diff --git a/hosts/yeva/configuration.nix b/hosts/yeva/configuration.nix index e937c0b..5c01683 100644 --- a/hosts/yeva/configuration.nix +++ b/hosts/yeva/configuration.nix @@ -1,8 +1,8 @@ # Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, lib, pkgs, ... }: +{ config, pkgs, lib, inputs, ... }: { imports = @@ -10,71 +10,196 @@ ./hardware-configuration.nix ]; - # Use the systemd-boot EFI boot loader. + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # networking.hostName = "nixos"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + # Use latest kernel. + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.persistence."/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/libvirt" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + ]; + }; + + services.fwupd.enable = true; + + networking.hostName = "yeva"; # Define your hostname. + + # Enable networking + networking.networkmanager.enable = true; # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + time.timeZone = "Europe/Athens"; # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + programs.zsh.enable = true; # home-manager already installs this but nixos complains w/o it + users.users.xory = { + isNormalUser = true; + description = "xory"; + extraGroups = [ "networkmanager" "wheel" "docker" "libvirt" "dialout" ]; + shell = pkgs.zsh; + initialHashedPassword = "$6$JXLpG5JYMJgZndm9$0sC8uPJ99cYL.hNv3DFQ20ky8tiZoxioe9GlMEanTwAD99LJ175/bHtN6Bm6bYsQG1BVGRdmphnXEcWS9ApoK0"; + }; + + # ZeroTier + services.zerotierone.enable = true; + services.zerotierone.joinNetworks = [ "b3ce837c63" "363c67c55a726a89" ]; + + # nix-ld + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; [ + libGL + SDL2 + ]; + + # Firejail + programs.firejail = { + enable = true; + wrappedBinaries = + let + apps = { + firefox = {}; + "signal-desktop-bin" = { name = "signal-desktop"; }; + vesktop = {}; + spotify = {}; + obsidian = {}; + }; + in + lib.mapAttrs (pkg: conf: + let + binName = conf.name or pkg; + in + { + executable = "${pkgs.${pkg}}/bin/${binName}"; + profile = "${pkgs.firejail}/etc/firejail/${binName}.profile"; + extraArgs = [ + "--env=GTK_THEME=Adwaita:dark" + ]; + }) apps; + }; # Enable the X11 windowing system. - # services.xserver.enable = true; + # You can disable this if you're only using the Wayland session. + services.xserver.enable = true; + # Enable the KDE Plasma Desktop Environment. + services.displayManager.sddm.enable = true; + # services.desktopManager.plasma6.enable = true; - + # Enable Hyprland. + programs.hyprland.enable = true; # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; # Enable CUPS to print documents. # services.printing.enable = true; + + programs.gnupg.agent.enable = true; - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General.Experimental = true; + General.FastConnectable = true; + Policy.AutoEnable = true; + }; + }; # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; + # services.xserver.libinput.enable = true; - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; + # Enable automatic login for the user. + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "xory"; - # programs.firefox.enable = true; + # Install firefox. + programs.firefox.enable = true; - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + neovim + git + framework-tool + inputmodule-control + ]; + + programs.steam.enable = true; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 2d"; + }; + + programs.virt-manager.enable = true; + virtualisation.libvirtd.enable = true; + virtualisation.libvirtd.qemu.swtpm.enable = true; + virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ]; + virtualisation.spiceUSBRedirection.enable = true; + virtualisation.docker.enable = true; + + services = { + syncthing = { + enable = true; + group = "users"; + user = "xory"; + dataDir = "/home/xory/Sync"; # Default folder for new synced folders + configDir = "/home/xory/Sync/.config/syncthing"; # Folder for Syncthing's settings and keys + }; + }; + services.openssh.enable = true; # TODO: add key-based auth # Some programs need SUID wrappers, can be configured further or are # started in user sessions. @@ -90,34 +215,19 @@ # services.openssh.enable = true; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ 8000 22000 ]; + networking.firewall.allowedUDPPorts = [ 8000 22000 21027 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "25.05"; # Did you read the comment? } - diff --git a/hosts/yeva/hardware-configuration.nix b/hosts/yeva/hardware-configuration.nix index f269309..7f1a8ec 100644 --- a/hosts/yeva/hardware-configuration.nix +++ b/hosts/yeva/hardware-configuration.nix @@ -9,7 +9,8 @@ ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ]; + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/200718ce-94cf-459d-8dc6-a740d21db404"; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -18,6 +19,13 @@ fsType = "tmpfs"; options = [ "size=4G" ]; }; + + fileSystems."/persist" = + { + device = "/dev/disk/by-uuid/582e1f64-6395-4815-a3f2-f37835523d9c"; + fsType = "ext4"; + neededForBoot = true; + }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/10203712-12cb-40ba-a97d-ab3b2c8497e7";