aboutsummaryrefslogtreecommitdiff
path: root/nixos/flake/system
diff options
context:
space:
mode:
authorjjanzen <jjanzen@jjanzen.ca>2025-03-05 22:17:31 -0600
committerjjanzen <jjanzen@jjanzen.ca>2025-03-05 22:17:31 -0600
commite6edbad14d8255743c7b259a1985db5fb5bd4e91 (patch)
treeab535ebf7942b3935b8ec35158291c09226faf73 /nixos/flake/system
parentc1f8c535d59658dd29d199c62326b9436a489ecf (diff)
system changes
Diffstat (limited to 'nixos/flake/system')
-rw-r--r--nixos/flake/system/boot.nix.org11
-rw-r--r--nixos/flake/system/core.nix.org21
-rw-r--r--nixos/flake/system/desktop.nix.org116
-rw-r--r--nixos/flake/system/hardware-configuration.nix41
-rw-r--r--nixos/flake/system/locale.nix.org11
-rw-r--r--nixos/flake/system/network.nix.org55
-rw-r--r--nixos/flake/system/update-resolv-conf.sh71
-rw-r--r--nixos/flake/system/users.nix.org14
8 files changed, 340 insertions, 0 deletions
diff --git a/nixos/flake/system/boot.nix.org b/nixos/flake/system/boot.nix.org
new file mode 100644
index 0000000..fe98542
--- /dev/null
+++ b/nixos/flake/system/boot.nix.org
@@ -0,0 +1,11 @@
+#+title: Boot Configuration
+
+Enable =systemd-boot= as my boot loader.
+#+begin_src nix :tangle ~/.flake/system/boot.nix :mkdirp yes
+{ config, lib, pkgs, ... }:
+
+{
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+}
+#+end_src
diff --git a/nixos/flake/system/core.nix.org b/nixos/flake/system/core.nix.org
new file mode 100644
index 0000000..e909198
--- /dev/null
+++ b/nixos/flake/system/core.nix.org
@@ -0,0 +1,21 @@
+#+title: System Core
+
+This file imports various system configuration components in addition to enabling flakes and defining the system version.
+#+begin_src nix :tangle ~/.flake/system/core.nix :mkdirp yes
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ./boot.nix
+ ./desktop.nix
+ ./hardware-configuration.nix
+ ./locale.nix
+ ./network.nix
+ ./users.nix
+ ];
+
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+ system.stateVersion = "24.05";
+}
+#+end_src
diff --git a/nixos/flake/system/desktop.nix.org b/nixos/flake/system/desktop.nix.org
new file mode 100644
index 0000000..eef6eef
--- /dev/null
+++ b/nixos/flake/system/desktop.nix.org
@@ -0,0 +1,116 @@
+#+title: Desktop System Configuration
+
+Open the desktop configuration.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ { config, lib, pkgs, ... }:
+
+ {
+#+end_src
+
+Allow unfree packages on this system.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ nixpkgs.config.allowUnfree = true;
+#+end_src
+
+Install necessary packages for the desktop.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ environment.systemPackages = with pkgs; [
+ dolphin
+ firefox
+ git
+ greetd.tuigreet
+ kitty
+ gnumake
+ neovim
+ python3
+ wget
+ ];
+#+end_src
+
+Install Steam.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ programs.steam = {
+ enable = true;
+ remotePlay.openFirewall = true;
+ dedicatedServer.openFirewall = true;
+ localNetworkGameTransfers.openFirewall = true;
+ };
+#+end_src
+
+Use Neovim as my default editor.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ environment.variables.EDITOR = "nvim";
+#+end_src
+
+Enable GPG agent globally.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+#+end_src
+
+Install =zsh= and set up completions.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ programs.zsh.enable = true;
+ environment.pathsToLink = [ "/share/zsh" ];
+#+end_src
+
+Use the =us= keyboard layout.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ services.xserver.xkb.layout = "us";
+#+end_src
+
+Install Hyprland as a window manager.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ services.xserver.enable = true;
+ xdg.portal.enable = true;
+ programs.hyprland.enable = true;
+ environment.sessionVariables.NIXOS_OZONE_WL = "1";
+#+end_src
+
+Enable =pam= support for Hyprlock.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ security.pam.services.hyprlock = {};
+#+end_src
+
+Enable =greetd= with =tuigreet= as my login manager.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ services.greetd = {
+ enable = true;
+ settings = {
+ default_session = {
+ command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --sessions ${pkgs.hyprland}/share/wayland-sessions --cmd \"dbus-run-session Hyprland\"";
+ user = "greeter";
+ };
+ };
+ };
+ systemd.services.greetd.serviceConfig = {
+ Type = "idle";
+ StandardInput = "tty";
+ StanardOutput = "tty";
+ StandardError = "journal";
+ TTYReset = true;
+ TTYVHangup = true;
+ TTYVTDisallocate = true;
+ };
+#+end_src
+
+Enable PipeWire.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ services.pipewire = {
+ enable = true;
+ pulse.enable = true;
+ };
+#+end_src
+
+Enable GNOME Keyring.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ services.gnome.gnome-keyring.enable = true;
+ security.pam.services.greetd.enableGnomeKeyring = true;
+#+end_src
+
+Close the desktop configuration.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+ }
+#+end_src
diff --git a/nixos/flake/system/hardware-configuration.nix b/nixos/flake/system/hardware-configuration.nix
new file mode 100644
index 0000000..74ef301
--- /dev/null
+++ b/nixos/flake/system/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/1cf884d2-8691-4122-85e2-a4edd2d1609f";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/ABCB-FAEC";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/675d8161-49c5-4348-9da5-4a7c8ada700f"; }
+ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/nixos/flake/system/locale.nix.org b/nixos/flake/system/locale.nix.org
new file mode 100644
index 0000000..63d05a0
--- /dev/null
+++ b/nixos/flake/system/locale.nix.org
@@ -0,0 +1,11 @@
+#+title: Locale Setup
+
+My timezone is Winnipeg, and I use Canadian English.
+#+begin_src nix :tangle ~/.flake/system/locale.nix :mkdirp yes
+ { config, lib, pkgs, ... }:
+
+ {
+ time.timeZone = "America/Winnipeg";
+ i18n.defaultLocale = "en_CA.UTF-8";
+ }
+#+end_src
diff --git a/nixos/flake/system/network.nix.org b/nixos/flake/system/network.nix.org
new file mode 100644
index 0000000..67a7721
--- /dev/null
+++ b/nixos/flake/system/network.nix.org
@@ -0,0 +1,55 @@
+#+title: Network Configuration
+
+Open the network configuration.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ { config, lib, pkgs, ... }:
+
+ {
+#+end_src
+
+This system is called =nixos=.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ networking.hostName = "nixos";
+#+end_src
+
+I use NetworkManager to configure my network.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ networking.networkmanager.enable = true;
+#+end_src
+
+Enable Bluetooth at boot.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ hardware.bluetooth.enable = true;
+ hardware.bluetooth.powerOnBoot = true;
+ services.blueman.enable = true;
+#+end_src
+
+Enable printing.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ services.printing.enable = true;
+#+end_src
+
+Enable SSH.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ services.openssh.enable = true;
+#+end_src
+
+Set up my firewall.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ networking.firewall = {
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
+ };
+
+ environment.etc = {
+ "openvpn/update-resolv-conf" = {
+ source = ./update-resolv-conf.sh;
+ mode = "0700";
+ };
+ };
+#+end_src
+
+Close the network configuration.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+ }
+#+end_src
diff --git a/nixos/flake/system/update-resolv-conf.sh b/nixos/flake/system/update-resolv-conf.sh
new file mode 100644
index 0000000..16622a1
--- /dev/null
+++ b/nixos/flake/system/update-resolv-conf.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+#
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
+# and Chris Hanson
+# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
+# 07/2013 colin@daedrum.net Fixed intet name
+# 05/2006 chlauber@bnc.ch
+#
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
+
+## The 'type' builtins will look for file in $PATH variable, so we set the
+## PATH below. You might need to directly set the path to 'resolvconf'
+## manually if it still doesn't work, i.e.
+## RESOLVCONF=/usr/sbin/resolvconf
+export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
+RESOLVCONF=$(type -p resolvconf)
+
+case $script_type in
+
+up)
+ for optionname in ${!foreign_option_*} ; do
+ option="${!optionname}"
+ echo $option
+ part1=$(echo "$option" | cut -d " " -f 1)
+ if [ "$part1" == "dhcp-option" ] ; then
+ part2=$(echo "$option" | cut -d " " -f 2)
+ part3=$(echo "$option" | cut -d " " -f 3)
+ if [ "$part2" == "DNS" ] ; then
+ IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+ fi
+ if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
+ IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
+ fi
+ fi
+ done
+ R=""
+ if [ "$IF_DNS_SEARCH" ]; then
+ R="search "
+ for DS in $IF_DNS_SEARCH ; do
+ R="${R} $DS"
+ done
+ R="${R}
+"
+ fi
+
+ for NS in $IF_DNS_NAMESERVERS ; do
+ R="${R}nameserver $NS
+"
+ done
+ #echo -n "$R" | $RESOLVCONF -x -p -a "${dev}"
+ echo -n "$R" | $RESOLVCONF -x -a "${dev}.inet"
+ ;;
+down)
+ $RESOLVCONF -d "${dev}.inet"
+ ;;
+esac
+
+# Workaround / jm@epiclabs.io
+# force exit with no errors. Due to an apparent conflict with the Network Manager
+# $RESOLVCONF sometimes exits with error code 6 even though it has performed the
+# action correctly and OpenVPN shuts down.
+exit 0
diff --git a/nixos/flake/system/users.nix.org b/nixos/flake/system/users.nix.org
new file mode 100644
index 0000000..e922d8e
--- /dev/null
+++ b/nixos/flake/system/users.nix.org
@@ -0,0 +1,14 @@
+#+title: User Configuration
+
+Set up my user account with =zsh= as default shell with =sudoers= and network management permissions.
+#+begin_src nix
+{ config, lib, pkgs, ... }:
+
+{
+ users.users.jjanzen = {
+ shell = pkgs.zsh;
+ isNormalUser = true;
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+}
+#+end_src