Init:start-nix

modules/system/bootstrap.nix

@@ -0,0 +1,148 @@
+{
+  config,
+  hostname,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit
+    (import ../../hosts/${hostname}/env.nix)
+    BootLoader
+    KernelPackages
+    KeyboardLayout
+    Locale
+    StateVersion
+    TimeZone
+    ZFS-Use-Case
+    ;
+in
+  with lib; {
+    boot = {
+      bcache.enable = false;
+      consoleLogLevel = 2; # Only errors and warnings are displayed
+      extraModprobeConfig = "blacklist mei mei_hdcp mei_me mei_pxp iTCO_wdt pstore sp5100_tco";
+      extraModulePackages = [
+        config.boot.kernelPackages.v4l2loopback # v4l2loopback is for OBS Virtual Cam Support
+      ];
+      initrd = {
+        compressor = "zstd";
+        compressorArgs = ["-T0" "-19" "--long"];
+        systemd.enable = true;
+        verbose = false;
+      };
+      kernel.sysctl = {
+        "kernel.core_pattern" = "|/bin/false"; # Disable automatic core dumps
+        "vm.max_map_count" = 2147483642; # Needed For Some Steam Games
+      };
+      kernelModules = ["v4l2loopback"]; # v4l2loopback is for OBS Virtual Cam Support
+      kernelPackages = pkgs.${KernelPackages};
+      kernelParams = ["audit=0" "console=tty1" "erst_disable" "nmi_watchdog=0" "noatime" "nowatchdog"];
+      loader = {
+        grub = mkIf (strings.hasInfix "grub" BootLoader) {
+          configurationLimit = 50;
+          device = "nodev";
+          efiInstallAsRemovable = true;
+          efiSupport = true;
+          enable = true;
+          mirroredBoots = mkIf (BootLoader == "grub-mirror") [
+            {
+              devices = ["nodev"];
+              path = "/boot";
+            }
+            {
+              devices = ["nodev"];
+              path = "/boot-mirror";
+            }
+          ];
+          theme = mkForce "${pkgs.minimal-grub-theme}";
+          zfsSupport = ZFS-Use-Case;
+        };
+        systemd-boot = mkIf (BootLoader == "systemd-boot") {
+          configurationLimit = 50;
+          editor = false;
+          enable = true;
+        };
+        timeout = 3;
+      };
+      tmp.cleanOnBoot = true;
+    };
+
+    console = {
+      earlySetup = true;
+      keyMap = KeyboardLayout;
+    };
+
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+
+    i18n = {
+      defaultLocale = Locale;
+      extraLocaleSettings = {
+        LC_ADDRESS = Locale;
+        LC_IDENTIFICATION = Locale;
+        LC_MEASUREMENT = Locale;
+        LC_MONETARY = Locale;
+        LC_NAME = Locale;
+        LC_NUMERIC = Locale;
+        LC_PAPER = Locale;
+        LC_TELEPHONE = Locale;
+        LC_TIME = Locale;
+      };
+    };
+
+    networking = {
+      dhcpcd.extraConfig = "nohook resolv.conf";
+      firewall.enable = false;
+      hostName = hostname;
+      nameservers = ["127.0.0.1" "::1"];
+      networkmanager = {
+        dns = "none";
+        enable = true;
+      };
+      resolvconf.enable = mkForce false;
+    };
+
+    security = {
+      rtkit.enable = true;
+      sudo.enable = false;
+      sudo-rs = {
+        enable = true;
+        execWheelOnly = true;
+      };
+      pam.services = {
+        hyprlock = {};
+        login.kwallet.enable = mkForce false;
+      };
+      polkit = {
+        enable = true;
+        extraConfig = ''
+          polkit.addRule(function(action, subject) {
+            if (
+              subject.isInGroup("users")
+                && (
+                  action.id == "org.freedesktop.login1.reboot" ||
+                  action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+                  action.id == "org.freedesktop.login1.power-off" ||
+                  action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+                )
+              )
+            {
+              return polkit.Result.YES;
+            }
+          })
+        '';
+      };
+    };
+
+    system = {
+      rebuild.enableNg = true;
+      stateVersion = StateVersion;
+    };
+
+    time = {
+      hardwareClockInLocalTime = false;
+      timeZone = TimeZone;
+    };
+  }

modules/system/environment.nix

@@ -0,0 +1,83 @@
+{
+  hostname,
+  pkgs,
+  ...
+}: let
+  inherit (import ../../hosts/${hostname}/env.nix) ScaleLevel;
+in {
+  environment = {
+    variables = {
+      EDITOR = "nvim";
+      TERMINAL = "alacritty";
+
+      _JAVA_AWT_WM_NONREPARENTING = 1;
+      AWT_TOOLKIT = "MToolkit";
+      CLUTTER_BACKEND = "wayland";
+      ELECTRON_OZONE_PLATFORM_HINT = "wayland";
+      GDK_BACKEND = "wayland";
+      GDK_SCALE = "${ScaleLevel}";
+      GTK_USE_PORTAL = 1;
+      MOZ_ENABLE_WAYLAND = 1;
+      NIXOS_OZONE_WL = 1;
+      QT_AUTO_SCREEN_SCALE_FACTOR = 1;
+      QT_QPA_PLATFORM = "wayland";
+      QT_WAYLAND_DISABLE_WINDOWDECORATION = 1;
+      SDL_HINT_VIDEODRIVER = "wayland";
+      XDG_SESSION_TYPE = "wayland";
+      SDL_VIDEODRIVER = "wayland";
+
+      QT_IM_MODULE = "fcitx";
+      SDL_IM_MODULE = "fcitx";
+      XMODIFIERS = "@im=fcitx";
+    };
+
+    systemPackages = with pkgs; [
+      # Archive
+      gnutar
+      p7zip
+      unzipNLS
+      xz
+      zip
+      zstd
+
+      # Greeter with ddm
+      greetd.tuigreet
+
+      # For OBS virtual cam support
+      v4l-utils
+
+      # Editor
+      neovim
+
+      # Networking tool
+      curl
+      nexttrace
+      aria2
+      syncthing
+
+      #Blog
+      zola
+      go
+      pnpm
+
+      #Android
+      android-tools
+      payload-dumper-go
+
+      # Misc
+      libnotify
+      libvirt
+      lm_sensors
+    ];
+  };
+
+  programs = {
+    dconf.enable = true;
+    fuse.userAllowOther = true;
+    git = {
+      enable = true;
+      package = pkgs.gitMinimal;
+    };
+    ssh.startAgent = true;
+  };
+}

modules/system/minimize.nix

@@ -0,0 +1,70 @@
+{lib, ...}:
+with lib; {
+  # Minimize boot
+  boot = {
+    bcache.enable = mkForce false;
+    binfmt.addEmulatedSystemsToNixSandbox = mkForce false;
+  };
+
+  # Disable unnecessary documentation
+  documentation.enable = mkForce false;
+  documentation.doc.enable = mkForce false;
+  documentation.info.enable = mkForce false;
+  documentation.man.enable = mkForce false;
+  documentation.nixos.enable = mkForce false;
+
+  # Minimize environment
+  environment = {
+    defaultPackages = mkForce [];
+  };
+
+  # Disable unnecessary programs
+  programs = {
+    bash = {
+      completion.enable = mkForce false;
+      enableLsColors = mkForce false;
+    };
+    command-not-found.enable = mkForce false;
+    nano.enable = mkForce false;
+  };
+
+  # Minimize services
+  services = {
+    gnome.gnome-keyring.enable = mkForce false;
+    journald = {
+      extraConfig = ''
+        Storage=volatile
+        Compress=yes
+        SystemMaxUse=50M
+        RuntimeMaxUse=10M
+        MaxFileSec=1day
+        MaxRetentionSec=1month
+        RateLimitInterval=30s
+        RateLimitBurst=1000
+      '';
+    };
+    resolved.enable = mkForce false;
+    timesyncd.enable = mkForce false;
+  };
+
+  # Minimize systemd services
+  systemd = {
+    coredump.enable = mkForce false;
+    enableEmergencyMode = mkForce false;
+    network.wait-online.enable = mkForce false;
+    oomd.enable = mkForce false;
+    services = {
+      mount-pstore.enable = mkForce false;
+      NetworkManager-wait-online.enable = mkForce false;
+      systemd-bsod.enable = mkForce false;
+      systemd-importd.enable = mkForce false;
+      systemd-journal-flush.enable = mkForce false;
+      systemd-pstore.enable = mkForce false;
+    };
+  };
+
+  # Disable xdg autostart
+  xdg = {
+    autostart.enable = mkForce false;
+  };
+}

modules/system/nix.nix

@@ -0,0 +1,50 @@
+{
+  inputs,
+  lib,
+  ...
+}:
+with lib; {
+  environment.etc."nix/inputs/nixpkgs".source = "${inputs.nixpkgs}";
+  nix = {
+    channel.enable = false;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+    optimise = {
+      automatic = true;
+      dates = ["weekly"];
+    };
+    # package = pkgs.lix; # use lix instead of nix would cause clan-cli error
+    registry.nixpkgs.flake = inputs.nixpkgs;
+    settings = {
+      auto-optimise-store = true;
+      builders-use-substitutes = true;
+      experimental-features = ["nix-command" "flakes"];
+      connect-timeout = 5;
+      gc-keep-derivations = false;
+      gc-keep-outputs = false;
+      keep-going = true;
+      log-lines = 25;
+      nix-path = mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
+      substituters = [
+        "https://cache.garnix.io" # See https://github.com/daeuniverse/flake.nix
+        "https://cache.nixos.org" # See https://nixos.wiki/wiki/Binary_Cache
+        "https://chaotic-nyx.cachix.org" # See https://github.com/chaotic-cx/nyx
+        "https://nix-community.cachix.org" # See https://nix-community.org/cache/
+      ];
+      trusted-public-keys = [
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      warn-dirty = false;
+    };
+  };
+  nixpkgs = {
+    config.allowUnfree = false;
+    hostPlatform = "x86_64-linux";
+  };
+}

modules/system/stylix.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  stylix = {
+    enable = true;
+    # catppuccin-mocha base16Scheme # See https://github.com/catppuccin/base16
+    #      base16Scheme = {
+    #        base00 = "1e1e2e"; # base
+    #        base01 = "181825"; # mantle
+    #        base02 = "313244"; # surface0
+    #        base03 = "45475a"; # surface1
+    #        base04 = "585b70"; # surface2
+    #        base05 = "cdd6f4"; # text
+    #        base06 = "f5e0dc"; # rosewater
+    #        base07 = "b4befe"; # lavender
+    #        base08 = "f38ba8"; # red
+    #        base09 = "fab387"; # peach
+    #        base0A = "f9e2af"; # yellow
+    #        base0B = "a6e3a1"; # green
+    #        base0C = "94e2d5"; # teal
+    #        base0D = "89b4fa"; # blue
+    #        base0E = "cba6f7"; # mauve
+    #        base0F = "f2cdcd"; # flamingo
+    #      };
+    cursor = {
+      name = "Bibata-Modern-Ice";
+      package = pkgs.bibata-cursors;
+      size = 24;
+    };
+    fonts = {
+      monospace = {
+        name = "JetBrainsMono Nerd Font Mono";
+        package = pkgs.nerd-fonts.jetbrains-mono;
+      };
+      sansSerif = {
+        name = "Sarasa Gothic SC";
+        package = pkgs.sarasa-gothic;
+      };
+      serif = config.stylix.fonts.sansSerif;
+      sizes = {
+        applications = 16;
+        desktop = 14;
+        popups = 12;
+        terminal = 12;
+      };
+    };
+    image = ../../dotfiles/.local/share/wallpapers/nixos-1.png;
+    polarity = "dark";
+  };
+}

modules/system/zfs.nix

@@ -0,0 +1,42 @@
+{
+  hostname,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit
+    (import ../../hosts/${hostname}/env.nix)
+    KernelPackages
+    ZFS-Networking-HostID
+    ZFS-Use-Case
+    ;
+in
+  with lib; {
+    config = mkIf ZFS-Use-Case {
+      boot = {
+        kernelParams = ["zfs_force=1"];
+        supportedFilesystems = ["zfs"];
+        zfs = {
+          devNodes = "/dev/disk/by-id";
+          forceImportRoot = false;
+          package = mkIf (strings.hasInfix "linuxPackages_cachyos" KernelPackages) pkgs.zfs_cachyos;
+        };
+      };
+      networking.hostId = ZFS-Networking-HostID;
+      services.zfs = {
+        autoScrub = {
+          enable = true;
+          interval = "weekly";
+        };
+        trim = {
+          enable = true; # HDD no need
+          interval = "weekly";
+        };
+        autoSnapshot.enable = true;
+      };
+      systemd.services = {
+        zfs-share.enable = mkForce false;
+        zfs-zed.enable = mkForce false;
+      };
+    };
+  }