swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add profiles for all work host options

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-04-30 19:34:28 +02:00
parent e15ab08adf
commit 36d97926e6
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
30 changed files with 891 additions and 403 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/nixos/common/network.nix
View file

@ -1,13 +1,16 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.network = lib.mkEnableOption "network config";
options.swarselsystems = {
modules.network = lib.mkEnableOption "network config";
firewall = lib.swarselsystems.mkTrueOption;
};
config = lib.mkIf config.swarselsystems.modules.network {
networking = {
nftables.enable = lib.mkDefault true;
enableIPv6 = lib.mkDefault true;
firewall = {
enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall;
checkReversePath = lib.mkDefault false;
enable = lib.mkDefault true;
allowedUDPPorts = [ 51820 ]; # 51820: wireguard
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # kde-connect

2
modules/nixos/common/packages.nix
View file

@ -10,7 +10,6 @@
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubikey-touch-detector
yubico-piv-tool
cfssl
@ -25,6 +24,7 @@
swaylock-effects
syncthingtray-minimal
wl-mirror
swayosd
# secure boot
sbctl

22
modules/nixos/common/swayosd.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, pkgs, config, ... }:
{
options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
config = lib.mkIf config.swarselsystems.modules.swayosd {
environment.systemPackages = [ pkgs.swayosd ];
services.udev.packages = [ pkgs.swayosd ];
systemd.services.swayosd-libinput-backend = {
description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc.";
documentation = [ "https://github.com/ErikReider/SwayOSD" ];
wantedBy = [ "graphical.target" ];
partOf = [ "graphical.target" ];
after = [ "graphical.target" ];
serviceConfig = {
Type = "dbus";
BusName = "org.erikreider.swayosd";
ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend";
Restart = "on-failure";
};
};
};
}

9
modules/nixos/optional/amdcpu.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings";
config = lib.mkIf config.swarselsystems.modules.optional.amdcpu {
hardware = {
cpu.amd.updateMicrocode = true;
};
};
}

15
modules/nixos/optional/amdgpu.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings";
config = lib.mkIf config.swarselsystems.modules.optional.amdgpu {
hardware = {
amdgpu = {
opencl.enable = true;
amdvlk = {
enable = true;
support32Bit.enable = true;
};
};
};
};
}

9
modules/nixos/optional/btrfs.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings";
config = lib.mkIf config.swarselsystems.modules.optional.btrfs {
boot = {
supportedFilesystems = [ "btrfs" ];
};
};
}

27
modules/nixos/optional/framework.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings";
config = lib.mkIf config.swarselsystems.modules.optional.framework {
services = {
fwupd = {
enable = true;
# framework also uses lvfs-testing, but I do not want to use it
extraRemotes = [ "lvfs" ];
};
udev.extraRules = ''
# disable Wakeup on Framework Laptop 16 Keyboard (ANSI)
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled"
# disable Wakeup on Framework Laptop 16 Numpad Module
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
# disable Wakeup on Framework Laptop 16 Trackpad
ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"
'';
};
programs.fw-fanctrl = {
enable = true;
config = {
defaultStrategy = "lazy";
};
};
};
}

24
modules/nixos/optional/hibernation.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, config, ... }:
{
options.swarselsystems = {
modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings";
hibernation = {
offset = lib.mkOption {
type = lib.types.int;
default = 0;
};
resumeDevice = lib.mkOption {
type = lib.types.str;
default = "/dev/disk/by-label/nixos";
};
};
};
config = lib.mkIf config.swarselsystems.modules.optional.hibernation {
boot = {
kernelParams = [
"resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}"
];
inherit (config.swarselsystems.hibernation) resumeDevice;
};
};
}

21
modules/nixos/optional/work.nix
View file

@ -24,7 +24,17 @@ let
};
in
{
options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
options.swarselsystems = {
modules.optional.work = lib.mkEnableOption "optional work settings";
hostName = lib.mkOption {
type = lib.types.str;
default = "";
};
fqdn = lib.mkOption {
type = lib.types.str;
default = "";
};
};
config = lib.mkIf config.swarselsystems.modules.optional.work {
sops =
let
@ -86,7 +96,12 @@ in
};
networking = {
firewall.trustedInterfaces = [ "virbr0" ];
inherit (config.swarselsystems) hostName fqdn;
networkmanager.wifi.scanRandMacAddress = false;
firewall = {
enable = lib.mkDefault true;
trustedInterfaces = [ "virbr0" ];
};
search = [
"vbc.ac.at"
"clip.vbc.ac.at"
@ -122,7 +137,7 @@ in
# cryptography
# ]))
# docker
python39
stable.python39
qemu
packer
gnumake