diff --git a/README.md b/README.md new file mode 100644 index 0000000..4c9c53f --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# nix + +My first stab at nixos, your mileage may vary. diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..d6ec501 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,159 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ config, lib, pkgs, ... }: + +let + homeManagerSessionVars = "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh"; +in +{ + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelParams = [ + # dual monitors, not working? + "video=DP-1:2560x1440@59.951Hz" + "video=DP-2:2560x1440@143.998Hz" + # "video=DP-1:1920x1080@60Hz" + ]; + + # amd gpu + boot.initrd.kernelModules = [ "amdgpu" ]; + hardware.opengl.enable = true; + hardware.opengl.driSupport = true; + hardware.opengl.extraPackages = with pkgs; [ amdvlk ]; + + time.timeZone = "Europe/Oslo"; + networking.hostName = "torgnix"; + + # wireless + # networking.wireless.enable = true; + # networking.networkmanager.enable = true; + + # proxy + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # locale + i18n.defaultLocale = "en_US.UTF-8"; + + # set a password with passwd + users.users.torgeir = { + shell = pkgs.zsh; + isNormalUser = true; + extraGroups = [ + "wheel" # enable sudo + "corectrl" # adjust gpu fans + ]; + }; + + # sorry stallman, can't live without them + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "spotify" + "1password" + "1password-cli" + "1password-gui" + "dropbox" + ]; + + # password manager + programs._1password.enable = true; + programs._1password-gui = { + enable = true; + polkitPolicyOwners = [ "torgeir" ]; + }; + + environment.systemPackages = with pkgs; [ + git + vim + wget + unzip + gnumake + lm_sensors + ]; + + # fix missing xdg session vars + environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars}"; + + + programs = { + + # amd gpu + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/corectrl.nix + # https://gitlab.com/corectrl/corectrl/-/wikis/Setup#full-amd-gpu-controls + corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; + + # gpg to sign commits and cache ssh keys + gnupg.agent = { + enable = true; + enableSSHSupport = true; + #pinentryFlavor = "curses" + }; + + # here, and not home-manager, as my own config is in dotfiles/ + sway.enable = true; + + # shell + zsh.enable = true; + }; + + # ssh + services.openssh.enable = false; + + # sound + sound.enable = true; + + services = { + + # https://nixos.wiki/wiki/PipeWire + pipewire = { + enable = true; + jack.enable = true; + pulse.enable = true; + #alsa.enable = true; + }; + + # thunderbolt + # owc 11-port dock + hardware.bolt.enable = true; + }; + + # sway needs polkit + security.polkit.enable = true; + + # firewall + networking.firewall.enable = true; + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; + +} + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a046648 --- /dev/null +++ b/flake.lock @@ -0,0 +1,234 @@ +{ + "nodes": { + "flake-compat": { + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696940889, + "narHash": "sha256-p2Wic74A1tZpFcld1wSEbFQQbrZ/tPDuLieCnspamQo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6bba64781e4b7c1f91a733583defbd3e46b49408", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "lib-aggregate": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1697371715, + "narHash": "sha256-1ZV4qoL1B35DsciS/inC+z6vAwjxjWHL3+4G4QQhT0A=", + "owner": "nix-community", + "repo": "lib-aggregate", + "rev": "af42578368ca0c97d5836ba55b146745911aaecc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lib-aggregate", + "type": "github" + } + }, + "nix-eval-jobs": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1697418520, + "narHash": "sha256-UIwdw9Lw36GFgm7TFjOBdPHFKhbTSfLLT+4XxB39rh8=", + "owner": "nix-community", + "repo": "nix-eval-jobs", + "rev": "bdf17c44b19325b5476703400cbafe64f7553fa6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-eval-jobs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1697059129, + "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1697331025, + "narHash": "sha256-a5LJWWHfEvnq9tBd9UyNVdtzLXc2ehu5MCp//Bex/0E=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "05c07c73de74725ec7efa6609011687035a92c0f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-wayland": { + "inputs": { + "flake-compat": "flake-compat", + "lib-aggregate": "lib-aggregate", + "nix-eval-jobs": "nix-eval-jobs", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697462415, + "narHash": "sha256-HMHJgLMbjfkcQQIpRKbHo/kjzHeUfwPznvsEPr5fgBo=", + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "rev": "86615cbbddb6797ca143a24cfd36941cb9255f14", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1697417052, + "narHash": "sha256-QyFpNZ28H0IoWhbGxD4j2h3aYwap2l2rSWyoFue95sM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "21f56f3209c0272852be7a704d9b21f2601c72e3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-wayland": "nixpkgs-wayland" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697388351, + "narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "aae39f64f5ecbe89792d05eacea5cb241891292a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100755 index 0000000..c2bbc11 --- /dev/null +++ b/flake.nix @@ -0,0 +1,36 @@ +{ + description = "torgnix flake"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; + nixpkgs-wayland.inputs.nixpkgs.follows = "nixpkgs"; + }; + outputs = inputs@{ + self, + nixpkgs, + home-manager, + nixpkgs-wayland + }: { + nixosConfigurations = { + torgnix = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + + home-manager.useUserPackages = true; + + # pass inputs to imported modules for users + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.users.torgeir = import ./modules/home; + } + ]; + }; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..461024c --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,54 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/81e328cf-c6b3-4e1d-b60c-7d818c0fae9f"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/01afee33-4f30-40d7-8f36-6de4b9064756"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D2A8-EC4A"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/81e328cf-c6b3-4e1d-b60c-7d818c0fae9f"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/81e328cf-c6b3-4e1d-b60c-7d818c0fae9f"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp37s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp9s0u1u2c2.useDHCP = lib.mkDefault true; + # networking.interfaces.enp9s0u1u4u5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/luks-btrfs-subvolumes.nix b/luks-btrfs-subvolumes.nix new file mode 100755 index 0000000..32151a3 --- /dev/null +++ b/luks-btrfs-subvolumes.nix @@ -0,0 +1,58 @@ +{ + disko.devices = { + disk = { + nvme = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = [ "--allow-discards" ]; + + # interactive password prompt on boot + # make sure there is no trailing newline, echo -n "password" > /tmp/secret.key` + passwordFile = "/tmp/secret.key"; + + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..88cce6d --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,198 @@ +{ config, lib, pkgs, inputs, ... }: + +let + dotfiles = builtins.fetchGit { + url = "https://github.com/torgeir/dotfiles"; + rev = "fdb1841ab0c4bcf1cb8cf5a7d2983cf28ae0339b"; + }; + dotemacs = builtins.fetchGit { + url = "https://github.com/torgeir/.emacs.d"; + rev = "5bfeecdd89d256ae1ce1e2885bf136a29d65e19f"; + }; +in +{ + fonts.fontconfig.enable = true; + + programs = { + + home-manager.enable = true; + + # https://github.com/stefanDeveloper/nixos-lenovo-config/blob/master/modules/apps/editor/vim.nix + neovim = { + enable = true; + vimAlias = true; + vimdiffAlias = true; + }; + }; + + services = { + dropbox = { + enable = true; + }; + }; + + # doom emacs + # inspiration https://discourse.nixos.org/t/advice-needed-installing-doom-emacs/8806/7 + # + # https://nixos.wiki/wiki/Emacs + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/emacs/default.nix + programs.emacs = { + enable = true; + package = pkgs.emacs29-gtk3; + extraPackages = epkgs: [ epkgs.vterm ]; + }; + + xdg.enable = true; + home = { + # put doom on path + sessionPath = [ "${config.xdg.configHome}/emacs/bin" ]; + sessionVariables = { + # where doom is + DOOMDIR = "${config.xdg.configHome}/doom.d"; + # where doom writes cache etc + DOOMLOCALDIR = "${config.xdg.configHome}/doom-local"; + # where doom writes one more file + DOOMPROFILELOADFILE= "${config.xdg.configHome}/doom-local/cache/profile-load.el"; + }; + }; + xdg.configFile = { + "doom.d".source = dotemacs; + "emacs" = { + source = builtins.fetchGit { + url = "https://github.com/hlissner/doom-emacs"; + rev = "986398504d09e585c7d1a8d73a6394024fe6f164"; + }; + # rev bumps will make doom sync run + onChange = "${pkgs.writeShellScript "doom-change" '' + # where your .doom.d files go + export DOOMDIR="${config.home.sessionVariables.DOOMDIR}" + + # where doom will write to + export DOOMLOCALDIR="${config.home.sessionVariables.DOOMLOCALDIR}" + + # https://github.com/doomemacs/doomemacs/issues/6794 + export DOOMPROFILELOADFILE="${config.home.sessionVariables.DOOMPROFILELOADFILE}" + + # cannot find git, cannot find emacs + export PATH="$PATH:/run/current-system/sw/bin" + export PATH="$PATH:/etc/profiles/per-user/torgeir/bin" + + if command -v emacs; then + + # not already installed + if [ ! -d "$DOOMLOCALDIR" ]; then + + # having the env generated also prevents doom install from asking y/n on stdin, + # also bring ssh socket + ${config.xdg.configHome}/emacs/bin/doom env -a ^SSH_ + + echo "doom-change :: Doom not installed: run doom install. ::" + + # this times out with home manager + # ${config.xdg.configHome}/emacs/bin/doom install + + else + + echo "doom-change :: Doom already present: upgrade packages with doom sync -u ::" + ${config.xdg.configHome}/emacs/bin/doom sync + + # this times out with home manager + # ${config.xdg.configHome}/emacs/bin/doom sync -u + + fi + + else + echo "doom-change :: No emacs on path. ::" + fi + + ''}"; + }; + }; + + + # TODO inspiration for morehttps://github.com/hlissner/dotfiles/ + + home.packages = with pkgs; [ + # terminal + alacritty + eza + + # env + direnv + #nodejs + + # tools + killall + jq + (ripgrep.override {withPCRE2 = true;}) + + # images + imagemagick + + # notifications + mako + libnotify + inputs.nixpkgs-wayland.packages.${system}.wayprompt + + # sensors + btop + psensor + i3status-rust + + #https://nixos.wiki/wiki/Samba + + # apps + mpv + signal-desktop + spotify + + # sound + pavucontrol + qpwgraph + + # internet + brave + + # fonts + (pkgs.nerdfonts.override { + fonts = [ + "JetBrainsMono" + "Iosevka" + ]; + }) + ]; + + # this puts files in the needed locations, but does however not make them + # editable allows interop with torgeir/dotfiles.git without moving all this + # configuration to .nix files + home.file = { + "dotfiles".source = dotfiles; + + "bg.jpg".source = dotfiles + "/bg.jpg"; + + ".config/alacritty/alacritty.yml".source = dotfiles + "/config/alacritty/alacritty.yml"; + ".config/sway".source = dotfiles + "/config/sway"; + ".config/xkb".source = dotfiles + "/config/xkb"; + ".config/environment.d/envvars.conf".source = dotfiles + "/config/environment.d/envvars.conf"; + ".config/mako".source = dotfiles + "/config/mako"; + ".config/dunst".source = dotfiles + "/config/dunst"; + ".config/i3status-rust".source = dotfiles + "/config/i3status-rust"; + + ".config/corectrl/profiles".source = dotfiles + "/config/corectrl/profiles"; + ".config/corectrl/corectrl.ini".source = dotfiles + "/config/corectrl/corectrl.ini"; + + ".config/pipewire".source = dotfiles + "/config/pipewire"; + ".config/wireplumber".source = dotfiles + "/config/wireplumber"; + + ".p10k.zsh".source = dotfiles + "/p10k.zsh"; + ".gitconfig".source = dotfiles + "/gitconfig"; + ".gnupg/gpg-agent.conf".source = dotfiles + "/gpg-agent.conf"; + ".zsh".source = dotfiles + "/zsh/"; + ".zshrc".source = dotfiles + "/zshrc"; + ".zprofile".source = dotfiles + "/profile"; + ".inputrc".source = dotfiles + "/inputrc"; + }; + + home.stateVersion = "23.11"; + +}