make system config more modular

7 files changed, 169 insertions, 93 deletions

diff --git a/system/battery.nix b/system/battery.nix
new file mode 100644
index 0000000..42ee269
--- /dev/null
+++ b/system/battery.nix
@@ -0,0 +1,41 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.battery {
+    # power monterting
+    services.upower = {
+      enable = !config.minimal;
+      percentageLow = 20;
+      percentageCritical = 10;
+      percentageAction = 4;
+      criticalPowerAction = "Hibernate";
+    };
+
+    # power profiles
+    services.tlp = {
+      enable = !config.minimal;
+      settings = {
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+
+        CPU_MIN_PERF_ON_AC = 0;
+        CPU_MAX_PERF_ON_AC = 100;
+        CPU_MIN_PERF_ON_BAT = 0;
+        CPU_MAX_PERF_ON_BAT = 20;
+      };
+    };
+
+    # packages
+    environment.systemPackages = with pkgs; [
+      acpi
+    ];
+  };
+}
diff --git a/system/bluetooth.nix b/system/bluetooth.nix
new file mode 100644
index 0000000..2015eb6
--- /dev/null
+++ b/system/bluetooth.nix
@@ -0,0 +1,12 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.bluetooth {
+    hardware.bluetooth.enable = true;
+    services.blueman.enable = true;
+  };
+}
diff --git a/system/default.nix b/system/default.nix
index ae04066..36d11ee 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -5,7 +5,11 @@
   ...
 }: {
   imports = [
+    ./battery.nix
+    ./bluetooth.nix
+    ./desktop.nix
     ./hardware.nix
+    ./networking.nix
     ./sshd.nix
   ];
 
@@ -30,7 +34,6 @@
     bash
     zsh
     # utility
-    acpi
     curl
     dig
     file
@@ -49,15 +52,6 @@
     wget
   ];
 
-  # nix-ld
-  programs.nix-ld.enable = true;
-
-  # appimage
-  programs.appimage = {
-    enable = !config.minimal;
-    binfmt = !config.minimal;
-  };
-
   # use the latest kernel
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
@@ -65,7 +59,7 @@
   boot.kernel.sysctl."kernel.sysrq" = 246;
 
   # timezone
-  time.timeZone = "America/New_York";
+  time.timeZone = config.timeZone;
 
   # docs
   documentation = {
@@ -77,60 +71,11 @@
   # locale
   i18n.defaultLocale = "en_US.UTF-8";
 
-  # networking
-  networking.networkmanager.enable = true;
-  networking.networkmanager.dns = "systemd-resolved";
-  networking.firewall.enable = true;
-  services.resolved.enable = true;
-
-  # hardware
-  services.dbus.implementation = "broker";
-  services.fwupd.enable = true;
-  services.libinput.enable = config.desktop.enable;
-  services.pipewire = {
-    enable = config.desktop.enable;
-    alsa.enable = config.desktop.enable;
-    pulse.enable = config.desktop.enable;
-    jack.enable = config.desktop.enable;
-  };
-
-  # power
-  services.upower = {
-    enable = !config.minimal;
-    percentageLow = 20;
-    percentageCritical = 10;
-    percentageAction = 4;
-    criticalPowerAction = "Hibernate";
-  };
-  services.tlp = {
-    enable = !config.minimal;
-    settings = {
-      CPU_SCALING_GOVERNOR_ON_AC = "performance";
-      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-
-      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
-      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
-
-      CPU_MIN_PERF_ON_AC = 0;
-      CPU_MAX_PERF_ON_AC = 100;
-      CPU_MIN_PERF_ON_BAT = 0;
-      CPU_MAX_PERF_ON_BAT = 20;
-    };
-  };
-
-  # printing
-  services.printing.enable = config.desktop.enable;
-  services.avahi = {
-    enable = config.desktop.enable;
-    nssmdns4 = config.desktop.enable;
-    openFirewall = config.desktop.enable;
-  };
-
   # create user account
   users.users.${config.user} = {
     isNormalUser = true;
     description = config.fullName;
-    extraGroups = ["networkmanager" "wheel" "sys" "video" "audio"];
+    extraGroups = ["wheel" "sys" "video" "audio"];
     home = config.homePath;
     shell = pkgs.zsh;
   };
diff --git a/system/desktop.nix b/system/desktop.nix
new file mode 100644
index 0000000..bc6daba
--- /dev/null
+++ b/system/desktop.nix
@@ -0,0 +1,41 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.desktop.enable {
+    # nix-ld
+    programs.nix-ld.enable = true;
+
+    # appimage
+    programs.appimage = {
+      enable = true;
+      binfmt = true;
+    };
+
+    # services
+    services.dbus.implementation = "broker";
+    services.libinput.enable = true;
+
+    # audio / video
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      pulse.enable = true;
+      jack.enable = true;
+    };
+    hardware.graphics.enable = true;
+    users.groups.audio.members = [config.user];
+    users.groups.video.members = [config.user];
+
+    # printing
+    services.printing.enable = true;
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
+  };
+}
diff --git a/system/hardware.nix b/system/hardware.nix
index 853a6cc..8b1ef0c 100644
--- a/system/hardware.nix
+++ b/system/hardware.nix
@@ -1,9 +1,21 @@
-{pkgs, ...}: {
-  # yubikey support
-  services = {
-    pcscd.enable = true;
-    udev.packages = with pkgs; [
-      yubikey-personalization
-    ];
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf (!config.minimal) {
+    # yubikey support
+    services = {
+      pcscd.enable = true;
+      udev.packages = with pkgs; [
+        yubikey-personalization
+      ];
+    };
+
+    # firmware
+    services.fwupd.enable = true;
   };
 }
diff --git a/system/networking.nix b/system/networking.nix
new file mode 100644
index 0000000..923fa39
--- /dev/null
+++ b/system/networking.nix
@@ -0,0 +1,20 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.network {
+    # ethernet / wifi
+    networking.networkmanager.enable = true;
+    users.groups.networkmanager.members = [config.user];
+
+    # firewall
+    networking.firewall.enable = true;
+
+    # dns
+    services.resolved.enable = true;
+    networking.networkmanager.dns = "systemd-resolved";
+  };
+}
diff --git a/system/sshd.nix b/system/sshd.nix
index 088bccb..a1ca2f2 100644
--- a/system/sshd.nix
+++ b/system/sshd.nix
@@ -1,35 +1,40 @@
 {
+  lib,
   config,
   self,
   ...
-}: {
-  # sshd
-  services.openssh = {
-    enable = true;
-    ports = [22];
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      UseDns = true;
-      X11Forwarding = false;
-      PermitRootLogin = "no";
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.network {
+    # sshd
+    services.openssh = {
+      enable = true;
+      ports = [22];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        UseDns = true;
+        X11Forwarding = false;
+        PermitRootLogin = "no";
+      };
     };
-  };
 
-  # allow ssh port
-  networking.firewall.allowedTCPPorts = [22];
+    # allow ssh port
+    networking.firewall.allowedTCPPorts = [22];
 
-  # ban evil
-  services.fail2ban = {
-    enable = true;
-    ignoreIP = [
-      # freyanet
-      "10.0.0.0/14"
-    ];
-  };
+    # ban evil
+    services.fail2ban = {
+      enable = true;
+      ignoreIP = [
+        # freyanet
+        "10.0.0.0/14"
+      ];
+    };
 
-  # add authorized keys
-  users.users.${config.user} = {
-    openssh.authorizedKeys.keyFiles = self.lib.sshKeys;
+    # add authorized keys
+    users.users.${config.user} = {
+      openssh.authorizedKeys.keyFiles = self.lib.sshKeys;
+    };
   };
 }