janis/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: janis:0f906094985dd3d009fe568f4f8ffcba810ca40c
Branches Tags
janis:main
janis:new-config
..
compare: janis:e5379891a54ef94cc06ade7076dddb86dfa526d3
Branches Tags
janis:main
janis:new-config

7 commits
0f90609498 ... e5379891a5

Author SHA1 Message Date
janis e5379891a5
disable ssh password auth 2025-11-18 18:05:51 +01:00
janis 3df732b793
update lock file 2025-11-18 18:04:31 +01:00
janis 68e7869fc3
fix typos 2025-11-18 18:03:55 +01:00
janis 71e36690a3
split home and user up to allow for modular configuration 2025-11-18 16:54:18 +01:00
janis 74be2fe1d6
add /mnt/storage 2025-11-18 15:45:28 +01:00
janis ab6245fe26
restructure system.nix into multiple files 2025-11-18 15:45:09 +01:00
janis f61859eedc
libvirt + prismlauncher 2025-11-06 12:32:03 +01:00
25 changed files with 532 additions and 333 deletions
Show stats Expand all files Collapse all files

59
flake.lock
View file

@ -87,6 +87,22 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -128,6 +144,26 @@
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1763385941,
"narHash": "sha256-99CBNgyMvg3Zu/hxqixtShevrF4Kfr/qjtizQ6oseVI=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "cc6483354b236c2fc95cc1d4ba1f0f40b7345e69",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1757745802,
@ -209,6 +245,22 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1760862643,
"narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
@ -224,7 +276,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
@ -243,7 +295,7 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1759340767,
@ -278,7 +330,8 @@
"duralumin": "duralumin",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_4",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_5",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur"
}

37
flake.nix
View file

@ -2,6 +2,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -19,7 +20,7 @@
duralumin.url = "git+https://git.nirgendwo.xyz/janis/duralumin.git";
};
outputs = inputs @ { self, disko, nixpkgs, nixpkgs-unstable, home-manager, duralumin, emacs-overlay, ... }:
outputs = inputs @ { self, disko, nixpkgs, nixos-wsl, nixpkgs-unstable, home-manager, duralumin, emacs-overlay, ... }:
let
system = "x86_64-linux";
overlay-unstable = final: prev: {
@ -30,11 +31,11 @@
};
in rec {
mkSystem = {host, ...}: nixpkgs.lib.nixosSystem {
mkSystem = {host, extra-modules ? [], ...}: nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./configuration.nix
./programs
./options.nix
./pkgs
host
@ -48,7 +49,7 @@
inherit inputs;
};
}
];
] ++ extra-modules;
specialArgs = {
inherit inputs home-manager;
@ -74,9 +75,37 @@
};
laptop = mkSystem {
host = ./hosts/laptop;
extra-modules = [
./user
./system
];
};
desktop = mkSystem {
host = ./hosts/desktop;
extra-modules = [
./user
./system
];
};
wsl = mkSystem {
host = ./hosts/wsl.nix;
extra-modules = [
nixos-wsl.nixosModules.default
./user/wsl.nix
{
wsl.enable = true;
# wsl wants a subset of the system configuration, sans power, wireless, boot
imports = [
./system/core.nix
./system/networking.nix
./system/fonts.nix
./system/virtualisation.nix
];
}
];
};
};
};

60
home/common.nix Normal file
View file

@ -0,0 +1,60 @@
{pkgs, ...}:
let
user = import ../data/user.nix {};
in {
# Manage NixOS configurations
programs.nh = {
enable = true;
};
# Direnv for project-specific environment variables
programs.direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
# Font configuration
fonts.fontconfig.enable = true;
home = {
stateVersion = "25.05";
homeDirectory = "/home/${user.username}";
username = user.username;
shell.enableZshIntegration = true;
sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
EDITOR = "nvim";
VISUAL = "nvim";
GTK_THEME = "Breeze-Dark";
NIXOS_OZONE_WL = "1";
};
packages = with pkgs; [
# Add your global packages here
duralumin
duralumin-keygen
ranger
neovim
bottom
git
wget
curl
tree
htop
ripgrep
killall
xdg-utils
file
gh
# for running wayland apps over ssh
waypipe
screenshot
];
};
}

90
home/default.nix
View file

@ -1,9 +1,8 @@
{pkgs, ...}:
let
user = import ../data/user.nix {};
in {
{...}: {
imports = [
./alacritty.nix
./common.nix
./desktop-apps.nix
./development
./emacs.nix
./firefox.nix
@ -20,87 +19,4 @@ in {
./waybar.nix
./zsh.nix
];
programs.nh = {
enable = true;
# flake = "/etc/nixos/config#laptop"
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
xdg = {
systemDirs.data = ["${pkgs.nordvpn}/share"];
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-xapp
];
};
};
fonts.fontconfig.enable = true;
home = {
stateVersion = "25.05";
homeDirectory = "/home/${user.username}";
username = user.username;
shell.enableZshIntegration = true;
sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
EDITOR = "nvim";
VISUAL = "nvim";
GTK_THEME = "Breeze-Dark";
NIXOS_OZONE_WL = "1";
};
packages = with pkgs; [
# Add your global packages here
mpv
sxiv
feh
duralumin
duralumin-keygen
ranger
neovim
bottom
git
wget
curl
htop
tree
htop
pavucontrol
ripgrep
killall
x11_ssh_askpass
xdg-utils
vanilla-dmz
(discord.override {withVencord = true;})
spotify
pkgs.unstable.zed-editor-fhs
file
bitwarden-desktop
bitwarden-cli
gh
# for running wayland apps over ssh
waypipe
foliate
# file manager
nemo-with-extensions
screenshot
];
};
}

27
home/desktop-apps.nix Normal file
View file

@ -0,0 +1,27 @@
{pkgs, ...}: {
home.packages = with pkgs; [
# Video/Image Viewers
mpv
feh
sxiv
vanilla-dmz
whitesur-cursors
x11_ssh_askpass
pavucontrol
(discord.override {withVencord = true;})
spotify
pkgs.unstable.zed-editor-fhs
bitwarden-desktop
bitwarden-cli
# Minecraft Launcher
prismlauncher
virt-manager
foliate
# GUI File Manager
nemo-with-extensions
];
}

9
home/sway.nix
View file

@ -15,11 +15,12 @@ in {
wmctrl
alsa-utils
wireplumber
alacritty
waybar
sway
whitesur-cursors
rofi-wayland
alacritty
vanilla-dmz
whitesur-cursors
];
wayland = {

2
home/theme.nix
View file

@ -88,7 +88,7 @@
qt = {
enable = true;
platformTheme = "qtct";
platformTheme.name = "qtct";
style = {
name = "kvantum";
};

11
home/wsl.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
imports = [
./common.nix
./development
./emacs.nix
./git-ssh.nix
./syncthing.nix
./theme.nix
./zsh.nix
];
}

14
home/xdg.nix Normal file
View file

@ -0,0 +1,14 @@
{pkgs, ...}: {
xdg = {
systemDirs.data = ["${pkgs.nordvpn}/share"];
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-xapp
];
};
};
}

7
hosts/desktop/default.nix
View file

@ -8,6 +8,7 @@
darkMode = true;
enableHypridle = true;
has_battery = false;
enableVirtualisation = true;
networking.hostName = "desktop";
@ -33,6 +34,11 @@
fsType = "btrfs";
options = [ "noatime" "compress=zstd" ];
};
"/mnt/storage" = {
device = "/dev/disk/by-partuuid/5aa38412-423a-4a68-9066-2e852397bde2";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
"/home" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
@ -92,6 +98,7 @@
"resume_offset=533760"
];
supportedFilesystems = [ "ntfs" "btrfs" ];
resumeDevice = "/dev/disk/by-uuid/c6442c5b-119b-4eba-82b3-0b9b89aab03f";
kernelModules = [ "kvm-intel" ];

6
options.nix
View file

@ -53,5 +53,11 @@
default = {};
description = "Additional config for TLP";
};
enableVirtualisation = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable virtualization features.";
};
};
}

18
system/boot.nix Normal file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
boot = {
loader = {
grub = {
enable = true;
devices = [ "nodev" ];
efiSupport = true;
useOSProber = true;
};
# systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# timeout = 0;
};
# kernelModules = [];
kernelPackages = pkgs.linuxPackages_zen;
};
}

69
system/core.nix Normal file
View file

@ -0,0 +1,69 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
# Basic utilities
zsh
wget
curl
git
vim
htop
linux-firmware
linuxHeaders
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system = {
stateVersion = "25.05";
activationScripts = {
rfkill-unblock = {
text = ''
rfkill unblock all
'';
deps = [];
};
};
};
time.hardwareClockInLocalTime = true;
security = {
polkit.enable = true;
rtkit.enable = true;
sudo.wheelNeedsPassword = false; # Allow sudo without password
};
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
};
services = {
dbus.implementation = "broker";
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Enable password authentication.
PermitRootLogin = "yes"; # Allow root login (not recommended for production).
};
};
libinput.enable = true;
};
}

208
system/default.nix
View file

@ -1,201 +1,13 @@
{inputs, lib, pkgs, config, ...}: {
{...}: {
imports = [
../options.nix
./boot.nix
./core.nix
./fonts.nix
./hardware.nix
./networking.nix
./power.nix
./qemu.nix
./virtualisation.nix
./wireless.nix
];
environment.systemPackages = with pkgs; [
# Basic utilities
zsh
wget
curl
git
vim
htop
linux-firmware
linuxHeaders
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system = {
stateVersion = "25.05";
activationScripts = {
rfkill-unblock = {
text = ''
rfkill unblock all
'';
deps = [];
};
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# timeout = 0;
};
# kernelModules = [];
kernelPackages = pkgs.linuxPackages_zen;
};
hardware = {
enableAllFirmware = true;
amdgpu.initrd.enable = true;
graphics = {
enable = true;
enable32Bit = true;
};
};
security = {
polkit.enable = true;
rtkit.enable = true;
sudo.wheelNeedsPassword = false; # Allow sudo without password
};
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
roboto
roboto-mono
twitter-color-emoji
nerd-fonts.fira-code
nerd-fonts.fira-mono
unicode-emoji
fira-sans
font-awesome
fira-mono
fira-code
material-icons
source-sans
source-code-pro
pkgs.nur.repos.redpz.sf-mono
inputs.apple-fonts.packages.${pkgs.system}.sf-pro-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-mono-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-compact-nerd
inputs.apple-fonts.packages.${pkgs.system}.ny-nerd
];
fontconfig = {
defaultFonts = {
monospace = ["SF Mono" "Fira Mono" "Noto Mono"];
serif = ["Noto Serif"];
sansSerif = ["SF Pro Text" "Noto Sans" "Roboto"];
emoji = ["Twitter Color Emoji" "Noto Emoji"];
};
};
};
networking = {
nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];
# networkmanager.wifi.backend = "iwd";
# networkmanager.enable = true;
wireless.iwd = {
enable = true;
settings = {
Settings ={
AutoConnect = true;
};
};
};
firewall = {
enable = true;
# ssh: 22 TCP
# cups: 631 TCP
# syncthing:
# 22000 TCP and/or UDP for sync traffic
# 21027/UDP for discovery
allowedTCPPorts = [ 22 22000 631 ];
allowedUDPPorts = [ 22000 21027 ];
};
};
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
};
services = {
qemuGuest.enable = config.vmGuest;
spice-vdagentd.enable = config.vmGuest;
dbus.implementation = "broker";
connman = {
enable = true;
wifi.backend = "iwd"; # Use iwd for Wi-Fi management.
extraFlags = [ "--nodnsproxy" ];
};
resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
thermald.enable = config.useThermald;
tlp = lib.mkIf (config.has_battery) {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 85;
};
} // config.tlpConfig or {};
auto-cpufreq = lib.mkIf (config.has_battery) {
enable = true;
settings = {
battery = {
governor = "powersave"; # Set the CPU governor to powersave.
energy_performance_preference = "power";
turbo = "never";
# enable_thresholds = true;
# start_threshold = 50;
# stop_threshold = 90;
};
charger = {
governor = "performance"; # Set the CPU governor to performance when charging.
turbo = "auto";
};
};
} // config.cpufreqConfig or {};
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Enable password authentication.
PermitRootLogin = "yes"; # Allow root login (not recommended for production).
};
};
libinput.enable = true;
};
}

40
system/fonts.nix Normal file
View file

@ -0,0 +1,40 @@
{inputs, pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
roboto
roboto-mono
twitter-color-emoji
nerd-fonts.fira-code
nerd-fonts.fira-mono
unicode-emoji
fira-sans
font-awesome
fira-mono
fira-code
material-icons
source-sans
source-code-pro
pkgs.nur.repos.redpz.sf-mono
inputs.apple-fonts.packages.${pkgs.system}.sf-pro-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-mono-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-compact-nerd
inputs.apple-fonts.packages.${pkgs.system}.ny-nerd
];
fontconfig = {
defaultFonts = {
monospace = ["SF Mono" "Fira Mono" "Noto Mono"];
serif = ["Noto Serif"];
sansSerif = ["SF Pro Text" "Noto Sans" "Roboto"];
emoji = ["Twitter Color Emoji" "Noto Emoji"];
};
};
};
}

10
system/hardware.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
hardware = {
enableAllFirmware = true;
amdgpu.initrd.enable = true;
graphics = {
enable = true;
enable32Bit = true;
};
};
}

26
system/networking.nix Normal file
View file

@ -0,0 +1,26 @@
{...}: {
networking = {
nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];
# networkmanager.wifi.backend = "iwd";
# networkmanager.enable = true;
firewall = {
enable = true;
# ssh: 22 TCP
# cups: 631 TCP
# syncthing:
# 22000 TCP and/or UDP for sync traffic
# 21027/UDP for discovery
allowedTCPPorts = [ 22 22000 631 ];
allowedUDPPorts = [ 22000 21027 ];
};
};
services.resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
}

37
system/power.nix Normal file
View file

@ -0,0 +1,37 @@
{lib, config, ...}: {
imports = [
../options.nix
];
services = {
thermald.enable = config.useThermald;
tlp = lib.mkIf (config.has_battery) {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 85;
};
} // config.tlpConfig or {};
auto-cpufreq = lib.mkIf (config.has_battery) {
enable = true;
settings = {
battery = {
governor = "powersave"; # Set the CPU governor to powersave.
energy_performance_preference = "power";
turbo = "never";
# enable_thresholds = true;
# start_threshold = 50;
# stop_threshold = 90;
};
charger = {
governor = "performance"; # Set the CPU governor to performance when charging.
turbo = "auto";
};
};
} // config.cpufreqConfig or {};
};
}

10
system/qemu.nix Normal file
View file

@ -0,0 +1,10 @@
{config, ...}: {
imports = [
../options.nix
];
services = {
qemuGuest.enable = config.vmGuest;
spice-vdagentd.enable = config.vmGuest;
};
}

16
system/virtualisation.nix Normal file
View file

@ -0,0 +1,16 @@
{lib, pkgs, config, ...}: {
imports = [
../options.nix
];
virtualisation = lib.mkIf config.enableVirtualisation {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
};
};
};
}

15
system/wireless.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
networking.wireless.iwd = {
enable = true;
settings = {
Settings ={
AutoConnect = true;
};
};
};
services.connman = {
enable = true;
wifi.backend = "iwd"; # Use iwd for Wi-Fi management.
extraFlags = [ "--nodnsproxy" ];
};
}

27
user/common.nix Normal file
View file

@ -0,0 +1,27 @@
{config, pkgs, ...}:
let
user = import ../data/user.nix {};
in {
imports = [
../options.nix
];
users.users.${user.username} = {
shell = pkgs.zsh;
group = "users";
home = "/home/${user.username}";
createHome = true;
isNormalUser = true;
extraGroups = [ "wheel" "input" "nordvpn" "networkmanager" "libvirtd" ];
};
programs.zsh.enable = true;
programs.dconf.enable = true;
programs.ssh = {
startAgent = true;
};
home-manager.extraSpecialArgs = {
super-config = config;
};
}

37
user/default.nix
View file

@ -1,45 +1,16 @@
{config, pkgs, ...}:
{...}:
let
user = import ../data/user.nix {};
in {
imports = [
../options.nix
./common.nix
./greetd.nix
];
users.users.${user.username} = {
shell = pkgs.zsh;
group = "users";
home = "/home/${user.username}";
createHome = true;
isNormalUser = true;
extraGroups = [ "wheel" "input" "nordvpn" "networkmanager" ];
};
programs.zsh.enable = true;
programs.dconf.enable = true;
programs.ssh = {
startAgent = true;
};
services = {
udisks2.enable = true;
# xserver.enable = true;
# xserver.displayManager.sddm.enable = true;
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd 'dbus-run-session sway'";
user = "greeter";
};
};
};
};
services.udisks2.enable = true;
home-manager.users.${user.username} = { ... }: {
imports = [ ../home ];
};
home-manager.extraSpecialArgs = {
super-config = config;
};
}

11
user/greetd.nix Normal file
View file

@ -0,0 +1,11 @@
{pkgs, ...}: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd 'dbus-run-session sway'";
user = "greeter";
};
};
};
}

13
user/wsl.nix Normal file
View file

@ -0,0 +1,13 @@
{...}:
let
user = import ../data/user.nix {};
in {
imports = [
../options.nix
./common.nix
];
home-manager.users.${user.username} = { ... }: {
imports = [ ../home/wsl.nix ];
};
}