shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Flake | revamp entire flake (#1)

Browse Source 
Reviewed-on: #1
This commit is contained in:
Shahab Dogar
2025-02-16 06:35:32 +00:00
parent ecc87ef0b8
commit 79d044e8ef
80 changed files with 1015 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
hosts/common/core/default.nix Normal file
View File

@@ -0,0 +1,102 @@
{
pkgs,
inputs,
config,
lib,
...
}:
{
imports = lib.flatten [
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
(map lib.custom.relativeToRoot [
"modules/common"
"hosts/common/users/primary"
])
];
hostSpec = {
username = "shahab";
handle = "shahab96";
email = {
user = "shahab@dogar.dev";
};
userFullName = "Shahab Dogar";
domain = "rihla";
networking.ports.tcp.ssh = 22;
};
networking.hostName = config.hostSpec.hostName;
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bk";
};
#
# ========= Overlays =========
#
nixpkgs = {
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
};
#
# ========= Nix Settings =========
#
nix = {
settings = {
# See https://jackson.dev/post/nix-reasonable-defaults/
connect-timeout = 5;
log-lines = 25;
min-free = 128000000; # 128MB
max-free = 1000000000; # 1GB
auto-optimise-store = true;
warn-dirty = false;
trusted-users = [ "@wheel" ];
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
experimental-features = [
"nix-command"
"flakes"
];
};
};
# ========== Nix Helper ==========
# Provide better build output and will also handle garbage collection in place of standard nix gc (garbace collection)
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 10d --keep 10";
flake = "/home/user/${config.hostSpec.home}/nix-config";
};
# ========= Sops =========
environment.systemPackages = with pkgs; [
sops
];
#
# ========== Localization ==========
#
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "ur_PK";
LC_IDENTIFICATION = "ur_PK";
LC_MEASUREMENT = "ur_PK";
LC_MONETARY = "ur_PK";
LC_NAME = "ur_PK";
LC_NUMERIC = "ur_PK";
LC_PAPER = "ur_PK";
LC_TELEPHONE = "ur_PK";
LC_TIME = "ur_PK";
};
time.timeZone = lib.mkDefault "Asia/Karachi";
}

100
hosts/common/disks/rihla.nix Normal file
View File

@@ -0,0 +1,100 @@
{
disko = {
devices = {
disk = {
main = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
content = {
name = "crypted";
type = "luks";
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "lvm_pv";
vg = "crypt_vg";
};
};
};
};
};
};
};
lvm_vg = {
crypt_vg = {
type = "lvm_vg";
lvs = {
swap = {
size = "64G";
content = {
type = "swap";
resumeDevice = true;
};
};
main = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-L"
"nixos"
"-f"
];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
};
}

14
hosts/common/optional/1password.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config,
...
}:
{
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ config.hostSpec.username ];
};
};
}

7
hosts/common/optional/dconf.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
programs.dconf.enable = true;
}

47
hosts/common/optional/docker.nix Normal file
View File

@@ -0,0 +1,47 @@
{
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
dockerSocket.enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
dates = "weekly";
};
};
containers = {
registries = {
search = ["docker.io"];
};
};
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf = {
enable = true;
packages = with pkgs; [OVMFFull.fd];
};
};
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
];
}

22
hosts/common/optional/gaming.nix Normal file
View File

@@ -0,0 +1,22 @@
{
pkgs,
...
}:
{
programs = {
steam = {
enable = true;
gamescopeSession.enable = true;
};
# to run steam games in game mode, add the following to the game's properties from within steam
# gamemoderun %command%
gamemode.enable = true;
};
environment.systemPackages = with pkgs; [
mangohud
protonup-qt
];
}

24
hosts/common/optional/hyprland.nix Normal file
View File

@@ -0,0 +1,24 @@
{
inputs,
pkgs,
...
}:
{
programs.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
environment.systemPackages = with pkgs; [
hyprshot
hyprlock
hypridle
hyprpolkitagent
mako
waybar
wofi
];
}

7
hosts/common/optional/nix-ld.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
programs.nix-ld.enable = true;
}

10
hosts/common/optional/secure-boot.nix Normal file
View File

@@ -0,0 +1,10 @@
{
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
sbctl
];
}

23
hosts/common/optional/services/audio.nix Normal file
View File

@@ -0,0 +1,23 @@
{
pkgs,
...
}:
{
services = {
# Enable sound with pipewire.
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
};
security.rtkit.enable = true;
environment.systemPackages = builtins.attrValues {
inherit (pkgs) pavucontrol;
};
}

11
hosts/common/optional/services/bluetooth.nix Normal file
View File

@@ -0,0 +1,11 @@
{
...
}:
{
services.blueman.enable = true;
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
}

7
hosts/common/optional/services/firmware.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
services.fwupd.enable = true;
}

16
hosts/common/optional/services/greetd.nix Normal file
View File

@@ -0,0 +1,16 @@
{
pkgs,
...
}:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
user = "greeter";
};
};
};
}

15
hosts/common/optional/services/openssh.nix Normal file
View File

@@ -0,0 +1,15 @@
{
config,
...
}:
let
sshPort = config.hostSpec.networking.ports.tcp.ssh;
in
{
services.openssh = {
enable = true;
ports = [ sshPort ];
};
networking.firewall.allowedTCPPorts = [ sshPort ];
}

8
hosts/common/optional/services/printing.nix Normal file
View File

@@ -0,0 +1,8 @@
# Reminder that CUPS cpanel defaults to localhost:631
{
...
}:
{
services.printing.enable = true;
}

7
hosts/common/optional/services/smart-card.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
services.pcscd.enable = true;
}

22
hosts/common/optional/yubikey.nix Normal file
View File

@@ -0,0 +1,22 @@
{
pkgs,
...
}:
{
# yubikey login / sudo
security.pam = {
u2f = {
enable = true;
settings.cue = true;
};
services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
};
environment.systemPackages = with pkgs; [
yubikey-manager
];
}

53
hosts/common/users/primary/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
pkgs,
config,
lib,
inputs,
...
}:
let
hostSpec = config.hostSpec;
pubKeys = lib.filesystem.listFilesRecursive ./keys;
in {
users = {
mutableUsers = false;
users.${hostSpec.username} = {
# Only do this if you have already configured zsh in home manager
ignoreShellProgramCheck = true;
name = hostSpec.username;
shell = pkgs.zsh;
home = hostSpec.home;
isNormalUser = true;
hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
extraGroups = [
"networkmanager"
"wheel"
"input"
"libvirtd"
];
# Read all keys in ./keys and add them to authorizedKeys.
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
packages = with pkgs; [
libnotify
];
};
};
home-manager = {
extraSpecialArgs = {
inherit pkgs inputs;
hostSpec = config.hostSpec;
};
users.${hostSpec.username}.imports = lib.flatten [
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit pkgs inputs config lib hostSpec;
}
)
];
};
}

1
hosts/common/users/primary/keys/id_dogar.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBijtTtb6UT5gssWolNGX1rcjAKsdtfz25fZMMnzq4v

1
hosts/common/users/primary/keys/id_rihla.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0

92
hosts/nixos/rihla/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
inputs,
lib,
...
}:
{
imports = lib.flatten [
#
# ========= Hardware =========
#
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
#
# ======== Secure Boot =========
#
inputs.lanzaboote.nixosModules.lanzaboote
#
# ========= Disk Layout =========
#
inputs.disko.nixosModules.disko
(lib.custom.relativeToRoot "hosts/common/disks/rihla.nix")
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot [
"hosts/common/core"
])
#
# ========= Optional Configs =========
#
(map (config: lib.custom.relativeToRoot "hosts/common/optional/${config}.nix") [
"1password"
"dconf"
"docker"
"gaming"
"hyprland"
"nix-ld"
"secure-boot"
"yubikey"
])
#
# ========= Optional Services =========
#
(map (service: lib.custom.relativeToRoot "hosts/common/optional/services/${service}.nix") [
"audio"
"bluetooth"
"firmware"
"greetd"
"openssh"
"printing"
"smart-card"
])
];
#
# ========= Host specification =========
#
hostSpec = {
hostName = "rihla";
};
networking = {
networkmanager.enable = true;
enableIPv6 = false;
};
boot = {
loader = {
# Set this to true on first install. This must be false for secure boot.
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
};
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
security.rtkit.enable = true;
system.stateVersion = "25.05";
}

47
hosts/nixos/rihla/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
pkgs,
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"thunderbolt"
"usb_storage"
"sd_mod"
];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = {
enable = true;
extraPackages = with pkgs; [amdvlk];
};
};
}