From 6eb29a4914675e92a116d1032a0ad0d37a659792 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 25 Jan 2024 10:01:46 -0600 Subject: [PATCH] initial nixos config --- configuration.nix | 203 ++++++++++++++++++++++++++++- flake.lock | 253 ++++++++++++++++++++++++++++++++++++- flake.nix | 28 +++- hardware-configuration.nix | 80 +++++++++++- 4 files changed, 560 insertions(+), 4 deletions(-) mode change 120000 => 100644 configuration.nix mode change 120000 => 100644 flake.lock mode change 120000 => 100644 flake.nix mode change 120000 => 100644 hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix deleted file mode 120000 index faf36fd..0000000 --- a/configuration.nix +++ /dev/null @@ -1 +0,0 @@ -/etc/nixos/configuration.nix \ No newline at end of file diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..f67a201 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,202 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: +let + # discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages. + discover-wrapped = pkgs.symlinkJoin + { + name = "discover-flatpak-backend"; + paths = [ pkgs.libsForQt5.discover ]; + buildInputs = [ pkgs.makeWrapper ]; + postBuild = '' + wrapProgram $out/bin/plasma-discover --add-flags "--backends flatpak" + ''; + }; +in +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Enable nix flakes and nix-command tools + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Enable non free + nixpkgs.config.allowUnfree = true; + + time.hardwareClockInLocalTime = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.loader.systemd-boot.configurationLimit = 5; + + boot.bootspec.enable = true; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + + # Override kernel to latest + boot.kernelPackages = pkgs.linuxPackages_latest; + + networking.hostName = "matt-nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Bluetooth + hardware.bluetooth.enable = true; + hardware.xpadneo.enable = true; + + # Steam udev rules for remote play + hardware.steam-hardware.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023 + boot.kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + # Enable the Plasma 5 Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.defaultSession = "plasmawayland"; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enable Flatpak + services.flatpak.enable = true; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ]; + + # Enable AppImage + boot.binfmt.registrations.appimage = { + wrapInterpreterInShell = false; + interpreter = "${pkgs.appimage-run}/bin/appimage-run"; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.matt = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + firefox + tree + lm_sensors + vmware-horizon-client + corectrl + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + nano + os-prober + efibootmgr + git + sbctl + gparted + discover-wrapped + ]; + + # Steam + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + hardware.opengl.driSupport32Bit = true; # Enables support for 32bit libs that steam uses + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/flake.lock b/flake.lock deleted file mode 120000 index 4aed843..0000000 --- a/flake.lock +++ /dev/null @@ -1 +0,0 @@ -/etc/nixos/flake.lock \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..fd690f3 --- /dev/null +++ b/flake.lock @@ -0,0 +1,252 @@ +{ + "nodes": { + "crane": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "rust-overlay": [ + "lanzaboote", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682802423, + "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "64b903ca87d18cef2752c19c098af275c6e51d63", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.3.0", + "repo": "lanzaboote", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1678872516, + "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1681413034, + "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "lanzaboote": "lanzaboote", + "nixpkgs": "nixpkgs" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682129965, + "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2c417c0460b788328220120c698630947547ee83", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix deleted file mode 120000 index 3bbd9df..0000000 --- a/flake.nix +++ /dev/null @@ -1 +0,0 @@ -/etc/nixos/flake.nix \ No newline at end of file diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ce7888f --- /dev/null +++ b/flake.nix @@ -0,0 +1,27 @@ +{ + description = "flake for matt-nixos"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; +# impermanence.url = "github:nix-community/impermanence"; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.3.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + +# outputs = { self, nixpkgs, impermanence, lanzaboote } @ inputs: { + outputs = { self, nixpkgs, lanzaboote } @ inputs: { + nixosConfigurations = { + "matt-nixos" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ +# inputs.impermanence.nixosModules.impermanence + inputs.lanzaboote.nixosModules.lanzaboote + ./configuration.nix + # ./impermanence.nix + ]; + }; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix deleted file mode 120000 index 4dde6be..0000000 --- a/hardware-configuration.nix +++ /dev/null @@ -1 +0,0 @@ -/etc/nixos/hardware-configuration.nix \ No newline at end of file diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..0de6494 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,79 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "none"; + fsType = "tmpfs"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/etc" = + { device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d"; + fsType = "btrfs"; + options = [ "subvol=etc" "compress=zstd" "noatime" ]; + }; + + fileSystems."/root" = + { device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" "noatime" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1058-F967"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1db92c49-aa8d-4ca2-b453-83bfcd1d36dd"; } + ]; + + fileSystems."/home/matt/Games" = + { device = "/dev/disk/by-uuid/1adb3161-ef9e-45d9-be5f-dd718186f1b3"; + fsType = "ext4"; + }; + fileSystems."/home/matt/1TB" = + { device = "/dev/disk/by-uuid/7f9c2d1e-64ee-d901-2084-2d1e64eed901"; + fsType = "ext4"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}