mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup names

Browse Source
This commit is contained in:
mjallen18
2025-08-26 20:28:55 -05:00
parent 02085e7ff1
commit d6ae29f16f
56 changed files with 1406 additions and 1336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
systems/x86_64-linux/matt-nixos/boot.nix Executable file
View File

@@ -0,0 +1,52 @@
{ config, pkgs, ... }:
let
kernel = pkgs.linuxPackages_cachyos;
pkgsVersion = pkgs; # .unstable;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [
"nct6775"
"kvm-amd"
"i2c-dev"
"ddcci_backlight"
];
extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd = {
verbose = false;
systemd.enable = true;
availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
"uas"
"usb_storage"
"sd_mod"
];
};
kernelPackages = kernel;
kernelParams = [
# needed cause ssd powersaving is broken af I guess
"nvme_core.default_ps_max_latency_us=0"
"pcie_aspm=off"
];
consoleLogLevel = 3;
bootspec.enable = true;
};
environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell
];
}

76
systems/x86_64-linux/matt-nixos/default.nix Normal file
View File

@@ -0,0 +1,76 @@
# Snowfall Lib provides a customized `lib` instance with access to your flake's library
{
# as well as the libraries available from your flake's inputs.
# lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# # You also have access to your flake's inputs.
# inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
# system, # The system architecture for this host (eg. `x86_64-linux`).
# target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
# format, # A normalized name for the system target (eg. `iso`).
# virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
# systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
# config,
...
}:
{
imports = [
./boot.nix
./filesystems.nix
./hardware-configuration.nix
./sops.nix
./services/lsfg-vk
];
${namespace} = {
bootloader.lanzaboote.enable = true;
desktop = {
hyprland = {
enable = true;
wallpaperSource = "nasa";
};
gnome.enable = false;
};
gaming.enable = true;
hardware = {
disko.enable = false;
amd = {
enable = true;
lact.enable = true;
};
};
impermanence.enable = true;
network = {
hostName = "matt-nixos";
wifi = {
enable = true;
powersave = false;
profiles = {
"Joey's Jungle 6G" = {
ssid = "Joey's Jungle 6G";
keyMgmt = "sae";
};
};
};
};
};
programs.coolercontrol.enable = true;
environment.variables = {
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
}

53
systems/x86_64-linux/matt-nixos/filesystems.nix Executable file
View File

@@ -0,0 +1,53 @@
{ ... }:
let
defaultNetworkShareOptions = [
"sec=none"
"nofail"
"x-systemd.automount"
"auto"
"rw"
"file_mode=0775"
"dir_mode=0775"
"uid=matt"
"gid=wheel"
];
defaultLocalOptions = [
"compress=zstd"
# "autodefrag"
"nofail"
# "x-systemd.automount"
# "auto"
"rw"
];
in
{
fileSystems = {
"/media/matt/data" = {
device = "/dev/disk/by-uuid/f851d21e-27b3-4353-aa19-590d244db6e5";
fsType = "bcachefs";
options = [
"noatime"
]
++ defaultLocalOptions;
};
# Network shares
"/media/nas/backup" = {
device = "//10.0.1.3/Backup";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
"/media/nas/isos" = {
device = "//10.0.1.3/isos";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
"/media/nas/3d_printer" = {
device = "//10.0.1.3/3d_printer";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
};
}

100
systems/x86_64-linux/matt-nixos/hardware-configuration.nix Executable file
View File

@@ -0,0 +1,100 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
let
defeaultBtrfsOptions = [
"compress=zstd"
"autodefrag"
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"size=25%"
"mode=755"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=nix"
"noatime"
]
++ defeaultBtrfsOptions;
};
fileSystems."/etc" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=etc"
"noatime"
]
++ defeaultBtrfsOptions;
};
fileSystems."/root" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=root"
"noatime"
]
++ defeaultBtrfsOptions;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=log"
"noatime"
]
++ defeaultBtrfsOptions;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=home"
]
++ defeaultBtrfsOptions;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/216E-A7AC";
fsType = "vfat";
};
swapDevices = [
{
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5P2NS0T307907H-part2";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/x86_64-linux/matt-nixos/services/btrfs/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ lib, ... }:
{
services.btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
}

49
systems/x86_64-linux/matt-nixos/services/keyd/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{ ... }:
{
services.keyd = {
enable = false;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
# Use ⌘ key (leftmeta) to activate macOS-like layer
leftmeta = "layer(meta_mac)";
};
meta_mac = {
# Tab switching
tab = "swapm(app_switch_state, M-tab)";
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";
"3" = "A-3";
"4" = "A-4";
"5" = "A-5";
"6" = "A-6";
"7" = "A-7";
"8" = "A-8";
"9" = "A-9";
# Move to line start/end
left = "home";
right = "end";
};
app_switch_state = {
tab = "M-tab";
right = "M-tab";
"`" = "M-S-tab";
left = "M-S-tab";
};
};
};
};
};
}

11
systems/x86_64-linux/matt-nixos/services/lsfg-vk/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
services.lsfg-vk = {
enable = true;
ui.enable = true; # installs gui for configuring lsfg-vk
};
environment.variables = {
LSFG_DLL_PATH = "/media/matt/data/steam/steamapps/common/Lossless Scaling/Lossless.dll";
};
}

4
systems/x86_64-linux/matt-nixos/services/ratbagd/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
services.ratbagd.enable = lib.mkDefault true;
}

59
systems/x86_64-linux/matt-nixos/services/restic/default.nix Normal file
View File

@@ -0,0 +1,59 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
restic
restic-browser
restic-integrity
];
services.restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
}

91
systems/x86_64-linux/matt-nixos/sops.nix Executable file
View File

@@ -0,0 +1,91 @@
{
config,
lib,
namespace,
...
}:
let
user = config.${namespace}.user.name;
desktopSopsFile = (lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml");
in
{
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
# 6 - read and write (rw-)
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"desktop/hass_token" = {
sopsFile = desktopSopsFile;
mode = "0777";
};
"desktop/restic/user" = {
sopsFile = desktopSopsFile;
mode = "0644";
};
"desktop/restic/password" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
"desktop/restic/repo" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
};
# ------------------------------
# Templates
# ------------------------------
templates = {
"restic.env" = {
mode = "0600";
content = ''
RESTIC_REST_USER=${config.sops.placeholder."desktop/restic/user"}
RESTIC_REST_PASSWORD=${config.sops.placeholder."desktop/restic/password"}
'';
restartUnits = [
"restic-backups-jallen-nas.service"
"restic-backups-proton-drive.service"
];
};
};
};
}

101
systems/x86_64-linux/matt-nixos/wifi-fixer.nix Normal file
View File

@@ -0,0 +1,101 @@
{ lib, pkgs, ... }:
let
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
import subprocess
import socket
import logging
from typing import List, Optional
def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool:
"""
Check internet connectivity by attempting to connect to reliable hosts.
:param hosts_to_check: Optional list of hosts to check.
:return: Boolean indicating if internet connection is available
"""
if hosts_to_check is None:
hosts_to_check = [
"8.8.8.8", # Google DNS
"1.1.1.1", # Cloudflare DNS
"9.9.9.9" # Quad9 DNS
]
for host in hosts_to_check:
try:
# Create a socket connection with a 5-second timeout
socket.create_connection((host, 53), timeout=5)
return True
except (socket.error, socket.timeout):
continue
return False
def reset_wifi_card() -> bool:
"""
Execute WiFi card reset commands.
:return: Boolean indicating if reset commands were successful
"""
reset_commands = [
"echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset",
"sudo rmmod iwlwifi",
"sudo modprobe iwlwifi"
]
try:
for command in reset_commands:
result = subprocess.run(
command,
shell=True,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"Executed: {command}")
print(f"Output: {result.stdout}")
return True
except subprocess.CalledProcessError as e:
print(f"Error resetting WiFi: {e}")
print(f"Error output: {e.stderr}")
return False
def main():
"""
Check internet connection and reset WiFi if not connected.
"""
if not check_internet_connection():
print("No internet connection detected. Attempting WiFi reset...")
reset_wifi_card()
else:
print("Internet connection is stable. No reset needed.")
if __name__ == "__main__":
main()
'';
pkgsVersion = pkgs; # .unstable;
in
{
systemd = {
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = with pkgsVersion; [
bash
python3
networkmanager
kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ];
};
};
};
};
}