amaury_joly/nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reformat

Browse Source
This commit is contained in:
Amaury JOLY
2026-04-02 14:10:16 +02:00
parent 6c9ba6ea88
commit 6105c58cda
23 changed files with 230 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/laptop/bluetooth.nix
View File

@@ -1,13 +1,14 @@
# Module: Bluetooth Configuration
# Description: Enables Bluetooth with dual controller mode and experimental features
# Services: bluetooth, blueman (GUI manager)
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.bluetooth = {
enable = lib.mkEnableOption "Bluetooth support with blueman GUI";
powerOnBoot = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -30,4 +31,4 @@
};
services.blueman.enable = true;
};
}
}

12
modules/laptop/default.nix
View File

@@ -3,16 +3,12 @@
# Services: sops-nix
# Dependencies: sops-nix for secrets management
# Note: Other laptop features (gaming, virtualization, etc.) are in separate modules
{ customConfig, ... }:
let
{customConfig, ...}: let
userHome = "/home/${customConfig.username}";
in
{
in {
sops.validateSopsFiles = false;
sops.age.keyFile = "${userHome}/.config/sops/age/keys.txt";
# WiFi networks configuration - entire network list encrypted
sops.secrets.wifi-networks = {
path = "/run/secrets/wifi-networks.conf";
@@ -33,4 +29,4 @@ in
};
services.xserver.xkb.layout = "fr";
}
}

4
modules/laptop/fingerprint.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
services.fprintd.enable = true;
services.fprintd.tod.enable = true;
services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a;

14
modules/laptop/gaming.nix
View File

@@ -1,13 +1,15 @@
# Module: Gaming Support
# Description: Enables Steam and gamepad drivers (xpadneo for Xbox controllers)
# Services: Steam, steam-hardware
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
options.custom.gaming = {
enable = lib.mkEnableOption "gaming support (Steam, gamepad drivers)";
enableXpadneo = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -17,11 +19,11 @@
config = lib.mkIf config.custom.gaming.enable {
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
};
boot.extraModulePackages = lib.mkIf config.custom.gaming.enableXpadneo [
pkgs.linuxPackages.xpadneo
];

11
modules/laptop/home-manager.nix
View File

@@ -1,6 +1,8 @@
{ lib, customConfig, ... }:
let
{
lib,
customConfig,
...
}: let
username = customConfig.username;
dotconfigPath = ../../dotconfig;
dotconfigEntries = lib.filterAttrs (name: _: !(lib.hasPrefix "." name)) (builtins.readDir dotconfigPath);
@@ -15,8 +17,7 @@ let
recursive = true;
}
);
in
{
in {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hm-backup";

9
modules/laptop/power.nix
View File

@@ -1,13 +1,14 @@
# Module: Power Management
# Description: CPU frequency governor and power management settings
# Services: powerManagement
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.power = {
enable = lib.mkEnableOption "power management configuration";
cpuGovernor = lib.mkOption {
type = lib.types.str;
default = "powersave";

16
modules/laptop/printing.nix
View File

@@ -1,19 +1,20 @@
# Module: Printing Configuration
# Description: CUPS printing service with configured printers
# Services: printing (CUPS)
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.printing = {
enable = lib.mkEnableOption "printing support (CUPS)";
printers = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
description = "List of printers to configure";
};
defaultPrinter = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
@@ -23,10 +24,11 @@
config = lib.mkIf config.custom.printing.enable {
services.printing.enable = true;
hardware.printers = lib.mkIf (config.custom.printing.printers != []) {
ensurePrinters = config.custom.printing.printers;
ensureDefaultPrinter = lib.mkIf (config.custom.printing.defaultPrinter != null)
ensureDefaultPrinter =
lib.mkIf (config.custom.printing.defaultPrinter != null)
config.custom.printing.defaultPrinter;
};
};

21
modules/laptop/users.nix
View File

@@ -2,15 +2,16 @@
# Description: Defines the main user 'alice' with groups, permissions, and user packages
# Packages: Browsers (Firefox), Office (LibreOffice), Development (VSCode, Git),
# Media (VLC, Spotify), Communication (Slack, Thunderbird), and more
{ pkgs, customConfig, ... }:
{
pkgs,
customConfig,
...
}: {
users.users."${customConfig.username}" = {
isNormalUser = true;
home = "/home/${customConfig.username}";
# Base groups - docker/vboxusers are added by virtualization.nix if enabled
extraGroups = [ "wheel" "audio" "dialout" "plugdev" ];
extraGroups = ["wheel" "audio" "dialout" "plugdev"];
packages = with pkgs; [
# Browsers & Web
firefox
@@ -30,6 +31,8 @@
tcpdump
pandoc
libsecret
nixd
alejandra
# Communication
slack
@@ -43,10 +46,10 @@
pympress
# Gaming & Entertainment
prismlauncher # Minecraft launcher
widelands # Strategy game
wasistlos # Game
moonlight-qt # Game streaming
prismlauncher # Minecraft launcher
# widelands # Strategy game
wasistlos # Game
moonlight-qt # Game streaming
# System & Cloud
rclone
@@ -57,7 +60,7 @@
age
];
openssh.authorizedKeys.keys = [
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCMzLza+1iFSUgZaPzEwpRNW/CvcsbXh8vJ9RevwFntNZdZIVc/j5OLRy+GOojlZdar070PkKDO+Pmtqu1uQ4XE+onqmsxom5JGyYaSScB3l33CLL2jBT7mBqBOVDuTBj3ACLT8fS1eUolI7erShvIH9VUvrg83bZ2CvgA/DjJLHfVCpvx9EsG0Q00k27LNU7yXga8sjK1YikA+o1bKTWavCGOWkZMFXOVeEDR+arOQ440s6f6eg7C+30V02ijRLA6pWFAkj2/fMaD+44IPMVjOj96vvPUJrlL1N7BDPxBlj1rrB35+pUkpVIN4B0etqnkrJIV+IxtmSpkNHr52Y7nkTu3mOWn1P0DcOdR5OA8JZRbSkbL/QW4GzFWs3eN7CMOMwKQdO+1J/wL4U7qrmKEYwcNaprqlDF0SIPp0+l/VWNMe6uK0r5iZwp355PUSR+Zc5skf74wMsZ1LokUlihdI+E6TNGvmDgjqKx6OrI3dyP/eW7xtR7KvbdoaUjy8AE8= alice@nixos"
];
};

23
modules/laptop/virtualization.nix
View File

@@ -1,21 +1,24 @@
# Module: Virtualization
# Description: Docker and VirtualBox virtualization support
# Services: Docker daemon, VirtualBox
{ config, lib, pkgs, customConfig, ... }:
{
config,
lib,
pkgs,
customConfig,
...
}: {
options.custom.virtualization = {
docker = {
enable = lib.mkEnableOption "Docker container runtime";
dnsServers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "172.17.0.1" ];
default = ["172.17.0.1"];
description = "DNS servers for Docker containers (points to dnscrypt-proxy)";
};
};
virtualbox = {
enable = lib.mkEnableOption "VirtualBox virtualization";
};
@@ -30,13 +33,13 @@
dns = config.custom.virtualization.docker.dnsServers;
};
};
users.users."${customConfig.username}".extraGroups = [ "docker" ];
users.users."${customConfig.username}".extraGroups = ["docker"];
})
(lib.mkIf config.custom.virtualization.virtualbox.enable {
virtualisation.virtualbox.host.enable = true;
users.users."${customConfig.username}".extraGroups = [ "vboxusers" ];
users.users."${customConfig.username}".extraGroups = ["vboxusers"];
})
];
}

15
modules/laptop/zwift.nix
View File

@@ -2,10 +2,13 @@
# Description: Configures Zwift cycling simulator via Docker with proper networking
# Services: Zwift Docker container
# Ports: UDP 3022, 3024 / TCP 21587, 21588
{ config, lib, pkgs, customConfig, ... }:
{
config,
lib,
pkgs,
customConfig,
...
}: {
options.custom.zwift = {
enable = lib.mkEnableOption "Zwift cycling simulator";
};
@@ -14,7 +17,7 @@
programs.zwift = {
enable = true;
image = "docker.io/netbrain/zwift";
version = "latest"; # FIXME: Pin to specific version for reproducibility
version = "latest"; # FIXME: Pin to specific version for reproducibility
containerTool = "docker";
zwiftWorkoutDir = "/var/lib/zwift/workouts";
zwiftActivityDir = "/var/lib/zwift/activities";
@@ -28,8 +31,8 @@
};
networking.firewall = {
allowedUDPPorts = [ 3022 3024 ];
allowedTCPPorts = [ 21587 21588 ];
allowedUDPPorts = [3022 3024];
allowedTCPPorts = [21587 21588];
};
};
}

11
modules/nixos/base.nix
View File

@@ -2,12 +2,13 @@
# Description: Core NixOS configuration with Nix settings, base packages, fonts,
# localization (FR), Fish shell, and security (GPG)
# Services: gvfs, udisks2, gnupg-agent
{ pkgs, customConfig, ... }:
{
pkgs,
customConfig,
...
}: {
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.nixos.org/"
"https://parsec-cloud.cachix.org"
@@ -65,4 +66,4 @@
# WARNING: DO NOT CHANGE this value after installation!
# See: https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion
system.stateVersion = "24.05";
}
}

10
modules/nixos/desktop-i3.nix
View File

@@ -2,17 +2,13 @@
# Description: Enables X11 with i3 window manager and associated desktop tools
# Services: xserver with i3
# Packages: alacritty (terminal), tint2 (panel), rofi (launcher), i3lock, dunst
{ pkgs, ... }:
let
{pkgs, ...}: let
updatescreen = pkgs.writeShellScript "updatescreens.sh" ''
#!/bin/sh
i3-msg restart
feh --bg-fill --no-xinerama Downloads/fire1.png
'';
in
{
in {
services.xserver.enable = true;
services.xserver.windowManager.i3.enable = true;
services.xserver.autorun = true;
@@ -95,4 +91,4 @@ in
};
};
};
}
}

47
modules/nixos/net.nix
View File

@@ -3,14 +3,17 @@
# configuration via wpa_supplicant, and hostname settings
# Services: dnscrypt-proxy (primary + backup), wpa_supplicant
# Security: WiFi credentials stored via sops-nix secrets
{ config, lib, pkgs, customConfig, ... }:
let
{
config,
lib,
pkgs,
customConfig,
...
}: let
backupToml = pkgs.writeText "dnscrypt-proxy-backup.toml" ''
listen_addresses = ["127.0.0.2:53"]
server_names = ["dns0-eu"]
[sources.public-resolvers]
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md']
cache_file = '/var/lib/dnscrypt-proxy-backup/public-resolvers.md'
@@ -19,17 +22,15 @@ let
'';
userHome = "/home/${customConfig.username}";
in
{
in {
networking.nftables.enable = true;
networking.firewall = {
enable = true;
allowPing = true;
# allowedTCPPorts = [ ... ]; # keep closed by default
interfaces.docker0 = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [53];
allowedTCPPorts = [53];
};
};
@@ -49,16 +50,22 @@ in
# systemd.services.wpa_supplicant.after = [ "sops-install-secrets.service" ];
# systemd.services.wpa_supplicant.requires = [ "sops-install-secrets.service" ];
# You can also define networks in Nix if you prefer (less secure - names visible):
# networking.wireless.networks = { ... };
networking.interfaces.lo.ipv4.addresses = [
{ address = "127.0.0.1"; prefixLength = 8; }
{ address = "127.0.0.2"; prefixLength = 8; }
{
address = "127.0.0.1";
prefixLength = 8;
}
{
address = "127.0.0.2";
prefixLength = 8;
}
];
networking.nameservers = [ "127.0.0.1" "127.0.0.2" ];
networking.nameservers = ["127.0.0.1" "127.0.0.2"];
# networking.networkmanager.dns = "none";
services.resolved.enable = false;
@@ -66,12 +73,12 @@ in
services.dnscrypt-proxy = {
enable = true;
settings = {
listen_addresses = [ "127.0.0.1:53" "172.17.0.1:53" ];
server_names = [ "amaury" ];
listen_addresses = ["127.0.0.1:53" "172.17.0.1:53"];
server_names = ["amaury"];
bootstrap_resolvers = [];
sources = {};
static = {
"amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk";
"amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk";
};
cache = true;
ignore_system_dns = true;
@@ -81,8 +88,8 @@ in
systemd.services."dnscrypt-proxy-backup" = {
description = "dnscrypt-proxy backup (dns0-eu)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy -config ${backupToml}";
Restart = "on-failure";
@@ -95,4 +102,4 @@ in
systemd.services.dnscrypt-proxy.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}
}

12
modules/nixos/parsec.nix
View File

@@ -2,10 +2,11 @@
# Description: Installs Parsec Cloud client (v3) with CLI and GUI
# Dependencies: parsec-cloud-nix flake input
# Note: Requires increased Node.js heap size during build (workaround)
{ pkgs, parsec-cloud-nix, ... }:
let
{
pkgs,
parsec-cloud-nix,
...
}: let
pc = parsec-cloud-nix.packages.${pkgs.stdenv.hostPlatform.system};
# WORKAROUND: Parsec build runs out of memory without increased heap size
@@ -19,8 +20,7 @@ let
};
parsecCli = pc.parsec-cloud.v3.cli;
in
{
in {
environment.systemPackages = [
parsecClientPatched
parsecCli

10
modules/nixos/wireless-networks.nix
View File

@@ -3,14 +3,16 @@
# Security: Network names, SSIDs, and all configuration stored in encrypted secrets
# Files: ~/.config/secrets/wifi-networks.yaml (encrypted with sops)
# Note: The actual networks are loaded at runtime from the encrypted file
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
# WiFi networks are loaded from encrypted file at runtime
# The file is in wpa_supplicant.conf format and gets included by wpa_supplicant
# This approach keeps network names and configuration completely private
# Note: If wifi-networks secret doesn't exist yet, this won't cause errors
# You can still use the old method (networking.wireless.networks in Nix) if needed
}

7
modules/nixos/yubikey.nix
View File

@@ -1,13 +1,10 @@
# Module: YubiKey Authentication
# Description: Enables YubiKey-based PAM auth for login and sudo across systems
{ pkgs, ... }:
{
{pkgs, ...}: {
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.udev.packages = [ pkgs.yubikey-personalization ];
services.udev.packages = [pkgs.yubikey-personalization];
}