mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

desktop is building I guess, idk, need to start commiting stuff eventually lmao

Browse Source
This commit is contained in:
mjallen18
2025-07-17 20:57:18 -05:00
parent 6c7c76887b
commit 442c24997d
219 changed files with 3166 additions and 3583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
systems/x86_64-linux/deck/boot.nix Executable file
View File

@@ -0,0 +1,76 @@
{ pkgs, ... }:
let
kernel = pkgs.linuxPackages_cachyos;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelModules = [ "nct6775" ];
loader = {
systemd-boot = {
enable = false;
configurationLimit = 5;
extraInstallCommands = ''
${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
console-mode 1
default nixos-*" > /boot/loader/loader.conf
'';
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";
timeout = "0";
};
configurationLimit = 5;
# extraInstallCommands = ''
# ${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
# console-mode 1
# default nixos-*" > /boot/loader/loader.conf
# '';
};
plymouth = {
enable = true;
};
kernelPackages = kernel;
kernelParams = [
"quiet"
"amdgpu.ppfeaturemask=0xffffffff"
"splash"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
"loglevel=0"
"vt.global_cursor_default=0"
"rd.shell=0"
# Disable audit messages
"audit=0"
# Disable CPU mitigations messages
"mitigations=off"
];
bootspec.enable = true;
};
# Further reduce systemd output
systemd = {
services.systemd-udev-settle.enable = false;
extraConfig = ''
ShowStatus=no
DefaultTimeoutStartSec=15s
'';
};
}

100
systems/x86_64-linux/deck/configuration.nix Executable file
View File

@@ -0,0 +1,100 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
./boot.nix
./jovian.nix
./networking.nix
./sops.nix
];
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
builders-use-substitutes = true;
};
distributedBuilds = true;
buildMachines = [
{
hostName = "jalle-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
};
# Define a user account. Don't forget to set a password with passwd.
users.users = {
deck = {
hashedPasswordFile = config.sops.secrets."steamdeck/deck-password".path;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
firefox
tree
];
shell = pkgs.zsh;
};
root.shell = pkgs.zsh;
};
programs.coolercontrol.enable = true;
services = {
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
};
chaotic.mesa-git.enable = false;
services.displayManager.gdm.enable = lib.mkForce false;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = {
systemPackages = with pkgs; [
fuse
jq
newt
sbctl
steam-run
udisks2
zenity
];
variables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
};
};
}

73
systems/x86_64-linux/deck/home.nix Executable file
View File

@@ -0,0 +1,73 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager --flake /etc/nixos";
nas-ssh = "ssh admin@10.0.1.3";
};
in
{
home.username = "deck";
sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/deck" = {
path = "/home/deck/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/deck" = {
path = "/home/deck/.ssh/id_ed25519";
mode = "0600";
};
};
};
programs = {
steam-rom-manager = {
enable = true;
steamUsername = "mjallen18";
# Optional: override default paths if needed
environmentVariables = {
romsDirectory = "/home/deck/Emulation/roms";
steamDirectory = "/home/deck/.local/share/Steam";
};
emulators = {
ryujinx.enable = true;
dolphin-gamecube = {
enable = true;
package = pkgs.dolphin-emu;
romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
extraArgs = "-b -e \"\${filePath}\"";
};
pcsx2.enable = true;
mgba.enable = true;
"Non-SRM Shortcuts" = {
enable = true;
parserType = "Non-SRM Shortcuts";
extraArgs = "";
};
};
};
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
dolphin-emu
heroic
mgba
prismlauncher
ryujinx-greemdev
vmware-horizon-client
];
}

24
systems/x86_64-linux/deck/jovian.nix Executable file
View File

@@ -0,0 +1,24 @@
{ ... }:
{
jovian = {
steam = {
enable = true;
autoStart = true;
user = "deck";
desktopSession = "gnome";
};
steamos = {
useSteamOSConfig = true;
};
devices = {
steamdeck = {
enable = true;
enableGyroDsuService = true; # If enabled, motion data from the gyroscope can be used in Cemu with Cemuhoo
};
};
hardware.has.amd.gpu = true;
};
}

44
systems/x86_64-linux/deck/networking.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, lib, ... }:
let
hostname = "steamdeck";
wifiSsid = "Joey's Jungle 5G";
in
{
networking = {
hostName = hostname;
networkmanager = {
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
wifiSsid = {
connection = {
id = wifiSsid;
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = wifiSsid;
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

111
systems/x86_64-linux/deck/sops.nix Executable file
View File

@@ -0,0 +1,111 @@
{ config, ... }:
let
user = "deck";
in
{
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
# 6 - read and write (rw-)
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/steamdeck-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"steamdeck/deck-password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
};
# ------------------------------
# SSH keys
# ------------------------------
# "ssh-keys-public/desktop-nixos" = {
# mode = "0644";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos" = {
# mode = "0600";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/root/.ssh/id_ed25519.pub";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos-root" = {
# path = "/root/.ssh/id_ed25519";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
# path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
# ------------------------------
# Templates
# ------------------------------
templates = {
};
};
}