From e552de889bf56e2a28489ac19f579bb797784068 Mon Sep 17 00:00:00 2001 From: Johannes Rothe Date: Fri, 8 Mar 2024 22:46:38 +0100 Subject: [PATCH] Initialize system with flakes --- configuration.nix | 317 +++++++++++++++++++++++++++++++++++++ flake.lock | 27 ++++ flake.nix | 19 +++ hardware-configuration.nix | 35 ++++ 4 files changed, 398 insertions(+) create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..d74dc8c --- /dev/null +++ b/configuration.nix @@ -0,0 +1,317 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, ... }: + + let + # bash script to let dbus know about important env variables and + # propagate them to relevent services run at the end of sway config + # see + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts + # some user services to make sure they have the correct environment variables + dbus-sway-environment = pkgs.writeTextFile { + name = "dbus-sway-environment"; + destination = "/bin/dbus-sway-environment"; + executable = true; + + text = '' + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr + ''; + }; + + # currently, there is some friction between sway and gtk: + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland + # the suggested way to set gtk settings is with gsettings + # for gsettings to work, we need to tell it where the schemas are + # using the XDG_DATA_DIR environment variable + # run at the end of sway config + configure-gtk = pkgs.writeTextFile { + name = "configure-gtk"; + destination = "/bin/configure-gtk"; + executable = true; + text = let + schema = pkgs.gsettings-desktop-schemas; + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; + in '' + export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS + gnome_schema=org.gnome.desktop.interface + gsettings set $gnome_schema gtk-theme 'Dracula' + ''; + }; + + in + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = false; + + # Setup keyfile + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + # Enable grub cryptodisk + boot.loader.grub.enableCryptodisk = true; + + boot.initrd.luks.devices."luks-efc0285c-812e-4946-936b-37e737fb72eb".keyFile = "/crypto_keyfile.bin"; + + # allow crosscompiling for raspberrypi + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + networking.hostName = "lift"; + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + networking.networkmanager.enable = true; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + + # Enable the X11 windowing system. + #services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + #services.xserver.desktopManager.gnome.enable = true; + + # Configure console keymap + console.keyMap = "de-latin1-nodeadkeys"; + + # Enable CUPS to print documents. + services.printing.enable = true; + # Enable scanning + hardware.sane.enable = true; + + # bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + # hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.rothe = { + isNormalUser = true; + description = "rothe"; + extraGroups = [ "networkmanager" "wheel" "video" "scanner" "lp" "docker"]; + shell = pkgs.fish; + packages = with pkgs; [ + chromium + firefox + flatpak + thunderbird + ]; + }; + + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + ack + avrdude + bind + black # code formatting + calibre + configure-gtk + cmake + cryptsetup + curl + dbus-sway-environment + dracula-theme + dmenu + docker-compose + evince + ffmpeg + fish + foot + fzf + gammastep + gcc + gimp + git + glib + gnome.eog + gnome.nautilus + gnome.simple-scan + gnucash + gnumake + gnupg + go + google-cloud-sdk + gotools + htop + i3status + inkscape + ispell + jq + kanshi + keychain + libreoffice + mako + mosquitto + mypy + nextcloud-client + nodePackages.pnpm + nodePackages.typescript + nmap + pass-secret-service + pavucontrol + pinentry + portfolio + pulseaudio + pylint + python311 + python311Packages.flake8 + python311Packages.ipython + roboto-mono + rofi # dmenu replacement + scrot # screenshot + signal-desktop + silver-searcher + shellcheck + spotify + sqlite + sway + sway-contrib.grimshot + swayidle + swaylock + syncthing + tailscale + telegram-desktop + tinygo + tmux + tree + unzip + vim-full + vlc + wayland + wayshot + wdisplays + wget + wl-clipboard + xdg-utils + yt-dlp + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + services.passSecretService.enable = true; + services.tailscale.enable = true; + services.gvfs.enable = true; + + services.syncthing = { + enable = true; + user = "rothe"; + group = "users"; + dataDir = "/home/rothe"; + overrideFolders = false; + overrideDevices = false; + }; + + # xdg-desktop-portal works by exposing a series of D-Bus interfaces + # known as portals under a well-known name + # (org.freedesktop.portal.Desktop) and object path + # (/org/freedesktop/portal/desktop). + # The portal interfaces include APIs for file access, opening URIs, + # printing and others. + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + # gtk portal needed to make gtk apps happy + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + # enable sway window manager + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + + programs.light.enable = true; + programs.fish.enable = true; + services.pcscd.enable = true; + programs.gnupg.agent = { + enable = true; + pinentryFlavor = "gtk2"; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + services.flatpak.enable = true; + + fonts.packages = with pkgs; [ + roboto-mono + ]; + +services.resolved = { + enable = true; +}; + + # Open ports in the firewall. + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 57621 # Spotify + 8554 # RTSP Camera + ]; + }; + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + + virtualisation.docker.enable = true; + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + # dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + #defaultNetwork.settings.dns_enabled = true; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..75d1e68 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1709677081, + "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..2826d93 --- /dev/null +++ b/flake.nix @@ -0,0 +1,19 @@ +{ + description = "NixOS configuration flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + }; + + outputs = { self, nixpkgs, ...}: + let + lib = nixpkgs.lib; + in { + nixosConfigurations = { + lift = lib.nixosSystem { + system = "x64_64-linux"; + modules = [ ./configuration.nix ]; + }; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..f704eba --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6b2bfd84-d3b5-4dc2-8f7e-c3decc93cec5"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-efc0285c-812e-4946-936b-37e737fb72eb".device = "/dev/disk/by-uuid/efc0285c-812e-4946-936b-37e737fb72eb"; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}