Initial commit

modules/audio/pipewire.nix

@@ -0,0 +1,44 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.audio.pipewire;
+in
+{
+  options.my.audio.pipewire = {
+    support32Bit = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable 32-bit ALSA support (useful for some games/apps).";
+    };
+
+    tools = lib.mkOption {
+      type = lib.types.enum [ "none" "basic" "full" ];
+      default = "basic";
+      description = "Install common audio tools.";
+    };
+  };
+
+  config = {
+    security.rtkit.enable = true;
+
+    services.pipewire = {
+      enable = true;
+      wireplumber.enable = true;
+
+      alsa = {
+        enable = true;
+        support32Bit = cfg.support32Bit;
+      };
+
+      pulse.enable = true;
+      jack.enable = true;
+    };
+
+    environment.systemPackages =
+      if cfg.tools == "none" then
+        [ ]
+      else if cfg.tools == "basic" then
+        with pkgs; [ pavucontrol ]
+      else
+        with pkgs; [ pavucontrol pulsemixer helvum ];
+  };
+}

modules/desktop/greetd.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.desktop.greetd;
+in
+{
+  options.my.desktop.greetd = {
+    user = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "User account that runs the default session.";
+    };
+
+    command = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Command to run for the default session (use an absolute path).";
+    };
+  };
+
+  config = {
+    assertions = [
+      {
+        assertion = cfg.user != null;
+        message = "my.desktop.greetd.user must be set.";
+      }
+      {
+        assertion = cfg.command != null;
+        message = "my.desktop.greetd.command must be set (use an absolute path like \"${pkgs.sway}/bin/sway\").";
+      }
+    ];
+
+    services.greetd = {
+      enable = true;
+      settings.default_session = {
+        user = cfg.user;
+        command = cfg.command;
+      };
+    };
+  };
+}

modules/desktop/sway.nix

@@ -0,0 +1,65 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.desktop.sway;
+
+  utilitiesPkgs =
+    if cfg.utilities == "minimal" then
+      [ ]
+    else if cfg.utilities == "essentials" then
+      with pkgs; [
+        wl-clipboard
+        grim
+      ]
+    else if cfg.utilities == "full" then
+      with pkgs; [
+        wl-clipboard
+        grim
+        slurp
+        swaylock
+        swayidle
+        waybar
+        mako          # notifications
+        wofi          # launcher
+        brightnessctl
+        playerctl
+        pavucontrol
+      ]
+    else
+      [ ];
+
+  portalPkgs = with pkgs; [ xdg-desktop-portal-gtk ];
+in
+{
+  options.my.desktop.sway = {
+    utilities = lib.mkOption {
+      type = lib.types.enum [ "minimal" "essentials" "full" ];
+      default = "essentials";
+      description = "Utility bundle size for a Sway environment.";
+    };
+
+    x11Compatibility = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable XWayland support for X11-only applications.";
+    };
+  };
+
+  config = lib.mkMerge [
+    {
+      programs.sway = {
+        enable = true;
+        xwayland.enable = cfg.x11Compatibility;
+      };
+
+      services.seatd.enable = true;
+
+      xdg.portal = {
+        enable = true;
+        wlr.enable = true;
+        extraPortals = portalPkgs;
+      };
+
+      environment.systemPackages = utilitiesPkgs;
+    }
+  ];
+}

modules/misc/fonts.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.misc.fonts;
+in
+{
+  options.my.misc.fonts = {
+    extra = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      default = [ ];
+      description = "Extra font packages to install in addition to the defaults.";
+    };
+  };
+
+  config = {
+    fonts.packages =
+      (with pkgs; [
+        dejavu_fonts
+        noto-fonts
+        noto-fonts-color-emoji
+      ])
+      ++ cfg.extra;
+  };
+}

modules/network/firewall.nix

@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.network.firewall;
+in
+{
+  options.my.network.firewall = {
+    allowedTCPPorts = lib.mkOption {
+      type = lib.types.listOf lib.types.port;
+      default = [ ];
+    };
+
+    allowedUDPPorts = lib.mkOption {
+      type = lib.types.listOf lib.types.port;
+      default = [ ];
+    };
+
+    trustedInterfaces = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+    };
+
+    allowPing = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+  };
+
+  config = {
+    networking.firewall = {
+      enable = true;
+      allowedTCPPorts = cfg.allowedTCPPorts;
+      allowedUDPPorts = cfg.allowedUDPPorts;
+      trustedInterfaces = cfg.trustedInterfaces;
+      allowPing = cfg.allowPing;
+    };
+  };
+}

modules/network/networkmanager.nix

@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.network.networkmanager;
+in
+{
+  options.my.network.networkmanager = {
+    wifiPowersave = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable Wi-Fi powersave (may reduce performance/latency).";
+    };
+
+    useResolved = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Use systemd-resolved for DNS.";
+    };
+  };
+
+  config = {
+    networking.networkmanager.enable = true;
+
+    networking.networkmanager.wifi.powersave = cfg.wifiPowersave;
+
+    services.resolved.enable = cfg.useResolved;
+  };
+}

modules/users/phill.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  users.users.phill = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "video" "input" ];
+  };
+
+  security.sudo.wheelNeedsPassword = true;
+}