Initial Commit

trunk
Nathan McCarty 2021-12-20 13:37:26 -05:00
commit eb49c566e1
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
22 changed files with 766 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
**/result

View File

@ -0,0 +1,62 @@
# Communications software
{ config, pkgs, unstable, ... }:
{
# Pull in personal overlay
# nixpkgs.overlays = [ (import ../../overlays/personal/overlay.nix) ];
environment.systemPackages = with pkgs;
let
## Wayland workaround chromium desktop items
# Facebook messenger
fbChromeDesktopItem = pkgs.makeDesktopItem {
name = "messenger-chrome";
desktopName = "Messenger (chrome)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\"";
terminal = false;
};
# Teams
teamsItem = pkgs.makeDesktopItem {
name = "teams-wayland";
desktopName = "Teams (Wayland)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\"";
terminal = false;
};
## Pass wayland options to existing applications
signalWaylandItem = pkgs.makeDesktopItem {
name = "signal-desktop-wayland";
desktopName = "Signal (Wayland)";
exec = "${pkgs.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform -ozone-platform=wayland";
terminal = false;
icon = "signal-desktop";
type = "Application";
};
zulipWayland = pkgs.makeDesktopItem {
name = "zulip-wayland";
desktopName = "Zulip (Wayland)";
exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland";
terminal = false;
icon = "zulip";
type = "Application";
};
in
[
# Discord
discord
unstable.betterdiscordctl
# Use unstable element for latest features
unstable.element-desktop-wayland
# Desktop signal client
signal-desktop
signalWaylandItem
# Desktop telegram client
tdesktop
# zulip
unstable.zulip
zulipWayland
# chromium
chromium
# Wayland workaround packages
fbChromeDesktopItem
teamsItem
];
}

View File

@ -0,0 +1,25 @@
# Core development libraries
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
# Full version of git
unstable.gitFull
# Git addons
git-secret
unstable.git-lfs
# General development requirements
python3Full
cmake
gcc
unstable.libvterm-neovim
libtool
binutils
clang
gnumake
nixpkgs-fmt
# jq for interacting with JSON
jq
# Direnv for nix-shell niceness
direnv
];
}

View File

@ -0,0 +1,26 @@
# Utilities for developing in rust
{ config, pkgs, unstable, fenix, ... }:
{
environment.systemPackages = with pkgs; [
# Use rustup to get the compiler
rustup
# Install the latest rust analyzer
fenix.rust-analyzer
# Sccache and lld for faster builds
sccache
lld_12
# Misc cargo utilites
cargo-binutils # Allow invoking the llvm tools included with the toolchain
cargo-edit # Command line Cargo.toml manipulation
cargo-asm # Dump the generated assembly
cargo-fuzz # front end for fuzz testing rust
cargo-license # Audit the licenses of dependencies
cargo-criterion # Benchmarking front end
cargo-audit # Check dependencies for known CVEs
cargo-bloat # Find out what's taking up space in the executable
cargo-udeps # Find unused dependencies
cargo-expand # Dump expanded macros
unstable.cargo-tarpaulin # Code coverage
cargo-play # Quickly execute code outside of a crate
];
}

7
applications/emacs.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, unstable, ... }:
{
# Install emacs
environment.systemPackages = with pkgs; [
unstable.emacsPgtkGcc
];
}

View File

@ -0,0 +1,16 @@
# Image editing applications
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
# RawTherapee for raw editing
unstable.rawtherapee
# Gimp for complex editing
unstable.gimp-with-plugins
# Krita for drawing
unstable.krita
# Pinta for basic image editing
unstable.pinta
# Command line tools for image conversion and handling
imagemagickBig
];
}

15
applications/media.nix Normal file
View File

@ -0,0 +1,15 @@
# Media players and other applications
{ config, pkgs, unstable, ... }:
{
# imports = [ ../../sensitive/mopidy.nix ];
environment.systemPackages = with pkgs; [
# Spotify
spotify
# Latest version of vlc
unstable.vlc
# Plex client
plex-media-player
# OBS studio for screen recording
unstable.obs-studio
];
}

View File

@ -0,0 +1,14 @@
{ config, pkgs, unstable, ... }:
{
# Enable synthing service and tray
services.syncthing = {
enable = true;
user = "nathan";
configDir = "/home/nathan/.config/syncthing";
};
# Install synthing and syncthing-tray
environment.systemPackages = with pkgs; [
syncthing
unstable.syncthingtray
];
}

View File

@ -0,0 +1,34 @@
# Basic, must have, command-line utilities
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Spell check
hunspell
hunspellDicts.en-us
# Rust rewrites of common shell utilities
unstable.starship
exa
bat
fd
sd
du-dust
ripgrep
tokei
unstable.procs
hyperfine
unstable.bottom
# Pandoc for documentation
unstable.pandoc
# For nslookup
dnsutils
# Feh image viewer
feh
];
}

99
flake.lock Normal file
View File

@ -0,0 +1,99 @@
{
"nodes": {
"emacs": {
"locked": {
"lastModified": 1640083461,
"narHash": "sha256-e3HJoCajImuDWOk6nnb6nJNzh0AD6PjL+Er4gzGT7ss=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "043268ac469364214a02918717d74d9a0cc1af3d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1640067945,
"narHash": "sha256-V3aybCE3rPXraX8sSzamdsGuIuTQI77tliyyufZR+mU=",
"owner": "nix-community",
"repo": "fenix",
"rev": "433679b1d41fc1d40a2f6382305f4a10ccc57457",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1639989170,
"narHash": "sha256-REf0rqdJs6XIPo/zc/FhJMecggjEXi45QyiV207y30Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "86453059bf8312f0f5bf1fe8a2f52da2be664489",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1639966735,
"narHash": "sha256-FmVGFiyqE+pjQUTCTY0H75hqrnBnbEf3VVRB4dsd4KI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d87b72206aadebe6722944f541f55d33fd7046fb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"emacs": "emacs",
"fenix": "fenix",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1639175515,
"narHash": "sha256-Yj38u9BpKfyGrcSEaoSEnOns885xn/Ask6lR5rsxS8k=",
"owner": "rust-analyzer",
"repo": "rust-analyzer",
"rev": "d03397fe1173eaeb2e04c9e55ac223289e7e08ee",
"type": "github"
},
"original": {
"owner": "rust-analyzer",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

79
flake.nix Normal file
View File

@ -0,0 +1,79 @@
{
description = "Nathan's system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
emacs = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, fenix, emacs }:
{
nixosConfigurations.levitation = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ emacs.overlay ];
system = "x86_64-linux";
};
fenix = fenix.packages.x86_64-linux;
};
modules = [
./hardware/levitation.nix
./modules/user.nix
./modules/common.nix
./modules/audio.nix
./modules/sway.nix
./modules/fonts.nix
./modules/gpg.nix
./modules/logitech.nix
./modules/qemu.nix
./modules/docker.nix
./modules/ssh.nix
./applications/utils-core.nix
./applications/communications.nix
./applications/devel-core.nix
./applications/devel-rust.nix
./applications/emacs.nix
./applications/image-editing.nix
./applications/media.nix
./applications/syncthing.nix
({ pkgs, ... }: {
## Boot, drivers, and host name
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Enable AMD gpu drivers early
boot.initrd.kernelModules = [ "amdgpu" ];
# Use the zen kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
# Define the hostname, enable dhcp
networking = {
hostName = "levitation";
domain = "mccarty.io";
useDHCP = false;
interfaces.enp5s0.useDHCP = true;
};
## System specific configuration
programs = {
steam.enable = true;
adb.enable = true;
};
## Left over uncategorized packages
environment.systemPackages = with pkgs; [
firefox-wayland
];
})
];
};
};
}

71
hardware/levitation.nix Normal file
View File

@ -0,0 +1,71 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/mapper/crypt-pv";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."crypt-pv".device = "/dev/disk/by-uuid/15e9f417-b35a-40fe-a066-595be13cf230";
fileSystems."/home" =
{
device = "/dev/mapper/crypt-pv";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/nix" =
{
device = "/dev/mapper/crypt-pv";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{
device = "/dev/mapper/crypt-pv";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var" =
{
device = "/dev/mapper/crypt-pv";
fsType = "btrfs";
options = [ "subvol=var" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/1425-B41E";
fsType = "vfat";
};
swapDevices =
[{
device = "/dev/disk/by-partuuid/f9d26ecd-7df5-48ad-bc19-b9ac4e91b0ee";
randomEncryption = {
cipher = "aes-xts-plain64";
enable = true;
source = "/dev/random";
};
}];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

64
modules/audio.nix Normal file
View File

@ -0,0 +1,64 @@
## Setup pipewire, including bluetooth audio
{ config, pkgs, unstable, ... }:
{
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
# Turn on the media session manager, and setup bluetooth
media-session = {
enable = true;
# Configure bluetooth support
config.bluez-monitor.rules = [
{
# Matches all cards
matches = [{ "device.name" = "~bluez_card.*"; }];
actions = {
"update-props" = {
"bluez5.reconnect-profiles" = [ "a2dp_sink" ];
# SBC-XQ is not expected to work on all headset + adapter combinations.
"bluez5.sbc-xq-support" = true;
};
};
}
{
matches = [
# Matches all sources
{ "node.name" = "~bluez_input.*"; }
# Matches all outputs
{ "node.name" = "~bluez_output.*"; }
];
actions = {
"node.pause-on-idle" = false;
};
}
];
};
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = [
pkgs.pulseaudio
];
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true;
# Use latest noisetorch, its a fast moving target
package = unstable.noisetorch;
};
}

27
modules/common.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Turn on flakes support (from within a flake, lamo)
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Turn on compressed memory swap
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 25;
};
# Automatically optimize and garbage collect the store
nix = {
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
}

10
modules/docker.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, unstable, ... }:
{
# Enable docker and use unstable version
virtualisation.docker = {
enable = true;
package = unstable.docker;
# Automatically prune to keep things lean
autoPrune.enable = true;
};
}

13
modules/fonts.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
# Proportional
roboto
liberation_ttf
noto-fonts
];
}

36
modules/gpg.nix Normal file
View File

@ -0,0 +1,36 @@
# Configure gpg with yubikey support
{ config, pkgs, ... }:
{
# Setup environment for gpg agent
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
environment.sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh";
};
programs = {
# Disable ssh-agent, the gpg-agent will fill in
ssh.startAgent = false;
# Enable gpg-agent with ssh support
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
};
# Enable ykpersonalize to work
services.udev.packages = [ pkgs.yubikey-personalization ];
# Enable smartcard service
services.pcscd.enable = true;
# install gnupg and yubikey personalization
environment.systemPackages = with pkgs; [
gnupg
yubikey-personalization
];
}

7
modules/logitech.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
}

12
modules/qemu.nix Normal file
View File

@ -0,0 +1,12 @@
# Setup quem/libvirt
{ config, pkgs, ... }:
{
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
virtualisation.libvirtd.enable = true;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
];
}

22
modules/ssh.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
networking.firewall = {
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ 22 ];
};
services.openssh = {
enable = true;
extraConfig = ''
StreamLocalBindUnlink yes
'';
listenAddresses = [
{
addr = "0.0.0.0";
port = 22;
}
];
permitRootLogin = "no";
passwordAuthentication = false;
};
}

85
modules/sway.nix Normal file
View File

@ -0,0 +1,85 @@
## Enable and setup SwayWM
{ config, pkgs, unstable, ... }:
{
# Turn on GDM for login
services.xserver = {
enable = true;
autorun = true;
displayManager.gdm = {
enable = true;
wayland = true;
};
# Enable plasma for the applications
desktopManager.plasma5.enable = true;
};
# Setup drivers
hardware.opengl = {
# Enable vulkan
driSupport = true;
# Force vulkan drivers
extraPackages = [
pkgs.amdvlk
];
# Same as above, but enable 32 bit legacy support (for games)
driSupport32Bit = true;
extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
};
# Basic packages that are effectively required for a graphical system
environment.systemPackages = with pkgs; [
# GTK Theming
gtk-engine-murrine
gtk_engines
gsettings-desktop-schemas
lxappearance
kde-gtk-config
];
# Enable QT themeing
programs.qt5ct.enable = true;
# Enable and configure sway itself
programs.sway = {
enable = true;
# Enable the wrapper for gtk applications
wrapperFeatures.gtk = true;
# Install some applications required for sway to work how I want
extraPackages = with pkgs; [
# Unstable waybar, its a fast moving target
unstable.waybar
# Locking and display management
wdisplays
swaylock-effects
swayidle
# Clipboard
wl-clipboard
# Notifications
mako
# Terminal
alacritty
# glib for sound stuff
glib
# Glpaper for the background
glpaper
# Screenshots
sway-contrib.grimshot
];
extraSessionCommands = ''
# Make qt theming work
export QT_QPA_PLATFORMTHEME="qt5ct"
# Make pipewire present a pulse audio tcp port
pactl load-module module-native-protocol-tcp
'';
};
# Enable the xdg-portal
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true;
};
};
}

41
modules/user.nix Normal file
View File

@ -0,0 +1,41 @@
# Contains general user environment configuration
{ config, pkgs, unstable, ... }:
{
# Disable mutable users, force everything to go through the flake
users.mutableUsers = false;
# Set time zone
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# enable sudo
security.sudo.enable = true;
# Enable fish as a login shell
environment.shells = [ pkgs.bashInteractive unstable.fish ];
users.users.nathan = {
isNormalUser = true;
home = "/home/nathan";
description = "Nathan McCarty";
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
];
shell = unstable.fish;
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
};
# Install general use packages
environment.systemPackages = with pkgs; [
# cachix for nix cache management
cachix
# Install our shell of choice
unstable.fish
];
}