🚚 [shared] Added shared config that shared desktop config inherits from

shared/desktop/modules/boot.nix

@@ -0,0 +1,6 @@
+{
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+}

shared/desktop/modules/default.nix

@@ -0,0 +1,30 @@
+{ lib, ... }:
+
+{
+  imports = [
+    (lib.custom.relativeToBase "modules")
+    ./boot.nix
+    ./development
+    ./electron.nix
+    ./fonts.nix
+    ./gaming
+    ./gnome
+    ./hardware
+    ./kdeconnect.nix
+    ./locale.nix
+    ./mail.nix
+    ./media.nix
+    ./nixos.nix
+    ./nix-helper.nix
+    ./office.nix
+    ./hyprland
+    ./sddm.nix
+    ./security
+    ./shell.nix
+    ./social.nix
+    ./users.nix
+    ./qt.nix
+    ./xdg.nix
+    ./xserver.nix
+  ];
+}

shared/desktop/modules/development/default.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./docker.nix
+    ./dotnet.nix
+    ./formatters.nix
+    ./nix.nix
+    ./node.nix
+    ./ollama.nix
+    ./rust.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    # Tools
+    git
+    just
+    unstable.libpq # Required for PostgreSQL
+  ];
+}

shared/desktop/modules/development/docker.nix

@@ -0,0 +1,10 @@
+{
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+}

shared/desktop/modules/development/dotnet.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    jetbrains.rider
+    dotnet-sdk_9
+    dotnet-aspnetcore_9
+  ];
+}

shared/desktop/modules/development/formatters.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    nodePackages.prettier
+    nixfmt-rfc-style
+    treefmt
+    shfmt
+  ];
+}

shared/desktop/modules/development/nix.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    nixd
+    nil
+  ];
+}

shared/desktop/modules/development/node.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    jetbrains.webstorm
+    nodejs_22
+    pnpm
+    nodePackages.prettier
+  ];
+}

shared/desktop/modules/development/ollama.nix

@@ -0,0 +1,8 @@
+{ lib, systemConfig, ... }:
+
+{
+  services.ollama = {
+    enable = true;
+    acceleration = lib.mkIf systemConfig.nvidia.enable "cuda";
+  };
+}

shared/desktop/modules/development/rust.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+
+{
+  environment = {
+    sessionVariables = {
+      # Required for some Rust dependencies, like reqwest
+      PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";
+    };
+
+    systemPackages = with pkgs; [
+      jetbrains.rust-rover
+      rustup
+      gcc
+      pkg-config # Required for some Rust dependencies
+    ];
+  };
+}

shared/desktop/modules/electron.nix

@@ -0,0 +1,8 @@
+{ lib, systemConfig, ... }:
+
+{
+  environment.sessionVariables = lib.mkIf systemConfig.wayland.enable {
+    # Tells Electron apps to use Wayland
+    NIXOS_OZONE_WL = "1";
+  };
+}

shared/desktop/modules/fonts.nix

@@ -0,0 +1,19 @@
+{ pkgs, theme, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    font-awesome # Icons
+  ];
+
+  fonts = {
+    fontconfig.enable = true;
+    packages = with pkgs; [
+      (nerdfonts.override { fonts = [ theme.nerdFont ]; })
+      jetbrains-mono
+      # The line below will replace the lines above in 25.05
+      # nerd-fonts.jetbrains-mono
+      font-awesome
+    ];
+  };
+
+}

shared/desktop/modules/gaming/default.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./steam.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    heroic
+    wine
+  ];
+}

shared/desktop/modules/gaming/steam.nix

@@ -0,0 +1,8 @@
+{
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
+  };
+}

shared/desktop/modules/gnome/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./nautilus.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    # adw-gtk3
+    glib
+    adwaita-icon-theme
+    gnomeExtensions.appindicator
+    # gnome-extension-manager
+    # loupe
+    gnome-calculator
+    gnome-disk-utility
+    gnome-clocks
+    pdfarranger
+  ];
+
+  programs.dconf.enable = true; # Required for some gnome applications
+
+  services = {
+    gnome.gnome-keyring.enable = true;
+    gvfs.enable = true; # Gnome Virtual File-system. Required for various things in nautilus
+    udev.packages = with pkgs; [ gnome-settings-daemon ];
+  };
+}

shared/desktop/modules/gnome/nautilus.nix

@@ -0,0 +1,13 @@
+{ pkgs, common, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    nautilus
+    ffmpegthumbnailer # Thumbnails
+  ];
+
+  programs.nautilus-open-any-terminal = {
+    enable = true;
+    terminal = common.default.terminal;
+  };
+}

shared/desktop/modules/hardware/audio.nix

@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    gst_all_1.gstreamer
+    gst_all_1.gst-plugins-base
+    gst_all_1.gst-plugins-good
+    gst_all_1.gst-plugins-bad
+
+    wireplumber
+    playerctl # Interaction with audioplayers and browsers
+    pavucontrol # GUI
+    spotify
+  ];
+
+  hardware.pulseaudio.enable = false; # Will be moved to services in 25.05
+
+  security.rtkit.enable = true; # Enable RealtimeKit for audio purposes
+
+  services = {
+    pipewire = {
+      enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      pulse.enable = true;
+      # Uncomment the following line if you want to use JACK applications
+      # jack.enable = true;
+    };
+    # pulseaudio.enable = false; # TODO uncommenct at 25.05
+  };
+}

shared/desktop/modules/hardware/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./audio.nix
+    ./graphics
+    ./keyboard.nix
+  ];
+}

shared/desktop/modules/hardware/graphics/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./nvidia.nix
+  ];
+
+  # Enable OpenGL
+  hardware.graphics.enable = true;
+}

shared/desktop/modules/hardware/graphics/nvidia.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  lib,
+  systemConfig,
+  ...
+}:
+
+lib.mkIf systemConfig.nvidia.enable {
+  boot.kernelParams = [ "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
+
+  # For hardware acceleration
+  environment.sessionVariables.LIBVA_DRIVER_NAME = "nvidia";
+
+  hardware = {
+    graphics.extraPackages = with pkgs; [
+      # Used for hardware-acceleration
+      nvidia-vaapi-driver
+    ];
+    nvidia = {
+      # Required
+      modesetting.enable = true;
+      # Use open-source kernel module
+      open = true;
+      # Enable the Nvidia settings menu
+      nvidiaSettings = true;
+      # Enable nvidia-suspend.service, nvidia-hibernate.service and nvidia-resume.service
+      powerManagement = {
+        enable = true;
+        finegrained = false;
+      };
+
+      # https://discourse.nixos.org/t/nvidia-dgpu-prime-offload-mode-amd-igpu-wayland/63194/3
+      package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
+        version = "570.133.07";
+        # this is the third one it will complain is wrong
+        sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY=";
+        # unused
+        sha256_aarch64 = "sha256-2l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM=";
+        # this is the second one it will complain is wrong
+        openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM=";
+        # this is the first one it will complain is wrong
+        settingsSha256 = "sha256-XMk+FvTlGpMquM8aE8kgYK2PIEszUZD2+Zmj2OpYrzU=";
+        # unused
+        persistencedSha256 = "sha256-4l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM=";
+      };
+    };
+  };
+
+  # Load Nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = [ "nvidia" ];
+}

shared/desktop/modules/hardware/keyboard.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    via
+  ];
+
+  hardware.keyboard.qmk.enable = true;
+
+  services.udev.packages = with pkgs; [ via ];
+}

shared/desktop/modules/hyprland/default.nix

@@ -0,0 +1,24 @@
+# System configurations for Hyprland. For home configs, see ./shared/home-manager/hyprland
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    xdg-desktop-portal-hyprland
+    hyprpolkitagent # Auth deamon providing modals for password auth
+    hyprshot # Screenshots
+    unstable.hyprsysteminfo
+    unstable.hyprland-qtutils
+    unstable.hyprland-qt-support
+  ];
+
+  programs = {
+    hyprland = {
+      enable = true;
+      xwayland.enable = true;
+      withUWSM = true;
+    };
+    hyprlock.enable = true; # Lock screen
+  };
+
+  services.hypridle.enable = true; # Lock when unused
+}

shared/desktop/modules/kdeconnect.nix

@@ -0,0 +1,3 @@
+{
+  programs.kdeconnect.enable = true;
+}

shared/desktop/modules/locale.nix

@@ -0,0 +1,36 @@
+{ common, ... }:
+let
+  utf-8 = "UTF-8";
+  en = "en_GB.${utf-8}";
+  nb = "nb_NO.${utf-8}";
+in
+{
+  # Configure console keymap
+  console.keyMap = "uk";
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = en;
+    supportedLocales = [
+      "${en}/${utf-8}"
+      "${nb}/${utf-8}"
+    ];
+    extraLocaleSettings = {
+      LC_ADDRESS = nb;
+      LC_IDENTIFICATION = nb;
+      LC_MEASUREMENT = nb;
+      LC_MONETARY = nb;
+      LC_NAME = nb;
+      LC_NUMERIC = nb;
+      LC_PAPER = nb;
+      LC_TELEPHONE = nb;
+      LC_TIME = nb;
+    };
+  };
+
+  # Configure keymaps
+  services.xserver.xkb = common.keymaps;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Oslo";
+}

shared/desktop/modules/mail.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    unstable.protonmail-desktop
+  ];
+}

shared/desktop/modules/media.nix

@@ -0,0 +1,11 @@
+{ pkgs, inputs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    stremio
+    gimp
+    vlc
+    vdhcoapp
+    inputs.grayjay.packages.${system}.grayjay
+  ];
+}

shared/desktop/modules/nix-helper.nix

@@ -0,0 +1,14 @@
+# Nix-Helper: github.com/viperML/nh
+{ common, ... }:
+
+{
+  programs.nh = {
+    enable = true;
+    flake = common.root;
+    clean = {
+      enable = true;
+      dates = "weekly";
+      extraArgs = "--keep-since 30d";
+    };
+  };
+}

shared/desktop/modules/nixos.nix

@@ -0,0 +1,25 @@
+{
+  pkgs,
+  outputs,
+  systemConfig,
+  ...
+}:
+
+{
+  environment.systemPackages = with pkgs; [
+    nix-prefetch-github # Cmd to get rev and hash from GitHub
+  ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  nixpkgs = {
+    # Allow unfree packages
+    config.allowUnfree = true;
+    overlays = [ outputs.overlays.unstable-packages ];
+  };
+
+  system.stateVersion = systemConfig.version;
+}

shared/desktop/modules/office.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    onlyoffice-desktopeditors
+    planify
+  ];
+}

shared/desktop/modules/qt.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+
+{
+  environment = {
+    sessionVariables = {
+      QT_QPA_PLATFORMTHEME = "qt6ct";
+      QT_QPA_PLATFORM = "wayland"; # Enable Wayland for QT
+    };
+    systemPackages = with pkgs.kdePackages; [
+      qtwayland
+      qtsvg
+      qt6ct
+    ];
+  };
+
+  qt.enable = true;
+}

shared/desktop/modules/sddm.nix

@@ -0,0 +1,22 @@
+{ pkgs, theme, ... }:
+let
+  flavor = theme.flavor;
+in
+{
+  environment.systemPackages = with pkgs; [
+    (catppuccin-sddm.override {
+      flavor = flavor;
+      font = theme.nerdFont;
+      fontSize = "9";
+      background = builtins.toString ../assets/catppuccin_high.png;
+      loginBackground = true;
+    })
+  ];
+
+  services.displayManager.sddm = {
+    enable = true;
+    theme = "catppuccin-${flavor}";
+    wayland.enable = true;
+    package = pkgs.kdePackages.sddm;
+  };
+}

shared/desktop/modules/security/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./sops.nix
+    ./ssh.nix
+    ./yubikey.nix
+  ];
+
+  programs.gnupg.agent.enable = true;
+}

shared/desktop/modules/security/sops.nix

@@ -0,0 +1,20 @@
+{
+  inputs,
+  lib,
+  systemConfig,
+  ...
+}:
+
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFile = lib.custom.relativeToRoot "shared/secrets/secrets.yaml";
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/home/${systemConfig.username}/.config/sops/age/keys.txt";
+    secrets.password-hash.neededForUsers = true;
+  };
+}

shared/desktop/modules/security/ssh.nix

@@ -0,0 +1,25 @@
+# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
+{
+  systemConfig,
+  systems,
+  common,
+  ...
+}:
+with builtins;
+let
+  domain = "dns.${common.domain}";
+in
+{
+  programs.ssh.knownHosts = listToAttrs (
+    map (system: {
+      name = system.hostName;
+      value = {
+        extraHostNames = [ "${system.hostName}.${domain}" ];
+        publicKey = system.ssh.publicKey;
+      };
+    }) systems
+  );
+  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
+    map (system: system.ssh.publicKey) systems
+  );
+}

shared/desktop/modules/security/yubikey.nix

@@ -0,0 +1,30 @@
+# Yubikey config: https://nixos.wiki/wiki/Yubikey#pam_u2f
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    gnupg
+    yubioath-flutter # GUI
+  ];
+
+  security = {
+    pam = {
+      services = {
+        login.u2fAuth = false; # U2F and password
+        sudo.u2fAuth = true; # U2F or password
+      };
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true; # Prompt: Please touch the device
+          interactive = false; # Prompt: Insert your U2F device, then press ENTER.
+        };
+      };
+    };
+  };
+
+  services = {
+    pcscd.enable = true; # Required for Yubikey
+    udev.packages = with pkgs; [ yubikey-personalization ];
+  };
+}

shared/desktop/modules/shell.nix

@@ -0,0 +1,19 @@
+# For Fish dotfiles, see: /home-manager/fish.nix
+{ pkgs, ... }:
+
+{
+  programs = {
+    bash = {
+      # Starts the OS using Bash, then starts fish if it's not running
+      interactiveShellInit = ''
+        if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+        then
+          shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+          exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+        fi
+      '';
+    };
+
+    fish.enable = true;
+  };
+}

shared/desktop/modules/social.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    discord
+    signal-desktop
+  ];
+}

shared/desktop/modules/users.nix

@@ -0,0 +1,15 @@
+{ config, systemConfig, ... }:
+let
+  username = systemConfig.username;
+in
+{
+  users.users.${username} = {
+    isNormalUser = true;
+    hashedPasswordFile = config.sops.secrets.password-hash.path;
+    description = username;
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+  };
+}

shared/desktop/modules/xdg.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    xdg-utils
+    xdg-desktop-portal
+    xdg-desktop-portal-gtk
+  ];
+}

shared/desktop/modules/xserver.nix

@@ -0,0 +1,3 @@
+{
+  services.xserver.enable = true;
+}