feat: atomically track unfree software and enable it

hosts/demeter/configuration.nix

@@ -15,6 +15,8 @@
   ];
 
   liminalOS = {
+    flakeLocation = "/home/youwen/.config/liminalOS";
+    config.allowUnfree = true;
     system = {
       audio.prod.enable = true;
       networking = {
@@ -22,6 +24,10 @@
         firewallPresets.vite = true;
         cloudflareNameservers.enable = true;
       };
+      graphics = {
+        enable = true;
+        nvidia.enable = true;
+      };
     };
     theming.enable = true;
     desktop.enable = true;
@@ -113,8 +119,6 @@
     NetworkManager-wait-online.enable = false;
   };
 
-  hardware.enableAllFirmware = true;
-
   # Enable the X11 windowing system.
   # You can disable this if you're only using the Wayland session.
   services.xserver.enable = false;
@@ -128,14 +132,6 @@
     ];
   };
 
-  hardware.nvidia = {
-    modesetting.enable = true;
-    powerManagement.enable = true;
-    powerManagement.finegrained = false;
-    open = false;
-    nvidiaSettings = true;
-  };
-
   hardware.bluetooth = {
     enable = true;
     powerOnBoot = true;
@@ -143,12 +139,6 @@
 
   services.blueman.enable = true;
 
-  hardware.graphics.enable = true;
-
-  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
-
-  services.xserver.videoDrivers = [ "nvidia" ];
-
   # services.desktopManager.plasma6.enable = true;
 
   # Configure keymap in X11
@@ -178,9 +168,6 @@
     KERNEL=="cpu_dma_latency", GROUP="realtime"
   '';
 
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [

modules/linux/audio-prod/default.nix

@@ -21,5 +21,9 @@ in
       yabridge
       yabridgectl
     ];
+
+    liminalOS.config.extraUnfreePackages = lib.mkIf config.liminalOS.config.allowUnfree [
+      "reaper"
+    ];
   };
 }

modules/linux/core/default.nix

@@ -45,13 +45,6 @@ in
         Whether to enable the `nh` cli (yet another Nix helper), a reimplementation of some core NixOS utilities like nix-collect-garbage and nixos-rebuild. If enabled, automatic garbage collection will use `nh` instead of `nix-collect-garbage` and will be able to garbage collect `result` symlinks.
       '';
     };
-    flakeLocation = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      default = null;
-      description = ''
-        Absolute filepath location of the NixOS system configuration flake.
-      '';
-    };
     suppressWarnings = lib.mkEnableOption "suppress warnings";
   };
 
@@ -124,15 +117,17 @@ in
         enable = true;
         extraArgs = "--keep-since 4d --keep 3";
       };
-      flake = cfg.flakeLocation;
+      flake = config.liminalOS.flakeLocation;
     };
 
     boot.tmp.cleanOnBoot = true;
 
+    hardware.enableRedistributableFirmware = true;
+
     warnings =
-      if !cfg.suppressWarnings && cfg.useNh && cfg.flakeLocation == "" then
+      if !cfg.suppressWarnings && cfg.useNh && config.liminalOS.flakeLocation == "" then
         [
-          ''The `nh` CLI is enabled but `liminalOS.system.core.flakeLocation` is not set. It is recommended that you set this option so that `nh` can work without specifying the flake path every time. You can disable this warning by setting `liminalOS.system.core.suppressWarnings`.''
+          ''The `nh` CLI is enabled but `liminalOS.flakeLocation` is not set. It is recommended that you set this option to the absolute file path of your configuration flake so that `nh` can work without specifying the flake path every time. You can disable this warning by setting `liminalOS.system.core.suppressWarnings`.''
         ]
       else
         [ ];

modules/linux/default.nix

@@ -14,6 +14,7 @@
     ./stylix
     ./wine
     ./wsl
+    ./graphics
   ];
 
   options.liminalOS.enable = lib.mkOption {

modules/linux/gaming/default.nix

@@ -42,6 +42,8 @@ in
         heroic
         mangohud
         mangojuice
+        r2modman
+        modrinth-app
       ];
 
       liminalOS.programs.flatpak.enable = true;
@@ -81,6 +83,13 @@ in
         };
       };
 
+      liminalOS.config.extraUnfreePackages = lib.mkIf config.liminalOS.config.allowUnfree [
+        "modrinth-app"
+        "modrinth-app-unwrapped"
+        "steam"
+        "steam-unwrapped"
+      ];
+
       users.users = forAllGamemodeUsers (username: {
         extraGroups = [ "gamemode" ];
       });

modules/linux/misc/default.nix

@@ -5,38 +5,58 @@
   ...
 }:
 let
-  cfg = config.liminalOS.system;
+  cfg = config.liminalOS;
   inherit (lib) mkIf;
 in
 {
-  options.liminalOS.system = {
+  options.liminalOS = {
-    printing.enable = lib.mkOption {
+    system.printing.enable = lib.mkOption {
       type = lib.types.bool;
       default = config.liminalOS.enable;
       description = ''
         Whether to set up default options for printing and printer discover on UNIX.
       '';
     };
-    fonts.enable = lib.mkOption {
+    system.fonts.enable = lib.mkOption {
       type = lib.types.bool;
       default = config.liminalOS.enable;
       description = ''
         Whether to set up some nice default fonts, including a Nerd Font, Noto Fonts, and CJK.
       '';
     };
-    distrobox.enable = lib.mkEnableOption "distrobox and podman";
+    config.allowUnfree = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable some proprietary packages required by certain liminalOS modules. This does not set allowUnfree for the whole system, it merely allows the installation of a few proprietary packages such as Nvidia drivers, etc. You should still set this option even if you already set nixpkgs.config.allowUnfree for the whole system since it tells liminalOS it can enable certain options that require  proprietary packages.
+      '';
+    };
+    config.extraUnfreePackages = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = ''
+        Packages to enable in allowUnfreePredicate
+      '';
+    };
+    flakeLocation = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Absolute filepath location of the NixOS system configuration flake.
+      '';
+    };
   };
 
   config = {
-    services.printing.enable = mkIf cfg.printing.enable true;
+    services.printing.enable = mkIf cfg.system.printing.enable true;
 
-    services.avahi = mkIf cfg.printing.enable {
+    services.avahi = mkIf cfg.system.printing.enable {
       enable = true;
       nssmdns4 = true;
       openFirewall = true;
     };
 
-    fonts = mkIf cfg.fonts.enable {
+    fonts = mkIf cfg.system.fonts.enable {
       enableDefaultPackages = true;
       packages =
         with pkgs;
@@ -51,11 +71,14 @@ in
         ]);
     };
 
-    virtualisation.podman = mkIf cfg.distrobox.enable {
+    nixpkgs.config.allowUnfreePredicate = lib.mkIf config.liminalOS.config.allowUnfree (
-      enable = true;
+      pkg:
-      dockerCompat = true;
+      builtins.elem (pkgs.lib.getName pkg) (
-    };
+        config.liminalOS.config.extraUnfreePackages
-
+        ++ [
-    environment.systemPackages = mkIf cfg.distrobox.enable [ pkgs.distrobox ];
+          "spotify"
+        ]
+      )
+    );
   };
 }

users/youwen/linux/packages/x86_64/default.nix

@@ -11,10 +11,7 @@ in
     (createCommon pkgs)
     ++ (with pkgs; [
       bitwarden-desktop
-      modrinth-app
       sbctl
-      r2modman
-      zoom-us
     ]);
 
   home.sessionVariables = {