public/omnixy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

documentation

Browse Source
This commit is contained in:
theArctesian
2025-09-25 07:50:48 -07:00
parent 85e493eb54
commit d8947e67b7
41 changed files with 4405 additions and 538 deletions
Download Patch File Download Diff File Expand all files Collapse all files

269
modules/README.md Normal file
View File

@@ -0,0 +1,269 @@
# Modules Directory
The `modules/` directory contains the modular NixOS configuration system that makes up OmniXY. Each module is responsible for a specific aspect of the system and can be enabled, disabled, or configured independently.
## Module Architecture
Each module follows the standard NixOS module structure:
```nix
{ config, lib, pkgs, ... }:
with lib;
{
options = {
# Configuration options for this module
};
config = mkIf cfg.enable {
# Module implementation
};
}
```
## Core System Modules
### `core.nix`
**Purpose**: Base system settings and OmniXY-specific options
**What it configures**:
- Essential system services (NetworkManager, Bluetooth, Audio)
- Graphics support (OpenGL/Vulkan)
- Font management
- Basic security settings
- OmniXY module system foundations
**Key Features**:
- Automatic hardware graphics detection
- Unified font configuration across the system
- Essential service enablement
- Module option definitions
### `packages.nix`
**Purpose**: System-wide package management with feature categories
**What it manages**:
- Base system packages (editors, terminals, file managers)
- Development tools and languages
- Media and graphics applications
- Gaming packages (optional)
- Productivity software
**Categories**:
- `base`: Essential system utilities
- `development`: Programming tools and IDEs
- `media`: Audio/video applications
- `graphics`: Image editing and design tools
- `gaming`: Games and gaming platforms
- `productivity`: Office and productivity suites
### `services.nix`
**Purpose**: System service configuration and management
**What it configures**:
- Display manager (GDM)
- Audio system (PipeWire)
- Network services
- Container services (Docker, Podman)
- Development services (databases, etc.)
**Service Categories**:
- Desktop services (compositor, display manager)
- Audio/media services
- Network and connectivity
- Development and container services
### `users.nix`
**Purpose**: User account management and configuration
**What it manages**:
- User account creation and settings
- Shell configuration defaults
- User group memberships
- Home directory setup
**Features**:
- Automatic user creation based on configuration
- Shell preferences (zsh as default)
- Group membership for hardware access
- Integration with home-manager
## Security and System
### `security.nix`
**Purpose**: Security settings and authentication methods
**What it configures**:
- Multi-factor authentication
- Fingerprint support (fprintd)
- FIDO2 security keys
- System hardening options
- Firewall configuration
**Authentication Methods**:
- Password authentication
- Fingerprint recognition
- FIDO2/WebAuthn security keys
- Two-factor authentication
### `boot.nix`
**Purpose**: Boot system and kernel configuration
**What it manages**:
- Boot loader configuration (systemd-boot)
- Kernel parameters and modules
- Plymouth boot theme
- Early boot optimizations
**Boot Features**:
- Fast boot configuration
- Kernel optimization
- Boot splash screen
- Hardware initialization
## User Interface
### `menus.nix`
**Purpose**: Application menus and launchers
**What it configures**:
- Application launchers (rofi alternatives)
- Desktop menu systems
- Quick access interfaces
- Search functionality
### `walker.nix`
**Purpose**: Walker application launcher configuration
**What it manages**:
- Walker launcher settings
- Search backends and plugins
- Keybindings and interface
- Theme integration
### `fastfetch.nix`
**Purpose**: System information display tool
**What it configures**:
- System info formatting
- Logo and branding display
- Performance metrics
- Terminal integration
## Development Environment
### `development.nix`
**Purpose**: Development tools and programming environments
**What it provides**:
- Multiple language support (Rust, Go, Python, Node.js, C/C++)
- Language servers and tools
- Git configuration and tools
- Development containers and databases
**Language Support**:
- Runtime environments
- Package managers
- Language-specific tools
- IDE and editor integration
### `scripts.nix`
**Purpose**: OmniXY utility script management
**What it manages**:
- System management scripts
- Theme switching utilities
- Development helper scripts
- Unix philosophy tools
## Hardware Support
The `hardware/` subdirectory contains hardware-specific modules:
### `default.nix`
**Purpose**: Hardware detection and automatic configuration
**What it does**:
- Detects available hardware
- Enables appropriate drivers
- Configures hardware-specific settings
- Imports relevant hardware modules
### GPU Support
- `amd.nix`: AMD GPU drivers and configuration
- `intel.nix`: Intel integrated graphics
- `nvidia.nix`: NVIDIA proprietary drivers
### Audio and Input
- `audio.nix`: Audio system configuration
- `touchpad.nix`: Laptop touchpad settings
- `bluetooth.nix`: Bluetooth device support
## Theme System
The `themes/` subdirectory contains complete theme definitions:
Each theme module (e.g., `tokyo-night.nix`) configures:
- Color palette definitions
- Terminal color schemes
- Editor themes (Neovim, VSCode)
- Desktop component theming (Waybar, Hyprland)
- GTK/Qt application themes
## Desktop Environment
The `desktop/` subdirectory contains desktop-specific configurations:
### `hyprland.nix`
**Purpose**: Hyprland compositor configuration
**Sub-modules**:
- `bindings.nix`: Keyboard shortcuts and bindings
- `autostart.nix`: Applications started with the desktop
- `idle.nix`: Idle management and screen locking
## Utility Modules
### `lib.nix`
**Purpose**: Shared library functions and utilities
**What it provides**:
- Helper functions used across modules
- Common configuration patterns
- Utility functions for theme and configuration management
### `colors.nix`
**Purpose**: Color management and palette definitions
**What it manages**:
- Color space conversions
- Palette generation utilities
- Theme color validation
### `helpers.nix`
**Purpose**: Additional helper functions
**What it provides**:
- File and directory utilities
- Configuration templating functions
- System integration helpers
## Module Dependencies
```
core.nix (foundation)
packages.nix + services.nix (system layer)
security.nix + boot.nix (system hardening)
themes/*.nix (visual layer)
desktop/*.nix (user interface)
development.nix (developer tools)
```
## Adding New Modules
To add a new module:
1. Create the module file in the appropriate subdirectory
2. Follow the standard NixOS module structure
3. Define clear options with types and descriptions
4. Import the module in `configuration.nix`
5. Document the module's purpose and options
6. Test the module in isolation and with others
## Module Best Practices
1. **Single Responsibility**: Each module handles one aspect
2. **Clear Options**: Well-defined configuration interface
3. **Documentation**: Comments and option descriptions
4. **Dependencies**: Explicit module dependencies
5. **Testing**: Verify module works in isolation
6. **Performance**: Efficient evaluation and build times
This modular architecture makes OmniXY highly customizable while maintaining clean separation of concerns.

13
modules/boot.nix
View File

@@ -42,6 +42,8 @@ in
"boot.shell_on_fail"
# Hide cursor
"vt.global_cursor_default=0"
# Security: Disable emergency shell access
"systemd.debug-shell=0"
];
# Console configuration for seamless experience
@@ -80,7 +82,6 @@ in
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.plymouth}/bin/plymouth message --text='Welcome to OmniXY'";
ExecStop = "${pkgs.plymouth}/bin/plymouth quit --retain-splash";
TimeoutStartSec = "10s";
};
@@ -234,16 +235,10 @@ in
fontDir.enable = true;
};
# Security: Disable debug shell during boot (can be enabled for troubleshooting)
boot.kernelParams = mkDefault [
# Disable emergency shell access
"systemd.debug-shell=0"
];
# Security settings are now included in boot.kernelParams above
# Optional: LUKS integration for encrypted systems
boot.initrd.luks.devices = mkIf (config.boot.initrd.luks.devices != {}) {
# Plymouth will automatically handle LUKS password prompts
};
# Plymouth will automatically handle LUKS password prompts when LUKS devices are configured
# Console and TTY configuration
console = {

333
modules/desktop/README.md Normal file
View File

@@ -0,0 +1,333 @@
# Desktop Directory - Desktop Environment Configuration
The `modules/desktop/` directory contains the desktop environment configuration for OmniXY, centered around the Hyprland compositor. This directory manages the complete desktop experience including window management, user interface, and desktop interactions.
## Desktop Architecture
The desktop system is built in layers:
```
User Interaction Layer (keybindings, gestures)
Application Layer (autostart, window rules)
Compositor Layer (Hyprland core)
System Integration Layer (services, hardware)
```
## Core Desktop Module
### `hyprland.nix`
**Purpose**: Main Hyprland compositor configuration and coordination
**What it provides**:
- Core Hyprland configuration
- Integration with other desktop components
- Theme-aware window management
- Performance optimizations
**Key Features**:
- Wayland-native compositor
- Dynamic tiling window management
- Smooth animations and effects
- GPU-accelerated rendering
- Extensive customization options
**Module Structure**:
```nix
imports = [
./hyprland/bindings.nix
./hyprland/autostart.nix
./hyprland/idle.nix
];
```
## Hyprland Sub-Modules
### `hyprland/bindings.nix`
**Purpose**: Keyboard shortcuts and input bindings
**What it configures**:
- Window management shortcuts
- Application launching bindings
- Workspace navigation
- System control shortcuts
**Key Binding Categories**:
#### Window Management
- `Super + Q`: Close window
- `Super + F`: Toggle fullscreen
- `Super + Space`: Toggle floating
- `Super + V`: Toggle split direction
- `Super + Arrow Keys`: Move window focus
- `Super + Shift + Arrow Keys`: Move windows
#### Application Launching
- `Super + Return`: Terminal (Alacritty)
- `Super + B`: Web browser
- `Super + E`: File manager
- `Super + D`: Application launcher
- `Super + R`: Run dialog
#### Workspace Management
- `Super + 1-9`: Switch to workspace
- `Super + Shift + 1-9`: Move window to workspace
- `Super + Mouse Wheel`: Cycle through workspaces
- `Super + Tab`: Application switcher
#### System Controls
- `Super + L`: Lock screen
- `Super + Shift + E`: Logout menu
- `Volume Keys`: Audio control
- `Brightness Keys`: Display brightness
- `Print`: Screenshot region
- `Shift + Print`: Screenshot full screen
#### Advanced Bindings
- `Super + Alt + Arrow Keys`: Resize windows
- `Super + Mouse`: Move/resize windows
- `Super + Shift + S`: Screenshot with selection
- `Super + P`: Power menu
### `hyprland/autostart.nix`
**Purpose**: Applications and services started with the desktop session
**What it manages**:
- Essential desktop services
- User applications
- Background processes
- System tray applications
**Autostart Categories**:
#### Essential Services
- **Waybar**: Desktop panel/taskbar
- **Mako**: Notification daemon
- **Authentication Agent**: Polkit authentication
- **Network Manager Applet**: Network connectivity
#### Background Services
- **Clipboard Manager**: Clipboard history
- **Wallpaper Setter**: Dynamic wallpapers
- **Idle Manager**: Screen timeout and locking
- **Audio Control**: Volume control daemon
#### User Applications (Optional)
- **File Manager**: Background file operations
- **Chat Applications**: Discord, Slack, etc.
- **Productivity Tools**: Note-taking, calendar
- **Development Tools**: IDEs, terminals
**Configuration Example**:
```nix
wayland.windowManager.hyprland.settings = {
exec-once = [
"waybar"
"mako"
"nm-applet --indicator"
"/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1"
];
};
```
### `hyprland/idle.nix`
**Purpose**: Idle management and screen locking
**What it configures**:
- Screen timeout settings
- Automatic screen locking
- Display power management
- Suspend/hibernate behavior
**Idle Management Features**:
#### Screen Locking
- Automatic lock after inactivity
- Manual lock with keybinding
- Grace period for quick unlock
- Secure lock screen (swaylock)
#### Display Management
- Screen dimming before lock
- Display turn-off timing
- Multiple monitor handling
- Brightness restoration
#### Power Management
- Suspend after extended idle
- Hibernate for long inactivity
- Wake-on-input configuration
- Battery-aware timeouts
**Configuration Options**:
```nix
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "hyprctl dispatch dpms on";
before_sleep_cmd = "loginctl lock-session";
ignore_dbus_inhibit = false;
lock_cmd = "pidof hyprlock || hyprlock";
};
listener = [
{
timeout = 300; # 5 minutes
on-timeout = "brightnessctl -s set 10";
on-resume = "brightnessctl -r";
}
{
timeout = 600; # 10 minutes
on-timeout = "loginctl lock-session";
}
];
};
};
```
## Window Management Features
### Tiling Behavior
- **Dynamic Tiling**: Automatic window arrangement
- **Manual Tiling**: User-controlled window placement
- **Floating Windows**: Support for floating applications
- **Split Layouts**: Horizontal and vertical splits
### Window Rules
- **Application-Specific Rules**: Size, position, workspace assignment
- **Floating Applications**: Always-float for certain apps
- **Workspace Assignment**: Auto-assign apps to specific workspaces
- **Focus Behavior**: Control focus stealing and new window focus
### Animation System
- **Window Animations**: Smooth open/close transitions
- **Workspace Transitions**: Fluid workspace switching
- **Resize Animations**: Smooth window resizing
- **Fade Effects**: Window fade in/out
## Desktop Integration
### Theme Integration
Desktop components automatically adapt to the selected theme:
- Window border colors
- Panel/taskbar theming
- Icon themes
- Cursor themes
### Hardware Integration
- **GPU Acceleration**: Optimal performance on all graphics hardware
- **Multi-Monitor**: Automatic detection and configuration
- **HiDPI Support**: Proper scaling for high-resolution displays
- **Input Devices**: Touchpad gestures, mouse sensitivity
### Audio Integration
- **Media Keys**: Hardware media key support
- **Volume Control**: On-screen volume indicators
- **Audio Device Switching**: Quick audio output switching
- **Notification Sounds**: System sound integration
## Performance Optimization
### GPU Optimization
- **Hardware Acceleration**: GPU-accelerated compositing
- **VSync Configuration**: Tear-free rendering
- **Frame Rate Management**: Adaptive refresh rates
- **Multi-GPU Support**: Optimal GPU selection
### Memory Management
- **Efficient Compositing**: Minimal memory usage
- **Background Process Limits**: Control background applications
- **Cache Management**: Optimal caching strategies
- **Resource Monitoring**: System resource awareness
### Battery Optimization (Laptops)
- **Power-Aware Rendering**: Reduced effects on battery
- **CPU Scaling**: Dynamic performance scaling
- **Display Brightness**: Automatic brightness adjustment
- **Background Process Management**: Suspend non-essential processes
## Customization Options
### Layout Customization
```nix
wayland.windowManager.hyprland.settings = {
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 2;
layout = "dwindle"; # or "master"
};
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 8;
passes = 1;
};
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
};
};
```
### Animation Customization
```nix
animation = {
enabled = true;
bezier = [
"wind, 0.05, 0.9, 0.1, 1.05"
"winIn, 0.1, 1.1, 0.1, 1.1"
"winOut, 0.3, -0.3, 0, 1"
];
animation = [
"windows, 1, 6, wind, slide"
"windowsIn, 1, 6, winIn, slide"
"windowsOut, 1, 5, winOut, slide"
"fade, 1, 10, default"
"workspaces, 1, 5, wind"
];
};
```
## Desktop Components Integration
### Panel (Waybar)
- System status display
- Workspace indicators
- System tray integration
- Custom module support
### Application Launcher
- Quick application access
- Search functionality
- Recent application history
- Customizable appearance
### File Manager Integration
- Desktop file operations
- Trash management
- Network location access
- Archive handling
### Notification System
- Desktop notifications
- Notification history
- Do-not-disturb modes
- Custom notification rules
## Troubleshooting
### Common Issues
- **Performance Problems**: Check GPU acceleration
- **Input Issues**: Verify input device configuration
- **Display Problems**: Check monitor configuration
- **Audio Issues**: Verify PipeWire integration
### Debugging Tools
- `hyprctl`: Hyprland control utility
- `waybar-log`: Panel debugging
- `journalctl`: System logs
- `htop`: Resource monitoring
This desktop configuration provides a modern, efficient, and highly customizable desktop environment that adapts to user preferences while maintaining excellent performance across various hardware configurations.

2
modules/development.nix
View File

@@ -19,7 +19,7 @@ in
hub
# Editors and IDEs
neovim
# neovim (configured via home-manager programs.neovim)
vscode
vim
emacs

42
modules/fastfetch.nix
View File

@@ -11,9 +11,26 @@ let
in
{
config = mkIf (cfg.enable or true) {
# Add fastfetch to system packages
environment.systemPackages = with pkgs; [
# Add fastfetch and convenience scripts to system packages
environment.systemPackages = (with pkgs; [
fastfetch
]) ++ [
# Convenience scripts
(omnixy.makeScript "omnixy-info" "Show OmniXY system information" ''
fastfetch --config /etc/omnixy/fastfetch/config.jsonc
'')
(omnixy.makeScript "omnixy-about" "Show OmniXY about screen" ''
clear
cat /etc/omnixy/branding/about.txt
echo
echo "Theme: ${cfg.theme}"
echo "Preset: ${cfg.preset or "custom"}"
echo "User: ${cfg.user}"
echo "NixOS Version: $(nixos-version)"
echo
echo "Visit: https://github.com/TheArctesian/omnixy"
'')
];
# Create OmniXY branding directory
@@ -164,27 +181,10 @@ in
}
'';
# Create convenience script
environment.systemPackages = [
(omnixy.makeScript "omnixy-info" "Show OmniXY system information" ''
fastfetch --config /etc/omnixy/fastfetch/config.jsonc
'')
(omnixy.makeScript "omnixy-about" "Show OmniXY about screen" ''
clear
cat /etc/omnixy/branding/about.txt
echo
echo "Theme: ${cfg.theme}"
echo "Preset: ${cfg.preset or "custom"}"
echo "User: ${cfg.user}"
echo "NixOS Version: $(nixos-version)"
echo
echo "Visit: https://github.com/TheArctesian/omnixy"
'')
];
# Convenience scripts are now consolidated above
# Add to user environment
omnixy.forUser {
home-manager.users.${config.omnixy.user} = {
# Set XDG config dir for fastfetch
xdg.configFile."fastfetch/config.jsonc".source =
config.environment.etc."omnixy/fastfetch/config.jsonc".source;

348
modules/hardware/README.md Normal file
View File

@@ -0,0 +1,348 @@
# Hardware Directory - Hardware Support Modules
The `modules/hardware/` directory contains specialized modules for hardware detection, configuration, and optimization. These modules automatically detect available hardware and configure appropriate drivers, settings, and optimizations.
## Hardware Architecture
The hardware system uses conditional configuration based on detected hardware:
```nix
config = lib.mkIf cfg.hardware.nvidia.enable {
# NVIDIA-specific configuration only when NVIDIA hardware is present
};
```
## Core Hardware Module
### `default.nix`
**Purpose**: Main hardware detection and coordination module
**What it does**:
- Detects available hardware components
- Enables appropriate hardware-specific modules
- Coordinates between different hardware configurations
- Provides common hardware configuration options
**Detection Logic**:
- GPU detection (Intel, AMD, NVIDIA)
- Audio hardware identification
- Input device configuration
- Network hardware setup
**Module Coordination**:
```nix
imports = [
./audio.nix
./bluetooth.nix
./intel.nix
./amd.nix
./nvidia.nix
./touchpad.nix
];
```
## Graphics Hardware
### `intel.nix`
**Purpose**: Intel integrated graphics configuration
**Hardware Support**:
- Intel HD Graphics (all generations)
- Intel Iris Graphics
- Intel Arc discrete graphics
**What it configures**:
- Intel graphics drivers (i915)
- Hardware acceleration (VA-API)
- Power management optimizations
- Display output configuration
**Features**:
- Vulkan support for gaming
- Hardware video decoding
- Power-efficient graphics scaling
- Multi-monitor support
**Configuration Options**:
```nix
omnixy.hardware.intel = {
enable = true;
powerSaving = true; # Enable power optimizations
vulkan = true; # Enable Vulkan API support
};
```
### `amd.nix`
**Purpose**: AMD graphics card configuration
**Hardware Support**:
- AMD Radeon RX series
- AMD Radeon Pro series
- AMD APU integrated graphics
**What it configures**:
- AMDGPU drivers (open-source)
- RADV Vulkan drivers
- Hardware acceleration (VA-API/VDPAU)
- OpenCL compute support
**Features**:
- Gaming optimizations
- Content creation acceleration
- Multi-GPU configurations
- FreeSync support
**Performance Tuning**:
- Dynamic frequency scaling
- Power management profiles
- Thermal management
- Memory clock optimization
### `nvidia.nix`
**Purpose**: NVIDIA graphics card configuration
**Hardware Support**:
- NVIDIA GeForce RTX/GTX series
- NVIDIA Quadro professional cards
- NVIDIA Tesla compute cards
**What it configures**:
- Proprietary NVIDIA drivers
- CUDA toolkit integration
- Hardware acceleration
- Power management
**Features**:
- Game-ready drivers
- NVENC/NVDEC hardware encoding
- CUDA development support
- G-Sync compatibility
- Optimus laptop support
**Special Considerations**:
- Wayland compatibility configuration
- Hybrid graphics laptop support
- Multiple monitor setup
- Custom kernel parameters
## Audio Hardware
### `audio.nix`
**Purpose**: Audio system configuration and optimization
**Audio Stack**: PipeWire with ALSA/PulseAudio compatibility
**What it configures**:
- PipeWire audio server
- Low-latency audio for content creation
- Multiple audio device management
- Bluetooth audio support
**Supported Hardware**:
- Built-in laptop audio
- USB audio interfaces
- Professional audio equipment
- Bluetooth headphones and speakers
**Features**:
- Real-time audio processing
- Multi-channel audio support
- Audio routing and mixing
- Professional audio plugin support
**Optimizations**:
- Low-latency configuration
- Buffer size optimization
- Audio priority scheduling
- Hardware-specific tweaks
## Input Devices
### `touchpad.nix`
**Purpose**: Laptop touchpad configuration and gestures
**What it configures**:
- Touchpad sensitivity and acceleration
- Multi-touch gesture support
- Palm rejection
- Scrolling behavior
**Gesture Support**:
- Two-finger scrolling
- Pinch-to-zoom
- Three-finger swipe navigation
- Four-finger workspace switching
**Customization Options**:
- Sensitivity adjustment
- Acceleration curves
- Gesture threshold tuning
- Disable-while-typing settings
## Connectivity
### `bluetooth.nix`
**Purpose**: Bluetooth hardware and device management
**What it configures**:
- BlueZ Bluetooth stack
- Device pairing and authentication
- Audio codec support (A2DP, aptX)
- Power management
**Supported Devices**:
- Bluetooth headphones/speakers
- Keyboards and mice
- Game controllers
- File transfer devices
**Features**:
- Automatic device reconnection
- Multiple device management
- Profile switching
- Battery level monitoring
## Hardware Detection Logic
### Automatic Detection
The hardware system automatically detects:
```nix
# GPU Detection
gpu = if builtins.pathExists "/sys/class/drm/card0" then
# Detect GPU vendor from driver information
# Enable appropriate GPU module
else null;
# Audio Detection
audio = if config.sound.enable then
# Configure audio hardware
else null;
```
### Manual Override
Users can override automatic detection:
```nix
# Force NVIDIA configuration even if not detected
omnixy.hardware.nvidia.enable = true;
omnixy.hardware.nvidia.prime = {
enable = true;
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
```
## Power Management
### Laptop Optimization
- Battery life optimization
- CPU frequency scaling
- GPU power states
- Display brightness control
### Desktop Performance
- Maximum performance profiles
- Gaming optimizations
- Content creation acceleration
- Thermal management
## Multi-GPU Systems
### Hybrid Graphics (Optimus/Prime)
- Automatic GPU switching
- Application-specific GPU assignment
- Power saving when not gaming
- External display routing
### Multi-GPU Rendering
- SLI/CrossFire support where applicable
- Compute workload distribution
- Mining/AI acceleration setup
## Hardware-Specific Optimizations
### Gaming Configuration
```nix
omnixy.hardware.gaming = {
enable = true;
performance = "high";
gpu = "nvidia"; # or "amd" or "intel"
};
```
### Content Creation
```nix
omnixy.hardware.creation = {
enable = true;
audio.lowLatency = true;
gpu.acceleration = true;
};
```
### Development Workstation
```nix
omnixy.hardware.development = {
enable = true;
containers = true;
virtualization = true;
};
```
## Troubleshooting
### Hardware Detection Issues
- Check `lspci` output for hardware presence
- Verify kernel module loading
- Check hardware compatibility lists
### Driver Problems
- Use hardware-specific logs
- Check driver version compatibility
- Verify configuration syntax
### Performance Issues
- Monitor hardware utilization
- Check thermal throttling
- Verify power management settings
## Adding New Hardware Support
### Creating Hardware Modules
1. **Create Module File**:
```nix
# modules/hardware/my-hardware.nix
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.omnixy.hardware.myHardware;
in {
options.omnixy.hardware.myHardware = {
enable = mkEnableOption "My Hardware support";
# Additional options...
};
config = mkIf cfg.enable {
# Hardware configuration
};
}
```
2. **Add to Hardware Module**:
```nix
# In modules/hardware/default.nix
imports = [
# ... existing imports
./my-hardware.nix
];
```
3. **Implement Detection**:
```nix
# Add automatic detection logic
config.omnixy.hardware.myHardware.enable = mkDefault (
# Detection logic here
);
```
### Hardware Module Guidelines
- Use conditional configuration (`mkIf`)
- Provide sensible defaults
- Include performance optimizations
- Document hardware requirements
- Test on multiple hardware configurations
This comprehensive hardware support system ensures OmniXY works optimally across a wide variety of hardware configurations while providing easy customization for specific needs.

6
modules/hardware/amd.nix
View File

@@ -18,14 +18,14 @@ with lib;
nvtopPackages.amd
];
# OpenGL packages for AMD
hardware.opengl.extraPackages = with pkgs; [
# Graphics packages for AMD
hardware.graphics.extraPackages = with pkgs; [
amdvlk
rocm-opencl-icd
rocm-opencl-runtime
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [
driversi686Linux.amdvlk
];

2
modules/hardware/audio.nix
View File

@@ -34,7 +34,7 @@ with lib;
];
# Disable PulseAudio (conflicts with PipeWire)
hardware.pulseaudio.enable = false;
services.pulseaudio.enable = false;
# Audio group for user
users.groups.audio = {};

6
modules/hardware/intel.nix
View File

@@ -21,15 +21,15 @@ with lib;
nvtopPackages.intel
];
# OpenGL packages for Intel (already configured in default.nix)
hardware.opengl.extraPackages = with pkgs; [
# Graphics packages for Intel (already configured in default.nix)
hardware.graphics.extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
intel-compute-runtime
intel-ocl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiIntel
];

4
modules/hardware/nvidia.nix
View File

@@ -25,8 +25,8 @@ with lib;
nvtopPackages.nvidia
];
# OpenGL packages for NVIDIA
hardware.opengl.extraPackages = with pkgs; [
# Graphics packages for NVIDIA
hardware.graphics.extraPackages = with pkgs; [
nvidia-vaapi-driver
vaapiVdpau
libvdpau-va-gl

2
modules/hardware/touchpad.nix
View File

@@ -7,7 +7,7 @@ with lib;
config = mkIf config.hardware.touchpad.enable {
# Touchpad support via libinput
services.xserver.libinput = {
services.libinput = {
enable = true;
touchpad = {
tapping = true;

20
modules/menus.nix
View File

@@ -498,32 +498,32 @@ in
];
# Shell aliases for easy access
omnixy.forUser {
home-manager.users.${config.omnixy.user} = {
programs.bash.shellAliases = {
menu = "omnixy-menu";
themes = "omnixy-theme-picker";
rebuild = "omnixy-rebuild";
update = "omnixy-update";
rebuild = mkDefault "omnixy-rebuild";
update = mkDefault "omnixy-update";
info = "omnixy-info";
clean = "omnixy-clean";
clean = mkDefault "omnixy-clean";
};
programs.zsh.shellAliases = {
menu = "omnixy-menu";
themes = "omnixy-theme-picker";
rebuild = "omnixy-rebuild";
update = "omnixy-update";
rebuild = mkDefault "omnixy-rebuild";
update = mkDefault "omnixy-update";
info = "omnixy-info";
clean = "omnixy-clean";
clean = mkDefault "omnixy-clean";
};
programs.fish.shellAliases = {
menu = "omnixy-menu";
themes = "omnixy-theme-picker";
rebuild = "omnixy-rebuild";
update = "omnixy-update";
rebuild = mkDefault "omnixy-rebuild";
update = mkDefault "omnixy-update";
info = "omnixy-info";
clean = "omnixy-clean";
clean = mkDefault "omnixy-clean";
};
};
};

2
modules/packages.nix
View File

@@ -127,7 +127,7 @@ in
# Development packages
++ optionals cfg.packages.categories.development [
# Editors and IDEs
neovim
# neovim (configured via home-manager programs.neovim)
emacs
vscode
jetbrains.idea-community

769
modules/security.nix
View File

@@ -17,6 +17,295 @@ let
hasFido2Device = ''
${pkgs.libfido2}/bin/fido2-token -L 2>/dev/null | grep -q "dev:"
'';
# Security management scripts
securityScripts = [
# Fingerprint management
(omnixy.makeScript "omnixy-fingerprint" "Manage fingerprint authentication" ''
case "$1" in
"setup"|"enroll")
echo "🔐 OmniXY Fingerprint Setup"
echo ""
# Check for fingerprint hardware
if ! (${hasFingerprintReader}); then
echo " No fingerprint reader detected!"
echo " Supported devices: Synaptics, Goodix, Elan, Validity sensors"
exit 1
fi
echo " Fingerprint reader detected"
# Check if fprintd service is running
if ! systemctl is-active fprintd >/dev/null 2>&1; then
echo "🔄 Starting fingerprint service..."
sudo systemctl start fprintd
fi
echo "👆 Please follow the prompts to enroll your fingerprint"
echo " You'll need to scan your finger multiple times"
echo
# Enroll fingerprint
${pkgs.fprintd}/bin/fprintd-enroll "$USER"
if [ $? -eq 0 ]; then
echo
echo " Fingerprint enrolled successfully!"
echo "💡 You can now use your fingerprint for:"
echo " - sudo commands"
echo " - System authentication dialogs"
echo " - Screen unlock (if supported)"
else
echo " Fingerprint enrollment failed"
exit 1
fi
;;
"test"|"verify")
echo "🔐 Testing fingerprint authentication..."
if ! (${hasFingerprintReader}); then
echo " No fingerprint reader detected!"
exit 1
fi
echo "👆 Please scan your enrolled finger"
${pkgs.fprintd}/bin/fprintd-verify "$USER"
if [ $? -eq 0 ]; then
echo " Fingerprint verification successful!"
else
echo " Fingerprint verification failed"
echo "💡 Try: omnixy-fingerprint setup"
fi
;;
"remove"|"delete")
echo "🗑 Removing fingerprint data..."
${pkgs.fprintd}/bin/fprintd-delete "$USER"
echo " Fingerprint data removed"
;;
"list")
echo "📋 Enrolled fingerprints:"
${pkgs.fprintd}/bin/fprintd-list "$USER" 2>/dev/null || echo " No fingerprints enrolled"
;;
*)
echo "🔐 OmniXY Fingerprint Management"
echo
echo "Usage: omnixy-fingerprint <command>"
echo
echo "Commands:"
echo " setup, enroll - Enroll a new fingerprint"
echo " test, verify - Test fingerprint authentication"
echo " remove, delete - Remove enrolled fingerprints"
echo " list - List enrolled fingerprints"
echo
# Show hardware status
if (${hasFingerprintReader}); then
echo "Hardware: Fingerprint reader detected"
else
echo "Hardware: No fingerprint reader found"
fi
# Show service status
if systemctl is-active fprintd >/dev/null 2>&1; then
echo "Service: fprintd running"
else
echo "Service: fprintd not running"
fi
;;
esac
'')
# FIDO2 management
(omnixy.makeScript "omnixy-fido2" "Manage FIDO2/WebAuthn authentication" ''
case "$1" in
"setup"|"register")
echo "🔑 OmniXY FIDO2 Setup"
echo ""
# Check for FIDO2 hardware
if ! (${hasFido2Device}); then
echo " No FIDO2 device detected!"
echo " Please insert a FIDO2 security key (YubiKey, etc.)"
exit 1
fi
echo " FIDO2 device detected:"
${pkgs.libfido2}/bin/fido2-token -L
echo
# Register device
echo "🔑 Please touch your security key when prompted..."
output=$(${pkgs.pam_u2f}/bin/pamu2fcfg -u "$USER")
if [ $? -eq 0 ] && [ -n "$output" ]; then
# Save to system configuration
echo "$output" | sudo tee -a /etc/fido2/fido2 >/dev/null
echo " FIDO2 device registered successfully!"
echo "💡 You can now use your security key for:"
echo " - sudo commands"
echo " - System authentication dialogs"
echo " - Screen unlock"
else
echo " FIDO2 device registration failed"
exit 1
fi
;;
"test")
echo "🔑 Testing FIDO2 authentication..."
if [ ! -s /etc/fido2/fido2 ]; then
echo " No FIDO2 devices registered"
echo "💡 Try: omnixy-fido2 setup"
exit 1
fi
echo "🔑 Please touch your security key..."
# Test by trying to authenticate with PAM
echo "Authentication test complete"
;;
"list")
echo "📋 Registered FIDO2 devices:"
if [ -f /etc/fido2/fido2 ]; then
cat /etc/fido2/fido2 | while read -r line; do
if [ -n "$line" ]; then
echo " Device: ''${line%%:*}"
fi
done
else
echo " No devices registered"
fi
;;
"remove")
echo "🗑 Removing FIDO2 configuration..."
sudo rm -f /etc/fido2/fido2
sudo touch /etc/fido2/fido2
echo " All FIDO2 devices removed"
;;
*)
echo "🔑 OmniXY FIDO2 Management"
echo
echo "Usage: omnixy-fido2 <command>"
echo
echo "Commands:"
echo " setup, register - Register a new FIDO2 device"
echo " test - Test FIDO2 authentication"
echo " list - List registered devices"
echo " remove - Remove all registered devices"
echo
# Show hardware status
if (${hasFido2Device}); then
echo "Hardware: FIDO2 device detected"
else
echo "Hardware: No FIDO2 device found"
fi
# Show configuration status
if [ -s /etc/fido2/fido2 ]; then
echo "Config: Devices registered"
else
echo "Config: No devices registered"
fi
;;
esac
'')
# Security status and management
(omnixy.makeScript "omnixy-security" "Security status and management" ''
case "$1" in
"status")
echo "🔒 OmniXY Security Status"
echo ""
echo
# Hardware detection
echo "🔧 Hardware:"
if (${hasFingerprintReader}); then
echo " Fingerprint reader detected"
else
echo " No fingerprint reader"
fi
if (${hasFido2Device}); then
echo " FIDO2 device detected"
else
echo " No FIDO2 device"
fi
echo
# Services
echo "🛡 Services:"
printf " fprintd: "
if systemctl is-active fprintd >/dev/null 2>&1; then
echo " running"
else
echo " stopped"
fi
printf " firewall: "
if systemctl is-active ufw >/dev/null 2>&1; then
echo " active"
else
echo " inactive"
fi
echo
# Configuration
echo " Configuration:"
if [ -s /etc/fido2/fido2 ]; then
device_count=$(wc -l < /etc/fido2/fido2)
echo " FIDO2: $device_count device(s) registered"
else
echo " FIDO2: no devices registered"
fi
fingerprint_count=$(${pkgs.fprintd}/bin/fprintd-list "$USER" 2>/dev/null | wc -l || echo "0")
if [ "$fingerprint_count" -gt 0 ]; then
echo " Fingerprint: enrolled"
else
echo " Fingerprint: not enrolled"
fi
;;
"reset-lockout")
echo "🔓 Resetting account lockout..."
sudo ${pkgs.util-linux}/bin/faillock --user "$USER" --reset
echo " Account lockout reset"
;;
"firewall")
echo "🛡 Firewall status:"
sudo ufw status verbose
;;
*)
echo "🔒 OmniXY Security Management"
echo
echo "Usage: omnixy-security <command>"
echo
echo "Commands:"
echo " status - Show security status"
echo " reset-lockout - Reset failed login attempts"
echo " firewall - Show firewall status"
echo
echo "Related commands:"
echo " omnixy-fingerprint - Manage fingerprint authentication"
echo " omnixy-fido2 - Manage FIDO2 authentication"
;;
esac
'')
];
in
{
options.omnixy.security = {
@@ -68,8 +357,8 @@ in
};
config = mkIf (cfg.enable or true) {
# Security packages
environment.systemPackages = with pkgs; [
# Security packages and management scripts (consolidated)
environment.systemPackages = (with pkgs; [
# Fingerprint authentication
fprintd
@@ -80,10 +369,9 @@ in
# Security utilities
usbutils
pciutils
# Firewall management
ufw
];
]) ++ [
# Security management scripts defined below
] ++ securityScripts;
# Fingerprint authentication configuration
services.fprintd = mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
@@ -91,72 +379,19 @@ in
package = pkgs.fprintd;
};
# PAM configuration for fingerprint
security.pam.services = mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
# Enable fingerprint for sudo
sudo.fprintAuth = true;
# Security configuration (consolidated)
security = {
# Sudo security configuration
sudo = mkMerge [
(mkIf cfg.systemHardening.enable {
enable = true;
wheelNeedsPassword = true;
execWheelOnly = true;
})
];
# Enable fingerprint for polkit (system authentication)
polkit-1 = {
fprintAuth = true;
text = ''
auth sufficient pam_fprintd.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
'';
};
# Enable for login if using display manager
login.fprintAuth = mkDefault true;
# Enable for screen lock
hyprlock = mkIf (config.omnixy.desktop.enable or false) {
fprintAuth = true;
text = ''
auth sufficient pam_fprintd.so
auth include system-auth
account include system-auth
'';
};
};
# FIDO2 authentication configuration
security.pam.services = mkIf (cfg.fido2.enable) {
# FIDO2 for sudo
sudo = {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
};
# FIDO2 for polkit
polkit-1 = {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
};
# FIDO2 for screen lock
hyprlock = mkIf (config.omnixy.desktop.enable or false) {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
};
};
# System hardening configuration
security = mkIf cfg.systemHardening.enable {
# Sudo security
sudo = {
enable = true;
wheelNeedsPassword = true;
execWheelOnly = true;
};
# Polkit security
polkit = {
# Polkit security configuration
polkit = mkIf cfg.systemHardening.enable {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
@@ -169,37 +404,90 @@ in
'';
};
# Account lockout protection
pam.loginLimits = mkIf cfg.systemHardening.faillock.enable [
{
domain = "*";
type = "hard";
item = "core";
value = "0";
}
];
};
# PAM configuration for authentication methods
pam = {
# Login limits for account lockout protection
loginLimits = mkIf cfg.systemHardening.faillock.enable [
{
domain = "*";
type = "hard";
item = "core";
value = "0";
}
];
# Faillock configuration
security.pam.services.system-auth = mkIf cfg.systemHardening.faillock.enable {
text = mkAfter ''
auth required pam_faillock.so preauth
auth required pam_faillock.so authfail deny=${toString cfg.systemHardening.faillock.denyAttempts} unlock_time=${toString cfg.systemHardening.faillock.unlockTime}
account required pam_faillock.so
'';
# PAM services configuration
services = {
# Sudo configuration
sudo = mkMerge [
(mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
fprintAuth = true;
})
(mkIf cfg.fido2.enable {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
})
];
# Polkit configuration
polkit-1 = mkMerge [
(mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
fprintAuth = true;
text = ''
auth sufficient pam_fprintd.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
'';
})
(mkIf cfg.fido2.enable {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
})
];
# Login configuration
login = mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
fprintAuth = mkDefault true;
};
# Screen lock configuration
hyprlock = mkIf (config.omnixy.desktop.enable or false) (mkMerge [
(mkIf (cfg.fingerprint.enable or cfg.fingerprint.autoDetect) {
fprintAuth = true;
text = ''
auth sufficient pam_fprintd.so
auth include system-auth
account include system-auth
'';
})
(mkIf cfg.fido2.enable {
text = mkBefore ''
auth sufficient pam_u2f.so cue authfile=/etc/fido2/fido2
'';
})
]);
# Faillock configuration for system-auth
system-auth = mkIf cfg.systemHardening.faillock.enable {
text = mkAfter ''
auth required pam_faillock.so preauth
auth required pam_faillock.so authfail deny=${toString cfg.systemHardening.faillock.denyAttempts} unlock_time=${toString cfg.systemHardening.faillock.unlockTime}
account required pam_faillock.so
'';
};
};
};
};
# Firewall configuration
networking.firewall = mkIf cfg.systemHardening.enable {
enable = true;
# Default deny incoming, allow outgoing
defaultPolicy = {
default = "deny";
defaultOutput = "allow";
};
# Essential services
# Essential services (NixOS firewall denies by default)
allowedTCPPorts = [ 22 ]; # SSH
allowedUDPPorts = [ 53317 ]; # LocalSend
allowedTCPPortRanges = [
@@ -219,297 +507,10 @@ in
fi
'';
# Security management scripts
environment.systemPackages = [
# Fingerprint management
(omnixy.makeScript "omnixy-fingerprint" "Manage fingerprint authentication" ''
case "$1" in
"setup"|"enroll")
echo "🔐 OmniXY Fingerprint Setup"
echo ""
# Check for fingerprint hardware
if ! ${hasFingerprintReader}; then
echo " No fingerprint reader detected!"
echo " Supported devices: Synaptics, Goodix, Elan, Validity sensors"
exit 1
fi
echo " Fingerprint reader detected"
# Check if fprintd service is running
if ! systemctl is-active fprintd >/dev/null 2>&1; then
echo "🔄 Starting fingerprint service..."
sudo systemctl start fprintd
fi
echo "👆 Please follow the prompts to enroll your fingerprint"
echo " You'll need to scan your finger multiple times"
echo
# Enroll fingerprint
${pkgs.fprintd}/bin/fprintd-enroll "$USER"
if [ $? -eq 0 ]; then
echo
echo " Fingerprint enrolled successfully!"
echo "💡 You can now use your fingerprint for:"
echo " - sudo commands"
echo " - System authentication dialogs"
echo " - Screen unlock (if supported)"
else
echo " Fingerprint enrollment failed"
exit 1
fi
;;
"test"|"verify")
echo "🔐 Testing fingerprint authentication..."
if ! ${hasFingerprintReader}; then
echo " No fingerprint reader detected!"
exit 1
fi
echo "👆 Please scan your enrolled finger"
${pkgs.fprintd}/bin/fprintd-verify "$USER"
if [ $? -eq 0 ]; then
echo " Fingerprint verification successful!"
else
echo " Fingerprint verification failed"
echo "💡 Try: omnixy-fingerprint setup"
fi
;;
"remove"|"delete")
echo "🗑 Removing fingerprint data..."
${pkgs.fprintd}/bin/fprintd-delete "$USER"
echo " Fingerprint data removed"
;;
"list")
echo "📋 Enrolled fingerprints:"
${pkgs.fprintd}/bin/fprintd-list "$USER" 2>/dev/null || echo " No fingerprints enrolled"
;;
*)
echo "🔐 OmniXY Fingerprint Management"
echo
echo "Usage: omnixy-fingerprint <command>"
echo
echo "Commands:"
echo " setup, enroll - Enroll a new fingerprint"
echo " test, verify - Test fingerprint authentication"
echo " remove, delete - Remove enrolled fingerprints"
echo " list - List enrolled fingerprints"
echo
# Show hardware status
if ${hasFingerprintReader}; then
echo "Hardware: Fingerprint reader detected"
else
echo "Hardware: No fingerprint reader found"
fi
# Show service status
if systemctl is-active fprintd >/dev/null 2>&1; then
echo "Service: fprintd running"
else
echo "Service: fprintd not running"
fi
;;
esac
'')
# FIDO2 management
(omnixy.makeScript "omnixy-fido2" "Manage FIDO2/WebAuthn authentication" ''
case "$1" in
"setup"|"register")
echo "🔑 OmniXY FIDO2 Setup"
echo ""
# Check for FIDO2 hardware
if ! ${hasFido2Device}; then
echo " No FIDO2 device detected!"
echo " Please insert a FIDO2 security key (YubiKey, etc.)"
exit 1
fi
echo " FIDO2 device detected:"
${pkgs.libfido2}/bin/fido2-token -L
echo
# Register device
echo "🔑 Please touch your security key when prompted..."
output=$(${pkgs.pam_u2f}/bin/pamu2fcfg -u "$USER")
if [ $? -eq 0 ] && [ -n "$output" ]; then
# Save to system configuration
echo "$output" | sudo tee -a /etc/fido2/fido2 >/dev/null
echo " FIDO2 device registered successfully!"
echo "💡 You can now use your security key for:"
echo " - sudo commands"
echo " - System authentication dialogs"
echo " - Screen unlock"
else
echo " FIDO2 device registration failed"
exit 1
fi
;;
"test")
echo "🔑 Testing FIDO2 authentication..."
if [ ! -s /etc/fido2/fido2 ]; then
echo " No FIDO2 devices registered"
echo "💡 Try: omnixy-fido2 setup"
exit 1
fi
echo "🔑 Please touch your security key..."
# Test by trying to authenticate with PAM
echo "Authentication test complete"
;;
"list")
echo "📋 Registered FIDO2 devices:"
if [ -f /etc/fido2/fido2 ]; then
cat /etc/fido2/fido2 | while read -r line; do
if [ -n "$line" ]; then
echo " Device: ''${line%%:*}"
fi
done
else
echo " No devices registered"
fi
;;
"remove")
echo "🗑 Removing FIDO2 configuration..."
sudo rm -f /etc/fido2/fido2
sudo touch /etc/fido2/fido2
echo " All FIDO2 devices removed"
;;
*)
echo "🔑 OmniXY FIDO2 Management"
echo
echo "Usage: omnixy-fido2 <command>"
echo
echo "Commands:"
echo " setup, register - Register a new FIDO2 device"
echo " test - Test FIDO2 authentication"
echo " list - List registered devices"
echo " remove - Remove all registered devices"
echo
# Show hardware status
if ${hasFido2Device}; then
echo "Hardware: FIDO2 device detected"
else
echo "Hardware: No FIDO2 device found"
fi
# Show configuration status
if [ -s /etc/fido2/fido2 ]; then
echo "Config: Devices registered"
else
echo "Config: No devices registered"
fi
;;
esac
'')
# Security status and management
(omnixy.makeScript "omnixy-security" "Security status and management" ''
case "$1" in
"status")
echo "🔒 OmniXY Security Status"
echo ""
echo
# Hardware detection
echo "🔧 Hardware:"
if ${hasFingerprintReader}; then
echo " Fingerprint reader detected"
else
echo " No fingerprint reader"
fi
if ${hasFido2Device}; then
echo " FIDO2 device detected"
else
echo " No FIDO2 device"
fi
echo
# Services
echo "🛡 Services:"
printf " fprintd: "
if systemctl is-active fprintd >/dev/null 2>&1; then
echo " running"
else
echo " stopped"
fi
printf " firewall: "
if systemctl is-active ufw >/dev/null 2>&1; then
echo " active"
else
echo " inactive"
fi
echo
# Configuration
echo " Configuration:"
if [ -s /etc/fido2/fido2 ]; then
device_count=$(wc -l < /etc/fido2/fido2)
echo " FIDO2: $device_count device(s) registered"
else
echo " FIDO2: no devices registered"
fi
fingerprint_count=$(${pkgs.fprintd}/bin/fprintd-list "$USER" 2>/dev/null | wc -l || echo "0")
if [ "$fingerprint_count" -gt 0 ]; then
echo " Fingerprint: enrolled"
else
echo " Fingerprint: not enrolled"
fi
;;
"reset-lockout")
echo "🔓 Resetting account lockout..."
sudo ${pkgs.util-linux}/bin/faillock --user "$USER" --reset
echo " Account lockout reset"
;;
"firewall")
echo "🛡 Firewall status:"
sudo ufw status verbose
;;
*)
echo "🔒 OmniXY Security Management"
echo
echo "Usage: omnixy-security <command>"
echo
echo "Commands:"
echo " status - Show security status"
echo " reset-lockout - Reset failed login attempts"
echo " firewall - Show firewall status"
echo
echo "Related commands:"
echo " omnixy-fingerprint - Manage fingerprint authentication"
echo " omnixy-fido2 - Manage FIDO2 authentication"
;;
esac
'')
];
# Security management scripts are now defined in the let block above
# Add to main menu integration
omnixy.forUser {
home-manager.users.${config.omnixy.user} = {
programs.bash.shellAliases = {
fingerprint = "omnixy-fingerprint";
fido2 = "omnixy-fido2";

26
modules/services.nix
View File

@@ -29,17 +29,10 @@ in
enable = true;
# Display Manager disabled - using greetd instead
displayManager.gdm.enable = false;
# (moved to services.displayManager.gdm.enable)
# Touchpad support
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
tapping = true;
clickMethod = "clickfinger";
};
};
# Touchpad support (moved to services.libinput)
# libinput configuration moved to services.libinput
# Keyboard layout
xkb = {
@@ -49,6 +42,19 @@ in
};
};
# Display Manager (disabled - using greetd instead)
displayManager.gdm.enable = false;
# Touchpad support
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
tapping = true;
clickMethod = "clickfinger";
};
};
# Printing support
printing = {
enable = true;

308
modules/themes/README.md Normal file
View File

@@ -0,0 +1,308 @@
# Themes Directory - OmniXY Theme System
The `modules/themes/` directory contains complete theme definitions that provide unified styling across all applications and desktop components in OmniXY. Each theme is a self-contained Nix module that configures colors, fonts, and appearance settings system-wide.
## Theme Architecture
Each theme module follows this structure:
```nix
{ config, lib, pkgs, ... }:
let
# Color palette definitions
colors = {
primary = "#7aa2f7";
background = "#1a1b26";
# ... more colors
};
in {
# Theme configuration for all applications
config = lib.mkIf (config.omnixy.theme == "theme-name") {
# Application configurations
};
}
```
## Available Themes
OmniXY includes 11 carefully crafted themes:
### Dark Themes
#### `tokyo-night.nix` (Default)
**Inspiration**: Tokyo's neon-lit nights
**Palette**: Deep blues and vibrant accents
**Character**: Modern, clean, high contrast
**Best for**: Programming, late-night work
**Key Colors**:
- Background: `#1a1b26` (Dark navy)
- Primary: `#7aa2f7` (Bright blue)
- Accent: `#bb9af7` (Purple)
- Success: `#9ece6a` (Green)
- Warning: `#e0af68` (Orange)
#### `catppuccin.nix`
**Inspiration**: Warm, cozy coffee shop
**Palette**: Soft pastels with warm undertones
**Character**: Soothing, gentle on eyes
**Best for**: Long coding sessions, reading
**Key Colors**:
- Background: `#1e1e2e` (Warm dark)
- Primary: `#cba6f7` (Soft purple)
- Accent: `#f38ba8` (Rose)
- Success: `#a6e3a1` (Mint green)
#### `gruvbox.nix`
**Inspiration**: Retro terminal aesthetics
**Palette**: Warm earth tones
**Character**: Vintage, comfortable, nostalgic
**Best for**: Terminal work, distraction-free coding
#### `nord.nix`
**Inspiration**: Arctic, Scandinavian minimalism
**Palette**: Cool blues and grays
**Character**: Clean, minimal, professional
**Best for**: Focus work, professional environments
#### `everforest.nix`
**Inspiration**: Deep forest, natural greens
**Palette**: Forest greens with earth accents
**Character**: Calm, natural, easy on eyes
**Best for**: Long work sessions, nature lovers
#### `rose-pine.nix`
**Inspiration**: English countryside
**Palette**: Muted roses and soft pinks
**Character**: Elegant, sophisticated, gentle
**Best for**: Creative work, design
#### `kanagawa.nix`
**Inspiration**: Japanese woodblock prints
**Palette**: Traditional Japanese colors
**Character**: Artistic, cultural, balanced
**Best for**: Creative coding, artistic work
#### `matte-black.nix`
**Inspiration**: Minimalist design
**Palette**: True blacks and whites
**Character**: Stark, minimal, high contrast
**Best for**: Focus, minimal distractions
#### `osaka-jade.nix`
**Inspiration**: Japanese jade and bamboo
**Palette**: Jade greens with natural accents
**Character**: Serene, balanced, harmonious
**Best for**: Meditation coding, calm work
#### `ristretto.nix`
**Inspiration**: Dark roasted coffee
**Palette**: Rich browns and warm tones
**Character**: Warm, cozy, comfortable
**Best for**: Coffee shop coding, warm environments
### Light Theme
#### `catppuccin-latte.nix`
**Inspiration**: Light coffee, morning work
**Palette**: Soft pastels on light background
**Character**: Bright, energetic, clean
**Best for**: Daytime work, bright environments
## Theme Components
Each theme configures these application categories:
### Terminal Applications
- **Alacritty**: Terminal colors and transparency
- **Kitty**: Color scheme and font rendering
- **Shell**: Prompt colors and syntax highlighting
### Text Editors
- **Neovim**: Syntax highlighting and UI colors
- **VSCode**: Editor theme and syntax colors
- **Terminal editors**: Vim, nano color schemes
### Desktop Environment
- **Hyprland**: Window borders, gaps, animations
- **Waybar**: Panel colors, module styling
- **Rofi/Launchers**: Menu and selection colors
### System UI
- **GTK**: System-wide GTK application theming
- **Qt**: Qt application color schemes
- **Icon themes**: Matching icon sets
### Notification System
- **Mako**: Notification colors and styling
- **System notifications**: Alert and info colors
### Development Tools
- **Git tools**: Diff colors, status indicators
- **Lazygit**: TUI color scheme
- **Development containers**: Terminal themes
## Theme Implementation
### Color Management
Each theme defines a comprehensive color palette:
```nix
colors = {
# Base colors
bg = "#1a1b26"; # Background
fg = "#c0caf5"; # Foreground text
# Accent colors
blue = "#7aa2f7"; # Primary blue
cyan = "#7dcfff"; # Cyan accents
green = "#9ece6a"; # Success/positive
yellow = "#e0af68"; # Warnings
red = "#f7768e"; # Errors/critical
purple = "#bb9af7"; # Special/accent
# UI colors
border = "#414868"; # Window borders
selection = "#364a82"; # Text selection
comment = "#565f89"; # Comments/inactive
};
```
### Application Configuration
Colors are applied consistently across applications:
```nix
# Alacritty terminal configuration
programs.alacritty.settings = {
colors = {
primary = {
background = colors.bg;
foreground = colors.fg;
};
normal = {
black = colors.bg;
blue = colors.blue;
# ... more colors
};
};
};
```
### Dynamic Application
Themes are applied conditionally:
```nix
config = lib.mkIf (config.omnixy.theme == "tokyo-night") {
# All theme configurations here
};
```
## Theme Switching
### Command Line
```bash
# List available themes
omnixy theme list
# Switch theme
omnixy theme set gruvbox
# Get current theme
omnixy theme get
```
### System Integration
Theme switching:
1. Updates `configuration.nix` with new theme
2. Rebuilds system configuration
3. All applications automatically use new colors
4. No manual restart required for most applications
### Scriptable Interface
```bash
# Automated theme switching
current=$(omnixy --quiet theme get)
omnixy theme list --quiet | grep -v "$current" | head -1 | xargs omnixy theme set
# JSON output for automation
omnixy --json theme list | jq -r '.available[]'
```
## Creating Custom Themes
### 1. Copy Existing Theme
```bash
cp modules/themes/tokyo-night.nix modules/themes/my-theme.nix
```
### 2. Define Color Palette
```nix
let
colors = {
bg = "#your-bg-color";
fg = "#your-fg-color";
# Define your complete palette
};
```
### 3. Update Theme Condition
```nix
config = lib.mkIf (config.omnixy.theme == "my-theme") {
# Theme configurations
};
```
### 4. Add to Available Themes
Update theme management scripts to include your new theme.
### 5. Test and Iterate
```bash
# Test your theme
omnixy theme set my-theme
# Make adjustments and rebuild
omnixy-rebuild
```
## Theme Guidelines
### Color Accessibility
- Ensure adequate contrast ratios (4.5:1 for normal text)
- Test with color blindness simulators
- Provide clear visual hierarchy
### Consistency
- Use semantic color naming (primary, secondary, accent)
- Maintain consistent color relationships
- Apply colors systematically across applications
### Performance
- Avoid complex color calculations
- Use static color definitions
- Test theme switching performance
### Documentation
- Document color meanings and usage
- Provide theme inspiration and character
- Include screenshots or examples
## Theme Validation
### Color Contrast Testing
```bash
# Test theme accessibility
omnixy theme set my-theme
# Use accessibility tools to check contrast ratios
```
### Visual Testing
- Test all major applications
- Verify readability in different lighting
- Check consistency across different screen types
### Integration Testing
- Ensure theme switching works properly
- Verify all applications receive theme updates
- Test with different desktop configurations
This comprehensive theme system ensures a cohesive, beautiful, and customizable visual experience across the entire OmniXY desktop environment.

2
modules/users.nix
View File

@@ -55,7 +55,7 @@ in
# security.pam.enableEcryptfs = true;
# Automatic login (disable for production)
services.xserver.displayManager.autoLogin = {
services.displayManager.autoLogin = {
enable = false;
user = cfg.user;
};

42
modules/walker.nix
View File

@@ -11,9 +11,26 @@ let
in
{
config = mkIf (cfg.enable or true) {
# Add walker to system packages
environment.systemPackages = with pkgs; [
# Add walker and convenience scripts to system packages
environment.systemPackages = (with pkgs; [
walker
]) ++ [
# Convenience scripts
(omnixy.makeScript "omnixy-launcher" "Launch OmniXY app launcher" ''
walker --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-run" "Quick command runner" ''
walker --modules runner --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-apps" "Application launcher" ''
walker --modules applications --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-files" "File finder" ''
walker --modules finder --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
];
# Create Walker configuration
@@ -368,7 +385,7 @@ in
'';
# Add to user environment
omnixy.forUser {
home-manager.users.${config.omnixy.user} = {
# Set XDG config dir for Walker
xdg.configFile."walker/config.json".source =
config.environment.etc."omnixy/walker/config.json".source;
@@ -400,23 +417,6 @@ in
};
};
# Create convenience scripts
environment.systemPackages = [
(omnixy.makeScript "omnixy-launcher" "Launch OmniXY app launcher" ''
walker --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-run" "Quick command runner" ''
walker --modules runner --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-apps" "Application launcher" ''
walker --modules applications --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
(omnixy.makeScript "omnixy-files" "File finder" ''
walker --modules finder --config ~/.config/walker/config.json --css ~/.config/walker/themes/style.css
'')
];
# Convenience scripts are now consolidated above
};
}