diff --git a/features/bootloader.nix b/features/bootloader.nix index ae145e8..3975cbb 100644 --- a/features/bootloader.nix +++ b/features/bootloader.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, inputs, ... }: + { + config, + lib, + inputs, + ... + }: let cfg = config.features.bootloader; in @@ -19,22 +24,24 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - boot.loader.efi.canTouchEfiVariables = true; - } + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + boot.loader.efi.canTouchEfiVariables = true; + } - (lib.mkIf (cfg.mode == "systemd-boot") { - boot.loader.systemd-boot.enable = true; - }) + (lib.mkIf (cfg.mode == "systemd-boot") { + boot.loader.systemd-boot.enable = true; + }) - (lib.mkIf (cfg.mode == "lanzaboote") { - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - }) - ]); + (lib.mkIf (cfg.mode == "lanzaboote") { + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }) + ] + ); }; } diff --git a/features/claude.nix b/features/claude.nix index 23a5c7b..9e02787 100644 --- a/features/claude.nix +++ b/features/claude.nix @@ -6,7 +6,12 @@ }; home = - { pkgs, lib, osConfig, ... }: + { + pkgs, + lib, + osConfig, + ... + }: let cfg = osConfig.features.claude; in diff --git a/features/desktop.nix b/features/desktop.nix index 3caf908..4e1a3df 100644 --- a/features/desktop.nix +++ b/features/desktop.nix @@ -1,6 +1,12 @@ { nixos = - { config, lib, pkgs, inputs, ... }: + { + config, + lib, + pkgs, + inputs, + ... + }: let cfg = config.features.desktop; in @@ -49,98 +55,105 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - # base desktop - { - security.polkit.enable = true; - services.dbus.enable = true; - services.playerctld.enable = true; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + # base desktop + { + security.polkit.enable = true; + services.dbus.enable = true; + services.playerctld.enable = true; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + }; + + fonts.packages = with pkgs; [ + font-awesome + nerd-fonts.jetbrains-mono ]; - }; - fonts.packages = with pkgs; [ - font-awesome - nerd-fonts.jetbrains-mono - ]; + stylix = { + enable = true; + inherit (cfg.theme) polarity; + image = cfg.theme.wallpaper; + base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme.scheme}.yaml"; + }; + } - stylix = { - enable = true; - polarity = cfg.theme.polarity; - image = cfg.theme.wallpaper; - base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme.scheme}.yaml"; - }; - } + # audio + (lib.mkIf cfg.audio.enable { + services.pipewire = { + enable = true; + pulse.enable = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + easyeffects + ]; + }) - # audio - (lib.mkIf cfg.audio.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - easyeffects - ]; - }) + # bluetooth + (lib.mkIf cfg.bluetooth.enable { + hardware.bluetooth.enable = true; + services.blueman.enable = true; + }) - # bluetooth - (lib.mkIf cfg.bluetooth.enable { - hardware.bluetooth.enable = true; - services.blueman.enable = true; - }) + # apps + (lib.mkIf cfg.apps.enable { + programs.thunderbird.enable = true; - # apps - (lib.mkIf cfg.apps.enable { - programs.thunderbird.enable = true; + environment.systemPackages = with pkgs; [ + ghostty + google-chrome + zathura + calibre + bolt-launcher + libnotify + bibata-cursors + vesktop + rocketchat-desktop + telegram-desktop + slack + jellyfin-media-player + cider-2 + mpv + ffmpeg + wf-recorder + wl-mirror + protonmail-bridge + ledger-live-desktop + ]; - environment.systemPackages = with pkgs; [ - ghostty - google-chrome - zathura - calibre - bolt-launcher - libnotify - bibata-cursors - vesktop - rocketchat-desktop - telegram-desktop - slack - jellyfin-media-player - cider-2 - mpv - ffmpeg - wf-recorder - wl-mirror - protonmail-bridge - ledger-live-desktop - ]; + xdg.mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; + }; - xdg.mime.defaultApplications = { - "application/pdf" = "org.pwmt.zathura.desktop"; - }; + # kindle udev rules for calibre + features.udev.kindle.enable = lib.mkDefault true; + }) - # kindle udev rules for calibre - features.udev.kindle.enable = lib.mkDefault true; - }) - - # internal CA - (lib.mkIf cfg.internalCA.enable { - security.pki.certificateFiles = [ - inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}.ca-matheo-si - ]; - }) - ]); + # internal CA + (lib.mkIf cfg.internalCA.enable { + security.pki.certificateFiles = [ + inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}.ca-matheo-si + ]; + }) + ] + ); }; home = - { lib, inputs, osConfig, ... }: + { + lib, + inputs, + osConfig, + ... + }: let cfg = osConfig.features.desktop; in diff --git a/features/dev.nix b/features/dev.nix index 74690a6..c6b9a92 100644 --- a/features/dev.nix +++ b/features/dev.nix @@ -6,7 +6,13 @@ }; home = - { pkgs, lib, inputs, osConfig, ... }: + { + pkgs, + lib, + inputs, + osConfig, + ... + }: let cfg = osConfig.features.dev; packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; diff --git a/features/direnv/default.nix b/features/direnv/default.nix index 06af9d3..2890b15 100644 --- a/features/direnv/default.nix +++ b/features/direnv/default.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, inputs, ... }: + { + config, + lib, + inputs, + ... + }: let cfg = config.features.direnv; in diff --git a/features/docker.nix b/features/docker.nix index fd7b7f3..1f2dc35 100644 --- a/features/docker.nix +++ b/features/docker.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, user, ... }: + { + config, + lib, + user, + ... + }: let cfg = config.features.docker; in diff --git a/features/filedrop.nix b/features/filedrop.nix index fe867b4..2ccdf59 100644 --- a/features/filedrop.nix +++ b/features/filedrop.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, userKeys, ... }: + { + config, + lib, + userKeys, + ... + }: let cfg = config.features.filedrop; in diff --git a/features/gaming.nix b/features/gaming.nix index b4e07c3..7d7abf7 100644 --- a/features/gaming.nix +++ b/features/gaming.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: let cfg = config.features.gaming; in diff --git a/features/git.nix b/features/git.nix index 764eff3..120d9b9 100644 --- a/features/git.nix +++ b/features/git.nix @@ -6,7 +6,13 @@ }; home = - { pkgs, lib, inputs, osConfig, ... }: + { + pkgs, + lib, + inputs, + osConfig, + ... + }: let cfg = osConfig.features.git; packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; diff --git a/features/gnupg.nix b/features/gnupg.nix index 8647bc4..8510134 100644 --- a/features/gnupg.nix +++ b/features/gnupg.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: let cfg = config.features.gnupg; in @@ -14,23 +19,25 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - enableExtraSocket = true; - }; - } + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; + } - (lib.mkIf cfg.yubikey.enable { - environment.systemPackages = with pkgs; [ - yubikey-personalization - yubikey-manager - ]; + (lib.mkIf cfg.yubikey.enable { + environment.systemPackages = with pkgs; [ + yubikey-personalization + yubikey-manager + ]; - services.pcscd.enable = true; - }) - ]); + services.pcscd.enable = true; + }) + ] + ); }; } diff --git a/features/neovim.nix b/features/neovim.nix index a348e2f..5cbe7d8 100644 --- a/features/neovim.nix +++ b/features/neovim.nix @@ -26,54 +26,56 @@ cfg = osConfig.features.neovim; in { - config = lib.mkIf cfg.enable (lib.mkMerge [ - (lib.optionalAttrs (options ? stylix) { - # disable stylix neovim target when stylix is present - stylix.targets.neovim.enable = false; - }) - { - xdg.configFile."nvim" = lib.mkIf (cfg.dotfiles != null) { - source = cfg.dotfiles; - }; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.optionalAttrs (options ? stylix) { + # disable stylix neovim target when stylix is present + stylix.targets.neovim.enable = false; + }) + { + xdg.configFile."nvim" = lib.mkIf (cfg.dotfiles != null) { + source = cfg.dotfiles; + }; - programs.neovim = { - enable = true; - vimAlias = true; - defaultEditor = true; - package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; + programs.neovim = { + enable = true; + vimAlias = true; + defaultEditor = true; + package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; - extraPackages = with pkgs; [ - gcc - luajit - nodejs_22 - tree-sitter - gnumake - osc + extraPackages = with pkgs; [ + gcc + luajit + nodejs_22 + tree-sitter + gnumake + osc - fd - ripgrep - bat - delta + fd + ripgrep + bat + delta - pyright - typescript-language-server - lua-language-server - gopls - nil - nixd + pyright + typescript-language-server + lua-language-server + gopls + nil + nixd - nixpkgs-fmt - stylua - ]; + nixpkgs-fmt + stylua + ]; - extraWrapperArgs = [ - "--suffix" - "LD_LIBRARY_PATH" - ":" - "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}" - ]; - }; - } - ]); + extraWrapperArgs = [ + "--suffix" + "LD_LIBRARY_PATH" + ":" + "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}" + ]; + }; + } + ] + ); }; } diff --git a/features/nix-settings.nix b/features/nix-settings.nix index 06246d1..20618fb 100644 --- a/features/nix-settings.nix +++ b/features/nix-settings.nix @@ -41,29 +41,27 @@ ]; download-buffer-size = 2 * 1024 * 1024 * 1024; warn-dirty = false; - substituters = - [ - "https://cache.nixos.org" - "https://nix-community.cachix.org?priority=45" - ] - ++ lib.optional cfg.towerCache.enable "http://tower:5000?priority=50"; - trusted-public-keys = - [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ] - ++ lib.optional cfg.towerCache.enable "matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE="; + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org?priority=45" + ] + ++ lib.optional cfg.towerCache.enable "http://tower:5000?priority=50"; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ] + ++ lib.optional cfg.towerCache.enable "matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE="; }; gc = { automatic = true; - dates = cfg.gc.dates; + inherit (cfg.gc) dates; options = "--delete-older-than ${cfg.gc.olderThan}"; }; optimise = { automatic = true; - dates = cfg.optimise.dates; + inherit (cfg.optimise) dates; }; }; }; diff --git a/features/onepassword.nix b/features/onepassword.nix index d1e5b50..698ee74 100644 --- a/features/onepassword.nix +++ b/features/onepassword.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, user, ... }: + { + config, + lib, + user, + ... + }: let cfg = config.features.onepassword; in diff --git a/features/remote-base.nix b/features/remote-base.nix index 18c4d22..66f1ebb 100644 --- a/features/remote-base.nix +++ b/features/remote-base.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, user, ... }: + { + config, + lib, + user, + ... + }: let cfg = config.features.remote-base; in diff --git a/features/shell.nix b/features/shell.nix index 43f41cd..603688e 100644 --- a/features/shell.nix +++ b/features/shell.nix @@ -6,7 +6,12 @@ }; home = - { pkgs, lib, osConfig, ... }: + { + pkgs, + lib, + osConfig, + ... + }: let cfg = osConfig.features.shell; in diff --git a/features/sway.nix b/features/sway.nix index 1bfae7f..fa1cc09 100644 --- a/features/sway.nix +++ b/features/sway.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: let cfg = config.features.sway; desktopCfg = config.features.desktop; @@ -15,77 +20,79 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # soft dependency - features.desktop.enable = lib.mkDefault true; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + # soft dependency + features.desktop.enable = lib.mkDefault true; - # hard dependency - assertions = [ - { - assertion = desktopCfg.enable; - message = "features.sway requires features.desktop"; - } - ]; - - programs.sway = { - enable = true; - package = pkgs.swayfx; - wrapperFeatures.gtk = true; - extraSessionCommands = '' - # fix for java awt apps not rendering - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - - environment.systemPackages = with pkgs; [ - waybar - mako - wob - playerctl - brightnessctl - foot - grim - pulseaudio - swayidle - swaylock-effects - jq - slurp - wl-clipboard - pamixer - wlsunset - satty - wayland-pipewire-idle-inhibit - fuzzel - cliphist - zenity - ]; - } - - # greeter - (lib.mkIf cfg.greeter.enable { - programs.regreet = { - enable = true; - cageArgs = [ - "-s" - "-m" - "last" + # hard dependency + assertions = [ + { + assertion = desktopCfg.enable; + message = "features.sway requires features.desktop"; + } ]; - font = { - name = lib.mkForce "JetBrainsMono Nerd Font"; - size = lib.mkForce 14; + + programs.sway = { + enable = true; + package = pkgs.swayfx; + wrapperFeatures.gtk = true; + extraSessionCommands = '' + # fix for java awt apps not rendering + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; }; - settings = { - background = { - path = lib.mkForce (toString desktopCfg.theme.wallpaper); - fit = lib.mkForce "Cover"; + + environment.systemPackages = with pkgs; [ + waybar + mako + wob + playerctl + brightnessctl + foot + grim + pulseaudio + swayidle + swaylock-effects + jq + slurp + wl-clipboard + pamixer + wlsunset + satty + wayland-pipewire-idle-inhibit + fuzzel + cliphist + zenity + ]; + } + + # greeter + (lib.mkIf cfg.greeter.enable { + programs.regreet = { + enable = true; + cageArgs = [ + "-s" + "-m" + "last" + ]; + font = { + name = lib.mkForce "JetBrainsMono Nerd Font"; + size = lib.mkForce 14; }; - GTK = { - application_prefer_dark_theme = lib.mkForce true; + settings = { + background = { + path = lib.mkForce (toString desktopCfg.theme.wallpaper); + fit = lib.mkForce "Cover"; + }; + GTK = { + application_prefer_dark_theme = lib.mkForce true; + }; }; }; - }; - }) - ]); + }) + ] + ); }; } diff --git a/features/udev.nix b/features/udev.nix index 5e3764e..64dec65 100644 --- a/features/udev.nix +++ b/features/udev.nix @@ -1,6 +1,11 @@ { nixos = - { config, lib, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: let cfg = config.features.udev; in @@ -24,29 +29,31 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - (lib.mkIf cfg.kindle.enable { - # NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules - # because extraRules writes to 99-local.rules which is too late for uaccess - services.udev.packages = [ - pkgs.libmtp - (pkgs.writeTextFile { - name = "kindle-udev-rules"; - text = '' - ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess" - ''; - destination = "/etc/udev/rules.d/70-kindle.rules"; - }) - ]; - }) + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.kindle.enable { + # NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules + # because extraRules writes to 99-local.rules which is too late for uaccess + services.udev.packages = [ + pkgs.libmtp + (pkgs.writeTextFile { + name = "kindle-udev-rules"; + text = '' + ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/70-kindle.rules"; + }) + ]; + }) - (lib.mkIf cfg.ledger.enable { - hardware.ledger.enable = true; - }) + (lib.mkIf cfg.ledger.enable { + hardware.ledger.enable = true; + }) - (lib.mkIf cfg.keyboard-zsa.enable { - hardware.keyboard.zsa.enable = true; - }) - ]); + (lib.mkIf cfg.keyboard-zsa.enable { + hardware.keyboard.zsa.enable = true; + }) + ] + ); }; } diff --git a/features/user-matej.nix b/features/user-matej.nix index 50d3086..13784f4 100644 --- a/features/user-matej.nix +++ b/features/user-matej.nix @@ -9,23 +9,21 @@ in sshAuthorizedKeys = sshKeys; }; - nixos = - { ... }: - { - users.users.matej = { - uid = 1000; - isNormalUser = true; - home = "/home/matej"; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = sshKeys; - }; - - users.groups.matej = { - gid = 1000; - members = [ "matej" ]; - }; + nixos = _: { + users.users.matej = { + uid = 1000; + isNormalUser = true; + home = "/home/matej"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = sshKeys; }; + users.groups.matej = { + gid = 1000; + members = [ "matej" ]; + }; + }; + home = _: { home.stateVersion = "26.05"; }; diff --git a/features/vm-guest.nix b/features/vm-guest.nix index 8014528..475a221 100644 --- a/features/vm-guest.nix +++ b/features/vm-guest.nix @@ -40,76 +40,78 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - services.qemuGuest.enable = true; - services.spice-vdagentd.enable = lib.mkIf (!cfg.headless) true; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = lib.mkIf (!cfg.headless) true; - boot.kernelParams = lib.mkIf cfg.headless [ "console=ttyS0,115200" ]; + boot.kernelParams = lib.mkIf cfg.headless [ "console=ttyS0,115200" ]; - boot.initrd.availableKernelModules = [ - "9p" - "9pnet_virtio" - ]; - boot.kernelModules = [ - "9p" - "9pnet_virtio" - ]; - - networking = { - useDHCP = true; - firewall.allowedTCPPorts = [ 22 ]; - }; - - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - curl - wget - htop - sshfs - ]; - } - - (lib.mkIf cfg.automount.enable { - systemd.services.vm-9p-automount = { - description = "Auto-discover and mount 9p shares"; - after = [ - "local-fs.target" - "nss-user-lookup.target" - "systemd-modules-load.service" + boot.initrd.availableKernelModules = [ + "9p" + "9pnet_virtio" + ]; + boot.kernelModules = [ + "9p" + "9pnet_virtio" ]; - wants = [ "systemd-modules-load.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeShellScript "vm-9p-automount" '' - BASE="${cfg.automount.basePath}" - PREFIX="${cfg.automount.prefix}" - mkdir -p "$BASE" - chown ${autoUser}:${autoGroup} "$BASE" - for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do - [ -f "$tagfile" ] || continue - tag=$(tr -d '\0' < "$tagfile") - - case "$tag" in - "$PREFIX"*) ;; - *) continue ;; - esac - - name="''${tag#"$PREFIX"}" - target="$BASE/$name" - - mkdir -p "$target" - ${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \ - -o trans=virtio,version=9p2000.L || continue - done - ''; + networking = { + useDHCP = true; + firewall.allowedTCPPorts = [ 22 ]; }; - }; - }) - ]); + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + curl + wget + htop + sshfs + ]; + } + + (lib.mkIf cfg.automount.enable { + systemd.services.vm-9p-automount = { + description = "Auto-discover and mount 9p shares"; + after = [ + "local-fs.target" + "nss-user-lookup.target" + "systemd-modules-load.service" + ]; + wants = [ "systemd-modules-load.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "vm-9p-automount" '' + BASE="${cfg.automount.basePath}" + PREFIX="${cfg.automount.prefix}" + mkdir -p "$BASE" + chown ${autoUser}:${autoGroup} "$BASE" + + for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do + [ -f "$tagfile" ] || continue + tag=$(tr -d '\0' < "$tagfile") + + case "$tag" in + "$PREFIX"*) ;; + *) continue ;; + esac + + name="''${tag#"$PREFIX"}" + target="$BASE/$name" + + mkdir -p "$target" + ${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \ + -o trans=virtio,version=9p2000.L || continue + done + ''; + }; + }; + }) + ] + ); }; } diff --git a/features/zsh.nix b/features/zsh.nix index 646b62e..66d0eda 100644 --- a/features/zsh.nix +++ b/features/zsh.nix @@ -1,6 +1,12 @@ { nixos = - { config, lib, pkgs, user, ... }: + { + config, + lib, + pkgs, + user, + ... + }: let cfg = config.features.zsh; in @@ -15,22 +21,29 @@ }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - programs.zsh.enable = true; - environment.etc."zshenv".text = '' - export ZDOTDIR=$HOME/.config/zsh - ''; - } + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + programs.zsh.enable = true; + environment.etc."zshenv".text = '' + export ZDOTDIR=$HOME/.config/zsh + ''; + } - (lib.mkIf cfg.loginShell.enable { - users.users.${user}.shell = pkgs.zsh; - }) - ]); + (lib.mkIf cfg.loginShell.enable { + users.users.${user}.shell = pkgs.zsh; + }) + ] + ); }; home = - { pkgs, lib, osConfig, ... }: + { + pkgs, + lib, + osConfig, + ... + }: let cfg = osConfig.features.zsh; in diff --git a/hosts/ephvm/configuration.nix b/hosts/ephvm/configuration.nix index 16076d7..ec5de00 100644 --- a/hosts/ephvm/configuration.nix +++ b/hosts/ephvm/configuration.nix @@ -75,9 +75,11 @@ # TODO:(@janezicmatej) replace ssh with virtio-console (hvc0) when qemu 11.0 lands # https://www.mail-archive.com/qemu-devel@nongnu.org/msg1162844.html # accept any ssh key (ephemeral localhost-only vm) - services.openssh.settings.AuthorizedKeysCommand = let - acceptKey = pkgs.writeShellScript "ephvm-accept-key" ''echo "$1 $2"''; - in "${acceptKey} %t %k"; + services.openssh.settings.AuthorizedKeysCommand = + let + acceptKey = pkgs.writeShellScript "ephvm-accept-key" ''echo "$1 $2"''; + in + "${acceptKey} %t %k"; services.openssh.settings.AuthorizedKeysCommandUser = "nobody"; # writable claude config via 9p diff --git a/lib/mkHost.nix b/lib/mkHost.nix index d6517fd..c8d522c 100644 --- a/lib/mkHost.nix +++ b/lib/mkHost.nix @@ -79,30 +79,29 @@ let in nixpkgs.lib.nixosSystem { inherit system; - modules = - [ - inputs.sops-nix.nixosModules.sops - inputs.stylix.nixosModules.stylix + modules = [ + inputs.sops-nix.nixosModules.sops + inputs.stylix.nixosModules.stylix - { nixpkgs.overlays = overlays; } - { nixpkgs.config.allowUnfree = true; } - { networking.hostName = name; } + { nixpkgs.overlays = overlays; } + { nixpkgs.config.allowUnfree = true; } + { networking.hostName = name; } - featureEnableModule - hostConfig - ] - ++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig - ++ nixosMods - ++ lib.optionals hasUser [ - inputs.home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.users.${user}.imports = homeMods; - home-manager.extraSpecialArgs = { inherit inputs; }; - } - ]; + featureEnableModule + hostConfig + ] + ++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig + ++ nixosMods + ++ lib.optionals hasUser [ + inputs.home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.users.${user}.imports = homeMods; + home-manager.extraSpecialArgs = { inherit inputs; }; + } + ]; specialArgs = { inherit inputs userKeys user; };