diff --git a/flake.nix b/flake.nix index 66fdbc4..625a875 100644 --- a/flake.nix +++ b/flake.nix @@ -2,24 +2,24 @@ description = "A simple NixOS flake"; inputs = { - # NixOS official package source, using the nixos-23.11 branch here nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; hardware.url = "github:nixos/nixos-hardware"; - # Declarative dotfile management home-manager = { url = "github:nix-community/home-manager/"; inputs.nixpkgs.follows = "nixpkgs"; }; - # Declarative partitioning and formatting - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + +# # Declarative partitioning and formatting +# disko = { +# url = "github:nix-community/disko"; +# inputs.nixpkgs.follows = "nixpkgs"; +# }; +# # # Secrets management. See ./docs/secretsmgmt.md # sops-nix = { # url = "github:mic92/sops-nix"; diff --git a/hosts/Puenktchen/disko.nix b/hosts/Puenktchen/disko.nix index 0c36348..4785364 100644 --- a/hosts/Puenktchen/disko.nix +++ b/hosts/Puenktchen/disko.nix @@ -8,43 +8,53 @@ type = "gpt"; partitions = { ESP = { - priority = 1; - name = "ESP"; size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; }; }; - root = { + luks = { size = "100%"; content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # Override existing partition - # Subvolumes must set a mountpoint in order to be mounted, - # unless their parent is mounted - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountOptions = [ "compress=zstd" "noatime" ]; - mountpoint = "/"; - }; - # Subvolume name is the same as the mountpoint - "/home" = { - mountOptions = [ "compress=zstd" "noatime" ]; - mountpoint = "/home"; - }; - # Parent is not mounted so the mountpoint must be set - "/nix" = { - mountOptions = [ "compress=zstd" "noatime" ]; - mountpoint = "/nix"; - }; - # Subvolume for the swapfile - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "40G"; + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + keyFile = "/tmp/secret.key"; + }; + additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/mnt/data" = { + mountpoint = "/mnt/data"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "20M"; + }; }; }; }; @@ -54,4 +64,4 @@ }; }; }; -} +} \ No newline at end of file diff --git a/hosts/common/configuration.nix b/hosts/common/configuration.nix new file mode 100644 index 0000000..dc4765b --- /dev/null +++ b/hosts/common/configuration.nix @@ -0,0 +1,294 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +# +{ config, pkgs, ... }: + +#TODO: Bootloader, plymouth, import hardware, hostname, network, locale, unfree, thunderbolt +# auto-cpufreq, fprintd, console keymap, udev, XDG vars, programs, syncthing, rkit/pipewire, nix-ld + +# home: user, electron wayland, polkit + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # + ]; + + # Bootloader. + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; + plymouth = { + enable = true; + theme = "bgrt"; + logo = "${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png"; + font = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"; + }; + + consoleLogLevel = 0; + initrd.verbose = false; + kernelParams = [ + "quiet" + "splash" + "boot.shell_on_fail" + "loglevel=3" + "rd.systemd.show_status=false" + "rd.udev.log_level=3" + "udev.log_priority=3" + ]; + # Hide the OS choice for bootloaders. + # It's still possible to open the bootloader list by pressing any key + # It will just not appear on screen unless a key is pressed + loader.timeout = 0; + + }; + networking.hostName = "Lenni"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + #Allow unfree and unstable packages + nixpkgs.config.allowUnfree = true; + + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + }; + + services.hardware.bolt.enable = true; + + programs.hyprland.enable = true; + + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + services.auto-cpufreq = { + enable = true; + settings = { + battery = { + governor = "powersave"; + turbo = "never"; + }; + charger = { + governor = "powersave"; + turbo = "never"; + }; + }; + }; + + services.fprintd.enable = true; + + services.syncthing = { + enable = true; + user = "willifan"; + dataDir = "/home/willifan/temp"; + configDir = "/home/willifan/temp/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + gui = { + user = "willifan"; + password = "temppassword"; + }; + devices = { + Anton = { id = "SGKTC3I-6IQZ5Z5-VAB76N6-L7DJ3TH-BMSZGKZ-MZPZHLO-KOVMZ2W-V5GQTA6"; }; + }; + folders = { + "Documents" = { + id = "jtl6g-qjmwo"; + path = "/home/willifan/temp/Documents"; + devices = [ "Anton" ]; + }; + "Pictures" = { + id = "po4qj-q9t0t"; + path = "/home/willifan/temp/Pictures"; + devices = [ "Anton" ]; + }; + "Videos" = { + id = "4wqf5-xasng"; + path = "/home/willifan/temp/Videos"; + devices = [ "Anton" ]; + }; + "Notes" = { + id = "oc61n-iewgj"; + path = "/home/willifan/temp/Notes"; + devices = [ "Anton" ]; + }; + "Music" = { + id = "xxh8a-3y2tq"; + path = "/home/willifan/temp/Music"; + devices = [ "Anton" ]; + }; + }; + }; + }; + + security.polkit.enable = true; + + # Configure console keymap + console.keyMap = "de"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.willifan = { + isNormalUser = true; + description = "willifan"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; []; + }; + + environment.sessionVariables = rec { + XDG_CACHE_HOME = "$HOME/.cache"; + XDG_CONFIG_HOME = "$HOME/.config"; + XDG_DATA_HOME = "$HOME/.local/share"; + XDG_STATE_HOME = "$HOME/.local/state"; + + # Not officially in the specification + #XDG_BIN_HOME = "$HOME/.local/bin"; + #PATH = [ + # "${XDG_BIN_HOME}" + #]; + SCRIPTS = "$XDG_CONFIG_HOME/scripts"; + }; + + + + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" + ''; + + + # List packages installed in system profile. To search, run: + # $ nix search wget + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + + hyprlock + hypridle + hyprpaper + hyprcursor + grim + slurp + wl-clipboard + kanshi + jq + bc + xorg.xrandr + pulseaudio + inotify-tools + papirus-icon-theme + eww + mako + polkit_gnome + + python3 + usbutils + unzip + + btop + + feh + + kitty + dolphin + hyfetch + wofi + enpass + firefox + thunderbird + webcord + obsidian + kicad + gnome.nautilus + cinnamon.nemo-with-extensions + + + ]; + + programs.nix-ld.enable = true; + + programs.nix-ld.libraries = with pkgs; [ + + # Add any missing dynamic libraries for unpackaged programs + + # here, NOT in environment.systemPackages + + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + +} +