diff --git a/hosts/tempest/default.nix b/hosts/tempest/default.nix index ff80012..1d044f7 100644 --- a/hosts/tempest/default.nix +++ b/hosts/tempest/default.nix @@ -7,7 +7,6 @@ with inputs; nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { }; modules = [ ./hardware-configuration.nix ../../modules/common @@ -18,24 +17,26 @@ nixpkgs.lib.nixosSystem { { physical = true; networking.hostName = "tempest"; - nixpkgs.overlays = [ nur.overlay ] ++ overlays; - # Set registry to flake packages, used for nix X commands - nix.registry.nixpkgs.flake = nixpkgs; - identityFile = "/home/${globals.user}/.ssh/id_ed25519"; gui.enable = true; + nixpkgs.overlays = [ nur.overlay ] ++ overlays; + passwordHash = nixpkgs.lib.fileContents ../../password.sha512; + + # Must be prepared ahead + identityFile = "/home/${globals.user}/.ssh/id_ed25519"; + + # Theming theme = { colors = (import ../../colorscheme/gruvbox).dark; dark = true; }; wallpaper = "${wallpapers}/gruvbox/road.jpg"; gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark"; - passwordHash = nixpkgs.lib.fileContents ../../password.sha512; - wsl.enable = false; - publicKey = null; + # Programs and services charm.enable = true; neovim.enable = true; media.enable = true; + dotfiles.enable = true; firefox.enable = true; kitty.enable = true; _1password.enable = true; @@ -46,11 +47,9 @@ nixpkgs.lib.nixosSystem { mail.aerc.enable = true; mail.himalaya.enable = true; keybase.enable = true; - # mullvad.enable = true; + mullvad.enable = false; nixlang.enable = true; - dotfiles.enable = true; yt-dlp.enable = true; - gaming = { enable = true; steam.enable = true; diff --git a/modules/common/mail/default.nix b/modules/common/mail/default.nix index e4a6c87..5d484b1 100644 --- a/modules/common/mail/default.nix +++ b/modules/common/mail/default.nix @@ -32,7 +32,7 @@ frequency = "*:0/5"; postExec = "${pkgs.notmuch}/bin/notmuch new"; }; - services.imapnotify.enable = pkgs.stdenv.isLinux && config.physical; + services.imapnotify.enable = pkgs.stdenv.isLinux; programs.notmuch.enable = true; accounts.email = { maildirBasePath = "${config.homePath}/mail"; diff --git a/modules/common/shell/nixpkgs.nix b/modules/common/shell/nixpkgs.nix index 2534d55..ebf3979 100644 --- a/modules/common/shell/nixpkgs.nix +++ b/modules/common/shell/nixpkgs.nix @@ -67,6 +67,12 @@ # Set channel to flake packages, used for nix-shell commands nixPath = [ "nixpkgs=${pkgs.path}" ]; + # Set registry to this flake's packages, used for nix X commands + registry.nixpkgs.to = { + type = "path"; + path = pkgs.path; + }; + }; } diff --git a/modules/nixos/hardware/boot.nix b/modules/nixos/hardware/boot.nix index 6b4dc2b..34733f3 100644 --- a/modules/nixos/hardware/boot.nix +++ b/modules/nixos/hardware/boot.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - boot.loader = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { + boot.loader = lib.mkIf config.physical { grub = { enable = true; @@ -40,8 +40,7 @@ }; # Allow reading from Windows drives - boot.supportedFilesystems = - lib.mkIf (config.physical && pkgs.stdenv.isLinux) [ "ntfs" ]; + boot.supportedFilesystems = lib.mkIf config.physical [ "ntfs" ]; # Use latest released Linux kernel by default boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; diff --git a/modules/nixos/hardware/monitors.nix b/modules/nixos/hardware/monitors.nix index e07e448..26f497a 100644 --- a/modules/nixos/hardware/monitors.nix +++ b/modules/nixos/hardware/monitors.nix @@ -1,51 +1,50 @@ { config, pkgs, lib, ... }: { - config = - lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) { + config = lib.mkIf config.gui.enable { - environment.systemPackages = with pkgs; - [ - ddcutil # Monitor brightness control - ]; + environment.systemPackages = with pkgs; + [ + ddcutil # Monitor brightness control + ]; - # Reduce blue light at night - services.redshift = { - enable = true; - brightness = { - day = "1.0"; - night = "1.0"; - }; + # Reduce blue light at night + services.redshift = { + enable = true; + brightness = { + day = "1.0"; + night = "1.0"; }; - - # Detect monitors (brightness) for ddcutil - hardware.i2c.enable = true; - - # Grant main user access to external monitors - users.users.${config.user}.extraGroups = [ "i2c" ]; - - services.xserver.displayManager = { - - # Put the login screen on the left monitor - lightdm.greeters.gtk.extraConfig = '' - active-monitor=0 - ''; - - # Set up screen position and rotation - setupCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \ - --mode 1920x1200 \ - --pos 1920x0 \ - --rotate left \ - --output HDMI-A-0 \ - --primary \ - --mode 1920x1080 \ - --pos 0x560 \ - --rotate normal \ - --output DVI-0 --off \ - --output DVI-1 --off \ - ''; - }; - }; + # Detect monitors (brightness) for ddcutil + hardware.i2c.enable = true; + + # Grant main user access to external monitors + users.users.${config.user}.extraGroups = [ "i2c" ]; + + services.xserver.displayManager = { + + # Put the login screen on the left monitor + lightdm.greeters.gtk.extraConfig = '' + active-monitor=0 + ''; + + # Set up screen position and rotation + setupCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \ + --mode 1920x1200 \ + --pos 1920x0 \ + --rotate left \ + --output HDMI-A-0 \ + --primary \ + --mode 1920x1080 \ + --pos 0x560 \ + --rotate normal \ + --output DVI-0 --off \ + --output DVI-1 --off \ + ''; + }; + + }; + } diff --git a/modules/nixos/hardware/mouse.nix b/modules/nixos/hardware/mouse.nix index cf75074..cb3d7f5 100644 --- a/modules/nixos/hardware/mouse.nix +++ b/modules/nixos/hardware/mouse.nix @@ -1,22 +1,21 @@ { config, pkgs, lib, ... }: { - config = - lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) { + config = lib.mkIf config.gui.enable { - # Mouse customization - services.ratbagd.enable = true; + # Mouse customization + services.ratbagd.enable = true; - environment.systemPackages = with pkgs; [ - libratbag # Mouse adjustments - piper # Mouse adjustments GUI - ]; - - services.xserver.libinput.mouse = { - # Disable mouse acceleration - accelProfile = "flat"; - accelSpeed = "1.15"; - }; + environment.systemPackages = with pkgs; [ + libratbag # Mouse adjustments + piper # Mouse adjustments GUI + ]; + services.xserver.libinput.mouse = { + # Disable mouse acceleration + accelProfile = "flat"; + accelSpeed = "1.15"; }; + }; + } diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix index bfa6473..26dce31 100644 --- a/modules/nixos/hardware/networking.nix +++ b/modules/nixos/hardware/networking.nix @@ -1,6 +1,6 @@ -{ config, pkgs, lib, ... }: { +{ config, lib, ... }: { - config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { + config = lib.mkIf config.physical { # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config diff --git a/modules/nixos/hardware/sleep.nix b/modules/nixos/hardware/sleep.nix index 66d9d0a..c07343e 100644 --- a/modules/nixos/hardware/sleep.nix +++ b/modules/nixos/hardware/sleep.nix @@ -1,6 +1,6 @@ -{ config, pkgs, lib, ... }: { +{ config, lib, ... }: { - config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { + config = lib.mkIf config.physical { # Prevent wake from keyboard powerManagement.powerDownCommands = '' diff --git a/modules/nixos/services/sshd.nix b/modules/nixos/services/sshd.nix index 825a9ee..eddb684 100644 --- a/modules/nixos/services/sshd.nix +++ b/modules/nixos/services/sshd.nix @@ -1,9 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ config, lib, ... }: { options = { publicKey = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "Public SSH key authorized for this system."; + default = null; }; permitRootLogin = lib.mkOption { type = lib.types.str; @@ -12,28 +13,27 @@ }; }; - config = lib.mkIf - (pkgs.stdenv.isLinux && !config.wsl.enable && config.publicKey != null) { - services.openssh = { - enable = true; - ports = [ 22 ]; - allowSFTP = true; - settings = { - GatewayPorts = "no"; - X11Forwarding = false; - PasswordAuthentication = false; - PermitRootLogin = config.permitRootLogin; - }; + config = lib.mkIf (!config.wsl.enable && config.publicKey != null) { + services.openssh = { + enable = true; + ports = [ 22 ]; + allowSFTP = true; + settings = { + GatewayPorts = "no"; + X11Forwarding = false; + PasswordAuthentication = false; + PermitRootLogin = config.permitRootLogin; }; - - users.users.${config.user}.openssh.authorizedKeys.keys = - [ config.publicKey ]; - - # Implement a simple fail2ban service for sshd - services.sshguard.enable = true; - - # Add terminfo for SSH from popular terminal emulators - environment.enableAllTerminfo = true; }; + users.users.${config.user}.openssh.authorizedKeys.keys = + [ config.publicKey ]; + + # Implement a simple fail2ban service for sshd + services.sshguard.enable = true; + + # Add terminfo for SSH from popular terminal emulators + environment.enableAllTerminfo = true; + }; + }