evar/nixos-framework-laptop-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

misc: initial commit

Browse source
This commit is contained in:
Emily 2024-12-28 19:33:49 -05:00
commit 964b99b28d
32 changed files with 1675 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
dev-shell/default.nix Normal file
View file

@ -0,0 +1,21 @@
{...}: {
perSystem = {
pkgs,
inputs',
...
}: {
devShells.default = pkgs.mkShell {
packages = with pkgs; [
just
alejandra
nixpkgs-fmt
nix-tree
nix-diff
nvd
nix-inspect
nix-du
nix-output-monitor
];
};
};
}

64
flake.lock generated Normal file
View file

@ -0,0 +1,64 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1735048446,
"narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=",
"owner": "nix-community",
"repo": "disko",
"rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1734596637,
"narHash": "sha256-MRqwVAe3gsb88u4ME1UidmZFVCx+FEnoob0zkpO9DMY=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "536472754982bf03079b4b4e0261838a760587c0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735268880,
"narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

33
flake.nix Normal file
View file

@ -0,0 +1,33 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
ags.url = "github:Aylur/ags";
anyrun.url = "github:Kirottu/anyrun";
muse-sounds-manager = {
url = "github:thilobillerbeck/muse-sounds-manager-nix/06b0da28c54331d5af73efd2ebf264ce914e5936";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {flake-parts, ...}:
flake-parts.lib.mkFlake {inherit inputs;} {
systems = ["x86_64-linux"];
imports = [
./systems
./dev-shell
];
};
}

26
hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

125
home/apps.nix Normal file
View file

@ -0,0 +1,125 @@
{
pkgs,
inputs,
...
}: {
imports = [
./apps/firefox.nix
./apps/syncthing.nix
];
home.packages = [
pkgs.pavucontrol
pkgs.signal-desktop
pkgs.webcord # pkgs.webcord-vencord
pkgs.telegram-desktop
#pkgs.kdePackages.neochat
pkgs.keepassxc
#pkgs.blender-hip
pkgs.buku
pkgs.libreoffice
pkgs.darktable
pkgs.gimp
pkgs.inkscape
pkgs.krita
pkgs.okular
pkgs.localsend
pkgs.ffmpeg # Generally useful
# Music
#pkgs.feishin # sonixd replacement
pkgs.supersonic # Music player by Navidrome author
pkgs.sonixd # Music player; desktop app for Navidrome. Replace w/ Feishin when that supports Subsonic API.
pkgs.spotube # Use Spotify metadata & user to play from YouTube
pkgs.spotify # Proprietary
pkgs.strawberry-qt6 # Fork of Clementine
pkgs.clementine
pkgs.lollypop
# muffon https://muffon.netlify.app/
pkgs.picard # Edit audio metadata, w/ MusicBrainz integration
pkgs.puddletag # Edit audio metadata
pkgs.deadbeef-with-plugins
# pkgs.tauon
pkgs.audacious
# pkgs.asunder # Ripping
pkgs.cyanrip # Ripping
# pkgs.whipper # Ripping
#pkgs.anki # Dep python3.12-pyqt-6.7.0 doesn't build
pkgs.memento # Japanese
# Documents
pkgs.typst # TeX alternative
pkgs.tinymist # LSP for Typst
# Dev
pkgs.vscodium # Consider vscodium-fhs
#pkgs.jetbrains.rider
#pkgs.jetbrains.rust-rover
pkgs.helix
pkgs.zed-editor
# Internet
pkgs.fragments
pkgs.uget # Download manager
# From master because PR #290892 is merged but at the time of writing hasn't made it to unstable yet
# Need it to solve issue #263764
# https://github.com/NixOS/nixpkgs/issues/263764
# https://github.com/NixOS/nixpkgs/pull/290892
# https://github.com/NixOS/nixpkgs/commit/999e0cf59288584616a241c0d8bb7c3c3f1fb417
pkgs.obsidian
pkgs.obs-studio
pkgs.kdePackages.plasmatube
#pkgs.nyxt
pkgs.mpvScripts.uosc
pkgs.mpvScripts.sponsorblock
pkgs.musescore
# inputs.muse-sounds-manager.packages.${pkgs.system}.muse-sounds-manager
pkgs.helio-workstation # music editor
pkgs.lmms # DAW
pkgs.carla # VST host
pkgs.yabridge # Windows VST host
pkgs.yabridgectl
pkgs.surge-XT # VST
];
programs.imv.enable = true;
programs.mangohud = {
enable = true;
};
programs.mpv.enable = true;
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
};
};
programs.vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
userSettings = {
"window.menuBarVisibility" = "toggle";
"rust-analyzer.server.path" = "rust-analyzer"; # look in env
# Library sources for rust-analyzer shall be read-only
"files.readonlyInclude" = {
"**/.cargo/registry/src/**/*.rs" = true;
"**/lib/rustlib/src/rust/library/**/*.rs" = true;
};
};
extensions = with pkgs.vscode-extensions; [
mkhl.direnv
jnoortheen.nix-ide
];
};
programs.zathura.enable = true;
}

83
home/apps/firefox.nix Normal file
View file

@ -0,0 +1,83 @@
{
lib,
pkgs,
osConfig,
...
}: let
enablePlasma = osConfig.services.desktopManager.plasma6.enable;
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
};
};
oldExtensions = builtins.listToAttrs;
ext = shortId: {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
};
exts = builtins.mapAttrs (_: ext);
in {
programs.firefox = {
enable = true;
nativeMessagingHosts = [
pkgs.tridactyl-native
];
policies.ExtensionSettings = lib.mkMerge [
(oldExtensions [
# languagetool?
#(extension "tree-style-tab" "treestyletab@piro.sakura.ne.jp")
(extension "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}") # has no email id
(extension "kagi-search-for-firefox" "search@kagi.com")
(extension "ublock-origin" "uBlock0@raymondhill.net")
#(extension "umatrix" "uMatrix@raymondhill.net")
(extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
(extension "i-dont-care-about-cookies" "jid1-KKzOGWgsW3Ao4Q@jetpack")
# (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}") # has no email id
(extension "keepassxc-browser" "keepassxc-browser@keepassxc.org")
#(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
#(extension "tabliss" "extension@tabliss.io")
# (extension "bukubrow" "bukubrow@samhh.com")
# (extension "multi-account-containers" "@testpilot-containers")
# (extension "rust-search-extension" "{04188724-64d3-497b-a4fd-7caffe6eab29}") # has no email id
# (extension "tridactyl-vim" "tridactyl.vim@cmcaine.co.uk")
# site-specific
# (extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me")
(extension "toolkit-for-ynab" "{4F1FB113-D7D8-40AE-A5BA-9300EAEA0F51}") # has no email id
(extension "sponsorblock" "sponsorBlocker@ajay.app")
# (extension "steam-database" "firefox-extension@steamdb.info")
])
# TODO: Can we get this from nixpkgs instead?
(lib.mkIf enablePlasma (exts {
"plasma-browser-integration@kde.org" = "plasma-integration";
}))
];
# To add additional extensions, find it on addons.mozilla.org, find
# the short ID in the url (like https://addons.mozilla.org/en-US/firefox/addon/!SHORT_ID!/)
# Then, download the XPI by filling it in to the install_url template, unzip it,
# run `jq .browser_specific_settings.gecko.id manifest.json` or
# `jq .applications.gecko.id manifest.json` to get the UUID
# You dont need to get the UUID from the xpi. You can install it then find the UUID in about:debugging#/runtime/this-firefox.
profiles.default = {
settings = {
"app.normandy.first_run" = false;
"app.shield.optoutstudies.enabled" = false;
"app.update.channel" = "default";
# "browser.link.open_newwindow" = true;
"browser.shell.checkDefaultBrowser" = true;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.vpn_promo.enabled" = false;
# "extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
# "extensions.extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
"extensions.pocket.enabled" = false;
"media.ffmpeg.vaapi.enabled" = true;
};
};
};
}

18
home/apps/syncthing.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
pkgs,
osConfig,
...
}: let
enablePlasma = osConfig.services.desktopManager.plasma6.enable;
enableGnome = osConfig.services.xserver.desktopManager.gnome.enable;
in {
services.syncthing = {
enable = true;
};
home.packages = lib.mkMerge [
(lib.mkIf enablePlasma [pkgs.syncthingtray-qt6])
(lib.mkIf enableGnome [pkgs.gnomeExtensions.syncthing-indicator])
];
}

103
home/default.nix Normal file
View file

@ -0,0 +1,103 @@
{
config,
pkgs,
inputs,
osConfig,
...
}: let
variables = {
# VISUAL = "emacs";
EDITOR = "nvim";
SSH_ASKPASS_REQUIRE = "prefer";
SSH_ASKPASS = "${pkgs.ksshaskpass}/bin/ksshaskpass";
};
in {
imports = [
./xdg.nix
./terminal.nix
./desktop.nix
# ./emacs.nix
./apps.nix
];
home.sessionVariables = variables;
systemd.user.sessionVariables = variables;
fonts.fontconfig.enable = true;
xdg.enable = true;
home.packages = with pkgs; [
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji
];
programs.git = {
enable = true;
delta = {
enable = true;
options = {
side-by-side = true;
};
};
# WISH: Figure out difftastic
# difftastic.enable = true;
# https://difftastic.wilfred.me.uk/git.html
# https://tsdh.org/posts/2022-08-01-difftastic-diffing-with-magit.html
userEmail = "git@evar.dev";
userName = "Evar";
extraConfig = {
init.defaultBranch = "main";
# Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#pull-ff-only-or-pull-rebase-true
# Make merge conflicts more readable
merge.conflictstyle = "zdiff3";
rebase.autosquash = true;
rebase.autostash = true;
# Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#push-default-simple-push-default-current-push-autosetupremote-true
# Add whole commit diff in text editor when writing commit message
#commit.verbose = true;
# Remember how merge conflicts were resolved to restore later
rerere.enabled = true;
# Better diffs
diff.algorithm = "histogram";
status.submoduleSummary = true;
diff.submodule = "log";
submodule.recurse = true;
merge.keepbackup = false;
#merge.tool = "${pkgs.meld}/bin/meld";
};
};
# programs.ssh
programs.ssh = {
enable = true;
addKeysToAgent = "1h";
};
services.ssh-agent.enable = true;
programs.yt-dlp.enable = true;
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "23.11";
# Let Home Manager install and manage itself.
#programs.home-manager.enable = true;
}

30
home/desktop.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
options,
lib,
pkgs,
inputs,
osConfig,
...
}: {
imports = [
./desktop/shared/wayland.nix
./desktop/hyprland.nix
./desktop/plasma.nix
];
# my.desktop.hyprland.enable = true;
my.desktop.plasma.enable = true;
programs.foot = {
enable = true;
settings.main = {
shell = "fish";
font = "monospace:size=10";
app-id = "foot";
pad = "10x8 center";
};
settings.url.osc8-underline = "always";
settings.cursor.style = "beam";
};
}

172
home/desktop/hyprland.nix Normal file
View file

@ -0,0 +1,172 @@
{
config,
lib,
pkgs,
options,
inputs,
osConfig,
...
}: {
imports = [
inputs.ags.homeManagerModules.default
inputs.anyrun.homeManagerModules.default
];
options.my.desktop.hyprland.enable = lib.mkEnableOption "my Hyprland based desktop environment";
config = lib.mkIf config.my.desktop.hyprland.enable {
my.desktop.wayland = true;
wayland.windowManager.hyprland = {
enable = true;
package = osConfig.programs.hyprland.package;
extraConfig = ''
source=${./hyprland}/hyprland.conf
'';
systemd.variables = options.wayland.windowManager.hyprland.systemd.variables.default ++ ["XDG_SESSION_TYPE"];
};
services.cliphist = {
enable = true;
systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target
};
systemd.user.targets.hyprland-session.Unit.Wants = ["plasma-polkit-agent.service"];
programs.ags = {
enable = true;
configDir = ./ags;
};
systemd.user.services.ags = {
Unit.Description = "Aylur's Gtk Shell";
Unit.PartOf = ["hyprland-session.target"];
Install.WantedBy = ["hyprland-session.target"];
Service = let
app = pkgs.writeShellApplication {
name = "ags-wrapped";
runtimeInputs = [config.programs.ags.package pkgs.coreutils];
text = ''ags "$@"'';
};
in {
# Service = {
BusName = "com.github.Aylur.ags.ags";
# ExecStart = "${config.programs.ags.package}/bin/ags --config ${config.programs.ags.configDir}/config.js";
ExecStart = "${app}/bin/ags-wrapped --config ${config.programs.ags.configDir}/config.js";
OOMScoreAdjust = -500;
};
# TODO: reloadTriggers?
# restartTriggers = [ config.programs.ags.configDir ];
};
programs.anyrun = {
enable = true;
config.plugins = with inputs.anyrun.packages.${pkgs.stdenv.hostPlatform.system}; [
applications
dictionary
# kidex
randr
rink
shell
# stdin
symbols
# translate
# websearch
];
};
programs.swaylock = {
enable = true;
settings = {
color = "808080";
font-size = 24;
indicator-idle-visible = false;
indicator-radius = 100;
line-color = "ffffff";
show-failed-attempts = true;
};
};
services.swayidle = let
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl";
in {
enable = true;
systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target
extraArgs = [
"-w" # Wait for command to finish executing before continuing
"idlehint"
"300"
];
events = [
{
event = "before-sleep";
command = "${swaylock} -f";
}
# after-resume
{
event = "lock";
command = "${swaylock} -f";
}
{
event = "unlock";
command = "kill -s USR1 swaylock";
}
];
timeouts = [
{
timeout = 300;
command = "${swaylock} -f";
} # 300
{
timeout = 600;
command = "${hyprctl} dispatch dpms off";
resumeCommand = "${hyprctl} dispatch dpms on";
}
# { timeout = 900; command = "${pkgs.systemd}/bin/systemctl suspend"; }
];
};
# TDOD: replace with ags
services.swayosd.enable = true;
services.udiskie.enable = osConfig.services.udisks2.enable;
systemd.user.services.swww = {
Unit.Description = "Animated wallpaper daemon for wayland";
Unit.Documentation = ["man:swww(1)"];
Unit.PartOf = ["hyprland-session.target"];
Install.WantedBy = ["hyprland-session.target"];
# Service.ExecStart = "${pkgs.swww}/bin/swww init --no-daemon";
Service.ExecStart = let
app = pkgs.writeShellApplication {
name = "swww-wrapped";
runtimeInputs = [pkgs.swww];
text = ''
swww init --no-daemon
'';
};
in "${app}/bin/swww-wrapped";
};
systemd.user.services.wayvnc = {
Unit.Description = "Wayland VNC server";
Unit.PartOf = ["graphical-session.target"];
Service.ExecStart = "${pkgs.wayvnc}/bin/wayvnc";
};
# Not sure if this should be per desktop
services.mpris-proxy.enable = true;
programs.foot.settings.colors.alpha = 0.6;
home.packages = [
pkgs.swww
pkgs.wofi
pkgs.polkit-kde-agent
pkgs.libsForQt5.qtwayland
pkgs.qt6Packages.qtwayland
pkgs.grimblast # screenshots on hyprland
pkgs.gnome.gnome-system-monitor
pkgs.gnome.nautilus
];
};
}

28
home/desktop/plasma.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}: let
polonium = pkgs.callPackage ../../pkgs/polonium.nix {};
in {
options.my.desktop.plasma.enable = lib.mkEnableOption "my Plasma based desktop environment";
config = lib.mkIf config.my.desktop.plasma.enable {
my.desktop.wayland = true;
home.packages = [
polonium
];
programs.firefox.policies.ExtensionSettings = let
extension = shortId: {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
};
in
builtins.mapAttrs (_: extension) {
"plasma-browser-integration@kde.org" = "plasma-integration";
};
};
}

18
home/desktop/shared/wayland.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}: let
variables = {
NIXOS_OZONE_WL = "1";
STEAM_FORCE_DESKTOPUI_SCALING = "1.5";
};
in {
options.my.desktop.wayland = lib.mkEnableOption "my Wayland options";
config = lib.mkIf config.my.desktop.wayland {
home.sessionVariables = variables;
systemd.user.sessionVariables = variables;
};
}

119
home/terminal.nix Normal file
View file

@ -0,0 +1,119 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
inputs.nix-index-database.hmModules.nix-index
];
home.packages = [
pkgs.file
pkgs.pciutils # lspci
pkgs.usbutils # lsusb
pkgs.bottom
pkgs.htop
pkgs.lsof
pkgs.lm_sensors
pkgs.amdgpu_top
#pkgs.rocmPackages.rocm-smi
pkgs.ryzenadj
pkgs.powertop
pkgs.procs
pkgs.sshfs
pkgs.fd
pkgs.libqalculate
# pkgs.havn # port scanner
pkgs.gdu # count code
pkgs.tokei # count code
pkgs.ov # pager
pkgs.zoxide # cd
pkgs.dua
pkgs.unzip
pkgs.unrar-wrapper
pkgs.p7zip
pkgs.atool
pkgs.fastfetch
pkgs.hyfetch
pkgs.helix # `hx` editor
pkgs.jujutsu # `jj` vcs
];
programs.atuin = {
enable = true;
settings.update_check = false;
settings.enter_accept = true;
};
programs.autojump.enable = true;
programs.bat.enable = true;
# maybe move boxxy here?
programs.broot.enable = true;
programs.direnv = {
enable = true;
nix-direnv.enable = true;
# Externally located cache
stdlib = ''
declare -A direnv_layout_dirs
direnv_layout_dir() {
local hash path
echo "''${direnv_layout_dirs[$PWD]:=$(
hash="$(sha1sum - <<< "$PWD" | head -c40)"
path="''${PWD//[^a-zA-Z0-9]/-}"
echo "${config.xdg.cacheHome}/direnv/layouts/''${hash}''${path}"
)}"
}
'';
};
programs.eza = {
enable = true;
git = true;
icons = "auto";
};
programs.fish = {
enable = true;
functions = {
#__fish_command_not_found_handler = {
# body = "__fish_default_command_not_found_handler $argv[1]";
# onEvent = "fish_command_not_found";
#};
};
shellInit = "set fish_greeting";
};
# maybe move git here?
programs.jq.enable = true;
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
programs.ripgrep.enable = true;
programs.skim.enable = true;
programs.starship = {
enable = true;
enableTransience = true;
settings.nix_shell.format = "";
};
# programs.yazi = {
# enable = true;
# settings.preview.cache_dir = "${config.xdg.cacheHome}/thumbnails/yazi";
# };
}

31
home/xdg.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}: let
inherit (config.xdg) stateHome dataHome configHome cacheHome;
variables = {
# Bash (.bash_history)
HISTFILE = "${stateHome}/bash/history";
# Rust (.cargo)
CARGO_HOME = "${dataHome}/cargo";
RUSTUP_HOME = "${dataHome}/rustup";
# GTK2 (.gtkrc-2.0)
GTK2_RC_FILES = "${configHome}/gtk-2.0/gtkrc";
# XCompose (.compose-cache)
XCOMPOSECACHE = "${cacheHome}/X11/xcompose";
# NuGet (.nuget/packages)
NUGET_PACKAGES = "${dataHome}/NuGetPackages";
};
in {
home.sessionVariables = variables;
systemd.user.sessionVariables = variables;
# Run `xdg-ninja` to check fixable dotfiles
home.packages = [pkgs.xdg-ninja];
}

37
nixos/audio/pipewire-low-latency.nix Normal file
View file

@ -0,0 +1,37 @@
{config, ...}: {
assertions = [
{
assertion = config.services.pipewire.enable;
message = "PipeWire must be enabled for low-latency PipeWire";
}
];
services.pipewire.extraConfig = {
pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
};
}

17
nixos/audio/pipewire.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}: {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
}

52
nixos/common/flake-support.nix Normal file
View file

@ -0,0 +1,52 @@
# Configuration for any flake-based NixOS system
# Try our darndest to get nixpkgs into path & registry properly
#
# Maybe write a blog post about it?
#
# In theory NixOS 24.05 does this for us?
# > On flake-based NixOS configurations using nixpkgs.lib.nixosSystem, NixOS will automatically set NIX_PATH and the system-wide flake registry (/etc/nix/registry.json) to point <nixpkgs> and the unqualified flake path nixpkgs to the version of nixpkgs used to build the system.
# > This makes nix run nixpkgs#hello and nix-build '<nixpkgs>' -A hello work out of the box with no added configuration, reusing dependencies already on the system.
# > This may be undesirable if nix commands are not going to be run on the built system since it adds nixpkgs to the system closure. For such closure-size-constrained non-interactive systems, this setting should be disabled.
# > To disable this, set nixpkgs.flake.setNixPath and nixpkgs.flake.setFlakeRegistry to false.
# https://nixos.org/manual/nixos/unstable/release-notes#sec-release-24.05-highlights
#
# Some reading:
# https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry#custom-nix-path-and-flake-registry-1
# https://github.com/NixOS/nix/issues/9574
#
# https://discourse.nixos.org/t/questions-on-using-nixos-desktop-with-flakes/16285/5
#
# I think there are two separate problems.
#
# # Getting lookup paths (like <nixpkgs>) to resolve
#
# This comment mentions how they work:
# https://discourse.nixos.org/t/nix-path-is-not-recognized/38404/6
#
# # Getting `indirect` flake refs (like "nixpkgs") to resolve
# · indirect: Indirections through the flake registry. These have the form
#
# | [flake:]<flake-id>(/<rev-or-ref>(/rev)?)?
#
# These perform a lookup of <flake-id> in the flake registry. For example, nixpkgs and nixpkgs/release-20.09 are indirect flake references. The specified rev and/or ref are merged with the entry in
# the registry; see nix registry for details.
{
inputs,
lib,
...
}: let
inherit (inputs) nixpkgs;
in {
# Enable flake features
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
programs.command-not-found.enable = false; # Doesn't work well past channels
nix.registry.nixpkgs.flake = nixpkgs;
# but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.
# Make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
# https://github.com/NixOS/nix/issues/9574
nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
}

167
nixos/default.nix Normal file
View file

@ -0,0 +1,167 @@
{
config,
options,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./device.nix
./disk-config.nix
./hardware-configuration.nix
./audio/pipewire.nix
./impermanence.nix
./nix-maintenance.nix
# ./hardening.nix
./desktop/plasma
./tailscale.nix
./users.nix
./user-system-config.nix
];
# Allows referring to this flake by the shorthand `nixos-config`, which lets you do e.g.
# nix repl nixos-config
nix.registry.nixos-config.to = {
type = "git";
url = "file://${config.users.users.evar.home}/dev/nix/config";
};
# In order to catch all logs, we need to mount this early enough in the boot process.
fileSystems."/var/log".neededForBoot = true;
zramSwap = {
enable = true;
memoryPercent = 25;
};
# This is not ideal for a laptop.
# For solution watch https://github.com/nix-community/impermanence/issues/153
time.timeZone = "America/New_York";
nix.settings = {
# unclutters home folder
use-xdg-base-directories = true;
# adding a community binary cache
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg)
[
"steam"
# "steam-original"
# "steam-run"
"steam-unwrapped"
"obsidian"
"rider"
"rust-rover"
"spotify"
];
# basically agrees to some license stuff
hardware.enableRedistributableFirmware = true;
### Boot
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.systemd.enable = true;
### Session management
services.displayManager.autoLogin = {
# only if there's any encripted disks
enable = config.boot.initrd.luks.devices != {};
user = "evar";
};
### Networking
networking.networkmanager = {
enable = true;
# Per https://kokada.dev/blog/an-unordered-list-of-hidden-gems-inside-nixos/
# May improve reliability
wifi.backend = "iwd";
};
services.openssh.enable = true;
### System software
environment.systemPackages = [
pkgs.git
pkgs.gdu
pkgs.exfatprogs # for mkfs.exfat
pkgs.parted # for partprobe
pkgs.gparted
# For thinkorswim
# TODO: Should be elsewhere
pkgs.distrobox
];
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
programs.adb.enable = true;
# Miscellaneous
# helps some things access battery info
services.upower.enable = true;
# dynamic mounting of connected devices
services.udisks2.enable = true;
services.printing.enable = true;
# service discovery, hostname lookups, etc.
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# For the music server
networking.firewall.allowedUDPPorts = [
# DLNA discovery (SSDP)
1900
];
hardware.bluetooth = {
powerOnBoot = true;
settings.General.Experimental = "true";
};
# allows connecting to virtualized directories
services.gvfs.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

45
nixos/desktop/gnome/default.nix Normal file
View file

@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
services.xserver.enable = true;
# services.xserver.displayManager.defaultSession = "gnome";
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
hardware.pulseaudio.enable = false;
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
environment.systemPackages = [
pkgs.gnomeExtensions.appindicator
pkgs.gnomeExtensions.dash-to-dock
pkgs.gnomeExtensions.dash-to-panel
pkgs.mission-center
pkgs.gnome.nautilus
];
environment.gnome.excludePackages = [
pkgs.gnome-tour
pkgs.gnome.cheese # Camera
pkgs.gnome.gnome-system-monitor
#pkgs.gnome.gnome-music
pkgs.gnome.gnome-terminal # Console
pkgs.gnome.gnome-contacts
pkgs.gedit # Text Editor
pkgs.gnome.epiphany # Web
pkgs.gnome.geary
pkgs.gnome.totem # Videos
];
services.udev.packages = [
pkgs.gnome.gnome-settings-daemon
];
services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
services.xserver.desktopManager.gnome.extraGSettingsOverridePackages = [pkgs.gnome.mutter];
}

35
nixos/desktop/hypr/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
nix.settings = {
builders-use-substitutes = true; # unknown, suggested by anyrun
substituters = [
"https://hyprland.cachix.org"
"https://anyrun.cachix.org"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
];
};
services.xserver.enable = true;
services.xserver.displayManager.defaultSession = "hyprland";
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
services.xserver.displayManager.gdm.enable = true;
security.pam.services.swaylock = {};
programs.hyprland = {
enable = true;
};
xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
services.blueman.enable = true;
}

20
nixos/desktop/plasma/default.nix Normal file
View file

@ -0,0 +1,20 @@
{config, lib, pkgs, ...}:
let
autologin = config.services.displayManager.autoLogin.enable;
in
{
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true;
programs.dconf.enable = true;
# The user is expected to have Emacs instead
environment.plasma6.excludePackages = with pkgs.kdePackages; [
elisa
];
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-2495681146
systemd.services."getty@tty1".enable = lib.mkIf autologin false;
systemd.services."autovt@tty1".enable = lib.mkIf autologin false;
}

62
nixos/device.nix Normal file
View file

@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
];
# Set the Wireless Regulatory Domain
# https://github.com/NixOS/nixpkgs/issues/25378
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="US"
'';
services.fwupd.enable = true;
hardware.bluetooth.enable = true;
boot.kernelPackages =
lib.mkIf
(lib.versionOlder pkgs.linux.version "6.9")
pkgs.linuxPackages_latest;
# Not needed on NixOS 24.05+
# Disable pcr for linux kernel testing 6.9-rc4+
# Per https://community.frame.work/t/tracking-framework-16-linux-6-9-0-rc4-rc5-extreme-screen-flickering-anyone-else/49467/44
boot.kernelParams = let
affectedVersions = ["6.9-rc4" "6.9-rc5" "6.9-rc6"];
version = config.boot.kernelPackages.kernel.version;
affected = builtins.elem version affectedVersions;
in
lib.mkIf affected ["amdgpu.dcdebugmask=0x400"];
environment.systemPackages = lib.mkMerge [
(with pkgs; [
fw-ectool
framework-tool
])
# Show EasyEffects status in GNOME
(lib.mkIf config.services.xserver.desktopManager.gnome.enable [
pkgs.gnomeExtensions.easyeffects-preset-selector
])
];
# The FWL benefits from modifying its speakers
home-manager.sharedModules = [
{
services.easyeffects.enable = true;
}
];
# EasyEffects needs this
programs.dconf.enable = true;
# RGB LED Matrix
services.hardware.openrgb = {
enable = true;
package = pkgs.openrgb-with-all-plugins;
};
}

69
nixos/disk-config.nix Normal file
View file

@ -0,0 +1,69 @@
{
# checkout the example folder for how to configure different disko layouts
disko.devices = {
disk.fw16-2280 = {
device = "/dev/disk/by-path/pci-0000:05:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
esp = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["noatime" "fmask=0077" "dmask=0077"];
};
};
cryptall = {
size = "100%";
content = {
type = "luks";
name = "all";
settings = {
# allowDiscards = true;
# keyFile = "/tmp/secret.key";
};
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
# System state which should be persistent across reboots and possibly backed up.
"/@nixos-persist" = {
mountpoint = "/persist";
mountOptions = ["noatime" "compress=zstd"];
};
# Im not so interested in backing up logs but I want them to be preserved across reboots,
# so Im dedicating a subvolume to logs rather than using the persist subvolume.
"/@nixos-varlog" = {
mountpoint = "/var/log";
mountOptions = ["noatime" "compress=zstd"];
};
# Needs to be persistent but is not worth backing up, as its trivial to reconstruct.
"/@nixos-nix" = {
mountpoint = "/nix";
mountOptions = ["noatime" "compress=zstd"];
};
"/@data" = {
mountpoint = "/data";
mountOptions = ["noatime" "compress=zstd"];
};
"/@home-evar" = {
mountpoint = "/home/evar";
mountOptions = ["noatime" "compress=zstd"];
};
};
};
};
};
};
};
};
nodev."/" = {
fsType = "tmpfs";
mountOptions = ["size=25%" "mode=755"];
};
};
}

23
nixos/hardening.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}: {
nix.settings.allowed-users = ["@wheel"];
security.sudo.execWheelOnly = true;
services.openssh = {
allowSFTP = false;
settings = {
ChallengeResponseAuthentication = false;
PasswordAuthentication = false;
};
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}

26
nixos/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

52
nixos/impermanence.nix Normal file
View file

@ -0,0 +1,52 @@
{
inputs,
options,
...
}: {
imports = [inputs.impermanence.nixosModules.impermanence];
# There are bind mounts into here that are important for boot.
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos"
"/var/lib/bluetooth"
"/var/lib/fprint"
"/var/lib/upower"
"/var/lib/tailscale"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/var/lib/iwd" # Known networks and keys
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
# TODO: cups?
];
files = [
"/etc/machine-id"
#{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
"/var/lib/NetworkManager/secret_key"
"/var/lib/NetworkManager/seen-bssids"
"/var/lib/NetworkManager/timestamps"
];
};
# /etc/{passwd,shadow} are not persisted
users.mutableUsers = false;
# Some report issues with impermanence file config for host keys, so just change their location
services.openssh.hostKeys =
builtins.map
(x: x // {path = "/persist" + x.path;})
options.services.openssh.hostKeys.default;
# sudo lecture db is not persisted, turn it off
security.sudo.extraConfig = ''
Defaults lecture = never
'';
}

14
nixos/nix-maintenance.nix Normal file
View file

@ -0,0 +1,14 @@
{
nix = {
settings.auto-optimise-store = true;
optimise = {
automatic = true;
dates = ["weekly"];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
};
}

14
nixos/tailscale.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}: {
services.tailscale = {
enable = true;
openFirewall = true;
};
# Implicitly trust packets routed over Tailscale
networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName];
}

54
nixos/user-system-config.nix Normal file
View file

@ -0,0 +1,54 @@
# Configuration that really wants to be per-user,
# but can't be defined from Home Manager.
{
config,
lib,
pkgs,
...
}: {
networking.firewall = lib.mkMerge [
# User-mode Syncthing
{
allowedTCPPorts = [22000];
allowedUDPPorts = [21027 22000];
}
# LocalSend
{allowedTCPPorts = [53317];}
];
environment.systemPackages = lib.mkMerge [
[pkgs.ryujinx]
[
(pkgs.lutris.override {
extraLibraries = pkgs: [
pkgs.libvdpau
pkgs.openal
pkgs.speex
pkgs.libgudev
];
})
pkgs.wineWowPackages.waylandFull
]
# For gamemode status in GNOME
(lib.mkIf (config.services.xserver.desktopManager.gnome.enable) [
pkgs.gnomeExtensions.gamemode-indicator-in-system-settings
])
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
gamescopeSession.enable = true;
};
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
softrealtime = "auto";
renice = 10;
};
};
};
}

44
nixos/users.nix Normal file
View file

@ -0,0 +1,44 @@
{
inputs,
config,
lib,
pkgs,
...
}: {
imports = [inputs.home-manager.nixosModules.home-manager];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
};
# TODO: Remove
# Allow root login with same password as primary user
users.users.root.hashedPasswordFile = let
primaryUser = "evar";
in
config.users.users.${primaryUser}.hashedPasswordFile;
users.users.evar = {
hashedPassword = "$y$j9T$4TYc8brm3.oJUbkktbbEq/$cTlZRmAVxb2GtttEXSoSGw9y.qm.vUs/yXgwLjlTk46";
uid = 1000;
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
"audio"
"adbusers"
"uucp"
"dialout"
];
# openssh.authorizedKeys.keys = [
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhBR2Kg0VR1+p9jNYmuaaGXTMjHwQSbvmzIjwhOOmNG emily@intras 2022-10-26"
# ];
};
home-manager.users.evar = {
imports = [../home];
};
}

60
pkgs/polonium.nix Normal file
View file

@ -0,0 +1,60 @@
# TODO: replace with nixpkgs version when it has one
{
lib,
fetchFromGitHub,
buildNpmPackage,
plasma5Packages ? null,
kdePackages ? null,
}:
# how to update:
# 1. check out the tag for the version in question
# 2. run `prefetch-npm-deps package-lock.json`
# 3. update npmDepsHash with the output of the previous step
let
inherit (kdePackages) qtbase;
in
buildNpmPackage {
name = "polonium-git";
pname = "polonium";
src = fetchFromGitHub {
owner = "zeroxoneafour";
repo = "polonium";
rev = "83084c9f2bf44a22966c0534726498975183830e";
hash = "sha256-kZMq4m4nACRelqgKsZVkmV9qqFw7dcMZHQF9dhdxCbQ=";
};
npmDepsHash = "sha256-kaT3Uyq+/JkmebakG9xQuR4Kjo7vk6BzI1/LffOj/eo=";
# the installer does a bunch of stuff that fails in our sandbox, so just build here and then we
# manually do the install
postPatch = ''
substituteInPlace Makefile \
--replace-fail "build install cleanall" "res src"
'';
nativeBuildInputs = [
kdePackages.kpackage
];
dontNpmBuild = true;
dontWrapQtApps = true;
installPhase = ''
runHook preInstall
kpackagetool6 --install pkg --packageroot $out/share/kwin/scripts
runHook postInstall
'';
env.LANG = "C.UTF-8";
meta = with lib; {
description = "Auto-tiler that uses KWin 6+ tiling functionality";
license = licenses.mit;
maintainers = with maintainers; [peterhoeg];
inherit (kdePackages.kpackage.meta) platforms;
};
}

13
systems/default.nix Normal file
View file

@ -0,0 +1,13 @@
{inputs, ...}: let
inherit (inputs) nixpkgs;
inherit (nixpkgs.lib) nixosSystem;
in {
flake.nixosConfigurations.atreus = nixosSystem {
specialArgs = {inherit inputs;};
modules = [
{networking.hostName = "atreus";}
../nixos/common/flake-support.nix
../nixos
];
};
}