From a6224c13c2423f905e6b77a9b2f51e29422eaae0 Mon Sep 17 00:00:00 2001 From: Youwen Wu Date: Mon, 23 Dec 2024 02:09:41 -0800 Subject: [PATCH] refactor: modularize core --- modules/linux/audio/default.nix | 2 - modules/linux/core/default.nix | 188 +++++++++++++++++++++----------- 2 files changed, 124 insertions(+), 66 deletions(-) diff --git a/modules/linux/audio/default.nix b/modules/linux/audio/default.nix index ddb1a0a..07c728a 100755 --- a/modules/linux/audio/default.nix +++ b/modules/linux/audio/default.nix @@ -14,8 +14,6 @@ in config = { services.playerctld.enable = lib.mkIf cfg.enable true; hardware.pulseaudio.enable = lib.mkIf cfg.enable false; - # TODO: move to other file - security.rtkit.enable = true; services.pipewire = lib.mkIf cfg.enable { enable = true; alsa.enable = true; diff --git a/modules/linux/core/default.nix b/modules/linux/core/default.nix index f5377be..fe4f2eb 100644 --- a/modules/linux/core/default.nix +++ b/modules/linux/core/default.nix @@ -2,80 +2,140 @@ inputs, pkgs, config, + lib, ... }: +let + cfg = config.liminalOS.system.core; +in { - environment.systemPackages = [ - inputs.viminal.packages.${pkgs.system}.default - ]; - - environment.variables = { - EDITOR = "nvim"; + options.liminalOS.system.core = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.liminalOS.enable; + description = '' + Whether to enable core liminalOS system utilities and configurations (such as security policies, Nix options, etc) + ''; + }; + replaceSudoWithDoas = lib.mkOption { + type = lib.types.bool; + default = cfg.enable; + description = '' + Whether to replace sudo with doas, the Dedicated OpenBSD Application Subexecutor. Doas is the preferred liminalOS setuid program. + ''; + }; + waylandFixes = lib.mkOption { + type = lib.types.bool; + default = cfg.enable; + description = '' + Whether to enable some Wayland fixes, like setting NIXOS_OZONE_WL to hint Electron apps to use the Wayland windowing system. + ''; + }; + nixSaneDefaults = lib.mkOption { + type = lib.types.bool; + default = cfg.enable; + description = '' + Whether to set sane defaults for Nix, such as optimization and automatic garbage collection. + ''; + }; + useNh = lib.mkOption { + type = lib.types.bool; + default = cfg.nixSaneDefaults; + description = '' + Whether to enable the `nh` cli (yet another Nix helper), a reimplementation of some core NixOS utilities like nix-collect-garbage and nixos-rebuild. If enabled, automatic garbage collection will use `nh` instead of `nix-collect-garbage` and will be able to garbage collect `result` symlinks. + ''; + }; + flakeLocation = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + Absolute filepath location of the NixOS system configuration flake. + ''; + }; + suppressWarnings = lib.mkEnableOption "suppress warnings"; }; - # tells electron apps to use Wayland - environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - - security.sudo.enable = false; - - security.doas = { - enable = true; - extraRules = [ - { - users = [ "youwen" ]; - keepEnv = true; - persist = true; - } + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + inputs.viminal.packages.${pkgs.system}.default ]; - }; - services.gnome.gnome-keyring.enable = true; - - nix = { - optimise.automatic = true; - # gc = { - # automatic = true; - # dates = "weekly"; - # options = "--delete-older-than 14d"; - # }; - # Free up to 1GiB when there is less than 100MiB left - extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - - settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - substituters = [ - "https://cache.nixos.org" - ]; - trusted-public-keys = [ - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; + environment.variables = { + EDITOR = "nvim"; }; - channel.enable = false; - }; + # tells electron apps to use Wayland + environment.sessionVariables = lib.mkIf cfg.waylandFixes { + NIXOS_OZONE_WL = "1"; + }; - programs.nh = { - enable = true; - clean.enable = true; - clean.extraArgs = "--keep-since 4d --keep 3"; - flake = "/home/youwen/.config/liminalOS"; - }; - # Enable CUPS to print documents. - services.printing.enable = true; + security = { + sudo.enable = !cfg.replaceSudoWithDoas; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; + doas = lib.mkIf cfg.replaceSudoWithDoas { + enable = true; + extraRules = [ + { + users = [ "youwen" ]; + keepEnv = true; + persist = true; + } + ]; + }; - boot.tmp.cleanOnBoot = true; + rtkit.enable = true; + }; + + services.gnome.gnome-keyring.enable = true; + + nix = lib.mkIf cfg.nixSaneDefaults { + gc = lib.mkIf (!cfg.useNh) { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + + optimise.automatic = true; + # Free up to 1GiB when there is less than 100MiB left + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = [ + "https://cache.nixos.org" + ]; + trusted-public-keys = [ + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + }; + + channel.enable = false; + }; + + programs.nh = lib.mkIf cfg.useNh { + enable = true; + clean = lib.mkIf cfg.nixSaneDefaults { + enable = true; + extraArgs = "--keep-since 4d --keep 3"; + }; + flake = cfg.flakeLocation; + }; + + boot.tmp.cleanOnBoot = true; + + warnings = + if !cfg.suppressWarnings && cfg.useNh && cfg.flakeLocation == "" then + [ + ''The `nh` CLI is enabled but `liminalOS.system.core.flakeLocation` is not set. It is recommended that you set this option so that `nh` can work without specifying the flake path every time. You can disable this warning by setting `liminalOS.system.core.suppressWarnings`.'' + ] + else + [ ]; + + }; }