schulze/nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs

Browse Source
This commit is contained in:
Felix Schulze
2025-06-18 11:55:05 +02:00
parent cac174dd69
commit 76e240c44c
3 changed files with 324 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
README.md
View File

@ -1,5 +1,146 @@
# Felix's NixOS Config
# Felix's NixOS Configuration
##
A modular, flake-based NixOS configuration supporting multiple hosts with shared and host-specific configurations.
Note: `hardware-configuration.nix` is hardware-specific. Generate your own with: `sudo nixos-generate-config`
## 🏗️ Structure Overview
```
nixos/
├── flake.nix # Main flake definition with inputs and outputs
├── hosts/ # Host-specific configurations
│ ├── wildfire/ # Desktop workstation (AMD GPU)
│ └── hurricane/ # Laptop/secondary system
├── modules/ # Shared configuration modules
│ ├── common.nix # Base system configuration
│ ├── programs.nix # System-wide packages and programs
│ ├── home/ # Home Manager configurations
│ └── desktops/ # Desktop environment configurations
└── rebuild-nix-system.sh # Helper script for system rebuilds
```
## 🖥️ Hosts
### Wildfire (Desktop Workstation)
- **GPU**: AMD with `lact` daemon for GPU control
- **Features**: Gaming setup with Steam, DaVinci Resolve, Ardour
- **Special**: LUKS encryption, dedicated GPU configuration
### Hurricane (Laptop/Secondary)
- **Type**: Portable system
- **Features**: Basic desktop setup with power management
- **Special**: Touchpad support, power profiles
Both hosts use:
- **Desktop**: Hyprland (Wayland compositor)
- **Display Manager**: regreet (lightweight Wayland greeter)
- **Audio**: PipeWire with ALSA and PulseAudio compatibility
- **Security**: Firejail sandboxing for browsers, Yubikey support
## 🧩 Modules
### `modules/common.nix`
Base system configuration shared across all hosts:
- **User Management**: Main user `schulze` with shell and groups
- **Boot**: systemd-boot with latest kernel
- **Networking**: NetworkManager with firewall
- **Localization**: Swedish locale with English UI
- **Security**: Core dump disabled, firewall enabled, ClamAV antivirus
- **Home Manager**: Integration and user-specific imports
- **System**: Auto-upgrades, fonts, and core settings
### `modules/programs.nix`
System-wide packages and program configurations:
- **Development**: VS Code (Cursor), Git, Python, Node.js, etc.
- **CLI Tools**: Modern alternatives (zoxide, starship, fish)
- **Security**: GPG, OpenSSL, Yubikey tools
- **Applications**: Firefox, Thunderbird, LibreOffice, media tools
- **Virtualization**: Docker, libvirt/QEMU with virt-manager
### `modules/desktops/hyprland-desktop.nix`
Hyprland desktop environment setup:
- **Compositor**: Hyprland with UWSM session management
- **Portal**: XDG desktop portal for Wayland
- **Workflow**: Waybar, Rofi, Mako notifications
- **Theming**: Gruvbox theme with consistent fonts
- **Tools**: Screenshot tools, clipboard manager, file manager
### `modules/home/`
Home Manager configurations:
- **`hyprland.nix`**: User-specific Hyprland configuration
- **`home-manager.nix`**: Base Home Manager settings
## 🚀 Usage
### Building and Switching
```bash
# Build and switch to new configuration
sudo nixos-rebuild switch --flake .#hostname
# Or use the helper script
./rebuild-nix-system.sh
```
### Updating the System
```bash
# Update flake inputs
nix flake update
# Update and rebuild
./update-nix-system.sh
```
## 🔒 Security Features
- **Sandboxing**: Browsers run in Firejail containers
- **Firewall**: Enabled by default, minimal open ports
- **Antivirus**: ClamAV with automatic signature updates
- **Authentication**: Yubikey U2F support
- **Encryption**: LUKS disk encryption (wildfire)
- **Updates**: Automatic security updates at 02:00
## 🎨 Theming and UI
- **Theme**: Gruvbox Dark
- **Icons**: Flat-Remix-Red-Dark
- **Fonts**: Intel One Mono, Noto Sans
- **Terminal**: Ghostty with Fish shell
- **Launcher**: Rofi (Wayland)
- **Notifications**: Mako
## 📦 Package Management
### System Packages
- Defined in `modules/programs.nix`
- Available system-wide for all users
### Host-Specific Packages
- Added in individual host `configuration.nix` files
- Only installed on that specific host
### User Packages
- Managed through Home Manager
- Per-user configurations in `modules/home/`
## 🔄 Development Workflow
### Code Style
- Use `alejandra` for Nix code formatting
- Comment complex configurations
- Group related settings together

141
modules/common.nix
View File

@ -1,25 +1,37 @@
# Common system configuration shared across all hosts
# This module contains the base settings that every system should have
{
pkgs,
inputs,
...
}: {
imports = [
# Import Home Manager as a NixOS module for user-specific configurations
inputs.home-manager.nixosModules.home-manager
];
# Home Manager configuration
# ================================
# HOME MANAGER INTEGRATION
# ================================
# Configure Home Manager to manage user-specific dotfiles and applications
home-manager = {
# Create backup files when Home Manager would overwrite existing files
backupFileExtension = "backupHM";
# Use system packages instead of separate user packages (saves space)
useGlobalPkgs = true;
useUserPackages = true;
# User-specific Home Manager configurations
users.schulze.imports = [
./home/hyprland.nix
./home/home-manager.nix
./home/hyprland.nix # Hyprland window manager user config
./home/home-manager.nix # Base user environment
];
};
# Define the main user account
# ================================
# USER MANAGEMENT
# ================================
users = {
# Define the main user account
users.schulze = {
isNormalUser = true;
description = "Felix Schulze";
@ -29,33 +41,47 @@
groups.libvirtd.members = ["schulze"];
};
# Bootloader.
# ================================
# BOOT CONFIGURATION
# ================================
boot = {
# Use systemd-boot (modern UEFI bootloader)
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
# Always use the latest kernel for best hardware support
kernelPackages = pkgs.linuxPackages_latest;
};
# ================================
# NETWORKING
# ================================
networking = {
# Enable networking
# Enable NetworkManager for easy network configuration
networkmanager.enable = true;
# Network security
# enable firewall and block all ports
# Security: Enable firewall and block all ports by default
# Host-specific ports are opened in individual host configurations
firewall.enable = true;
};
# disable coredump that could be exploited later
# and also slow down the system when something crash
# ================================
# SECURITY HARDENING
# ================================
# Disable core dumps to prevent potential security exploits
# and improve system performance during crashes
systemd.coredump.enable = false;
# Set your time zone.
# ================================
# LOCALIZATION
# ================================
# Set timezone to Swedish time
time.timeZone = "Europe/Stockholm";
# Select internationalisation properties.
# Internationalization: English UI with Swedish regional settings
i18n = {
defaultLocale = "en_GB.UTF-8";
defaultLocale = "en_GB.UTF-8"; # British English for UI
extraLocaleSettings = {
# Swedish locale for regional formats (dates, currency, etc.)
LC_ADDRESS = "sv_SE.UTF-8";
LC_IDENTIFICATION = "sv_SE.UTF-8";
LC_MEASUREMENT = "sv_SE.UTF-8";
@ -68,79 +94,99 @@
};
};
# Configure console keymap
# Configure console to use Swedish keyboard layout
console.keyMap = "sv-latin1";
# ================================
# SYSTEM SERVICES
# ================================
services = {
# Enable CUPS to print documents.
# Disable CUPS printing (enable per-host if needed)
printing.enable = false;
# Enable sound with pipewire.
pulseaudio.enable = false;
# Modern audio stack: PipeWire replaces PulseAudio
pulseaudio.enable = false; # Disable old PulseAudio
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
alsa.enable = true; # ALSA compatibility
alsa.support32Bit = true; # 32-bit app support
pulse.enable = true; # PulseAudio compatibility
wireplumber.enable = true; # Session manager
};
# enable antivirus clamav and keep the signatures' database updated
# Antivirus protection with automatic updates
clamav = {
daemon.enable = true;
updater.enable = true;
daemon.enable = true; # Background virus scanning
updater.enable = true; # Automatic signature updates
};
};
# Realtime scheduling priority for audio
# ================================
# SECURITY & PERMISSIONS
# ================================
# Enable real-time scheduling for audio applications (low-latency audio)
security.rtkit.enable = true;
# Polkit agent (authentication dialogs)
# Enable Polkit for GUI authentication dialogs (password prompts)
security.polkit.enable = true;
# Allow unfree packages
# ================================
# NIX CONFIGURATION
# ================================
# Allow installation of proprietary/unfree software
nixpkgs.config.allowUnfree = true;
# Enable Flakes
# Enable modern Nix features (flakes and new CLI)
nix.settings.experimental-features = ["nix-command" "flakes"];
# Automatic system upgrades
# ================================
# AUTOMATIC MAINTENANCE
# ================================
# Configure automatic system updates for security
system.autoUpgrade = {
enable = true;
flake = inputs.self.outPath;
flake = inputs.self.outPath; # Use this flake for updates
flags = [
"--update-input"
"nixpkgs"
"-L" # print build logs
"nixpkgs" # Update nixpkgs input
"-L" # Print build logs for transparency
];
dates = "02:00";
randomizedDelaySec = "45min";
dates = "02:00"; # Run at 2 AM
randomizedDelaySec = "45min"; # Random delay to avoid server load
};
# Fonts
# ================================
# FONTS
# ================================
# System-wide fonts for consistent typography
fonts.packages = with pkgs; [
intel-one-mono
noto-fonts
noto-fonts-emoji
intel-one-mono # Monospace font for coding
noto-fonts # Comprehensive Unicode support
noto-fonts-emoji # Emoji support
];
# This improves touchscreen support and enables additional touchpad gestures. It also enables smooth scrolling as opposed to the stepped scrolling that Firefox has by default
# ================================
# BROWSER OPTIMIZATIONS
# ================================
# Improve touchscreen and scrolling support in Firefox
environment.sessionVariables = {
MOZ_USE_XINPUT2 = "1";
};
# create system-wide executables firefox and chromium
# that will wrap the real binaries so everything work out of the box.
# enable firejail
# ================================
# SANDBOXED APPLICATIONS
# ================================
# Enable Firejail for application sandboxing (security)
programs.firejail = {
enable = true;
# Create sandboxed wrappers for browsers
wrappedBinaries = {
firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
extraArgs = [
# Required for U2F USB stick
# Required for U2F USB security keys
"--ignore=private-dev"
# Enable system notifications
# Enable desktop notifications
"--dbus-user.talk=org.freedesktop.Notifications"
];
};
@ -150,7 +196,12 @@
};
};
};
# Yubikey Settings
# ================================
# HARDWARE SECURITY (YUBIKEY)
# ================================
# Enable Yubikey support for SSH and GPG
services.yubikey-agent.enable = true;
# Enable U2F authentication for login
security.pam.u2f.enable = true;
}

114
modules/desktops/hyprland-desktop.nix
View File

@ -1,35 +1,55 @@
# Hyprland Desktop Environment Configuration
# Complete setup for Hyprland Wayland compositor with modern desktop tools
{
inputs,
pkgs,
...
}: {
# ================================
# DISPLAY SERVER CONFIGURATION
# ================================
services = {
# X11 server configuration (for compatibility)
xserver = {
enable = true;
displayManager.gdm.enable = false;
displayManager.gdm.enable = false; # Disable GDM in favor of regreet
};
# Greetd is lightweight and Wayland-native
# Lightweight Wayland-native display manager
greetd.enable = true;
upower.enable = true;
power-profiles-daemon.enable = true;
# Power management services for laptops and desktops
upower.enable = true; # Battery and power device monitoring
power-profiles-daemon.enable = true; # CPU frequency scaling
};
# ================================
# HYPRLAND BINARY CACHE
# ================================
# Configure Cachix for faster Hyprland installations
nix.settings = {
substituters = ["https://hyprland.cachix.org"];
trusted-substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
# ================================
# HYPRLAND & SESSION MANAGEMENT
# ================================
programs = {
# Main Hyprland configuration
hyprland = {
enable = true;
withUWSM = true;
# Only enable the flake packages after Cachix has already been enabled
withUWSM = true; # Enable Universal Wayland Session Manager
# Use cutting-edge Hyprland from flake input (latest features)
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
# regreet: Modern, customizable greeter for greetd
regreet.enable = true;
# UWSM: Universal Wayland Session Manager
uwsm = {
enable = true;
waylandCompositors.hyprland = {
@ -38,62 +58,96 @@
binPath = "/run/current-system/sw/bin/Hyprland";
};
};
# ================================
# GTK THEMING CONFIGURATION
# ================================
# dconf: Configure GTK applications and GNOME settings
dconf = {
enable = true;
profiles.user.databases = [
{
settings."org/gnome/desktop/interface" = {
gtk-theme = "Gruvbox-Dark-B";
icon-theme = "Flat-Remix-Red-Dark";
font-name = "Noto Sans Medium 11";
document-font-name = "Noto Sans Medium 11";
monospace-font-name = "Intel One Mono Medium 11";
gtk-theme = "Gruvbox-Dark-B"; # Dark theme for GTK apps
icon-theme = "Flat-Remix-Red-Dark"; # Icon theme
font-name = "Noto Sans Medium 11"; # UI font
document-font-name = "Noto Sans Medium 11"; # Document font
monospace-font-name = "Intel One Mono Medium 11"; # Terminal/code font
};
}
];
};
};
# ================================
# XDG & DESKTOP INTEGRATION
# ================================
xdg = {
# Set default applications for file types
mime.defaultApplications = {
"default-web-browser" = ["firefox.desktop"];
};
# XDG Desktop Portal for Wayland integration
portal = {
enable = true;
xdgOpenUsePortal = true;
xdgOpenUsePortal = true; # Use portal for opening files/URLs
};
};
# ================================
# ENVIRONMENT VARIABLES
# ================================
environment.sessionVariables = {
# Set Firefox as default browser
BROWSER = "${pkgs.lib.getBin pkgs.firefox}";
# Enable Wayland support for Electron apps (VS Code, Discord, etc.)
NIXOS_OZONE_WL = "1";
};
# ================================
# HYPRLAND DESKTOP PACKAGES
# ================================
# Essential tools for a functional Hyprland desktop
environment.systemPackages = with pkgs; [
# Core Hyprland workflow tools
waybar # Panel
rofi-wayland # Launcher
# ---- CORE HYPRLAND WORKFLOW ----
waybar # Status bar/panel
rofi-wayland # Application launcher and dmenu replacement
mako # Notification daemon
hyprpaper # Wallpaper daemon
hyprlock # Lock screen
wl-clipboard # Clipboard utils
cliphist # Clipboard manager
pavucontrol # GUI audio mixer
blueman # Bluetooth tray
networkmanagerapplet # System tray for network
brightnessctl # Brightness (for laptops)
wlsunset # Night light/gamma adjustment
grim
slurp
swappy
wf-recorder # Screenshots & screenrecording
libsForQt5.qt5ct # For QT application appearance
nautilus # File manager
hyprlock # Screen lock utility
# ---- CLIPBOARD & INPUT ----
wl-clipboard # Clipboard utilities for Wayland
cliphist # Clipboard history manager
# ---- SYSTEM CONTROL ----
pavucontrol # GUI audio mixer and control
blueman # Bluetooth manager with system tray
networkmanagerapplet # Network management system tray
brightnessctl # Screen brightness control (laptops)
wlsunset # Blue light filter/night mode
# ---- SCREENSHOT & RECORDING ----
grim # Screenshot tool for Wayland
slurp # Screen area selection for screenshots
swappy # Screenshot editing and annotation
wf-recorder # Screen recording for Wayland
# ---- APPLICATION INTEGRATION ----
libsForQt5.qt5ct # Qt5 application theming control
nautilus # GNOME file manager (GTK)
];
# ================================
# FILE MANAGER INTEGRATION
# ================================
# Configure Nautilus to work seamlessly with the desktop
programs.nautilus-open-any-terminal = {
enable = true;
terminal = "ghostty";
terminal = "ghostty"; # Use Ghostty as default terminal in file manager
};
# Enable GNOME Sushi for file preview in Nautilus
services.gnome.sushi.enable = true;
}