Restructure Configuration

2025-06-29 12:49:10 +00:00 · 2025-01-16 23:26:43 +01:00
13 changed files with 134 additions and 232 deletions
--- a/README.md
+++ b/README.md
@ -1,10 +1,3 @@
 This repository is personal and currently doesn't come with any documentation or community-centric promises.
-You're allowed to use it in whatever way you see fit but **on your own risk**, see our GLWTS license.
+You're allowed to use it in whatever way you see fit, see [LICENSE](./LICENSE).
 - install nixos
 - open terminal and run `nix-shell -p git`
 - run `git clone https://github.com/bartvdbraak/nixos-dotfiles.git`
 - run `./nixos-dotfiles/dotfiles/symlink.sh` if you want to get all dotfiles in your home
 - run `sudo ./nixos-dotfiles/nixos/symlink.sh` if you want get nixos configs in your /etc (it backs up your current)
 - run one of the configs to switch to it, e.g. `nixos-rebuild switch --flake .#tongfang`, reboot is recommended
--- a/dotfiles/.config/ghostty/config
+++ b/dotfiles/.config/ghostty/config
@ -1,5 +0,0 @@
 font-size = 12
 font-family = JetBrains Mono
 background-opacity = 0.95
 background-blur-radius = 20
 mouse-hide-while-typing = true
--- a/dotfiles/symlink.sh
+++ b/dotfiles/symlink.sh
--- a/nixos/.gitignore
+++ b/nixos/.gitignore
@ -0,0 +1 @@
 hardware-configuration.nix
--- a/nixos/flake.lock
+++ b/nixos/flake.lock
@ -1,62 +0,0 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1736883708,
        "narHash": "sha256-uQ+NQ0/xYU0N1CnXsa2zghgNaOPxWpMJXSUJJ9W7140=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "eb62e6aa39ea67e0b8018ba8ea077efe65807dc8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1735471104,
        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs",
        "zen-browser": "zen-browser"
      }
    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1736997529,
        "narHash": "sha256-eyZXz3aphVJ8mMZ5KivtnYS+5vhNxVjWGlBJM0DMqlE=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
        "rev": "96be5663cc2ef52e8815c90f7abf3363be3950c2",
        "type": "github"
      },
      "original": {
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -8,13 +8,15 @@
  outputs = { nixpkgs, ... } @ inputs:
  {
-    nixosConfigurations = {
+    nixosConfigurations.tongfang = nixpkgs.lib.nixosSystem {
      tongfang = nixpkgs.lib.nixosSystem {
      specialArgs = { inherit inputs; };
      modules = [
-          ./hardware/tongfang.nix
+        ./hardware-configuration.nix
        # ./modules/gnome.nix
        # ./modules/hyprland.nix
        ./modules/kde.nix
        ./modules/battery.nix
        ./modules/bluetooth.nix
        ./modules/bootloader.nix
@ -52,50 +54,5 @@
        ./modules/work.nix
      ];
    };
      qemu = nixpkgs.lib.nixosSystem {
        specialArgs = { inherit inputs; };
        modules = [
          ./hardware/qemu.nix
          ./modules/kde.nix
          # ./modules/battery.nix
          # ./modules/bluetooth.nix
          ./modules/bootloader.nix
          ./modules/configuration.nix
          # ./modules/creative-tools.nix
          # ./modules/devops-tools.nix
          ./modules/display-manager.nix
          # ./modules/environment-variables.nix
          # ./modules/firewall.nix
          # ./modules/fonts.nix
          # ./modules/gc.nix
          ./modules/greeter.nix
          # ./modules/info-fetchers.nix
          # ./modules/internationalisation.nix
          # ./modules/keyboard.nix
          # ./modules/linux-kernel.nix
          # ./modules/lsp.nix
          ./modules/networking.nix
          ./modules/nix-settings.nix
          # ./modules/nixpkgs.nix
          # ./modules/open-ssh.nix
          # ./modules/printing.nix
          # ./modules/programming-languages.nix
          # ./modules/screen.nix
          # ./modules/services.nix
          # ./modules/sound.nix
          # ./modules/terminal-utils.nix
          # ./modules/theme.nix
          # ./modules/time.nix
          # ./modules/usb.nix
          # ./modules/users.nix
          # ./modules/utils.nix
          # ./modules/virtualisation.nix
          # ./modules/vpn.nix
          # ./modules/work.nix
        ];
      };
    };
  };
 }
--- a/nixos/hardware/qemu.nix
+++ b/nixos/hardware/qemu.nix
@ -1,31 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/d6b08f23-97da-4e41-b70c-90fcc35db534";
      fsType = "ext4";
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/nixos/hardware/tongfang.nix
+++ b/nixos/hardware/tongfang.nix
@ -1,38 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/c7cf28c3-5744-45cc-8a81-456d24e44b7a";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/CEF6-7DAA";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos/modules/linux-kernel.nix
+++ b/nixos/modules/linux-kernel.nix
@ -9,11 +9,25 @@
    "fbcon=nodefer"
    "vt.global_cursor_default=0"
    "kernel.modules_disabled=1"
-    "lsm=landlock,lockdown,yama,integrity,bpf,tomoyo"
+    "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
    "usbcore.autosuspend=-1"
    "video4linux"
    "acpi_rev_override=5"
    # "security=selinux"
  ];
  # boot.kernelPatches = [ {
  #      name = "selinux-config";
  #      patch = null;
  #      extraConfig = '' 
  #              SECURITY_SELINUX y
  #              SECURITY_SELINUX_BOOTPARAM n
  #              SECURITY_SELINUX_DEVELOP y
  #              SECURITY_SELINUX_AVC_STATS y
  #              DEFAULT_SECURITY_SELINUX n
  #            '';
  # } ];
  # systemd.package = pkgs.systemd.override { withSelinux = true; };
  environment.systemPackages = with pkgs; [
    policycoreutils
--- a/nixos/modules/programming-languages.nix
+++ b/nixos/modules/programming-languages.nix
@ -9,5 +9,6 @@
    bun
    lua
    zig
    numbat
  ];
 }
--- a/nixos/modules/services.nix
+++ b/nixos/modules/services.nix
@ -9,6 +9,7 @@
  # Enable Services
  programs.direnv.enable = true;
  services.upower.enable = true;
  programs.fish.enable = true;
  programs.dconf.enable = true;
  services.dbus = {
    enable = true;
--- a/nixos/symlink.sh
+++ b/nixos/symlink.sh
--- a/nixos/users.nix
+++ b/nixos/users.nix
@ -0,0 +1,71 @@
 { config, pkgs, ... }:
 {
  users.users.bart = {
    isNormalUser = true;
    description = "Bart van der Braak";
    extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ];
    packages = with pkgs; [
      vscodium
      thunderbird
      fastfetch
      wezterm
      neovim
      logseq
      element-desktop
      go-task
      opentofu
      python3
      gnumake
      gccgo
      # nodejs_22
      # corepack_22
      azure-cli
      sops
      blender
      inkscape
      gimp
      nixfmt-rfc-style
    ];
  };
  # Enable discovery of Google Cast and Spotify Connect devices
  networking.firewall.allowedUDPPorts = [ 5353 ];
  nixpkgs.config.permittedInsecurePackages = [
    # Workaround for electron dependency in Logseq
    "electron-27.3.11"
  ];
  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    # Certain features, including CLI integration and system authentication support,
    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
    polkitPolicyOwners = [ "bart" ];
  };
  # SSH agent configuration
  programs.ssh.startAgent = true;
  programs.ssh.extraConfig = ''
    Host *
      AddKeysToAgent yes
      ServerAliveInterval 60
      ServerAliveCountMax 3
  '';
  # GPG agent configuration
  programs.gnupg.agent.enable = true;
  programs.gnupg.dirmngr.enable = true;
  # Add KVM support
  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;
  # Add Docker support
  virtualisation.docker.enable = true;
  virtualisation.docker.rootless = {
    enable = true;
    setSocketVariable = true;
  };
 }