diff --git a/README.md b/README.md index 05ca274..14bddd6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ This repository is personal and currently doesn't come with any documentation or community-centric promises. -You're allowed to use it in whatever way you see fit, see [LICENSE](./LICENSE). \ No newline at end of file +You're allowed to use it in whatever way you see fit but **on your own risk**, see our GLWTS license. + +- install nixos +- open terminal and run `nix-shell -p git` +- run `git clone https://github.com/bartvdbraak/nixos-dotfiles.git` +- run `./nixos-dotfiles/dotfiles/symlink.sh` if you want to get all dotfiles in your home +- run `sudo ./nixos-dotfiles/nixos/symlink.sh` if you want get nixos configs in your /etc (it backs up your current) +- run one of the configs to switch to it, e.g. `nixos-rebuild switch --flake .#tongfang`, reboot is recommended diff --git a/dotfiles/.config/ghostty/config b/dotfiles/.config/ghostty/config new file mode 100644 index 0000000..978977f --- /dev/null +++ b/dotfiles/.config/ghostty/config @@ -0,0 +1,5 @@ +font-size = 12 +font-family = JetBrains Mono +background-opacity = 0.95 +background-blur-radius = 20 +mouse-hide-while-typing = true diff --git a/dotfiles/symlink.sh b/dotfiles/symlink.sh old mode 100644 new mode 100755 diff --git a/nixos/.gitignore b/nixos/.gitignore deleted file mode 100644 index 4c7f2b9..0000000 --- a/nixos/.gitignore +++ /dev/null @@ -1 +0,0 @@ -hardware-configuration.nix \ No newline at end of file diff --git a/nixos/flake.lock b/nixos/flake.lock new file mode 100644 index 0000000..fb6881e --- /dev/null +++ b/nixos/flake.lock @@ -0,0 +1,62 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1736883708, + "narHash": "sha256-uQ+NQ0/xYU0N1CnXsa2zghgNaOPxWpMJXSUJJ9W7140=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eb62e6aa39ea67e0b8018ba8ea077efe65807dc8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "zen-browser": "zen-browser" + } + }, + "zen-browser": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1736997529, + "narHash": "sha256-eyZXz3aphVJ8mMZ5KivtnYS+5vhNxVjWGlBJM0DMqlE=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "96be5663cc2ef52e8815c90f7abf3363be3950c2", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nixos/flake.nix b/nixos/flake.nix index b1cdf86..ad7d190 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -8,51 +8,94 @@ outputs = { nixpkgs, ... } @ inputs: { - nixosConfigurations.tongfang = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hardware-configuration.nix + nixosConfigurations = { + tongfang = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hardware/tongfang.nix - # ./modules/gnome.nix - # ./modules/hyprland.nix - ./modules/kde.nix + ./modules/kde.nix + ./modules/battery.nix + ./modules/bluetooth.nix + ./modules/bootloader.nix + ./modules/configuration.nix + ./modules/creative-tools.nix + ./modules/devops-tools.nix + ./modules/display-manager.nix + ./modules/environment-variables.nix + ./modules/firewall.nix + ./modules/fonts.nix + ./modules/gc.nix + ./modules/greeter.nix + ./modules/info-fetchers.nix + ./modules/internationalisation.nix + ./modules/keyboard.nix + ./modules/linux-kernel.nix + ./modules/lsp.nix + ./modules/networking.nix + ./modules/nix-settings.nix + ./modules/nixpkgs.nix + ./modules/open-ssh.nix + ./modules/printing.nix + ./modules/programming-languages.nix + ./modules/screen.nix + ./modules/services.nix + ./modules/sound.nix + ./modules/terminal-utils.nix + ./modules/theme.nix + ./modules/time.nix + ./modules/usb.nix + ./modules/users.nix + ./modules/utils.nix + ./modules/virtualisation.nix + ./modules/vpn.nix + ./modules/work.nix + ]; + }; - ./modules/battery.nix - ./modules/bluetooth.nix - ./modules/bootloader.nix - ./modules/configuration.nix - ./modules/creative-tools.nix - ./modules/devops-tools.nix - ./modules/display-manager.nix - ./modules/environment-variables.nix - ./modules/firewall.nix - ./modules/fonts.nix - ./modules/gc.nix - ./modules/greeter.nix - ./modules/info-fetchers.nix - ./modules/internationalisation.nix - ./modules/keyboard.nix - ./modules/linux-kernel.nix - ./modules/lsp.nix - ./modules/networking.nix - ./modules/nix-settings.nix - ./modules/nixpkgs.nix - ./modules/open-ssh.nix - ./modules/printing.nix - ./modules/programming-languages.nix - ./modules/screen.nix - ./modules/services.nix - ./modules/sound.nix - ./modules/terminal-utils.nix - ./modules/theme.nix - ./modules/time.nix - ./modules/usb.nix - ./modules/users.nix - ./modules/utils.nix - ./modules/virtualisation.nix - ./modules/vpn.nix - ./modules/work.nix - ]; + qemu = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hardware/qemu.nix + + ./modules/kde.nix + # ./modules/battery.nix + # ./modules/bluetooth.nix + ./modules/bootloader.nix + ./modules/configuration.nix + # ./modules/creative-tools.nix + # ./modules/devops-tools.nix + ./modules/display-manager.nix + # ./modules/environment-variables.nix + # ./modules/firewall.nix + # ./modules/fonts.nix + # ./modules/gc.nix + ./modules/greeter.nix + # ./modules/info-fetchers.nix + # ./modules/internationalisation.nix + # ./modules/keyboard.nix + # ./modules/linux-kernel.nix + # ./modules/lsp.nix + ./modules/networking.nix + ./modules/nix-settings.nix + # ./modules/nixpkgs.nix + # ./modules/open-ssh.nix + # ./modules/printing.nix + # ./modules/programming-languages.nix + # ./modules/screen.nix + # ./modules/services.nix + # ./modules/sound.nix + # ./modules/terminal-utils.nix + # ./modules/theme.nix + # ./modules/time.nix + # ./modules/usb.nix + # ./modules/users.nix + # ./modules/utils.nix + # ./modules/virtualisation.nix + # ./modules/vpn.nix + # ./modules/work.nix + ]; + }; }; }; -} \ No newline at end of file +} diff --git a/nixos/hardware/qemu.nix b/nixos/hardware/qemu.nix new file mode 100644 index 0000000..b264287 --- /dev/null +++ b/nixos/hardware/qemu.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d6b08f23-97da-4e41-b70c-90fcc35db534"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/hardware/tongfang.nix b/nixos/hardware/tongfang.nix new file mode 100644 index 0000000..f10dad2 --- /dev/null +++ b/nixos/hardware/tongfang.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c7cf28c3-5744-45cc-8a81-456d24e44b7a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/CEF6-7DAA"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/modules/linux-kernel.nix b/nixos/modules/linux-kernel.nix index 7ed9788..d795647 100644 --- a/nixos/modules/linux-kernel.nix +++ b/nixos/modules/linux-kernel.nix @@ -9,25 +9,11 @@ "fbcon=nodefer" "vt.global_cursor_default=0" "kernel.modules_disabled=1" - "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux" + "lsm=landlock,lockdown,yama,integrity,bpf,tomoyo" "usbcore.autosuspend=-1" "video4linux" "acpi_rev_override=5" - # "security=selinux" ]; - # boot.kernelPatches = [ { - # name = "selinux-config"; - # patch = null; - # extraConfig = '' - # SECURITY_SELINUX y - # SECURITY_SELINUX_BOOTPARAM n - # SECURITY_SELINUX_DEVELOP y - # SECURITY_SELINUX_AVC_STATS y - # DEFAULT_SECURITY_SELINUX n - # ''; - # } ]; - - # systemd.package = pkgs.systemd.override { withSelinux = true; }; environment.systemPackages = with pkgs; [ policycoreutils diff --git a/nixos/modules/programming-languages.nix b/nixos/modules/programming-languages.nix index e5c8f90..0a224be 100644 --- a/nixos/modules/programming-languages.nix +++ b/nixos/modules/programming-languages.nix @@ -9,6 +9,5 @@ bun lua zig - numbat ]; } \ No newline at end of file diff --git a/nixos/modules/services.nix b/nixos/modules/services.nix index 06f18af..170e56a 100644 --- a/nixos/modules/services.nix +++ b/nixos/modules/services.nix @@ -9,7 +9,6 @@ # Enable Services programs.direnv.enable = true; services.upower.enable = true; - programs.fish.enable = true; programs.dconf.enable = true; services.dbus = { enable = true; diff --git a/nixos/symlink.sh b/nixos/symlink.sh old mode 100644 new mode 100755 diff --git a/nixos/users.nix b/nixos/users.nix deleted file mode 100644 index 809111f..0000000 --- a/nixos/users.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, pkgs, ... }: - -{ - users.users.bart = { - isNormalUser = true; - description = "Bart van der Braak"; - extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ]; - packages = with pkgs; [ - vscodium - thunderbird - fastfetch - wezterm - neovim - logseq - element-desktop - go-task - opentofu - python3 - gnumake - gccgo - # nodejs_22 - # corepack_22 - azure-cli - sops - blender - inkscape - gimp - nixfmt-rfc-style - ]; - }; - - # Enable discovery of Google Cast and Spotify Connect devices - networking.firewall.allowedUDPPorts = [ 5353 ]; - - nixpkgs.config.permittedInsecurePackages = [ - # Workaround for electron dependency in Logseq - "electron-27.3.11" - ]; - - programs._1password.enable = true; - programs._1password-gui = { - enable = true; - # Certain features, including CLI integration and system authentication support, - # require enabling PolKit integration on some desktop environments (e.g. Plasma). - polkitPolicyOwners = [ "bart" ]; - }; - - # SSH agent configuration - programs.ssh.startAgent = true; - programs.ssh.extraConfig = '' - Host * - AddKeysToAgent yes - ServerAliveInterval 60 - ServerAliveCountMax 3 - ''; - - # GPG agent configuration - programs.gnupg.agent.enable = true; - programs.gnupg.dirmngr.enable = true; - - # Add KVM support - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; - - # Add Docker support - virtualisation.docker.enable = true; - virtualisation.docker.rootless = { - enable = true; - setSocketVariable = true; - }; -}