diff --git a/hosts/live-iso/configuration.nix b/hosts/live-iso/configuration.nix index c8fe496..ed87911 100644 --- a/hosts/live-iso/configuration.nix +++ b/hosts/live-iso/configuration.nix @@ -1,5 +1,14 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, inputs, ... }: +let + keys = import ../../users/matej/keys.nix; +in { + imports = [ + inputs.self.nixosModules.openssh + ]; + + openssh.enable = true; + image.modules.iso-installer = { isoImage.squashfsCompression = "zstd -Xcompression-level 6"; }; @@ -10,17 +19,6 @@ }; boot.loader.grub.device = lib.mkDefault "/dev/sda"; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = null; - PermitRootLogin = "no"; - StreamLocalBindUnlink = "yes"; - }; - }; - networking.firewall.allowedTCPPorts = [ 22 ]; users = { @@ -38,14 +36,9 @@ "wheel" "users" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" - ]; + openssh.authorizedKeys.keys = keys.sshAuthorizedKeys; }; }; - # boot.extraModulePackages = [ pkgs.linuxPackages.r8125 ]; - # boot.blacklistedKernelModules = [ "r8169" ]; - system.stateVersion = "25.05"; } diff --git a/hosts/matej-nixos/configuration.nix b/hosts/matej-nixos/configuration.nix index 1cea18f..7ff6620 100644 --- a/hosts/matej-nixos/configuration.nix +++ b/hosts/matej-nixos/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, @@ -20,10 +16,27 @@ in inputs.stylix.nixosModules.stylix inputs.self.nixosModules.yubikey inputs.self.nixosModules.sway + inputs.self.nixosModules.openssh + inputs.self.nixosModules.desktop + inputs.self.nixosModules.printing + inputs.self.nixosModules.zsh + inputs.self.nixosModules.gnupg ]; + # Modules yubikey.enable = true; + openssh.enable = true; + desktop.enable = true; + printing.enable = true; + zsh.enable = true; + gnupg.enable = true; + sway = { + enable = true; + cmdFlags = [ "--unsupported-gpu" ]; + }; + + # Stylix theming stylix = { enable = true; polarity = "dark"; @@ -31,87 +44,38 @@ in base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; }; + # Boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Locale + time.timeZone = "Europe/Ljubljana"; + environment.variables.TZ = "America/New_York"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Docker virtualisation.docker = { enable = true; logDriver = "json-file"; }; + # nix-ld for pip-installed binaries # WARN:(matej) probably want to drop this in the future - # i added this to get ruff working when installed via pip programs.nix-ld.enable = true; programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; - services.blueman.enable = true; - security.polkit.enable = true; + # Security security.pki.certificateFiles = [ packages.ca-matheo-si ]; - services.gnome.gnome-keyring.enable = true; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - + # Services + services.teamviewer.enable = true; services.tailscale = { enable = true; useRoutingFeatures = "both"; }; - # Set your time zone. - time.timeZone = "Europe/Ljubljana"; - environment.variables.TZ = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - #console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # #useXkbConfig = true; - #}; - - users.defaultUserShell = pkgs.zsh; - users.users.matej = { - uid = 1000; - isNormalUser = true; - home = "/home/matej"; - extraGroups = [ - "wheel" - "docker" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" - ]; - }; - - services.teamviewer.enable = true; - users.groups.matej = { - gid = 1000; - members = [ "matej" ]; - }; - - home-manager.backupFileExtension = "backup"; - home-manager.users.matej = { - home.stateVersion = "24.11"; - home.packages = [ ]; - }; - - programs.zsh = { - enable = true; - }; - environment.etc."zshenv".text = '' - export ZDOTDIR=$HOME/.config/zsh - ''; - - # Wayland, X, etc. support for session vars - # systemd.user.sessionVariables = config.home-manager.users.matej.home.sessionVariables; }; - - # enable Sway window manager - sway = { - enable = true; - cmdFlags = [ "--unsupported-gpu" ]; - }; - + # Greetd services.greetd = { enable = true; settings = { @@ -121,173 +85,32 @@ in }; }; }; - # users.users.greeter = { - # isSystemUser = true; - # description = "greetd user"; - # group = "nogroup"; - # home = "/var/lib/greetd"; - # }; + # Programs programs.thunderbird.enable = true; programs._1password.enable = true; programs._1password-gui.enable = true; - - services.playerctld.enable = true; - - fonts.packages = with pkgs; [ - font-awesome - nerd-fonts.jetbrains-mono - maple-mono.NF - ]; - - programs.gnupg.agent = { - enable = true; - enableExtraSocket = true; - enableSSHSupport = true; - }; - + programs.firefox.enable = true; programs.steam = { enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; }; + + # Hardware hardware.keyboard.zsa.enable = true; hardware.ledger.enable = true; + # System packages environment.systemPackages = with pkgs; [ - # discord - vesktop - rocketchat-desktop - telegram-desktop - slack - # - ghostty - mdbook - pass - google-chrome - # nodejs - pavucontrol - protonmail-bridge - python3 - zathura smartmontools - marksman - mdformat - jellyfin-media-player - cider-2 - libnotify # need this for runelite - bolt-launcher - ledger-live-desktop ]; - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; + # XDG + xdg.mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; }; - # Enable sound. - # hardware.pulseaudio.enable = true; - # OR - services.pipewire = { - enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - pulse.enable = true; - # jack.enable = true; - }; - - services.dbus.enable = true; - - xdg = { - portal = { - xdgOpenUsePortal = true; - enable = true; - extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - ]; - }; - mime.defaultApplications = { - "application/pdf" = "org.pwmt.zathura.desktop"; - }; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; - - programs.firefox.enable = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = null; - PermitRootLogin = "no"; - StreamLocalBindUnlink = "yes"; - }; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.11"; # Did you read the comment? - + system.stateVersion = "24.11"; } diff --git a/hosts/matej-tower/configuration.nix b/hosts/matej-tower/configuration.nix index 714c735..ddfd8f8 100644 --- a/hosts/matej-tower/configuration.nix +++ b/hosts/matej-tower/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, @@ -11,27 +7,29 @@ ... }: -let - packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; -in - { imports = [ inputs.stylix.nixosModules.stylix inputs.lanzaboote.nixosModules.lanzaboote inputs.self.nixosModules.yubikey inputs.self.nixosModules.sway + inputs.self.nixosModules.openssh + inputs.self.nixosModules.desktop + inputs.self.nixosModules.printing + inputs.self.nixosModules.zsh + inputs.self.nixosModules.gnupg ]; - sway.enable = true; + # Modules yubikey.enable = true; + openssh.enable = true; + desktop.enable = true; + printing.enable = true; + zsh.enable = true; + gnupg.enable = true; + sway.enable = true; - fonts.packages = with pkgs; [ - font-awesome - nerd-fonts.jetbrains-mono - maple-mono.NF - ]; - + # Stylix theming stylix = { enable = true; polarity = "dark"; @@ -39,254 +37,64 @@ in base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; }; - virtualisation.docker = { - enable = true; - logDriver = "json-file"; - }; - - # Use the systemd-boot EFI boot loader. + # Boot - Lanzaboote secure boot boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote = { enable = true; pkiBundle = "/var/lib/sbctl"; }; - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; + # Locale + time.timeZone = "Europe/Ljubljana"; + environment.variables.TZ = "Europe/Ljubljana"; + # Docker + virtualisation.docker = { + enable = true; + logDriver = "json-file"; + }; + + # Services services.tailscale = { enable = true; useRoutingFeatures = "both"; }; - services.udisks2.enable = true; - security.polkit.enable = true; - hardware.bluetooth.enable = true; - services.blueman.enable = true; - - users.defaultUserShell = pkgs.zsh; - programs.zsh = { + # Greetd + services.greetd = { enable = true; + settings = { + default_session = { + command = "${pkgs.tuigreet}/bin/tuigreet --time --remember --cmd sway"; + user = "greeter"; + }; + }; }; - environment.etc."zshenv".text = '' - export ZDOTDIR=$HOME/.config/zsh - ''; + # Programs programs._1password.enable = true; programs._1password-gui.enable = true; - users.users.matej = { - uid = 1000; - isNormalUser = true; - home = "/home/matej"; - extraGroups = [ - "wheel" - "docker" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" - ]; - }; - - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = null; - PermitRootLogin = "no"; - StreamLocalBindUnlink = "yes"; + # Higher sample rate pipewire for audio equipment + services.pipewire.extraConfig.pipewire.adjust-sample-rate = { + "context.properties" = { + "default.clock.rate" = 192000; + "defautlt.allowed-rates" = [ 192000 ]; }; }; - services.greetd = { - enable = true; - useTextGreeter = true; - settings = { - default_session = { - user = "greeter"; - command = '' - ${pkgs.tuigreet}/bin/tuigreet \ - --time \ - --remember \ - --cmd "sway" - ''; - }; - }; - }; - - networking.hostName = "matej-tower"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - time.timeZone = "Europe/Ljubljana"; - environment.variables.TZ = "Europe/Ljubljana"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; - - # programs.firefox.enable = true; - - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - services.pipewire = { - enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - pulse.enable = true; - # jack.enable = true; - extraConfig.pipewire.adjust-sample-rate = { - "context.properties" = { - "default.clock.rate" = 192000; - #"defautlt.allowed-rates" = [ 192000 48000 44100 ]; - "defautlt.allowed-rates" = [ 192000 ]; - # "default.clock.quantum" = 32; - # "default.clock.min-quantum" = 32; - # "default.clock.max-quantum" = 32; - }; - }; - }; - - services.dbus.enable = true; - - services.playerctld.enable = true; - - xdg = { - portal = { - xdgOpenUsePortal = true; - enable = true; - extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - ]; - }; - mime.defaultApplications = { - "application/pdf" = "org.pwmt.zathura.desktop"; - }; - }; - - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). + # System packages environment.systemPackages = with pkgs; [ - vim - wget - ghostty - vesktop - rocketchat-desktop - telegram-desktop - slack - mdbook - google-chrome - pavucontrol - protonmail-bridge - python3 - zathura smartmontools - marksman - mdformat - jellyfin-media-player - cider-2 - bolt-launcher easyeffects ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - programs.gnupg.agent = { - enable = true; - enableExtraSocket = true; - enableSSHSupport = true; + # XDG + xdg.mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? - + system.stateVersion = "25.05"; } diff --git a/users/gorazd/home-manager.nix b/users/gorazd/home-manager.nix index de5ae1b..850ece1 100644 --- a/users/gorazd/home-manager.nix +++ b/users/gorazd/home-manager.nix @@ -1,5 +1,3 @@ -{ inputs, ... }: - { config, lib, diff --git a/users/matej/home-manager.nix b/users/matej/home-manager.nix index 3a8b340..0037d93 100644 --- a/users/matej/home-manager.nix +++ b/users/matej/home-manager.nix @@ -1,5 +1,3 @@ -{ inputs, ... }: - { config, lib, @@ -20,7 +18,6 @@ in home.packages = [ pkgs.bibata-cursors - pkgs.pinentry-curses pkgs.starship @@ -54,6 +51,31 @@ in # need for gcp stuff pkgs.google-cloud-sdk pkgs.google-cloud-sql-proxy + + # desktop apps + pkgs.vesktop + pkgs.rocketchat-desktop + pkgs.telegram-desktop + pkgs.slack + pkgs.ghostty + pkgs.google-chrome + pkgs.zathura + pkgs.pavucontrol + pkgs.jellyfin-media-player + pkgs.cider-2 + pkgs.protonmail-bridge + pkgs.ledger-live-desktop + pkgs.bolt-launcher + pkgs.libnotify + + # writing/docs + pkgs.mdbook + pkgs.marksman + pkgs.mdformat + + # security + pkgs.gnupg + pkgs.pass ]; home.file.".assets".source = inputs.assets;