Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable plasma6 on shodan so it can be used as the desktop session

Browse source
This commit is contained in:
Lillian Violet 2026-03-13 01:36:05 +01:00
parent 2d7e7bee3c
commit 40d928eb87
8 changed files with 346 additions and 321 deletions
Download patch file Download diff file Expand all files Collapse all files

386
modules/nixos/preservation/default.nix
View file

@ -1,208 +1,218 @@
{ lib, config, ...}: {
let cfg = config.preservationSetup; in { lib,
config,
...
}: let
cfg = config.preservationSetup;
in {
options = { options = {
preservationSetup.enable = lib.mkEnableOption "Enable setup of preservation of files in /persistent"; preservationSetup.enable = lib.mkEnableOption "Enable setup of preservation of files in /persistent";
global.desktop = lib.mkOption { global.desktop = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether or not we should make desktop preservation files."; description = "Whether or not we should make desktop preservation files.";
}; };
global.server = lib.mkOption { global.server = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether or not we should make server preservation files."; description = "Whether or not we should make server preservation files.";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
preservation = { preservation = {
# the module doesn't do anything unless it is enabled # the module doesn't do anything unless it is enabled
enable = true; enable = true;
preserveAt."/persistent" = { preserveAt."/persistent" = {
# preserve system directories # preserve system directories
directories = [ directories =
#Shared [
"/var/lib/sbctl" #Shared
"/var/lib/bluetooth" "/var/lib/sbctl"
"/var/lib/fprint" "/var/lib/bluetooth"
"/var/lib/fwupd" "/var/lib/fprint"
"/var/lib/libvirt" "/var/lib/fwupd"
"/var/lib/tpm2-tss" "/var/lib/libvirt"
"/var/lib/tpm2-udev-trigger" "/var/lib/tpm2-tss"
"/var/lib/power-profiles-daemon" "/var/lib/tpm2-udev-trigger"
"/var/lib/systemd/coredump" "/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill" "/var/lib/systemd/coredump"
"/var/lib/systemd/timers" "/var/lib/systemd/rfkill"
"/var/log" "/var/lib/systemd/timers"
{ "/var/log"
directory = "/var/lib/nixos";
inInitrd = true;
}
{
directory = "/var/secrets";
inInitrd = true;
}
] ++ lib.mkIf (cfg.desktop == true) [
#Desktop
"/var/lib/decky-loader"
"/var/lib/flatpak"
] ++ lib.mkIf (cfg.server == true) [
#Server
"/var/lib/continuwuity"
"/var/lib/dhcpcd"
"/var/lib/docker"
"/var/lib/dovecot"
"/var/lib/forgejo"
"/var/lib/gotosocial"
"/var/lib/grafana"
"/var/lib/jellyfin"
"/var/lib/media"
"/var/lib/mollysocket"
"/var/lib/private"
"/var/lib/mysql"
"/var/lib/nextcloud"
"/var/lib/onlyoffice"
"/var/lib/postfix"
"/var/lib/postgresql"
"/var/lib/prometheus2"
"/var/lib/rabbitmq"
"/var/lib/redis-nextcloud"
"/var/lib/redis-rspamd"
"/var/lib/secrets"
"/var/lib/writefreely"
"/var/db"
"/var/dkim"
"/var/secrets"
"/var/sieve"
"/var/vmail"
"/var/mysql"
];
# preserve system files
files = [
{
file = "/etc/machine-id";
inInitrd = true;
how = "symlink";
}
"/var/lib/usbguard/rules.conf"
# creates a symlink on the volatile root
# creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd
# does not create an empty file at the symlink's target (would require `createLinkTarget = true`)
{
file = "/var/lib/systemd/random-seed";
how = "symlink";
inInitrd = true;
configureParent = true;
}
"/var/lib/systemd/tpm2-srk-public-key.pem"
"/var/lib/systemd/tpm2-srk-public-key.tpm2b_public"
];
# preserve user-specific files, implies ownership
users = {
lillian = {
commonMountOptions = [
"x-gvfs-hide"
];
directories = [
{ {
directory = ".ssh"; directory = "/var/lib/nixos";
mode = "0700"; inInitrd = true;
} }
] ++ lib.mkIf (cfg.desktop == true) [
#Desktop
".local/state/wireplumber"
".local/share/direnv"
".local/state/nix"
".local/state/comma"
".local/state/home-manager"
".local/share/PrismLauncher"
".local/share/qBittorrent"
".local/share/kwalletd"
".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it
".local/share/lutris"
".local/share/Nextcloud"
".local/share/Steam"
".local/share/zoxide"
".local/share/flatpak"
".local/share/applications"
".local/share/firefoxpwa/"
".local/share/zoxide"
".mozilla"
".steam"
".zsh"
".pki"
".tldrc"
".thunderbird"
"Code"
"Writing"
"Games"
".config/kdeconnect"
".config/Nextcloud"
".config/noisetorch"
".config/qBittorrent"
".config/r2modman"
".config/r2modmanPlus-local"
".config/Ryujinx"
".config/Signal"
".config/sops"
".config/vesktop"
".config/kde.org"
];
#Shared
files = [
".z"
".zsh_history"
];
};
root = {
# specify user home when it is not `/home/${user}`
home = "/root";
directories = [
{ {
directory = ".ssh"; directory = "/var/secrets";
mode = "0700"; inInitrd = true;
} }
]
++ lib.mkIf (cfg.desktop == true) [
#Desktop
"/var/lib/decky-loader"
"/var/lib/flatpak"
]
++ lib.mkIf (cfg.server == true) [
#Server
"/var/lib/continuwuity"
"/var/lib/dhcpcd"
"/var/lib/docker"
"/var/lib/dovecot"
"/var/lib/forgejo"
"/var/lib/gotosocial"
"/var/lib/grafana"
"/var/lib/jellyfin"
"/var/lib/media"
"/var/lib/mollysocket"
"/var/lib/private"
"/var/lib/mysql"
"/var/lib/nextcloud"
"/var/lib/onlyoffice"
"/var/lib/postfix"
"/var/lib/postgresql"
"/var/lib/prometheus2"
"/var/lib/rabbitmq"
"/var/lib/redis-nextcloud"
"/var/lib/redis-rspamd"
"/var/lib/secrets"
"/var/lib/writefreely"
"/var/db"
"/var/dkim"
"/var/secrets"
"/var/sieve"
"/var/vmail"
"/var/mysql"
]; ];
# preserve system files
files = [
{
file = "/etc/machine-id";
inInitrd = true;
how = "symlink";
}
"/var/lib/usbguard/rules.conf"
# creates a symlink on the volatile root
# creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd
# does not create an empty file at the symlink's target (would require `createLinkTarget = true`)
{
file = "/var/lib/systemd/random-seed";
how = "symlink";
inInitrd = true;
configureParent = true;
}
"/var/lib/systemd/tpm2-srk-public-key.pem"
"/var/lib/systemd/tpm2-srk-public-key.tpm2b_public"
];
# preserve user-specific files, implies ownership
users = {
lillian = {
commonMountOptions = [
"x-gvfs-hide"
];
directories =
[
{
directory = ".ssh";
mode = "0700";
}
]
++ lib.mkIf (cfg.desktop == true) [
#Desktop
".local/state/wireplumber"
".local/share/direnv"
".local/state/nix"
".local/state/comma"
".local/state/home-manager"
".local/share/PrismLauncher"
".local/share/qBittorrent"
".local/share/kwalletd"
".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it
".local/share/lutris"
".local/share/Nextcloud"
".local/share/Steam"
".local/share/zoxide"
".local/share/flatpak"
".local/share/applications"
".local/share/firefoxpwa/"
".local/share/zoxide"
".mozilla"
".steam"
".zsh"
".pki"
".tldrc"
".thunderbird"
"Code"
"Writing"
"Games"
".config/kdeconnect"
".config/Nextcloud"
".config/noisetorch"
".config/qBittorrent"
".config/r2modman"
".config/r2modmanPlus-local"
".config/Ryujinx"
".config/Signal"
".config/sops"
".config/vesktop"
".config/kde.org"
".config/heroic"
];
#Shared
files = [
".z"
".zsh_history"
];
};
root = {
# specify user home when it is not `/home/${user}`
home = "/root";
directories = [
{
directory = ".ssh";
mode = "0700";
}
];
};
}; };
}; };
}; };
}; systemd.services.systemd-machine-id-commit = {
systemd.services.systemd-machine-id-commit = { unitConfig.ConditionPathIsMountPoint = [
unitConfig.ConditionPathIsMountPoint = [ ""
"" "/persistent/etc/machine-id"
"/persistent/etc/machine-id" ];
]; serviceConfig.ExecStart = [
serviceConfig.ExecStart = [ ""
"" "systemd-machine-id-setup --commit --root /persistent"
"systemd-machine-id-setup --commit --root /persistent" ];
];
};
systemd.tmpfiles.settings.preservation = {
"/home/lillian/.config".d = {
user = "lillian";
group = "users";
mode = "0755";
}; };
"/home/lillian/.local".d = { systemd.tmpfiles.settings.preservation = {
user = "lillian"; "/home/lillian/.config".d = {
group = "users"; user = "lillian";
mode = "0755"; group = "users";
mode = "0755";
};
"/home/lillian/.local".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/share".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/state".d = {
user = "lillian";
group = "users";
mode = "0755";
};
}; };
"/home/lillian/.local/share".d = {
user = "lillian";
group = "users";
mode = "0755";
};
"/home/lillian/.local/state".d = {
user = "lillian";
group = "users";
mode = "0755";
};
};
}; };
} }

41
modules/nixos/sops/default.nix
View file

@ -1,31 +1,36 @@
{ lib, config, ...}: {
let cfg = config.sopsSetup; in { lib,
config,
...
}: let
cfg = config.sopsSetup;
in {
options = { options = {
sopsSetup.enable = lib.mkEnableOption "Enable Module"; sopsSetup.enable = lib.mkEnableOption "Enable Module";
global.desktop= lib.mkOption { global.desktop = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether or not to install shared desktop secrets."; description = "Whether or not to install shared desktop secrets.";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops = { sops = {
age.keyFile = "/var/secrets/keys.txt"; age.keyFile = "/var/secrets/keys.txt";
secrets."lillian-password".neededForUsers = true; secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml; defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440"; secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name; secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = { secrets."ssh-private-key" = {
mode = "0600"; mode = "0600";
owner = config.users.users.lillian.name; owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519"; path = "/home/lillian/.ssh/id_ed25519";
};
}; };
}; secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
mode = "0600"; mode = "0600";
owner = config.users.users.lillian.name; owner = config.users.users.lillian.name;
path = "/home/lillian/.netrc"; path = "/home/lillian/.netrc";

102
modules/nixos/stylix/default.nix
View file

@ -1,60 +1,66 @@
{ lib, config, pkgs, ...}: {
let cfg = config.stylixSetup; in { lib,
config,
pkgs,
...
}: let
cfg = config.stylixSetup;
in {
options = { options = {
stylixSetup.enable = lib.mkEnableOption "Enable Module"; stylixSetup.enable = lib.mkEnableOption "Enable Module";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
stylix = { stylix = {
# targets.qt.platform = lib.mkForce "kde"; # targets.qt.platform = lib.mkForce "kde";
enable = true; enable = true;
# targets.qt.platform = "kde6"; # targets.qt.platform = "kde6";
autoEnable = true; autoEnable = true;
base16Scheme = { base16Scheme = {
scheme = "Catppuccin Macchiato Mauve"; scheme = "Catppuccin Macchiato Mauve";
author = "https://github.com/catppuccin/catppuccin"; author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a"; base00 = "24273a";
base01 = "1e2030"; base01 = "1e2030";
base02 = "363a4f"; base02 = "363a4f";
base03 = "494d64"; base03 = "494d64";
base04 = "5b6078"; base04 = "5b6078";
base05 = "cad3f5"; base05 = "cad3f5";
base06 = "f4dbd6"; base06 = "f4dbd6";
base07 = "b7bdf8"; base07 = "b7bdf8";
base08 = "ed8796"; base08 = "ed8796";
base09 = "f5a97f"; base09 = "f5a97f";
base0A = "eed49f"; base0A = "eed49f";
base0B = "a6da95"; base0B = "a6da95";
base0C = "8bd5ca"; base0C = "8bd5ca";
base0D = "c6a0f6"; base0D = "c6a0f6";
base0E = "8aadf4"; base0E = "8aadf4";
base0F = "f0c6c6"; base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
}; };
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
cursor.size = 24;
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next";
};
monospace = { monospace = {
package = pkgs.atkinson-hyperlegible-mono; package = pkgs.atkinson-hyperlegible-mono;
name = "Atkinson Hyperlegbile Mono"; name = "Atkinson Hyperlegbile Mono";
}; };
sansSerif = { sansSerif = {
package = pkgs.atkinson-hyperlegible; package = pkgs.atkinson-hyperlegible;
name = "Atkinson Hyperlegible Next"; name = "Atkinson Hyperlegible Next";
}; };
emoji = { emoji = {
package = pkgs.noto-fonts-emoji-blob-bin; package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji"; name = "Blobmoji";
};
}; };
}; };
}; };
};
} }

2
nixos/desktop/default.nix
View file

@ -173,8 +173,6 @@
# enable = true; # enable = true;
# wayland.enable = true; # wayland.enable = true;
# }; # };
displayManager.defaultSession = lib.mkDefault "plasma";
desktopManager.plasma6.enable = true;
desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible; desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;
# Enable flatpak support # Enable flatpak support

55
nixos/hosts/EDI/configuration.nix
View file

@ -41,40 +41,41 @@
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true; virtualisation.spiceUSBRedirection.enable = true;
services = {
displayManager.plasma-login-manager = {
enable = true;
};
services.displayManager.plasma-login-manager = { displayManager.defaultSession = "plasma";
enable = true; desktopManager.plasma6.enable = true;
};
services.displayManager.defaultSession = "plasma"; samba = {
services.desktopManager.plasma6.enable = true; enable = true;
openFirewall = true;
services.samba = { settings = {
enable = true; global = {
openFirewall = true; "invalid users" = [
settings = { "root"
global = { ];
"invalid users" = [ "passwd program" = "/run/wrappers/bin/passwd %u";
"root" security = "user";
]; };
"passwd program" = "/run/wrappers/bin/passwd %u"; public = {
security = "user"; browseable = "yes";
}; comment = "Public samba share.";
public = { "guest ok" = "yes";
browseable = "yes"; path = "/home/lillian/samba";
comment = "Public samba share."; "read only" = "no";
"guest ok" = "yes"; };
path = "/home/lillian/samba";
"read only" = "no";
}; };
}; };
vpn-ip = {
ip = "3";
};
}; };
users.groups.samba.members = ["lillian"]; users.groups.samba.members = ["lillian"];
services.vpn-ip = {
ip = "3";
};
networking = { networking = {
hostName = "EDI"; hostName = "EDI";
networkmanager.enable = true; networkmanager.enable = true;

20
nixos/hosts/GLaDOS/configuration.nix
View file

@ -4,6 +4,7 @@
inputs, inputs,
outputs, outputs,
pkgs, pkgs,
lib,
... ...
}: { }: {
# You can import other NixOS modules here # You can import other NixOS modules here
@ -30,21 +31,22 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gparted gparted
]; ];
services = {
displayManager.plasma-login-manager = {
enable = true;
};
services.displayManager.plasma-login-manager = { displayManager.defaultSession = "plasma";
enable = true; desktopManager.plasma6.enable = true;
};
services.displayManager.defaultSession = "plasma"; vpn-ip = {
services.desktopManager.plasma6.enable = true; ip = "2";
};
services.vpn-ip = { xserver.videoDrivers = ["amdgpu"];
ip = "2";
}; };
networking.hostName = "GLaDOS"; networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;

60
nixos/hosts/shodan/configuration.nix
View file

@ -52,11 +52,37 @@
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"]; kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true; plymouth.enable = true;
}; };
services.udev.extraRules = '' services = {
KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" udev.extraRules = ''
KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666" KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
''; SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666"
'';
vpn-ip = {
ip = "4";
};
openssh = {
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
desktopManager.plasma6.enable = true;
displayManager = {
# defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
};
zramSwap.enable = false; zramSwap.enable = false;
networking = { networking = {
domain = ""; domain = "";
@ -72,32 +98,8 @@
hostName = "shodan"; hostName = "shodan";
}; };
services.vpn-ip = {
ip = "4";
};
xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde]; xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde];
services = {
openssh = {
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
displayManager = {
# defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Custom tools # Custom tools

1
nixos/shared/preservation.nix
View file

@ -132,6 +132,7 @@
".config/sops" ".config/sops"
".config/vesktop" ".config/vesktop"
".config/kde.org" ".config/kde.org"
".config/heroic"
]; ];
#Shared #Shared
files = [ files = [