diff --git a/home/dogar/blueocean.nix b/home/dogar/blueocean.nix new file mode 100644 index 0000000..1cfd3b8 --- /dev/null +++ b/home/dogar/blueocean.nix @@ -0,0 +1,42 @@ +{config, lib, ...}: { + imports = lib.flatten [ + # + # ========== Required Configs ========== + # + ./common/core + + # + # ========== Host-specific Optional Configs ========== + # + (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [ + "btop" + "direnv" + "firefox" + "fonts" + "ghostty" + "git" + "hyprland" + "kitty" + "misc-packages" + "nvim" + "ssh" + "starship" + "tmux" + "uv" + "zsh" + ]) + ]; + + services.yubikey-touch-detector.enable = true; + + home = { + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + stateVersion = "25.05"; + sessionVariables = { + EDITOR = "nvim"; + NIXOS_OZONE_WL = "1"; + }; + file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink + "${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc"; + }; +} diff --git a/home/dogar/common/core/default.nix b/home/dogar/common/core/default.nix new file mode 100644 index 0000000..7979ad3 --- /dev/null +++ b/home/dogar/common/core/default.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + hostSpec, + ... +}: { + imports = lib.flatten [ + (map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"]) + ]; + + inherit hostSpec; + + home = { + username = lib.mkDefault config.hostSpec.username; + homeDirectory = lib.mkDefault config.hostSpec.home; + stateVersion = lib.mkDefault "25.05"; + sessionPath = ["$HOME/.local/bin"]; + sessionVariables = { + FLAKE = "$HOME/src/nix/nix-config"; + SHELL = "zsh"; + VISUAL = "nvim"; + EDITOR = "nvim"; + }; + }; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = ["nix-command" "flakes"]; + warn-dirty = false; + }; + }; + + programs.home-manager.enable = true; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; +} diff --git a/home/dogar/common/optional/btop.nix b/home/dogar/common/optional/btop.nix new file mode 100644 index 0000000..8b659f5 --- /dev/null +++ b/home/dogar/common/optional/btop.nix @@ -0,0 +1,3 @@ +{...}: { + programs.btop = {enable = true;}; +} diff --git a/home/dogar/common/optional/direnv.nix b/home/dogar/common/optional/direnv.nix new file mode 100644 index 0000000..7c26805 --- /dev/null +++ b/home/dogar/common/optional/direnv.nix @@ -0,0 +1,8 @@ +{ + programs.direnv = { + enable = true; + enableBashIntegration = true; + enableZshIntegration = true; + nix-direnv.enable = true; + }; +} diff --git a/home/dogar/common/optional/firefox.nix b/home/dogar/common/optional/firefox.nix new file mode 100644 index 0000000..70341ac --- /dev/null +++ b/home/dogar/common/optional/firefox.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + programs.firefox = { + enable = true; + package = pkgs.firefox.override { + cfg = { + # Gnome shell native connector + enableGnomeExtensions = true; + }; + }; + }; +} diff --git a/home/dogar/common/optional/fonts.nix b/home/dogar/common/optional/fonts.nix new file mode 100644 index 0000000..fe61335 --- /dev/null +++ b/home/dogar/common/optional/fonts.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + fonts.fontconfig.enable = true; + home.packages = with pkgs; [nerd-fonts.jetbrains-mono]; +} diff --git a/home/dogar/common/optional/ghostty.nix b/home/dogar/common/optional/ghostty.nix new file mode 100644 index 0000000..5af0d23 --- /dev/null +++ b/home/dogar/common/optional/ghostty.nix @@ -0,0 +1,12 @@ +{config, ...}: { + programs.ghostty = { + enable = true; + + settings = { + theme = "catppuccin-mocha"; + font-family = config.hostSpec.font; + font-size = 14; + initial-command = "tmux"; + }; + }; +} diff --git a/home/dogar/common/optional/git.nix b/home/dogar/common/optional/git.nix new file mode 100644 index 0000000..a682658 --- /dev/null +++ b/home/dogar/common/optional/git.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: { + programs.git = { + enable = true; + lfs.enable = true; + + settings = { + user = { + name = config.hostSpec.userFullName; + email = config.hostSpec.email.user; + }; + gpg = {format = "ssh";}; + "gpg \"ssh\"" = { + program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}"; + }; + commit = {gpgsign = true;}; + user = {signingKey = "~/.ssh/id_ed25519.pub";}; + pull = {rebase = true;}; + init = {defaultBranch = "main";}; + lfs = {locksverify = true;}; + }; + }; +} diff --git a/home/dogar/common/optional/hyprland.nix b/home/dogar/common/optional/hyprland.nix new file mode 100644 index 0000000..f9d4985 --- /dev/null +++ b/home/dogar/common/optional/hyprland.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: { + home = { + file = { + "${config.xdg.configHome}/hypr/hyprland.conf".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprland.conf"}"; + "${config.xdg.configHome}/hypr/hypridle.conf".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hypridle.conf"}"; + "${config.xdg.configHome}/hypr/hyprlock.conf".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprlock.conf"}"; + "${config.xdg.configHome}/waybar".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/waybar"}"; + "${config.xdg.configHome}/wofi".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/wofi"}"; + "${config.xdg.configHome}/mako".source = + config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/mako"}"; + }; + + packages = with pkgs; [ + hyprshot + hyprlock + hypridle + hyprpolkitagent + waybar + wofi + mako + ]; + }; +} diff --git a/home/dogar/common/optional/kitty.nix b/home/dogar/common/optional/kitty.nix new file mode 100644 index 0000000..0bdc87b --- /dev/null +++ b/home/dogar/common/optional/kitty.nix @@ -0,0 +1,14 @@ +{config, ...}: { + programs.kitty = { + enable = true; + + shellIntegration.enableZshIntegration = true; + settings = { + font = config.hostSpec.font; + shell = "tmux"; + font-size = 16.0; + active_border_color = "#44ffff"; + single_window_margin_width = 0; + }; + }; +} diff --git a/home/dogar/common/optional/misc-packages.nix b/home/dogar/common/optional/misc-packages.nix new file mode 100644 index 0000000..0f81205 --- /dev/null +++ b/home/dogar/common/optional/misc-packages.nix @@ -0,0 +1,35 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + btop + zoxide + unzip + tmux + gcc + zig + gparted + gnupg + dig + bash + kdePackages.dolphin + font-awesome + tree + wl-clipboard-rs + brightnessctl + age + nerd-fonts.jetbrains-mono + lazygit + gh + dbeaver-bin + cloudflare-warp + protonmail-desktop + rpi-imager + kubectl + k9s + postgresql_17 + kitty + waybar + obsidian + yq + jq + ]; +} diff --git a/home/dogar/common/optional/nvim.nix b/home/dogar/common/optional/nvim.nix new file mode 100644 index 0000000..01237db --- /dev/null +++ b/home/dogar/common/optional/nvim.nix @@ -0,0 +1,13 @@ +{config, ...}: { + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; + + # Create a symlink from ~/.config/nvim to the dotfiles directory + home.file.".config/nvim".source = + config.lib.file.mkOutOfStoreSymlink + "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim"; +} diff --git a/home/dogar/common/optional/ssh.nix b/home/dogar/common/optional/ssh.nix new file mode 100644 index 0000000..7301d49 --- /dev/null +++ b/home/dogar/common/optional/ssh.nix @@ -0,0 +1,10 @@ +{...}: let + onePassPath = "~/.1password/agent.sock"; +in { + programs.ssh = { + enable = true; + enableDefaultConfig = false; + extraConfig = "IdentityAgent ${onePassPath}"; + matchBlocks."*" = {}; + }; +} diff --git a/home/dogar/common/optional/starship.nix b/home/dogar/common/optional/starship.nix new file mode 100644 index 0000000..b17e578 --- /dev/null +++ b/home/dogar/common/optional/starship.nix @@ -0,0 +1 @@ +{...}: {programs.starship.enable = true;} diff --git a/home/dogar/common/optional/tmux.nix b/home/dogar/common/optional/tmux.nix new file mode 100644 index 0000000..527859e --- /dev/null +++ b/home/dogar/common/optional/tmux.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + pkgs, + ... +}: { + home = { + file = { + "${config.xdg.configHome}/tmux".source = + lib.custom.relativeToRoot "dotfiles/tmux"; + }; + + packages = with pkgs; [tmux]; + }; +} diff --git a/home/dogar/common/optional/uv.nix b/home/dogar/common/optional/uv.nix new file mode 100644 index 0000000..a71d8f1 --- /dev/null +++ b/home/dogar/common/optional/uv.nix @@ -0,0 +1,10 @@ +{ + ... +}: { + programs.uv = { + enable = true; + settings = { + pip.index-url = "https://pip.dogar.dev"; + }; + }; +} diff --git a/home/dogar/common/optional/zsh.nix b/home/dogar/common/optional/zsh.nix new file mode 100644 index 0000000..63011ec --- /dev/null +++ b/home/dogar/common/optional/zsh.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + ... +}: { + home.packages = with pkgs; [ + eza + ripgrep + rm-improved + dust + xcp + nh + zoxide + ]; + + programs.zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + + initContent = '' + eval "$(zoxide init zsh)" + ''; + + shellAliases = { + ".." = "cd .."; + ls = "exa"; + vim = "nvim"; + grep = "rg"; + du = "dust"; + rm = "rip"; + cp = "xcp"; + uo = "nh os switch ~/git/nix-config"; + k = "kubectl"; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + }; + }; +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index c14e6f8..146b0a0 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -16,9 +16,6 @@ ]; hostSpec = { - username = "shahab"; - handle = "shahab96"; - email = {user = "shahab@dogar.dev";}; userFullName = "Shahab Dogar"; networking.ports.tcp.ssh = 22; }; @@ -69,7 +66,7 @@ enable = true; clean.enable = true; clean.extraArgs = "--keep-since 10d --keep 10"; - flake = "/home/user/${config.hostSpec.home}/nix-config"; + flake = "${config.hostSpec.home}/nix-config"; }; # ========= Sops ========= diff --git a/hosts/common/disks/blueocean.nix b/hosts/common/disks/blueocean.nix new file mode 100644 index 0000000..d364e94 --- /dev/null +++ b/hosts/common/disks/blueocean.nix @@ -0,0 +1,116 @@ +{ + lib, + primary, + nix, + withSwap, + swapSize, + label, + ... +}: { + disko = { + devices = { + disk = { + main = { + device = primary; + + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + luks = { + size = "100%"; + content = { + name = "crypted"; + type = "luks"; + passwordFile = "/tmp/secret.key"; + settings = { + allowDiscards = true; + crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"]; + }; + content = { + type = "lvm_pv"; + vg = "crypt_vg"; + }; + }; + }; + }; + }; + }; + secondary = { + device = nix; + + type = "disk"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; + content = { + name = "crypt-nix"; + type = "luks"; + passwordFile = "/tmp/secret.key"; + settings = { + allowDiscards = true; + crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"]; + }; + content = { + type = "btrfs"; + extraArgs = ["-L nix -f"]; + subvolumes = { + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + crypt_vg = { + type = "lvm_vg"; + lvs = { + swap = lib.mkIf withSwap { + size = "${swapSize}G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + main = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-L" label "-f"]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/nixos/blueocean/default.nix b/hosts/nixos/blueocean/default.nix new file mode 100644 index 0000000..ca8f606 --- /dev/null +++ b/hosts/nixos/blueocean/default.nix @@ -0,0 +1,95 @@ +{ + inputs, + lib, + config, + ... +}: { + imports = lib.flatten [ + # + # ========= Hardware ========= + # + ./hardware-configuration.nix + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-gpu-amd + inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.nixos-hardware.nixosModules.lenovo-legion-16ithg6 + + # + # ========= Disk Layout ========= + # + inputs.disko.nixosModules.disko + (lib.custom.relativeToRoot "hosts/common/disks/blueocean.nix") + { + _module.args = { + primary = "/dev/nvme0n1"; + nix = "/dev/nvme1n1"; + withSwap = true; + swapSize = "4"; + label = "nixos"; + }; + } + + # + # ========= Required Configs ========= + # + (map lib.custom.relativeToRoot ["hosts/common/core"]) + + # + # ========= Optional Configs ========= + # + (map (c: lib.custom.relativeToRoot "hosts/common/optional/${c}.nix") [ + "1password" + "claude-code" + "dconf" + "docker" + "hyprland" + "nix-ld" + "secure-boot" + "yubikey" + ]) + + # + # ========= Optional Services ========= + # + (map + (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [ + "audio" + "bluetooth" + "firmware" + "greetd" + "openssh" + "printing" + "smart-card" + "vpn" + ]) + ]; + + # + # ========= Host specification ========= + # + hostSpec = { + hostName = "blueocean"; + username = "dogar"; + handle = "shadogar"; + email = {user = "shahab.dogar@blueocean.ai";}; + }; + + networking = { + networkmanager.enable = true; + enableIPv6 = false; + }; + + boot = { + loader = { + # Set this to true on first install. This must be false for secure boot. + systemd-boot = { + enable = lib.mkForce (!config.hostSpec.secureBoot); + configurationLimit = config.hostSpec.bootHistoryLimit; + }; + efi.canTouchEfiVariables = true; + }; + }; + + security.rtkit.enable = true; + system.stateVersion = "25.05"; +} diff --git a/hosts/nixos/blueocean/hardware-configuration.nix b/hosts/nixos/blueocean/hardware-configuration.nix new file mode 100644 index 0000000..de2e76d --- /dev/null +++ b/hosts/nixos/blueocean/hardware-configuration.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + + boot = { + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + kernelModules = []; + }; + + kernelModules = ["kvm-amd"]; + extraModulePackages = []; + binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware = { + cpu.amd.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; + graphics = { + enable = true; + }; + }; +} diff --git a/hosts/nixos/rihla/default.nix b/hosts/nixos/rihla/default.nix index 7ccd786..9482b11 100644 --- a/hosts/nixos/rihla/default.nix +++ b/hosts/nixos/rihla/default.nix @@ -87,6 +87,9 @@ secureBoot = false; persist = "/persist"; impermanance = false; + username = "shahab"; + handle = "shahab96"; + email = {user = "shahab@dogar.dev";}; }; networking = { diff --git a/hosts/nixos/rihla/hardware-configuration.nix b/hosts/nixos/rihla/hardware-configuration.nix index de2e76d..633cddd 100644 --- a/hosts/nixos/rihla/hardware-configuration.nix +++ b/hosts/nixos/rihla/hardware-configuration.nix @@ -2,7 +2,6 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - config, lib, modulesPath, ... @@ -38,8 +37,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { - cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; graphics = { enable = true; };