2024-12-18 09:40:11 +03:00
|
|
|
{ config, lib, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.module.purpose;
|
|
|
|
in
|
2024-11-16 06:38:48 +03:00
|
|
|
{
|
2024-12-18 09:40:11 +03:00
|
|
|
config = lib.mkMerge [
|
|
|
|
(lib.mkIf cfg.creative {
|
|
|
|
module = {
|
|
|
|
tablet.enable = true;
|
|
|
|
package.creative = true;
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.desktop {
|
|
|
|
module = {
|
|
|
|
keyd.enable = true;
|
|
|
|
sway.enable = true;
|
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
latest = true;
|
|
|
|
};
|
|
|
|
package = {
|
|
|
|
common = true;
|
|
|
|
core = true;
|
|
|
|
desktop = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.disown {
|
|
|
|
module = {
|
|
|
|
autoupdate.enable = true;
|
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
hardening = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.gaming { module.package.gaming = true; })
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.laptop {
|
|
|
|
services.tlp.enable = true; # Automatic powersaving based on Pluged/AC states.
|
|
|
|
services.upower.enable = true;
|
|
|
|
module = {
|
|
|
|
keyd.enable = true;
|
|
|
|
sway.enable = true;
|
2025-01-01 13:57:05 +03:00
|
|
|
wallpaper.video = false;
|
2024-12-18 09:40:11 +03:00
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
hardening = true;
|
|
|
|
latest = true;
|
|
|
|
};
|
|
|
|
package = {
|
|
|
|
common = true;
|
|
|
|
core = true;
|
|
|
|
desktop = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.live {
|
|
|
|
module = {
|
|
|
|
keyd.enable = true;
|
|
|
|
sway.enable = true;
|
|
|
|
kernel.enable = true;
|
2025-01-01 13:57:05 +03:00
|
|
|
wallpaper.video = false;
|
2024-12-18 09:40:11 +03:00
|
|
|
package = {
|
|
|
|
common = true;
|
|
|
|
core = true;
|
|
|
|
creative = true;
|
|
|
|
desktop = true;
|
|
|
|
dev = true;
|
|
|
|
extra = true;
|
|
|
|
gaming = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
2024-12-14 03:14:59 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.phone { })
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.router {
|
|
|
|
module = {
|
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
hardening = true;
|
|
|
|
};
|
|
|
|
package = {
|
|
|
|
common = true;
|
|
|
|
core = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
# De-harden some stuff.
|
|
|
|
boot.kernel.sysctl = {
|
|
|
|
# Allow spoofing.
|
|
|
|
"net.ipv4.conf.all.rp_filter" = lib.mkForce 0;
|
|
|
|
"net.ipv4.conf.default.rp_filter" = lib.mkForce 0;
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
# Forward packets.
|
|
|
|
"net.ipv4.ip_forward" = lib.mkForce 1;
|
|
|
|
"net.ipv6.conf.all.forwarding" = lib.mkForce 1;
|
|
|
|
"net.ipv4.conf.all.src_valid_mark" = lib.mkForce 1;
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
# Allow redirects.
|
|
|
|
"net.ipv4.conf.all.accept_redirects" = lib.mkForce 1;
|
|
|
|
"net.ipv6.conf.all.accept_redirects" = lib.mkForce 1;
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
# Send ICMP.
|
|
|
|
"net.ipv4.conf.all.send_redirects" = lib.mkForce 1;
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
# Accept IP source route packets.
|
|
|
|
"net.ipv4.conf.all.accept_source_route" = lib.mkForce 1;
|
|
|
|
"net.ipv6.conf.all.accept_source_route" = lib.mkForce 1;
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.server {
|
|
|
|
module = {
|
2025-01-01 13:57:05 +03:00
|
|
|
wallpaper.video = false;
|
2024-12-18 09:40:11 +03:00
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
hardening = true;
|
|
|
|
};
|
|
|
|
package = {
|
|
|
|
common = true;
|
|
|
|
core = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
2024-11-16 06:38:48 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
(lib.mkIf cfg.work {
|
|
|
|
module = {
|
|
|
|
distrobox.enable = true;
|
|
|
|
package.dev = true;
|
|
|
|
virtmanager.enable = true;
|
|
|
|
docker = {
|
|
|
|
enable = true;
|
|
|
|
autostart = false;
|
|
|
|
rootless = false;
|
|
|
|
};
|
|
|
|
kernel = {
|
|
|
|
enable = true;
|
|
|
|
hardening = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
|
|
|
];
|
2024-11-16 06:38:48 +03:00
|
|
|
}
|