diff --git a/config.nix b/config.nix index 72b397a..240a3e8 100644 --- a/config.nix +++ b/config.nix @@ -1,19 +1,18 @@ # Central Configuration # Define user-specific and system-specific values here # This file should be imported in flake.nix as specialArgs - { # User configuration username = "alice"; userEmail = "amaury.joly"; - + # System paths configFlakePath = /etc/nixos; - + # Timezone and locale timezone = "Europe/Paris"; locale = "fr_FR.UTF-8"; - + # Hostname hostname = "nixos"; } diff --git a/configuration-vmgaming.nix b/configuration-vmgaming.nix index 480da16..3c01ace 100644 --- a/configuration-vmgaming.nix +++ b/configuration-vmgaming.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { imports = [ ./hosts/vmgaming/configuration.nix @@ -24,7 +27,7 @@ }; boot.loader.efi.canTouchEfiVariables = false; - boot.blacklistedKernelModules = [ "nouveau" ]; + boot.blacklistedKernelModules = ["nouveau"]; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; @@ -49,7 +52,7 @@ # NVIDIA passthrough guest defaults. # If you pass through an AMD GPU instead, replace with: - services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { modesetting.enable = true; diff --git a/configuration.nix b/configuration.nix index c04b863..2910a86 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,10 +1,12 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ # Hardware configuration ./hosts/laptop/configuration.nix - + # NixOS base modules ./modules/nixos/base.nix ./modules/nixos/yubikey.nix @@ -12,7 +14,7 @@ ./modules/nixos/net.nix ./modules/nixos/wireless-networks.nix ./modules/nixos/parsec.nix - + # Laptop-specific modules ./modules/laptop/default.nix ./modules/laptop/fingerprint.nix @@ -20,7 +22,7 @@ ./modules/laptop/home-manager.nix ./modules/laptop/bluetooth.nix ./modules/laptop/zwift.nix - + # Optional feature modules (with options) ./modules/laptop/gaming.nix ./modules/laptop/virtualization.nix @@ -35,10 +37,10 @@ # Enable optional features via custom options custom.gaming.enable = true; custom.gaming.enableXpadneo = true; - + custom.virtualization.docker.enable = true; custom.virtualization.virtualbox.enable = true; - + custom.printing.enable = true; custom.printing.printers = [ { @@ -52,12 +54,12 @@ } ]; custom.printing.defaultPrinter = "TOSHIBA_5eme_Luminy"; - + custom.power.enable = true; custom.power.cpuGovernor = "powersave"; - + custom.bluetooth.enable = true; custom.bluetooth.powerOnBoot = true; - + custom.zwift.enable = true; } diff --git a/flake.lock b/flake.lock index 0fdadb7..bf0be7c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "claude-desktop": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764098187, - "narHash": "sha256-H6JjWXhKqxZ8QLMoqndZx9e5x0Sv5AiipSmqvIxIbgo=", - "owner": "k3d3", - "repo": "claude-desktop-linux-flake", - "rev": "b2b040cb68231d2118906507d9cc8fd181ca6308", - "type": "github" - }, - "original": { - "owner": "k3d3", - "repo": "claude-desktop-linux-flake", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -32,11 +9,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1773646590, - "narHash": "sha256-qwnecNC3DB0hSu6MvU27xh/Mg9uPbmmg7d1wBOtO7ds=", + "lastModified": 1774857716, + "narHash": "sha256-z05BKQ6F9/6H2/ecIYEXuq54JCUEiOpdYXTQIijB/wM=", "owner": "nix-community", "repo": "fenix", - "rev": "350a4df2afc34c1ae115173e0509cec7067a06c9", + "rev": "9ad9c53e902485e006c07ae54a7dd4ad55a8c4d8", "type": "github" }, "original": { @@ -88,11 +65,11 @@ ] }, "locked": { - "lastModified": 1774007980, - "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=", + "lastModified": 1775104157, + "narHash": "sha256-rm/7k0D2J9SP30pyZ2C1HqarDncZDN6KAUI0gzgg4TA=", "owner": "nix-community", "repo": "home-manager", - "rev": "9670de2921812bc4e0452f6e3efd8c859696c183", + "rev": "41e6e2ab37763c09db4e639033392cf40900440a", "type": "github" }, "original": { @@ -125,11 +102,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "type": "github" }, "original": { @@ -164,11 +141,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1773927313, - "narHash": "sha256-2XjQPMd79Z5hOS67rjCuDyiIW4I7XpBe/7yYRSyhA8k=", + "lastModified": 1774890105, + "narHash": "sha256-nrbMvz/M3Yidq9oag9A4E2yctUn+S07GN2zf1JLsRA0=", "owner": "FirelightFlagboy", "repo": "parsec-cloud-nix", - "rev": "b45bbf594b3031583c5b2c9609f6c5ebdc4df903", + "rev": "7f1f18378e63ad82d138c756a75e721d08d9a6a2", "type": "github" }, "original": { @@ -204,7 +181,6 @@ }, "root": { "inputs": { - "claude-desktop": "claude-desktop", "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs", @@ -216,11 +192,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1773543526, - "narHash": "sha256-CKmkYqUi2pI1uDGDfpK0mkZbRLyjUKCpYDU3eMHtmks=", + "lastModified": 1774787924, + "narHash": "sha256-Cbpmf0+1pqi/zbpub2vkp5lTPx3QdVtDkkagDwQzHHg=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "90c8906e6443e7cee18cece9c2621a8b1c10794c", + "rev": "f1297b21119565c626320c1ffc248965fffb2527", "type": "github" }, "original": { @@ -237,11 +213,11 @@ ] }, "locked": { - "lastModified": 1773889674, - "narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=", + "lastModified": 1774910634, + "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5", + "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301", "type": "github" }, "original": { @@ -322,11 +298,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1773655023, - "narHash": "sha256-89jAxVhDIm6nFTBX3eM53NjLm36egOXYJGoPDogN4iE=", + "lastModified": 1774885989, + "narHash": "sha256-BhBjT/jts56x+6GArrYHhGzg4TM7et+wAKknvJvGfK0=", "owner": "netbrain", "repo": "zwift", - "rev": "a015de248bac88a3eec734b6565a86e10214a486", + "rev": "2ed245f8f481e60709f9aa719e246ab5d61facd2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2c8b55b..1eba1f7 100644 --- a/flake.nix +++ b/flake.nix @@ -8,52 +8,52 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; - + parsec-cloud-nix = { url = "github:FirelightFlagboy/parsec-cloud-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - claude-desktop = { - url = "github:k3d3/claude-desktop-linux-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - zwift.url = "github:netbrain/zwift"; }; - - outputs = { self, nixpkgs, sops-nix, home-manager, zwift, flake-utils, parsec-cloud-nix, claude-desktop, ... }: - let - customConfig = import ./config.nix; - in - flake-utils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; - in { - }) // - { + + outputs = { + self, + nixpkgs, + sops-nix, + home-manager, + zwift, + flake-utils, + parsec-cloud-nix, + ... + }: let + customConfig = import ./config.nix; + in + flake-utils.lib.eachDefaultSystem (system: let + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; + in { + }) + // { nixosConfigurations.laptop = nixpkgs.lib.nixosSystem { modules = [ sops-nix.nixosModules.sops home-manager.nixosModules.home-manager zwift.nixosModules.zwift ./configuration.nix - ({ pkgs, lib, ...}: - { - environment.systemPackages = with pkgs; [ - claude-desktop.packages.${pkgs.stdenv.hostPlatform.system}.claude-desktop-with-fhs - ]; + ({ + pkgs, + lib, + ... + }: { }) ]; specialArgs = { inherit customConfig; parsec-cloud-nix = parsec-cloud-nix; - claude-desktop = claude-desktop; }; }; @@ -65,7 +65,6 @@ specialArgs = { inherit customConfig; parsec-cloud-nix = parsec-cloud-nix; - claude-desktop = claude-desktop; }; }; }; diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 5a6eb80..e3f93c2 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -1,40 +1,42 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/e9209e4f-94b4-45ef-bed6-9435c96ee864"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/e9209e4f-94b4-45ef-bed6-9435c96ee864"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E59B-B8FC"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E59B-B8FC"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/e8cd6918-bc63-4d24-b8eb-6a1170844a80"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/e8cd6918-bc63-4d24-b8eb-6a1170844a80";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/vmgaming/configuration.nix b/hosts/vmgaming/configuration.nix index db1478e..b7eb3bc 100644 --- a/hosts/vmgaming/configuration.nix +++ b/hosts/vmgaming/configuration.nix @@ -1,17 +1,20 @@ # Do not modify this file directly on every rebuild. It should contain host # specific hardware/VM configuration for VMGaming (Proxmox guest). -{ config, lib, modulesPath, ... }: - { + config, + lib, + modulesPath, + ... +}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ xone ]; - boot.kernelParams = [ "console=ttyS0,115200" ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = with config.boot.kernelPackages; [xone]; + boot.kernelParams = ["console=ttyS0,115200"]; services.getty.autologinUser = null; boot.extraModprobeConfig = '' @@ -27,10 +30,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/2919-0F27"; fsType = "vfat"; - # options = [ "fmask=0077" "dmask=0077" ]; + # options = [ "fmask=0077" "dmask=0077" ]; }; - swapDevices = [ ]; + swapDevices = []; networking.useDHCP = lib.mkDefault true; services.qemuGuest.enable = true; diff --git a/modules/laptop/bluetooth.nix b/modules/laptop/bluetooth.nix index 18b1e6d..ebc6fa1 100644 --- a/modules/laptop/bluetooth.nix +++ b/modules/laptop/bluetooth.nix @@ -1,13 +1,14 @@ # Module: Bluetooth Configuration # Description: Enables Bluetooth with dual controller mode and experimental features # Services: bluetooth, blueman (GUI manager) - -{ config, lib, ... }: - { + config, + lib, + ... +}: { options.custom.bluetooth = { enable = lib.mkEnableOption "Bluetooth support with blueman GUI"; - + powerOnBoot = lib.mkOption { type = lib.types.bool; default = true; @@ -30,4 +31,4 @@ }; services.blueman.enable = true; }; -} \ No newline at end of file +} diff --git a/modules/laptop/default.nix b/modules/laptop/default.nix index 6cb4cf6..a105245 100644 --- a/modules/laptop/default.nix +++ b/modules/laptop/default.nix @@ -3,16 +3,12 @@ # Services: sops-nix # Dependencies: sops-nix for secrets management # Note: Other laptop features (gaming, virtualization, etc.) are in separate modules - -{ customConfig, ... }: - -let +{customConfig, ...}: let userHome = "/home/${customConfig.username}"; -in -{ +in { sops.validateSopsFiles = false; sops.age.keyFile = "${userHome}/.config/sops/age/keys.txt"; - + # WiFi networks configuration - entire network list encrypted sops.secrets.wifi-networks = { path = "/run/secrets/wifi-networks.conf"; @@ -33,4 +29,4 @@ in }; services.xserver.xkb.layout = "fr"; -} \ No newline at end of file +} diff --git a/modules/laptop/fingerprint.nix b/modules/laptop/fingerprint.nix index 49fa588..f31f5a4 100644 --- a/modules/laptop/fingerprint.nix +++ b/modules/laptop/fingerprint.nix @@ -1,6 +1,4 @@ -{ pkgs, ... }: - -{ +{pkgs, ...}: { services.fprintd.enable = true; services.fprintd.tod.enable = true; services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a; diff --git a/modules/laptop/gaming.nix b/modules/laptop/gaming.nix index 7f31447..cadf873 100644 --- a/modules/laptop/gaming.nix +++ b/modules/laptop/gaming.nix @@ -1,13 +1,15 @@ # Module: Gaming Support # Description: Enables Steam and gamepad drivers (xpadneo for Xbox controllers) # Services: Steam, steam-hardware - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { options.custom.gaming = { enable = lib.mkEnableOption "gaming support (Steam, gamepad drivers)"; - + enableXpadneo = lib.mkOption { type = lib.types.bool; default = true; @@ -17,11 +19,11 @@ config = lib.mkIf config.custom.gaming.enable { hardware.steam-hardware.enable = true; - + programs.steam = { enable = true; }; - + boot.extraModulePackages = lib.mkIf config.custom.gaming.enableXpadneo [ pkgs.linuxPackages.xpadneo ]; diff --git a/modules/laptop/home-manager.nix b/modules/laptop/home-manager.nix index 063b43e..6e3c8e9 100644 --- a/modules/laptop/home-manager.nix +++ b/modules/laptop/home-manager.nix @@ -1,6 +1,8 @@ -{ lib, customConfig, ... }: - -let +{ + lib, + customConfig, + ... +}: let username = customConfig.username; dotconfigPath = ../../dotconfig; dotconfigEntries = lib.filterAttrs (name: _: !(lib.hasPrefix "." name)) (builtins.readDir dotconfigPath); @@ -15,8 +17,7 @@ let recursive = true; } ); -in -{ +in { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "hm-backup"; diff --git a/modules/laptop/power.nix b/modules/laptop/power.nix index 777b382..7cc24c1 100644 --- a/modules/laptop/power.nix +++ b/modules/laptop/power.nix @@ -1,13 +1,14 @@ # Module: Power Management # Description: CPU frequency governor and power management settings # Services: powerManagement - -{ config, lib, ... }: - { + config, + lib, + ... +}: { options.custom.power = { enable = lib.mkEnableOption "power management configuration"; - + cpuGovernor = lib.mkOption { type = lib.types.str; default = "powersave"; diff --git a/modules/laptop/printing.nix b/modules/laptop/printing.nix index 1273861..cf6a906 100644 --- a/modules/laptop/printing.nix +++ b/modules/laptop/printing.nix @@ -1,19 +1,20 @@ # Module: Printing Configuration # Description: CUPS printing service with configured printers # Services: printing (CUPS) - -{ config, lib, ... }: - { + config, + lib, + ... +}: { options.custom.printing = { enable = lib.mkEnableOption "printing support (CUPS)"; - + printers = lib.mkOption { type = lib.types.listOf lib.types.attrs; default = []; description = "List of printers to configure"; }; - + defaultPrinter = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; @@ -23,10 +24,11 @@ config = lib.mkIf config.custom.printing.enable { services.printing.enable = true; - + hardware.printers = lib.mkIf (config.custom.printing.printers != []) { ensurePrinters = config.custom.printing.printers; - ensureDefaultPrinter = lib.mkIf (config.custom.printing.defaultPrinter != null) + ensureDefaultPrinter = + lib.mkIf (config.custom.printing.defaultPrinter != null) config.custom.printing.defaultPrinter; }; }; diff --git a/modules/laptop/users.nix b/modules/laptop/users.nix index dd052bf..d02abf7 100644 --- a/modules/laptop/users.nix +++ b/modules/laptop/users.nix @@ -2,15 +2,16 @@ # Description: Defines the main user 'alice' with groups, permissions, and user packages # Packages: Browsers (Firefox), Office (LibreOffice), Development (VSCode, Git), # Media (VLC, Spotify), Communication (Slack, Thunderbird), and more - -{ pkgs, customConfig, ... }: - { + pkgs, + customConfig, + ... +}: { users.users."${customConfig.username}" = { isNormalUser = true; home = "/home/${customConfig.username}"; # Base groups - docker/vboxusers are added by virtualization.nix if enabled - extraGroups = [ "wheel" "audio" "dialout" "plugdev" ]; + extraGroups = ["wheel" "audio" "dialout" "plugdev"]; packages = with pkgs; [ # Browsers & Web firefox @@ -30,6 +31,8 @@ tcpdump pandoc libsecret + nixd + alejandra # Communication slack @@ -43,10 +46,10 @@ pympress # Gaming & Entertainment - prismlauncher # Minecraft launcher - widelands # Strategy game - wasistlos # Game - moonlight-qt # Game streaming + prismlauncher # Minecraft launcher + # widelands # Strategy game + wasistlos # Game + moonlight-qt # Game streaming # System & Cloud rclone @@ -57,7 +60,7 @@ age ]; - openssh.authorizedKeys.keys = [ + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCMzLza+1iFSUgZaPzEwpRNW/CvcsbXh8vJ9RevwFntNZdZIVc/j5OLRy+GOojlZdar070PkKDO+Pmtqu1uQ4XE+onqmsxom5JGyYaSScB3l33CLL2jBT7mBqBOVDuTBj3ACLT8fS1eUolI7erShvIH9VUvrg83bZ2CvgA/DjJLHfVCpvx9EsG0Q00k27LNU7yXga8sjK1YikA+o1bKTWavCGOWkZMFXOVeEDR+arOQ440s6f6eg7C+30V02ijRLA6pWFAkj2/fMaD+44IPMVjOj96vvPUJrlL1N7BDPxBlj1rrB35+pUkpVIN4B0etqnkrJIV+IxtmSpkNHr52Y7nkTu3mOWn1P0DcOdR5OA8JZRbSkbL/QW4GzFWs3eN7CMOMwKQdO+1J/wL4U7qrmKEYwcNaprqlDF0SIPp0+l/VWNMe6uK0r5iZwp355PUSR+Zc5skf74wMsZ1LokUlihdI+E6TNGvmDgjqKx6OrI3dyP/eW7xtR7KvbdoaUjy8AE8= alice@nixos" ]; }; diff --git a/modules/laptop/virtualization.nix b/modules/laptop/virtualization.nix index 91c2a1d..27fbd61 100644 --- a/modules/laptop/virtualization.nix +++ b/modules/laptop/virtualization.nix @@ -1,21 +1,24 @@ # Module: Virtualization # Description: Docker and VirtualBox virtualization support # Services: Docker daemon, VirtualBox - -{ config, lib, pkgs, customConfig, ... }: - { + config, + lib, + pkgs, + customConfig, + ... +}: { options.custom.virtualization = { docker = { enable = lib.mkEnableOption "Docker container runtime"; - + dnsServers = lib.mkOption { type = lib.types.listOf lib.types.str; - default = [ "172.17.0.1" ]; + default = ["172.17.0.1"]; description = "DNS servers for Docker containers (points to dnscrypt-proxy)"; }; }; - + virtualbox = { enable = lib.mkEnableOption "VirtualBox virtualization"; }; @@ -30,13 +33,13 @@ dns = config.custom.virtualization.docker.dnsServers; }; }; - - users.users."${customConfig.username}".extraGroups = [ "docker" ]; + + users.users."${customConfig.username}".extraGroups = ["docker"]; }) - + (lib.mkIf config.custom.virtualization.virtualbox.enable { virtualisation.virtualbox.host.enable = true; - users.users."${customConfig.username}".extraGroups = [ "vboxusers" ]; + users.users."${customConfig.username}".extraGroups = ["vboxusers"]; }) ]; } diff --git a/modules/laptop/zwift.nix b/modules/laptop/zwift.nix index b6c0f9a..dc5f507 100644 --- a/modules/laptop/zwift.nix +++ b/modules/laptop/zwift.nix @@ -2,10 +2,13 @@ # Description: Configures Zwift cycling simulator via Docker with proper networking # Services: Zwift Docker container # Ports: UDP 3022, 3024 / TCP 21587, 21588 - -{ config, lib, pkgs, customConfig, ... }: - { + config, + lib, + pkgs, + customConfig, + ... +}: { options.custom.zwift = { enable = lib.mkEnableOption "Zwift cycling simulator"; }; @@ -14,7 +17,7 @@ programs.zwift = { enable = true; image = "docker.io/netbrain/zwift"; - version = "latest"; # FIXME: Pin to specific version for reproducibility + version = "latest"; # FIXME: Pin to specific version for reproducibility containerTool = "docker"; zwiftWorkoutDir = "/var/lib/zwift/workouts"; zwiftActivityDir = "/var/lib/zwift/activities"; @@ -28,8 +31,8 @@ }; networking.firewall = { - allowedUDPPorts = [ 3022 3024 ]; - allowedTCPPorts = [ 21587 21588 ]; + allowedUDPPorts = [3022 3024]; + allowedTCPPorts = [21587 21588]; }; }; } diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix index 5c6b979..31ac57b 100644 --- a/modules/nixos/base.nix +++ b/modules/nixos/base.nix @@ -2,12 +2,13 @@ # Description: Core NixOS configuration with Nix settings, base packages, fonts, # localization (FR), Fish shell, and security (GPG) # Services: gvfs, udisks2, gnupg-agent - -{ pkgs, customConfig, ... }: - { + pkgs, + customConfig, + ... +}: { nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = ["nix-command" "flakes"]; substituters = [ "https://cache.nixos.org/" "https://parsec-cloud.cachix.org" @@ -65,4 +66,4 @@ # WARNING: DO NOT CHANGE this value after installation! # See: https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion system.stateVersion = "24.05"; -} \ No newline at end of file +} diff --git a/modules/nixos/desktop-i3.nix b/modules/nixos/desktop-i3.nix index e7c1b0b..0fe19fd 100644 --- a/modules/nixos/desktop-i3.nix +++ b/modules/nixos/desktop-i3.nix @@ -2,17 +2,13 @@ # Description: Enables X11 with i3 window manager and associated desktop tools # Services: xserver with i3 # Packages: alacritty (terminal), tint2 (panel), rofi (launcher), i3lock, dunst - -{ pkgs, ... }: - -let +{pkgs, ...}: let updatescreen = pkgs.writeShellScript "updatescreens.sh" '' #!/bin/sh i3-msg restart feh --bg-fill --no-xinerama Downloads/fire1.png ''; -in -{ +in { services.xserver.enable = true; services.xserver.windowManager.i3.enable = true; services.xserver.autorun = true; @@ -95,4 +91,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/nixos/net.nix b/modules/nixos/net.nix index 63bb8a3..6c5c28e 100644 --- a/modules/nixos/net.nix +++ b/modules/nixos/net.nix @@ -3,14 +3,17 @@ # configuration via wpa_supplicant, and hostname settings # Services: dnscrypt-proxy (primary + backup), wpa_supplicant # Security: WiFi credentials stored via sops-nix secrets - -{ config, lib, pkgs, customConfig, ... }: - -let +{ + config, + lib, + pkgs, + customConfig, + ... +}: let backupToml = pkgs.writeText "dnscrypt-proxy-backup.toml" '' listen_addresses = ["127.0.0.2:53"] server_names = ["dns0-eu"] - + [sources.public-resolvers] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md'] cache_file = '/var/lib/dnscrypt-proxy-backup/public-resolvers.md' @@ -19,17 +22,15 @@ let ''; userHome = "/home/${customConfig.username}"; -in - -{ +in { networking.nftables.enable = true; networking.firewall = { enable = true; allowPing = true; # allowedTCPPorts = [ ... ]; # keep closed by default interfaces.docker0 = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [53]; + allowedTCPPorts = [53]; }; }; @@ -49,16 +50,22 @@ in # systemd.services.wpa_supplicant.after = [ "sops-install-secrets.service" ]; # systemd.services.wpa_supplicant.requires = [ "sops-install-secrets.service" ]; - + # You can also define networks in Nix if you prefer (less secure - names visible): # networking.wireless.networks = { ... }; networking.interfaces.lo.ipv4.addresses = [ - { address = "127.0.0.1"; prefixLength = 8; } - { address = "127.0.0.2"; prefixLength = 8; } + { + address = "127.0.0.1"; + prefixLength = 8; + } + { + address = "127.0.0.2"; + prefixLength = 8; + } ]; - networking.nameservers = [ "127.0.0.1" "127.0.0.2" ]; + networking.nameservers = ["127.0.0.1" "127.0.0.2"]; # networking.networkmanager.dns = "none"; services.resolved.enable = false; @@ -66,12 +73,12 @@ in services.dnscrypt-proxy = { enable = true; settings = { - listen_addresses = [ "127.0.0.1:53" "172.17.0.1:53" ]; - server_names = [ "amaury" ]; + listen_addresses = ["127.0.0.1:53" "172.17.0.1:53"]; + server_names = ["amaury"]; bootstrap_resolvers = []; sources = {}; static = { - "amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk"; + "amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk"; }; cache = true; ignore_system_dns = true; @@ -81,8 +88,8 @@ in systemd.services."dnscrypt-proxy-backup" = { description = "dnscrypt-proxy backup (dns0-eu)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy -config ${backupToml}"; Restart = "on-failure"; @@ -95,4 +102,4 @@ in systemd.services.dnscrypt-proxy.serviceConfig = { StateDirectory = "dnscrypt-proxy"; }; -} \ No newline at end of file +} diff --git a/modules/nixos/parsec.nix b/modules/nixos/parsec.nix index 9736b82..1043e58 100644 --- a/modules/nixos/parsec.nix +++ b/modules/nixos/parsec.nix @@ -2,10 +2,11 @@ # Description: Installs Parsec Cloud client (v3) with CLI and GUI # Dependencies: parsec-cloud-nix flake input # Note: Requires increased Node.js heap size during build (workaround) - -{ pkgs, parsec-cloud-nix, ... }: - -let +{ + pkgs, + parsec-cloud-nix, + ... +}: let pc = parsec-cloud-nix.packages.${pkgs.stdenv.hostPlatform.system}; # WORKAROUND: Parsec build runs out of memory without increased heap size @@ -19,8 +20,7 @@ let }; parsecCli = pc.parsec-cloud.v3.cli; -in -{ +in { environment.systemPackages = [ parsecClientPatched parsecCli diff --git a/modules/nixos/wireless-networks.nix b/modules/nixos/wireless-networks.nix index 9f2f8ff..505505e 100644 --- a/modules/nixos/wireless-networks.nix +++ b/modules/nixos/wireless-networks.nix @@ -3,14 +3,16 @@ # Security: Network names, SSIDs, and all configuration stored in encrypted secrets # Files: ~/.config/secrets/wifi-networks.yaml (encrypted with sops) # Note: The actual networks are loaded at runtime from the encrypted file - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { # WiFi networks are loaded from encrypted file at runtime # The file is in wpa_supplicant.conf format and gets included by wpa_supplicant # This approach keeps network names and configuration completely private - + # Note: If wifi-networks secret doesn't exist yet, this won't cause errors # You can still use the old method (networking.wireless.networks in Nix) if needed } diff --git a/modules/nixos/yubikey.nix b/modules/nixos/yubikey.nix index ed35506..046b22a 100644 --- a/modules/nixos/yubikey.nix +++ b/modules/nixos/yubikey.nix @@ -1,13 +1,10 @@ # Module: YubiKey Authentication # Description: Enables YubiKey-based PAM auth for login and sudo across systems - -{ pkgs, ... }: - -{ +{pkgs, ...}: { security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; }; - services.udev.packages = [ pkgs.yubikey-personalization ]; + services.udev.packages = [pkgs.yubikey-personalization]; }