public/nixos-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial cleaned up config

Browse Source
This commit is contained in:
Birk Bohne 2025-07-12 00:28:21 +02:00
parent 9ae9ca3112
commit 782a58fdde
No known key found for this signature in database
46 changed files with 2301 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -1,2 +1,27 @@
# nixos-demo
## NixOS Installation
### boot the installation image
- download the [minimal iso image](https://nixos.org/download)
- use dd to prepare an USB stick
- boot from the stick
### SSH connection
- use `passwd` to set a temporary password for the `nixos` user
- connect to the PC with `ssh nixos@nixos`
- the official [NixOS installation manual](https://nixos.org/manual/nixos/stable/#sec-installation-manual) describes how to do an installation without the graphical installer
### NixOS installation
- install `git` in a nix-shell for the installation process
- start `nix run` with the related hostname to configure the disks and filesystems
- start the NixOS installation process
```shell
nix-shell -p git
sudo nix --experimental-features "nix-command flakes" run 'github:nix-community/disko?tag=v1.12.0#disko' -- --mode disko --flake 'git+https://code.beancloud.de/public/nixos-demo.git?ref=main#pc-demo1'
sudo nixos-install --no-root-password --flake git+https://code.beancloud.de/public/nixos-demo.git?ref=main#pc-demo1
```

19
computer/pc-demo1/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ ... }:
{
networking.hostName = "pc-demo1";
beancloud = {
software = {
container = true;
desktop = false;
};
disk.device.name = "vda";
hardware.virtualmachine.type = "kvm";
};
imports = [
../../users/root/default.nix
../../users/demo/default.nix
];
}

19
computer/pc-demo2/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ ... }:
{
networking.hostName = "pc-demo2";
beancloud = {
software = {
container = true;
desktop = true;
nextcloud.client = true;
};
};
imports = [
./network.nix
../../users/root/default.nix
../../users/demo/default.nix
];
}

51
computer/pc-demo2/microvm.nix Normal file
View File

@ -0,0 +1,51 @@
{ flake, ... }:
{
sops = {
secrets = {
"vms/m1/services/openssh/key/ed25519" = {};
"vms/m1/services/openssh/key/rsa" = {};
"vms/w1/services/openssh/key/ed25519" = {};
"vms/w1/services/openssh/key/rsa" = {};
};
};
systemd.tmpfiles.rules = [
"d /etc/microvms/m1/ssh/ 0755 root root - -"
"d /etc/microvms/w1/ssh/ 0755 root root - -"
];
systemd.network.networks."10-lan".matchConfig.Name = ["vm-*-01"];
systemd.network.networks."20-storage".matchConfig.Name = ["vm-*-02"];
systemd.services = {
"microvm@m1" = {
unitConfig = {
AssertPathExists = "/run/secrets/vms/m1/services/openssh/key/ed25519";
AssertFileNotEmpty = "/run/secrets/vms/m1/services/openssh/key/ed25519";
};
};
"microvm@w1" = {
unitConfig = {
AssertPathExists = "/run/secrets/vms/w1/services/openssh/key/ed25519";
AssertFileNotEmpty = "/run/secrets/vms/w1/services/openssh/key/ed25519";
};
};
};
microvm = {
vms = {
m1 = {
flake = flake;
updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";
restartIfChanged = true;
};
w1 = {
flake = flake;
updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";
restartIfChanged = true;
};
};
autostart = [ "m1" "w1" ];
};
}

24
computer/pc-demo2/network.nix Normal file
View File

@ -0,0 +1,24 @@
{ lib, ... }:
{
systemd.network.netdevs."br10".netdevConfig = {
Name = "br10";
Kind = "bridge";
};
systemd.network.networks = {
"10-lan" = {
enable = lib.mkForce true;
linkConfig.RequiredForOnline = lib.mkForce "enslaved";
networkConfig.Bridge = "br10";
networkConfig.DHCP = lib.mkForce "no";
};
"br10-lan" = {
enable = lib.mkForce true;
matchConfig.Name = [ "br10" ];
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "yes";
networkConfig.IPv6AcceptRA = false;
};
};
}

158
flake.lock Normal file
View File

@ -0,0 +1,158 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752113600,
"narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=",
"owner": "nix-community",
"repo": "disko",
"rev": "79264292b7e3482e5702932949de9cbb69fedf6d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752208517,
"narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c6a01e54af81b381695db796a43360bf6db5702f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1752278584,
"narHash": "sha256-QaT8PpCR1IaUMa12ou2MlvNCzYVWgTQfVWJGXyFvY5c=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "f30ae9b9e740116d044935c9c0c68bd1c2ce8432",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1752162966,
"narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"microvm": "microvm",
"nixpkgs": "nixpkgs"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1751265943,
"narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=",
"ref": "refs/heads/main",
"rev": "37c8663fab86fdb202fece339ef7ac7177ffc201",
"revCount": 904,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

85
flake.nix Normal file
View File

@ -0,0 +1,85 @@
{
description = "Personal compute devices";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
microvm = {
url = "github:astro/microvm.nix?tag=v0.5.0";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko?tag=v1.12.0";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager?ref=release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence = {
url = "github:nix-community/impermanence";
};
};
outputs =
{
self,
nixpkgs,
disko,
impermanence,
microvm,
home-manager,
...
}@inputs:
{
nixosConfigurations = {
pc-demo1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{
config._module.args = {
flake = self;
};
}
disko.nixosModules.disko
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
./computer/pc-demo1/default.nix
./options.nix
./os/default.nix
./software/default.nix
./users/default.nix
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
}
];
};
pc-demo2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{
config._module.args = {
flake = self;
};
}
disko.nixosModules.disko
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
./computer/pc-demo2/default.nix
./options.nix
./os/default.nix
./software/default.nix
./users/default.nix
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
}
];
};
};
};
}

274
options.nix Normal file
View File

@ -0,0 +1,274 @@
{ lib, ... }:
{
options = {
beancloud.network.address = lib.mkOption {
type = lib.types.str;
example = "192.168.1.10";
description = "beancloud.network.address to define the ip of the host/vm or a service";
};
beancloud.network.subnet = lib.mkOption {
type = lib.types.str;
example = "/24";
description = "beancloud.network.subnet to define the subnet of the host/vm or a service";
};
beancloud.network.interface.lan = lib.mkOption {
type = lib.types.str;
example = "enp1s0";
default = "eth0";
description = "beancloud.network.interface.lan to define the wired network interface";
};
beancloud.network.interface.wlan = lib.mkOption {
type = lib.types.str;
example = "enp1s0";
default = "wlan0";
description = "beancloud.network.interface.wlan to define the wireless network interface";
};
beancloud.bootloader.type = lib.mkOption {
type = lib.types.str;
example = "grub";
default = "systemd";
description = "beancloud.bootloader.type[grub|systemd] to define the to be used bootloader";
};
beancloud.persistence.type = lib.mkOption {
type = lib.types.str;
example = "preservation";
default = "impermanence";
description = "beancloud.persistence.type[impermanence|preservation] to define the to be used persistence provider";
};
beancloud.persistence.root = lib.mkOption {
type = lib.types.str;
example = "fs";
default = "tmpfs";
description = "beancloud.persistence.root[fs|tmpfs] to define the to be used type of root partition";
};
beancloud.disk.device.name = lib.mkOption {
type = lib.types.str;
example = "sda";
default = "nvme0n1";
description = "beancloud.disk.device.name to define the to be used device path for the first disk";
};
beancloud.os.lang.first = lib.mkOption {
type = lib.types.str;
example = "de_DE.UTF-8";
default = "de_DE.UTF-8";
description = "beancloud.os.lang.first to define the default system language";
};
beancloud.os.lang.second = lib.mkOption {
type = lib.types.str;
example = "en_US.UTF-8";
default = "en_US.UTF-8";
description = "beancloud.os.lang.second to define the second system language";
};
beancloud.os.lang.keymap = lib.mkOption {
type = lib.types.str;
example = "us";
default = "de,us";
description = "beancloud.os.lang.keymap to define the language for the (console) keymaps";
};
beancloud.os.powermgmt.service = lib.mkOption {
type = lib.types.str;
example = "tlp";
default = "auto-cpufreq";
description = "beancloud.os.lang.keymap[auto-cpufreq|power-profiles|tlp] to define the to be used power management service";
};
beancloud.software.chromium = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.chromium to activate the chromium package";
};
beancloud.software.container = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.container to activate the container related packages like docker and podman";
};
beancloud.software.davinci-resolve = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.davinci-resolve to activate the Davinci video editor";
};
beancloud.software.desktop = lib.mkOption {
type = lib.types.bool;
default = true;
description = "beancloud.software.desktop to activate the Gnome Desktop and the related software packages";
};
beancloud.software.development = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.development to activate the software development related packages like gnome-builder";
};
beancloud.software.games = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.games.enable to install several game related packages";
};
stardewvalley = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.games.stardewvalley to enable game related settings";
};
};
beancloud.software.epson-scan = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.epson-scan to activate the Epson scanner software package";
};
beancloud.software.nextcloud = {
client = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.nextcloud.client to activate the nextcloud-client package";
};
talk-desktop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.nextcloud.talk-desktop to activate the nextcloud talk desktop package";
};
};
beancloud.software.ollama = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.ollama to activate the local only ollama service and WebUI";
};
beancloud.software.obs-studio = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.obs-studio to activate the OBS streaming software";
};
beancloud.software.podman-desktop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.podman-desktop to activate the podman-desktop package";
};
beancloud.software.shotcut = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.shotcut to activate the Shotcut video editor";
};
beancloud.software.steam.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.steam.enable to activate the steam related packages";
};
beancloud.software.steam.autostart = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.steam.autostart to control if the Steam client should be started on login";
};
beancloud.software.virt-manager = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.virt-manager to activate the virt-manager package";
};
beancloud.software.wine = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.wine to activate the wine related packages";
};
beancloud.software.zed-editor = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.zed-editor to activate the zed-editor package";
};
beancloud.software.photography = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.photography to activate several photo development related packages";
};
beancloud.software.virtualisation = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.virtualisation to activate the libvirtd daemon and virt-manager";
};
beancloud.os.kernel.latest = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.os.kernel.latest to enable the newest available Linux kernel version";
};
beancloud.os.screensaver.lock = lib.mkOption {
type = lib.types.bool;
default = true;
description = "beancloud.os.screensaver.lock to control if the session should be locked after a period of inactivity";
};
beancloud.hardware = {
gpu = {
intel.i915 = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.gpu.intel.i915 to enable older Intel i915 GPU specific packages";
};
intel.xe = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.gpu.intel.xe to enable newer Intel xe GPU specific packages";
};
amd = {
enable = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.gpu.amd.enable to enable AMD GPU specific packages";
};
amdvlk = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.gpu.amd.amdvlk to enable the amdvlk driver instead of the default mesa driver";
};
};
};
wifi.broadcom = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.wifi.broadcom to enable the Broadcom Wifi driver packages";
};
macbook = lib.mkOption {
type = lib.types.bool;
example = true;
default = false;
description = "beancloud.hardware.macbook to enable beancloud.hardware.macbook specific packages and settings";
};
steamdeck = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.hardware.steamdeck to enable Steam Deck specific settings like the display autoconfig";
};
backlight.service = lib.mkOption {
type = lib.types.str;
example = "pommed";
default = "clight";
description = "beancloud.hardware.backlight.service [clight|pommed] to enable a backlight control service";
};
printer = {
hp = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.hardware.printer.hp to enable HP printer drivers";
};
epson = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.hardware.printer.epson to enable Epson printer drivers";
};
};
virtualmachine = {
type = lib.mkOption {
type = lib.types.str;
example = "kvm";
description = "beancloud.hardware.virtualmachine.type[kvm] to enable virtio related kernel modules";
};
};
};
beancloud.tier = lib.mkOption {
type = lib.types.str;
example = "dev";
default = "main";
description = "beancloud.tier to define the to be used git branch [main|qa|dev] for the autoupdates";
};
};
}

58
os/boot.nix Normal file
View File

@ -0,0 +1,58 @@
{
config,
lib,
pkgs,
...
}:
{
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"sr_mod"
(lib.mkIf config.beancloud.hardware.wifi.broadcom "wl")
(lib.mkIf config.beancloud.hardware.gpu.intel.xe "xe")
(lib.mkIf config.beancloud.hardware.gpu.intel.i915 "i915")
];
kernelModules = [
"dm-snapshot"
];
systemd.enable = true;
systemd.emergencyAccess = true;
verbose = false;
};
extraModulePackages = with config.boot.kernelPackages; [
(lib.mkIf config.beancloud.hardware.wifi.broadcom broadcom_sta)
];
kernelPackages = lib.mkIf config.beancloud.os.kernel.latest pkgs.linuxPackages_latest;
kernelModules = [
(lib.mkIf config.beancloud.hardware.wifi.broadcom "wl")
];
blacklistedKernelModules = [ ];
loader = {
systemd-boot = {
enable = lib.mkIf (config.beancloud.bootloader.type == "systemd") true;
consoleMode = "max";
editor = false;
configurationLimit = 16;
memtest86.enable = true;
};
efi.canTouchEfiVariables = false;
};
plymouth = {
enable = config.beancloud.software.desktop;
theme = "breeze";
};
consoleLogLevel = 0;
kernelParams = [
"quiet"
"boot.shell_on_fail"
"rd.udev.log_level=3"
"udev.log_priority=3"
"fsck.mode=auto"
"fsck.repair=preen"
];
};
}

21
os/container.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
virtualisation = {
containers.enable = lib.mkIf config.beancloud.software.container true;
oci-containers.backend = "podman";
podman = {
enable = lib.mkIf config.beancloud.software.container true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.software.container dive)
(lib.mkIf config.beancloud.software.container docker)
(lib.mkIf config.beancloud.software.container podman)
(lib.mkIf config.beancloud.software.container podman-tui)
(lib.mkIf config.beancloud.software.container docker-compose)
];
}

44
os/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ ... }:
{
imports = [
./boot.nix
./disks.nix
./container.nix
./persistence.nix
./hardware
./swap.nix
./locale.nix
./network.nix
./update.nix
./virtualization.nix
];
time.timeZone = "Europe/Berlin";
environment.variables.EDITOR = "vim";
documentation = {
enable = true;
nixos.enable = false;
man.enable = true;
info.enable = false;
doc.enable = false;
dev.enable = false;
};
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
max-jobs = 2;
};
};
nixpkgs.config = {
allowUnfree = true;
};
system.stateVersion = "25.05";
}

119
os/disks.nix Normal file
View File

@ -0,0 +1,119 @@
{ config, lib, ... }:
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = "/dev/${config.beancloud.disk.device.name}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
priority = 1;
content = {
type = "filesystem";
format = "vfat";
extraArgs = [
"-F"
"32"
"-n"
"BOOT"
];
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
lvm = {
size = "100%";
priority = 2;
content = {
type = "lvm_pv";
vg = "nixos";
};
};
};
};
};
};
lvm_vg = {
nixos = {
type = "lvm_vg";
lvs = lib.mkMerge [
{
swap = {
size = "2GB";
content = {
type = "swap";
resumeDevice = true;
priority = 1;
};
};
}
(lib.mkIf (config.beancloud.persistence.root == "fs") {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
extraArgs = [
"-L"
"root"
"-T"
"news"
"-m"
"1"
];
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
})
(lib.mkIf (config.beancloud.persistence.root == "tmpfs") {
nix = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
extraArgs = [
"-L"
"nix"
"-T"
"news"
"-m"
"1"
];
mountpoint = "/nix";
mountOptions = [ "defaults" ];
};
};
})
];
};
};
nodev = lib.mkMerge [
(lib.mkIf (config.beancloud.persistence.root == "fs") {
tmp = {
fsType = "tmpfs";
mountpoint = "/tmp";
mountOptions = [
"size=25%"
];
};
})
(lib.mkIf (config.beancloud.persistence.root == "tmpfs") {
root = {
fsType = "tmpfs";
mountpoint = "/";
mountOptions = [
"defaults"
"size=50%"
"mode=755"
];
};
})
];
};
}

62
os/hardware/default.nix Normal file
View File

@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./macbook
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
# hidpi settings
fonts.fontconfig.subpixel.rgba = "rgb";
services.xserver.dpi = 144;
environment.variables = {
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
(lib.mkIf config.beancloud.hardware.gpu.intel.xe intel-compute-runtime)
(lib.mkIf config.beancloud.hardware.gpu.intel.xe vpl-gpu-rt)
(lib.mkIf (config.beancloud.hardware.gpu.amd.enable && config.beancloud.hardware.gpu.amd.amdvlk) amdvlk)
];
extraPackages32 = with pkgs; [
(lib.mkIf (config.beancloud.hardware.gpu.amd.enable && config.beancloud.hardware.gpu.amd.amdvlk) driversi686Linux.amdvlk)
];
};
amdgpu = {
initrd.enable = if config.beancloud.hardware.gpu.amd.enable then true else false;
amdvlk = {
enable = if (config.beancloud.hardware.gpu.amd.enable && config.beancloud.hardware.gpu.amd.amdvlk) then true else false;
support32Bit.enable = if (config.beancloud.hardware.gpu.amd.enable && config.beancloud.hardware.gpu.amd.amdvlk) then true else false;
};
};
xone.enable = false;
xpadneo.enable = false;
};
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.hardware.gpu.intel.xe clinfo)
(lib.mkIf config.beancloud.hardware.gpu.intel.xe nvtopPackages.intel)
];
services.fwupd.enable = lib.mkIf (config.beancloud.hardware.virtualmachine.type == "") true;
# services.udev.extraRules = lib.mkIf config.beancloud.hardware.steamdeck ''
# ACTION=="change", SUBSYSTEM=="drm", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="display-config.service"
# '';
}

101
os/hardware/macbook/clight/default.nix Normal file
View File

@ -0,0 +1,101 @@
{
config,
...
}:
{
services.clight = {
enable = if (config.beancloud.hardware.backlight.service == "clight" && config.beancloud.hardware.macbook) then true else false;
settings = {
verbose = true;
resumedelay = 30;
inhibit = {
disabled = false;
inhibit_docked = true;
inhibit_pm = true;
inhibit_bl = true;
};
backlight = {
disabled = true;
restore_on_exit = true;
no_smooth_transition = false;
trans_step = 0.05;
trans_timeout = 30;
trans_fixed = 0;
ac_timeouts = [ 600 2700 300 ];
batt_timeouts = [ 1200 5400 600 ];
shutter_threshold = 0.10;
no_auto_calibration = false;
pause_on_lid_closed = true;
capture_on_lid_opened = true;
};
sensor = {
ac_regression_points = [ 0.0 0.15 0.29 0.45 0.61 0.74 0.81 0.88 0.93 0.97 1.0 ];
batt_regression_points = [ 0.0 0.15 0.23 0.36 0.52 0.59 0.65 0.71 0.75 0.78 0.80 ];
devname = "";
settings = "";
captures = [ 5 5 ];
};
keyboard = {
disabled = false;
timeouts = [ 15 7 ];
ac_regression_points = [ 1.0 0.97 0.93 0.88 0.81 0.74 0.61 0.45 0.29 0.15 0.0 ];
batt_regression_points = [ 0.80 0.78 0.75 0.71 0.65 0.59 0.52 0.36 0.23 0.15 0.0 ];
};
gamma = {
disabled = true;
restore_on_exit = true;
no_smooth_transition = false;
trans_step = 50;
trans_timeout = 300;
long_transition = true;
ambient_gamma = false;
};
daytime = {
sunrise = "6:30";
sunset = "20:30";
event_duration = 1800;
sunrise_offset = 0;
sunset_offset = 0;
};
dimmer = rec {
disabled = false;
no_smooth_transition = [ false false ];
trans_steps = [ 0.01 0.08 ];
trans_timeouts =
let
# calculates a duration for each step between
# full brightness and the dimmed percentage
formula = duration: target: step: builtins.floor (duration / ((1 - target) / step));
in
[
(formula 2000 dimmed_pct (builtins.elemAt trans_steps 0))
(formula 250 dimmed_pct (builtins.elemAt trans_steps 1))
];
trans_fixed = [ 0 0 ];
timeouts = [ 30 15 ];
dimmed_pct = 0.2;
};
dpms = {
disabled = false;
timeouts = [ 900 300 ];
};
screen = {
disabled = true;
contrib = 0.2;
timeouts = [ 5 0 ];
};
};
};
location.latitude = if (config.beancloud.hardware.backlight.service == "clight" && config.beancloud.hardware.macbook) then 50.856289 else null;
location.longitude = if (config.beancloud.hardware.backlight.service == "clight" && config.beancloud.hardware.macbook) then 11.464202 else null;
}

19
os/hardware/macbook/default.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
...
}:
{
imports = [
./pommed
./clight
];
# hardware.facetimehd = {
# enable = lib.mkIf config.beancloud.hardware.macbook true;
# withCalibration = lib.mkIf config.beancloud.hardware.macbook true;
# };
beancloud.hardware.wifi.broadcom = lib.mkIf config.beancloud.hardware.macbook true;
beancloud.hardware.gpu.intel.i915 = lib.mkIf config.beancloud.hardware.macbook true;
}

11
os/hardware/macbook/pommed/config-macbook-air.nix Normal file
View File

@ -0,0 +1,11 @@
{ stdenv, ... }:
stdenv.mkDerivation {
name = "pommed-macbook-air";
src = ./configs/macbook-air.conf;
dontUnpack = true;
buildPhase = '''';
installPhase = ''
cat $src > $out
'';
}

42
os/hardware/macbook/pommed/configs/macbook-air.conf Normal file
View File

@ -0,0 +1,42 @@
general {
fnmode = 1
}
lcd_sysfs {
init = 1740
step = 10
on_batt = 1024
}
lcd_gma950 {
init = 0x94
step = 0x0f
on_batt = 0x40
}
audio {
disabled = yes
}
kbd {
default = 256
step = 10
on_threshold = 20
off_threshold = 200
auto = yes
idle_timer = -1
idle_level = 32
}
eject {
enabled = no
device = "/dev/dvd"
}
beep {
enabled = no
}
appleir {
enabled = no
}

24
os/hardware/macbook/pommed/default.nix Normal file
View File

@ -0,0 +1,24 @@
{
config,
pkgs,
...
}:
{
services.hardware.pommed = {
enable =
if
(config.beancloud.hardware.backlight.service == "pommed" && config.beancloud.hardware.macbook)
then
true
else
false;
configFile =
if
(config.beancloud.hardware.backlight.service == "pommed" && config.beancloud.hardware.macbook)
then
pkgs.callPackage ./config-macbook-air.nix { }
else
null;
};
}

23
os/locale.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, ... }:
{
i18n = {
# https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED
defaultLocale = "${config.beancloud.os.lang.first}";
supportedLocales = [
"${config.i18n.defaultLocale}/UTF-8"
"${config.beancloud.os.lang.second}/UTF-8"
];
extraLocaleSettings = {
LANG = config.beancloud.os.lang.first;
LC_ALL = config.beancloud.os.lang.first;
LC_MESSAGES = config.beancloud.os.lang.first;
LC_TIME = config.beancloud.os.lang.first;
LC_CTYPE = config.beancloud.os.lang.first;
LC_COLLATE = config.beancloud.os.lang.first;
};
};
services.xserver.xkb.layout = "${config.beancloud.os.lang.keymap}";
console.useXkbConfig = true;
}

92
os/network.nix Normal file
View File

@ -0,0 +1,92 @@
{ config, lib, ... }:
{
networking = {
domain = "local";
enableIPv6 = false;
useDHCP = false;
wireless.enable = false;
usePredictableInterfaceNames = lib.mkIf (config.beancloud.network.interface.lan == "eth0") false;
};
networking.networkmanager = {
enable = true;
wifi.powersave = lib.mkIf config.beancloud.hardware.steamdeck true;
};
systemd.network = {
enable = true;
config.networkConfig = {
UseDomains = true;
SpeedMeter = true;
};
networks."10-lan" = {
enable = lib.mkDefault true;
matchConfig.Name = [ "${config.beancloud.network.interface.lan}" ];
linkConfig.RequiredForOnline = lib.mkDefault "routable";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = false;
};
};
};
networking.hosts = {
};
# (m)DNS
services.resolved = {
enable = true;
fallbackDns = [
"9.9.9.9" # https://www.quad9.net/service/service-addresses-and-features
"2620:fe::fe" # https://www.quad9.net/service/service-addresses-and-features
];
dnssec = "false";
dnsovertls = "opportunistic";
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.nftables.enable = false;
networking.nftables.tables = {
filter = {
content = ''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow "ping"
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
'';
family = "inet";
};
};
beancloud.network.interface.lan = lib.mkIf config.beancloud.hardware.steamdeck "eth0";
}

141
os/persistence.nix Normal file
View File

@ -0,0 +1,141 @@
{ config, lib, ... }:
{
environment.persistence = {
persistence = {
enable = lib.mkIf (config.beancloud.persistence.type != "impermanence") false;
persistentStoragePath = "/nix/persistence";
hideMounts = true;
directories = [
"/etc/nixos"
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
];
};
};
boot.initrd.preLVMCommands = lib.mkIf (config.beancloud.persistence.type != "preservation" && config.beancloud.persistence.root == "fs") ''
WAIT_TIME=5
MAX_RETRIES=6
ROOT_DEV="/dev/disk/by-label/root"
ROOT_DIR=/rootmnt"
mountPartition() {
echo "mount the root / partition"
echo "create the $ROOT_DIR folder"
mkdir -p "$ROOT_DIR"
COUNTER=1
while [ ! -e "$ROOT_DEV" ] || [ ! -e "$ROOT_DIR" ]; do
echo "the root partition or the mount folder are not yet available"
sleep $WAIT_TIME
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "device check failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
COUNTER=1
until mount "$ROOT_DEV" $ROOT_DIR; do
echo "the root partition has not yet been mounted"
sleep "$WAIT_TIME"
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "mount failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
echo "mount done"
}
wipePartition() {
echo "wipe the content from the / partition"
COUNTER=1
until rm -rf "$ROOT_DIR/*"; do
echo "the wipe has been failed"
sleep 5
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "wipe failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
echo "wipe done"
}
umountPartition() {
echo "umount the root / partition"
COUNTER=1
until umount "$ROOT_DIR"; do
echo "umount failed"
sleep 5
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "umount failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
echo "umount done"
}
loadModules() {
echo "load the ext4 module"
COUNTER=1
until modprobe ext4; do
echo "modprobe ext4 failed"
sleep 5
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "modprobe failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
echo "modprobe done"
}
fixPermissions() {
echo "fix /var/empty permissions"
COUNTER=1
until chattr -i -a "$ROOT_DIR/var/empty"; do
echo "chattr /var/empty failed"
sleep 5
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "chattr failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
COUNTER=1
until chmod 755 "$ROOT_DIR/var/empty"; do
echo "chmod /var/empty failed"
sleep 5
if [ "$COUNTER" -eq "$MAX_RETRIES" ]; then
echo "chmod failed"
exit 1
fi
COUNTER="$((COUNTER + 1))"
done
echo "permissions fix done"
}
loadModules
mountPartition
fixPermissions
wipePartition
umountPartition
'';
}

7
os/swap.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
zramSwap = {
enable = true;
};
}

25
os/update.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, ... }:
{
system.autoUpgrade = {
enable = true;
allowReboot = false;
flake = "git+https://code.beancloud.de/public/nixos-demo.git?ref=${config.beancloud.tier}#${config.networking.hostName}";
dates = "02:00";
randomizedDelaySec = "45min";
};
nix = {
optimise = {
automatic = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
extraOptions = ''
min-free = ${toString (1024 * 1024 * 1024)}
max-free = ${toString (4096 * 1024 * 1024)}
'';
};
}

34
os/virtualization.nix Normal file
View File

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
boot.initrd = {
availableKernelModules = [
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_net")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_mmio")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_pci")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_blk")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_scsi")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "9p")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "9pnet_virtio")
];
kernelModules = [
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_balloon")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_console")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_rng")
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") "virtio_gpu")
];
};
services.qemuGuest.enable = lib.mkIf (config.beancloud.hardware.virtualmachine.type == "kvm") true;
virtualisation.libvirtd.enable = lib.mkIf config.beancloud.software.virtualisation true;
environment.systemPackages = with pkgs; [
(lib.mkIf (
config.beancloud.software.virtualisation || config.beancloud.software.virt-manager
) virt-manager)
];
}

45
software/default.nix Normal file
View File

@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
{
# https://search.nixos.org/packages
environment.systemPackages = with pkgs; [
btop
curl
dnsutils
dosfstools
fzf
git
htop
(lib.mkIf config.beancloud.hardware.macbook inxi)
jq
less
mc
screen
strace
sysstat
tcpdump
tmux
unzip
vim
wget
whois
xz
yq-go
zip
];
programs.java.enable = lib.mkIf config.beancloud.software.steam.enable true;
imports = [
./firmware.nix
./gnome.nix
./nix-daemon.nix
./openssh.nix
./wine.nix
];
}

49
software/desktop.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./games.nix
./libreoffice.nix
./steam.nix
];
config = lib.mkIf (config.beancloud.software.desktop) {
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.software.chromium chromium)
(lib.mkIf config.beancloud.software.photography ansel)
(lib.mkIf config.beancloud.software.davinci-resolve davinci-resolve-studio)
(lib.mkIf config.beancloud.software.photography darktable)
firefox
(lib.mkIf config.beancloud.software.nextcloud.client nextcloud-client)
(lib.mkIf config.beancloud.software.nextcloud.talk-desktop nextcloud-talk-desktop)
(lib.mkIf config.beancloud.software.obs-studio obs-studio)
(lib.mkIf config.beancloud.software.podman-desktop podman-desktop)
(lib.mkIf config.beancloud.software.shotcut shotcut)
(lib.mkIf config.beancloud.software.zed-editor zed-editor)
];
services = {
xserver = {
enable = true;
};
displayManager = {
enable = true;
sddm.autoLogin.relogin = lib.mkIf config.beancloud.hardware.steamdeck true;
};
greetd = {
enable = if config.beancloud.hardware.steamdeck then true else false;
settings = {
default_session = {
command = "${pkgs.gamescope}/bin/gamescope -f --mangoapp --steam --xwayland-count 2 -- steam -pipewire-dmabuf -gamepadui -steamos > /dev/null 2>&1";
};
};
};
};
beancloud.os.screensaver.lock = lib.mkIf config.beancloud.hardware.steamdeck false;
};
}

14
software/firmware.nix Normal file
View File

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "") linux-firmware)
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "") broadcom-bt-firmware)
(lib.mkIf (config.beancloud.hardware.virtualmachine.type == "") rtl8192su-firmware)
];
}

22
software/games.nix Normal file
View File

@ -0,0 +1,22 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkIf (config.beancloud.software.desktop) {
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.software.games.enable lutris)
(lib.mkIf config.beancloud.software.games.enable prismlauncher)
(lib.mkIf config.beancloud.software.games.enable quakespasm)
(lib.mkIf config.beancloud.software.games.enable yquake2)
(lib.mkIf config.beancloud.software.games.enable quake3e)
];
networking.firewall.allowedUDPPorts = [
(lib.mkIf config.beancloud.software.games.stardewvalley 24642)
];
};
}

109
software/gnome.nix Normal file
View File

@ -0,0 +1,109 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkIf (config.beancloud.software.desktop) {
services = {
xserver = {
displayManager = {
gdm = {
enable = if config.beancloud.hardware.steamdeck then false else true;
wayland = true;
autoLogin.delay = lib.mkIf config.beancloud.hardware.steamdeck 6;
};
};
desktopManager.gnome = {
enable = true;
# example for a Gnome config not managed by the home-manager
# extraGSettingsOverridePackages = [ pkgs.mutter ];
# extraGSettingsOverrides = ''
# [org.gnome.mutter]
# experimental-features=['scale-monitor-framebuffer']
# '';
};
};
displayManager = {
defaultSession = "gnome";
};
gnome.localsearch.enable = true;
udev.packages = [ pkgs.gnome-settings-daemon ];
};
environment.systemPackages = with pkgs; [
adwaita-icon-theme
gnome-bluetooth
(lib.mkIf config.beancloud.software.development gnome-boxes)
(lib.mkIf config.beancloud.software.development gnome-builder)
gnome-connections
gnome-firmware
gnomeExtensions.dash-to-dock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.open-bar
gnomeExtensions.no-overview
];
environment.gnome.excludePackages = with pkgs; [
gnome-tour
gnome-initial-setup
];
systemd.user.services.display-config = {
enable = false;
wantedBy = [ "default.target" ];
after = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
description = "Gnome display configuration";
unitConfig = {
ConditionUser = "!root";
};
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
RestartSec = "5s";
RestartSteps = 24;
RestartMaxDelaySec = "120s";
};
script = ''
set -e
set -u
set -o pipefail
export DISPLAY=:0.0
WAIT_TIME="5s"
sleep 15s
if [ "''$(cat /sys/class/drm/card1-DP-1/status)" = "connected" ]; then
${pkgs.mutter}/bin/gdctl set --logical-monitor --primary --monitor 'DP-1'
sleep "''${WAIT_TIME}"
if ! ${pkgs.mutter}/bin/gdctl show | grep -A6 'Logical monitor #1' | grep -A2 'Primary: yes' | grep 'DP-1'; then
echo "display config not applied..."
exit 1
fi
else
${pkgs.mutter}/bin/gdctl set --logical-monitor --primary --monitor 'eDP-1'
sleep "''${WAIT_TIME}"
if ! ${pkgs.mutter}/bin/gdctl show | grep -A6 'Logical monitor #1' | grep -A2 'Primary: yes' | grep 'eDP-1'; then
echo "display config not applied..."
exit 1
fi
fi
if ${pkgs.mutter}/bin/gdctl show | grep 'Logical monitor #2'; then
echo "display config not applied..."
exit 1
fi
'';
};
};
imports = [
./desktop.nix
];
}

17
software/libreoffice.nix Normal file
View File

@ -0,0 +1,17 @@
{
lib,
config,
pkgs,
...
}:
{
config = lib.mkIf (config.beancloud.software.desktop) {
environment.systemPackages = with pkgs; [
hunspell
libreoffice
hyphenDicts.de_DE
hyphenDicts.de-de
];
};
}

15
software/nix-daemon.nix Normal file
View File

@ -0,0 +1,15 @@
{ ... }:
{
systemd.services = {
nix-daemon = {
environment = {
TMPDIR = "/run/nix-daemon";
};
serviceConfig = {
RuntimeDirectory = "nix-daemon";
};
};
};
}

30
software/openssh.nix Normal file
View File

@ -0,0 +1,30 @@
{ ... }:
{
# https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.openssh
services.openssh = {
enable = true;
settings.PasswordAuthentication = true;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
listenAddresses = [
{
addr = "0.0.0.0";
port = 22;
}
];
};
systemd.services.ssh = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
};
};
networking.firewall.allowedTCPPorts = [ 22 ];
}

56
software/steam.nix Normal file
View File

@ -0,0 +1,56 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkIf (config.beancloud.software.desktop) {
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.software.steam.enable steamcmd)
(lib.mkIf config.beancloud.software.steam.enable mangohud)
];
beancloud.software = {
games.enable = lib.mkIf config.beancloud.hardware.steamdeck true;
steam.enable = lib.mkIf config.beancloud.hardware.steamdeck true;
wine = lib.mkIf config.beancloud.hardware.steamdeck true;
};
beancloud.hardware.gpu.amd.enable = lib.mkIf config.beancloud.hardware.steamdeck true;
programs = {
steam = {
enable = lib.mkIf config.beancloud.software.steam.enable true;
gamescopeSession.enable = lib.mkIf config.beancloud.hardware.steamdeck true;
localNetworkGameTransfers.openFirewall = lib.mkIf config.beancloud.software.steam.enable true;
package = pkgs.steam.override {
extraPkgs =
pkgs: with pkgs; [
cairo
gtk3
libdecor
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib # Provides libstdc++.so.6
libkrb5
keyutils
];
};
};
gamescope = {
enable = lib.mkIf config.beancloud.software.steam.enable true;
capSysNice = true;
};
gamemode = {
enable = lib.mkIf config.beancloud.software.steam.enable true;
};
};
};
}

18
software/wine.nix Normal file
View File

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
(lib.mkIf config.beancloud.software.wine wineWowPackages.stable)
(lib.mkIf config.beancloud.software.wine wineWowPackages.waylandFull)
(lib.mkIf config.beancloud.software.wine winetricks)
(lib.mkIf config.beancloud.software.wine gamemode)
(lib.mkIf config.beancloud.software.wine mangohud)
(lib.mkIf config.beancloud.software.wine gamescope)
(lib.mkIf config.beancloud.software.wine vulkan-tools)
];
}

8
users/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ lib, ... }:
{
users = {
mutableUsers = false;
};
security.sudo.wheelNeedsPassword = lib.mkDefault false;
}

44
users/demo/default.nix Normal file
View File

@ -0,0 +1,44 @@
{
pkgs,
...
}:
{
users = {
users = {
demo = {
password = "demo";
uid = 1000;
createHome = true;
home = "/home/demo";
shell = pkgs.bashInteractive;
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
];
};
};
};
home-manager = {
users = {
demo = {
imports = [ ./home/default.nix ];
};
};
};
environment.persistence = {
persistence = {
directories = [
{
directory = "/home/demo";
user = "demo";
group = "users";
mode = "u=rwx,g=,o=";
}
];
};
};
}

16
users/demo/home/bash.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
{
programs = {
bash = {
enable = true;
shellAliases = {
ll = "ls -lAh";
cp = "cp -iv";
mv = "mv -iv";
rm = "rm -iv";
df = "df -h";
};
};
};
}

20
users/demo/home/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ lib, ... }:
{
programs.home-manager.enable = true;
home = {
username = "demo";
homeDirectory = lib.mkForce "/home/demo";
stateVersion = "25.05";
};
# https://nix-community.github.io/home-manager/options.xhtml
imports = [
./bash.nix
./gnome.nix
./git.nix
./firefox.nix
./ssh.nix
];
}

120
users/demo/home/firefox.nix Normal file
View File

@ -0,0 +1,120 @@
{ pkgs, ... }:
{
programs = {
firefox = {
enable = true;
languagePacks = [
"en-US"
"de"
];
# https://mozilla.github.io/policy-templates/
policies = {
DefaultDownloadDirectory = "\${home}/Downloads";
DisableFirefoxStudies = true;
DisableAppUpdate = true;
DisablePocket = true;
DisableTelemetry = true;
Extensions = {
Install = [
"https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
];
};
ExtensionSettings = {
"uBlock0@raymondhill.net" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
updates_disabled = false;
};
};
FirefoxHome = {
Search = true;
TopSites = false;
SponsoredTopSites = false;
Highlights = false;
Pocket = false;
SponsoredPocket = false;
Snippets = false;
Locked = false;
};
FirefoxSuggest = {
WebSuggestions = false;
SponsoredSuggestions = false;
ImproveSuggest = false;
Locked = false;
};
HardwareAcceleration = true;
RequestedLocales = "en-US,de";
SSLVersionMin = "tls1.2";
TranslateEnabled = false;
UserMessaging = {
ExtensionRecommendations = false;
FeatureRecommendations = false;
UrlbarInterventions = false;
SkipOnboarding = true;
MoreFromMozilla = false;
FirefoxLabs = false;
Locked = false;
};
};
profiles = {
default = {
id = 0;
name = "default";
isDefault = true;
search = {
force = true;
default = "ddg";
engines = {
"ddg".metaData.alias = "@ddg";
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [ { template = "https://wiki.nixos.org/index.php?search={searchTerms}"; } ];
icon = "https://wiki.nixos.org/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"wikipedia".metaData.alias = "@wiki";
};
};
settings = {
"general.smoothScroll" = true;
"signon.rememberSignons" = false; # Password Manager
};
bookmarks = {
force = true;
settings = [
{
toolbar = true; # <- global toolbar
bookmarks = [
{
name = "kernel.org";
url = "https://www.kernel.org";
}
];
}
];
};
};
};
};
};
}

16
users/demo/home/git.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
{
programs.git = {
enable = true;
extraConfig = {
init.defaultBranch = "main";
core = {
preloadindex = true;
fscache = true;
};
gc.auto = 256;
};
};
}

121
users/demo/home/gnome.nix Normal file
View File

@ -0,0 +1,121 @@
{ osConfig, lib, ... }:
{
# https://nix-community.github.io/home-manager/options.xhtml#opt-dconf.settings
# https://github.com/nix-community/dconf2nix
dconf.settings =
let
inherit (lib.hm.gvariant) mkUint32;
in
{
"system/locale" = {
region = "de_DE.UTF-8";
};
"org/gnome/software" = {
download-updates = false;
download-updates-notify = false;
};
"org/gnome/desktop/calendar" = {
show-weekdate = true;
};
"org/gnome/desktop/datetime" = {
automatic-timezone = true;
};
"org/gnome/desktop/interface" = {
clock-show-weekday = true;
enable-hot-corners = true;
color-scheme = "prefer-dark";
};
"org/gnome/desktop/session" = {
idle-delay = mkUint32 300;
};
"org/gnome/desktop/screensaver" = {
lock-enabled = osConfig.beancloud.os.screensaver.lock;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
"org/gnome/desktop/peripherals/mouse" = {
natural-scroll = true;
};
"org/gnome/Console" = {
custom-font = "UbuntuMono Nerd Font Mono 13";
last-window-maximised = true;
use-system-font = true;
};
"org/gnome/shell" = {
enabled-extensions = [
"openbar@neuromorph"
"dash-to-dock@micxgx.gmail.com"
];
favorite-apps = [
"firefox.desktop"
"org.gnome.Geary.desktop"
"org.gnome.Calendar.desktop"
"org.gnome.Music.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/shell/extensions/dash-to-dock" = {
background-opacity = 0.80000000000000004;
dash-max-icon-size = 48;
dock-position = "RIGHT";
extend-height = false;
height-fraction = 0.90000000000000002;
intellihide-mode = "FOCUS_APPLICATION_WINDOWS";
preferred-monitor = -2;
preferred-monitor-by-connector = "DP-1";
};
"org/gnome/shell/extensions/gtk4-ding" = {
icon-size = "small";
};
"org/gnome/shell/extensions/openbar" = {
bg-change = true;
default-font = "UbuntuMono Nerd Font Mono 12";
neon-wmax = false;
pause-reload = false;
reloadstyle = true;
trigger-reload = true;
shadow = false;
wmaxbar = true;
autohg-bar = true;
autohg-menu = true;
trigger-autotheme = true;
autotheme-dark = "Dark";
autotheme-font = true;
autotheme-light = "Pastel";
bartype = "Trilands";
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
};
"org/gnome/nautilus/preferences" = {
default-folder-viewer = "list-view";
search-filter-time-type = "last_modified";
};
"org/gnome/settings-daemon/plugins/power" = {
power-button-action = "interactive";
sleep-inactive-ac-type = "nothing";
};
"org/gnome/mutter" = {
experimental-features = [ "scale-monitor-framebuffer" ];
};
};
}

18
users/demo/home/ssh.nix Normal file
View File

@ -0,0 +1,18 @@
{ ... }:
{
programs = {
ssh = {
enable = true;
addKeysToAgent = "1h";
hashKnownHosts = true;
matchBlocks = {
gitea = {
hostname = "code.beancloud.de";
user = "gitea";
port = 22;
};
};
};
};
}

32
users/root/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ ... }:
{
users = {
users = {
root = {
password = "rootpw";
};
};
};
home-manager = {
users = {
root = {
imports = [ ./home/default.nix ];
};
};
};
environment.persistence = {
persistence = {
directories = [
{
directory = "/root";
user = "root";
group = "root";
mode = "u=rwx,g=,o=";
}
];
};
};
}

18
users/root/home/bash.nix Normal file
View File

@ -0,0 +1,18 @@
{ osConfig, ... }:
{
programs = {
bash = {
enable = true;
shellAliases = {
ll = "ls -lAh";
cp = "cp -iv";
mv = "mv -iv";
rm = "rm -iv";
df = "df -h";
nixrbb = "nixos-rebuild boot --flake git+https://code.beancloud.de/public/nixos-demo.git?ref=${osConfig.beancloud.tier}";
nixrbs = "nixos-rebuild switch --flake git+https://code.beancloud.de/public/nixos-demo.git?ref=${osConfig.beancloud.tier}";
};
};
};
}

17
users/root/home/default.nix Normal file
View File

@ -0,0 +1,17 @@
{ lib, ... }:
{
programs.home-manager.enable = true;
home = {
username = "root";
homeDirectory = lib.mkForce "/root";
stateVersion = "25.05";
};
# https://nix-community.github.io/home-manager/options.xhtml
imports = [
./bash.nix
./git.nix
];
}

18
users/root/home/git.nix Normal file
View File

@ -0,0 +1,18 @@
{ ... }:
{
programs.git = {
enable = true;
userName = "root";
userEmail = "root@localhost";
signing.format = "ssh";
extraConfig = {
init.defaultBranch = "main";
core = {
preloadindex = true;
fscache = true;
};
gc.auto = 256;
};
};
}