Full rewrite

.gitignore

@@ -0,0 +1,5 @@
+# Backup files I sometimes keep for references
+*.bak
+
+# Personal TODO file
+TODO

README.md

@@ -0,0 +1,18 @@
+# NixDots
+
+My NixOS and home-manager flake
+
+## Structure
+
+- [`flake.nix`](./flake.nix): Starting point of the configuration, declaring entrypoints.
+- [`guides`](./guides/): Some simple documentation to help me (and maybe others) understand NixOS.
+- [`system`](./system/): Basic core configurations for the system itself.
+- [`options`](./options/): Declaration of the configurable options, that should be set by the individual machines.
+- [`hosts`](./hosts): Configuration of the individual hosts/computers
+
+## Inspiration
+
+This configuration was massively inspired by the following amazing projects:
+
+- <https://git.jacekpoz.pl/jacekpoz/niksos>
+- <https://git.notashelf.dev/NotAShelf/nyx/>

guides/installation.md

@@ -77,7 +77,6 @@ Create a very basic `./flake.nix`:
     description = "ItsDrike's NixOS configuration";
 
     inputs = {
-      # the version here should match your system.stateVersion in configuration.nix
       nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
     };
 
@@ -153,3 +152,42 @@ nixos-rebuild switch --flake .
 
 > [!TIP]
 > This replaces the legacy (non-flake) regime's command: `nixos-rebuild switch --upgrade`
+
+## Home-Manager
+
+Home-Manager is a way to bring nix features to your home directory. It allows
+you to version and manage your configuration files that usually live in your
+home directories, like `~/.config` with the usual nix tooling. This can help
+you achieve full reproducibility for the user side, not just the system side.
+
+First, let's add home-manager as an input to our flake:
+
+```nix
+home-manager = {
+  url = "github:nix-community/home-manager";
+  inputs.nixpkgs.follows = "nixpkgs";
+};
+```
+
+```nix
+{
+    description = "ItsDrike's NixOS configuration";
+
+    inputs = {
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+      home-manager = {
+        url = "github:nix-community/home-manager";
+        inputs.nixpkgs.follows = "nixpkgs";
+      };
+    };
+
+    outputs = { self, nixpkgs, ...} @ inputs: {
+        nixosConfigurations = {
+            nixos = nixpkgs.lib.nixosSystem {
+                system = "x86_64-linux";
+                modules = [ ./configuration.nix ];
+            };
+        };
+    };
+}
+```

hosts/default.nix

@@ -6,10 +6,7 @@ in {
     modules = [
       ./vbox_nix
       ../system
-      ../system/options/systemd-boot.nix
-      ../system/options/cachix.nix
-      ../system/options/oomd.nix
-      ../modules/services/ssh.nix
+      ../options
       inputs.home-manager.nixosModules.home-manager
     ];
   };

hosts/vbox_nix/default.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, ...}:
+{ lib, pkgs, ... }:
 {
   imports = [ ./hardware-configuration.nix ];
 
@@ -13,10 +13,18 @@
     udisks2.enable = true;
   };
 
-  networking.hostName = "vboxnix";
-
   # NixOS release from which this machine was first installed.
   # (for stateful data, like file locations and db versions)
   # Leave this alone!
   system.stateVersion = lib.mkForce "23.11";
+
+  myOptions = {
+    system = {
+      hostname = "vboxnix";
+      username = "itsdrike";
+    };
+    device = {
+      cpu.type = "vm-amd";
+    };
+  };
 }

options/default.nix

@@ -0,0 +1,6 @@
+_: {
+  imports = [
+    ./device
+    ./system.nix
+  ];
+}

options/device/default.nix

@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ./hardware.nix
+  ];
+}

options/device/hardware.nix

@@ -0,0 +1,16 @@
+{ lib, ... }: with lib; let
+in
+{
+  options.myOptions.device = {
+    cpu.type = mkOption {
+      type = with types; nullOr (enum [ "intel" "vm-intel" "amd" "vm-amd" ]);
+      default = null;
+      description = ''
+        The manifaturer/type of the primary system CPU.
+
+        Determines which ucode services will be enabled and provides additional kernel packages.
+        If running in a virtual machine with forwarded/shared cores, use the `vm-` prefix.
+      '';
+    };
+  };
+}

options/system.nix

@@ -0,0 +1,15 @@
+{ lib, ... }: with lib; let
+in
+{
+  options.myOptions.system = {
+    hostname = mkOption {
+      description = "hostname for this system";
+      type = types.str;
+    };
+
+    username = mkOption {
+      description = "username for the primary admin account for this system";
+      type = types.str;
+    };
+  };
+}

system/boot/default.nix

@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ./systemd-boot.nix
+  ];
+}

system/boot/systemd-boot.nix

@@ -0,0 +1,11 @@
+_: {
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      memtest86.enable = true;
+      editor = true;
+    };
+    efi.canTouchEfiVariables = true;
+    timeout = 3;
+  };
+}

system/default.nix

@@ -1,13 +1,12 @@
-{lib, ...}:
-{
-    imports = [
-        ./network.nix
-        ./users.nix
-        ./nix.nix
-        ./packages.nix
-    ];
-
-    # Internationalisation properties
-    time.timeZone = "CET";
-    i18n.defaultLocale = "en_US.UTF-8";
+_: {
+  imports = [
+    ./hardware
+    ./boot
+    ./services
+    ./programs
+    ./system.nix
+    ./nix.nix
+    ./network.nix
+    ./localisation.nix
+  ];
 }

system/hardware/cpu/amd.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  dev = config.myOptions.device;
+in
+{
+  config = lib.mkIf (builtins.elem dev.cpu.type [ "amd" "vm-amd" ]) {
+    hardware.cpu.amd.updateMicrocode = true;
+  };
+}

system/hardware/cpu/default.nix

@@ -0,0 +1,6 @@
+_: {
+  imports = [
+    ./amd.nix
+    ./intel.nix
+  ];
+}

system/hardware/cpu/intel.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  dev = config.myOptions.device;
+in
+{
+  config = lib.mkIf (builtins.elem dev.cpu.type [ "intel" "vm-intel" ]) {
+    hardware.cpu.intel.updateMicrocode = true;
+  };
+}

system/hardware/default.nix

@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ./cpu
+  ];
+}

system/localisation.nix

@@ -0,0 +1,4 @@
+_: {
+  time.timeZone = "CET";
+  i18n.defaultLocale = "en_US.UTF-8";
+}

system/nix.nix

@@ -1,5 +1,7 @@
 {pkgs, ...}:
 {
+  system.autoUpgrade.enable = false;
+
   nix = {
     settings = {
       # nix often takes up a lot of space, with /nix/store growing beyond reasonable sizes
@@ -8,6 +10,10 @@
       auto-optimise-store = true;
       # enable flakes support
       experimental-features = [ "nix-command" "flakes" ];
+
+      # Keep all dependencies used to build
+      keep-outputs = true;
+      keep-derivations = true;
     };
 
     # Enable automatic garbage collection, deleting entries older than 14 days
@@ -31,5 +37,5 @@
   nixpkgs.config.allowUnfree = true;
 
   # Git is needed for flakes
-  environment.systemPackages = with pkgs; [git];
+  environment.systemPackages = [pkgs.git];
 }

system/options/cachix.nix

@@ -1,14 +0,0 @@
-_: {
-  nix.settings = {
-    substituters = [
-        "https://nix-community.cachix.org"
-        "https://nixpkgs-wayland.cachix.org"
-        "https://viperml.cachix.org"
-    ];
-    trusted-public-keys = [
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
-        "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
-    ];
-  };
-}

system/options/oomd.nix

@@ -1,9 +0,0 @@
-_: {
-    systemd.oomd = {
-        enable = true;
-        enableSystemSlice = true;
-        enableRootSlice = true;
-        enableUserSlices = true;
-    };
-}
-

system/options/systemd-boot.nix

@@ -1,12 +0,0 @@
-_: {
-    boot.loader = {
-        systemd-boot = {
-            enable = true;
-            memtest86.enable = true;
-            editor = true;
-        };
-        efi.canTouchEfiVariables = true;
-        timeout = 3;
-    };
-}
-

system/packages.nix

@@ -1,9 +0,0 @@
-{pkgs, ...}:
-{
-  # Basic list of must-have packages for all systems
-  environment.systemPackages = with pkgs; [
-    vim
-    gnupg
-    delta
-  ];
-}

system/programs/default.nix

@@ -0,0 +1,14 @@
+{ pkgs, lib, ... }: {
+  imports = [
+    ./nano.nix
+  ];
+
+  # Basic list of must-have packages for all systems
+  # TODO: Move these to home-manager, no need for system wide deps
+  # although maybe keep vim
+  environment.systemPackages = with pkgs; [
+    vim
+    gnupg
+    delta
+  ];
+}

system/programs/nano.nix

@@ -0,0 +1,49 @@
+{ pkgs, ... }: {
+  programs.nano = {
+    # enabled by default anyway, we can keep it in case my neovim config breaks
+    enable = true;
+    nanorc = ''
+      include ${pkgs.nanorc}/share/*.nanorc # extended syntax highlighting
+
+      # Options
+      # https://github.com/davidhcefx/Modern-Nano-Keybindings
+      set tabsize 4
+      set tabstospaces
+      set linenumbers
+      set numbercolor yellow,normal
+      set indicator                         # side-bar for indicating cur position
+      set smarthome                         # `Home` jumps to line start first
+      set afterends                         # `Ctrl+Right` move to word ends instead of word starts
+      set wordchars "_"                     # recognize '_' as part of a word
+      set zap                               # delete selected text as a whole
+      set historylog                        # remember search history
+      set multibuffer                       # read files into multibuffer instead of insert
+      set mouse                             # enable mouse support
+      bind M-R  redo            main
+      bind ^C   copy            main
+      bind ^X   cut             main
+      bind ^V   paste           main
+      bind ^K   zap             main
+      bind ^H   chopwordleft    all
+      bind ^Q   exit            all
+      bind ^Z   suspend         main
+      bind M-/  comment         main
+      bind ^Space complete      main
+
+      bind M-C  location        main
+      bind ^E   wherewas        all
+      bind M-E  findprevious    all
+      bind ^R   replace         main
+      bind ^B   pageup          all         # vim-like support
+      bind ^F   pagedown        all
+      bind ^G   firstline       all
+      bind M-G  lastline        all
+
+      bind M-1    help          all         # fix ^G been used
+      bind Sh-M-C constantshow  main        # fix M-C, M-F and M-b been used
+      bind Sh-M-F formatter     main
+      bind Sh-M-B linter        main
+    '';
+  };
+}
+

system/services/default.nix

@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ./ssh.nix
+  ];
+}

system/services/oomd.nix

@@ -0,0 +1,20 @@
+{ lib, ... }: {
+  systemd = {
+    # OOMd: Out Of Memory daemon
+    # By default, this will only kill cgroups. So either systemd services
+    # marked for killing uder OOM or (non-default, but enabled here) the entire user slice.
+    oomd = {
+      enable = true;
+      enableSystemSlice = true;
+      enableRootSlice = true;
+      enableUserSlices = true;
+      extraConfig = {
+        "DefaultMemoryPressureDurationSec" = "20s";
+      };
+    };
+
+    # Make nix builds more likely to get killed than other important services.
+    # The default for user slices is 100, and systemd-coredumpd is 500
+    services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 350;
+  };
+}

system/services/ssh.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }: {
+  # TODO: This really shouldn't be a default service in system/
   services.openssh = {
     enable = true;
     settings = {
@@ -8,3 +9,4 @@
     };
   };
 }
+

system/system.nix

@@ -0,0 +1,20 @@
+{ config, lib, ... }: with lib; let
+  cfg = config.myOptions.system;
+in
+{
+  networking.hostName = cfg.hostname;
+
+  users = {
+    # Prevent mutating users outside of our configurations.
+    # TODO: Solve this, currentry it fails with no password
+    # specified for root account nor any whell user accounts
+    # and wants us to set pw manually with passwd, which needs
+    # mutableUsers
+    #mutableUsers = false;
+
+    users.${cfg.username} = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+}

system/users.nix

@@ -1,8 +0,0 @@
-{pkgs, ...}:
-{
-  users.users.itsdrike = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    initialPassword = "itsdrike";
-  };
-}