Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

All the updates after this mess, should be good now

Browse source
This commit is contained in:
Lillian Violet 2024-05-06 15:55:51 +02:00
parent 28c916d0ef
commit a4f8f48f4b
18 changed files with 532 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/result

45
disko/queen/default.nix Normal file
View file

@ -0,0 +1,45 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
swap = {
size = "16G";
content = {
type = "swap";
resumeDevice = true; # resume from hiberation from this device
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
};
}

78
flake.nix
View file

@ -20,8 +20,12 @@
# catpuccin theme
catppuccin.url = "github:catppuccin/nix";
# catpuccin theme
catppuccin.url = "github:catppuccin/nix";
# Conduit fork without all the fuss and drama
conduit = {
url = "github:girlbossceo/conduwuit";
url = "github:girlbossceo/conduwuit";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -30,6 +34,10 @@
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
# Nix index database files
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
# Secret management with sops
sops-nix.url = "github:Mic92/sops-nix";
@ -61,6 +69,8 @@
zjstatus.url = "github:dj95/zjstatus";
zjstatus.url = "github:dj95/zjstatus";
# Fix for steam cursor not being visible under wayland
# Add any other flake you might need
@ -71,6 +81,10 @@
# url = "github:mindsbackyard/linger-flake";
# inputs.flake-utils.follows = "flake-utils";
# };
# linger = {
# url = "github:mindsbackyard/linger-flake";
# inputs.flake-utils.follows = "flake-utils";
# };
# pihole = {
# url = "github:mindsbackyard/pihole-flake";
@ -78,6 +92,12 @@
# inputs.flake-utils.follows = "flake-utils";
# inputs.linger.follows = "linger";
# };
# pihole = {
# url = "github:mindsbackyard/pihole-flake";
# inputs.nixpkgs.follows = "nixpkgs";
# inputs.flake-utils.follows = "flake-utils";
# inputs.linger.follows = "linger";
# };
};
outputs = {
@ -85,6 +105,7 @@
nixpkgs,
nixos-generators,
catppuccin,
catppuccin,
disko,
home-manager,
sops-nix,
@ -93,10 +114,14 @@
zjstatus,
# linger,
# pihole,
zjstatus,
# linger,
# pihole,
lanzaboote,
jovian,
nixos-hardware,
nix-index-database,
nix-index-database,
conduit,
...
} @ inputs: let
@ -112,6 +137,11 @@
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system:
import ./pkgs (import nixpkgs {
inherit system;
config.allowUnfree = true;
}));
packages = forAllSystems (system:
import ./pkgs (import nixpkgs {
inherit system;
@ -147,11 +177,17 @@
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
@ -168,11 +204,17 @@
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
@ -192,6 +234,12 @@
inputs.catppuccin.homeManagerModules.catppuccin
];
}
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};
@ -207,11 +255,16 @@
jovian.nixosModules.jovian
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
inputs.catppuccin.homeManagerModules.catppuccin
];
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};
@ -227,11 +280,36 @@
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
inputs.catppuccin.homeManagerModules.catppuccin
];
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};
iso_server = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
./nixos/hosts/iso_server/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};

27
home-manager/desktop/default.nix
View file

@ -18,6 +18,7 @@
# ./nvim.nix
./package-configs/plasma-desktop.nix
./package-configs/firefox.nix
./package-configs/konsole
];
nixpkgs = {
# You can add overlays here
@ -44,6 +45,19 @@
customUIColors = {};
});
})
(final: prev: {
catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: {
accent = "mauve";
boldKeywords = true;
italicComments = true;
italicKeywords = true;
extraBordersEnabled = false;
workbenchMode = "default";
bracketMode = "rainbow";
colorOverrides = {};
customUIColors = {};
});
})
];
# Configure your nixpkgs instance
config = {
@ -66,6 +80,7 @@
direnv
git
git-credential-manager
git-credential-manager
ruff
kate
@ -105,8 +120,17 @@
})
catppuccin-sddm-corners
# Theming:
catppuccin-cursors
(catppuccin-kde.override {
flavour = ["macchiato"];
accents = ["mauve"];
})
catppuccin-sddm-corners
# Web browsing:
firefoxpwa
firefoxpwa
ungoogled-chromium
];
@ -114,6 +138,8 @@
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
charliermarsh.ruff
@ -158,6 +184,7 @@
"*.vscode"
".envrc"
"venv"
"venv"
];
};

96
home-manager/desktop/package-configs/konsole/Catppuccin-Macchiato.colorscheme Normal file
View file

@ -0,0 +1,96 @@
[Background]
Color=36,39,58
[BackgroundFaint]
Color=36,39,58
[BackgroundIntense]
Color=36,39,58
[Color0]
Color=110,115,141
[Color0Faint]
Color=110,115,141
[Color0Intense]
Color=110,115,141
[Color1]
Color=237,135,150
[Color1Faint]
Color=237,135,150
[Color1Intense]
Color=237,135,150
[Color2]
Color=166,218,149
[Color2Faint]
Color=166,218,149
[Color2Intense]
Color=166,218,149
[Color3]
Color=238,212,159
[Color3Faint]
Color=238,212,159
[Color3Intense]
Color=238,212,159
[Color4]
Color=138,173,244
[Color4Faint]
Color=138,173,244
[Color4Intense]
Color=138,173,244
[Color5]
Color=198,160,246
[Color5Faint]
Color=198,160,246
[Color5Intense]
Color=198,160,246
[Color6]
Color=137,220,227
[Color6Faint]
Color=137,220,227
[Color6Intense]
Color=137,220,227
[Color7]
Color=202,211,245
[Color7Faint]
Color=202,211,245
[Color7Intense]
Color=202,211,245
[Foreground]
Color=202,211,245
[ForegroundFaint]
Color=202,211,245
[ForegroundIntense]
Color=202,211,245
[General]
Blur=false
ColorRandomization=false
Description=Catppuccin Macchiato
Opacity=1
Wallpaper=

8
home-manager/desktop/package-configs/konsole/Catppuccin.profile Normal file
View file

@ -0,0 +1,8 @@
[Appearance]
ColorScheme=Catppuccin-Macchiato
[General]
Name=Catppuccin
Parent=FALLBACK/
StartInCurrentSessionDir=true
TerminalRows=30

25
home-manager/desktop/package-configs/konsole/default.nix Normal file
View file

@ -0,0 +1,25 @@
{
lib,
pkgs,
inputs,
...
}: {
home.file = {
"profile" = {
source = ./Catppuccin.profile;
target = ".local/share/konsole/Catppuccin.profile";
};
};
home.file = {
"colorscheme" = {
source = ./Catppuccin-Macchiato.colorscheme;
target = ".local/share/konsole/Catppuccin-Macchiato.colorscheme";
};
};
home.file = {
"konsolerc" = {
source = ./konsolerc;
target = ".config/konsolerc";
};
};
}

15
home-manager/desktop/package-configs/konsole/konsolerc Normal file
View file

@ -0,0 +1,15 @@
[Desktop Entry]
DefaultProfile=Catppuccin.profile
[General]
ConfigVersion=1
[MainWindow]
1920x1080 screen: Height=524
1920x1080 screen: Width=911
RestorePositionForNextInstance=false
State=AAAA/wAAAAD9AAAAAQAAAAAAAAAAAAAAAPwCAAAAAvsAAAAcAFMAUwBIAE0AYQBuAGEAZwBlAHIARABvAGMAawAAAAAA/////wAAAREA////+wAAACIAUQB1AGkAYwBrAEMAbwBtAG0AYQBuAGQAcwBEAG8AYwBrAAAAAAD/////AAABcgD///8AAAOPAAAB3gAAAAQAAAAEAAAACAAAAAj8AAAAAQAAAAIAAAACAAAAFgBtAGEAaQBuAFQAbwBvAGwAQgBhAHIBAAAAAP////8AAAAAAAAAAAAAABwAcwBlAHMAcwBpAG8AbgBUAG8AbwBsAGIAYQByAQAAAOj/////AAAAAAAAAAA=
ToolBarsMovable=Disabled
[UiSettings]
ColorScheme=

13
home-manager/hosts/iso_server/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
./lillian.nix
];
}

29
home-manager/hosts/iso_server/lillian.nix Normal file
View file

@ -0,0 +1,29 @@
# This is your home-manager configuration file
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../shared
];
home.packages = with pkgs; [
];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "24.05";
}

127
nixos/hosts/iso_server/configuration.nix Normal file
View file

@ -0,0 +1,127 @@
{
inputs,
outputs,
lib,
config,
pkgs,
nixpkgs-stable,
...
}: {
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# outputs.nixosModules.contabo.wan
inputs.home-manager.nixosModules.home-manager
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.defaults
# Import shared settings
../../shared
];
programs.command-not-found.enable = lib.mkForce false;
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.domain = "";
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
nixpkgs = {
# You can add overlays here
overlays = [
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
# Custom tools
dvd
dvt
servo
restart
install-nix
# System tools
aha
direnv
efitools
git-filter-repo
gnupg
pciutils
sbctl
tpm2-tools
tpm2-tss
zsh
];
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.git = {
enable = true;
};
programs.direnv = {
enable = true;
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
# kde power settings do not turn off screen
systemd = {
services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"];
targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
};
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/iso_server;
};
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "unstable";
}

21
nixos/hosts/iso_server/secrets/sops.yaml Normal file
View file

@ -0,0 +1,21 @@
lillian-password: ENC[AES256_GCM,data:kDP9LpmtLR2UEjCY0kgcdHmYAYLipOd/9I3NuiRHzLDhCX44M5QGfbQrle7bi9EOVD4eNB3uNtk+oBClr7cc21E9YtMIp5vg2g==,iv:EWB/hMRtWZfEn48Qmjo/V30BtSLrOsmo/cuEKnfW6Wk=,tag:vjiOkVga18BLKjf3GnZM2Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTFI5MDRiUkp1TGF2eHlG
VmwyVEdXQVR4dFJaZTNxeTRXQXZNbkN6T1dRClZyMU1LbFFmY0RwK1pmNDNWY0hW
bUJGYXI5ZEFIdDhUak1kMzF1WTE2SGsKLS0tIHpUQUVEWml1a251RmhQSGt1dm5E
a1hsN3NaVzNvRXlwcEpPd0RVQndiZk0KJ7/cnWzw1zSmgn+bOJn4Y1xRHqlk+zRM
Om0p+V9tUCCS5yGzacp8pFCa2DQNj0OVdyB2ZpjAiOzK7vWY8EU5XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-03T14:29:41Z"
mac: ENC[AES256_GCM,data:ezq0K/lFSNSog0UzvsVNNpCewzBKmKJdsXlkWzZ8nhXN7/1lHeoONQnoEooNhNhpmFF1yCvcArZ6Suy7+R4UuybKBky+6r62fyz0BKrAO9y0Xb/HFiAJPAYwP7/5sRFq/jDdtMAbjLxJhoH128md5LoHXhUUc3sws/SIQvdan4I=,iv:/IxAO3rw4lc8ZzDWUtfJb3siGCtzCxid5NfhEnad01Q=,tag:IRg7LV7hnFmWl5WhWD2ZSg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

51
nixos/hosts/queen/configuration.nix
View file

@ -24,6 +24,9 @@
# Import server settings
../../server
# Import disko
# ../../../disko/queen
];
boot.tmp.cleanOnBoot = true;
@ -87,34 +90,34 @@
];
# Create an auto-update systemd service that runs every day
system.autoUpgrade = {
flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
dates = "daily";
enable = true;
};
# system.autoUpgrade = {
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
# dates = "daily";
# enable = true;
# };
systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# Enable networking
networking.networkmanager.enable = true;
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "ens18";
networking.enableIPv6 = lib.mkForce true;
networking.nameservers = ["79.143.183.251" "79.143.183.252" "2a02:c207::1:53" "2a02:c207::2:53"];
# networking.networkmanager.enable = true;
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
# networking.enableIPv6 = lib.mkForce true;
# networking.nameservers = ["79.143.183.251" "79.143.183.252" "2a02:c207::1:53" "2a02:c207::2:53"];
networking.interfaces.ens18.ipv4.addresses = [
{
address = "62.171.160.195";
prefixLength = 32;
}
];
# networking.interfaces.ens18.ipv4.addresses = [
# {
# address = "62.171.160.195";
# prefixLength = 32;
# }
# ];
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
];
# networking.interfaces.ens18.ipv6.addresses = [
# {
# address = "2a02:c207:2063:2448::1";
# prefixLength = 64;
# }
# ];
# Open ports in the firewall.
networking.firewall = {

17
nixos/hosts/queen/hardware-configuration.nix
View file

@ -7,12 +7,21 @@
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = ["nvme"];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true;
fileSystems."/" = {
device = "/dev/sda3";
device = "/dev/disk/by-uuid/dc10d09c-9394-4854-acd5-93ceccd2f448";
fsType = "ext4";
};
swapDevices = [{device = "/dev/sda2";}];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/nix/store" = {
device = "/nix/store";
fsType = "none";
options = ["bind"];
};
swapDevices = [];
}

6
pkgs/install-nix-no-inhibit/default.nix
View file

@ -3,6 +3,8 @@
stdenv,
git,
gum,
git,
gum,
writeShellApplication,
}:
writeShellApplication
@ -16,7 +18,7 @@ writeShellApplication
set -e
pushd /tmp > /dev/null
rm -rf ./install-nix
git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./install-nix
git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./install-nix
pushd ./install-nix/nixos/hosts > /dev/null
echo "Please choose the hostname you are installing to from the following list:"
i=1
@ -39,9 +41,11 @@ writeShellApplication
"./disko/''${dir}/default.nix"
echo "NixOS Installing..."
sudo nixos-install --flake .#"''${dir}"
sudo nixos-install --flake .#"''${dir}"
popd > /dev/null
echo "Cleaning up repository in '/tmp/install-nix'..."
rm -rf ./install-nix
rm -rf ./install-nix
popd > /dev/null
echo "NixOS Install Succeeded!"
'';

2
pkgs/rebuild-no-inhibit/default.nix
View file

@ -15,7 +15,7 @@ writeShellApplication
set -e
pushd /tmp > /dev/null
rm -rf ./rebuild
git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./rebuild
git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./rebuild
pushd ./rebuild > /dev/null
echo "NixOS Rebuilding..."
sudo nixos-rebuild switch --flake .#

2
pkgs/update/default.nix
View file

@ -14,7 +14,7 @@ writeShellApplication
set -e
pushd /tmp > /dev/null
rm -rf ./update
git clone forgejo@git.lillianviolet.dev:Lillian-Violet/NixOS-Config.git ./update
git clone git@codeberg.org:Lillian-Violet/NixOS-Config.git ./update
pushd ./update > /dev/null
echo "Updating flake lock..."
nix flake update

1
result
View file

@ -1 +0,0 @@
/nix/store/a9kdf62qv1r5s0nb40a1ij9lm2vsh418-nixos-24.05.20240319.b06025f-x86_64-linux.iso