This gon' break everything

This commit is contained in:
iFargle 2023-08-23 14:30:15 +09:00
parent 91d18780a5
commit 1ff7ca7f10
56 changed files with 196 additions and 375 deletions

View file

@ -1,6 +1,10 @@
# NixOS Configuration Repository # NixOS Configuration Repository
## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ ## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
* `git clone https://git.sysctl.io/albert/nix /etc/nixos/git && ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix` ```
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
nixos-rebuild switch --flake '/etc/nixos#<HOSTNAME>'
```
--- ---
# To Do List # To Do List

View file

@ -1,78 +0,0 @@
{ lib, config, pkgs, ... }: {
imports = [
# Services
./services/openssh.nix
./services/promtail.nix
./services/fail2ban.nix
./services/telegraf.nix
# Modules
./modules/nixos.nix # General NixOS items. Flake enablement, etc
./modules/secureboot.nix # Secureboot Configs
./modules/fonts.nix # Font Configs
./modules/networking.nix # Initial Networking configs
];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Define a user account.
users.users.albert = {
isNormalUser = true;
description = "Albert J. Copeland";
extraGroups = [ "networkmanager" "wheel" "video" "dbus" ];
# video is required for the "light" command to work
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
sbctl
powerline-go
wget
killall
neovim
git
duf
curl
htop
btop
iftop
nload
iotop
glxinfo
tailscale
neofetch
gnupg
fail2ban
];
# Enable tailscale
services = {
tailscale.enable = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
# system.stateVersion = "23.05"; # Did you read the comment?
system.stateVersion = "unstable";
}

View file

@ -1,19 +0,0 @@
# If a GUI is enabled, install GUI apps:
{ lib, pkgs, config, ... }: {
users.users.albert = {
packages = with pkgs; [
firefox
thunderbird
bitwarden
steam
lutris
vlc
];
};
imports = [
# Software configurations
../software/firefox.nix
../software/weechat.nix
];
}

View file

@ -1,27 +0,0 @@
{ config, pkgs, ... }: {
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Configure keymap in X11
services.xserver = {
enable = true;
layout = "us";
xkbVariant = "";
autorun = true;
videoDrivers = [ "nvidia" ];
};
services.xserver = {
displayManager.gdm.enable = true;
desktopManager.plasma5.enable = true;
};
}

View file

@ -1,24 +0,0 @@
{ config, pkgs, ... }: {
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Configure keymap in X11
services.xserver = {
enable = true;
layout = "us";
xkbVariant = "";
autorun = true;
};
programs.sway = {
enable = true;
};
}

106
flake.nix
View file

@ -1,94 +1,30 @@
{ {
# INFORMATION
# When building for a system, remember to change the hostname variable below
description = "NixOS System Config"; description = "NixOS System Config";
inputs = { inputs = {
# NixOS packages nixpkgs.url = "nixpkgs/nixos-unstable"; # NixOS packages
unstable-nixpkgs.url = "nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager/release-23.05"; # Manage dotfiles in a home directory
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# Manage dotfiles in a home directory lanzaboote.url = "github:nix-community/lanzaboote"; # Secureboot Configuration
home-manager.url = "github:nix-community/home-manager/release-23.05"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
home-manager.inputs.nixpkgs.follows = "unstable-nixpkgs"; nur.url = "github:nix-community/NUR"; # Nix User Repository
sops-nix.url = "github:Mic92/sops-nix"; # Encrypted secrets in Nix configuration files
# Secureboot Configuration
lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "unstable-nixpkgs";
# Nix User Repository
nur.url = "github:nix-community/NUR";
# Hardware support
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# Encrypted secrets in Nix configuration files
sops-nix.url = "github:Mic92/sops-nix";
}; };
outputs = {
outputs = { self, nixpkgs, home-manager, lanzaboote, nur, sops-nix, ...
self,
unstable-nixpkgs,
home-manager,
lanzaboote,
nur,
sops-nix,
nixos-hardware,
...
}@inputs: }@inputs:
let let
# Variables - Remember to set these inherit (self) outputs;
hostname = "nixos-laptop"; # Should probably set this in a minimal configuration.nix? stateVersion = "unstable";
system = "x86_64-linux";
hmStateVersion = "23.05"; hmStateVersion = "23.05";
libx = import ./lib { inherit inputs outputs stateVersion; };
pkgs = import unstable-nixpkgs {
inherit system;
config = { allowUnfree = true; };
};
lib = unstable-nixpkgs.lib;
in { in {
# NixOS Configuration files:
nixosConfigurations = { nixosConfigurations = {
# Declare a generic configuration using the $hostname variable: nixos-laptop = libx.nixosSystem { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; };
${hostname} = lib.nixosSystem { nixos-desktop = libx.nixosSystem { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; };
inherit system; };
specialArgs = { homeConfigurations = {
inherit hostname; "albert@nixos-laptop" = libx.mkHome { hostname = "nixos-laptop"; username = "albert"; desktop = "gnome"; };
}; "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; username = "albert"; desktop = "gnome"; };
modules = [ };
# Configuration Imports };
./configuration.nix # Common NixOS Configuration
./hosts/${hostname} # Hardware-specific Configuration
# Flake Imports
sops-nix.nixosModules.sops # Handle secrets
lanzaboote.nixosModules.lanzaboote # SecureBoot Configuration
nur.nixosModules.nur # NixOS User Repository
# nixos-hardware.nixosModules.lenovo-thinkpad-p1 # Thinkpad P1 hardware configuration
# Home Manager settings
home-manager.nixosModules.home-manager {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.albert.imports = [
({ config, ... }: import ./users/albert/home.nix {
inherit config pkgs hostname hmStateVersion;
})
];
users.root.imports = [
({ config, ... }: import ./users/root/home.nix {
inherit config pkgs hostname hmStateVersion;
})
];
}; # home-manager
nixpkgs.overlays = [
nur.overlay
];
} # home-manager
]; # modules
}; # lib.nixosSystem - ${hostname}
}; # nixosConfiguration
}; # in
} }

View file

@ -1,13 +1,7 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
programs.git = { programs.git = {
enable = true; enable = true;
userName = "albert";
userEmail = "albert@sysctl.io";
extraConfig = { extraConfig = {
core.askPass = "false";
credential.helper = "cache --timeout=25920000";
user.signingkey = "64F6C4EB46C4543A";
commit.gpgsign = "true";
alias.a = "add --all"; alias.a = "add --all";
alias.ai = "add -i"; alias.ai = "add -i";
alias.ap = "apply"; alias.ap = "apply";

View file

@ -1,11 +1,19 @@
{ config, pkgs, hostname, ... }: { { config, pkgs, hostname, username, desktop, hmStateVersion, ... }: {
imports = [ imports = [
./bash.nix # Common app configs
./btop.nix ./common/software/cli/bash.nix
./firefox.nix ./common/software/cli/btop.nix
./git.nix ./common/software/cli/git.nix
./neovim.nix ./common/software/cli/kitty.nix
./neofetch.nix ./common/software/cli/neofetch.nix
./kitty.nix ./common/software/cli/neovim.nix
];
# User configs
./users/${username}
]
++ lib.optional (builtins.isString.desktop) [
./common/software/gui/firefox.nix
./common/software/gui/thunderbird.nix
./hosts/${hostname}/desktops/${desktop}
]
} }

View file

@ -1,12 +1,16 @@
{ config, pkgs, hostname, hmStateVersion, ... }: { { config, pkgs, hostname, hmStateVersion, ... }: {
home.stateVersion = "${hmStateVersion}"; home.stateVersion = hmStateVersion;
imports = [
# Host specific Configs:
../../hosts/${hostname}/home-manager
# Universal Configs: programs.git = {
../../home-manager userName = "albert";
]; userEmail = "albert@sysctl.io";
extraConfig = {
core.askPass = "false";
credential.helper = "cache --timeout=25920000";
user.signingkey = "64F6C4EB46C4543A";
commit.gpgsign = "true";
};
}
accounts = { accounts = {
email = { email = {

View file

@ -1,7 +0,0 @@
{ imports, ... }: {
imports = [
# imports.nixos-hardware.nixosModules.lenovo-thinkpad-p1
./nixos
# home-manager is imported from users/user/home.nix
];
}

View file

@ -1,6 +0,0 @@
{ config, pkgs, hostname, ... }: {
imports = [
# ./hyprland
./gnome
];
}

View file

@ -1,6 +0,0 @@
{ config, pkgs, hostname, ... }: {
imports = [
./hardware-configuration.nix
./configuration.nix
];
}

View file

@ -1,39 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
# Enable Swap on LUKS
boot.initrd.luks.devices."SWAP" = {
device = "/dev/nvme0n1p2";
keyFile = "/crypto_keyfile.bin";
};
# Set up the keyfile
boot.initrd.secrets."/crypto_keyfile.bin" = null;
# Hibernation resume device
boot.resumeDevice = "/dev/disk/by-label/SWAP";
# Confirm the swap devices
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -117,21 +117,16 @@
# Gnome relevant packages # Gnome relevant packages
gnome3.gnome-tweaks gnome3.gnome-tweaks
papirus-icon-theme papirus-icon-theme
dconf2nix # https://github.com/gvolpe/dconf2nix
# General packages
# https://github.com/gvolpe/dconf2nix
dconf2nix
]; ];
imports = [ imports = [
# Gnome Themes # Gnome Themes
./gnome/themes/gruvbox.nix ./themes/gruvbox.nix
./gnome/themes/tokyo-night.nix ./themes/tokyo-night.nix
./gnome/themes/nordic.nix ./themes/nordic.nix
./gnome/themes/vimix.nix ./themes/vimix.nix
./gnome/themes/fluent.nix ./themes/fluent.nix
# You may need to edit which theme you're using in dconf.nix if you remove themes # You may need to edit which theme you're using in dconf.nix if you remove themes
]; ];
# Idea... Move these to a separate file and tie it into dconf
# sections that load the theme automatically when I want it.
} }

View file

@ -11,7 +11,6 @@
enable = true; enable = true;
allowedTCPPorts = [ ]; allowedTCPPorts = [ ];
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
interfaces.tailscale0.allowedTCPPorts = [ 22 ];
}; };
}; };
} }

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { { ... }: {
# Enable flakes: https://nixos.wiki/wiki/Flakes # Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];

View file

@ -0,0 +1,3 @@
_: {
services.fwupd.enable = true;
}

View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }: {
# Enable tailscale and open port 22 on it
services = { tailscale.enable = true; };
firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
}

56
nixos/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ lib, config, pkgs, hostname, stateVersion, username, desktop, ... }: {
imports = [
# Services
./common/services/openssh.nix
./common/services/promtail.nix
./common/services/fail2ban.nix
./common/services/telegraf.nix
./common/services/tailscale.nix
./common/services/fwupd.nix
# Modules
./common/modules/fonts.nix # Font Configs
./common/modules/networking.nix # Initial Networking configs
./common/modules/nixos.nix # NixOS related items
./users/${username}
./hosts/${hostname}
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
sbctl
powerline-go
wget
killall
curl
glxinfo
neofetch
rsync
gnupg
git
duf
du-dust
home-manager
btop
iftop
nload
iotop
];
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
system.stateVersion = stateVersion;
}

View file

@ -1,14 +1,45 @@
{ lib, config, pkgs, ... }: { { config, lib, pkgs, modulesPath, desktop, username ... }: {
imports = [ imports = [
# Desktop Environments ../../common/services/powertop.nix # PowerTop
../../../desktops/common.nix ../../common/modules/secureboot.nix # SecureBoot
# ../../../desktops/hyprland.nix
../../../desktops/gnome.nix
# Power Mamagement
../../../modules/powertop.nix
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
# Enable Swap on LUKS
boot.initrd.luks.devices."SWAP" = {
device = "/dev/nvme0n1p2";
keyFile = "/crypto_keyfile.bin";
};
# Set up the keyfile
boot.initrd.secrets."/crypto_keyfile.bin" = null;
# Hibernation resume device
boot.resumeDevice = "/dev/disk/by-label/SWAP";
# Confirm the swap devices
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Set your time zone. # Set your time zone.
time.timeZone = "Asia/Tokyo"; time.timeZone = "Asia/Tokyo";
@ -44,9 +75,9 @@
dynamicBoost.enable = true; dynamicBoost.enable = true;
# nvidiaPersistenced = false; # nvidiaPersistenced = false;
package = config.boot.kernelPackages.nvidiaPackages.latest; package = config.boot.kernelPackages.nvidiaPackages.latest;
# powerManagement.finegrained = true; powerManagement.finegrained = true;
# powerManagement.enable = true; powerManagement.enable = true;
# modesetting.enable = true; modesetting.enable = true;
prime = { prime = {
reverseSync.enable = true; reverseSync.enable = true;
sync.enable = false; sync.enable = false;
@ -71,8 +102,10 @@
nvtop-nvidia nvtop-nvidia
# Game related things # Game related things
gamemode gamemode
# WINE
wineWowPackages.stable wineWowPackages.stable
winetricks winetricks
wineWowPackages.waylandFull wineWowPackages.waylandFull
]; ];
}
}

View file

@ -0,0 +1,12 @@
{ config, desktop, lib, pkgs, ... }: {
# Define a user account.
imports = [ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix;
users.users.albert = {
isNormalUser = true;
description = "Albert J. Copeland";
# video is required for the "light" command to work
extraGroups = [ "networkmanager" "wheel" ] ++ ifExists [ "video" ];
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
packages = [ pkgs.home-manager ];
};
}

View file

@ -0,0 +1,14 @@
{ lib, pkgs, desktop, ... }: {
environment.systemPackages = with pkgs; [
firefox
thunderbird
bitwarden
steam
lutris
vlc
];
imports = [
../../common/software/gui/firefox.nix
];
}

View file

@ -11,26 +11,6 @@ mkShell {
"${toString ./.}/keys/hosts" "${toString ./.}/keys/hosts"
"${toString ./.}/keys/users" "${toString ./.}/keys/users"
]; ];
# Also single files can be imported.
#sopsPGPKeys = [
# "${toString ./.}/keys/users/mic92.asc"
# "${toString ./.}/keys/hosts/server01.asc"
#];
# This hook can also import gpg keys into its own seperate
# gpg keyring instead of using the default one. This allows
# to isolate otherwise unrelated server keys from the user gpg keychain.
# By uncommenting the following lines, it will set GNUPGHOME
# to .git/gnupg.
# Storing it inside .git prevents accedentially commiting private keys.
# After setting this option you will also need to import your own
# private key into keyring, i.e. using a a command like this
# (replacing 0000000000000000000000000000000000000000 with your fingerprint)
# $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import
#sopsCreateGPGHome = true;
# To use a different directory for gpg dirs set sopsGPGHome
#sopsGPGHome = "${toString ./.}/../gnupg";
nativeBuildInputs = [ nativeBuildInputs = [
(pkgs.callPackage sops-nix {}).sops-import-keys-hook (pkgs.callPackage sops-nix {}).sops-import-keys-hook
]; ];

View file

@ -1,6 +0,0 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [
weechat
weechatScripts.weechat-matrix
];
}

View file

@ -1,10 +0,0 @@
{ config, pkgs, hostname, hmStateVersion, ... }: {
home.stateVersion = "${hmStateVersion}";
imports = [
# Host specific Configs:
# ../../hosts/${hostname}/home-manager
# Universal Configs:
../../home-manager
];
}