Restructure Configuration

2025-10-30 15:19:09 +00:00 · 2025-01-16 23:26:43 +01:00
13 changed files with 134 additions and 232 deletions
--- a/README.md
+++ b/README.md
@ -1,10 +1,3 @@
 This repository is personal and currently doesn't come with any documentation or community-centric promises.

-You're allowed to use it in whatever way you see fit but **on your own risk**, see our GLWTS license.
-
- install nixos
- open terminal and run `nix-shell -p git`
- run `git clone https://github.com/bartvdbraak/nixos-dotfiles.git`
- run `./nixos-dotfiles/dotfiles/symlink.sh` if you want to get all dotfiles in your home
- run `sudo ./nixos-dotfiles/nixos/symlink.sh` if you want get nixos configs in your /etc (it backs up your current)
- run one of the configs to switch to it, e.g. `nixos-rebuild switch --flake .#tongfang`, reboot is recommended
+You're allowed to use it in whatever way you see fit, see [LICENSE](./LICENSE).
--- a/dotfiles/.config/ghostty/config
+++ b/dotfiles/.config/ghostty/config
@ -1,5 +0,0 @@
-font-size = 12
-font-family = JetBrains Mono
-background-opacity = 0.95
-background-blur-radius = 20
-mouse-hide-while-typing = true
--- a/dotfiles/symlink.sh
+++ b/dotfiles/symlink.sh
--- a/nixos/.gitignore
+++ b/nixos/.gitignore
@ -0,0 +1 @@
+hardware-configuration.nix
--- a/nixos/flake.lock
+++ b/nixos/flake.lock
@ -1,62 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1736883708,
-        "narHash": "sha256-uQ+NQ0/xYU0N1CnXsa2zghgNaOPxWpMJXSUJJ9W7140=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "eb62e6aa39ea67e0b8018ba8ea077efe65807dc8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1735471104,
-        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs",
-        "zen-browser": "zen-browser"
-      }
-    },
-    "zen-browser": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1736997529,
-        "narHash": "sha256-eyZXz3aphVJ8mMZ5KivtnYS+5vhNxVjWGlBJM0DMqlE=",
-        "owner": "0xc000022070",
-        "repo": "zen-browser-flake",
-        "rev": "96be5663cc2ef52e8815c90f7abf3363be3950c2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "0xc000022070",
-        "repo": "zen-browser-flake",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -8,94 +8,51 @@

  outputs = { nixpkgs, ... } @ inputs:
  {
-    nixosConfigurations = {
-      tongfang = nixpkgs.lib.nixosSystem {
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./hardware/tongfang.nix
+    nixosConfigurations.tongfang = nixpkgs.lib.nixosSystem {
+      specialArgs = { inherit inputs; };
+      modules = [
+        ./hardware-configuration.nix

-          ./modules/kde.nix
-          ./modules/battery.nix
-          ./modules/bluetooth.nix
-          ./modules/bootloader.nix
-          ./modules/configuration.nix
-          ./modules/creative-tools.nix
-          ./modules/devops-tools.nix
-          ./modules/display-manager.nix
-          ./modules/environment-variables.nix
-          ./modules/firewall.nix
-          ./modules/fonts.nix
-          ./modules/gc.nix
-          ./modules/greeter.nix
-          ./modules/info-fetchers.nix
-          ./modules/internationalisation.nix
-          ./modules/keyboard.nix
-          ./modules/linux-kernel.nix
-          ./modules/lsp.nix
-          ./modules/networking.nix
-          ./modules/nix-settings.nix
-          ./modules/nixpkgs.nix
-          ./modules/open-ssh.nix
-          ./modules/printing.nix
-          ./modules/programming-languages.nix
-          ./modules/screen.nix
-          ./modules/services.nix
-          ./modules/sound.nix
-          ./modules/terminal-utils.nix
-          ./modules/theme.nix
-          ./modules/time.nix
-          ./modules/usb.nix
-          ./modules/users.nix
-          ./modules/utils.nix
-          ./modules/virtualisation.nix
-          ./modules/vpn.nix
-          ./modules/work.nix
-        ];
-      };
+        # ./modules/gnome.nix
+        # ./modules/hyprland.nix
+        ./modules/kde.nix

-      qemu = nixpkgs.lib.nixosSystem {
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./hardware/qemu.nix
-
-          ./modules/kde.nix
-          # ./modules/battery.nix
-          # ./modules/bluetooth.nix
-          ./modules/bootloader.nix
-          ./modules/configuration.nix
-          # ./modules/creative-tools.nix
-          # ./modules/devops-tools.nix
-          ./modules/display-manager.nix
-          # ./modules/environment-variables.nix
-          # ./modules/firewall.nix
-          # ./modules/fonts.nix
-          # ./modules/gc.nix
-          ./modules/greeter.nix
-          # ./modules/info-fetchers.nix
-          # ./modules/internationalisation.nix
-          # ./modules/keyboard.nix
-          # ./modules/linux-kernel.nix
-          # ./modules/lsp.nix
-          ./modules/networking.nix
-          ./modules/nix-settings.nix
-          # ./modules/nixpkgs.nix
-          # ./modules/open-ssh.nix
-          # ./modules/printing.nix
-          # ./modules/programming-languages.nix
-          # ./modules/screen.nix
-          # ./modules/services.nix
-          # ./modules/sound.nix
-          # ./modules/terminal-utils.nix
-          # ./modules/theme.nix
-          # ./modules/time.nix
-          # ./modules/usb.nix
-          # ./modules/users.nix
-          # ./modules/utils.nix
-          # ./modules/virtualisation.nix
-          # ./modules/vpn.nix
-          # ./modules/work.nix
-        ];
-      };
+        ./modules/battery.nix
+        ./modules/bluetooth.nix
+        ./modules/bootloader.nix
+        ./modules/configuration.nix
+        ./modules/creative-tools.nix
+        ./modules/devops-tools.nix
+        ./modules/display-manager.nix
+        ./modules/environment-variables.nix
+        ./modules/firewall.nix
+        ./modules/fonts.nix
+        ./modules/gc.nix
+        ./modules/greeter.nix
+        ./modules/info-fetchers.nix
+        ./modules/internationalisation.nix
+        ./modules/keyboard.nix
+        ./modules/linux-kernel.nix
+        ./modules/lsp.nix
+        ./modules/networking.nix
+        ./modules/nix-settings.nix
+        ./modules/nixpkgs.nix
+        ./modules/open-ssh.nix
+        ./modules/printing.nix
+        ./modules/programming-languages.nix
+        ./modules/screen.nix
+        ./modules/services.nix
+        ./modules/sound.nix
+        ./modules/terminal-utils.nix
+        ./modules/theme.nix
+        ./modules/time.nix
+        ./modules/usb.nix
+        ./modules/users.nix
+        ./modules/utils.nix
+        ./modules/virtualisation.nix
+        ./modules/vpn.nix
+        ./modules/work.nix
+      ];
    };
  };
 }
--- a/nixos/hardware/qemu.nix
+++ b/nixos/hardware/qemu.nix
@ -1,31 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/d6b08f23-97da-4e41-b70c-90fcc35db534";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
--- a/nixos/hardware/tongfang.nix
+++ b/nixos/hardware/tongfang.nix
@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/c7cf28c3-5744-45cc-8a81-456d24e44b7a";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/CEF6-7DAA";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/nixos/modules/linux-kernel.nix
+++ b/nixos/modules/linux-kernel.nix
@ -9,11 +9,25 @@
    "fbcon=nodefer"
    "vt.global_cursor_default=0"
    "kernel.modules_disabled=1"
-    "lsm=landlock,lockdown,yama,integrity,bpf,tomoyo"
+    "lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
    "usbcore.autosuspend=-1"
    "video4linux"
    "acpi_rev_override=5"
+    # "security=selinux"
  ];
+  # boot.kernelPatches = [ {
+  #      name = "selinux-config";
+  #      patch = null;
+  #      extraConfig = '' 
+  #              SECURITY_SELINUX y
+  #              SECURITY_SELINUX_BOOTPARAM n
+  #              SECURITY_SELINUX_DEVELOP y
+  #              SECURITY_SELINUX_AVC_STATS y
+  #              DEFAULT_SECURITY_SELINUX n
+  #            '';
+  # } ];
+
+  # systemd.package = pkgs.systemd.override { withSelinux = true; };

  environment.systemPackages = with pkgs; [
    policycoreutils
--- a/nixos/modules/programming-languages.nix
+++ b/nixos/modules/programming-languages.nix
@ -9,5 +9,6 @@
    bun
    lua
    zig
+    numbat
  ];
 }
--- a/nixos/modules/services.nix
+++ b/nixos/modules/services.nix
@ -9,6 +9,7 @@
  # Enable Services
  programs.direnv.enable = true;
  services.upower.enable = true;
+  programs.fish.enable = true;
  programs.dconf.enable = true;
  services.dbus = {
    enable = true;
--- a/nixos/symlink.sh
+++ b/nixos/symlink.sh
--- a/nixos/users.nix
+++ b/nixos/users.nix
@ -0,0 +1,71 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.bart = {
+    isNormalUser = true;
+    description = "Bart van der Braak";
+    extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" ];
+    packages = with pkgs; [
+      vscodium
+      thunderbird
+      fastfetch
+      wezterm
+      neovim
+      logseq
+      element-desktop
+      go-task
+      opentofu
+      python3
+      gnumake
+      gccgo
+      # nodejs_22
+      # corepack_22
+      azure-cli
+      sops
+      blender
+      inkscape
+      gimp
+      nixfmt-rfc-style
+    ];
+  };
+
+  # Enable discovery of Google Cast and Spotify Connect devices
+  networking.firewall.allowedUDPPorts = [ 5353 ];
+
+  nixpkgs.config.permittedInsecurePackages = [
+    # Workaround for electron dependency in Logseq
+    "electron-27.3.11"
+  ];
+
+  programs._1password.enable = true;
+  programs._1password-gui = {
+    enable = true;
+    # Certain features, including CLI integration and system authentication support,
+    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
+    polkitPolicyOwners = [ "bart" ];
+  };
+
+  # SSH agent configuration
+  programs.ssh.startAgent = true;
+  programs.ssh.extraConfig = ''
+    Host *
+      AddKeysToAgent yes
+      ServerAliveInterval 60
+      ServerAliveCountMax 3
+  '';
+
+  # GPG agent configuration
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.dirmngr.enable = true;
+
+  # Add KVM support
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
+  # Add Docker support
+  virtualisation.docker.enable = true;
+  virtualisation.docker.rootless = {
+    enable = true;
+    setSocketVariable = true;
+  };
+}