start refactoring shared code into modules, update the lock, do some other minor fixes

2026-03-12 14:26:14 +01:00 · 2026-03-12 14:26:14 +01:00 · 5527f50a3b
commit 5527f50a3b
parent c2780184c2
43 changed files with 2348 additions and 51 deletions
--- a/modules/nixos/shared-packages/desktop-settings/default.nix
+++ b/modules/nixos/shared-packages/desktop-settings/default.nix
@ -0,0 +1,144 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./firefox
+  ];
+  services.udev.extraRules =  ''
+    KERNEL=="hidraw*", ATTRS{idVendor}=="057e", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", ATTRS{idProduct}=="6012", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*2DC8:6012*", MODE="0660", TAG+="uaccess"
+  '';
+
+  fonts.packages =  [pkgs.ttf-ms-win10];
+
+  programs = {
+    # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
+    command-not-found.enable = lib.mkForce false;
+    # nix-index.enable = true;
+    nix-index-database.comma.enable = true;
+
+    direnv = {
+      enable = true;
+    };
+
+    # steam = {
+    #   enable = true;
+    #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    #   extest.enable = true;
+    # };
+    kdeconnect.enable = true;
+
+    noisetorch = {
+      enable = true;
+    };
+  };
+
+  xdg.portal.enable = true;
+
+  # Enable networking
+  networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+  services = {
+    # Enable the X11 windowing system.
+    xserver.enable = true;
+
+    # Enable the KDE Plasma Desktop Environment.
+    # displayManager.sddm = {
+    #   enable = true;
+    #   wayland.enable = true;
+    # };
+    displayManager.defaultSession = lib.mkDefault "plasma";
+    desktopManager.plasma6.enable = true;
+    desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;
+
+    # Enable flatpak support
+    flatpak.enable = true;
+    packagekit.enable = true;
+
+    # Configure keymap in X11
+    xserver.xkb = {
+      layout = "us";
+      variant = "";
+      options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
+    };
+
+    # Enable CUPS to print documents.
+    printing.enable = true;
+
+    # Enable fwupd daemon and user space client
+    fwupd.enable = true;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+      wireplumber.enable = true;
+    };
+
+    avahi = {
+      nssmdns4 = true;
+      enable = true;
+      ipv4 = true;
+      ipv6 = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        workstation = true;
+      };
+    };
+  };
+  hardware = {
+    graphics.enable32Bit = true;
+
+    # Enable bluetooth hardware
+    bluetooth.enable = true;
+  };
+  security.rtkit.enable = true;
+
+  services.pulseaudio.enable = false;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+  };
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+    tctiEnvironment.enable = true;
+  }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  users.users.lillian.extraGroups = ["tss"];
+  boot = {
+    # tss group has access to TPM devices
+    bootspec.enable = true;
+    binfmt.emulatedSystems = ["aarch64-linux"];
+    #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+    #boot.supportedFilesystems = ["bcachefs"];
+    extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
+    kernelModules = [
+      # Virtual Camera
+      "v4l2loopback"
+      # Virtual Microphone, built-in
+      "snd-aloop"
+    ];
+
+    # Set initial kernel module settings
+    extraModprobeConfig = ''
+      # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
+      # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
+      # https://github.com/umlaeute/v4l2loopback
+      options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
+    '';
+    loader.systemd-boot.configurationLimit = 3;
+    loader.efi.canTouchEfiVariables = true;
+};
+}