nixos-blueprint/modules/shared/nixos/default.nix

{
  config,
  # inputs,
  lib,
  pkgs,
  ...
}: let
  inherit (lib) mkDefault mkOption mkEnableOption mkIf;
  cfg = config.module.config;
in {
  imports = [
    ./boot
    ./hardware
    ./misc
    ./networking
    ./nix
    ./security
    ./locale.nix
    ./programs.nix
    ./services.nix
    ./sops.nix
    ./users.nix
  ];
  options = {
    module.host = {
      name = mkOption {
        type = lib.types.str;
      };
      id = mkOption {
        type = lib.types.strMatching "[a-z0-9]{8}";
      };
      stateVersion = mkOption {
        type = lib.types.strMatching ''[0-9]{2}\.[0-9]{2}'';
      };
      type = mkOption {
        type = lib.types.enum ["laptop" "server" "workstation"];
      };
    };
    module.config = {
      laptop.homeRowMods = mkEnableOption "set to have mods on asdfjkl;";
      powerSave = mkEnableOption "set to use various power saving daemons";
      secureBoot = mkEnableOption "set if secure boot is configured";
      tpmDiskUnlock = mkEnableOption "set if luks enrolled in tpm2";
      useIwd = mkEnableOption "set to use iwd instead of wpa-supplicant";
      vaapi = lib.mkOption {
        type = lib.types.nullOr (lib.types.enum ["intel-media-driver" "nvidia"]);
        default = null;
      };
    };
  };
  config = lib.mkMerge [
    {
      system.stateVersion = config.module.host.stateVersion;
      networking = {
        hostName = config.module.host.name;
        hostId = config.module.host.id;
      };
    }
    {
      boot.initrd.systemd.tpm2.enable = mkDefault cfg.tpmDiskUnlock;
      boot.loader.systemd-boot.enable = mkDefault (!cfg.secureBoot);
    }
    (mkIf (cfg.laptop.homeRowMods)
      # lib.asserts.assertMsg (config.services.kanata.enable != config.services.keyd.enable) "Kanata and keyd create soft lock when both enabled"
      {
        services.kanata.enable = true;
        services.kanata.keyboards.internal = {
          extraDefCfg = ''
            process-unmapped-keys no
          '';
          configFile = ./kanata/internal.kbd;
        };
      })
    (mkIf (cfg.powerSave) {
      powerManagement.enable = true;
      powerManagement.powertop.enable = true;
      services.power-profiles-daemon.enable = true;
      services.thermald.enable = true;
      services.upower.enable = true;
    })
    (mkIf cfg.useIwd {
      networking = {
        networkmanager.wifi.backend = "iwd";
        wireless.iwd.enable = true;
      };
    })
    (mkIf (cfg.vaapi == "intel-media-driver") {
      hardware.graphics.extraPackages = with pkgs; [
        intel-compute-runtime
        intel-media-driver
        vpl-gpu-rt
      ];
    })
    (mkIf (cfg.vaapi == "nvidia") {
      hardware.graphics.extraPackages = with pkgs; [
        nvidia-vaapi-driver
      ];
    })
  ];
}