diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 8bcc986..0000000 --- a/configuration.nix +++ /dev/null @@ -1,286 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running 'nixos-help'). - -{ config, pkgs, inputs, ... }: -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices."luks-1728f038-43a6-4e0d-b7dd-19a4c1083605".device = "/dev/disk/by-uuid/1728f038-43a6-4e0d-b7dd-19a4c1083605"; - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - networking.hostName = "wildfire"; # Define your hostname. - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - system.autoUpgrade = { - enable = true; - flake = inputs.self.outPath; - flags = [ - "--update-input" - "nixpkgs" - "-L" # print build logs - ]; - dates = "02:00"; - randomizedDelaySec = "45min"; - }; - - - hardware = { - #xone.enable = true; - #xpadneo.enable = true; - steam-hardware.enable = true; - graphics.enable = true; - }; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Network security - # enable firewall and block all ports - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [7777]; - networking.firewall.allowedUDPPorts = []; - - # disable coredump that could be exploited later - # and also slow down the system when something crash - systemd.coredump.enable = false; - - # Set your time zone. - time.timeZone = "Europe/Stockholm"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_GB.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "sv_SE.UTF-8"; - LC_IDENTIFICATION = "sv_SE.UTF-8"; - LC_MEASUREMENT = "sv_SE.UTF-8"; - LC_MONETARY = "sv_SE.UTF-8"; - LC_NAME = "sv_SE.UTF-8"; - LC_NUMERIC = "sv_SE.UTF-8"; - LC_PAPER = "sv_SE.UTF-8"; - LC_TELEPHONE = "sv_SE.UTF-8"; - LC_TIME = "sv_SE.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "se"; - variant = ""; - }; - - - # Configure console keymap - console.keyMap = "sv-latin1"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with 'passwd'. - users.users.schulze = { - isNormalUser = true; - description = "Felix Schulze"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - shell = pkgs.fish; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Enable Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Automatic Garbage Collection - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # TOOLS - wget - unzip - pciutils - gnupg - ncdu - whois - dig - nodejs_22 - pnpm - lact - glxinfo - jdk - cypress - jq - swtpm - openssl - imagemagick - git-filter-repo - # Controller - linuxConsoleTools - # Buildtools - python3 - gnumake - gcc - libgcc - hugo - # PROGRAMS - obsidian - wasabiwallet - tor-browser - ungoogled-chromium - prismlauncher - gitkraken - nextcloud-client - libreoffice-fresh - plexamp - mission-center - inkscape - remmina - krita - darktable - kdePackages.kleopatra - code-cursor - multiviewer-for-f1 - ]; - - fonts.packages = with pkgs; [ - intel-one-mono - ]; - - programs.zoxide.enable = true; - - programs.vim = { - enable = true; - defaultEditor = true; - } - - programs.firefox.enable = true; - - programs.thunderbird.enable = true; - - programs.fish.enable = true; - - # enable firejail - programs.firejail.enable = true; - - # enable git - programs.git = { - enable = true; - lfs.enable = true; - }; - - # enable and configure Docker - virtualisation.docker.enable = true; - - # enable VMs - programs.virt-manager.enable = true; - users.groups.libvirtd.members = ["schulze"]; - virtualisation = { - libvirtd = { - enable = true; - qemu = { - swtpm.enable = true; - ovmf.enable = true; - ovmf.packages = [ pkgs.OVMFFull.fd ]; - # package = pkgs.qemu_kvm; - }; - }; - spiceUSBRedirection.enable = true; - }; - - # SSH settings - programs.ssh.extraConfig = ""; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; - - # create system-wide executables firefox and chromium - # that will wrap the real binaries so everything - # work out of the box. - programs.firejail.wrappedBinaries = { - firefox = { - executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; - profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - chromium = { - executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium"; - profile = "${pkgs.firejail}/etc/firejail/chromium.profile"; - }; - }; - - # enable antivirus clamav and - # keep the signatures' database updated - services.clamav.daemon.enable = true; - services.clamav.updater.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - - # Systemd services - systemd.services.lact = { - description = "AMDGPU Control Daemon"; - after = ["multi-user.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.lact}/bin/lact daemon"; - }; - enable = true; - }; -} diff --git a/flake.lock b/flake.lock index cd3f169..e1574bb 100644 --- a/flake.lock +++ b/flake.lock @@ -2,15 +2,15 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", - "owner": "nixos", + "lastModified": 1748889542, + "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" diff --git a/flake.nix b/flake.nix index 388d257..0dbab5c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,8 +1,8 @@ { - description = "Nixos config flake"; + description = "Felix's NixOS configurations"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # home-manager = { # url = "github:nix-community/home-manager"; @@ -10,13 +10,12 @@ # }; }; - outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations.default = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; - modules = [ - ./configuration.nix - # inputs.home-manager.nixosModules.default - ]; + outputs = { self, nixpkgs }: { + nixosConfigurations = { + wildfire = nixpkgs.lib.nixosSystem { + specialArgs = { inputs = self.inputs; }; + modules = [ ./hosts/wildfire/configuration.nix ]; + }; }; }; } diff --git a/hosts/wildfire/configuration.nix b/hosts/wildfire/configuration.nix new file mode 100644 index 0000000..6c44738 --- /dev/null +++ b/hosts/wildfire/configuration.nix @@ -0,0 +1,37 @@ +{ config, pkgs, inputs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../modules/common.nix + ]; + + # Encrypted drive + boot.initrd.luks.devices."luks-1728f038-43a6-4e0d-b7dd-19a4c1083605".device = "/dev/disk/by-uuid/1728f038-43a6-4e0d-b7dd-19a4c1083605"; + + networking.hostName = "wildfire"; + + hardware = { + steam-hardware.enable = true; + graphics.enable = true; + }; + + # Network security specific to wildfire + networking.firewall.allowedTCPPorts = []; + networking.firewall.allowedUDPPorts = []; + + # Wildfire-specific packages + environment.systemPackages = with pkgs; [ + lact + ]; + + # Wildfire-specific Systemd services + systemd.services.lact = { + description = "AMDGPU Control Daemon"; + after = ["multi-user.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.lact}/bin/lact daemon"; + }; + enable = true; + }; +} \ No newline at end of file diff --git a/hardware-configuration.nix b/hosts/wildfire/hardware-configuration.nix similarity index 100% rename from hardware-configuration.nix rename to hosts/wildfire/hardware-configuration.nix diff --git a/modules/common.nix b/modules/common.nix new file mode 100644 index 0000000..23b9ac3 --- /dev/null +++ b/modules/common.nix @@ -0,0 +1,112 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./desktop.nix + ./users.nix + ./programs.nix + ]; + + # Bootloader. + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.kernelModules = [ "amdgpu" ]; + kernelPackages = pkgs.linuxPackages_latest; + }; + + # Enable networking + networking.networkmanager.enable = true; + + # Network security + # enable firewall and block all ports + networking.firewall.enable = true; + + # disable coredump that could be exploited later + # and also slow down the system when something crash + systemd.coredump.enable = false; + + # Set your time zone. + time.timeZone = "Europe/Stockholm"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "sv_SE.UTF-8"; + LC_IDENTIFICATION = "sv_SE.UTF-8"; + LC_MEASUREMENT = "sv_SE.UTF-8"; + LC_MONETARY = "sv_SE.UTF-8"; + LC_NAME = "sv_SE.UTF-8"; + LC_NUMERIC = "sv_SE.UTF-8"; + LC_PAPER = "sv_SE.UTF-8"; + LC_TELEPHONE = "sv_SE.UTF-8"; + LC_TIME = "sv_SE.UTF-8"; + }; + + # Configure console keymap + console.keyMap = "sv-latin1"; + + # Enable CUPS to print documents. + services.printing.enable = false; + + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable Flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Automatic system upgrades + system.autoUpgrade = { + enable = true; + flake = inputs.self.outPath; + flags = [ + "--update-input" + "nixpkgs" + "-L" # print build logs + ]; + dates = "02:00"; + randomizedDelaySec = "45min"; + }; + + # Fonts + fonts.packages = with pkgs; [ + intel-one-mono + ]; + + # create system-wide executables firefox and chromium + # that will wrap the real binaries so everything work out of the box. + # enable firejail + programs.firejail = { + enable = true; + wrappedBinaries = { + firefox = { + executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; + profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; + }; + chromium = { + executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium"; + profile = "${pkgs.firejail}/etc/firejail/chromium.profile"; + }; + }; + }; + + # enable antivirus clamav and keep the signatures' database updated + services.clamav.daemon.enable = true; + services.clamav.updater.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. + system.stateVersion = "23.11"; +} \ No newline at end of file diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..b136b3a --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + services.xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + + # Configure keymap in X11 + xkb = { + layout = "se"; + variant = ""; + }; + }; +} \ No newline at end of file diff --git a/modules/programs.nix b/modules/programs.nix new file mode 100644 index 0000000..f6c8bcc --- /dev/null +++ b/modules/programs.nix @@ -0,0 +1,106 @@ +{ config, pkgs, ... }: + +{ + # Common packages for ALL systems + environment.systemPackages = with pkgs; [ + # networking + wget + whois + dig + + # files + unzip + ncdu + + # security + gnupg + openssl + kdePackages.kleopatra + + # cli tools + jq + pciutils + glxinfo + btop + + # Development + code-cursor + gitkraken + git-filter-repo + python3 + hugo + nodejs_22 + pnpm + cypress + gnumake + gcc + libgcc + + # Common programs + obsidian + nextcloud-client + multiviewer-for-f1 + libreoffice-fresh + tor-browser + wasabiwallet + ungoogled-chromium + prismlauncher + plexamp + mission-center + remmina + + # Visual + inkscape + krita + darktable + davinci-resolve + imagemagick + ]; + + programs = { + # CLI + zoxide.enable = true; + fish.enable = true; + vim = { + enable = true; + defaultEditor = true; + }; + ssh.extraConfig = ""; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + git = { + enable = true; + lfs.enable = true; + }; + java.enable = true; + + # programs + firefox.enable = true; + thunderbird.enable = true; + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + }; + + # enable and configure Docker + virtualisation.docker.enable = true; + + # enable VMs + programs.virt-manager.enable = true; + virtualisation = { + tmp.enable = true; + libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [ pkgs.OVMFFull.fd ]; + }; + }; + spiceUSBRedirection.enable = true; + }; +} \ No newline at end of file diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..0384d1a --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +{ + # Define the main user account + users = { + users.schulze = { + isNormalUser = true; + description = "Felix Schulze"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + shell = pkgs.fish; + }; + groups.libvirtd.members = ["schulze"]; + }; +} \ No newline at end of file