vinzenz/nixos-configuration
0
0
Fork 0
mirror of https://github.com/kaesaecracker/nixos-configuration.git synced 2025-01-18 18:40:14 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

first building version of lpt2 as flake

Browse source
This commit is contained in:
Vinzenz Schroeter 2024-10-26 00:04:27 +02:00
parent 31e80e7401
commit b71f8ee636
44 changed files with 396 additions and 677 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -1,15 +0,0 @@
# nixos-configuration
```
/
├── modules
│ ├── desktop
│ ├── hardware (includes hostname.nix)
│ └── users
└── hostname.nix (imports modules)
```
When adding a new host: `ln -s ./new-devicename.nix /etc/nixos/configuration.nix`
Use `sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz home-manager` to add home manager support.

8
common/default.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
imports = [
./nixpkgs.nix
./globalinstalls.nix
./i18n.nix
./networking.nix
];
}

0
modules/globalinstalls.nix → common/globalinstalls.nix
View file

0
modules/i18n.nix → common/i18n.nix
View file

10
modules/sshd.nix → common/networking.nix
View file

@ -9,5 +9,15 @@
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
}; };
}; };
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
}; };
} }

46
common/nixpkgs.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
lib,
...
}: {
options.my.allowUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam"];
};
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.my.allowUnfreePackages;
};
nix = {
settings = {
substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "weekly";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

133
flake.lock Normal file
View file

@ -0,0 +1,133 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1729691686,
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"lix-module": "lix-module",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

32
flake.nix Normal file
View file

@ -0,0 +1,32 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
nixpkgs,
home-manager,
lix-module,
...
}: {
nixosConfigurations = {
vinzenz-lpt2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
lix-module.nixosModules.default
home-manager.nixosModules.home-manager
./common
./hosts/vinzenz-lpt2
];
};
};
};
}

14
home/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
pkgs,
lib,
...
}: {
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = import ./shared-modules.nix;
};
};
}

10
modules/desktop/gnome-home.nix → home/gnome-home.nix
View file

@ -3,10 +3,8 @@
config, config,
pkgs, pkgs,
... ...
}: let }: {
isEnabled = config.my.desktop.enableGnome; config = {
in {
config = lib.mkIf isEnabled {
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
home.packages = with pkgs; home.packages = with pkgs;
@ -87,7 +85,7 @@ in {
}; };
}; };
} }
(lib.mkIf config.my.tailscale.enable
{ {
home.packages = with pkgs; home.packages = with pkgs;
[ [
@ -97,7 +95,7 @@ in {
tailscale-qs tailscale-qs
]); ]);
dconf.settings."org/gnome/shell".enabled-extensions = ["tailscale@joaophi.github.com"]; dconf.settings."org/gnome/shell".enabled-extensions = ["tailscale@joaophi.github.com"];
}) }
]; ];
}; };
} }

0
modules/users/ronja-home.nix → home/ronja-home.nix
View file

0
modules/users/home-shared-modules.nix → home/shared-modules.nix
View file

0
modules/users/vinzenz-home.nix → home/vinzenz-home.nix
View file

24
modules/desktop/default.nix → hosts/desktop-environment.nix
View file

@ -1,28 +1,10 @@
modulesCfg: { {
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
isEnabled = config.my.desktop.enable; config = {
isHomeManager = modulesCfg.enableHomeManager;
in {
imports =
[
./gnome.nix
./kde.nix
./gaming.nix
./printing.nix
./latex.nix
]
++ lib.optionals isHomeManager [
./gnome-home.nix
./kde-home.nix
];
options.my.desktop.enable = lib.mkEnableOption "desktop";
config = lib.mkIf isEnabled {
services = { services = {
# Enable the X11 windowing system / wayland depending on DE # Enable the X11 windowing system / wayland depending on DE
xserver = { xserver = {

8
modules/hardware/common-desktop.nix → hosts/desktop-hardware.nix
View file

@ -3,12 +3,8 @@
pkgs, pkgs,
config, config,
... ...
}: let }: {
isEnabled = config.my.hardware.enableCommonDesktopSettings; config = {
in {
options.my.hardware.enableCommonDesktopSettings = lib.mkEnableOption "common hw settings for desktops";
config = lib.mkIf isEnabled {
boot = { boot = {
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
kernelParams = ["quiet" "udev.log_level=3"]; kernelParams = ["quiet" "udev.log_level=3"];

8
modules/desktop/gaming.nix → hosts/gaming.nix
View file

@ -3,12 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
isEnabled = config.my.desktop.enableGaming; config = {
in {
options.my.desktop.enableGaming = lib.mkEnableOption "gaming with wine";
config = lib.mkIf isEnabled {
hardware = { hardware = {
opengl = { opengl = {
driSupport = true; driSupport = true;

10
modules/desktop/gnome.nix → hosts/gnome.nix
View file

@ -3,14 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
isEnabled = config.my.desktop.enableGnome; config = {
in {
options.my.desktop.enableGnome = lib.mkEnableOption "gnome desktop";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
services = { services = {
xserver = { xserver = {
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.

28
hosts/intel-graphics.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
config,
pkgs,
...
}: {
config = {
hardware.opengl = {
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-ocl
];
extraPackages32 = with pkgs.pkgsi686Linux; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
my.allowUnfreePackages = ["intel-ocl"];
};
}

14
hosts/latex.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
pkgs,
lib,
...
}: {
config = {
environment.systemPackages = with pkgs; [
fontconfig
texliveFull
texstudio
];
};
}

8
modules/desktop/printing.nix → hosts/printing.nix
View file

@ -3,12 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
isEnabled = config.my.desktop.enablePrinting; config = {
in {
options.my.desktop.enablePrinting = lib.mkEnableOption "printing";
config = lib.mkIf isEnabled {
services = { services = {
# Enable CUPS to print documents. # Enable CUPS to print documents.
printing.enable = true; printing.enable = true;

6
hosts/vinzenz-lpt2/default.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
imports = [
./hardware.nix
./environment.nix
];
}

40
vinzenz-lpt2.nix → hosts/vinzenz-lpt2/environment.nix
View file

@ -1,28 +1,17 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
(import ./modules { ../../home
hostName = "vinzenz-lpt2"; ../../home/gnome-home.nix
enableHomeManager = true; ../../users/vinzenz.nix
}) ../desktop-environment.nix
../gnome.nix
../gaming.nix
../printing.nix
../latex.nix
]; ];
config = { config = {
my = { home-manager.users.vinzenz = import ../../home/vinzenz-home.nix;
enabledUsers = ["vinzenz" "ronja"];
tailscale.enable = true;
desktop = {
enableGnome = true;
enableGaming = true;
enablePrinting = true;
enableLaTeX = true;
};
allowUnfreePackages = [
"rider"
"clion"
"pycharm-professional"
];
};
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
@ -38,11 +27,11 @@
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
]; ];
#
users.users.ronja.openssh.authorizedKeys.keys = [ #users.users.ronja.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
]; #];
#
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -67,6 +56,5 @@
allowedTCPPorts = [80 8001 3000]; allowedTCPPorts = [80 8001 3000];
allowedUDPPorts = [2342]; allowedUDPPorts = [2342];
}; };
}; };
} }

62
hosts/vinzenz-lpt2/hardware.nix Normal file
View file

@ -0,0 +1,62 @@
{
pkgs,
lib,
...
}: {
imports = [
../desktop-hardware.nix
../intel-graphics.nix
];
config = {
# intel cpu
boot.kernelModules = ["kvm-intel"];
hardware.cpu.intel.updateMicrocode = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

116
modules/buildtools.nix
View file

@ -1,116 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.my.buildtools;
isDesktop = config.my.desktop.enable;
dotnetPackage = with pkgs.unstable; (dotnetCorePackages.combinePackages [
dotnet-sdk_8
]);
in {
options.my.buildtools = {
native = lib.mkEnableOption "include native build tools";
dotnet = lib.mkEnableOption "include dotnet build tools";
rust = lib.mkEnableOption "include rust build tools";
jetbrains-remote-server = lib.mkEnableOption "setup jetbrais IDE installs so -remote-dev-server can be started";
objective-c = lib.mkEnableOption "Objective-C with GNUStep";
js = lib.mkEnableOption "node stuff";
android = lib.mkEnableOption "android development";
python = lib.mkEnableOption "generic python 3";
};
config = lib.mkMerge [
(lib.mkIf cfg.native {
environment.systemPackages = with pkgs; [
cmake
gnumake
gcc
gdb
];
})
(lib.mkIf cfg.dotnet {
environment = {
systemPackages = with pkgs; [
dotnetPackage
zlib
zlib.dev
openssl
icu
icu.dev
# native aot
gcc
libunwind
];
variables = {
DOTNET_CLI_TELEMETRY_OPTOUT = "1";
};
};
programs.nix-ld.libraries = with pkgs; [
# native aot
libunwind
icu
zlib
zlib.dev
openssl
icu
icu.dev
dotnetPackage
];
})
(lib.mkIf cfg.js {
environment.systemPackages = with pkgs; [
nodejs
];
})
(lib.mkIf cfg.rust {
environment.systemPackages = with pkgs; [
rustup
musl
];
})
(lib.mkIf cfg.jetbrains-remote-server {
my.buildtools.dotnet = true;
my.buildtools.native = true;
my.buildtools.python = true;
})
(lib.mkIf cfg.objective-c {
my.buildtools.native = true;
environment.systemPackages =
(with pkgs.gnustep; [
gui
make
gorm
base
back
system_preferences
projectcenter
libobjc
gworkspace
])
++ (with pkgs; [
clang-tools
clang
]);
})
(lib.mkIf cfg.android {
environment.systemPackages = with pkgs; [
android-tools
android-udev-rules
];
})
(lib.mkIf cfg.python {
environment.systemPackages = with pkgs; [python3 python3Packages.pip];
})
];
}

25
modules/default.nix
View file

@ -1,25 +0,0 @@
modulesCfg: {lib, ...}: {
imports =
[
./i18n.nix
./nixpkgs.nix
./globalinstalls.nix
./sshd.nix
./tailscale.nix
./buildtools.nix
]
++ (map (path: (import path modulesCfg)) [
./hardware
./users
./desktop
]);
config = {
my.modulesCfg = modulesCfg;
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
};
}

18
modules/desktop/kde-home.nix
View file

@ -1,18 +0,0 @@
{
lib,
config,
...
}: let
isEnabled = config.my.desktop.enableKde;
in {
config = lib.mkIf isEnabled {
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}
];
};
}

46
modules/desktop/kde.nix
View file

@ -1,46 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableKde;
in {
options.my.desktop.enableKde = lib.mkEnableOption "KDE desktop";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
services = {
# Enable the KDE Plasma Desktop Environment.
xserver = {
desktopManager.plasma5.enable = true;
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
};
};
environment = {
systemPackages = with pkgs; [
libsForQt5.kate
libsForQt5.kalk
];
plasma5.excludePackages = with pkgs.libsForQt5; [
elisa
gwenview
okular
khelpcenter
];
};
programs = {
dconf.enable = true;
partition-manager.enable = true;
kdeconnect.enable = true;
};
};
}

20
modules/desktop/latex.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableLaTeX;
in {
options.my.desktop.enableLaTeX = lib.mkEnableOption "LaTeX tools and IDE";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
environment.systemPackages = with pkgs; [
fontconfig
texliveFull
texstudio
];
};
}

40
modules/hardware/default.nix
View file

@ -1,40 +0,0 @@
modulesCfg: {
modulesPath,
lib,
...
}: let
hostName = modulesCfg.hostName;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(builtins.toString ./. + "/${hostName}.nix")
./common-desktop.nix
./amd.nix
./intel.nix
];
options.my.modulesCfg.hostName = lib.mkOption {
type = lib.types.str;
};
config = {
networking.hostName = hostName;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
}

42
modules/hardware/intel.nix
View file

@ -1,42 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.my.hardware.intel;
in {
options.my.hardware.intel = {
cpu = lib.mkEnableOption "intel cpu";
iGpu = lib.mkEnableOption "intel integrated gpu";
xe = lib.mkEnableOption "intel xe gpu";
};
config = lib.mkMerge [
(lib.mkIf cfg.cpu {
boot.kernelModules = ["kvm-intel"];
hardware.cpu.intel.updateMicrocode = true;
})
(lib.mkIf (cfg.iGpu || cfg.xe) {
hardware.opengl = {
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-ocl
];
extraPackages32 = with pkgs.pkgsi686Linux; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
my.allowUnfreePackages = ["intel-ocl"];
})
];
}

34
modules/hardware/vinzenz-lpt.nix
View file

@ -1,34 +0,0 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
amd.radeon = true;
intel = {
cpu = true;
iGpu = true;
};
};
boot = {
initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
loader.efi.efiSysMountPoint = "/boot/efi";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/2381-1CD2";
fsType = "vfat";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";}
];
};
}

43
modules/hardware/vinzenz-lpt2.nix
View file

@ -1,43 +0,0 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
intel = {
cpu = true;
xe = true;
};
};
boot.initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

80
modules/nixpkgs.nix
View file

@ -1,80 +0,0 @@
{
config,
lib,
...
}: let
unstable-commit-sha = "9df3e30ce24fd28c7b3e2de0d986769db5d6225d";
ultrastable-commit-sha = "2be119add7b37dc535da2dd4cba68e2cf8d1517e";
in {
options.my.allowUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam"];
};
imports = [
# this switches the nix implementation to lix everywhere, but means recompiling lix every build.
# https://lix.systems/add-to-config/
(
let
module = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
sha256 = "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=";
};
lixSrc = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz";
sha256 = "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=";
};
in
import "${module}/module.nix" {lix = lixSrc;}
)
];
config = {
nixpkgs.config = {
# make nixos-unstable availiable as 'pkgs.unstable'
packageOverrides = pkgs: {
unstable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${unstable-commit-sha}") {
config = config.nixpkgs.config;
};
ultrastable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${ultrastable-commit-sha}") {
config = config.nixpkgs.config;
};
};
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.my.allowUnfreePackages;
};
nix = {
settings = {
substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "weekly";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

19
modules/tailscale.nix
View file

@ -1,19 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.my.tailscale;
in {
options.my.tailscale = {
enable = lib.mkEnableOption "enable tailscale vpn";
};
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
};
}

24
modules/users/default.nix
View file

@ -1,24 +0,0 @@
modulesCfg: {
config,
pkgs,
lib,
...
}: let
enableHomeManager = modulesCfg.enableHomeManager;
in {
options.my = {
modulesCfg.enableHomeManager = lib.mkEnableOption "enable home manager";
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
};
imports =
[
./vinzenz.nix
./ronja.nix
]
++ lib.optionals enableHomeManager [
./home-manager.nix
];
}

25
modules/users/home-manager.nix
View file

@ -1,25 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
<home-manager/nixos>
];
config = {
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
# defaults for users
sharedModules = import ./home-shared-modules.nix;
users = {
ronja = lib.mkIf (builtins.elem "ronja" config.my.enabledUsers) (import ./ronja-home.nix);
vinzenz = lib.mkIf (builtins.elem "vinzenz" config.my.enabledUsers) (import ./vinzenz-home.nix);
};
};
};
}

0
modules/hardware/amd.nix → modules_bak/hardware/amd.nix
View file

0
modules/hardware/hetzner-vpn1.nix → modules_bak/hardware/hetzner-vpn1.nix
View file

0
modules/hardware/vinzenz-pc2.nix → modules_bak/hardware/vinzenz-pc2.nix
View file

0
hetzner-vpn1.nix → modules_bak/hetzner-vpn1.nix
View file

0
vinzenz-pc2.nix → modules_bak/vinzenz-pc2.nix
View file

11
modules/users/ronja.nix → users/ronja.nix
View file

@ -1,12 +1,5 @@
{ {pkgs, ...}: {
config, config = {
pkgs,
lib,
...
}: let
isUserEnabled = builtins.elem "ronja" config.my.enabledUsers;
in {
config = lib.mkIf isUserEnabled {
# Define user account # Define user account
users.users.ronja = { users.users.ronja = {
isNormalUser = true; isNormalUser = true;

6
modules/users/vinzenz.nix → users/vinzenz.nix
View file

@ -3,10 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
isUserEnabled = builtins.elem "vinzenz" config.my.enabledUsers; config = {
in {
config = lib.mkIf isUserEnabled {
users.users.vinzenz = { users.users.vinzenz = {
isNormalUser = true; isNormalUser = true;
name = "vinzenz"; name = "vinzenz";

28
vinzenz-lpt.nix
View file

@ -1,28 +0,0 @@
{...}: {
imports = [
(import ./modules {
hostName = "vinzenz-lpt";
enableHomeManager = true;
})
];
config = {
my = {
enabledUsers = ["vinzenz"];
tailscale.enable = true;
desktop = {
enableGnome = true;
enableGaming = true;
enablePrinting = true;
};
buildtools = {
dotnet = true;
};
};
users.users.vinzenz.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
];
};
}