From 964b99b28dc9ea20218bc61cd6d726a988269e5c Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 28 Dec 2024 19:33:49 -0500 Subject: [PATCH] misc: initial commit --- dev-shell/default.nix | 21 ++++ flake.lock | 64 ++++++++++ flake.nix | 33 +++++ hardware-configuration.nix | 26 ++++ home/apps.nix | 125 +++++++++++++++++++ home/apps/firefox.nix | 83 +++++++++++++ home/apps/syncthing.nix | 18 +++ home/default.nix | 103 ++++++++++++++++ home/desktop.nix | 30 +++++ home/desktop/hyprland.nix | 172 +++++++++++++++++++++++++++ home/desktop/plasma.nix | 28 +++++ home/desktop/shared/wayland.nix | 18 +++ home/terminal.nix | 119 ++++++++++++++++++ home/xdg.nix | 31 +++++ nixos/audio/pipewire-low-latency.nix | 37 ++++++ nixos/audio/pipewire.nix | 17 +++ nixos/common/flake-support.nix | 52 ++++++++ nixos/default.nix | 167 ++++++++++++++++++++++++++ nixos/desktop/gnome/default.nix | 45 +++++++ nixos/desktop/hypr/default.nix | 35 ++++++ nixos/desktop/plasma/default.nix | 20 ++++ nixos/device.nix | 62 ++++++++++ nixos/disk-config.nix | 69 +++++++++++ nixos/hardening.nix | 23 ++++ nixos/hardware-configuration.nix | 26 ++++ nixos/impermanence.nix | 52 ++++++++ nixos/nix-maintenance.nix | 14 +++ nixos/tailscale.nix | 14 +++ nixos/user-system-config.nix | 54 +++++++++ nixos/users.nix | 44 +++++++ pkgs/polonium.nix | 60 ++++++++++ systems/default.nix | 13 ++ 32 files changed, 1675 insertions(+) create mode 100644 dev-shell/default.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hardware-configuration.nix create mode 100644 home/apps.nix create mode 100644 home/apps/firefox.nix create mode 100644 home/apps/syncthing.nix create mode 100644 home/default.nix create mode 100644 home/desktop.nix create mode 100644 home/desktop/hyprland.nix create mode 100644 home/desktop/plasma.nix create mode 100644 home/desktop/shared/wayland.nix create mode 100644 home/terminal.nix create mode 100644 home/xdg.nix create mode 100644 nixos/audio/pipewire-low-latency.nix create mode 100644 nixos/audio/pipewire.nix create mode 100644 nixos/common/flake-support.nix create mode 100644 nixos/default.nix create mode 100644 nixos/desktop/gnome/default.nix create mode 100644 nixos/desktop/hypr/default.nix create mode 100644 nixos/desktop/plasma/default.nix create mode 100644 nixos/device.nix create mode 100644 nixos/disk-config.nix create mode 100644 nixos/hardening.nix create mode 100644 nixos/hardware-configuration.nix create mode 100644 nixos/impermanence.nix create mode 100644 nixos/nix-maintenance.nix create mode 100644 nixos/tailscale.nix create mode 100644 nixos/user-system-config.nix create mode 100644 nixos/users.nix create mode 100644 pkgs/polonium.nix create mode 100644 systems/default.nix diff --git a/dev-shell/default.nix b/dev-shell/default.nix new file mode 100644 index 0000000..6efba2e --- /dev/null +++ b/dev-shell/default.nix @@ -0,0 +1,21 @@ +{...}: { + perSystem = { + pkgs, + inputs', + ... + }: { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + just + alejandra + nixpkgs-fmt + nix-tree + nix-diff + nvd + nix-inspect + nix-du + nix-output-monitor + ]; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f7dd81b --- /dev/null +++ b/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735048446, + "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", + "owner": "nix-community", + "repo": "disko", + "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1734596637, + "narHash": "sha256-MRqwVAe3gsb88u4ME1UidmZFVCx+FEnoob0zkpO9DMY=", + "owner": "numtide", + "repo": "nixos-facter-modules", + "rev": "536472754982bf03079b4b4e0261838a760587c0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-facter-modules", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1735268880, + "narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixos-facter-modules": "nixos-facter-modules", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ed64717 --- /dev/null +++ b/flake.nix @@ -0,0 +1,33 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; + + nixos-hardware.url = "github:NixOS/nixos-hardware"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; + + home-manager.url = "github:nix-community/home-manager"; + impermanence.url = "github:nix-community/impermanence"; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + ags.url = "github:Aylur/ags"; + anyrun.url = "github:Kirottu/anyrun"; + muse-sounds-manager = { + url = "github:thilobillerbeck/muse-sounds-manager-nix/06b0da28c54331d5af73efd2ebf264ce914e5936"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs @ {flake-parts, ...}: + flake-parts.lib.mkFlake {inherit inputs;} { + systems = ["x86_64-linux"]; + imports = [ + ./systems + ./dev-shell + ]; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..0eeb6cf --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/home/apps.nix b/home/apps.nix new file mode 100644 index 0000000..71886bb --- /dev/null +++ b/home/apps.nix @@ -0,0 +1,125 @@ +{ + pkgs, + inputs, + ... +}: { + imports = [ + ./apps/firefox.nix + ./apps/syncthing.nix + ]; + + home.packages = [ + pkgs.pavucontrol + pkgs.signal-desktop + pkgs.webcord # pkgs.webcord-vencord + pkgs.telegram-desktop + #pkgs.kdePackages.neochat + pkgs.keepassxc + #pkgs.blender-hip + pkgs.buku + pkgs.libreoffice + pkgs.darktable + pkgs.gimp + pkgs.inkscape + pkgs.krita + pkgs.okular + pkgs.localsend + + pkgs.ffmpeg # Generally useful + + # Music + #pkgs.feishin # sonixd replacement + pkgs.supersonic # Music player by Navidrome author + pkgs.sonixd # Music player; desktop app for Navidrome. Replace w/ Feishin when that supports Subsonic API. + pkgs.spotube # Use Spotify metadata & user to play from YouTube + pkgs.spotify # Proprietary + pkgs.strawberry-qt6 # Fork of Clementine + pkgs.clementine + pkgs.lollypop + # muffon https://muffon.netlify.app/ + pkgs.picard # Edit audio metadata, w/ MusicBrainz integration + pkgs.puddletag # Edit audio metadata + pkgs.deadbeef-with-plugins + # pkgs.tauon + pkgs.audacious + # pkgs.asunder # Ripping + pkgs.cyanrip # Ripping + # pkgs.whipper # Ripping + + #pkgs.anki # Dep python3.12-pyqt-6.7.0 doesn't build + pkgs.memento # Japanese + + # Documents + pkgs.typst # TeX alternative + pkgs.tinymist # LSP for Typst + + # Dev + pkgs.vscodium # Consider vscodium-fhs + #pkgs.jetbrains.rider + #pkgs.jetbrains.rust-rover + pkgs.helix + pkgs.zed-editor + + # Internet + pkgs.fragments + pkgs.uget # Download manager + # From master because PR #290892 is merged but at the time of writing hasn't made it to unstable yet + # Need it to solve issue #263764 + # https://github.com/NixOS/nixpkgs/issues/263764 + # https://github.com/NixOS/nixpkgs/pull/290892 + # https://github.com/NixOS/nixpkgs/commit/999e0cf59288584616a241c0d8bb7c3c3f1fb417 + pkgs.obsidian + pkgs.obs-studio + pkgs.kdePackages.plasmatube + #pkgs.nyxt + + pkgs.mpvScripts.uosc + pkgs.mpvScripts.sponsorblock + + pkgs.musescore + # inputs.muse-sounds-manager.packages.${pkgs.system}.muse-sounds-manager + pkgs.helio-workstation # music editor + pkgs.lmms # DAW + pkgs.carla # VST host + pkgs.yabridge # Windows VST host + pkgs.yabridgectl + pkgs.surge-XT # VST + ]; + + programs.imv.enable = true; + + programs.mangohud = { + enable = true; + }; + + programs.mpv.enable = true; + + programs.thunderbird = { + enable = true; + profiles.default = { + isDefault = true; + }; + }; + + programs.vscode = { + enable = true; + package = pkgs.vscodium; + enableUpdateCheck = false; + userSettings = { + "window.menuBarVisibility" = "toggle"; + "rust-analyzer.server.path" = "rust-analyzer"; # look in env + + # Library sources for rust-analyzer shall be read-only + "files.readonlyInclude" = { + "**/.cargo/registry/src/**/*.rs" = true; + "**/lib/rustlib/src/rust/library/**/*.rs" = true; + }; + }; + extensions = with pkgs.vscode-extensions; [ + mkhl.direnv + jnoortheen.nix-ide + ]; + }; + + programs.zathura.enable = true; +} diff --git a/home/apps/firefox.nix b/home/apps/firefox.nix new file mode 100644 index 0000000..feced0a --- /dev/null +++ b/home/apps/firefox.nix @@ -0,0 +1,83 @@ +{ + lib, + pkgs, + osConfig, + ... +}: let + enablePlasma = osConfig.services.desktopManager.plasma6.enable; + + extension = shortId: uuid: { + name = uuid; + value = { + install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + oldExtensions = builtins.listToAttrs; + + ext = shortId: { + install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; + installation_mode = "force_installed"; + }; + exts = builtins.mapAttrs (_: ext); +in { + programs.firefox = { + enable = true; + nativeMessagingHosts = [ + pkgs.tridactyl-native + ]; + + policies.ExtensionSettings = lib.mkMerge [ + (oldExtensions [ + # languagetool? + #(extension "tree-style-tab" "treestyletab@piro.sakura.ne.jp") + (extension "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}") # has no email id + (extension "kagi-search-for-firefox" "search@kagi.com") + (extension "ublock-origin" "uBlock0@raymondhill.net") + #(extension "umatrix" "uMatrix@raymondhill.net") + (extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack") + (extension "i-dont-care-about-cookies" "jid1-KKzOGWgsW3Ao4Q@jetpack") + # (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}") # has no email id + (extension "keepassxc-browser" "keepassxc-browser@keepassxc.org") + #(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}") + #(extension "tabliss" "extension@tabliss.io") + + # (extension "bukubrow" "bukubrow@samhh.com") + # (extension "multi-account-containers" "@testpilot-containers") + # (extension "rust-search-extension" "{04188724-64d3-497b-a4fd-7caffe6eab29}") # has no email id + # (extension "tridactyl-vim" "tridactyl.vim@cmcaine.co.uk") + # site-specific + # (extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me") + (extension "toolkit-for-ynab" "{4F1FB113-D7D8-40AE-A5BA-9300EAEA0F51}") # has no email id + (extension "sponsorblock" "sponsorBlocker@ajay.app") + # (extension "steam-database" "firefox-extension@steamdb.info") + ]) + # TODO: Can we get this from nixpkgs instead? + (lib.mkIf enablePlasma (exts { + "plasma-browser-integration@kde.org" = "plasma-integration"; + })) + ]; + # To add additional extensions, find it on addons.mozilla.org, find + # the short ID in the url (like https://addons.mozilla.org/en-US/firefox/addon/!SHORT_ID!/) + # Then, download the XPI by filling it in to the install_url template, unzip it, + # run `jq .browser_specific_settings.gecko.id manifest.json` or + # `jq .applications.gecko.id manifest.json` to get the UUID + # You don’t need to get the UUID from the xpi. You can install it then find the UUID in about:debugging#/runtime/this-firefox. + + profiles.default = { + settings = { + "app.normandy.first_run" = false; + "app.shield.optoutstudies.enabled" = false; + "app.update.channel" = "default"; + # "browser.link.open_newwindow" = true; + "browser.shell.checkDefaultBrowser" = true; + "browser.urlbar.showSearchSuggestionsFirst" = false; + "browser.vpn_promo.enabled" = false; + # "extensions.activeThemeID" = "firefox-alpenglow@mozilla.org"; + # "extensions.extensions.activeThemeID" = "firefox-alpenglow@mozilla.org"; + "extensions.pocket.enabled" = false; + "media.ffmpeg.vaapi.enabled" = true; + }; + }; + }; +} diff --git a/home/apps/syncthing.nix b/home/apps/syncthing.nix new file mode 100644 index 0000000..d06d01b --- /dev/null +++ b/home/apps/syncthing.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + osConfig, + ... +}: let + enablePlasma = osConfig.services.desktopManager.plasma6.enable; + enableGnome = osConfig.services.xserver.desktopManager.gnome.enable; +in { + services.syncthing = { + enable = true; + }; + + home.packages = lib.mkMerge [ + (lib.mkIf enablePlasma [pkgs.syncthingtray-qt6]) + (lib.mkIf enableGnome [pkgs.gnomeExtensions.syncthing-indicator]) + ]; +} diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..5692894 --- /dev/null +++ b/home/default.nix @@ -0,0 +1,103 @@ +{ + config, + pkgs, + inputs, + osConfig, + ... +}: let + variables = { + # VISUAL = "emacs"; + EDITOR = "nvim"; + + SSH_ASKPASS_REQUIRE = "prefer"; + SSH_ASKPASS = "${pkgs.ksshaskpass}/bin/ksshaskpass"; + }; +in { + imports = [ + ./xdg.nix + ./terminal.nix + ./desktop.nix + # ./emacs.nix + ./apps.nix + ]; + + home.sessionVariables = variables; + systemd.user.sessionVariables = variables; + + fonts.fontconfig.enable = true; + + xdg.enable = true; + + home.packages = with pkgs; [ + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-color-emoji + ]; + + programs.git = { + enable = true; + delta = { + enable = true; + options = { + side-by-side = true; + }; + }; + # WISH: Figure out difftastic + # difftastic.enable = true; + # https://difftastic.wilfred.me.uk/git.html + # https://tsdh.org/posts/2022-08-01-difftastic-diffing-with-magit.html + userEmail = "git@evar.dev"; + userName = "Evar"; + extraConfig = { + init.defaultBranch = "main"; + + # Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#pull-ff-only-or-pull-rebase-true + + # Make merge conflicts more readable + merge.conflictstyle = "zdiff3"; + + rebase.autosquash = true; + rebase.autostash = true; + + # Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#push-default-simple-push-default-current-push-autosetupremote-true + + # Add whole commit diff in text editor when writing commit message + #commit.verbose = true; + + # Remember how merge conflicts were resolved to restore later + rerere.enabled = true; + + # Better diffs + diff.algorithm = "histogram"; + + status.submoduleSummary = true; + diff.submodule = "log"; + submodule.recurse = true; + + merge.keepbackup = false; + #merge.tool = "${pkgs.meld}/bin/meld"; + }; + }; + + # programs.ssh + programs.ssh = { + enable = true; + addKeysToAgent = "1h"; + }; + services.ssh-agent.enable = true; + + programs.yt-dlp.enable = true; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "23.11"; + + # Let Home Manager install and manage itself. + #programs.home-manager.enable = true; +} diff --git a/home/desktop.nix b/home/desktop.nix new file mode 100644 index 0000000..9a590d5 --- /dev/null +++ b/home/desktop.nix @@ -0,0 +1,30 @@ +{ + config, + options, + lib, + pkgs, + inputs, + osConfig, + ... +}: { + imports = [ + ./desktop/shared/wayland.nix + ./desktop/hyprland.nix + ./desktop/plasma.nix + ]; + + # my.desktop.hyprland.enable = true; + my.desktop.plasma.enable = true; + + programs.foot = { + enable = true; + settings.main = { + shell = "fish"; + font = "monospace:size=10"; + app-id = "foot"; + pad = "10x8 center"; + }; + settings.url.osc8-underline = "always"; + settings.cursor.style = "beam"; + }; +} diff --git a/home/desktop/hyprland.nix b/home/desktop/hyprland.nix new file mode 100644 index 0000000..ef3754c --- /dev/null +++ b/home/desktop/hyprland.nix @@ -0,0 +1,172 @@ +{ + config, + lib, + pkgs, + options, + inputs, + osConfig, + ... +}: { + imports = [ + inputs.ags.homeManagerModules.default + inputs.anyrun.homeManagerModules.default + ]; + + options.my.desktop.hyprland.enable = lib.mkEnableOption "my Hyprland based desktop environment"; + + config = lib.mkIf config.my.desktop.hyprland.enable { + my.desktop.wayland = true; + + wayland.windowManager.hyprland = { + enable = true; + package = osConfig.programs.hyprland.package; + extraConfig = '' + source=${./hyprland}/hyprland.conf + ''; + systemd.variables = options.wayland.windowManager.hyprland.systemd.variables.default ++ ["XDG_SESSION_TYPE"]; + }; + + services.cliphist = { + enable = true; + systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target + }; + + systemd.user.targets.hyprland-session.Unit.Wants = ["plasma-polkit-agent.service"]; + + programs.ags = { + enable = true; + configDir = ./ags; + }; + systemd.user.services.ags = { + Unit.Description = "Aylur's Gtk Shell"; + Unit.PartOf = ["hyprland-session.target"]; + Install.WantedBy = ["hyprland-session.target"]; + Service = let + app = pkgs.writeShellApplication { + name = "ags-wrapped"; + runtimeInputs = [config.programs.ags.package pkgs.coreutils]; + text = ''ags "$@"''; + }; + in { + # Service = { + BusName = "com.github.Aylur.ags.ags"; + # ExecStart = "${config.programs.ags.package}/bin/ags --config ${config.programs.ags.configDir}/config.js"; + ExecStart = "${app}/bin/ags-wrapped --config ${config.programs.ags.configDir}/config.js"; + OOMScoreAdjust = -500; + }; + # TODO: reloadTriggers? + # restartTriggers = [ config.programs.ags.configDir ]; + }; + + programs.anyrun = { + enable = true; + config.plugins = with inputs.anyrun.packages.${pkgs.stdenv.hostPlatform.system}; [ + applications + dictionary + # kidex + randr + rink + shell + # stdin + symbols + # translate + # websearch + ]; + }; + + programs.swaylock = { + enable = true; + settings = { + color = "808080"; + font-size = 24; + indicator-idle-visible = false; + indicator-radius = 100; + line-color = "ffffff"; + show-failed-attempts = true; + }; + }; + + services.swayidle = let + swaylock = "${config.programs.swaylock.package}/bin/swaylock"; + hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl"; + in { + enable = true; + systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target + extraArgs = [ + "-w" # Wait for command to finish executing before continuing + "idlehint" + "300" + ]; + events = [ + { + event = "before-sleep"; + command = "${swaylock} -f"; + } + # after-resume + { + event = "lock"; + command = "${swaylock} -f"; + } + { + event = "unlock"; + command = "kill -s USR1 swaylock"; + } + ]; + timeouts = [ + { + timeout = 300; + command = "${swaylock} -f"; + } # 300 + { + timeout = 600; + command = "${hyprctl} dispatch dpms off"; + resumeCommand = "${hyprctl} dispatch dpms on"; + } + # { timeout = 900; command = "${pkgs.systemd}/bin/systemctl suspend"; } + ]; + }; + # TDOD: replace with ags + services.swayosd.enable = true; + + services.udiskie.enable = osConfig.services.udisks2.enable; + + systemd.user.services.swww = { + Unit.Description = "Animated wallpaper daemon for wayland"; + Unit.Documentation = ["man:swww(1)"]; + Unit.PartOf = ["hyprland-session.target"]; + Install.WantedBy = ["hyprland-session.target"]; + # Service.ExecStart = "${pkgs.swww}/bin/swww init --no-daemon"; + Service.ExecStart = let + app = pkgs.writeShellApplication { + name = "swww-wrapped"; + runtimeInputs = [pkgs.swww]; + text = '' + swww init --no-daemon + ''; + }; + in "${app}/bin/swww-wrapped"; + }; + + systemd.user.services.wayvnc = { + Unit.Description = "Wayland VNC server"; + Unit.PartOf = ["graphical-session.target"]; + Service.ExecStart = "${pkgs.wayvnc}/bin/wayvnc"; + }; + + # Not sure if this should be per desktop + services.mpris-proxy.enable = true; + + programs.foot.settings.colors.alpha = 0.6; + + home.packages = [ + pkgs.swww + pkgs.wofi + pkgs.polkit-kde-agent + pkgs.libsForQt5.qtwayland + pkgs.qt6Packages.qtwayland + pkgs.grimblast # screenshots on hyprland + pkgs.gnome.gnome-system-monitor + pkgs.gnome.nautilus + ]; + }; +} diff --git a/home/desktop/plasma.nix b/home/desktop/plasma.nix new file mode 100644 index 0000000..93c63d6 --- /dev/null +++ b/home/desktop/plasma.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + pkgs, + ... +}: let + polonium = pkgs.callPackage ../../pkgs/polonium.nix {}; +in { + options.my.desktop.plasma.enable = lib.mkEnableOption "my Plasma based desktop environment"; + + config = lib.mkIf config.my.desktop.plasma.enable { + my.desktop.wayland = true; + + home.packages = [ + polonium + ]; + + programs.firefox.policies.ExtensionSettings = let + extension = shortId: { + install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; + installation_mode = "force_installed"; + }; + in + builtins.mapAttrs (_: extension) { + "plasma-browser-integration@kde.org" = "plasma-integration"; + }; + }; +} diff --git a/home/desktop/shared/wayland.nix b/home/desktop/shared/wayland.nix new file mode 100644 index 0000000..41dc5ac --- /dev/null +++ b/home/desktop/shared/wayland.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + variables = { + NIXOS_OZONE_WL = "1"; + STEAM_FORCE_DESKTOPUI_SCALING = "1.5"; + }; +in { + options.my.desktop.wayland = lib.mkEnableOption "my Wayland options"; + + config = lib.mkIf config.my.desktop.wayland { + home.sessionVariables = variables; + systemd.user.sessionVariables = variables; + }; +} diff --git a/home/terminal.nix b/home/terminal.nix new file mode 100644 index 0000000..6d96abe --- /dev/null +++ b/home/terminal.nix @@ -0,0 +1,119 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.nix-index-database.hmModules.nix-index + ]; + + home.packages = [ + pkgs.file + pkgs.pciutils # lspci + pkgs.usbutils # lsusb + + pkgs.bottom + pkgs.htop + pkgs.lsof + pkgs.lm_sensors + pkgs.amdgpu_top + #pkgs.rocmPackages.rocm-smi + pkgs.ryzenadj + pkgs.powertop + pkgs.procs + + pkgs.sshfs + + pkgs.fd + pkgs.libqalculate + # pkgs.havn # port scanner + pkgs.gdu # count code + pkgs.tokei # count code + pkgs.ov # pager + pkgs.zoxide # cd + pkgs.dua + + pkgs.unzip + pkgs.unrar-wrapper + pkgs.p7zip + pkgs.atool + + pkgs.fastfetch + pkgs.hyfetch + + pkgs.helix # `hx` editor + pkgs.jujutsu # `jj` vcs + ]; + + programs.atuin = { + enable = true; + settings.update_check = false; + settings.enter_accept = true; + }; + + programs.autojump.enable = true; + + programs.bat.enable = true; + + # maybe move boxxy here? + + programs.broot.enable = true; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + # Externally located cache + stdlib = '' + declare -A direnv_layout_dirs + direnv_layout_dir() { + local hash path + echo "''${direnv_layout_dirs[$PWD]:=$( + hash="$(sha1sum - <<< "$PWD" | head -c40)" + path="''${PWD//[^a-zA-Z0-9]/-}" + echo "${config.xdg.cacheHome}/direnv/layouts/''${hash}''${path}" + )}" + } + ''; + }; + + programs.eza = { + enable = true; + git = true; + icons = "auto"; + }; + + programs.fish = { + enable = true; + functions = { + #__fish_command_not_found_handler = { + # body = "__fish_default_command_not_found_handler $argv[1]"; + # onEvent = "fish_command_not_found"; + #}; + }; + shellInit = "set fish_greeting"; + }; + + # maybe move git here? + + programs.jq.enable = true; + + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; + + programs.ripgrep.enable = true; + + programs.skim.enable = true; + + programs.starship = { + enable = true; + enableTransience = true; + settings.nix_shell.format = "❄️️"; + }; + + # programs.yazi = { + # enable = true; + # settings.preview.cache_dir = "${config.xdg.cacheHome}/thumbnails/yazi"; + # }; +} diff --git a/home/xdg.nix b/home/xdg.nix new file mode 100644 index 0000000..208c53e --- /dev/null +++ b/home/xdg.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (config.xdg) stateHome dataHome configHome cacheHome; + variables = { + # Bash (.bash_history) + HISTFILE = "${stateHome}/bash/history"; + + # Rust (.cargo) + CARGO_HOME = "${dataHome}/cargo"; + RUSTUP_HOME = "${dataHome}/rustup"; + + # GTK2 (.gtkrc-2.0) + GTK2_RC_FILES = "${configHome}/gtk-2.0/gtkrc"; + + # XCompose (.compose-cache) + XCOMPOSECACHE = "${cacheHome}/X11/xcompose"; + + # NuGet (.nuget/packages) + NUGET_PACKAGES = "${dataHome}/NuGetPackages"; + }; +in { + home.sessionVariables = variables; + systemd.user.sessionVariables = variables; + + # Run `xdg-ninja` to check fixable dotfiles + home.packages = [pkgs.xdg-ninja]; +} diff --git a/nixos/audio/pipewire-low-latency.nix b/nixos/audio/pipewire-low-latency.nix new file mode 100644 index 0000000..41bab9a --- /dev/null +++ b/nixos/audio/pipewire-low-latency.nix @@ -0,0 +1,37 @@ +{config, ...}: { + assertions = [ + { + assertion = config.services.pipewire.enable; + message = "PipeWire must be enabled for low-latency PipeWire"; + } + ]; + + services.pipewire.extraConfig = { + pipewire."92-low-latency" = { + context.properties = { + default.clock.rate = 48000; + default.clock.quantum = 32; + default.clock.min-quantum = 32; + default.clock.max-quantum = 32; + }; + }; + pipewire-pulse."92-low-latency" = { + context.modules = [ + { + name = "libpipewire-module-protocol-pulse"; + args = { + pulse.min.req = "32/48000"; + pulse.default.req = "32/48000"; + pulse.max.req = "32/48000"; + pulse.min.quantum = "32/48000"; + pulse.max.quantum = "32/48000"; + }; + } + ]; + stream.properties = { + node.latency = "32/48000"; + resample.quality = 1; + }; + }; + }; +} diff --git a/nixos/audio/pipewire.nix b/nixos/audio/pipewire.nix new file mode 100644 index 0000000..22b95da --- /dev/null +++ b/nixos/audio/pipewire.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/nixos/common/flake-support.nix b/nixos/common/flake-support.nix new file mode 100644 index 0000000..0c52e5b --- /dev/null +++ b/nixos/common/flake-support.nix @@ -0,0 +1,52 @@ +# Configuration for any flake-based NixOS system +# Try our darndest to get nixpkgs into path & registry properly +# +# Maybe write a blog post about it? +# +# In theory NixOS 24.05 does this for us? +# > On flake-based NixOS configurations using nixpkgs.lib.nixosSystem, NixOS will automatically set NIX_PATH and the system-wide flake registry (/etc/nix/registry.json) to point and the unqualified flake path nixpkgs to the version of nixpkgs used to build the system. +# > This makes nix run nixpkgs#hello and nix-build '' -A hello work out of the box with no added configuration, reusing dependencies already on the system. +# > This may be undesirable if nix commands are not going to be run on the built system since it adds nixpkgs to the system closure. For such closure-size-constrained non-interactive systems, this setting should be disabled. +# > To disable this, set nixpkgs.flake.setNixPath and nixpkgs.flake.setFlakeRegistry to false. +# https://nixos.org/manual/nixos/unstable/release-notes#sec-release-24.05-highlights +# +# Some reading: +# https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry#custom-nix-path-and-flake-registry-1 +# https://github.com/NixOS/nix/issues/9574 +# +# https://discourse.nixos.org/t/questions-on-using-nixos-desktop-with-flakes/16285/5 +# +# I think there are two separate problems. +# +# # Getting lookup paths (like ) to resolve +# +# This comment mentions how they work: +# https://discourse.nixos.org/t/nix-path-is-not-recognized/38404/6 +# +# # Getting `indirect` flake refs (like "nixpkgs") to resolve +# · indirect: Indirections through the flake registry. These have the form +# +# | [flake:](/(/rev)?)? +# +# These perform a lookup of in the flake registry. For example, nixpkgs and nixpkgs/release-20.09 are indirect flake references. The specified rev and/or ref are merged with the entry in +# the registry; see nix registry for details. +{ + inputs, + lib, + ... +}: let + inherit (inputs) nixpkgs; +in { + # Enable flake features + nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead. + + programs.command-not-found.enable = false; # Doesn't work well past channels + + nix.registry.nixpkgs.flake = nixpkgs; + # but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake. + # Make `nix repl ''` use the same nixpkgs as the one used by this flake. + environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}"; + # https://github.com/NixOS/nix/issues/9574 + nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs"; +} diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..9133472 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,167 @@ +{ + config, + options, + lib, + pkgs, + inputs, + ... +}: +{ + imports = [ + inputs.disko.nixosModules.disko + + ./device.nix + ./disk-config.nix + ./hardware-configuration.nix + ./audio/pipewire.nix + ./impermanence.nix + ./nix-maintenance.nix + # ./hardening.nix + + ./desktop/plasma + ./tailscale.nix + + ./users.nix + ./user-system-config.nix + ]; + + # Allows referring to this flake by the shorthand `nixos-config`, which lets you do e.g. + # nix repl nixos-config + nix.registry.nixos-config.to = { + type = "git"; + url = "file://${config.users.users.evar.home}/dev/nix/config"; + }; + + # In order to catch all logs, we need to mount this early enough in the boot process. + fileSystems."/var/log".neededForBoot = true; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; + + # This is not ideal for a laptop. + # For solution watch https://github.com/nix-community/impermanence/issues/153 + time.timeZone = "America/New_York"; + + nix.settings = { + # unclutters home folder + use-xdg-base-directories = true; + + # adding a community binary cache + substituters = [ + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) + [ + "steam" + # "steam-original" + # "steam-run" + "steam-unwrapped" + "obsidian" + "rider" + "rust-rover" + "spotify" + ]; + + # basically agrees to some license stuff + hardware.enableRedistributableFirmware = true; + + ### Boot + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.systemd.enable = true; + + ### Session management + + services.displayManager.autoLogin = { + # only if there's any encripted disks + enable = config.boot.initrd.luks.devices != {}; + user = "evar"; + }; + + ### Networking + + networking.networkmanager = { + enable = true; + # Per https://kokada.dev/blog/an-unordered-list-of-hidden-gems-inside-nixos/ + # May improve reliability + wifi.backend = "iwd"; + }; + services.openssh.enable = true; + + ### System software + + environment.systemPackages = [ + pkgs.git + pkgs.gdu + + pkgs.exfatprogs # for mkfs.exfat + pkgs.parted # for partprobe + + pkgs.gparted + + # For thinkorswim + # TODO: Should be elsewhere + pkgs.distrobox + ]; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + }; + + programs.adb.enable = true; + + # Miscellaneous + + # helps some things access battery info + services.upower.enable = true; + # dynamic mounting of connected devices + services.udisks2.enable = true; + services.printing.enable = true; + # service discovery, hostname lookups, etc. + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + # For the music server + networking.firewall.allowedUDPPorts = [ + # DLNA discovery (SSDP) + 1900 + ]; + + hardware.bluetooth = { + powerOnBoot = true; + settings.General.Experimental = "true"; + }; + # allows connecting to virtualized directories + services.gvfs.enable = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} \ No newline at end of file diff --git a/nixos/desktop/gnome/default.nix b/nixos/desktop/gnome/default.nix new file mode 100644 index 0000000..c9a5c57 --- /dev/null +++ b/nixos/desktop/gnome/default.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + services.xserver.enable = true; + # services.xserver.displayManager.defaultSession = "gnome"; + # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + hardware.pulseaudio.enable = false; + # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + environment.systemPackages = [ + pkgs.gnomeExtensions.appindicator + pkgs.gnomeExtensions.dash-to-dock + pkgs.gnomeExtensions.dash-to-panel + pkgs.mission-center + pkgs.gnome.nautilus + ]; + environment.gnome.excludePackages = [ + pkgs.gnome-tour + pkgs.gnome.cheese # Camera + pkgs.gnome.gnome-system-monitor + #pkgs.gnome.gnome-music + pkgs.gnome.gnome-terminal # Console + pkgs.gnome.gnome-contacts + pkgs.gedit # Text Editor + pkgs.gnome.epiphany # Web + pkgs.gnome.geary + pkgs.gnome.totem # Videos + ]; + services.udev.packages = [ + pkgs.gnome.gnome-settings-daemon + ]; + + services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' + [org.gnome.mutter] + experimental-features=['scale-monitor-framebuffer'] + ''; + services.xserver.desktopManager.gnome.extraGSettingsOverridePackages = [pkgs.gnome.mutter]; +} diff --git a/nixos/desktop/hypr/default.nix b/nixos/desktop/hypr/default.nix new file mode 100644 index 0000000..a17f3e6 --- /dev/null +++ b/nixos/desktop/hypr/default.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + nix.settings = { + builders-use-substitutes = true; # unknown, suggested by anyrun + substituters = [ + "https://hyprland.cachix.org" + "https://anyrun.cachix.org" + ]; + trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" + ]; + }; + + services.xserver.enable = true; + services.xserver.displayManager.defaultSession = "hyprland"; + # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + services.xserver.displayManager.gdm.enable = true; + security.pam.services.swaylock = {}; + + programs.hyprland = { + enable = true; + }; + + xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; + + services.blueman.enable = true; +} diff --git a/nixos/desktop/plasma/default.nix b/nixos/desktop/plasma/default.nix new file mode 100644 index 0000000..9f59006 --- /dev/null +++ b/nixos/desktop/plasma/default.nix @@ -0,0 +1,20 @@ +{config, lib, pkgs, ...}: +let + autologin = config.services.displayManager.autoLogin.enable; +in +{ + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.desktopManager.plasma6.enable = true; + + programs.dconf.enable = true; + + # The user is expected to have Emacs instead + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + elisa + ]; + + # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-2495681146 + systemd.services."getty@tty1".enable = lib.mkIf autologin false; + systemd.services."autovt@tty1".enable = lib.mkIf autologin false; +} diff --git a/nixos/device.nix b/nixos/device.nix new file mode 100644 index 0000000..e941fc6 --- /dev/null +++ b/nixos/device.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.nixos-hardware.nixosModules.framework-16-7040-amd + ]; + + # Set the Wireless Regulatory Domain + # https://github.com/NixOS/nixpkgs/issues/25378 + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="US" + ''; + + services.fwupd.enable = true; + + hardware.bluetooth.enable = true; + + boot.kernelPackages = + lib.mkIf + (lib.versionOlder pkgs.linux.version "6.9") + pkgs.linuxPackages_latest; + + # Not needed on NixOS 24.05+ + # Disable pcr for linux kernel testing 6.9-rc4+ + # Per https://community.frame.work/t/tracking-framework-16-linux-6-9-0-rc4-rc5-extreme-screen-flickering-anyone-else/49467/44 + boot.kernelParams = let + affectedVersions = ["6.9-rc4" "6.9-rc5" "6.9-rc6"]; + version = config.boot.kernelPackages.kernel.version; + affected = builtins.elem version affectedVersions; + in + lib.mkIf affected ["amdgpu.dcdebugmask=0x400"]; + + environment.systemPackages = lib.mkMerge [ + (with pkgs; [ + fw-ectool + framework-tool + ]) + # Show EasyEffects status in GNOME + (lib.mkIf config.services.xserver.desktopManager.gnome.enable [ + pkgs.gnomeExtensions.easyeffects-preset-selector + ]) + ]; + + # The FWL benefits from modifying its speakers + home-manager.sharedModules = [ + { + services.easyeffects.enable = true; + } + ]; + # EasyEffects needs this + programs.dconf.enable = true; + + # RGB LED Matrix + services.hardware.openrgb = { + enable = true; + package = pkgs.openrgb-with-all-plugins; + }; +} diff --git a/nixos/disk-config.nix b/nixos/disk-config.nix new file mode 100644 index 0000000..2ba1e90 --- /dev/null +++ b/nixos/disk-config.nix @@ -0,0 +1,69 @@ +{ + # checkout the example folder for how to configure different disko layouts + disko.devices = { + disk.fw16-2280 = { + device = "/dev/disk/by-path/pci-0000:05:00.0-nvme-1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["noatime" "fmask=0077" "dmask=0077"]; + }; + }; + cryptall = { + size = "100%"; + content = { + type = "luks"; + name = "all"; + settings = { + # allowDiscards = true; + # keyFile = "/tmp/secret.key"; + }; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + # System state which should be persistent across reboots and possibly backed up. + "/@nixos-persist" = { + mountpoint = "/persist"; + mountOptions = ["noatime" "compress=zstd"]; + }; + # I’m not so interested in backing up logs but I want them to be preserved across reboots, + # so I’m dedicating a subvolume to logs rather than using the persist subvolume. + "/@nixos-varlog" = { + mountpoint = "/var/log"; + mountOptions = ["noatime" "compress=zstd"]; + }; + # Needs to be persistent but is not worth backing up, as it’s trivial to reconstruct. + "/@nixos-nix" = { + mountpoint = "/nix"; + mountOptions = ["noatime" "compress=zstd"]; + }; + + "/@data" = { + mountpoint = "/data"; + mountOptions = ["noatime" "compress=zstd"]; + }; + "/@home-evar" = { + mountpoint = "/home/evar"; + mountOptions = ["noatime" "compress=zstd"]; + }; + }; + }; + }; + }; + }; + }; + }; + nodev."/" = { + fsType = "tmpfs"; + mountOptions = ["size=25%" "mode=755"]; + }; + }; +} diff --git a/nixos/hardening.nix b/nixos/hardening.nix new file mode 100644 index 0000000..0f68905 --- /dev/null +++ b/nixos/hardening.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: { + nix.settings.allowed-users = ["@wheel"]; + security.sudo.execWheelOnly = true; + services.openssh = { + allowSFTP = false; + settings = { + ChallengeResponseAuthentication = false; + PasswordAuthentication = false; + }; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + }; +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..0eeb6cf --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/impermanence.nix b/nixos/impermanence.nix new file mode 100644 index 0000000..91f23c9 --- /dev/null +++ b/nixos/impermanence.nix @@ -0,0 +1,52 @@ +{ + inputs, + options, + ... +}: { + imports = [inputs.impermanence.nixosModules.impermanence]; + + # There are bind mounts into here that are important for boot. + fileSystems."/persist".neededForBoot = true; + + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/var/lib/nixos" + "/var/lib/bluetooth" + "/var/lib/fprint" + "/var/lib/upower" + "/var/lib/tailscale" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + "/var/lib/iwd" # Known networks and keys + { + directory = "/var/lib/colord"; + user = "colord"; + group = "colord"; + mode = "u=rwx,g=rx,o="; + } + # TODO: cups? + ]; + files = [ + "/etc/machine-id" + #{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + "/var/lib/NetworkManager/secret_key" + "/var/lib/NetworkManager/seen-bssids" + "/var/lib/NetworkManager/timestamps" + ]; + }; + + # /etc/{passwd,shadow} are not persisted + users.mutableUsers = false; + + # Some report issues with impermanence file config for host keys, so just change their location + services.openssh.hostKeys = + builtins.map + (x: x // {path = "/persist" + x.path;}) + options.services.openssh.hostKeys.default; + + # sudo lecture db is not persisted, turn it off + security.sudo.extraConfig = '' + Defaults lecture = never + ''; +} diff --git a/nixos/nix-maintenance.nix b/nixos/nix-maintenance.nix new file mode 100644 index 0000000..1d75603 --- /dev/null +++ b/nixos/nix-maintenance.nix @@ -0,0 +1,14 @@ +{ + nix = { + settings.auto-optimise-store = true; + optimise = { + automatic = true; + dates = ["weekly"]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + }; +} diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix new file mode 100644 index 0000000..05b37e0 --- /dev/null +++ b/nixos/tailscale.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.tailscale = { + enable = true; + openFirewall = true; + }; + + # Implicitly trust packets routed over Tailscale + networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; +} diff --git a/nixos/user-system-config.nix b/nixos/user-system-config.nix new file mode 100644 index 0000000..6af4e39 --- /dev/null +++ b/nixos/user-system-config.nix @@ -0,0 +1,54 @@ +# Configuration that really wants to be per-user, +# but can't be defined from Home Manager. +{ + config, + lib, + pkgs, + ... +}: { + networking.firewall = lib.mkMerge [ + # User-mode Syncthing + { + allowedTCPPorts = [22000]; + allowedUDPPorts = [21027 22000]; + } + + # LocalSend + {allowedTCPPorts = [53317];} + ]; + + environment.systemPackages = lib.mkMerge [ + [pkgs.ryujinx] + [ + (pkgs.lutris.override { + extraLibraries = pkgs: [ + pkgs.libvdpau + pkgs.openal + pkgs.speex + pkgs.libgudev + ]; + }) + pkgs.wineWowPackages.waylandFull + ] + # For gamemode status in GNOME + (lib.mkIf (config.services.xserver.desktopManager.gnome.enable) [ + pkgs.gnomeExtensions.gamemode-indicator-in-system-settings + ]) + ]; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + gamescopeSession.enable = true; + }; + programs.gamemode = { + enable = true; + enableRenice = true; + settings = { + general = { + softrealtime = "auto"; + renice = 10; + }; + }; + }; +} diff --git a/nixos/users.nix b/nixos/users.nix new file mode 100644 index 0000000..455111e --- /dev/null +++ b/nixos/users.nix @@ -0,0 +1,44 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: { + imports = [inputs.home-manager.nixosModules.home-manager]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = {inherit inputs;}; + }; + + # TODO: Remove + # Allow root login with same password as primary user + users.users.root.hashedPasswordFile = let + primaryUser = "evar"; + in + config.users.users.${primaryUser}.hashedPasswordFile; + + users.users.evar = { + hashedPassword = "$y$j9T$4TYc8brm3.oJUbkktbbEq/$cTlZRmAVxb2GtttEXSoSGw9y.qm.vUs/yXgwLjlTk46"; + uid = 1000; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + "audio" + "adbusers" + "uucp" + "dialout" + ]; + # openssh.authorizedKeys.keys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhBR2Kg0VR1+p9jNYmuaaGXTMjHwQSbvmzIjwhOOmNG emily@intras 2022-10-26" + # ]; + }; + home-manager.users.evar = { + imports = [../home]; + }; +} diff --git a/pkgs/polonium.nix b/pkgs/polonium.nix new file mode 100644 index 0000000..0e5925e --- /dev/null +++ b/pkgs/polonium.nix @@ -0,0 +1,60 @@ +# TODO: replace with nixpkgs version when it has one +{ + lib, + fetchFromGitHub, + buildNpmPackage, + plasma5Packages ? null, + kdePackages ? null, +}: +# how to update: +# 1. check out the tag for the version in question +# 2. run `prefetch-npm-deps package-lock.json` +# 3. update npmDepsHash with the output of the previous step +let + inherit (kdePackages) qtbase; +in + buildNpmPackage { + name = "polonium-git"; + pname = "polonium"; + + src = fetchFromGitHub { + owner = "zeroxoneafour"; + repo = "polonium"; + rev = "83084c9f2bf44a22966c0534726498975183830e"; + hash = "sha256-kZMq4m4nACRelqgKsZVkmV9qqFw7dcMZHQF9dhdxCbQ="; + }; + + npmDepsHash = "sha256-kaT3Uyq+/JkmebakG9xQuR4Kjo7vk6BzI1/LffOj/eo="; + + # the installer does a bunch of stuff that fails in our sandbox, so just build here and then we + # manually do the install + postPatch = '' + substituteInPlace Makefile \ + --replace-fail "build install cleanall" "res src" + ''; + + nativeBuildInputs = [ + kdePackages.kpackage + ]; + + dontNpmBuild = true; + + dontWrapQtApps = true; + + installPhase = '' + runHook preInstall + + kpackagetool6 --install pkg --packageroot $out/share/kwin/scripts + + runHook postInstall + ''; + + env.LANG = "C.UTF-8"; + + meta = with lib; { + description = "Auto-tiler that uses KWin 6+ tiling functionality"; + license = licenses.mit; + maintainers = with maintainers; [peterhoeg]; + inherit (kdePackages.kpackage.meta) platforms; + }; + } diff --git a/systems/default.nix b/systems/default.nix new file mode 100644 index 0000000..50178a0 --- /dev/null +++ b/systems/default.nix @@ -0,0 +1,13 @@ +{inputs, ...}: let + inherit (inputs) nixpkgs; + inherit (nixpkgs.lib) nixosSystem; +in { + flake.nixosConfigurations.atreus = nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + {networking.hostName = "atreus";} + ../nixos/common/flake-support.nix + ../nixos + ]; + }; +}