don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

formating

Browse source
This commit is contained in:
Don Harper 2025-09-18 21:56:27 -05:00
parent 45c20d9cbe
commit 7016e89c79
12 changed files with 121 additions and 201 deletions
Download patch file Download diff file Expand all files Collapse all files

10
home/common/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, inputs, osConfig, ... }: {
pkgs,
inputs,
osConfig,
...
}: {
imports = [ imports = [
./aerc.nix ./aerc.nix
./bash.nix ./bash.nix
@ -119,7 +114,8 @@
programs.keychain = { programs.keychain = {
enable = true; enable = true;
enableBashIntegration = true; enableBashIntegration = true;
keys = "id_aur id_dsa id_ed25519 git C7E41C9F79C846984163693FCCD8E76F07EA701B"; keys =
"id_aur id_dsa id_ed25519 git C7E41C9F79C846984163693FCCD8E76F07EA701B";
}; };
home.file.".links/links.cfg".source = files/links.cfg; home.file.".links/links.cfg".source = files/links.cfg;
xdg.configFile."nix/nix.conf".text = '' xdg.configFile."nix/nix.conf".text = ''

13
hosts/ace/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix
@ -18,7 +11,5 @@
gui.enable = true; gui.enable = true;
kmscon.enable = true; kmscon.enable = true;
}; };
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

13
hosts/book/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook inputs.nixos-hardware.nixosModules.google-pixelbook
./hardware-configuration.nix ./hardware-configuration.nix
@ -24,7 +17,5 @@
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
gnome-calendar.enable = true; gnome-calendar.enable = true;
}; };
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

11
hosts/dragon/default.nix
View file

@ -1,9 +1,4 @@
{ { inputs, config, pkgs, ... }: {
inputs,
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
@ -20,7 +15,5 @@
kmscon.enable = true; kmscon.enable = true;
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
}; };
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

13
hosts/eve/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook inputs.nixos-hardware.nixosModules.google-pixelbook
./hardware-configuration.nix ./hardware-configuration.nix
@ -21,7 +14,5 @@
kmscon.enable = true; kmscon.enable = true;
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
}; };
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

15
hosts/loki/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
./hardware-configuration.nix ./hardware-configuration.nix
@ -13,7 +6,7 @@
../workstation ../workstation
]; ];
networking.hostName = "loki"; networking.hostName = "loki";
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
variables.address = "100.72.0.1"; variables.address = "100.72.0.1";
variables.swayScale = "1.2"; variables.swayScale = "1.2";
@ -27,7 +20,5 @@
gnome-calendar.enable = true; gnome-calendar.enable = true;
}; };
primary.enable = true; primary.enable = true;
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

8
hosts/pocket2/default.nix
View file

@ -10,10 +10,6 @@
networking.hostName = "pocket2"; networking.hostName = "pocket2";
variables.swayScale = "1.7"; variables.swayScale = "1.7";
roles = { roles = { gui.enable = true; };
gui.enable = true; wm = { sway.enable = true; };
};
wm = {
sway.enable = true;
};
} }

13
hosts/smaug/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260
inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop
@ -24,7 +17,5 @@
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
gnome-calendar.enable = true; gnome-calendar.enable = true;
}; };
wm = { wm = { sway.enable = true; };
sway.enable = true;
};
} }

9
hosts/template/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, outputs, lib, config, pkgs, ... }: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix

138
hosts/workstation/default.nix
View file

@ -1,11 +1,5 @@
{ { inputs, outputs, lib, config, pkgs, ... }:
inputs, let
outputs,
lib,
config,
pkgs,
...
}: let
my-python-packages = python-packages: my-python-packages = python-packages:
with python-packages; [ with python-packages; [
# pipx # pipx
@ -24,7 +18,7 @@ in {
# experimental-features = ["nix-command" "flakes"]; # experimental-features = ["nix-command" "flakes"];
warn-dirty = false; warn-dirty = false;
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = ["root" "don"]; trusted-users = [ "root" "don" ];
}; };
gc = { gc = {
automatic = true; automatic = true;
@ -58,26 +52,23 @@ in {
networking = { networking = {
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = true; enableIPv6 = true;
networkmanager = {wifi = {powersave = true;};}; networkmanager = { wifi = { powersave = true; }; };
useDHCP = false; useDHCP = false;
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = ["tailscale0"]; # always allow traffic from your Tailscale network trustedInterfaces =
[ "tailscale0" ]; # always allow traffic from your Tailscale network
checkReversePath = "loose"; checkReversePath = "loose";
allowedUDPPorts = [config.services.tailscale.port]; allowedUDPPorts = [ config.services.tailscale.port ];
allowedTCPPortRanges = [ allowedTCPPortRanges = [{
{ from = 1714;
from = 1714; to = 1764;
to = 1764; }];
} allowedUDPPortRanges = [{
]; from = 1714;
allowedUDPPortRanges = [ to = 1764;
{ }];
from = 1714; allowedTCPPorts = [ 22 ];
to = 1764;
}
];
allowedTCPPorts = [22];
}; };
}; };
@ -93,7 +84,7 @@ in {
inputMethod = { inputMethod = {
enable = true; enable = true;
type = "fcitx5"; type = "fcitx5";
fcitx5.addons = with pkgs; [fcitx5-mozc fcitx5-gtk]; fcitx5.addons = with pkgs; [ fcitx5-mozc fcitx5-gtk ];
}; };
}; };
@ -101,38 +92,33 @@ in {
boot = { boot = {
# kernelPackages = pkgs.linuxPackages_latest; # kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
kernelParams = ["consoleblank=60" "mem_sleep_default=deep"]; kernelParams = [ "consoleblank=60" "mem_sleep_default=deep" ];
# extraModulePackages = [config.boot.kernelPackages.ddcci-driver]; # extraModulePackages = [config.boot.kernelPackages.ddcci-driver];
# kernelModules = ["i2c-dev" "ddcci_backlight"]; # kernelModules = ["i2c-dev" "ddcci_backlight"];
loader = loader = if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux") then {
if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux") systemd-boot = { enable = true; };
then { efi = {
systemd-boot = {enable = true;}; canTouchEfiVariables = true;
efi = { efiSysMountPoint = "/boot";
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
}
else {
grub.enable = false;
generic-extlinux-compatible.enable = true;
}; };
plymouth = {enable = true;}; } else {
kernel = {sysctl = {"vm.swappiness" = 10;};}; grub.enable = false;
generic-extlinux-compatible.enable = true;
};
plymouth = { enable = true; };
kernel = { sysctl = { "vm.swappiness" = 10; }; };
}; };
security = { security = {
polkit = {enable = true;}; polkit = { enable = true; };
sudo.enable = false; sudo.enable = false;
doas = { doas = {
enable = true; enable = true;
extraRules = [ extraRules = [{
{ users = [ "don" ];
users = ["don"]; keepEnv = true;
keepEnv = true; noPass = true;
noPass = true; }];
}
];
}; };
}; };
@ -149,15 +135,17 @@ in {
userServices = true; userServices = true;
}; };
}; };
bpftune = {enable = true;}; bpftune = { enable = true; };
flatpak = {enable = true;}; flatpak = { enable = true; };
fstrim = {enable = true;}; fstrim = { enable = true; };
fwupd = {enable = true;}; fwupd = { enable = true; };
locate = { locate = {
enable = true; enable = true;
package = pkgs.mlocate; package = pkgs.mlocate;
}; };
logind = { logind = {
lidSwitchDocked = "ignore";
lidSwitchExternalPower = "ignore";
settings = { settings = {
Login = { Login = {
HandleLidSwitchDocked = "ignore"; HandleLidSwitchDocked = "ignore";
@ -165,7 +153,7 @@ in {
}; };
}; };
}; };
nscd = {enableNsncd = true;}; nscd = { enableNsncd = true; };
openssh = { openssh = {
enable = true; enable = true;
settings = { settings = {
@ -173,34 +161,34 @@ in {
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
}; };
}; };
pcscd = {enable = true;}; pcscd = { enable = true; };
pipewire = { pipewire = {
enable = true; enable = true;
alsa = { alsa = {
enable = true; enable = true;
support32Bit = true; support32Bit = true;
}; };
pulse = {enable = true;}; pulse = { enable = true; };
}; };
printing = { printing = {
enable = true; enable = true;
drivers = [pkgs.hplipWithPlugin]; drivers = [ pkgs.hplipWithPlugin ];
}; };
pulseaudio = {enable = false;}; pulseaudio = { enable = false; };
tailscale = {enable = true;}; tailscale = { enable = true; };
udev = { udev = {
extraRules = '' extraRules = ''
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="ext4", ATTR{../queue/scheduler}="none" ''; ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="ext4", ATTR{../queue/scheduler}="none" '';
}; };
udisks2 = {enable = true;}; udisks2 = { enable = true; };
}; };
hardware = { hardware = {
bluetooth = {enable = true;}; bluetooth = { enable = true; };
sane = { sane = {
enable = true; enable = true;
extraBackends = [pkgs.sane-airscan]; extraBackends = [ pkgs.sane-airscan ];
disabledDefaultBackends = ["escl" "v4l"]; disabledDefaultBackends = [ "escl" "v4l" ];
}; };
}; };
security.rtkit.enable = true; security.rtkit.enable = true;
@ -227,7 +215,8 @@ in {
isNormalUser = true; isNormalUser = true;
initialPassword = "changeme"; initialPassword = "changeme";
description = "Don Harper"; description = "Don Harper";
extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"]; extraGroups =
[ "networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
]; ];
@ -246,9 +235,9 @@ in {
config = { config = {
allowUnfree = true; allowUnfree = true;
allowUnfreePredicate = true; allowUnfreePredicate = true;
permittedInsecurePackages = ["libsoup-2.74.3" "qtwebengine-5.15.19"]; permittedInsecurePackages = [ "libsoup-2.74.3" "qtwebengine-5.15.19" ];
allowInsecurePredicate = pkg: allowInsecurePredicate = pkg:
builtins.elem (lib.getName pkg) ["broadcom-sta"]; builtins.elem (lib.getName pkg) [ "broadcom-sta" ];
}; };
}; };
@ -321,10 +310,10 @@ in {
]; ];
programs = { programs = {
dconf = {enable = true;}; dconf = { enable = true; };
light = {enable = true;}; light = { enable = true; };
mtr = {enable = true;}; mtr = { enable = true; };
kdeconnect = {enable = true;}; kdeconnect = { enable = true; };
gnupg = { gnupg = {
agent = { agent = {
enable = true; enable = true;
@ -336,14 +325,14 @@ in {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
qutebrowser = prev.qutebrowser.override {enableWideVine = true;}; qutebrowser = prev.qutebrowser.override { enableWideVine = true; };
}) })
(final: super: { (final: super: {
khal = super.khal.overridePythonAttrs (_: {doCheck = false;}); khal = super.khal.overridePythonAttrs (_: { doCheck = false; });
}) })
]; ];
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -374,5 +363,6 @@ in {
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop"; "x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop"; "x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
}; };
environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.qutebrowser}/bin/qutebrowser"; environment.sessionVariables.DEFAULT_BROWSER =
"${pkgs.qutebrowser}/bin/qutebrowser";
} }

40
hosts/workstation/systemd-primary.nix
View file

@ -1,65 +1,63 @@
{ { pkgs, lib, config, ... }:
pkgs, with lib;
lib, let cfg = config.primary;
config,
...
}:
with lib; let
cfg = config.primary;
in { in {
options.primary = {enable = mkEnableOption "is primary host";}; options.primary = { enable = mkEnableOption "is primary host"; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd = { systemd = {
user = { user = {
services = { services = {
do_agenda = { do_agenda = {
description = "Send today's agenda"; description = "Send today's agenda";
unitConfig = {Type = "simple";}; unitConfig = { Type = "simple"; };
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin"; Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/do_agenda"; ExecStart = "/home/don/bin/do_agenda";
}; };
}; };
do_agenda_tomorrow = { do_agenda_tomorrow = {
description = "Send tomorrow's agenda"; description = "Send tomorrow's agenda";
unitConfig = {Type = "simple";}; unitConfig = { Type = "simple"; };
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin"; Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/do_agenda_tomorrow"; ExecStart = "/home/don/bin/do_agenda_tomorrow";
}; };
}; };
gosleep = { gosleep = {
description = "Adjust tailscale MTU based on location"; description = "Adjust tailscale MTU based on location";
unitConfig = {Type = "simple";}; unitConfig = { Type = "simple"; };
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin"; Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/gosleep"; ExecStart = "/home/don/bin/gosleep";
}; };
}; };
}; };
timers = { timers = {
do_agenda = { do_agenda = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
partOf = ["do_agenda.service"]; partOf = [ "do_agenda.service" ];
timerConfig = { timerConfig = {
OnCalendar = "05:00"; OnCalendar = "05:00";
Unit = "do_agenda.service"; Unit = "do_agenda.service";
}; };
}; };
do_agenda_tomorrow = { do_agenda_tomorrow = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
partOf = ["do_agenda_tomorrow.service"]; partOf = [ "do_agenda_tomorrow.service" ];
timerConfig = { timerConfig = {
OnCalendar = "20:00"; OnCalendar = "20:00";
Unit = "do_agenda_tomorrow.service"; Unit = "do_agenda_tomorrow.service";
}; };
}; };
gosleep = { gosleep = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
partOf = ["gosleep.service"]; partOf = [ "gosleep.service" ];
timerConfig = { timerConfig = {
OnCalendar = "1m"; OnCalendar = "1m";
Unit = "gosleep.service"; Unit = "gosleep.service";

39
hosts/workstation/systemd.nix
View file

@ -1,19 +1,16 @@
{ { pkgs, lib, ... }:
pkgs, let
lib,
...
}: let
readlink = "${pkgs.coreutils}/bin/readlink"; readlink = "${pkgs.coreutils}/bin/readlink";
notify-send = "${pkgs.libnotify}/bin/notify-send"; notify-send = "${pkgs.libnotify}/bin/notify-send";
in { in {
systemd = { systemd = {
services = { services = {
systemd-lock-handler = {enable = true;}; systemd-lock-handler = { enable = true; };
NetworkManager-wait-online.enable = lib.mkForce false; NetworkManager-wait-online.enable = lib.mkForce false;
systemd-networkd-wait-online.enable = lib.mkForce false; systemd-networkd-wait-online.enable = lib.mkForce false;
clean-keychain = { clean-keychain = {
description = "Clean up .keychain on boot"; description = "Clean up .keychain on boot";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.coreutils-full}/bin/rm -rf /home/don/.keychain"; ExecStart = "${pkgs.coreutils-full}/bin/rm -rf /home/don/.keychain";
@ -24,14 +21,15 @@ in {
services = { services = {
swaylock = { swaylock = {
description = "Screen locker for Wayland"; description = "Screen locker for Wayland";
documentation = ["man:swaylock(1)"]; documentation = [ "man:swaylock(1)" ];
onSuccess = ["unlock.target"]; onSuccess = [ "unlock.target" ];
partOf = ["lock.target"]; partOf = [ "lock.target" ];
before = ["lock.target"]; before = [ "lock.target" ];
wantedBy = ["lock.target"]; wantedBy = [ "lock.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
Environment = "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin"; Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/lock.sh -m"; ExecStart = "/home/don/bin/lock.sh -m";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 0; RestartSec = 0;
@ -48,30 +46,31 @@ in {
${notify-send} --urgency=low --icon=system-reboot "Reboot is needed for a NixOS upgrade." ${notify-send} --urgency=low --icon=system-reboot "Reboot is needed for a NixOS upgrade."
fi fi
''; '';
serviceConfig = {Type = "oneshot";}; serviceConfig = { Type = "oneshot"; };
}; };
check-nic = { check-nic = {
description = "Adjust tailscale MTU based on location"; description = "Adjust tailscale MTU based on location";
unitConfig = {Type = "simple";}; unitConfig = { Type = "simple"; };
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin"; Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/check-nic"; ExecStart = "/home/don/bin/check-nic";
}; };
}; };
}; };
timers = { timers = {
check-nic = { check-nic = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
partOf = ["check-nic.service"]; partOf = [ "check-nic.service" ];
timerConfig = { timerConfig = {
OnCalendar = "1m"; OnCalendar = "1m";
Unit = "check-nic.service"; Unit = "check-nic.service";
}; };
}; };
detect-reboot-for-upgrade = { detect-reboot-for-upgrade = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
partOf = ["detect-reboot-for-upgrade.service"]; partOf = [ "detect-reboot-for-upgrade.service" ];
timerConfig = { timerConfig = {
OnCalendar = "hourly"; OnCalendar = "hourly";
Unit = "detect-reboot-for-upgrade.service"; Unit = "detect-reboot-for-upgrade.service";