Organize modules

common/components/applications.nix

@@ -1,154 +0,0 @@
-{ lib, pkgs, ... }:
-
-with lib;
-
-let
-  mkNautilusScript = content: {
-    executable = true;
-    text = with pkgs; ''
-      #!${bash}/bin/bash
-      set -Eeuxo pipefail
-      paths="$(sed /^$/d <<< "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS")"
-      ${content}
-    '';
-  };
-in
-{
-  # Associations
-  xdg.mimeApps = {
-    enable = true;
-    associations.added = {
-      # Pending https://github.com/darktable-org/darktable/pull/12218
-      "image/heif" = [ "darktable-heif.desktop" ];
-    };
-    defaultApplications = {
-      # Archive
-      "application/zip" = "org.gnome.FileRoller.desktop";
-
-      # Document
-      "application/pdf" = "org.gnome.Evince.desktop";
-      "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "writer.desktop";
-
-      # Image
-      "image/bmp" = "org.gnome.eog.desktop";
-      "image/heif" = "org.gnome.eog.desktop";
-      "image/jpeg" = "org.gnome.eog.desktop";
-      "image/png" = "org.gnome.eog.desktop";
-      "image/svg+xml" = "org.gnome.eog.desktop";
-      "image/tiff" = "org.gnome.eog.desktop";
-
-      # Text
-      "application/gpx+xml" = "codium.desktop";
-      "application/json" = "codium.desktop";
-      "application/rss+xml" = "codium.desktop";
-      "application/x-shellscript" = "codium.desktop";
-      "application/xml" = "codium.desktop";
-      "text/markdown" = "codium.desktop";
-      "text/plain" = "codium.desktop";
-
-      # Web
-      "application/xhtml+xml" = "firefox.desktop";
-      "text/html" = "firefox.desktop";
-      "x-scheme-handler/http" = "firefox.desktop";
-      "x-scheme-handler/https" = "firefox.desktop";
-    };
-  };
-  xdg.configFile."mimeapps.list".force = true; # Workaround for nix-community/home-manager#1213
-
-  # Modules
-  programs.jq.enable = true;
-  programs.ssh = {
-    enable = true;
-    includes = [ "config.d/*" ];
-    extraOptionOverrides = {
-      GSSAPIAuthentication = "no";
-      PreferredAuthentications = "publickey";
-    };
-  };
-
-  # Packages
-  home.packages = with pkgs; [
-    add-words
-    darktable
-    dogdns
-    duperemove
-    efficient-compression-tool
-    exiftool
-    fd
-    ffmpeg
-    file
-    gdu
-    gimp-with-plugins
-    gopass
-    gopass-ydotool
-    htop
-    httpie
-    imagemagickBig
-    inkscape
-    killall
-    lsof
-    magic-wormhole
-    moreutils
-    mozjpeg-simple
-    mtr
-    multitail
-    nix-top
-    nix-tree
-    nixpkgs-review
-    off
-    pngquant
-    pngtools
-    pup
-    pwgen
-    qalculate-gtk
-    ripgrep
-    rsync
-    sqlitebrowser
-    nodePackages.svgo
-    trash-cli
-    uniscribe
-    v4l-utils
-    virt-manager
-    visidata
-    watchlog
-    whois
-    wireguard-tools
-    xorg.xev
-    yq
-  ];
-
-  # Nautilus scripts
-  xdg.dataFile."nautilus/scripts/HEIF,PNG,TIFF → JPEG" = with pkgs; mkNautilusScript ''
-    tr '\n' '\0' <<< "$paths" | xargs -0 -n 1 -P 8 nice ${mozjpeg-simple}/bin/mozjpeg
-  '';
-  xdg.dataFile."nautilus/scripts/JPEG: Strip geolocation" = with pkgs; mkNautilusScript ''
-    tr '\n' '\0' <<< "$paths" | xargs -0 nice ${exiftool}/bin/exiftool -overwrite_original -gps:all= -xmp:geotag=
-  '';
-  xdg.dataFile."nautilus/scripts/PNG: Optimize" = with pkgs; mkNautilusScript ''
-    tr '\n' '\0' <<< "$paths" \
-      | xargs -0 nice ${efficient-compression-tool}/bin/ect -8 -keep -quiet --mt-file \
-      2> >(${gnome.zenity}/bin/zenity --width 600 --progress --pulsate --auto-close --auto-kill)
-  '';
-  xdg.dataFile."nautilus/scripts/PNG: Trim" = with pkgs; mkNautilusScript ''
-    tr '\n' '\0' <<< "$paths" | xargs -0 -n 1 -P 8 nice ${imagemagick}/bin/mogrify -trim
-  '';
-
-  # Configuration
-  home.sessionVariables.ANSIBLE_NOCOWS = true;
-  xdg.configFile."cargo-release/release.toml".text = ''
-    push = false
-    publish = false
-    pre-release-commit-message = "Version {{version}}"
-    tag-message = "Version {{version}}"
-  ''; # Pending https://github.com/NixOS/nix/issues/3929
-  xdg.configFile."gdu/gdu.yaml".text = "no-cross: true";
-  home.file.".npmrc".text = generators.toKeyValue { } { fund = false; update-notifier = false; };
-  home.file.".visidatarc".text = with pkgs; generators.toKeyValue { } {
-    "options.clipboard_copy_cmd" = "${wl-clipboard}/bin/wl-copy";
-    "options.clipboard_paste_cmd" = "${wl-clipboard}/bin/wl-paste --no-newline";
-  };
-  xdg.configFile."watchlog/config.scfg".text = ''
-    delay: 1m
-    permanent-delay: never
-  '';
-}

common/components/system-keyboard.nix

@@ -24,4 +24,7 @@
   };
 
   services.ydotoold.enable = true;
+
+  # Permissions
+  users.users.ak.extraGroups = [ "ydotool" ];
 }

common/components/system-mail.nix

@@ -1,7 +1,9 @@
 { config, ... }:
 
 {
-  services.postfix = {
+  imports = [ ../../packages/systemd-alert.nix ];
+
+  config.services.postfix = {
     enable = true;
     destination = [ ]; # Disable local delivery
 

common/components/system-networking.nix

@@ -51,5 +51,8 @@ in
     # Workaround for `avahi-daemon[1234]: Failed to read /etc/avahi/services.`
     # Upstream: https://github.com/lathiat/avahi/blob/v0.8/avahi-daemon/static-services.c#L917-L919
     system.activationScripts.etcAvahiServices = "mkdir -p /etc/avahi/services";
+
+    # Permissions
+    users.users.ak.extraGroups = [ "networkmanager" ];
   };
 }

common/components/system-nix.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ../../packages/nixpkgs-issue-55674.nix ];
+
+  config = {
+    # Daemon
+    nix.daemonCPUSchedPolicy = "batch";
+
+    # Storage
+    nix.settings.auto-optimise-store = true;
+    nix.gc = { automatic = true; options = "--delete-older-than 7d"; };
+    nix.extraOptions = ''
+      # Recommended by nix-direnv
+      keep-outputs = true
+      keep-derivations = true
+    '';
+
+    # Diff after rebuild
+    system.activationScripts.diff = ''
+      PATH="${lib.makeBinPath [ pkgs.nix ]}" \
+        ${pkgs.nvd}/bin/nvd diff '/run/current-system' "$systemConfig"
+    '';
+
+    # Custom packages
+    nixpkgs.overlays = [ (import ../packages.nix) ];
+  };
+}

common/components/system-printer.nix

@@ -14,4 +14,7 @@
       deviceUri = "lpd://lumberjack/binary_p1";
     }];
   };
+
+  # Permissions
+  users.users.ak.extraGroups = [ "lp" ];
 }

common/components/system-scanner.nix

@@ -8,4 +8,7 @@
   hardware.sane.brscan4.netDevices = {
     DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
   };
+
+  # Permissions
+  users.users.ak.extraGroups = [ "scanner" ];
 }

common/components/system-users.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+
+{
+  users.mutableUsers = false;
+
+  users.groups.ak.gid = 1000;
+  users.users.ak = {
+    isNormalUser = true;
+    uid = 1000;
+    group = "ak";
+    extraGroups = [ "wheel" ];
+    description = "Andrew";
+    hashedPassword = builtins.readFile ../local/resources/ak.passwd;
+    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [ (builtins.readFile ../resources/andrew.pub) ];
+  };
+}

common/components/system-virtualization.nix

@@ -0,0 +1,12 @@
+{
+  # Containers
+  virtualisation.containers.registries.search = [ "docker.io" ];
+  virtualisation.docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
+  virtualisation.podman.enable = true;
+
+  # Virtual machines
+  virtualisation.libvirtd.enable = true;
+
+  # Permissions
+  users.users.ak.extraGroups = [ "docker" "libvirtd" "podman" ];
+}

common/components/user-applications.nix

@@ -0,0 +1,158 @@
+{ lib, pkgs, ... }:
+
+with lib;
+
+let
+  mkNautilusScript = content: {
+    executable = true;
+    text = with pkgs; ''
+      #!${bash}/bin/bash
+      set -Eeuxo pipefail
+      paths="$(sed /^$/d <<< "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS")"
+      ${content}
+    '';
+  };
+in
+{
+  imports = [ ../../packages/organize-downloads.nix ];
+
+  config = {
+    # Associations
+    xdg.mimeApps = {
+      enable = true;
+      associations.added = {
+        # Pending https://github.com/darktable-org/darktable/pull/12218
+        "image/heif" = [ "darktable-heif.desktop" ];
+      };
+      defaultApplications = {
+        # Archive
+        "application/zip" = "org.gnome.FileRoller.desktop";
+
+        # Document
+        "application/pdf" = "org.gnome.Evince.desktop";
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "writer.desktop";
+
+        # Image
+        "image/bmp" = "org.gnome.eog.desktop";
+        "image/heif" = "org.gnome.eog.desktop";
+        "image/jpeg" = "org.gnome.eog.desktop";
+        "image/png" = "org.gnome.eog.desktop";
+        "image/svg+xml" = "org.gnome.eog.desktop";
+        "image/tiff" = "org.gnome.eog.desktop";
+
+        # Text
+        "application/gpx+xml" = "codium.desktop";
+        "application/json" = "codium.desktop";
+        "application/rss+xml" = "codium.desktop";
+        "application/x-shellscript" = "codium.desktop";
+        "application/xml" = "codium.desktop";
+        "text/markdown" = "codium.desktop";
+        "text/plain" = "codium.desktop";
+
+        # Web
+        "application/xhtml+xml" = "firefox.desktop";
+        "text/html" = "firefox.desktop";
+        "x-scheme-handler/http" = "firefox.desktop";
+        "x-scheme-handler/https" = "firefox.desktop";
+      };
+    };
+    xdg.configFile."mimeapps.list".force = true; # Workaround for nix-community/home-manager#1213
+
+    # Modules
+    programs.jq.enable = true;
+    programs.ssh = {
+      enable = true;
+      includes = [ "config.d/*" ];
+      extraOptionOverrides = {
+        GSSAPIAuthentication = "no";
+        PreferredAuthentications = "publickey";
+      };
+    };
+
+    # Packages
+    home.packages = with pkgs; [
+      add-words
+      darktable
+      dogdns
+      duperemove
+      efficient-compression-tool
+      exiftool
+      fd
+      ffmpeg
+      file
+      gdu
+      gimp-with-plugins
+      gopass
+      gopass-ydotool
+      htop
+      httpie
+      imagemagickBig
+      inkscape
+      killall
+      lsof
+      magic-wormhole
+      moreutils
+      mozjpeg-simple
+      mtr
+      multitail
+      nix-top
+      nix-tree
+      nixpkgs-review
+      off
+      pngquant
+      pngtools
+      pup
+      pwgen
+      qalculate-gtk
+      ripgrep
+      rsync
+      sqlitebrowser
+      nodePackages.svgo
+      trash-cli
+      uniscribe
+      v4l-utils
+      virt-manager
+      visidata
+      watchlog
+      whois
+      wireguard-tools
+      xorg.xev
+      yq
+    ];
+
+    # Nautilus scripts
+    xdg.dataFile."nautilus/scripts/HEIF,PNG,TIFF → JPEG" = with pkgs; mkNautilusScript ''
+      tr '\n' '\0' <<< "$paths" | xargs -0 -n 1 -P 8 nice ${mozjpeg-simple}/bin/mozjpeg
+    '';
+    xdg.dataFile."nautilus/scripts/JPEG: Strip geolocation" = with pkgs; mkNautilusScript ''
+      tr '\n' '\0' <<< "$paths" | xargs -0 nice ${exiftool}/bin/exiftool -overwrite_original -gps:all= -xmp:geotag=
+    '';
+    xdg.dataFile."nautilus/scripts/PNG: Optimize" = with pkgs; mkNautilusScript ''
+      tr '\n' '\0' <<< "$paths" \
+        | xargs -0 nice ${efficient-compression-tool}/bin/ect -8 -keep -quiet --mt-file \
+        2> >(${gnome.zenity}/bin/zenity --width 600 --progress --pulsate --auto-close --auto-kill)
+    '';
+    xdg.dataFile."nautilus/scripts/PNG: Trim" = with pkgs; mkNautilusScript ''
+      tr '\n' '\0' <<< "$paths" | xargs -0 -n 1 -P 8 nice ${imagemagick}/bin/mogrify -trim
+    '';
+
+    # Configuration
+    home.sessionVariables.ANSIBLE_NOCOWS = true;
+    xdg.configFile."cargo-release/release.toml".text = ''
+      push = false
+      publish = false
+      pre-release-commit-message = "Version {{version}}"
+      tag-message = "Version {{version}}"
+    ''; # Pending https://github.com/NixOS/nix/issues/3929
+    xdg.configFile."gdu/gdu.yaml".text = "no-cross: true";
+    home.file.".npmrc".text = generators.toKeyValue { } { fund = false; update-notifier = false; };
+    home.file.".visidatarc".text = with pkgs; generators.toKeyValue { } {
+      "options.clipboard_copy_cmd" = "${wl-clipboard}/bin/wl-copy";
+      "options.clipboard_paste_cmd" = "${wl-clipboard}/bin/wl-paste --no-newline";
+    };
+    xdg.configFile."watchlog/config.scfg".text = ''
+      delay: 1m
+      permanent-delay: never
+    '';
+  };
+}

common/components/user-nix.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ../../packages/nixpkgs-issue-55674.nix ];
+
+  config = {
+    # Diff after rebuild
+    home.activation.diff = lib.hm.dag.entryAnywhere ''
+      ${pkgs.nvd}/bin/nvd diff "$oldGenPath" "$newGenPath"
+    '';
+
+    # Custom packages
+    nixpkgs.overlays = [ (import ../packages.nix) ];
+  };
+}

common/home.nix

@@ -5,23 +5,20 @@
   disabledModules = [ "config/i18n.nix" ];
 
   imports = [
-    ../packages/organize-downloads.nix
-    ./components/applications.nix
-    ./components/browser.nix
-    ./components/desktop.nix
-    ./components/editor.nix
-    ./components/fonts.nix
-    ./components/git.nix
-    ./components/openpgp.nix
-    ./components/shell.nix
-    ./components/spelling.nix
-    ./components/terminal.nix
+    ./components/user-applications.nix
+    ./components/user-browser.nix
+    ./components/user-desktop.nix
+    ./components/user-editor.nix
+    ./components/user-fonts.nix
+    ./components/user-git.nix
+    ./components/user-nix.nix
+    ./components/user-openpgp.nix
+    ./components/user-shell.nix
+    ./components/user-spelling.nix
+    ./components/user-terminal.nix
     ./local/home.nix
   ];
 
-  # Pending NixOS/nixpkgs#55674
-  options.allowedUnfree = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; };
-
   options.host = {
     background = lib.mkOption { type = lib.types.str; };
     firefoxProfile = lib.mkOption { type = lib.types.str; };
@@ -29,17 +26,9 @@
   };
 
   config = {
-    nixpkgs.overlays = [ (import ./packages.nix) ];
-
-    # Nix
-    nixpkgs.config.allowUnfreePredicate = p: builtins.elem (lib.getName p) config.allowedUnfree; # Pending NixOS/nixpkgs#55674
-
     # Home manager
     programs.home-manager.enable = true;
     manual.html.enable = true;
-    home.activation.diff = lib.hm.dag.entryAnywhere ''
-      ${pkgs.nvd}/bin/nvd diff "$oldGenPath" "$newGenPath"
-    '';
 
     # User
     home.username = "ak";

common/nixos.nix

@@ -9,41 +9,24 @@ let
 in
 {
   imports = [
-    ./components/backup.nix
-    ./components/keyboard.nix
-    ./components/locale.nix
-    ./components/mail.nix
-    ./components/networking.nix
-    ./components/printer.nix
-    ./components/scanner.nix
+    ./components/system-backup.nix
+    ./components/system-keyboard.nix
+    ./components/system-locale.nix
+    ./components/system-mail.nix
+    ./components/system-networking.nix
+    ./components/system-nix.nix
+    ./components/system-printer.nix
+    ./components/system-scanner.nix
+    ./components/system-users.nix
+    ./components/system-virtualization.nix
   ];
 
-  # Pending NixOS/nixpkgs#55674
-  options.allowedUnfree = lib.mkOption { type = lib.types.listOf lib.types.str; };
-
   options.host = {
     local = lib.mkOption { type = lib.types.path; };
     resources = lib.mkOption { type = lib.types.path; };
   };
 
   config = {
-    nixpkgs.overlays = [ (import ./packages.nix) ];
-
-    # Nix
-    nix.settings.auto-optimise-store = true;
-    nix.gc = { automatic = true; options = "--delete-older-than 7d"; };
-    nix.extraOptions = ''
-      # Recommended by nix-direnv
-      keep-outputs = true
-      keep-derivations = true
-    '';
-    nixpkgs.config.allowUnfreePredicate = p: builtins.elem (lib.getName p) config.allowedUnfree; # Pending NixOS/nixpkgs#55674
-    nix.daemonCPUSchedPolicy = "batch";
-    system.activationScripts.diff = ''
-      PATH="${lib.makeBinPath [ pkgs.nix ]}" \
-        ${pkgs.nvd}/bin/nvd diff '/run/current-system' "$systemConfig"
-    '';
-
     # Boot
     allowedUnfree = [ "memtest86-efi" ];
     boot.loader.systemd-boot.enable = true;
@@ -108,17 +91,9 @@ in
     ];
 
     # SSH
-    services.openssh = { enable = true; passwordAuthentication = false; };
-
-    # Service monitoring
-    systemd.services."alert@" = {
-      description = "Alert of failed %I";
-      serviceConfig.SyslogIdentifier = "%p";
-      serviceConfig.Type = "oneshot";
-      serviceConfig.ExecStart = with pkgs; ''
-        ${bash}/bin/bash -c "${system-sendmail}/bin/sendmail -i root \
-        <<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
-      '';
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
     };
 
     # SMART monitoring
@@ -141,14 +116,6 @@ in
       pulse.enable = true;
     };
 
-    # Virtualization
-    virtualisation = {
-      containers.registries.search = [ "docker.io" ];
-      docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
-      podman.enable = true;
-      libvirtd.enable = true;
-    };
-
     # OpenPGP
     services.pcscd.enable = true;
     programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
@@ -157,9 +124,6 @@ in
     services.xserver.enable = true;
     services.xserver.displayManager.gdm.enable = true;
     services.xserver.desktopManager.gnome.enable = true;
-
-    # Applications
-    environment.localBinInPath = true;
     environment.sessionVariables.NIXOS_OZONE_WL = "1";
     environment.gnome.excludePackages = with pkgs; [
       gnome.epiphany
@@ -170,29 +134,9 @@ in
       gnome.gnome-weather
       gnome-photos
     ];
-    programs.zsh.enable = true;
 
-    # Users
-    users.mutableUsers = false;
-    users.groups.ak.gid = 1000;
-    users.users.ak = {
-      isNormalUser = true;
-      uid = 1000;
-      group = "ak";
-      extraGroups = [
-        "wheel"
-        "networkmanager"
-        "lp"
-        "scanner"
-        "podman"
-        "docker"
-        "libvirtd"
-        "ydotool"
-      ];
-      description = "Andrew";
-      hashedPassword = builtins.readFile ./local/resources/ak.passwd;
-      shell = pkgs.zsh;
-      openssh.authorizedKeys.keys = [ (builtins.readFile ./resources/andrew.pub) ];
-    };
+    # Applications
+    environment.localBinInPath = true;
+    programs.zsh.enable = true;
   };
 }

packages/nixpkgs-issue-55674.nix

@@ -0,0 +1,7 @@
+{ config, lib, ... }:
+
+{
+  # Pending https://github.com/NixOS/nixpkgs/issues/55674
+  options.allowedUnfree = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; };
+  config.nixpkgs.config.allowUnfreePredicate = p: builtins.elem (lib.getName p) config.allowedUnfree;
+}

packages/systemd-alert.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+{
+  systemd.services."alert@" = {
+    description = "Alert of failed %I";
+    serviceConfig.SyslogIdentifier = "%p";
+    serviceConfig.Type = "oneshot";
+    serviceConfig.ExecStart = with pkgs; ''
+      ${bash}/bin/bash -c "${system-sendmail}/bin/sendmail -i root \
+      <<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
+    '';
+  };
+}