SevenOfAces/dotfiles-old
SevenOfAces/dotfiles-old
Archived
Template
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modified: flake.lock

Browse source 
modified:   flake.nix
	modified:   hosts/blackstar/nixos/configuration.nix
	modified:   hosts/shared/nixos/shared_config.nix
	new file:   modules/default.nix
	new file:   modules/desktop/apps/art.nix
	new file:   modules/desktop/apps/cad.nix
	new file:   modules/desktop/apps/cam.nix
	new file:   modules/desktop/apps/chat.nix
	new file:   modules/desktop/apps/code.nix
	new file:   modules/desktop/apps/godot.nix
	new file:   modules/desktop/apps/minecraft.nix
	new file:   modules/desktop/apps/xiv.nix
	new file:   modules/system/audio.nix
	new file:   modules/system/boot/grub.nix
	new file:   modules/system/locale.nix
	new file:   modules/system/network.nix
	modified:   pkgs/default.nix
This commit is contained in:
Mrrp 2024-08-20 10:27:45 -07:00
parent 1a995140bc
commit 3d3629b97f
18 changed files with 408 additions and 128 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
flake.lock generated
View file

@ -8,11 +8,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1723271337,
"narHash": "sha256-IUnCQ0xo0sJRhHbsXVDQ9ULpiQrkxbavmVOilhAXdlk=",
"lastModified": 1724135364,
"narHash": "sha256-DuPnJXOeigXK8xQdP6BBc6MqJ9p4TzvNUqSrB2P1GQ4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "ca0a8350f4c278204475112dd600ba6f0d09110e",
"rev": "b6a1c29a8f460af63f66cad2b5acf3b78867603e",
"type": "github"
},
"original": {
@ -28,11 +28,11 @@
]
},
"locked": {
"lastModified": 1723015306,
"narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
"lastModified": 1723986931,
"narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
"rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
"type": "github"
},
"original": {
@ -43,11 +43,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1722987190,
"narHash": "sha256-68hmex5efCiM2aZlAAEcQgmFI4ZwWt8a80vOeB/5w3A=",
"lastModified": 1723938990,
"narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "21cc704b5e918c5fbf4f9fff22b4ac2681706d90",
"rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890",
"type": "github"
},
"original": {
@ -59,11 +59,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1723175592,
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
"lastModified": 1723991338,
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
"rev": "8a3354191c0d7144db9756a74755672387b702ba",
"type": "github"
},
"original": {
@ -85,11 +85,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1723195244,
"narHash": "sha256-UdydOPxlUpEE+uparyCgxTCSumwCn2URpxPm70G1K+Q=",
"lastModified": 1724088625,
"narHash": "sha256-vgSBWgUKRyT0ZRZYj43GZkZzPEKgNodCuX/uofqlPsc=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "56f63dfd8aeebf80e3fc87894fa3d5a40f98a329",
"rev": "979e3b54f70f6f231c117a5d628b98106e5c7d31",
"type": "github"
},
"original": {
@ -106,11 +106,11 @@
]
},
"locked": {
"lastModified": 1723256423,
"narHash": "sha256-9iDTrfVM+mbcad31a47oqW8t8tfSA4C/si6F8F2DO/w=",
"lastModified": 1724120436,
"narHash": "sha256-/MvfxTjco5UDBF6SEvwyeXrXwZG7nz7/mDVreQNKsWg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "615cfd85b4d9c51811a8d875374268fab5bd4089",
"rev": "48e61fe824f5823e4f3f15dd9a75c19c63649269",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -31,6 +31,7 @@
self,
rust-overlay,
nixpkgs,
nixpkgs-unstable,
fenix,
home-manager,
...

155
hosts/blackstar/nixos/configuration.nix
View file

@ -8,9 +8,6 @@
pkgs,
...
}: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# You can import other NixOS modules here
imports = [
# If you want to use modules your own flake exports (from modules/nixos):
@ -28,8 +25,27 @@
# Shared config
../../shared/nixos/shared_config.nix
../../../modules
];
modules = {
desktop.apps = {
godot.enable = true;
cad.enable = true;
cam.enable = true;
code.enable = true;
art.enable = true;
xiv.enable = true;
minecraft.enable = true;
chat.enable = true;
};
system.boot.grub.enable = true;
};
#boot.loader.systemd-boot.enable = true;
#boot.loader.efi.canTouchEfiVariables = true;
nixpkgs = {
# You can add overlays here
overlays = [
@ -83,16 +99,13 @@
};
};
# FIXME: Add the rest of your current configuration
# Enable networking
networking.networkmanager.enable = true;
services.xserver.enable = true;
services.xserver = {
layout = "us";
xkbVariant = "";
xkb = {
variant = "";
layout = "us";
};
};
services.xserver.videoDrivers = ["nvidia"];
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm.enable = true;
@ -112,102 +125,21 @@
# Be sure to change it (using passwd) after rebooting!
isNormalUser = true;
# TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc)
extraGroups = ["wheel" "networkmanager"];
extraGroups = ["wheel" "networkmanager" "docker"];
};
};
# This setups a SSH server. Very important if you're setting up a headless system.
# Feel free to remove if you don't need it.
services.openssh = {
enable = true;
settings = {
# Opinionated: forbid root login through SSH.
PermitRootLogin = "no";
# Opinionated: use keys only.
# Remove if you want to SSH using passwords
PasswordAuthentication = false;
};
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.05";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware.opengl = {
enable = true;
## radv: an open-source Vulkan driver from freedesktop
driSupport = true;
driSupport32Bit = true;
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
hardware.nvidia = {
modesetting.enable = true;
powerManagement.finegrained = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
# Programs installed for all users
environment.systemPackages = with pkgs; [
/*environment.systemPackages = with pkgs; [
# art
aseprite
krita
# code
rustc rustup# Rust
# pkgs.rust-bin.stable.latest.default
jetbrains.intellij
jetbrains.rider
jetbrains.clion
jetbrains.pycharm-professional
jetbrains.datagrip
jetbrains.webstorm
vim
python3
lua
git
# game
steam
@ -221,9 +153,12 @@
(blender.override {
cudaSupport = true;
})
openscad
# other
discord
onlyoffice-bin
google-chrome
# sys utils
gnupg ffmpeg unzip
@ -235,16 +170,38 @@
element-desktop
python311
python311Packages.pip
webkitgtk
libxkbcommon
];*/
];
#environment.variables = {
# PKG_CONFIG_PATH="${pkgs.openssl.dev}/lib/pkgconfig";
# LD_LIBRARY_PATH="${pkgs.wayland}/lib:$LD_LIBRARY_PATH";
#};
programs.nix-ld.enable = true;
services.xserver.videoDrivers = ["nvidia"];
environment.variables = {
PKG_CONFIG_PATH="${pkgs.openssl.dev}/lib/pkgconfig";
hardware.opengl = {
enable = true;
## radv: an open-source Vulkan driver from freedesktop
driSupport = true;
driSupport32Bit = true;
};
programs.git.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
programs.firefox.enable = true;
hardware.nvidia = {
modesetting.enable = true;
powerManagement.finegrained = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
virtualisation.docker.enable = true;
}

86
hosts/shared/nixos/shared_config.nix
View file

@ -10,10 +10,10 @@
# code
cargo rustc # Rust
jetbrains.rider
jetbrains.pycharm-professional
vim
python3
python311
python311Packages.pip
lua
git
# (vscode-with-extensions.override {
@ -40,20 +40,88 @@
#})
vscode.fhs
blockbench
wine
bottles
# other
discord
nodejs_22
obs-studio
# sys utils
gnupg ffmpeg unzip
mpv gparted
libappindicator-gtk3
];
services.postgresql = {
enable = true;
ensureDatabases = [ "test" ];
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
'';
programs.nix-ld.enable = true;
programs.firefox.enable = true;
## System security tweaks
# sets hidepid=2 on /proc (make process info visible only to owning user)
# NOTE Was removed on nixpkgs-unstable because it doesn't do anything
# security.hideProcessInformation = true;
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems and more secure (and volatile)! Because it's wiped on reboot.
boot.tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
boot.loader.systemd-boot.editor = lib.mkDefault false;
boot.kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're not a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
boot.kernelModules = [ "tcp_bbr" ];
# Harden SSH client
programs.ssh = {
# Known vulnerability. See
# https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-vulnerability
extraConfig = ''
Host *
UseRoaming no
'';
};
}

18
modules/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ inputs, pkgs, config, ... }:
{
imports = [
./desktop/apps/godot.nix
./desktop/apps/cad.nix
./desktop/apps/cam.nix
./desktop/apps/code.nix
./desktop/apps/art.nix
./desktop/apps/xiv.nix
./desktop/apps/chat.nix
./desktop/apps/minecraft.nix
./system/boot/grub.nix
./system/audio.nix
./system/locale.nix
./system/network.nix
];
}

16
modules/desktop/apps/art.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.art;
in {
options.modules.desktop.apps.art = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
aseprite
krita
];
};
}

19
modules/desktop/apps/cad.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.cad;
in {
options.modules.desktop.apps.cad = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
(blender.override {
cudaSupport = true;
})
openscad
freecad
];
};
}

15
modules/desktop/apps/cam.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.cam;
in {
options.modules.desktop.apps.cam = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
prusa-slicer
];
};
}

16
modules/desktop/apps/chat.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.chat;
in {
options.modules.desktop.apps.chat = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
discord
element-app
];
};
}

26
modules/desktop/apps/code.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.code;
in {
options.modules.desktop.apps.code = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs.unstable; [
rustc rustup # Rust
# pkgs.rust-bin.stable.latest.default
jetbrains.idea-ultimate
jetbrains.rider
jetbrains.clion
jetbrains.pycharm-professional
jetbrains.datagrip
jetbrains.webstorm
vim
python3
lua
git
];
};
}

16
modules/desktop/apps/godot.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.godot;
in {
options.modules.desktop.apps.godot = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs.unstable; [
godot_4
godot_4-export-templates
];
};
}

18
modules/desktop/apps/minecraft.nix Normal file
View file

@ -0,0 +1,18 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.minecraft;
in {
options.modules.desktop.apps.minecraft = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
modrinth-app
];
environment.variables = {
WEBKIT_DISABLE_DMABUF_RENDERER=1;
};
};
}

15
modules/desktop/apps/xiv.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.desktop.apps.xiv;
in {
options.modules.desktop.apps.xiv = {
enable = mkBoolOpt false;
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
xivlauncher
];
};
}

27
modules/system/audio.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.system.audio;
in {
options.modules.system.audio = {
enable = mkBoolOpt true;
};
config = mkIf cfg.enable {
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
};
}

43
modules/system/boot/grub.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, config, options, pkgs, ... }:
with lib;
let cfg = config.modules.system.boot.grub;
in {
options.modules.system.boot.grub = {
enable = mkBoolOpt true;
};
config = mkIf cfg.enable {
boot.loader = {
grub = {
enable = true;
useOSProver = true;
efiSupport = true;
fsIdentifier = "label";
devices = [ "nodev" ];
extraEntries = ''
menuentry "Reboot" {
reboot
}
menuentry "Poweroff" {
halt
}
'';
theme = pkgs.stdenv.mkDerivation {
pname = "distro-grub-themes";
version = "3.1";
src = pkgs.fetchFromGitHub {
owner = "AdisonCavani";
repo = "distro-grub-themes";
rev = "v3.1";
hash = "sha256-ZcoGbbOMDDwjLhsvs77C7G7vINQnprdfI37a9ccrmPs=";
};
installPhase = "cp -r customize/nixos $out";
};
};
efi = {
canTouchEfiVariables = true;
};
};
};
}

20
modules/system/locale.nix Normal file
View file

@ -0,0 +1,20 @@
{ lib, config, options, pkgs, ... }:
{
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}

4
modules/system/network.nix Normal file
View file

@ -0,0 +1,4 @@
{ lib, config, options, pkgs, ... }:
{
networking.networkmanager.enable = true;
}

3
pkgs/default.nix
View file

@ -1,5 +1,6 @@
# Custom packages, that can be defined similarly to ones from nixpkgs
# You can build them using 'nix build .#example'
pkgs: {
# example = pkgs.callPackage ./example { };
# example = pkgs.callPackage ./example { };;
custom_godot = pkgs.callPackage ./custom_godot {};
}