liminalOS/modules/linux/core/default.nix

{
  inputs,
  pkgs,
  config,
  lib,
  ...
}:
let
  cfg = config.liminalOS.system.core;
in
{
  options.liminalOS.system.core = {
    enable = lib.mkOption {
      type = lib.types.bool;
      default = config.liminalOS.enable;
      description = ''
        Whether to enable core liminalOS system utilities and configurations (such as security policies, Nix options, etc)
      '';
    };
    replaceSudoWithDoas = lib.mkOption {
      type = lib.types.bool;
      default = cfg.enable;
      description = ''
        Whether to replace sudo with doas, the Dedicated OpenBSD Application Subexecutor. Doas is the preferred liminalOS setuid program.
      '';
    };
    waylandFixes = lib.mkOption {
      type = lib.types.bool;
      default = cfg.enable;
      description = ''
        Whether to enable some Wayland fixes, like setting NIXOS_OZONE_WL to hint Electron apps to use the Wayland windowing system.
      '';
    };
    nixSaneDefaults = lib.mkOption {
      type = lib.types.bool;
      default = cfg.enable;
      description = ''
        Whether to set sane defaults for Nix, such as optimization and automatic garbage collection.
      '';
    };
    useNh = lib.mkOption {
      type = lib.types.bool;
      default = cfg.nixSaneDefaults;
      description = ''
        Whether to enable the `nh` cli (yet another Nix helper), a reimplementation of some core NixOS utilities like nix-collect-garbage and nixos-rebuild. If enabled, automatic garbage collection will use `nh` instead of `nix-collect-garbage` and will be able to garbage collect `result` symlinks.
      '';
    };
    flakeLocation = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      default = null;
      description = ''
        Absolute filepath location of the NixOS system configuration flake.
      '';
    };
    suppressWarnings = lib.mkEnableOption "suppress warnings";
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
      inputs.viminal.packages.${pkgs.system}.default
    ];

    environment.variables = {
      EDITOR = "nvim";
    };

    # tells electron apps to use Wayland
    environment.sessionVariables = lib.mkIf cfg.waylandFixes {
      NIXOS_OZONE_WL = "1";
    };

    security = {
      sudo.enable = !cfg.replaceSudoWithDoas;

      doas = lib.mkIf cfg.replaceSudoWithDoas {
        enable = true;
        extraRules = [
          {
            users = [ "youwen" ];
            keepEnv = true;
            persist = true;
          }
        ];
      };

      rtkit.enable = true;
    };

    services.gnome.gnome-keyring.enable = true;

    nix = lib.mkIf cfg.nixSaneDefaults {
      gc = lib.mkIf (!cfg.useNh) {
        automatic = true;
        dates = "weekly";
        options = "--delete-older-than 14d";
      };

      optimise.automatic = true;
      # Free up to 1GiB when there is less than 100MiB left
      extraOptions = ''
        min-free = ${toString (100 * 1024 * 1024)}
        max-free = ${toString (1024 * 1024 * 1024)}
      '';

      settings = {
        experimental-features = [
          "nix-command"
          "flakes"
        ];
        substituters = [
          "https://cache.nixos.org"
        ];
        trusted-public-keys = [
          "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
        ];
      };

      channel.enable = false;
    };

    programs.nh = lib.mkIf cfg.useNh {
      enable = true;
      clean = lib.mkIf cfg.nixSaneDefaults {
        enable = true;
        extraArgs = "--keep-since 4d --keep 3";
      };
      flake = cfg.flakeLocation;
    };

    boot.tmp.cleanOnBoot = true;

    warnings =
      if !cfg.suppressWarnings && cfg.useNh && cfg.flakeLocation == "" then
        [
          ''The `nh` CLI is enabled but `liminalOS.system.core.flakeLocation` is not set. It is recommended that you set this option so that `nh` can work without specifying the flake path every time. You can disable this warning by setting `liminalOS.system.core.suppressWarnings`.''
        ]
      else
        [ ];

  };
}
feat: switch from sudo to doas 2024-08-24 03:52:55 -07:00			`{`
feat: switch to new package-based neovim flake 2024-08-24 23:58:52 -07:00			`inputs,`
refactor: remove unnecessary system specialArg 2024-08-26 01:47:06 -07:00			`pkgs,`
feat: add nh cli 2024-11-04 11:57:01 -08:00			`config,`
refactor: modularize core 2024-12-23 02:09:41 -08:00			`lib,`
feat: switch to new package-based neovim flake 2024-08-24 23:58:52 -07:00			`...`
chore: switch to nixfmt-rfc-style 2024-09-02 18:16:22 -07:00			`}:`
refactor: modularize core 2024-12-23 02:09:41 -08:00			`let`
			`cfg = config.liminalOS.system.core;`
			`in`
chore: switch to nixfmt-rfc-style 2024-09-02 18:16:22 -07:00			`{`
refactor: modularize core 2024-12-23 02:09:41 -08:00			`options.liminalOS.system.core = {`
			`enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = config.liminalOS.enable;`
			`description = ''`
			`Whether to enable core liminalOS system utilities and configurations (such as security policies, Nix options, etc)`
			`'';`
			`};`
			`replaceSudoWithDoas = lib.mkOption {`
			`type = lib.types.bool;`
			`default = cfg.enable;`
			`description = ''`
			`Whether to replace sudo with doas, the Dedicated OpenBSD Application Subexecutor. Doas is the preferred liminalOS setuid program.`
			`'';`
			`};`
			`waylandFixes = lib.mkOption {`
			`type = lib.types.bool;`
			`default = cfg.enable;`
			`description = ''`
			`Whether to enable some Wayland fixes, like setting NIXOS_OZONE_WL to hint Electron apps to use the Wayland windowing system.`
			`'';`
			`};`
			`nixSaneDefaults = lib.mkOption {`
			`type = lib.types.bool;`
			`default = cfg.enable;`
			`description = ''`
			`Whether to set sane defaults for Nix, such as optimization and automatic garbage collection.`
			`'';`
			`};`
			`useNh = lib.mkOption {`
			`type = lib.types.bool;`
			`default = cfg.nixSaneDefaults;`
			`description = ''`
			Whether to enable the `nh` cli (yet another Nix helper), a reimplementation of some core NixOS utilities like nix-collect-garbage and nixos-rebuild. If enabled, automatic garbage collection will use `nh` instead of `nix-collect-garbage` and will be able to garbage collect `result` symlinks.
			`'';`
			`};`
			`flakeLocation = lib.mkOption {`
fix: reconfigure modules to build successfully on demeter 2024-12-23 04:29:01 -08:00			`type = lib.types.nullOr lib.types.path;`
			`default = null;`
refactor: modularize core 2024-12-23 02:09:41 -08:00			`description = ''`
			`Absolute filepath location of the NixOS system configuration flake.`
			`'';`
			`};`
			`suppressWarnings = lib.mkEnableOption "suppress warnings";`
refactor: move some common env configuration from hosts to core 2024-12-15 02:52:24 -08:00			`};`

refactor: modularize core 2024-12-23 02:09:41 -08:00			`config = lib.mkIf cfg.enable {`
			`environment.systemPackages = [`
			`inputs.viminal.packages.${pkgs.system}.default`
			`];`
refactor: move some common env configuration from hosts to core 2024-12-15 02:52:24 -08:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`environment.variables = {`
			`EDITOR = "nvim";`
			`};`
feat: switch from sudo to doas 2024-08-24 03:52:55 -07:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`# tells electron apps to use Wayland`
			`environment.sessionVariables = lib.mkIf cfg.waylandFixes {`
			`NIXOS_OZONE_WL = "1";`
			`};`
feat: enable gnome-keyring 2024-09-05 19:20:37 -07:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`security = {`
			`sudo.enable = !cfg.replaceSudoWithDoas;`
chore: enable flakes and nix-command by default in core module 2024-09-17 02:13:06 -07:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`doas = lib.mkIf cfg.replaceSudoWithDoas {`
			`enable = true;`
			`extraRules = [`
			`{`
			`users = [ "youwen" ];`
			`keepEnv = true;`
			`persist = true;`
			`}`
			`];`
			`};`
feat: add zen-browser source and cache 2024-11-10 20:29:37 -08:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`rtkit.enable = true;`
feat: add zen-browser source and cache 2024-11-10 20:29:37 -08:00			`};`
fix: disable nix channels nix channels are entirely replaced by flakes and unused by this configuration. this fixes the error 'nix search path entry /nix/var/nix/profiles/per-user/root/channels does not exist, ignoring' 2024-12-05 15:21:10 -08:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`services.gnome.gnome-keyring.enable = true;`
feat: add nh cli 2024-11-04 11:57:01 -08:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`nix = lib.mkIf cfg.nixSaneDefaults {`
			`gc = lib.mkIf (!cfg.useNh) {`
			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 14d";`
			`};`
feat: add printing to core 2024-09-29 01:51:24 -07:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`optimise.automatic = true;`
			`# Free up to 1GiB when there is less than 100MiB left`
			`extraOptions = ''`
			`min-free = ${toString (100 * 1024 * 1024)}`
			`max-free = ${toString (1024 * 1024 * 1024)}`
			`'';`

			`settings = {`
			`experimental-features = [`
			`"nix-command"`
			`"flakes"`
			`];`
			`substituters = [`
			`"https://cache.nixos.org"`
			`];`
			`trusted-public-keys = [`
			`"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="`
			`];`
			`};`

			`channel.enable = false;`
			`};`

			`programs.nh = lib.mkIf cfg.useNh {`
			`enable = true;`
			`clean = lib.mkIf cfg.nixSaneDefaults {`
			`enable = true;`
			`extraArgs = "--keep-since 4d --keep 3";`
			`};`
			`flake = cfg.flakeLocation;`
			`};`
feat: clean /tmp 2024-12-02 23:00:00 -08:00
refactor: modularize core 2024-12-23 02:09:41 -08:00			`boot.tmp.cleanOnBoot = true;`

			`warnings =`
			`if !cfg.suppressWarnings && cfg.useNh && cfg.flakeLocation == "" then`
			`[`
			''The `nh` CLI is enabled but `liminalOS.system.core.flakeLocation` is not set. It is recommended that you set this option so that `nh` can work without specifying the flake path every time. You can disable this warning by setting `liminalOS.system.core.suppressWarnings`.''
			`]`
			`else`
			`[ ];`

			`};`
feat: switch from sudo to doas 2024-08-24 03:52:55 -07:00			`}`