moonlark/configuration.nix at 7f4e9402004483907610eb7c2724c2fe41f697fd · dunkirk.sh/dots

dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
dots / moonlark / configuration.nix
at 7f4e9402004483907610eb7c2724c2fe41f697fd 6.6 kB view raw
  1
  2# This is your system's configuration file.
  3# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
  4{
  5  inputs,
  6  lib,
  7  config,
  8  pkgs,
  9  ...
 10}: {
 11  # You can import other NixOS modules here
 12  imports = [
 13    # If you want to use modules from other flakes (such as nixos-hardware):
 14    inputs.hardware.nixosModules.framework-11th-gen-intel
 15
 16    # Import your generated (nixos-generate-config) hardware configuration
 17    ./hardware-configuration.nix
 18
 19    # Import home-manager's configuration
 20    ./home-manager.nix
 21
 22    # Import disko's configuration
 23    ./disk-config.nix
 24    
 25    # hpyrland config
 26    # ./hyprland
 27  ];
 28	
 29  nixpkgs = {
 30    # Configure your nixpkgs instance
 31    config = {
 32      # Disable if you don't want unfree packages
 33      allowUnfree = true;
 34    };
 35  };
 36
 37  nix = let
 38    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
 39  in {
 40    settings = {
 41      # Enable flakes and new 'nix' command
 42      experimental-features = "nix-command flakes";
 43      # Opinionated: disable global registry
 44      flake-registry = "";
 45      # Workaround for https://github.com/NixOS/nix/issues/9574
 46      nix-path = config.nix.nixPath;
 47    };
 48    # Opinionated: disable channels
 49    channel.enable = false;
 50
 51    # Opinionated: make flake registry and nix path match flake inputs
 52    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
 53    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
 54  };
 55
 56  time = {
 57    timeZone = "America/New_York";
 58    hardwareClockInLocalTime = true;
 59  };
 60
 61  services.automatic-timezoned.enable = true;
 62
 63  environment.systemPackages = map lib.lowPrio [
 64    pkgs.curl
 65    inputs.agenix.packages.x86_64-linux.default
 66    pkgs.wpa_supplicant_gui
 67    pkgs.alacritty
 68    pkgs.zsh
 69    pkgs.starship
 70    pkgs.swww
 71    pkgs.sunwait
 72    pkgs.sunpaper
 73    pkgs.wluma
 74    pkgs.brightnessctl
 75    inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
 76    pkgs.mako
 77    pkgs.notify-desktop
 78    pkgs.bc
 79    pkgs.wl-clipboard
 80    pkgs.psmisc
 81    pkgs.jq
 82    pkgs.playerctl
 83    pkgs.firefox
 84    pkgs.slack
 85    pkgs.gnome.nautilus
 86    pkgs.gnome.file-roller
 87    pkgs.fprintd
 88    pkgs.gitMinimal
 89    (pkgs.vscode-with-extensions.override {
 90        vscodeExtensions = with pkgs.vscode-extensions; [
 91          bbenoist.nix
 92        ];
 93      })
 94    pkgs.github-desktop
 95  ];
 96
 97  services.fprintd.enable = true;
 98  security.pam.services.hyprlock = {};
 99
100  fonts.packages = with pkgs; [
101    nerdfonts
102    fira
103  ];
104
105  environment.sessionVariables = {
106    XDG_CACHE_HOME  = "$HOME/.cache";
107    XDG_CONFIG_HOME = "$HOME/.config";
108    XDG_DATA_HOME   = "$HOME/.local/share";
109    SUNPAPERDIR = "${lib.getExe pkgs.sunpaper}";
110    XDG_STATE_HOME  = "$HOME/.local/state";
111    NIXOS_OZONE_WL = "1";
112  };
113
114  # import the secret
115  age.identityPaths = [ "/home/kierank/.ssh/id_rsa" "/etc/ssh/id_rsa" "/mnt/etc/ssh/id_rsa" ];
116  age.secrets.wifi = {
117    file = ../secrets/wifi.age;
118    owner = "kierank";
119  };
120
121  # setup the network
122  networking = {
123    hostName = "moonlark";
124    wireless = {
125      environmentFile = config.age.secrets.wifi.path;
126      userControlled.enable = true;
127      enable = true;
128      networks = {
129        "KlukasNet".psk = "@PSK_HOME@";
130        "Everseen".psk = "@PSK_HOTSPOT@";
131      };
132    };
133  };
134
135  programs.zsh.enable = true;
136  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
137  users.users = {
138    kierank = {
139      # You can skip setting a root password by passing '--no-root-passwd' to nixos-install.
140      # Be sure to change it (using passwd) after rebooting!
141      initialPassword = "lolzthisaintsecure!";
142      isNormalUser = true;
143      shell = pkgs.zsh;
144      openssh.authorizedKeys.keys = [
145        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
146      ];
147      extraGroups = ["wheel" "networkmanager" "audio" "video" "docker" "plugdev"];
148    };
149    root.openssh.authorizedKeys.keys = [
150      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
151    ];
152  };
153
154  programs.hyprland.enable = true;
155  services.hypridle.enable = true;
156  
157  # enable cups
158  services.printing.enable = true;
159
160  # enable bluetooth
161  hardware.bluetooth.enable = true;
162
163  # enable pipewire
164  # rtkit is optional but recommended
165  security.rtkit.enable = true;
166  services.pipewire = {
167    enable = true;
168    alsa.enable = true;
169    alsa.support32Bit = true;
170    pulse.enable = true;
171    # If you want to use JACK applications, uncomment this
172    jack.enable = true;
173  };
174
175  # This setups a SSH server. Very important if you're setting up a headless system.
176  # Feel free to remove if you don't need it.
177  services.openssh = {
178    enable = true;
179    settings = {
180      # Opinionated: forbid root login through SSH.
181      PermitRootLogin = "no";
182      # Opinionated: use keys only.
183      # Remove if you want to SSH using passwords
184      PasswordAuthentication = false;
185    };
186  };
187
188  # Requires at least 5.16 for working wi-fi and bluetooth.
189  # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89
190  boot = {
191    kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (lib.mkDefault pkgs.linuxPackages_latest);
192    loader.grub = {
193      # no need to set devices, disko will add all devices that have a EF02 partition to the list already
194      device = "nodev";
195      efiSupport = true;
196      efiInstallAsRemovable = true;
197    };
198  };
199
200  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
201  system.stateVersion = "23.05";
202}