dln/dotfiles
0
0
Code Issues Pull requests 1 Activity

move old nixos-config over here

Browse source
This commit is contained in:
Daniel Lundin 2024-08-02 14:09:42 +02:00
parent 346d80ae7e
commit 54baace7c1
No known key found for this signature in database
35 changed files with 850 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
README.md
View file

@ -1,3 +1,31 @@
# Home Manager # NixOS Config
IT in a box! IT in a box!
## Bootstrapping from a fresh NixOS installation
1. Install NixOS
2. Clone this repo:
```
nix-shell -p git --command 'git clone https://git.shelman.io/shelmangroup/nixos-config.git'
```
3. Ensure host configuration exists at `./nixos-config/hosts/${HOSTNAME}` and contains at minimum the hardware configuration. The NixOS installer will write this out to `/etc/nixos/hardware-configuration.nix`.
4. Apply configuration:
```
sudo nixos-rebuild boot --flake ./nixos-config#${HOSTNAME}
```
## Use
1. Clone this repo somewhere convenient, like `~/src/shelman/nixos-config`
2. Apply configuration: `just switch`
## Update
Update nixpkgs and switch: `just update`
# Home Manager
`just home-switch`

42
common/base.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, ... }:
{
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_zen;
};
time.timeZone = "Europe/Stockholm";
environment.systemPackages = with pkgs; [
btrfs-progs
btrfs-snap
git
glibcLocales
qemu_kvm
qemu-utils
vim
zstd
];
# Use fish, but not in /etc/passwd . See https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
shellInit = ''
export NIX_LD=$(nix eval --impure --raw --expr 'let pkgs = import <nixpkgs> {}; NIX_LD = pkgs.lib.fileContents "${pkgs.stdenv.cc}/nix-support/dynamic-linker"; in NIX_LD')
'';
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

22
common/default.nix
View file

@ -1,21 +1,11 @@
{ lib, ... }:
{ {
imports = [ imports = [
./atuin.nix ./base.nix
./broot.nix ./desktop.nix
./devel.nix ./hardening.nix
./fish.nix ./laptop.nix
./gnome.nix
./k8s.nix
./nix.nix ./nix.nix
./nvim.nix ./plymouth.nix
./scripts.nix ./podman.nix
./ssh.nix
./utils.nix
./vcs.nix
./web.nix
./wezterm.nix
]; ];
options.shelman.desktop.enable = lib.mkEnableOption "Desktop environment";
} }

107
common/desktop.nix Normal file
View file

@ -0,0 +1,107 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.shelman.podman;
in
{
options.shelman.desktop.enable = mkEnableOption "Desktop environment and common applications";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ gnome-ssh-askpass4 ];
# Excluding some GNOME applications from the default install
environment.gnome.excludePackages =
(with pkgs; [
gnome-connections
gnome-photos
gnome-tour
snapshot
])
++ (with pkgs.gnome; [
atomix # puzzle game
baobab # disk usage analyzer
cheese # webcam tool
epiphany # web browser
geary # email reader
gnome-clocks
gnome-contacts
gnome-disk-utility
gnome-logs
gnome-music
gnome-terminal
hitori # sudoku game
iagno # go game
simple-scan
tali # poker game
yelp # help viewer
]);
fonts = {
fontDir.enable = true;
fontconfig = {
allowBitmaps = false;
antialias = true;
defaultFonts = {
serif = [ "Liberation Serif" ];
sansSerif = [ "Inter" ];
monospace = [ "BerkeleyMono Nerd Font" ];
};
hinting.enable = true;
hinting.style = "slight";
subpixel.rgba = "rgb";
};
packages = with pkgs; [
inter
jetbrains-mono
liberation_ttf
monaspace
(pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
noto-fonts
noto-fonts-cjk
noto-fonts-color-emoji
roboto
ubuntu_font_family
];
};
programs.ssh.askPassword = "${pkgs.gnome-ssh-askpass4}/bin/gnome-ssh-askpass4";
programs.ssh.startAgent = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
services.gnome.gnome-keyring.enable = true;
services.printing.enable = true;
services.xserver = {
enable = true;
displayManager.defaultSession = "gnome";
displayManager.gdm.enable = true;
displayManager.gdm.autoSuspend = false;
desktopManager.gnome.enable = true;
xkb.layout = "se";
xkb.variant = "us";
};
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
}

43
common/hardening.nix Normal file
View file

@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
nix.settings.allowed-users = [
"@wheel"
"root"
];
boot.specialFileSystems = lib.mkIf (
!config.security.rtkit.enable && !config.security.polkit.enable
) { "/proc".options = [ "hidepid=2" ]; };
boot.kernel.sysctl."kernel.dmesg_restrict" = 1;
environment.systemPackages = [ pkgs.doas-sudo-shim ];
security = {
doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
keepEnv = true;
persist = true;
}
];
};
sudo.enable = false;
};
services.openssh = {
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
# prevents mutable /home/$user/.ssh/authorized_keys from being loaded to ensure that all user keys are config managed
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
users.users.root.hashedPassword = "!";
}

20
common/laptop.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.shelman.podman;
in
{
options.shelman.laptop.enable = mkEnableOption "Laptop tools and configuration";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ gnomeExtensions.battery-health-charging ];
services.fprintd.enable = true;
};
}

40
common/nix.nix
View file

@ -1,15 +1,47 @@
{ outputs, ... }:
{ {
inputs,
outputs,
lib,
config,
pkgs,
...
}:
{
nix =
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
flake-registry = "";
# Workaround for https://github.com/NixOS/nix/issues/9574
nix-path = config.nix.nixPath;
substituters = [ "https://cache.nixos.org/" ];
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
};
channel.enable = false;
registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
nixpkgs = { nixpkgs = {
config.allowUnfree = true;
overlays = [ overlays = [
outputs.overlays.additions outputs.overlays.additions
outputs.overlays.modifications outputs.overlays.modifications
outputs.overlays.unstable-packages outputs.overlays.unstable-packages
]; ];
config.allowUnfree = true;
}; };
programs.home-manager.enable = true; programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 14d --keep 5";
};
programs.nix-ld.enable = true;
systemd.user.startServices = "sd-switch"; environment.systemPackages = with pkgs; [ nvd ];
} }

45
common/plymouth.nix Normal file
View file

@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.shelman.plymouth;
in
{
options.shelman.plymouth.enable = mkEnableOption "Fancy boot splash";
config = mkIf cfg.enable {
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 0;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
plymouth = {
enable = true;
theme = "spinner_alt";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override { selected_themes = [ "spinner_alt" ]; })
];
};
};
};
}

48
common/podman.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.shelman.podman;
in
{
options.shelman.podman.enable = mkEnableOption "Podman";
config = mkIf cfg.enable {
environment.extraInit = ''
if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then
export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock"
fi
'';
environment.systemPackages = with pkgs; [
docker-compose
podman-compose
];
virtualisation = {
containers = {
enable = true;
storage.settings = {
storage = {
driver = "overlay";
runroot = "/run/containers/storage";
graphroot = "/var/lib/containers/storage";
rootless_storage_path = "/tmp/containers-$USER";
options.overlay.mountopt = "nodev,metacopy=on";
};
};
};
oci-containers.backend = "podman";
podman = {
enable = true;
dockerCompat = true;
};
};
};
}

93
flake.lock
View file

@ -1,5 +1,55 @@
{ {
"nodes": { "nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"stable": "stable"
},
"locked": {
"lastModified": 1711386353,
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
"path": "/nix/store/in94zdj4ls6p21r3q4zzvmbd61g9ap3b-source",
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
"type": "path"
},
"original": {
"id": "colmena",
"type": "indirect"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -7,11 +57,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722462338, "lastModified": 1722203588,
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "narHash": "sha256-91V5FMSQ4z9bkhTCf0f86Zjw0bh367daSf0mzCIW0vU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "rev": "792757f643cedc13f02098d8ed506d82e19ec1da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -24,11 +74,27 @@
"locked": { "locked": {
"lastModified": 1722421184, "lastModified": 1722421184,
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
"type": "github" "type": "github"
}, },
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722062969,
"narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
"type": "github"
},
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable",
@ -38,8 +104,25 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"colmena": "colmena",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}
},
"stable": {
"locked": {
"lastModified": 1696039360,
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
} }
} }
}, },

27
flake.nix
View file

@ -12,6 +12,7 @@
{ {
self, self,
nixpkgs, nixpkgs,
colmena,
home-manager, home-manager,
... ...
}@inputs: }@inputs:
@ -21,18 +22,27 @@
mkHome = mkHome =
modules: modules:
home-manager.lib.homeManagerConfiguration { home-manager.lib.homeManagerConfiguration {
modules = [ ./common ] ++ modules; modules = [ ./home/common ] ++ modules;
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs; inherit inputs outputs;
}; };
}; };
mkHost =
modules:
nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
};
system = "x86_64-linux";
modules = [ ./common ] ++ modules;
};
supportedSystems = [ supportedSystems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
]; ];
forEachSystem = forEachSystem =
f: f:
builtins.listToAttrs ( builtins.listToAttrs (
@ -58,14 +68,19 @@
devShells = forEachSystem' ( devShells = forEachSystem' (
{ system, pkgs, ... }: { system, pkgs, ... }:
{ {
default = pkgs.mkShell { packages = [ pkgs.just ]; }; default = pkgs.mkShell { packages = [ pkgs.colmena ]; };
} }
); );
homeConfigurations = { homeConfigurations = {
"dln@dinky" = mkHome [ ./users/dln/dinky.nix ]; "dln@dinky" = mkHome [ ./home/dln/dinky.nix ];
"dln@nemo" = mkHome [ ./users/dln/nemo.nix ]; "dln@nemo" = mkHome [ ./home/dln/nemo.nix ];
"lsjostro@nemo" = mkHome [ ./users/lsjostro/nemo.nix ]; "lsjostro@nemo" = mkHome [ ./home/lsjostro/nemo.nix ];
};
nixosConfigurations = {
dinky = mkHost [ ./hosts/dinky ];
nemo = mkHost [ ./hosts/nemo ];
}; };
}; };

0
common/atuin.nix → home/common/atuin.nix
View file

0
common/broot.nix → home/common/broot.nix
View file

21
home/common/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib, ... }:
{
imports = [
./atuin.nix
./broot.nix
./devel.nix
./fish.nix
./gnome.nix
./k8s.nix
./nix.nix
./nvim.nix
./scripts.nix
./ssh.nix
./utils.nix
./vcs.nix
./web.nix
./wezterm.nix
];
options.shelman.desktop.enable = lib.mkEnableOption "Desktop environment";
}

0
common/devel.nix → home/common/devel.nix
View file

12
common/fish.nix → home/common/fish.nix
View file

@ -93,7 +93,7 @@
rg.body = '' rg.body = ''
if status is-interactive if status is-interactive
command rg --json $argv | delta command rg -p $argv | bat
else else
command rg $argv command rg $argv
end end
@ -101,11 +101,11 @@
}; };
interactiveShellInit = lib.concatStringsSep "\n" [ interactiveShellInit = lib.concatStringsSep "\n" [
(builtins.readFile ../files/config/fish/config.fish) (builtins.readFile ../../files/config/fish/config.fish)
(builtins.readFile ../files/config/fish/semantic-prompt.fish) (builtins.readFile ../../files/config/fish/semantic-prompt.fish)
(builtins.readFile ../files/config/fish/go-task.fish) (builtins.readFile ../../files/config/fish/go-task.fish)
(builtins.readFile ../files/config/fish/jj.fish) (builtins.readFile ../../files/config/fish/jj.fish)
(builtins.readFile ../files/config/fish/vcs.fish) (builtins.readFile ../../files/config/fish/vcs.fish)
]; ];
shellAbbrs = { shellAbbrs = {

0
common/gnome.nix → home/common/gnome.nix
View file

0
common/k8s.nix → home/common/k8s.nix
View file

15
home/common/nix.nix Normal file
View file

@ -0,0 +1,15 @@
{ outputs, ... }:
{
nixpkgs = {
config.allowUnfree = true;
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
};
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
}

2
common/nvim.nix → home/common/nvim.nix
View file

@ -13,7 +13,7 @@
xdg.configFile = { xdg.configFile = {
"nvim" = { "nvim" = {
recursive = true; recursive = true;
source = ./../files/config/nvim; source = ./../../files/config/nvim;
}; };
}; };
} }

2
common/scripts.nix → home/common/scripts.nix
View file

@ -8,7 +8,7 @@
home.file = { home.file = {
".local/bin" = { ".local/bin" = {
recursive = true; recursive = true;
source = ./../files/scripts; source = ./../../files/scripts;
}; };
}; };

0
common/ssh.nix → home/common/ssh.nix
View file

0
common/utils.nix → home/common/utils.nix
View file

0
common/vcs.nix → home/common/vcs.nix
View file

0
common/web.nix → home/common/web.nix
View file

2
common/wezterm.nix → home/common/wezterm.nix
View file

@ -4,7 +4,7 @@
programs.wezterm = { programs.wezterm = {
enable = true; enable = true;
extraConfig = builtins.readFile ./../files/config/wezterm/wezterm.lua; extraConfig = builtins.readFile ./../../files/config/wezterm/wezterm.lua;
}; };
}; };

0
users/dln/desktop.nix → home/dln/desktop.nix
View file

0
users/dln/dinky.nix → home/dln/dinky.nix
View file

0
users/dln/home.nix → home/dln/home.nix
View file

0
users/dln/nemo.nix → home/dln/nemo.nix
View file

0
users/lsjostro/home.nix → home/lsjostro/home.nix
View file

0
users/lsjostro/nemo.nix → home/lsjostro/nemo.nix
View file

113
hosts/dinky/default.nix Normal file
View file

@ -0,0 +1,113 @@
{
inputs,
outputs,
lib,
config,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices."enc".device = "/dev/disk/by-uuid/e7c7a230-b321-4e6d-869c-6c2d858455d2";
systemd.enable = true;
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "mitigations=off" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/81e5205d-fe1e-458f-82e1-d60ab03c0a1d";
fsType = "btrfs";
options = [
"noatime"
"nodiratime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D6C0-1A05";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vpl-gpu-rt
intel-media-driver
vaapiVdpau
libvdpau-va-gl
];
};
hardware.nitrokey.enable = true;
swapDevices = [ { device = "/dev/disk/by-uuid/c9cc5270-87b0-4ed4-9891-7df924b0f55a"; } ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
environment.systemPackages = with pkgs; [
android-tools
android-udev-rules
mullvad-vpn
];
services.printing.enable = true;
services.printing.drivers = [ pkgs.brlaser ];
programs.adb.enable = true;
networking = {
hostName = "dinky";
useDHCP = lib.mkDefault true;
};
services.mullvad-vpn.enable = true;
users.users.dln = {
isNormalUser = true;
description = "Daniel Lundin";
extraGroups = [
"adbusers"
"lp"
"nitrokey"
"wheel"
];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILwakA+EeuR23vRhjvjMkzK+FtWIhpnbs7z1pfnBehCUAAAABHNzaDo= dln@dinky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
];
};
shelman = {
desktop.enable = true;
laptop.enable = true;
plymouth.enable = true;
podman.enable = true;
};
services.xserver.displayManager.autoLogin.enable = true;
services.xserver.displayManager.autoLogin.user = "dln";
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
system.stateVersion = "24.05"; # Did you read the comment?
}

192
hosts/nemo/default.nix Normal file
View file

@ -0,0 +1,192 @@
{
lib,
config,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
extraModulePackages = with config.boot.kernelPackages; [ nct6687d ];
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nct6687"
"nvme"
"firewire_ohci"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ "nct6687" ];
kernelModules = [
"nct6687"
"kvm-intel"
];
extraModprobeConfig = ''
options nct6687 force=1
'';
kernelParams = [ "mitigations=off" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
fsType = "btrfs";
options = [
"subvol=@"
"noatime"
"nodiratime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"nodiratime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2670-0FCA";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vpl-gpu-rt
intel-media-driver
vaapiVdpau
libvdpau-va-gl
];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking = {
hostName = "nemo"; # Define your hostname.
nameservers = [
"10.1.100.11"
"10.1.100.12"
"10.1.100.13"
];
networkmanager.enable = false;
useDHCP = false;
wireless.iwd = {
enable = true;
settings = {
DriverQuirks.PowerSaveDisable = "*";
Network = {
EnableIPv6 = false;
NameResolvingService = "systemd";
};
Scan.DisablePeriodicScan = true;
Settings = {
AutoConnect = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [
22000 # Syncthing
];
networking.firewall.allowedUDPPorts = [
22000 # Synchthing
21027
];
systemd.network.enable = true;
systemd.network.networks."10-wifi" = {
matchConfig.Name = "wlan0";
address = [ "10.1.100.20/24" ];
gateway = [ "10.1.100.1" ];
linkConfig.RequiredForOnline = "routable";
};
security = {
pam.services.doas =
{ config, ... }:
{
rules.auth.rssh = {
order = config.rules.auth.ssh_agent_auth.order - 1;
control = "sufficient";
modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so";
settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" ''
cat "/etc/ssh/authorized_keys.d/$1"
'';
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ "9.9.9.9" ];
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = true;
};
};
services.sunshine = {
enable = true;
openFirewall = true;
settings = { };
};
shelman = {
desktop.enable = true;
plymouth.enable = true;
podman.enable = true;
};
environment.systemPackages = with pkgs; [
ffado
lm_sensors
openconnect
pam_rssh
];
programs.coolercontrol.enable = true;
users.users.dln = {
isNormalUser = true;
description = "Daniel Lundin";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln@dinky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
];
};
users.users.lsjostro = {
isNormalUser = true;
description = "Lars Sjöström";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJ10mLOpInoqDaySyrxbzvcOrJfLw48Y6eWHa9501lw+hEEBXya3ib7nlvpCqEQJ8aPU5fVRqpkOW5zSimCiRbwAAAAEc3NoOg=="
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLpoKvsZDIQQLfgzJhe1jAQubBNxjydkj8UfdUPaSXqgfB02OypMOC1m5ZuJYcQIxox0I+4Z8xstFhYP6s8zKZwAAAAEc3NoOg=="
];
};
system.stateVersion = "24.05"; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
}

18
justfile
View file

@ -4,14 +4,26 @@ set shell := ["/usr/bin/env", "bash", "-euo", "pipefail", "-c"]
default: default:
@just --list @just --list
boot:
nh os boot .
build:
nh os build .
switch:
nh os switch .
update:
nh os switch --update --ask .
clean: clean:
nh clean all nh clean all
build: home-build:
nh home build . nh home build .
switch: home-switch:
nh home switch . nh home switch .
update: home-update:
nh home switch --update --ask . nh home switch --update --ask .