Add all of iogamaster modules

2024-06-15 09:59:52 +02:00
parent c97f22254a
commit fa99b32cad
120 changed files with 3587 additions and 254 deletions
--- a/modules/nixos/system/battery/default.nix
+++ b/modules/nixos/system/battery/default.nix
@@ -0,0 +1,41 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.modules.system.battery;
+in
+{
+  options.modules.system.battery = with types; {
+    enable = mkBoolOpt false "Whether or not to enable battery optimizations and utils.";
+  };
+
+  config = mkIf cfg.enable {
+    # Better scheduling for CPU cycles - thanks System76!!!
+    services.system76-scheduler.settings.cfsProfiles.enable = true;
+
+    # Enable TLP (better than gnomes internal power manager)
+    services.tlp = {
+      enable = true;
+      settings = {
+        CPU_BOOST_ON_AC = 0;
+        CPU_BOOST_ON_BAT = 0;
+        CPU_SCALING_GOVERNOR_ON_AC = "powersave";
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+      };
+    };
+
+    # Disable GNOMEs power management
+    services.power-profiles-daemon.enable = false;
+
+    # Enable powertop
+    powerManagement.powertop.enable = true;
+
+    # Enable thermald (only necessary if on Intel CPUs)
+    services.thermald.enable = true;
+  };
+}
--- a/modules/nixos/system/boot/bios/default.nix
+++ b/modules/nixos/system/boot/bios/default.nix
@@ -0,0 +1,23 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.modules.system.boot.bios;
+in
+{
+  options.modules.system.boot.bios = with types; {
+    enable = mkBoolOpt false "Whether or not to enable bios booting.";
+    device = mkOpt str "/dev/sda" "Disk that grub will be installed to.";
+  };
+
+  config = mkIf cfg.enable {
+    boot.loader.grub = {
+      enable = true;
+    };
+  };
+}
--- a/modules/nixos/system/boot/efi/default.nix
+++ b/modules/nixos/system/boot/efi/default.nix
@@ -0,0 +1,25 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.modules.system.boot.efi;
+in
+{
+  options.modules.system.boot.efi = with types; {
+    enable = mkBoolOpt false "Whether or not to enable efi booting.";
+  };
+
+  config = mkIf cfg.enable {
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.configurationLimit = 5;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
+    boot.loader.systemd-boot.editor = false;
+  };
+}
--- a/modules/nixos/system/env/default.nix
+++ b/modules/nixos/system/env/default.nix
@@ -0,0 +1,42 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.env;
+in {
+  options.system.env = with types;
+    mkOption {
+      type = attrsOf (oneOf [str path (listOf (either str path))]);
+      apply = mapAttrs (_n: v:
+        if isList v
+        then concatMapStringsSep ":" toString v
+        else (toString v));
+      default = {};
+      description = "A set of environment variables to set.";
+    };
+
+  config = {
+    environment = {
+      sessionVariables = {
+        XDG_CACHE_HOME = "$HOME/.cache";
+        XDG_CONFIG_HOME = "$HOME/.config";
+        XDG_DATA_HOME = "$HOME/.local/share";
+        XDG_BIN_HOME = "$HOME/.local/bin";
+        # To prevent firefox from creating ~/Desktop.
+        XDG_DESKTOP_DIR = "$HOME";
+      };
+      variables = {
+        # Make some programs "XDG" compliant.
+        LESSHISTFILE = "$XDG_CACHE_HOME/less.history";
+        WGETRC = "$XDG_CONFIG_HOME/wgetrc";
+      };
+      extraInit =
+        concatStringsSep "\n"
+        (mapAttrsToList (n: v: ''export ${n}="${v}"'') cfg);
+    };
+  };
+}
--- a/modules/nixos/system/fonts/default.nix
+++ b/modules/nixos/system/fonts/default.nix
@@ -0,0 +1,35 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.fonts;
+in {
+  options.system.fonts = with types; {
+    enable = mkBoolOpt false "Whether or not to manage fonts.";
+    fonts = mkOpt (listOf package) [] "Custom font packages to install.";
+  };
+
+  config = mkIf cfg.enable {
+    environment.variables = {
+      # Enable icons in tooling since we have nerdfonts.
+      LOG_ICONS = "true";
+    };
+
+    environment.systemPackages = with pkgs; [font-manager];
+
+    fonts.packages = with pkgs;
+      [
+        noto-fonts
+        noto-fonts-cjk-sans
+        noto-fonts-cjk-serif
+        noto-fonts-emoji
+        (nerdfonts.override {fonts = ["JetBrainsMono"];})
+      ]
+      ++ cfg.fonts;
+  };
+}
--- a/modules/nixos/system/locale/default.nix
+++ b/modules/nixos/system/locale/default.nix
@@ -0,0 +1,20 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.locale;
+in {
+  options.system.locale = with types; {
+    enable = mkBoolOpt false "Whether or not to manage locale settings.";
+  };
+
+  config = mkIf cfg.enable {
+    i18n.defaultLocale = "en_US.UTF-8";
+
+    console = {keyMap = mkForce "us";};
+  };
+}
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -0,0 +1,66 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.system.nix;
+in
+{
+  options.system.nix = with types; {
+    enable = mkBoolOpt false "Whether or not to manage nix configuration.";
+    package = mkOpt package pkgs.nixVersions.latest "Which nix package to use.";
+    extraUsers = mkOpt (listOf str) [ ] "Extra users to trust";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      nil
+      nixfmt-rfc-style
+      nix-index
+      nix-prefetch-git
+    ];
+
+    nix =
+      let
+        users = [
+          "root"
+          config.user.name
+        ];
+      in
+      {
+        inherit (cfg) package;
+
+        settings =
+          {
+            experimental-features = "nix-command flakes";
+            http-connections = 50;
+            warn-dirty = false;
+            log-lines = 50;
+            sandbox = "relaxed";
+            auto-optimise-store = true;
+            trusted-users = users ++ cfg.extraUsers;
+            allowed-users = users;
+          }
+          // (lib.optionalAttrs config.apps.tools.direnv.enable {
+            keep-outputs = true;
+            keep-derivations = true;
+          });
+
+        gc = {
+          automatic = true;
+          dates = "weekly";
+          options = "--delete-older-than 7d";
+        };
+
+        # flake-utils-plus
+        generateRegistryFromInputs = true;
+        generateNixPathFromInputs = true;
+        linkInputs = true;
+      };
+  };
+}
--- a/modules/nixos/system/security/doas/default.nix
+++ b/modules/nixos/system/security/doas/default.nix
@@ -0,0 +1,34 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.security.doas;
+in {
+  options.system.security.doas = {
+    enable = mkBoolOpt false "Whether or not to replace sudo with doas.";
+  };
+
+  config = mkIf cfg.enable {
+    # Disable sudo
+    security.sudo.enable = false;
+
+    # Enable and configure `doas`.
+    security.doas = {
+      enable = true;
+      extraRules = [
+        {
+          users = [config.user.name];
+          noPass = true;
+          keepEnv = true;
+        }
+      ];
+    };
+
+    # Add an alias to the shell for backward-compat and convenience.
+    environment.shellAliases = {sudo = "doas";};
+  };
+}
--- a/modules/nixos/system/security/lockdown/default.nix
+++ b/modules/nixos/system/security/lockdown/default.nix
@@ -0,0 +1,44 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.system.security.lockdown;
+in
+{
+  options.system.security.lockdown = {
+    enable = mkBoolOpt false "Whether or not to lockdown the system for maximum security";
+  };
+
+  config = mkIf cfg.enable {
+    # Ripped from:
+    # https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
+
+    nix.allowedUsers = [ "@wheel" ];
+    environment.defaultPackages = lib.mkForce [ ]; # Heres a great little piece, it disables any non defined packages for this system
+
+    services.openssh = {
+      settings.passwordAuthentication = false;
+      allowSFTP = false; # Don't set this if you need sftp
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+      '';
+    };
+
+    fileSystems."/".options = [ "noexec" ];
+    fileSystems."/etc/nixos".options = [ "noexec" ];
+    fileSystems."/srv".options = [ "noexec" ];
+    fileSystems."/var/log".options = [ "noexec" ];
+
+    environment.systemPackages = with pkgs; [ clamav ]; # PCI Compliance
+  };
+}
--- a/modules/nixos/system/security/sops/default.nix
+++ b/modules/nixos/system/security/sops/default.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.frajul;
+{
+  imports = with inputs; [ sops-nix.nixosModules.sops ];
+
+  config = {
+    sops.defaultSopsFile = ../../../../../secrets/secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+
+    sops.age.keyFile = "/home/${config.user.name}/.config/sops/age/keys.txt";
+
+    home.persist.directories = [ ".config/sops" ];
+
+    environment.systemPackages = with pkgs; [
+      (writeShellScriptBin "sops" ''
+        EDITOR=${config.environment.variables.EDITOR} ${pkgs.sops}/bin/sops $@
+      '')
+      age
+    ];
+
+    # List of defined secrets
+    # sops.secrets."system/password" = {neededForUsers = true;};
+    # sops.secrets."ngrok/terraria" = {};
+  };
+}
--- a/modules/nixos/system/shell/default.nix
+++ b/modules/nixos/system/shell/default.nix
@@ -0,0 +1,89 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.shell;
+in {
+  options.system.shell = with types; {
+    shell = mkOpt (enum ["nushell" "fish"]) "nushell" "What shell to use";
+  };
+
+  config = {
+    environment.systemPackages = with pkgs; [
+      eza
+      bat
+      nitch
+      zoxide
+      starship
+    ];
+
+    users.defaultUserShell = pkgs.${cfg.shell};
+    users.users.root.shell = pkgs.bashInteractive;
+
+    home.programs.starship = {
+      enable = true;
+      enableFishIntegration = true;
+      enableNushellIntegration = true;
+    };
+    home.configFile."starship.toml".source = ./starship.toml;
+
+    environment.shellAliases = {
+      ".." = "cd ..";
+      neofetch = "nitch";
+    };
+
+    home.programs.zoxide = {
+      enable = true;
+      enableNushellIntegration = true;
+    };
+
+    home.persist.directories = [
+      ".local/share/zoxide"
+      ".cache/zoxide"
+      ".cache/starship"
+      ".config/nushell"
+      ".config/fish"
+    ];
+
+    # Actual Shell Configurations
+    home.programs.fish = mkIf (cfg.shell == "fish") {
+      enable = true;
+      shellAliases = {
+        ls = "eza -la --icons --no-user --no-time --git -s type";
+        cat = "bat";
+      };
+      shellInit = ''
+        ${mkIf apps.tools.direnv.enable ''
+          direnv hook fish | source
+        ''}
+
+        zoxide init fish | source
+
+        function , --description 'add software to shell session'
+              NIXPKGS_ALLOW_UNFREE=1 NIXPKGS_ALLOW_BROKEN=1 nix shell nixpkgs#$argv[1..-1] --impure
+        end
+      '';
+    };
+
+    # Enable all if nushell
+    home.programs.nushell = mkIf (cfg.shell == "nushell") {
+      enable = true;
+      shellAliases = config.environment.shellAliases // {ls = "ls";};
+      envFile.text = "";
+      extraConfig = ''
+        $env.config = {
+        	show_banner: false,
+        }
+
+        def , [...packages] {
+            NIXPKGS_ALLOW_UNFREE=1 NIXPKGS_ALLOW_BROKEN=1 nix shell ...($packages | each {|s| $"nixpkgs#($s)"}) --impure
+        }
+      '';
+    };
+  };
+}
--- a/modules/nixos/system/shell/starship.toml
+++ b/modules/nixos/system/shell/starship.toml
@@ -0,0 +1,75 @@
+[aws]
+symbol = "  "
+
+[buf]
+symbol = " "
+
+[c]
+symbol = " "
+
+[dart]
+symbol = " "
+
+[directory]
+read_only = " "
+
+[docker_context]
+symbol = " "
+
+[elixir]
+symbol = " "
+
+[elm]
+symbol = " "
+
+[git_branch]
+symbol = " "
+
+[golang]
+symbol = " "
+
+[haskell]
+symbol = " "
+
+[hg_branch]
+symbol = " "
+
+[java]
+symbol = " "
+
+[julia]
+symbol = " "
+
+[lua]
+symbol = " "
+
+[memory_usage]
+symbol = "󰘚 "
+
+[nim]
+symbol = " "
+
+[nix_shell]
+symbol = "  "
+
+[nodejs]
+symbol = " "
+
+[package]
+symbol = "󰏗 "
+
+[python]
+symbol = " "
+
+[rlang]
+symbol = " "
+
+[ruby]
+symbol = " "
+
+[rust]
+symbol = " "
+
+[scala]
+symbol = " "
+
--- a/modules/nixos/system/time/default.nix
+++ b/modules/nixos/system/time/default.nix
@@ -0,0 +1,17 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul; let
+  cfg = config.system.time;
+in {
+  options.system.time = with types; {
+    enable =
+      mkBoolOpt false "Whether or not to configure timezone information.";
+  };
+
+  config = mkIf cfg.enable {time.timeZone = "America/Denver";};
+}
--- a/modules/nixos/system/xkb/default.nix
+++ b/modules/nixos/system/xkb/default.nix
@@ -0,0 +1,24 @@
+{
+  options,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.frajul;
+let
+  cfg = config.system.xkb;
+in
+{
+  options.system.xkb = with types; {
+    enable = mkBoolOpt false "Whether or not to configure xkb.";
+  };
+
+  config = mkIf cfg.enable {
+    console.useXkbConfig = true;
+    services.xserver = {
+      xkb.layout = "de";
+      # xkb.xkbOptions = "caps:escape";
+    };
+  };
+}