From 71c0a4cdc1e78f778712aa5885de89344cc2f3d2 Mon Sep 17 00:00:00 2001 From: sioodmy Date: Wed, 2 Oct 2024 19:02:48 +0000 Subject: [PATCH 1/5] feat: rewrite entire thing --- README.md | 49 +++++ flake.lock | 175 +----------------- flake.nix | 115 +++--------- hosts/anthe/default.nix | 12 -- hosts/anthe/hardware-configuration.nix | 66 ------- hosts/calypso/default.nix | 134 +++----------- hosts/default.nix | 44 +++-- hosts/prometheus/default.nix | 3 - hosts/prometheus/hardware-configuration.nix | 26 --- modules/default.nix | 5 + modules/homix/default.nix | 93 ++++++++++ modules/laptop/default.nix | 75 ++++++++ modules/staypls/default.nix | 54 ++++++ shell/configs/bottom.nix | 32 ---- shell/configs/default.nix | 9 - shell/configs/nvim/default.nix | 102 ---------- shell/default.nix | 48 ----- shell/packages.nix | 90 --------- statix.toml | 4 - .../pipewire.nix => audio/default.nix} | 4 +- .../{core/bootloader.nix => boot/default.nix} | 20 +- system/core/default.nix | 13 -- system/core/devpkgs.nix | 10 - system/core/impermanence.nix | 57 ------ system/core/nix.nix | 127 ------------- system/core/openssh.nix | 25 --- system/core/schizo.nix | 160 ---------------- system/core/syncthing.nix | 16 -- system/core/system.nix | 135 -------------- system/core/users.nix | 74 -------- system/default.nix | 15 ++ .../disks/default.nix | 61 +++--- system/disks/staypls.nix | 30 +++ system/fonts/default.nix | 48 +++++ system/{core/network.nix => net/default.nix} | 21 +-- system/nix/default.nix | 66 +++++++ system/security/default.nix | 100 ++++++++++ system/users/default.nix | 74 ++++++++ system/wayland/default.nix | 103 ++++++----- system/wayland/desktop/default.nix | 34 ---- system/wayland/desktop/wrapped.nix | 25 --- .../wayland/desktop/wrapped/mako/default.nix | 38 ---- system/wayland/fonts.nix | 41 ---- system/wayland/services.nix | 46 ----- theme/default.nix | 18 ++ user/default.nix | 38 ++++ .../desktop/wrapped => user}/foot/default.nix | 17 +- system/core/git.nix => user/git/default.nix | 0 .../wayland/desktop => user}/gtk/colors.nix | 4 +- .../wayland/desktop => user}/gtk/default.nix | 33 ++-- user/mako/default.nix | 22 +++ .../nvim/_sources/generated.json | 16 +- .../nvim/_sources/generated.nix | 16 +- user/nvim/default.nix | 111 +++++++++++ {shell/configs => user}/nvim/init.lua | 0 {shell/configs => user}/nvim/init.vim | 0 {shell/configs => user}/nvim/nvfetcher.toml | 0 user/packages.nix | 50 +++++ .../desktop/wrapped => user}/river/binds.nix | 2 +- .../wrapped => user}/river/default.nix | 4 +- .../desktop/wrapped => user}/river/init.nix | 10 +- .../river/scripts/infoscript.nix | 0 .../wrapped => user}/river/scripts/osd.nix | 0 .../wrapped => user}/swaylock/default.nix | 35 ++-- .../desktop/wrapped => user}/tofi/default.nix | 16 +- .../desktop/wrapped => user}/tofi/emojis | 0 .../desktop/wrapped => user}/tofi/scripts.nix | 0 user/wrapper.nix | 0 .../wrapped => user}/zathura/default.nix | 19 +- {shell => user/zsh}/aliases.nix | 0 {shell => user}/zsh/config.zsh | 0 user/zsh/default.nix | 27 +++ {shell => user/zsh}/starship.nix | 0 {shell => user}/zsh/starship.zsh | 0 shell/zsh/default.nix => user/zsh/zinit.nix | 0 {shell => user}/zsh/zoxide.zsh | 0 76 files changed, 1131 insertions(+), 1786 deletions(-) create mode 100644 README.md delete mode 100644 hosts/anthe/default.nix delete mode 100644 hosts/anthe/hardware-configuration.nix delete mode 100644 hosts/prometheus/default.nix delete mode 100644 hosts/prometheus/hardware-configuration.nix create mode 100644 modules/default.nix create mode 100644 modules/homix/default.nix create mode 100644 modules/laptop/default.nix create mode 100644 modules/staypls/default.nix delete mode 100644 shell/configs/bottom.nix delete mode 100644 shell/configs/default.nix delete mode 100644 shell/configs/nvim/default.nix delete mode 100644 shell/default.nix delete mode 100644 shell/packages.nix delete mode 100644 statix.toml rename system/{wayland/pipewire.nix => audio/default.nix} (89%) rename system/{core/bootloader.nix => boot/default.nix} (61%) delete mode 100644 system/core/default.nix delete mode 100644 system/core/devpkgs.nix delete mode 100644 system/core/impermanence.nix delete mode 100644 system/core/nix.nix delete mode 100644 system/core/openssh.nix delete mode 100644 system/core/schizo.nix delete mode 100644 system/core/syncthing.nix delete mode 100644 system/core/system.nix delete mode 100644 system/core/users.nix create mode 100644 system/default.nix rename hosts/calypso/hardware-configuration.nix => system/disks/default.nix (61%) create mode 100644 system/disks/staypls.nix create mode 100644 system/fonts/default.nix rename system/{core/network.nix => net/default.nix} (69%) create mode 100644 system/nix/default.nix create mode 100644 system/security/default.nix create mode 100644 system/users/default.nix delete mode 100644 system/wayland/desktop/default.nix delete mode 100644 system/wayland/desktop/wrapped.nix delete mode 100644 system/wayland/desktop/wrapped/mako/default.nix delete mode 100644 system/wayland/fonts.nix delete mode 100644 system/wayland/services.nix create mode 100644 theme/default.nix create mode 100644 user/default.nix rename {system/wayland/desktop/wrapped => user}/foot/default.nix (91%) rename system/core/git.nix => user/git/default.nix (100%) rename {system/wayland/desktop => user}/gtk/colors.nix (99%) rename {system/wayland/desktop => user}/gtk/default.nix (62%) create mode 100644 user/mako/default.nix rename {shell/configs => user}/nvim/_sources/generated.json (88%) rename {shell/configs => user}/nvim/_sources/generated.nix (82%) create mode 100644 user/nvim/default.nix rename {shell/configs => user}/nvim/init.lua (100%) rename {shell/configs => user}/nvim/init.vim (100%) rename {shell/configs => user}/nvim/nvfetcher.toml (100%) create mode 100644 user/packages.nix rename {system/wayland/desktop/wrapped => user}/river/binds.nix (98%) rename {system/wayland/desktop/wrapped => user}/river/default.nix (90%) rename {system/wayland/desktop/wrapped => user}/river/init.nix (91%) rename {system/wayland/desktop/wrapped => user}/river/scripts/infoscript.nix (100%) rename {system/wayland/desktop/wrapped => user}/river/scripts/osd.nix (100%) rename {system/wayland/desktop/wrapped => user}/swaylock/default.nix (58%) rename {system/wayland/desktop/wrapped => user}/tofi/default.nix (82%) rename {system/wayland/desktop/wrapped => user}/tofi/emojis (100%) rename {system/wayland/desktop/wrapped => user}/tofi/scripts.nix (100%) create mode 100644 user/wrapper.nix rename {system/wayland/desktop/wrapped => user}/zathura/default.nix (88%) rename {shell => user/zsh}/aliases.nix (100%) rename {shell => user}/zsh/config.zsh (100%) create mode 100644 user/zsh/default.nix rename {shell => user/zsh}/starship.nix (100%) rename {shell => user}/zsh/starship.zsh (100%) rename shell/zsh/default.nix => user/zsh/zinit.nix (100%) rename {shell => user}/zsh/zoxide.zsh (100%) diff --git a/README.md b/README.md new file mode 100644 index 00000000..2b3cea87 --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# Nixus + +## Contents + +This repo contains my reorganized and rewritten NixOS configuration. +It might not be widely considered _correct_ or whatever, because I used some of my braincells to come up with this autistic design philosophy: + +- **Do not overengineer** - Yeah, we get it, you are good at Nix, but you don't really need to overcomplicate everything. You sacrifice both readability and evaluation times in exchange for absolutely nothing + > An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple, for an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can't understand it he's gonna think you're a god cause you made it so complicated nobody can understand it. That's how they write journals in Academics, they try to make it so complicated people think you're a genius + > ~ Terry Davis, Creator of Temple OS +- **No inputs other than nixpkgs** - This is probably the most controversial one, for me it's just a proof of concept that you can achieve behaviour provided by external modules in a much simpler way. Just straight up rawdogging nix +- Wrap binaries rather than creating user modifable files in home directory, just to be _pure_ ™️ +- Avoid `with` keyword at ALL COST +- Disk partitioning should not be declarative, I don't like the way disko does it. I use same partition layout for all of my hosts, and that's enough. +- I like to keep my secrets in one place that is not my repo + +# Why I don't use some of the popular NixOS modules? + +## Home-manager + +I don't like it. I prefer to wrap my binaries and use systemd tmpfiles instead. Much better solution. + +Everyone in nix community will tell you that hm is a mess. + +## Flake-parts + +Actually I have nothing against using flake-parts, although I don't see the use case in my NixOS configuration since I only use one cpu architecture. + +Trust me, I tried. It never compiles on ARM anyway + +## Impermanence + +Bind mounts are somewhat unreliable at best and lead to undefined behaviour. Again, systemd-tmpfiles on top + +## Nix-colors + +It's just a glorified attribute set + +## 💛 Donate + +If you would like to support me you can sponsor me via ko-fi + +Support me on kofi + +... or if you prefer crypto + +Ethereum/EVM compatible: `0x2fa1e5e90c011d08bba1f6dbdc317fd293311c0d` + +[![Star History Chart](https://api.star-history.com/svg?repos=sioodmy/dotfiles&type=Date)](https://star-history.com/#sioodmy/dotfiles&Date) diff --git a/flake.lock b/flake.lock index 86c50993..c1fad225 100644 --- a/flake.lock +++ b/flake.lock @@ -1,117 +1,12 @@ { "nodes": { - "base16-schemes": { - "flake": false, - "locked": { - "lastModified": 1696158499, - "narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=", - "owner": "tinted-theming", - "repo": "base16-schemes", - "rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-schemes", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "homix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1720719665, - "narHash": "sha256-BKcOoDlMC86zExMKXFXQ04HO99fUNFmtEdvP+gB45Pk=", - "owner": "sioodmy", - "repo": "homix", - "rev": "62bc58f2350cbb061e61ac0f3d63018663fbe4cb", - "type": "github" - }, - "original": { - "owner": "sioodmy", - "repo": "homix", - "type": "github" - } - }, - "impermanence": { - "locked": { - "lastModified": 1727198257, - "narHash": "sha256-/qMVI+SG9zvhLbQFOnqb4y4BH6DdK3DQHZU5qGptehc=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "8514fff0f048557723021ffeb31ca55f69b67de3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "nix-colors": { - "inputs": { - "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1707825078, - "narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=", - "owner": "Misterio77", - "repo": "nix-colors", - "rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1", - "type": "github" - }, - "original": { - "owner": "Misterio77", - "repo": "nix-colors", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1727437159, - "narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=", - "owner": "nixos", - "repo": "nixos-hardware", - "rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixos-hardware", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1727122398, - "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { @@ -121,71 +16,9 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1697935651, - "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "root": { "inputs": { - "flake-parts": "flake-parts", - "homix": "homix", - "impermanence": "impermanence", - "nix-colors": "nix-colors", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "treefmt-nix": "treefmt-nix", - "wrapper-manager": "wrapper-manager" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1727431250, - "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "wrapper-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724503599, - "narHash": "sha256-WVhNq3QjnG/2mi772CkTxZCQcomKV5S03TbQKwe1Kj4=", - "owner": "viperML", - "repo": "wrapper-manager", - "rev": "c936f9203217e654a6074d206505c16432edbc70", - "type": "github" - }, - "original": { - "owner": "viperML", - "repo": "wrapper-manager", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index a875718c..30803cbe 100644 --- a/flake.nix +++ b/flake.nix @@ -1,94 +1,31 @@ { - description = "My NixOS configuration"; - # https://dotfiles.sioodmy.dev + description = "Consequence of allowing autistic people on the internet. Stay mad one-proper-config-structure purists :3"; - outputs = {flake-parts, ...} @ inputs: - flake-parts.lib.mkFlake {inherit inputs;} ({...}: { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - - imports = [ - inputs.flake-parts.flakeModules.easyOverlay - inputs.treefmt-nix.flakeModule - ]; - - perSystem = { - config, - pkgs, - ... - }: { - devShells.default = pkgs.mkShell { - buildInputs = let - colors = inputs.nix-colors.colorSchemes.catppuccin-frappe.palette; - in - [ - config.treefmt.build.wrapper - (pkgs.callPackage ./shell {inherit pkgs inputs colors;}) - ] - ++ (import ./shell/packages.nix {inherit pkgs;}); - shellHook = '' - nucleus - ''; - }; - - # configure treefmt - treefmt = { - projectRootFile = "flake.nix"; - - programs = { - alejandra.enable = true; - black.enable = true; - deadnix.enable = false; - shellcheck.enable = true; - shfmt = { - enable = true; - indent_size = 4; - }; - }; - }; - }; - - flake = { - nixosConfigurations = import ./hosts inputs; - }; - }); - - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - - nixos-hardware.url = "github:nixos/nixos-hardware"; - impermanence.url = "github:nix-community/impermanence"; - nix-colors.url = "github:Misterio77/nix-colors"; - - wrapper-manager = { - url = "github:viperML/wrapper-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # a tree-wide formatter - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - homix = { - url = "github:sioodmy/homix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - }; - }; - - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; + outputs = {nixpkgs, ...} @ inputs: let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + theme = import ./theme; + user = import ./user { + inherit pkgs theme; }; + in { + nixosConfigurations = import ./hosts inputs; + nixosModules = + { + # This module is not meant to be imported by anyone but me + # it's just so I can easily avoid ../../../../../ mess + system = import ./system; + + user = user.module; + + # place for my home brew modules + } + // import ./modules; + + inherit theme; + packages.x86_64-linux = user.packages; + formatter.x86_64-linux = pkgs.alejandra; + devShells.x86_64-linux.default = user.shell; }; -} -# see also: -# - https://github.com/notashelf/nyx -# - https://github.com/fufexan/dotfiles/ -# - https://github.com/n3oney/nixus -# (I love you guys) + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; +} diff --git a/hosts/anthe/default.nix b/hosts/anthe/default.nix deleted file mode 100644 index d9b04d9d..00000000 --- a/hosts/anthe/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ...}: { - imports = [./hardware-configuration.nix]; - - hardware.opengl = { - driSupport = true; - driSupport32Bit = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; -} diff --git a/hosts/anthe/hardware-configuration.nix b/hosts/anthe/hardware-configuration.nix deleted file mode 100644 index 5b1cd74d..00000000 --- a/hosts/anthe/hardware-configuration.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - - fileSystems."/etc/ssh" = { - depends = ["/persist"]; - neededForBoot = true; - }; - - boot.initrd.luks.devices.luksroot = { - device = "/dev/disk/by-label/NIXCRYPT"; - preLVM = true; - allowDiscards = true; - }; - - boot.initrd.availableKernelModules = - [ - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - "dm_mod" - "dm_crypt" - "cryptd" - "input_leds" - ] - ++ config.boot.initrd.luks.cryptoModules; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = ["size=8G" "mode=755"]; - }; - - fileSystems."/persist" = { - neededForBoot = true; - device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = ["noatime" "discard" "subvol=@persist" "compress=zstd"]; - }; - - fileSystems."/nix" = { - neededForBoot = true; - device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = ["noatime" "discard" "subvol=@nix" "compress=zstd"]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - options = ["noatime" "discard"]; - }; - - swapDevices = [{device = "/dev/disk/by-label/swap";}]; - - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/calypso/default.nix b/hosts/calypso/default.nix index 9dc92c68..a469530a 100644 --- a/hosts/calypso/default.nix +++ b/hosts/calypso/default.nix @@ -1,114 +1,36 @@ { - pkgs, config, - lib, + modulesPath, + pkgs, ... -}: let - MHz = x: x * 1000; - mic-light-on = pkgs.writeShellScriptBin "mic-light-on" '' - #!bin/sh - echo 1 > /sys/class/leds/platform::micmute/brightness - ''; - mic-light-off = pkgs.writeShellScriptBin "mic-light-off" '' - #!bin/sh - echo 0 > /sys/class/leds/platform::micmute/brightness - ''; - inherit (lib) mkDefault; -in { - imports = [./hardware-configuration.nix]; - environment.systemPackages = - (with pkgs; [ - acpi - powertop - ]) - ++ [ - mic-light-on - mic-light-off - ]; +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + boot.initrd.availableKernelModules = + [ + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + "dm_mod" + "dm_crypt" + "cryptd" + "input_leds" + ] + ++ config.boot.initrd.luks.cryptoModules; - services = { - fprintd.enable = true; - thermald.enable = true; - undervolt = { - enable = true; - coreOffset = -95; - gpuOffset = -80; - tempBat = 65; - }; - # DBus service that provides power management support to applications. - upower = { - enable = true; - percentageLow = 15; - percentageCritical = 5; - percentageAction = 3; - criticalPowerAction = "Hibernate"; - }; - # superior power management (brought to you by raf :3) - auto-cpufreq = { - enable = true; - settings = { - battery = { - governor = "powersave"; - scaling_min_freq = mkDefault (MHz 1800); - scaling_max_freq = mkDefault (MHz 3900); - turbo = "never"; - }; - charger = { - governor = "performance"; - scaling_min_freq = mkDefault (MHz 2000); - scaling_max_freq = mkDefault (MHz 4800); - turbo = "auto"; - }; - }; + # For some reason my mic light indicator refuses to turn off on its own + # it may not be a perfect solution, but it works + # so stay mad I guess + systemd.services.micmute-led-off = { + description = "Turn off mic mute LED"; + wantedBy = ["multi-user.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.bash}/bin/bash -c 'echo 0 > /sys/class/leds/platform::micmute/brightness'"; + TimeoutSec = 5; }; }; - # https://github.com/NixOS/nixpkgs/issues/211345#issuecomment-1397825573 - systemd.tmpfiles.rules = - map - ( - e: "w /sys/bus/${e}/power/control - - - - auto" - ) [ - "pci/devices/0000:00:01.0" # Renoir PCIe Dummy Host Bridge - "pci/devices/0000:00:02.0" # Renoir PCIe Dummy Host Bridge - "pci/devices/0000:00:14.0" # FCH SMBus Controller - "pci/devices/0000:00:14.3" # FCH LPC bridge - "pci/devices/0000:04:00.0" # FCH SATA Controller [AHCI mode] - "pci/devices/0000:04:00.1/ata1" # FCH SATA Controller, port 1 - "pci/devices/0000:04:00.1/ata2" # FCH SATA Controller, port 2 - "usb/devices/1-3" # USB camera - ]; - - boot = { - kernelModules = ["acpi_call"]; - extraModulePackages = - (with config.boot.kernelPackages; [ - acpi_call - cpupower - ]) - ++ [pkgs.cpupower-gui]; - }; - security.pam.services.login.fprintAuth = true; - hardware = { - trackpoint = { - enable = true; - emulateWheel = true; - speed = 255; - sensitivity = 200; - }; - - graphics = { - extraPackages = with pkgs; [vaapiIntel libva libvdpau-va-gl vaapiVdpau ocl-icd intel-compute-runtime]; - extraPackages32 = with pkgs.pkgsi686Linux; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; - bluetooth = { - enable = true; - package = pkgs.bluez5-experimental; - }; - }; - # https://github.com/NixOS/nixpkgs/issues/114222 - systemd.user.services.telephony_client.enable = false; + hardware.cpu.intel.updateMicrocode = true; + hardware.laptop.enable = true; } diff --git a/hosts/default.nix b/hosts/default.nix index 5912dd8c..8cf1fca5 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -4,29 +4,27 @@ ... }: let inherit (self) inputs; - core = ../system/core; - bootloader = ../system/core/bootloader.nix; - impermanence = ../system/core/impermanence.nix; - wayland = ../system/wayland; - hw = inputs.nixos-hardware.nixosModules; + mkHost = name: system: + nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + {networking.hostName = name;} + ./${name} + self.nixosModules.system + self.nixosModules.homix + self.nixosModules.staypls + self.nixosModules.user + self.nixosModules.laptop + ]; - shared = [core]; + # This allows to easily access flake inputs and outputs + # from nixos modules, so it's a little bit cleaner + specialArgs = { + inherit inputs; + theme = import ../theme; + flake = self; + }; + }; in { - # all my hosts are named after saturn moons btw - - # thinkpad - calypso = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - [ - {networking.hostName = "calypso";} - ./calypso - wayland - bootloader - impermanence - hw.lenovo-thinkpad-x1-7th-gen - ] - ++ shared; - specialArgs = {inherit inputs;}; - }; + calypso = mkHost "calypso" "x86_64-linux"; } diff --git a/hosts/prometheus/default.nix b/hosts/prometheus/default.nix deleted file mode 100644 index 0d9dbb77..00000000 --- a/hosts/prometheus/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{...}: { - imports = [./hardware-configuration.nix]; -} diff --git a/hosts/prometheus/hardware-configuration.nix b/hosts/prometheus/hardware-configuration.nix deleted file mode 100644 index 31629667..00000000 --- a/hosts/prometheus/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - modulesPath, - lib, - ... -}: { - imports = [(modulesPath + "/profiles/qemu-guest.nix")]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - swapDevices = []; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..dc5e17de --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,5 @@ +{ + homix = import ./homix; + laptop = import ./laptop; + staypls = import ./staypls; +} diff --git a/modules/homix/default.nix b/modules/homix/default.nix new file mode 100644 index 00000000..b0bae158 --- /dev/null +++ b/modules/homix/default.nix @@ -0,0 +1,93 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkOption mkEnableOption types filterAttrs attrValues mkIf mkDerivedConfig; + + inherit (builtins) map listToAttrs attrNames; +in { + options = { + homix = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ + name, + config, + options, + ... + }: { + options = { + path = mkOption { + type = types.str; + description = '' + Path to the file relative to the $HOME directory. + If not defined, name of attribute set will be used. + ''; + }; + source = mkOption { + type = types.path; + description = "Path of the source file or directory."; + }; + text = mkOption { + default = null; + type = types.nullOr types.lines; + description = "Text of the file."; + }; + }; + config = { + path = lib.mkDefault name; + source = mkIf (config.text != null) ( + let + name' = "homix-" + lib.replaceStrings ["/"] ["-"] name; + in + mkDerivedConfig options.text (pkgs.writeText name') + ); + }; + })); + }; + users.users = mkOption { + type = types.attrsOf (types.submodule { + options.homix = mkEnableOption "Enable homix for selected user"; + }); + }; + }; + + config = let + # list of users managed by homix + users = attrNames (filterAttrs (name: user: user.homix) config.users.users); + + homix-link = let + files = map (f: '' + FILE=$HOME/${f.path} + mkdir -p $(dirname $FILE) + ln -sf ${f.source} $FILE + '') (attrValues config.homix); + in + pkgs.writeShellScript "homix-link" '' + #!/bin/sh + ${builtins.concatStringsSep "\n" files} + ''; + + mkService = user: { + name = "homix-${user}"; + value = { + wantedBy = ["multi-user.target"]; + description = "Setup homix environment for ${user}."; + serviceConfig = { + Type = "oneshot"; + User = "${user}"; + ExecStart = "${homix-link}"; + }; + environment = { + # epic systemd momento + HOME = config.users.users.${user}.home; + }; + }; + }; + + services = listToAttrs (map mkService users); + in { + systemd.services = services; + }; +} diff --git a/modules/laptop/default.nix b/modules/laptop/default.nix new file mode 100644 index 00000000..555835a7 --- /dev/null +++ b/modules/laptop/default.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf mkDefault; + MHz = x: x * 1000; + + cfg = config.hardware.laptop; +in { + options = { + hardware.laptop.enable = mkEnableOption "Enable laptop specific configuration"; + }; + + config = mkIf cfg.enable { + services = { + thermald.enable = true; + fprintd.enable = true; + undervolt = { + enable = true; + # TODO: make options for that + coreOffset = -95; + gpuOffset = -80; + tempBat = 65; + }; + upower = { + enable = true; + percentageLow = 15; + percentageCritical = 5; + percentageAction = 3; + criticalPowerAction = "Hibernate"; + }; + auto-cpufreq = { + enable = true; + settings = { + battery = { + governor = "powersave"; + scaling_min_freq = mkDefault (MHz 1800); + scaling_max_freq = mkDefault (MHz 3900); + turbo = "never"; + }; + charger = { + governor = "performance"; + scaling_min_freq = mkDefault (MHz 2000); + scaling_max_freq = mkDefault (MHz 4800); + turbo = "auto"; + }; + }; + }; + }; + hardware.bluetooth = { + enable = true; + package = pkgs.bluez5-experimental; + }; + # https://github.com/NixOS/nixpkgs/issues/114222 + systemd.user.services.telephony_client.enable = false; + + # https://github.com/NixOS/nixpkgs/issues/211345#issuecomment-1397825573 + systemd.tmpfiles.rules = + map + ( + e: "w /sys/bus/${e}/power/control - - - - auto" + ) [ + "pci/devices/0000:00:01.0" # Renoir PCIe Dummy Host Bridge + "pci/devices/0000:00:02.0" # Renoir PCIe Dummy Host Bridge + "pci/devices/0000:00:14.0" # FCH SMBus Controller + "pci/devices/0000:00:14.3" # FCH LPC bridge + "pci/devices/0000:04:00.0" # FCH SATA Controller [AHCI mode] + "pci/devices/0000:04:00.1/ata1" # FCH SATA Controller, port 1 + "pci/devices/0000:04:00.1/ata2" # FCH SATA Controller, port 2 + "usb/devices/1-3" # USB camera + ]; + }; +} diff --git a/modules/staypls/default.nix b/modules/staypls/default.nix new file mode 100644 index 00000000..98593828 --- /dev/null +++ b/modules/staypls/default.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + ... +}: let + # This is my little home brew impermanence :3 + # see, you don't need any external modules for that + inherit (builtins) map; + inherit (lib.strings) concatStringsSep; + inherit (lib) mkMerge forEach mkDefault mkIf mkEnableOption mkOption types; + + cfg = config.staypls; + + mkPersistentBindMounts = list: + mkMerge (map ( + path: { + "${path}" = { + device = "/persist${path}"; + fsType = "none"; + options = [ + "bind" + # no reason to trim bind mounts like that + "X-fstrim.notrim" + # hide the mounts cuz I dont wanna see them + "x-gvfs-hide" + ]; + }; + } + ) + list); + mkPersistentSourcePaths = list: concatStringsSep "\n" (forEach list (path: "mkdir -p /persist${path}")); +in { + options.staypls = { + enable = mkEnableOption "Enable directory impermanence module"; + dirs = mkOption { + type = types.listOf types.str; + description = "List of directiories to mount"; + }; + }; + config = mkIf cfg.enable { + boot.initrd.systemd.enable = mkDefault true; + + fileSystems = mkPersistentBindMounts cfg.dirs; + boot.initrd.systemd.services.make-source-of-persistent-dirs = { + wantedBy = ["initrd-root-device.target"]; + before = ["sysroot.mount"]; + requires = ["persist.mount"]; + after = ["persist.mount"]; + serviceConfig.Type = "oneshot"; + unitConfig.DefaultDependencies = false; + script = mkPersistentSourcePaths cfg.dirs; + }; + }; +} diff --git a/shell/configs/bottom.nix b/shell/configs/bottom.nix deleted file mode 100644 index 80516beb..00000000 --- a/shell/configs/bottom.nix +++ /dev/null @@ -1,32 +0,0 @@ -{pkgs, ...}: let - toml = pkgs.formats.toml {}; - - settings = { - flags.group_processes = true; - row = [ - { - ratio = 2; - child = [ - {type = "cpu";} - {type = "mem";} - ]; - } - { - ratio = 3; - child = [ - { - type = "proc"; - ratio = 1; - default = true; - } - ]; - } - ]; - }; -in { - basePackage = pkgs.bottom; - flags = [ - "--config_location" - (toml.generate "config.toml" settings) - ]; -} diff --git a/shell/configs/default.nix b/shell/configs/default.nix deleted file mode 100644 index 6231f62a..00000000 --- a/shell/configs/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - inputs, - pkgs, - colors, - ... -}: { - bottom = import ./bottom.nix {inherit inputs pkgs;}; - nvim = import ./nvim {inherit inputs pkgs colors;}; -} diff --git a/shell/configs/nvim/default.nix b/shell/configs/nvim/default.nix deleted file mode 100644 index 847bf410..00000000 --- a/shell/configs/nvim/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - pkgs, - colors, - ... -}: let - nvfetcher = builtins.mapAttrs (name: value: - pkgs.vimUtils.buildVimPlugin { - inherit name; - inherit (value) src; - }) (pkgs.callPackages ./_sources/generated.nix {}); - - theme = with colors; '' - - require('base16-colorscheme').setup({ - base00 = '#${base00}', base01 = '#${base01}', base02 = '#${base02}', base03 = '#${base03}', - base04 = '#${base04}', base05 = '#${base05}', base06 = '#${base06}', base07 = '#${base07}', - base08 = '#${base08}', base09 = '#${base09}', base0A = '#${base0A}', base0B = '#${base0B}', - base0C = '#${base0C}', base0D = '#${base0D}', base0E = '#${base0E}', base0F = '#${base0F}', - }) - - ''; - - lua = pkgs.writeText "init.lua" (theme + builtins.readFile ./init.lua); - - neovimConfig = pkgs.neovimUtils.makeNeovimConfig { - withPython3 = false; - withRuby = false; - withNodeJs = false; - customRC = '' - source ${./init.vim} - :luafile ${lua} - ''; - - plugins = - (builtins.attrValues nvfetcher) - ++ (with pkgs.vimPlugins; [ - lualine-nvim - nvim-web-devicons - gitsigns-nvim - vim-fugitive - indent-blankline-nvim-lua - nvim-autopairs - neoformat - comment-nvim - nvim-colorizer-lua - which-key-nvim - undotree - vim-speeddating - luasnip - vim-startuptime - telescope-nvim - harpoon - alpha-nvim - zen-mode-nvim - sniprun - vim-table-mode - trouble-nvim - nvim-cokeline - fidget-nvim - nvim-notify - - # Language support - nvim-lspconfig - nvim-cmp - friendly-snippets - cmp-cmdline - cmp-nvim-lsp - cmp-buffer - cmp-path - - nvim-treesitter.withAllGrammars - - nui-nvim - plenary-nvim - ]); - }; -in { - basePackage = pkgs.wrapNeovimUnstable pkgs.neovim-unwrapped neovimConfig; - # mostly LSP related packages - pathAdd = with pkgs; [ - gopls - go - nil - rust-analyzer - alejandra - vscode-langservers-extracted - bash-language-server - clang-tools - zls - gleam - nodePackages.typescript-language-server - nodePackages.prettier - clang-tools - shellcheck - cargo - nixd - stylua - - # required for my goofy ahh plugin :3 - libsixel - ]; -} diff --git a/shell/default.nix b/shell/default.nix deleted file mode 100644 index 183fc2b3..00000000 --- a/shell/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - inputs, - colors, - ... -}: let - toml = pkgs.formats.toml {}; - - starship-settings = import ./starship.nix; - - aliases = import ./aliases.nix {inherit pkgs;}; - configs = import ./configs {inherit inputs pkgs colors;}; - - packages = import ./packages.nix {inherit pkgs;}; - - zconfig = import ./zsh {inherit pkgs aliasesStr;}; - - aliasesStr = - pkgs.lib.concatStringsSep "\n" - (pkgs.lib.mapAttrsToList (k: v: "alias ${k}=\"${v}\"") aliases); -in - (inputs.wrapper-manager.lib.build { - inherit pkgs; - modules = [ - { - wrappers = - { - nucleus = { - basePackage = pkgs.zsh; - pathAdd = packages; - env = { - STARSHIP_CONFIG.value = toml.generate "starship.toml" starship-settings; - ZDOTDIR.value = "${zconfig}/bin"; - }; - renames = { - "zsh" = "nucleus"; - }; - }; - } - // configs; - } - ]; - }) - .overrideAttrs (_: { - passthru = { - shellPath = "/bin/nucleus"; - }; - }) diff --git a/shell/packages.nix b/shell/packages.nix deleted file mode 100644 index 0cda634d..00000000 --- a/shell/packages.nix +++ /dev/null @@ -1,90 +0,0 @@ -{pkgs, ...}: let - # i dont like agenix :< - chatgpt = pkgs.writeShellScriptBin "chatgpt" '' - #!/bin/sh - OPENAI_API_KEY="$(cat /persist/secrets/openai)" ${pkgs.lib.getExe pkgs.chatgpt-cli} - ''; -in - (with pkgs; [ - zoxide - fzf - - eza - - # Tbh should be preinstalled - gnumake - # Runs programs without installing them - comma - - # grep replacement - ripgrep - - # ping, but with cool graph - gping - - # dns client - dogdns - - # neofetch but for git repos - onefetch - - git - - # neofetch but for cpu's - cpufetch - - # download from yt and other websites - yt-dlp - - # man pages for tiktok attention span mfs - tealdeer - - # markdown previewer - glow - - # profiling tool - hyperfine - - # gimp for acoustic people - imagemagick - - # premiere pro for acoustic people - ffmpeg-full - - # preview images in terminal - catimg - - # networking stuff - nmap - wget - - # faster find - fd - - # http request thingy - xh - - # generate regex - grex - - # todo app for acoustic people (wrriten by me :3) - todo - - # json thingy - jq - - # docs - pandoc - - # syncthnig for acoustic people - rsync - - dconf - - figlet - # Generate qr codes - qrencode - - unzip - ]) - ++ [chatgpt] diff --git a/statix.toml b/statix.toml deleted file mode 100644 index 842f4077..00000000 --- a/statix.toml +++ /dev/null @@ -1,4 +0,0 @@ -disabled = [] -nix_version = '2.4' -ignore = ['.direnv'] - diff --git a/system/wayland/pipewire.nix b/system/audio/default.nix similarity index 89% rename from system/wayland/pipewire.nix rename to system/audio/default.nix index eb620c81..1c9b707e 100644 --- a/system/wayland/pipewire.nix +++ b/system/audio/default.nix @@ -1,4 +1,4 @@ -_: { +{...}: { services.pipewire = { enable = true; alsa = { @@ -21,4 +21,6 @@ _: { pulse.enable = true; jack.enable = true; }; + + hardware.pulseaudio.support32Bit = true; } diff --git a/system/core/bootloader.nix b/system/boot/default.nix similarity index 61% rename from system/core/bootloader.nix rename to system/boot/default.nix index ae5a00f9..3d54195d 100644 --- a/system/core/bootloader.nix +++ b/system/boot/default.nix @@ -1,16 +1,5 @@ -{ - pkgs, - lib, - ... -}: let - inherit (lib) mkDefault; -in { - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; +{pkgs, ...}: { boot = { - binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; tmp = { cleanOnBoot = true; useTmpfs = true; @@ -19,17 +8,18 @@ in { verbose = false; systemd.enable = true; }; - kernelPackages = mkDefault pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_xanmod_latest; kernelParams = [ # fix for suspend issues # see: https://www.reddit.com/r/archlinux/comments/e5oe4p/comment/fa8mzft/ "snd_hda_intel.dmic_detect=0" + "acpi_osi=linux" ]; - bootspec.enable = mkDefault true; + bootspec.enable = true; loader = { systemd-boot = { - enable = mkDefault true; + enable = true; memtest86.enable = true; configurationLimit = 10; editor = false; diff --git a/system/core/default.nix b/system/core/default.nix deleted file mode 100644 index fc139fd2..00000000 --- a/system/core/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: { - imports = [ - ./system.nix - ./schizo.nix - ./network.nix - ./nix.nix - ./users.nix - ./git.nix - ./openssh.nix - ./devpkgs.nix - ./syncthing.nix - ]; -} diff --git a/system/core/devpkgs.nix b/system/core/devpkgs.nix deleted file mode 100644 index 45687229..00000000 --- a/system/core/devpkgs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - clang - gnumake - cargo - go - cargo - gcc - ]; -} diff --git a/system/core/impermanence.nix b/system/core/impermanence.nix deleted file mode 100644 index 06a455fc..00000000 --- a/system/core/impermanence.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - inputs, - lib, - ... -}: let - inherit (lib) forEach; -in { - imports = [inputs.impermanence.nixosModule]; - fileSystems."/etc/ssh" = { - depends = ["/persist"]; - neededForBoot = true; - }; - environment.persistence."/persist" = { - hideMounts = true; - directories = - # persist directories in user directory (stolen from n3oney) - builtins.map (v: { - directory = "/home/sioodmy/${v}"; - user = "sioodmy"; - group = "users"; - }) ( - [ - "download" - "music" - "dev" - "docs" - "pics" - "vids" - "other" - ] - ++ forEach ["syncthing" "obs-studio" "Signal" "niri" "BraveSoftware" "nicotine" "river" "emacs"] ( - x: ".config/${x}" - ) - ++ forEach ["tealdeer" "keepassxc" "nix" "starship" "nix-index" "librewolf" "go-build" "BraveSoftware" "zsh" "nvim"] ( - x: ".cache/${x}" - ) - ++ forEach ["direnv" "TelegramDesktop" "PrismLauncher" "keyrings" "nicotine" "zoxide"] (x: ".local/share/${x}") - ++ [".ssh" ".keepass" ".librewolf"] - ) - ++ [ - # dirty fix for "no storage left on device" while rebuilding - # it gets wiped anyway - "/tmp" - "/var/log" - "/var/db/sudo" - ] - ++ forEach ["nixos" "NetworkManager" "nix" "ssh" "secureboot"] (x: "/etc/${x}") - ++ forEach ["bluetooth" "nixos" "pipewire" "libvirt" "fail2ban" "fprint"] (x: "/var/lib/${x}"); - files = ["/etc/machine-id"]; - }; - # for some reason *this* is what makes networkmanager not get screwed completely instead of the impermanence module - systemd.tmpfiles.rules = [ - "L /var/lib/NetworkManager/secret_key - - - - /persist/var/lib/NetworkManager/secret_key" - "L /var/lib/NetworkManager/seen-bssids - - - - /persist/var/lib/NetworkManager/seen-bssids" - "L /var/lib/NetworkManager/timestamps - - - - /persist/var/lib/NetworkManager/timestamps" - ]; -} diff --git a/system/core/nix.nix b/system/core/nix.nix deleted file mode 100644 index 9db0baa0..00000000 --- a/system/core/nix.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: { - environment = { - # set channels (backwards compatibility) - sessionVariables.FLAKE = "/home/sioodmy/dev/dotfiles"; - etc."nix/flake-channels/nixpkgs".source = inputs.nixpkgs; - - systemPackages = with pkgs; [ - git - deadnix - alejandra - statix - nix-output-monitor - nvfetcher - ]; - defaultPackages = []; - }; - - # WE DONT WANT TO BUILD STUFF ON TMPFS - # ITS NOT A GOOD IDEA - systemd.services.nix-daemon = { - environment.TMPDIR = "/var/tmp"; - }; - - # this makes rebuilds little faster - system.switch = { - enable = false; - enableNg = true; - }; - - nixpkgs = { - config = { - # Wolność kocham i rozumiem - # Wolności oddać nie umiem - # <3333 - allowUnfree = false; - allowBroken = true; - permittedInsecurePackages = [ - "openssl-1.1.1u" - "electron-25.9.0" - "python3.12-youtube-dl-2021.12.17" - ]; - }; - }; - - # faster rebuilding - documentation = { - enable = true; - doc.enable = false; - man.enable = true; - dev.enable = false; - }; - - # nixos-rebuild helper - programs.nh = { - enable = true; - flake = "/home/sioodmy/dev/dotfiles"; - }; - - nix = { - # gc kills ssds - gc.automatic = lib.mkDefault false; - - # nix but cooler - package = pkgs.lix; - - # Make builds run with low priority so my system stays responsive - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - - # pin the registry to avoid downloading and evaling a new nixpkgs version every time - registry = lib.mapAttrs (_: v: {flake = v;}) inputs; - - # This will additionally add your inputs to the system's legacy channels - # Making legacy nix commands consistent as well, awesome! - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - # Free up to 1GiB whenever there is less than 100MiB left. - extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - settings = { - flake-registry = "/etc/nix/registry.json"; - auto-optimise-store = true; - # use binary cache, its not gentoo - builders-use-substitutes = true; - # allow sudo users to mark the following values as trusted - allowed-users = ["@wheel"]; - trusted-users = ["@wheel"]; - commit-lockfile-summary = "chore: Update flake.lock"; - accept-flake-config = true; - keep-derivations = true; - keep-outputs = true; - warn-dirty = false; - - sandbox = true; - max-jobs = "auto"; - # continue building derivations if one fails - keep-going = true; - log-lines = 20; - extra-experimental-features = ["flakes" "nix-command" "recursive-nix" "ca-derivations"]; - - # use binary cache, its not gentoo - substituters = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - "https://nixpkgs-unfree.cachix.org" - "https://nyx.chaotic.cx" - ]; - - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=" - "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - ]; - }; - }; - system.autoUpgrade.enable = false; - system.stateVersion = "22.05"; # DONT TOUCH THIS -} diff --git a/system/core/openssh.nix b/system/core/openssh.nix deleted file mode 100644 index 35589318..00000000 --- a/system/core/openssh.nix +++ /dev/null @@ -1,25 +0,0 @@ -{lib, ...}: { - services.openssh = { - enable = lib.mkDefault false; - settings = { - PermitRootLogin = lib.mkForce "yes"; - UseDns = false; - X11Forwarding = false; - PasswordAuthentication = lib.mkForce false; - KbdInteractiveAuthentication = false; - }; - openFirewall = true; - ports = [22]; - hostKeys = [ - { - bits = 4096; - path = "/etc/ssh/ssh_host_rsa_key"; - type = "rsa"; - } - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; -} diff --git a/system/core/schizo.nix b/system/core/schizo.nix deleted file mode 100644 index 806af9b9..00000000 --- a/system/core/schizo.nix +++ /dev/null @@ -1,160 +0,0 @@ -{pkgs, ...}: -# this makes our system more secure -# note that it might break some stuff, eg webcam -{ - services = { - physlock = { - enable = true; - allowAnyUser = true; - - lockOn = { - suspend = false; - hibernate = false; - }; - }; - networkd-dispatcher.enable = true; - }; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - security = { - protectKernelImage = false; - lockKernelModules = false; - forcePageTableIsolation = true; - polkit.enable = true; - - rtkit.enable = true; - apparmor = { - enable = true; - killUnconfinedConfinables = true; - packages = [pkgs.apparmor-profiles]; - }; - pam = { - services = { - login = { - enableGnomeKeyring = true; - fprintAuth = true; - }; - sudo.fprintAuth = true; - swaylock.fprintAuth = true; - }; - - loginLimits = [ - { - domain = "@wheel"; - item = "nofile"; - type = "soft"; - value = "524288"; - } - { - domain = "@wheel"; - item = "nofile"; - type = "hard"; - value = "1048576"; - } - ]; - }; - - sudo = { - enable = true; - extraRules = [ - { - commands = - builtins.map (command: { - command = "/run/current-system/sw/bin/${command}"; - options = ["NOPASSWD"]; - }) - ["poweroff" "reboot" "nixos-rebuild" "nix-env" "bandwhich" "mic-light-on" "mic-light-off" "systemctl"]; - groups = ["wheel"]; - } - ]; - }; - }; - - boot.kernel.sysctl = { - # Hide kernel pointers from processes without the CAP_SYSLOG capability. - "kernel.kptr_restrict" = 1; - "kernel.printk" = "3 3 3 3"; - # Restrict loading TTY line disciplines to the CAP_SYS_MODULE capability. - "dev.tty.ldisc_autoload" = 0; - # Make it so a user can only use the secure attention key which is required to access root securely. - "kernel.sysrq" = 4; - # Protect against SYN flooding. - "net.ipv4.tcp_syncookies" = 1; - # Protect against time-wait assasination. - "net.ipv4.tcp_rfc1337" = 1; - - # Enable strict reverse path filtering (that is, do not attempt to route - # packets that "obviously" do not belong to the iface's network; dropped - # packets are logged as martians). - "net.ipv4.conf.all.log_martians" = true; - "net.ipv4.conf.all.rp_filter" = "1"; - "net.ipv4.conf.default.log_martians" = true; - "net.ipv4.conf.default.rp_filter" = "1"; - - # Protect against SMURF attacks and clock fingerprinting via ICMP timestamping. - "net.ipv4.icmp_echo_ignore_all" = "1"; - - # Ignore incoming ICMP redirects (note: default is needed to ensure that the - # setting is applied to interfaces added after the sysctls are set) - "net.ipv4.conf.all.accept_redirects" = false; - "net.ipv4.conf.all.secure_redirects" = false; - "net.ipv4.conf.default.accept_redirects" = false; - "net.ipv4.conf.default.secure_redirects" = false; - "net.ipv6.conf.all.accept_redirects" = false; - "net.ipv6.conf.default.accept_redirects" = false; - - # Ignore outgoing ICMP redirects (this is ipv4 only) - "net.ipv4.conf.all.send_redirects" = false; - "net.ipv4.conf.default.send_redirects" = false; - - # Restrict abritrary use of ptrace to the CAP_SYS_PTRACE capability. - "kernel.yama.ptrace_scope" = 2; - "net.core.bpf_jit_enable" = false; - "kernel.ftrace_enabled" = false; - }; - - # Security - boot.blacklistedKernelModules = [ - # Obscure network protocols - "ax25" - "netrom" - "rose" - # Old or rare or insufficiently audited filesystems - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "vivid" - "gfs2" - "ksmbd" - "nfsv4" - "nfsv3" - "cifs" - "nfs" - "cramfs" - "freevxfs" - "jffs2" - "hfs" - "hfsplus" - "squashfs" - "udf" - "hpfs" - "jfs" - "minix" - "nilfs2" - "omfs" - "qnx4" - "qnx6" - "sysv" - ]; -} diff --git a/system/core/syncthing.nix b/system/core/syncthing.nix deleted file mode 100644 index dc01cd69..00000000 --- a/system/core/syncthing.nix +++ /dev/null @@ -1,16 +0,0 @@ -_: { - services.syncthing = { - enable = true; - user = "sioodmy"; - dataDir = "/persist/home/sioodmy/.config/syncthing"; - configDir = "/persist/home/sioodmy/.config/syncthing"; - guiAddress = "127.0.0.1:8384"; - - openDefaultPorts = true; - }; - boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576; - - # yet another hacky workaround for race condition with impermanence - # https://github.com/nix-community/impermanence/issues/94 - systemd.services.syncthing.serviceConfig.Type = "idle"; -} diff --git a/system/core/system.nix b/system/core/system.nix deleted file mode 100644 index d83133b2..00000000 --- a/system/core/system.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - services = { - dbus = { - packages = with pkgs; [dconf gcr udisks2 seahorse]; - implementation = "broker"; - enable = true; - }; - udev.packages = [pkgs.android-udev-rules]; - - # "irqbalance(1) - distribute hardware interrupts across processors on a multiprocessor system" - irqbalance.enable = true; - fstrim.enable = true; - journald.extraConfig = '' - SystemMaxUse=50M - RuntimeMaxUse=10M - ''; - udisks2.enable = true; - # profile-sync-daemon - psd = { - enable = true; - resyncTimer = "10m"; - }; - }; - - programs = { - bash.promptInit = ''eval "$(${pkgs.starship}/bin/starship init bash)"''; - nano.enable = false; - }; - - # compress half of the ram to use as swap - zramSwap = { - enable = lib.mkDefault false; - algorithm = "zstd"; - }; - - environment.variables = { - EDITOR = "nvim"; - BROWSER = "librewolf"; - }; - environment.systemPackages = with pkgs; [ - git - uutils-coreutils-noprefix - btrfs-progs - cifs-utils - appimage-run - starship # having starship here means pkgs.startship will be stored during build and not during promptInit - ]; - - time = { - timeZone = "Europe/Warsaw"; - hardwareClockInLocalTime = true; - }; - hardware.ledger.enable = true; - - i18n = let - defaultLocale = "en_US.UTF-8"; - pl = "pl_PL.UTF-8"; - in { - inherit defaultLocale; - extraLocaleSettings = { - LANG = defaultLocale; - LC_COLLATE = defaultLocale; - LC_CTYPE = defaultLocale; - LC_MESSAGES = defaultLocale; - - LC_ADDRESS = pl; - LC_IDENTIFICATION = pl; - LC_MEASUREMENT = pl; - LC_MONETARY = pl; - LC_NAME = pl; - LC_NUMERIC = pl; - LC_PAPER = pl; - LC_TELEPHONE = pl; - LC_TIME = pl; - }; - }; - console = let - variant = "u24n"; - in { - font = "${pkgs.terminus_font}/share/consolefonts/ter-${variant}.psf.gz"; - earlySetup = true; - keyMap = "pl"; - }; - - boot.binfmt.registrations = lib.genAttrs ["appimage" "AppImage"] (ext: { - recognitionType = "extension"; - magicOrExtension = ext; - interpreter = "/run/current-system/sw/bin/appimage-run"; - }); - - programs.nix-ld.enable = true; - systemd = let - extraConfig = '' - DefaultTimeoutStopSec=15s - ''; - in { - inherit extraConfig; - user = {inherit extraConfig;}; - services = { - "getty@tty1".enable = false; - "autovt@tty1".enable = false; - "getty@tty7".enable = false; - "autovt@tty7".enable = false; - }; - # Systemd OOMd - # Fedora enables these options by default. See the 10-oomd-* files here: - # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 - oomd.enableRootSlice = true; - - # TODO channels-to-flakes - tmpfiles.rules = [ - "D /nix/var/nix/profiles/per-user/root 755 root root - -" - ]; - }; - - programs = { - # allow users to mount fuse filesystems with allow_other - fuse.userAllowOther = true; - - # help manage android devices via command line - adb.enable = true; - - # "saying java is good because it runs on all systems is like saying - # anal sex is good because it works on all species" - # - sun tzu - java = { - enable = true; - package = pkgs.jre; - }; - }; -} diff --git a/system/core/users.nix b/system/core/users.nix deleted file mode 100644 index c87ae23c..00000000 --- a/system/core/users.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - pkgs, - inputs, - config, - ... -}: { - imports = [ - inputs.homix.nixosModules.default - ]; - - programs.zsh.enable = true; - services.openssh = { - enable = true; - openFirewall = true; - hostKeys = [ - { - bits = 4096; - path = "/etc/ssh/ssh_host_rsa_key"; - type = "rsa"; - } - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - - users = { - mutableUsers = false; - users = { - root.hashedPasswordFile = "/persist/secrets/root"; - sioodmy = { - isNormalUser = true; - homix = true; - shell = let - colors = config.colorScheme.palette; - in - pkgs.callPackage ../../shell {inherit pkgs inputs colors;}; - - hashedPasswordFile = "/persist/secrets/sioodmy"; - extraGroups = [ - "wheel" - "gitea" - "docker" - "systemd-journal" - "vboxusers" - "audio" - "plugdev" - "wireshark" - "video" - "input" - "lp" - "networkmanager" - "power" - "nix" - "adbusers" - ]; - uid = 1000; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9ExEl6WqtCI4yCqbSAhAGmzvVp/nYADbgy/Qi4AKQy sioodmy@anthe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+S9LPxp3Mmha1keHlwc0iVq4CMbHvzAAwuYE2go7io sioodmy@calypso" - ]; - }; - - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9ExEl6WqtCI4yCqbSAhAGmzvVp/nYADbgy/Qi4AKQy sioodmy@anthe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+S9LPxp3Mmha1keHlwc0iVq4CMbHvzAAwuYE2go7io sioodmy@calypso" - ]; - shell = pkgs.bashInteractive; - }; - }; - }; -} diff --git a/system/default.nix b/system/default.nix new file mode 100644 index 00000000..ab116776 --- /dev/null +++ b/system/default.nix @@ -0,0 +1,15 @@ +{...}: { + imports = [ + ./net + ./disks + ./boot + ./fonts + ./audio + ./users + ./wayland + ./nix + ]; + + environment.etc.machine-id.text = "796f7520617265206175746973746963"; + system.stateVersion = "24.11"; +} diff --git a/hosts/calypso/hardware-configuration.nix b/system/disks/default.nix similarity index 61% rename from hosts/calypso/hardware-configuration.nix rename to system/disks/default.nix index ff55a882..48a3a8d6 100644 --- a/hosts/calypso/hardware-configuration.nix +++ b/system/disks/default.nix @@ -1,14 +1,13 @@ -{ - config, - lib, - modulesPath, - ... -}: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; +{...}: { + # I know that this part will make some people mad - fileSystems."/etc/ssh" = { - depends = ["/persist"]; - neededForBoot = true; + # My configuraton is designed to be used only on desktops and laptops + # therefore I use same partition layout for all of my hosts + # I don't like mixing desktop and server configrations in a single flake + + staypls = { + enable = true; + dirs = ["/etc/ssh" "/etc/NetworkManager" "/etc/nix" "/var/lib/fprint" "/var/lib/pipewire"]; }; boot.initrd.luks.devices.luksroot = { @@ -17,35 +16,19 @@ allowDiscards = true; }; - boot.initrd.availableKernelModules = - [ - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - "dm_mod" - "dm_crypt" - "cryptd" - "input_leds" - ] - ++ config.boot.initrd.luks.cryptoModules; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - # btrfs filesystem mkswapfile --size 16g --uuid clear /persist/swap - swapDevices = [ - { - device = "/persist/swap"; - } - ]; - fileSystems."/" = { device = "none"; fsType = "tmpfs"; options = ["size=8G" "mode=755"]; }; + fileSystems."/nix" = { + neededForBoot = true; + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["noatime" "discard" "subvol=@nix" "compress=zstd"]; + }; + fileSystems."/persist" = { neededForBoot = true; device = "/dev/disk/by-label/NIXROOT"; @@ -53,11 +36,11 @@ options = ["noatime" "discard" "subvol=@persist" "compress=zstd"]; }; - fileSystems."/nix" = { + fileSystems."/home" = { neededForBoot = true; device = "/dev/disk/by-label/NIXROOT"; fsType = "btrfs"; - options = ["noatime" "discard" "subvol=@nix" "compress=zstd"]; + options = ["noatime" "discard" "subvol=@home" "compress=zstd"]; }; fileSystems."/boot" = { @@ -66,6 +49,10 @@ options = ["noatime" "discard"]; }; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + # btrfs filesystem mkswapfile --size 16g --uuid clear /persist/swap + swapDevices = [ + { + device = "/persist/swap"; + } + ]; } diff --git a/system/disks/staypls.nix b/system/disks/staypls.nix new file mode 100644 index 00000000..a028dd93 --- /dev/null +++ b/system/disks/staypls.nix @@ -0,0 +1,30 @@ +{ ...}: let + # This is my little home brew impermanence :3 + # see, you don't need any external modules for that + inherit (builtins) map; + inherit (lib.strings) concatStrings concatStringsSep; + inherit (lib) mkMerge optionalAttrs forEach; + + persistpath = "/persist"; + + mkPersistentBindMounts = list: + mkMerge (map ( + path: { + "${path}" = { + device = concatStrings [persistpath path]; + fsType = "none"; + options = ["bind"]; + }; + } + ) + list); + mkPersistentSourcePaths = list: concatStringsSep "\n" (forEach list (path: "mkdir -p /persist${path}")); + + persist = ["/etc/ssh" "/etc/NetworkManager" "/etc/nix" "/var/lib/fprint" "/var/lib/pipewire"]; +in { + staypls = { + enable = + } + boot.initrd.postDeviceCommands = mkPersistentSourcePaths persist; + fileSystems = mkPersistentBindMounts persist; +} diff --git a/system/fonts/default.nix b/system/fonts/default.nix new file mode 100644 index 00000000..bf4d2290 --- /dev/null +++ b/system/fonts/default.nix @@ -0,0 +1,48 @@ +{pkgs, ...}: let + inherit (builtins) attrValues; +in { + fonts = { + packages = + attrValues { + inherit + (pkgs) + material-icons + material-design-icons + roboto + work-sans + comic-neue + source-sans + twemoji-color-font + comfortaa + inter + lato + lexend + jost + dejavu_fonts + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + jetbrains-mono + ; + } + ++ [ + (pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];}) + ]; + + enableDefaultPackages = false; + + # this fixes emoji stuff + fontconfig = { + defaultFonts = { + monospace = [ + "JetBrainsMono" + "JetBrainsMono Nerd Font" + "Noto Color Emoji" + ]; + sansSerif = ["Lexend" "Noto Color Emoji"]; + serif = ["Noto Serif" "Noto Color Emoji"]; + emoji = ["Noto Color Emoji"]; + }; + }; + }; +} diff --git a/system/core/network.nix b/system/net/default.nix similarity index 69% rename from system/core/network.nix rename to system/net/default.nix index 9d3e4b14..3fb56453 100644 --- a/system/core/network.nix +++ b/system/net/default.nix @@ -1,23 +1,11 @@ -{ - pkgs, - lib, - config, - ... -}: let - dnscrypt = config.services.dnscrypt-proxy2.enable; - inherit (lib) mkIf; -in { - environment.systemPackages = with pkgs; [speedtest-cli]; +{...}: { networking = { - nameservers = - if dnscrypt - then ["127.0.0.1" "::1"] - else ["1.1.1.1" "1.0.0.1"]; - dhcpcd.extraConfig = mkIf dnscrypt "nohook resolv.conf"; + nameservers = ["127.0.0.1" "::1"]; + dhcpcd.extraConfig = "nohook resolv.conf"; networkmanager = { enable = true; unmanaged = ["docker0" "rndis0"]; - dns = mkIf dnscrypt "none"; + dns = "none"; wifi = { macAddress = "random"; powersave = true; @@ -34,7 +22,6 @@ in { services.dnscrypt-proxy2 = { enable = true; settings = { - ipv6_servers = true; require_dnssec = true; sources.public-resolvers = { diff --git a/system/nix/default.nix b/system/nix/default.nix new file mode 100644 index 00000000..b71d98b7 --- /dev/null +++ b/system/nix/default.nix @@ -0,0 +1,66 @@ +{pkgs, ...}: { + nix = { + # gc kills ssds + gc.automatic = false; + + # nix but cooler + package = pkgs.lix; + + # Make builds run with low priority so my system stays responsive + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + + settings = { + flake-registry = "/etc/nix/registry.json"; + auto-optimise-store = true; + # use binary cache, its not gentoo + builders-use-substitutes = true; + # allow sudo users to mark the following values as trusted + allowed-users = ["@wheel"]; + trusted-users = ["@wheel"]; + commit-lockfile-summary = "chore: Update flake.lock"; + accept-flake-config = true; + keep-derivations = true; + keep-outputs = true; + warn-dirty = false; + + sandbox = true; + max-jobs = "auto"; + # continue building derivations if one fails + keep-going = true; + log-lines = 20; + extra-experimental-features = ["flakes" "nix-command" "recursive-nix" "ca-derivations"]; + + # use binary cache, its not gentoo + substituters = [ + "https://cache.nixos.org" + ]; + + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; + }; + + # WE DONT WANT TO BUILD STUFF ON TMPFS + # ITS NOT A GOOD IDEA + systemd.services.nix-daemon = { + environment.TMPDIR = "/var/tmp"; + }; + + # this makes rebuilds little faster + system.switch = { + enable = false; + enableNg = true; + }; + + nixpkgs = { + config = { + # Wolność kocham i rozumiem + # Wolności oddać nie umiem + # <3333 + allowUnfree = false; + allowBroken = true; + }; + }; +} diff --git a/system/security/default.nix b/system/security/default.nix new file mode 100644 index 00000000..f4ed3908 --- /dev/null +++ b/system/security/default.nix @@ -0,0 +1,100 @@ +{pkgs, ...}: { + services.networkd-dispatcher.enable = true; + + security = { + protectKernelImage = false; + lockKernelModules = false; + forcePageTableIsolation = true; + polkit.enable = true; + + rtkit.enable = true; + apparmor = { + enable = true; + killUnconfinedConfinables = true; + packages = [pkgs.apparmor-profiles]; + }; + }; + boot = { + kernel.sysctl = { + # Hide kernel pointers from processes without the CAP_SYSLOG capability. + "kernel.kptr_restrict" = 1; + "kernel.printk" = "3 3 3 3"; + # Restrict loading TTY line disciplines to the CAP_SYS_MODULE capability. + "dev.tty.ldisc_autoload" = 0; + # Make it so a user can only use the secure attention key which is required to access root securely. + "kernel.sysrq" = 4; + # Protect against SYN flooding. + "net.ipv4.tcp_syncookies" = 1; + # Protect against time-wait assasination. + "net.ipv4.tcp_rfc1337" = 1; + + # Enable strict reverse path filtering (that is, do not attempt to route + # packets that "obviously" do not belong to the iface's network; dropped + # packets are logged as martians). + "net.ipv4.conf.all.log_martians" = true; + "net.ipv4.conf.all.rp_filter" = "1"; + "net.ipv4.conf.default.log_martians" = true; + "net.ipv4.conf.default.rp_filter" = "1"; + + # Protect against SMURF attacks and clock fingerprinting via ICMP timestamping. + "net.ipv4.icmp_echo_ignore_all" = "1"; + + # Ignore incoming ICMP redirects (note: default is needed to ensure that the + # setting is applied to interfaces added after the sysctls are set) + "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.secure_redirects" = false; + "net.ipv4.conf.default.accept_redirects" = false; + "net.ipv4.conf.default.secure_redirects" = false; + "net.ipv6.conf.all.accept_redirects" = false; + "net.ipv6.conf.default.accept_redirects" = false; + + # Ignore outgoing ICMP redirects (this is ipv4 only) + "net.ipv4.conf.all.send_redirects" = false; + "net.ipv4.conf.default.send_redirects" = false; + + # Restrict abritrary use of ptrace to the CAP_SYS_PTRACE capability. + "kernel.yama.ptrace_scope" = 2; + "net.core.bpf_jit_enable" = false; + "kernel.ftrace_enabled" = false; + }; + blacklistedKernelModules = [ + # Obscure network protocols + "ax25" + "netrom" + "rose" + # Old or rare or insufficiently audited filesystems + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "vivid" + "gfs2" + "ksmbd" + "nfsv4" + "nfsv3" + "cifs" + "nfs" + "cramfs" + "freevxfs" + "jffs2" + "hfs" + "hfsplus" + "squashfs" + "udf" + "hpfs" + "jfs" + "minix" + "nilfs2" + "omfs" + "qnx4" + "qnx6" + "sysv" + ]; + }; +} diff --git a/system/users/default.nix b/system/users/default.nix new file mode 100644 index 00000000..98a5014d --- /dev/null +++ b/system/users/default.nix @@ -0,0 +1,74 @@ +{flake, ...}: { + users = { + mutableUsers = false; + users = { + root.hashedPasswordFile = "/persist/secrets/root"; + sioodmy = { + isNormalUser = true; + homix = true; + shell = flake.packages.x86_64-linux.cli.zsh; + + hashedPasswordFile = "/persist/secrets/sioodmy"; + extraGroups = [ + "wheel" + "systemd-journal" + "vboxusers" + "audio" + "plugdev" + "wireshark" + "video" + "input" + "lp" + "networkmanager" + "power" + "nix" + "adbusers" + ]; + uid = 1000; + }; + }; + }; + + security = { + sudo = { + enable = true; + extraRules = [ + { + commands = + builtins.map (command: { + command = "/run/current-system/sw/bin/${command}"; + options = ["NOPASSWD"]; + }) + ["poweroff" "reboot" "nixos-rebuild" "nix-env" "bandwhich" "systemctl"]; + groups = ["wheel"]; + } + ]; + }; + + pam = { + services = { + login = { + enableGnomeKeyring = true; + fprintAuth = true; + }; + sudo.fprintAuth = true; + swaylock.fprintAuth = true; + }; + + loginLimits = [ + { + domain = "@wheel"; + item = "nofile"; + type = "soft"; + value = "524288"; + } + { + domain = "@wheel"; + item = "nofile"; + type = "hard"; + value = "1048576"; + } + ]; + }; + }; +} diff --git a/system/wayland/default.nix b/system/wayland/default.nix index 15a9ab8e..d1af2c5e 100644 --- a/system/wayland/default.nix +++ b/system/wayland/default.nix @@ -1,63 +1,64 @@ -{pkgs, ...}: { - imports = [ - ./fonts.nix - ./services.nix - ./pipewire.nix - ./desktop - ]; - environment = { - variables = { - NIXOS_OZONE_WL = "1"; - __GL_GSYNC_ALLOWED = "0"; - __GL_VRR_ALLOWED = "0"; - _JAVA_AWT_WM_NONEREPARENTING = "1"; - SSH_AUTH_SOCK = "/run/user/1000/keyring/ssh"; - DISABLE_QT5_COMPAT = "0"; - GDK_BACKEND = "wayland,x11"; - ANKI_WAYLAND = "1"; - DIRENV_LOG_FORMAT = ""; - WLR_DRM_NO_ATOMIC = "1"; - QT_AUTO_SCREEN_SCALE_FACTOR = "1"; - QT_QPA_PLATFORM = "wayland"; - DISABLE_QT_COMPAT = "0"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; - MOZ_ENABLE_WAYLAND = "1"; - WLR_BACKEND = "vulkan"; - WLR_RENDERER = "vulkan"; - XDG_SESSION_TYPE = "wayland"; - SDL_VIDEODRIVER = "wayland"; - XDG_CACHE_HOME = "/home/sioodmy/.cache"; - CLUTTER_BACKEND = "wayland"; - WLR_DRM_DEVICES = "/dev/dri/card1:/dev/dri/card0"; +{pkgs, ...}: let + inherit (builtins) attrValues; +in { + hardware.graphics = { + enable = true; + extraPackages = attrValues { + inherit + (pkgs) + vaapiIntel + libva + libvdpau-va-gl + vaapiVdpau + ocl-icd + intel-compute-runtime + ; }; - loginShellInit = '' - dbus-update-activation-environment --systemd DISPLAY - sudo mic-light-off - ''; - systemPackages = with pkgs; [ - pamixer - brightnessctl - wl-clipboard - kanshi - ]; }; - # homix.".config/kanshi/config".text = '' - # profile { - # output eDP-1 enable scale 1.0 - # } - # ''; + systemd.services = { + seatd = { + enable = true; + description = "Seat management daemon"; + script = "${pkgs.seatd}/bin/seatd -g wheel"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "1"; + }; + wantedBy = ["multi-user.target"]; + }; + }; - hardware = { - graphics.enable = true; - pulseaudio.support32Bit = true; + services = { + greetd = { + enable = true; + settings = rec { + initial_session = { + command = "river"; + user = "sioodmy"; + }; + default_session = initial_session; + terminal.vt = 1; + }; + }; + + gnome.glib-networking.enable = true; + logind = { + lidSwitch = "suspend"; + lidSwitchExternalPower = "suspend"; + extraConfig = '' + HandlePowerKey=suspend + HibernateDelaySec=3600 + ''; + }; }; xdg.portal = { enable = true; config.common.default = "*"; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk + extraPortals = [ + pkgs.xdg-desktop-portal-gtk ]; }; } diff --git a/system/wayland/desktop/default.nix b/system/wayland/desktop/default.nix deleted file mode 100644 index 134e4d98..00000000 --- a/system/wayland/desktop/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - pkgs, - config, - inputs, - ... -}: { - imports = [ - inputs.nix-colors.homeManagerModules.default - ./gtk - ]; - - colorScheme = inputs.nix-colors.colorSchemes.everforest; - - environment.systemPackages = - (import ./wrapped.nix {inherit pkgs inputs config;}) - ++ (with pkgs; [ - mpv - libnotify - dart-sass - librewolf - tor-browser - tdesktop - ytmdl - sent - nicotine-plus - inkscape - ledger-live-desktop - ledger_agent - pulseaudio - signal-desktop - gimp - keepassxc - ]); -} diff --git a/system/wayland/desktop/wrapped.nix b/system/wayland/desktop/wrapped.nix deleted file mode 100644 index 5da1a35a..00000000 --- a/system/wayland/desktop/wrapped.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - pkgs, - inputs, - config, - ... -}: let - colors = config.colorScheme.palette; -in [ - (inputs.wrapper-manager.lib.build { - inherit pkgs; - modules = [ - { - wrappers = { - foot = import ./wrapped/foot {inherit inputs pkgs colors;}; - - swaylock = import ./wrapped/swaylock {inherit pkgs colors;}; - mako = import ./wrapped/mako {inherit pkgs colors;}; - }; - } - ]; - }) - # wrapper-manager incorrectly wraps river - (import ./wrapped/river {inherit pkgs colors;}) - (import ./wrapped/tofi {inherit pkgs colors;}) -] diff --git a/system/wayland/desktop/wrapped/mako/default.nix b/system/wayland/desktop/wrapped/mako/default.nix deleted file mode 100644 index 12ab3627..00000000 --- a/system/wayland/desktop/wrapped/mako/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - pkgs, - colors, - ... -}: { - basePackage = pkgs.mako; - flags = with colors; [ - "--font" - "Lexend 11" - - "--border-radius" - "8" - - "--padding" - "8" - - "--border-size" - "5" - - "--background-color" - "#${base02}" - - "--border-color" - "#${base03}" - - "--text-color" - "#${base05}" - - "--progress-color" - "#${base04}" - - "--default-timeout" - "4000" - ]; - renames = { - "mako" = "mako-wrapped"; - }; -} diff --git a/system/wayland/fonts.nix b/system/wayland/fonts.nix deleted file mode 100644 index 65fbea31..00000000 --- a/system/wayland/fonts.nix +++ /dev/null @@ -1,41 +0,0 @@ -{pkgs, ...}: { - fonts = { - packages = with pkgs; [ - material-icons - material-design-icons - emacs-all-the-icons-fonts - roboto - work-sans - comic-neue - source-sans - twemoji-color-font - comfortaa - inter - lato - lexend - jost - dejavu_fonts - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - jetbrains-mono - (nerdfonts.override {fonts = ["JetBrainsMono"];}) - ]; - - enableDefaultPackages = false; - - # this fixes emoji stuff - fontconfig = { - defaultFonts = { - monospace = [ - "JetBrainsMono" - "JetBrainsMono Nerd Font" - "Noto Color Emoji" - ]; - sansSerif = ["Lexend" "Noto Color Emoji"]; - serif = ["Noto Serif" "Noto Color Emoji"]; - emoji = ["Noto Color Emoji"]; - }; - }; - }; -} diff --git a/system/wayland/services.nix b/system/wayland/services.nix deleted file mode 100644 index a4b9900a..00000000 --- a/system/wayland/services.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - pkgs, - inputs, - ... -}: { - systemd.services = { - seatd = { - enable = true; - description = "Seat management daemon"; - script = "${pkgs.seatd}/bin/seatd -g wheel"; - serviceConfig = { - Type = "simple"; - Restart = "always"; - RestartSec = "1"; - }; - wantedBy = ["multi-user.target"]; - }; - }; - - services = { - greetd = { - enable = true; - settings = rec { - initial_session = { - command = "river"; - user = "sioodmy"; - }; - default_session = initial_session; - terminal.vt = 1; - }; - }; - - gnome.glib-networking.enable = true; - logind = { - lidSwitch = "suspend"; - lidSwitchExternalPower = "suspend"; - extraConfig = '' - HandlePowerKey=suspend - HibernateDelaySec=3600 - ''; - }; - - udisks2.enable = true; - printing.enable = true; - }; -} diff --git a/theme/default.nix b/theme/default.nix new file mode 100644 index 00000000..8b845422 --- /dev/null +++ b/theme/default.nix @@ -0,0 +1,18 @@ +{ + base00 = "2b3339"; + base01 = "323c41"; + base02 = "3a4248"; + base03 = "868d80"; + base04 = "a59572"; + base05 = "d3c6aa"; + base06 = "e9e8d2"; + base07 = "fff9e8"; + base0D = "7fbbb3"; + base0E = "d699b6"; + base0C = "83c092"; + base0A = "dbbc7f"; + base09 = "e69875"; + base0B = "a7c080"; + base08 = "e67e80"; + base0F = "d699b6"; +} diff --git a/user/default.nix b/user/default.nix new file mode 100644 index 00000000..86c13339 --- /dev/null +++ b/user/default.nix @@ -0,0 +1,38 @@ +{ + pkgs, + theme, + ... +}: rec { + packages = let + inherit (pkgs) callPackage; + in { + cli = { + nvim = callPackage ./nvim {inherit theme;}; + zsh = callPackage ./zsh {}; + }; + desktop = { + river = callPackage ./river {inherit theme;}; + foot = callPackage ./foot {inherit theme;}; + tofi = callPackage ./tofi {inherit theme;}; + mako = callPackage ./mako {inherit theme;}; + zathura = callPackage ./zathura {inherit theme;}; + swaylock = callPackage ./swaylock {inherit theme;}; + }; + }; + + shell = pkgs.mkShell { + name = "sioodmy-devshell"; + buildInputs = builtins.attrValues packages.cli; + }; + + module = { + config = { + environment.systemPackages = builtins.concatLists (map (x: builtins.attrValues x) (builtins.attrValues packages)); + }; + imports = [ + ./packages.nix + ./git + ./gtk + ]; + }; +} diff --git a/system/wayland/desktop/wrapped/foot/default.nix b/user/foot/default.nix similarity index 91% rename from system/wayland/desktop/wrapped/foot/default.nix rename to user/foot/default.nix index ede63b10..9797e2dd 100644 --- a/system/wayland/desktop/wrapped/foot/default.nix +++ b/user/foot/default.nix @@ -1,6 +1,6 @@ { pkgs, - colors, + theme, ... }: let inherit (pkgs.lib.meta) getExe getExe'; @@ -81,7 +81,7 @@ desktop-notifications = { command = "${notify-send} -a \${app-id} -i \${app-id} \${title} \${body}"; }; - colors = with colors; { + colors = with theme; { alpha = 1.0; background = base00; bright0 = base03; @@ -103,7 +103,12 @@ regular7 = base05; }; }); -in { - basePackage = pkgs.foot; - flags = ["--config=${config}"]; -} +in + pkgs.symlinkJoin { + name = "foot-wrapped"; + paths = [pkgs.foot]; + buildInputs = [pkgs.makeWrapper]; + postBuild = '' + wrapProgram $out/bin/foot --add-flags "--config=${config}" + ''; + } diff --git a/system/core/git.nix b/user/git/default.nix similarity index 100% rename from system/core/git.nix rename to user/git/default.nix diff --git a/system/wayland/desktop/gtk/colors.nix b/user/gtk/colors.nix similarity index 99% rename from system/wayland/desktop/gtk/colors.nix rename to user/gtk/colors.nix index bb77c131..f956749c 100644 --- a/system/wayland/desktop/gtk/colors.nix +++ b/user/gtk/colors.nix @@ -1,5 +1,5 @@ -{colors}: -with colors; '' +{theme}: +with theme; '' @define-color accent_color #${base0D}; @define-color accent_bg_color #${base0D}; @define-color accent_fg_color #${base00}; diff --git a/system/wayland/desktop/gtk/default.nix b/user/gtk/default.nix similarity index 62% rename from system/wayland/desktop/gtk/default.nix rename to user/gtk/default.nix index 63ac533e..001d585a 100644 --- a/system/wayland/desktop/gtk/default.nix +++ b/user/gtk/default.nix @@ -1,23 +1,22 @@ { - lib, - config, pkgs, + theme, ... }: let - colors = config.colorScheme.palette; + inherit (builtins) toString isBool; + inherit (pkgs.lib) boolToString escape generators; - toGtk3Ini = with lib; - generators.toINI { - mkKeyValue = key: value: let - value' = - if isBool value - then boolToString value - else toString value; - in "${escape ["="] key}=${value'}"; - }; + toGtk3Ini = generators.toINI { + mkKeyValue = key: value: let + value' = + if isBool value + then boolToString value + else toString value; + in "${escape ["="] key}=${value'}"; + }; in { homix = let - css = import ./colors.nix {inherit colors;}; + css = import ./colors.nix {inherit theme;}; gtkINI = { gtk-application-prefer-dark-theme = 1; gtk-font-name = "Lexend 11"; @@ -44,11 +43,9 @@ in { }; environment = { - systemPackages = with pkgs; [ - catppuccin-papirus-folders - bibata-cursors - adw-gtk3 - lexend + systemPackages = [ + pkgs.bibata-cursors + pkgs.adw-gtk3 ]; variables = { GTK_THEME = "adw-gtk3"; diff --git a/user/mako/default.nix b/user/mako/default.nix new file mode 100644 index 00000000..68bf37a7 --- /dev/null +++ b/user/mako/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + theme, + ... +}: +pkgs.symlinkJoin { + name = "mako-wrapped"; + paths = [pkgs.mako]; + buildInputs = [pkgs.makeWrapper]; + postBuild = '' + wrapProgram $out/bin/mako --add-flags "\ + --font 'Lexend 11' \ + --border-radius 8 \ + --padding 8 \ + --border-size 5 \ + --background-color '#${theme.base02}' \ + --border-color '#${theme.base03}' \ + --text-color '#${theme.base05}' \ + --progress-color '#${theme.base04}' \ + --default-timeout 4000" + ''; +} diff --git a/shell/configs/nvim/_sources/generated.json b/user/nvim/_sources/generated.json similarity index 88% rename from shell/configs/nvim/_sources/generated.json rename to user/nvim/_sources/generated.json index 2a49dbab..87a6abad 100644 --- a/shell/configs/nvim/_sources/generated.json +++ b/user/nvim/_sources/generated.json @@ -21,7 +21,7 @@ }, "neotree": { "cargoLocks": null, - "date": "2024-09-05", + "date": "2024-09-16", "extract": null, "name": "neotree", "passthru": null, @@ -33,11 +33,11 @@ "name": null, "owner": "nvim-neo-tree", "repo": "neo-tree.nvim", - "rev": "0774fa2085c62a147fcc7b56f0ac37053cc80217", - "sha256": "sha256-pLMXK53xA+UelkRLGBmPjRkYXo4kP0c9rClY3Q+w21k=", + "rev": "a77af2e764c5ed4038d27d1c463fa49cd4794e07", + "sha256": "sha256-Lqt0KJNT9HmpJwZoWChYeVBrDWhscRe8COqVCwgcTwk=", "type": "github" }, - "version": "0774fa2085c62a147fcc7b56f0ac37053cc80217" + "version": "a77af2e764c5ed4038d27d1c463fa49cd4794e07" }, "nvim-base-16": { "cargoLocks": null, @@ -61,7 +61,7 @@ }, "scope": { "cargoLocks": null, - "date": "2024-07-30", + "date": "2024-09-17", "extract": null, "name": "scope", "passthru": null, @@ -73,11 +73,11 @@ "name": null, "owner": "tiagovla", "repo": "scope.nvim", - "rev": "5e3f5ead970317b2f276d38dc031cb4bc5742cd4", - "sha256": "sha256-JisbhQ5oRPBl+C33xbRu6GzK71DstSOHrHwLwpecnVA=", + "rev": "932102696ead2b7ab9ff65017767b57e2722fdde", + "sha256": "sha256-2eM+KXsF66ocdaV4zVHy8afgP1v+Gj85R3XBhmDORtU=", "type": "github" }, - "version": "5e3f5ead970317b2f276d38dc031cb4bc5742cd4" + "version": "932102696ead2b7ab9ff65017767b57e2722fdde" }, "sixelpreview": { "cargoLocks": null, diff --git a/shell/configs/nvim/_sources/generated.nix b/user/nvim/_sources/generated.nix similarity index 82% rename from shell/configs/nvim/_sources/generated.nix rename to user/nvim/_sources/generated.nix index 96c95f1c..b857a663 100644 --- a/shell/configs/nvim/_sources/generated.nix +++ b/user/nvim/_sources/generated.nix @@ -15,15 +15,15 @@ }; neotree = { pname = "neotree"; - version = "0774fa2085c62a147fcc7b56f0ac37053cc80217"; + version = "a77af2e764c5ed4038d27d1c463fa49cd4794e07"; src = fetchFromGitHub { owner = "nvim-neo-tree"; repo = "neo-tree.nvim"; - rev = "0774fa2085c62a147fcc7b56f0ac37053cc80217"; + rev = "a77af2e764c5ed4038d27d1c463fa49cd4794e07"; fetchSubmodules = false; - sha256 = "sha256-pLMXK53xA+UelkRLGBmPjRkYXo4kP0c9rClY3Q+w21k="; + sha256 = "sha256-Lqt0KJNT9HmpJwZoWChYeVBrDWhscRe8COqVCwgcTwk="; }; - date = "2024-09-05"; + date = "2024-09-16"; }; nvim-base-16 = { pname = "nvim-base-16"; @@ -39,15 +39,15 @@ }; scope = { pname = "scope"; - version = "5e3f5ead970317b2f276d38dc031cb4bc5742cd4"; + version = "932102696ead2b7ab9ff65017767b57e2722fdde"; src = fetchFromGitHub { owner = "tiagovla"; repo = "scope.nvim"; - rev = "5e3f5ead970317b2f276d38dc031cb4bc5742cd4"; + rev = "932102696ead2b7ab9ff65017767b57e2722fdde"; fetchSubmodules = false; - sha256 = "sha256-JisbhQ5oRPBl+C33xbRu6GzK71DstSOHrHwLwpecnVA="; + sha256 = "sha256-2eM+KXsF66ocdaV4zVHy8afgP1v+Gj85R3XBhmDORtU="; }; - date = "2024-07-30"; + date = "2024-09-17"; }; sixelpreview = { pname = "sixelpreview"; diff --git a/user/nvim/default.nix b/user/nvim/default.nix new file mode 100644 index 00000000..cd699cd8 --- /dev/null +++ b/user/nvim/default.nix @@ -0,0 +1,111 @@ +{ + pkgs, + theme, + ... +}: let + inherit (builtins) attrValues; + nvfetcher = builtins.mapAttrs (name: value: + pkgs.vimUtils.buildVimPlugin { + inherit name; + inherit (value) src; + }) (pkgs.callPackages ./_sources/generated.nix {}); + + luatheme = '' + + require('base16-colorscheme').setup({ + base00 = '#${theme.base00}', base01 = '#${theme.base01}', base02 = '#${theme.base02}', base03 = '#${theme.base03}', + base04 = '#${theme.base04}', base05 = '#${theme.base05}', base06 = '#${theme.base06}', base07 = '#${theme.base07}', + base08 = '#${theme.base08}', base09 = '#${theme.base09}', base0A = '#${theme.base0A}', base0B = '#${theme.base0B}', + base0C = '#${theme.base0C}', base0D = '#${theme.base0D}', base0E = '#${theme.base0E}', base0F = '#${theme.base0F}', + }) + + ''; + + lua = pkgs.writeText "init.lua" (luatheme + builtins.readFile ./init.lua); + + neovimConfig = pkgs.neovimUtils.makeNeovimConfig { + withPython3 = false; + withRuby = false; + withNodeJs = false; + customRC = '' + source ${./init.vim} + :luafile ${lua} + ''; + + plugins = + (attrValues nvfetcher) + ++ (attrValues { + inherit + (pkgs.vimPlugins) + lualine-nvim + nvim-web-devicons + gitsigns-nvim + vim-fugitive + indent-blankline-nvim-lua + nvim-autopairs + neoformat + comment-nvim + nvim-colorizer-lua + which-key-nvim + undotree + vim-speeddating + luasnip + vim-startuptime + telescope-nvim + harpoon + alpha-nvim + zen-mode-nvim + sniprun + vim-table-mode + trouble-nvim + nvim-cokeline + fidget-nvim + nvim-notify + # Language support + + nvim-lspconfig + nvim-cmp + friendly-snippets + cmp-cmdline + cmp-nvim-lsp + cmp-buffer + cmp-path + nui-nvim + plenary-nvim + ; + }) + ++ [pkgs.vimPlugins.nvim-treesitter.withAllGrammars]; + }; +in + pkgs.symlinkJoin { + name = "nvim-wrapped"; + paths = + [ + (pkgs.wrapNeovimUnstable pkgs.neovim-unwrapped neovimConfig) + + pkgs.nodePackages.typescript-language-server + pkgs.nodePackages.prettier + ] + ++ attrValues { + inherit + (pkgs) + gopls + go + nil + rust-analyzer + alejandra + vscode-langservers-extracted + bash-language-server + zls + gleam + clang-tools + shellcheck + cargo + nixd + stylua + # required for my goofy ahh plugin :3 + + libsixel + ; + }; + } diff --git a/shell/configs/nvim/init.lua b/user/nvim/init.lua similarity index 100% rename from shell/configs/nvim/init.lua rename to user/nvim/init.lua diff --git a/shell/configs/nvim/init.vim b/user/nvim/init.vim similarity index 100% rename from shell/configs/nvim/init.vim rename to user/nvim/init.vim diff --git a/shell/configs/nvim/nvfetcher.toml b/user/nvim/nvfetcher.toml similarity index 100% rename from shell/configs/nvim/nvfetcher.toml rename to user/nvim/nvfetcher.toml diff --git a/user/packages.nix b/user/packages.nix new file mode 100644 index 00000000..071996cd --- /dev/null +++ b/user/packages.nix @@ -0,0 +1,50 @@ +{pkgs, ...}: let + inherit (builtins) attrValues; +in { + environment.systemPackages = attrValues { + inherit + (pkgs) + wl-clipboard + librewolf + mpv + tdesktop + ytmdl + yt-dlp + ledger-live-desktop + transmission_4-qt + ledger_agent + signal-desktop + gimp + keepassxc + clang + gnumake + cargo + go + gcc + git + ripgrep + zoxide + fzf + eza + gping + dogdns + onefetch + cpufetch + microfetch + tealdeer + glow + hyperfine + imagemagick + ffmpeg-full + catimg + nmap + xh + grex + jq + rsync + figlet + qrencode + unzip + ; + }; +} diff --git a/system/wayland/desktop/wrapped/river/binds.nix b/user/river/binds.nix similarity index 98% rename from system/wayland/desktop/wrapped/river/binds.nix rename to user/river/binds.nix index 89f8dac2..fc7fcf41 100644 --- a/system/wayland/desktop/wrapped/river/binds.nix +++ b/user/river/binds.nix @@ -7,7 +7,7 @@ "None XF86Favorites spawn infoscript" "None XF86Keyboard spawn tofi-emoji" "None XF86Display spawn swaylock" - "Super Space spawn 'tofi-drun | xargs -0 riverctl spawn'" + "Super Space spawn 'tofi-run | xargs -0 riverctl spawn'" "Super+Shift S spawn '${getExe pkgs.slurp} | ${getExe pkgs.grim} -g - - | ${pkgs.wl-clipboard}/bin/wl-copy'" "Super Q close" diff --git a/system/wayland/desktop/wrapped/river/default.nix b/user/river/default.nix similarity index 90% rename from system/wayland/desktop/wrapped/river/default.nix rename to user/river/default.nix index c3bf3024..7adb49dc 100644 --- a/system/wayland/desktop/wrapped/river/default.nix +++ b/user/river/default.nix @@ -1,6 +1,6 @@ { pkgs, - colors, + theme, ... }: # https://github.com/viperML/wrapper-manager/issues/14 @@ -13,6 +13,6 @@ pkgs.symlinkJoin { ]; buildInputs = [pkgs.makeWrapper]; postBuild = '' - wrapProgram $out/bin/river --add-flags "-c ${import ./init.nix {inherit pkgs colors;}}"; + wrapProgram $out/bin/river --add-flags "-c ${import ./init.nix {inherit pkgs theme;}}"; ''; } diff --git a/system/wayland/desktop/wrapped/river/init.nix b/user/river/init.nix similarity index 91% rename from system/wayland/desktop/wrapped/river/init.nix rename to user/river/init.nix index d06d82fd..bca61afd 100644 --- a/system/wayland/desktop/wrapped/river/init.nix +++ b/user/river/init.nix @@ -1,6 +1,6 @@ { pkgs, - colors, + theme, ... }: let init-binds = import ./binds.nix {inherit pkgs;}; @@ -43,9 +43,9 @@ in riverctl keyboard-layout -options "caps:escape" pl riverctl set-repeat 30 350 - riverctl background-color "0x${colors.base01}" - riverctl border-color-focused "0x${colors.base04}" - riverctl border-color-unfocused "0x${colors.base02}" + riverctl background-color "0x${theme.base01}" + riverctl border-color-focused "0x${theme.base04}" + riverctl border-color-unfocused "0x${theme.base02}" riverctl border-width 4 riverctl default-layout rivercarro @@ -56,7 +56,7 @@ in # TODO: Make systemd user services instead foot --server & - mako-wrapped & + mako & signal-desktop & kanshi & diff --git a/system/wayland/desktop/wrapped/river/scripts/infoscript.nix b/user/river/scripts/infoscript.nix similarity index 100% rename from system/wayland/desktop/wrapped/river/scripts/infoscript.nix rename to user/river/scripts/infoscript.nix diff --git a/system/wayland/desktop/wrapped/river/scripts/osd.nix b/user/river/scripts/osd.nix similarity index 100% rename from system/wayland/desktop/wrapped/river/scripts/osd.nix rename to user/river/scripts/osd.nix diff --git a/system/wayland/desktop/wrapped/swaylock/default.nix b/user/swaylock/default.nix similarity index 58% rename from system/wayland/desktop/wrapped/swaylock/default.nix rename to user/swaylock/default.nix index 865d1daf..74ef01cd 100644 --- a/system/wayland/desktop/wrapped/swaylock/default.nix +++ b/user/swaylock/default.nix @@ -1,14 +1,15 @@ { pkgs, - colors, + theme, ... }: let - inside = colors.base01; - outside = colors.base01; - ring = colors.base05; - text = colors.base05; - positive = colors.base0B; - negative = colors.base08; + inherit (builtins) concatStringsSep attrNames map; + inside = theme.base01; + outside = theme.base01; + ring = theme.base05; + text = theme.base05; + positive = theme.base0B; + negative = theme.base08; settings = { color = outside; @@ -39,13 +40,13 @@ indicator-thickness = 15; }; - extraFlags = [ - "-n" - "-S" - "--clock" - "--indicator" - ]; -in { - basePackage = pkgs.swaylock-effects; - flags = builtins.concatLists (builtins.map (key: ["--${key}" (builtins.toString settings.${key})]) (builtins.attrNames settings)) ++ extraFlags; -} + flags = (concatStringsSep " " (map (key: "--${key}=${builtins.toString settings.${key}}") (attrNames settings))) + "-n -S --clock --indicator"; +in + pkgs.symlinkJoin { + name = "swaylock-wrapped"; + paths = [pkgs.swaylock-effects]; + buildInputs = [pkgs.makeWrapper]; + postBuild = '' + wrapProgram $out/bin/swaylock --add-flags "${flags}" + ''; + } diff --git a/system/wayland/desktop/wrapped/tofi/default.nix b/user/tofi/default.nix similarity index 82% rename from system/wayland/desktop/wrapped/tofi/default.nix rename to user/tofi/default.nix index 60f3e250..22b6da8d 100644 --- a/system/wayland/desktop/wrapped/tofi/default.nix +++ b/user/tofi/default.nix @@ -1,9 +1,9 @@ { pkgs, - colors, + theme, ... }: let - config = pkgs.writeText "tofi-config" (pkgs.lib.generators.toKeyValue {} (with colors; { + config = pkgs.writeText "tofi-config" (pkgs.lib.generators.toKeyValue {} { anchor = "center"; width = 500; height = 300; @@ -13,12 +13,12 @@ font = "monospace"; ascii-input = false; outline-width = 5; - outline-color = "#${base02}"; + outline-color = "#${theme.base02}"; border-width = 2; - border-color = "#${base05}"; - background-color = "#${base00}"; - text-color = "#${base05}"; - selection-color = "#${base0B}"; + border-color = "#${theme.base05}"; + background-color = "#${theme.base00}"; + text-color = "#${theme.base05}"; + selection-color = "#${theme.base0B}"; min-input-width = 120; late-keyboard-init = true; result-spacing = 10; @@ -26,7 +26,7 @@ padding-bottom = 15; padding-left = 15; padding-right = 15; - })); + }); in pkgs.symlinkJoin { name = "tofi-wrapped"; diff --git a/system/wayland/desktop/wrapped/tofi/emojis b/user/tofi/emojis similarity index 100% rename from system/wayland/desktop/wrapped/tofi/emojis rename to user/tofi/emojis diff --git a/system/wayland/desktop/wrapped/tofi/scripts.nix b/user/tofi/scripts.nix similarity index 100% rename from system/wayland/desktop/wrapped/tofi/scripts.nix rename to user/tofi/scripts.nix diff --git a/user/wrapper.nix b/user/wrapper.nix new file mode 100644 index 00000000..e69de29b diff --git a/system/wayland/desktop/wrapped/zathura/default.nix b/user/zathura/default.nix similarity index 88% rename from system/wayland/desktop/wrapped/zathura/default.nix rename to user/zathura/default.nix index defa448d..c4dd1230 100644 --- a/system/wayland/desktop/wrapped/zathura/default.nix +++ b/user/zathura/default.nix @@ -1,10 +1,9 @@ { - inputs, pkgs, - cfg, + theme, ... }: let - config = with cfg.theme.colors; + config = with theme; pkgs.writeText "foot.ini" '' [bell] command=notify-send bell @@ -51,7 +50,6 @@ pad=12x21 center resize-delay-ms=100 selection-target=primary - shell=${cfg.nucleus}/bin/nucleus term=xterm-256color title=foot vertical-letter-offset=-0.75 @@ -82,7 +80,12 @@ uri-characters=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.,~:;/?#@!$&%*+="'()[] ''; -in { - basePackage = pkgs.foot; - flags = ["--config=${config}"]; -} +in + pkgs.symlinkJoin { + name = "zathura-wrapped"; + paths = [pkgs.zathura]; + buildInputs = [pkgs.makeWrapper]; + postBuild = '' + wrapProgram $out/bin/zathura --add-flags "--config=${config}" + ''; + } diff --git a/shell/aliases.nix b/user/zsh/aliases.nix similarity index 100% rename from shell/aliases.nix rename to user/zsh/aliases.nix diff --git a/shell/zsh/config.zsh b/user/zsh/config.zsh similarity index 100% rename from shell/zsh/config.zsh rename to user/zsh/config.zsh diff --git a/user/zsh/default.nix b/user/zsh/default.nix new file mode 100644 index 00000000..27b00bcd --- /dev/null +++ b/user/zsh/default.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: let + toml = pkgs.formats.toml {}; + + starship-settings = import ./starship.nix; + + aliases = import ./aliases.nix {inherit pkgs;}; + + zconfig = import ./zinit.nix {inherit pkgs aliasesStr;}; + + aliasesStr = + pkgs.lib.concatStringsSep "\n" + (pkgs.lib.mapAttrsToList (k: v: "alias ${k}=\"${v}\"") aliases); +in + (pkgs.symlinkJoin { + name = "zsh-wrapped"; + paths = [pkgs.zsh pkgs.starship pkgs.fzf]; + buildInputs = [pkgs.makeWrapper]; + postBuild = '' + wrapProgram $out/bin/zsh --set STARSHIP_CONFIG "${toml.generate "starship.toml" starship-settings}" \ + --set ZDOTDIR "${zconfig}/bin" + ''; + }) + .overrideAttrs (_: { + passthru = { + shellPath = "/bin/zsh"; + }; + }) diff --git a/shell/starship.nix b/user/zsh/starship.nix similarity index 100% rename from shell/starship.nix rename to user/zsh/starship.nix diff --git a/shell/zsh/starship.zsh b/user/zsh/starship.zsh similarity index 100% rename from shell/zsh/starship.zsh rename to user/zsh/starship.zsh diff --git a/shell/zsh/default.nix b/user/zsh/zinit.nix similarity index 100% rename from shell/zsh/default.nix rename to user/zsh/zinit.nix diff --git a/shell/zsh/zoxide.zsh b/user/zsh/zoxide.zsh similarity index 100% rename from shell/zsh/zoxide.zsh rename to user/zsh/zoxide.zsh From 3f4f2139feb772dd08c643e05a01942e8e52ca34 Mon Sep 17 00:00:00 2001 From: sioodmy Date: Thu, 3 Oct 2024 08:06:56 +0000 Subject: [PATCH 2/5] docs: update readme --- .github/README.md | 93 ++++++++++++++++++++++------------------------- README.md | 49 ------------------------- 2 files changed, 44 insertions(+), 98 deletions(-) delete mode 100644 README.md diff --git a/.github/README.md b/.github/README.md index 6e85f642..f691e773 100644 --- a/.github/README.md +++ b/.github/README.md @@ -1,38 +1,47 @@ -

- -
- - sioodmy's dotfiles
-
-
- -
-

- - - - - - - - - - - - - - - -
-
-

- -
- - -

- -

+# Nixus + +## Contents + +This repo contains my reorganized and rewritten NixOS configuration. +It might not be widely considered _correct_ or whatever, because I used some of my braincells to come up with this autistic design philosophy: + +- **Do not overengineer** - Yeah, we get it, you are good at Nix, but you don't really need to overcomplicate everything. You sacrifice both readability and evaluation times in exchange for absolutely nothing + > An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple, for an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can't understand it he's gonna think you're a god cause you made it so complicated nobody can understand it. That's how they write journals in Academics, they try to make it so complicated people think you're a genius + > ~ Terry Davis, Creator of Temple OS +- **No inputs other than nixpkgs** - This is probably the most controversial one, for me it's just a proof of concept that you can achieve behaviour provided by external modules in a much simpler way. Just straight up rawdogging nix +- Wrap binaries rather than creating user modifable files in home directory, just to be _pure_ ™️ +- Avoid `with` keyword at ALL COST +- Disk partitioning should not be declarative, I don't like the way disko does it. I use same partition layout for all of my hosts, and that's enough. +- I like to keep my secrets in one place that is not my repo + +## Flake outputs + +- **NixOS modules** - including $HOME management, impermanence and some laptop specific things +- **Dev shell** - shell containing my entire terminal workflow, with fully configured neovim and stuff. +- **Packages** - Mostly unmodified packages from nixpkgs, wrapped with my configs, themed via base16 attribute set +- **Theme** - which outputs my current base16 theme as an attrset + +# Why I don't use some of the popular NixOS modules? + +## Home-manager + +I don't like it. I prefer to wrap my binaries. Much better solution. + +Everyone in nix community will tell you that hm is a mess. + +## Flake-parts + +Actually I have nothing against using flake-parts, although I don't see the use case in my NixOS configuration since I only use one cpu architecture. + +Trust me, I tried. It never compiles on ARM anyway + +## Impermanence + +I found it needlessly overcomplicated and unreliable. + +## Nix-colors + +It's just a glorified attribute set ## 💛 Donate @@ -45,17 +54,3 @@ If you would like to support me you can sponsor me via ko-fi Ethereum/EVM compatible: `0x2fa1e5e90c011d08bba1f6dbdc317fd293311c0d` [![Star History Chart](https://api.star-history.com/svg?repos=sioodmy/dotfiles&type=Date)](https://star-history.com/#sioodmy/dotfiles&Date) - -## ❤️ Special thanks tto (I love you guys) - -[notusknot](https://github.com/notusknot) - -[siduck](https://github.com/siduck) - -[rxyhn](https://github.com/rxyhn) - -[fufexan](https://github.com/fufexan) - -[hlissner](https://github.com/hlissner) - -[owl4ce](https://github.com/owl4ce) - -[luca.py](https://gitlab.com/luca.py/) - -[FromSyntax](https://github.com/FromSyntax) - -[pupbrained](https://github.com/pupbrained) - -[ini](https://github.com/InioX) - -[ozwaldorf.eth](https://ossian.dev/) - [NotAShelf](https://github.com/NotAShelf) diff --git a/README.md b/README.md deleted file mode 100644 index 2b3cea87..00000000 --- a/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Nixus - -## Contents - -This repo contains my reorganized and rewritten NixOS configuration. -It might not be widely considered _correct_ or whatever, because I used some of my braincells to come up with this autistic design philosophy: - -- **Do not overengineer** - Yeah, we get it, you are good at Nix, but you don't really need to overcomplicate everything. You sacrifice both readability and evaluation times in exchange for absolutely nothing - > An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple, for an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can't understand it he's gonna think you're a god cause you made it so complicated nobody can understand it. That's how they write journals in Academics, they try to make it so complicated people think you're a genius - > ~ Terry Davis, Creator of Temple OS -- **No inputs other than nixpkgs** - This is probably the most controversial one, for me it's just a proof of concept that you can achieve behaviour provided by external modules in a much simpler way. Just straight up rawdogging nix -- Wrap binaries rather than creating user modifable files in home directory, just to be _pure_ ™️ -- Avoid `with` keyword at ALL COST -- Disk partitioning should not be declarative, I don't like the way disko does it. I use same partition layout for all of my hosts, and that's enough. -- I like to keep my secrets in one place that is not my repo - -# Why I don't use some of the popular NixOS modules? - -## Home-manager - -I don't like it. I prefer to wrap my binaries and use systemd tmpfiles instead. Much better solution. - -Everyone in nix community will tell you that hm is a mess. - -## Flake-parts - -Actually I have nothing against using flake-parts, although I don't see the use case in my NixOS configuration since I only use one cpu architecture. - -Trust me, I tried. It never compiles on ARM anyway - -## Impermanence - -Bind mounts are somewhat unreliable at best and lead to undefined behaviour. Again, systemd-tmpfiles on top - -## Nix-colors - -It's just a glorified attribute set - -## 💛 Donate - -If you would like to support me you can sponsor me via ko-fi - -Support me on kofi - -... or if you prefer crypto - -Ethereum/EVM compatible: `0x2fa1e5e90c011d08bba1f6dbdc317fd293311c0d` - -[![Star History Chart](https://api.star-history.com/svg?repos=sioodmy/dotfiles&type=Date)](https://star-history.com/#sioodmy/dotfiles&Date) From 005bf70cae7c5abdaa048a2ae94511b703fdf30b Mon Sep 17 00:00:00 2001 From: sioodmy Date: Fri, 4 Oct 2024 10:52:58 +0000 Subject: [PATCH 3/5] feat: disable watchdog --- system/boot/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/system/boot/default.nix b/system/boot/default.nix index 3d54195d..22c0bf85 100644 --- a/system/boot/default.nix +++ b/system/boot/default.nix @@ -14,6 +14,7 @@ # see: https://www.reddit.com/r/archlinux/comments/e5oe4p/comment/fa8mzft/ "snd_hda_intel.dmic_detect=0" "acpi_osi=linux" + "nowatchdog" ]; bootspec.enable = true; From 406dc393535ff9b215e37dd11ee757efea46ce9c Mon Sep 17 00:00:00 2001 From: sioodmy Date: Fri, 4 Oct 2024 17:48:00 +0000 Subject: [PATCH 4/5] feat: lock kernel --- .github/README.md | 21 +++++++++++---------- system/security/default.nix | 4 ++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/README.md b/.github/README.md index f691e773..d82ed013 100644 --- a/.github/README.md +++ b/.github/README.md @@ -1,21 +1,22 @@ # Nixus -## Contents +## About This repo contains my reorganized and rewritten NixOS configuration. It might not be widely considered _correct_ or whatever, because I used some of my braincells to come up with this autistic design philosophy: -- **Do not overengineer** - Yeah, we get it, you are good at Nix, but you don't really need to overcomplicate everything. You sacrifice both readability and evaluation times in exchange for absolutely nothing - > An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple, for an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can't understand it he's gonna think you're a god cause you made it so complicated nobody can understand it. That's how they write journals in Academics, they try to make it so complicated people think you're a genius - > ~ Terry Davis, Creator of Temple OS -- **No inputs other than nixpkgs** - This is probably the most controversial one, for me it's just a proof of concept that you can achieve behaviour provided by external modules in a much simpler way. Just straight up rawdogging nix -- Wrap binaries rather than creating user modifable files in home directory, just to be _pure_ ™️ -- Avoid `with` keyword at ALL COST -- Disk partitioning should not be declarative, I don't like the way disko does it. I use same partition layout for all of my hosts, and that's enough. -- I like to keep my secrets in one place that is not my repo +- nixpkgs as the only input, just straight up rawdogging nix +- wrap binaries instead of putting files in home dir +- do not copy from others +- try to avoid `with` keyword as much as possible + +## But why? -## Flake outputs +Idk, but I like it, probably IKEA effect. Also my config probably moggs yours in terms of evaluation times. Clean install in under 10 minutes. + +## Contents +- **NixOS hosts** - currently only my twinkpad x1 - **NixOS modules** - including $HOME management, impermanence and some laptop specific things - **Dev shell** - shell containing my entire terminal workflow, with fully configured neovim and stuff. - **Packages** - Mostly unmodified packages from nixpkgs, wrapped with my configs, themed via base16 attribute set diff --git a/system/security/default.nix b/system/security/default.nix index f4ed3908..82183e51 100644 --- a/system/security/default.nix +++ b/system/security/default.nix @@ -2,8 +2,8 @@ services.networkd-dispatcher.enable = true; security = { - protectKernelImage = false; - lockKernelModules = false; + protectKernelImage = true; + lockKernelModules = true; forcePageTableIsolation = true; polkit.enable = true; From 2b3e5b1d466145c6734c97f29ba207176c96c4c1 Mon Sep 17 00:00:00 2001 From: sioodmy Date: Fri, 4 Oct 2024 17:51:21 +0000 Subject: [PATCH 5/5] feat: add syncthing --- system/default.nix | 2 ++ system/services/default.nix | 12 ++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 system/services/default.nix diff --git a/system/default.nix b/system/default.nix index ab116776..d629e6ef 100644 --- a/system/default.nix +++ b/system/default.nix @@ -8,6 +8,8 @@ ./users ./wayland ./nix + ./security + ./services ]; environment.etc.machine-id.text = "796f7520617265206175746973746963"; diff --git a/system/services/default.nix b/system/services/default.nix new file mode 100644 index 00000000..eccc1ec5 --- /dev/null +++ b/system/services/default.nix @@ -0,0 +1,12 @@ +{...}: { + services.syncthing = { + enable = true; + user = "sioodmy"; + dataDir = "/home/sioodmy/.config/syncthing"; + configDir = "/home/sioodmy/.config/syncthing"; + guiAddress = "127.0.0.1:8384"; + + openDefaultPorts = true; + }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576; +}