diff --git a/README.md b/README.md index b6bf36cf..12dce171 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # NixOS Configuration Repository ## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ -* `git clone https://git.sysctl.io/albert/nix /etc/nixos/git && ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix` +``` +git clone https://git.sysctl.io/albert/nix /etc/nixos/git +ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix +nixos-rebuild switch --flake '/etc/nixos#' +``` --- # To Do List diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index d7f3c2b9..00000000 --- a/configuration.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ lib, config, pkgs, ... }: { - imports = [ - # Services - ./services/openssh.nix - ./services/promtail.nix - ./services/fail2ban.nix - ./services/telegraf.nix - - # Modules - ./modules/nixos.nix # General NixOS items. Flake enablement, etc - ./modules/secureboot.nix # Secureboot Configs - ./modules/fonts.nix # Font Configs - ./modules/networking.nix # Initial Networking configs - ]; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Define a user account. - users.users.albert = { - isNormalUser = true; - description = "Albert J. Copeland"; - extraGroups = [ "networkmanager" "wheel" "video" "dbus" ]; - # video is required for the "light" command to work - hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; - }; - - # List packages installed in system profile - environment.systemPackages = with pkgs; [ - sbctl - powerline-go - wget - killall - neovim - git - duf - curl - htop - btop - iftop - nload - iotop - glxinfo - tailscale - neofetch - gnupg - fail2ban - ]; - - # Enable tailscale - services = { - tailscale.enable = true; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - # system.stateVersion = "23.05"; # Did you read the comment? - system.stateVersion = "unstable"; -} diff --git a/desktops/common.nix b/desktops/common.nix deleted file mode 100644 index 36c62ebc..00000000 --- a/desktops/common.nix +++ /dev/null @@ -1,19 +0,0 @@ -# If a GUI is enabled, install GUI apps: -{ lib, pkgs, config, ... }: { - users.users.albert = { - packages = with pkgs; [ - firefox - thunderbird - bitwarden - steam - lutris - vlc - ]; - }; - - imports = [ - # Software configurations - ../software/firefox.nix - ../software/weechat.nix - ]; -} \ No newline at end of file diff --git a/desktops/kde.nix b/desktops/kde.nix deleted file mode 100644 index 985690b3..00000000 --- a/desktops/kde.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, ... }: { - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - # Configure keymap in X11 - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = ""; - autorun = true; - videoDrivers = [ "nvidia" ]; - }; - - services.xserver = { - displayManager.gdm.enable = true; - desktopManager.plasma5.enable = true; - }; -} diff --git a/desktops/sway.nix b/desktops/sway.nix deleted file mode 100644 index b02331b7..00000000 --- a/desktops/sway.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, pkgs, ... }: { - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - # Configure keymap in X11 - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = ""; - autorun = true; - }; - - programs.sway = { - enable = true; - }; -} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 71eeff1a..a9ca18eb 100644 --- a/flake.nix +++ b/flake.nix @@ -1,94 +1,30 @@ -{ - # INFORMATION - # When building for a system, remember to change the hostname variable below +{ description = "NixOS System Config"; - inputs = { - # NixOS packages - unstable-nixpkgs.url = "nixpkgs/nixos-unstable"; - - # Manage dotfiles in a home directory - home-manager.url = "github:nix-community/home-manager/release-23.05"; - home-manager.inputs.nixpkgs.follows = "unstable-nixpkgs"; - - # Secureboot Configuration - lanzaboote.url = "github:nix-community/lanzaboote"; - lanzaboote.inputs.nixpkgs.follows = "unstable-nixpkgs"; - - # Nix User Repository - nur.url = "github:nix-community/NUR"; - - # Hardware support - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - - # Encrypted secrets in Nix configuration files - sops-nix.url = "github:Mic92/sops-nix"; + nixpkgs.url = "nixpkgs/nixos-unstable"; # NixOS packages + home-manager.url = "github:nix-community/home-manager/release-23.05"; # Manage dotfiles in a home directory + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote.url = "github:nix-community/lanzaboote"; # Secureboot Configuration + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + nur.url = "github:nix-community/NUR"; # Nix User Repository + sops-nix.url = "github:Mic92/sops-nix"; # Encrypted secrets in Nix configuration files }; - - outputs = { - self, - unstable-nixpkgs, - home-manager, - lanzaboote, - nur, - sops-nix, - nixos-hardware, - ... + outputs = { + self, nixpkgs, home-manager, lanzaboote, nur, sops-nix, ... }@inputs: let - # Variables - Remember to set these - hostname = "nixos-laptop"; # Should probably set this in a minimal configuration.nix? - system = "x86_64-linux"; + inherit (self) outputs; + stateVersion = "unstable"; hmStateVersion = "23.05"; - - pkgs = import unstable-nixpkgs { - inherit system; - config = { allowUnfree = true; }; - }; - - lib = unstable-nixpkgs.lib; + libx = import ./lib { inherit inputs outputs stateVersion; }; in { - # NixOS Configuration files: nixosConfigurations = { - # Declare a generic configuration using the $hostname variable: - ${hostname} = lib.nixosSystem { - inherit system; - specialArgs = { - inherit hostname; - }; - modules = [ - # Configuration Imports - ./configuration.nix # Common NixOS Configuration - ./hosts/${hostname} # Hardware-specific Configuration - - # Flake Imports - sops-nix.nixosModules.sops # Handle secrets - lanzaboote.nixosModules.lanzaboote # SecureBoot Configuration - nur.nixosModules.nur # NixOS User Repository - # nixos-hardware.nixosModules.lenovo-thinkpad-p1 # Thinkpad P1 hardware configuration - - # Home Manager settings - home-manager.nixosModules.home-manager { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.albert.imports = [ - ({ config, ... }: import ./users/albert/home.nix { - inherit config pkgs hostname hmStateVersion; - }) - ]; - users.root.imports = [ - ({ config, ... }: import ./users/root/home.nix { - inherit config pkgs hostname hmStateVersion; - }) - ]; - }; # home-manager - nixpkgs.overlays = [ - nur.overlay - ]; - } # home-manager - ]; # modules - }; # lib.nixosSystem - ${hostname} - }; # nixosConfiguration - }; # in + nixos-laptop = libx.nixosSystem { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; }; + nixos-desktop = libx.nixosSystem { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; }; + }; + homeConfigurations = { + "albert@nixos-laptop" = libx.mkHome { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; }; + "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; }; + }; + }; } diff --git a/home-manager/bash.nix b/home-manager/common/software/cli/bash.nix similarity index 100% rename from home-manager/bash.nix rename to home-manager/common/software/cli/bash.nix diff --git a/home-manager/btop.nix b/home-manager/common/software/cli/btop.nix similarity index 100% rename from home-manager/btop.nix rename to home-manager/common/software/cli/btop.nix diff --git a/home-manager/git.nix b/home-manager/common/software/cli/git.nix similarity index 95% rename from home-manager/git.nix rename to home-manager/common/software/cli/git.nix index da5fba9c..6e038ad6 100644 --- a/home-manager/git.nix +++ b/home-manager/common/software/cli/git.nix @@ -1,13 +1,7 @@ { config, pkgs, ... }: { programs.git = { enable = true; - userName = "albert"; - userEmail = "albert@sysctl.io"; extraConfig = { - core.askPass = "false"; - credential.helper = "cache --timeout=25920000"; - user.signingkey = "64F6C4EB46C4543A"; - commit.gpgsign = "true"; alias.a = "add --all"; alias.ai = "add -i"; alias.ap = "apply"; diff --git a/home-manager/kitty.nix b/home-manager/common/software/cli/kitty.nix similarity index 100% rename from home-manager/kitty.nix rename to home-manager/common/software/cli/kitty.nix diff --git a/home-manager/neofetch.nix b/home-manager/common/software/cli/neofetch.nix similarity index 100% rename from home-manager/neofetch.nix rename to home-manager/common/software/cli/neofetch.nix diff --git a/home-manager/neovim.nix b/home-manager/common/software/cli/neovim.nix similarity index 100% rename from home-manager/neovim.nix rename to home-manager/common/software/cli/neovim.nix diff --git a/home-manager/firefox.nix b/home-manager/common/software/gui/firefox.nix similarity index 100% rename from home-manager/firefox.nix rename to home-manager/common/software/gui/firefox.nix diff --git a/home-manager/thunderbird.nix b/home-manager/common/software/gui/thunderbird.nix similarity index 100% rename from home-manager/thunderbird.nix rename to home-manager/common/software/gui/thunderbird.nix diff --git a/home-manager/default.nix b/home-manager/default.nix index d8f82139..72bec1ef 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -1,11 +1,19 @@ -{ config, pkgs, hostname, ... }: { +{ config, pkgs, hostname, username, desktop, hmStateVersion, ... }: { imports = [ - ./bash.nix - ./btop.nix - ./firefox.nix - ./git.nix - ./neovim.nix - ./neofetch.nix - ./kitty.nix - ]; + # Common app configs + ./common/software/cli/bash.nix + ./common/software/cli/btop.nix + ./common/software/cli/git.nix + ./common/software/cli/kitty.nix + ./common/software/cli/neofetch.nix + ./common/software/cli/neovim.nix + + # User configs + ./users/${username} + ] + ++ lib.optional (builtins.isString.desktop) [ + ./common/software/gui/firefox.nix + ./common/software/gui/thunderbird.nix + ./hosts/${hostname}/desktops/${desktop} + ] } \ No newline at end of file diff --git a/hosts/nixos-laptop/home-manager/gnome/default.nix b/home-manager/hosts/nixos-laptop/desktops/gnome/default.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/gnome/default.nix rename to home-manager/hosts/nixos-laptop/desktops/gnome/default.nix diff --git a/hosts/nixos-laptop/home-manager/gnome/gnome-conf.nix b/home-manager/hosts/nixos-laptop/desktops/gnome/gnome-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/gnome/gnome-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/gnome/gnome-conf.nix diff --git a/hosts/nixos-laptop/home-manager/gnome/gnome-terminal-conf.nix b/home-manager/hosts/nixos-laptop/desktops/gnome/gnome-terminal-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/gnome/gnome-terminal-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/gnome/gnome-terminal-conf.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/default.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/default.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/default.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/default.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/hyprland-conf.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/hyprland-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/hyprland-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/hyprland-conf.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/mako-conf.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/mako-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/mako-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/mako-conf.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/rofi-conf.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/rofi-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/rofi-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/rofi-conf.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/swaylock-conf.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/swaylock-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/swaylock-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/swaylock-conf.nix diff --git a/hosts/nixos-laptop/home-manager/hyprland/waybar-conf.nix b/home-manager/hosts/nixos-laptop/desktops/hyprland/waybar-conf.nix similarity index 100% rename from hosts/nixos-laptop/home-manager/hyprland/waybar-conf.nix rename to home-manager/hosts/nixos-laptop/desktops/hyprland/waybar-conf.nix diff --git a/users/albert/home.nix b/home-manager/users/albert/home.nix similarity index 77% rename from users/albert/home.nix rename to home-manager/users/albert/home.nix index 8c4546e1..297e7ca5 100644 --- a/users/albert/home.nix +++ b/home-manager/users/albert/home.nix @@ -1,12 +1,16 @@ { config, pkgs, hostname, hmStateVersion, ... }: { - home.stateVersion = "${hmStateVersion}"; - imports = [ - # Host specific Configs: - ../../hosts/${hostname}/home-manager + home.stateVersion = hmStateVersion; - # Universal Configs: - ../../home-manager - ]; + programs.git = { + userName = "albert"; + userEmail = "albert@sysctl.io"; + extraConfig = { + core.askPass = "false"; + credential.helper = "cache --timeout=25920000"; + user.signingkey = "64F6C4EB46C4543A"; + commit.gpgsign = "true"; + }; + } accounts = { email = { diff --git a/hosts/nixos-laptop/default.nix b/hosts/nixos-laptop/default.nix deleted file mode 100644 index b5a4122c..00000000 --- a/hosts/nixos-laptop/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ imports, ... }: { - imports = [ - # imports.nixos-hardware.nixosModules.lenovo-thinkpad-p1 - ./nixos - # home-manager is imported from users/user/home.nix - ]; -} \ No newline at end of file diff --git a/hosts/nixos-laptop/home-manager/default.nix b/hosts/nixos-laptop/home-manager/default.nix deleted file mode 100644 index f9be9370..00000000 --- a/hosts/nixos-laptop/home-manager/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, hostname, ... }: { - imports = [ - # ./hyprland - ./gnome - ]; -} \ No newline at end of file diff --git a/hosts/nixos-laptop/nixos/default.nix b/hosts/nixos-laptop/nixos/default.nix deleted file mode 100644 index 6662490d..00000000 --- a/hosts/nixos-laptop/nixos/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, hostname, ... }: { - imports = [ - ./hardware-configuration.nix - ./configuration.nix - ]; -} \ No newline at end of file diff --git a/hosts/nixos-laptop/nixos/hardware-configuration.nix b/hosts/nixos-laptop/nixos/hardware-configuration.nix deleted file mode 100644 index 18edb689..00000000 --- a/hosts/nixos-laptop/nixos/hardware-configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "acpi_call" ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/ROOT"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1"; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; - - # Enable Swap on LUKS - boot.initrd.luks.devices."SWAP" = { - device = "/dev/nvme0n1p2"; - keyFile = "/crypto_keyfile.bin"; - }; - - # Set up the keyfile - boot.initrd.secrets."/crypto_keyfile.bin" = null; - # Hibernation resume device - boot.resumeDevice = "/dev/disk/by-label/SWAP"; - # Confirm the swap devices - swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} \ No newline at end of file diff --git a/desktops/gnome.nix b/nixos/common/desktops/gnome/default.nix similarity index 91% rename from desktops/gnome.nix rename to nixos/common/desktops/gnome/default.nix index 6bd2bb37..b57c3e62 100644 --- a/desktops/gnome.nix +++ b/nixos/common/desktops/gnome/default.nix @@ -117,21 +117,16 @@ # Gnome relevant packages gnome3.gnome-tweaks papirus-icon-theme - - # General packages - # https://github.com/gvolpe/dconf2nix - dconf2nix + dconf2nix # https://github.com/gvolpe/dconf2nix ]; imports = [ # Gnome Themes - ./gnome/themes/gruvbox.nix - ./gnome/themes/tokyo-night.nix - ./gnome/themes/nordic.nix - ./gnome/themes/vimix.nix - ./gnome/themes/fluent.nix + ./themes/gruvbox.nix + ./themes/tokyo-night.nix + ./themes/nordic.nix + ./themes/vimix.nix + ./themes/fluent.nix # You may need to edit which theme you're using in dconf.nix if you remove themes ]; - # Idea... Move these to a separate file and tie it into dconf - # sections that load the theme automatically when I want it. } diff --git a/desktops/gnome/themes/fluent.nix b/nixos/common/desktops/gnome/themes/fluent.nix similarity index 100% rename from desktops/gnome/themes/fluent.nix rename to nixos/common/desktops/gnome/themes/fluent.nix diff --git a/desktops/gnome/themes/gruvbox.nix b/nixos/common/desktops/gnome/themes/gruvbox.nix similarity index 100% rename from desktops/gnome/themes/gruvbox.nix rename to nixos/common/desktops/gnome/themes/gruvbox.nix diff --git a/desktops/gnome/themes/nordic.nix b/nixos/common/desktops/gnome/themes/nordic.nix similarity index 100% rename from desktops/gnome/themes/nordic.nix rename to nixos/common/desktops/gnome/themes/nordic.nix diff --git a/desktops/gnome/themes/tokyo-night.nix b/nixos/common/desktops/gnome/themes/tokyo-night.nix similarity index 100% rename from desktops/gnome/themes/tokyo-night.nix rename to nixos/common/desktops/gnome/themes/tokyo-night.nix diff --git a/desktops/gnome/themes/vimix.nix b/nixos/common/desktops/gnome/themes/vimix.nix similarity index 100% rename from desktops/gnome/themes/vimix.nix rename to nixos/common/desktops/gnome/themes/vimix.nix diff --git a/desktops/hyprland.nix b/nixos/common/desktops/hyprland/default.nix similarity index 100% rename from desktops/hyprland.nix rename to nixos/common/desktops/hyprland/default.nix diff --git a/modules/fonts.nix b/nixos/common/modules/fonts.nix similarity index 100% rename from modules/fonts.nix rename to nixos/common/modules/fonts.nix diff --git a/modules/networking.nix b/nixos/common/modules/networking.nix similarity index 85% rename from modules/networking.nix rename to nixos/common/modules/networking.nix index b5dba826..d326dd2e 100644 --- a/modules/networking.nix +++ b/nixos/common/modules/networking.nix @@ -11,7 +11,6 @@ enable = true; allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; - interfaces.tailscale0.allowedTCPPorts = [ 22 ]; }; }; } \ No newline at end of file diff --git a/modules/nixos.nix b/nixos/common/modules/nixos.nix similarity index 88% rename from modules/nixos.nix rename to nixos/common/modules/nixos.nix index b8293c8b..46be0a58 100644 --- a/modules/nixos.nix +++ b/nixos/common/modules/nixos.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: { +{ ... }: { # Enable flakes: https://nixos.wiki/wiki/Flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/modules/secureboot.nix b/nixos/common/modules/secureboot.nix similarity index 100% rename from modules/secureboot.nix rename to nixos/common/modules/secureboot.nix diff --git a/services/fail2ban.nix b/nixos/common/services/fail2ban.nix similarity index 100% rename from services/fail2ban.nix rename to nixos/common/services/fail2ban.nix diff --git a/nixos/common/services/fwupd.nix b/nixos/common/services/fwupd.nix new file mode 100644 index 00000000..a73b86aa --- /dev/null +++ b/nixos/common/services/fwupd.nix @@ -0,0 +1,3 @@ +_: { + services.fwupd.enable = true; +} \ No newline at end of file diff --git a/services/openssh.nix b/nixos/common/services/openssh.nix similarity index 100% rename from services/openssh.nix rename to nixos/common/services/openssh.nix diff --git a/modules/powertop.nix b/nixos/common/services/powertop.nix similarity index 100% rename from modules/powertop.nix rename to nixos/common/services/powertop.nix diff --git a/services/promtail.nix b/nixos/common/services/promtail.nix similarity index 100% rename from services/promtail.nix rename to nixos/common/services/promtail.nix diff --git a/nixos/common/services/tailscale.nix b/nixos/common/services/tailscale.nix new file mode 100644 index 00000000..f2d266e4 --- /dev/null +++ b/nixos/common/services/tailscale.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: { + # Enable tailscale and open port 22 on it + services = { tailscale.enable = true; }; + firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; +} \ No newline at end of file diff --git a/services/telegraf.nix b/nixos/common/services/telegraf.nix similarity index 100% rename from services/telegraf.nix rename to nixos/common/services/telegraf.nix diff --git a/software/firefox.nix b/nixos/common/software/gui/firefox.nix similarity index 100% rename from software/firefox.nix rename to nixos/common/software/gui/firefox.nix diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 00000000..28c61b4d --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,56 @@ +{ lib, config, pkgs, hostname, stateVersion, username, desktop, ... }: { + imports = [ + # Services + ./common/services/openssh.nix + ./common/services/promtail.nix + ./common/services/fail2ban.nix + ./common/services/telegraf.nix + ./common/services/tailscale.nix + ./common/services/fwupd.nix + + # Modules + ./common/modules/fonts.nix # Font Configs + ./common/modules/networking.nix # Initial Networking configs + ./common/modules/nixos.nix # NixOS related items + + ./users/${username} + ./hosts/${hostname} + ] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop}; + + # List packages installed in system profile + environment.systemPackages = with pkgs; [ + sbctl + powerline-go + wget + killall + curl + glxinfo + neofetch + rsync + gnupg + git + duf + du-dust + home-manager + btop + iftop + nload + iotop + ]; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + system.stateVersion = stateVersion; +} diff --git a/hosts/nixos-desktop/gnome-dconf.nix b/nixos/hosts/nixos-desktop/gnome-dconf.nix similarity index 100% rename from hosts/nixos-desktop/gnome-dconf.nix rename to nixos/hosts/nixos-desktop/gnome-dconf.nix diff --git a/hosts/nixos-laptop/nixos/configuration.nix b/nixos/hosts/nixos-laptop/default.nix similarity index 53% rename from hosts/nixos-laptop/nixos/configuration.nix rename to nixos/hosts/nixos-laptop/default.nix index 329dbc99..32918cea 100644 --- a/hosts/nixos-laptop/nixos/configuration.nix +++ b/nixos/hosts/nixos-laptop/default.nix @@ -1,14 +1,45 @@ -{ lib, config, pkgs, ... }: { - +{ config, lib, pkgs, modulesPath, desktop, username ... }: { imports = [ - # Desktop Environments - ../../../desktops/common.nix - # ../../../desktops/hyprland.nix - ../../../desktops/gnome.nix - # Power Mamagement - ../../../modules/powertop.nix + ../../common/services/powertop.nix # PowerTop + ../../common/modules/secureboot.nix # SecureBoot ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "acpi_call" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1"; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + # Enable Swap on LUKS + boot.initrd.luks.devices."SWAP" = { + device = "/dev/nvme0n1p2"; + keyFile = "/crypto_keyfile.bin"; + }; + + # Set up the keyfile + boot.initrd.secrets."/crypto_keyfile.bin" = null; + # Hibernation resume device + boot.resumeDevice = "/dev/disk/by-label/SWAP"; + # Confirm the swap devices + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # Set your time zone. time.timeZone = "Asia/Tokyo"; @@ -44,9 +75,9 @@ dynamicBoost.enable = true; # nvidiaPersistenced = false; package = config.boot.kernelPackages.nvidiaPackages.latest; - # powerManagement.finegrained = true; - # powerManagement.enable = true; - # modesetting.enable = true; + powerManagement.finegrained = true; + powerManagement.enable = true; + modesetting.enable = true; prime = { reverseSync.enable = true; sync.enable = false; @@ -71,8 +102,10 @@ nvtop-nvidia # Game related things gamemode + # WINE wineWowPackages.stable winetricks wineWowPackages.waylandFull ]; -} + +} \ No newline at end of file diff --git a/nixos/users/albert/default.nix b/nixos/users/albert/default.nix new file mode 100644 index 00000000..b5e61840 --- /dev/null +++ b/nixos/users/albert/default.nix @@ -0,0 +1,12 @@ +{ config, desktop, lib, pkgs, ... }: { + # Define a user account. + imports = [ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix; + users.users.albert = { + isNormalUser = true; + description = "Albert J. Copeland"; + # video is required for the "light" command to work + extraGroups = [ "networkmanager" "wheel" ] ++ ifExists [ "video" ]; + hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; + packages = [ pkgs.home-manager ]; + }; +} \ No newline at end of file diff --git a/nixos/users/albert/desktop.nix b/nixos/users/albert/desktop.nix new file mode 100644 index 00000000..ef2e7f7a --- /dev/null +++ b/nixos/users/albert/desktop.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, desktop, ... }: { + environment.systemPackages = with pkgs; [ + firefox + thunderbird + bitwarden + steam + lutris + vlc + ]; + + imports = [ + ../../common/software/gui/firefox.nix + ]; +} \ No newline at end of file diff --git a/shell.nix b/shell.nix index 66b6fe17..8eb160ac 100644 --- a/shell.nix +++ b/shell.nix @@ -11,26 +11,6 @@ mkShell { "${toString ./.}/keys/hosts" "${toString ./.}/keys/users" ]; - # Also single files can be imported. - #sopsPGPKeys = [ - # "${toString ./.}/keys/users/mic92.asc" - # "${toString ./.}/keys/hosts/server01.asc" - #]; - - # This hook can also import gpg keys into its own seperate - # gpg keyring instead of using the default one. This allows - # to isolate otherwise unrelated server keys from the user gpg keychain. - # By uncommenting the following lines, it will set GNUPGHOME - # to .git/gnupg. - # Storing it inside .git prevents accedentially commiting private keys. - # After setting this option you will also need to import your own - # private key into keyring, i.e. using a a command like this - # (replacing 0000000000000000000000000000000000000000 with your fingerprint) - # $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import - #sopsCreateGPGHome = true; - # To use a different directory for gpg dirs set sopsGPGHome - #sopsGPGHome = "${toString ./.}/../gnupg"; - nativeBuildInputs = [ (pkgs.callPackage sops-nix {}).sops-import-keys-hook ]; diff --git a/software/weechat.nix b/software/weechat.nix deleted file mode 100644 index d0555278..00000000 --- a/software/weechat.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - weechat - weechatScripts.weechat-matrix - ]; -} \ No newline at end of file diff --git a/users/root/home.nix b/users/root/home.nix deleted file mode 100644 index 45180f22..00000000 --- a/users/root/home.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, hostname, hmStateVersion, ... }: { - home.stateVersion = "${hmStateVersion}"; - imports = [ - # Host specific Configs: - # ../../hosts/${hostname}/home-manager - - # Universal Configs: - ../../home-manager - ]; -} \ No newline at end of file