general improvements

1. Security: Navidrome no longer exposed to network (localhost only) 2. Maintainability: Single username definition in flake.nix:45 3. Organization: Kernel params now in configuration.nix, session vars in desktop.nix 4. Automation: Flathub repository added automatically on activation 5. Cleanup: Removed duplicate programs.dconf.enable
2026-02-02 23:39:09 +01:00
parent bf2933d4d6
commit 1a7e86e99e
11 changed files with 43 additions and 43 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -5,6 +5,7 @@
  pkgs,
  inputs,
  lib,
+  username,
  ...
 }:

@@ -35,6 +36,12 @@
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = pkgs.cachyosKernels.linuxPackages-cachyos-latest-x86_64-v3;

+  # Kernel parameters (consolidated from modules)
+  boot.kernelParams = [
+    "amd_pstate=active" # Modern Ryzen power management (from power.nix)
+    "amdgpu.ppfeaturemask=0xffffffff" # Full AMD GPU power features (from gpu-amd.nix)
+  ];
+
  # sched-ext scheduler for gaming performance
  services.scx.enable = true;
  services.scx.scheduler = "scx_lavd"; # Low-latency scheduler, good for gaming
@@ -116,7 +123,7 @@
  # ═══════════════════════════════════════════════════════════════
  # USER
  # ═══════════════════════════════════════════════════════════════
-  users.users.pinj = {
+  users.users.${username} = {
    isNormalUser = true;
    description = "Melvin Ragusa";
    extraGroups = [
--- a/flake.nix
+++ b/flake.nix
@@ -42,11 +42,14 @@
    inputs@{ self, nixpkgs, ... }:
    let
      system = "x86_64-linux";
+      username = "pinj"; # Single source of truth for username
    in
    {
      nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
        inherit system;
-        specialArgs = { inherit inputs; };
+        specialArgs = {
+          inherit inputs username;
+        };
        modules = [
          ./configuration.nix
          { nixpkgs.overlays = [ inputs.nix-cachyos-kernel.overlays.pinned ]; }
--- a/modules/apps.nix
+++ b/modules/apps.nix
@@ -40,7 +40,8 @@
  # Enable Flatpak for additional apps (Feishin, etc.)
  services.flatpak.enable = true;

-  # Add Flathub repository automatically on activation
-  # Run manually after first boot: flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-  # Then install Feishin: flatpak install flathub io.github.feishin.feishin
+  # Automatically add Flathub repository on system activation
+  system.activationScripts.flatpak-flathub.text = ''
+    ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo || true
+  '';
 }
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -73,10 +73,13 @@
    # XDG
    XDG_SESSION_TYPE = "wayland";
    XDG_CURRENT_DESKTOP = "niri";
-  };

-  # Enable dconf for GTK settings
-  programs.dconf.enable = true;
+    # Theming (consolidated from theming.nix)
+    QT_QPA_PLATFORMTHEME = "qt6ct";
+    GTK_THEME = "adw-gtk3-dark";
+    XCURSOR_THEME = "Adwaita";
+    XCURSOR_SIZE = "24";
+  };

  # GNOME services for better desktop integration
  services.gvfs.enable = true; # Virtual filesystem (trash, MTP, SMB)
--- a/modules/dev.nix
+++ b/modules/dev.nix
@@ -4,6 +4,7 @@
  config,
  pkgs,
  lib,
+  username,
  ...
 }:

@@ -21,7 +22,7 @@
  };

  # Add user to docker group
-  users.users.pinj.extraGroups = [ "docker" ];
+  users.users.${username}.extraGroups = [ "docker" ];

  # Direnv for per-project environments
  programs.direnv = {
--- a/modules/gaming.nix
+++ b/modules/gaming.nix
@@ -4,6 +4,7 @@
  config,
  pkgs,
  lib,
+  username,
  ...
 }:

@@ -71,5 +72,5 @@
  ];

  # Add user to gamemode group
-  users.users.pinj.extraGroups = [ "gamemode" ];
+  users.users.${username}.extraGroups = [ "gamemode" ];
 }
--- a/modules/gpu-amd.nix
+++ b/modules/gpu-amd.nix
@@ -4,6 +4,7 @@
  config,
  pkgs,
  lib,
+  username,
  ...
 }:

@@ -39,13 +40,9 @@
  hardware.amdgpu.overdrive.enable = true;

  # Add user to corectrl group for full access without password
-  users.users.pinj.extraGroups = [ "corectrl" ];
+  users.users.${username}.extraGroups = [ "corectrl" ];

-  # Kernel parameters for AMD GPU
-  boot.kernelParams = [
-    # Enable all power management features
-    "amdgpu.ppfeaturemask=0xffffffff"
-  ];
+  # NOTE: Kernel params (amdgpu.ppfeaturemask) are in configuration.nix

  # GPU monitoring tools
  environment.systemPackages = with pkgs; [
--- a/modules/navidrome.nix
+++ b/modules/navidrome.nix
@@ -4,6 +4,7 @@
  config,
  pkgs,
  lib,
+  username,
  ...
 }:

@@ -16,10 +17,11 @@

    settings = {
      # Music library location
-      MusicFolder = "/home/pinj/Music";
+      MusicFolder = "/home/${username}/Music";

      # Server settings
-      Address = "0.0.0.0";
+      # Bind to localhost only - access via Tailscale if needed remotely
+      Address = "127.0.0.1";
      Port = 4533;

      # UI settings
@@ -48,12 +50,12 @@
    };
  };

-  # Open firewall for Navidrome
-  # Remove or comment out if you only access locally
-  networking.firewall.allowedTCPPorts = [ 4533 ];
+  # Firewall not needed - Navidrome binds to localhost only
+  # Uncomment if you need network access:
+  # networking.firewall.allowedTCPPorts = [ 4533 ];

  # Ensure music directory exists and has correct permissions
  systemd.tmpfiles.rules = [
-    "d /home/pinj/Music 0755 pinj users -"
+    "d /home/${username}/Music 0755 ${username} users -"
  ];
 }
--- a/modules/power.nix
+++ b/modules/power.nix
@@ -28,12 +28,5 @@
    power-profiles-daemon # Already enabled as service, CLI tool for control
  ];

-  # ═══════════════════════════════════════════════════════════════
-  # KERNEL PARAMETERS FOR POWER EFFICIENCY
-  # ═══════════════════════════════════════════════════════════════
-  # These help reduce power draw on idle desktop systems
-  boot.kernelParams = [
-    # Enable AMD P-State driver for modern Ryzen CPUs
-    "amd_pstate=active"
-  ];
+  # NOTE: Kernel params (amd_pstate) are in configuration.nix
 }
--- a/modules/theming.nix
+++ b/modules/theming.nix
@@ -80,19 +80,10 @@
  ];

  # ─────────────────────────────────────────────────────────────
-  # Environment Variables for Theming
+  # Cursor and Icon Paths
  # ─────────────────────────────────────────────────────────────
-  environment.sessionVariables = {
-    # Qt platform integration
-    QT_QPA_PLATFORMTHEME = "qt6ct";
-
-    # GTK theme (for apps that don't read dconf)
-    GTK_THEME = "adw-gtk3-dark";
-
-    # Cursor theme
-    XCURSOR_THEME = "Adwaita";
-    XCURSOR_SIZE = "24";
-  };
+  # NOTE: Session variables (GTK_THEME, XCURSOR_*, QT_QPA_PLATFORMTHEME)
+  # are consolidated in desktop.nix

  # Ensure cursor themes are found
  environment.pathsToLink = [ "/share/icons" ];
--- a/modules/virtualization.nix
+++ b/modules/virtualization.nix
@@ -4,6 +4,7 @@
  config,
  pkgs,
  lib,
+  username,
  ...
 }:

@@ -51,7 +52,7 @@
  # ═══════════════════════════════════════════════════════════════
  # USER PERMISSIONS
  # ═══════════════════════════════════════════════════════════════
-  users.users.pinj.extraGroups = [ "libvirtd" ];
+  users.users.${username}.extraGroups = [ "libvirtd" ];

  # ═══════════════════════════════════════════════════════════════
  # DCONF SETTINGS FOR VIRT-MANAGER