diff --git a/flake.lock b/flake.lock index 991f934..7438933 100644 --- a/flake.lock +++ b/flake.lock @@ -419,7 +419,7 @@ "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs", "nixpkgs-stable": [ - "nixpkgs" + "nixpkgs-unstable" ], "rust-overlay": "rust-overlay_2" }, diff --git a/flake.nix b/flake.nix index 7607af3..25919c5 100644 --- a/flake.nix +++ b/flake.nix @@ -40,10 +40,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nixpkgs-cosmic.follows = "nixos-cosmic/nixpkgs-stable"; nixos-cosmic = { url = "github:lilyinstarlight/nixos-cosmic"; - inputs.nixpkgs-stable.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs-unstable"; }; }; @@ -67,110 +66,30 @@ treefmtEval = forAllSystems ( system: inputs.treefmt-nix.lib.evalModule (pkgsForSystem system) ./treefmt.nix ); - - mkNixosSystem = { - extraModule, - nixpkgs' ? nixpkgs, - useDefaultConfiguration ? true, - }: - nixpkgs'.lib.nixosSystem rec { - system = "x86_64-linux"; - - specialArgs = { - inherit inputs system; - flake = self; - }; - - modules = - [ - extraModule - ] - ++ nixpkgs'.lib.optional useDefaultConfiguration ./nixos; - }; in { formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper)); - nixosConfigurations = { - sue-cosmic = mkNixosSystem { - useDefaultConfiguration = false; - extraModule = {...}: { - imports = [ - inputs.nixos-hardware.nixosModules.dell-xps-13-9310 - inputs.nixos-cosmic.nixosModules.default - ./modules/nixos/lanzaboote.nix + nixosConfigurations = nixpkgs.lib.mapAttrs ( + name: { + nixosModule, + homeManagerModule, + }: + nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + + specialArgs = { + inherit inputs system; + flake = self; + }; + + modules = [ + nixosModule + ./nixos + { + home-manager.users.pim.imports = [homeManagerModule]; + } ]; - - config = { - nixpkgs.config.allowUnfree = true; - nix.settings = { - substituters = ["https://cosmic.cachix.org/"]; - trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; - }; - - users = { - users.pim = { - isNormalUser = true; - extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"]; - }; - }; - - services.desktopManager.cosmic.enable = true; - services.displayManager.cosmic-greeter.enable = true; - - pim.lanzaboote.enable = true; - networking.hostName = "xps-9315"; - swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/560E-F8A2"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; - }; - - boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage"]; - }; - }; - }; - - sue = mkNixosSystem { - extraModule = {...}: { - imports = [inputs.nixos-hardware.nixosModules.dell-xps-13-9310]; - - config = { - pim.lanzaboote.enable = true; - networking.hostName = "xps-9315"; - swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/560E-F8A2"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; - }; - - nix.settings = { - substituters = ["https://cosmic.cachix.org/"]; - trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; - }; - - boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage"]; - }; - }; - }; - }; + } + ) (import ./machines); }; } diff --git a/home-manager/default.nix b/home-manager/default.nix index 2ba4fe6..1fb635f 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -11,7 +11,8 @@ ./firefox ./tidal.nix ./gnome.nix - ./gnome.nix + ./syncthing.nix + ./vscode.nix inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index ]; diff --git a/home-manager/firefox/default.nix b/home-manager/firefox/default.nix index a80cbda..3af7f8b 100644 --- a/home-manager/firefox/default.nix +++ b/home-manager/firefox/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, + config, ... }: let firefoxAddons = import ./addons.nix pkgs lib; @@ -17,8 +18,11 @@ "browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; }; + cfg = config.pim.firefox; in { - config = { + options.pim.firefox.enable = lib.mkEnableOption "firefox"; + + config = lib.mkIf cfg.enable { programs.firefox = { enable = true; profiles = { diff --git a/home-manager/gnome.nix b/home-manager/gnome.nix index c724114..a68d4ca 100644 --- a/home-manager/gnome.nix +++ b/home-manager/gnome.nix @@ -4,85 +4,91 @@ flake, config, ... -}: { - home.packages = with pkgs; [gnome.gnome-tweaks]; +}: let + cfg = config.pim.gnome; +in { + options.pim.gnome.enable = lib.mkEnableOption "gnome"; - dconf.settings = with lib.hm.gvariant; { - "org/gnome/desktop/sound".allow-volume-above-100-percent = true; - "org/gnome/desktop/wm.preferences".num-workspaces = 4; - "org/gnome/mutter".edge-tiling = true; + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [gnome.gnome-tweaks]; - "org/gnome/shell" = { - disable-extension-version-validation = true; + dconf.settings = with lib.hm.gvariant; { + "org/gnome/desktop/sound".allow-volume-above-100-percent = true; + "org/gnome/desktop/wm.preferences".num-workspaces = 4; + "org/gnome/mutter".edge-tiling = true; - enabled-extensions = [ - "workspaces-by-open-apps@favo02.github.com" - "pop-shell@system76.com" - "windowIsReady_Remover@nunofarruca@gmail.com" - "randomwallpaper@iflow.space" - "Vitals@CoreCoding.com" - "tailscale-status@maxgallup.github.com" - ]; + "org/gnome/shell" = { + disable-extension-version-validation = true; + + enabled-extensions = [ + "workspaces-by-open-apps@favo02.github.com" + "pop-shell@system76.com" + "windowIsReady_Remover@nunofarruca@gmail.com" + "randomwallpaper@iflow.space" + "Vitals@CoreCoding.com" + "tailscale-status@maxgallup.github.com" + ]; + }; + + "org/gnome/desktop/input-sources" = { + sources = [(mkTuple ["xkb" "us"])]; + xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; + }; + + "org/gnome/shell/extensions/pop-shell" = { + active-hint = true; + fullscreen-launcher = false; + mouse-cursor-focus-location = mkUint32 4; + mouse-cursor-follows-active-window = true; + show-skip-taskbar = false; + show-title = true; + smart-gaps = false; + snap-to-grid = false; + stacking-with-mouse = true; + tile-by-default = true; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = lib.getExe config.programs.alacritty.package; + name = "Terminal"; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { + binding = "e"; + command = "${lib.getExe config.programs.librewolf.package} --browser"; + name = "Browser"; + }; + + "org/gnome/desktop/wm/keybindings" = { + close = ["q"]; + minimize = mkEmptyArray type.string; + move-to-workspace-1 = ["1"]; + move-to-workspace-2 = ["2"]; + move-to-workspace-3 = ["3"]; + move-to-workspace-4 = ["4"]; + switch-applications = mkEmptyArray type.string; + switch-applications-backward = mkEmptyArray type.string; + switch-to-workspace-1 = ["1"]; + switch-to-workspace-2 = ["2"]; + switch-to-workspace-3 = ["3"]; + switch-to-workspace-4 = ["4"]; + toggle-fullscreen = ["f"]; + }; + + "org/gnome/shell/extensions/space-iflow-randomwallpaper" = { + auto-fetch = true; + change-type = 2; + hide-panel-icon = true; + history-length = 1; + hours = 0; + minutes = 30; + sources = ["42"]; + fetch-on-startup = true; + }; + + "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4; + "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers"; }; - - "org/gnome/desktop/input-sources" = { - sources = [(mkTuple ["xkb" "us"])]; - xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; - }; - - "org/gnome/shell/extensions/pop-shell" = { - active-hint = true; - fullscreen-launcher = false; - mouse-cursor-focus-location = mkUint32 4; - mouse-cursor-follows-active-window = true; - show-skip-taskbar = false; - show-title = true; - smart-gaps = false; - snap-to-grid = false; - stacking-with-mouse = true; - tile-by-default = true; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = lib.getExe config.programs.alacritty.package; - name = "Terminal"; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { - binding = "e"; - command = "${lib.getExe config.programs.librewolf.package} --browser"; - name = "Browser"; - }; - - "org/gnome/desktop/wm/keybindings" = { - close = ["q"]; - minimize = mkEmptyArray type.string; - move-to-workspace-1 = ["1"]; - move-to-workspace-2 = ["2"]; - move-to-workspace-3 = ["3"]; - move-to-workspace-4 = ["4"]; - switch-applications = mkEmptyArray type.string; - switch-applications-backward = mkEmptyArray type.string; - switch-to-workspace-1 = ["1"]; - switch-to-workspace-2 = ["2"]; - switch-to-workspace-3 = ["3"]; - switch-to-workspace-4 = ["4"]; - toggle-fullscreen = ["f"]; - }; - - "org/gnome/shell/extensions/space-iflow-randomwallpaper" = { - auto-fetch = true; - change-type = 2; - hide-panel-icon = true; - history-length = 1; - hours = 0; - minutes = 30; - sources = ["42"]; - fetch-on-startup = true; - }; - - "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4; - "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers"; }; } diff --git a/home-manager/neovim/default.nix b/home-manager/neovim/default.nix index 6b2c788..77672cd 100644 --- a/home-manager/neovim/default.nix +++ b/home-manager/neovim/default.nix @@ -1,5 +1,14 @@ -{pkgs, ...}: { - config = { +{ + pkgs, + config, + lib, + ... +}: let + cfg = config.pim.neovim; +in { + options.pim.neovim.enable = lib.mkEnableOption "neovim"; + + config = lib.mkIf cfg.enable { programs.neovim = { enable = true; viAlias = true; diff --git a/home-manager/syncthing.nix b/home-manager/syncthing.nix index fe900c3..4aeb8ea 100644 --- a/home-manager/syncthing.nix +++ b/home-manager/syncthing.nix @@ -1,8 +1,18 @@ -{config, ...}: { - services.syncthing.enable = true; +{ + config, + lib, + ... +}: let + cfg = config.pim.syncthing; +in { + options.pim.syncthing.enable = lib.mkEnableOption "syncthing"; - sops.secrets = { - "syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem"; - "syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem"; + config = lib.mkIf cfg.enable { + services.syncthing.enable = true; + + sops.secrets = { + "syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem"; + "syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem"; + }; }; } diff --git a/home-manager/tidal.nix b/home-manager/tidal.nix index da02453..679256d 100644 --- a/home-manager/tidal.nix +++ b/home-manager/tidal.nix @@ -1,5 +1,16 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - supercollider-with-sc3-plugins - ]; +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.pim.tidal; +in { + options.pim.tidal.enable = lib.mkEnableOption "tidal"; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + supercollider-with-sc3-plugins + ]; + }; } diff --git a/home-manager/vscode.nix b/home-manager/vscode.nix index af58a2d..df18541 100644 --- a/home-manager/vscode.nix +++ b/home-manager/vscode.nix @@ -1,25 +1,32 @@ { pkgs, lib, + config, ... -}: { - programs.vscode = { - enable = true; - package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - vscodevim.vim - marp-team.marp-vscode - jnoortheen.nix-ide - mkhl.direnv - ]; +}: let + cfg = config.pim.vscode; +in { + options.pim.vscode.enable = lib.mkEnableOption "vscode"; - userSettings = { - "nix.enableLanguageServer" = true; - "nix.serverPath" = lib.getExe pkgs.nil; - "terminal.integrated.defaultProfile.linux" = "fish"; - "explorer.confirmDragAndDrop" = false; - "explorer.confirmPasteNative" = false; - "explorer.confirmDelete" = false; + config = lib.mkIf cfg.enable { + programs.vscode = { + enable = true; + package = pkgs.vscodium; + extensions = with pkgs.vscode-extensions; [ + vscodevim.vim + marp-team.marp-vscode + jnoortheen.nix-ide + mkhl.direnv + ]; + + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = lib.getExe pkgs.nil; + "terminal.integrated.defaultProfile.linux" = "fish"; + "explorer.confirmDragAndDrop" = false; + "explorer.confirmPasteNative" = false; + "explorer.confirmDelete" = false; + }; }; }; } diff --git a/machines/default.nix b/machines/default.nix new file mode 100644 index 0000000..dcd2799 --- /dev/null +++ b/machines/default.nix @@ -0,0 +1,3 @@ +{ + sue = import ./sue; +} diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix new file mode 100644 index 0000000..d4d6cc5 --- /dev/null +++ b/machines/sue/configuration.nix @@ -0,0 +1,50 @@ +{inputs, ...}: { + imports = [inputs.nixos-hardware.nixosModules.dell-xps-13-9310]; + + config = { + pim = { + lanzaboote.enable = true; + tidal.enable = true; + gnome.enable = true; + stylix.enable = true; + wireguard.enable = true; + tailscale.enable = true; + compliance.enable = true; + sops.enable = true; + }; + + networking.hostName = "xps-9315"; + swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/560E-F8A2"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; + + nix.settings = { + substituters = ["https://cosmic.cachix.org/"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + + boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage"]; + + # specialisation.cosmic.configuration = { + # imports = [ + # inputs.nixos-cosmic.nixosModules.default + # ]; + + # services.desktopManager = { + # cosmic.enable = true; + # cosmic-greeter.enable = true; + # }; + # }; + }; +} diff --git a/machines/sue/default.nix b/machines/sue/default.nix new file mode 100644 index 0000000..3786a86 --- /dev/null +++ b/machines/sue/default.nix @@ -0,0 +1,4 @@ +{ + nixosModule = import ./configuration.nix; + homeManagerModule = import ./home.nix; +} diff --git a/machines/sue/home.nix b/machines/sue/home.nix new file mode 100644 index 0000000..a4366e8 --- /dev/null +++ b/machines/sue/home.nix @@ -0,0 +1,12 @@ +{...}: { + config = { + pim = { + tidal.enable = true; + gnome.enable = true; + vscode.enable = true; + syncthing.enable = true; + neovim.enable = true; + firefox.enable = true; + }; + }; +} diff --git a/nixos/compliance.nix b/nixos/compliance.nix index 8cfab12..e1181eb 100644 --- a/nixos/compliance.nix +++ b/nixos/compliance.nix @@ -1,5 +1,14 @@ -{ ... }: { - services.clamav = { - daemon.enable = true; +{ + config, + lib, + ... +}: let + cfg = config.pim.compliance; +in { + options.pim.compliance.enable = lib.mkEnableOption "compliance"; + config = lib.mkIf cfg.enable { + services.clamav = { + daemon.enable = true; + }; }; } diff --git a/nixos/gnome.nix b/nixos/gnome.nix index 771824f..451c67a 100644 --- a/nixos/gnome.nix +++ b/nixos/gnome.nix @@ -1,38 +1,49 @@ -{pkgs, ...}: { - services.xserver.desktopManager.gnome.enable = true; +{ + pkgs, + config, + lib, + ... +}: let + cfg = config.pim.gnome; +in { + options.pim.gnome.enable = lib.mkEnableOption "gnome"; - environment = { - systemPackages = - [ - pkgs.gnome.gnome-shell-extensions - ] - ++ (with pkgs.gnomeExtensions; [ - pop-shell - window-is-ready-remover - random-wallpaper - workspaces-indicator-by-open-apps - ]); + config = lib.mkIf cfg.enable { + services.xserver.desktopManager.gnome.enable = true; - gnome.excludePackages = - (with pkgs; [ - epiphany - gnome-connections - gnome-console - gnome-tour - ]) - ++ (with pkgs.gnome; [ - geary - gnome-calendar - gnome-clocks - gnome-contacts - gnome-font-viewer - gnome-logs - gnome-maps - gnome-music - seahorse - totem - yelp - gnome-weather - ]); + environment = { + systemPackages = + [ + pkgs.gnome.gnome-shell-extensions + ] + ++ (with pkgs.gnomeExtensions; [ + pop-shell + window-is-ready-remover + random-wallpaper + workspaces-indicator-by-open-apps + ]); + + gnome.excludePackages = + (with pkgs; [ + epiphany + gnome-connections + gnome-console + gnome-tour + ]) + ++ (with pkgs.gnome; [ + geary + gnome-calendar + gnome-clocks + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + seahorse + totem + yelp + gnome-weather + ]); + }; }; } diff --git a/nixos/sops.nix b/nixos/sops.nix index b806cee..f966469 100644 --- a/nixos/sops.nix +++ b/nixos/sops.nix @@ -2,14 +2,21 @@ inputs, pkgs, flake, + config, + lib, ... -}: { +}: let + cfg = config.pim.sops; +in { imports = [inputs.sops-nix.nixosModules.sops]; + options.pim.sops.enable = lib.mkEnableOption "sops"; - environment.systemPackages = with pkgs; [sops]; + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [sops]; - sops = { - age.keyFile = "/home/pim/.config/sops/age/keys.txt"; - defaultSopsFile = "${flake}/secrets/secrets.yaml"; + sops = { + age.keyFile = "/home/pim/.config/sops/age/keys.txt"; + defaultSopsFile = "${flake}/secrets/secrets.yaml"; + }; }; } diff --git a/nixos/stylix.nix b/nixos/stylix.nix index 8ce1215..741c0c8 100644 --- a/nixos/stylix.nix +++ b/nixos/stylix.nix @@ -1,35 +1,42 @@ { pkgs, inputs, + config, + lib, ... -}: { +}: let + cfg = config.pim.stylix; +in { imports = [inputs.stylix.nixosModules.stylix]; + options.pim.stylix.enable = lib.mkEnableOption "stylix"; - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; - image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png"; + config = lib.mkIf cfg.enable { + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; + image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png"; - cursor = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern-Classic"; - size = 28; - }; - - fonts = { - monospace = { - package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];}; - name = "JetBrainsMono Nerd Font Mono"; + cursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 28; }; - sansSerif = { - package = pkgs.dejavu_fonts; - name = "DejaVu Sans"; - }; + fonts = { + monospace = { + package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];}; + name = "JetBrainsMono Nerd Font Mono"; + }; - serif = { - package = pkgs.dejavu_fonts; - name = "DejaVu Serif"; + sansSerif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Sans"; + }; + + serif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Serif"; + }; }; }; }; diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix index 6faec07..8b299dc 100644 --- a/nixos/tailscale.nix +++ b/nixos/tailscale.nix @@ -1,10 +1,20 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.gnomeExtensions.tailscale-status]; +{ + pkgs, + config, + lib, + ... +}: let + cfg = config.pim.tailscale; +in { + options.pim.tailscale.enable = lib.mkEnableOption "tailscale"; + config = lib.mkIf cfg.enable { + environment.systemPackages = [pkgs.gnomeExtensions.tailscale-status]; - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + networking.networkmanager.unmanaged = ["tailscale0"]; }; - - networking.networkmanager.unmanaged = ["tailscale0"]; } diff --git a/nixos/tidal.nix b/nixos/tidal.nix index 96f40c5..ab70501 100644 --- a/nixos/tidal.nix +++ b/nixos/tidal.nix @@ -1,3 +1,13 @@ -{...}: { - users.users.pim.extraGroups = ["audio"]; +{ + lib, + config, + ... +}: let + cfg = config.pim.tidal; +in { + options.pim.tidal.enable = lib.mkEnableOption "tidal"; + + config = lib.mkIf cfg.enable { + users.users.pim.extraGroups = ["audio"]; + }; } diff --git a/nixos/wireguard.nix b/nixos/wireguard.nix index 443c48e..e954415 100644 --- a/nixos/wireguard.nix +++ b/nixos/wireguard.nix @@ -2,48 +2,54 @@ lib, config, ... -}: { - networking = { - useDHCP = lib.mkDefault true; - networkmanager.unmanaged = ["tailscale0"]; +}: let + cfg = config.pim.wireguard; +in { + options.pim.wireguard.enable = lib.mkEnableOption "wireguard"; - wg-quick.interfaces = { - home = { - privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; - address = ["10.225.191.4/24"]; - dns = ["192.168.30.131"]; - autostart = false; - mtu = 1412; - peers = [ - { - presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; - endpoint = "wg.kun.is:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = ["0.0.0.0/0"]; - } - ]; - }; + config = lib.mkIf cfg.enable { + networking = { + useDHCP = lib.mkDefault true; + networkmanager.unmanaged = ["tailscale0"]; - home-no-pihole = { - privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; - address = ["10.225.191.4/24"]; - dns = ["192.168.10.1"]; - autostart = false; - mtu = 1412; - peers = [ - { - presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; - endpoint = "wg.kun.is:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = ["0.0.0.0/0"]; - } - ]; + wg-quick.interfaces = { + home = { + privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; + address = ["10.225.191.4/24"]; + dns = ["192.168.30.131"]; + autostart = false; + mtu = 1412; + peers = [ + { + presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; + endpoint = "wg.kun.is:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = ["0.0.0.0/0"]; + } + ]; + }; + + home-no-pihole = { + privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; + address = ["10.225.191.4/24"]; + dns = ["192.168.10.1"]; + autostart = false; + mtu = 1412; + peers = [ + { + presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; + endpoint = "wg.kun.is:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = ["0.0.0.0/0"]; + } + ]; + }; }; }; - }; - sops.secrets = { - "wireguard/home/presharedKey" = {}; - "wireguard/home/privateKey" = {}; + sops.secrets = { + "wireguard/home/presharedKey" = {}; + "wireguard/home/privateKey" = {}; + }; }; }