feat: NixOS | modular nixos config

2025-02-10 23:57:50 +05:00
parent 25b942ef7a
commit 257be3540d
23 changed files with 269 additions and 289 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -40,47 +40,43 @@
    };
  };
-  outputs =
+  outputs = {nixpkgs, ...} @ inputs: let
-    { nixpkgs, ... }@inputs:
+    system = "x86_64-linux";
-    let
+    hostName = "rihla";
-      system = "x86_64-linux";
+    user = "shahab";
-      host = "rihla";
+    pkgs = nixpkgs.legacyPackages.${system};
-      user = "shahab";
+  in {
-      pkgs = nixpkgs.legacyPackages.${system};
+    nixosConfigurations = {
-    in
+      "${hostName}" = nixpkgs.lib.nixosSystem {
-    {
+        inherit system;
-      nixosConfigurations = {
+        modules = [
-        "${host}" = nixpkgs.lib.nixosSystem {
+          inputs.lanzaboote.nixosModules.lanzaboote
-          inherit system;
+          inputs.disko.nixosModules.disko
-          modules = [
+          inputs.nixos-hardware.nixosModules.framework-13-7040-amd
-            inputs.lanzaboote.nixosModules.lanzaboote
+          inputs.sops-nix.nixosModules.sops
-            inputs.disko.nixosModules.disko
+          ./nixos/configuration.nix
-            inputs.nixos-hardware.nixosModules.framework-13-7040-amd
+          ./nixos/disko-config.nix
-            inputs.sops-nix.nixosModules.sops
+          ./nixos/hardware-configuration.nix
            ./nixos/configuration.nix
            ./nixos/disko-config.nix
            ./nixos/hardware-configuration.nix
          ];
          specialArgs = {
            inherit inputs;
            hostname = host;
          };
        };
      };
      homeConfigurations = {
        "${user}" = inputs.home-manager.lib.homeManagerConfiguration {
          inherit pkgs;
          modules = [ ./home-manager/home.nix ];
        };
      };
      devShell.x86_64-linux = pkgs.mkShell {
        buildInputs = with pkgs; [
          nil
          nixfmt-rfc-style
          lua-language-server
        ];
        specialArgs = {
          inherit inputs hostName;
        };
      };
    };
    homeConfigurations = {
      "${user}" = inputs.home-manager.lib.homeManagerConfiguration {
        inherit pkgs;
        modules = [./home-manager/home.nix];
      };
    };
    devShell.x86_64-linux = pkgs.mkShell {
      buildInputs = with pkgs; [
        nil
        alejandra
        lua-language-server
      ];
    };
  };
 }
--- a/home-manager/configs/alacritty.nix
+++ b/home-manager/configs/alacritty.nix
@@ -1,6 +1,4 @@
-{ font, ... }:
+{font, ...}: {
 {
  programs.alacritty = {
    enable = true;
--- a/home-manager/configs/direnv.nix
+++ b/home-manager/configs/direnv.nix
@@ -1,6 +1,4 @@
-{ ... }:
+{...}: {
 {
  programs.direnv = {
    enable = true;
    enableZshIntegration = true;
--- a/home-manager/configs/firefox.nix
+++ b/home-manager/configs/firefox.nix
@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
 {
  programs.firefox = {
    enable = true;
    package = pkgs.firefox.override {
--- a/home-manager/configs/git.nix
+++ b/home-manager/configs/git.nix
@@ -4,9 +4,7 @@
  userName,
  userEmail,
  ...
-}:
+}: {
 {
  programs.git = {
    package = pkgs.gitAndTools.gitFull;
    enable = true;
--- a/home-manager/configs/nvim.nix
+++ b/home-manager/configs/nvim.nix
@@ -1,6 +1,4 @@
-{ ... }:
+{...}: {
 {
  programs.neovim = {
    enable = true;
    defaultEditor = true;
--- a/home-manager/configs/ssh.nix
+++ b/home-manager/configs/ssh.nix
@@ -1,9 +1,6 @@
-{ ... }:
+{...}: let
 let
  onePassPath = "~/.1password/agent.sock";
-in
+in {
 {
  programs.ssh = {
    enable = true;
    extraConfig = "IdentityAgent ${onePassPath}";
--- a/home-manager/configs/starship.nix
+++ b/home-manager/configs/starship.nix
@@ -1,5 +1,3 @@
-{ ... }:
+{...}: {
 {
  programs.starship.enable = true;
 }
--- a/home-manager/configs/zsh.nix
+++ b/home-manager/configs/zsh.nix
@@ -1,6 +1,4 @@
-{ config, ... }:
+{config, ...}: {
 {
  programs.zsh = {
    enable = true;
    enableCompletion = true;
--- a/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua
+++ b/home-manager/dotfiles/nvim/lua/custom/configs/lspconfig.lua
@@ -72,7 +72,7 @@ lspconfig.nil_ls.setup {
    ['nil'] = {
      testSetting = 42,
      formatting = {
-        command = { "nixfmt" },
+        command = { "alejandra" },
      },
    },
  },
--- a/home-manager/home.nix
+++ b/home-manager/home.nix
@@ -5,15 +5,13 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  # Be sure to actually install the font first!
  font = "ComicCodeLigatures";
  username = "shahab";
  email = "shahab@dogar.dev";
  fullName = "Shahab Dogar";
-in
+in {
 {
  # You can import other home-manager modules here
  imports = [
    # Custom import to configure font
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -3,13 +3,21 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
  lib,
  inputs,
  pkgs,
  hostname,
  ...
-}:
+}: {
  imports = [
    ./imports/environment.nix
    ./imports/hardware.nix
    ./imports/i18n.nix
    ./imports/networking.nix
    ./imports/nix.nix
    ./imports/programs.nix
    ./imports/security.nix
    ./imports/services.nix
    ./imports/users.nix
    ./imports/virtualisation.nix
  ];
 {
  # Bootloader.
  boot = {
    loader = {
@@ -24,114 +32,9 @@
    };
  };
  networking.hostName = hostname; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Enable networking
  networking.networkmanager.enable = true;
  # Set your time zone.
  time.timeZone = "Asia/Karachi";
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "ur_PK";
    LC_IDENTIFICATION = "ur_PK";
    LC_MEASUREMENT = "ur_PK";
    LC_MONETARY = "ur_PK";
    LC_NAME = "ur_PK";
    LC_NUMERIC = "ur_PK";
    LC_PAPER = "ur_PK";
    LC_TELEPHONE = "ur_PK";
    LC_TIME = "ur_PK";
  };
  # Enable flakes
  nix.settings = {
    substituters = [ "https://hyprland.cachix.org" ];
    trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
    experimental-features = [
      "nix-command"
      "flakes"
    ];
  };
  # Enable greetd and tuigreet
  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
        user = "greeter";
      };
    };
  };
  # Enable CUPS to print documents.
  services.printing.enable = true;
  # Enable blueman
  services.blueman.enable = true;
  # Enable smart card services
  services.pcscd.enable = true;
  # Framework firmware updating
  services.fwupd.enable = true;
  # Enable sound with pipewire.
  services.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  hardware = {
    # Bluetooth.
    bluetooth.enable = true;
    bluetooth.powerOnBoot = true;
    graphics = {
      enable = true;
      extraPackages = with pkgs; [ amdvlk ];
    };
  };
  security.rtkit.enable = true;
  users.mutableUsers = false;
  users.users.shahab = {
    shell = pkgs.zsh;
    # Only do this if you have already configured zsh in home manager
    ignoreShellProgramCheck = true;
    isNormalUser = true;
    description = "Shahab Dogar";
    extraGroups = [
      "networkmanager"
      "wheel"
      "input"
      "libvirtd"
    ];
    hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
    openssh.authorizedKeys = {
      keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBijtTtb6UT5gssWolNGX1rcjAKsdtfz25fZMMnzq4v"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0"
      ];
    };
  };
  # Allow unfree packages
  nixpkgs = {
    config = {
@@ -140,109 +43,6 @@
    };
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    pciutils
    virt-manager
    virt-viewer
    spice
    spice-gtk
    spice-protocol
    win-virtio
    win-spice
    sops
    sbctl # Secure boot
    yubikey-manager
    # Gaming stuff
    mangohud
    protonup-qt
  ];
  # Enable steam for gaming
  programs.steam = {
    enable = true;
    gamescopeSession.enable = true;
  };
  programs.gamemode.enable = true;
  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    # Certain features, including CLI integration and system authentication support,
    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
    polkitPolicyOwners = [ "shahab" ];
  };
  programs.dconf.enable = true;
  # Hyprland
  programs.hyprland = {
    enable = true;
    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
    portalPackage =
      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
  };
  programs.nix-ld = {
    enable = true;
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerSocket.enable = true;
      dockerCompat = true;
      autoPrune = {
        enable = true;
        dates = "weekly";
      };
    };
    containers = {
      registries = {
        search = [ "docker.io" ];
      };
    };
    libvirtd = {
      enable = true;
      qemu = {
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = with pkgs; [ OVMFFull.fd ];
        };
      };
    };
    spiceUSBRedirection.enable = true;
  };
  services.spice-vdagentd.enable = true;
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@@ -6,9 +6,8 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
-{
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    initrd = {
@@ -21,11 +20,11 @@
        "usb_storage"
        "sd_mod"
      ];
-      kernelModules = [ ];
+      kernelModules = [];
    };
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = ["kvm-amd"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/nixos/imports/environment.nix
+++ b/nixos/imports/environment.nix
@@ -0,0 +1,21 @@
 {pkgs, ...}: {
  environment = {
    systemPackages = with pkgs; [
      pciutils
      virt-manager
      virt-viewer
      spice
      spice-gtk
      spice-protocol
      win-virtio
      win-spice
      sops
      sbctl # Secure boot
      yubikey-manager
      # Gaming stuff
      mangohud
      protonup-qt
    ];
  };
 }
--- a/nixos/imports/hardware.nix
+++ b/nixos/imports/hardware.nix
@@ -0,0 +1,12 @@
 {pkgs, ...}: {
  hardware = {
    # Bluetooth.
    bluetooth.enable = true;
    bluetooth.powerOnBoot = true;
    graphics = {
      enable = true;
      extraPackages = with pkgs; [amdvlk];
    };
  };
 }
--- a/nixos/imports/i18n.nix
+++ b/nixos/imports/i18n.nix
@@ -0,0 +1,16 @@
 {...}: {
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "ur_PK";
      LC_IDENTIFICATION = "ur_PK";
      LC_MEASUREMENT = "ur_PK";
      LC_MONETARY = "ur_PK";
      LC_NAME = "ur_PK";
      LC_NUMERIC = "ur_PK";
      LC_PAPER = "ur_PK";
      LC_TELEPHONE = "ur_PK";
      LC_TIME = "ur_PK";
    };
  };
 }
--- a/nixos/imports/networking.nix
+++ b/nixos/imports/networking.nix
@@ -0,0 +1,7 @@
 {hostName, ...}: {
  networking = {
    inherit hostName;
    networkmanager.enable = true;
    firewall.allowedTCPPorts = [22];
  };
 }
--- a/nixos/imports/nix.nix
+++ b/nixos/imports/nix.nix
@@ -0,0 +1,12 @@
 {...}: {
  nix = {
    settings = {
      substituters = ["https://hyprland.cachix.org"];
      trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
  };
 }
--- a/nixos/imports/programs.nix
+++ b/nixos/imports/programs.nix
@@ -0,0 +1,29 @@
 {
  pkgs,
  inputs,
  ...
 }: {
  programs = {
    nix-ld.enable = true;
    dconf.enable = true;
    gamemode.enable = true;
    steam = {
      enable = true;
      gamescopeSession.enable = true;
    };
    _1password.enable = true;
    _1password-gui = {
      enable = true;
      polkitPolicyOwners = ["shahab"];
    };
    hyprland = {
      enable = true;
      package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
      portalPackage =
        inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
    };
  };
 }
--- a/nixos/imports/security.nix
+++ b/nixos/imports/security.nix
@@ -0,0 +1,5 @@
 {...}: {
  security = {
    rtkit.enable = true;
  };
 }
--- a/nixos/imports/services.nix
+++ b/nixos/imports/services.nix
@@ -0,0 +1,39 @@
 {pkgs, ...}: {
  services = {
    greetd = {
      enable = true;
      settings = {
        default_session = {
          command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
          user = "greeter";
        };
      };
    };
    # OpenSSH
    openssh.enable = true;
    # Cups printing service
    printing.enable = true;
    # Enable blueman
    blueman.enable = true;
    # Enable smart card services
    pcscd.enable = true;
    # Framework firmware updating
    fwupd.enable = true;
    # Enable sound with pipewire.
    pulseaudio.enable = false;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    spice-vdagentd.enable = true;
  };
 }
--- a/nixos/imports/users.nix
+++ b/nixos/imports/users.nix
@@ -0,0 +1,28 @@
 {pkgs, ...}: {
  users = {
    mutableUsers = false;
    users.shahab = {
      shell = pkgs.zsh;
      # Only do this if you have already configured zsh in home manager
      ignoreShellProgramCheck = true;
      isNormalUser = true;
      description = "Shahab Dogar";
      extraGroups = [
        "networkmanager"
        "wheel"
        "input"
        "libvirtd"
      ];
      hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
      openssh.authorizedKeys = {
        keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBijtTtb6UT5gssWolNGX1rcjAKsdtfz25fZMMnzq4v"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0"
        ];
      };
    };
  };
 }
--- a/nixos/imports/virtualisation.nix
+++ b/nixos/imports/virtualisation.nix
@@ -0,0 +1,34 @@
 {pkgs, ...}: {
  virtualisation = {
    podman = {
      enable = true;
      dockerSocket.enable = true;
      dockerCompat = true;
      autoPrune = {
        enable = true;
        dates = "weekly";
      };
    };
    containers = {
      registries = {
        search = ["docker.io"];
      };
    };
    libvirtd = {
      enable = true;
      qemu = {
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = with pkgs; [OVMFFull.fd];
        };
      };
    };
    spiceUSBRedirection.enable = true;
  };
 }