machines/moonlark/default.nix at 3bcfd13fa21290e5c31b14b9009a52c2ff08fae9 · dunkirk.sh/dots

dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
dots / machines / moonlark / default.nix
at 3bcfd13fa21290e5c31b14b9009a52c2ff08fae9 12 kB view raw
  1# This is your system's configuration file.
  2# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
  3{
  4  inputs,
  5  lib,
  6  config,
  7  pkgs,
  8  ...
  9}:
 10{
 11  imports = [
 12    inputs.hardware.nixosModules.framework-11th-gen-intel
 13
 14    ./hardware-configuration.nix
 15    ./home-manager.nix
 16    ./disk-config.nix
 17
 18    (inputs.import-tree ../../modules/nixos)
 19  ];
 20
 21  nixpkgs = {
 22    config = {
 23      allowUnfree = true;
 24    };
 25  };
 26
 27  nix =
 28    let
 29      flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
 30    in
 31    {
 32      settings = {
 33        # Enable flakes and new 'nix' command
 34        experimental-features = "nix-command flakes";
 35        # Opinionated: disable global registry
 36        flake-registry = "";
 37        # Workaround for https://github.com/NixOS/nix/issues/9574
 38        nix-path = config.nix.nixPath;
 39        trusted-users = [
 40          "kierank"
 41        ];
 42      };
 43      # Opinionated: disable channels
 44      channel.enable = false;
 45
 46      optimise.automatic = true;
 47
 48      # Opinionated: make flake registry and nix path match flake inputs
 49      registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
 50      nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
 51    };
 52
 53  time.timeZone = "America/New_York";
 54
 55  # grouped for readability
 56  environment.systemPackages = [
 57    # core
 58    pkgs.coreutils
 59    pkgs.calc
 60    pkgs.screen
 61    pkgs.xdg-user-dirs
 62    pkgs.libnotify
 63    pkgs.notify-desktop
 64    pkgs.bc
 65    pkgs.jq
 66    pkgs.psmisc
 67    # terminals
 68    pkgs.alacritty
 69    pkgs.unstable.ghostty
 70    # cli_utils
 71    pkgs.glow
 72    pkgs.clipse
 73    pkgs.direnv
 74    pkgs.nix-output-monitor
 75    pkgs.nixpkgs-review
 76    pkgs.nix-prefetch
 77    pkgs.arduino-cli
 78    pkgs.zsh
 79    pkgs.gum
 80    # networking
 81    pkgs.xh
 82    pkgs.curl
 83    pkgs.wget
 84    pkgs.dogdns
 85    pkgs.inetutils
 86    pkgs.mosh
 87    pkgs.ngrok
 88    pkgs.networkmanagerapplet
 89    pkgs.networkmanager-iodine
 90    pkgs.iodine
 91    # nix_tools
 92    inputs.nixvim.packages.x86_64-linux.default
 93    pkgs.nixd
 94    pkgs.nil
 95    pkgs.nixfmt-rfc-style
 96    inputs.agenix.packages.x86_64-linux.default
 97    pkgs.lix
 98    # security
 99    pkgs.openssl
100    pkgs.gpgme
101    pkgs.gnupg
102    pkgs.unstable.mitmproxy
103    pkgs.caido
104    # editors
105    pkgs.unstable.zed-editor
106    pkgs.arduino-ide
107    # browsers
108    pkgs.firefox
109    (pkgs.chromium.override { enableWideVine = true; })
110    # wayland
111    pkgs.swww
112    pkgs.wluma
113    pkgs.brightnessctl
114    pkgs.hyprpaper
115    pkgs.hyprsunset
116    pkgs.wl-clipboard
117    pkgs.grim
118    pkgs.slurp
119    pkgs.wtype
120    pkgs.mako
121    pkgs.unstable.hyprpicker
122    pkgs.wl-screenrec
123    inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
124    pkgs.playerctl
125    pkgs.libnotify
126    pkgs.notify-desktop
127    pkgs.lxde.lxsession
128    # gnome
129    pkgs.gnome-online-accounts
130    pkgs.gnome-online-accounts-gtk
131    pkgs.gnome-disk-utility
132    pkgs.baobab
133    pkgs.simple-scan
134    pkgs.file-roller
135    pkgs.font-manager
136    pkgs.nautilus
137    pkgs.loupe
138    pkgs.totem
139    pkgs.overskride
140    # dev_langs
141    pkgs.nodejs_22
142    pkgs.unstable.bun
143    pkgs.python3
144    pkgs.go
145    pkgs.gopls
146    pkgs.gotools
147    pkgs.go-tools
148    pkgs.gcc
149    pkgs.rustc
150    pkgs.cargo
151    pkgs.jdk23
152    pkgs.ruby
153    pkgs.cmake
154    pkgs.unstable.biome
155    pkgs.unstable.apktool
156    pkgs.nodePackages_latest.prisma
157    pkgs.unstable.zola
158    pkgs.mill
159    pkgs.clang
160    pkgs.clang-tools
161    pkgs.ninja
162    # media
163    pkgs.ffmpeg
164    pkgs.video-trimmer
165    pkgs.pitivi
166    pkgs.audacity
167    pkgs.unstable.amberol
168    pkgs.zoom-us
169    # graphics
170    pkgs.imagemagick
171    pkgs.inkscape
172    pkgs.blender
173    pkgs.exiftool
174    pkgs.unstable.aseprite
175    pkgs.godot_4
176    pkgs.unstable.kikit
177    pkgs.openboardview
178    pkgs.qflipper
179    # office
180    pkgs.slack
181    pkgs.libreoffice
182    pkgs.unstable.zotero
183    # gaming
184    pkgs.prismlauncher
185    pkgs.vesktop
186    pkgs.cava
187    pkgs.gobang
188    pkgs.love
189    #frc
190    inputs.frc-nix.packages.${pkgs.system}.elastic-dashboard
191    inputs.frc-nix.packages.${pkgs.system}.pathplanner
192    inputs.frc-nix.packages.${pkgs.system}.roborioteamnumbersetter
193    inputs.frc-nix.packages.${pkgs.system}.sysid
194    inputs.frc-nix.packages.${pkgs.system}.wpilib-utility
195    inputs.frc-nix.packages.${pkgs.system}.advantagescope
196    # misc
197    pkgs.invoice
198    pkgs.pop
199    pkgs.vhs
200    pkgs.torrential
201    inputs.flare.packages.x86_64-linux.default
202    pkgs.unstable.ollama
203    pkgs.unstable.claude-code
204    pkgs.udiskie
205    pkgs.neofetch
206    pkgs.unstable.kicad-testing
207    pkgs.zenity
208    pkgs.atproto-goat
209    inputs.cedarlogic.packages.${pkgs.system}.cedarlogic
210    pkgs.unstable.betaflight-configurator
211  ];
212
213  programs.nh = {
214    enable = true;
215    clean.enable = true;
216    clean.extraArgs = "--keep-since 4d --keep 3";
217    flake = "/home/kierank/dots";
218  };
219
220  fonts.packages =
221    with pkgs;
222    [
223      fira
224      comic-neue
225    ]
226    ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
227
228  # import the secret
229  age.identityPaths = [
230    "/home/kierank/.ssh/id_rsa"
231    "/etc/ssh/id_rsa"
232    "/mnt/etc/ssh/id_rsa"
233  ];
234  age.secrets = {
235    wifi = {
236      file = ../../secrets/wifi.age;
237      owner = "kierank";
238    };
239    resend = {
240      file = ../../secrets/resend.age;
241      owner = "kierank";
242    };
243    wakatime = {
244      file = ../../secrets/wakatime.age;
245      path = "/home/kierank/.wakatime.cfg";
246      owner = "kierank";
247    };
248    bluesky = {
249      file = ../../secrets/bluesky.age;
250      owner = "kierank";
251    };
252    iodine = {
253      file = ../../secrets/iodine.age;
254      owner = "kierank";
255    };
256  };
257
258  environment.sessionVariables = {
259    XDG_CACHE_HOME = "$HOME/.cache";
260    XDG_CONFIG_HOME = "$HOME/.config";
261    XDG_DATA_HOME = "$HOME/.local/share";
262    XDG_STATE_HOME = "$HOME/.local/state";
263    NIXOS_OZONE_WL = "1";
264    PRISMA_QUERY_ENGINE_LIBRARY = "${pkgs.prisma-engines}/lib/libquery_engine.node";
265    PRISMA_QUERY_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/query-engine";
266    PRISMA_SCHEMA_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/schema-engine";
267    RESEND_API_KEY = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.resend.path})";
268    POP_FROM = "me@dunkirk.sh";
269    EDITOR = "nvim";
270    SYSTEMD_EDITOR = "nvim";
271    VISUAL = "nvim";
272  };
273
274  atelier = {
275    authentication.enable = true;
276    apps.tuigreet = {
277      enable = true;
278      command = "Hyprland";
279    };
280    network.wifi = {
281      enable = true;
282      hostName = "moonlark";
283      nameservers = [
284        "1.1.1.1"
285        "1.0.0.1"
286        "8.8.8.8"
287        "9.9.9.9"
288      ];
289      envFile = config.age.secrets.wifi.path;
290      profiles = {
291        "KlukasNet".pskVar = "psk_home";
292        "Everseen".pskVar = "psk_hotspot";
293        "SAAC Sanctuary".pskVar = "psk_church";
294        "MVNU-student" = { };
295        "Status Solutions Guest".pskVar = "psk_robotics";
296        "FRC-1317-CECE".psk = "digitalfusion";
297        "1317-fortress-of-awesomeness" = { };
298        "PAST PD".pskVar = "psk_past";
299        "Heartland".psk = "beourguest";
300        "WPL_Public_AccessII" = { };
301        "Yowzaford".pskVar = "psk_rhoda";
302        "cu-events".psk = "freesmile82";
303        "QargoCoffee-Guest".psk = "Lavazza@7";
304        "Fulton".psk = "9064405930";
305        "TP-LINK_ECF0".psk = "ad1066AD!";
306        "eduroam" = {
307          eduroam = true;
308          identity = "kieranklukas@cedarville.edu";
309          pskVar = "psk_cedarville";
310        };
311      };
312    };
313  };
314
315  services.iodine.clients = {
316    t1 = {
317      server = "t1.dunkirk.sh";
318      passwordFile = config.age.secrets.iodine.path;
319    };
320  };
321
322  virtualisation = {
323    libvirtd.enable = true;
324    virtualbox = {
325      host.enable = true;
326      host.enableExtensionPack = true;
327    };
328    docker.enable = true;
329  };
330
331  programs.nix-ld.enable = true;
332
333  programs.zsh.enable = true;
334
335  programs.direnv.enable = true;
336
337  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
338  users.users = {
339    kierank = {
340      # You can skip setting a root password by passing '--no-root-passwd' to nixos-install.
341      # Be sure to change it (using passwd) after rebooting!
342      initialPassword = "lolzthisaintsecure!";
343      isNormalUser = true;
344      shell = pkgs.zsh;
345      openssh.authorizedKeys.keys = [
346        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
347      ];
348      extraGroups = [
349        "wheel"
350        "networkmanager"
351        "audio"
352        "video"
353        "docker"
354        "plugdev"
355        "input"
356        "dialout"
357        "docker"
358        "libvirtd"
359        "vboxusers"
360      ];
361    };
362    root.openssh.authorizedKeys.keys = [
363      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
364    ];
365  };
366
367  programs.steam = {
368    enable = true;
369    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
370    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
371    localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
372  };
373
374  programs.hyprland.enable = true;
375  services.hypridle.enable = true;
376
377  programs.xwayland.enable = lib.mkForce true;
378
379  services.udev.packages = [
380    pkgs.qFlipper
381    pkgs.via
382  ];
383
384  # enable cups
385  services.printing.enable = true;
386  services.avahi = {
387    enable = true;
388    nssmdns4 = true;
389    openFirewall = true;
390  };
391
392  # enable bluetooth
393  hardware.bluetooth.enable = true;
394
395  # enable pipewire
396  # rtkit is optional but recommended
397  security.rtkit.enable = true;
398  services.pipewire = {
399    enable = true;
400    alsa.enable = true;
401    alsa.support32Bit = true;
402    pulse.enable = true;
403    # If you want to use JACK applications, uncomment this
404    jack.enable = true;
405  };
406
407  # This setups a SSH server. Very important if you're setting up a headless system.
408  # Feel free to remove if you don't need it.
409  services.openssh = {
410    enable = true;
411    settings = {
412      # Opinionated: forbid root login through SSH.
413      PermitRootLogin = "no";
414      # Opinionated: use keys only.
415      # Remove if you want to SSH using passwords
416      PasswordAuthentication = false;
417    };
418  };
419
420  networking.firewall = {
421    enable = true;
422    allowedTCPPorts = [
423      4455
424      51820
425    ];
426    allowedUDPPorts = [
427      4455
428      51820
429    ];
430  };
431
432  services.tailscale = {
433    enable = true;
434    useRoutingFeatures = "client";
435  };
436
437  services.devmon.enable = true;
438  services.gvfs.enable = true;
439  services.udisks2.enable = true;
440
441  services.logind.extraConfig = ''
442    # don't shutdown when power button is short-pressed
443    HandlePowerKey=ignore
444    HandlePowerKeyLongPress=poweroff
445  '';
446
447  # Requires at least 5.16 for working wi-fi and bluetooth.
448  # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89
449  boot = {
450    kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (
451      lib.mkDefault pkgs.linuxPackages_latest
452    );
453    loader.grub = {
454      # no need to set devices, disko will add all devices that have a EF02 partition to the list already
455      device = "nodev";
456      efiSupport = true;
457      efiInstallAsRemovable = true;
458    };
459    supportedFilesystems = [ "ntfs" ];
460    extraModprobeConfig = ''
461      options kvm_intel nested=1
462      options kvm_intel emulate_invalid_guest_state=0
463      options kvm ignore_msrs=1
464    '';
465  };
466
467  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
468  system.stateVersion = "23.05";
469}