titaniumtown/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move some stuff around

Browse Source
This commit is contained in:
Simon Gardling
2024-09-27 01:03:05 -04:00
parent c15c813c6b
commit b429d8e6da
39 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
etcnixos/common.nix Normal file
View File

@@ -0,0 +1,199 @@
{
config,
pkgs,
lib,
username,
system,
hostname,
inputs,
...
}:
{
imports = [ ./declarative-nm.nix ];
nix = {
#garbage collection and cleanup stuff
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
#optimize the store
optimise.automatic = true;
#enable flakes!
settings.experimental-features = [
"nix-command"
"flakes"
];
};
#kernel options
boot = {
# kernelPackages = pkgs.linuxPackages_cachyos-lto;
kernelPackages = pkgs.linuxPackages_6_10;
supportedFilesystems = [ "zfs" ];
kernel.sysctl = {
#for profiling
"kernel.perf_event_paranoid" = 1;
"kernel.kptr_restrict" = 0;
#dmesg shushhhhh
"kernel.printk" = "2 4 1 7";
};
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
compressor = "zstd";
compressorArgs = [ "-19" ];
};
};
environment.etc = {
#override default nixos /etc/issue
"issue".text = "";
};
services = {
#fwupd for updating firmware
fwupd = {
enable = true;
extraRemotes = [ "lvfs-testing" ];
};
#auto detect network printers
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Enable CUPS to print documents.
printing = {
enable = true;
drivers = with pkgs; [ hplip ];
};
#disable fprintd (doesn't compile, idk)
fprintd.enable = false;
#Making sure mullvad works on boot
mullvad-vpn.enable = true;
};
# Set your time zone.
time.timeZone = "America/New_York";
security = {
#lets use doas and not sudo!
doas.enable = true;
sudo.enable = false;
# Configure doas
doas.extraRules = [
{
users = [ "${username}" ];
keepEnv = true;
persist = true;
}
];
};
age.identityPaths = [ "/home/${username}/.ssh/id_ed25519" ];
age.secrets.primary-password = {
file = ./secrets/primary-password.age;
path = "/etc/secrets/primary-password";
};
#networking
networking = import ./networking.nix { inherit hostname; };
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable Bluetooth
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
#Enable experimental features for battery % of bluetooth devices
settings.General.Experimental = true;
};
#apply gtk themes by enabling dconf
programs.dconf.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
};
# Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
users.users.${username} = {
isNormalUser = true;
extraGroups = [
"networkmanager"
"wheel"
"video"
"camera"
];
hashedPasswordFile = config.age.secrets.primary-password.path;
};
services.gvfs.enable = true;
programs.gphoto2.enable = true;
# Enable thermal data
services.thermald.enable = true;
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
enableSSHSupport = false;
};
#System packages
environment.systemPackages = with pkgs; [
mullvad-vpn
#secureboot ctl
sbctl
dmidecode
(inputs.agenix.packages.${pkgs.system}.default.override { ageBin = "${pkgs.rage}/bin/rage"; })
];
#wayland with electron/chromium applications
environment.sessionVariables.NIXOS_OZONE_WL = "1";
system.stateVersion = "24.11";
}

52
etcnixos/declarative-nm.nix Normal file
View File

@@ -0,0 +1,52 @@
{
config,
lib,
pkgs,
...
}:
with lib;
# from: https://discourse.nixos.org/t/imperative-declarative-wifi-networks-with-wpa-supplicant/12394/6
let
cfg = config.networking.networkmanager;
getFileName = stringAsChars (x: if x == " " then "-" else x);
createWifi = ssid: opt: {
name = "NetworkManager/system-connections/${getFileName ssid}.nmconnection";
value = {
mode = "0400";
source = pkgs.writeText "${ssid}.nmconnection" ''
[connection]
id=${ssid}
type=wifi
[wifi]
ssid=${ssid}
[wifi-security]
${optionalString (opt.psk != null) ''
key-mgmt=wpa-psk
psk=${opt.psk}''}
'';
};
};
keyFiles = mapAttrs' createWifi config.networking.wireless.networks;
in
{
config = mkIf cfg.enable {
environment.etc = keyFiles;
systemd.services.NetworkManager-predefined-connections = {
restartTriggers = mapAttrsToList (name: value: value.source) keyFiles;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.coreutils}/bin/true";
ExecReload = "${pkgs.networkmanager}/bin/nmcli connection reload";
};
reloadIfChanged = true;
wantedBy = [ "multi-user.target" ];
};
};
}

458
etcnixos/flake.lock generated Normal file
View File

@@ -0,0 +1,458 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alvr": {
"locked": {
"lastModified": 1727023213,
"narHash": "sha256-KPghRPcTbqCMktw9ahrtiq7a/seajAyLkEI2GS1x+sg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c2572e5cf4329ad9fa50d33015aa7be394b4026",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "pull/308097/head",
"repo": "nixpkgs",
"type": "github"
}
},
"chaotic": {
"inputs": {
"fenix": "fenix",
"flake-schemas": "flake-schemas",
"home-manager": "home-manager_2",
"jovian": "jovian",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1727292492,
"narHash": "sha256-vKkVoZJB35xOb1kmAH6i74ziuP0ZGKnzM6+NVi/OhD8=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "9b30ea4a39c8c5a2b6a6519f85da38f72b7f29f0",
"type": "github"
},
"original": {
"owner": "chaotic-cx",
"ref": "nyxpkgs-unstable",
"repo": "nyx",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1721842668,
"narHash": "sha256-k3oiD2z2AAwBFLa4+xfU+7G5fisRXfkvrMTCJrjZzXo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1726900127,
"narHash": "sha256-v3r7yJY8YE4HAzD5DXOxLkzj8YZKQ0xuccp9yppGW1U=",
"owner": "nix-community",
"repo": "fenix",
"rev": "18eefba7fd0bf03e115785948758a44125a9fd68",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-schemas": {
"locked": {
"lastModified": 1721999734,
"narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
"rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
"revCount": 75,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726902823,
"narHash": "sha256-Gkc7pwTVLKj4HSvRt8tXNvosl8RS9hrBAEhOjAE0Tt4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "14929f7089268481d86b83ed31ffd88713dcd415",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726902390,
"narHash": "sha256-ESAD6AkxsQdV/j5ZBcO4Vg94J7Xd0nfpiEZpJtwSEhg=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "faf4c746c068dd8e41b1fa5f18beeabd34d4064c",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1725379389,
"narHash": "sha256-qS1H/5/20ewJIXmf8FN2A5KTOKKU9elWvCPwdBi1P/U=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e7bd94e0b5ff3c1e686f2101004ebf4fcea9d871",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"chaotic",
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1727040444,
"narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1727122398,
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1721042469,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"alvr": "alvr",
"chaotic": "chaotic",
"lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1726443025,
"narHash": "sha256-nCmG4NJpwI0IoIlYlwtDwVA49yuspA2E6OhfCOmiArQ=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "94b526fc86eaa0e90fb4d54a5ba6313aa1e9b269",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722219664,
"narHash": "sha256-xMOJ+HW4yj6e69PvieohUJ3dBSdgCfvI0nnCEe6/yVc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a6fbda5d9a14fb5f7c69b8489d24afeb349c7bb4",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

78
etcnixos/flake.nix Normal file
View File

@@ -0,0 +1,78 @@
{
description = "A simple NixOS flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
alvr.url = "github:NixOS/nixpkgs/pull/308097/head";
chaotic = {
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
lanzaboote,
nixos-hardware,
chaotic,
agenix,
...
}@inputs:
let
username = "primary";
hostname = nixpkgs.lib.strings.removeSuffix "\n" (builtins.readFile /etc/hostname);
system = "x86_64-linux";
# pkgs = import nixpkgs {
# config.replaceStdenv = { pkgs }: pkgs.clangStdenv;
# };
pkgs = import nixpkgs {
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
];
};
in
{
nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs username hostname;
};
inherit pkgs;
modules =
[
./system-${hostname}.nix
chaotic.nixosModules.default
agenix.nixosModules.default
]
++ (
if ("${hostname}" == "mreow") then # laptop
[
nixos-hardware.nixosModules.framework-12th-gen-intel
lanzaboote.nixosModules.lanzaboote
]
else
[ ]
);
};
};
}

59
etcnixos/hardware_desktop.nix Normal file
View File

@@ -0,0 +1,59 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ff51be5a-b87b-4e6a-9c1d-796ceeaca153";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3D37-E610";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/media/steam" = {
device = "/dev/disk/by-uuid/df865fc2-6b26-4689-809b-1615f860507e";
fsType = "btrfs";
options = [ "nofail" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

53
etcnixos/hardware_laptop.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
#if this is removed, then niri doesn't start, TODO! look into wtf this does
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/acbd96e3-e7c7-442d-82cc-ce2913a9e90c";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"autodefrag"
"noatime"
"space_cache=v2"
"discard"
];
};
boot.initrd.luks.devices."luks-0f481d5f-528c-4838-bd8a-d2780b4ba234".device = "/dev/disk/by-uuid/0f481d5f-528c-4838-bd8a-d2780b4ba234";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4D19-520E";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
etcnixos/networking.nix Normal file
View File

@@ -0,0 +1,19 @@
{ hostname, ... }:
{
hostName = "${hostname}";
hostId = "cfe0ff46";
networkmanager = {
enable = true;
insertNameservers = [
"1.1.1.1"
"8.8.8.8"
];
wifi = {
scanRandMacAddress = true;
};
};
wireless.networks = import ./secrets/wifi-passwords.nix;
}

BIN
etcnixos/secrets/primary-password.age Normal file
View File

Binary file not shown.

16
etcnixos/secrets/secrets.nix Normal file
View File

@@ -0,0 +1,16 @@
let
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH";
desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi";
in
(builtins.listToAttrs (
map
(f: {
f.publicKeys = [
laptop
desktop
];
})
[
"primary-password.age"
]
))

BIN
etcnixos/secrets/secureboot.tar Normal file
View File

Binary file not shown.

BIN
etcnixos/secrets/wifi-passwords.nix Normal file
View File

Binary file not shown.

125
etcnixos/system-mreow.nix Normal file
View File

@@ -0,0 +1,125 @@
{
config,
pkgs,
lib,
username,
system,
...
}:
{
imports = [
./common.nix
./hardware_laptop.nix
];
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 60;
CPU_BOOST_ON_BAT = 0;
START_CHARGE_THRESH_BAT0 = 90;
STOP_CHARGE_THRESH_BAT0 = 95;
RUNTIME_PM_ON_BAT = "auto";
};
};
services = {
#using btrfs, so lets scrub!
btrfs.autoScrub = {
enable = true;
interval = "weekly";
fileSystems = [ "/" ];
};
};
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.niri}/bin/niri-session";
user = "${username}";
};
};
};
boot = {
enableContainers = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# Bootloader.
loader = {
/*
Lanzaboote currently replaces the systemd-boot module.
This setting is usually set to true in configuration.nix
generated at installation time. So we force it to false
for now.
*/
systemd-boot.enable = lib.mkForce false;
};
kernelParams = [
"mitigations=off"
];
};
# this is a life saver.
# literally no documentation about this anywhere.
# might be good to write about this...
# https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal"; # Without this errors will spam on screen
# Without these bootlogs will spam on screen
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
# Enable common container config files in /etc/containers
virtualisation = {
containers.enable = true;
podman = {
enable = true;
# Required for containers under podman-compose to be able to talk to each other.
# defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
distrobox
];
#weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work
#if I move to another lock screen program, i will have to replace `swaylock`
security.pam.services.swaylock = { };
system.activationScripts = {
"secureboot-keys".text =
let
secureboot_path = "/etc/secureboot";
in
''
#!/bin/sh
rm -fr ${secureboot_path} || true
mkdir -p ${secureboot_path}
${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${secureboot_path}
'';
};
}

148
etcnixos/system-nixos.nix Normal file
View File

@@ -0,0 +1,148 @@
{
config,
pkgs,
lib,
username,
system,
cpu_arch,
inputs,
...
}:
{
imports = [
./common.nix
./hardware_desktop.nix
];
boot = {
kernelPatches = [
#for making ALVR support better :)
{
name = "amdgpu-ignore-ctx-privileges";
patch = pkgs.fetchpatch {
name = "cap_sys_nice_begone.patch";
url = "https://github.com/Frogging-Family/community-patches/raw/master/linux61-tkg/cap_sys_nice_begone.mypatch";
sha256 = "Y3a0+x2xvHsfLax/uwycdJf3xLxvVfkfDVqjkxNaYEo=";
};
}
];
kernelParams = [
# allow overclocking (I actually underclock but lol)
"amdgpu.ppfeaturemask=0xFFF7FFFF"
];
kernelModules = [
# kernel module for case fan control
"nct6775"
];
};
services.xserver.enable = false;
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
systemd.services.no-rgb =
let
no-rgb = pkgs.writeScriptBin "no-rgb" ''
#!/bin/sh
NUM_DEVICES=$(${pkgs.openrgb}/bin/openrgb --noautoconnect --list-devices | grep -E '^[0-9]+: ' | wc -l)
for i in $(seq 0 $(($NUM_DEVICES - 1))); do
${pkgs.openrgb}/bin/openrgb --noautoconnect --device $i --mode direct --color 000000
done
'';
in
{
description = "disable rgb";
serviceConfig = {
ExecStart = "${no-rgb}/bin/no-rgb";
Type = "oneshot";
};
wantedBy = [ "multi-user.target" ];
};
services.hardware.openrgb.enable = true;
services.udev.packages = [ pkgs.openrgb ];
hardware.i2c.enable = true;
#System packages
environment.systemPackages = with pkgs; [
openrgb-with-all-plugins
lact
];
programs.alvr = {
enable = true;
package = inputs.alvr.legacyPackages.${pkgs.system}.alvr;
openFirewall = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
# services.ollama = {
# enable = true;
# acceleration = "rocm";
# environmentVariables = {
# HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
# };
# rocmOverrideGfx = "10.3.1";
# };
# services.open-webui = {
# enable = true;
# openFirewall = true;
# port = 8082;
# environment = {
# # Disable authentication
# WEBUI_AUTH = "False";
# PYDANTIC_SKIP_VALIDATING_CORE_SCHEMAS = "True";
# };
# };
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = [ "multi-user.target" ];
# control case fans with gpu temperature
# I have case fans attached to my gpu for better cooling
hardware.fancontrol = {
enable = true;
config =
let
select_hwmon = "hwmon/hwmon[[:print:]]*";
gpu_path = "/sys/devices/pci0000:00/0000:00:03.1/0000:09:00.0/0000:0a:00.0/0000:0b:00.0/${select_hwmon}";
mobo_path = "/sys/devices/platform/nct6775.656/${select_hwmon}";
fan_speed = "${mobo_path}/pwm4";
in
''
INTERVAL=10
FCTEMPS=${fan_speed}=${gpu_path}/temp1_input
FCFANS= ${fan_speed}=${mobo_path}/fan4_input
MINTEMP=${fan_speed}=40
MAXTEMP=${fan_speed}=80
MINSTART=${fan_speed}=150
MINSTOP=${fan_speed}=0
MAXPWM=${fan_speed}=255
'';
};
}