From 28590f35e10397617a09425f5307e6af7a4761e3 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Sat, 23 Nov 2024 21:35:39 +0100 Subject: [PATCH] feat: initial commit --- .gitignore | 1 + flake.lock | 27 +++++++++++ flake.nix | 15 ++++++ hosts/affogato/default.nix | 51 +++++++++++++++++++++ hosts/affogato/hardware-configuration.nix | 56 +++++++++++++++++++++++ hosts/affogato/n100.nix | 14 ++++++ profiles/base/default.nix | 39 ++++++++++++++++ profiles/graphical/default.nix | 25 ++++++++++ profiles/kde/default.nix | 11 +++++ users/leona/default.nix | 9 ++++ users/transcaffeine/default.nix | 25 ++++++++++ 11 files changed, 273 insertions(+) create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/affogato/default.nix create mode 100644 hosts/affogato/hardware-configuration.nix create mode 100644 hosts/affogato/n100.nix create mode 100644 profiles/base/default.nix create mode 100644 profiles/graphical/default.nix create mode 100644 profiles/kde/default.nix create mode 100644 users/leona/default.nix create mode 100644 users/transcaffeine/default.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..4107ca5 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..f6fb9c5 --- /dev/null +++ b/flake.nix @@ -0,0 +1,15 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + }; + + outputs = inputs @ { self, nixpkgs }: { + nixosConfigurations.affogato = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/affogato + ]; + specialArgs = { inherit inputs; }; + }; + }; +} diff --git a/hosts/affogato/default.nix b/hosts/affogato/default.nix new file mode 100644 index 0000000..730db95 --- /dev/null +++ b/hosts/affogato/default.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ./n100.nix + ../../profiles/base + ../../profiles/graphical + ../../profiles/kde + ../../users/transcaffeine + ../../users/leona + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_6_6; + boot.kernelParams = [ + "fbcon=rotate:1" + # disable panel self refresh for i915 + # "i915.enable_psr=0" + # set max cstate to 2 (suspend?) + # "intel_idle.max_cstate=2" + "nvme.noacpi=1" + ]; + hardware.enableRedistributableFirmware = true; + + networking.hostName = "affogato"; + networking.hosts = { + "78.94.116.221" = [ + "git.finally.coffee" + "chat.finallycoffee.eu" + "cloud.finallycoffee.eu" + ]; + }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Network + networking.networkmanager.enable = true; + systemd.services.ModemManager.enable = true; + services.printing.enable = true; + + services.avahi.enable = true; + services.tailscale.enable = true; + services.blueman.enable = true; + + # TODO: delete this later + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/affogato/hardware-configuration.nix b/hosts/affogato/hardware-configuration.nix new file mode 100644 index 0000000..71663c1 --- /dev/null +++ b/hosts/affogato/hardware-configuration.nix @@ -0,0 +1,56 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/34d0b26e-8d69-4388-bf94-67e44669cdd8"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3B4B-0489"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/22e2d822-7f26-4246-a28e-b10a116f2818"; } + ]; + + boot.initrd.luks.devices."coffee".device = "/dev/disk/by-uuid/e24d653d-df2d-472b-97c3-653ee3169b1c"; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1u3.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.bluetooth.enable = true; + hardware.bluetooth.settings = { + General = { + JustWorksRepairing = "always"; + FastConnectable = true; + Class = "0x000100"; + }; + Policy = { + AutoEnable = true; + }; + }; + + # Enable WWAN over USB (also sets up usb-modeswitch for LTE sticks) + hardware.usb-modeswitch.enable = true; +} diff --git a/hosts/affogato/n100.nix b/hosts/affogato/n100.nix new file mode 100644 index 0000000..a347795 --- /dev/null +++ b/hosts/affogato/n100.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, ... }: { + boot.extraModprobeConfig = '' + options iwlwifi disable_11ax=true + ''; + hardware.firmware = let + intelfirmware = (pkgs.runCommandNoCC "n100-firmware" {} '' + mkdir -p $out/lib/firmware/intel/ + cp ${pkgs.linux-firmware}/lib/firmware/intel/ibt-1040-4150.ddc $out/lib/firmware/intel/ibt-1040-1050.ddc + cp ${pkgs.linux-firmware}/lib/firmware/intel/ibt-1040-4150.sfi $out/lib/firmware/intel/ibt-1040-1050.sfi + cp ${pkgs.linux-firmware}/lib/firmware/intel/ibt-1040-4150.ddc $out/lib/firmware/intel/ibt-0040-1050.ddc + cp ${pkgs.linux-firmware}/lib/firmware/intel/ibt-1040-4150.sfi $out/lib/firmware/intel/ibt-0040-1050.sfi + ''); #// { meta.priority = 8; }; + in lib.mkBefore [ intelfirmware ]; +} diff --git a/profiles/base/default.nix b/profiles/base/default.nix new file mode 100644 index 0000000..ad91dd4 --- /dev/null +++ b/profiles/base/default.nix @@ -0,0 +1,39 @@ +{ inputs, pkgs, ...}: { + nixpkgs.config.allowUnfree = true; + nix.settings.trusted-users = [ "root" "@wheel" ]; + nix.registry.nixpkgs.flake = inputs.nixpkgs; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + nix.gc = { + automatic = true; + options = "--delete-older-than 21d"; + }; + + security.sudo.wheelNeedsPassword = false; + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + + environment.systemPackages = with pkgs; [ + python3 + vim + tmux + jq + yq + tree + git + bind.dnsutils + openssl + curl + htop + pinentry + gnupg + sequoia + ]; +} diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix new file mode 100644 index 0000000..3386ca4 --- /dev/null +++ b/profiles/graphical/default.nix @@ -0,0 +1,25 @@ +{ pkgs, ...}: { + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + environment.systemPackages = with pkgs; [ + firefox + thunderbird + vlc + usbutils + pciutils + pinentry-qt + wl-clipboard + usb-modeswitch + usb-modeswitch-data + modemmanager + xdg-desktop-portal + xdg-desktop-portal-kde + grim + wireguard-tools + ]; +} diff --git a/profiles/kde/default.nix b/profiles/kde/default.nix new file mode 100644 index 0000000..a719b98 --- /dev/null +++ b/profiles/kde/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ...}: { + # Plasma + services.xserver.enable = true; + services.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + environment.systemPackages = with pkgs; [ + xdg-desktop-portal + xdg-desktop-portal-kde + ]; +} diff --git a/users/leona/default.nix b/users/leona/default.nix new file mode 100644 index 0000000..29628a8 --- /dev/null +++ b/users/leona/default.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: { + users.users.leona = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkvy9P1Qweq1kykgn3IWIBWe/v/dTNAx+hd9i2aKe1O openpgp:0xCACA6CB6" + ]; + }; +} diff --git a/users/transcaffeine/default.nix b/users/transcaffeine/default.nix new file mode 100644 index 0000000..81ebe4c --- /dev/null +++ b/users/transcaffeine/default.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: { + users.users.transcaffeine = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnjrKWYc0bcIsTkdpyC+yAsxSeY9M1WxVDNm3I/R3BYqyvfFuzJMQyh5APhM52yKGMN9UOuJPNPz0C4P6EY3iC3ZqUHFJ6ILrZZxdLZBVxdy2F19Xv6XcZkZxLpRKWapVFECF5z/Bi0rg1uzNRyrHjfZWcHfHIvlqxUYiitvvTbbSMQKqEV8wlnshSzBoYzaKtV1+crwlgz6wCnXq8HIupEeWfUc9kc+zunpYnuHnU5Z3HhzQGBuIiPoVritDjOo7qYREftV4qQ15xFWdezsMZlR15edwZeyNdAEx044QgaGddC8uEMoi5cp4APIqH1cEkIvSU6Y+esdgZ4CHU6M5G5ub5PTT2TaKoUMLLFtpW6QImjVApixFTHWR7tUhqInplWWLqvviS4MoI1ppxgcDUg/bgPdeDBsoRkbESr2uT8ResNi9DlPlN2rlUjlb28awzHm7agFhwfPQZ1afnFSUh0tTFz1WeR7xIGhxR1xXc8sapJhgLnYYWpR2NaJzbYYdk7CWW/3rgEsJem7Kvll6HevnFgRP/uVhEyGZl9hw+tECzvwB/LEmQ/4raDMxqOB9XO9kusJX/jTnQIObrFubfKn3ToXlYbQxZX9+QobANvQ8huILz1bBeH8aKjf9RXu+j4VNyoCKhzU/v0MIdRCsgVWgjuYXMGRo0MFMFyMqQiw== transcaffeine-openpgp:0x353A3E5B" + ]; + packages = with pkgs; [ + pass + spotify + gimp-with-plugins + qlcplus + ola + helvum + nmap + ansible + alacritty + tcpdump + virtualenv + wget + nix-output-monitor + nix-diff + ]; + }; +}