initial (untested) commit

2025-03-18 00:32:39 -04:00 · 2025-03-18 00:32:39 -04:00 · df39b62b78
commit df39b62b78
28 changed files with 729 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+network.nix
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# nix
+
+my NixOS configurations
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,8 @@
+#!/bin/sh
+
+sudo cp nixos/* /etc/nixos/
+sudo nixos-rebuild switch
+
+mkdir -p $HOME/.config/home-manager
+cp .config/home-manager/flake.nix
+home-manager switch
--- a/nixos/bootloader.nix
+++ b/nixos/bootloader.nix
@ -0,0 +1,14 @@
+{ ... }:
+
+{
+    boot.loader.grub = {
+        device = "nodev";
+        efiSupport = true;
+        useOSProber = true;
+    }
+
+    boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.timeout = 2;
+    boot.initrd.enable = true;
+    boot.initrd.systemd.enable = true;
+}
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -0,0 +1,23 @@
+{ ... }:
+
+{
+    # This option defines the first version of NixOS you have installed on this particular machine,
+    # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+    #
+    # Most users should NEVER change this value after the initial install, for any reason,
+    # even if you've upgraded your system to a new NixOS release.
+    #
+    # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+    # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+    # to actually do that.
+    #
+    # This value being lower than the current NixOS release does NOT mean your system is
+    # out of date, out of support, or vulnerable.
+    #
+    # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+    # and migrated your data accordingly.
+    #
+    # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+    system.stateVersion = "24.11"; # Did you read the comment?
+}
+
--- a/nixos/configuration.nix.bak
+++ b/nixos/configuration.nix.bak
@ -0,0 +1,148 @@
+imports = [ <home-manager/nixos> ];
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.useOSProber = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos"; # Define your hostname.
+  # Pick only one of the below networking options.
+  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "America/Detroit";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true; # use xkb.options in tty.
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "us";
+  # services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound.
+  # hardware.pulseaudio.enable = true;
+  # OR
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.libinput.enable = true;
+
+  users.users.srp = { isNormalUser = true; extraGroups = [ "wheel" ]; };
+  home-manager.users.srp = { programs.zsh.enable = true; };	
+	home-manager.useGlobalPkgs = true;
+
+	nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim
+    wget
+    curl
+    git
+    kitty
+    brave
+    wofi
+    dunst
+    waybar
+    pyprland
+    hyprcursor
+    hyprlock
+    hypridle
+    hyprpicker
+    greetd.tuigreet
+    plexamp
+  ];
+
+  programs.hyprland = {
+    enable = true;
+    withUWSM = true;
+    xwayland.enable = true;
+  };
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  services.xserver.displayManager.lightdm.enable = false;
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a - %h | %F' --cmd Hyprland";
+        user = "greeter";
+      };
+    };
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}
+
--- a/nixos/desktop.nix
+++ b/nixos/desktop.nix
@ -0,0 +1,47 @@
+{ pkgs, ... }:
+
+{
+    services.greetd = {
+        enable = true;
+        settings = {
+            default_session = {
+                command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a • %h | %F' --cmd Hyprland"
+                user = "greeter";
+            };
+        };
+    };
+
+    programs.hyprland = {
+        enable = true;
+        withUWSM = true;
+        xwayland.enable = true;
+    };
+    wayland.windowManager.hyprland = {
+        plugins = [
+            hyprland-split-monitor-workspaces.packages.${pkgs.system}.split-monitor-workspaces
+        ];
+    };
+    environment.sessionVariables = {
+        NIXOS_OZONE_WL = "1";
+        WLR_NO_HARDWARE_CURSORS = "1";
+    };
+
+    environment.systemPackages = with pkgs; [
+        greetd.tuigreet
+
+        pyprland
+        hyprpicker
+        hyprcursor
+        hyprlock
+        hypridle
+        hyprpaper
+        
+        brave
+        zathura
+        mpv
+        imv
+        plexamp
+        vscode
+        equibop
+    ];
+}
--- a/nixos/env.nix
+++ b/nixos/env.nix
@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+    environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
+}
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -0,0 +1,42 @@
+{
+    description = "srpnix";
+
+    inputs = {
+        nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+
+        hyprland.url = "github:hyprwm/Hyprland";
+        hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland" };
+        hyprland-split-monitor-workspaces = { url = "github:Duckonaut/split-monitor-workspaces"; input.hyprland.follows = "hyprland"; }
+
+        home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs" };
+    };
+
+    outputs = { nixpkgs, ... } @ inputs: {
+        specialArgs = { inherit inputs; };
+        modules = [
+            ./configuration.nix
+            ./hardware-configuration.nix
+            ./graphics.nix
+            ./sound.nix
+            ./usb.nix
+            ./peripherals.nix
+            ./time.nix
+            ./bootloader.nix
+            ./nix-settings.nix
+            ./nixpkgs.nix
+            ./kernel.nix
+            ./desktop.nix
+            ./theme.nix
+            ./internationalisation.nix
+            ./security.nix
+            ./services.nix
+            ./printing.nix
+            ./env.nix
+            ./network.nix
+            ./users.nix
+            ./virtualisation.nix
+            ./programming.nix
+            ./terminal.nix
+        ];
+    };
+}
--- a/nixos/graphics.nix
+++ b/nixos/graphics.nix
@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+    hardware.graphics = {
+        enable = true;
+        enable32Bit = true;
+        extraPackages = with pkgs; [
+            mesa
+            rocmPackages.clr.icd # OpenCL
+        ];
+        extraPackages32 = with pkgs.pkgsi686Linux; [
+            mesa
+        ];
+    };
+
+    boot.kernelParams = [
+        "video=DP-2:2560x1440@144"
+        "video=HDMI-A-2:2560x1440@60"
+    ]
+}
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/aece9238-21db-4a35-ab41-36adfb55d23d";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A8B3-0AF5";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp14s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nixos/internationalisation.nix
+++ b/nixos/internationalisation.nix
@ -0,0 +1,25 @@
+{ pkgs, ... }:
+
+{
+    i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+    i18n.defaultLocale = "en_US.UTF-8";
+    
+    i18n.extraLocaleSettings = {
+        LC_ADDRESS = "en_US.UTF-8";
+        LC_IDENTIFICATION = "en_US.UTF-8";
+        LC_MEASUREMENT = "en_US.UTF-8";
+        LC_MONETARY = "en_US.UTF-8";
+        LC_NAME = "en_US.UTF-8";
+        LC_NUMERIC = "en_US.UTF-8";
+        LC_PAPER = "en_US.UTF-8";
+        LC_TELEPHONE = "en_US.UTF-8";
+        LC_TIME = "en_US.UTF-8";
+    };
+
+    environment.systemPackages = with pkgs; [
+        nuspell
+        hyphen
+        hunspell
+        hunspellDicts.en_US
+    ];
+}
--- a/nixos/kernel.nix
+++ b/nixos/kernel.nix
@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+    boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
+    boot.kernelParams = [
+        "splash"
+        "quiet"
+        "fbcon=nodefer"
+        "vt.global_cursor_default=0"
+        "kernel.modules_disabled=1"
+        "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
+        "video4linux"
+        "acpi_rev_override=5"
+        "security=selinux"
+    ];
+
+    systemd.package = pkgs.systemd.override { withSeLinux = true; };
+
+    environment.systemPackages = with pkgs; [
+        policycoreutils
+    ];
+}
--- a/nixos/network.example.nix
+++ b/nixos/network.example.nix
@ -0,0 +1,23 @@
+{ pkgs, ... }:
+
+{
+    hardware.bluetooth = {
+        enable = true;
+        powerOnBoot = false;
+    };
+
+    networking.hostName = "nixos";
+    networking.wireless = {
+        enable = true;
+        userControlled.enable = true;
+        networks.SSID_HERE.pskRaw = "PSK_HERE";
+    };
+
+    networking.firewall.enable = true;
+
+    # todo: custom dns
+
+    environment.systemPackages = with pkgs; [
+        overskride
+    ];
+}
--- a/nixos/nix-settings.nix
+++ b/nixos/nix-settings.nix
@ -0,0 +1,17 @@
+{ ... }:
+
+{
+	nix.settings = {
+        auto-optimise-store = true;
+		experimental-features = [ "nix-command" "flakes" ];
+		substituters = ["https://hyprland.cachix.org"];
+		trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
+	};
+
+    nix.optimise.automatic = true;
+    nix.gc = {
+        automatic = true;
+        dates = "weekly";
+        options = "--delete-older-than 14d";
+    };
+}
--- a/nixos/nixpkgs.nix
+++ b/nixos/nixpkgs.nix
@ -0,0 +1,5 @@
+{ ... }:
+
+{
+    nixpkgs.config.allowUnfree = true;
+}
--- a/nixos/peripherals.nix
+++ b/nixos/peripherals.nix
@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+    services.xserver = {
+        xkb.layout = "us";
+    };
+
+    environment.systemPackages = with pkgs; [
+        piper
+        openrgb-with-all-plugins
+    ];
+}
--- a/nixos/printing.nix
+++ b/nixos/printing.nix
@ -0,0 +1,9 @@
+{ ... }:
+
+{
+    services.printing.enable = true;
+    services.avahi = {
+        enable = true;
+        nssmdns4 = true;
+    };
+}
--- a/nixos/programming.nix
+++ b/nixos/programming.nix
@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+    environment.systemPackages = with pkgs; [
+        go
+        (python313Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip ]))
+        nodePackages.nodejs
+        typescript
+        pnpm
+        # see https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/rust.nix for rust impl
+        dotnetCorePackages.sdk_9_0-bin
+
+        # LSPs
+        python313Packages.python-lsp-server
+        typescript-language-server
+        vscode-langservers-extracted
+        dockerfile-language-server-nodejs
+        bash-language-server
+        omnisharp-roslyn
+        marksman
+        markdown-oxide
+        nil
+        gopls
+        delve
+        emmet-language-server
+        docker-compose-language-service
+        hyprls
+    ];
+}
--- a/nixos/security.nix
+++ b/nixos/security.nix
@ -0,0 +1,75 @@
+{ pkgs, lib, ... }:
+
+{
+    programs.mtr.enable = true;
+    programs.gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+    };
+
+    users.users.root.hashedPassword = "!";
+    
+    security.tpm2 = {
+        enable = true;
+        pkcs11.enable = true;
+        tctiEnvironment.enable = true;
+    };
+
+    security.apparmor = {
+        enable = true;
+        packages = with pkgs; [
+            apparmor-utils
+            apparmor-profiles
+        ];
+    };
+  
+    security.pam.services.hyprlock = {};
+    # security.polkit.enable = true;
+    programs.bitwarden.enable = true;
+    
+    services.clamav = {
+        daemon.enable = true;
+        fangfrisch = { enable = true; interval = "daily"; };
+        updater = { enable = true; interval = "daily"; frequency = 12; };
+    };
+
+    programs.firejail = {
+        enable = true;
+        wrappedBinaries = { 
+            mpv = {
+                executable = "${lib.getBin pkgs.mpv}/bin/mpv";
+                profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
+            };
+            imv = {
+                executable = "${lib.getBin pkgs.imv}/bin/imv";
+                profile = "${pkgs.firejail}/etc/firejail/imv.profile";
+            };
+            zathura = {
+                executable = "${lib.getBin pkgs.zathura}/bin/zathura";
+                profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
+            };
+            discord = {
+                executable = "${lib.getBin pkgs.discord}/bin/discord";
+                profile = "${pkgs.firejail}/etc/firejail/discord.profile";
+            };
+            telegram-desktop = {
+                executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
+                profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
+            };
+            brave = {
+                executable = "${lib.getBin pkgs.brave}/bin/brave";
+                profile = "${pkgs.firejail}/etc/firejail/brave.profile";
+            };
+            vscode = {
+                executable = "${lib.getBin pkgs.vscode}/bin/code";
+                profile = "${pkgs.firejail}/etc/firejail/vscode.profile";
+            };
+        };
+    };
+
+    environment.systemPackages = with pkgs; [
+        vulnix       # scan command: vulnix --system
+        clamav       # scan command: sudo freshclam; clamscan [options] [file/directory/-]
+        chkrootkit   # scan command: sudo chkrootkit
+    ];
+}
--- a/nixos/services.nix
+++ b/nixos/services.nix
@ -0,0 +1,41 @@
+{ pkgs, ... }:
+
+{
+    systemd.packages = with pkgs; [
+        auto-cpufreq
+    ];
+
+    programs.dconf.enable = true;
+
+    services.dbus = {
+        enable = true;
+        implementation = "broker";
+    };
+
+    services.fwupd.enable = true;
+    services.auto-cpufreq.enable = true;
+
+    environment.systemPackages = with pkgs; [
+        at-spi2-atk
+        qt6.qtwayland
+        psi-notify
+        playerctl
+        psmisc
+        grim
+        slurp
+        imagemagick
+        swappy
+        ffmpeg_6-full
+        wl-screenrec
+        wl-clipboard
+        wl-clip-persist
+        xdg-utils
+        wtype
+        wlrctl
+        waybar
+        rofi-wayland
+        dunst
+        wlogout
+        gifsicle
+    ];
+}
--- a/nixos/sound.nix
+++ b/nixos/sound.nix
@ -0,0 +1,17 @@
+{ pkgs, ... }:
+
+{
+    services.pulseaudio.enable = false;
+    services.rtkit.enable = true; # realtime audio support
+    services.pipewire = {
+        enable = true;
+        alsa = { enable = true; support32Bit = true; }
+        pulse.enable = true;
+        wireplumber.enable = true;
+    };
+
+    environment.systemPackages = with pkgs; [
+        pamixer
+        pavucontrol
+    ];
+}
--- a/nixos/terminal.nix
+++ b/nixos/terminal.nix
@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+{
+    environment.systemPackages = with pkgs; [
+        kitty
+        starship
+        neofetch
+        htop
+        wlr-randr
+        gpu-viewer
+        dig
+        speedtest-rs
+        file
+        git
+        curl
+        ripgrep
+        eza
+        neovim
+        fd
+        jq
+        fzf
+        bat
+        pandoc
+        lsof
+        cmatrix
+        pipes-rs
+        rsclock
+        cava
+        figlet
+    ];
+}
--- a/nixos/theme.nix
+++ b/nixos/theme.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }:
+
+{
+    console = {
+        font = "Lat2-Terminus16";
+        useXkbConfig = true;
+    };
+
+    fonts.packages = with pkgs; [
+        jetbrains-mono
+        nerd-font-patcher
+        noto-fonts-color-emoji
+    ];
+    
+    # lots to do here, compare to https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/theme.nix
+}
--- a/nixos/time.nix
+++ b/nixos/time.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+    time = {
+        hardwareClockInLocalTime = true;
+        timeZone = "America/Detroit";
+    }
+}
--- a/nixos/usb.nix
+++ b/nixos/usb.nix
@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+    services.gvfs.enable = true;
+
+    environment.systemPackages = with pkgs; [
+        usbutils
+    ];
+}
--- a/nixos/users.nix
+++ b/nixos/users.nix
@ -0,0 +1,15 @@
+imports = [ <home-manager/nixos> ];
+
+{ pkgs, ... }:
+
+{
+    users.users.srp = {
+        isNormalUser = true;
+        description = "Seraphim R. Pardee";
+        extraGroups = [ "input" "wheel" "video" "audio" "tss" ];
+    };
+
+    home-manager.useGlobalPkgs = true;
+
+    services.logind.extraConfig = "RuntimeDirectorySize=8G";
+}
--- a/nixos/virtualisation.nix
+++ b/nixos/virtualisation.nix
@ -0,0 +1,25 @@
+{ pkgs, ... }:
+
+{
+    virtualisation.podman = {
+        enable = true;
+
+        dockerCompat = true;
+        dockerSocket.enable = true;
+
+        defaultNetwork.settings.dns_enabled = true;
+    };
+
+    environment.variables.DBX_CONTAINER_MANAGER = "podman";
+    users.extraGroups.podman.members = [ "srp" ];
+
+    environment.systemPackages = with pkgs; [
+        distrobox
+        qemu
+
+        podman-compose
+        podman-tui
+
+        docker-compose
+    ];
+}