more moving things around

2025-07-06 02:40:14 +00:00 · 2025-02-16 15:40:15 -05:00
parent b36895f108
commit dc6b6f8328
34 changed files with 368 additions and 386 deletions
--- a/platforms/nixos/modules/nmasur/presets/services/lightdm.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/lightdm.nix
@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  wallpapers ? null,
  ...
 }:

@ -14,8 +15,9 @@ in
  options.nmasur.presets.services.lightdm = {
    enable = lib.mkEnableOption "Lightdm display manager";
    wallpaper = {
-      type = lib.types.path;
+      type = lib.types.nullOr lib.types.path;
      description = "Wallpaper background image file";
+      default = "${wallpapers}/gruvbox/road.jpg";
    };
    gtk.theme = {
      name = lib.mkOption {
--- a/platforms/nixos/modules/nmasur/presets/zfs.nix
+++ b/platforms/nixos/modules/nmasur/presets/zfs.nix
@ -23,5 +23,28 @@ in
    prometheus.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
    ];
+
+    zramSwap.enable = true;
+    swapDevices = [
+      {
+        device = "/swapfile";
+        size = 4 * 1024; # 4 GB
+      }
+    ];
+
+    boot.zfs = {
+      # Automatically load the ZFS pool on boot
+      extraPools = [ "tank" ];
+      # Only try to decrypt datasets with keyfiles
+      requestEncryptionCredentials = [
+        "tank/archive"
+        "tank/generic"
+        "tank/nextcloud"
+        "tank/generic/git"
+      ];
+      # If password is requested and fails, continue to boot eventually
+      passwordTimeout = 300;
+    };
+
  };
 }
--- a/platforms/nixos/modules/nmasur/profiles/base.nix
+++ b/platforms/nixos/modules/nmasur/profiles/base.nix
@ -16,6 +16,12 @@ in

  config = lib.mkIf cfg.enable {

+    nmasur.presets.services = {
+      # Allow tunneling into the machine
+      cloudflared.enable = lib.mkDefault true;
+      openssh.enable = lib.mkDefault true;
+    };
+
    # Allows us to declaritively set password
    users.mutableUsers = lib.mkDefault false;

@ -25,9 +31,6 @@ in
      # Create a home directory for human user
      isNormalUser = lib.mkDefault true;

-      # Automatically create a password to start
-      hashedPassword = lib.mkDefault config.passwordHash;
-
      extraGroups = lib.mkDefault [
        "wheel" # Sudo privileges
      ];
--- a/platforms/nixos/modules/nmasur/profiles/gaming.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gaming.nix
@ -17,14 +17,18 @@ in

    # Enable graphics acceleration
    hardware.graphics = {
-      enable = true;
-      enable32Bit = true;
+      enable = lib.mkDefault true;
+      enable32Bit = lib.mkDefault true;
    };

    # Enable gamemode which can be executed on a per-game basis
-    programs.gamemode.enable = true;
+    programs.gamemode.enable = lib.mkDefault true;

    environment.systemPackages = with pkgs; [ moonlight-qt ];

+    nmasur.presets.programs = {
+      steam.enable = lib.mkDefault true;
+    };
+
  };
 }
--- a/platforms/nixos/modules/nmasur/profiles/gui.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gui.nix
@ -53,8 +53,13 @@ in
    # Detect monitors (brightness) for ddcutil
    hardware.i2c.enable = lib.mkDefault true;

-    # Grant main user access to external monitors
-    users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
+    users.users.${username} = {
+      # Grant main user access to external monitors
+      extraGroups = lib.mkDefault [ "i2c" ];
+
+      # Automatically create a password to start
+      hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
+    };

    services.xserver.displayManager = {

--- a/platforms/nixos/modules/nmasur/profiles/home.nix
+++ b/platforms/nixos/modules/nmasur/profiles/home.nix
@ -16,11 +16,13 @@ in

  config = lib.mkIf cfg.enable {

-    # Configure physical power buttons
-    nmasur.presets.services.logind.enable = lib.mkDefault true;
+    nmasur.presets.services = {
+      # Configure physical power buttons
+      logind.enable = lib.mkDefault true;
+    };

    # Enable automatic timezone updates based on location
-    services.tzupdate.enable = lib.mkDefault true;
+    services.automatic-timezoned.enable = lib.mkDefault true;

    # Allow reading from Windows drives
    boot.supportedFilesystems = [ "ntfs" ];
@ -41,24 +43,26 @@ in

    # Wake up tempest with a command
    environment.systemPackages = [
-      (pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
+      (pkgs.writeShellScriptBin "wake-tempest" "${lib.getExe pkgs.wakeonlan} --ip=192.168.1.255 74:56:3C:40:37:5D")
    ];

    # Prevent wake from keyboard
-    powerManagement.powerDownCommands = lib.mkDefault ''
-      set +e
+    powerManagement.powerDownCommands =
+      lib.mkDefault # bash
+        ''
+          set +e

-      # Fix for Gigabyte motherboard
-      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
-      # Disable if enabled
-      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
-          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
-      fi
+          # Fix for Gigabyte motherboard
+          # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
+          # Disable if enabled
+          if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
+              echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
+          fi

-      sleep 2
+          sleep 2

-      set -e
-    '';
+          set -e
+        '';
    services.udev.extraRules = lib.mkDefault ''
      ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
      ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"
--- a/platforms/nixos/modules/nmasur/profiles/nas.nix
+++ b/platforms/nixos/modules/nmasur/profiles/nas.nix
@ -25,16 +25,17 @@ in
        bind.enable = lib.mkDefault true;
        caddy.enable = lib.mkDefault true;
        calibre-web.enable = lib.mkDefault true;
-        cloudflare.enable = lib.mkDefault true;
        cloudflared.enable = lib.mkDefault true;
+        cloudflare.enable = lib.mkDefault true;
        filebrowser.enable = lib.mkDefault true;
        immich.enable = lib.mkDefault true;
        jellyfin.enable = lib.mkDefault true;
        nextcloud.enable = lib.mkDefault true;
        nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
        paperless.enable = lib.mkDefault true;
-        samba.enable = lib.mkDefault true;
        postgresql.enable = lib.mkDefault true;
+        samba.enable = lib.mkDefault true;
+        vm-agent.enable = lib.mkDefault true;
      };
    };

--- a/platforms/nixos/modules/services/filebrowser.nix
+++ b/platforms/nixos/modules/services/filebrowser.nix
@ -20,7 +20,7 @@ let
    "auth.method" = "json";
    username = username;
    # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
-    password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
+    password = cfg.passwordHash;
  };

 in
@ -31,6 +31,7 @@ in
    passwordHash = lib.mkOption {
      type = lib.types.str;
      description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
+      default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
    };
  };