commit 3c34a1c20021c8f3d820346e7bb28e9c6ccd104f
parent 67a82122aab7f3f09d70285bbc4da15db0549e3c
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 19 Mar 2025 11:28:13 +0100
parent 67a82122aab7f3f09d70285bbc4da15db0549e3c
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 19 Mar 2025 11:28:13 +0100
modules/nixos/gnome: refactor syntax
1 file changed, 110 insertions(+), 122 deletions(-)
M
|
232
+++++++++++++++++++++++++++++++++++++------------------------------------------
diff --git a/modules/nixos/gnome.nix b/modules/nixos/gnome.nix @@ -52,13 +52,12 @@ in { mutter = prev.mutter.overrideAttrs( prevAttrs: { mesonFlags = [ "-Dinstalled_tests=false" "-Dtests=disabled" "-Ddocs=true" + "-Dx11=false" "-Dxwayland=false" "-Degl_device=true" "-Dwayland_eglstream=true" + "-Dwayland=true" "-Dprofiler=true" "-Dsm=false" - "-Dx11=false" - "-Dxwayland=false" - "-Dwayland=true" ]; buildInputs = (utils.removePackagesByName prevAttrs.buildInputs [ prev.xorg.libSM @@ -159,9 +158,9 @@ in { etc."gdm/custom.conf".source = configFile; systemPackages = with pkgs; [ - gnome-shell (lib.mkIf config.hardware.bluetooth.enable gnome-bluetooth) (lib.mkIf config.services.colord.enable gnome-color-manager) + gnome-shell gnome-control-center ghostty adwaita-icon-theme @@ -183,35 +182,30 @@ in { }; services = { - gvfs.enable = true; - udisks2.enable = true; - libinput.enable = true; - accounts-daemon.enable = true; - pipewire.enable = lib.mkDefault true; - hardware.bolt.enable = lib.mkDefault true; - colord.enable = lib.mkDefault true; - power-profiles-daemon.enable = lib.mkDefault true; - upower.enable = config.powerManagement.enable; - system-config-printer.enable = (lib.mkIf config.services.printing.enable (lib.mkDefault true)); - - gnome = { - glib-networking.enable = true; - gnome-settings-daemon.enable = true; - at-spi2-core.enable = lib.mkDefault true; - gnome-keyring.enable = lib.mkDefault true; - }; - - geoclue2 = { - enable = lib.mkDefault true; - enableDemoAgent = false; # GNOME has its own geoclue agent - appConfig = lib.genAttrs [ "gnome-datetime-panel" "gnome-color-panel" "org.gnome.Shell" ] (name: { - isAllowed = true; - isSystem = true; - }); - }; + gnome.gnome-settings-daemon.enable = true; + gnome.glib-networking.enable = true; + gvfs.enable = true; + udisks2.enable = true; + libinput.enable = true; + accounts-daemon.enable = true; + gnome.at-spi2-core.enable = lib.mkDefault true; + gnome.gnome-keyring.enable = lib.mkDefault true; + pipewire.enable = lib.mkDefault true; + hardware.bolt.enable = lib.mkDefault true; + colord.enable = lib.mkDefault true; + power-profiles-daemon.enable = lib.mkDefault true; + upower.enable = lib.mkDefault config.powerManagement.enable; + system-config-printer.enable = lib.mkDefault config.services.printing.enable; udev.packages = [ pkgs.mutter ]; dbus.packages = [ pkgs.gdm ]; + + geoclue2.enable = lib.mkDefault true; + geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent + geoclue2.appConfig = lib.genAttrs [ "gnome-datetime-panel" "gnome-color-panel" "org.gnome.Shell" ] (name: { + isAllowed = true; + isSystem = true; + }); }; programs = { @@ -226,116 +220,110 @@ in { mime.enable = true; icons.enable = true; - portal = { - enable = true; - configPackages = lib.mkDefault [ pkgs.gnome-session ]; - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - }; + portal.enable = true; + portal.configPackages = lib.mkDefault [ pkgs.gnome-session ]; + portal.extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; }; systemd = { + user.services.dbus.wantedBy = [ "default.target" ]; + + tmpfiles.rules = [ "d /run/gdm/.config 0711 gdm gdm" ]; + packages = with pkgs; [ gdm gnome-session gnome-shell ]; - tmpfiles.rules = [ "d /run/gdm/.config 0711 gdm gdm" ]; - - user.services.dbus.wantedBy = [ "default.target" ]; + # We dont use the upstream gdm service + # it has to be disabled since the gdm package has it + # https://github.com/NixOS/nixpkgs/issues/108672 + services.gdm.enable = false; + + services.display-manager = { + description = "Display Manager"; + + wants = [ "systemd-machined.service" "accounts-daemon.service" ]; + conflicts = [ "getty@${pkgs.gdm.initialVT}.service" "plymouth-quit.service" ]; + onFailure = [ "plymouth-quit.service" ]; + wantedBy = [ "multi-user.target" ]; + after = [ + "systemd-logind.service" "systemd-user-sessions.service" "systemd-machined.service" + "getty@${pkgs.gdm.initialVT}.service" + "acpid.service" + "plymouth-quit.service" "plymouth-start.service" + ]; - services = { - # We dont use the upstream gdm service - # it has to be disabled since the gdm package has it - # https://github.com/NixOS/nixpkgs/issues/108672 - gdm.enable = false; - - display-manager = { - description = "Display Manager"; - - wants = [ "systemd-machined.service" "accounts-daemon.service" ]; - conflicts = [ "getty@${pkgs.gdm.initialVT}.service" "plymouth-quit.service" ]; - onFailure = [ "plymouth-quit.service" ]; - wantedBy = [ "multi-user.target" ]; - after = [ - "systemd-logind.service" "systemd-user-sessions.service" "systemd-machined.service" - "getty@${pkgs.gdm.initialVT}.service" - "acpid.service" - "plymouth-quit.service" "plymouth-start.service" - ]; - - path = [ pkgs.gnome-session ]; - environment = { - XDG_DATA_DIRS = lib.makeSearchPath "share" (with pkgs; [ - gdm - gnome-session.sessions - gnome-control-center # for accessibility icon - adwaita-icon-theme - hicolor-icon-theme - ]); - }; - - serviceConfig = { - KillMode = "mixed"; - IgnoreSIGPIPE = "no"; - BusName = "org.gnome.DisplayManager"; - StandardError = "inherit"; - ExecStart = "${pkgs.gdm}/bin/gdm"; - ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; - KeyringMode = "shared"; - EnvironmentFile = "-/etc/locale.conf"; - Restart = "always"; - RestartSec = "200ms"; - SyslogIdentifier = "display-manager"; - }; - - restartIfChanged = false; - - # Stop restarting if the display manager stops (crashes) 2 times in one minute. - startLimitIntervalSec = 30; - startLimitBurst = 3; + path = [ pkgs.gnome-session ]; + environment = { + XDG_DATA_DIRS = lib.makeSearchPath "share" (with pkgs; [ + gdm + gnome-session.sessions + gnome-control-center # for accessibility icon + adwaita-icon-theme + hicolor-icon-theme + ]); }; - # Prevent nixos-rebuild switch from bringing down the graphical - # session. (If multi-user.target wants plymouth-quit.service which - # conflicts display-manager.service, then when nixos-rebuild - # switch starts multi-user.target, display-manager.service is - # stopped so plymouth-quit.service can be started.) - plymouth-quit = lib.mkIf config.boot.plymouth.enable { - wantedBy = lib.mkForce []; + serviceConfig = { + KillMode = "mixed"; + IgnoreSIGPIPE = "no"; + BusName = "org.gnome.DisplayManager"; + StandardError = "inherit"; + ExecStart = "${pkgs.gdm}/bin/gdm"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; + KeyringMode = "shared"; + EnvironmentFile = "-/etc/locale.conf"; + Restart = "always"; + RestartSec = "200ms"; + SyslogIdentifier = "display-manager"; }; + + restartIfChanged = false; + + # Stop restarting if the display manager stops (crashes) 2 times in one minute. + startLimitIntervalSec = 30; + startLimitBurst = 3; + }; + + # Prevent nixos-rebuild switch from bringing down the graphical + # session. (If multi-user.target wants plymouth-quit.service which + # conflicts display-manager.service, then when nixos-rebuild + # switch starts multi-user.target, display-manager.service is + # stopped so plymouth-quit.service can be started.) + services.plymouth-quit = lib.mkIf config.boot.plymouth.enable { + wantedBy = lib.mkForce []; }; }; # GDM LFS PAM modules, adapted somehow to NixOS - security.pam.services = { - gdm-launch-environment.text = '' - auth required pam_succeed_if.so audit quiet_success user = gdm - auth optional pam_permit.so - - account required pam_succeed_if.so audit quiet_success user = gdm - account sufficient pam_unix.so - - password required pam_deny.so - - session required pam_succeed_if.so audit quiet_success user = gdm - session required pam_env.so conffile=/etc/pam/environment readenv=0 - session optional ${config.systemd.package}/lib/security/pam_systemd.so - session optional pam_keyinit.so force revoke - session optional pam_permit.so - ''; - - gdm-password.text = '' - auth substack login - account include login - password substack login - session include login - ''; - }; + security.pam.services.gdm-launch-environment.text = '' + auth required pam_succeed_if.so audit quiet_success user = gdm + auth optional pam_permit.so + + account required pam_succeed_if.so audit quiet_success user = gdm + account sufficient pam_unix.so + + password required pam_deny.so + + session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_env.so conffile=/etc/pam/environment readenv=0 + session optional ${config.systemd.package}/lib/security/pam_systemd.so + session optional pam_keyinit.so force revoke + session optional pam_permit.so + ''; + + security.pam.services.gdm-password.text = '' + auth substack login + account include login + password substack login + session include login + ''; }; }