diff --git a/flake.nix b/flake.nix index 1e21813..bf8bb92 100644 --- a/flake.nix +++ b/flake.nix @@ -57,12 +57,14 @@ inherit system; specialArgs = { inherit inputs; + isHM = false; }; modules = [ ({...}: {nixpkgs.overlays = [overlay-unstable];}) ({...}: {nixpkgs.config.allowUnfree = true;}) nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 inputs.sops-nix.nixosModules.sops + ./modules ./hosts/comfy-station/configuration.nix ]; }; @@ -70,6 +72,7 @@ inherit system; specialArgs = { inherit inputs; + isHM = false; }; modules = [ ({...}: {nixpkgs.overlays = [overlay-unstable];}) @@ -82,6 +85,7 @@ } inputs.sops-nix.nixosModules.sops nixos-cosmic.nixosModules.default + ./modules ./hosts/monolith/configuration.nix ]; }; @@ -89,10 +93,13 @@ inherit system; specialArgs = { inherit inputs; + isHM = false; }; modules = [ ({...}: {nixpkgs.overlays = [overlay-unstable];}) + ({...}: {nixpkgs.config.allowUnfree = true;}) inputs.sops-nix.nixosModules.sops + ./modules ./hosts/harbor/configuration.nix ]; }; @@ -121,7 +128,10 @@ # Optionally use extraSpecialArgs # to pass through arguments to home.nix - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { + inherit inputs; + isHM = true; + }; }; homeConfigurations."jonas@harbor" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.${system}; @@ -136,7 +146,10 @@ # Optionally use extraSpecialArgs # to pass through arguments to home.nix - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { + inherit inputs; + isHM = true; + }; }; homeConfigurations."jonas@monolith" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.${system}; @@ -151,7 +164,10 @@ # Optionally use extraSpecialArgs # to pass through arguments to home.nix - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { + inherit inputs; + isHM = true; + }; }; homeConfigurations."jroeger" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.${system}; @@ -166,7 +182,10 @@ # Optionally use extraSpecialArgs # to pass through arguments to home.nix - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { + inherit inputs; + isHM = true; + }; }; templates = { rust = { diff --git a/hosts/comfy-station/configuration.nix b/hosts/comfy-station/configuration.nix index 14f66b3..d11ea1f 100644 --- a/hosts/comfy-station/configuration.nix +++ b/hosts/comfy-station/configuration.nix @@ -9,17 +9,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../modules/bin/nix-scripts.nix - ../../modules/desktop/de - ../../modules/desktop/dm - ../../modules/desktop/fonts - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/printing.nix - ../../modules/hardware/sound.nix - ../../modules/hardware/yubikey.nix - ../../modules/networking/wireguard - ../../modules/programs.nix - ../../modules/services/virt-manager.nix ]; # Secret management @@ -29,13 +18,85 @@ key = "privateKey"; }; - desktop.dm.name = "sddm"; - desktop.de.plasma.enable = false; - desktop.de.hyprland.enable = true; + # Users + users.users.jonas = { + isNormalUser = true; + description = "Jonas"; + extraGroups = ["networkmanager" "wheel" "docker" "dialout"]; + }; + users.defaultUserShell = pkgs.zsh; + programs.zsh.enable = true; - services.virt-manager.enable = true; - services.virt-manager.forUsers = ["jonas"]; + # hive modules + hive.displayManager.name = "sddm"; + hive.hyprland.enable = true; + hive.kwallet.enable = true; + hive.kwallet.forUsers = ["jonas"]; + hive.virt-manager.enable = true; + hive.virt-manager.forUsers = ["jonas"]; + hive.bluetooth.enable = true; + hive.sound.enable = true; + hive.yubikey.enable = true; + hive.wg.client.enable = true; + hive.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path; + # system packages + environment.systemPackages = with pkgs; [ + age + alejandra + arduino + borgbackup + borgmatic + chromium + discord + docker + docker-compose + drawio + feh + ffmpeg + firefox + gimp + git + insomnia + krita + libreoffice + lutris + mosquitto + mpv + mupdf + nh + nix-index + nix-output-monitor + obsidian + openhantek6022 + qalculate-qt + qtpass + ranger + sops + spotify + vim + vlc + vscode + wget + zoom + zotero + ]; + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" # required by obsidian + ]; + programs.steam.enable = true; + services.udev.packages = [pkgs.openhantek6022]; + virtualisation.docker.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + + # gc settings nix = { settings = { experimental-features = ["nix-command" "flakes"]; @@ -48,50 +109,6 @@ }; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.jonas = { - isNormalUser = true; - description = "Jonas"; - extraGroups = ["networkmanager" "wheel" "docker" "dialout"]; - }; - users.defaultUserShell = pkgs.zsh; - - programs.zsh.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? - - # wg client - networking.wg.client.enable = true; - networking.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path; - # boot boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -107,7 +124,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; @@ -121,15 +137,13 @@ }; networking.hostName = "comfy-station"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; + # printing + services.printing.enable = true; + # touchpad services.libinput.touchpad.naturalScrolling = true; diff --git a/hosts/harbor/configuration.nix b/hosts/harbor/configuration.nix index 43adf67..e2e17f1 100644 --- a/hosts/harbor/configuration.nix +++ b/hosts/harbor/configuration.nix @@ -5,9 +5,6 @@ }: { imports = [ ./hardware-configuration.nix - ../../modules/networking/wireguard - ../../modules/services/borg-server.nix - ../../modules/services/nextcloud-instance.nix ]; # Secret management @@ -35,6 +32,7 @@ }; }; + # user with ssh access users.users.jonas = { isNormalUser = true; description = "Jonas"; @@ -44,28 +42,22 @@ ]; }; users.defaultUserShell = pkgs.zsh; - programs.zsh.enable = true; - services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; - services.nextcloud-instance.enable = true; - services.nextcloud-instance.ssl = true; - services.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path; - services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de"; - - services.borg-server.enable = true; - services.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys + "/borg-jonas@comfy-station.pub"); - - networking.wg.server.enable = true; - networking.wg.server.privateKeyFile = config.sops.secrets.wg-priv.path; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; + # hive modules + hive.nextcloud-instance.enable = true; + hive.nextcloud-instance.ssl = true; + hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path; + hive.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de"; + hive.borg-server.enable = true; + hive.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys + "/borg-jonas@comfy-station.pub"); + hive.wg.server.enable = true; + hive.wg.server.privateKeyFile = config.sops.secrets.wg-priv.path; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/modules/bin/nix-scripts.nix b/modules/bin/nix-scripts.nix index e8749bc..da5f433 100644 --- a/modules/bin/nix-scripts.nix +++ b/modules/bin/nix-scripts.nix @@ -1,4 +1,11 @@ -{pkgs, ...}: let +{ + config, + lib, + pkgs, + isHM, + ... +}: let + cfg = config.hive.nix-scripts; home-rebuild = pkgs.writeShellScriptBin ".home-rebuild" '' @@ -86,10 +93,25 @@ popd ''; in { - environment.systemPackages = [ - home-rebuild - rebuild - upgrade - update - ]; + options = { + hive.nix-scripts.enable = lib.mkEnableOption "Enable the nix build/update scripts"; + }; + + config = + lib.mkIf cfg.enable + ( + if isHM + then { + home.packages = [ + home-rebuild + ]; + } + else { + environment.systemPackages = [ + rebuild + upgrade + update + ]; + } + ); } diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..ea14144 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,20 @@ +{isHM ? null, ...}: { + assertions = [ + { + assertion = isHM != null; + message = "The \"home-manager\" flag isHM is required."; + } + ]; + imports = [ + ./bin/nix-scripts.nix + ./desktop/de + ./desktop/dm + ./hardware/bluetooth.nix + ./hardware/sound.nix + ./hardware/yubikey.nix + ./networking/wireguard + ./services/borg-server.nix + ./services/nextcloud-instance.nix + ./services/virt-manager.nix + ]; +} diff --git a/modules/desktop/de/default.nix b/modules/desktop/de/default.nix index e6eeafa..4695193 100644 --- a/modules/desktop/de/default.nix +++ b/modules/desktop/de/default.nix @@ -1,6 +1,7 @@ {...}: { imports = [ ./hyprland.nix + ./kwallet.nix ./plasma.nix ]; } diff --git a/modules/desktop/de/hyprland.nix b/modules/desktop/de/hyprland.nix index 2e7ea41..15ce81d 100644 --- a/modules/desktop/de/hyprland.nix +++ b/modules/desktop/de/hyprland.nix @@ -4,9 +4,9 @@ pkgs, ... }: let - cfg = config.desktop.de.hyprland; + cfg = config.hive.hyprland; in { - options.desktop.de.hyprland = { + options.hive.hyprland = { enable = lib.mkEnableOption "enable hyprland desktop environment"; }; config = lib.mkIf cfg.enable { diff --git a/modules/desktop/de/kwallet.nix b/modules/desktop/de/kwallet.nix new file mode 100644 index 0000000..80edf1f --- /dev/null +++ b/modules/desktop/de/kwallet.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.hive.kwallet; +in { + options.hive.kwallet = { + enable = lib.mkEnableOption "Enable kwallet"; + forUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = '' + List of users that should unlock kwallet via pam. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + security.pam.services = builtins.listToAttrs (map (user: { + name = user; + value = { + kwallet.enable = true; + kwallet.forceRun = true; + kwallet.package = pkgs.kdePackages.kwallet-pam; + }; + }) + cfg.forUsers); + }; +} diff --git a/modules/desktop/de/plasma.nix b/modules/desktop/de/plasma.nix index 72beadf..ad0820a 100644 --- a/modules/desktop/de/plasma.nix +++ b/modules/desktop/de/plasma.nix @@ -1,17 +1,15 @@ { config, lib, - pkgs, ... }: let - cfg = config.desktop.de.plasma; + cfg = config.hive.plasma; in { - options.desktop.de.plasma = { + options.hive.plasma = { enable = lib.mkEnableOption "Enable Plasma desktop environment with sddm"; }; config = lib.mkIf cfg.enable { - # Enable plasma services.xserver.desktopManager.plasma5.enable = true; }; } diff --git a/modules/desktop/dm/default.nix b/modules/desktop/dm/default.nix index 2b978a8..381c205 100644 --- a/modules/desktop/dm/default.nix +++ b/modules/desktop/dm/default.nix @@ -3,12 +3,12 @@ lib, ... }: let - cfg = config.desktop.dm; + cfg = config.hive.displayManager; in { - options.desktop.dm = with lib; { + options.hive.displayManager = with lib; { name = mkOption { - type = types.nullOr (types.enum ["sddm" "gdm"]); - default = null; + type = types.enum ["sddm" "gdm" "cosmic"]; + default = "sddm"; description = "The display manager to use."; }; autologin = mkOption { @@ -16,11 +16,6 @@ in { default = null; description = "The autologin username or null for no autologin."; }; - wayland = mkOption { - type = types.bool; - default = false; - description = "Enable wayland"; - }; }; imports = [ diff --git a/modules/desktop/dm/gdm.nix b/modules/desktop/dm/gdm.nix index 7a2c7ef..826c300 100644 --- a/modules/desktop/dm/gdm.nix +++ b/modules/desktop/dm/gdm.nix @@ -3,7 +3,7 @@ config, ... }: let - cfg = config.desktop.dm; + cfg = config.hive.displayManager; in { config = lib.mkIf (cfg.name == "gdm") { services.xserver.displayManager.gdm = { diff --git a/modules/desktop/dm/sddm.nix b/modules/desktop/dm/sddm.nix index 86bd908..d109d80 100644 --- a/modules/desktop/dm/sddm.nix +++ b/modules/desktop/dm/sddm.nix @@ -4,21 +4,16 @@ pkgs, ... }: let - cfg = config.desktop.dm; + cfg = config.hive.displayManager; in { config = lib.mkIf (cfg.name == "sddm") { services.displayManager.sddm = { enable = true; - wayland.enable = cfg.wayland; + wayland.enable = true; }; environment.systemPackages = with pkgs; [ kdePackages.kwallet kdePackages.kwalletmanager ]; - security.pam.services.jonas.kwallet = { - enable = true; - forceRun = true; - package = pkgs.kdePackages.kwallet-pam; - }; }; } diff --git a/modules/desktop/fonts/default.nix b/modules/desktop/fonts/default.nix deleted file mode 100644 index 6b96d27..0000000 --- a/modules/desktop/fonts/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - fira-code - ]; -} diff --git a/modules/hardware/bluetooth.nix b/modules/hardware/bluetooth.nix index 0aacbb7..4eac435 100644 --- a/modules/hardware/bluetooth.nix +++ b/modules/hardware/bluetooth.nix @@ -1,5 +1,21 @@ -{config, ...}: { - # Enable Bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; +{ + config, + lib, + ... +}: let + cfg = config.hive.bluetooth; +in { + options = { + hive.bluetooth.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Bluetooth with blueman support."; + }; + }; + + config = lib.mkIf cfg.enable { + # Enable Bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; + }; } diff --git a/modules/hardware/printing.nix b/modules/hardware/printing.nix deleted file mode 100644 index d178e3b..0000000 --- a/modules/hardware/printing.nix +++ /dev/null @@ -1,4 +0,0 @@ -{config, ...}: { - # Enable CUPS to print documents. - services.printing.enable = true; -} diff --git a/modules/hardware/sound.nix b/modules/hardware/sound.nix index e4d39d3..24f2529 100644 --- a/modules/hardware/sound.nix +++ b/modules/hardware/sound.nix @@ -1,17 +1,32 @@ -{config, ...}: { - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; +{ + config, + lib, + ... +}: let + cfg = config.hive.sound; +in { + options = { + hive.sound.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable sound with pipewire."; + }; + }; + config = lib.mkIf cfg.enable { + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; }; } diff --git a/modules/hardware/yubikey.nix b/modules/hardware/yubikey.nix index 11f680c..9dd2bb5 100644 --- a/modules/hardware/yubikey.nix +++ b/modules/hardware/yubikey.nix @@ -1,19 +1,32 @@ { config, + lib, pkgs, ... -}: { - # Include udev rules for yubikey. - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; +}: let + cfg = config.hive.yubikey; +in { + options = { + hive.yubikey.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Yubikey support."; + }; + }; - # OTP Manager - environment.systemPackages = with pkgs; [ - yubioath-flutter - ]; - services.pcscd.enable = true; + config = lib.mkIf cfg.enable { + # Include udev rules for yubikey. + services.udev.packages = with pkgs; [ + yubikey-personalization + ]; - # Enable smartcard support - hardware.gpgSmartcards.enable = true; + # OTP Manager + environment.systemPackages = with pkgs; [ + yubioath-flutter + ]; + services.pcscd.enable = true; + + # Enable smartcard support + hardware.gpgSmartcards.enable = true; + }; } diff --git a/modules/networking/wireguard/client.nix b/modules/networking/wireguard/client.nix index 0d7b559..4422b2b 100644 --- a/modules/networking/wireguard/client.nix +++ b/modules/networking/wireguard/client.nix @@ -3,10 +3,10 @@ lib, ... }: let - cfg = config.networking.wg.client; + cfg = config.hive.wg.client; peers = import ./peers.nix {}; in { - options.networking.wg.client = { + options.hive.wg.client = { enable = lib.mkEnableOption "Enable WireGuard client"; autoConnect = lib.mkOption { type = lib.types.bool; diff --git a/modules/networking/wireguard/server.nix b/modules/networking/wireguard/server.nix index b29f3ef..bc02c1c 100644 --- a/modules/networking/wireguard/server.nix +++ b/modules/networking/wireguard/server.nix @@ -3,10 +3,10 @@ lib, ... }: let - cfg = config.networking.wg.server; + cfg = config.hive.wg.server; peers = import ./peers.nix {}; in { - options.networking.wg.server = { + options.hive.wg.server = { enable = lib.mkEnableOption "Enable WireGuard server"; port = lib.mkOption { type = lib.types.port; diff --git a/modules/programs.nix b/modules/programs.nix deleted file mode 100644 index 0952941..0000000 --- a/modules/programs.nix +++ /dev/null @@ -1,65 +0,0 @@ -{pkgs, ...}: let - RStudio-with-my-packages = - pkgs.rstudioWrapper.override - { - packages = with pkgs.rPackages; [ - archive - COUNT - MASS - bayesplot - brms - ggplot2 - mlmRev - rstan - tidyverse - ]; - }; -in { - environment.systemPackages = [ - RStudio-with-my-packages - pkgs.age - pkgs.alejandra - pkgs.arduino - pkgs.borgbackup - pkgs.borgmatic - pkgs.chromium - pkgs.discord - pkgs.docker - pkgs.docker-compose - pkgs.drawio - pkgs.feh - pkgs.ffmpeg - pkgs.firefox - pkgs.gimp - pkgs.git - pkgs.insomnia - pkgs.krita - pkgs.libreoffice - pkgs.lutris - pkgs.mosquitto - pkgs.mpv - pkgs.mupdf - pkgs.nh - pkgs.nix-index - pkgs.nix-output-monitor - pkgs.obsidian - pkgs.openhantek6022 - pkgs.qalculate-qt - pkgs.qtpass - pkgs.ranger - pkgs.sops - pkgs.spotify - pkgs.vim - pkgs.vlc - pkgs.vscode - pkgs.wget - pkgs.zoom - pkgs.zotero - ]; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" # required by obsidian - ]; - programs.steam.enable = true; - services.udev.packages = [pkgs.openhantek6022]; - virtualisation.docker.enable = true; -} diff --git a/modules/services/borg-server.nix b/modules/services/borg-server.nix index cdb65ab..13248bc 100644 --- a/modules/services/borg-server.nix +++ b/modules/services/borg-server.nix @@ -4,9 +4,9 @@ pkgs, ... }: let - cfg = config.services.borg-server; + cfg = config.hive.borg-server; in { - options.services.borg-server = { + options.hive.borg-server = { enable = lib.mkEnableOption "Enable the borg server"; package = lib.mkOption { type = lib.types.package; diff --git a/modules/services/nextcloud-instance.nix b/modules/services/nextcloud-instance.nix index 86c147c..27818e7 100644 --- a/modules/services/nextcloud-instance.nix +++ b/modules/services/nextcloud-instance.nix @@ -4,9 +4,9 @@ pkgs, ... }: let - cfg = config.services.nextcloud-instance; + cfg = config.hive.nextcloud-instance; in { - options.services.nextcloud-instance = { + options.hive.nextcloud-instance = { enable = lib.mkEnableOption "Enable the Nextcloud instance"; instanceFQDN = lib.mkOption { diff --git a/modules/services/virt-manager.nix b/modules/services/virt-manager.nix index 669ee18..f2b4af3 100644 --- a/modules/services/virt-manager.nix +++ b/modules/services/virt-manager.nix @@ -3,24 +3,22 @@ config, ... }: let - cfg = config.services.virt-manager; + cfg = config.hive.virt-manager; in { - options = { - services.virt-manager = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the qemu-kvm + libvirt stack. - ''; - }; - forUsers = lib.mkOption { - type = lib.types.listOf lib.types.singleLineStr; - default = []; - description = '' - List of users that should be added to the libvirt group. - ''; - }; + options.hive.virt-manager = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the qemu-kvm + libvirt stack. + ''; + }; + forUsers = lib.mkOption { + type = lib.types.listOf lib.types.singleLineStr; + default = []; + description = '' + List of users that should be added to the libvirt group. + ''; }; };