commit d469a0036f0e4cce29d37026fe16b69d2647ed40 Author: aaron Date: Thu Feb 6 16:06:21 2025 +0100 nixos config diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6d153f6 --- /dev/null +++ b/flake.lock @@ -0,0 +1,65 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738667255, + "narHash": "sha256-sMMQb9NydZqQ/MvvtPp+Ny0W9P0Jk0moU7SrTBlO5Vo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7abcf59a365430b36f84eaa452a466b11e469e33", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1738638143, + "narHash": "sha256-ZYMe4c4OCtIUBn5hx15PEGr0+B1cNEpl2dsaLxwY2W0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "9bdd53f5908453e4d03f395eb1615c3e9a351f70", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1738546358, + "narHash": "sha256-nLivjIygCiqLp5QcL7l56Tca/elVqM9FG1hGd9ZSsrg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c6e957d81b96751a3d5967a0fd73694f303cc914", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7b55eef --- /dev/null +++ b/flake.nix @@ -0,0 +1,91 @@ +{ + description = "aar0ns flake configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + }; + + # c3d2-user-module = { + # url = "git+https://gitea.c3d2.de/C3D2/nix-user-module.git"; + # }; + # sops-nix = { + # url = "github:Mic92/sops-nix"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # }; + + outputs = { self, nixpkgs, home-manager, nixos-hardware }: + let + + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + }; + + base-modules = [ + ./modules/defaults/nix.nix + + home-manager.nixosModules.home-manager + ./modules/defaults/home-manager.nix + ]; + + in + { + legacypackages.x86_64-linux = { + inherit pkgs; + }; + + nixosConfigurations = { + nussbaum = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = base-modules ++ [ + nixos-hardware.nixosModules.lenovo-thinkpad-t490 + home-manager.nixosModules.home-manager + ./modules/defaults/home-manager.nix + ./modules/systems/t490.nix + ./modules/defaults/base.nix + ./modules/defaults/desktop.nix + ./modules/defaults/fonts.nix + ./modules/defaults/home-manager.nix + ./modules/defaults/networking.nix + ./modules/defaults/users.nix + ./modules/defaults/virtualization/docker.nix + ./modules/defaults/virtualization/kvm.nix + ./modules/defaults/security.nix + ]; + }; + }; + }; +} + # lib.mergeAttrs commonAttrs { + # modules = [ + # ./modules/configuration.nix + # c3d2-user-module.nixosModule + # sops-nix.nixosModules.sops + # ]; + # }); + + #mobile = nixpkgs.lib.nixosSystem (lib.mergeAttrs commonAttrs { + # modules = [ + # ./hosts/mobile/configuration.nix + # c3d2-user-module.nixosModule + # sops-nix.nixosModules.sops + # ]; + #}); + + #tower = nixpkgs.lib.nixosSystem (lib.mergeAttrs commonAttrs { + # modules = [ + # ./hosts/tower/configuration.nix + # sops-nix.nixosModules.sops + # ]; + #}); +# }; +# }; +#} + diff --git a/modules/defaults/base.nix b/modules/defaults/base.nix new file mode 100644 index 0000000..53c226e --- /dev/null +++ b/modules/defaults/base.nix @@ -0,0 +1,33 @@ +## Some defaults I want for all my systems + +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + nix-index + vim tmux + wget curl + htop atop iotop iftop + file bc + babashka rlwrap + ]; + + boot.loader.grub.configurationLimit = 5; + boot.loader.systemd-boot.configurationLimit = 5; + #boot.loader.grub.copyKernels = false; + + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "de_DE.UTF-8"; + #i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = + { + LC_MESSAGES = "en_US.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + LANGUAGE = "de"; + LC_MONETARY = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LANG = "en_US.UTF-8"; + }; + + environment.variables = { EDITOR = "vim"; }; +} diff --git a/modules/defaults/btrfs.nix b/modules/defaults/btrfs.nix new file mode 100644 index 0000000..2a2ca97 --- /dev/null +++ b/modules/defaults/btrfs.nix @@ -0,0 +1,53 @@ +{ + imports = + [ + + ]; + + services.beesd.filesystems = { + luks-13b43fe2-5ff0-4e99-8d2a-2b92ff2e0df6 = { + spec = "UUID=6886fe4e-ebfc-458c-82e7-a0c4876529c8"; + hashTableSizeMB = 4096; + #workDir ".beeshome"; + verbosity = "err"; + #extraOptions = [ "" ]; + }; + }; + + + fileSystems."/" = + { + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + + fileSystems."/nix" = { + fsType = "btrfs"; + options = [ "compress=zstd:10" ]; + }; + + fileSystems."/var" = { + fsType = "btrfs"; + options = [ "compress=zstd:3" ]; + }; + + fileSystems."/var/lib" = { + fsType = "btrfs"; + options = [ "compress=zstd:3" ]; + }; + + fileSystems."/var/log" = { + fsType = "btrfs"; + options = [ "compress=zstd:10" ]; + }; + + fileSystems."/tmp" = { + fsType = "btrfs"; + options = [ "compress=zstd:1" ]; + }; + + fileSystems."/home" = { + fsType = "btrfs"; + options = [ "compress=zstd:5" ]; + }; +} diff --git a/modules/defaults/desktop.nix b/modules/defaults/desktop.nix new file mode 100644 index 0000000..f56ab06 --- /dev/null +++ b/modules/defaults/desktop.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + console.useXkbConfig = true; + + # Configure keymap in X11 + services.xserver.xkb.layout = "de"; + + # Configure console keymap + # console.keyMap = "de"; + + # libinput.enable = true; + + # Desktop Environment KDE + services.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable Wayland + programs.xwayland.enable = true; + + programs.dconf.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = with pkgs; [ gutenprint splix ]; + }; + + hardware.sane = { + enable = true; + # extraBackends = with pkgs; [ hplipWithPlugin ]; + }; + + # c3d2.addKnownHosts = true; # audio for c3d2 + # c3d2.audioStreaming = true; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + }; + + hardware.bluetooth.enable = true; + services.blueman.enable = true; + +} diff --git a/modules/defaults/fonts.nix b/modules/defaults/fonts.nix new file mode 100644 index 0000000..e507c07 --- /dev/null +++ b/modules/defaults/fonts.nix @@ -0,0 +1,7 @@ +{ config, pkgs, nixpkgs, ... }: +{ + fonts.packages = with pkgs; [ + nerd-fonts.overpass ## required for starship + dejavu_fonts + ]; +} diff --git a/modules/defaults/home-manager.nix b/modules/defaults/home-manager.nix new file mode 100644 index 0000000..41ed3f5 --- /dev/null +++ b/modules/defaults/home-manager.nix @@ -0,0 +1,12 @@ +## Don't forget to use the module `home-manager.nixosModules.home-manager` + +{ pkgs, ... }: +{ + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1w" + ]; +} + diff --git a/modules/defaults/home-manager/admin.nix b/modules/defaults/home-manager/admin.nix new file mode 100644 index 0000000..558ad38 --- /dev/null +++ b/modules/defaults/home-manager/admin.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + bind.dnsutils fping speedtest-cli + traceroute nmap + tcpdump mitmproxy + ]; +} diff --git a/modules/defaults/home-manager/base.nix b/modules/defaults/home-manager/base.nix new file mode 100644 index 0000000..87c0445 --- /dev/null +++ b/modules/defaults/home-manager/base.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + networkmanagerapplet + + unzip + bat #silver-searcher + jq + + libfaketime + + dmenu ## required by clipmenu + ]; + + programs.bash.enable = true; + programs.starship = { + enable = true; + enableBashIntegration = true; + }; + + services.clipmenu.enable = true; + +} diff --git a/modules/defaults/home-manager/dev/base.nix b/modules/defaults/home-manager/dev/base.nix new file mode 100644 index 0000000..1266ebd --- /dev/null +++ b/modules/defaults/home-manager/dev/base.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + gnumake + docker-compose + + openssl + ]; +} diff --git a/modules/defaults/home-manager/dev/git.nix b/modules/defaults/home-manager/dev/git.nix new file mode 100644 index 0000000..c1fb540 --- /dev/null +++ b/modules/defaults/home-manager/dev/git.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + programs.git = { + enable = true; + userEmail = "kontakt@aarontrom.de"; + userName = "Aar0n"; + ignores = [ "*.swp" ]; + extraConfig = { + pull.rebase = true; + init.defaultBranch = "main"; + }; + }; + + home.packages = with pkgs; [ + gitAndTools.gitflow + circleci-cli + ]; +} diff --git a/modules/defaults/home-manager/multimedia.nix b/modules/defaults/home-manager/multimedia.nix new file mode 100644 index 0000000..30da172 --- /dev/null +++ b/modules/defaults/home-manager/multimedia.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + pavucontrol mpv yt-dlp vlc mixxx + ]; + + # services.blueman-applet.enable = true; +} diff --git a/modules/defaults/home-manager/nextcloud.nix b/modules/defaults/home-manager/nextcloud.nix new file mode 100644 index 0000000..48760ad --- /dev/null +++ b/modules/defaults/home-manager/nextcloud.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + services.nextcloud-client.enable = true; +} diff --git a/modules/defaults/home-manager/office.nix b/modules/defaults/home-manager/office.nix new file mode 100644 index 0000000..3f5b1da --- /dev/null +++ b/modules/defaults/home-manager/office.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + pass + libreoffice ding + simple-scan xsane gimp imagemagick ffmpeg + thunderbird signal-desktop + texlive.combined.scheme-full pdftk + ]; + + programs.chromium = { + enable = true; + extensions = [ + "naepdomgkenhinolocfifgehidddafch" # browserpass + "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger + "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + "mafpmfcccpbjnhfhjnllmmalhifmlcie" # snowflake + "bkdgflcldnnnapblkhphbgpggdiikppg" # duckduckgo essentials + ]; + }; + + programs.firefox.enable = true; + + programs.browserpass.enable = true; +} diff --git a/modules/defaults/networking.nix b/modules/defaults/networking.nix new file mode 100644 index 0000000..96388ff --- /dev/null +++ b/modules/defaults/networking.nix @@ -0,0 +1,36 @@ +{ config, pkgs, ... }: + +{ + networking.usePredictableInterfaceNames = false; + + networking.networkmanager.enable = true; + + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.eth0.useDHCP = true; + networking.interfaces.wlan0.useDHCP = true; + + # services.openvpn.servers = { + # officeVPN = { config = '' config /root/nixos/openvpn/officeVPN.conf ''; }; + # }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + services.avahi = { + enable = true; + # nssmdns4 = true; + }; + + environment.systemPackages = with pkgs; [ macchanger ]; +} diff --git a/modules/defaults/nix.nix b/modules/defaults/nix.nix new file mode 100644 index 0000000..c4ecaa6 --- /dev/null +++ b/modules/defaults/nix.nix @@ -0,0 +1,25 @@ +{ config, pkgs, nixpkgs, ... }: + +{ + boot.tmp.cleanOnBoot = true; + + nix.package = pkgs.nixVersions.git; + + # nix.extraOptions = "experimental-features = nix-command flakes ca-derivations"; + nix.extraOptions = "experimental-features = nix-command flakes"; + + #nix.daemonIONiceLevel = 7; + #nix.daemonNiceLevel = 19; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + }; + + nix.gc = { + automatic = true; + dates = "weekly"; + }; +} diff --git a/modules/defaults/security.nix b/modules/defaults/security.nix new file mode 100644 index 0000000..3d20ca8 --- /dev/null +++ b/modules/defaults/security.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + + environment.systemPackages = with pkgs; [ + libyubikey + yubico-pam + yubikey-manager + yubikey-personalization + yubico-piv-tool + pcsctools + opensc + usbutils + ssh-to-age + age-plugin-yubikey + ]; + + # mutableUsers = false; TODO: blocked by https://github.com/Mic92/sops-nix/pull/680 + + programs.adb.enable = true; + security.pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + + services.pcscd = { + enable = false; # dependency of yubikey agent + plugins = [ pkgs.libykneomgr ]; + }; + services.udev.packages = [ pkgs.yubikey-personalization ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; +} + diff --git a/modules/defaults/users.nix b/modules/defaults/users.nix new file mode 100644 index 0000000..c0934d1 --- /dev/null +++ b/modules/defaults/users.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: +{ + + programs.adb.enable = true; + services.udev.packages = [ + pkgs.android-udev-rules + ]; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.aaron = { + isNormalUser = true; + extraGroups = [ "wheel" "adbusers"]; # Enable ‘sudo’ for the user. + + + packages = with pkgs; [ + firefox + tree + thunderbird + element-desktop + gajim + keepassxc + git + nextcloud-client + # nextcloud27 + libreoffice + signal-desktop + gnome-keyring + oh-my-git + tor + tor-browser-bundle-bin + inkscape + freetube + masterpdfeditor4 + webtorrent_desktop + borgbackup + kcalc + fzf + imagemagick + gcc + calyx-vpn + riseup-vpn + ungoogled-chromium + kopia + smplayer + libsForQt5.kate + usbutils + openvpn + appflowy + libsForQt5.krfb + libsForQt5.xdg-desktop-portal-kde + vscodium + python311Packages.wled + python311Packages.pip + yubioath-flutter + ripgrep + ]; + }; + + programs.bash.shellAliases = { + yay = "sudo nixos-rebuild switch"; + }; + + home-manager.users.aaron = { pkgs, config, ... }: { + home.stateVersion = "21.11"; + imports = [ + ./home-manager/base.nix + + ./home-manager/office.nix + ./home-manager/multimedia.nix + ./home-manager/nextcloud.nix + + ./home-manager/admin.nix + ./home-manager/dev/base.nix + # ./home-manager/dev/nvim-coc.nix + ./home-manager/dev/git.nix + # ./home-manager/dev/embedded.nix + # ./home-manager/dev/web.nix + # ./home-manager/dev/mobile.nix + # ./home-manager/dev/clojure.nix + # ./home-manager/dev/rust.nix + ]; + }; + + programs.extra-container.enable = true; + + # services.pcscd.enable = true; +} diff --git a/modules/defaults/virtualization/docker.nix b/modules/defaults/virtualization/docker.nix new file mode 100644 index 0000000..f0af836 --- /dev/null +++ b/modules/defaults/virtualization/docker.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + virtualisation.docker.enable = true; + + users.groups.docker = {}; + + virtualisation.docker.autoPrune.enable = true; +} diff --git a/modules/defaults/virtualization/kvm.nix b/modules/defaults/virtualization/kvm.nix new file mode 100644 index 0000000..e1df513 --- /dev/null +++ b/modules/defaults/virtualization/kvm.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: + +{ + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + environment.systemPackages = with pkgs; [ virt-manager ]; + + users.users."aaron".extraGroups = [ "libvirtd" ]; +} diff --git a/modules/swap.nix b/modules/swap.nix new file mode 100644 index 0000000..0860e1c --- /dev/null +++ b/modules/swap.nix @@ -0,0 +1,4 @@ +{ config, pkgs, nixpkgs, ... }: + +{swapDevices.*.randomEncryption.enable = false; #used to be enabled - I set it to false +} diff --git a/modules/systems/t490.nix b/modules/systems/t490.nix new file mode 100644 index 0000000..c8dba7a --- /dev/null +++ b/modules/systems/t490.nix @@ -0,0 +1,63 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + system.stateVersion = "23.11"; + networking.hostName = "nussbaum"; + + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + # ../defaults/fonts.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + + boot.initrd.luks.devices."nussbaum".device = "/dev/disk/by-uuid/683a959d-f887-4fe9-9a5c-8c65e39c0647"; + boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/f3dde71d-e12d-487e-81e8-7905d679aebb"; #used to be enabled + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2279-E1C9"; + fsType = "vfat"; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6a60a9f9-47d6-4617-a1cd-99cdc5a0f550"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1df5f3df-8d38-41df-aac4-999747e5feab"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # services.thinkfan.enable = true; + boot.extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + + networking.useDHCP = lib.mkDefault true; + + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + # networking.interfaces.wwan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.config.allowUnfree = true; ## required by android-studio +}