tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

a mess

Browse source
This commit is contained in:
Tasia Iso 2024-04-22 20:48:35 +02:00
parent e139c1e313
commit 3e1538d457
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
19 changed files with 222 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -7,7 +7,7 @@
- `hardware`: self-explenatory
- `locales`: localization options
- `packages`: services & packages with common configurations
- `default.nix`: The minimum configuration that a machine needs
- `base.nix`: The minimum configuration that a machine needs
- `full-install.nix`: if this machine has a DE or is going to be used by a human
- `tasia-packages.nix`: Collection of additional packages
- `hosts`: Machine-specific configurations

54
common/default.nix → common/base.nix
View file

@ -9,10 +9,10 @@
imports = [
./locales/paris.nix
./packages/sshd.nix
./packages/neovim.nix
./packages/zsh.nix
./packages/git.nix
./services/sshd.nix
./programs/neovim.nix
./programs/zsh.nix
./programs/git.nix
];
nixpkgs = {
@ -59,12 +59,48 @@
];
boot.loader = {
systemd-boot.enable = true;
systemd-boot = {
enable = true;
editor = false;
};
efi.canTouchEfiVariables = true;
};
# boot.initrd.enable = true;
# boot.initrd.systemd.enable = true;
# boot.plymouth = {
# enable = true;
# font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
# themePackages = [ pkgs.catppuccin-plymouth ];
# theme = "catppuccin-macchiato";
# logo = pkgs.fetchurl {
# url = "https://nixos.org/logo/nixos-hires.png";
# sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
# };
# };
networking = {
networkmanager.enable = true;
networkmanager = {
enable = true;
wifi = {
powersave = true;
scanRandMacAddress = true;
# XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091
#backend = "iwd";
# Generate a random MAC for each WiFi and associate the two permanently.
macAddress = "stable";
};
# Randomize MAC for every ethernet connetion
ethernet.macAddress = "random";
connectionConfig = {
# IPv6 Privacy Extensions
"ipv6.ip6-privacy" = 2;
# unique DUID per connection
"ipv6.dhcp-duid" = "stable-uuid";
};
};
firewall = {
enable = true;
@ -98,10 +134,16 @@
sysstat
file
ffmpeg
usbutils
];
services = {
fwupd.enable = true;
tailscale.enable = true;
};
# console = {
# earlySetup = true;
# };
# boot.blacklistedKernelModules = [ "nvidia_drm" ];
}

15
common/de/greetd.nix Normal file
View file

@ -0,0 +1,15 @@
{pkgs, ...}: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a %h | %F' --cmd Hyprland";
user = "greeter";
};
};
};
environment.systemPackages = with pkgs; [
greetd.tuigreet
];
}

44
common/de/hyprland.nix
View file

@ -1,4 +1,46 @@
{
{pkgs, ...}: {
# Not working on phoenix for some reason
programs.hyprland.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
environment.systemPackages = with pkgs; [
pyprland
hyprpicker
hyprcursor
wezterm
cool-retro-term
starship
helix
qutebrowser
zathura
mpv
imv
neofetch
onefetch
ipfetch
cpufetch
ramfetch
starfetch
octofetch
htop
bottom
btop
zfxtop
kmon
# vulkan-tools
# opencl-info
# clinfo
# vdpauinfo
# libva-utils
# nvtop
dig
speedtest-rs
];
}

2
common/de/plasma5.nix
View file

@ -17,6 +17,6 @@
};
programs.kdeconnect = {
enable = true;
enable = false;
};
}

12
common/de/plasma6.nix
View file

@ -3,16 +3,6 @@
./plasma-packages.nix
];
# Enable Wayland/Plasma6
services.displayManager = {
sddm = {
enable = true;
wayland.enable = true;
};
defaultSession = "plasma";
};
services.desktopManager.plasma6.enable = true;
# Use ksshaskpass to access stored secrets
@ -21,6 +11,6 @@
};
programs.kdeconnect = {
enable = true;
enable = false;
};
}

10
common/de/sddm.nix Normal file
View file

@ -0,0 +1,10 @@
{
services.displayManager = {
sddm = {
enable = true;
wayland.enable = true;
};
defaultSession = "plasma";
};
}

29
common/hardware/btrfs.nix
View file

@ -1,7 +1,32 @@
{lib, ...}: {
{
lib,
pkgs,
...
}: {
services.btrfs.autoScrub = {
enable = true;
interval = "weekly";
interval = "monthly";
fileSystems = lib.mkDefault ["/"];
};
systemd.timers."btrfs-snapshot" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnCalendar = "weekly";
Persistent = true;
Unit = "btrfs-snapshot.service";
};
};
systemd.services."btrfs-snapshot" = {
script = ''
set -eu
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot /home /snapshots/home/$(date +"%Y-M%m-%d_%H-%M-%S") -r
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

5
common/hardware/nvidia-gpu.nix
View file

@ -47,4 +47,9 @@
environment.systemPackages = with pkgs; [
glxinfo
];
# To run Steam with nvidia-offload: run:
# echo "export XDG_DATA_HOME="$HOME/.local/share""
# mkdir -p ~/.local/share/applications
# sed 's/^Exec=/&nvidia-offload /' /run/current-system/sw/share/applications/steam.desktop > ~/.local/share/applications/steam.desktop
}

2
common/programs/neovim.nix
View file

@ -1,6 +1,6 @@
{pkgs, ...}: {
# NeoVIm config
# Imported by default by ../default.nix
# Imported by default by ../base.nix
programs.neovim = {
enable = true;

0
common/packages/auditd.nix → common/services/auditd.nix
View file

25
common/services/usbguard.nix Normal file
View file

@ -0,0 +1,25 @@
{
services.usbguard = {
enable = true;
dbus.enable = true;
IPCAllowedGroups = ["wheel"];
rules = ''
# new-new-phoenix
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW" hash "om34qyRbPxnt/bsdFrR3g2SWxDVsInxWWsiFkDIyEnY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface ff:06:50 with-connect-type "hotplug"
allow id 048d:ce00 serial "" name "ITE Device(8291)" hash "snB5qcpdMc66wcxBmMAn+LStZHfOTO/c5RtrU9nzyHc=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-6" with-interface { 03:01:01 03:00:00 } with-connect-type "hardwired"
allow id 8087:0025 serial "" name "" hash "N/wLaNIwbl3mtRa9CDFbUH7EfSZDhv2X+d2xcrwsw8Q=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-14" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "hardwired"
# USB Drives
## ISO USB
allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0"
## TAILS USB
allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20"
'';
};
}

2
hosts/enry/configuration.nix
View file

@ -7,7 +7,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/hardware/raspberry-pi.nix

26
hosts/new-new-phoenix/configuration.nix
View file

@ -7,7 +7,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/full-install.nix
../../common/tasia-packages.nix
@ -21,15 +21,22 @@ in {
../../common/hardware/btrfs.nix
../../common/hardware/latest-kernel.nix
../../common/de/plasma6.nix
../../common/de/greetd.nix
../../common/de/plasma6.nix
../../common/de/hyprland.nix
../../common/packages/steam.nix
../../common/packages/syncthing.nix
../../common/programs/steam.nix
../../common/services/syncthing.nix
../../common/services/usbguard.nix
../../modules/nixos/vedirect-reader.nix
];
boot.initrd.availableKernelModules = [
# Btrfs CRC hardware acceleration
"crc32c-intel"
];
networking = {
hostName = "new-new-phoenix";
@ -53,7 +60,7 @@ in {
users.users.tasia = {
isNormalUser = true;
description = "User";
extraGroups = ["networkmanager" "wheel" "syncthing"];
extraGroups = ["networkmanager" "wheel" "syncthing" "tss"];
initialPassword = "correcthorsebatterystaple";
openssh.authorizedKeys.keys = [
sshKeys.new-new-phoenix.tasia
@ -80,6 +87,15 @@ in {
#
];
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
services.blueman.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.11";
}

11
hosts/new-new-phoenix/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "rtsx_usb_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
@ -28,6 +28,13 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E290-4D47";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/cee0ceca-3ea6-43d8-a483-00882f9ae6bb";
fsType = "btrfs";
options = ["subvol=@home"];
};
swapDevices = [];
@ -37,7 +44,9 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

6
hosts/new-phoenix/configuration.nix
View file

@ -7,7 +7,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/locales/en.nix
../../common/locales/fr-keymap.nix
@ -16,8 +16,8 @@ in {
../../common/hardware/ssd.nix
../../common/hardware/btrfs.nix
../../common/packages/adguardhome.nix
../../common/packages/syncthing.nix
../../common/services/adguardhome.nix
../../common/services/syncthing.nix
];
networking = {

8
hosts/phoenix/configuration.nix
View file

@ -7,7 +7,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/full-install.nix
../../common/tasia-packages.nix
@ -22,9 +22,9 @@ in {
../../common/de/plasma6.nix
../../common/packages/adguardhome.nix
../../common/packages/steam.nix
../../common/packages/syncthing.nix
../../common/programs/steam.nix
../../common/services/adguardhome.nix
../../common/services/syncthing.nix
../../modules/nixos/vedirect-reader.nix
];

4
hosts/stuff/configuration.nix
View file

@ -3,7 +3,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/locales/fr.nix
../../common/locales/fr-keymap.nix
@ -14,7 +14,7 @@ in {
../../common/de/plasma5.nix
../../common/packages/syncthing.nix
../../common/services/syncthing.nix
];
networking.hostName = "stuff";

8
hosts/theseus/configuration.nix
View file

@ -7,7 +7,7 @@
in {
imports = [
./hardware-configuration.nix
../../common/default.nix
../../common/base.nix
../../common/full-install.nix
../../common/allow-unfree.nix
@ -23,9 +23,9 @@ in {
../../common/de/plasma6.nix
# ../../common/de/hyprland.nix
../../common/packages/syncthing.nix
../../common/packages/adguardhome.nix
../../common/packages/steam.nix
../../common/services/syncthing.nix
../../common/services/adguardhome.nix
../../common/programs/steam.nix
];
networking = {