mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

organization

Browse Source
This commit is contained in:
mjallen18
2024-02-24 23:08:52 -06:00
parent dc6ebf3cbb
commit f0e5baea4b
22 changed files with 811 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
hosts/desktop/configuration.nix Normal file
View File

@@ -0,0 +1,343 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "matt-nixos";
timezone = "America/Chicago";
# discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages.
discover-wrapped = pkgs.symlinkJoin
{
name = "discover-flatpak-backend";
paths = [ pkgs.libsForQt5.discover ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/plasma-discover --add-flags "--backends flatpak"
'';
};
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./cachix/cachix.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = false;
configurationLimit = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
default = "@saved";
console-mode = "max";
};
configurationLimit = 2;
};
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"quiet" "amdgpu.ppfeaturemask=0xffffffff"
];
consoleLogLevel = 3;
bootspec.enable = true;
# Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1;
# Enable AppImage
binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
magicOrExtension = ''\x7fELF....AI\x02'';
};
};
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = true;
# Xbox controllers
xpadneo.enable = true;
# Steam udev rules for remote play
steam-hardware.enable = true;
# Enable all firmware
enableAllFirmware = true;
# Disable pulse audio in favor of pipewire
pulseaudio.enable = false;
opengl.enable = true;
# Enables support for 32bit libs that steam uses
opengl.driSupport32Bit = true;
};
# Services configs
services = {
# Enable firmware updates
fwupd.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = true;
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = true;
defaultSession = "plasma";
};
desktopManager.plasma6.enable = true;
};
# Enable CUPS to print documents.
printing.enable = true;
# configure pipewire
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# enable auto discovery of printers
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Enable Flatpak
flatpak.enable = true;
flatpak.packages = [
"com.discordapp.Discord"
"com.spotify.Client"
"com.visualstudio.code"
"it.mijorus.gearlever"
"org.libreoffice.LibreOffice"
"net.davidotek.pupgui2" # Proton-Up Qt
"io.github.prateekmedia.appimagepool"
];
};
systemd.services.fix-wifi = {
path = [ pkgs.bash ];
script = ''
sleep 5
if ping -q -c1 10.0.1.1 &>/dev/null; then
echo "No need to fix wifi"
else
echo 1 | tee /sys/bus/pci/devices/0000\:09\:00.0/reset
rmmod iwlwifi
modprobe iwlwifi
fi
'';
wantedBy = [ "multi-user.target" ];
};
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager.enable = true;
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
hardwareClockInLocalTime = true;
};
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# Security config
security = {
rtkit.enable = true;
# configure sudo
sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
{
command = "/home/matt/nix-config/reset_wifi";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
};
# Configure polkit
polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if ((action.id == "org.corectrl.helper.init" ||
action.id == "org.corectrl.helperkiller.init") &&
subject.local == true &&
subject.active == true &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
};
};
# Configure environment
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
os-prober
efibootmgr
git
sbctl
gparted
discover-wrapped
pciutils
papirus-icon-theme
vulkan-tools
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
clinfo
neofetch
gamescope
mangohud
goverlay
heroic
];
# Force radv
variables.AMD_VULKAN_ICD = "RADV";
};
# Configure programs
programs = {
fish.enable = true;
java.enable = true;
corectrl.enable = true;
# Steam
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# allow insecure electron for etcher
"electron-19.1.9"
];
packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib
libkrb5
keyutils
];
};
};
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users."${user}" = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ]; # Enable sudo for the user.
shell = pkgs.fish;
packages = with pkgs; [
firefox
tree
lm_sensors
vmware-horizon-client
etcher
freerdp
];
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

79
hosts/desktop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,79 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1058-F967";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1db92c49-aa8d-4ca2-b453-83bfcd1d36dd"; }
];
fileSystems."/home/matt/Games" =
{ device = "/dev/disk/by-uuid/1adb3161-ef9e-45d9-be5f-dd718186f1b3";
fsType = "ext4";
};
fileSystems."/home/matt/1TB" =
{ device = "/dev/disk/by-uuid/7f9c2d1e-64ee-d901-2084-2d1e64eed901";
fsType = "ext4";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
hosts/desktop/home.nix Normal file
View File

@@ -0,0 +1,41 @@
# Matt home.nix
{ pkgs, ... }: {
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
programs.fish.enable = true;
programs.mangohud.enable = true;
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
};
home.packages = [
# Other packages
];
# custom systemd services
# systemd.user.services.fix-wifi = {
# Unit = {
# Description = "Reset wifi adapter so that it works on boot consistently.";
# };
# Install = {
# WantedBy = [ "default.target" ];
# };
# Service = {
# ExecStart = "/home/matt/nix-config/scripts/reset_wifi";
# # ExecStart = "${pkgs.writeShellScript "fix-wifi" ''
# # #!/usr/bin/env bash
# # echo 1 | sudo -u root tee /sys/bus/pci/devices/0000\:09\:00.0/reset
# # sudo rmmod iwlwifi
# # sudo modprobe iwlwifi
# # ''}";
# };
# };
}

21
hosts/desktop/impermanence.nix Normal file
View File

@@ -0,0 +1,21 @@
{ pkgs, lib, LT, config, utils, inputs, ... }@args:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
];
files = [
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
}