harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

add X1

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2024-03-04 14:09:57 +01:00
parent 3bece5697b
commit 0fb55d0de1
7 changed files with 476 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
flake.lock
View file

@ -321,6 +321,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1709439398,
"narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
"owner": "nix-community",
"repo": "disko",
"rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"dracula": {
"flake": false,
"locked": {
@ -608,11 +628,11 @@
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github"
},
"original": {
@ -1084,11 +1104,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1705458851,
"narHash": "sha256-uQvEhiv33Zj/Pv364dTvnpPwFSptRZgVedDzoM+HqVg=",
"lastModified": 1709309926,
"narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8bf65f17d8070a0a490daf5f1c784b87ee73982c",
"rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
"type": "github"
},
"original": {
@ -1665,6 +1685,7 @@
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs_4",

7
flake.nix
View file

@ -14,6 +14,9 @@
home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs:
@ -45,6 +48,10 @@
neovim-flake.homeManagerModules.default
];
homes.users."harald@x1".modules = with inputs; [
neovim-flake.homeManagerModules.default
];
homes.users."harald@mpro.fritz.box".modules = with inputs; [
neovim-flake.homeManagerModules.default
];

37
homes/x86_64-linux/harald@x1/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib
, pkgs
, config
, nixpkgs
, osConfig ? { }
, format ? "unknown"
, ...
}:
{
home = {
username = "harald";
homeDirectory = "/home/${config.home.username}";
stateVersion = "23.11"; # Please read the comment before changing.
sessionPath = [ "$HOME/bin" ];
};
plusultra = {
cli-apps = {
bash.enable = true;
fish.enable = true;
neovim.enable = true;
tmux.enable = true;
bat.enable = true;
starship.enable = true;
home-manager.enable = true;
};
tools = {
git.enable = true;
direnv.enable = true;
ssh.enable = true;
# jetbrains.enable = true;
};
};
fonts.fontconfig.enable = true;
}

144
modules/nixos/gui/default.nix Normal file
View file

@ -0,0 +1,144 @@
{ options, config, lib, pkgs, ... }:
with lib;
with lib.plusultra;
let cfg = config.plusultra.gui;
in
{
options.plusultra.gui = with types; {
enable = mkBoolOpt false "Whether or not to enable a GUI.";
};
config = mkIf cfg.enable {
services = {
gnome.tracker-miners.enable = lib.mkForce false;
flatpak.enable = true;
xserver = {
layout = "de+us";
xkbVariant = "nodeadkeys";
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
# Enable CUPS to print documents.
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
dbus.packages = [ pkgs.gcr ];
udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
];
dbus.implementation = "broker";
keybase.enable = true;
kbfs.enable = false;
};
#security.pam.p11.control = "sufficient";
#security.pam.p11.control = "required";
#security.pam.p11.enable = true;
# services.fprintd.enable = true;
#security.pam.yubico.enable = true;
#security.pam.yubico.control = "sufficient";
#security.pam.yubico.mode = "challenge-response";
#services.pcscd.enable = true;
#security.tpm2.pkcs11.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableBrowserSocket = true;
};
environment.systemPackages = with pkgs; [
bat
cachix
cardpeek
ccache
clang
clippy
dive
file
firefox
gh
git
gnome.gnome-software
gnomeExtensions.appindicator
gnomeExtensions.dash-to-panel
gnomeExtensions.hibernate-status-button
gnomeExtensions.vitals
gnupg
go
jetbrains-toolbox
jq
kbfs
keybase
keybase-gui
libu2f-host
mosh
mosh
nixpkgs-fmt
opensc
pasystray
pcsctools
pinentry-gnome
pkg-config
ripgrep
slack
spotify
statix
thunderbird
tmux
vim
wl-clipboard
yubikey-personalization
yubikey-manager-qt
zellij
rustup
];
#----=[ Fonts ]=----#
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
noto-fonts-emoji
liberation_ttf
freefont_ttf
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
];
fontconfig = {
enable = true;
defaultFonts = {
serif = [ "Liberation" ];
sansSerif = [ "Liberation" ];
monospace = [ "JetBrainsMono" ];
emoji = [ "Noto Color Emoji" ];
};
};
};
# remote desktop
networking.firewall.allowedTCPPorts = [ 3389 ];
};
}

62
modules/nixos/tools/git/default.nix Normal file
View file

@ -0,0 +1,62 @@
{ options, config, pkgs, lib, ... }:
with lib;
with lib.plusultra;
let
cfg = config.plusultra.tools.git;
gpg = config.plusultra.security.gpg;
user = config.plusultra.user;
in
{
options.plusultra.tools.git = with types; {
enable = mkBoolOpt false "Whether or not to install and configure git.";
userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey =
mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ git ];
plusultra.home.extraOptions = {
programs.git = {
enable = true;
inherit (cfg) userName userEmail;
lfs = enabled;
signing = {
key = cfg.signingKey;
signByDefault = mkIf gpg.enable true;
};
extraConfig = {
init = { defaultBranch = "main"; };
pull = { rebase = true; };
push = { autoSetupRemote = true; };
core = { whitespace = "trailing-space,space-before-tab"; };
safe = {
directory = "${user.home}/git";
};
"credential \"https://github.com\"" = {
helper = "!gh auth git-credential";
};
alias = {
co = "checkout";
ci = "commit";
};
pull.ff = "only";
core.pager = "${pkgs.delta}/bin/delta";
delta = {
features = "side-by-side line-numbers decorations";
syntax-theme = "DarkNeon";
light = "false";
line-numbers = "false";
navigate = "true";
};
interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
merge.conflictStyle = "diff3";
diff.colorMoved = "default";
};
};
};
};
}

150
systems/x86_64-linux/x1/default.nix Normal file
View file

@ -0,0 +1,150 @@
{ config, pkgs, lib, ... }:
with lib;
with lib.plusultra;
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
plusultra.gui.enable = true;
programs.dconf.enable = true;
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 2;
};
initrd.systemd.enable = true;
};
# Configure console keymap
console.keyMap = "de-latin1-nodeadkeys";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
environment = {
systemPackages = with pkgs; [
age
clevis
delta
efibootmgr
git
git-delete-merged-branches
home-manager
htop
mdadm
mosh
nixpkgs-fmt
openssl
restic
rrsync
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
wget
];
shells = [ pkgs.fish pkgs.bash ];
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
};
programs = {
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
starship.enable = true;
mosh.enable = true;
vim.defaultEditor = true;
fish.enable = true;
};
# powerManagement.cpuFreqGovernor = "ondemand";
services = {
dbus.implementation = "broker";
dbus.packages = [ pkgs.gcr ];
fail2ban.enable = true;
fwupd.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.X11Forwarding = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
# Auto system update
# https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade
#system.autoUpgrade = {
#enable = true;
#operation = "boot";
#flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]
# flake = "??";
# };
system.stateVersion = "23.11";
time.timeZone = "Europe/Berlin";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
];
# users.users.harald = {
# shell = pkgs.fish;
# isNormalUser = true;
# description = "harald";
# extraGroups = [ "networkmanager" "wheel" "sgx" "libvirtd" "tss" "rspamd" ];
# openssh.authorizedKeys.keys = [
# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
# "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
# ];
# };
#
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# For Nixos version > 22.11
defaultNetwork.settings = { dns_enabled = true; };
};
};
}

49
systems/x86_64-linux/x1/hardware-configuration.nix Normal file
View file

@ -0,0 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices.data = {
device = "/dev/nvme0n1p5";
preLVM = true;
};
boot.initrd.luks.devices.swap = {
device = "/dev/nvme0n1p5";
preLVM = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/941C-7B02";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}