imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

feat: massive refactor

Browse Source
This commit is contained in:
imxyy_soope_
2025-12-20 12:57:47 +08:00
parent f4c1b313ce
commit 454ad5885d
97 changed files with 1023 additions and 960 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
modules/core/nix.nix Normal file
View File

@@ -0,0 +1,99 @@
{
inputs,
self,
config,
lib,
pkgs,
secrets,
username,
...
}:
let
cfg = config.my.nix;
in
{
options.my.nix = {
enable = lib.mkEnableOption "default nix settings";
};
config = lib.mkIf cfg.enable {
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
nix.registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
((lib.filterAttrs (_: lib.isType "flake")) inputs) // { flake = self; }
);
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nix.nixPath = [ "/etc/nix/path" ];
environment.systemPackages = with pkgs; [
nix-output-monitor
nh
];
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
nix.settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
substituters = [
"https://mirrors.sjtug.sjtu.edu.cn/nix-channels/store"
"https://mirror.sjtu.edu.cn/nix-channels/store"
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
];
download-buffer-size = 536870912; # 512 MiB
};
sops.secrets.nix-github-token = {
sopsFile = secrets.nix-github-token;
format = "binary";
owner = username;
group = "users";
mode = "0400";
};
my.hm = {
nix.extraOptions = ''
!include ${config.sops.secrets.nix-github-token.path}
'';
home.packages = with pkgs; [
nixd
nixfmt
];
xdg.configFile."direnv/lib/angrr.sh".source =
"${config.services.angrr.package}/share/direnv/lib/angrr.sh";
programs.direnv.stdlib = ''
use angrr
'';
};
# uncomment to enable auto gc
/*
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
*/
services.angrr = {
enable = true;
settings = {
period = "1month";
};
};
};
}

83
modules/core/persist.nix Normal file
View File

@@ -0,0 +1,83 @@
{
lib,
config,
username,
...
}:
let
cfg = config.my.persist;
in
{
options.my.persist = {
enable = lib.mkEnableOption "persist";
location = lib.mkOption {
type = lib.types.str;
default = "/nix/persist";
example = lib.literalExpression ''
"/persistent"
'';
description = lib.mdDoc ''
Persistent location
'';
};
homeDirs = lib.mkOption {
default = [ ];
example = lib.literalExpression ''
[
".minecraft"
".cargo"
]
'';
description = lib.mdDoc ''
HomeManager persistent dirs.
'';
};
nixosDirs = lib.mkOption {
default = [ ];
example = lib.literalExpression ''
[
"/root"
"/var"
]
'';
description = lib.mdDoc ''
NixOS persistent dirs.
'';
};
homeFiles = lib.mkOption {
default = [ ];
example = lib.literalExpression ''
[
".hmcl.json"
]
'';
description = lib.mdDoc ''
Persistent files.
'';
};
nixosFiles = lib.mkOption {
default = [ ];
example = lib.literalExpression ''
[
"/etc/machine-id"
]
'';
description = lib.mdDoc ''
Persistent files.
'';
};
};
config = lib.mkIf cfg.enable {
programs.fuse.userAllowOther = true;
environment.persistence.${cfg.location} = {
hideMounts = true;
directories = cfg.nixosDirs;
files = cfg.nixosFiles;
users.${username} = {
files = cfg.homeFiles;
directories = cfg.homeDirs;
};
};
};
}

21
modules/core/time.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, lib, ... }:
let
cfg = config.my.time;
in
{
options.my.time = {
enable = lib.mkEnableOption "default time settings" // {
default = true;
};
};
config = lib.mkIf cfg.enable {
time.timeZone = "Asia/Shanghai";
networking.timeServers = [
"0.cn.pool.ntp.org"
"1.cn.pool.ntp.org"
"2.cn.pool.ntp.org"
"3.cn.pool.ntp.org"
];
};
}

115
modules/core/user.nix Normal file
View File

@@ -0,0 +1,115 @@
{
config,
lib,
pkgs,
username,
userdesc,
secrets,
...
}:
let
cfg = config.my.user;
in
{
options.my.user = {
enable = lib.mkEnableOption "default user settings" // {
default = true;
};
};
config = lib.mkIf cfg.enable {
programs.zsh.enable = true;
sops.secrets.imxyy-nix-hashed-password = {
sopsFile = secrets.imxyy-nix-hashed-password;
format = "binary";
neededForUsers = true;
};
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
description = userdesc;
extraGroups = [
username
"wheel"
];
hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
};
groups.${username} = { };
};
users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
security.sudo.enable = false;
security.doas = {
enable = true;
extraRules = [
{
users = [ username ];
noPass = true;
keepEnv = true;
}
];
};
environment.shellAliases = {
sudoedit = "doasedit";
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "sudo" ''exec doas "$@"'')
(pkgs.writeShellScriptBin "doasedit" ''
if [ -n "''${2}" ]; then
printf 'Expected only one argument\n'
exit 1
elif [ -z "''${1}" ]; then
printf 'No file path provided\n'
exit 1
elif [ "$(id -u)" -eq 0 ]; then
printf 'Cannot be run as root\n'
exit 1
fi
set -eu
tempdir="$(mktemp -d)"
trap 'rm -rf $tempdir' EXIT
srcfile="$(doas realpath "$1")"
if doas [ -f "$srcfile" ]; then
doas cp -a "$srcfile" "$tempdir"/file
doas cp -a "$tempdir"/file "$tempdir"/edit
# make sure that the file is editable by user
doas chown "$USER":"$USER" "$tempdir"/edit
chmod 600 "$tempdir"/edit
else
# create file with "regular" system permissions (root:root 644)
touch "$tempdir"/file
doas chown root:root "$tempdir"/file
fi
$EDITOR "$tempdir"/edit
doas tee "$tempdir"/file 1>/dev/null < "$tempdir"/edit
if doas cmp -s "$tempdir/file" "$srcfile"; then
printf 'Skipping write; no changes.\n'
exit 0
else
doas mv -f "$tempdir"/file "$srcfile"
exit 0
fi
'')
];
nix.settings.trusted-users = [
"root"
username
];
my.hm.home = {
inherit username;
homeDirectory = "/home/${username}";
};
};
}

60
modules/core/xdg.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
config,
pkgs,
username,
...
}:
let
cfg = config.my.xdg;
in
{
options.my.xdg = {
enable = lib.mkEnableOption "xdg";
defaultApplications = lib.mkOption {
type = lib.types.attrs;
default = { };
};
extraBookmarks = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
};
};
config = lib.mkIf cfg.enable {
my.hm =
let
homedir = config.my.hm.home.homeDirectory;
in
{
home.packages = with pkgs; [
xdg-utils # `xdg-mime` `xdg-open` and so on
];
xdg = {
enable = true;
cacheHome = "${homedir}/.cache";
configHome = "${homedir}/.config";
dataHome = "${homedir}/.local/share";
stateHome = "${homedir}/.local/state";
userDirs.enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
inherit (cfg) defaultApplications;
};
};
gtk.gtk3.bookmarks = [
"file://${homedir}/Documents "
"file://${homedir}/Downloads "
"file://${homedir}/Pictures "
"file://${homedir}/Videos "
"file://${homedir}/Music "
"file://${homedir}/workspace "
];
};
};
}