srp/srpnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial (untested) commit

Browse Source
This commit is contained in:
Seraphim R. Pardee 2025-03-18 00:32:39 -04:00
commit df39b62b78
28 changed files with 729 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
network.nix

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# nix
my NixOS configurations

8
install.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
sudo cp nixos/* /etc/nixos/
sudo nixos-rebuild switch
mkdir -p $HOME/.config/home-manager
cp .config/home-manager/flake.nix
home-manager switch

14
nixos/bootloader.nix Normal file
View File

@ -0,0 +1,14 @@
{ ... }:
{
boot.loader.grub = {
device = "nodev";
efiSupport = true;
useOSProber = true;
}
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.timeout = 2;
boot.initrd.enable = true;
boot.initrd.systemd.enable = true;
}

23
nixos/configuration.nix Normal file
View File

@ -0,0 +1,23 @@
{ ... }:
{
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

148
nixos/configuration.nix.bak Normal file
View File

@ -0,0 +1,148 @@
imports = [ <home-manager/nixos> ];
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.grub.device = "nodev";
boot.loader.grub.efiSupport = true;
boot.loader.grub.useOSProber = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/Detroit";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkb.options in tty.
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Configure keymap in X11
services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
services.pipewire = {
enable = true;
pulse.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
users.users.srp = { isNormalUser = true; extraGroups = [ "wheel" ]; };
home-manager.users.srp = { programs.zsh.enable = true; };
home-manager.useGlobalPkgs = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
neovim
wget
curl
git
kitty
brave
wofi
dunst
waybar
pyprland
hyprcursor
hyprlock
hypridle
hyprpicker
greetd.tuigreet
plexamp
];
programs.hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
};
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nixpkgs.config.allowUnfree = true;
services.xserver.displayManager.lightdm.enable = false;
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a - %h | %F' --cmd Hyprland";
user = "greeter";
};
};
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

47
nixos/desktop.nix Normal file
View File

@ -0,0 +1,47 @@
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a %h | %F' --cmd Hyprland"
user = "greeter";
};
};
};
programs.hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
};
wayland.windowManager.hyprland = {
plugins = [
hyprland-split-monitor-workspaces.packages.${pkgs.system}.split-monitor-workspaces
];
};
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
WLR_NO_HARDWARE_CURSORS = "1";
};
environment.systemPackages = with pkgs; [
greetd.tuigreet
pyprland
hyprpicker
hyprcursor
hyprlock
hypridle
hyprpaper
brave
zathura
mpv
imv
plexamp
vscode
equibop
];
}

5
nixos/env.nix Normal file
View File

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
}

42
nixos/flake.nix Normal file
View File

@ -0,0 +1,42 @@
{
description = "srpnix";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
hyprland.url = "github:hyprwm/Hyprland";
hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland" };
hyprland-split-monitor-workspaces = { url = "github:Duckonaut/split-monitor-workspaces"; input.hyprland.follows = "hyprland"; }
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs" };
};
outputs = { nixpkgs, ... } @ inputs: {
specialArgs = { inherit inputs; };
modules = [
./configuration.nix
./hardware-configuration.nix
./graphics.nix
./sound.nix
./usb.nix
./peripherals.nix
./time.nix
./bootloader.nix
./nix-settings.nix
./nixpkgs.nix
./kernel.nix
./desktop.nix
./theme.nix
./internationalisation.nix
./security.nix
./services.nix
./printing.nix
./env.nix
./network.nix
./users.nix
./virtualisation.nix
./programming.nix
./terminal.nix
];
};
}

20
nixos/graphics.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
mesa
rocmPackages.clr.icd # OpenCL
];
extraPackages32 = with pkgs.pkgsi686Linux; [
mesa
];
};
boot.kernelParams = [
"video=DP-2:2560x1440@144"
"video=HDMI-A-2:2560x1440@60"
]
}

39
nixos/hardware-configuration.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/aece9238-21db-4a35-ab41-36adfb55d23d";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/A8B3-0AF5";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp14s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

25
nixos/internationalisation.nix Normal file
View File

@ -0,0 +1,25 @@
{ pkgs, ... }:
{
i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
nuspell
hyphen
hunspell
hunspellDicts.en_US
];
}

22
nixos/kernel.nix Normal file
View File

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
boot.kernelParams = [
"splash"
"quiet"
"fbcon=nodefer"
"vt.global_cursor_default=0"
"kernel.modules_disabled=1"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
"video4linux"
"acpi_rev_override=5"
"security=selinux"
];
systemd.package = pkgs.systemd.override { withSeLinux = true; };
environment.systemPackages = with pkgs; [
policycoreutils
];
}

23
nixos/network.example.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
networking.hostName = "nixos";
networking.wireless = {
enable = true;
userControlled.enable = true;
networks.SSID_HERE.pskRaw = "PSK_HERE";
};
networking.firewall.enable = true;
# todo: custom dns
environment.systemPackages = with pkgs; [
overskride
];
}

17
nixos/nix-settings.nix Normal file
View File

@ -0,0 +1,17 @@
{ ... }:
{
nix.settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
}

5
nixos/nixpkgs.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
nixpkgs.config.allowUnfree = true;
}

12
nixos/peripherals.nix Normal file
View File

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
services.xserver = {
xkb.layout = "us";
};
environment.systemPackages = with pkgs; [
piper
openrgb-with-all-plugins
];
}

9
nixos/printing.nix Normal file
View File

@ -0,0 +1,9 @@
{ ... }:
{
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
};
}

29
nixos/programming.nix Normal file
View File

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
go
(python313Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip ]))
nodePackages.nodejs
typescript
pnpm
# see https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/rust.nix for rust impl
dotnetCorePackages.sdk_9_0-bin
# LSPs
python313Packages.python-lsp-server
typescript-language-server
vscode-langservers-extracted
dockerfile-language-server-nodejs
bash-language-server
omnisharp-roslyn
marksman
markdown-oxide
nil
gopls
delve
emmet-language-server
docker-compose-language-service
hyprls
];
}

75
nixos/security.nix Normal file
View File

@ -0,0 +1,75 @@
{ pkgs, lib, ... }:
{
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
security.apparmor = {
enable = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
};
security.pam.services.hyprlock = {};
# security.polkit.enable = true;
programs.bitwarden.enable = true;
services.clamav = {
daemon.enable = true;
fangfrisch = { enable = true; interval = "daily"; };
updater = { enable = true; interval = "daily"; frequency = 12; };
};
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
profile = "${pkgs.firejail}/etc/firejail/discord.profile";
};
telegram-desktop = {
executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
};
brave = {
executable = "${lib.getBin pkgs.brave}/bin/brave";
profile = "${pkgs.firejail}/etc/firejail/brave.profile";
};
vscode = {
executable = "${lib.getBin pkgs.vscode}/bin/code";
profile = "${pkgs.firejail}/etc/firejail/vscode.profile";
};
};
};
environment.systemPackages = with pkgs; [
vulnix # scan command: vulnix --system
clamav # scan command: sudo freshclam; clamscan [options] [file/directory/-]
chkrootkit # scan command: sudo chkrootkit
];
}

41
nixos/services.nix Normal file
View File

@ -0,0 +1,41 @@
{ pkgs, ... }:
{
systemd.packages = with pkgs; [
auto-cpufreq
];
programs.dconf.enable = true;
services.dbus = {
enable = true;
implementation = "broker";
};
services.fwupd.enable = true;
services.auto-cpufreq.enable = true;
environment.systemPackages = with pkgs; [
at-spi2-atk
qt6.qtwayland
psi-notify
playerctl
psmisc
grim
slurp
imagemagick
swappy
ffmpeg_6-full
wl-screenrec
wl-clipboard
wl-clip-persist
xdg-utils
wtype
wlrctl
waybar
rofi-wayland
dunst
wlogout
gifsicle
];
}

17
nixos/sound.nix Normal file
View File

@ -0,0 +1,17 @@
{ pkgs, ... }:
{
services.pulseaudio.enable = false;
services.rtkit.enable = true; # realtime audio support
services.pipewire = {
enable = true;
alsa = { enable = true; support32Bit = true; }
pulse.enable = true;
wireplumber.enable = true;
};
environment.systemPackages = with pkgs; [
pamixer
pavucontrol
];
}

31
nixos/terminal.nix Normal file
View File

@ -0,0 +1,31 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
kitty
starship
neofetch
htop
wlr-randr
gpu-viewer
dig
speedtest-rs
file
git
curl
ripgrep
eza
neovim
fd
jq
fzf
bat
pandoc
lsof
cmatrix
pipes-rs
rsclock
cava
figlet
];
}

16
nixos/theme.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }:
{
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
fonts.packages = with pkgs; [
jetbrains-mono
nerd-font-patcher
noto-fonts-color-emoji
];
# lots to do here, compare to https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/theme.nix
}

8
nixos/time.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
time = {
hardwareClockInLocalTime = true;
timeZone = "America/Detroit";
}
}

9
nixos/usb.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
services.gvfs.enable = true;
environment.systemPackages = with pkgs; [
usbutils
];
}

15
nixos/users.nix Normal file
View File

@ -0,0 +1,15 @@
imports = [ <home-manager/nixos> ];
{ pkgs, ... }:
{
users.users.srp = {
isNormalUser = true;
description = "Seraphim R. Pardee";
extraGroups = [ "input" "wheel" "video" "audio" "tss" ];
};
home-manager.useGlobalPkgs = true;
services.logind.extraConfig = "RuntimeDirectorySize=8G";
}

25
nixos/virtualisation.nix Normal file
View File

@ -0,0 +1,25 @@
{ pkgs, ... }:
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
environment.variables.DBX_CONTAINER_MANAGER = "podman";
users.extraGroups.podman.members = [ "srp" ];
environment.systemPackages = with pkgs; [
distrobox
qemu
podman-compose
podman-tui
docker-compose
];
}