8 files changed, 353 insertions, 0 deletions

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
new file mode 100644
index 0000000..be8e03f
--- /dev/null
+++ b/nixos/configuration.nix
@@ -0,0 +1,51 @@
+{
+  inputs,
+  outputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./desktop
+    ./hardware.nix
+    ./impermanence.nix
+    ./locale.nix
+    ./nix.nix
+    ./user.nix
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  nixpkgs = {
+    overlays = [
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.master-packages
+      inputs.nur.overlay
+    ];
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  home-manager = {
+    backupFileExtension = "bak";
+    extraSpecialArgs = {inherit inputs outputs;};
+    users.chen = import ../home-manager/home.nix;
+  };
+
+  networking = {
+    hostName = "nixosvm";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    wget
+  ];
+
+  services.ntp.enable = true;
+  security.sudo.execWheelOnly = true;
+
+  system.stateVersion = "24.11";
+}
diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix
new file mode 100644
index 0000000..dc34f11
--- /dev/null
+++ b/nixos/desktop/default.nix
@@ -0,0 +1,26 @@
+{
+  imports = [./fonts.nix];
+
+  services.xserver = {
+    enable = true;
+    xkb.layout = "us";
+
+    desktopManager = {
+      xterm.enable = false;
+      xfce.enable = true;
+    };
+  };
+
+  services.displayManager.defaultSession = "xfce";
+  services.libinput.enable = true;
+
+  # For trash
+  #services.gvfs.enable = true;
+
+  #virtualisation.waydroid.enable = true;
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+}
diff --git a/nixos/desktop/fonts.nix b/nixos/desktop/fonts.nix
new file mode 100644
index 0000000..38b3ca7
--- /dev/null
+++ b/nixos/desktop/fonts.nix
@@ -0,0 +1,42 @@
+{pkgs, ...}: {
+  fonts = {
+    enableDefaultPackages = true;
+    fontconfig = {
+      enable = true;
+      defaultFonts = {
+        emoji = ["Noto Color Emoji"];
+        monospace = [
+          "Liberation Mono"
+        ];
+        sansSerif = [
+          "Liberation Sans"
+        ];
+        serif = [
+          "Liberation Serif"
+        ];
+      };
+      hinting = {
+        enable = true;
+        style = "full";
+        autohint = true;
+      };
+    };
+    fontDir.enable = true;
+    enableGhostscriptFonts = true;
+    packages = with pkgs; [
+      fira
+      fira-mono
+      fira-code
+      hack-font
+      inter
+      iosevka
+      liberation_ttf
+      nerdfonts
+      noto-fonts
+      noto-fonts-color-emoji
+      roboto
+      roboto-mono
+      roboto-serif
+    ];
+  };
+}
diff --git a/nixos/hardware.nix b/nixos/hardware.nix
new file mode 100644
index 0000000..824d88c
--- /dev/null
+++ b/nixos/hardware.nix
@@ -0,0 +1,127 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.hardware.nixosModules.common-cpu-amd
+    inputs.hardware.nixosModules.common-cpu-amd-pstate
+    inputs.hardware.nixosModules.common-gpu-amd
+    inputs.hardware.nixosModules.common-pc-laptop
+    inputs.hardware.nixosModules.common-pc-laptop-acpi_call
+    inputs.hardware.nixosModules.common-pc-laptop-ssd
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = ["synaptics_usb"];
+  boot.kernelModules = ["kvm-amd"];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.extraModulePackages = [];
+
+  # disable Scatter/Gather APU recently enabled by default,
+  # which results in white screen after display reconfiguration
+  boot.kernelParams = [
+    "amdgpu.sg_display=0"
+    "amd_pstate=active"
+  ];
+
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = ["defaults" "size=8G" "mode=755"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-partlabel/disk-main-ESP";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-partlabel/disk-main-luks";
+
+  fileSystems."/nix" = {
+    device = "/dev/mapper/crypted";
+    fsType = "btrfs";
+    options = ["subvol=nix" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/persist" = {
+    device = "/dev/mapper/crypted";
+    fsType = "btrfs";
+    options = ["subvol=persist" "compress=zstd" "noatime"];
+    neededForBoot = true;
+  };
+
+  fileSystems."/swap" = {
+    device = "/dev/mapper/crypted";
+    fsType = "btrfs";
+    options = ["subvol=swap" "noatime"];
+  };
+
+  fileSystems."/tmp" = {
+    device = "/dev/mapper/crypted";
+    fsType = "btrfs";
+    options = ["subvol=tmp" "noatime"];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/mapper/crypted";
+    fsType = "btrfs";
+    options = ["subvol=log" "compress=zstd" "noatime"];
+    neededForBoot = true;
+  };
+
+  boot.tmp.cleanOnBoot = true;
+  swapDevices = [{device = "/swap/swapfile";}];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  services.xserver = {
+    videoDrivers = ["amdgpu"];
+  };
+
+  # sound = {
+  #   enable = lib.mkForce false;
+  #   mediaKeys.enable = true;
+  # };
+
+  # hardware.pulseaudio = {
+  #   enable = true;
+  #   support32Bit = true;
+  # };
+
+  # Fingerprint
+  services.fprintd = {
+    enable = true;
+  };
+  systemd.services.fprintd = {
+    wantedBy = ["multi-user.target"];
+    serviceConfig.Type = "simple";
+  };
+
+  # Bluetooth
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+
+  services.printing = {
+    enable = true;
+    drivers = [pkgs.hplip];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/nixos/impermanence.nix b/nixos/impermanence.nix
new file mode 100644
index 0000000..a2c32d9
--- /dev/null
+++ b/nixos/impermanence.nix
@@ -0,0 +1,48 @@
+{inputs, ...}: {
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+
+    directories = [
+      "/var/lib/bluetooth"
+      "/var/lib/fprint"
+      "/var/lib/nixos"
+      "/var/lib/systemd"
+      "/etc/NetworkManager/system-connections"
+    ];
+
+    files = [
+      # "/etc/machine-id"
+    ];
+
+    users.chen = {
+      directories = [
+        # XDG user directories
+        "Desktop"
+        "Documents"
+        "Downloads"
+        "Music"
+        "Pictures"
+        "Public"
+        "Templates"
+        "Videos"
+
+        # More directories
+        ".config/emacs"
+        ".local/share/Steam"
+        ".ssh"
+      ];
+
+      files = [
+        ".history"
+      ];
+    };
+  };
+
+  environment.etc.machine-id.text = "67803336e24344e9aa58ea47b51180d0";
+
+  programs.fuse.userAllowOther = true;
+}
diff --git a/nixos/locale.nix b/nixos/locale.nix
new file mode 100644
index 0000000..a4a429f
--- /dev/null
+++ b/nixos/locale.nix
@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  time.timeZone = "Europe/Athens";
+
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+
+    # inputMethod = {
+    #   enable = true;
+    #   type = "fcitx5";
+    # };
+  };
+}
diff --git a/nixos/nix.nix b/nixos/nix.nix
new file mode 100644
index 0000000..a2ec6b0
--- /dev/null
+++ b/nixos/nix.nix
@@ -0,0 +1,22 @@
+{
+  inputs,
+  lib,
+  config,
+  ...
+}: {
+  nix = {
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+      allowed-users = ["@wheel"];
+    };
+    # gc = {
+    #   automatic = true;
+    #   dates = "weekly";
+    #   options = "--delete-older-than +3";
+    # };
+
+    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
+    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+  };
+}
diff --git a/nixos/user.nix b/nixos/user.nix
new file mode 100644
index 0000000..00d4efe
--- /dev/null
+++ b/nixos/user.nix
@@ -0,0 +1,25 @@
+{pkgs, ...}: {
+  users.users = {
+    root = {
+      # inherit initialHashedPassword;
+      hashedPasswordFile = "/persist/passwordFiles/root";
+    };
+
+    grm = {
+      # inherit initialHashedPassword;
+      hashedPasswordFile = "/persist/passwordFiles/grm";
+      description = "grm";
+      isNormalUser = true;
+      extraGroups = ["wheel" "audio" "docker" "networkmanager"];
+    };
+  };
+
+  # Don't allow mutation of users outside of the config.
+  users.mutableUsers = false;
+
+  # programs.steam = {
+  #   enable = true;
+  #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+  #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  # };
+}