cofnig

README.md

@@ -1,3 +1,10 @@
 This repository is personal and currently doesn't come with any documentation or community-centric promises.
 
-You're allowed to use it in whatever way you see fit, see [LICENSE](./LICENSE).
+You're allowed to use it in whatever way you see fit but **on your own risk**, see our GLWTS license.
+
+- install nixos
+- open terminal and run `nix-shell -p git`
+- run `git clone https://github.com/bartvdbraak/nixos-dotfiles.git`
+- run `./nixos-dotfiles/dotfiles/symlink.sh` if you want to get all dotfiles in your home
+- run `sudo ./nixos-dotfiles/nixos/symlink.sh` if you want get nixos configs in your /etc (it backs up your current)
+- run one of the configs to switch to it, e.g. `nixos-rebuild switch --flake .#tongfang`, reboot is recommended

dotfiles/.config/ghostty/config

@@ -0,0 +1,5 @@
+font-size = 12
+font-family = JetBrains Mono
+background-opacity = 0.95
+background-blur-radius = 20
+mouse-hide-while-typing = true

nixos/.gitignore

@@ -1 +0,0 @@
-hardware-configuration.nix

nixos/flake.lock

@@ -0,0 +1,62 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1736883708,
+        "narHash": "sha256-uQ+NQ0/xYU0N1CnXsa2zghgNaOPxWpMJXSUJJ9W7140=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "eb62e6aa39ea67e0b8018ba8ea077efe65807dc8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1735471104,
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "zen-browser": "zen-browser"
+      }
+    },
+    "zen-browser": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1736997529,
+        "narHash": "sha256-eyZXz3aphVJ8mMZ5KivtnYS+5vhNxVjWGlBJM0DMqlE=",
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "rev": "96be5663cc2ef52e8815c90f7abf3363be3950c2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nixos/flake.nix

@@ -8,51 +8,94 @@
 
   outputs = { nixpkgs, ... } @ inputs:
   {
-    nixosConfigurations.tongfang = nixpkgs.lib.nixosSystem {
+    nixosConfigurations = {
-      specialArgs = { inherit inputs; };
+      tongfang = nixpkgs.lib.nixosSystem {
-      modules = [
+        specialArgs = { inherit inputs; };
-        ./hardware-configuration.nix
+        modules = [
+          ./hardware/tongfang.nix
 
-        # ./modules/gnome.nix
+          ./modules/kde.nix
-        # ./modules/hyprland.nix
+          ./modules/battery.nix
-        ./modules/kde.nix
+          ./modules/bluetooth.nix
+          ./modules/bootloader.nix
+          ./modules/configuration.nix
+          ./modules/creative-tools.nix
+          ./modules/devops-tools.nix
+          ./modules/display-manager.nix
+          ./modules/environment-variables.nix
+          ./modules/firewall.nix
+          ./modules/fonts.nix
+          ./modules/gc.nix
+          ./modules/greeter.nix
+          ./modules/info-fetchers.nix
+          ./modules/internationalisation.nix
+          ./modules/keyboard.nix
+          ./modules/linux-kernel.nix
+          ./modules/lsp.nix
+          ./modules/networking.nix
+          ./modules/nix-settings.nix
+          ./modules/nixpkgs.nix
+          ./modules/open-ssh.nix
+          ./modules/printing.nix
+          ./modules/programming-languages.nix
+          ./modules/screen.nix
+          ./modules/services.nix
+          ./modules/sound.nix
+          ./modules/terminal-utils.nix
+          ./modules/theme.nix
+          ./modules/time.nix
+          ./modules/usb.nix
+          ./modules/users.nix
+          ./modules/utils.nix
+          ./modules/virtualisation.nix
+          ./modules/vpn.nix
+          ./modules/work.nix
+        ];
+      };
 
-        ./modules/battery.nix
+      qemu = nixpkgs.lib.nixosSystem {
-        ./modules/bluetooth.nix
+        specialArgs = { inherit inputs; };
-        ./modules/bootloader.nix
+        modules = [
-        ./modules/configuration.nix
+          ./hardware/qemu.nix
-        ./modules/creative-tools.nix
+
-        ./modules/devops-tools.nix
+          ./modules/kde.nix
-        ./modules/display-manager.nix
+          # ./modules/battery.nix
-        ./modules/environment-variables.nix
+          # ./modules/bluetooth.nix
-        ./modules/firewall.nix
+          ./modules/bootloader.nix
-        ./modules/fonts.nix
+          ./modules/configuration.nix
-        ./modules/gc.nix
+          # ./modules/creative-tools.nix
-        ./modules/greeter.nix
+          # ./modules/devops-tools.nix
-        ./modules/info-fetchers.nix
+          ./modules/display-manager.nix
-        ./modules/internationalisation.nix
+          # ./modules/environment-variables.nix
-        ./modules/keyboard.nix
+          # ./modules/firewall.nix
-        ./modules/linux-kernel.nix
+          # ./modules/fonts.nix
-        ./modules/lsp.nix
+          # ./modules/gc.nix
-        ./modules/networking.nix
+          ./modules/greeter.nix
-        ./modules/nix-settings.nix
+          # ./modules/info-fetchers.nix
-        ./modules/nixpkgs.nix
+          # ./modules/internationalisation.nix
-        ./modules/open-ssh.nix
+          # ./modules/keyboard.nix
-        ./modules/printing.nix
+          # ./modules/linux-kernel.nix
-        ./modules/programming-languages.nix
+          # ./modules/lsp.nix
-        ./modules/screen.nix
+          ./modules/networking.nix
-        ./modules/services.nix
+          ./modules/nix-settings.nix
-        ./modules/sound.nix
+          # ./modules/nixpkgs.nix
-        ./modules/terminal-utils.nix
+          # ./modules/open-ssh.nix
-        ./modules/theme.nix
+          # ./modules/printing.nix
-        ./modules/time.nix
+          # ./modules/programming-languages.nix
-        ./modules/usb.nix
+          # ./modules/screen.nix
-        ./modules/users.nix
+          # ./modules/services.nix
-        ./modules/utils.nix
+          # ./modules/sound.nix
-        ./modules/virtualisation.nix
+          # ./modules/terminal-utils.nix
-        ./modules/vpn.nix
+          # ./modules/theme.nix
-        ./modules/work.nix
+          # ./modules/time.nix
-      ];
+          # ./modules/usb.nix
+          # ./modules/users.nix
+          # ./modules/utils.nix
+          # ./modules/virtualisation.nix
+          # ./modules/vpn.nix
+          # ./modules/work.nix
+        ];
+      };
     };
   };
 }

nixos/hardware/qemu.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d6b08f23-97da-4e41-b70c-90fcc35db534";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nixos/hardware/tongfang.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c7cf28c3-5744-45cc-8a81-456d24e44b7a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/CEF6-7DAA";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/modules/linux-kernel.nix

@@ -9,25 +9,11 @@
     "fbcon=nodefer"
     "vt.global_cursor_default=0"
     "kernel.modules_disabled=1"
-    "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
+    "lsm=landlock,lockdown,yama,integrity,bpf,tomoyo"
     "usbcore.autosuspend=-1"
     "video4linux"
     "acpi_rev_override=5"
-    # "security=selinux"
   ];
-  # boot.kernelPatches = [ {
-  #      name = "selinux-config";
-  #      patch = null;
-  #      extraConfig = '' 
-  #              SECURITY_SELINUX y
-  #              SECURITY_SELINUX_BOOTPARAM n
-  #              SECURITY_SELINUX_DEVELOP y
-  #              SECURITY_SELINUX_AVC_STATS y
-  #              DEFAULT_SECURITY_SELINUX n
-  #            '';
-  # } ];
-
-  # systemd.package = pkgs.systemd.override { withSelinux = true; };
 
   environment.systemPackages = with pkgs; [
     policycoreutils

nixos/modules/programming-languages.nix

@@ -9,6 +9,5 @@
     bun
     lua
     zig
-    numbat
   ];
 }

nixos/modules/services.nix

@@ -9,7 +9,6 @@
   # Enable Services
   programs.direnv.enable = true;
   services.upower.enable = true;
-  programs.fish.enable = true;
   programs.dconf.enable = true;
   services.dbus = {
     enable = true;

nixos/users.nix

@@ -1,71 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  users.users.bart = {
-    isNormalUser = true;
-    description = "Bart van der Braak";
-    extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ];
-    packages = with pkgs; [
-      vscodium
-      thunderbird
-      fastfetch
-      wezterm
-      neovim
-      logseq
-      element-desktop
-      go-task
-      opentofu
-      python3
-      gnumake
-      gccgo
-      # nodejs_22
-      # corepack_22
-      azure-cli
-      sops
-      blender
-      inkscape
-      gimp
-      nixfmt-rfc-style
-    ];
-  };
-
-  # Enable discovery of Google Cast and Spotify Connect devices
-  networking.firewall.allowedUDPPorts = [ 5353 ];
-
-  nixpkgs.config.permittedInsecurePackages = [
-    # Workaround for electron dependency in Logseq
-    "electron-27.3.11"
-  ];
-
-  programs._1password.enable = true;
-  programs._1password-gui = {
-    enable = true;
-    # Certain features, including CLI integration and system authentication support,
-    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
-    polkitPolicyOwners = [ "bart" ];
-  };
-
-  # SSH agent configuration
-  programs.ssh.startAgent = true;
-  programs.ssh.extraConfig = ''
-    Host *
-      AddKeysToAgent yes
-      ServerAliveInterval 60
-      ServerAliveCountMax 3
-  '';
-
-  # GPG agent configuration
-  programs.gnupg.agent.enable = true;
-  programs.gnupg.dirmngr.enable = true;
-
-  # Add KVM support
-  virtualisation.libvirtd.enable = true;
-  programs.virt-manager.enable = true;
-
-  # Add Docker support
-  virtualisation.docker.enable = true;
-  virtualisation.docker.rootless = {
-    enable = true;
-    setSocketVariable = true;
-  };
-}