From 257be3540deb0ae4d4d83622da44a6fb9da34019 Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Mon, 10 Feb 2025 23:57:50 +0500 Subject: [PATCH] feat: NixOS | modular nixos config --- flake.nix | 76 +++--- home-manager/configs/alacritty.nix | 4 +- home-manager/configs/direnv.nix | 4 +- home-manager/configs/firefox.nix | 3 +- home-manager/configs/git.nix | 4 +- home-manager/configs/nvim.nix | 4 +- home-manager/configs/ssh.nix | 7 +- home-manager/configs/starship.nix | 4 +- home-manager/configs/zsh.nix | 4 +- .../nvim/lua/custom/configs/lspconfig.lua | 2 +- home-manager/home.nix | 6 +- nixos/configuration.nix | 226 +----------------- nixos/hardware-configuration.nix | 11 +- nixos/imports/environment.nix | 21 ++ nixos/imports/hardware.nix | 12 + nixos/imports/i18n.nix | 16 ++ nixos/imports/networking.nix | 7 + nixos/imports/nix.nix | 12 + nixos/imports/programs.nix | 29 +++ nixos/imports/security.nix | 5 + nixos/imports/services.nix | 39 +++ nixos/imports/users.nix | 28 +++ nixos/imports/virtualisation.nix | 34 +++ 23 files changed, 269 insertions(+), 289 deletions(-) create mode 100644 nixos/imports/environment.nix create mode 100644 nixos/imports/hardware.nix create mode 100644 nixos/imports/i18n.nix create mode 100644 nixos/imports/networking.nix create mode 100644 nixos/imports/nix.nix create mode 100644 nixos/imports/programs.nix create mode 100644 nixos/imports/security.nix create mode 100644 nixos/imports/services.nix create mode 100644 nixos/imports/users.nix create mode 100644 nixos/imports/virtualisation.nix diff --git a/flake.nix b/flake.nix index 2dd92d3..69c4d09 100644 --- a/flake.nix +++ b/flake.nix @@ -40,47 +40,43 @@ }; }; - outputs = - { nixpkgs, ... }@inputs: - let - system = "x86_64-linux"; - host = "rihla"; - user = "shahab"; - pkgs = nixpkgs.legacyPackages.${system}; - in - { - nixosConfigurations = { - "${host}" = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - inputs.lanzaboote.nixosModules.lanzaboote - inputs.disko.nixosModules.disko - inputs.nixos-hardware.nixosModules.framework-13-7040-amd - inputs.sops-nix.nixosModules.sops - ./nixos/configuration.nix - ./nixos/disko-config.nix - ./nixos/hardware-configuration.nix - ]; - specialArgs = { - inherit inputs; - hostname = host; - }; - }; - }; - - homeConfigurations = { - "${user}" = inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ ./home-manager/home.nix ]; - }; - }; - - devShell.x86_64-linux = pkgs.mkShell { - buildInputs = with pkgs; [ - nil - nixfmt-rfc-style - lua-language-server + outputs = {nixpkgs, ...} @ inputs: let + system = "x86_64-linux"; + hostName = "rihla"; + user = "shahab"; + pkgs = nixpkgs.legacyPackages.${system}; + in { + nixosConfigurations = { + "${hostName}" = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + inputs.lanzaboote.nixosModules.lanzaboote + inputs.disko.nixosModules.disko + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + inputs.sops-nix.nixosModules.sops + ./nixos/configuration.nix + ./nixos/disko-config.nix + ./nixos/hardware-configuration.nix ]; + specialArgs = { + inherit inputs hostName; + }; }; }; + + homeConfigurations = { + "${user}" = inputs.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [./home-manager/home.nix]; + }; + }; + + devShell.x86_64-linux = pkgs.mkShell { + buildInputs = with pkgs; [ + nil + alejandra + lua-language-server + ]; + }; + }; } diff --git a/home-manager/configs/alacritty.nix b/home-manager/configs/alacritty.nix index 3894c3b..ce0145d 100644 --- a/home-manager/configs/alacritty.nix +++ b/home-manager/configs/alacritty.nix @@ -1,6 +1,4 @@ -{ font, ... }: - -{ +{font, ...}: { programs.alacritty = { enable = true; diff --git a/home-manager/configs/direnv.nix b/home-manager/configs/direnv.nix index 0406fc3..1d7196f 100644 --- a/home-manager/configs/direnv.nix +++ b/home-manager/configs/direnv.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { programs.direnv = { enable = true; enableZshIntegration = true; diff --git a/home-manager/configs/firefox.nix b/home-manager/configs/firefox.nix index 83b1225..70341ac 100644 --- a/home-manager/configs/firefox.nix +++ b/home-manager/configs/firefox.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.firefox = { enable = true; package = pkgs.firefox.override { diff --git a/home-manager/configs/git.nix b/home-manager/configs/git.nix index 4707406..301faba 100644 --- a/home-manager/configs/git.nix +++ b/home-manager/configs/git.nix @@ -4,9 +4,7 @@ userName, userEmail, ... -}: - -{ +}: { programs.git = { package = pkgs.gitAndTools.gitFull; enable = true; diff --git a/home-manager/configs/nvim.nix b/home-manager/configs/nvim.nix index 9e67eda..bf374b2 100644 --- a/home-manager/configs/nvim.nix +++ b/home-manager/configs/nvim.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { programs.neovim = { enable = true; defaultEditor = true; diff --git a/home-manager/configs/ssh.nix b/home-manager/configs/ssh.nix index 771cfd5..36b34e6 100644 --- a/home-manager/configs/ssh.nix +++ b/home-manager/configs/ssh.nix @@ -1,9 +1,6 @@ -{ ... }: - -let +{...}: let onePassPath = "~/.1password/agent.sock"; -in -{ +in { programs.ssh = { enable = true; extraConfig = "IdentityAgent ${onePassPath}"; diff --git a/home-manager/configs/starship.nix b/home-manager/configs/starship.nix index a41e117..bd7d594 100644 --- a/home-manager/configs/starship.nix +++ b/home-manager/configs/starship.nix @@ -1,5 +1,3 @@ -{ ... }: - -{ +{...}: { programs.starship.enable = true; } diff --git a/home-manager/configs/zsh.nix b/home-manager/configs/zsh.nix index f32a35f..edabb55 100644 --- a/home-manager/configs/zsh.nix +++ b/home-manager/configs/zsh.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { programs.zsh = { enable = true; enableCompletion = true; diff --git a/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua b/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua index b87b09b..7e9c3df 100644 --- a/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua +++ b/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua @@ -72,7 +72,7 @@ lspconfig.nil_ls.setup { ['nil'] = { testSetting = 42, formatting = { - command = { "nixfmt" }, + command = { "alejandra" }, }, }, }, diff --git a/home-manager/home.nix b/home-manager/home.nix index 542364f..2d99206 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -5,15 +5,13 @@ config, pkgs, ... -}: -let +}: let # Be sure to actually install the font first! font = "ComicCodeLigatures"; username = "shahab"; email = "shahab@dogar.dev"; fullName = "Shahab Dogar"; -in -{ +in { # You can import other home-manager modules here imports = [ # Custom import to configure font diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 79ba5c5..343d9d3 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -3,13 +3,21 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { lib, - inputs, - pkgs, - hostname, ... -}: +}: { + imports = [ + ./imports/environment.nix + ./imports/hardware.nix + ./imports/i18n.nix + ./imports/networking.nix + ./imports/nix.nix + ./imports/programs.nix + ./imports/security.nix + ./imports/services.nix + ./imports/users.nix + ./imports/virtualisation.nix + ]; -{ # Bootloader. boot = { loader = { @@ -24,114 +32,9 @@ }; }; - networking.hostName = hostname; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - # Set your time zone. time.timeZone = "Asia/Karachi"; - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "ur_PK"; - LC_IDENTIFICATION = "ur_PK"; - LC_MEASUREMENT = "ur_PK"; - LC_MONETARY = "ur_PK"; - LC_NAME = "ur_PK"; - LC_NUMERIC = "ur_PK"; - LC_PAPER = "ur_PK"; - LC_TELEPHONE = "ur_PK"; - LC_TIME = "ur_PK"; - }; - - # Enable flakes - nix.settings = { - substituters = [ "https://hyprland.cachix.org" ]; - trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - - # Enable greetd and tuigreet - services.greetd = { - enable = true; - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland"; - user = "greeter"; - }; - }; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable blueman - services.blueman.enable = true; - - # Enable smart card services - services.pcscd.enable = true; - - # Framework firmware updating - services.fwupd.enable = true; - - # Enable sound with pipewire. - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - hardware = { - # Bluetooth. - bluetooth.enable = true; - bluetooth.powerOnBoot = true; - - graphics = { - enable = true; - extraPackages = with pkgs; [ amdvlk ]; - }; - }; - - security.rtkit.enable = true; - - users.mutableUsers = false; - users.users.shahab = { - shell = pkgs.zsh; - - # Only do this if you have already configured zsh in home manager - ignoreShellProgramCheck = true; - - isNormalUser = true; - description = "Shahab Dogar"; - extraGroups = [ - "networkmanager" - "wheel" - "input" - "libvirtd" - ]; - hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4"; - - openssh.authorizedKeys = { - keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBijtTtb6UT5gssWolNGX1rcjAKsdtfz25fZMMnzq4v" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0" - ]; - }; - }; - # Allow unfree packages nixpkgs = { config = { @@ -140,109 +43,6 @@ }; }; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - pciutils - virt-manager - virt-viewer - spice - spice-gtk - spice-protocol - win-virtio - win-spice - sops - sbctl # Secure boot - yubikey-manager - - # Gaming stuff - mangohud - protonup-qt - ]; - - # Enable steam for gaming - programs.steam = { - enable = true; - gamescopeSession.enable = true; - }; - programs.gamemode.enable = true; - - programs._1password.enable = true; - programs._1password-gui = { - enable = true; - # Certain features, including CLI integration and system authentication support, - # require enabling PolKit integration on some desktop environments (e.g. Plasma). - polkitPolicyOwners = [ "shahab" ]; - }; - - programs.dconf.enable = true; - - # Hyprland - programs.hyprland = { - enable = true; - package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; - portalPackage = - inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; - }; - - programs.nix-ld = { - enable = true; - }; - - virtualisation = { - podman = { - enable = true; - dockerSocket.enable = true; - dockerCompat = true; - - autoPrune = { - enable = true; - dates = "weekly"; - }; - }; - - containers = { - registries = { - search = [ "docker.io" ]; - }; - }; - - libvirtd = { - enable = true; - qemu = { - swtpm.enable = true; - - ovmf = { - enable = true; - packages = with pkgs; [ OVMFFull.fd ]; - }; - }; - }; - - spiceUSBRedirection.enable = true; - }; - - services.spice-vdagentd.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix index 38ed226..2478733 100644 --- a/nixos/hardware-configuration.nix +++ b/nixos/hardware-configuration.nix @@ -6,9 +6,8 @@ lib, modulesPath, ... -}: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; boot = { initrd = { @@ -21,11 +20,11 @@ "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; }; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/nixos/imports/environment.nix b/nixos/imports/environment.nix new file mode 100644 index 0000000..47a80ff --- /dev/null +++ b/nixos/imports/environment.nix @@ -0,0 +1,21 @@ +{pkgs, ...}: { + environment = { + systemPackages = with pkgs; [ + pciutils + virt-manager + virt-viewer + spice + spice-gtk + spice-protocol + win-virtio + win-spice + sops + sbctl # Secure boot + yubikey-manager + + # Gaming stuff + mangohud + protonup-qt + ]; + }; +} diff --git a/nixos/imports/hardware.nix b/nixos/imports/hardware.nix new file mode 100644 index 0000000..8afad82 --- /dev/null +++ b/nixos/imports/hardware.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + hardware = { + # Bluetooth. + bluetooth.enable = true; + bluetooth.powerOnBoot = true; + + graphics = { + enable = true; + extraPackages = with pkgs; [amdvlk]; + }; + }; +} diff --git a/nixos/imports/i18n.nix b/nixos/imports/i18n.nix new file mode 100644 index 0000000..2031426 --- /dev/null +++ b/nixos/imports/i18n.nix @@ -0,0 +1,16 @@ +{...}: { + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "ur_PK"; + LC_IDENTIFICATION = "ur_PK"; + LC_MEASUREMENT = "ur_PK"; + LC_MONETARY = "ur_PK"; + LC_NAME = "ur_PK"; + LC_NUMERIC = "ur_PK"; + LC_PAPER = "ur_PK"; + LC_TELEPHONE = "ur_PK"; + LC_TIME = "ur_PK"; + }; + }; +} diff --git a/nixos/imports/networking.nix b/nixos/imports/networking.nix new file mode 100644 index 0000000..52f9651 --- /dev/null +++ b/nixos/imports/networking.nix @@ -0,0 +1,7 @@ +{hostName, ...}: { + networking = { + inherit hostName; + networkmanager.enable = true; + firewall.allowedTCPPorts = [22]; + }; +} diff --git a/nixos/imports/nix.nix b/nixos/imports/nix.nix new file mode 100644 index 0000000..ba45ebd --- /dev/null +++ b/nixos/imports/nix.nix @@ -0,0 +1,12 @@ +{...}: { + nix = { + settings = { + substituters = ["https://hyprland.cachix.org"]; + trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; +} diff --git a/nixos/imports/programs.nix b/nixos/imports/programs.nix new file mode 100644 index 0000000..8835567 --- /dev/null +++ b/nixos/imports/programs.nix @@ -0,0 +1,29 @@ +{ + pkgs, + inputs, + ... +}: { + programs = { + nix-ld.enable = true; + dconf.enable = true; + gamemode.enable = true; + + steam = { + enable = true; + gamescopeSession.enable = true; + }; + + _1password.enable = true; + _1password-gui = { + enable = true; + polkitPolicyOwners = ["shahab"]; + }; + + hyprland = { + enable = true; + package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = + inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + }; + }; +} diff --git a/nixos/imports/security.nix b/nixos/imports/security.nix new file mode 100644 index 0000000..667a61e --- /dev/null +++ b/nixos/imports/security.nix @@ -0,0 +1,5 @@ +{...}: { + security = { + rtkit.enable = true; + }; +} diff --git a/nixos/imports/services.nix b/nixos/imports/services.nix new file mode 100644 index 0000000..84c1b6f --- /dev/null +++ b/nixos/imports/services.nix @@ -0,0 +1,39 @@ +{pkgs, ...}: { + services = { + greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland"; + user = "greeter"; + }; + }; + }; + + # OpenSSH + openssh.enable = true; + + # Cups printing service + printing.enable = true; + + # Enable blueman + blueman.enable = true; + + # Enable smart card services + pcscd.enable = true; + + # Framework firmware updating + fwupd.enable = true; + + # Enable sound with pipewire. + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + spice-vdagentd.enable = true; + }; +} diff --git a/nixos/imports/users.nix b/nixos/imports/users.nix new file mode 100644 index 0000000..c9fab17 --- /dev/null +++ b/nixos/imports/users.nix @@ -0,0 +1,28 @@ +{pkgs, ...}: { + users = { + mutableUsers = false; + users.shahab = { + shell = pkgs.zsh; + + # Only do this if you have already configured zsh in home manager + ignoreShellProgramCheck = true; + + isNormalUser = true; + description = "Shahab Dogar"; + extraGroups = [ + "networkmanager" + "wheel" + "input" + "libvirtd" + ]; + hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4"; + + openssh.authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBijtTtb6UT5gssWolNGX1rcjAKsdtfz25fZMMnzq4v" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0" + ]; + }; + }; + }; +} diff --git a/nixos/imports/virtualisation.nix b/nixos/imports/virtualisation.nix new file mode 100644 index 0000000..cb6301f --- /dev/null +++ b/nixos/imports/virtualisation.nix @@ -0,0 +1,34 @@ +{pkgs, ...}: { + virtualisation = { + podman = { + enable = true; + dockerSocket.enable = true; + dockerCompat = true; + + autoPrune = { + enable = true; + dates = "weekly"; + }; + }; + + containers = { + registries = { + search = ["docker.io"]; + }; + }; + + libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + + ovmf = { + enable = true; + packages = with pkgs; [OVMFFull.fd]; + }; + }; + }; + + spiceUSBRedirection.enable = true; + }; +}