This gon' break everything
This commit is contained in:
parent
91d18780a5
commit
1ff7ca7f10
56 changed files with 196 additions and 375 deletions
|
@ -1,6 +1,10 @@
|
||||||
# NixOS Configuration Repository
|
# NixOS Configuration Repository
|
||||||
## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
|
## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
|
||||||
* `git clone https://git.sysctl.io/albert/nix /etc/nixos/git && ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix`
|
```
|
||||||
|
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
|
||||||
|
ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
|
||||||
|
nixos-rebuild switch --flake '/etc/nixos#<HOSTNAME>'
|
||||||
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
# To Do List
|
# To Do List
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
{ lib, config, pkgs, ... }: {
|
|
||||||
imports = [
|
|
||||||
# Services
|
|
||||||
./services/openssh.nix
|
|
||||||
./services/promtail.nix
|
|
||||||
./services/fail2ban.nix
|
|
||||||
./services/telegraf.nix
|
|
||||||
|
|
||||||
# Modules
|
|
||||||
./modules/nixos.nix # General NixOS items. Flake enablement, etc
|
|
||||||
./modules/secureboot.nix # Secureboot Configs
|
|
||||||
./modules/fonts.nix # Font Configs
|
|
||||||
./modules/networking.nix # Initial Networking configs
|
|
||||||
];
|
|
||||||
|
|
||||||
# Allow unfree packages
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
|
|
||||||
i18n.extraLocaleSettings = {
|
|
||||||
LC_ADDRESS = "en_US.UTF-8";
|
|
||||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
||||||
LC_MEASUREMENT = "en_US.UTF-8";
|
|
||||||
LC_MONETARY = "en_US.UTF-8";
|
|
||||||
LC_NAME = "en_US.UTF-8";
|
|
||||||
LC_NUMERIC = "en_US.UTF-8";
|
|
||||||
LC_PAPER = "en_US.UTF-8";
|
|
||||||
LC_TELEPHONE = "en_US.UTF-8";
|
|
||||||
LC_TIME = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Define a user account.
|
|
||||||
users.users.albert = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "Albert J. Copeland";
|
|
||||||
extraGroups = [ "networkmanager" "wheel" "video" "dbus" ];
|
|
||||||
# video is required for the "light" command to work
|
|
||||||
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
|
||||||
};
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
sbctl
|
|
||||||
powerline-go
|
|
||||||
wget
|
|
||||||
killall
|
|
||||||
neovim
|
|
||||||
git
|
|
||||||
duf
|
|
||||||
curl
|
|
||||||
htop
|
|
||||||
btop
|
|
||||||
iftop
|
|
||||||
nload
|
|
||||||
iotop
|
|
||||||
glxinfo
|
|
||||||
tailscale
|
|
||||||
neofetch
|
|
||||||
gnupg
|
|
||||||
fail2ban
|
|
||||||
];
|
|
||||||
|
|
||||||
# Enable tailscale
|
|
||||||
services = {
|
|
||||||
tailscale.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
# system.stateVersion = "23.05"; # Did you read the comment?
|
|
||||||
system.stateVersion = "unstable";
|
|
||||||
}
|
|
|
@ -1,19 +0,0 @@
|
||||||
# If a GUI is enabled, install GUI apps:
|
|
||||||
{ lib, pkgs, config, ... }: {
|
|
||||||
users.users.albert = {
|
|
||||||
packages = with pkgs; [
|
|
||||||
firefox
|
|
||||||
thunderbird
|
|
||||||
bitwarden
|
|
||||||
steam
|
|
||||||
lutris
|
|
||||||
vlc
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
# Software configurations
|
|
||||||
../software/firefox.nix
|
|
||||||
../software/weechat.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
{ config, pkgs, ... }: {
|
|
||||||
|
|
||||||
# Enable sound with pipewire.
|
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = false;
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
|
||||||
services.xserver = {
|
|
||||||
enable = true;
|
|
||||||
layout = "us";
|
|
||||||
xkbVariant = "";
|
|
||||||
autorun = true;
|
|
||||||
videoDrivers = [ "nvidia" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
displayManager.gdm.enable = true;
|
|
||||||
desktopManager.plasma5.enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ config, pkgs, ... }: {
|
|
||||||
# Enable sound with pipewire.
|
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = false;
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
|
||||||
services.xserver = {
|
|
||||||
enable = true;
|
|
||||||
layout = "us";
|
|
||||||
xkbVariant = "";
|
|
||||||
autorun = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.sway = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
102
flake.nix
102
flake.nix
|
@ -1,94 +1,30 @@
|
||||||
{
|
{
|
||||||
# INFORMATION
|
|
||||||
# When building for a system, remember to change the hostname variable below
|
|
||||||
description = "NixOS System Config";
|
description = "NixOS System Config";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# NixOS packages
|
nixpkgs.url = "nixpkgs/nixos-unstable"; # NixOS packages
|
||||||
unstable-nixpkgs.url = "nixpkgs/nixos-unstable";
|
home-manager.url = "github:nix-community/home-manager/release-23.05"; # Manage dotfiles in a home directory
|
||||||
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
# Manage dotfiles in a home directory
|
lanzaboote.url = "github:nix-community/lanzaboote"; # Secureboot Configuration
|
||||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
home-manager.inputs.nixpkgs.follows = "unstable-nixpkgs";
|
nur.url = "github:nix-community/NUR"; # Nix User Repository
|
||||||
|
sops-nix.url = "github:Mic92/sops-nix"; # Encrypted secrets in Nix configuration files
|
||||||
# Secureboot Configuration
|
|
||||||
lanzaboote.url = "github:nix-community/lanzaboote";
|
|
||||||
lanzaboote.inputs.nixpkgs.follows = "unstable-nixpkgs";
|
|
||||||
|
|
||||||
# Nix User Repository
|
|
||||||
nur.url = "github:nix-community/NUR";
|
|
||||||
|
|
||||||
# Hardware support
|
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
||||||
|
|
||||||
# Encrypted secrets in Nix configuration files
|
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
self,
|
self, nixpkgs, home-manager, lanzaboote, nur, sops-nix, ...
|
||||||
unstable-nixpkgs,
|
|
||||||
home-manager,
|
|
||||||
lanzaboote,
|
|
||||||
nur,
|
|
||||||
sops-nix,
|
|
||||||
nixos-hardware,
|
|
||||||
...
|
|
||||||
}@inputs:
|
}@inputs:
|
||||||
let
|
let
|
||||||
# Variables - Remember to set these
|
inherit (self) outputs;
|
||||||
hostname = "nixos-laptop"; # Should probably set this in a minimal configuration.nix?
|
stateVersion = "unstable";
|
||||||
system = "x86_64-linux";
|
|
||||||
hmStateVersion = "23.05";
|
hmStateVersion = "23.05";
|
||||||
|
libx = import ./lib { inherit inputs outputs stateVersion; };
|
||||||
pkgs = import unstable-nixpkgs {
|
|
||||||
inherit system;
|
|
||||||
config = { allowUnfree = true; };
|
|
||||||
};
|
|
||||||
|
|
||||||
lib = unstable-nixpkgs.lib;
|
|
||||||
in {
|
in {
|
||||||
# NixOS Configuration files:
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
# Declare a generic configuration using the $hostname variable:
|
nixos-laptop = libx.nixosSystem { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; };
|
||||||
${hostname} = lib.nixosSystem {
|
nixos-desktop = libx.nixosSystem { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; };
|
||||||
inherit system;
|
};
|
||||||
specialArgs = {
|
homeConfigurations = {
|
||||||
inherit hostname;
|
"albert@nixos-laptop" = libx.mkHome { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; };
|
||||||
};
|
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; };
|
||||||
modules = [
|
};
|
||||||
# Configuration Imports
|
};
|
||||||
./configuration.nix # Common NixOS Configuration
|
|
||||||
./hosts/${hostname} # Hardware-specific Configuration
|
|
||||||
|
|
||||||
# Flake Imports
|
|
||||||
sops-nix.nixosModules.sops # Handle secrets
|
|
||||||
lanzaboote.nixosModules.lanzaboote # SecureBoot Configuration
|
|
||||||
nur.nixosModules.nur # NixOS User Repository
|
|
||||||
# nixos-hardware.nixosModules.lenovo-thinkpad-p1 # Thinkpad P1 hardware configuration
|
|
||||||
|
|
||||||
# Home Manager settings
|
|
||||||
home-manager.nixosModules.home-manager {
|
|
||||||
home-manager = {
|
|
||||||
useGlobalPkgs = true;
|
|
||||||
useUserPackages = true;
|
|
||||||
users.albert.imports = [
|
|
||||||
({ config, ... }: import ./users/albert/home.nix {
|
|
||||||
inherit config pkgs hostname hmStateVersion;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
users.root.imports = [
|
|
||||||
({ config, ... }: import ./users/root/home.nix {
|
|
||||||
inherit config pkgs hostname hmStateVersion;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}; # home-manager
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
nur.overlay
|
|
||||||
];
|
|
||||||
} # home-manager
|
|
||||||
]; # modules
|
|
||||||
}; # lib.nixosSystem - ${hostname}
|
|
||||||
}; # nixosConfiguration
|
|
||||||
}; # in
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,7 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
userName = "albert";
|
|
||||||
userEmail = "albert@sysctl.io";
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
core.askPass = "false";
|
|
||||||
credential.helper = "cache --timeout=25920000";
|
|
||||||
user.signingkey = "64F6C4EB46C4543A";
|
|
||||||
commit.gpgsign = "true";
|
|
||||||
alias.a = "add --all";
|
alias.a = "add --all";
|
||||||
alias.ai = "add -i";
|
alias.ai = "add -i";
|
||||||
alias.ap = "apply";
|
alias.ap = "apply";
|
|
@ -1,11 +1,19 @@
|
||||||
{ config, pkgs, hostname, ... }: {
|
{ config, pkgs, hostname, username, desktop, hmStateVersion, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./bash.nix
|
# Common app configs
|
||||||
./btop.nix
|
./common/software/cli/bash.nix
|
||||||
./firefox.nix
|
./common/software/cli/btop.nix
|
||||||
./git.nix
|
./common/software/cli/git.nix
|
||||||
./neovim.nix
|
./common/software/cli/kitty.nix
|
||||||
./neofetch.nix
|
./common/software/cli/neofetch.nix
|
||||||
./kitty.nix
|
./common/software/cli/neovim.nix
|
||||||
];
|
|
||||||
|
# User configs
|
||||||
|
./users/${username}
|
||||||
|
]
|
||||||
|
++ lib.optional (builtins.isString.desktop) [
|
||||||
|
./common/software/gui/firefox.nix
|
||||||
|
./common/software/gui/thunderbird.nix
|
||||||
|
./hosts/${hostname}/desktops/${desktop}
|
||||||
|
]
|
||||||
}
|
}
|
|
@ -1,12 +1,16 @@
|
||||||
{ config, pkgs, hostname, hmStateVersion, ... }: {
|
{ config, pkgs, hostname, hmStateVersion, ... }: {
|
||||||
home.stateVersion = "${hmStateVersion}";
|
home.stateVersion = hmStateVersion;
|
||||||
imports = [
|
|
||||||
# Host specific Configs:
|
|
||||||
../../hosts/${hostname}/home-manager
|
|
||||||
|
|
||||||
# Universal Configs:
|
programs.git = {
|
||||||
../../home-manager
|
userName = "albert";
|
||||||
];
|
userEmail = "albert@sysctl.io";
|
||||||
|
extraConfig = {
|
||||||
|
core.askPass = "false";
|
||||||
|
credential.helper = "cache --timeout=25920000";
|
||||||
|
user.signingkey = "64F6C4EB46C4543A";
|
||||||
|
commit.gpgsign = "true";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
accounts = {
|
accounts = {
|
||||||
email = {
|
email = {
|
|
@ -1,7 +0,0 @@
|
||||||
{ imports, ... }: {
|
|
||||||
imports = [
|
|
||||||
# imports.nixos-hardware.nixosModules.lenovo-thinkpad-p1
|
|
||||||
./nixos
|
|
||||||
# home-manager is imported from users/user/home.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ config, pkgs, hostname, ... }: {
|
|
||||||
imports = [
|
|
||||||
# ./hyprland
|
|
||||||
./gnome
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ config, pkgs, hostname, ... }: {
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./configuration.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,39 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }: {
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
|
|
||||||
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/ROOT";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=@" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-label/BOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable Swap on LUKS
|
|
||||||
boot.initrd.luks.devices."SWAP" = {
|
|
||||||
device = "/dev/nvme0n1p2";
|
|
||||||
keyFile = "/crypto_keyfile.bin";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Set up the keyfile
|
|
||||||
boot.initrd.secrets."/crypto_keyfile.bin" = null;
|
|
||||||
# Hibernation resume device
|
|
||||||
boot.resumeDevice = "/dev/disk/by-label/SWAP";
|
|
||||||
# Confirm the swap devices
|
|
||||||
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
|
@ -117,21 +117,16 @@
|
||||||
# Gnome relevant packages
|
# Gnome relevant packages
|
||||||
gnome3.gnome-tweaks
|
gnome3.gnome-tweaks
|
||||||
papirus-icon-theme
|
papirus-icon-theme
|
||||||
|
dconf2nix # https://github.com/gvolpe/dconf2nix
|
||||||
# General packages
|
|
||||||
# https://github.com/gvolpe/dconf2nix
|
|
||||||
dconf2nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
# Gnome Themes
|
# Gnome Themes
|
||||||
./gnome/themes/gruvbox.nix
|
./themes/gruvbox.nix
|
||||||
./gnome/themes/tokyo-night.nix
|
./themes/tokyo-night.nix
|
||||||
./gnome/themes/nordic.nix
|
./themes/nordic.nix
|
||||||
./gnome/themes/vimix.nix
|
./themes/vimix.nix
|
||||||
./gnome/themes/fluent.nix
|
./themes/fluent.nix
|
||||||
# You may need to edit which theme you're using in dconf.nix if you remove themes
|
# You may need to edit which theme you're using in dconf.nix if you remove themes
|
||||||
];
|
];
|
||||||
# Idea... Move these to a separate file and tie it into dconf
|
|
||||||
# sections that load the theme automatically when I want it.
|
|
||||||
}
|
}
|
|
@ -11,7 +11,6 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ ];
|
allowedTCPPorts = [ ];
|
||||||
allowedUDPPorts = [ ];
|
allowedUDPPorts = [ ];
|
||||||
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ... }: {
|
{ ... }: {
|
||||||
# Enable flakes: https://nixos.wiki/wiki/Flakes
|
# Enable flakes: https://nixos.wiki/wiki/Flakes
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
3
nixos/common/services/fwupd.nix
Normal file
3
nixos/common/services/fwupd.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
_: {
|
||||||
|
services.fwupd.enable = true;
|
||||||
|
}
|
5
nixos/common/services/tailscale.nix
Normal file
5
nixos/common/services/tailscale.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
# Enable tailscale and open port 22 on it
|
||||||
|
services = { tailscale.enable = true; };
|
||||||
|
firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
||||||
|
}
|
56
nixos/default.nix
Normal file
56
nixos/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ lib, config, pkgs, hostname, stateVersion, username, desktop, ... }: {
|
||||||
|
imports = [
|
||||||
|
# Services
|
||||||
|
./common/services/openssh.nix
|
||||||
|
./common/services/promtail.nix
|
||||||
|
./common/services/fail2ban.nix
|
||||||
|
./common/services/telegraf.nix
|
||||||
|
./common/services/tailscale.nix
|
||||||
|
./common/services/fwupd.nix
|
||||||
|
|
||||||
|
# Modules
|
||||||
|
./common/modules/fonts.nix # Font Configs
|
||||||
|
./common/modules/networking.nix # Initial Networking configs
|
||||||
|
./common/modules/nixos.nix # NixOS related items
|
||||||
|
|
||||||
|
./users/${username}
|
||||||
|
./hosts/${hostname}
|
||||||
|
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
|
||||||
|
|
||||||
|
# List packages installed in system profile
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
sbctl
|
||||||
|
powerline-go
|
||||||
|
wget
|
||||||
|
killall
|
||||||
|
curl
|
||||||
|
glxinfo
|
||||||
|
neofetch
|
||||||
|
rsync
|
||||||
|
gnupg
|
||||||
|
git
|
||||||
|
duf
|
||||||
|
du-dust
|
||||||
|
home-manager
|
||||||
|
btop
|
||||||
|
iftop
|
||||||
|
nload
|
||||||
|
iotop
|
||||||
|
];
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
i18n.extraLocaleSettings = {
|
||||||
|
LC_ADDRESS = "en_US.UTF-8";
|
||||||
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||||
|
LC_MEASUREMENT = "en_US.UTF-8";
|
||||||
|
LC_MONETARY = "en_US.UTF-8";
|
||||||
|
LC_NAME = "en_US.UTF-8";
|
||||||
|
LC_NUMERIC = "en_US.UTF-8";
|
||||||
|
LC_PAPER = "en_US.UTF-8";
|
||||||
|
LC_TELEPHONE = "en_US.UTF-8";
|
||||||
|
LC_TIME = "en_US.UTF-8";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = stateVersion;
|
||||||
|
}
|
|
@ -1,14 +1,45 @@
|
||||||
{ lib, config, pkgs, ... }: {
|
{ config, lib, pkgs, modulesPath, desktop, username ... }: {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
# Desktop Environments
|
../../common/services/powertop.nix # PowerTop
|
||||||
../../../desktops/common.nix
|
../../common/modules/secureboot.nix # SecureBoot
|
||||||
# ../../../desktops/hyprland.nix
|
|
||||||
../../../desktops/gnome.nix
|
|
||||||
# Power Mamagement
|
|
||||||
../../../modules/powertop.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
|
||||||
|
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-label/ROOT";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-label/BOOT";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable Swap on LUKS
|
||||||
|
boot.initrd.luks.devices."SWAP" = {
|
||||||
|
device = "/dev/nvme0n1p2";
|
||||||
|
keyFile = "/crypto_keyfile.bin";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set up the keyfile
|
||||||
|
boot.initrd.secrets."/crypto_keyfile.bin" = null;
|
||||||
|
# Hibernation resume device
|
||||||
|
boot.resumeDevice = "/dev/disk/by-label/SWAP";
|
||||||
|
# Confirm the swap devices
|
||||||
|
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Asia/Tokyo";
|
time.timeZone = "Asia/Tokyo";
|
||||||
|
|
||||||
|
@ -44,9 +75,9 @@
|
||||||
dynamicBoost.enable = true;
|
dynamicBoost.enable = true;
|
||||||
# nvidiaPersistenced = false;
|
# nvidiaPersistenced = false;
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.latest;
|
package = config.boot.kernelPackages.nvidiaPackages.latest;
|
||||||
# powerManagement.finegrained = true;
|
powerManagement.finegrained = true;
|
||||||
# powerManagement.enable = true;
|
powerManagement.enable = true;
|
||||||
# modesetting.enable = true;
|
modesetting.enable = true;
|
||||||
prime = {
|
prime = {
|
||||||
reverseSync.enable = true;
|
reverseSync.enable = true;
|
||||||
sync.enable = false;
|
sync.enable = false;
|
||||||
|
@ -71,8 +102,10 @@
|
||||||
nvtop-nvidia
|
nvtop-nvidia
|
||||||
# Game related things
|
# Game related things
|
||||||
gamemode
|
gamemode
|
||||||
|
# WINE
|
||||||
wineWowPackages.stable
|
wineWowPackages.stable
|
||||||
winetricks
|
winetricks
|
||||||
wineWowPackages.waylandFull
|
wineWowPackages.waylandFull
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
12
nixos/users/albert/default.nix
Normal file
12
nixos/users/albert/default.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ config, desktop, lib, pkgs, ... }: {
|
||||||
|
# Define a user account.
|
||||||
|
imports = [ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix;
|
||||||
|
users.users.albert = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Albert J. Copeland";
|
||||||
|
# video is required for the "light" command to work
|
||||||
|
extraGroups = [ "networkmanager" "wheel" ] ++ ifExists [ "video" ];
|
||||||
|
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
||||||
|
packages = [ pkgs.home-manager ];
|
||||||
|
};
|
||||||
|
}
|
14
nixos/users/albert/desktop.nix
Normal file
14
nixos/users/albert/desktop.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{ lib, pkgs, desktop, ... }: {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
firefox
|
||||||
|
thunderbird
|
||||||
|
bitwarden
|
||||||
|
steam
|
||||||
|
lutris
|
||||||
|
vlc
|
||||||
|
];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
../../common/software/gui/firefox.nix
|
||||||
|
];
|
||||||
|
}
|
20
shell.nix
20
shell.nix
|
@ -11,26 +11,6 @@ mkShell {
|
||||||
"${toString ./.}/keys/hosts"
|
"${toString ./.}/keys/hosts"
|
||||||
"${toString ./.}/keys/users"
|
"${toString ./.}/keys/users"
|
||||||
];
|
];
|
||||||
# Also single files can be imported.
|
|
||||||
#sopsPGPKeys = [
|
|
||||||
# "${toString ./.}/keys/users/mic92.asc"
|
|
||||||
# "${toString ./.}/keys/hosts/server01.asc"
|
|
||||||
#];
|
|
||||||
|
|
||||||
# This hook can also import gpg keys into its own seperate
|
|
||||||
# gpg keyring instead of using the default one. This allows
|
|
||||||
# to isolate otherwise unrelated server keys from the user gpg keychain.
|
|
||||||
# By uncommenting the following lines, it will set GNUPGHOME
|
|
||||||
# to .git/gnupg.
|
|
||||||
# Storing it inside .git prevents accedentially commiting private keys.
|
|
||||||
# After setting this option you will also need to import your own
|
|
||||||
# private key into keyring, i.e. using a a command like this
|
|
||||||
# (replacing 0000000000000000000000000000000000000000 with your fingerprint)
|
|
||||||
# $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import
|
|
||||||
#sopsCreateGPGHome = true;
|
|
||||||
# To use a different directory for gpg dirs set sopsGPGHome
|
|
||||||
#sopsGPGHome = "${toString ./.}/../gnupg";
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
(pkgs.callPackage sops-nix {}).sops-import-keys-hook
|
(pkgs.callPackage sops-nix {}).sops-import-keys-hook
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ config, pkgs, ... }: {
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
weechat
|
|
||||||
weechatScripts.weechat-matrix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ config, pkgs, hostname, hmStateVersion, ... }: {
|
|
||||||
home.stateVersion = "${hmStateVersion}";
|
|
||||||
imports = [
|
|
||||||
# Host specific Configs:
|
|
||||||
# ../../hosts/${hostname}/home-manager
|
|
||||||
|
|
||||||
# Universal Configs:
|
|
||||||
../../home-manager
|
|
||||||
];
|
|
||||||
}
|
|
Loading…
Reference in a new issue