rearrange directory structure

nixos/default.nix

@@ -0,0 +1,188 @@
+# https://search.nixos.org/options
+user: {
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    (import ./modules/gamer.nix {inherit user;})
+    (import ./modules/keyboard.nix {inherit user;})
+    (import ./modules/display.nix {inherit user;})
+    (import ./modules/work.nix {inherit user;})
+    (import ./modules/laptop.nix {inherit user;})
+    (import ./modules/personal.nix {inherit user;})
+    (import ./programs/hyprland.nix {inherit user;})
+    ../hardware/displays.nix
+  ];
+
+  nix = {
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+    };
+    settings.trusted-users = ["root" user];
+
+    registry.nixpkgs.flake = inputs.nixpkgs;
+  };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-25.9.0"
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.networkmanager.enable = true;
+  programs.nm-applet.enable = true;
+  services.tailscale.enable = true;
+
+  time.timeZone = "Europe/London";
+
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true;
+  };
+
+  # use pipewire
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+  # pipewire raop
+  networking.firewall.allowedUDPPorts = [6002 6001];
+  # network streaming
+  networking.firewall.allowedTCPPorts = [4713];
+
+  # kde connect
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 1714;
+      to = 1764;
+    }
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    {
+      from = 1714;
+      to = 1764;
+    }
+  ];
+
+  networking.firewall.interfaces.tailscale0 = {
+    allowedTCPPortRanges = [
+      {
+        from = 0;
+        to = 65535;
+      }
+    ];
+  };
+
+  services.avahi.enable = true;
+
+  security.pam.services.swaylock = {};
+  security.polkit.enable = true;
+  systemd.user.services.polkit-gnome-authentication-agent-1 = {
+    description = "polkit-gnome-authentication-agent-1";
+    wantedBy = ["graphical-session.target"];
+    wants = ["graphical-session.target"];
+    after = ["graphical-session.target"];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      Restart = "on-failure";
+      RestartSec = 1;
+      TimeoutStopSec = 10;
+    };
+  };
+
+  i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8";
+
+  services.xserver = {
+    layout = lib.mkDefault "gb";
+    xkbOptions = "caps:escape";
+  };
+
+  system.configurationRevision =
+    pkgs.lib.mkIf (inputs.self ? rev)
+    inputs.self.rev;
+
+  hardware.opentabletdriver.enable = true;
+
+  qt.enable = true;
+  qt.platformTheme = "gtk2";
+  qt.style = "gtk2";
+
+  services.printing.enable = true;
+
+  users.users.${user} = {
+    isNormalUser = true;
+    extraGroups = ["wheel" "video" "networkmanager"];
+    initialPassword = "pass";
+    shell = pkgs.fish;
+  };
+  programs.fish.enable = true;
+
+  environment.variables = {
+    EDITOR = "nvim";
+    VISUAL = "nvim";
+    TERMINAL = "foot";
+  };
+
+  services.gvfs.enable = true;
+  environment.systemPackages = with pkgs; [
+    tealdeer
+    alsa-utils
+    pcmanfm
+    pavucontrol
+    trash-cli
+    wget
+    unzip
+  ];
+
+  services.dbus.enable = true;
+  programs.light.enable = true;
+  programs.dconf.enable = true;
+
+  programs.tmux.enable = true;
+  programs.tmux.extraConfig = ''
+    set escape-time 0
+    set -g default-terminal screen
+
+    bind -n M-s split-window -v
+    bind -n M-v split-window -h
+    bind -n M-Enter split-window -h
+    bind -n M-h select-pane -L
+    bind -n M-j select-pane -D
+    bind -n M-k select-pane -U
+    bind -n M-l select-pane -R
+    bind -n M-q kill-pane
+    bind -n M-< resize-pane -L 10
+    bind -n M-> resize-pane -R 10
+    bind -n M-- resize-pane -D 10
+    bind -n M-+ resize-pane -U 10
+    bind -n M-u copy-mode
+    bind -n M-p paste-buffer
+
+    set-window-option -g mode-keys vi
+    bind-key -T copy-mode-vi v send-keys -X begin-selection
+    bind-key -T copy-mode-vi y send-keys -X copy-selection
+  '';
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_unprivileged_port_start" = 53;
+  };
+
+  services.tlp.enable = true;
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+
+  services.prometheus.exporters.node.enable = true;
+
+  networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];
+}

nixos/modules/display.nix

@@ -0,0 +1,191 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.displays;
+
+  renderDisplaysForHyprland = displays: (map displayHyprlandSetting (builtins.filter (d: d.enable) displays));
+
+  displayHyprlandSetting = display:
+    specificDisplay display
+    + ", "
+    + resToString display.resolution
+    + ", "
+    + positionToHyprlandString display.position
+    + ", "
+    + toString display.scaling
+    + ", "
+    + "transform,"
+    + toString display.rotation;
+
+  swaybgJob = displays: {
+    Unit = {
+      Description = "SwayBG";
+    };
+    Service = {
+      ExecStart =
+        "${pkgs.swaybg}/bin/swaybg "
+        + concatStringsSep " " (map swaybgCmd displays);
+    };
+    Install = {
+      WantedBy = ["graphical-session.target"];
+    };
+  };
+
+  swaybgCmd = display:
+    if (display.wallpaper != "")
+    then "-o ${display.name} -i ${display.wallpaper} -m fill"
+    else "";
+
+  specificDisplay = display:
+    if display.description == ""
+    then display.name
+    else "desc:" + display.description;
+
+  positionToHyprlandString = {
+    x,
+    y,
+  }:
+    if (x == -1 || y == -1)
+    then "auto"
+    else toString x + "x" + toString y;
+
+  renderDisplaysForSway = displays:
+    listToAttrs (map displaySwaySetting displays);
+
+  displaySwaySetting = display: {
+    name = display.name;
+    value = let
+      res = display.resolution;
+    in {
+      mode =
+        mkIf (!resUnset res)
+        "${toString res.x}x${toString res.y}@${toString res.freq}Hz";
+      bg = display.wallpaper + " fill";
+      scale = toString display.scaling;
+    };
+  };
+
+  resolutionType = types.submodule {
+    options = {
+      x = mkOption {
+        description = "x";
+        type = types.int;
+        default = 0;
+      };
+      y = mkOption {
+        description = "y";
+        type = types.int;
+        default = 0;
+      };
+      freq = mkOption {
+        description = "frequency";
+        type = types.int;
+        default = 0;
+      };
+    };
+  };
+
+  displayType = types.submodule {
+    options = {
+      enable = mkEnableOption "enable this display";
+      name = mkOption {
+        description = "name of the display";
+        default = "";
+      };
+      description = mkOption {
+        description = "description of display from hyprctl monitors";
+        default = "";
+      };
+      scaling = mkOption {
+        type = types.float;
+        default = 1.0;
+      };
+      rotation = mkOption {
+        type = types.int;
+        default = 0;
+      };
+      resolution = mkOption {
+        description = "res";
+        type = resolutionType;
+        default = {};
+      };
+      position.x = mkOption {
+        default = -1;
+        type = types.int;
+      };
+      position.y = mkOption {
+        default = -1;
+        type = types.int;
+      };
+      wallpaper = mkOption {
+        description = "path to wallpaper";
+        default = "";
+      };
+      workspaces = mkOption {
+        default = {};
+        type = types.submodule {
+          options = {
+            start = mkOption {
+              type = types.int;
+              default = 1;
+            };
+            end = mkOption {
+              type = types.int;
+              default = 1;
+            };
+          };
+        };
+      };
+    };
+  };
+
+  resUnset = res: (res.x == 0 || res.y == 0 || res.freq == 0);
+
+  resToString = res:
+    if resUnset res
+    then "preferred"
+    else "${toString res.x}x${toString res.y}@${toString res.freq}";
+
+  waybarWorkspaceConf = monitors: (map (display: {
+      ${display.name} = display.workspaces.start;
+    })
+    monitors);
+
+  renderWorkspacesForHyprland = displays: (map hyprWorkspaceSetting displays);
+  hyprWorkspaceSetting = display:
+    specificDisplay display
+    + ", "
+    + toString display.workspaces.start;
+in {
+  options.displays = {
+    enable = mkEnableOption "manage displays";
+    displays = mkOption {
+      type = types.attrsOf displayType;
+      default = {};
+    };
+  };
+
+  config = mkIf cfg.enable {
+    home-manager.users.${user}.imports = [
+      {
+        systemd.user.services.swaybg = swaybgJob (attrValues cfg.displays);
+
+        programs.waybar.settings.mainBar."hyprland/workspaces".persistent_workspaces = waybarWorkspaceConf (attrValues cfg.displays);
+
+        wayland.windowManager = mkIf (cfg.displays != {}) {
+          hyprland.settings = {
+            monitor = renderDisplaysForHyprland (attrValues cfg.displays);
+            workspace = renderWorkspacesForHyprland (attrValues cfg.displays);
+          };
+
+          sway.config.output =
+            renderDisplaysForSway (attrValues cfg.displays);
+        };
+      }
+    ];
+  };
+}

nixos/modules/gamer.nix

@@ -0,0 +1,63 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  options.roles.gamer = {
+    enable = mkEnableOption "gamer packages";
+  };
+
+  config = mkIf config.roles.gamer.enable {
+    # required for heroic launcher
+    nixpkgs.config.permittedInsecurePackages = [
+      "electron-25.9.0"
+    ];
+
+    home-manager.users.${user}.imports = [
+      {
+        home.packages = with pkgs; [
+          # Games
+          airshipper
+          minetest
+          superTuxKart
+          xonotic
+
+          # Helpers
+          heroic
+          BeatSaberModManager
+          protontricks
+          protonup-qt
+          oversteer
+
+          # vr
+          monado
+          openxr-loader
+          opencomposite
+
+          (makeDesktopItem {
+            name = "x11steam";
+            desktopName = "X11 Steam Wrapper";
+            exec = "QT_QPA_PLATFORM=xcb SDL_VIDEODRIVER=x11 ${steam}/bin/steam";
+          })
+        ];
+      }
+    ];
+
+    nixpkgs.config.allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        "steam"
+        "steam-run"
+        "steam-original"
+        "osu-lazer"
+      ];
+
+    programs.steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      dedicatedServer.openFirewall = true;
+    };
+    programs.gamemode.enable = true;
+  };
+}

nixos/modules/keyboard.nix

@@ -0,0 +1,38 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  options.keyboard = {
+    dvorak = {
+      enable = mkEnableOption "use a good keyboard layout on a qwerty keyboard";
+    };
+  };
+
+  config = {
+    home-manager.users.${user}.imports = [
+      {
+        wayland.windowManager.hyprland = {
+          settings = {
+            input = {
+              kb_layout = "gb";
+              kb_options = "caps:escape";
+              numlock_by_default = true;
+            };
+            # moonlander is programmed in dvorak!
+            "device:zsa-technology-labs-moonlander-mark-i" = {
+              kb_variant = "";
+              kb_options = "esperanto:qwerty,lv3:ralt_switch";
+            };
+          };
+        };
+      }
+    ];
+    services.xserver.xkbVariant =
+      if config.keyboard.dvorak.enable
+      then "dvorak"
+      else "";
+  };
+}

nixos/modules/laptop.nix

@@ -0,0 +1,48 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.roles.laptop;
+in {
+  options.roles = {
+    laptop = {
+      enable = mkEnableOption "is a laptop";
+      displays = mkEnableOption "laptop display defaults";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    displays = mkIf cfg.displays {
+      enable = true;
+      displays.internal = {
+        name = "eDP-1";
+        scaling = 1.2;
+      };
+    };
+    keyboard.dvorak.enable = true;
+
+    home-manager.users.${user}.imports = [
+      {
+        wayland.windowManager.hyprland = {
+          settings = {
+            general = {
+              gaps_out = 10;
+              border_size = 3;
+            };
+            bind = [
+              "SUPER_SHIFT, Q, killactive,"
+            ];
+            "device:at-translated-set-2-keyboard" = {
+              kb_variant = ",dvorak";
+              kb_layout = "gb,gb";
+              kb_options = "grp:alt_shift_toggle,caps:escape";
+            };
+          };
+        };
+      }
+    ];
+  };
+}

nixos/modules/personal.nix

@@ -0,0 +1,56 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  options.roles.personal = {
+    enable = mkEnableOption "personal packages";
+  };
+
+  config = mkIf config.roles.personal.enable {
+    roles.gamer.enable = true;
+
+    i18n.supportedLocales = [
+      "eo/UTF-8"
+      "en_GB.UTF-8/UTF-8"
+      "en_US.UTF-8/UTF-8"
+    ];
+
+    home-manager.users.${user}.imports = [
+      {
+        roles.email = {
+          enable = true;
+          email = "tristan@tristans.cloud";
+          terminal = true;
+        };
+
+        services.nextcloud-client.enable = true;
+        services.gnome-keyring.enable = true;
+
+        home.language = {
+          base = "eo.UTF-8";
+        };
+
+        home.packages = with pkgs; [
+          godot_4
+          ardour
+          blender
+          musescore
+          jellyfin-media-player
+          monero-gui
+          electrum
+          xmrig
+          transmission-remote-gtk
+          krita
+          organicmaps
+          anki
+          hugo
+          libsForQt5.neochat
+          bookworm
+        ];
+      }
+    ];
+  };
+}

nixos/modules/wayland.nix

@@ -0,0 +1,19 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  opt = config.windowManager;
+in {
+  options.windowManager = mkOption {
+    default = null;
+    type = lib.types.oneOf ["hyprland" "sway"];
+  };
+
+  config =
+    if opt == "hyprland"
+    then (import ../programs/hyprland.nix {inherit user;} {inherit lib pkgs;})
+    else {};
+}

nixos/modules/work.nix

@@ -0,0 +1,102 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  options.roles.work = {
+    enable = mkEnableOption "work packages";
+  };
+
+  config = mkIf config.roles.work.enable {
+    home-manager.users.${user}.imports = [
+      {
+        roles.email = {
+          enable = true;
+          email = "tristan.beedell@cryoserver.com";
+          terminal = false;
+        };
+
+        programs.editor = {
+          package = pkgs.vscode;
+        };
+
+        home.packages = with pkgs; [
+          onedrive
+          kubectl
+          awscli2
+          docker-compose
+          minikube
+          kubernetes-helm
+          thunderbird
+          (import ../../lib/mkapp.nix "slack" {
+            inherit pkgs;
+            desktopName = "Slack";
+            app-id = "mpagibdhafmlkgpemeicgogjnhclenoc";
+            browser = "${brave}/opt/brave.com/brave/brave-browser";
+          })
+          (import ../../lib/mkapp.nix "teams" {
+            inherit pkgs;
+            browser = "${brave}/opt/brave.com/brave/brave-browser";
+            app-id = "cifhbcnohmdccbgoicgdjpfamggdegmo";
+            desktopName = "Microsoft Teams";
+          })
+          (pkgs.writeShellScriptBin "codex11" ''
+            NIXOS_OZONE_WL= ${pkgs.vscode}/bin/code $@
+          '')
+          remmina
+        ];
+
+        gtk.gtk3.bookmarks = [
+          "file:///home/tristan/OneDrive/Documents/ OneDrive"
+        ];
+
+        programs.vscode = {
+          extensions = with pkgs; [
+            vscode-extensions.ms-azuretools.vscode-docker
+          ];
+          userSettings = {
+            "aws.telemetry" = false;
+            "gitlens.telemetry.enabled" = false;
+            "redhat.telemetry.enabled" = false;
+          };
+        };
+
+        wayland.windowManager.hyprland = {
+          extraConfig = ''
+            # === WORK MODULE ===
+            bind = SUPER, E, focuswindow, thunderbird
+            bind = SUPER, t, focuswindow, brave-cifhbcnohmdccbgoicgdjpfamggdegmo-Profile_2
+          '';
+        };
+      }
+    ];
+
+    nixpkgs.config.allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        # nonfree vscode required for dev containers
+        "vscode"
+        "steam-run"
+      ];
+
+    networking = {
+      networkmanager = {
+        plugins = [pkgs.networkmanager-openvpn];
+      };
+    };
+
+    users.users.tristan.extraGroups = ["docker"];
+    virtualisation.docker = {
+      enable = true;
+      storageDriver = "btrfs";
+      rootless = {
+        enable = false;
+        setSocketVariable = true;
+        daemon.settings = {
+          "userns-remap" = "default";
+        };
+      };
+    };
+  };
+}

nixos/programs/hyprland.nix

@@ -0,0 +1,18 @@
+{user}: {
+  lib,
+  pkgs,
+  ...
+}: {
+  services.greetd = {
+    enable = true;
+    settings = rec {
+      hypr_session = {
+        command = "Hyprland";
+        user = user;
+      };
+      default_session = hypr_session;
+    };
+  };
+
+  home-manager.users.${user}.imports = [../../home/programs/hyprland.nix];
+}

nixos/programs/sway.nix

@@ -0,0 +1,106 @@
+{user}: {
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  services.greetd = {
+    enable = true;
+    settings = rec {
+      sway_session = {
+        command = "sway";
+        user = user;
+      };
+      default_session = sway_session;
+    };
+  };
+
+  home-manager.users.${user}.imports = [
+    (import ./home/swaylock.nix)
+    {
+      xdg.portal = {
+        enable = true;
+        configPackages = [pkgs.sway];
+        extraPortals = [pkgs.xdg-desktop-portal-sway pkgs.xdg-desktop-portal-gtk];
+      };
+
+      wayland.windowManager.sway = {
+        enable = true;
+      };
+
+      services.swayidle = {
+        enable = true;
+        systemdTarget = "graphical-session.target";
+        events = [
+          {
+            event = "before-sleep";
+            command = "${pkgs.swaylock-effects}/bin/swaylock";
+          }
+          {
+            event = "lock";
+            command = "${pkgs.swaylock-effects}/bin/swaylock";
+          }
+        ];
+        timeouts = [
+          {
+            timeout = 300;
+            command = "${pkgs.swaylock-effects}/bin/swaylock -f";
+          }
+          {
+            timeout = 600;
+            command = "systemctl suspend";
+          }
+        ];
+      };
+
+      services.mako.enable = true;
+
+      programs.waybar = {
+        enable = true;
+        settings = {
+          mainBar = {
+            layer = "top";
+            position = "top";
+            height = 36;
+            modules-left = ["sway/workspaces" "sway/window"];
+            modules-right = ["mpris" "pulseaudio" "clock" "tray" "battery"];
+            clock = {
+              format = "📅 {:%a %b-%d %I:%M %p}";
+            };
+            pulseaudio = {
+              format-muted = "🔇 {volume}";
+              format = "{icon} {volume}";
+              format-icons.default = ["🔈" "🔉" "🔊"];
+              on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
+            };
+            mpris = {
+              format = "{player_icon} {artist} - {title}";
+              format-paused = "{status_icon} {player_icon} {artist} - {title}";
+              player-icons = {
+                default = "▶️";
+                mpd = "🎵";
+                kdeconnect = "☎️";
+              };
+              status-icons = {
+                paused = "⏸️";
+              };
+            };
+            battery = {
+              format = "{icon} {capacity}%";
+              format-icons = ["🤏" "🪫" "🔋" "🔋"];
+              format-charging = "🔌 {capacity}%";
+              states = {
+                warning = 30;
+                critical = 15;
+              };
+            };
+          };
+        };
+        systemd = {
+          enable = true;
+          target = "graphical-session.target";
+        };
+      };
+    }
+  ];
+}