moonlark/configuration.nix at hyprnix · dunkirk.sh/dots

dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
dots / moonlark / configuration.nix
at hyprnix 8.6 kB view raw
  1
  2# This is your system's configuration file.
  3# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
  4{
  5  inputs,
  6  lib,
  7  config,
  8  pkgs,
  9  pkgs-unstable,
 10  ...
 11}: {
 12  # You can import other NixOS modules here
 13  imports = [
 14    # If you want to use modules from other flakes (such as nixos-hardware):
 15    inputs.hardware.nixosModules.framework-11th-gen-intel
 16
 17    # Import your generated (nixos-generate-config) hardware configuration
 18    ./hardware-configuration.nix
 19
 20    # Import home-manager's configuration
 21    ./home-manager.nix
 22
 23    # Import disko's configuration
 24    ./disk-config.nix
 25    
 26    # hpyrland config
 27    # ./hyprland
 28
 29    ./pam.nix
 30
 31    # tuigreet
 32    ./greetd.nix
 33  ];
 34	
 35  nixpkgs = {
 36    # Configure your nixpkgs instance
 37    config = {
 38      # Disable if you don't want unfree packages
 39      allowUnfree = true;
 40    };
 41  };
 42
 43  nix = let
 44    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
 45  in {
 46    settings = {
 47      # Enable flakes and new 'nix' command
 48      experimental-features = "nix-command flakes";
 49      # Opinionated: disable global registry
 50      flake-registry = "";
 51      # Workaround for https://github.com/NixOS/nix/issues/9574
 52      nix-path = config.nix.nixPath;
 53    };
 54    # Opinionated: disable channels
 55    channel.enable = false;
 56
 57    # Opinionated: make flake registry and nix path match flake inputs
 58    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
 59    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
 60  };
 61
 62  time = {
 63    timeZone = "America/New_York";
 64    hardwareClockInLocalTime = true;
 65  };
 66
 67  services.automatic-timezoned.enable = true;
 68
 69  environment.systemPackages = map lib.lowPrio [
 70    pkgs.curl
 71    pkgs.wget
 72    pkgs.dogdns
 73    inputs.agenix.packages.x86_64-linux.default
 74    pkgs.wpa_supplicant_gui
 75    pkgs.overskride
 76    pkgs.alacritty
 77    pkgs.zsh
 78    pkgs.starship
 79    pkgs.gh
 80    pkgs.swww
 81    pkgs.sunwait
 82    pkgs.sunpaper
 83    pkgs.wluma
 84    pkgs.brightnessctl
 85    inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
 86    pkgs.mako
 87    pkgs.hyprpicker
 88    pkgs.notify-desktop
 89    pkgs.bc
 90    pkgs.wl-clipboard
 91    pkgs.psmisc
 92    pkgs.jq
 93    pkgs.playerctl
 94    pkgs.firefox
 95    pkgs.slack
 96    pkgs.gnome.nautilus
 97    pkgs.gnome.totem
 98    pkgs.loupe
 99    pkgs.gnome.simple-scan
100    pkgs.gnome.file-roller
101    pkgs.polkit_gnome
102    pkgs.fprintd
103    pkgs.gitMinimal
104    pkgs.github-desktop
105    pkgs.udiskie
106    pkgs.neofetch
107    pkgs.cava
108    pkgs.go
109    pkgs.unstable.bun
110    pkgs.pitivi
111    pkgs.unstable.arduino-ide
112    pkgs.unstable.arduino-cli
113    pkgs.lazygit
114    pkgs.vhs
115    pkgs.lightworks
116    pkgs.ffmpeg
117    pkgs.ngrok
118    pkgs.openssl
119    pkgs.unstable.nodePackages_latest.prisma
120    pkgs.nodejs_22
121    pkgs.invoice
122    pkgs.pop
123    pkgs.gum
124    pkgs.unstable.netlify-cli
125    pkgs.unstable.kicad
126  ];
127
128  services.gnome.gnome-keyring.enable = true;  
129  programs.dconf.enable = true;
130
131  systemd = {
132    user.services.polkit-gnome-authentication-agent-1 = {
133      description = "polkit-gnome-authentication-agent-1";
134      wantedBy = [ "graphical-session.target" ];
135      wants = [ "graphical-session.target" ];
136      after = [ "graphical-session.target" ];
137      serviceConfig = {
138        Type = "simple";
139        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
140        Restart = "on-failure";
141        RestartSec = 1;
142        TimeoutStopSec = 10;
143      };
144    };
145  };
146
147  fonts.packages = with pkgs; [
148    nerdfonts
149    fira
150  ];
151
152  # import the secret
153  age.identityPaths = [ "/home/kierank/.ssh/id_rsa" "/etc/ssh/id_rsa" "/mnt/etc/ssh/id_rsa" ];
154  age.secrets = {
155    wifi = {
156      file = ../secrets/wifi.age;
157      owner = "kierank";
158    };
159    resend = {
160      file = ../secrets/resend.age;
161      owner = "kierank";
162    };
163  };
164
165  environment.sessionVariables = {
166    XDG_CACHE_HOME  = "$HOME/.cache";
167    XDG_CONFIG_HOME = "$HOME/.config";
168    XDG_DATA_HOME   = "$HOME/.local/share";
169    SUNPAPERDIR = "${lib.getExe pkgs.sunpaper}";
170    XDG_STATE_HOME  = "$HOME/.local/state";
171    NIXOS_OZONE_WL = "1";
172    PRISMA_QUERY_ENGINE_LIBRARY = "${pkgs.prisma-engines}/lib/libquery_engine.node";
173    PRISMA_QUERY_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/query-engine";
174    PRISMA_SCHEMA_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/schema-engine";
175    RESEND_API_KEY = ''$(${pkgs.coreutils}/bin/cat ${config.age.secrets.resend.path})'';
176    POP_FROM = "me@dunkirk.sh";
177  };
178
179  # setup the network
180  networking = {
181    hostName = "moonlark";
182    wireless = {
183      environmentFile = config.age.secrets.wifi.path;
184      userControlled.enable = true;
185      enable = true;
186      networks = {
187        "KlukasNet".psk = "@PSK_HOME@";
188        "Everseen".psk = "@PSK_HOTSPOT@";
189      };
190    };
191  };
192
193  programs.zsh.enable = true;
194  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
195  users.users = {
196    kierank = {
197      # You can skip setting a root password by passing '--no-root-passwd' to nixos-install.
198      # Be sure to change it (using passwd) after rebooting!
199      initialPassword = "lolzthisaintsecure!";
200      isNormalUser = true;
201      shell = pkgs.zsh;
202      openssh.authorizedKeys.keys = [
203        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
204      ];
205      extraGroups = ["wheel" "networkmanager" "audio" "video" "docker" "plugdev" "input"];
206    };
207    root.openssh.authorizedKeys.keys = [
208      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay"
209    ];
210  };
211
212  programs.hyprland.enable = true;
213  services.hypridle.enable = true;
214  
215  # enable cups
216  services.printing.enable = true;
217  services.avahi = {
218    enable = true;
219    nssmdns4 = true;
220    openFirewall = true;
221  };
222
223
224  # enable bluetooth
225  hardware.bluetooth.enable = true;
226
227  # enable pipewire
228  # rtkit is optional but recommended
229  security.rtkit.enable = true;
230  services.pipewire = {
231    enable = true;
232    alsa.enable = true;
233    alsa.support32Bit = true;
234    pulse.enable = true;
235    # If you want to use JACK applications, uncomment this
236    jack.enable = true;
237  };
238
239  # This setups a SSH server. Very important if you're setting up a headless system.
240  # Feel free to remove if you don't need it.
241  services.openssh = {
242    enable = true;
243    settings = {
244      # Opinionated: forbid root login through SSH.
245      PermitRootLogin = "no";
246      # Opinionated: use keys only.
247      # Remove if you want to SSH using passwords
248      PasswordAuthentication = false;
249    };
250  };
251
252  networking.firewall = {
253    enable = true;
254    allowedTCPPorts = [ 4455 ];
255    allowedUDPPorts = [ 4455 ];
256  };
257
258
259  services.devmon.enable = true;
260  services.gvfs.enable = true; 
261  services.udisks2.enable = true;
262
263  services.logind.extraConfig = ''
264    # don't shutdown when power button is short-pressed
265    HandlePowerKey=ignore
266    HandlePowerKeyLongPress=poweroff
267  '';
268
269  # Requires at least 5.16 for working wi-fi and bluetooth.
270  # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89
271  boot = {
272    kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (lib.mkDefault pkgs.linuxPackages_latest);
273    loader.grub = {
274      # no need to set devices, disko will add all devices that have a EF02 partition to the list already
275      device = "nodev";
276      efiSupport = true;
277      efiInstallAsRemovable = true;
278    };
279    supportedFilesystems = [ "ntfs" ];
280  };
281
282  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
283  system.stateVersion = "23.05";
284}