unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: unexplrd:02a8c645e9797a10f2df781927d8a2d8579c48ab
Branches Tags
unexplrd:main
..
compare: unexplrd:686e36b1447063d552c4d22c3c278b580787a400
Branches Tags
unexplrd:main

2 Commits
02a8c645e9 ... 686e36b144

Author SHA1 Message Date
unexplrd
686e36b144 niri/services/kanshi: some more config 
Signed-off-by: unexplrd <unexplrd@linerds.us>
 2025-06-17 14:10:55 +03:00
unexplrd
0bdff5ef5b restructure 
Signed-off-by: unexplrd <unexplrd@linerds.us>
 2025-06-17 14:10:55 +03:00
38 changed files with 242 additions and 229 deletions
Expand all files Collapse all files

8
hosts/dunamis/users/user/home-configuration.nix
View File

@ -1,7 +1 @@
{
imports = [
./common.nix
./flatpak.nix
./programs.nix
];
}
{flake, ...}: {imports = [flake.modules.shared.user];}

8
hosts/eldrid/users/user/home-configuration.nix
View File

@ -1,7 +1 @@
{lib, ...}: {
imports = [
../../../dunamis/users/user/common.nix
../../../dunamis/users/user/programs.nix
../../../dunamis/users/user/flatpak.nix
];
}
{flake, ...}: {imports = [flake.modules.shared.user];}

8
hosts/legion/users/user/home-configuration.nix
View File

@ -1,7 +1 @@
{
imports = [
../../../dunamis/users/user/common.nix
../../../dunamis/users/user/flatpak.nix
../../../dunamis/users/user/programs.nix
];
}
{flake, ...}: {imports = [flake.modules.shared.user];}

11
hosts/morphius/users/user/home-configuration.nix
View File

@ -1,10 +1 @@
{lib, ...}: {
imports = [
../../../dunamis/users/user/common.nix
../../../dunamis/users/user/programs.nix
../../../dunamis/users/user/flatpak.nix
];
systemd.user.settings.Manager.DefaultEnvironment = {
TERMINAL = lib.mkForce "ghostty";
};
}
{flake, ...}: {imports = [flake.modules.shared.user];}

2
hosts/sarien/configuration.nix
View File

@ -7,7 +7,7 @@
imports = with inputs; [
self.nixosModules.desktop
self.nixosModules.system
self.nixosModules.shared
self.modules.shared.nixos
./disko
./hardware
./misc

8
hosts/sarien/users/user/home-configuration.nix
View File

@ -1,7 +1 @@
{
imports = [
../../../dunamis/users/user/common.nix
../../../dunamis/users/user/programs.nix
../../../dunamis/users/user/flatpak.nix
];
}
{flake, ...}: {imports = [flake.modules.shared.user];}

110
modules/home/desktop/niri/services/kanshi/default.nix
View File

@ -1,18 +1,25 @@
{
enable = true;
settings = [
settings = let
main = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
second = "Samsung Electric Company S24R65x H4TMA03291";
builtin = {
eldrid = "Chimei Innolux Corporation 0x1406 Unknown";
sarien = "LG Display 0x068B Unknown";
# morphius =;
};
in [
{
output = {
criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
criteria = main;
position = "0,0";
scale = 1.33;
scale = 4.0 / 3.0;
adaptiveSync = true;
};
}
{
# eldrid built-in
output = {
criteria = "Chimei Innolux Corporation 0x1406 Unknown";
criteria = builtin.eldrid;
position = "0,0";
scale = 1.2;
# adaptiveSync = true;
@ -20,7 +27,15 @@
}
{
output = {
criteria = "Samsung Electric Company S24R65x H4TMA03291";
criteria = builtin.sarien;
position = "0,0";
scale = 1.25;
# adaptiveSync = true;
};
}
{
output = {
criteria = second;
mode = "1920x1080@74.973";
position = "1920,0";
transform = "90";
@ -28,39 +43,64 @@
};
}
{
profile.name = "desktop";
profile.outputs = [
{
criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
}
{
criteria = "Samsung Electric Company S24R65x H4TMA03291";
}
];
profile = {
name = "dunamis";
outputs = [{criteria = main;} {criteria = second;}];
};
}
{
profile.name = "eldrid-docked";
profile.outputs = [
{
criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
position = "0,0";
}
{
# some scaling quirks
criteria = "Chimei Innolux Corporation 0x1406 Unknown";
position = "1933,0";
}
];
profile = {
name = "eldrid-docked";
outputs = [
{
criteria = main;
position = "0,0";
scale = 4.0 / 3.0;
}
{
criteria = builtin.eldrid;
position = "1920,0";
}
];
};
}
{
profile.name = "eldrid-undocked";
profile.outputs = [
{
criteria = "Chimei Innolux Corporation 0x1406 Unknown";
position = "0,0";
}
];
profile = {
name = "eldrid-undocked";
outputs = [
{
criteria = builtin.eldrid;
position = "0,0";
}
];
};
}
{
profile = {
name = "sarien-docked";
outputs = [
{
criteria = main;
position = "0,0";
scale = 4.0 / 3.0;
}
{
criteria = builtin.sarien;
position = "1920,0";
}
];
};
}
{
profile = {
name = "sarien-undocked";
outputs = [
{
criteria = builtin.sarien;
position = "0,0";
}
];
};
}
];
}

0
modules/nixos/desktop/cosmic.nix → modules/nixos/desktop/cosmic/default.nix
View File

10
modules/nixos/desktop/default.nix
View File

@ -1,10 +1,10 @@
{
imports = [
./common
./cosmic.nix
./gnome.nix
./hyprland.nix
./niri.nix
./plasma.nix
./cosmic
./gnome
./hyprland
./niri
./plasma
];
}

0
modules/nixos/desktop/gnome.nix → modules/nixos/desktop/gnome/default.nix
View File

0
modules/nixos/desktop/hyprland.nix → modules/nixos/desktop/hyprland/default.nix
View File

0
modules/nixos/desktop/niri.nix → modules/nixos/desktop/niri/default.nix
View File

3
modules/nixos/desktop/plasma.nix → modules/nixos/desktop/plasma/default.nix
View File

@ -7,9 +7,6 @@
with lib; let
cfg = config.desktop.plasma;
in {
imports = [
./common/pipewire.nix
];
options = {
desktop.plasma = {
enable = mkEnableOption "enable plasma desktop";

119
modules/nixos/shared/security/default.nix
View File

@ -1,119 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkDefault;
in {
security = {
sudo.enable = false;
# doas.enable = true;
sudo-rs = {
enable = true;
execWheelOnly = true;
};
polkit.enable = true;
polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("users")
&& (
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
)
)
{
return polkit.Result.YES;
}
});
'';
apparmor.enable = mkDefault true;
pam.sshAgentAuth.enable = true;
};
environment.systemPackages = with pkgs; [
(mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
];
services.dbus = {
apparmor = "enabled";
implementation = "broker";
};
services.ntpd-rs = {
enable = true;
#settings = {
# server = {
# require-nts = true;
# };
#};
};
boot.kernel.sysctl = {
"dev.tty.ldisc_autoload" = 0;
"fs.protected_fifos" = 2;
"fs.protected_regular" = 2;
"fs.suid_dumpable" = 0;
"kernel.kptr_restrict" = 2;
"kernel_kexec_load_disabled" = 1;
# "kernel.modules_disabled" = 1;
"kernel.sysrq" = 0;
"kernel.unprivileged_bpf_disabled" = 1;
"net.ipv4.conf.all.forwarding" = 0;
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.default.log_martians" = 1;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
};
boot.kernelParams = [
"amd_iommu=force_isolation"
"debugfs=off"
"efi=disable_early_pci_dma"
"gather_data_sampling=force"
"intel_iommu=on"
"iommu.passthrough=0"
"iommu.strict=1"
"iommu=force"
"page_alloc.shuffle=1"
"vsyscall=none"
# "ia32_emulation=0"
# "lockdown=confidentiality"
# "module.sig_enforce=1"
];
boot.blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"netrom"
"rose"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
];
nix.settings.allowed-users = mkDefault ["@users"];
}

0
modules/nixos/shared/boot/default.nix → modules/shared/nixos/boot/default.nix
View File

0
modules/nixos/shared/boot/lanzaboote.nix → modules/shared/nixos/boot/lanzaboote.nix
View File

0
modules/nixos/shared/boot/loader.nix → modules/shared/nixos/boot/loader.nix
View File

21
modules/nixos/shared/default.nix → modules/shared/nixos/default.nix
View File

@ -44,15 +44,18 @@ in {
keyboards = {
internal = {
ids = ["0001:0001" "048d:c101"];
settings.main = {
a = "lettermod(alt, a, 200, 150)";
s = "lettermod(meta, s, 200, 150)";
d = "lettermod(control, d, 200, 150)";
f = "lettermod(shift, f, 200, 150)";
j = "lettermod(shift, j, 200, 150)";
k = "lettermod(control, k, 200, 150)";
l = "lettermod(meta, l, 200, 150)";
";" = "lettermod(alt, ;, 200, 150)";
settings.main = let
idleTimeout = toString 200;
holdTimeout = toString 150;
in {
a = "lettermod(alt, a, ${idleTimeout}, ${holdTimeout})";
s = "lettermod(meta, s, ${idleTimeout}, ${holdTimeout})";
d = "lettermod(control, d, ${idleTimeout}, ${holdTimeout})";
f = "lettermod(shift, f, ${idleTimeout}, ${holdTimeout})";
j = "lettermod(shift, j, ${idleTimeout}, ${holdTimeout})";
k = "lettermod(control, k, ${idleTimeout}, ${holdTimeout})";
l = "lettermod(meta, l, ${idleTimeout}, ${holdTimeout})";
";" = "lettermod(alt, ;, ${idleTimeout}, ${holdTimeout})";
};
};
};

0
modules/nixos/shared/hardware/default.nix → modules/shared/nixos/hardware/default.nix
View File

0
modules/nixos/shared/hardware/facter.nix → modules/shared/nixos/hardware/facter.nix
View File

0
modules/nixos/shared/misc/default.nix → modules/shared/nixos/misc/default.nix
View File

0
modules/nixos/shared/misc/slim.nix → modules/shared/nixos/misc/slim.nix
View File

0
modules/nixos/shared/misc/zram.nix → modules/shared/nixos/misc/zram.nix
View File

0
modules/nixos/shared/networking/default.nix → modules/shared/nixos/networking/default.nix
View File

0
modules/nixos/shared/networking/hosts.nix → modules/shared/nixos/networking/hosts.nix
View File

0
modules/nixos/shared/nix/common.nix → modules/shared/nixos/nix/common.nix
View File

0
modules/nixos/shared/nix/default.nix → modules/shared/nixos/nix/default.nix
View File

0
modules/nixos/shared/nix/distibuted-build.nix → modules/shared/nixos/nix/distibuted-build.nix
View File

0
modules/nixos/shared/nix/substituters.nix → modules/shared/nixos/nix/substituters.nix
View File

0
modules/nixos/shared/programs.nix → modules/shared/nixos/programs.nix
View File

123
modules/shared/nixos/security/default.nix Normal file
View File

@ -0,0 +1,123 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkDefault;
in {
security = {
sudo.enable = false;
# doas.enable = true;
sudo-rs = {
enable = true;
execWheelOnly = true;
};
polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("users")
&& (
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
)
)
{
return polkit.Result.YES;
}
});
'';
};
apparmor.enable = mkDefault true;
pam.sshAgentAuth.enable = true;
};
environment.systemPackages = with pkgs; [
(mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
];
services = {
dbus = {
apparmor = "enabled";
implementation = "broker";
};
ntpd-rs = {
enable = true;
#settings = {
# server = {
# require-nts = true;
# };
#};
};
};
boot = {
kernel.sysctl = {
"dev.tty.ldisc_autoload" = 0;
"fs.protected_fifos" = 2;
"fs.protected_regular" = 2;
"fs.suid_dumpable" = 0;
"kernel.kptr_restrict" = 2;
"kernel_kexec_load_disabled" = 1;
# "kernel.modules_disabled" = 1;
"kernel.sysrq" = 0;
"kernel.unprivileged_bpf_disabled" = 1;
"net.ipv4.conf.all.forwarding" = 0;
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.default.log_martians" = 1;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
};
kernelParams = [
"amd_iommu=force_isolation"
"debugfs=off"
"efi=disable_early_pci_dma"
"gather_data_sampling=force"
"intel_iommu=on"
"iommu.passthrough=0"
"iommu.strict=1"
"iommu=force"
"page_alloc.shuffle=1"
"vsyscall=none"
# "ia32_emulation=0"
# "lockdown=confidentiality"
# "module.sig_enforce=1"
];
blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"netrom"
"rose"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
];
};
nix.settings.allowed-users = mkDefault ["@users"];
}

29
modules/nixos/shared/services.nix → modules/shared/nixos/services.nix
View File

@ -1,25 +1,25 @@
{lib, ...}: {
{
services = {
# hardware.openrgb.enable = true;
avahi.enable = true;
flatpak.enable = true;
fwupd.enable = true;
openssh.enable = true;
speechd.enable = lib.mkForce false;
syncthing.openDefaultPorts = true;
userborn.enable = true;
dnscrypt-proxy2 = {
enable = true;
settings = {
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
require_dnssec = true;
server_names = ["mullvad-doh"];
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
};
};
flatpak.enable = true;
fstrim = {
enable = true;
interval = "daily";
};
fwupd.enable = true;
logind = {
lidSwitch = "ignore";
powerKey = "suspend";
};
opensnitch = {
enable = false;
settings = {
@ -29,13 +29,10 @@
ProcMonitorMethod = "ebpf";
};
};
scx = {
enable = true;
scheduler = "scx_flash";
};
logind = {
lidSwitch = "ignore";
powerKey = "suspend";
};
openssh.enable = true;
scx.enable = true;
scx.scheduler = "scx_flash";
syncthing.openDefaultPorts = true;
userborn.enable = true;
};
}

0
modules/nixos/shared/sops.nix → modules/shared/nixos/sops.nix
View File

4
modules/nixos/shared/users.nix → modules/shared/nixos/users.nix
View File

@ -17,9 +17,7 @@ in {
hashedPasswordFile = secrets."user-password-hashed".path;
extraGroups =
["wheel" "video" "libvirtd" "dialout"]
/*
for lisgd
*/
# for lisgd
++ lib.optional (hostName == "morphius" && config.desktop.niri.enable) "input";
isNormalUser = true;
shell = pkgs.fish;

0
hosts/dunamis/users/user/common.nix → modules/shared/user/common.nix
View File

7
modules/shared/user/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [
./common.nix
./flatpak.nix
./programs.nix
];
}

0
hosts/dunamis/users/user/flatpak.nix → modules/shared/user/flatpak.nix
View File

0
hosts/dunamis/users/user/programs.nix → modules/shared/user/programs.nix
View File