diff --git a/.sops.yaml b/.sops.yaml index b7b6799..e7562a3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ # This example uses YAML anchors which allows reuse of multiple keys # without having to repeat yourself. -# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml +# Also see https://github.com/Mic92/dotfiles/blob/main/nixos/.sops.yaml # for a more complex example. keys: - &admin_lillian age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz @@ -9,5 +9,5 @@ creation_rules: key_groups: - age: - *admin_lillian -#Run the following command to create EDI-Lillian.yaml in the secrets folder: +# Run the following command to create EDI-Lillian.yaml in the secrets folder: # nix-shell -p sops --run "sops secrets/EDI-Lillian.yaml" \ No newline at end of file diff --git a/README.md b/README.md index 99e42c4..5dfb5df 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,44 @@ +Original source: https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config + # NixOS-Config -My NixOS configuration for my different hosts. \ No newline at end of file +The configuration of different NixOS hosts using flakes and home-manager. It is assumed you have already installed NixOS and git to your system (note: git is not installed by default with the NixOS image, you can grab it with ``nix-shell -p git``), this configuration does not have image artifacts nor can it create them. + +## Building and deploying the configuration + +The first step is to add your age keyfile to the /nix/var/secrets folder with the name "keys.txt" (if you don't have one, remove the imports from the configuration files; the import can be found under +``hosts//configuration.nix``). + +Then run this command within your cloned github repo (I put mine in /etc/nixos): + +``sudo nixos-rebuild --flake .# switch`` + +This should rebuild the OS with all programs and settings defined as in the configuration. + +## Updating the flake lock + +In order to have updated packages you will have to update the flake.lock file, this can be done by running the following command in the repository: + +``nix flake update`` + +Please note that you should commit and push after you do this. It is therefore advisable to do this not in your deployment directory, but your local dev environment. Not commiting the files will dirty your git history, which can have unintended consequences as nix flakes work via git. + +## Testing the evaluation + +To test if your build succeeds the basic checks and can start building the artifacts, you can run the following command: + +``nix flake check`` + +Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run) + +## Technical details + +### Home manager +Home manager is imported as a module within the global configuration, it is therefor not needed to build home-manager packages separately in this configuration. On multi user systems it might be useful to pull the home-manager configurations from separate repos for different users, so you don't have to give your users access to the global configuration. + +### Sops +The secrets are managed in sops files within the hosts folders, there is only one sops file per host, but this can be changed quite easily. The command to edit the sops file is as follows: + +``nix-shell -p sops --run "sops ./nixos/hosts//secrets/sops.yaml"`` + +This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. \ No newline at end of file diff --git a/disko/EDI/configuration.nix b/disko/EDI/configuration.nix new file mode 100644 index 0000000..e240d0d --- /dev/null +++ b/disko/EDI/configuration.nix @@ -0,0 +1,60 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + encryptedSwap = { + size = "20M"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + plainSwap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; # resume from hiberation from this device + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { + type = "filesystem"; + format = "bcachefs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 31906c6..eefcd59 100644 --- a/flake.lock +++ b/flake.lock @@ -16,17 +16,38 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706473964, + "narHash": "sha256-Fq6xleee/TsX6NbtoRuI96bBuDHMU57PrcK9z1QEKbk=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c798790eabec3e3da48190ae3698ac227aab770c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "extest": { "inputs": { "extest": "extest_2", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1701241962, - "narHash": "sha256-zY2MbHEMmGjPObG73aOEGqXxEJTveItYKV8cFL50XnQ=", + "lastModified": 1706332837, + "narHash": "sha256-6jwCjD6hLVRkPHyl/2K+5ZEoQV3C5BgWlDroUx/9ru8=", "owner": "chaorace", "repo": "extest-nix", - "rev": "e0c93df813a594a0cd883f6bdd01ec44149206fa", + "rev": "a9dbc41a7ba6723d8598cd699bbb163630b646b3", "type": "github" }, "original": { @@ -52,6 +73,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -67,6 +104,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -85,6 +143,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -92,11 +190,11 @@ ] }, "locked": { - "lastModified": 1704980804, - "narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=", + "lastModified": 1706435589, + "narHash": "sha256-yhEYJxMv5BkfmUuNe4QELKo+V5eq1pwhtVs6kEziHfE=", "owner": "nix-community", "repo": "home-manager", - "rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd", + "rev": "4d54c29bce71f8c261513e0662cc573d30f3e33e", "type": "github" }, "original": { @@ -112,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1704665257, - "narHash": "sha256-Cycz00I26e8QZ9sZtCz0uIz6Cad5ld3zM7N2I+5beqI=", + "lastModified": 1705667791, + "narHash": "sha256-J0JYfA6eFdHluLnROVDkrqbYacWcJXYKXeJAFayDiAE=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8951673c6c216ddd6bac3db3e88e3f2281b3511a", + "rev": "330b7a78fcba967f2273ae71fb3c4bfb03b5dd21", "type": "github" }, "original": { @@ -125,6 +223,30 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1706522979, + "narHash": "sha256-2wP2qEFVoZ9q8C9MZdAwXPKDkIIQiEwUzuzCxVKafDc=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "c42edac7eb881315bb2a8dfd5190c8c87b91e084", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, "linger": { "inputs": { "flake-utils": [ @@ -169,11 +291,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704842529, - "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", + "lastModified": 1706367331, + "narHash": "sha256-AqgkGHRrI6h/8FWuVbnkfFmXr4Bqsr4fV23aISqj/xg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", + "rev": "160b762eda6d139ac10ae081f8f78d640dd523eb", "type": "github" }, "original": { @@ -183,28 +305,13 @@ "type": "github" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -213,13 +320,44 @@ "type": "indirect" } }, - "nixpkgs-stable": { + "nixpkgs-23_11": { "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", "type": "github" }, "original": { @@ -231,11 +369,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1706191920, + "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", "type": "github" }, "original": { @@ -247,11 +385,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1705133751, + "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", "type": "github" }, "original": { @@ -263,11 +401,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1706370590, + "narHash": "sha256-vq8hTMHsmPkBDaLR2i3m2nSmFObWmo7YwK51KQdI6RY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3fb3707af869e32b0ad0676f589b16cc7711a376", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1706191920, + "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", "type": "github" }, "original": { @@ -277,13 +431,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -292,13 +446,13 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1704161960, - "narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=", + "lastModified": 1706173671, + "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63143ac2c9186be6d9da6035fa22620018c85932", + "rev": "4fddc9be4eaf195d631333908f2a454b03628ee5", "type": "github" }, "original": { @@ -344,11 +498,11 @@ ] }, "locked": { - "lastModified": 1705257805, - "narHash": "sha256-hx88TjxRWR9hEYrePm2aR/rKAu4VFx4irgN7AofE0Wg=", + "lastModified": 1706365059, + "narHash": "sha256-2+M4vliRmSHQwGb1q1krg5lWKYiX7rF/B9GF4AlzXW4=", "owner": "pjones", "repo": "plasma-manager", - "rev": "87ca0e29c6fccfb7f09be6ff137716db5a7c8d8f", + "rev": "64f31bc95c22b04896111e4c9921d3e1122c0a92", "type": "github" }, "original": { @@ -357,14 +511,46 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1706424699, + "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "extest": "extest", "flake-utils": "flake-utils", "home-manager": "home-manager", "jovian": "jovian", + "lanzaboote": "lanzaboote", "linger": "linger", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-unstable": "nixpkgs-unstable", "pihole": "pihole", "plasma-manager": "plasma-manager", @@ -372,21 +558,46 @@ "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706494265, + "narHash": "sha256-4ilEUJEwNaY9r/8BpL3VmZiaGber0j09lvvx0e/bosA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "246ba7102553851af60e0382f558f6bc5f63fa13", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_4", - "nixpkgs-22_11": "nixpkgs-22_11", + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5", "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" }, "locked": { - "lastModified": 1703666786, - "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", "type": "gitlab" }, "original": { @@ -398,15 +609,15 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1704908274, - "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", + "lastModified": 1706410821, + "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", + "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef", "type": "github" }, "original": { @@ -430,6 +641,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1605370193, diff --git a/flake.nix b/flake.nix index 3b565c4..ed6a712 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,10 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. + # Lanzaboot (secure boot) + lanzaboote.url = "github:nix-community/lanzaboote"; + + # Jovian nixos (steam deck) jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; # Home manager @@ -47,6 +51,7 @@ plasma-manager, linger, pihole, + lanzaboote, ... } @ inputs: let inherit (self) outputs; @@ -79,6 +84,7 @@ # > Our main nixos configuration file < ./nixos/hosts/EDI/configuration.nix sops-nix.nixosModules.sops + lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager { home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; @@ -95,6 +101,7 @@ # > Our main nixos configuration file < ./nixos/hosts/GLaDOS/configuration.nix sops-nix.nixosModules.sops + #lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager { home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index 4d896bc..5f3920c 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -51,6 +51,7 @@ # Coding: direnv git + ruff kate # Chat applications: @@ -99,11 +100,13 @@ extensions = with pkgs.vscode-extensions; [ arrterian.nix-env-selector #ban.spellright + #charliermarsh.ruff dracula-theme.theme-dracula eamodio.gitlens github.vscode-pull-request-github jnoortheen.nix-ide kamadorueda.alejandra + mkhl.direnv ms-toolsai.jupyter ms-pyright.pyright ms-python.black-formatter @@ -128,6 +131,10 @@ defaultBranch = "main"; }; }; + ignores = [ + "*.direnv" + "*.vscode" + ]; }; # Nicely reload system units when changing configs diff --git a/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix b/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix index a193e98..d065b77 100644 --- a/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix +++ b/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix @@ -258,6 +258,7 @@ "dolphinrc"."ExtractDialog"."1536x864 screen: Height" = 560; "dolphinrc"."ExtractDialog"."1536x864 screen: Width" = 1024; "dolphinrc"."ExtractDialog"."DirHistory[$e]" = "/home/"; + "dolphinrc"."IconsMode"."PreviewSize" = 80; "dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false; "dolphinrc"."KFileDialog Settings"."Places Icons Static Size" = 22; "dolphinrc"."KFileDialog Settings"."detailViewIconSize" = 16; @@ -270,6 +271,7 @@ "kded5rc"."Module-browserintegrationreminder"."autoload" = false; "kded5rc"."Module-device_automounter"."autoload" = false; "kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1; + "kdeglobals"."General"."AllowKDEAppsToRememberWindowPositions" = true; "kdeglobals"."General"."BrowserApplication" = "firefox.desktop"; "kdeglobals"."KDE"."AnimationDurationFactor" = 0.7071067811865475; "kdeglobals"."KDE"."SingleClick" = false; @@ -590,7 +592,7 @@ "khotkeysrc"."Data_3Conditions0"."Type" = "ACTIVE_WINDOW"; "khotkeysrc"."Data_3Conditions0Window"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window"."WindowsCount" = 1; - "khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konqueror\s"; + "khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konquerors"; "khotkeysrc"."Data_3Conditions0Window0"."ClassType" = 3; "khotkeysrc"."Data_3Conditions0Window0"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window0"."Role" = "konqueror-mainwindow#1"; @@ -799,6 +801,7 @@ "khotkeysrc"."Data_3_9Triggers"."TriggersCount" = 1; "khotkeysrc"."Data_3_9Triggers0"."GesturePointData" = "0,0.0625,-0.5,0.5,1,0.0625,0.0625,-0.5,0.5,0.875,0.125,0.0625,-0.5,0.5,0.75,0.1875,0.0625,-0.5,0.5,0.625,0.25,0.0625,-0.5,0.5,0.5,0.3125,0.0625,-0.5,0.5,0.375,0.375,0.0625,-0.5,0.5,0.25,0.4375,0.0625,-0.5,0.5,0.125,0.5,0.0625,0.5,0.5,0,0.5625,0.0625,0.5,0.5,0.125,0.625,0.0625,0.5,0.5,0.25,0.6875,0.0625,0.5,0.5,0.375,0.75,0.0625,0.5,0.5,0.5,0.8125,0.0625,0.5,0.5,0.625,0.875,0.0625,0.5,0.5,0.75,0.9375,0.0625,0.5,0.5,0.875,1,0,0,0.5,1"; "khotkeysrc"."Data_3_9Triggers0"."Type" = "GESTURE"; + "khotkeysrc"."General"."AllowKDEAppsToRememberWindowPositions[$d]" = ""; "khotkeysrc"."General"."BrowserApplication[$d]" = ""; "khotkeysrc"."General"."ColorSchemeHash[$d]" = ""; "khotkeysrc"."General"."ColorScheme[$d]" = ""; diff --git a/home-manager/package-configs/zsh.nix b/home-manager/package-configs/zsh.nix index 3a4cfd8..e86be66 100644 --- a/home-manager/package-configs/zsh.nix +++ b/home-manager/package-configs/zsh.nix @@ -6,6 +6,11 @@ pkgs, ... }: { + # Enable starship + programs.starship = { + enable = true; + }; + programs.zsh = { enable = true; plugins = [ diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 090719f..fb02a9d 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -9,7 +9,11 @@ ... }: { imports = [ + # Import locale settings ../shared/locale/configuration.nix + + # Import shared packages + ../shared/packages/configuration.nix ]; nixpkgs = { # You can add overlays here @@ -17,7 +21,7 @@ # Add overlays your own flake exports (from overlays and pkgs dir): outputs.overlays.additions outputs.overlays.modifications - outputs.overlays.unstable-packages + #outputs.overlays.unstable-packages # You can also add overlays exported from other flakes: # neovim-nightly-overlay.overlays.default @@ -64,18 +68,14 @@ dvt # System tools - age - alejandra direnv docker docker-compose git-filter-repo - home-manager - htop - oh-my-zsh pciutils - rsync - wget + waydroid + xwaylandvideobridge + yubikey-personalization zsh # KDE/QT @@ -90,15 +90,12 @@ libsForQt5.packagekit-qt libportal-qt5 - # System libraries - noto-fonts - noto-fonts-emoji-blob-bin - noto-fonts-emoji - # User tools noisetorch ]; + virtualisation.waydroid.enable = false; + programs.direnv = { enable = true; }; @@ -164,10 +161,6 @@ enable = true; }; - boot.loader.systemd-boot.enable = true; - boot.loader.systemd-boot.configurationLimit = 3; - boot.loader.efi.canTouchEfiVariables = true; - users.users = { lillian = { isNormalUser = true; diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 8f8eea4..1272719 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -38,6 +38,16 @@ networking.hostName = "EDI"; + boot.bootspec.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.supportedFilesystems = ["bcachefs"]; + boot = { + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; # Enable bluetooth hardware hardware.bluetooth.enable = true; diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 2dc46a9..ad2bffb 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -12,23 +12,30 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = 1; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; fileSystems."/" = { - device = "/dev/disk/by-uuid/f930d7c6-2798-4e25-abc1-81d02e9abf35"; - fsType = "ext4"; + device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; + fsType = "bcachefs"; }; + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; + fileSystems."/boot" = { - device = "/dev/disk/by-uuid/42ED-068B"; + device = "/dev/disk/by-uuid/01B2-909E"; fsType = "vfat"; + options = ["fmask=0077" "dmask=0077" "defaults"]; }; - swapDevices = []; + swapDevices = [ + { + device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2"; + randomEncryption.enable = true; + } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -39,6 +46,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index 730f894..d42cb1c 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -28,6 +28,12 @@ ./hardware-configuration.nix ]; + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.configurationLimit = 3; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = ["bcachefs"]; + boot.kernelPackages = pkgs.linuxPackages_latest; + home-manager = { extraSpecialArgs = {inherit inputs outputs;}; users = { diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index c328563..bdd26b5 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -21,6 +21,9 @@ # Import locale settings ../../shared/locale/configuration.nix + # Import shared packages + ../../shared/packages/configuration.nix + #../../server/package-configs/akkoma/configuration.nix ../../server/package-configs/forgejo/configuration.nix ../../server/package-configs/gotosocial/configuration.nix @@ -88,12 +91,10 @@ environment.systemPackages = with pkgs; [ akkoma - age fzf matrix-conduit docker docker-compose - git gitea gotosocial alejandra @@ -101,22 +102,14 @@ imagemagick ffmpeg aria2 - git-filter-repo - home-manager - htop jellyfin jellyfin-web jellyfin-ffmpeg nextcloud28 nginx - noto-fonts - noto-fonts-emoji-blob-bin - noto-fonts-emoji - oh-my-zsh onlyoffice-documentserver postgresql_16 python3 - rsync rabbitmq-server roundcube roundcubePlugins.contextmenu @@ -125,8 +118,6 @@ roundcubePlugins.persistent_login roundcubePlugins.thunderbird_labels youtube-dl - wget - zsh ]; # Enable networking diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 047f261..5d26cea 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -14,7 +14,12 @@ ./armv7l.nix ./hardware-configuration.nix + + # Import locale settings ../../shared/locale/configuration.nix + + # Import shared packages + ../../shared/packages/configuration.nix ]; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/nixos/server/package-configs/mail-server/configuration.nix b/nixos/server/package-configs/mail-server/configuration.nix index 144ac7d..e43a5c6 100644 --- a/nixos/server/package-configs/mail-server/configuration.nix +++ b/nixos/server/package-configs/mail-server/configuration.nix @@ -9,6 +9,9 @@ sops.secrets."mailpass".mode = "0440"; sops.secrets."mailpass".owner = config.users.users.virtualMail.name; + #Fix for the dovecot update + services.dovecot2.sieve.extensions = ["fileinto"]; + mailserver = { enable = true; enableImap = true; @@ -85,6 +88,7 @@ "mail.lillianviolet.dev" "pop3.lillianviolet.dev" "lillianviolet.dev" + "mail.gladtherescake.eu" ]; }; } diff --git a/nixos/shared/packages/configuration.nix b/nixos/shared/packages/configuration.nix new file mode 100644 index 0000000..d16f35f --- /dev/null +++ b/nixos/shared/packages/configuration.nix @@ -0,0 +1,29 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + # System tools + age + alejandra + git + git-filter-repo + home-manager + htop + neofetch + oh-my-zsh + rsync + spacevim + wget + zsh + + # System libraries + noto-fonts + noto-fonts-emoji-blob-bin + noto-fonts-emoji + ]; +}