mirror of
https://github.com/ItsDrike/nixdots
synced 2024-12-25 16:54:35 +00:00
Full rewrite
This commit is contained in:
parent
8053e16a12
commit
8dc12c0ae7
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Backup files I sometimes keep for references
|
||||||
|
*.bak
|
||||||
|
|
||||||
|
# Personal TODO file
|
||||||
|
TODO
|
18
README.md
Normal file
18
README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# NixDots
|
||||||
|
|
||||||
|
My NixOS and home-manager flake
|
||||||
|
|
||||||
|
## Structure
|
||||||
|
|
||||||
|
- [`flake.nix`](./flake.nix): Starting point of the configuration, declaring entrypoints.
|
||||||
|
- [`guides`](./guides/): Some simple documentation to help me (and maybe others) understand NixOS.
|
||||||
|
- [`system`](./system/): Basic core configurations for the system itself.
|
||||||
|
- [`options`](./options/): Declaration of the configurable options, that should be set by the individual machines.
|
||||||
|
- [`hosts`](./hosts): Configuration of the individual hosts/computers
|
||||||
|
|
||||||
|
## Inspiration
|
||||||
|
|
||||||
|
This configuration was massively inspired by the following amazing projects:
|
||||||
|
|
||||||
|
- <https://git.jacekpoz.pl/jacekpoz/niksos>
|
||||||
|
- <https://git.notashelf.dev/NotAShelf/nyx/>
|
|
@ -77,7 +77,6 @@ Create a very basic `./flake.nix`:
|
||||||
description = "ItsDrike's NixOS configuration";
|
description = "ItsDrike's NixOS configuration";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# the version here should match your system.stateVersion in configuration.nix
|
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -153,3 +152,42 @@ nixos-rebuild switch --flake .
|
||||||
|
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> This replaces the legacy (non-flake) regime's command: `nixos-rebuild switch --upgrade`
|
> This replaces the legacy (non-flake) regime's command: `nixos-rebuild switch --upgrade`
|
||||||
|
|
||||||
|
## Home-Manager
|
||||||
|
|
||||||
|
Home-Manager is a way to bring nix features to your home directory. It allows
|
||||||
|
you to version and manage your configuration files that usually live in your
|
||||||
|
home directories, like `~/.config` with the usual nix tooling. This can help
|
||||||
|
you achieve full reproducibility for the user side, not just the system side.
|
||||||
|
|
||||||
|
First, let's add home-manager as an input to our flake:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
home-manager = {
|
||||||
|
url = "github:nix-community/home-manager";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
description = "ItsDrike's NixOS configuration";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||||
|
home-manager = {
|
||||||
|
url = "github:nix-community/home-manager";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, ...} @ inputs: {
|
||||||
|
nixosConfigurations = {
|
||||||
|
nixos = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [ ./configuration.nix ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
|
@ -6,10 +6,7 @@ in {
|
||||||
modules = [
|
modules = [
|
||||||
./vbox_nix
|
./vbox_nix
|
||||||
../system
|
../system
|
||||||
../system/options/systemd-boot.nix
|
../options
|
||||||
../system/options/cachix.nix
|
|
||||||
../system/options/oomd.nix
|
|
||||||
../modules/services/ssh.nix
|
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, pkgs, ...}:
|
{ lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
|
@ -13,10 +13,18 @@
|
||||||
udisks2.enable = true;
|
udisks2.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "vboxnix";
|
|
||||||
|
|
||||||
# NixOS release from which this machine was first installed.
|
# NixOS release from which this machine was first installed.
|
||||||
# (for stateful data, like file locations and db versions)
|
# (for stateful data, like file locations and db versions)
|
||||||
# Leave this alone!
|
# Leave this alone!
|
||||||
system.stateVersion = lib.mkForce "23.11";
|
system.stateVersion = lib.mkForce "23.11";
|
||||||
|
|
||||||
|
myOptions = {
|
||||||
|
system = {
|
||||||
|
hostname = "vboxnix";
|
||||||
|
username = "itsdrike";
|
||||||
|
};
|
||||||
|
device = {
|
||||||
|
cpu.type = "vm-amd";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
6
options/default.nix
Normal file
6
options/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./device
|
||||||
|
./system.nix
|
||||||
|
];
|
||||||
|
}
|
5
options/device/default.nix
Normal file
5
options/device/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./hardware.nix
|
||||||
|
];
|
||||||
|
}
|
16
options/device/hardware.nix
Normal file
16
options/device/hardware.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ lib, ... }: with lib; let
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.myOptions.device = {
|
||||||
|
cpu.type = mkOption {
|
||||||
|
type = with types; nullOr (enum [ "intel" "vm-intel" "amd" "vm-amd" ]);
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The manifaturer/type of the primary system CPU.
|
||||||
|
|
||||||
|
Determines which ucode services will be enabled and provides additional kernel packages.
|
||||||
|
If running in a virtual machine with forwarded/shared cores, use the `vm-` prefix.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
15
options/system.nix
Normal file
15
options/system.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ lib, ... }: with lib; let
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.myOptions.system = {
|
||||||
|
hostname = mkOption {
|
||||||
|
description = "hostname for this system";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
username = mkOption {
|
||||||
|
description = "username for the primary admin account for this system";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
5
system/boot/default.nix
Normal file
5
system/boot/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./systemd-boot.nix
|
||||||
|
];
|
||||||
|
}
|
11
system/boot/systemd-boot.nix
Normal file
11
system/boot/systemd-boot.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
_: {
|
||||||
|
boot.loader = {
|
||||||
|
systemd-boot = {
|
||||||
|
enable = true;
|
||||||
|
memtest86.enable = true;
|
||||||
|
editor = true;
|
||||||
|
};
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
timeout = 3;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,13 +1,12 @@
|
||||||
{lib, ...}:
|
_: {
|
||||||
{
|
imports = [
|
||||||
imports = [
|
./hardware
|
||||||
./network.nix
|
./boot
|
||||||
./users.nix
|
./services
|
||||||
./nix.nix
|
./programs
|
||||||
./packages.nix
|
./system.nix
|
||||||
];
|
./nix.nix
|
||||||
|
./network.nix
|
||||||
# Internationalisation properties
|
./localisation.nix
|
||||||
time.timeZone = "CET";
|
];
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
}
|
}
|
||||||
|
|
9
system/hardware/cpu/amd.nix
Normal file
9
system/hardware/cpu/amd.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
dev = config.myOptions.device;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (builtins.elem dev.cpu.type [ "amd" "vm-amd" ]) {
|
||||||
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
};
|
||||||
|
}
|
6
system/hardware/cpu/default.nix
Normal file
6
system/hardware/cpu/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./amd.nix
|
||||||
|
./intel.nix
|
||||||
|
];
|
||||||
|
}
|
9
system/hardware/cpu/intel.nix
Normal file
9
system/hardware/cpu/intel.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
dev = config.myOptions.device;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (builtins.elem dev.cpu.type [ "intel" "vm-intel" ]) {
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
};
|
||||||
|
}
|
5
system/hardware/default.nix
Normal file
5
system/hardware/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./cpu
|
||||||
|
];
|
||||||
|
}
|
4
system/localisation.nix
Normal file
4
system/localisation.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
_: {
|
||||||
|
time.timeZone = "CET";
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
}
|
|
@ -1,5 +1,7 @@
|
||||||
{pkgs, ...}:
|
{pkgs, ...}:
|
||||||
{
|
{
|
||||||
|
system.autoUpgrade.enable = false;
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
# nix often takes up a lot of space, with /nix/store growing beyond reasonable sizes
|
# nix often takes up a lot of space, with /nix/store growing beyond reasonable sizes
|
||||||
|
@ -8,6 +10,10 @@
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
# enable flakes support
|
# enable flakes support
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
|
# Keep all dependencies used to build
|
||||||
|
keep-outputs = true;
|
||||||
|
keep-derivations = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable automatic garbage collection, deleting entries older than 14 days
|
# Enable automatic garbage collection, deleting entries older than 14 days
|
||||||
|
@ -31,5 +37,5 @@
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# Git is needed for flakes
|
# Git is needed for flakes
|
||||||
environment.systemPackages = with pkgs; [git];
|
environment.systemPackages = [pkgs.git];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
_: {
|
|
||||||
nix.settings = {
|
|
||||||
substituters = [
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
"https://nixpkgs-wayland.cachix.org"
|
|
||||||
"https://viperml.cachix.org"
|
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
|
||||||
"viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
_: {
|
|
||||||
systemd.oomd = {
|
|
||||||
enable = true;
|
|
||||||
enableSystemSlice = true;
|
|
||||||
enableRootSlice = true;
|
|
||||||
enableUserSlices = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
_: {
|
|
||||||
boot.loader = {
|
|
||||||
systemd-boot = {
|
|
||||||
enable = true;
|
|
||||||
memtest86.enable = true;
|
|
||||||
editor = true;
|
|
||||||
};
|
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
timeout = 3;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
{pkgs, ...}:
|
|
||||||
{
|
|
||||||
# Basic list of must-have packages for all systems
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
vim
|
|
||||||
gnupg
|
|
||||||
delta
|
|
||||||
];
|
|
||||||
}
|
|
14
system/programs/default.nix
Normal file
14
system/programs/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{ pkgs, lib, ... }: {
|
||||||
|
imports = [
|
||||||
|
./nano.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Basic list of must-have packages for all systems
|
||||||
|
# TODO: Move these to home-manager, no need for system wide deps
|
||||||
|
# although maybe keep vim
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
gnupg
|
||||||
|
delta
|
||||||
|
];
|
||||||
|
}
|
49
system/programs/nano.nix
Normal file
49
system/programs/nano.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
programs.nano = {
|
||||||
|
# enabled by default anyway, we can keep it in case my neovim config breaks
|
||||||
|
enable = true;
|
||||||
|
nanorc = ''
|
||||||
|
include ${pkgs.nanorc}/share/*.nanorc # extended syntax highlighting
|
||||||
|
|
||||||
|
# Options
|
||||||
|
# https://github.com/davidhcefx/Modern-Nano-Keybindings
|
||||||
|
set tabsize 4
|
||||||
|
set tabstospaces
|
||||||
|
set linenumbers
|
||||||
|
set numbercolor yellow,normal
|
||||||
|
set indicator # side-bar for indicating cur position
|
||||||
|
set smarthome # `Home` jumps to line start first
|
||||||
|
set afterends # `Ctrl+Right` move to word ends instead of word starts
|
||||||
|
set wordchars "_" # recognize '_' as part of a word
|
||||||
|
set zap # delete selected text as a whole
|
||||||
|
set historylog # remember search history
|
||||||
|
set multibuffer # read files into multibuffer instead of insert
|
||||||
|
set mouse # enable mouse support
|
||||||
|
bind M-R redo main
|
||||||
|
bind ^C copy main
|
||||||
|
bind ^X cut main
|
||||||
|
bind ^V paste main
|
||||||
|
bind ^K zap main
|
||||||
|
bind ^H chopwordleft all
|
||||||
|
bind ^Q exit all
|
||||||
|
bind ^Z suspend main
|
||||||
|
bind M-/ comment main
|
||||||
|
bind ^Space complete main
|
||||||
|
|
||||||
|
bind M-C location main
|
||||||
|
bind ^E wherewas all
|
||||||
|
bind M-E findprevious all
|
||||||
|
bind ^R replace main
|
||||||
|
bind ^B pageup all # vim-like support
|
||||||
|
bind ^F pagedown all
|
||||||
|
bind ^G firstline all
|
||||||
|
bind M-G lastline all
|
||||||
|
|
||||||
|
bind M-1 help all # fix ^G been used
|
||||||
|
bind Sh-M-C constantshow main # fix M-C, M-F and M-b been used
|
||||||
|
bind Sh-M-F formatter main
|
||||||
|
bind Sh-M-B linter main
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
5
system/services/default.nix
Normal file
5
system/services/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
_: {
|
||||||
|
imports = [
|
||||||
|
./ssh.nix
|
||||||
|
];
|
||||||
|
}
|
20
system/services/oomd.nix
Normal file
20
system/services/oomd.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ lib, ... }: {
|
||||||
|
systemd = {
|
||||||
|
# OOMd: Out Of Memory daemon
|
||||||
|
# By default, this will only kill cgroups. So either systemd services
|
||||||
|
# marked for killing uder OOM or (non-default, but enabled here) the entire user slice.
|
||||||
|
oomd = {
|
||||||
|
enable = true;
|
||||||
|
enableSystemSlice = true;
|
||||||
|
enableRootSlice = true;
|
||||||
|
enableUserSlices = true;
|
||||||
|
extraConfig = {
|
||||||
|
"DefaultMemoryPressureDurationSec" = "20s";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Make nix builds more likely to get killed than other important services.
|
||||||
|
# The default for user slices is 100, and systemd-coredumpd is 500
|
||||||
|
services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 350;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,5 @@
|
||||||
{...}: {
|
{ ... }: {
|
||||||
|
# TODO: This really shouldn't be a default service in system/
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -8,3 +9,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
20
system/system.nix
Normal file
20
system/system.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, lib, ... }: with lib; let
|
||||||
|
cfg = config.myOptions.system;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.hostName = cfg.hostname;
|
||||||
|
|
||||||
|
users = {
|
||||||
|
# Prevent mutating users outside of our configurations.
|
||||||
|
# TODO: Solve this, currentry it fails with no password
|
||||||
|
# specified for root account nor any whell user accounts
|
||||||
|
# and wants us to set pw manually with passwd, which needs
|
||||||
|
# mutableUsers
|
||||||
|
#mutableUsers = false;
|
||||||
|
|
||||||
|
users.${cfg.username} = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,8 +0,0 @@
|
||||||
{pkgs, ...}:
|
|
||||||
{
|
|
||||||
users.users.itsdrike = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "wheel" ];
|
|
||||||
initialPassword = "itsdrike";
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue