diff options
| author | gramanas <anastasis.gramm2@gmail.com> | 2024-10-07 11:47:06 +0300 |
|---|---|---|
| committer | gramanas <anastasis.gramm2@gmail.com> | 2024-10-07 11:47:06 +0300 |
| commit | 4547e75868cba2a265b78661ddc386b5e81c1bb0 (patch) | |
| tree | 71924feb573c8af5030080fc007eee7bfbaabb20 /nixos | |
| download | nix-master.tar.gz nix-master.tar.bz2 nix-master.zip | |
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/configuration.nix | 51 | ||||
| -rw-r--r-- | nixos/desktop/default.nix | 26 | ||||
| -rw-r--r-- | nixos/desktop/fonts.nix | 42 | ||||
| -rw-r--r-- | nixos/hardware.nix | 127 | ||||
| -rw-r--r-- | nixos/impermanence.nix | 48 | ||||
| -rw-r--r-- | nixos/locale.nix | 12 | ||||
| -rw-r--r-- | nixos/nix.nix | 22 | ||||
| -rw-r--r-- | nixos/user.nix | 25 |
8 files changed, 353 insertions, 0 deletions
diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..be8e03f --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,51 @@ +{ + inputs, + outputs, + pkgs, + ... +}: { + imports = [ + ./desktop + ./hardware.nix + ./impermanence.nix + ./locale.nix + ./nix.nix + ./user.nix + inputs.home-manager.nixosModules.home-manager + ]; + + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + inputs.nur.overlay + ]; + config = { + allowUnfree = true; + }; + }; + + home-manager = { + backupFileExtension = "bak"; + extraSpecialArgs = {inherit inputs outputs;}; + users.chen = import ../home-manager/home.nix; + }; + + networking = { + hostName = "nixosvm"; + networkmanager.enable = true; + firewall.enable = true; + }; + + environment.systemPackages = with pkgs; [ + git + htop + wget + ]; + + services.ntp.enable = true; + security.sudo.execWheelOnly = true; + + system.stateVersion = "24.11"; +} diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix new file mode 100644 index 0000000..dc34f11 --- /dev/null +++ b/nixos/desktop/default.nix @@ -0,0 +1,26 @@ +{ + imports = [./fonts.nix]; + + services.xserver = { + enable = true; + xkb.layout = "us"; + + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + }; + + services.displayManager.defaultSession = "xfce"; + services.libinput.enable = true; + + # For trash + #services.gvfs.enable = true; + + #virtualisation.waydroid.enable = true; + + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; +} diff --git a/nixos/desktop/fonts.nix b/nixos/desktop/fonts.nix new file mode 100644 index 0000000..38b3ca7 --- /dev/null +++ b/nixos/desktop/fonts.nix @@ -0,0 +1,42 @@ +{pkgs, ...}: { + fonts = { + enableDefaultPackages = true; + fontconfig = { + enable = true; + defaultFonts = { + emoji = ["Noto Color Emoji"]; + monospace = [ + "Liberation Mono" + ]; + sansSerif = [ + "Liberation Sans" + ]; + serif = [ + "Liberation Serif" + ]; + }; + hinting = { + enable = true; + style = "full"; + autohint = true; + }; + }; + fontDir.enable = true; + enableGhostscriptFonts = true; + packages = with pkgs; [ + fira + fira-mono + fira-code + hack-font + inter + iosevka + liberation_ttf + nerdfonts + noto-fonts + noto-fonts-color-emoji + roboto + roboto-mono + roboto-serif + ]; + }; +} diff --git a/nixos/hardware.nix b/nixos/hardware.nix new file mode 100644 index 0000000..824d88c --- /dev/null +++ b/nixos/hardware.nix @@ -0,0 +1,127 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: { + imports = [ + inputs.hardware.nixosModules.common-cpu-amd + inputs.hardware.nixosModules.common-cpu-amd-pstate + inputs.hardware.nixosModules.common-gpu-amd + inputs.hardware.nixosModules.common-pc-laptop + inputs.hardware.nixosModules.common-pc-laptop-acpi_call + inputs.hardware.nixosModules.common-pc-laptop-ssd + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.enableRedistributableFirmware = lib.mkDefault true; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["synaptics_usb"]; + boot.kernelModules = ["kvm-amd"]; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.extraModulePackages = []; + + # disable Scatter/Gather APU recently enabled by default, + # which results in white screen after display reconfiguration + boot.kernelParams = [ + "amdgpu.sg_display=0" + "amd_pstate=active" + ]; + + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=8G" "mode=755"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/disk-main-ESP"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-partlabel/disk-main-luks"; + + fileSystems."/nix" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime"]; + }; + + fileSystems."/persist" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=zstd" "noatime"]; + neededForBoot = true; + }; + + fileSystems."/swap" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=swap" "noatime"]; + }; + + fileSystems."/tmp" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=tmp" "noatime"]; + }; + + fileSystems."/var/log" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=log" "compress=zstd" "noatime"]; + neededForBoot = true; + }; + + boot.tmp.cleanOnBoot = true; + swapDevices = [{device = "/swap/swapfile";}]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + services.xserver = { + videoDrivers = ["amdgpu"]; + }; + + # sound = { + # enable = lib.mkForce false; + # mediaKeys.enable = true; + # }; + + # hardware.pulseaudio = { + # enable = true; + # support32Bit = true; + # }; + + # Fingerprint + services.fprintd = { + enable = true; + }; + systemd.services.fprintd = { + wantedBy = ["multi-user.target"]; + serviceConfig.Type = "simple"; + }; + + # Bluetooth + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + }; + + services.printing = { + enable = true; + drivers = [pkgs.hplip]; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/impermanence.nix b/nixos/impermanence.nix new file mode 100644 index 0000000..a2c32d9 --- /dev/null +++ b/nixos/impermanence.nix @@ -0,0 +1,48 @@ +{inputs, ...}: { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + environment.persistence."/persist" = { + hideMounts = true; + + directories = [ + "/var/lib/bluetooth" + "/var/lib/fprint" + "/var/lib/nixos" + "/var/lib/systemd" + "/etc/NetworkManager/system-connections" + ]; + + files = [ + # "/etc/machine-id" + ]; + + users.chen = { + directories = [ + # XDG user directories + "Desktop" + "Documents" + "Downloads" + "Music" + "Pictures" + "Public" + "Templates" + "Videos" + + # More directories + ".config/emacs" + ".local/share/Steam" + ".ssh" + ]; + + files = [ + ".history" + ]; + }; + }; + + environment.etc.machine-id.text = "67803336e24344e9aa58ea47b51180d0"; + + programs.fuse.userAllowOther = true; +} diff --git a/nixos/locale.nix b/nixos/locale.nix new file mode 100644 index 0000000..a4a429f --- /dev/null +++ b/nixos/locale.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + time.timeZone = "Europe/Athens"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + # inputMethod = { + # enable = true; + # type = "fcitx5"; + # }; + }; +} diff --git a/nixos/nix.nix b/nixos/nix.nix new file mode 100644 index 0000000..a2ec6b0 --- /dev/null +++ b/nixos/nix.nix @@ -0,0 +1,22 @@ +{ + inputs, + lib, + config, + ... +}: { + nix = { + settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + allowed-users = ["@wheel"]; + }; + # gc = { + # automatic = true; + # dates = "weekly"; + # options = "--delete-older-than +3"; + # }; + + registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + }; +} diff --git a/nixos/user.nix b/nixos/user.nix new file mode 100644 index 0000000..00d4efe --- /dev/null +++ b/nixos/user.nix @@ -0,0 +1,25 @@ +{pkgs, ...}: { + users.users = { + root = { + # inherit initialHashedPassword; + hashedPasswordFile = "/persist/passwordFiles/root"; + }; + + grm = { + # inherit initialHashedPassword; + hashedPasswordFile = "/persist/passwordFiles/grm"; + description = "grm"; + isNormalUser = true; + extraGroups = ["wheel" "audio" "docker" "networkmanager"]; + }; + }; + + # Don't allow mutation of users outside of the config. + users.mutableUsers = false; + + # programs.steam = { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; +} |