monorepo.profiles.home.enable; - }; - environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [ - linux-manual - man-pages - man-pages-posix - ]); + config = { + home-manager.users."${config.monorepo.vars.userName}" = { + programs.home-manager.enable = config.monorepo.profiles.home.enable; + }; - monorepo = { - profiles = { - documentation.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - tor.enable = lib.mkDefault true; - home.enable = lib.mkDefault true; + environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [ + linux-manual + man-pages + man-pages-posix + ]); + + monorepo = { + profiles = { + documentation.enable = lib.mkDefault true; + pipewire.enable = lib.mkDefault true; + tor.enable = lib.mkDefault true; + home.enable = lib.mkDefault true; + }; }; }; - }; -} + } #+end_src ** X11 My Xorg configuration is used as a backup for when wayland applications don't work. Note that using this configuration is extremely inefficient and my i3 configuration is unoptimized. Still, it is suitable for using Krita. #+begin_src nix :tangle ../nix/modules/xserver.nix -{ lib, pkgs, ... }: -{ - services.xserver = { - enable = lib.mkDefault true; - displayManager = { - startx.enable = true; - }; + { lib, config, pkgs, ... }: + { + services.xserver = { + enable = lib.mkDefault true; + displayManager = { + startx.enable = true; + }; - windowManager = { - i3 = { - enable = true; - package = pkgs.i3-gaps; + windowManager = { + i3 = { + enable = true; + package = pkgs.i3-gaps; + }; }; - }; - desktopManager = { - runXdgAutostartIfNone = true; - }; + desktopManager = { + runXdgAutostartIfNone = true; + }; - xkb = { - layout = "us"; - variant = ""; - options = "caps:escape"; - }; + xkb = { + layout = "us"; + variant = ""; + options = "caps:escape"; + }; - videoDrivers = []; - }; -} + videoDrivers = (if config.monorepo.profiles.cuda.enable then [ "nvidia" ] else []); + }; + } #+end_src You should add your own video drivers in a custom machine configuration. ** Pipewire @@ -345,6 +355,155 @@ distribution soon, and I'm waiting on that. }; } #+end_src +** i2pd +I use i2p for some p2p connections. We enable it with the server profile: +#+begin_src nix :tangle ../nix/modules/i2pd.nix + { config, lib, ... }: + { + services.i2pd = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + address = "0.0.0.0"; + inTunnels = { + }; + outTunnels = { + }; + }; + } +#+end_src +** Ollama +Use ollama for serving large language models to my other computers. +#+begin_src nix :tangle ../nix/modules/ollama.nix + { config, lib, ... }: + { + services.ollama = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + acceleration = "cuda"; + host = "0.0.0.0"; + }; + } +#+end_src +** Dovecot +My server sets up dovecot in order to use imaps. +#+begin_src nix :tangle ../nix/modules/dovecot.nix + { config, lib, ... }: + { + services.dovecot2 = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + enableImap = true; + enablePop3 = true; + }; + } +#+end_src +** Postfix +Use postfix as an smtps server. +#+begin_src nix :tangle ../nix/modules/postfix.nix + { config, lib, ... }: + { + services.postfix = { + enable = true; + config = { + }; + }; + } +#+end_src +** Git Server +#+begin_src nix :tangle ../nix/modules/git-daemon.nix + { config, lib, ... }: + { + services.gitDaemon = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + exportAll = true; + listenAddress = "0.0.0.0"; + basePath = "/srv/git"; + }; + } +#+end_src +** Nginx +#+begin_src nix :tangle ../nix/modules/nginx.nix + { config, services, ... }: + { + services.nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + appendHttpConfig = '' + # Add HSTS header with preloading to HTTPS requests. + # Adding this header to HTTP requests is discouraged + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + + # Enable CSP for your services. + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + + # Minimize information leaked to other domains + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + + # Disable embedding as a frame + add_header X-Frame-Options DENY; + + # Prevent injection of code in other mime types (XSS Attacks) + add_header X-Content-Type-Options nosniff; + + # This might create errors + proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + + virtualHosts = { + "ret2pop.net" = { + # addSSL = true; + # enableACME = true; + root = "/home/preston/ret2pop-website/"; + }; + }; + }; + } +#+end_src +** Nvidia +#+begin_src nix :tangle ../nix/modules/nvidia.nix + { config, lib, pkgs, ... }: + { + hardware = { + graphics.extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + nvidia-vaapi-driver + ]; + + nvidia = { + modesetting.enable = true; + powerManagement = { + enable = true; + finegrained = false; + }; + nvidiaSettings = true; + open = false; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + }; + } +#+end_src +** CUDA +#+begin_src nix :tangle ../nix/modules/cuda.nix + { config, lib, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + cudatoolkit + cudaPackages.cudnn + cudaPackages.libcublas + linuxPackages.nvidia_x11 + ]; + } +#+end_src ** Main Configuration This is the backbone of the all the NixOS configurations, with all these options being shared because they enhance security. @@ -357,6 +516,14 @@ because they enhance security. ./pipewire.nix ./tor.nix ./kubo.nix + ./nvidia.nix + ./cuda.nix + ./nginx.nix + ./git-daemon.nix + ./postfix.nix + ./dovecot.nix + ./ollama.nix + ./i2pd.nix ]; documentation = { @@ -367,10 +534,10 @@ because they enhance security. environment = { etc = { - securetty.text = '' - # /etc/securetty: list of terminals on which root is allowed to login. - # See securetty(5) and login(1). - ''; + securetty.text = '' + # /etc/securetty: list of terminals on which root is allowed to login. + # See securetty(5) and login(1). + ''; }; }; @@ -378,13 +545,13 @@ because they enhance security. coredump.enable = false; network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; tmpfiles.settings = { - "restricthome"."/home/*".Z.mode = "~0700"; + "restricthome"."/home/*".Z.mode = "~0700"; - "restrictetcnixos"."/etc/nixos/*".Z = { - mode = "0000"; - user = "root"; - group = "root"; - }; + "restrictetcnixos"."/etc/nixos/*".Z = { + mode = "0000"; + user = "root"; + group = "root"; + }; }; }; @@ -393,126 +560,126 @@ because they enhance security. extraModulePackages = [ ]; initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "nvme" - "sd_mod" - "ehci_pci" - "rtsx_pci_sdmmc" - "usbhid" - ]; - - kernelModules = [ ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "nvme" + "sd_mod" + "ehci_pci" + "rtsx_pci_sdmmc" + "usbhid" + ]; + + kernelModules = [ ]; }; lanzaboote = { - enable = config.monorepo.profiles.secureBoot.enable; - pkiBundle = "/etc/secureboot"; + enable = config.monorepo.profiles.secureBoot.enable; + pkiBundle = "/etc/secureboot"; }; loader = { - systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable); - efi.canTouchEfiVariables = true; + systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable); + efi.canTouchEfiVariables = true; }; - + kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" + "snd-seq" + "snd-rawmidi" + "xhci_hcd" + "kvm_intel" ]; kernelParams = [ - "debugfs=off" - "page_alloc.shuffle=1" - "slab_nomerge" - "page_poison=1" - - # madaidan - "pti=on" - "randomize_kstack_offset=on" - "vsyscall=none" - "module.sig_enforce=1" - "lockdown=confidentiality" - - # cpu - "spectre_v2=on" - "spec_store_bypass_disable=on" - "tsx=off" - "tsx_async_abort=full,nosmt" - "mds=full,nosmt" - "l1tf=full,force" - "nosmt=force" - "kvm.nx_huge_pages=force" - - # hardened - "extra_latent_entropy" - - # mineral - "init_on_alloc=1" - "random.trust_cpu=off" - "random.trust_bootloader=off" - "intel_iommu=on" - "amd_iommu=force_isolation" - "iommu=force" - "iommu.strict=1" - "init_on_free=1" - "quiet" - "loglevel=0" + "debugfs=off" + "page_alloc.shuffle=1" + "slab_nomerge" + "page_poison=1" + + # madaidan + "pti=on" + "randomize_kstack_offset=on" + "vsyscall=none" + "module.sig_enforce=1" + "lockdown=confidentiality" + + # cpu + "spectre_v2=on" + "spec_store_bypass_disable=on" + "tsx=off" + "tsx_async_abort=full,nosmt" + "mds=full,nosmt" + "l1tf=full,force" + "nosmt=force" + "kvm.nx_huge_pages=force" + + # hardened + "extra_latent_entropy" + + # mineral + "init_on_alloc=1" + "random.trust_cpu=off" + "random.trust_bootloader=off" + "intel_iommu=on" + "amd_iommu=force_isolation" + "iommu=force" + "iommu.strict=1" + "init_on_free=1" + "quiet" + "loglevel=0" ]; blacklistedKernelModules = [ - "netrom" - "rose" - - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" + "netrom" + "rose" + + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" ]; kernel.sysctl = { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; - - # madaidan - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; - - # net - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - - "net.ipv4.conf.all.accept_redirects" = false; - "net.ipv4.conf.all.secure_redirects" = false; - "net.ipv4.conf.default.accept_redirects" = false; - "net.ipv4.conf.default.secure_redirects" = false; - "net.ipv6.conf.all.accept_redirects" = false; - "net.ipv6.conf.default.accept_redirects" = false; + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; + + # madaidan + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; + + # net + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + + "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.secure_redirects" = false; + "net.ipv4.conf.default.accept_redirects" = false; + "net.ipv4.conf.default.secure_redirects" = false; + "net.ipv6.conf.all.accept_redirects" = false; + "net.ipv6.conf.default.accept_redirects" = false; }; }; @@ -520,12 +687,12 @@ because they enhance security. useDHCP = lib.mkDefault true; hostName = config.monorepo.vars.hostName; networkmanager = { - enable = true; - # wifi.macAddress = ""; + enable = true; + # wifi.macAddress = ""; }; firewall = { - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; }; }; @@ -536,16 +703,16 @@ because they enhance security. pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; bluetooth = { - enable = true; - powerOnBoot = true; + enable = true; + powerOnBoot = true; }; }; services = { chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; }; jitterentropy-rngd.enable = true; @@ -558,12 +725,12 @@ because they enhance security. # Misc. udev = { - extraRules = ''''; - packages = with pkgs; [ - platformio-core - platformio-core.udev - openocd - ]; + extraRules = ''''; + packages = with pkgs; [ + platformio-core + platformio-core.udev + openocd + ]; }; printing.enable = true; @@ -580,20 +747,20 @@ because they enhance security. nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; + allowUnfree = true; + cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; }; }; security = { apparmor = { - enable = true; - killUnconfinedConfinables = true; + enable = true; + killUnconfinedConfinables = true; }; pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } + { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; rtkit.enable = true; @@ -603,9 +770,9 @@ because they enhance security. forcePageTableIsolation = true; tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; }; auditd.enable = true; @@ -618,9 +785,9 @@ because they enhance security. enable = true; wlr.enable = true; extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + xdg-desktop-portal + xdg-desktop-portal-hyprland ]; config.common.default = "*"; }; @@ -632,19 +799,24 @@ because they enhance security. vim curl ]; - + users.users = { root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" ]; + git = { + isSystemUser = true; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + }; "${config.monorepo.vars.userName}" = { - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; - shell = pkgs.zsh; - packages = []; + initialPassword = "${config.monorepo.vars.userName}"; + isNormalUser = true; + description = config.monorepo.vars.fullName; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; + shell = pkgs.zsh; + packages = []; }; }; @@ -695,6 +867,45 @@ you will have to import that configuration in your ~systems/xxx/default.nix~. }; } #+end_src +*** NVME +For my nvme drives. +#+begin_src nix :tangle ../nix/modules/nvme-simple.nix +{ + disko.devices = { + disk = { + my-disk = { + device = "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + priority = 1; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + priority = 2; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} +#+end_src ** Home Time for my home user configuration, which is managed by home-manager. First we start off with this module to enter us into the home-manager namespace: @@ -718,181 +929,199 @@ in the top level from now on will implicitly be located at As you can see, I have my installed home packages installed based on the profiles enabled. Also, I have many imports that we'll go through next. #+begin_src nix :tangle ../nix/modules/home/default.nix -{ lib, config, pkgs, ... }: -{ - imports = [ - ../vars.nix - ./fcitx.nix - ./secrets.nix - ./emacs.nix - ./firefox.nix - ./git.nix - ./hyprland.nix - ./mpv.nix - ./yt-dlp.nix - ./wofi.nix - ./kitty.nix - ./waybar.nix - ./zsh.nix - ./mbsync.nix - ./msmtp.nix - ./gammastep.nix - ./mpd.nix - ./mako.nix - ./user.nix - ]; + { lib, config, pkgs, ... }: + { + imports = [ + ../vars.nix + ./fcitx.nix + ./secrets.nix + ./emacs.nix + ./firefox.nix + ./git.nix + ./hyprland.nix + ./mpv.nix + ./yt-dlp.nix + ./wofi.nix + ./kitty.nix + ./waybar.nix + ./zsh.nix + ./mbsync.nix + ./msmtp.nix + ./gammastep.nix + ./mpd.nix + ./mako.nix + ./user.nix + ]; - options = { - monorepo.profiles = { - enable = lib.mkEnableOption "Enables home manager desktop configuration"; - # Programs - lang-c.enable = lib.mkEnableOption "Enables C language support"; - lang-sh.enable = lib.mkEnableOption "Enables sh language support"; - lang-rust.enable = lib.mkEnableOption "Enables Rust language support"; - lang-python.enable = lib.mkEnableOption "Enables python language support"; - lang-sol.enable = lib.mkEnableOption "Enables solidity language support"; - lang-openscad.enable = lib.mkEnableOption "Enables openscad language support"; - lang-js.enable = lib.mkEnableOption "Enables javascript language support"; - lang-nix.enable = lib.mkEnableOption "Enables nix language support"; - lang-coq.enable = lib.mkEnableOption "Enables coq language support"; - - crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; - art.enable = lib.mkEnableOption "Enables various art programs"; - music.enable = lib.mkEnableOption "Enables mpd"; - - hyprland = { - enable = lib.mkEnableOption "Enables hyprland"; - monitors = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "HDMI-A-1" - "eDP-1" - "DP-2" - "DP-3" - "LVDS-1" - ]; - example = []; - description = "Hyprland monitors"; - }; - }; - email = { - email = lib.mkOption { - type = lib.types.str; - default = "ret2pop@gmail.com"; - example = "john@example.com"; - description = "Email address and imaps/smtps account"; - }; - imapsServer = lib.mkOption { - type = lib.types.str; - default = "imap.gmail.com"; - example = "imap.example.com"; - description = "imaps server address"; - }; - smtpsServer = lib.mkOption { - type = lib.types.str; - default = "smtp.gmail.com"; - example = "smtp.example.com"; - description = "smtp server address"; - }; - enable = lib.mkEnableOption "Enables email"; + options = { + monorepo.profiles = { + enable = lib.mkEnableOption "Enables home manager desktop configuration"; + # Programs + lang-c.enable = lib.mkEnableOption "Enables C language support"; + lang-sh.enable = lib.mkEnableOption "Enables sh language support"; + lang-rust.enable = lib.mkEnableOption "Enables Rust language support"; + lang-python.enable = lib.mkEnableOption "Enables python language support"; + lang-sol.enable = lib.mkEnableOption "Enables solidity language support"; + lang-openscad.enable = lib.mkEnableOption "Enables openscad language support"; + lang-js.enable = lib.mkEnableOption "Enables javascript language support"; + lang-nix.enable = lib.mkEnableOption "Enables nix language support"; + lang-coq.enable = lib.mkEnableOption "Enables coq language support"; + + crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; + art.enable = lib.mkEnableOption "Enables various art programs"; + music.enable = lib.mkEnableOption "Enables mpd"; + workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; + + hyprland = { + enable = lib.mkEnableOption "Enables hyprland"; + monitors = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "HDMI-A-1" + "eDP-1" + "DP-2" + "DP-3" + "LVDS-1" + ]; + example = []; + description = "Hyprland monitors"; + }; + }; + email = { + email = lib.mkOption { + type = lib.types.str; + default = "ret2pop@gmail.com"; + example = "john@example.com"; + description = "Email address and imaps/smtps account"; + }; + imapsServer = lib.mkOption { + type = lib.types.str; + default = "imap.gmail.com"; + example = "imap.example.com"; + description = "imaps server address"; + }; + smtpsServer = lib.mkOption { + type = lib.types.str; + default = "smtp.gmail.com"; + example = "smtp.example.com"; + description = "smtp server address"; + }; + enable = lib.mkEnableOption "Enables email"; + }; }; }; - }; - config = { - home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else []) - ++ - (if config.monorepo.profiles.lang-c.enable then (with pkgs; [ - autobuild - clang - gdb - gnumake - bear - clang-tools - ]) else []) - ++ - (if config.monorepo.profiles.lang-js.enable then (with pkgs; [ - nodejs - bun - yarn - typescript - vscode-langservers-extracted - ]) else []) - ++ - (if config.monorepo.profiles.lang-rust.enable then (with pkgs; [ - cargo - rust-analyzer - rustfmt - ]) else []) - ++ - (if config.monorepo.profiles.lang-python.enable then (with pkgs; [ - poetry - python3 - python312Packages.jedi - ]) else []) - ++ - (if config.monorepo.profiles.lang-sol.enable then (with pkgs; [ - solc - ]) else []) - ++ - (if config.monorepo.profiles.lang-openscad.enable then (with pkgs; [ - openscad - openscad-lsp - ]) else []) - ++ - (if config.monorepo.profiles.lang-sh.enable then (with pkgs; [ - bash-language-server - ]) else []) - ++ - |