Refactored into flake

This commit is contained in:
James Patrick 2021-11-27 20:10:36 -05:00
parent e9d8bd1a31
commit 9003325961
12 changed files with 385 additions and 192 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
.env .env
.DS_Store

85
configuration.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, pkgs, ... }:
let
publicKey = pkgs.fetchurl {
url = "https://github.com/jamesepatrick.keys";
sha256 = "sha256-6NGBLNPcvsvCTa7UC3H3r9n8dKAHobINK5pxxm94nTM=";
};
in
{
# Allow Cleanup, nix, & flakes
nix = {
autoOptimiseStore = true;
allowedUsers = [ "@wheel" ];
gc = {
automatic = true;
dates = "daily";
};
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Enable bootloader & clear /tmp on boot.
boot = {
cleanTmpDir = true;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
# Locale
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Define a user account. Don't forget to set a password with passwd.
users.users ={
root.initialPassword = "nixos";
james = {
description = "James Patrick";
extraGroups = [ "wheel" ];
initialPassword = "nixos";
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [ publicKey ];
shell = pkgs.zsh;
};
};
# These are the most basic tools I need.
environment.systemPackages = with pkgs; [
git
gnumake
vim
zsh
];
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 80 ];
allowPing = false;
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Openssh settings for security
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
}

81
flake.lock Normal file
View File

@ -0,0 +1,81 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1637875789,
"narHash": "sha256-kwW26kGhqNsWpTz+prw/pAfqz673GojbxZuB0boc1eM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "579f2e8bebb954a103a96b905c27b10f15ef38c7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1637831601,
"narHash": "sha256-axRY9AehHGXfU52RK3oqDNXd9F92Tm65vEBQir3tRLI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "aad66afc1cac4a654223f6ba326899c731e57441",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1637841632,
"narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1637888015,
"narHash": "sha256-gkANNpE7kK3/2nb2ezE3dfyb6w+8T1/q0SiQHyy89A4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "63ce681a0abe4e85449ef82a2a1b1bb73d0c3a5f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nur": "nur"
}
}
},
"root": "root",
"version": 7
}

52
flake.nix Normal file
View File

@ -0,0 +1,52 @@
{
description = "NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
inputs.nixpkgs.follows = "nixpkgs";
};
};
# All outputs for the system (configs)
outputs = { home-manager, nixpkgs, nur, nixos-hardware, ... }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config = {allowUnfree = true;};
};
lib = nixpkgs.lib;
in {
nixosConfigurations = {
# Config is based on hostname
nil = lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
./hosts/nil.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.james = import ./home.nix;
}
];
};
};
};
}

36
home.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, pkgs, ... }:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "james";
home.homeDirectory = "/home/james";
wayland.windowManager.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
home.packages = with pkgs; [
emacs
firefox
wofi
i3
zsh
kitty
tmux
];
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.11";
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

77
hosts/nil.nix Normal file
View File

@ -0,0 +1,77 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
../modules/zfs.nix
../modules/profiles/laptop.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
# This is required for the zfs module as well. Must be unique. Run the following
# head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "a7a1c3f5";
networking.hostName = "nil"; # Define your hostname.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp2s0f0.useDHCP = true;
networking.interfaces.enp5s0.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
boot.initrd.availableKernelModules = [
"nvme"
"vfat"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
"cryptd"
];
hardware.firmware = [
pkgs.rtw89-firmware
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ];
boot.supportedFilesystems = ["zfs"];
boot.initrd.luks.devices."crypt" =
{ device = "/dev/disk/by-partlabel/crypt";
preLVM = true;
};
fileSystems."/" =
{ device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-partlabel/boot";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/partitions/swap"; }
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
programs.sway = {
enable = true;
wrapperFeatures.gtk = true; # so that gtk works properly
extraPackages = with pkgs; [
swaylock
swayidle
wl-clipboard
mako # notification daemon
alacritty # Alacritty is the default terminal in the config
dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native
wofi
];
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
}

View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
./graphical.nix
];
networking.networkmanager.enable = true;
users.users.james.extraGroups = [ "networkmanager" ];
}

24
modules/zfs.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
{
boot = {
supportedFilesystems = [ "zfs" ];
zfs = {
forceImportRoot = false;
forceImportAll = false;
};
# this was required for the initial setup of the zpool.
# see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
# kernelParams = ["zfs_force=1"];
};
services.zfs = {
autoScrub.enable = true;
# enable default auto-snapshots
autoSnapshot = {
enable = true;
flags = "-k -p --utc";
};
};
}

View File

@ -1,114 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
"${builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware.git"; }}/lenovo/thinkpad/t14/amd/"
./hardware-configuration.nix
./zfs.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# This is required for the zfs module as well. Must be unique. Run the following
# head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "a7a1c3f5";
networking.hostName = "nil"; # Define your hostname.
networking.wireless = {
enable = true; # Enables wireless support via wpa_supplicant.
interfaces = ["wlp3s0"]; # Enables wireless support via wpa_supplicant.
userControlled.enable = true;
};
# Set your time zone.
time.timeZone = "America/New_York";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp2s0f0.useDHCP = true;
networking.interfaces.enp5s0.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.james = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
nix.allowedUsers = [ "@wheel" ];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
git
gnumake
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
# firefox
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

View File

@ -1,57 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"vfat"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
"cryptd"
];
# Wifi support
hardware.firmware = [ pkgs.rtw89-firmware ];
# For support of newer AMD GPUs, backlight and internal microphone
boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.13") pkgs.linuxPackages_latest;
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ];
boot.supportedFilesystems = ["zfs"];
boot.initrd.luks.devices."crypt" =
{ device = "/dev/disk/by-partlabel/crypt";
preLVM = true;
};
fileSystems."/" =
{ device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-partlabel/boot";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/partitions/swap"; }
];
}

View File

@ -1,21 +0,0 @@
# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix)
# These are the options ZFS requires, but a normal system has, of course,
# more options (like a bootloader, or installed software).
{ config, pkgs, ... }:
{
# remove this after 1st boot
# see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
boot.kernelParams = ["zfs_force=1"];
boot.zfs.forceImportRoot = false;
boot.zfs.forceImportAll = false;
boot.supportedFilesystems = [ "zfs" ];
services.zfs.autoScrub.enable = true;
# this enables the zfs-auto-snapshot
services.zfs.autoSnapshot = {
enable = true;
flags = "-k -p --utc";
};
}