update: fixed issues and update flake inputs

2025-12-29 16:03:31 +08:00 · 2025-12-29 16:03:31 +08:00 · b3c5ad2880
commit b3c5ad2880
parent 4b6183f0ec
80 changed files with 3307 additions and 2059 deletions
--- a/system/dev/dn-pre7780/common/boot.nix
+++ b/system/dev/dn-pre7780/common/boot.nix
@ -3,7 +3,7 @@
  ...
 }:
 {
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_6_17;

  fileSystems."/mnt/ssd" = {
    device = "/dev/disk/by-label/DN-SSD";
--- a/system/dev/dn-pre7780/common/hardware-configuration.nix
+++ b/system/dev/dn-pre7780/common/hardware-configuration.nix
@ -1,28 +1,46 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

-  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = [
+    "vmd"
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "/dev/disk/by-label/NIXROOT";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-label/NIXBOOT";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };

  swapDevices = [ ];

--- a/system/dev/dn-pre7780/common/nvidia.nix
+++ b/system/dev/dn-pre7780/common/nvidia.nix
@ -1,3 +1,7 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkForce;
+in
 {
  imports = [
    (import ../../../modules/nvidia.nix {
@ -6,4 +10,6 @@
      nvidia-bus-id = "PCI:1:0:0";
    })
  ];
+
+  hardware.nvidia.package = mkForce config.boot.kernelPackages.nvidiaPackages.beta;
 }
--- a/system/dev/dn-pre7780/default.nix
+++ b/system/dev/dn-pre7780/default.nix
@ -11,24 +11,10 @@ in
 {
  systemConf = {
    inherit hostname username;
-    domain = "net.dn";
    enableHomeManager = true;
    nvidia.enable = true;
-    hyprland = {
-      enable = true;
-      monitors = [
-        {
-          desc = "ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271";
-          output = "DP-2";
-          props = "2560x1440@165, 0x0, 1";
-        }
-        {
-          desc = "Acer Technologies XV272U V3 1322131231233";
-          output = "DP-3";
-          props = "2560x1440@180, -1440x-600, 1, transform, 1";
-        }
-      ];
-    };
+    hyprland.enable = false;
+    niri.enable = true;
    sddm.package = (
      pkgs.sddm-astronaut.override {
        embeddedTheme = "purple_leaves";
@ -65,6 +51,8 @@ in
    ./sops
    ./utility
    ./virtualisation
+    ../../modules/shells/noctalia
+    ../../modules/sunshine.nix
  ];

  # Live Sync D
--- a/system/dev/dn-pre7780/expr/default.nix
+++ b/system/dev/dn-pre7780/expr/default.nix
@ -1,6 +1,6 @@
 {
  imports = [
    # ./netbird.nix
-    ./osx-kvm.nix
+    # ./osx-kvm.nix
  ];
 }
--- a/system/dev/dn-pre7780/games/game.nix
+++ b/system/dev/dn-pre7780/games/game.nix
@ -1,6 +1,5 @@
 {
  pkgs,
-  pkgs-stable,
  config,
  ...
 }:
@ -18,8 +17,8 @@ let
  });
 in
 {
-  environment.systemPackages = [
-    pkgs-stable.shadps4
+  environment.systemPackages = with pkgs; [
+    shadps4
  ];

  home-manager = {
--- a/system/dev/dn-pre7780/home/default.nix
+++ b/system/dev/dn-pre7780/home/default.nix
@ -1,81 +1,187 @@
 {
  config,
  lib,
+  helper,
  ...
 }:
 let
-  inherit (lib) optionalString;
+  inherit (helper) getMonitors;
+  inherit (builtins) elemAt;
+  inherit (config.networking) hostName;
  inherit (config.systemConf) username;
-  inherit (config.systemConf.hyprland) monitors;
+  inherit (lib) optionalString mkForce;
+
+  wmName = if config.programs.hyprland.enable then "hyprland" else "niri";
 in
 {
-  home-manager.users."${username}" = {
-    imports = [
-      ../../../../home/presets/basic.nix
-      ../../../../home/user/zellij.nix
-      ./expr
-      ./wm
+  home-manager.users."${username}" =
+    {
+      osConfig,
+      config,
+      pkgs,
+      ...
+    }:
+    let
+      monitors = getMonitors hostName config;
+      mainMonitor = (elemAt monitors 0).criteria;
+      secondMonitor = (elemAt monitors 1).criteria;
+      mainMonitorSwayFormat = "desc:ASUSTek COMPUTER INC - ASUS VG32VQ1B";
+    in
+    {
+      home.packages = with pkgs; [
+        mattermost-desktop
+      ];

-      # Bitwarden client
-      (import ../../../../home/user/bitwarden.nix {
-        email = "danny@net.dn";
-        baseUrl = "https://bitwarden.net.dn";
-      })
+      # NOTE: Disable idle
+      services.hypridle.enable = mkForce false;

-      # waybar
-      (import ../../../../home/user/waybar.nix {
-        settings = [
-          # monitor 1
+      # hyprlock shows on main monitor
+      programs.hyprlock.monitors = [
+        mainMonitorSwayFormat
+      ];
+
+      services.kanshi.settings = [
+        {
+          profile.name = "${hostName}";
+          profile.outputs = [
+            {
+              criteria = "ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271";
+              mode = "2560x1440@164.554001Hz";
+              position = "0,0";
+              scale = 1.0;
+            }
+            {
+              criteria = "Acer Technologies XV272U V3 1322131231233";
+              mode = "2560x1440@179.876999Hz";
+              position = "-1440,-600";
+              transform = "90";
+            }
+          ];
+        }
+      ];
+
+      programs.ghostty.settings = {
+        background-opacity = 0.9;
+      };
+
+      # ==== Shells ==== #
+      # Caelestia
+      programs.caelestia.settings = {
+        osd = {
+          enableBrightness = false;
+          enableMicrophone = true;
+        };
+      };
+
+      # Noctalia
+      programs.noctalia-shell.filteredIds = [
+        "Brightness"
+      ];
+
+      # ==== WM ==== #
+      programs.niri.settings = {
+        binds = with config.lib.niri.actions; {
+          "Mod+G".action = focus-workspace "game";
+          "Mod+Shift+G".action.move-column-to-workspace = [ "game" ];
+
+          # Overrides
+          "Mod+B".action = mkForce (focus-workspace "browser");
+          "Mod+Shift+B".action.move-column-to-workspace = [ "browser" ];
+        };
+
+        hotkey-overlay = {
+          hide-not-bound = true;
+          skip-at-startup = true;
+        };
+
+        workspaces."browser" = {
+          open-on-output = secondMonitor;
+        };
+
+        # Other settings are located in `public/dn/common.nix`
+        workspaces."game" = {
+          open-on-output = mainMonitor;
+        };
+
+        window-rules = [
+          # Second Monitor App
          {
-            output = "${(builtins.elemAt monitors 0).output}";
-            height = 48;
-            modules-left = [
-              "custom/os"
-              "hyprland/workspaces"
-              "clock"
-              "custom/cava"
-              "mpris"
-            ];
-            modules-right = [
-              "wlr/taskbar"
-              (optionalString config.programs.gamemode.enable "custom/gamemode")
-              "custom/bitwarden"
-              "custom/airplay"
-              "custom/wallRand"
-              "custom/wireguard"
-              "custom/recording"
-              "idle_inhibitor"
-              "network"
-              "cpu"
-              "memory"
-              "pulseaudio"
-              "custom/swaync"
-            ];
-          }
-          # monitor 2
-          {
-            output = "${(builtins.elemAt monitors 1).output}";
-            height = 54;
-            modules-left = [
-              "clock"
-              "mpris"
-            ];
-            modules-right = [
-              "wlr/taskbar"
-              "temperature"
-              "cpu"
-              "memory"
-              "pulseaudio"
+            matches = [
+              {
+                app-id = "^discord$";
+              }
+              {
+                app-id = "^thunderbird$";
+              }
            ];
+
+            open-on-output = secondMonitor;
          }
        ];
-      })
+      };

-      # Git
-      (import ../../../../home/user/git.nix {
-        inherit username;
-        email = "danny10132024@gmail.com";
-      })
-    ];
-  };
+      imports = [
+        ../../../../home/presets/basic.nix
+        ../../../../home/user/zellij.nix
+        ./expr
+        ./wm
+
+        # Bitwarden client
+        (import ../../../../home/user/bitwarden.nix {
+          email = "danny@net.dn";
+          baseUrl = "https://bitwarden.net.dn";
+        })
+
+        # waybar
+        (import ../../../../home/user/waybar.nix {
+          matchByDesc = true;
+          settings = [
+            # monitor 1
+            {
+              output = "${(builtins.elemAt monitors 0).criteria}";
+              height = 48;
+              modules-left = [
+                "custom/os"
+                "${wmName}/workspaces"
+                "clock"
+                "custom/cava"
+                "mpris"
+              ];
+              modules-right = [
+                "wlr/taskbar"
+                (optionalString osConfig.programs.gamemode.enable "custom/gamemode")
+                "custom/bitwarden"
+                "custom/airplay"
+                "custom/wallRand"
+                "custom/wireguard"
+                "custom/recording"
+                "idle_inhibitor"
+                "network"
+                "cpu"
+                "memory"
+                "pulseaudio"
+                "custom/swaync"
+              ];
+            }
+            # monitor 2
+            {
+              output = "${(builtins.elemAt monitors 1).criteria}";
+              height = 54;
+              modules-left = [
+                "clock"
+                "mpris"
+              ];
+              modules-right = [
+                "wlr/taskbar"
+                "temperature"
+                "cpu"
+                "memory"
+                "pulseaudio"
+              ];
+            }
+          ];
+        })
+
+      ];
+    };
 }
--- a/system/dev/dn-pre7780/services/default.nix
+++ b/system/dev/dn-pre7780/services/default.nix
@ -4,7 +4,7 @@
    ./mail.nix
    ./nginx.nix
    ./wireguard.nix
-    ./nextcloud.nix
+    # ./nextcloud.nix
    # ./netbird.nix
  ];
 }
--- a/system/dev/dn-pre7780/services/nextcloud.nix
+++ b/system/dev/dn-pre7780/services/nextcloud.nix
@ -5,10 +5,26 @@
  ...
 }:
 let
+  inherit (lib) mkIf mkForce;
  hostname = "drive.dnywe.com";
  port = 31007;
 in
 {
+  sops.secrets = {
+    "nextcloud/adminPassword" = mkIf config.services.nextcloud.enable {
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    "nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable {
+      owner = "signaling";
+      group = "signaling";
+      mode = "0640";
+    };
+    "nextcloud/whiteboard" = mkIf config.services.nextcloud.enable {
+      owner = "nextcloud";
+    };
+  };
+
  imports = [
    (import ../../../modules/nextcloud.nix {
      configureACME = false;
@ -25,10 +41,10 @@ in
  ];

  services.nextcloud = {
-    https = lib.mkForce false;
+    # enable = mkForce false;
+    https = mkForce false;
    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps) spreed;
-
      twofactor_totp = pkgs.fetchNextcloudApp {
        url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
        sha256 = "sha256-Wa2P6tpp75IxCsTG4B5DQ8+iTzR7yjKBi4ZDBcv+AOI=";
@ -49,15 +65,15 @@ in
    };
  };

-  users.groups.signaling = {
+  users.groups.signaling = mkIf config.services.nextcloud.enable {
  };

-  users.users.signaling = {
+  users.users.signaling = mkIf config.services.nextcloud.enable {
    isSystemUser = true;
    group = "signaling";
  };

-  systemd.services.nextcloud-spreed-signaling = {
+  systemd.services.nextcloud-spreed-signaling = mkIf config.services.nextcloud.enable {
    requiredBy = [
      "multi-users.target"
      "phpfpm-nextcloud.service"
@ -71,7 +87,7 @@ in
    };
  };

-  services.nats = {
+  services.nats = mkIf config.services.nextcloud.enable {
    enable = true;
    settings = {
      host = "127.0.0.1";
--- a/system/dev/dn-pre7780/sops/secret.yaml
+++ b/system/dev/dn-pre7780/sops/secret.yaml
@ -1,5 +1,5 @@
 wireguard:
-    wg0.conf: ENC[AES256_GCM,data:AL5GVljm3Ta9Deb2SiUNEvtTSL1L9E5lcMhE6szjXCCfBnOpK8RiVe/b6JGC9RzE6DFiiQdZoKBWLy7rcrIjrDA09bCaQO5Gjjl2YtEkI0FULcMI8PuIQ8j2sYgjk0FAXRsmNy5U/v6afIum5wN2iTsYL1y3DObeRoNrsQNhBYDQBE0ZmcJxgtQYihUuGuEYcDLhzhFXfYKZrG1Grwqpcn0KK8K5A3qPgtq8fn86KuMZ6i4MHAiG7OJgXMpgTHjmWpJ819qsswjkpF1RgjgpET28IiNza9FIbxiflIXXagSZeigtLIJ6dOZwBgt0f5dgfr41dN/hT5SEHFADdXIa,iv:OsB8mf+WB9C/kvGzTs/LxqjimPISDGhU2P2GjbkYEbc=,tag:lCxtFVViYejQhZUfmdkGrg==,type:str]
+    wg0.conf: ENC[AES256_GCM,data:ozySeNEvkiLt9TGrZCrlJWKT5gcSlZ9T8AeXGO97SPgxI394eCQ/LOkVFl7AykhZvs7YkxMpZzAZxc0oNdTYuDlqfrNr0pqTUJmpX+5PVRmDb5z2MJvERktVkJ4LSvVodoYznDwT/y9q199AFKf3t4EoWuRyR/il6P8HuGVHXrKRYUrwuB4nuq1SIByY+8D2gzohFB/s6pSOPYy6/xCt0Nm+x0wmcdrlyOb0S+4WXlcou2ll98o9q2YDdVBKeW4jyUjFqXM2XzD0JXpAi9ZFlyzxyYNwa4oMYATyCBCH4BNHqe850QHEoCaOovioEdDH/tluB2X/891ixqzURypzbg==,iv:3Q5xOgGcg8/DIwHt4fHsQGtN8f2hGpVDtf47PcwW62I=,tag:SbJqhWi3+h1O5ZIOayDrUw==,type:str]
 dovecot:
    openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str]
 nextcloud:
@ -38,7 +38,7 @@ sops:
            MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w
            lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-22T10:29:33Z"
-    mac: ENC[AES256_GCM,data:hcqqPP7EEDrFWwKU3Yl0XM6h17pLXBsmISMd94qYzaxmT/nKnF5bn8dq6M1C9t0Q0vvLjrPm94Gv2HPPJOX960whYMfwuXv/RkORJGb4qXdkXsGJaCrR9M51HArrd7Ba3pjoEyp3Jz9xTNrqg8kCDphBs0oZRV6dQDJUTdLbR50=,iv:eH5T27fthAad/dM5NxXyQawiVmTGgwJbeRXAiut9kL4=,tag:3lGkJMZKo8O1Zm1fB3DJ9Q==,type:str]
+    lastmodified: "2025-12-19T12:39:37Z"
+    mac: ENC[AES256_GCM,data:JSwphdjAfZcLSuctzruwVjBQXhbQKnEda93KlrH8eoSJcFXBRCMz0v+HY2nBlrC9lwp9vgT3HnGmR6hIPi48UtyxYcGOJy33OY4M1it0WGE2r8Ikg++5cBUtacK4QdwuMCADhNT5ZHs5T7UUX0GMLeqAtrcJ3FKt+4+catsOvnE=,iv:7ZTi86IkbScizZlOCk+uXDyWzrFDsLRuLuzjUFsMFR0=,tag:3/i7BZ8XYALj7RYj4dIUgA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/system/dev/dn-pre7780/sops/sops-conf.nix
+++ b/system/dev/dn-pre7780/sops/sops-conf.nix
@ -6,18 +6,6 @@ in
  sops = {
    secrets = {
      "wireguard/wg0.conf" = { };
-      "nextcloud/adminPassword" = mkIf config.services.nextcloud.enable {
-        owner = "nextcloud";
-        group = "nextcloud";
-      };
-      "nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable {
-        owner = "signaling";
-        group = "signaling";
-        mode = "0640";
-      };
-      "nextcloud/whiteboard" = mkIf config.services.nextcloud.enable {
-        owner = "nextcloud";
-      };

      "lam/env" = { };

--- a/system/dev/dn-pre7780/virtualisation/default.nix
+++ b/system/dev/dn-pre7780/virtualisation/default.nix
@ -2,5 +2,6 @@
  imports = [
    ../../../modules/virtualization.nix
    ../../../modules/wine.nix
+    ./kvm.nix
  ];
 }
--- a/system/dev/dn-pre7780/virtualisation/kvm.nix
+++ b/system/dev/dn-pre7780/virtualisation/kvm.nix
@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+let
+  inherit (config.systemConf) username;
+in
+{
+  programs.virt-manager.enable = true;
+
+  users.groups.libvirtd.members = [ username ];
+
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu.swtpm.enable = true;
+      qemu.vhostUserPackages = with pkgs; [ virtiofsd ];
+    };
+    spiceUSBRedirection.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    # dnsmasq
+    qemu
+    quickemu
+  ];
+}