From 40d928eb879c8299ec4d32403338f079589ad7f5 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Fri, 13 Mar 2026 01:36:05 +0100 Subject: [PATCH] enable plasma6 on shodan so it can be used as the desktop session --- modules/nixos/preservation/default.nix | 386 +++++++++++++------------ modules/nixos/sops/default.nix | 41 +-- modules/nixos/stylix/default.nix | 102 ++++--- nixos/desktop/default.nix | 2 - nixos/hosts/EDI/configuration.nix | 55 ++-- nixos/hosts/GLaDOS/configuration.nix | 20 +- nixos/hosts/shodan/configuration.nix | 60 ++-- nixos/shared/preservation.nix | 1 + 8 files changed, 346 insertions(+), 321 deletions(-) diff --git a/modules/nixos/preservation/default.nix b/modules/nixos/preservation/default.nix index 234f137..573f09f 100644 --- a/modules/nixos/preservation/default.nix +++ b/modules/nixos/preservation/default.nix @@ -1,208 +1,218 @@ -{ lib, config, ...}: -let cfg = config.preservationSetup; in { +{ + lib, + config, + ... +}: let + cfg = config.preservationSetup; +in { options = { preservationSetup.enable = lib.mkEnableOption "Enable setup of preservation of files in /persistent"; global.desktop = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether or not we should make desktop preservation files."; - }; - global.server = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether or not we should make server preservation files."; - }; + type = lib.types.bool; + default = false; + description = "Whether or not we should make desktop preservation files."; + }; + global.server = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether or not we should make server preservation files."; + }; }; config = lib.mkIf cfg.enable { - preservation = { - # the module doesn't do anything unless it is enabled - enable = true; + # the module doesn't do anything unless it is enabled + enable = true; - preserveAt."/persistent" = { - # preserve system directories - directories = [ - #Shared - "/var/lib/sbctl" - "/var/lib/bluetooth" - "/var/lib/fprint" - "/var/lib/fwupd" - "/var/lib/libvirt" - "/var/lib/tpm2-tss" - "/var/lib/tpm2-udev-trigger" - "/var/lib/power-profiles-daemon" - "/var/lib/systemd/coredump" - "/var/lib/systemd/rfkill" - "/var/lib/systemd/timers" - "/var/log" - { - directory = "/var/lib/nixos"; - inInitrd = true; - } - { - directory = "/var/secrets"; - inInitrd = true; - } - ] ++ lib.mkIf (cfg.desktop == true) [ - #Desktop - "/var/lib/decky-loader" - "/var/lib/flatpak" - ] ++ lib.mkIf (cfg.server == true) [ - #Server - "/var/lib/continuwuity" - "/var/lib/dhcpcd" - "/var/lib/docker" - "/var/lib/dovecot" - "/var/lib/forgejo" - "/var/lib/gotosocial" - "/var/lib/grafana" - "/var/lib/jellyfin" - "/var/lib/media" - "/var/lib/mollysocket" - "/var/lib/private" - "/var/lib/mysql" - "/var/lib/nextcloud" - "/var/lib/onlyoffice" - "/var/lib/postfix" - "/var/lib/postgresql" - "/var/lib/prometheus2" - "/var/lib/rabbitmq" - "/var/lib/redis-nextcloud" - "/var/lib/redis-rspamd" - "/var/lib/secrets" - "/var/lib/writefreely" - "/var/db" - "/var/dkim" - "/var/secrets" - "/var/sieve" - "/var/vmail" - "/var/mysql" - ]; - - # preserve system files - files = [ - { - file = "/etc/machine-id"; - inInitrd = true; - how = "symlink"; - } - "/var/lib/usbguard/rules.conf" - - # creates a symlink on the volatile root - # creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd - # does not create an empty file at the symlink's target (would require `createLinkTarget = true`) - { - file = "/var/lib/systemd/random-seed"; - how = "symlink"; - inInitrd = true; - configureParent = true; - } - "/var/lib/systemd/tpm2-srk-public-key.pem" - "/var/lib/systemd/tpm2-srk-public-key.tpm2b_public" - ]; - - # preserve user-specific files, implies ownership - users = { - lillian = { - commonMountOptions = [ - "x-gvfs-hide" - ]; - directories = [ + preserveAt."/persistent" = { + # preserve system directories + directories = + [ + #Shared + "/var/lib/sbctl" + "/var/lib/bluetooth" + "/var/lib/fprint" + "/var/lib/fwupd" + "/var/lib/libvirt" + "/var/lib/tpm2-tss" + "/var/lib/tpm2-udev-trigger" + "/var/lib/power-profiles-daemon" + "/var/lib/systemd/coredump" + "/var/lib/systemd/rfkill" + "/var/lib/systemd/timers" + "/var/log" { - directory = ".ssh"; - mode = "0700"; + directory = "/var/lib/nixos"; + inInitrd = true; } - ] ++ lib.mkIf (cfg.desktop == true) [ - #Desktop - ".local/state/wireplumber" - ".local/share/direnv" - ".local/state/nix" - ".local/state/comma" - ".local/state/home-manager" - ".local/share/PrismLauncher" - ".local/share/qBittorrent" - ".local/share/kwalletd" - ".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it - ".local/share/lutris" - ".local/share/Nextcloud" - ".local/share/Steam" - ".local/share/zoxide" - ".local/share/flatpak" - ".local/share/applications" - ".local/share/firefoxpwa/" - ".local/share/zoxide" - ".mozilla" - ".steam" - ".zsh" - ".pki" - ".tldrc" - ".thunderbird" - "Code" - "Writing" - "Games" - ".config/kdeconnect" - ".config/Nextcloud" - ".config/noisetorch" - ".config/qBittorrent" - ".config/r2modman" - ".config/r2modmanPlus-local" - ".config/Ryujinx" - ".config/Signal" - ".config/sops" - ".config/vesktop" - ".config/kde.org" - ]; - #Shared - files = [ - ".z" - ".zsh_history" - ]; - }; - root = { - # specify user home when it is not `/home/${user}` - home = "/root"; - directories = [ { - directory = ".ssh"; - mode = "0700"; + directory = "/var/secrets"; + inInitrd = true; } + ] + ++ lib.mkIf (cfg.desktop == true) [ + #Desktop + "/var/lib/decky-loader" + "/var/lib/flatpak" + ] + ++ lib.mkIf (cfg.server == true) [ + #Server + "/var/lib/continuwuity" + "/var/lib/dhcpcd" + "/var/lib/docker" + "/var/lib/dovecot" + "/var/lib/forgejo" + "/var/lib/gotosocial" + "/var/lib/grafana" + "/var/lib/jellyfin" + "/var/lib/media" + "/var/lib/mollysocket" + "/var/lib/private" + "/var/lib/mysql" + "/var/lib/nextcloud" + "/var/lib/onlyoffice" + "/var/lib/postfix" + "/var/lib/postgresql" + "/var/lib/prometheus2" + "/var/lib/rabbitmq" + "/var/lib/redis-nextcloud" + "/var/lib/redis-rspamd" + "/var/lib/secrets" + "/var/lib/writefreely" + "/var/db" + "/var/dkim" + "/var/secrets" + "/var/sieve" + "/var/vmail" + "/var/mysql" ]; + + # preserve system files + files = [ + { + file = "/etc/machine-id"; + inInitrd = true; + how = "symlink"; + } + "/var/lib/usbguard/rules.conf" + + # creates a symlink on the volatile root + # creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd + # does not create an empty file at the symlink's target (would require `createLinkTarget = true`) + { + file = "/var/lib/systemd/random-seed"; + how = "symlink"; + inInitrd = true; + configureParent = true; + } + "/var/lib/systemd/tpm2-srk-public-key.pem" + "/var/lib/systemd/tpm2-srk-public-key.tpm2b_public" + ]; + + # preserve user-specific files, implies ownership + users = { + lillian = { + commonMountOptions = [ + "x-gvfs-hide" + ]; + directories = + [ + { + directory = ".ssh"; + mode = "0700"; + } + ] + ++ lib.mkIf (cfg.desktop == true) [ + #Desktop + ".local/state/wireplumber" + ".local/share/direnv" + ".local/state/nix" + ".local/state/comma" + ".local/state/home-manager" + ".local/share/PrismLauncher" + ".local/share/qBittorrent" + ".local/share/kwalletd" + ".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it + ".local/share/lutris" + ".local/share/Nextcloud" + ".local/share/Steam" + ".local/share/zoxide" + ".local/share/flatpak" + ".local/share/applications" + ".local/share/firefoxpwa/" + ".local/share/zoxide" + ".mozilla" + ".steam" + ".zsh" + ".pki" + ".tldrc" + ".thunderbird" + "Code" + "Writing" + "Games" + ".config/kdeconnect" + ".config/Nextcloud" + ".config/noisetorch" + ".config/qBittorrent" + ".config/r2modman" + ".config/r2modmanPlus-local" + ".config/Ryujinx" + ".config/Signal" + ".config/sops" + ".config/vesktop" + ".config/kde.org" + ".config/heroic" + ]; + #Shared + files = [ + ".z" + ".zsh_history" + ]; + }; + root = { + # specify user home when it is not `/home/${user}` + home = "/root"; + directories = [ + { + directory = ".ssh"; + mode = "0700"; + } + ]; + }; }; }; }; - }; - systemd.services.systemd-machine-id-commit = { - unitConfig.ConditionPathIsMountPoint = [ - "" - "/persistent/etc/machine-id" - ]; - serviceConfig.ExecStart = [ - "" - "systemd-machine-id-setup --commit --root /persistent" - ]; - }; - systemd.tmpfiles.settings.preservation = { - "/home/lillian/.config".d = { - user = "lillian"; - group = "users"; - mode = "0755"; + systemd.services.systemd-machine-id-commit = { + unitConfig.ConditionPathIsMountPoint = [ + "" + "/persistent/etc/machine-id" + ]; + serviceConfig.ExecStart = [ + "" + "systemd-machine-id-setup --commit --root /persistent" + ]; }; - "/home/lillian/.local".d = { - user = "lillian"; - group = "users"; - mode = "0755"; + systemd.tmpfiles.settings.preservation = { + "/home/lillian/.config".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local/share".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local/state".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; }; - "/home/lillian/.local/share".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - "/home/lillian/.local/state".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - }; }; } diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix index bb15447..0da284b 100644 --- a/modules/nixos/sops/default.nix +++ b/modules/nixos/sops/default.nix @@ -1,31 +1,36 @@ -{ lib, config, ...}: -let cfg = config.sopsSetup; in { +{ + lib, + config, + ... +}: let + cfg = config.sopsSetup; +in { options = { sopsSetup.enable = lib.mkEnableOption "Enable Module"; - global.desktop= lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether or not to install shared desktop secrets."; - }; + global.desktop = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether or not to install shared desktop secrets."; + }; }; config = lib.mkIf cfg.enable { sops = { - age.keyFile = "/var/secrets/keys.txt"; - secrets."lillian-password".neededForUsers = true; + age.keyFile = "/var/secrets/keys.txt"; + secrets."lillian-password".neededForUsers = true; - defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml; + defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml; - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; + secrets."wg-private-key".mode = "0440"; + secrets."wg-private-key".owner = config.users.users.root.name; - secrets."ssh-private-key" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.ssh/id_ed25519"; + secrets."ssh-private-key" = { + mode = "0600"; + owner = config.users.users.lillian.name; + path = "/home/lillian/.ssh/id_ed25519"; + }; }; - }; - secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) { + secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) { mode = "0600"; owner = config.users.users.lillian.name; path = "/home/lillian/.netrc"; diff --git a/modules/nixos/stylix/default.nix b/modules/nixos/stylix/default.nix index 2154be0..2719860 100644 --- a/modules/nixos/stylix/default.nix +++ b/modules/nixos/stylix/default.nix @@ -1,60 +1,66 @@ - { lib, config, pkgs, ...}: -let cfg = config.stylixSetup; in { +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.stylixSetup; +in { options = { stylixSetup.enable = lib.mkEnableOption "Enable Module"; }; config = lib.mkIf cfg.enable { - stylix = { - # targets.qt.platform = lib.mkForce "kde"; - enable = true; - # targets.qt.platform = "kde6"; - autoEnable = true; - base16Scheme = { - scheme = "Catppuccin Macchiato Mauve"; - author = "https://github.com/catppuccin/catppuccin"; - base00 = "24273a"; - base01 = "1e2030"; - base02 = "363a4f"; - base03 = "494d64"; - base04 = "5b6078"; - base05 = "cad3f5"; - base06 = "f4dbd6"; - base07 = "b7bdf8"; - base08 = "ed8796"; - base09 = "f5a97f"; - base0A = "eed49f"; - base0B = "a6da95"; - base0C = "8bd5ca"; - base0D = "c6a0f6"; - base0E = "8aadf4"; - base0F = "f0c6c6"; - }; - image = ./background.jpg; - cursor.package = pkgs.catppuccin-cursors.macchiatoMauve; - cursor.name = "catppuccin-macchiato-mauve-cursors"; - cursor.size = 24; - homeManagerIntegration.followSystem = true; - fonts = { - serif = { - package = pkgs.atkinson-hyperlegible; - name = "Atkinson Hyperlegible Next"; + stylix = { + # targets.qt.platform = lib.mkForce "kde"; + enable = true; + # targets.qt.platform = "kde6"; + autoEnable = true; + base16Scheme = { + scheme = "Catppuccin Macchiato Mauve"; + author = "https://github.com/catppuccin/catppuccin"; + base00 = "24273a"; + base01 = "1e2030"; + base02 = "363a4f"; + base03 = "494d64"; + base04 = "5b6078"; + base05 = "cad3f5"; + base06 = "f4dbd6"; + base07 = "b7bdf8"; + base08 = "ed8796"; + base09 = "f5a97f"; + base0A = "eed49f"; + base0B = "a6da95"; + base0C = "8bd5ca"; + base0D = "c6a0f6"; + base0E = "8aadf4"; + base0F = "f0c6c6"; }; + image = ./background.jpg; + cursor.package = pkgs.catppuccin-cursors.macchiatoMauve; + cursor.name = "catppuccin-macchiato-mauve-cursors"; + cursor.size = 24; + homeManagerIntegration.followSystem = true; + fonts = { + serif = { + package = pkgs.atkinson-hyperlegible; + name = "Atkinson Hyperlegible Next"; + }; - monospace = { - package = pkgs.atkinson-hyperlegible-mono; - name = "Atkinson Hyperlegbile Mono"; - }; + monospace = { + package = pkgs.atkinson-hyperlegible-mono; + name = "Atkinson Hyperlegbile Mono"; + }; - sansSerif = { - package = pkgs.atkinson-hyperlegible; - name = "Atkinson Hyperlegible Next"; - }; + sansSerif = { + package = pkgs.atkinson-hyperlegible; + name = "Atkinson Hyperlegible Next"; + }; - emoji = { - package = pkgs.noto-fonts-emoji-blob-bin; - name = "Blobmoji"; + emoji = { + package = pkgs.noto-fonts-emoji-blob-bin; + name = "Blobmoji"; + }; }; }; }; - }; } diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index 361b1b4..0bb1e5d 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -173,8 +173,6 @@ # enable = true; # wayland.enable = true; # }; - displayManager.defaultSession = lib.mkDefault "plasma"; - desktopManager.plasma6.enable = true; desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible; # Enable flatpak support diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 0d58a61..dd84e28 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -41,40 +41,41 @@ virtualisation.libvirtd.enable = true; virtualisation.spiceUSBRedirection.enable = true; + services = { + displayManager.plasma-login-manager = { + enable = true; + }; - services.displayManager.plasma-login-manager = { - enable = true; - }; + displayManager.defaultSession = "plasma"; + desktopManager.plasma6.enable = true; - services.displayManager.defaultSession = "plasma"; - services.desktopManager.plasma6.enable = true; - - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "invalid users" = [ - "root" - ]; - "passwd program" = "/run/wrappers/bin/passwd %u"; - security = "user"; - }; - public = { - browseable = "yes"; - comment = "Public samba share."; - "guest ok" = "yes"; - path = "/home/lillian/samba"; - "read only" = "no"; + samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "invalid users" = [ + "root" + ]; + "passwd program" = "/run/wrappers/bin/passwd %u"; + security = "user"; + }; + public = { + browseable = "yes"; + comment = "Public samba share."; + "guest ok" = "yes"; + path = "/home/lillian/samba"; + "read only" = "no"; + }; }; }; + + vpn-ip = { + ip = "3"; + }; }; users.groups.samba.members = ["lillian"]; - services.vpn-ip = { - ip = "3"; - }; - networking = { hostName = "EDI"; networkmanager.enable = true; diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index c6e884c..bab2a78 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -4,6 +4,7 @@ inputs, outputs, pkgs, + lib, ... }: { # You can import other NixOS modules here @@ -30,21 +31,22 @@ environment.systemPackages = with pkgs; [ gparted ]; + services = { + displayManager.plasma-login-manager = { + enable = true; + }; - services.displayManager.plasma-login-manager = { - enable = true; - }; + displayManager.defaultSession = "plasma"; + desktopManager.plasma6.enable = true; - services.displayManager.defaultSession = "plasma"; - services.desktopManager.plasma6.enable = true; + vpn-ip = { + ip = "2"; + }; - services.vpn-ip = { - ip = "2"; + xserver.videoDrivers = ["amdgpu"]; }; networking.hostName = "GLaDOS"; - - services.xserver.videoDrivers = ["amdgpu"]; programs = { steam = { enable = true; diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 262332b..3690e2e 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -52,11 +52,37 @@ kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"]; plymouth.enable = true; }; - services.udev.extraRules = '' - KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" - KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666" - ''; + services = { + udev.extraRules = '' + KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" + KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666" + ''; + vpn-ip = { + ip = "4"; + }; + + openssh = { + enable = true; + settings = { + # require public key authentication for better security + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + }; + }; + desktopManager.plasma6.enable = true; + displayManager = { + # defaultSession = "plasma"; + sddm.wayland.enable = lib.mkForce true; + sddm.settings = { + Autologin = { + Session = "plasma.desktop"; + User = "lillian"; + }; + }; + }; + }; zramSwap.enable = false; networking = { domain = ""; @@ -72,32 +98,8 @@ hostName = "shodan"; }; - services.vpn-ip = { - ip = "4"; - }; xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde]; - services = { - openssh = { - enable = true; - settings = { - # require public key authentication for better security - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - }; - }; - displayManager = { - # defaultSession = "plasma"; - sddm.wayland.enable = lib.mkForce true; - sddm.settings = { - Autologin = { - Session = "plasma.desktop"; - User = "lillian"; - }; - }; - }; - }; environment.systemPackages = with pkgs; [ # Custom tools diff --git a/nixos/shared/preservation.nix b/nixos/shared/preservation.nix index 3a4606f..deef7da 100644 --- a/nixos/shared/preservation.nix +++ b/nixos/shared/preservation.nix @@ -132,6 +132,7 @@ ".config/sops" ".config/vesktop" ".config/kde.org" + ".config/heroic" ]; #Shared files = [