diff --git a/.gitignore b/.gitignore index 4c49bd7..3323b34 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .env +.DS_Store diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..15411dd --- /dev/null +++ b/configuration.nix @@ -0,0 +1,85 @@ +{ config, pkgs, ... }: + +let + publicKey = pkgs.fetchurl { + url = "https://github.com/jamesepatrick.keys"; + sha256 = "sha256-6NGBLNPcvsvCTa7UC3H3r9n8dKAHobINK5pxxm94nTM="; + }; +in +{ + # Allow Cleanup, nix, & flakes + nix = { + autoOptimiseStore = true; + allowedUsers = [ "@wheel" ]; + gc = { + automatic = true; + dates = "daily"; + }; + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + # Enable bootloader & clear /tmp on boot. + boot = { + cleanTmpDir = true; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + # Locale + time.timeZone = "America/New_York"; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users ={ + root.initialPassword = "nixos"; + james = { + description = "James Patrick"; + extraGroups = [ "wheel" ]; + initialPassword = "nixos"; + isNormalUser = true; + openssh.authorizedKeys.keyFiles = [ publicKey ]; + shell = pkgs.zsh; + }; + }; + + # These are the most basic tools I need. + environment.systemPackages = with pkgs; [ + git + gnumake + vim + zsh + ]; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ 443 80 ]; + allowedUDPPorts = [ 443 80 ]; + allowPing = false; + }; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # Openssh settings for security + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f67eba9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,81 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1637875789, + "narHash": "sha256-kwW26kGhqNsWpTz+prw/pAfqz673GojbxZuB0boc1eM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "579f2e8bebb954a103a96b905c27b10f15ef38c7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1637831601, + "narHash": "sha256-axRY9AehHGXfU52RK3oqDNXd9F92Tm65vEBQir3tRLI=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "aad66afc1cac4a654223f6ba326899c731e57441", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1637841632, + "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1637888015, + "narHash": "sha256-gkANNpE7kK3/2nb2ezE3dfyb6w+8T1/q0SiQHyy89A4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "63ce681a0abe4e85449ef82a2a1b1bb73d0c3a5f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "nur": "nur" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..2ed2caa --- /dev/null +++ b/flake.nix @@ -0,0 +1,52 @@ +{ + description = "NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + # All outputs for the system (configs) + outputs = { home-manager, nixpkgs, nur, nixos-hardware, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = {allowUnfree = true;}; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + # Config is based on hostname + nil = lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 + ./hosts/nil.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.james = import ./home.nix; + } + ]; + }; + + }; + }; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..2b6fffb --- /dev/null +++ b/home.nix @@ -0,0 +1,36 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the + # paths it should manage. + home.username = "james"; + home.homeDirectory = "/home/james"; + + wayland.windowManager.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + + home.packages = with pkgs; [ + emacs + firefox + wofi + i3 + zsh + kitty + tmux + ]; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "21.11"; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/hosts/nil.nix b/hosts/nil.nix new file mode 100644 index 0000000..14110a0 --- /dev/null +++ b/hosts/nil.nix @@ -0,0 +1,77 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ../modules/zfs.nix + ../modules/profiles/laptop.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # This is required for the zfs module as well. Must be unique. Run the following + # head -c4 /dev/urandom | od -A none -t x4 + networking.hostId = "a7a1c3f5"; + networking.hostName = "nil"; # Define your hostname. + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.enp2s0f0.useDHCP = true; + networking.interfaces.enp5s0.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + + boot.initrd.availableKernelModules = [ + "nvme" + "vfat" + "xhci_pci" + "usbhid" + "usb_storage" + "sd_mod" + "sdhci_pci" + "cryptd" + ]; + + hardware.firmware = [ + pkgs.rtw89-firmware + ]; + + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ]; + boot.supportedFilesystems = ["zfs"]; + + boot.initrd.luks.devices."crypt" = + { device = "/dev/disk/by-partlabel/crypt"; + preLVM = true; + }; + + fileSystems."/" = + { device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-partlabel/boot"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/partitions/swap"; } + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? +} diff --git a/modules/profiles/graphical.nix b/modules/profiles/graphical.nix new file mode 100644 index 0000000..c47f7a5 --- /dev/null +++ b/modules/profiles/graphical.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; # so that gtk works properly + extraPackages = with pkgs; [ + swaylock + swayidle + wl-clipboard + mako # notification daemon + alacritty # Alacritty is the default terminal in the config + dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native + wofi + ]; + }; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; +} diff --git a/modules/profiles/laptop.nix b/modules/profiles/laptop.nix new file mode 100644 index 0000000..3b90b91 --- /dev/null +++ b/modules/profiles/laptop.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + ./graphical.nix + ]; + + networking.networkmanager.enable = true; + users.users.james.extraGroups = [ "networkmanager" ]; +} diff --git a/modules/zfs.nix b/modules/zfs.nix new file mode 100644 index 0000000..6682eed --- /dev/null +++ b/modules/zfs.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: +{ + + boot = { + supportedFilesystems = [ "zfs" ]; + zfs = { + forceImportRoot = false; + forceImportAll = false; + }; + # this was required for the initial setup of the zpool. + # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot + # kernelParams = ["zfs_force=1"]; + }; + + services.zfs = { + autoScrub.enable = true; + # enable default auto-snapshots + autoSnapshot = { + enable = true; + flags = "-k -p --utc"; + }; + }; + +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix deleted file mode 100644 index 474f59a..0000000 --- a/nixos/configuration.nix +++ /dev/null @@ -1,114 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - "${builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware.git"; }}/lenovo/thinkpad/t14/amd/" - ./hardware-configuration.nix - ./zfs.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # This is required for the zfs module as well. Must be unique. Run the following - # head -c4 /dev/urandom | od -A none -t x4 - networking.hostId = "a7a1c3f5"; - networking.hostName = "nil"; # Define your hostname. - networking.wireless = { - enable = true; # Enables wireless support via wpa_supplicant. - interfaces = ["wlp3s0"]; # Enables wireless support via wpa_supplicant. - userControlled.enable = true; - }; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp2s0f0.useDHCP = true; - networking.interfaces.enp5s0.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - - # Configure keymap in X11 - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.james = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - }; - - nix.allowedUsers = [ "@wheel" ]; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - git - gnumake - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - # firefox - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? - -} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix deleted file mode 100644 index 6206f2b..0000000 --- a/nixos/hardware-configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "vfat" - "xhci_pci" - "usbhid" - "usb_storage" - "sd_mod" - "sdhci_pci" - "cryptd" - ]; - - # Wifi support - hardware.firmware = [ pkgs.rtw89-firmware ]; - - # For support of newer AMD GPUs, backlight and internal microphone - boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.13") pkgs.linuxPackages_latest; - - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ]; - boot.supportedFilesystems = ["zfs"]; - - boot.initrd.luks.devices."crypt" = - { device = "/dev/disk/by-partlabel/crypt"; - preLVM = true; - }; - - fileSystems."/" = - { device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-partlabel/boot"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/partitions/swap"; } - ]; - -} diff --git a/nixos/zfs.nix b/nixos/zfs.nix deleted file mode 100644 index 6bc1b7e..0000000 --- a/nixos/zfs.nix +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix) -# These are the options ZFS requires, but a normal system has, of course, -# more options (like a bootloader, or installed software). -{ config, pkgs, ... }: -{ - # remove this after 1st boot - # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot - boot.kernelParams = ["zfs_force=1"]; - - boot.zfs.forceImportRoot = false; - boot.zfs.forceImportAll = false; - - boot.supportedFilesystems = [ "zfs" ]; - - services.zfs.autoScrub.enable = true; - # this enables the zfs-auto-snapshot - services.zfs.autoSnapshot = { - enable = true; - flags = "-k -p --utc"; - }; -}