flake.nix

@@ -2,24 +2,24 @@
   description = "A simple NixOS flake";
 
   inputs = {
-
     # NixOS official package source, using the nixos-23.11 branch here
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     hardware.url = "github:nixos/nixos-hardware";
 
-    # Declarative dotfile management
     home-manager = {
       url = "github:nix-community/home-manager/";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # Declarative partitioning and formatting
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
 
+
+#    # Declarative partitioning and formatting
+#    disko = {
+#      url = "github:nix-community/disko";
+#      inputs.nixpkgs.follows = "nixpkgs";
+#    };
+#
 #    # Secrets management. See ./docs/secretsmgmt.md
 #    sops-nix = {
 #      url = "github:mic92/sops-nix";

hosts/Puenktchen/disko.nix

@@ -8,43 +8,53 @@
           type = "gpt";
           partitions = {
             ESP = {
-              priority = 1;
-              name = "ESP";
               size = "512M";
               type = "EF00";
               content = {
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
+                mountOptions = [
+                  "defaults"
+                ];
               };
             };
-            root = {
+            luks = {
               size = "100%";
               content = {
-                type = "btrfs";
+                type = "luks";
-                extraArgs = [ "-f" ]; # Override existing partition
+                name = "crypted";
-                # Subvolumes must set a mountpoint in order to be mounted,
+                # disable settings.keyFile if you want to use interactive password entry
-                # unless their parent is mounted
+                #passwordFile = "/tmp/secret.key"; # Interactive
-                subvolumes = {
+                settings = {
-                  # Subvolume name is different from mountpoint
+                  allowDiscards = true;
-                  "/rootfs" = {
+                  keyFile = "/tmp/secret.key";
-                    mountOptions = [ "compress=zstd" "noatime" ];
+                };
-                    mountpoint = "/";
+                additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
-                  };
+                content = {
-                  # Subvolume name is the same as the mountpoint
+                  type = "btrfs";
-                  "/home" = {
+                  extraArgs = [ "-f" ];
-                    mountOptions = [ "compress=zstd" "noatime" ];
+                  subvolumes = {
-                    mountpoint = "/home";
+                    "/root" = {
-                  };
+                      mountpoint = "/";
-                  # Parent is not mounted so the mountpoint must be set
+                      mountOptions = [ "compress=zstd" "noatime" ];
-                  "/nix" = {
+                    };
-                    mountOptions = [ "compress=zstd" "noatime" ];
+                    "/home" = {
-                    mountpoint = "/nix";
+                      mountpoint = "/home";
-                  };
+                      mountOptions = [ "compress=zstd" "noatime" ];
-                  # Subvolume for the swapfile
+                    };
-                  "/swap" = {
+                    "/nix" = {
-                    mountpoint = "/.swapvol";
+                      mountpoint = "/nix";
-                    swap.swapfile.size = "40G";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/mnt/data" = {
+                      mountpoint = "/mnt/data";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/swap" = {
+                      mountpoint = "/.swapvol";
+                      swap.swapfile.size = "20M";
+                    };
                   };
                 };
               };
@@ -54,4 +64,4 @@
       };
     };
   };
-}
+}

hosts/common/configuration.nix

@@ -0,0 +1,294 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+#
+{ config, pkgs, ... }:
+
+#TODO: Bootloader, plymouth, import hardware, hostname, network, locale, unfree, thunderbolt
+# auto-cpufreq, fprintd, console keymap, udev, XDG vars, programs, syncthing, rkit/pipewire, nix-ld
+
+# home: user, electron wayland, polkit
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      #<home-manager/nixos>
+    ];
+
+  # Bootloader.
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
+    plymouth = {
+      enable = true;
+      theme = "bgrt";
+      logo = "${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png";
+      font = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf";
+    };
+
+    consoleLogLevel = 0;
+    initrd.verbose = false;
+    kernelParams = [
+      "quiet"
+      "splash"
+      "boot.shell_on_fail"
+      "loglevel=3"
+      "rd.systemd.show_status=false"
+      "rd.udev.log_level=3"
+      "udev.log_priority=3"
+    ];
+    # Hide the OS choice for bootloaders.
+    # It's still possible to open the bootloader list by pressing any key
+    # It will just not appear on screen unless a key is pressed
+    loader.timeout = 0;
+
+  };
+  networking.hostName = "Lenni"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  #Allow unfree and unstable packages
+  nixpkgs.config.allowUnfree = true;
+  
+
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+      };
+    };
+  };
+
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    wireplumber.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+  };
+
+  services.hardware.bolt.enable = true;
+
+  programs.hyprland.enable = true;
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  services.auto-cpufreq = {
+    enable = true;
+    settings = {
+      battery = {
+        governor = "powersave";
+        turbo = "never";
+      };
+    charger = {
+      governor = "powersave";
+      turbo = "never";
+      };
+    };
+  };
+
+  services.fprintd.enable = true;
+
+  services.syncthing = {
+    enable =  true;
+    user = "willifan";
+    dataDir = "/home/willifan/temp";
+    configDir = "/home/willifan/temp/.config/syncthing";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      gui = {
+        user = "willifan";
+        password = "temppassword";
+      };
+      devices = {
+        Anton = { id = "SGKTC3I-6IQZ5Z5-VAB76N6-L7DJ3TH-BMSZGKZ-MZPZHLO-KOVMZ2W-V5GQTA6"; };
+      };
+      folders = {
+        "Documents" = {
+          id = "jtl6g-qjmwo";
+          path = "/home/willifan/temp/Documents";
+          devices = [ "Anton" ];
+        };
+        "Pictures" = {
+          id = "po4qj-q9t0t";
+          path = "/home/willifan/temp/Pictures";
+          devices = [ "Anton" ];
+        };
+        "Videos" = {
+          id = "4wqf5-xasng";
+          path = "/home/willifan/temp/Videos";
+          devices = [ "Anton" ];
+        };
+        "Notes" = {
+          id = "oc61n-iewgj";
+          path = "/home/willifan/temp/Notes";
+          devices = [ "Anton" ];
+        };
+        "Music" = {
+          id = "xxh8a-3y2tq";
+          path = "/home/willifan/temp/Music";
+          devices = [ "Anton" ];
+        };
+      };
+    };
+  };
+
+  security.polkit.enable = true;
+
+  # Configure console keymap
+  console.keyMap = "de";
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.willifan = {
+    isNormalUser = true;
+    description = "willifan";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+  };
+
+  environment.sessionVariables = rec {
+    XDG_CACHE_HOME  = "$HOME/.cache";
+    XDG_CONFIG_HOME = "$HOME/.config";
+    XDG_DATA_HOME   = "$HOME/.local/share";
+    XDG_STATE_HOME  = "$HOME/.local/state";
+
+    # Not officially in the specification
+    #XDG_BIN_HOME    = "$HOME/.local/bin";
+    #PATH = [ 
+    #  "${XDG_BIN_HOME}"
+    #];
+    SCRIPTS = "$XDG_CONFIG_HOME/scripts";
+  };
+
+
+
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
+  '';
+
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  environment.systemPackages = with pkgs; [
+
+    hyprlock
+    hypridle
+    hyprpaper
+    hyprcursor
+    grim
+    slurp
+    wl-clipboard
+    kanshi
+    jq
+    bc
+    xorg.xrandr
+    pulseaudio
+    inotify-tools
+    papirus-icon-theme
+    eww
+    mako
+    polkit_gnome
+
+    python3
+    usbutils
+    unzip
+
+    btop
+
+    feh
+
+    kitty
+    dolphin
+    hyfetch
+    wofi
+    enpass
+    firefox
+    thunderbird
+    webcord
+    obsidian
+    kicad
+    gnome.nautilus
+    cinnamon.nemo-with-extensions
+
+
+  ];
+
+  programs.nix-ld.enable = true;
+
+  programs.nix-ld.libraries = with pkgs; [
+
+    # Add any missing dynamic libraries for unpackaged programs
+
+    # here, NOT in environment.systemPackages
+
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
+