refactor(nix): extract common system configs into reusable modules

Create 6 new NixOS modules to reduce duplication across system configs: - hardware/wooting: Wooting keyboard udev rules and Bluetooth compat - services/nginx-base: Common nginx server settings - services/acme-base: ACME certificate defaults - services/xremap: Key remapping with sensible defaults - system/no-sleep: Disable sleep/suspend/hibernate targets - system/kernel-tweaks: PM freeze timeout and zram configuration Update system configuration files to use these new modules. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 06:06:03 +01:00 · 2026-01-30 06:06:03 +01:00 · 4622c52d5b
commit 4622c52d5b
parent ea849f2488
21 changed files with 310 additions and 218 deletions
--- a/modules/nixos/hardware/wooting/default.nix
+++ b/modules/nixos/hardware/wooting/default.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.hardware.wooting;
+in
+{
+  options.metacfg.hardware.wooting = with types; {
+    enable = mkBoolOpt false "Whether or not to enable Wooting keyboard support.";
+    enableBluetoothCompat = mkBoolOpt true "Disable ClassicBondedOnly for Bluetooth compatibility.";
+  };
+
+  config = mkIf cfg.enable {
+    hardware.bluetooth.input.General.ClassicBondedOnly = mkIf cfg.enableBluetoothCompat false;
+
+    services.udev.extraRules = ''
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    '';
+  };
+}
--- a/modules/nixos/services/acme-base/default.nix
+++ b/modules/nixos/services/acme-base/default.nix
@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.services.acmeBase;
+in
+{
+  options.metacfg.services.acmeBase = with types; {
+    enable = mkBoolOpt false "Whether or not to enable ACME with common settings.";
+    email = mkOption {
+      type = types.str;
+      default = "harald@hoyer.xyz";
+      description = "Registration email for ACME.";
+    };
+    dnsProvider = mkOption {
+      type = types.str;
+      default = "cloudflare";
+      description = "DNS provider for ACME DNS-01 challenge.";
+    };
+    credentialsFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Path to the credentials file for the DNS provider.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = cfg.email;
+        dnsProvider = cfg.dnsProvider;
+        credentialsFile = mkIf (cfg.credentialsFile != null) cfg.credentialsFile;
+      };
+    };
+  };
+}
--- a/modules/nixos/services/nginx-base/default.nix
+++ b/modules/nixos/services/nginx-base/default.nix
@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.services.nginxBase;
+in
+{
+  options.metacfg.services.nginxBase = with types; {
+    enable = mkBoolOpt false "Whether or not to enable nginx with common settings.";
+    clientMaxBodySize = mkOption {
+      type = types.str;
+      default = "1000M";
+      description = "Maximum allowed size of the client request body.";
+    };
+    enableAcmeGroup = mkBoolOpt true "Add nginx user to acme group.";
+    enableVcombinedLog = mkBoolOpt true "Enable vcombined log format.";
+  };
+
+  config = mkIf cfg.enable {
+    users.users.nginx.extraGroups = mkIf cfg.enableAcmeGroup [ "acme" ];
+
+    services.nginx = {
+      enable = true;
+      clientMaxBodySize = cfg.clientMaxBodySize;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      appendHttpConfig = mkIf cfg.enableVcombinedLog ''
+        log_format vcombined '$host:$server_port '
+                '$remote_addr - $remote_user [$time_local] '
+                '"$request" $status $body_bytes_sent '
+                '"$http_referer" "$http_user_agent"';
+        access_log /var/log/nginx/access.log vcombined;
+      '';
+    };
+  };
+}
--- a/modules/nixos/services/xremap/default.nix
+++ b/modules/nixos/services/xremap/default.nix
@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.services.xremap;
+in
+{
+  options.metacfg.services.xremap = with types; {
+    enable = mkBoolOpt false "Whether or not to enable xremap key remapping.";
+    userName = mkOption {
+      type = types.str;
+      default = "harald";
+      description = "User to run xremap as.";
+    };
+    withGnome = mkBoolOpt true "Enable GNOME support.";
+    deviceNames = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "List of device names to remap.";
+    };
+    config = mkOption {
+      type = types.attrs;
+      default = { };
+      description = "Xremap configuration.";
+    };
+  };
+
+  config = {
+    services.xremap = {
+      enable = cfg.enable;
+      userName = mkIf cfg.enable cfg.userName;
+      serviceMode = mkIf cfg.enable "user";
+      withGnome = mkIf cfg.enable cfg.withGnome;
+      deviceNames = mkIf cfg.enable cfg.deviceNames;
+      config = mkIf cfg.enable cfg.config;
+    };
+
+    users.users.${cfg.userName}.extraGroups = mkIf cfg.enable [ "input" ];
+  };
+}
--- a/modules/nixos/system/kernel-tweaks/default.nix
+++ b/modules/nixos/system/kernel-tweaks/default.nix
@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.system.kernelTweaks;
+in
+{
+  options.metacfg.system.kernelTweaks = with types; {
+    enable = mkBoolOpt false "Whether or not to enable desktop kernel optimizations.";
+    pmFreezeTimeout = mkOption {
+      type = types.int;
+      default = 30000;
+      description = "PM freeze timeout in milliseconds.";
+    };
+    enableZram = mkBoolOpt true "Enable zram swap.";
+  };
+
+  config = mkIf cfg.enable {
+    boot.kernel.sysctl = {
+      "power.pm_freeze_timeout" = cfg.pmFreezeTimeout;
+    };
+
+    zramSwap.enable = cfg.enableZram;
+  };
+}
--- a/modules/nixos/system/no-sleep/default.nix
+++ b/modules/nixos/system/no-sleep/default.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.system.noSleep;
+in
+{
+  options.metacfg.system.noSleep = with types; {
+    enable = mkBoolOpt false "Whether or not to disable all sleep targets.";
+    disableGdmAutoSuspend = mkBoolOpt false "Disable GDM auto-suspend.";
+    ignoreLidSwitch = mkBoolOpt false "Ignore lid switch events.";
+  };
+
+  config = mkIf cfg.enable {
+    systemd.targets.sleep.enable = false;
+    systemd.targets.suspend.enable = false;
+    systemd.targets.hibernate.enable = false;
+    systemd.targets.hybrid-sleep.enable = false;
+
+    services.displayManager.gdm.autoSuspend = mkIf cfg.disableGdmAutoSuspend false;
+
+    services.logind.settings.Login.HandleLidSwitch = mkIf cfg.ignoreLidSwitch "ignore";
+  };
+}