repo: declutter

This commit is contained in:
Guanran Wang 2023-10-15 08:51:56 +08:00
parent c98e7e62bb
commit 4b52ac15d2
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
41 changed files with 174 additions and 169 deletions

106
flake.nix
View file

@ -9,6 +9,10 @@
url = "github:berberman/flakes";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -21,6 +25,9 @@
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs"; # MESA/OpenGL HW workaround
};
impermanence = {
url = "github:nix-community/impermanence";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs.nixpkgs.follows = "nixpkgs";
@ -29,6 +36,12 @@
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# TODO: Unused
#nixos-hardware = {
# url = "github:NixOS/nixos-hardware/master";
# #inputs.nixpkgs.follows = "nixpkgs";
@ -37,17 +50,6 @@
# url = "github:nixpak/nixpak";
# inputs.nixpkgs.follows = "nixpkgs";
#};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence = {
url = "github:nix-community/impermanence";
};
## Non-Flake
### Color scheme files
@ -66,29 +68,61 @@
outputs = { self,
nixpkgs,
berberman,
disko,
home-manager,
hosts,
hyprland,
lanzaboote,
nix-darwin,
sops-nix,
disko,
impermanence,
tokyonight,
metacubexd,
... } @ inputs: {
# nix-darwin (macOS)
### NixOS
nixosConfigurations = {
"81FW-NixOS" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos # Entrypoint
./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations
./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
./users/guanranwang/nixos.nix # Home Manager entrypoint (user-specific)
{ networking.hostName = "81FW-NixOS"; } # Hostname
];
};
## Currently un-used.
"iMac-NixOS" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos
./machines/nixos/imac-2017
./machines/nixos/imac-2017/machine-1
./users/guanranwang/nixos.nix
{ networking.hostName = "iMac-NixOS"; }
];
};
};
### nix-darwin (macOS)
darwinConfigurations = {
"iMac-macOS" = nix-darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = { inherit inputs; };
modules = [
./darwin # Entrypoint
./machines/darwin/imac-2017 # Hardware-specific configurations
# Machine-specific configurations (does such stuff even exist on nix-darwin)
./users/guanranwang/darwin.nix # User-specific configurations
# Flakes
./darwin
./machines/darwin/imac-2017
./users/guanranwang/darwin.nix
{ networking.hostName = "iMac-macOS"; }
];
@ -96,45 +130,14 @@
};
# NixOS
nixosConfigurations = {
"81fw-nixos" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos # Entrypoint
./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations
./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
./users/guanranwang/nixos.nix # User-specific configurations
{ networking.hostName = "81fw-nixos"; }
];
};
## Currently un-used.
"imac-nixos" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos
./machines/nixos/imac-2017
./machines/nixos/imac-2017/machine-1
./users/guanranwang/nixos.nix
{ networking.hostName = "imac-nixos"; }
];
};
};
# Home-Manager
### Home-Manager
# TODO: Actually figure out how this works
homeConfigurations = {
"guanranwang@81fw-nixos" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs; };
modules = [
sops-nix.homeManagerModules.sops
hyprland.homeManagerModules.default
{
wayland.windowManager.hyprland = {
@ -153,7 +156,6 @@
extraSpecialArgs = { inherit inputs; };
modules = [
sops-nix.homeManagerModules.sops
hyprland.homeManagerModules.default
{
wayland.windowManager.hyprland = {

View file

@ -1,4 +1,4 @@
{ disks ? [ "/dev/vdb" ], inputs, ... }:
{ inputs, disks ? [ "/dev/vdb" ], ... }:
{
imports = [ inputs.disko.nixosModules.disko ];

View file

@ -1,10 +1,10 @@
{ pkgs, lib, inputs, ... }:
{ inputs, pkgs, ... }:
{
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
environment.systemPackages = with pkgs; [ sbctl ];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";

View file

@ -3,5 +3,6 @@
{
imports = [
./hardware.nix
../../../nixos/presets/desktop.nix
];
}

View file

@ -5,6 +5,7 @@
../hardware/misc/audio.nix
../hardware/misc/bluetooth.nix
../hardware/misc/opengl.nix
../hardware/misc/tpm.nix
../hardware/cpu/intel.nix
../hardware/gpu/intel.nix
../hardware/gpu/nvidia.nix

View file

@ -11,12 +11,12 @@
(modulesPath + "/installer/scan/not-detected.nix") # what is this
];
# from nixos-hardware
boot.kernelParams = [ "hid_apple.iso_layout=0" ];
hardware.facetimehd.enable = true; # cam already works before adding this, not sure what is the point
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
# Options from github:NixOS/nixos-hardware
boot.kernelParams = [ "hid_apple.iso_layout=0" ];
hardware.facetimehd.enable = true; # TODO: Camera already works before adding this, not sure what is the point...
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

View file

@ -7,7 +7,9 @@
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = lib.mkDefault true; # use lanzaboote instead for secureboot
enable = lib.mkDefault true; # mkDefault for Lanzaboote
editor = false; # Disabled for security
### Utilities
#netbootxyz.enable = true;
#memtest86.enable = true;
};

View file

@ -4,5 +4,7 @@
imports = [
./boot.nix
./kernel.nix
./plymouth.nix
./sysctl.nix
];
}

View file

@ -1,10 +1,9 @@
{ pkgs, ... }:
{
# NOTE: secureboot enabled in flake.nix
boot = {
#kernelPackages = pkgs.linuxPackages_latest; # latest kernel
kernelPackages = pkgs.linuxPackages_zen; # zen kernel, often outdated
#kernelPackages = pkgs.linuxKernel.Packages.linux_6_1;
#kernelPackages = pkgs.linuxPackages_latest; # latest linux kernel
kernelPackages = pkgs.linuxPackages_zen; # latest linux-zen kernel
#kernelPackages = pkgs.linuxKernel.Packages.linux_6_1; # linux 6.1 LTS kernel
};
}

5
nixos/boot/plymouth.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, ... }:
{
boot.plymouth.enable = lib.mkDefault true; # mkDefault for headless devices, check out server.nix
}

View file

@ -8,7 +8,6 @@
./nix
./packages
./power-management
./security
#./specialisation # dont actually use this
./users
];

View file

@ -1,7 +1,7 @@
{ ... }:
# Internationalisation settings
# IME settings are at /etc/nixos/modules/graphical/input.nix
# Internationalisation configurations
# Use Home Manager for IME configurations
{
i18n = {
defaultLocale = "en_US.UTF-8";
@ -27,4 +27,6 @@
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
services.xserver.layout = "us"; # keymap in x11
}

View file

@ -6,7 +6,6 @@
./network-manager
./dhcp.nix
./dns
./firewall.nix
./proxy.nix
./timezone.nix

View file

@ -3,6 +3,6 @@
{
imports = [
./dns.nix
#./systemd-resolved.nix
#./systemd-resolved.nix # Returns NXDOMAIN in China Mainland, will investegate...
];
}

View file

@ -7,6 +7,6 @@
dnssec = "true";
domains = [ "~." ];
fallbackDns = [ "8.8.8.8#dns.google" "8.8.4.4#dns.google" "2001:4860:4860::8888#dns.google" "2001:4860:4860::8844#dns.google" ];
#extraConfig = "DNSOverTLS=yes"; # broken as well
extraConfig = "DNSOverTLS=yes";
};
}

View file

@ -1,6 +1,10 @@
{ ... }:
{
nix.settings.experimental-features = [ "nix-command" "flakes" ]; # enable flakes
programs.command-not-found.enable = false; # Unavailable in Flakes build
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Does not work with Flake based configurations
system.copySystemConfiguration = false;
programs.command-not-found.enable = false;
}

View file

@ -2,10 +2,10 @@
{
nix = {
# hard linking
### Auto hard linking
settings.auto-optimise-store = true;
# auto delete older NixOS builds
### Automatically delete older NixOS builds
gc = {
automatic = true;
dates = "weekly";

View file

@ -1,4 +1,4 @@
{ ... }:
{ lib, ... }:
{
nix.settings = {
@ -29,15 +29,13 @@
nixos.enable = false;
};
#nix.useSandbox = false;
system = {
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# Does not work with flake based configurations
#copySystemConfiguration = true;
copySystemConfiguration = lib.mkDefault true;
# This value determines the NixOS release from which the default

View file

@ -2,9 +2,8 @@
{
imports = [
./core.nix
./hardware.nix
./graphical
./overlays
./unfree
];

View file

@ -6,7 +6,9 @@
#./flatpak.nix
./fonts.nix
./gnome-keyring.nix
./graphical.nix
./polkit.nix
./xdg.nix
];
}

View file

@ -2,7 +2,6 @@
{
services.xserver = {
layout = "us"; # keymap in x11
libinput = {
enable = true;
touchpad = {
@ -18,7 +17,7 @@
};
};
# Removes debounce time
### Removes debounce time
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
environment.etc."libinput/local-overrides.quirks".text = ''
[Never Debounce]

View file

@ -1,8 +1,8 @@
{ ... }:
{
programs.xwayland.enable = true;
hardware.nvidia.nvidiaSettings = false; # nvidia settings menu, wont do anything on wayland
programs.xwayland.enable = true; # enable XWayland
hardware.nvidia.nvidiaSettings = false; # NVIDIA settings menu, wont do anything on wayland
environment.sessionVariables = {
"NIXOS_OZONE_WL" = "1"; # let electron applications use wayland
};

View file

@ -29,6 +29,6 @@
monospace = [ "JetBrainsMono Nerd Font" "JetBrains Mono" "FiraCode Nerd Font" "Fira Code" "Noto Sans Mono" ];
};
};
# fontconfig is too limited here, use `$HOME/.config/fontconfig/fonts.conf` instead
# fontconfig is too limited here, and appling it globally is **bad**, use Home Manager instead
};
}

View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
# gnome keyring
services.gnome.gnome-keyring.enable = true;
programs.seahorse.enable = true;
security.pam.services."gnome-keyring".text = ''
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
'';
}

View file

@ -1,8 +1,6 @@
{ pkgs, ... }:
{
boot.plymouth.enable = true;
security.polkit.enable = true;
services = {
# GNOME applications
gvfs.enable = true; # nautilus
@ -25,10 +23,5 @@
end = "${pkgs.libnotify}/bin/notify-send 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. '";
};
};
clash-verge = {
#enable = true;
autoStart = true; # not working at all, edit: works on gnome
tunMode = true;
};
};
}

View file

@ -1,6 +1,7 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
environment.systemPackages = with pkgs; [ polkit_gnome ];
# polkit_gnome autostart for wms

View file

@ -2,10 +2,7 @@
{
hardware = {
# Enable redistriutable firmware
enableRedistributableFirmware = true;
# Enable all firmware
#enableAllFirmware = true;
};

View file

@ -1 +0,0 @@
# no i dont actually own a server

View file

@ -10,15 +10,15 @@
"facetimehd-firmware" # ../hardware/hardwares/imac-2017.nix
# flatpak-able
"discord"
"google-chrome"
"lunar-client"
"osu-lazer-bin"
"osu-lazer-bin-2023.1008.0" # what?
"spotify"
"steam"
"steam-original"
"microsoft-edge-stable"
"qq"
#"discord"
#"google-chrome"
#"lunar-client"
#"microsoft-edge-stable"
#"qq"
];
}

View file

@ -4,7 +4,7 @@
imports = [
./cpu-governor.nix
./system76-scheduler.nix
#./tlp.nix # ] conflicts
#./tlp.nix # ] Conflicts with each other, only choose one
./power-profiles-daemon.nix # ]
];
}

View file

@ -1,9 +1,17 @@
{ config, ... }:
# Imported by default, check out ./desktop.nix or ./server.nix
{
# Installed packages (System wide)
environment = {
defaultPackages = [];
#defaultPackages = [];
};
users.mutableUsers = false;
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
security = {
apparmor.enable = true;
sudo.execWheelOnly = true;
};
# Programs
@ -25,9 +33,18 @@
NixOS ${config.system.nixos.label} ${config.system.nixos.codeName} (\m) - \l
--my-next-gpu-wont-be-nvidia
'';
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
#cron.enable = true;
#dbus.enable = true;
openssh.enable = true;
# BTRFS De-Dupe
# bruh how to make it not a background job
# i want to run it manually

View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./core.nix
../packages/graphical
];
}

9
nixos/presets/server.nix Executable file
View file

@ -0,0 +1,9 @@
{ ... }:
# no i dont actually own a server
{
imports = [
./core.nix
];
boot.plymouth.enable = false;
}

View file

@ -1,13 +0,0 @@
{ ... }:
{
imports = [
./security.nix
./gnome-keyring.nix
./machine-id.nix
./polkit.nix
./sysctl.nix
./tpm.nix
];
}

View file

@ -1,11 +0,0 @@
{ pkgs, ... }:
{
# gnome keyring
services.gnome.gnome-keyring.enable = true;
security.pam.services."gnome-keyring".text = ''
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
'';
}

View file

@ -1,6 +0,0 @@
{ ... }:
{
# whonix id
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb";
}

View file

@ -1,15 +0,0 @@
{ ... }:
{
security = {
apparmor.enable = true;
sudo.execWheelOnly = true;
};
boot.loader.systemd-boot.editor = false;
services.openssh.settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
}

View file

@ -1,5 +1,5 @@
{ ... }:
{
users.mutableUsers = false;
}