diff --git a/README.md b/README.md index 14bddd6..05ca274 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,3 @@ This repository is personal and currently doesn't come with any documentation or community-centric promises. -You're allowed to use it in whatever way you see fit but **on your own risk**, see our GLWTS license. - -- install nixos -- open terminal and run `nix-shell -p git` -- run `git clone https://github.com/bartvdbraak/nixos-dotfiles.git` -- run `./nixos-dotfiles/dotfiles/symlink.sh` if you want to get all dotfiles in your home -- run `sudo ./nixos-dotfiles/nixos/symlink.sh` if you want get nixos configs in your /etc (it backs up your current) -- run one of the configs to switch to it, e.g. `nixos-rebuild switch --flake .#tongfang`, reboot is recommended +You're allowed to use it in whatever way you see fit, see [LICENSE](./LICENSE). \ No newline at end of file diff --git a/dotfiles/.config/ghostty/config b/dotfiles/.config/ghostty/config deleted file mode 100644 index 978977f..0000000 --- a/dotfiles/.config/ghostty/config +++ /dev/null @@ -1,5 +0,0 @@ -font-size = 12 -font-family = JetBrains Mono -background-opacity = 0.95 -background-blur-radius = 20 -mouse-hide-while-typing = true diff --git a/dotfiles/symlink.sh b/dotfiles/symlink.sh old mode 100755 new mode 100644 diff --git a/nixos/.gitignore b/nixos/.gitignore new file mode 100644 index 0000000..4c7f2b9 --- /dev/null +++ b/nixos/.gitignore @@ -0,0 +1 @@ +hardware-configuration.nix \ No newline at end of file diff --git a/nixos/flake.lock b/nixos/flake.lock deleted file mode 100644 index fb6881e..0000000 --- a/nixos/flake.lock +++ /dev/null @@ -1,62 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1736883708, - "narHash": "sha256-uQ+NQ0/xYU0N1CnXsa2zghgNaOPxWpMJXSUJJ9W7140=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "eb62e6aa39ea67e0b8018ba8ea077efe65807dc8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs", - "zen-browser": "zen-browser" - } - }, - "zen-browser": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1736997529, - "narHash": "sha256-eyZXz3aphVJ8mMZ5KivtnYS+5vhNxVjWGlBJM0DMqlE=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "96be5663cc2ef52e8815c90f7abf3363be3950c2", - "type": "github" - }, - "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/nixos/flake.nix b/nixos/flake.nix index ad7d190..b1cdf86 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -8,94 +8,51 @@ outputs = { nixpkgs, ... } @ inputs: { - nixosConfigurations = { - tongfang = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hardware/tongfang.nix + nixosConfigurations.tongfang = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hardware-configuration.nix - ./modules/kde.nix - ./modules/battery.nix - ./modules/bluetooth.nix - ./modules/bootloader.nix - ./modules/configuration.nix - ./modules/creative-tools.nix - ./modules/devops-tools.nix - ./modules/display-manager.nix - ./modules/environment-variables.nix - ./modules/firewall.nix - ./modules/fonts.nix - ./modules/gc.nix - ./modules/greeter.nix - ./modules/info-fetchers.nix - ./modules/internationalisation.nix - ./modules/keyboard.nix - ./modules/linux-kernel.nix - ./modules/lsp.nix - ./modules/networking.nix - ./modules/nix-settings.nix - ./modules/nixpkgs.nix - ./modules/open-ssh.nix - ./modules/printing.nix - ./modules/programming-languages.nix - ./modules/screen.nix - ./modules/services.nix - ./modules/sound.nix - ./modules/terminal-utils.nix - ./modules/theme.nix - ./modules/time.nix - ./modules/usb.nix - ./modules/users.nix - ./modules/utils.nix - ./modules/virtualisation.nix - ./modules/vpn.nix - ./modules/work.nix - ]; - }; + # ./modules/gnome.nix + # ./modules/hyprland.nix + ./modules/kde.nix - qemu = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hardware/qemu.nix - - ./modules/kde.nix - # ./modules/battery.nix - # ./modules/bluetooth.nix - ./modules/bootloader.nix - ./modules/configuration.nix - # ./modules/creative-tools.nix - # ./modules/devops-tools.nix - ./modules/display-manager.nix - # ./modules/environment-variables.nix - # ./modules/firewall.nix - # ./modules/fonts.nix - # ./modules/gc.nix - ./modules/greeter.nix - # ./modules/info-fetchers.nix - # ./modules/internationalisation.nix - # ./modules/keyboard.nix - # ./modules/linux-kernel.nix - # ./modules/lsp.nix - ./modules/networking.nix - ./modules/nix-settings.nix - # ./modules/nixpkgs.nix - # ./modules/open-ssh.nix - # ./modules/printing.nix - # ./modules/programming-languages.nix - # ./modules/screen.nix - # ./modules/services.nix - # ./modules/sound.nix - # ./modules/terminal-utils.nix - # ./modules/theme.nix - # ./modules/time.nix - # ./modules/usb.nix - # ./modules/users.nix - # ./modules/utils.nix - # ./modules/virtualisation.nix - # ./modules/vpn.nix - # ./modules/work.nix - ]; - }; + ./modules/battery.nix + ./modules/bluetooth.nix + ./modules/bootloader.nix + ./modules/configuration.nix + ./modules/creative-tools.nix + ./modules/devops-tools.nix + ./modules/display-manager.nix + ./modules/environment-variables.nix + ./modules/firewall.nix + ./modules/fonts.nix + ./modules/gc.nix + ./modules/greeter.nix + ./modules/info-fetchers.nix + ./modules/internationalisation.nix + ./modules/keyboard.nix + ./modules/linux-kernel.nix + ./modules/lsp.nix + ./modules/networking.nix + ./modules/nix-settings.nix + ./modules/nixpkgs.nix + ./modules/open-ssh.nix + ./modules/printing.nix + ./modules/programming-languages.nix + ./modules/screen.nix + ./modules/services.nix + ./modules/sound.nix + ./modules/terminal-utils.nix + ./modules/theme.nix + ./modules/time.nix + ./modules/usb.nix + ./modules/users.nix + ./modules/utils.nix + ./modules/virtualisation.nix + ./modules/vpn.nix + ./modules/work.nix + ]; }; }; -} +} \ No newline at end of file diff --git a/nixos/hardware/qemu.nix b/nixos/hardware/qemu.nix deleted file mode 100644 index b264287..0000000 --- a/nixos/hardware/qemu.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/d6b08f23-97da-4e41-b70c-90fcc35db534"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/nixos/hardware/tongfang.nix b/nixos/hardware/tongfang.nix deleted file mode 100644 index f10dad2..0000000 --- a/nixos/hardware/tongfang.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/c7cf28c3-5744-45cc-8a81-456d24e44b7a"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/CEF6-7DAA"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/modules/linux-kernel.nix b/nixos/modules/linux-kernel.nix index d795647..7ed9788 100644 --- a/nixos/modules/linux-kernel.nix +++ b/nixos/modules/linux-kernel.nix @@ -9,11 +9,25 @@ "fbcon=nodefer" "vt.global_cursor_default=0" "kernel.modules_disabled=1" - "lsm=landlock,lockdown,yama,integrity,bpf,tomoyo" + "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux" "usbcore.autosuspend=-1" "video4linux" "acpi_rev_override=5" + # "security=selinux" ]; + # boot.kernelPatches = [ { + # name = "selinux-config"; + # patch = null; + # extraConfig = '' + # SECURITY_SELINUX y + # SECURITY_SELINUX_BOOTPARAM n + # SECURITY_SELINUX_DEVELOP y + # SECURITY_SELINUX_AVC_STATS y + # DEFAULT_SECURITY_SELINUX n + # ''; + # } ]; + + # systemd.package = pkgs.systemd.override { withSelinux = true; }; environment.systemPackages = with pkgs; [ policycoreutils diff --git a/nixos/modules/programming-languages.nix b/nixos/modules/programming-languages.nix index 0a224be..e5c8f90 100644 --- a/nixos/modules/programming-languages.nix +++ b/nixos/modules/programming-languages.nix @@ -9,5 +9,6 @@ bun lua zig + numbat ]; } \ No newline at end of file diff --git a/nixos/modules/services.nix b/nixos/modules/services.nix index 170e56a..06f18af 100644 --- a/nixos/modules/services.nix +++ b/nixos/modules/services.nix @@ -9,6 +9,7 @@ # Enable Services programs.direnv.enable = true; services.upower.enable = true; + programs.fish.enable = true; programs.dconf.enable = true; services.dbus = { enable = true; diff --git a/nixos/symlink.sh b/nixos/symlink.sh old mode 100755 new mode 100644 diff --git a/nixos/users.nix b/nixos/users.nix new file mode 100644 index 0000000..809111f --- /dev/null +++ b/nixos/users.nix @@ -0,0 +1,71 @@ +{ config, pkgs, ... }: + +{ + users.users.bart = { + isNormalUser = true; + description = "Bart van der Braak"; + extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ]; + packages = with pkgs; [ + vscodium + thunderbird + fastfetch + wezterm + neovim + logseq + element-desktop + go-task + opentofu + python3 + gnumake + gccgo + # nodejs_22 + # corepack_22 + azure-cli + sops + blender + inkscape + gimp + nixfmt-rfc-style + ]; + }; + + # Enable discovery of Google Cast and Spotify Connect devices + networking.firewall.allowedUDPPorts = [ 5353 ]; + + nixpkgs.config.permittedInsecurePackages = [ + # Workaround for electron dependency in Logseq + "electron-27.3.11" + ]; + + programs._1password.enable = true; + programs._1password-gui = { + enable = true; + # Certain features, including CLI integration and system authentication support, + # require enabling PolKit integration on some desktop environments (e.g. Plasma). + polkitPolicyOwners = [ "bart" ]; + }; + + # SSH agent configuration + programs.ssh.startAgent = true; + programs.ssh.extraConfig = '' + Host * + AddKeysToAgent yes + ServerAliveInterval 60 + ServerAliveCountMax 3 + ''; + + # GPG agent configuration + programs.gnupg.agent.enable = true; + programs.gnupg.dirmngr.enable = true; + + # Add KVM support + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + + # Add Docker support + virtualisation.docker.enable = true; + virtualisation.docker.rootless = { + enable = true; + setSocketVariable = true; + }; +}