diff --git a/flake.lock b/flake.lock index 618136d..11a8f76 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1676153903, - "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1676484851, - "narHash": "sha256-IQtPR+ObyNgh+Gc5rvfPUD3Xe7jsWk6jTMSwU6YOdHs=", + "lastModified": 1678817767, + "narHash": "sha256-P+Al3yNlM53oL+kxtU853arGO8YsfZPXjXqB1exaPKo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fb1cdbb0a12d7f0e0e50022c405aca7c856dd233", + "rev": "7ba9b9e2392d33071f06dcff9845b42f3096f7c3", "type": "github" }, "original": { @@ -95,7 +95,7 @@ "type": "github" } }, - "hm": { + "home-manager": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -103,43 +103,58 @@ "utils": "utils" }, "locked": { - "lastModified": 1676257154, - "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", + "lastModified": 1678831854, + "narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", + "rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.11", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1676546582, - "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=", + "lastModified": 1678703398, + "narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b", + "rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11-small", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1678654296, + "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1676569297, - "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", + "lastModified": 1669542132, + "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "rev": "a115bb9bd56831941be3776c8a94005867f316a7", "type": "github" }, "original": { @@ -152,8 +167,9 @@ "inputs": { "agenix": "agenix", "emacs": "emacs", - "hm": "hm", + "home-manager": "home-manager", "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "snm": "snm" } }, diff --git a/flake.nix b/flake.nix index c225240..798e455 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,10 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - hm = { - url = "github:nix-community/home-manager/release-22.11"; + home-manager = { + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -13,8 +14,10 @@ inputs.nixpkgs-22_11.follows = "nixpkgs"; }; - emacs.url = "github:nix-community/emacs-overlay"; - emacs.inputs.nixpkgs.follows = "nixpkgs"; + emacs = { + url = "github:nix-community/emacs-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # age for nix to store encrypted passwords conveniently agenix = { @@ -23,7 +26,7 @@ }; }; - outputs = { self, hm, nixpkgs, agenix, snm, ... }@inputs: { + outputs = { self, home-manager, nixpkgs, agenix, snm, ... }@inputs: { nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -37,7 +40,7 @@ ./modules/security.nix ./hosts/thrall agenix.nixosModules.age - hm.nixosModules.home-manager + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -46,25 +49,6 @@ ]; }; - nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ - nixpkgs = { - config.allowUnfree = true; - overlays = with inputs; [ emacs.overlay ]; - }; - }) - ./modules/security.nix - ./hosts/dregil - agenix.nixosModules.age - hm.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alex = import ./home/cli.nix; - } - ]; - }; + nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; }; } diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix new file mode 100644 index 0000000..7069949 --- /dev/null +++ b/hosts/dregil/configuration.nix @@ -0,0 +1,166 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ inputs, config, pkgs, ... }: +let + nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' + export __NV_PRIME_RENDER_OFFLOAD=1 + export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 + export __GLX_VENDOR_LIBRARY_NAME=nvidia + export __VK_LAYER_NV_optimus=NVIDIA_only + exec "$@" + ''; +in +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + # + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "dregil"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use xkbOptions in tty. + }; + + # Enable the X11 windowing system. + services.xserver = { + enable = true; + exportConfiguration = true; + + # Configure keymap in X11 + layout = "dvorak"; + + xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt"; + + videoDrivers = [ "nvidia" ]; # "modesetting" ]; + + displayManager.lightdm = { + enable = true; + }; + + desktopManager.xfce.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + libinput = { + enable = true; + touchpad.disableWhileTyping = true; + touchpad.naturalScrolling = true; + mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling; + }; + }; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [ + noto-fonts + noto-fonts-emoji + fira-code + fira-code-symbols + nerdfonts + ]; + }; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" # Enable ‘sudo’ for the user. + "input" + ]; + packages = with pkgs; [ + # gui tool + alacritty + firefox + jitsi-meet-electron + + # editing + helix + nil # nix language server + + # system tools + htop-vim # htop with vim bindings + erdtree # du+tree had sex + dua # ncdu but better + bat # better cat + uhk-agent + + # gaming support + bottles + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + wget + ripgrep + git + nvidia-offload + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + programs.neovim = { + enable = true; + }; + + programs.steam = { + enable = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + system.nixos.tags = [ "HiDPI" "nvidia-only" ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? + +} + diff --git a/hosts/dregil/default.nix b/hosts/dregil/default.nix index ac16c1d..678c04d 100644 --- a/hosts/dregil/default.nix +++ b/hosts/dregil/default.nix @@ -1,173 +1,22 @@ -{ config, lib, pkgs, ... }: -let extIface = "ens3"; -in { - imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix +{ inputs, ... }: +let + inherit (inputs.nixpkgs-unstable.lib) nixosSystem; + + system = "x86_64-linux"; + + pkgs = import inputs.nixpkgs-unstable { + inherit system; + config = { + allowUnfree = true; + }; + }; +in +nixosSystem { + inherit system pkgs; + specialArgs = { inherit inputs; }; + modules = [ + ../../modules/security.nix + ../../modules/common-system.nix + ./configuration.nix ]; - - nix.package = pkgs.nixUnstable; - nix.extraOptions = '' - experimental-features = nix-command flakes ca-derivations - ''; - #nix.registry.nixpkgs.flake = nixpkgs; - - # Binary Cache for Haskell.nix - nix.settings.trusted-public-keys = - [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; - - #nix.binaryCaches = [ "https://hydra.iohk.io" ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only - # boot.loader.systemd-boot.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - age.secrets = { - # mailPass.file = ../../secrets/mailPass.age; - # wireguard-thrall.file = ../../secrets/wireguard-thrall.age; - }; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking = { - hostName = "dregil"; - domain = "failco.de"; - wireless.enable = true; - useDHCP = true; - enableIPv6 = true; - firewall = { - allowedTCPPorts = [ 22 ]; - allowedUDPPorts = [ 42666 ]; - }; - - # wireguard.interfaces = { - # wg0 = { - # ips = [ "10.0.0.1/24" ]; - # listenPort = 42666; - # - # privateKeyFile = config.age.secrets.wireguard-thrall.path; - # peers = [ - # { - # # my phone - # publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - # allowedIPs = [ "10.0.0.2/32" ]; - # } - # { - # # my tablet - # publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; - # allowedIPs = [ "10.0.0.3/32" ]; - # } - # ]; - # }; - # }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "alex@jakalx.net"; - }; - - security.sudo = { - enable = true; - execWheelOnly = true; - extraRules = [{ - groups = [ "wheel" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; - }; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "dvorak"; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.alex = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - shell = pkgs.zsh; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - wget - rsync - htop - tmux - git - #agenix.defaultPackage.x86_64-linux - restic # fast and secure backup - rclone - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - programs.neovim = { - enable = true; - defaultEditor = true; - viAlias = true; - vimAlias = true; - }; - - # enable zsh globally in order to get home.sessionPath to propagate :() - programs.zsh.enable = true; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - services.lorri.enable = true; - - # configure backup via restic to gdrive - services.restic.backups = { }; - services.keybase = { enable = true; }; - - services.syncthing = { - enable = true; - user = "alex"; - dataDir = "/home/alex/sync"; - overrideDevices = - true; # overrides any devices added or deleted through the WebUI - overrideFolders = - true; # overrides any folders added or deleted through the WebUI - folders = { - "org" = { - path = "/home/alex/org"; - devices = [ "thrall" "redmi" ]; - }; - "scan" = { - path = "/home/alex/media/scan"; - devices = [ "thrall" "redmi" ]; - }; - }; - devices = { - "redmi" = { - id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; - }; - }; - }; - - system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/hosts/dregil/hardware-configuration.nix b/hosts/dregil/hardware-configuration.nix new file mode 100644 index 0000000..198484c --- /dev/null +++ b/hosts/dregil/hardware-configuration.nix @@ -0,0 +1,92 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ]; + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f"; + preLVM = true; + allowDiscards = true; + fallbackToPassword = true; + keyFile = "/dev/sda2"; + keyFileSize = 4096; + }; + }; + boot.kernelModules = [ "kvm-intel" "nvidia" ]; + boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ]; + boot.kernelParams = [ "module_blacklist=i915" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/786D-42D7"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp52s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.video.hidpi.enable = true; + + hardware.nvidia = { + nvidiaSettings = true; + nvidiaPersistenced = true; + +# modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.beta; +# prime = { +# offload.enable = true; +# +# intelBusId = "PCI:1:0:0"; +# nvidiaBusId = "PCI:1:0:0"; +# intelBusId = "0@0:2:0"; +# nvidiaBusId = "1@1:0:0"; +# }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + hardware.keyboard.uhk.enable = true; +} diff --git a/modules/common-system.nix b/modules/common-system.nix new file mode 100644 index 0000000..fb4273f --- /dev/null +++ b/modules/common-system.nix @@ -0,0 +1,49 @@ +{config, pkgs, inputs, ...}: +{ + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "Europe/Berlin"; + + environment.systemPackages = with pkgs; [ + wget + tmux + ripgrep + git + dua + erdtree + exa + fd + fzf + bat + ]; + + networking.firewall.enable = true; + + users.users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" "input" ]; + shell = pkgs.zsh; + }; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + registry = { + nixpkgs.flake = inputs.nixpkgs; + nixpkgs-unstable.flake = inputs.nixpkgs-unstable; + }; + + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + warn-dirty = false; + + # avoid unwanted garbage collection when using direnv + keep-outputs = true; + keep-derivations = true; + }; + }; +}