From 5eb7399945458cd8a24310d08c03863b21619d7b Mon Sep 17 00:00:00 2001 From: wytch Date: Wed, 15 Apr 2026 16:44:47 -0500 Subject: [PATCH] Test configuration --- flake.nix | 108 ++++++++++++--- hosts/coven/configuration.nix | 177 +++++++++++++++++++++++++ hosts/coven/hardware-configuration.nix | 31 +++++ modules/nixos/garbage-collection.nix | 8 ++ 4 files changed, 302 insertions(+), 22 deletions(-) create mode 100644 hosts/coven/configuration.nix create mode 100644 hosts/coven/hardware-configuration.nix create mode 100644 modules/nixos/garbage-collection.nix diff --git a/flake.nix b/flake.nix index 7bd60b8..8669df0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,30 +1,94 @@ { - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-20.03"; + description = "sonja - nixos configs - custom packages - home manager"; - outputs = { self, nixpkgs }: { + inputs = { + lib-aggregate.url = "github:nix-community/lib-aggregate"; - nixosConfigurations.container = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - [ ({ pkgs, ... }: { - boot.isContainer = true; + cmpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; - # Let 'nixos-version --json' know about the Git revision - # of this flake. - system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; - - # Network configuration. - networking.useDHCP = false; - networking.firewall.allowedTCPPorts = [ 80 ]; - - # Enable a web server. - services.httpd = { - enable = true; - adminAddr = "morty@example.org"; - }; - }) - ]; + home-manager = { + url = "github:nix-community/home-manager?ref=master"; + inputs.nixpkgs.follows = "cmpkgs"; }; + nixos-hardware.url = "github:NixOS/nixos-hardware"; + + sops-nix = { + url = "github:Mic92/sops-nix/master"; + inputs.nixpkgs.follows = "cmpkgs"; + }; + + determinate.url = "github:DeterminateSystems/determinate"; }; + + outputs = inputs: + let + defaultSystems = [ "x86_64-linux" ]; + + lib = inputs.lib-aggregate.lib; + + importPkgs = npkgs: extraCfg: + lib.genAttrs defaultSystems (system: + import npkgs { + inherit system; + config = { allowAliases = false; } // extraCfg; + } + ); + + pkgs = importPkgs inputs.cmpkgs { }; + pkgsUnfree = importPkgs inputs.cmpkgs { allowUnfree = true; }; + + mkSystem = n: _v: + let + defaults = { + npkgs = inputs.cmpkgs; + path = ./hosts/${n}/configuration.nix; + extraModules = [ ]; + }; + v = defaults // _v; + in + v.npkgs.lib.nixosSystem { + modules = [ + v.path + inputs.home-manager.nixosModules.home-manager + ] ++ v.extraModules; + specialArgs = { inherit inputs; }; + }; + + ## Top-level nixos configs, keyed by system + nixosConfigsEx = { + "x86_64-linux" = { + coven = { }; + # circle = { }; + }; + }; + + nixosConfigs = lib.foldl' (op: nul: nul // op) { } (lib.attrValues nixosConfigsEx); + nixosConfigurations = lib.mapAttrs (n: v: mkSystem n v) nixosConfigs; + toplevels = lib.mapAttrs (_: v: v.config.system.build.toplevel) nixosConfigurations; + + nixosModules = { }; + overlays = { }; + + in + lib.recursiveUpdate + { + inherit nixosConfigs nixosConfigsEx nixosConfigurations toplevels; + inherit nixosModules overlays; + inherit pkgs pkgsUnfree; + } + (lib.flake-utils.eachSystem defaultSystems (system: + { + formatter = pkgs.${system}.nixfmt; + + checks = + let + c_toplevels = lib.mapAttrs' + (n: v: lib.nameValuePair "toplevel-${n}" v.config.system.build.toplevel) + (lib.mapAttrs (n: v: mkSystem n v) nixosConfigsEx.${system}); + in + c_toplevels; + } + )); } diff --git a/hosts/coven/configuration.nix b/hosts/coven/configuration.nix new file mode 100644 index 0000000..f364df7 --- /dev/null +++ b/hosts/coven/configuration.nix @@ -0,0 +1,177 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../modules/nixos/garbage-collection.nix + ]; + + hardware.graphics.enable32Bit = true; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + services.pulseaudio.support32Bit = true; + + # Bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Use latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + + networking.hostName = "coven"; + networking.networkmanager.enable = true; + + time.timeZone = "America/Chicago"; + + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + services.xserver.enable = true; + services.fwupd.enable = true; + + services.logind.settings.Login = { + HandleLidSwitch = "poweroff"; + HandleLidSwitchExternalPower = "lock"; + HandleLidSwitchDocked = "ignore"; + }; + + services.thermald.enable = true; + powerManagement.powertop.enable = true; + + # KDE Plasma 6 + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + services.printing.enable = true; + + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + AllowUsers = [ "sonja" ]; + }; + }; + + users.defaultUserShell = pkgs.zsh; + users.users.sonja = { + shell = pkgs.zsh; + isNormalUser = true; + description = "sonja"; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + # home-manager module is injected by the flake; no need to import it here + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.sonja = { pkgs, lib, ... }: { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "discord" + "steam-unwrapped" + "steam" + "steam-original" + "steam-run" + "steamcmd" + "steam-tui" + "claude-code" + ]; + + home.packages = [ + pkgs.librewolf + pkgs.zsh + pkgs.neovim + pkgs.nmap + pkgs.alacritty + pkgs.tmux + pkgs.git + pkgs.uv + pkgs.discord + pkgs.steam-unwrapped + pkgs.steam-tui + pkgs.supersonic + pkgs.fzf + pkgs.gnupg + pkgs.claude-code + ]; + + home.stateVersion = "25.11"; + }; + + programs.ssh.extraConfig = '' + Host whatbox + Hostname sojourner.whatbox.ca + Port 22 + User subtext2792 + ''; + + programs.firefox.enable = true; + + programs.zsh.enable = true; + programs.zsh.ohMyZsh = { + enable = true; + plugins = [ "git" "python" "man" ]; + theme = "agnoster"; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + package = pkgs.steam.override { + extraPkgs = pkgs: [ pkgs.mesa-demos ]; + }; + gamescopeSession.enable = true; + }; + + services.udev.packages = [ pkgs.yubikey-personalization ]; + services.pcscd.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + steam-run + mesa-demos + pciutils + gnupg + pcsc-tools + pinentry-curses + ]; + + # Note: system.autoUpgrade with a channel URL does not apply to flake-managed + # systems. Use `nixos-rebuild switch --flake .#coven` to upgrade instead. + system.stateVersion = "25.11"; +} diff --git a/hosts/coven/hardware-configuration.nix b/hosts/coven/hardware-configuration.nix new file mode 100644 index 0000000..1eca317 --- /dev/null +++ b/hosts/coven/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by 'nixos-generate-config' +# and may be overwritten by future invocations. Please make changes +# to hosts/coven/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/2e49499a-0cf2-4c30-932f-1c0aec68cb15"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A6AE-6122"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/nixos/garbage-collection.nix b/modules/nixos/garbage-collection.nix new file mode 100644 index 0000000..e45a3ed --- /dev/null +++ b/modules/nixos/garbage-collection.nix @@ -0,0 +1,8 @@ +{ + nix.settings.auto-optimise-store = true; # Deduplicates files + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; +}