commit df39b62b78a20d6d4f53b264faaea118331da38f Author: Seraphim R. Pardee Date: Tue Mar 18 00:32:39 2025 -0400 initial (untested) commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0262eac --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +network.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..5cb741e --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# nix + +my NixOS configurations diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..a89bb7f --- /dev/null +++ b/install.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +sudo cp nixos/* /etc/nixos/ +sudo nixos-rebuild switch + +mkdir -p $HOME/.config/home-manager +cp .config/home-manager/flake.nix +home-manager switch diff --git a/nixos/bootloader.nix b/nixos/bootloader.nix new file mode 100644 index 0000000..84edde2 --- /dev/null +++ b/nixos/bootloader.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + boot.loader.grub = { + device = "nodev"; + efiSupport = true; + useOSProber = true; + } + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.timeout = 2; + boot.initrd.enable = true; + boot.initrd.systemd.enable = true; +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..8b2d998 --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? +} + diff --git a/nixos/configuration.nix.bak b/nixos/configuration.nix.bak new file mode 100644 index 0000000..8645fe2 --- /dev/null +++ b/nixos/configuration.nix.bak @@ -0,0 +1,148 @@ +imports = [ ]; + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.grub.device = "nodev"; + boot.loader.grub.efiSupport = true; + boot.loader.grub.useOSProber = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "America/Detroit"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use xkb.options in tty. + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Configure keymap in X11 + services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + users.users.srp = { isNormalUser = true; extraGroups = [ "wheel" ]; }; + home-manager.users.srp = { programs.zsh.enable = true; }; + home-manager.useGlobalPkgs = true; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim + wget + curl + git + kitty + brave + wofi + dunst + waybar + pyprland + hyprcursor + hyprlock + hypridle + hyprpicker + greetd.tuigreet + plexamp + ]; + + programs.hyprland = { + enable = true; + withUWSM = true; + xwayland.enable = true; + }; + + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + nixpkgs.config.allowUnfree = true; + + services.xserver.displayManager.lightdm.enable = false; + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a - %h | %F' --cmd Hyprland"; + user = "greeter"; + }; + }; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/nixos/desktop.nix b/nixos/desktop.nix new file mode 100644 index 0000000..324372e --- /dev/null +++ b/nixos/desktop.nix @@ -0,0 +1,47 @@ +{ pkgs, ... }: + +{ + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a • %h | %F' --cmd Hyprland" + user = "greeter"; + }; + }; + }; + + programs.hyprland = { + enable = true; + withUWSM = true; + xwayland.enable = true; + }; + wayland.windowManager.hyprland = { + plugins = [ + hyprland-split-monitor-workspaces.packages.${pkgs.system}.split-monitor-workspaces + ]; + }; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + WLR_NO_HARDWARE_CURSORS = "1"; + }; + + environment.systemPackages = with pkgs; [ + greetd.tuigreet + + pyprland + hyprpicker + hyprcursor + hyprlock + hypridle + hyprpaper + + brave + zathura + mpv + imv + plexamp + vscode + equibop + ]; +} diff --git a/nixos/env.nix b/nixos/env.nix new file mode 100644 index 0000000..4b33521 --- /dev/null +++ b/nixos/env.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/"; +} diff --git a/nixos/flake.nix b/nixos/flake.nix new file mode 100644 index 0000000..6795772 --- /dev/null +++ b/nixos/flake.nix @@ -0,0 +1,42 @@ +{ + description = "srpnix"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland" }; + hyprland-split-monitor-workspaces = { url = "github:Duckonaut/split-monitor-workspaces"; input.hyprland.follows = "hyprland"; } + + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs" }; + }; + + outputs = { nixpkgs, ... } @ inputs: { + specialArgs = { inherit inputs; }; + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ./graphics.nix + ./sound.nix + ./usb.nix + ./peripherals.nix + ./time.nix + ./bootloader.nix + ./nix-settings.nix + ./nixpkgs.nix + ./kernel.nix + ./desktop.nix + ./theme.nix + ./internationalisation.nix + ./security.nix + ./services.nix + ./printing.nix + ./env.nix + ./network.nix + ./users.nix + ./virtualisation.nix + ./programming.nix + ./terminal.nix + ]; + }; +} diff --git a/nixos/graphics.nix b/nixos/graphics.nix new file mode 100644 index 0000000..b951ae5 --- /dev/null +++ b/nixos/graphics.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + mesa + rocmPackages.clr.icd # OpenCL + ]; + extraPackages32 = with pkgs.pkgsi686Linux; [ + mesa + ]; + }; + + boot.kernelParams = [ + "video=DP-2:2560x1440@144" + "video=HDMI-A-2:2560x1440@60" + ] +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..4214f6a --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/aece9238-21db-4a35-ab41-36adfb55d23d"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A8B3-0AF5"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp14s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/internationalisation.nix b/nixos/internationalisation.nix new file mode 100644 index 0000000..1c710c6 --- /dev/null +++ b/nixos/internationalisation.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + nuspell + hyphen + hunspell + hunspellDicts.en_US + ]; +} diff --git a/nixos/kernel.nix b/nixos/kernel.nix new file mode 100644 index 0000000..1adc9d4 --- /dev/null +++ b/nixos/kernel.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen; + boot.kernelParams = [ + "splash" + "quiet" + "fbcon=nodefer" + "vt.global_cursor_default=0" + "kernel.modules_disabled=1" + "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux" + "video4linux" + "acpi_rev_override=5" + "security=selinux" + ]; + + systemd.package = pkgs.systemd.override { withSeLinux = true; }; + + environment.systemPackages = with pkgs; [ + policycoreutils + ]; +} diff --git a/nixos/network.example.nix b/nixos/network.example.nix new file mode 100644 index 0000000..4b4e6d6 --- /dev/null +++ b/nixos/network.example.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: + +{ + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; + + networking.hostName = "nixos"; + networking.wireless = { + enable = true; + userControlled.enable = true; + networks.SSID_HERE.pskRaw = "PSK_HERE"; + }; + + networking.firewall.enable = true; + + # todo: custom dns + + environment.systemPackages = with pkgs; [ + overskride + ]; +} diff --git a/nixos/nix-settings.nix b/nixos/nix-settings.nix new file mode 100644 index 0000000..56bdb67 --- /dev/null +++ b/nixos/nix-settings.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + nix.settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + substituters = ["https://hyprland.cachix.org"]; + trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + }; + + nix.optimise.automatic = true; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; +} diff --git a/nixos/nixpkgs.nix b/nixos/nixpkgs.nix new file mode 100644 index 0000000..2345d70 --- /dev/null +++ b/nixos/nixpkgs.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + nixpkgs.config.allowUnfree = true; +} diff --git a/nixos/peripherals.nix b/nixos/peripherals.nix new file mode 100644 index 0000000..70eb280 --- /dev/null +++ b/nixos/peripherals.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + services.xserver = { + xkb.layout = "us"; + }; + + environment.systemPackages = with pkgs; [ + piper + openrgb-with-all-plugins + ]; +} diff --git a/nixos/printing.nix b/nixos/printing.nix new file mode 100644 index 0000000..14dbc19 --- /dev/null +++ b/nixos/printing.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + }; +} diff --git a/nixos/programming.nix b/nixos/programming.nix new file mode 100644 index 0000000..45d939b --- /dev/null +++ b/nixos/programming.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + go + (python313Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip ])) + nodePackages.nodejs + typescript + pnpm + # see https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/rust.nix for rust impl + dotnetCorePackages.sdk_9_0-bin + + # LSPs + python313Packages.python-lsp-server + typescript-language-server + vscode-langservers-extracted + dockerfile-language-server-nodejs + bash-language-server + omnisharp-roslyn + marksman + markdown-oxide + nil + gopls + delve + emmet-language-server + docker-compose-language-service + hyprls + ]; +} diff --git a/nixos/security.nix b/nixos/security.nix new file mode 100644 index 0000000..86d760b --- /dev/null +++ b/nixos/security.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, ... }: + +{ + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + users.users.root.hashedPassword = "!"; + + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + + security.apparmor = { + enable = true; + packages = with pkgs; [ + apparmor-utils + apparmor-profiles + ]; + }; + + security.pam.services.hyprlock = {}; + # security.polkit.enable = true; + programs.bitwarden.enable = true; + + services.clamav = { + daemon.enable = true; + fangfrisch = { enable = true; interval = "daily"; }; + updater = { enable = true; interval = "daily"; frequency = 12; }; + }; + + programs.firejail = { + enable = true; + wrappedBinaries = { + mpv = { + executable = "${lib.getBin pkgs.mpv}/bin/mpv"; + profile = "${pkgs.firejail}/etc/firejail/mpv.profile"; + }; + imv = { + executable = "${lib.getBin pkgs.imv}/bin/imv"; + profile = "${pkgs.firejail}/etc/firejail/imv.profile"; + }; + zathura = { + executable = "${lib.getBin pkgs.zathura}/bin/zathura"; + profile = "${pkgs.firejail}/etc/firejail/zathura.profile"; + }; + discord = { + executable = "${lib.getBin pkgs.discord}/bin/discord"; + profile = "${pkgs.firejail}/etc/firejail/discord.profile"; + }; + telegram-desktop = { + executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop"; + profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile"; + }; + brave = { + executable = "${lib.getBin pkgs.brave}/bin/brave"; + profile = "${pkgs.firejail}/etc/firejail/brave.profile"; + }; + vscode = { + executable = "${lib.getBin pkgs.vscode}/bin/code"; + profile = "${pkgs.firejail}/etc/firejail/vscode.profile"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + vulnix # scan command: vulnix --system + clamav # scan command: sudo freshclam; clamscan [options] [file/directory/-] + chkrootkit # scan command: sudo chkrootkit + ]; +} diff --git a/nixos/services.nix b/nixos/services.nix new file mode 100644 index 0000000..e18a751 --- /dev/null +++ b/nixos/services.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +{ + systemd.packages = with pkgs; [ + auto-cpufreq + ]; + + programs.dconf.enable = true; + + services.dbus = { + enable = true; + implementation = "broker"; + }; + + services.fwupd.enable = true; + services.auto-cpufreq.enable = true; + + environment.systemPackages = with pkgs; [ + at-spi2-atk + qt6.qtwayland + psi-notify + playerctl + psmisc + grim + slurp + imagemagick + swappy + ffmpeg_6-full + wl-screenrec + wl-clipboard + wl-clip-persist + xdg-utils + wtype + wlrctl + waybar + rofi-wayland + dunst + wlogout + gifsicle + ]; +} diff --git a/nixos/sound.nix b/nixos/sound.nix new file mode 100644 index 0000000..ba4bcf9 --- /dev/null +++ b/nixos/sound.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + services.pulseaudio.enable = false; + services.rtkit.enable = true; # realtime audio support + services.pipewire = { + enable = true; + alsa = { enable = true; support32Bit = true; } + pulse.enable = true; + wireplumber.enable = true; + }; + + environment.systemPackages = with pkgs; [ + pamixer + pavucontrol + ]; +} diff --git a/nixos/terminal.nix b/nixos/terminal.nix new file mode 100644 index 0000000..9ed298d --- /dev/null +++ b/nixos/terminal.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + kitty + starship + neofetch + htop + wlr-randr + gpu-viewer + dig + speedtest-rs + file + git + curl + ripgrep + eza + neovim + fd + jq + fzf + bat + pandoc + lsof + cmatrix + pipes-rs + rsclock + cava + figlet + ]; +} diff --git a/nixos/theme.nix b/nixos/theme.nix new file mode 100644 index 0000000..f4dc9d0 --- /dev/null +++ b/nixos/theme.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +{ + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; + }; + + fonts.packages = with pkgs; [ + jetbrains-mono + nerd-font-patcher + noto-fonts-color-emoji + ]; + + # lots to do here, compare to https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/theme.nix +} diff --git a/nixos/time.nix b/nixos/time.nix new file mode 100644 index 0000000..4eb3749 --- /dev/null +++ b/nixos/time.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + time = { + hardwareClockInLocalTime = true; + timeZone = "America/Detroit"; + } +} diff --git a/nixos/usb.nix b/nixos/usb.nix new file mode 100644 index 0000000..d3c0e4c --- /dev/null +++ b/nixos/usb.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + services.gvfs.enable = true; + + environment.systemPackages = with pkgs; [ + usbutils + ]; +} diff --git a/nixos/users.nix b/nixos/users.nix new file mode 100644 index 0000000..5264a91 --- /dev/null +++ b/nixos/users.nix @@ -0,0 +1,15 @@ +imports = [ ]; + +{ pkgs, ... }: + +{ + users.users.srp = { + isNormalUser = true; + description = "Seraphim R. Pardee"; + extraGroups = [ "input" "wheel" "video" "audio" "tss" ]; + }; + + home-manager.useGlobalPkgs = true; + + services.logind.extraConfig = "RuntimeDirectorySize=8G"; +} diff --git a/nixos/virtualisation.nix b/nixos/virtualisation.nix new file mode 100644 index 0000000..f08d91d --- /dev/null +++ b/nixos/virtualisation.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + virtualisation.podman = { + enable = true; + + dockerCompat = true; + dockerSocket.enable = true; + + defaultNetwork.settings.dns_enabled = true; + }; + + environment.variables.DBX_CONTAINER_MANAGER = "podman"; + users.extraGroups.podman.members = [ "srp" ]; + + environment.systemPackages = with pkgs; [ + distrobox + qemu + + podman-compose + podman-tui + + docker-compose + ]; +}