diff --git a/hosts/matej-nixos/configuration.nix b/hosts/matej-nixos/configuration.nix new file mode 100644 index 0000000..d1d4e5b --- /dev/null +++ b/hosts/matej-nixos/configuration.nix @@ -0,0 +1,298 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + inputs, + options, + ... +}: + +let + packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; +in + +{ + imports = [ + inputs.stylix.nixosModules.stylix + inputs.self.nixosModules.yubikey + inputs.self.nixosModules.sway + ]; + + yubikey.enable = true; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + stylix = { + enable = true; + polarity = "dark"; + image = "${inputs.self}/assets/wallpaper.png"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; + }; + + virtualisation.docker = { + enable = true; + logDriver = "json-file"; + }; + + # WARN:(matej) probably want to drop this in the future + # i added this to get ruff working when installed via pip + programs.nix-ld.enable = true; + programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; + + services.blueman.enable = true; + security.polkit.enable = true; + security.pki.certificateFiles = [ packages.ca-matheo-si ]; + + services.gnome.gnome-keyring.enable = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + # Set your time zone. + time.timeZone = "Europe/Ljubljana"; + environment.variables.TZ = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + #console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # #useXkbConfig = true; + #}; + + users.defaultUserShell = pkgs.zsh; + users.users.matej = { + uid = 1000; + isNormalUser = true; + home = "/home/matej"; + extraGroups = [ + "wheel" + "docker" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" + ]; + }; + + services.teamviewer.enable = true; + users.groups.matej = { + gid = 1000; + members = [ "matej" ]; + }; + + home-manager.backupFileExtension = "backup"; + home-manager.users.matej = { + home.stateVersion = "24.11"; + home.packages = [ ]; + }; + + programs.zsh = { + enable = true; + }; + environment.etc."zshenv".text = '' + export ZDOTDIR=$HOME/.config/zsh + ''; + + # Wayland, X, etc. support for session vars + # systemd.user.sessionVariables = config.home-manager.users.matej.home.sessionVariables; }; + + # enable Sway window manager + sway = { + enable = true; + cmdFlags = [ "--unsupported-gpu" ]; + }; + + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.tuigreet}/bin/tuigreet --time --remember --cmd sway"; + user = "greeter"; + }; + }; + }; + # users.users.greeter = { + # isSystemUser = true; + # description = "greetd user"; + # group = "nogroup"; + # home = "/var/lib/greetd"; + # }; + + programs.thunderbird.enable = true; + programs._1password.enable = true; + programs._1password-gui.enable = true; + + services.playerctld.enable = true; + + fonts.packages = with pkgs; [ + font-awesome + nerd-fonts.jetbrains-mono + maple-mono.NF + ]; + + programs.gnupg.agent = { + enable = true; + enableExtraSocket = true; + enableSSHSupport = true; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + hardware.keyboard.zsa.enable = true; + hardware.ledger.enable = true; + + environment.systemPackages = with pkgs; [ + # discord + vesktop + rocketchat-desktop + telegram-desktop + slack + # + ghostty + mdbook + pass + google-chrome + # nodejs + pavucontrol + protonmail-bridge + python3 + zathura + smartmontools + marksman + mdformat + jellyfin-media-player + cider-2 + libnotify # need this for runelite + bolt-launcher + ledger-live-desktop + ]; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + services.pipewire = { + enable = true; + # alsa.enable = true; + # alsa.support32Bit = true; + pulse.enable = true; + # jack.enable = true; + }; + + services.dbus.enable = true; + + xdg = { + portal = { + xdgOpenUsePortal = true; + enable = true; + extraPortals = [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + ]; + }; + mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; + }; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + programs.firefox.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = null; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + }; + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/hosts/matej-nixos/hardware-configuration.nix b/hosts/matej-nixos/hardware-configuration.nix new file mode 100644 index 0000000..d8081f3 --- /dev/null +++ b/hosts/matej-nixos/hardware-configuration.nix @@ -0,0 +1,150 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ + "dm-snapshot" + "r8169" + ]; + boot.kernelModules = [ + "kvm-amd" + ]; + boot.extraModulePackages = [ ]; + boot.kernelParams = [ + "ip=10.222.0.247::10.222.0.1:255.255.255.0::enp5s0:none" + ]; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_rsa_key" + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" + ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + + }; + + boot.initrd.luks.devices."cryptlvm".device = + "/dev/disk/by-uuid/af0608c0-67cd-4ae4-b12c-252fa947da40"; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f11fbdfe-4bcc-4e35-b72a-a4c94cb77262"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7151-CE52"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + + networking = { + useDHCP = false; + hostName = "matej-nixos"; + networkmanager.enable = true; # Easiest to use and most distros use this by default. + interfaces.enp5s0.ipv4.addresses = [ + { + address = "10.222.0.247"; + prefixLength = 24; + } + ]; + firewall = { + enable = false; + allowedTCPPorts = lib.range 8800 8900; + }; + defaultGateway = "10.222.0.1"; + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + }; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # TODO: maybe move later + hardware.bluetooth.enable = true; # enables support for Bluetooth + hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot + + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; +}