diff --git a/common.nix b/common.nix index 9e74f7c..fab7f75 100644 --- a/common.nix +++ b/common.nix @@ -12,10 +12,29 @@ with lib; with builtins; { imports = [lix-module.nixosModules.default]; + nix = { + extraOptions = '' + experimental-features = nix-command flakes + keep-outputs = true + keep-derivations = true + ''; + }; + + nixpkgs = { + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "electron-27.3.11" + "nodejs-16.20.0" + ]; + }; + overlays = [rs-programs niri.overlays.niri]; + }; environment = { systemPackages = with pkgs; [ overskride + pulsemixer htmlq @@ -69,14 +88,18 @@ with builtins; { ]; }; - hardware.graphics.enable = true; + networking = { + networkmanager = { + enable = true; + }; + }; services = { systemd-lock-handler.enable = true; openssh = { enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; + # settings.PasswordAuthentication = false; + # settings.KbdInteractiveAuthentication = false; }; }; @@ -93,11 +116,31 @@ with builtins; { hardware.gpgSmartcards.enable = true; + time.timeZone = "Europe/Berlin"; + + home-manager.users.jade = { + nixosConfig, + pkgs, + ... + }: { + home.sessionVariables.TZ = nixosConfig.time.timeZone; + }; + + nixpkgs.config.packageOverrides = pkgs: { + sudo = pkgs.sudo.override {withInsults = true;}; + }; + security.sudo.extraConfig = "Defaults insults"; + boot.kernel.sysctl."vm.max_map_count" = 2147483642; hardware = { uinput.enable = true; bluetooth.enable = true; + # keyboard.uhk.enable = true; + }; + + services.avahi = { + enable = true; }; security.rtkit.enable = true; @@ -111,4 +154,12 @@ with builtins; { enable = true; algorithm = "zstd"; }; + + users.defaultUserShell = pkgs.nushell; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 60d"; + }; } diff --git a/flake.lock b/flake.lock index 155bf7c..81b1fc3 100644 --- a/flake.lock +++ b/flake.lock @@ -424,6 +424,19 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, + "mac-brcm-fw": { + "flake": false, + "locked": { + "lastModified": 1727366922, + "narHash": "sha256-+kW8ogc6DykjMVlrr+3vWKs9ZUdJ9EW72LbY7k/Qvh4=", + "path": "/home/jade/nix-configs/mac-brcm-fw", + "type": "path" + }, + "original": { + "path": "/home/jade/nix-configs/mac-brcm-fw", + "type": "path" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -482,16 +495,18 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", - "owner": "NixOS", + "lastModified": 1687903496, + "narHash": "sha256-4PPwbFM4dNqso3zBya5rgfRvnBoIbN2J7qZ2ZpRyOUc=", + "owner": "networkException", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "8e28b9ee431b265d1fc74b8b819ea0816344c4a1", "type": "github" }, "original": { - "id": "nixos-hardware", - "type": "indirect" + "owner": "networkException", + "ref": "apple-t2-init", + "repo": "nixos-hardware", + "type": "github" } }, "nixpkgs": { @@ -644,6 +659,7 @@ "fenix": "fenix", "home-manager": "home-manager", "lix-module": "lix-module", + "mac-brcm-fw": "mac-brcm-fw", "niri": "niri", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 4ff56c9..d9bca2e 100644 --- a/flake.nix +++ b/flake.nix @@ -7,8 +7,9 @@ nixpkgs-unstable-small.url = "nixpkgs/nixos-unstable-small"; niri.url = "github:sodiboo/niri-flake"; stylix.url = "github:danth/stylix"; - typst-within.url = "github:schrottkatze/typst"; - crane.url = "github:ipetkov/crane"; + typst-within = { + url = "github:schrottkatze/typst"; + }; lix-module = { url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; @@ -17,6 +18,14 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-hardware.url = "github:networkException/nixos-hardware/apple-t2-init"; + mac-brcm-fw = { + url = "path:/home/jade/nix-configs/mac-brcm-fw"; + flake = false; + }; + crane = { + url = "github:ipetkov/crane"; + }; fenix = { url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -32,6 +41,7 @@ typst-within, home-manager, nixos-hardware, + mac-brcm-fw, niri, stylix, fenix, @@ -117,6 +127,35 @@ } ]; }; + potatobook-g = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs pkgs-unstable-small rs-programs lix-module niri; + }; + system = "x86_64-linux"; + modules = [ + inputs.niri.nixosModules.niri + stylix.nixosModules.stylix + "${mac-brcm-fw}" + ./hosts/potatobook-g/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { + inherit pkgs-unstable-small pkgs-stable typst-within; + }; + home-manager.users.jade = { + nixosConfig, + pkgs, + ... + }: { + home.sessionVariables.TZ = nixosConfig.time.timeZone; + home.stateVersion = "${nixosConfig.system.stateVersion}"; + }; + } + nixos-hardware.nixosModules.apple-t2 + ]; + }; }; }; } diff --git a/hosts/denkbrett/configuration.nix b/hosts/denkbrett/configuration.nix index 6ecfb45..c41ba1a 100644 --- a/hosts/denkbrett/configuration.nix +++ b/hosts/denkbrett/configuration.nix @@ -1,7 +1,12 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{pkgs, ...}: { +{ + config, + pkgs, + lib, + ... +}: { nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "electron-27.3.11" @@ -41,6 +46,7 @@ boot.binfmt.emulatedSystems = ["aarch64-linux"]; + hardware.bluetooth.enable = true; services.blueman.enable = true; environment.systemPackages = [ diff --git a/hosts/monosodium-glutamate-g/configuration.nix b/hosts/monosodium-glutamate-g/configuration.nix index de708f8..c0bac2f 100644 --- a/hosts/monosodium-glutamate-g/configuration.nix +++ b/hosts/monosodium-glutamate-g/configuration.nix @@ -47,6 +47,7 @@ gnome.gnome-keyring.enable = true; }; hardware = { + bluetooth.enable = true; keyboard.uhk.enable = true; enableRedistributableFirmware = true; }; diff --git a/hosts/potatobook-g/configuration.nix b/hosts/potatobook-g/configuration.nix new file mode 100644 index 0000000..db0f132 --- /dev/null +++ b/hosts/potatobook-g/configuration.nix @@ -0,0 +1,87 @@ +{pkgs, ...}: { + nix.settings = { + trusted-substituters = [ + "https://t2linux.cachix.org" + ]; + trusted-public-keys = [ + "t2linux.cachix.org-1:P733c5Gt1qTcxsm+Bae0renWnT8OLs0u9+yfaK2Bejw=" + ]; + }; + imports = [ + ./hardware-configuration.nix + ../../common.nix + ../../modules + ]; + + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + jade = { + flatpak.enable = true; + desktop = { + compositing.enable = true; + syncthing.enable = true; + kdeconnect.enable = true; + cloud.enable = true; + social.enable = true; + mail.enable = true; + gaming.enable = true; + evremap.enable = true; + }; + terminal.enable = true; + }; + + fileSystems = { + "/".options = ["compress=zstd:3"]; + "/home".options = ["compress=zstd:3"]; + "/nix".options = ["compress=zstd:3" "noatime"]; + }; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + services.libinput.touchpad = { + disableWhileTyping = true; + }; + + networking.hostName = "potatobook-g"; + + hardware.enableRedistributableFirmware = true; + + environment.pathsToLink = [ + "/share/nix-direnv" + ]; + + services.blueman.enable = true; + + programs.adb.enable = true; + + services.gnome.gnome-keyring.enable = true; + programs.seahorse.enable = true; + security.pam.services.jade.enableGnomeKeyring = true; + + systemd.services."NetworkManager-wait-online".enable = false; + + systemd.services = { + create-swapfile = { + serviceConfig.Type = "oneshot"; + wantedBy = ["swap-swapfile.swap"]; + script = '' + swapfile="/swap/swapfile" + if [[ -f "$swapfile" ]]; then + echo "Swap file $swapfile already exists, taking no action" + else + echo "Setting up swap file $swapfile" + ${pkgs.coreutils}/bin/truncate -s 0 "$swapfile" + ${pkgs.e2fsprogs}/bin/chattr +C "$swapfile" + fi + ''; + }; + }; + + services.logind.extraConfig = '' + RuntimeDirectorySize=12G + ''; + + # i rly should put that important big comment back here + system.stateVersion = "22.11"; # Did you read the comment? +} diff --git a/hosts/potatobook-g/hardware-configuration.nix b/hosts/potatobook-g/hardware-configuration.nix new file mode 100644 index 0000000..31a176a --- /dev/null +++ b/hosts/potatobook-g/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "uas" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f6d243ec-6be9-4551-8cbb-aefb7b691a62"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/f6d243ec-6be9-4551-8cbb-aefb7b691a62"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/f6d243ec-6be9-4551-8cbb-aefb7b691a62"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5F66-17ED"; + fsType = "vfat"; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 1024 * 12; # 12GB + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f1u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # high-resolution display +} diff --git a/hosts/potatobook-g/iso.nix b/hosts/potatobook-g/iso.nix new file mode 100644 index 0000000..b99407f --- /dev/null +++ b/hosts/potatobook-g/iso.nix @@ -0,0 +1,11 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + + + ./configuration.nix + ]; +} diff --git a/mac-brcm-fw/default.nix b/mac-brcm-fw/default.nix new file mode 100644 index 0000000..0ce5a72 --- /dev/null +++ b/mac-brcm-fw/default.nix @@ -0,0 +1,3 @@ +{...}: {} +# dummy + diff --git a/modules/default.nix b/modules/default.nix index cd4c0e8..2f6e4d9 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,6 +7,6 @@ ./net ./input ./media - ./nix.nix + ./graphics.nix ]; } diff --git a/modules/desktop-legacy/default.nix b/modules/desktop-legacy/default.nix index 7a2f692..ad4114d 100644 --- a/modules/desktop-legacy/default.nix +++ b/modules/desktop-legacy/default.nix @@ -23,6 +23,11 @@ with lib; { }; services.illum.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; services.smartd = { enable = true; notifications.test = true; diff --git a/modules/desktop/audio.nix b/modules/desktop/audio.nix index c38403d..c26f679 100644 --- a/modules/desktop/audio.nix +++ b/modules/desktop/audio.nix @@ -11,8 +11,10 @@ }; }; environment.systemPackages = with pkgs; [ + pavucontrol + volumeicon playerctl - pulsemixer + helvum ]; } diff --git a/modules/desktop/locale.nix b/modules/desktop/locale.nix index 9071f8d..7319975 100644 --- a/modules/desktop/locale.nix +++ b/modules/desktop/locale.nix @@ -1,5 +1,4 @@ {...}: { - time.timeZone = "Europe/Berlin"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; diff --git a/modules/graphics.nix b/modules/graphics.nix new file mode 100644 index 0000000..910a0e2 --- /dev/null +++ b/modules/graphics.nix @@ -0,0 +1,3 @@ +{...}: { + hardware.graphics.enable = true; +} diff --git a/modules/net/default.nix b/modules/net/default.nix index fba3d47..de797b4 100644 --- a/modules/net/default.nix +++ b/modules/net/default.nix @@ -5,9 +5,7 @@ ./eduroam.nix ./dispatchers ]; - networking.networkmanager.enable = true; networking.networkmanager.wifi.backend = "wpa_supplicant"; - systemd.services."NetworkManager-wait-online".enable = false; services.mullvad-vpn.enable = true; home-manager.users.jade = {pkgs, ...}: { diff --git a/modules/nix.nix b/modules/nix.nix deleted file mode 100644 index 42160d2..0000000 --- a/modules/nix.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - rs-programs, - niri, - ... -}: { - nix = { - extraOptions = '' - experimental-features = nix-command flakes - keep-outputs = true - keep-derivations = true - ''; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 60d"; - }; - }; - - nixpkgs = { - config = { - allowUnfree = true; - permittedInsecurePackages = [ - "electron-27.3.11" - "nodejs-16.20.0" - ]; - }; - overlays = [rs-programs niri.overlays.niri]; - }; -} diff --git a/modules/shell/default.nix b/modules/shell/default.nix index 180d1ab..9ce0499 100644 --- a/modules/shell/default.nix +++ b/modules/shell/default.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{...}: { imports = [ ./helix.nix ./nu.nix @@ -7,7 +7,6 @@ ./git.nix ./mprocs.nix ./btop.nix - ./sudo.nix ]; programs.mosh.enable = true; programs.bat.enable = true; @@ -15,6 +14,4 @@ programs.carapace.enable = true; programs.direnv.enable = true; }; - - users.defaultUserShell = pkgs.nushell; } diff --git a/modules/shell/sudo.nix b/modules/shell/sudo.nix deleted file mode 100644 index bcc38cd..0000000 --- a/modules/shell/sudo.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - nixpkgs.config.packageOverrides = pkgs: { - sudo = pkgs.sudo.override {withInsults = true;}; - }; - security.sudo.extraConfig = "Defaults insults"; -}