diff --git a/flake.nix b/flake.nix index 19834f1..1cf3459 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,8 @@ myName = name; myTheme = theme; myHostname = hostname; + myTimezone = timezone; + myLocale = locale; myThemePolarity = themePolarity; myBackgroundUrl = backgroundUrl; myBackgroundSha256 = backgroundSha256; diff --git a/profiles/personal/configuration.nix b/profiles/personal/configuration.nix index 7594a78..8c2b837 100644 --- a/profiles/personal/configuration.nix +++ b/profiles/personal/configuration.nix @@ -2,139 +2,66 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, lib, pkgs, blocklist-hosts, myName, myHostname, myTheme, myBackgroundUrl, myBackgroundSha256, ... }: -let blocklist = builtins.readFile "${blocklist-hosts}/alternates/gambling-porn/hosts"; -in +{ config, lib, pkgs, blocklist-hosts, myName, myHostname, myTimezone, myLocale, myTheme, myBackgroundUrl, myBackgroundSha256, ... }: { imports = [ ../../system/hardware-configuration.nix + ../../system/hardware/power.nix + ../../system/hardware/opengl.nix + ../../system/hardware/printing.nix + #../../system/hardware/bluetooth.nix + #../../system/hardware/openrgb.nix + ../../system/wm/xmonad.nix + ../../system/app/flatpak.nix + ../../system/app/gamemode.nix + ../../system/security/doas.nix + ../../system/security/gpg.nix + ../../system/security/blocklist.nix + ../../system/security/firewall.nix + ../../system/security/openvpn.nix ../../system/style/stylix.nix ]; + # Fix nix path nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=$HOME/dotfiles/system/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; + # Experimental features nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Need some flatpaks - services.flatpak.enable = true; - xdg.portal.enable = true; - - # Doas instead of sudo - security.doas.enable = true; - security.sudo.enable = false; - security.doas.extraRules = [{ - users = [ "${myName}" ]; - keepEnv = true; - persist = true; - }]; - - # Pipewire - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; + # Bless me father for I have sinned + nixpkgs.config.allowUnfree = true; # Kernel modules - boot.kernelModules = [ "i2c-dev" "i2c-piix4" ]; + boot.kernelModules = [ "i2c-dev" "i2c-piix4" "cpufreq_powersave" ]; - # Bootloader. + # Bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Setup keyfile - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - + # Networking networking.hostName = myHostname; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - networking.extraHosts = '' - "${blocklist}" - ''; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; + networking.networkmanager.enable = true; # Use networkmanager + # Timezone and locale + time.timeZone = myTimezone; # time zone + i18n.defaultLocale = myLocale; i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + LC_ADDRESS = myLocale; + LC_IDENTIFICATION = myLocale; + LC_MEASUREMENT = myLocale; + LC_MONETARY = myLocale; + LC_NAME = myLocale; + LC_NUMERIC = myLocale; + LC_PAPER = myLocale; + LC_TELEPHONE = myLocale; + LC_TIME = myLocale; }; - services.gnome = { - gnome-keyring.enable = true; - }; - - services.upower.enable = true; - - services.dbus = { - enable = true; - packages = [ pkgs.dconf ]; - }; - - programs.dconf = { - enable = true; -# packages = [ pkgs.dconf ]; - }; - - # Configure X11 - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = ""; - xkbOptions = "caps:escape"; - windowManager.xmonad = { - enable = true; - enableContribAndExtras = true; - }; - displayManager = { - lightdm.enable = true; - defaultSession = "none+xmonad"; - }; - libinput = { - touchpad.disableWhileTyping = true; - }; - }; - - services.xserver.displayManager.sessionCommands = '' - xset -dpms - xset s blank - xset r rate 350 50 - xset s 300 - ${pkgs.lightlocker}/bin/light-locker --idle-hint & - ''; - - # Bluetooth - # hardware.bluetooth.enable = true; - # services.blueman.enable = true; - - systemd.services.upower.enable = true; - systemd.services.auto-cpufreq.enable = true; - - users.defaultUserShell = pkgs.zsh; - - # Define a user account. Don't forget to set a password with ‘passwd’. + # User account users.users.${myName} = { isNormalUser = true; description = "Emmet"; @@ -143,86 +70,20 @@ in uid = 1000; }; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget + # System packages environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + vim wget zsh - auto-cpufreq git - # openrgb-with-all-plugins - (pkgs.writeScriptBin "sudo" ''exec doas "$@"'') ]; - # OpenRGB setup - # services.hardware.openrgb = { - # enable = true; - # motherboard = "amd"; - #}; - + # I use zsh btw environment.shells = with pkgs; [ zsh ]; + users.defaultUserShell = pkgs.zsh; programs.zsh.enable = true; - fonts.fonts = with pkgs; [ - # Fonts - (nerdfonts.override { fonts = [ "Inconsolata" ]; }) - powerline - inconsolata - inconsolata-nerdfont - iosevka - font-awesome - ubuntu_font_family - terminus_font - gamemode - openvpn - ]; - - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Firewall - networking.firewall.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; - - # Printing - services.printing.enable = true; - services.avahi.enable = true; - services.avahi.nssmdns = true; - services.avahi.openFirewall = true; - - # OpenGL - hardware.opengl.enable = true; - - # Feral GameMode - programs.gamemode.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? + # It is ok to leave this unchanged for compatibility purposes + system.stateVersion = "22.11"; } diff --git a/system/app/flatpak.nix b/system/app/flatpak.nix new file mode 100644 index 0000000..51d62bd --- /dev/null +++ b/system/app/flatpak.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Need some flatpaks + services.flatpak.enable = true; + xdg.portal.enable = true; +} diff --git a/system/app/gamemode.nix b/system/app/gamemode.nix new file mode 100644 index 0000000..c1f4939 --- /dev/null +++ b/system/app/gamemode.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Feral GameMode + environment.systemPackages = [ pkgs.gamemode ]; + programs.gamemode.enable = true; +} diff --git a/system/hardware/bluetooth.nix b/system/hardware/bluetooth.nix new file mode 100644 index 0000000..b823396 --- /dev/null +++ b/system/hardware/bluetooth.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/system/hardware/opengl.nix b/system/hardware/opengl.nix new file mode 100644 index 0000000..2a03da1 --- /dev/null +++ b/system/hardware/opengl.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + # OpenGL + hardware.opengl.enable = true; +} diff --git a/system/hardware/openrgb.nix b/system/hardware/openrgb.nix new file mode 100644 index 0000000..6f06af7 --- /dev/null +++ b/system/hardware/openrgb.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ pkgs.openrgb-with-all-plugins ]; + + # OpenRGB setup + services.hardware.openrgb = { + enable = true; + motherboard = "amd"; + }; +} diff --git a/system/hardware/power.nix b/system/hardware/power.nix new file mode 100644 index 0000000..3e95c4c --- /dev/null +++ b/system/hardware/power.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ pkgs.auto-cpufreq ]; + systemd.services.auto-cpufreq.enable = true; + + services.upower.enable = true; + systemd.services.upower.enable = true; +} diff --git a/system/hardware/printing.nix b/system/hardware/printing.nix new file mode 100644 index 0000000..e2091a3 --- /dev/null +++ b/system/hardware/printing.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + # Enable printing + services.printing.enable = true; + services.avahi.enable = true; + services.avahi.nssmdns = true; + services.avahi.openFirewall = true; +} diff --git a/system/security/blocklist.nix b/system/security/blocklist.nix new file mode 100644 index 0000000..0ef1b93 --- /dev/null +++ b/system/security/blocklist.nix @@ -0,0 +1,9 @@ +{ config, blocklist-hosts, pkgs, ... }: + +let blocklist = builtins.readFile "${blocklist-hosts}/alternates/gambling-porn/hosts"; +in +{ + networking.extraHosts = '' + "${blocklist}" + ''; +} diff --git a/system/security/doas.nix b/system/security/doas.nix new file mode 100644 index 0000000..3cb2860 --- /dev/null +++ b/system/security/doas.nix @@ -0,0 +1,16 @@ +{ config, myName, pkgs, ... }: + +{ + # Doas instead of sudo + security.doas.enable = true; + security.sudo.enable = false; + security.doas.extraRules = [{ + users = [ "${myName}" ]; + keepEnv = true; + persist = true; + }]; + + environment.systemPackages = [ + (pkgs.writeScriptBin "sudo" ''exec doas "$@"'') + ]; +} diff --git a/system/security/firewall.nix b/system/security/firewall.nix new file mode 100644 index 0000000..84b4b6c --- /dev/null +++ b/system/security/firewall.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + # Firewall + networking.firewall.enable = true; + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; +} diff --git a/system/security/gpg.nix b/system/security/gpg.nix new file mode 100644 index 0000000..e3de8fb --- /dev/null +++ b/system/security/gpg.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/system/security/openvpn.nix b/system/security/openvpn.nix new file mode 100644 index 0000000..232a3bd --- /dev/null +++ b/system/security/openvpn.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ pkgs.openvpn ]; + environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; +} diff --git a/system/security/sshd.nix b/system/security/sshd.nix new file mode 100644 index 0000000..2d97756 --- /dev/null +++ b/system/security/sshd.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + # Enable incoming ssh + services.openssh = { + enable = true; + openFirewall = true; + # TODO authorizedKeysFiles = ""; + }; +} diff --git a/system/wm/dbus.nix b/system/wm/dbus.nix new file mode 100644 index 0000000..ede1bb2 --- /dev/null +++ b/system/wm/dbus.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: + +{ + services.dbus = { + enable = true; + packages = [ pkgs.dconf ]; + }; + + programs.dconf = { + enable = true; + }; +} diff --git a/system/wm/fonts.nix b/system/wm/fonts.nix new file mode 100644 index 0000000..7bffd6e --- /dev/null +++ b/system/wm/fonts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + # Fonts are nice to have + fonts.fonts = with pkgs; [ + # Fonts + (nerdfonts.override { fonts = [ "Inconsolata" ]; }) + powerline + inconsolata + inconsolata-nerdfont + iosevka + font-awesome + ubuntu_font_family + terminus_font + ]; + +} diff --git a/system/wm/gnome-keyring.nix b/system/wm/gnome-keyring.nix new file mode 100644 index 0000000..7990550 --- /dev/null +++ b/system/wm/gnome-keyring.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + services.gnome = { + gnome-keyring.enable = true; + }; +} diff --git a/system/wm/pipewire.nix b/system/wm/pipewire.nix new file mode 100644 index 0000000..97756c0 --- /dev/null +++ b/system/wm/pipewire.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + # Pipewire + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/system/wm/x11.nix b/system/wm/x11.nix new file mode 100644 index 0000000..59b5344 --- /dev/null +++ b/system/wm/x11.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ ./pipewire.nix + ./dbus.nix + ./gnome-keyring.nix + ./fonts.nix + ]; + + # Configure X11 + services.xserver = { + enable = true; + layout = "us"; + xkbVariant = ""; + xkbOptions = "caps:escape"; + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + displayManager = { + lightdm.enable = true; + defaultSession = "none+xmonad"; + sessionCommands = '' + xset -dpms + xset s blank + xset r rate 350 50 + xset s 300 + ${pkgs.lightlocker}/bin/light-locker --idle-hint & + ''; + }; + libinput = { + touchpad.disableWhileTyping = true; + }; + }; +} diff --git a/system/wm/xmonad.nix b/system/wm/xmonad.nix new file mode 100644 index 0000000..51eca32 --- /dev/null +++ b/system/wm/xmonad.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # import X11 + imports = [ ./x11.nix + ./pipewire.nix + ./dbus.nix + ]; + + # Setup XMonad + services.xserver = { + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + displayManager = { + defaultSession = "none+xmonad"; + }; + }; +}