mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-08-24 18:56:51 -05:00
parent cfaf900db6
commit 2ea82a643d
22 changed files with 338 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
systems/x86_64-linux/desktop/configuration.nix
View File

@@ -1,105 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
...
}:
let
pkgsVersion = pkgs; # .unstable;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
systemPackages = with pkgsVersion; [
acpilight
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
borgbackup
brightnessctl
# brscan5
ddcui
ddcutil
# ddccontrol
# ddccontrol-db
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
os-prober
nil
qemu
rclone
rclone-browser
restic
restic-browser
restic-integrity
sane-frontends
sbctl
tpm2-tools
tpm2-tss
udisks2
unzip
winetricks
];
in
{
chaotic.mesa-git.enable = false;
# Environment configuration
environment = {
systemPackages = systemPackages;
variables = environmentVariables;
};
# Hardware configuration
hardware = {
# Enable the QMK firmware flashing tool.
keyboard = {
qmk.enable = false;
};
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
# extraBackends = [ pkgsVersion.brscan5 ];
};
flipperzero.enable = true;
};
# Common Configuration
share = {
gaming.enable = true;
hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
};
};
programs.coolercontrol.enable = true;
# Time configuration
time = {
hardwareClockInLocalTime = lib.mkDefault false;
};
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
podman.enable = true;
waydroid.enable = lib.mkDefault true;
};
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
}

48
systems/x86_64-linux/desktop/default.nix
View File

@@ -2,8 +2,8 @@
{
# as well as the libraries available from your flake's inputs.
# lib,
# # An instance of `pkgs` with your overlays and packages applied is also available.
# pkgs,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# # You also have access to your flake's inputs.
# inputs,
@@ -16,32 +16,41 @@
# systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
config,
# config,
...
}:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
in
{
imports = [
./boot.nix
./configuration.nix
./filesystems.nix
./hardware-configuration.nix
# ./networking.nix - moved to modules/nixos/network
./nix.nix
./sops.nix
./services/lsfg-vk
./specialisations/hyprland
];
${namespace} = {
hardware.disko.enable = false;
bootloader.lanzaboote.enable = true;
desktop = {
hyprland = {
enable = true;
wallpaperSource = "nasa";
};
gnome.enable = false;
};
gaming.enable = true;
hardware = {
disko.enable = false;
amd = {
enable = true;
lact.enable = true;
};
};
impermanence.enable = true;
desktop.gnome.enable = true;
network = {
hostName = "matt-nixos";
wifi = {
@@ -55,8 +64,13 @@ in
};
};
};
user = {
passwordFile = passwordFile;
};
};
programs.coolercontrol.enable = true;
environment.variables = {
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
}

46
systems/x86_64-linux/desktop/networking.nix
View File

@@ -1,46 +0,0 @@
{ lib, config, ... }:
let
hostname = "matt-nixos";
in
{
# Networking configs
networking = {
hostName = lib.mkDefault hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

38
systems/x86_64-linux/desktop/nix.nix
View File

@@ -1,38 +0,0 @@
{ lib, ... }:
let
user = "matt";
in
{
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev/nas-cache"
];
trusted-public-keys = [
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ user ];
};
# settings.builders-use-substitutes = true;
# distributedBuilds = true;
buildMachines = [
{
hostName = "jallen-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
}

8
systems/x86_64-linux/desktop/services/restic/default.nix
View File

@@ -1,5 +1,11 @@
{ config, ... }:
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
restic
restic-browser
restic-integrity
];
services.restic.backups = {
jallen-nas = {
initialize = true;

65
systems/x86_64-linux/desktop/sops.nix
View File

@@ -1,8 +1,7 @@
{ config, lib, ... }:
{ config, lib, namespace, ... }:
let
user = "matt";
user = config.${namespace}.user.name;
desktopSopsFile = (lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml");
commonSopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{
# Permission modes are in octal representation (same as chmod),
@@ -20,103 +19,51 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = lib.mkForce desktopSopsFile; # todo
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"desktop/hass_token" = {
sopsFile = desktopSopsFile;
mode = "0777";
};
"desktop/matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"desktop/restic/user" = {
sopsFile = desktopSopsFile;
mode = "0644";
};
"desktop/restic/password" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
"desktop/restic/repo" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
"wifi" = {
sopsFile = commonSopsFile;
};
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
sopsFile = commonSopsFile;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
sopsFile = commonSopsFile;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
sopsFile = commonSopsFile;
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = commonSopsFile;
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
# ------------------------------

12
systems/x86_64-linux/desktop/specialisations/cosmic/default.nix
View File

@@ -1,12 +0,0 @@
{ namespace, ... }:
{
specialisation.cosmic.configuration = {
${namespace} = {
desktop = {
cosmic.enable = true;
gnome.enable = true;
};
};
environment.etc."specialisation".text = "cosmic";
};
}

17
systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
View File

@@ -1,17 +0,0 @@
{ lib, namespace, ... }:
{
specialisation.hyprland.inheritParentConfig = true;
specialisation.hyprland.configuration = {
home-manager.users.matt = import ./home/default.nix;
${namespace} = {
desktop = {
hyprland = {
enable = true;
wallpaperSource = "nasa";
};
gnome.enable = lib.mkForce false;
};
};
environment.etc."specialisation".text = "hyprland";
};
}

124
systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
View File

@@ -1,124 +0,0 @@
{ pkgs, lib, ... }:
let
displayLeft = {
input = "DP-1";
resolution = "3840x2160";
refreshRate = "240.00000";
};
displayRight = {
input = "DP-2";
resolution = "3840x2160";
refreshRate = "240.00000";
};
in
{
mjallen = {
programs.hyprland = {
enable = true;
primaryDisplay = "DP-1";
wallpaper = [
"${displayLeft.input}, /run/wallpaper.jpg"
"${displayRight.input}, /run/wallpaper.jpg"
];
monitor = [
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 7680, tag:horizonrdp"
];
extraConfig = ''
exec-once = nm-applet
exec-once = [silent] firefox
exec-once = [silent] vesktop
exec-once = [silent] chromium --app="https://music.apple.com"
exec-once = [silent] steam
'';
defaultApps = {
browser = pkgs.firefox;
};
};
programs = {
btop.enable = true;
kitty = {
enable = true;
font = {
name = "JetBrainsMono NFM";
package = pkgs.nerd-fonts.jetbrains-mono;
};
};
mako = {
enable = true;
fontName = "JetBrainsMono NFM";
};
nwg-dock.enable = true;
nwg-drawer.enable = true;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
networkInterface = "wlp9s0";
modules-right = [
"custom/lights"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"wireplumber#source"
"bluetooth"
"network"
"idle_inhibitor"
"clock"
"custom/weather"
];
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: #88c0d0;
background-color: #2e3440;
opacity: 0.8;
border-left: 5px solid #88c0d0;
}
#custom-lights:hover {
background: #4c566a;
}
'';
};
wlogout.enable = true;
wofi.enable = true;
};
};
}

14
systems/x86_64-linux/desktop/users.nix
View File

@@ -1,14 +0,0 @@
{
config,
namespace,
lib,
...
}:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
in
{
${namespace}.user = {
passwordFile = lib.mkForce passwordFile;
};
}