feat: Flake | revamp entire flake (#1)

Reviewed-on: #1
2025-02-16 06:35:32 +00:00
parent ecc87ef0b8
commit 79d044e8ef
80 changed files with 1015 additions and 174 deletions
--- a/hosts/common/optional/1password.nix
+++ b/hosts/common/optional/1password.nix
@@ -0,0 +1,14 @@
+{
+  config,
+  ...
+}:
+
+{
+  programs = {
+    _1password.enable = true;
+    _1password-gui = {
+      enable = true;
+      polkitPolicyOwners = [ config.hostSpec.username ];
+    };
+  };
+}
--- a/hosts/common/optional/dconf.nix
+++ b/hosts/common/optional/dconf.nix
@@ -0,0 +1,7 @@
+{
+  ...
+}:
+
+{
+  programs.dconf.enable = true;
+}
--- a/hosts/common/optional/docker.nix
+++ b/hosts/common/optional/docker.nix
@@ -0,0 +1,47 @@
+{
+  pkgs,
+  ...
+}: {
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerSocket.enable = true;
+      dockerCompat = true;
+
+      autoPrune = {
+        enable = true;
+        dates = "weekly";
+      };
+    };
+
+    containers = {
+      registries = {
+        search = ["docker.io"];
+      };
+    };
+
+    libvirtd = {
+      enable = true;
+      qemu = {
+        swtpm.enable = true;
+
+        ovmf = {
+          enable = true;
+          packages = with pkgs; [OVMFFull.fd];
+        };
+      };
+    };
+
+    spiceUSBRedirection.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    virt-manager
+    virt-viewer
+    spice
+    spice-gtk
+    spice-protocol
+    win-virtio
+    win-spice
+  ];
+}
--- a/hosts/common/optional/gaming.nix
+++ b/hosts/common/optional/gaming.nix
@@ -0,0 +1,22 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  programs = {
+    steam = {
+      enable = true;
+      gamescopeSession.enable = true;
+    };
+
+    # to run steam games in game mode, add the following to the game's properties from within steam
+    # gamemoderun %command%
+    gamemode.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    mangohud
+    protonup-qt
+  ];
+}
--- a/hosts/common/optional/hyprland.nix
+++ b/hosts/common/optional/hyprland.nix
@@ -0,0 +1,24 @@
+{
+  inputs,
+  pkgs,
+  ...
+}:
+
+{
+  programs.hyprland = {
+    enable = true;
+    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
+    portalPackage =
+      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
+  };
+
+  environment.systemPackages = with pkgs; [
+    hyprshot
+    hyprlock
+    hypridle
+    hyprpolkitagent
+    mako
+    waybar
+    wofi
+  ];
+}
--- a/hosts/common/optional/nix-ld.nix
+++ b/hosts/common/optional/nix-ld.nix
@@ -0,0 +1,7 @@
+{
+  ...
+}:
+
+{
+  programs.nix-ld.enable = true;
+}
--- a/hosts/common/optional/secure-boot.nix
+++ b/hosts/common/optional/secure-boot.nix
@@ -0,0 +1,10 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  environment.systemPackages = with pkgs; [
+    sbctl
+  ];
+}
--- a/hosts/common/optional/services/audio.nix
+++ b/hosts/common/optional/services/audio.nix
@@ -0,0 +1,23 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  services = {
+    # Enable sound with pipewire.
+    pulseaudio.enable = false;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      wireplumber.enable = true;
+    };
+  };
+  security.rtkit.enable = true;
+
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs) pavucontrol;
+  };
+}
--- a/hosts/common/optional/services/bluetooth.nix
+++ b/hosts/common/optional/services/bluetooth.nix
@@ -0,0 +1,11 @@
+{
+  ...
+}:
+
+{
+  services.blueman.enable = true;
+  hardware = {
+    bluetooth.enable = true;
+    bluetooth.powerOnBoot = true;
+  };
+}
--- a/hosts/common/optional/services/firmware.nix
+++ b/hosts/common/optional/services/firmware.nix
@@ -0,0 +1,7 @@
+{
+  ...
+}:
+
+{
+  services.fwupd.enable = true;
+}
--- a/hosts/common/optional/services/greetd.nix
+++ b/hosts/common/optional/services/greetd.nix
@@ -0,0 +1,16 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
+        user = "greeter";
+      };
+    };
+  };
+}
--- a/hosts/common/optional/services/openssh.nix
+++ b/hosts/common/optional/services/openssh.nix
@@ -0,0 +1,15 @@
+{
+  config,
+  ...
+}:
+let
+  sshPort = config.hostSpec.networking.ports.tcp.ssh;
+in
+{
+  services.openssh = {
+    enable = true;
+    ports = [ sshPort ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ sshPort ];
+}
--- a/hosts/common/optional/services/printing.nix
+++ b/hosts/common/optional/services/printing.nix
@@ -0,0 +1,8 @@
+# Reminder that CUPS cpanel defaults to localhost:631
+{
+  ...
+}:
+
+{
+  services.printing.enable = true;
+}
--- a/hosts/common/optional/services/smart-card.nix
+++ b/hosts/common/optional/services/smart-card.nix
@@ -0,0 +1,7 @@
+{
+  ...
+}:
+
+{
+  services.pcscd.enable = true;
+}
--- a/hosts/common/optional/yubikey.nix
+++ b/hosts/common/optional/yubikey.nix
@@ -0,0 +1,22 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  # yubikey login / sudo
+  security.pam = {
+    u2f = {
+      enable = true;
+      settings.cue = true;
+    };
+    services = {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    yubikey-manager
+  ];
+}