add: Odin configuration, modularize config even more

README.md

@@ -2,6 +2,7 @@
 
 Configuration files for my NixOS **hosts**:
 - *hulk* - main laptop
+- *odin* - second Lenovo laptop
 - *thor* - my old PC, now my home server
 
 ## Basic information
@@ -18,12 +19,18 @@ Configuration files for my NixOS **hosts**:
 - Shell: **zsh**
 - Editor: **vim**
 
+### odin
+- Terminal: **Konsole**
+- DE: **KDE Plasma**
+- Shell: **fish**
+- Browser: **Firefox**
+
 ## Basic commands
 1. Switch configuration
 ```
 # nixos-rebuild switch --flake /etc/nixos#<hostname> --fast
 ```
-2. Switch **Home Manager** configuration
+2. Switch **Home Manager** configuration (if it's present)
 ```
 home-manager switch --flake /etc/nixos
 ```
@@ -76,11 +83,8 @@ sudo nixos-rebuild switch --flake /etc/nixos#hulk
 │       └── ...
 ├── profiles
 │   ├── default.nix
-│   ├── <user profile>
-│   │   └── ...
-│   └── thor
-│       ├── default.nix
-│       └── packages.nix
+│   └── <user profile>
+│       └── ...
 ├── secrets
 │   ├── secrets.nix
 │   └── <host>

hosts/base-configuration.nix

@@ -27,10 +27,4 @@
 
   boot.loader.grub.enable = false;
   boot.loader.systemd-boot.enable = true;
-
-  manual = {
-    html.enable = false;
-    manpages.enable = false;
-    json.enable = false;
-  };
 }

hosts/default.nix

@@ -3,6 +3,33 @@
 let
   inherit (self) inputs;
   lib = inputs.nixpkgs.lib;
+  mkUser = pkgs: host: let
+    inherit (prefs.users.${host})
+      username
+      fullname
+      isRoot
+      homeDirectory
+      preferredShell;
+  in
+  {
+    users.users.${username} = {
+      isNormalUser = lib.mkIf (!isRoot) true;
+      isSystemUser = lib.mkIf isRoot true;
+      description = fullname;
+      home = homeDirectory;
+      
+      group = "users";
+      extraGroups = [
+        "wheel"
+        "networkmanager"
+        "plugdev"
+        "video"
+      ];
+
+      ignoreShellProgramCheck = true;
+      shell = preferredShell pkgs;
+    };
+  };
 
   mkSystem =
     {
@@ -23,6 +50,7 @@ let
         ++ [
           ./base-configuration.nix
           ./${hostname}
+          (mkUser pkgs hostname)
         ]
         ++ lib.lists.optionals useHomeManager [
           { environment.systemPackages = [ pkgs.home-manager ]; }
@@ -33,15 +61,7 @@ let
           }
         ];
     };
-in
-{
-  hulk = mkSystem {
-    system = "x86_64-linux";
-    hostname = "hulk";
-  };
-
-  thor = mkSystem {
-    system = "x86_64-linux";
-    hostname = "thor";
-  };
-}
+in builtins.mapAttrs (name: config: 
+  mkSystem (config // {
+    hostname = name;
+  })) prefs.hosts

hosts/hulk/default.nix

@@ -1,12 +1,24 @@
-{ pkgs, ... }:
-
 {
+  config, 
+  prefs, 
+  pkgs, 
+  lib, 
+  ...
+}:
+
+let
+  inherit (prefs.users.hulk) username; 
+in {
   imports = [
     ./hardware-configuration.nix
     ./modules.nix
-    ./users.nix
   ];
 
+  users.users.${username}.extraGroups = lib.lists.optionals (config.modules 
+    ? nordvpn
+    && config.modules.nordvpn.enable
+  ) [ "nordvpn" ];
+
   nix.settings = {
     experimental-features = [
       "nix-command"

hosts/hulk/users.nix

@@ -1,36 +0,0 @@
-{
-  pkgs,
-  prefs,
-  config,
-  ...
-}:
-
-let
-  inherit (prefs.users.hulk)
-    username
-    fullname
-    isRoot
-    homeDirectory
-    preferredShell
-    ;
-  optional = pkgs.lib.lists.optionals;
-in
-{
-  users.users.${username} = {
-    isNormalUser = !isRoot;
-    isSystemUser = isRoot;
-    description = fullname;
-    home = homeDirectory;
-    group = "users";
-    
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-      "plugdev"
-      "adbusers"
-      "video"
-    ] ++ optional (config.modules ? nordvpn && config.modules.nordvpn.enable) [ "nordvpn" ];
-    ignoreShellProgramCheck = true;
-    shell = preferredShell pkgs;
-  };
-}

hosts/odin/default.nix

@@ -0,0 +1,38 @@
+{ inputs, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./modules.nix
+  ];
+  
+  boot.plymouth.enable = true; # for silent boot
+
+  system.autoUpgrade = {
+    enable = true;
+    flags = [ "--update-input" "nixpkgs" ];
+    dates = "weekly";
+    randomizedDelaySec = "15min";
+  };
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    auto-optimise-store = true;
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+  swapDevices = [
+    {
+      device = "/swap";
+      size = 4096;
+    }
+  ];
+}

hosts/odin/modules.nix

@@ -0,0 +1,42 @@
+{ pkgs, inputs, ... }:
+
+{
+  imports = [
+    # Utilities
+    ../../modules/nixos/nvidia-support.nix
+    ../../modules/nixos/bluetooth.nix
+    ../../modules/nixos/audio.nix
+  ];
+
+  services.displayManager = {
+	  autoLogin.enable = true;
+	  autoLogin.user = "anna";
+  };
+
+  modules.bluetooth.enable = true;
+  modules.nvidia.enable = true;
+  modules.audio.enable = true;
+
+  security.rtkit.enable = true;
+  services = {
+    gvfs.enable = true;
+    upower.enable = true;
+    power-profiles-daemon.enable = true;
+
+    printing = {
+      enable = true;
+      drivers = with pkgs; [ hplipWithPlugin ];
+    };
+  };
+
+  programs = {
+    dconf.enable = true;
+    light.enable = true;
+    thunar.enable = true;
+
+    thunar.plugins = with pkgs.xfce; [
+      thunar-archive-plugin
+      thunar-volman
+    ];
+  };
+}

hosts/thor/default.nix

@@ -2,10 +2,9 @@
 
 {
   imports = [
-    ./hardware-configuration.nix
-    ./users.nix
-
     inputs.agenix.nixosModules.default
+    
+    ./hardware-configuration.nix
     ./services
   ];
   

hosts/thor/hardware-configuration.nix

@@ -1,53 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "usb_storage"
-    "sd_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/9c4c982e-0ea2-46c7-b7d6-e5a94f8562d3";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/A399-E37C";
-    fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/thor/services/default.nix

@@ -44,7 +44,7 @@
   services.ntfy-sh = {
     enable = true;
     settings = {
-      base-url = "https://ntfy.${prefs.hosts.thor.domain}";
+      base-url = "https://ntfy.${prefs.config.thor.domain}";
       listen-http = "localhost:8118";
       auth-default-access = "deny-all";
       enable-login = true;
@@ -53,9 +53,9 @@
 
   services.newt = {
     enable = true;
-    id = prefs.hosts.thor.newtId;
+    id = prefs.config.thor.newtId;
     secretFile = config.age.secrets.newtToken.path;
-    endpoint = "https://proxy.${prefs.hosts.thor.domain}";
+    endpoint = "https://proxy.${prefs.config.thor.domain}";
   };
 
   services.adguardhome.enable = true;

hosts/thor/services/fediverse/default.nix

@@ -50,8 +50,8 @@
     };
     settings = {
       bind = "127.0.0.1";
-      hostname = "lemmy." + prefs.hosts.thor.domain;
-      email = with prefs.hosts.thor.emailConfig; {
+      hostname = "lemmy." + prefs.config.thor.domain;
+      email = with prefs.config.thor.emailConfig; {
         smtp_server = "${server}:${toString port}";
         smtp_login = login;
         smtp_from_address = from;
@@ -65,12 +65,12 @@
     enable = true;
     redis.createLocally = true;
     database.createLocally = true;
-    localDomain = "tube." + prefs.hosts.thor.domain;
+    localDomain = "tube." + prefs.config.thor.domain;
     secrets.secretsFile = config.age.secrets.peertube.path;
     smtp.passwordFile = config.age.secrets.smtpPassword.path;
 
     settings = {
-      smtp = with prefs.hosts.thor.emailConfig; {
+      smtp = with prefs.config.thor.emailConfig; {
         inherit port;
 
         hostname = server;
@@ -84,7 +84,7 @@
   services.pixelfed = {
     enable = true;
     database.type = "pgsql";
-    domain = "pix." + prefs.hosts.thor.domain;
+    domain = "pix." + prefs.config.thor.domain;
     secretFile = config.age.secrets.pixelfed.path;
 
     settings = let 
@@ -155,16 +155,16 @@
       
       ":pleroma" = {
         ":instance" = {
-          name = "${prefs.hosts.thor.domain} Akkoma";
+          name = "${prefs.config.thor.domain} Akkoma";
           description = "Private Akkoma instance.";
-          email = "contact@${prefs.hosts.thor.domain}";
+          email = "contact@${prefs.config.thor.domain}";
           registrations_open = false;
           invites_enabled = true;
           federating = true;
         };
 
         "Pleroma.Web.Endpoint" = {
-          url.host = "social." + prefs.hosts.thor.domain;
+          url.host = "social." + prefs.config.thor.domain;
           secret_key_base = { _secret = config.age.secrets.akkomaEndpointKey.path; };
           signing_salt = { _secret = config.age.secrets.akkomaEndpointSalt.path; };
         };
@@ -172,11 +172,11 @@
         
 
         "Pleroma.Captcha".enabled = false;
-        "Pleroma.Upload".base_url = "https://social.${prefs.hosts.thor.domain}:443/media";
+        "Pleroma.Upload".base_url = "https://social.${prefs.config.thor.domain}:443/media";
         ":mrf".policies = [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];
         ":configurable_from_database" = false;
 
-        "Pleroma.Emails.Mailer" = with prefs.hosts.thor.emailConfig; {
+        "Pleroma.Emails.Mailer" = with prefs.config.thor.emailConfig; {
           enabled = true;
           adapter = "Swoosh.Adapters.SMTP";
           username = login;

hosts/thor/services/frigate/default.nix

@@ -10,7 +10,7 @@
     enable = true;
     vaapiDriver = "radeonsi";
     settings = import ./config.nix;
-    hostname = "cam.${prefs.hosts.thor.domain}";
+    hostname = "cam.${prefs.config.thor.domain}";
   };
 
   systemd.services.frigate.serviceConfig.EnvironmentFile = config.age.secrets.frigate.path;

hosts/thor/services/gitea/default.nix

@@ -48,11 +48,11 @@ in {
       };
 
       server = {
-        DOMAIN = "git." + prefs.hosts.thor.domain;
+        DOMAIN = "git." + prefs.config.thor.domain;
         DISABLE_SSH = true;
       };
 
-      mailer = with prefs.hosts.thor.emailConfig; {
+      mailer = with prefs.config.thor.emailConfig; {
         ENABLED = true;
         SMTP_ADDR = server;
         SMTP_PORT = port;
@@ -77,7 +77,7 @@ in {
   services.gitea-actions-runner.instances.default = {
     enable = true;
     name = "primary-1";
-    url = "https://git.${prefs.hosts.thor.domain}";
+    url = "https://git.${prefs.config.thor.domain}";
     tokenFile = config.age.secrets.giteaRunnerToken.path;
     labels = [
       "ubuntu-latest:docker://node:16-bullseye"

hosts/thor/services/immich/default.nix

@@ -15,7 +15,7 @@ in {
       "/dev/dri/renderD128"
     ];
     settings = lib.recursiveUpdate baseImmichConfig {
-      notifications.smtp = with prefs.hosts.thor.emailConfig; {
+      notifications.smtp = with prefs.config.thor.emailConfig; {
         inherit from;
         transport = {
           inherit port;

hosts/thor/services/matrix/bridges/common.nix

@@ -1,6 +1,6 @@
 { prefs }: rec {
   homeserver = {
-    domain = prefs.hosts.thor.domain;
+    domain = prefs.config.thor.domain;
     address = "https://${homeserver.domain}";
   };
 

hosts/thor/services/matrix/default.nix

@@ -17,7 +17,7 @@
     extraConfigFiles = [ config.age.secrets.matrix.path ];
     
     settings = rec {
-      server_name = prefs.hosts.thor.domain;
+      server_name = prefs.config.thor.domain;
       public_baseurl = "https://${server_name}/";
       database = {
         name = "psycopg2";

hosts/thor/services/nextcloud/default.nix

@@ -7,7 +7,7 @@
 }:
 
 let 
-  domain = prefs.hosts.thor.domain;
+  domain = prefs.config.thor.domain;
 in {
   age.secrets.nextcloud = {
     file = self + ./secrets/thor/nextcloud.age;

hosts/thor/services/piped/default.nix

@@ -5,7 +5,7 @@
 }:
 
 let 
-  frontendUrl = "piped.${prefs.hosts.thor.domain}";
+  frontendUrl = "piped.${prefs.config.thor.domain}";
   proxyUrl    = "proxy.${frontendUrl}";
   backendUrl  = "api.${frontendUrl}";
 in {

hosts/thor/services/vaultwarden/default.nix

@@ -23,10 +23,10 @@ in {
         WEBSOCKET_ENABLED = true;
         SIGNUPS_ALLOWED = false;
         ORG_GROUPS_ENABLED = true;
-        DOMAIN = "https://passwords." + prefs.hosts.thor.domain;
+        DOMAIN = "https://passwords." + prefs.config.thor.domain;
         EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,autofill-overlay,ssh-key-vault-item,ssh-agent";
       }
-      (with prefs.hosts.thor.emailConfig; {
+      (with prefs.config.thor.emailConfig; {
         SMTP_HOST = server;
         SMTP_PORT = port;
         SMTP_FROM = from;

hosts/thor/users.nix

@@ -1,34 +0,0 @@
-{
-  pkgs,
-  prefs,
-  ...
-}:
-
-let
-  inherit (prefs.users.thor)
-    username
-    fullname
-    isRoot
-    homeDirectory
-    preferredShell
-    ;
-  optional = pkgs.lib.lists.optionals;
-in
-{
-  users.users.${username} = {
-    isNormalUser = !isRoot;
-    isSystemUser = isRoot;
-    description = fullname;
-    home = homeDirectory;
-    group = "users";
-    
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-      "plugdev"
-      "video"
-    ];
-    ignoreShellProgramCheck = true;
-    shell = preferredShell pkgs;
-  };
-}

modules/desktop-environments/kde-plasma.nix

@@ -0,0 +1,41 @@
+{ pkgs, config, lib, ... }:
+
+{
+  options.modules.plasma6 = {
+    enable = lib.mkEnableOption "Enable KDE Plasma 6";
+    additionalPackages = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      description = "Additional Plasma-related packages to install";
+      default = [ ];
+    };
+  };
+
+  config = lib.mkIf config.modules.plasma6.enable {
+    home.packages =
+      with pkgs;
+      [
+        plasma-workspace
+        kdeconnect
+        spectacle
+        dolphin
+        konsole
+        kwalletmanager
+      ]
+      ++ config.modules.plasma6.additionalPackages;
+
+    home.sessionVariables = {
+      QT_QPA_PLATFORM = "wayland";
+      QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+      XDG_SESSION_TYPE = "wayland";
+      XDG_CURRENT_DESKTOP = "KDE";
+      GDK_BACKEND = "wayland,x11";
+    };
+
+    xdg.portal = {
+      enable = true;
+      config.kde.default = [ "kde" ];
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-kde
+      ];
+    };
+}

modules/nixos/nvidia-support.nix

@@ -21,8 +21,8 @@
       powerManagement.finegrained = true;
       prime = {
         offload.enable = true;
-        intelBusId = prefs.hosts.hulk.intelBusId;
-        nvidiaBusId = prefs.hosts.hulk.nvidiaBusId;
+        intelBusId = prefs.config.hulk.intelBusId;
+        nvidiaBusId = prefs.config.hulk.nvidiaBusId;
       };
 
       package = config.boot.kernelPackages.nvidiaPackages.legacy_470;

preferences.nix

@@ -16,6 +16,14 @@ rec {
       preferredShell = pkgs: pkgs.bash;
       isRoot = true;
     };
+
+    odin = {
+      username = "anna";
+      fullname = "Anna";
+      homeDirectory = "/home/${users.thor.username}";
+      preferredShell = pkgs: pkgs.fish;
+      isRoot = false;
+    };
   };
 
   nixpkgs = system: import inputs.nixpkgs {
@@ -41,7 +49,7 @@ rec {
     };
   };
 
-  hosts = {
+  config = {
     hulk = {
       nvidiaBusId = "PCI:2:0:0";
       intelBusId = "PCI:0:2:0";
@@ -60,8 +68,25 @@ rec {
     };
   };
 
+  hosts = {
+    hulk = {
+      system = "x86_64-linux";
+      useHomeManager = true;
+    };
+
+    odin = {
+      system = "x86_64-linux";
+      useHomeManager = true;
+    };
+
+    thor = {
+      system = "x86_64-linux";
+      useHomeManager = false;
+    };
+  };
+  
   homes = {
     sadorowo = ./profiles/sadorowo;
-    thor = ./profiles/thor;
+    anna = ./profiles/anna;
   };
 }

profiles/anna/apps/firefox.nix

@@ -0,0 +1,39 @@
+{
+  programs.firefox = {
+    enable = true;
+    profiles = {
+      anna = {
+        isDefault = true;
+
+        settings = {
+          "media.videocontrols.picture-in-picture.enabled" = false;
+          "widget.wayland-dmabuf-vaapi.enabled" = true;
+          "browser.ctrlTab.recentlyUsedOrder" = false;
+          "extensions.pocket.enabled" = false;
+          "gfx.webrender.all" = true;
+        };
+      };
+    };
+
+    policies = {
+      DisableTelemetry = true;
+      DisableFirefoxStudies = true;
+      EnableTrackingProtection = {
+        Value = true;
+        Locked = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+      };
+
+      SearchEngines.Default = "DuckDuckGo";
+      DisablePocket = true;
+      DisableFirefoxScreenshots = true;
+      OverrideFirstRunPage = "";
+      OverridePostUpdatePage = "";
+      DontCheckDefaultBrowser = true;
+      DisplayBookmarksToolbar = "always";
+      DisplayMenuBar = "never";
+      SearchBar = "unified";
+    };
+  };
+}

profiles/anna/default.nix

@@ -1,12 +1,15 @@
 {
   pkgs,
   prefs,
+  inputs,
   ...
 }:
 
 {
+  imports = [ ./modules.nix ];
+
   home = {
-    inherit (prefs.users.thor) username homeDirectory;
+    inherit (prefs.users.odin) username homeDirectory;
     packages = import ./packages.nix { inherit pkgs inputs; };
     stateVersion = "25.05";
   };

profiles/anna/modules.nix

@@ -0,0 +1,19 @@
+{ inputs, pkgs, ... }:
+
+{
+  imports = [
+    # DE + style
+    ../../modules/desktop-environments/kde-plasma.nix
+
+    # Utilities + apps
+    ../../modules/home-manager/fish.nix
+    ./apps/firefox.nix
+  ];
+
+  modules.plasma6.enable = true;
+  modules.fish = {
+    enable = true;
+    enableStarship = true;
+    enableDefaultAliases = false;
+  };
+}

profiles/anna/packages.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+with pkgs;
+[
+  element-desktop
+  libreoffice-qt6-fresh
+  anydesk
+  fastfetch
+  adwaita-icon-theme
+]

profiles/default.nix

@@ -12,10 +12,17 @@ let
     inputs.home-manager.lib.homeManagerConfiguration {
       pkgs = prefs.nixpkgs system;
       extraSpecialArgs = { inherit self inputs prefs; };
-      modules = [ profile ];
+      modules = [
+        profile
+        {
+          manual = {
+            html.enable = false;
+            manpages.enable = false;
+            json.enable = false;
+          };
+        }
+      ];
     };
-in
-{
-  sadorowo = mkHome "x86_64-linux" ./sadorowo;
-  thor = mkHome "x86_64-linux" ./thor;
-}
+in builtins.mapAttrs (name: path: 
+  mkHome prefs.hosts.${name}.system path
+) prefs.homes

profiles/sadorowo/packages.nix

@@ -1,4 +1,4 @@
-{ pkgs, inputs, ... }:
+{ pkgs, ... }:
 
 with pkgs;
 [
@@ -14,7 +14,6 @@ with pkgs;
 
   jq
   vim
-  starship
   element-desktop
   thunderbird-bin
   libreoffice-qt6-fresh

profiles/thor/packages.nix

@@ -1,8 +0,0 @@
-{ pkgs, ... }:
-
-with pkgs;
-[
-  jq
-  vim
-  fastfetch
-]