From 76e74f4939ce564006434f966399ea2b9ba3f4b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Thu, 26 Mar 2026 22:35:23 +0100 Subject: [PATCH 1/3] feat: switch from flake-utils to flake-parts --- flake.lock | 76 +++++++++---------- flake.nix | 209 ++++++++++++++++++++++++++--------------------------- 2 files changed, 139 insertions(+), 146 deletions(-) diff --git a/flake.lock b/flake.lock index 53adfc6..60ad441 100644 --- a/flake.lock +++ b/flake.lock @@ -132,6 +132,24 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "neovim-nightly-overlay", @@ -152,7 +170,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -173,24 +191,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -295,7 +295,7 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", "nixpkgs": "nixpkgs" }, @@ -361,6 +361,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-master": { "locked": { "lastModified": 1774515149, @@ -476,7 +491,7 @@ "root": { "inputs": { "assets": "assets", - "flake-utils": "flake-utils", + "flake-parts": "flake-parts", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "neovim-nightly-overlay": "neovim-nightly-overlay", @@ -516,13 +531,13 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" ], "nur": "nur", - "systems": "systems_2", + "systems": "systems", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -559,21 +574,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index f678e0f..10563d7 100644 --- a/flake.nix +++ b/flake.nix @@ -6,10 +6,6 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-master.url = "github:nixos/nixpkgs/master"; - # dotfiles = { - # url = "git+https://git.janezic.dev/janezicmatej/.dotfiles.git"; - # flake = false; - # }; nvim = { url = "git+https://git.janezic.dev/janezicmatej/nvim.git"; flake = false; @@ -17,7 +13,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - flake-utils.url = "github:numtide/flake-utils"; + flake-parts.url = "github:hercules-ci/flake-parts"; home-manager = { url = "github:nix-community/home-manager/release-25.11"; @@ -40,118 +36,115 @@ }; neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; - }; outputs = - inputs@{ - nixpkgs, - flake-utils, - ... - }: + inputs@{ flake-parts, nixpkgs, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ "x86_64-linux" ]; - let - my-lib = import ./lib { inherit (nixpkgs) lib; }; + perSystem = + { system, pkgs, ... }: + let + my-lib = import ./lib { inherit (nixpkgs) lib; }; + in + { + packages = + import ./packages + { + inherit my-lib; + inherit (nixpkgs) lib; + } + { + inherit pkgs; + pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system}; + pkgs-master = inputs.nixpkgs-master.legacyPackages.${system}; + }; - overlays = [ - ( - _: prev: - let - pkgs-unstable = import inputs.nixpkgs-unstable { - inherit (prev.stdenv.hostPlatform) system; - inherit (prev) config; - }; - pkgs-master = import inputs.nixpkgs-master { - inherit (prev.stdenv.hostPlatform) system; - inherit (prev) config; - }; - in - { - inherit (pkgs-master) claude-code; - # TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop - inherit (pkgs-unstable) telegram-desktop; - } - ) - ]; + formatter = pkgs.nixfmt-tree; - mkHost = my-lib.mkHost { - inherit - nixpkgs - overlays - inputs - ; - }; - - in - - { - lib = my-lib; - - nixosConfigurations = { - fw16 = mkHost "fw16" { - system = "x86_64-linux"; - user = "matej"; - }; - tower = mkHost "tower" { - system = "x86_64-linux"; - user = "matej"; + devShells.default = pkgs.mkShell { + packages = [ + pkgs.pre-commit + pkgs.statix + pkgs.shellcheck + pkgs.shfmt + pkgs.qemu + ]; + }; }; - # nixos-rebuild build-image --image-variant install-iso --flake .#iso - iso = mkHost "iso" { - system = "x86_64-linux"; - }; + flake = + let + my-lib = import ./lib { inherit (nixpkgs) lib; }; - ephvm = mkHost "ephvm" { - system = "x86_64-linux"; - user = "matej"; - }; - }; - - nixosModules = import ./modules/nixos { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; - - homeManagerModules = import ./modules/home-manager { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; - - nixosProfiles = import ./profiles { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; - } - // flake-utils.lib.eachDefaultSystem ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - packages = - import ./packages - { - inherit my-lib; - inherit (nixpkgs) lib; - } - { - pkgs = nixpkgs.legacyPackages.${system}; - pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system}; - pkgs-master = inputs.nixpkgs-master.legacyPackages.${system}; - }; - - formatter = pkgs.nixfmt-tree; - - devShells.default = pkgs.mkShell { - packages = [ - pkgs.pre-commit - pkgs.statix - pkgs.shellcheck - pkgs.shfmt - pkgs.qemu + overlays = [ + ( + _: prev: + let + pkgs-unstable = import inputs.nixpkgs-unstable { + inherit (prev.stdenv.hostPlatform) system; + inherit (prev) config; + }; + pkgs-master = import inputs.nixpkgs-master { + inherit (prev.stdenv.hostPlatform) system; + inherit (prev) config; + }; + in + { + inherit (pkgs-master) claude-code; + # TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop + inherit (pkgs-unstable) telegram-desktop; + } + ) ]; + + mkHost = my-lib.mkHost { + inherit + nixpkgs + overlays + inputs + ; + }; + in + { + lib = my-lib; + + nixosConfigurations = { + fw16 = mkHost "fw16" { + system = "x86_64-linux"; + user = "matej"; + }; + tower = mkHost "tower" { + system = "x86_64-linux"; + user = "matej"; + }; + + # nixos-rebuild build-image --image-variant install-iso --flake .#iso + iso = mkHost "iso" { + system = "x86_64-linux"; + }; + + ephvm = mkHost "ephvm" { + system = "x86_64-linux"; + user = "matej"; + }; + }; + + nixosModules = import ./modules/nixos { + inherit my-lib; + inherit (nixpkgs) lib; + } { }; + + homeManagerModules = import ./modules/home-manager { + inherit my-lib; + inherit (nixpkgs) lib; + } { }; + + nixosProfiles = import ./profiles { + inherit my-lib; + inherit (nixpkgs) lib; + } { }; }; - } - ); + }; } From 8c6fefb95bf90e00713430447047fe4faed02b33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Thu, 26 Mar 2026 23:10:56 +0100 Subject: [PATCH 2/3] feat: migrate from modules to features --- features/calibre.nix | 22 +++++ features/claude.nix | 10 +++ features/desktop.nix | 85 +++++++++++++++++++ features/dev.nix | 30 +++++++ features/docker.nix | 12 +++ features/gnupg.nix | 9 ++ features/greeter.nix | 28 ++++++ features/initrd-ssh.nix | 75 ++++++++++++++++ features/localisation.nix | 25 ++++++ {modules/home-manager => features}/neovim.nix | 56 ++++++------ features/networkmanager.nix | 9 ++ features/nix-ld.nix | 5 ++ features/openssh.nix | 25 ++++++ features/printing.nix | 10 +++ features/shell.nix | 25 ++++++ features/steam.nix | 10 +++ features/sway.nix | 38 +++++++++ features/tailscale.nix | 8 ++ features/user-matej.nix | 33 +++++++ features/vm-9p-automount.nix | 72 ++++++++++++++++ features/vm-guest.nix | 47 ++++++++++ features/yubikey.nix | 12 +++ flake.nix | 14 --- lib/mkHost.nix | 62 +++++++++----- modules/home-manager/claude.nix | 25 ------ modules/home-manager/default.nix | 1 - modules/home-manager/desktop.nix | 38 --------- modules/home-manager/dev.nix | 39 --------- modules/home-manager/shell.nix | 26 ------ modules/nixos/calibre.nix | 32 ------- modules/nixos/default.nix | 1 - modules/nixos/desktop.nix | 44 ---------- modules/nixos/gnupg.nix | 20 ----- modules/nixos/greeter.nix | 37 -------- modules/nixos/initrd-ssh.nix | 83 ------------------ modules/nixos/localisation.nix | 28 ------ modules/nixos/nvidia.nix | 23 ----- modules/nixos/openssh.nix | 29 ------- modules/nixos/printing.nix | 21 ----- modules/nixos/sway.nix | 54 ------------ modules/nixos/vm-9p-automount.nix | 74 ---------------- modules/nixos/vm-guest.nix | 49 ----------- modules/nixos/workstation.nix | 31 ------- modules/nixos/yubikey.nix | 23 ----- modules/nixos/zsh.nix | 19 ----- profiles/base.nix | 17 ---- profiles/default.nix | 1 - profiles/desktop.nix | 21 ----- profiles/server.nix | 15 ---- users/matej/home-manager.nix | 22 ----- users/matej/keys.nix | 6 -- users/matej/nixos.nix | 27 ------ 52 files changed, 657 insertions(+), 871 deletions(-) create mode 100644 features/calibre.nix create mode 100644 features/claude.nix create mode 100644 features/desktop.nix create mode 100644 features/dev.nix create mode 100644 features/docker.nix create mode 100644 features/gnupg.nix create mode 100644 features/greeter.nix create mode 100644 features/initrd-ssh.nix create mode 100644 features/localisation.nix rename {modules/home-manager => features}/neovim.nix (50%) create mode 100644 features/networkmanager.nix create mode 100644 features/nix-ld.nix create mode 100644 features/openssh.nix create mode 100644 features/printing.nix create mode 100644 features/shell.nix create mode 100644 features/steam.nix create mode 100644 features/sway.nix create mode 100644 features/tailscale.nix create mode 100644 features/user-matej.nix create mode 100644 features/vm-9p-automount.nix create mode 100644 features/vm-guest.nix create mode 100644 features/yubikey.nix delete mode 100644 modules/home-manager/claude.nix delete mode 100644 modules/home-manager/default.nix delete mode 100644 modules/home-manager/desktop.nix delete mode 100644 modules/home-manager/dev.nix delete mode 100644 modules/home-manager/shell.nix delete mode 100644 modules/nixos/calibre.nix delete mode 100644 modules/nixos/default.nix delete mode 100644 modules/nixos/desktop.nix delete mode 100644 modules/nixos/gnupg.nix delete mode 100644 modules/nixos/greeter.nix delete mode 100644 modules/nixos/initrd-ssh.nix delete mode 100644 modules/nixos/localisation.nix delete mode 100644 modules/nixos/nvidia.nix delete mode 100644 modules/nixos/openssh.nix delete mode 100644 modules/nixos/printing.nix delete mode 100644 modules/nixos/sway.nix delete mode 100644 modules/nixos/vm-9p-automount.nix delete mode 100644 modules/nixos/vm-guest.nix delete mode 100644 modules/nixos/workstation.nix delete mode 100644 modules/nixos/yubikey.nix delete mode 100644 modules/nixos/zsh.nix delete mode 100644 profiles/base.nix delete mode 100644 profiles/default.nix delete mode 100644 profiles/desktop.nix delete mode 100644 profiles/server.nix delete mode 100644 users/matej/home-manager.nix delete mode 100644 users/matej/keys.nix delete mode 100644 users/matej/nixos.nix diff --git a/features/calibre.nix b/features/calibre.nix new file mode 100644 index 0000000..e310fa7 --- /dev/null +++ b/features/calibre.nix @@ -0,0 +1,22 @@ +{ + nixos = + { pkgs, ... }: + { + environment.systemPackages = [ pkgs.calibre ]; + + # udev rules for kindle and mtp device access + # NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules + # because extraRules writes to 99-local.rules which is too late for uaccess + # see https://github.com/NixOS/nixpkgs/issues/308681 + services.udev.packages = [ + pkgs.libmtp + (pkgs.writeTextFile { + name = "kindle-udev-rules"; + text = '' + ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/70-kindle.rules"; + }) + ]; + }; +} diff --git a/features/claude.nix b/features/claude.nix new file mode 100644 index 0000000..6f5fd2a --- /dev/null +++ b/features/claude.nix @@ -0,0 +1,10 @@ +{ + home = + { pkgs, ... }: + { + home.packages = [ + pkgs.claude-code + pkgs.mcp-nixos + ]; + }; +} diff --git a/features/desktop.nix b/features/desktop.nix new file mode 100644 index 0000000..f2e06af --- /dev/null +++ b/features/desktop.nix @@ -0,0 +1,85 @@ +{ + nixos = + { pkgs, inputs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; + + # audio + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + # bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; + + security.polkit.enable = true; + services.dbus.enable = true; + services.playerctld.enable = true; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + ]; + }; + + fonts.packages = with pkgs; [ + font-awesome + nerd-fonts.jetbrains-mono + ]; + + # theming + stylix = { + enable = true; + polarity = "dark"; + image = "${inputs.assets}/wallpaper.png"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; + }; + + programs.thunderbird.enable = true; + programs._1password.enable = true; + programs._1password-gui.enable = true; + + environment.systemPackages = with pkgs; [ + easyeffects + ghostty + google-chrome + zathura + pavucontrol + bolt-launcher + libnotify + bibata-cursors + vesktop + rocketchat-desktop + telegram-desktop + slack + jellyfin-media-player + cider-2 + mpv + ffmpeg + wf-recorder + wl-mirror + protonmail-bridge + ledger-live-desktop + ]; + + # internal CA + security.pki.certificateFiles = [ + inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}.ca-matheo-si + ]; + + xdg.mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; + }; + }; + + home = + { inputs, ... }: + { + home.file.".assets".source = inputs.assets; + }; +} diff --git a/features/dev.nix b/features/dev.nix new file mode 100644 index 0000000..c3cd8e3 --- /dev/null +++ b/features/dev.nix @@ -0,0 +1,30 @@ +{ + home = + { pkgs, inputs, ... }: + let + packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; + in + { + home.packages = [ + pkgs.git + packages.git-linearize + packages.ggman + pkgs.go + pkgs.python3 + pkgs.mdbook + pkgs.marksman + pkgs.mdformat + pkgs.google-cloud-sdk + pkgs.google-cloud-sql-proxy + packages.ahab + pkgs.just + pkgs.presenterm + pkgs.osc + ]; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/features/docker.nix b/features/docker.nix new file mode 100644 index 0000000..16440ee --- /dev/null +++ b/features/docker.nix @@ -0,0 +1,12 @@ +{ + nixos = + { user, ... }: + { + virtualisation.docker = { + enable = true; + logDriver = "json-file"; + }; + + users.users.${user}.extraGroups = [ "docker" ]; + }; +} diff --git a/features/gnupg.nix b/features/gnupg.nix new file mode 100644 index 0000000..e39f156 --- /dev/null +++ b/features/gnupg.nix @@ -0,0 +1,9 @@ +{ + nixos = _: { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; + }; +} diff --git a/features/greeter.nix b/features/greeter.nix new file mode 100644 index 0000000..54bddb6 --- /dev/null +++ b/features/greeter.nix @@ -0,0 +1,28 @@ +{ + nixos = + { lib, inputs, ... }: + { + programs.regreet = { + enable = true; + # single output to avoid stretching across monitors + cageArgs = [ + "-s" + "-m" + "last" + ]; + font = { + name = lib.mkForce "JetBrainsMono Nerd Font"; + size = lib.mkForce 14; + }; + settings = { + background = { + path = lib.mkForce "${inputs.assets}/wallpaper.png"; + fit = lib.mkForce "Cover"; + }; + GTK = { + application_prefer_dark_theme = lib.mkForce true; + }; + }; + }; + }; +} diff --git a/features/initrd-ssh.nix b/features/initrd-ssh.nix new file mode 100644 index 0000000..23e7056 --- /dev/null +++ b/features/initrd-ssh.nix @@ -0,0 +1,75 @@ +{ + nixos = + { lib, config, ... }: + let + keyDir = "/etc/secrets/initrd"; + + mkIpString = + { + address, + gateway, + netmask, + interface, + ... + }: + "${address}::${gateway}:${netmask}::${interface}:none"; + in + { + options = { + initrd-ssh = { + ip = { + enable = lib.mkEnableOption "static IP for initrd (otherwise DHCP)"; + + address = lib.mkOption { + type = lib.types.str; + }; + + gateway = lib.mkOption { + type = lib.types.str; + }; + + netmask = lib.mkOption { + type = lib.types.str; + default = "255.255.255.0"; + }; + + interface = lib.mkOption { + type = lib.types.str; + }; + }; + + authorizedKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + + networkModule = lib.mkOption { + type = lib.types.str; + }; + }; + }; + + config = { + boot.initrd.kernelModules = [ config.initrd-ssh.networkModule ]; + boot.kernelParams = lib.mkIf config.initrd-ssh.ip.enable [ + "ip=${mkIpString config.initrd-ssh.ip}" + ]; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ + "${keyDir}/ssh_host_rsa_key" + "${keyDir}/ssh_host_ed25519_key" + ]; + inherit (config.initrd-ssh) authorizedKeys; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + }; + }; +} diff --git a/features/localisation.nix b/features/localisation.nix new file mode 100644 index 0000000..df07cdc --- /dev/null +++ b/features/localisation.nix @@ -0,0 +1,25 @@ +{ + nixos = + { lib, config, ... }: + { + options = { + localisation = { + timeZone = lib.mkOption { + type = lib.types.str; + }; + + defaultLocale = lib.mkOption { + type = lib.types.str; + }; + }; + }; + + config = { + time.timeZone = config.localisation.timeZone; + i18n.defaultLocale = config.localisation.defaultLocale; + + # NOTE:(@janezicmatej) some apps (e.g. java) need TZ env var explicitly + environment.variables.TZ = config.localisation.timeZone; + }; + }; +} diff --git a/modules/home-manager/neovim.nix b/features/neovim.nix similarity index 50% rename from modules/home-manager/neovim.nix rename to features/neovim.nix index a6c162d..6d03685 100644 --- a/modules/home-manager/neovim.nix +++ b/features/neovim.nix @@ -1,36 +1,36 @@ { - config, - lib, - pkgs, - ... -}: -{ - options = { - neovim = { - enable = lib.mkEnableOption "neovim nightly with lsp support"; - package = lib.mkPackageOption pkgs "neovim" { }; - dotfiles = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = "path to neovim config directory"; + home = + { + config, + options, + lib, + pkgs, + inputs, + ... + }: + { + options = { + neovim.dotfiles = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + }; }; - }; - }; - config = lib.mkIf config.neovim.enable ( - lib.mkMerge [ - (lib.mkIf (config.neovim.dotfiles != null) { - xdg.configFile."nvim".source = config.neovim.dotfiles; - }) - { + config = { + # only disable when stylix is present (loaded by desktop feature) + stylix.targets.neovim.enable = lib.mkIf (options ? stylix) false; + + xdg.configFile."nvim" = lib.mkIf (config.neovim.dotfiles != null) { + source = config.neovim.dotfiles; + }; + programs.neovim = { enable = true; vimAlias = true; defaultEditor = true; - inherit (config.neovim) package; + package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; extraPackages = with pkgs; [ - # runtime deps gcc luajit nodejs_22 @@ -38,13 +38,11 @@ gnumake osc - # search and diff fd ripgrep bat delta - # language servers pyright typescript-language-server lua-language-server @@ -52,7 +50,6 @@ nil nixd - # formatters nixpkgs-fmt stylua ]; @@ -64,7 +61,6 @@ "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}" ]; }; - } - ] - ); + }; + }; } diff --git a/features/networkmanager.nix b/features/networkmanager.nix new file mode 100644 index 0000000..05a10c2 --- /dev/null +++ b/features/networkmanager.nix @@ -0,0 +1,9 @@ +{ + nixos = _: { + networking.networkmanager.enable = true; + networking.nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; +} diff --git a/features/nix-ld.nix b/features/nix-ld.nix new file mode 100644 index 0000000..e81219c --- /dev/null +++ b/features/nix-ld.nix @@ -0,0 +1,5 @@ +{ + nixos = _: { + programs.nix-ld.enable = true; + }; +} diff --git a/features/openssh.nix b/features/openssh.nix new file mode 100644 index 0000000..7a03aef --- /dev/null +++ b/features/openssh.nix @@ -0,0 +1,25 @@ +{ + nixos = + { lib, config, ... }: + { + options = { + openssh.port = lib.mkOption { + type = lib.types.port; + default = 22; + }; + }; + + config = { + services.openssh = { + enable = true; + ports = [ config.openssh.port ]; + settings = { + PasswordAuthentication = false; + AllowUsers = null; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + }; + }; + }; + }; +} diff --git a/features/printing.nix b/features/printing.nix new file mode 100644 index 0000000..a564157 --- /dev/null +++ b/features/printing.nix @@ -0,0 +1,10 @@ +{ + nixos = _: { + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} diff --git a/features/shell.nix b/features/shell.nix new file mode 100644 index 0000000..23c2ce1 --- /dev/null +++ b/features/shell.nix @@ -0,0 +1,25 @@ +{ + nixos = _: { + programs.zsh.enable = true; + environment.etc."zshenv".text = '' + export ZDOTDIR=$HOME/.config/zsh + ''; + }; + + home = + { pkgs, ... }: + { + home.packages = with pkgs; [ + starship + fzf + htop + jc + jq + openssl + pv + ripgrep + fd + tmux + ]; + }; +} diff --git a/features/steam.nix b/features/steam.nix new file mode 100644 index 0000000..d1b76f7 --- /dev/null +++ b/features/steam.nix @@ -0,0 +1,10 @@ +{ + nixos = _: { + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + }; + }; +} diff --git a/features/sway.nix b/features/sway.nix new file mode 100644 index 0000000..6c8a94c --- /dev/null +++ b/features/sway.nix @@ -0,0 +1,38 @@ +{ + nixos = + { pkgs, ... }: + { + programs.sway = { + enable = true; + package = pkgs.swayfx; + wrapperFeatures.gtk = true; + extraSessionCommands = '' + # fix for java awt apps not rendering + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + }; + + environment.systemPackages = with pkgs; [ + waybar + mako + wob + playerctl + brightnessctl + foot + grim + pulseaudio + swayidle + swaylock-effects + jq + slurp + wl-clipboard + pamixer + wlsunset + satty + wayland-pipewire-idle-inhibit + fuzzel + cliphist + zenity + ]; + }; +} diff --git a/features/tailscale.nix b/features/tailscale.nix new file mode 100644 index 0000000..a6916ad --- /dev/null +++ b/features/tailscale.nix @@ -0,0 +1,8 @@ +{ + nixos = _: { + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + }; +} diff --git a/features/user-matej.nix b/features/user-matej.nix new file mode 100644 index 0000000..ab0065f --- /dev/null +++ b/features/user-matej.nix @@ -0,0 +1,33 @@ +let + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" + ]; +in +{ + keys = { + sshAuthorizedKeys = sshKeys; + }; + + nixos = + { pkgs, ... }: + { + users.users.matej = { + uid = 1000; + isNormalUser = true; + home = "/home/matej"; + shell = pkgs.zsh; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = sshKeys; + }; + + users.groups.matej = { + gid = 1000; + members = [ "matej" ]; + }; + }; + + home = _: { + home.stateVersion = "24.11"; + }; +} diff --git a/features/vm-9p-automount.nix b/features/vm-9p-automount.nix new file mode 100644 index 0000000..bfc9751 --- /dev/null +++ b/features/vm-9p-automount.nix @@ -0,0 +1,72 @@ +{ + nixos = + { + pkgs, + lib, + config, + ... + }: + let + inherit (config.vm-9p-automount) user; + inherit (config.users.users.${user}) home group; + in + { + options = { + vm-9p-automount = { + user = lib.mkOption { + type = lib.types.str; + }; + + prefix = lib.mkOption { + type = lib.types.str; + default = "m_"; + }; + + basePath = lib.mkOption { + type = lib.types.str; + default = "${home}/mnt"; + }; + }; + }; + + config = { + systemd.services.vm-9p-automount = { + description = "Auto-discover and mount 9p shares"; + after = [ + "local-fs.target" + "nss-user-lookup.target" + "systemd-modules-load.service" + ]; + wants = [ "systemd-modules-load.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "vm-9p-automount" '' + BASE="${config.vm-9p-automount.basePath}" + PREFIX="${config.vm-9p-automount.prefix}" + mkdir -p "$BASE" + chown ${user}:${group} "$BASE" + + for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do + [ -f "$tagfile" ] || continue + tag=$(tr -d '\0' < "$tagfile") + + case "$tag" in + "$PREFIX"*) ;; + *) continue ;; + esac + + name="''${tag#"$PREFIX"}" + target="$BASE/$name" + + mkdir -p "$target" + ${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \ + -o trans=virtio,version=9p2000.L || continue + done + ''; + }; + }; + }; + }; +} diff --git a/features/vm-guest.nix b/features/vm-guest.nix new file mode 100644 index 0000000..0d6e7af --- /dev/null +++ b/features/vm-guest.nix @@ -0,0 +1,47 @@ +{ + nixos = + { + pkgs, + lib, + config, + ... + }: + { + options = { + vm-guest.headless = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = { + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = lib.mkIf (!config.vm-guest.headless) true; + + boot.kernelParams = lib.mkIf config.vm-guest.headless [ "console=ttyS0,115200" ]; + + boot.initrd.availableKernelModules = [ + "9p" + "9pnet_virtio" + ]; + boot.kernelModules = [ + "9p" + "9pnet_virtio" + ]; + + networking = { + useDHCP = true; + firewall.allowedTCPPorts = [ 22 ]; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + curl + wget + htop + sshfs + ]; + }; + }; +} diff --git a/features/yubikey.nix b/features/yubikey.nix new file mode 100644 index 0000000..966a1aa --- /dev/null +++ b/features/yubikey.nix @@ -0,0 +1,12 @@ +{ + nixos = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + yubikey-personalization + yubikey-manager + ]; + + services.pcscd.enable = true; + }; +} diff --git a/flake.nix b/flake.nix index 10563d7..abbbe9a 100644 --- a/flake.nix +++ b/flake.nix @@ -131,20 +131,6 @@ }; }; - nixosModules = import ./modules/nixos { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; - - homeManagerModules = import ./modules/home-manager { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; - - nixosProfiles = import ./profiles { - inherit my-lib; - inherit (nixpkgs) lib; - } { }; }; }; } diff --git a/lib/mkHost.nix b/lib/mkHost.nix index 80c67d3..bcb28ec 100644 --- a/lib/mkHost.nix +++ b/lib/mkHost.nix @@ -8,23 +8,47 @@ name: { system, user ? null, + features ? [ ], }: let - hostConfig = ../hosts/${name}/configuration.nix; - hostHWConfig = ../hosts/${name}/hardware-configuration.nix; - hasHWConfig = builtins.pathExists hostHWConfig; + inherit (nixpkgs) lib; hasUser = user != null; - userKeys = if hasUser then import ../users/${user}/keys.nix else { }; + # path helpers + featurePath = f: ../features/${f}.nix; + userFeaturePath = u: ../features/user-${u}.nix; + hostConfig = ../hosts/${name}/configuration.nix; + hostHWConfig = ../hosts/${name}/hardware-configuration.nix; - # auto-import all nixos modules and profiles - nixosModuleList = builtins.attrValues inputs.self.nixosModules; - nixosProfileList = builtins.attrValues inputs.self.nixosProfiles; + # load feature with path check + loadFeature = + f: + assert + builtins.pathExists (featurePath f) + || throw "feature '${f}' not found at ${toString (featurePath f)}"; + import (featurePath f); - # auto-import all home-manager modules - hmModuleList = builtins.attrValues inputs.self.homeManagerModules; + loadedFeatures = map loadFeature features; + # load user feature with path check + userFeature = + if hasUser then + assert + builtins.pathExists (userFeaturePath user) + || throw "user feature 'user-${user}' not found at ${toString (userFeaturePath user)}"; + import (userFeaturePath user) + else + null; + + allFeatures = loadedFeatures ++ lib.optional (userFeature != null) userFeature; + + # extract keys from user feature for specialArgs + userKeys = if userFeature != null then (userFeature.keys or { }) else { }; + + # collect nixos and home modules from all features + nixosMods = map (f: f.nixos) (builtins.filter (f: f ? nixos) allFeatures); + homeMods = map (f: f.home) (builtins.filter (f: f ? home) allFeatures); in nixpkgs.lib.nixosSystem { inherit system; @@ -33,27 +57,23 @@ nixpkgs.lib.nixosSystem { { nixpkgs.overlays = overlays; } { nixpkgs.config.allowUnfree = true; } + { networking.hostName = name; } hostConfig ] - ++ nixpkgs.lib.optional hasHWConfig hostHWConfig - ++ nixosModuleList - ++ nixosProfileList - ++ nixpkgs.lib.optional ( - hasUser && builtins.pathExists ../users/${user}/nixos.nix - ) ../users/${user}/nixos.nix - ++ [ + ++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig + ++ nixosMods + ++ lib.optionals hasUser [ inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.users = nixpkgs.lib.mkIf hasUser { - ${user} = import ../users/${user}/home-manager.nix; - }; - home-manager.sharedModules = hmModuleList; + home-manager.users.${user}.imports = homeMods; home-manager.extraSpecialArgs = { inherit inputs; }; } ]; - specialArgs = { inherit inputs userKeys; }; + specialArgs = { + inherit inputs userKeys user; + }; } diff --git a/modules/home-manager/claude.nix b/modules/home-manager/claude.nix deleted file mode 100644 index 1cf9c6d..0000000 --- a/modules/home-manager/claude.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: -let - packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; -in -{ - options = { - claude = { - enable = lib.mkEnableOption "claude code"; - package = lib.mkPackageOption pkgs "claude-code" { }; - }; - }; - - config = lib.mkIf config.claude.enable { - home.packages = [ - config.claude.package - pkgs.mcp-nixos - ]; - }; -} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix deleted file mode 100644 index 70db651..0000000 --- a/modules/home-manager/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ lib, my-lib }: args: (my-lib.autoDir ./.) diff --git a/modules/home-manager/desktop.nix b/modules/home-manager/desktop.nix deleted file mode 100644 index a3b8ff1..0000000 --- a/modules/home-manager/desktop.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: -{ - options = { - desktop.enable = lib.mkEnableOption "desktop gui applications"; - }; - - config = lib.mkIf config.desktop.enable { - home.packages = with pkgs; [ - ghostty - google-chrome - zathura - pavucontrol - bolt-launcher - libnotify - bibata-cursors - vesktop - rocketchat-desktop - telegram-desktop - slack - jellyfin-media-player - cider-2 - protonmail-bridge - ledger-live-desktop - mpv - ffmpeg - wf-recorder - wl-mirror - ]; - - home.file.".assets".source = inputs.assets; - }; -} diff --git a/modules/home-manager/dev.nix b/modules/home-manager/dev.nix deleted file mode 100644 index 49f3340..0000000 --- a/modules/home-manager/dev.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: -let - packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; -in -{ - options = { - dev.enable = lib.mkEnableOption "development tools"; - }; - - config = lib.mkIf config.dev.enable { - home.packages = [ - pkgs.git - packages.git-linearize - packages.ggman - pkgs.go - pkgs.python3 - pkgs.mdbook - pkgs.marksman - pkgs.mdformat - pkgs.google-cloud-sdk - pkgs.google-cloud-sql-proxy - packages.ahab - pkgs.just - pkgs.presenterm - pkgs.osc - ]; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - }; -} diff --git a/modules/home-manager/shell.nix b/modules/home-manager/shell.nix deleted file mode 100644 index 5a4d4f7..0000000 --- a/modules/home-manager/shell.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - options = { - shell.enable = lib.mkEnableOption "shell utilities"; - }; - - config = lib.mkIf config.shell.enable { - home.packages = with pkgs; [ - starship - fzf - htop - jc - jq - openssl - pv - ripgrep - fd - tmux - ]; - }; -} diff --git a/modules/nixos/calibre.nix b/modules/nixos/calibre.nix deleted file mode 100644 index fc0f806..0000000 --- a/modules/nixos/calibre.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options = { - calibre = { - enable = lib.mkEnableOption "Calibre e-book management with Kindle support"; - }; - }; - - config = lib.mkIf config.calibre.enable { - environment.systemPackages = [ pkgs.calibre ]; - - # udev rules for kindle and mtp device access - # NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules - # because extraRules writes to 99-local.rules which is too late for uaccess - # see https://github.com/NixOS/nixpkgs/issues/308681 - services.udev.packages = [ - pkgs.libmtp - (pkgs.writeTextFile { - name = "kindle-udev-rules"; - text = '' - ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess" - ''; - destination = "/etc/udev/rules.d/70-kindle.rules"; - }) - ]; - }; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 70db651..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ lib, my-lib }: args: (my-lib.autoDir ./.) diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop.nix deleted file mode 100644 index d402c22..0000000 --- a/modules/nixos/desktop.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options = { - desktop = { - enable = lib.mkEnableOption "base desktop environment"; - }; - }; - - config = lib.mkIf config.desktop.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - - hardware.bluetooth.enable = true; - services.blueman.enable = true; - - security.polkit.enable = true; - - services.dbus.enable = true; - - services.playerctld.enable = true; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - ]; - }; - - fonts.packages = with pkgs; [ - font-awesome - nerd-fonts.jetbrains-mono - maple-mono.NF - ]; - }; -} diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix deleted file mode 100644 index e3cec8a..0000000 --- a/modules/nixos/gnupg.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - gnupg = { - enable = lib.mkEnableOption "GnuPG agent with SSH support"; - }; - }; - - config = lib.mkIf config.gnupg.enable { - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - enableExtraSocket = true; - }; - }; -} diff --git a/modules/nixos/greeter.nix b/modules/nixos/greeter.nix deleted file mode 100644 index e371877..0000000 --- a/modules/nixos/greeter.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: -{ - options = { - greeter.enable = lib.mkEnableOption "greetd with regreet"; - }; - - config = lib.mkIf config.greeter.enable { - programs.regreet = { - enable = true; - # single output to avoid stretching across monitors - cageArgs = [ - "-s" - "-m" - "last" - ]; - font = { - name = lib.mkForce "JetBrainsMono Nerd Font"; - size = lib.mkForce 14; - }; - settings = { - background = { - path = lib.mkForce "${inputs.assets}/wallpaper.png"; - fit = lib.mkForce "Cover"; - }; - GTK = { - application_prefer_dark_theme = lib.mkForce true; - }; - }; - }; - }; -} diff --git a/modules/nixos/initrd-ssh.nix b/modules/nixos/initrd-ssh.nix deleted file mode 100644 index 7801356..0000000 --- a/modules/nixos/initrd-ssh.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - lib, - config, - ... -}: -let - # generate host keys for new machines: ./scripts/initrd-ssh-keygen.sh - keyDir = "/etc/secrets/initrd"; - - mkIpString = - { - address, - gateway, - netmask, - interface, - ... - }: - "${address}::${gateway}:${netmask}::${interface}:none"; -in -{ - options = { - initrd-ssh = { - enable = lib.mkEnableOption "SSH in initrd for remote LUKS unlock"; - - ip = { - enable = lib.mkEnableOption "static IP for initrd (otherwise DHCP)"; - - address = lib.mkOption { - type = lib.types.str; - example = "10.222.0.247"; - }; - - gateway = lib.mkOption { - type = lib.types.str; - example = "10.222.0.1"; - }; - - netmask = lib.mkOption { - type = lib.types.str; - default = "255.255.255.0"; - }; - - interface = lib.mkOption { - type = lib.types.str; - example = "enp5s0"; - }; - }; - - authorizedKeys = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - - networkModule = lib.mkOption { - type = lib.types.str; - example = "r8169"; - }; - }; - }; - - config = lib.mkIf config.initrd-ssh.enable { - boot.initrd.kernelModules = [ config.initrd-ssh.networkModule ]; - boot.kernelParams = lib.mkIf config.initrd-ssh.ip.enable [ - "ip=${mkIpString config.initrd-ssh.ip}" - ]; - - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ - "${keyDir}/ssh_host_rsa_key" - "${keyDir}/ssh_host_ed25519_key" - ]; - inherit (config.initrd-ssh) authorizedKeys; - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - }; -} diff --git a/modules/nixos/localisation.nix b/modules/nixos/localisation.nix deleted file mode 100644 index 85ceab0..0000000 --- a/modules/nixos/localisation.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - localisation = { - enable = lib.mkEnableOption "localisation defaults"; - - timeZone = lib.mkOption { - type = lib.types.str; - }; - - defaultLocale = lib.mkOption { - type = lib.types.str; - }; - }; - }; - - config = lib.mkIf config.localisation.enable { - time.timeZone = config.localisation.timeZone; - i18n.defaultLocale = config.localisation.defaultLocale; - - # NOTE:(@janezicmatej) some apps (e.g. java) need TZ env var explicitly - environment.variables.TZ = config.localisation.timeZone; - }; -} diff --git a/modules/nixos/nvidia.nix b/modules/nixos/nvidia.nix deleted file mode 100644 index 85164a4..0000000 --- a/modules/nixos/nvidia.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - nvidia.enable = lib.mkEnableOption "NVIDIA GPU support"; - }; - - config = lib.mkIf config.nvidia.enable { - hardware.graphics.enable = true; - - services.xserver.videoDrivers = [ "nvidia" ]; - - hardware.nvidia = { - modesetting.enable = true; - open = true; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; - }; -} diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix deleted file mode 100644 index 5a1fabd..0000000 --- a/modules/nixos/openssh.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - openssh = { - enable = lib.mkEnableOption "hardened SSH server"; - port = lib.mkOption { - type = lib.types.port; - default = 22; - }; - }; - }; - - config = lib.mkIf config.openssh.enable { - services.openssh = { - enable = true; - ports = [ config.openssh.port ]; - settings = { - PasswordAuthentication = false; - AllowUsers = null; - PermitRootLogin = "no"; - StreamLocalBindUnlink = "yes"; - }; - }; - }; -} diff --git a/modules/nixos/printing.nix b/modules/nixos/printing.nix deleted file mode 100644 index 0b9c49c..0000000 --- a/modules/nixos/printing.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - printing = { - enable = lib.mkEnableOption "CUPS printing with Avahi discovery"; - }; - }; - - config = lib.mkIf config.printing.enable { - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - }; -} diff --git a/modules/nixos/sway.nix b/modules/nixos/sway.nix deleted file mode 100644 index 5a9e89a..0000000 --- a/modules/nixos/sway.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - - options = { - sway = { - enable = lib.mkEnableOption "enable sway module"; - cmdFlags = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - }; - }; - - config = lib.mkIf config.sway.enable { - programs.sway = { - enable = true; - package = pkgs.swayfx; - wrapperFeatures.gtk = true; - extraOptions = config.sway.cmdFlags; - extraSessionCommands = '' - # fix for java awt apps not rendering - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - - environment.systemPackages = with pkgs; [ - waybar - mako - wob - playerctl - brightnessctl - foot - grim - pulseaudio - swayidle - swaylock-effects - jq - slurp - wl-clipboard - pamixer - wlsunset - satty - wayland-pipewire-idle-inhibit - fuzzel - cliphist - zenity - ]; - }; -} diff --git a/modules/nixos/vm-9p-automount.nix b/modules/nixos/vm-9p-automount.nix deleted file mode 100644 index 2fbe427..0000000 --- a/modules/nixos/vm-9p-automount.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - inherit (config.vm-9p-automount) user; - inherit (config.users.users.${user}) home group; -in -{ - options = { - vm-9p-automount = { - enable = lib.mkEnableOption "auto-discover and mount 9p shares"; - - user = lib.mkOption { - type = lib.types.str; - description = "user to own the mount points"; - }; - - prefix = lib.mkOption { - type = lib.types.str; - default = "m_"; - description = "9p mount tag prefix to match"; - }; - - basePath = lib.mkOption { - type = lib.types.str; - default = "${home}/mnt"; - description = "directory to mount shares under"; - }; - }; - }; - - config = lib.mkIf config.vm-9p-automount.enable { - systemd.services.vm-9p-automount = { - description = "Auto-discover and mount 9p shares"; - after = [ - "local-fs.target" - "nss-user-lookup.target" - "systemd-modules-load.service" - ]; - wants = [ "systemd-modules-load.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeShellScript "vm-9p-automount" '' - BASE="${config.vm-9p-automount.basePath}" - PREFIX="${config.vm-9p-automount.prefix}" - mkdir -p "$BASE" - chown ${user}:${group} "$BASE" - - for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do - [ -f "$tagfile" ] || continue - tag=$(tr -d '\0' < "$tagfile") - - case "$tag" in - "$PREFIX"*) ;; - *) continue ;; - esac - - name="''${tag#"$PREFIX"}" - target="$BASE/$name" - - mkdir -p "$target" - ${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \ - -o trans=virtio,version=9p2000.L || continue - done - ''; - }; - }; - }; -} diff --git a/modules/nixos/vm-guest.nix b/modules/nixos/vm-guest.nix deleted file mode 100644 index d259a03..0000000 --- a/modules/nixos/vm-guest.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - options = { - vm-guest = { - enable = lib.mkEnableOption "VM guest configuration"; - headless = lib.mkOption { - type = lib.types.bool; - default = false; - description = "run without display, serial console only"; - }; - }; - }; - - config = lib.mkIf config.vm-guest.enable { - services.qemuGuest.enable = true; - services.spice-vdagentd.enable = lib.mkIf (!config.vm-guest.headless) true; - - boot.kernelParams = lib.mkIf config.vm-guest.headless [ "console=ttyS0,115200" ]; - - # 9p for host file mounting - boot.initrd.availableKernelModules = [ - "9p" - "9pnet_virtio" - ]; - boot.kernelModules = [ - "9p" - "9pnet_virtio" - ]; - - networking = { - useDHCP = true; - firewall.allowedTCPPorts = [ 22 ]; - }; - - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - curl - wget - htop - sshfs - ]; - }; -} diff --git a/modules/nixos/workstation.nix b/modules/nixos/workstation.nix deleted file mode 100644 index ba736db..0000000 --- a/modules/nixos/workstation.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options = { - workstation = { - enable = lib.mkEnableOption "workstation utilities"; - }; - }; - - config = lib.mkIf config.workstation.enable { - programs.nix-ld.enable = true; - - virtualisation.docker = { - enable = true; - logDriver = "json-file"; - }; - - services.tailscale = { - enable = true; - useRoutingFeatures = "both"; - }; - - environment.systemPackages = with pkgs; [ - smartmontools - ]; - }; -} diff --git a/modules/nixos/yubikey.nix b/modules/nixos/yubikey.nix deleted file mode 100644 index 6fde5ac..0000000 --- a/modules/nixos/yubikey.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - - options = { - yubikey = { - enable = lib.mkEnableOption "enable yubikey module"; - }; - }; - - config = lib.mkIf config.yubikey.enable { - environment.systemPackages = with pkgs; [ - yubikey-personalization - yubikey-manager - ]; - - services.pcscd.enable = true; - }; -} diff --git a/modules/nixos/zsh.nix b/modules/nixos/zsh.nix deleted file mode 100644 index 039b339..0000000 --- a/modules/nixos/zsh.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - zsh = { - enable = lib.mkEnableOption "zsh with ZDOTDIR in ~/.config/zsh"; - }; - }; - - config = lib.mkIf config.zsh.enable { - programs.zsh.enable = true; - environment.etc."zshenv".text = '' - export ZDOTDIR=$HOME/.config/zsh - ''; - }; -} diff --git a/profiles/base.nix b/profiles/base.nix deleted file mode 100644 index c6531d4..0000000 --- a/profiles/base.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - profiles.base.enable = lib.mkEnableOption "base profile for all machines"; - }; - - config = lib.mkIf config.profiles.base.enable { - openssh.enable = lib.mkDefault true; - zsh.enable = lib.mkDefault true; - localisation.enable = lib.mkDefault true; - gnupg.enable = lib.mkDefault true; - }; -} diff --git a/profiles/default.nix b/profiles/default.nix deleted file mode 100644 index 70db651..0000000 --- a/profiles/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ lib, my-lib }: args: (my-lib.autoDir ./.) diff --git a/profiles/desktop.nix b/profiles/desktop.nix deleted file mode 100644 index 3836a89..0000000 --- a/profiles/desktop.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - profiles.desktop.enable = lib.mkEnableOption "desktop profile (sway, audio, printing)"; - }; - - config = lib.mkIf config.profiles.desktop.enable { - profiles.base.enable = lib.mkDefault true; - desktop.enable = lib.mkDefault true; - sway.enable = lib.mkDefault true; - greeter.enable = lib.mkDefault true; - printing.enable = lib.mkDefault true; - workstation.enable = lib.mkDefault true; - yubikey.enable = lib.mkDefault true; - calibre.enable = lib.mkDefault true; - }; -} diff --git a/profiles/server.nix b/profiles/server.nix deleted file mode 100644 index 4dfcd38..0000000 --- a/profiles/server.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options = { - profiles.server.enable = lib.mkEnableOption "headless server profile"; - }; - - config = lib.mkIf config.profiles.server.enable { - profiles.base.enable = lib.mkDefault true; - workstation.enable = lib.mkDefault true; - }; -} diff --git a/users/matej/home-manager.nix b/users/matej/home-manager.nix deleted file mode 100644 index a9b6f7d..0000000 --- a/users/matej/home-manager.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - inputs, - osConfig, - ... -}: - -{ - home.stateVersion = "24.11"; - - # always-on - shell.enable = true; - dev.enable = true; - neovim = { - enable = true; - package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; - }; - claude.enable = true; - - # desktop-conditional - desktop.enable = osConfig.desktop.enable; -} diff --git a/users/matej/keys.nix b/users/matej/keys.nix deleted file mode 100644 index 4abff00..0000000 --- a/users/matej/keys.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - sshAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" - ]; -} diff --git a/users/matej/nixos.nix b/users/matej/nixos.nix deleted file mode 100644 index 9b2a2c0..0000000 --- a/users/matej/nixos.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -let - keys = import ./keys.nix; -in -{ - users.users.matej = { - uid = 1000; - isNormalUser = true; - home = "/home/matej"; - shell = pkgs.zsh; - extraGroups = [ - "wheel" - "docker" - ]; - openssh.authorizedKeys.keys = keys.sshAuthorizedKeys; - }; - - users.groups.matej = { - gid = 1000; - members = [ "matej" ]; - }; -} From 404b6431cea20b1f63e23b3f6225d2b2f081271c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Thu, 26 Mar 2026 23:23:52 +0100 Subject: [PATCH 3/3] feat: update flake and hosts for new structure --- flake.nix | 106 +++++++--------------------------- flake/devshell.nix | 17 ++++++ flake/hosts.nix | 86 +++++++++++++++++++++++++++ flake/overlays.nix | 21 +++++++ flake/packages.nix | 22 +++++++ hosts/ephvm/configuration.nix | 21 +------ hosts/fw16/configuration.nix | 50 +--------------- hosts/iso/configuration.nix | 11 ---- hosts/tower/configuration.nix | 38 +----------- 9 files changed, 173 insertions(+), 199 deletions(-) create mode 100644 flake/devshell.nix create mode 100644 flake/hosts.nix create mode 100644 flake/overlays.nix create mode 100644 flake/packages.nix diff --git a/flake.nix b/flake.nix index abbbe9a..28489bb 100644 --- a/flake.nix +++ b/flake.nix @@ -39,98 +39,34 @@ }; outputs = - inputs@{ flake-parts, nixpkgs, ... }: + inputs@{ + flake-parts, + nixpkgs, + self, + ... + }: flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ + ./flake/overlays.nix + ./flake/packages.nix + ./flake/devshell.nix + ./flake/hosts.nix + ]; + systems = [ "x86_64-linux" ]; perSystem = - { system, pkgs, ... }: - let - my-lib = import ./lib { inherit (nixpkgs) lib; }; - in + { system, ... }: { - packages = - import ./packages - { - inherit my-lib; - inherit (nixpkgs) lib; - } - { - inherit pkgs; - pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system}; - pkgs-master = inputs.nixpkgs-master.legacyPackages.${system}; - }; - - formatter = pkgs.nixfmt-tree; - - devShells.default = pkgs.mkShell { - packages = [ - pkgs.pre-commit - pkgs.statix - pkgs.shellcheck - pkgs.shfmt - pkgs.qemu - ]; + _module.args.pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + config.allowUnfree = true; }; }; - flake = - let - my-lib = import ./lib { inherit (nixpkgs) lib; }; - - overlays = [ - ( - _: prev: - let - pkgs-unstable = import inputs.nixpkgs-unstable { - inherit (prev.stdenv.hostPlatform) system; - inherit (prev) config; - }; - pkgs-master = import inputs.nixpkgs-master { - inherit (prev.stdenv.hostPlatform) system; - inherit (prev) config; - }; - in - { - inherit (pkgs-master) claude-code; - # TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop - inherit (pkgs-unstable) telegram-desktop; - } - ) - ]; - - mkHost = my-lib.mkHost { - inherit - nixpkgs - overlays - inputs - ; - }; - in - { - lib = my-lib; - - nixosConfigurations = { - fw16 = mkHost "fw16" { - system = "x86_64-linux"; - user = "matej"; - }; - tower = mkHost "tower" { - system = "x86_64-linux"; - user = "matej"; - }; - - # nixos-rebuild build-image --image-variant install-iso --flake .#iso - iso = mkHost "iso" { - system = "x86_64-linux"; - }; - - ephvm = mkHost "ephvm" { - system = "x86_64-linux"; - user = "matej"; - }; - }; - - }; + flake = { + lib = import ./lib { inherit (nixpkgs) lib; }; + }; }; } diff --git a/flake/devshell.nix b/flake/devshell.nix new file mode 100644 index 0000000..f2f7f69 --- /dev/null +++ b/flake/devshell.nix @@ -0,0 +1,17 @@ +_: { + perSystem = + { pkgs, ... }: + { + formatter = pkgs.nixfmt-tree; + + devShells.default = pkgs.mkShell { + packages = [ + pkgs.pre-commit + pkgs.statix + pkgs.shellcheck + pkgs.shfmt + pkgs.qemu + ]; + }; + }; +} diff --git a/flake/hosts.nix b/flake/hosts.nix new file mode 100644 index 0000000..46cda93 --- /dev/null +++ b/flake/hosts.nix @@ -0,0 +1,86 @@ +{ inputs, self, ... }: + +let + inherit (inputs) nixpkgs; + my-lib = import ../lib { inherit (nixpkgs) lib; }; + + mkHost = my-lib.mkHost { + inherit nixpkgs inputs; + overlays = [ self.overlays.default ]; + }; +in +{ + flake.nixosConfigurations = { + fw16 = mkHost "fw16" { + system = "x86_64-linux"; + user = "matej"; + features = [ + "openssh" + "localisation" + "gnupg" + "shell" + "desktop" + "sway" + "greeter" + "printing" + "networkmanager" + "docker" + "tailscale" + "nix-ld" + "yubikey" + "calibre" + "steam" + "neovim" + "dev" + "claude" + ]; + }; + + tower = mkHost "tower" { + system = "x86_64-linux"; + user = "matej"; + features = [ + "openssh" + "localisation" + "gnupg" + "shell" + "desktop" + "sway" + "greeter" + "printing" + "networkmanager" + "docker" + "tailscale" + "yubikey" + "calibre" + "initrd-ssh" + "neovim" + "dev" + "claude" + ]; + }; + + # nixos-rebuild build-image --image-variant install-iso --flake .#iso + iso = mkHost "iso" { + system = "x86_64-linux"; + features = [ + "openssh" + ]; + }; + + ephvm = mkHost "ephvm" { + system = "x86_64-linux"; + user = "matej"; + features = [ + "openssh" + "localisation" + "gnupg" + "shell" + "vm-guest" + "vm-9p-automount" + "docker" + "neovim" + ]; + }; + }; +} diff --git a/flake/overlays.nix b/flake/overlays.nix new file mode 100644 index 0000000..e1f8698 --- /dev/null +++ b/flake/overlays.nix @@ -0,0 +1,21 @@ +{ inputs, ... }: + +{ + flake.overlays.default = + _: prev: + let + pkgs-unstable = import inputs.nixpkgs-unstable { + inherit (prev.stdenv.hostPlatform) system; + inherit (prev) config; + }; + pkgs-master = import inputs.nixpkgs-master { + inherit (prev.stdenv.hostPlatform) system; + inherit (prev) config; + }; + in + { + inherit (pkgs-master) claude-code; + # TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop + inherit (pkgs-unstable) telegram-desktop; + }; +} diff --git a/flake/packages.nix b/flake/packages.nix new file mode 100644 index 0000000..d5c6408 --- /dev/null +++ b/flake/packages.nix @@ -0,0 +1,22 @@ +{ inputs, ... }: + +let + my-lib = import ../lib { inherit (inputs.nixpkgs) lib; }; +in +{ + perSystem = + { pkgs, system, ... }: + { + packages = + import ../packages + { + inherit my-lib; + inherit (inputs.nixpkgs) lib; + } + { + inherit pkgs; + pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system}; + pkgs-master = inputs.nixpkgs-master.legacyPackages.${system}; + }; + }; +} diff --git a/hosts/ephvm/configuration.nix b/hosts/ephvm/configuration.nix index fc4d6d5..775d276 100644 --- a/hosts/ephvm/configuration.nix +++ b/hosts/ephvm/configuration.nix @@ -2,14 +2,9 @@ pkgs, lib, inputs, - config, ... }: { - networking.hostName = "ephvm"; - - profiles.base.enable = true; - # no hardware firmware needed in a VM hardware.enableRedistributableFirmware = lib.mkForce false; hardware.wirelessRegulatoryDatabase = lib.mkForce false; @@ -33,27 +28,15 @@ ); }; - vm-guest = { - enable = true; - headless = true; - }; + vm-guest.headless = true; - vm-9p-automount = { - enable = true; - user = "matej"; - }; + vm-9p-automount.user = "matej"; localisation = { timeZone = "UTC"; defaultLocale = "en_US.UTF-8"; }; - virtualisation.docker = { - enable = true; - logDriver = "json-file"; - }; - - # TODO:(@janezicmatej) move neovim dotfiles wiring to a cleaner place home-manager.users.matej = { neovim.dotfiles = inputs.nvim; }; diff --git a/hosts/fw16/configuration.nix b/hosts/fw16/configuration.nix index 16f66e0..5a698e8 100644 --- a/hosts/fw16/configuration.nix +++ b/hosts/fw16/configuration.nix @@ -1,40 +1,21 @@ { - config, lib, pkgs, inputs, options, - userKeys, ... }: -let - packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; -in - { imports = [ inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series - inputs.stylix.nixosModules.stylix ]; - profiles.desktop.enable = true; - localisation = { timeZone = "Europe/Ljubljana"; defaultLocale = "en_US.UTF-8"; }; - stylix = { - enable = true; - polarity = "dark"; - image = "${inputs.assets}/wallpaper.png"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; - }; - - # neovim manages its own theme - home-manager.users.matej.stylix.targets.neovim.enable = false; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -53,26 +34,11 @@ in HibernateDelaySec=30min ''; - # WARN:(@janezicmatej) nix-ld for running pip-installed binaries outside nix, probably want to drop this - programs.nix-ld.enable = true; programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; - security.pki.certificateFiles = [ packages.ca-matheo-si ]; services.gnome.gnome-keyring.enable = true; - services.teamviewer.enable = true; - programs.thunderbird.enable = true; - programs._1password.enable = true; - programs._1password-gui.enable = true; - programs.firefox.enable = true; - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - }; - services.hardware.bolt.enable = true; hardware.keyboard.zsa.enable = true; hardware.ledger.enable = true; @@ -85,21 +51,7 @@ in SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" ''; - programs.nm-applet.enable = true; - - networking = { - hostName = "fw16"; - networkmanager.enable = true; - firewall.enable = false; - nameservers = [ - "1.1.1.1" - "8.8.8.8" - ]; - }; - - xdg.mime.defaultApplications = { - "application/pdf" = "org.pwmt.zathura.desktop"; - }; + networking.firewall.enable = false; system.stateVersion = "24.11"; } diff --git a/hosts/iso/configuration.nix b/hosts/iso/configuration.nix index 8ce29b5..ff94e9c 100644 --- a/hosts/iso/configuration.nix +++ b/hosts/iso/configuration.nix @@ -1,23 +1,12 @@ { - pkgs, - lib, - inputs, userKeys, ... }: { - openssh.enable = true; - image.modules.iso-installer = { isoImage.squashfsCompression = "zstd -Xcompression-level 6"; }; - fileSystems."/" = lib.mkDefault { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - boot.loader.grub.device = lib.mkDefault "/dev/sda"; - networking.firewall.allowedTCPPorts = [ 22 ]; users = { diff --git a/hosts/tower/configuration.nix b/hosts/tower/configuration.nix index 3b37f10..411f772 100644 --- a/hosts/tower/configuration.nix +++ b/hosts/tower/configuration.nix @@ -1,42 +1,25 @@ { - config, lib, - pkgs, inputs, - options, userKeys, ... }: { imports = [ - inputs.stylix.nixosModules.stylix inputs.lanzaboote.nixosModules.lanzaboote ]; - profiles.desktop.enable = true; - - initrd-ssh = { - enable = true; - networkModule = "r8169"; - authorizedKeys = userKeys.sshAuthorizedKeys; - }; - localisation = { timeZone = "Europe/Ljubljana"; defaultLocale = "en_US.UTF-8"; }; - stylix = { - enable = true; - polarity = "dark"; - image = "${inputs.assets}/wallpaper.png"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; + initrd-ssh = { + networkModule = "r8169"; + authorizedKeys = userKeys.sshAuthorizedKeys; }; - # neovim manages its own theme - home-manager.users.matej.stylix.targets.neovim.enable = false; - # lanzaboote secure boot boot.kernelParams = [ "btusb.reset=1" ]; boot.loader.efi.canTouchEfiVariables = true; @@ -46,13 +29,8 @@ pkiBundle = "/var/lib/sbctl"; }; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - services.udisks2.enable = true; - programs._1password.enable = true; - programs._1password-gui.enable = true; - # higher sample rate for audio equipment services.pipewire.extraConfig.pipewire.adjust-sample-rate = { "context.properties" = { @@ -61,15 +39,5 @@ }; }; - environment.systemPackages = with pkgs; [ - easyeffects - ]; - - networking.hostName = "tower"; - - xdg.mime.defaultApplications = { - "application/pdf" = "org.pwmt.zathura.desktop"; - }; - system.stateVersion = "25.05"; }