System Gen182 @ 2025-05-02-23:48:15 by jonas@comfy-station

flake.nix

@@ -57,12 +57,14 @@
         inherit system;
         specialArgs = {
           inherit inputs;
+          isHM = false;
         };
         modules = [
           ({...}: {nixpkgs.overlays = [overlay-unstable];})
           ({...}: {nixpkgs.config.allowUnfree = true;})
           nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
           inputs.sops-nix.nixosModules.sops
+          ./modules
           ./hosts/comfy-station/configuration.nix
         ];
       };
@@ -70,6 +72,7 @@
         inherit system;
         specialArgs = {
           inherit inputs;
+          isHM = false;
         };
         modules = [
           ({...}: {nixpkgs.overlays = [overlay-unstable];})
@@ -82,6 +85,7 @@
           }
           inputs.sops-nix.nixosModules.sops
           nixos-cosmic.nixosModules.default
+          ./modules
           ./hosts/monolith/configuration.nix
         ];
       };
@@ -89,10 +93,13 @@
         inherit system;
         specialArgs = {
           inherit inputs;
+          isHM = false;
         };
         modules = [
           ({...}: {nixpkgs.overlays = [overlay-unstable];})
+          ({...}: {nixpkgs.config.allowUnfree = true;})
           inputs.sops-nix.nixosModules.sops
+          ./modules
           ./hosts/harbor/configuration.nix
         ];
       };
@@ -121,7 +128,10 @@
 
       # Optionally use extraSpecialArgs
       # to pass through arguments to home.nix
-      extraSpecialArgs = {inherit inputs;};
+      extraSpecialArgs = {
+        inherit inputs;
+        isHM = true;
+      };
     };
     homeConfigurations."jonas@harbor" = home-manager.lib.homeManagerConfiguration {
       pkgs = nixpkgs.legacyPackages.${system};
@@ -136,7 +146,10 @@
 
       # Optionally use extraSpecialArgs
       # to pass through arguments to home.nix
-      extraSpecialArgs = {inherit inputs;};
+      extraSpecialArgs = {
+        inherit inputs;
+        isHM = true;
+      };
     };
     homeConfigurations."jonas@monolith" = home-manager.lib.homeManagerConfiguration {
       pkgs = nixpkgs.legacyPackages.${system};
@@ -151,7 +164,10 @@
 
       # Optionally use extraSpecialArgs
       # to pass through arguments to home.nix
-      extraSpecialArgs = {inherit inputs;};
+      extraSpecialArgs = {
+        inherit inputs;
+        isHM = true;
+      };
     };
     homeConfigurations."jroeger" = home-manager.lib.homeManagerConfiguration {
       pkgs = nixpkgs.legacyPackages.${system};
@@ -166,7 +182,10 @@
 
       # Optionally use extraSpecialArgs
       # to pass through arguments to home.nix
-      extraSpecialArgs = {inherit inputs;};
+      extraSpecialArgs = {
+        inherit inputs;
+        isHM = true;
+      };
     };
     templates = {
       rust = {

hosts/comfy-station/configuration.nix

@@ -9,17 +9,6 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ../../modules/bin/nix-scripts.nix
-    ../../modules/desktop/de
-    ../../modules/desktop/dm
-    ../../modules/desktop/fonts
-    ../../modules/hardware/bluetooth.nix
-    ../../modules/hardware/printing.nix
-    ../../modules/hardware/sound.nix
-    ../../modules/hardware/yubikey.nix
-    ../../modules/networking/wireguard
-    ../../modules/programs.nix
-    ../../modules/services/virt-manager.nix
   ];
 
   # Secret management
@@ -29,13 +18,85 @@
     key = "privateKey";
   };
 
-  desktop.dm.name = "sddm";
-  desktop.de.plasma.enable = false;
-  desktop.de.hyprland.enable = true;
+  # Users
+  users.users.jonas = {
+    isNormalUser = true;
+    description = "Jonas";
+    extraGroups = ["networkmanager" "wheel" "docker" "dialout"];
+  };
+  users.defaultUserShell = pkgs.zsh;
+  programs.zsh.enable = true;
 
-  services.virt-manager.enable = true;
-  services.virt-manager.forUsers = ["jonas"];
+  # hive modules
+  hive.displayManager.name = "sddm";
+  hive.hyprland.enable = true;
+  hive.kwallet.enable = true;
+  hive.kwallet.forUsers = ["jonas"];
+  hive.virt-manager.enable = true;
+  hive.virt-manager.forUsers = ["jonas"];
+  hive.bluetooth.enable = true;
+  hive.sound.enable = true;
+  hive.yubikey.enable = true;
+  hive.wg.client.enable = true;
+  hive.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path;
 
+  # system packages
+  environment.systemPackages = with pkgs; [
+    age
+    alejandra
+    arduino
+    borgbackup
+    borgmatic
+    chromium
+    discord
+    docker
+    docker-compose
+    drawio
+    feh
+    ffmpeg
+    firefox
+    gimp
+    git
+    insomnia
+    krita
+    libreoffice
+    lutris
+    mosquitto
+    mpv
+    mupdf
+    nh
+    nix-index
+    nix-output-monitor
+    obsidian
+    openhantek6022
+    qalculate-qt
+    qtpass
+    ranger
+    sops
+    spotify
+    vim
+    vlc
+    vscode
+    wget
+    zoom
+    zotero
+  ];
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-25.9.0" # required by obsidian
+  ];
+  programs.steam.enable = true;
+  services.udev.packages = [pkgs.openhantek6022];
+  virtualisation.docker.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+  # gc settings
   nix = {
     settings = {
       experimental-features = ["nix-command" "flakes"];
@@ -48,50 +109,6 @@
     };
   };
 
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.jonas = {
-    isNormalUser = true;
-    description = "Jonas";
-    extraGroups = ["networkmanager" "wheel" "docker" "dialout"];
-  };
-  users.defaultUserShell = pkgs.zsh;
-
-  programs.zsh.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
-
-  # wg client
-  networking.wg.client.enable = true;
-  networking.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path;
-
   # boot
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -107,7 +124,6 @@
 
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
-
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";
     LC_IDENTIFICATION = "de_DE.UTF-8";
@@ -121,15 +137,13 @@
   };
 
   networking.hostName = "comfy-station"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
   # Enable networking
   networking.networkmanager.enable = true;
 
+  # printing
+  services.printing.enable = true;
+
   # touchpad
   services.libinput.touchpad.naturalScrolling = true;
 

hosts/harbor/configuration.nix

@@ -5,9 +5,6 @@
 }: {
   imports = [
     ./hardware-configuration.nix
-    ../../modules/networking/wireguard
-    ../../modules/services/borg-server.nix
-    ../../modules/services/nextcloud-instance.nix
   ];
 
   # Secret management
@@ -35,6 +32,7 @@
     };
   };
 
+  # user with ssh access
   users.users.jonas = {
     isNormalUser = true;
     description = "Jonas";
@@ -44,28 +42,22 @@
     ];
   };
   users.defaultUserShell = pkgs.zsh;
-
   programs.zsh.enable = true;
-
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
     settings.KbdInteractiveAuthentication = false;
   };
 
-  services.nextcloud-instance.enable = true;
-  services.nextcloud-instance.ssl = true;
-  services.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
-  services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";
-
-  services.borg-server.enable = true;
-  services.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys + "/borg-jonas@comfy-station.pub");
-
-  networking.wg.server.enable = true;
-  networking.wg.server.privateKeyFile = config.sops.secrets.wg-priv.path;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
+  # hive modules
+  hive.nextcloud-instance.enable = true;
+  hive.nextcloud-instance.ssl = true;
+  hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
+  hive.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";
+  hive.borg-server.enable = true;
+  hive.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys + "/borg-jonas@comfy-station.pub");
+  hive.wg.server.enable = true;
+  hive.wg.server.privateKeyFile = config.sops.secrets.wg-priv.path;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

modules/bin/nix-scripts.nix

@@ -1,4 +1,11 @@
-{pkgs, ...}: let
+{
+  config,
+  lib,
+  pkgs,
+  isHM,
+  ...
+}: let
+  cfg = config.hive.nix-scripts;
   home-rebuild =
     pkgs.writeShellScriptBin ".home-rebuild"
     ''
@@ -86,10 +93,25 @@
       popd
     '';
 in {
-  environment.systemPackages = [
-    home-rebuild
-    rebuild
-    upgrade
-    update
-  ];
+  options = {
+    hive.nix-scripts.enable = lib.mkEnableOption "Enable the nix build/update scripts";
+  };
+
+  config =
+    lib.mkIf cfg.enable
+    (
+      if isHM
+      then {
+        home.packages = [
+          home-rebuild
+        ];
+      }
+      else {
+        environment.systemPackages = [
+          rebuild
+          upgrade
+          update
+        ];
+      }
+    );
 }

modules/default.nix

@@ -0,0 +1,20 @@
+{isHM ? null, ...}: {
+  assertions = [
+    {
+      assertion = isHM != null;
+      message = "The \"home-manager\" flag isHM is required.";
+    }
+  ];
+  imports = [
+    ./bin/nix-scripts.nix
+    ./desktop/de
+    ./desktop/dm
+    ./hardware/bluetooth.nix
+    ./hardware/sound.nix
+    ./hardware/yubikey.nix
+    ./networking/wireguard
+    ./services/borg-server.nix
+    ./services/nextcloud-instance.nix
+    ./services/virt-manager.nix
+  ];
+}

modules/desktop/de/default.nix

@@ -1,6 +1,7 @@
 {...}: {
   imports = [
     ./hyprland.nix
+    ./kwallet.nix
     ./plasma.nix
   ];
 }

modules/desktop/de/hyprland.nix

@@ -4,9 +4,9 @@
   pkgs,
   ...
 }: let
-  cfg = config.desktop.de.hyprland;
+  cfg = config.hive.hyprland;
 in {
-  options.desktop.de.hyprland = {
+  options.hive.hyprland = {
     enable = lib.mkEnableOption "enable hyprland desktop environment";
   };
   config = lib.mkIf cfg.enable {

modules/desktop/de/kwallet.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.hive.kwallet;
+in {
+  options.hive.kwallet = {
+    enable = lib.mkEnableOption "Enable kwallet";
+    forUsers = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = ''
+        List of users that should unlock kwallet via pam.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.pam.services = builtins.listToAttrs (map (user: {
+        name = user;
+        value = {
+          kwallet.enable = true;
+          kwallet.forceRun = true;
+          kwallet.package = pkgs.kdePackages.kwallet-pam;
+        };
+      })
+      cfg.forUsers);
+  };
+}

modules/desktop/de/plasma.nix

@@ -1,17 +1,15 @@
 {
   config,
   lib,
-  pkgs,
   ...
 }: let
-  cfg = config.desktop.de.plasma;
+  cfg = config.hive.plasma;
 in {
-  options.desktop.de.plasma = {
+  options.hive.plasma = {
     enable = lib.mkEnableOption "Enable Plasma desktop environment with sddm";
   };
 
   config = lib.mkIf cfg.enable {
-    # Enable plasma
     services.xserver.desktopManager.plasma5.enable = true;
   };
 }

modules/desktop/dm/default.nix

@@ -3,12 +3,12 @@
   lib,
   ...
 }: let
-  cfg = config.desktop.dm;
+  cfg = config.hive.displayManager;
 in {
-  options.desktop.dm = with lib; {
+  options.hive.displayManager = with lib; {
     name = mkOption {
-      type = types.nullOr (types.enum ["sddm" "gdm"]);
-      default = null;
+      type = types.enum ["sddm" "gdm" "cosmic"];
+      default = "sddm";
       description = "The display manager to use.";
     };
     autologin = mkOption {
@@ -16,11 +16,6 @@ in {
       default = null;
       description = "The autologin username or null for no autologin.";
     };
-    wayland = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable wayland";
-    };
   };
 
   imports = [

modules/desktop/dm/gdm.nix

@@ -3,7 +3,7 @@
   config,
   ...
 }: let
-  cfg = config.desktop.dm;
+  cfg = config.hive.displayManager;
 in {
   config = lib.mkIf (cfg.name == "gdm") {
     services.xserver.displayManager.gdm = {

modules/desktop/dm/sddm.nix

@@ -4,21 +4,16 @@
   pkgs,
   ...
 }: let
-  cfg = config.desktop.dm;
+  cfg = config.hive.displayManager;
 in {
   config = lib.mkIf (cfg.name == "sddm") {
     services.displayManager.sddm = {
       enable = true;
-      wayland.enable = cfg.wayland;
+      wayland.enable = true;
     };
     environment.systemPackages = with pkgs; [
       kdePackages.kwallet
       kdePackages.kwalletmanager
     ];
-    security.pam.services.jonas.kwallet = {
-      enable = true;
-      forceRun = true;
-      package = pkgs.kdePackages.kwallet-pam;
-    };
   };
 }

modules/desktop/fonts/default.nix

@@ -1,5 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    fira-code
-  ];
-}

modules/hardware/bluetooth.nix

@@ -1,5 +1,21 @@
-{config, ...}: {
-  # Enable Bluetooth
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.hive.bluetooth;
+in {
+  options = {
+    hive.bluetooth.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable Bluetooth with blueman support.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Enable Bluetooth
+    hardware.bluetooth.enable = true;
+    services.blueman.enable = true;
+  };
 }

modules/hardware/printing.nix

@@ -1,4 +0,0 @@
-{config, ...}: {
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-}

modules/hardware/sound.nix

@@ -1,17 +1,32 @@
-{config, ...}: {
-  # Enable sound with pipewire.
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.hive.sound;
+in {
+  options = {
+    hive.sound.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable sound with pipewire.";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    # Enable sound with pipewire.
+    hardware.pulseaudio.enable = false;
+    security.rtkit.enable = true;
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      # If you want to use JACK applications, uncomment this
+      #jack.enable = true;
 
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
+      # use the example session manager (no others are packaged yet so this is enabled by default,
+      # no need to redefine it in your config for now)
+      #media-session.enable = true;
+    };
   };
 }

modules/hardware/yubikey.nix

@@ -1,19 +1,32 @@
 {
   config,
+  lib,
   pkgs,
   ...
-}: {
-  # Include udev rules for yubikey.
-  services.udev.packages = with pkgs; [
-    yubikey-personalization
-  ];
+}: let
+  cfg = config.hive.yubikey;
+in {
+  options = {
+    hive.yubikey.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable Yubikey support.";
+    };
+  };
 
-  # OTP Manager
-  environment.systemPackages = with pkgs; [
-    yubioath-flutter
-  ];
-  services.pcscd.enable = true;
+  config = lib.mkIf cfg.enable {
+    # Include udev rules for yubikey.
+    services.udev.packages = with pkgs; [
+      yubikey-personalization
+    ];
 
-  # Enable smartcard support
-  hardware.gpgSmartcards.enable = true;
+    # OTP Manager
+    environment.systemPackages = with pkgs; [
+      yubioath-flutter
+    ];
+    services.pcscd.enable = true;
+
+    # Enable smartcard support
+    hardware.gpgSmartcards.enable = true;
+  };
 }

modules/networking/wireguard/client.nix

@@ -3,10 +3,10 @@
   lib,
   ...
 }: let
-  cfg = config.networking.wg.client;
+  cfg = config.hive.wg.client;
   peers = import ./peers.nix {};
 in {
-  options.networking.wg.client = {
+  options.hive.wg.client = {
     enable = lib.mkEnableOption "Enable WireGuard client";
     autoConnect = lib.mkOption {
       type = lib.types.bool;

modules/networking/wireguard/server.nix

@@ -3,10 +3,10 @@
   lib,
   ...
 }: let
-  cfg = config.networking.wg.server;
+  cfg = config.hive.wg.server;
   peers = import ./peers.nix {};
 in {
-  options.networking.wg.server = {
+  options.hive.wg.server = {
     enable = lib.mkEnableOption "Enable WireGuard server";
     port = lib.mkOption {
       type = lib.types.port;

modules/programs.nix

@@ -1,65 +0,0 @@
-{pkgs, ...}: let
-  RStudio-with-my-packages =
-    pkgs.rstudioWrapper.override
-    {
-      packages = with pkgs.rPackages; [
-        archive
-        COUNT
-        MASS
-        bayesplot
-        brms
-        ggplot2
-        mlmRev
-        rstan
-        tidyverse
-      ];
-    };
-in {
-  environment.systemPackages = [
-    RStudio-with-my-packages
-    pkgs.age
-    pkgs.alejandra
-    pkgs.arduino
-    pkgs.borgbackup
-    pkgs.borgmatic
-    pkgs.chromium
-    pkgs.discord
-    pkgs.docker
-    pkgs.docker-compose
-    pkgs.drawio
-    pkgs.feh
-    pkgs.ffmpeg
-    pkgs.firefox
-    pkgs.gimp
-    pkgs.git
-    pkgs.insomnia
-    pkgs.krita
-    pkgs.libreoffice
-    pkgs.lutris
-    pkgs.mosquitto
-    pkgs.mpv
-    pkgs.mupdf
-    pkgs.nh
-    pkgs.nix-index
-    pkgs.nix-output-monitor
-    pkgs.obsidian
-    pkgs.openhantek6022
-    pkgs.qalculate-qt
-    pkgs.qtpass
-    pkgs.ranger
-    pkgs.sops
-    pkgs.spotify
-    pkgs.vim
-    pkgs.vlc
-    pkgs.vscode
-    pkgs.wget
-    pkgs.zoom
-    pkgs.zotero
-  ];
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-25.9.0" # required by obsidian
-  ];
-  programs.steam.enable = true;
-  services.udev.packages = [pkgs.openhantek6022];
-  virtualisation.docker.enable = true;
-}

modules/services/borg-server.nix

@@ -4,9 +4,9 @@
   pkgs,
   ...
 }: let
-  cfg = config.services.borg-server;
+  cfg = config.hive.borg-server;
 in {
-  options.services.borg-server = {
+  options.hive.borg-server = {
     enable = lib.mkEnableOption "Enable the borg server";
     package = lib.mkOption {
       type = lib.types.package;

modules/services/nextcloud-instance.nix

@@ -4,9 +4,9 @@
   pkgs,
   ...
 }: let
-  cfg = config.services.nextcloud-instance;
+  cfg = config.hive.nextcloud-instance;
 in {
-  options.services.nextcloud-instance = {
+  options.hive.nextcloud-instance = {
     enable = lib.mkEnableOption "Enable the Nextcloud instance";
 
     instanceFQDN = lib.mkOption {

modules/services/virt-manager.nix

@@ -3,24 +3,22 @@
   config,
   ...
 }: let
-  cfg = config.services.virt-manager;
+  cfg = config.hive.virt-manager;
 in {
-  options = {
-    services.virt-manager = {
-      enable = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = ''
-          Enable the qemu-kvm + libvirt stack.
-        '';
-      };
-      forUsers = lib.mkOption {
-        type = lib.types.listOf lib.types.singleLineStr;
-        default = [];
-        description = ''
-          List of users that should be added to the libvirt group.
-        '';
-      };
+  options.hive.virt-manager = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable the qemu-kvm + libvirt stack.
+      '';
+    };
+    forUsers = lib.mkOption {
+      type = lib.types.listOf lib.types.singleLineStr;
+      default = [];
+      description = ''
+        List of users that should be added to the libvirt group.
+      '';
     };
   };