Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable plasma6 on shodan so it can be used as the desktop session

Browse source
This commit is contained in:
Lillian Violet 2026-03-13 01:36:05 +01:00
parent 2d7e7bee3c
commit 40d928eb87
8 changed files with 346 additions and 321 deletions
Download patch file Download diff file Expand all files Collapse all files

386
modules/nixos/preservation/default.nix
View file

@ -1,208 +1,218 @@
{ lib, config, ...}:
let cfg = config.preservationSetup; in {
{
lib,
config,
...
}: let
cfg = config.preservationSetup;
in {
options = {
preservationSetup.enable = lib.mkEnableOption "Enable setup of preservation of files in /persistent";
global.desktop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether or not we should make desktop preservation files.";
};
global.server = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether or not we should make server preservation files.";
};
type = lib.types.bool;
default = false;
description = "Whether or not we should make desktop preservation files.";
};
global.server = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether or not we should make server preservation files.";
};
};
config = lib.mkIf cfg.enable {
preservation = {
# the module doesn't do anything unless it is enabled
enable = true;
# the module doesn't do anything unless it is enabled
enable = true;
preserveAt."/persistent" = {
# preserve system directories
directories = [
#Shared
"/var/lib/sbctl"
"/var/lib/bluetooth"
"/var/lib/fprint"
"/var/lib/fwupd"
"/var/lib/libvirt"
"/var/lib/tpm2-tss"
"/var/lib/tpm2-udev-trigger"
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/coredump"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timers"
"/var/log"
{
directory = "/var/lib/nixos";
inInitrd = true;
}
{
directory = "/var/secrets";
inInitrd = true;
}
] ++ lib.mkIf (cfg.desktop == true) [
#Desktop
"/var/lib/decky-loader"
"/var/lib/flatpak"
] ++ lib.mkIf (cfg.server == true) [
#Server
"/var/lib/continuwuity"
"/var/lib/dhcpcd"
"/var/lib/docker"
"/var/lib/dovecot"
"/var/lib/forgejo"
"/var/lib/gotosocial"
"/var/lib/grafana"
"/var/lib/jellyfin"
"/var/lib/media"
"/var/lib/mollysocket"
"/var/lib/private"
"/var/lib/mysql"
"/var/lib/nextcloud"
"/var/lib/onlyoffice"
"/var/lib/postfix"
"/var/lib/postgresql"
"/var/lib/prometheus2"
"/var/lib/rabbitmq"
"/var/lib/redis-nextcloud"
"/var/lib/redis-rspamd"
"/var/lib/secrets"
"/var/lib/writefreely"
"/var/db"
"/var/dkim"
"/var/secrets"
"/var/sieve"
"/var/vmail"
"/var/mysql"
];
# preserve system files
files = [
{
file = "/etc/machine-id";
inInitrd = true;
how = "symlink";
}
"/var/lib/usbguard/rules.conf"
# creates a symlink on the volatile root
# creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd
# does not create an empty file at the symlink's target (would require `createLinkTarget = true`)
{
file = "/var/lib/systemd/random-seed";
how = "symlink";
inInitrd = true;
configureParent = true;
}
"/var/lib/systemd/tpm2-srk-public-key.pem"
"/var/lib/systemd/tpm2-srk-public-key.tpm2b_public"
];
# preserve user-specific files, implies ownership
users = {
lillian = {
commonMountOptions = [
"x-gvfs-hide"
];
directories = [
preserveAt."/persistent" = {
# preserve system directories
directories =
[
#Shared
"/var/lib/sbctl"
"/var/lib/bluetooth"
"/var/lib/fprint"
"/var/lib/fwupd"
"/var/lib/libvirt"
"/var/lib/tpm2-tss"
"/var/lib/tpm2-udev-trigger"
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/coredump"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timers"
"/var/log"
{
directory = ".ssh";
mode = "0700";
directory = "/var/lib/nixos";
inInitrd = true;
}
] ++ lib.mkIf (cfg.desktop == true) [
#Desktop
".local/state/wireplumber"
".local/share/direnv"
".local/state/nix"
".local/state/comma"
".local/state/home-manager"
".local/share/PrismLauncher"
".local/share/qBittorrent"
".local/share/kwalletd"
".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it
".local/share/lutris"
".local/share/Nextcloud"
".local/share/Steam"
".local/share/zoxide"
".local/share/flatpak"
".local/share/applications"
".local/share/firefoxpwa/"
".local/share/zoxide"
".mozilla"
".steam"
".zsh"
".pki"
".tldrc"
".thunderbird"
"Code"
"Writing"
"Games"
".config/kdeconnect"
".config/Nextcloud"
".config/noisetorch"
".config/qBittorrent"
".config/r2modman"
".config/r2modmanPlus-local"
".config/Ryujinx"
".config/Signal"
".config/sops"
".config/vesktop"
".config/kde.org"
];
#Shared
files = [
".z"
".zsh_history"
];
};
root = {
# specify user home when it is not `/home/${user}`
home = "/root";
directories = [
{
directory = ".ssh";
mode = "0700";
directory = "/var/secrets";
inInitrd = true;
}
]
++ lib.mkIf (cfg.desktop == true) [
#Desktop
"/var/lib/decky-loader"
"/var/lib/flatpak"
]
++ lib.mkIf (cfg.server == true) [
#Server
"/var/lib/continuwuity"
"/var/lib/dhcpcd"
"/var/lib/docker"
"/var/lib/dovecot"
"/var/lib/forgejo"
"/var/lib/gotosocial"
"/var/lib/grafana"
"/var/lib/jellyfin"
"/var/lib/media"
"/var/lib/mollysocket"
"/var/lib/private"
"/var/lib/mysql"
"/var/lib/nextcloud"
"/var/lib/onlyoffice"
"/var/lib/postfix"
"/var/lib/postgresql"
"/var/lib/prometheus2"
"/var/lib/rabbitmq"
"/var/lib/redis-nextcloud"
"/var/lib/redis-rspamd"
"/var/lib/secrets"
"/var/lib/writefreely"
"/var/db"
"/var/dkim"
"/var/secrets"
"/var/sieve"
"/var/vmail"
"/var/mysql"
];
# preserve system files
files = [
{
file = "/etc/machine-id";
inInitrd = true;
how = "symlink";
}
"/var/lib/usbguard/rules.conf"
# creates a symlink on the volatile root
# creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd
# does not create an empty file at the symlink's target (would require `createLinkTarget = true`)
{
file = "/var/lib/systemd/random-seed";
how = "symlink";
inInitrd = true;
configureParent = true;
}
"/var/lib/systemd/tpm2-srk-public-key.pem"
"/var/lib/systemd/tpm2-srk-public-key.tpm2b_public"
];
# preserve user-specific files, implies ownership
users = {
lillian = {
commonMountOptions = [
"x-gvfs-hide"
];
directories =
[
{
directory = ".ssh";
mode = "0700";
}
]
++ lib.mkIf (cfg.desktop == true) [
#Desktop
".local/state/wireplumber"
".local/share/direnv"
".local/state/nix"
".local/state/comma"
".local/state/home-manager"
".local/share/PrismLauncher"
".local/share/qBittorrent"
".local/share/kwalletd"
".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it
".local/share/lutris"
".local/share/Nextcloud"
".local/share/Steam"
".local/share/zoxide"
".local/share/flatpak"
".local/share/applications"
".local/share/firefoxpwa/"
".local/share/zoxide"
".mozilla"
".steam"
".zsh"
".pki"
".tldrc"
".thunderbird"
"Code"
"Writing"
"Games"
".config/kdeconnect"
".config/Nextcloud"
".config/noisetorch"
".config/qBittorrent"
".config/r2modman"
".config/r2modmanPlus-local"
".config/Ryujinx"
".config/Signal"
".config/sops"
".config/vesktop"
".config/kde.org"
".config/heroic"
];
#Shared
files = [
".z"
".zsh_history"
];
};
root = {
# specify user home when it is not `/home/${user}`
home = "/root";
directories = [
{
directory = ".ssh";
mode = "0700";
}
];
};
};
};
};
};
systemd.services.systemd-machine-id-commit = {
unitConfig.ConditionPathIsMountPoint = [
""
"/persistent/etc/machine-id"
];
serviceConfig.ExecStart = [
""
"systemd-machine-id-setup --commit --root /persistent"
];
};
systemd.tmpfiles.settings.preservation = {
"/home/lillian/.config".d = {
user = "lillian";
group = "users";
mode = "0755";
systemd.services.systemd-machine-id-commit = {
unitConfig.ConditionPathIsMountPoint = [
""
"/persistent/etc/machine-id"
];
serviceConfig.ExecStart = [
""
"systemd-machine-id-setup --commit --root /persistent"
];
};
"/home/lillian/.local".d = {
user = "lillian";
group = "users";
mode = "0755";
systemd.tmpfiles.settings.preservation = {
"/home/lillian/.config".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/share".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/state".d = {
user = "lillian";
group = "users";
mode = "0755";
};
};
"/home/lillian/.local/share".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/state".d = {
user = "lillian";
group = "users";
mode = "0755";
};
};
};
}

41
modules/nixos/sops/default.nix
View file

@ -1,31 +1,36 @@
{ lib, config, ...}:
let cfg = config.sopsSetup; in {
{
lib,
config,
...
}: let
cfg = config.sopsSetup;
in {
options = {
sopsSetup.enable = lib.mkEnableOption "Enable Module";
global.desktop= lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether or not to install shared desktop secrets.";
};
global.desktop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether or not to install shared desktop secrets.";
};
};
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "/var/secrets/keys.txt";
secrets."lillian-password".neededForUsers = true;
age.keyFile = "/var/secrets/keys.txt";
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
};
secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.netrc";

102
modules/nixos/stylix/default.nix
View file

@ -1,60 +1,66 @@
{ lib, config, pkgs, ...}:
let cfg = config.stylixSetup; in {
{
lib,
config,
pkgs,
...
}: let
cfg = config.stylixSetup;
in {
options = {
stylixSetup.enable = lib.mkEnableOption "Enable Module";
};
config = lib.mkIf cfg.enable {
stylix = {
# targets.qt.platform = lib.mkForce "kde";
enable = true;
# targets.qt.platform = "kde6";
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato Mauve";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "c6a0f6";
base0E = "8aadf4";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
stylix = {
# targets.qt.platform = lib.mkForce "kde";
enable = true;
# targets.qt.platform = "kde6";
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato Mauve";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "c6a0f6";
base0E = "8aadf4";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
};
monospace = {
package = pkgs.atkinson-hyperlegible-mono;
name = "Atkinson Hyperlegbile Mono";
};
monospace = {
package = pkgs.atkinson-hyperlegible-mono;
name = "Atkinson Hyperlegbile Mono";
};
sansSerif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
};
sansSerif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
};
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
};
};
};
};
}

2
nixos/desktop/default.nix
View file

@ -173,8 +173,6 @@
# enable = true;
# wayland.enable = true;
# };
displayManager.defaultSession = lib.mkDefault "plasma";
desktopManager.plasma6.enable = true;
desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;
# Enable flatpak support

55
nixos/hosts/EDI/configuration.nix
View file

@ -41,40 +41,41 @@
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services = {
displayManager.plasma-login-manager = {
enable = true;
};
services.displayManager.plasma-login-manager = {
enable = true;
};
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [
"root"
];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
public = {
browseable = "yes";
comment = "Public samba share.";
"guest ok" = "yes";
path = "/home/lillian/samba";
"read only" = "no";
samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [
"root"
];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
public = {
browseable = "yes";
comment = "Public samba share.";
"guest ok" = "yes";
path = "/home/lillian/samba";
"read only" = "no";
};
};
};
vpn-ip = {
ip = "3";
};
};
users.groups.samba.members = ["lillian"];
services.vpn-ip = {
ip = "3";
};
networking = {
hostName = "EDI";
networkmanager.enable = true;

20
nixos/hosts/GLaDOS/configuration.nix
View file

@ -4,6 +4,7 @@
inputs,
outputs,
pkgs,
lib,
...
}: {
# You can import other NixOS modules here
@ -30,21 +31,22 @@
environment.systemPackages = with pkgs; [
gparted
];
services = {
displayManager.plasma-login-manager = {
enable = true;
};
services.displayManager.plasma-login-manager = {
enable = true;
};
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
vpn-ip = {
ip = "2";
};
services.vpn-ip = {
ip = "2";
xserver.videoDrivers = ["amdgpu"];
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
programs = {
steam = {
enable = true;

60
nixos/hosts/shodan/configuration.nix
View file

@ -52,11 +52,37 @@
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true;
};
services.udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666"
'';
services = {
udev.extraRules = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666"
'';
vpn-ip = {
ip = "4";
};
openssh = {
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
desktopManager.plasma6.enable = true;
displayManager = {
# defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
};
zramSwap.enable = false;
networking = {
domain = "";
@ -72,32 +98,8 @@
hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde];
services = {
openssh = {
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
displayManager = {
# defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
};
environment.systemPackages = with pkgs; [
# Custom tools

1
nixos/shared/preservation.nix
View file

@ -132,6 +132,7 @@
".config/sops"
".config/vesktop"
".config/kde.org"
".config/heroic"
];
#Shared
files = [