2024-12-20 22:37:44 -05:00
{
config ,
lib ,
pkgs ,
home-manager ,
. . .
} :
2024-12-17 15:26:10 -05:00
{
2024-12-20 22:37:44 -05:00
imports = [
2025-04-11 17:41:55 -04:00
./roles/2ship2harkinian
2024-12-20 22:37:44 -05:00
./roles/alacritty
2025-04-11 17:41:55 -04:00
./roles/ansible
./roles/ares
./roles/bluetooth
./roles/boot
./roles/chromecast
2024-12-22 00:48:57 -05:00
./roles/chromium
2025-05-04 16:20:00 -04:00
./roles/distributed_build
2025-04-11 17:41:55 -04:00
./roles/docker
2025-04-16 20:36:08 -04:00
./roles/ecc
2024-12-20 22:37:44 -05:00
./roles/emacs
2025-04-11 17:41:55 -04:00
./roles/firefox
./roles/firewall
./roles/flux
2024-12-20 22:37:44 -05:00
./roles/fonts
2025-04-11 17:41:55 -04:00
./roles/gcloud
./roles/git
./roles/global_options
./roles/gnuplot
2024-12-20 22:37:44 -05:00
./roles/gpg
2025-04-11 17:41:55 -04:00
./roles/graphics
./roles/hydra
./roles/iso
./roles/kanshi
./roles/kodi
2025-01-01 14:14:55 -05:00
./roles/kubernetes
2025-01-14 18:04:04 -05:00
./roles/latex
2025-01-14 20:16:06 -05:00
./roles/launch_keyboard
2025-01-14 21:54:21 -05:00
./roles/lvfs
2025-04-11 17:41:55 -04:00
./roles/media
2025-01-19 21:29:24 -05:00
./roles/memtest86
2025-04-11 17:41:55 -04:00
./roles/network
2025-01-25 20:18:10 -05:00
./roles/nix_index
2025-05-04 15:31:13 -04:00
./roles/nix_worker
2025-04-11 17:41:55 -04:00
./roles/nvme
2025-05-12 19:06:04 -04:00
./roles/optimized_build
2025-03-20 20:18:40 -04:00
./roles/pcsx2
2025-04-11 17:41:55 -04:00
./roles/python
./roles/qemu
./roles/reset
./roles/rust
2025-03-31 22:22:01 -04:00
./roles/shikane
2025-04-11 17:41:55 -04:00
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform
2025-04-16 20:36:08 -04:00
./roles/thunderbolt
2025-04-11 17:41:55 -04:00
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/waybar
./roles/wireguard
./roles/zfs
./roles/zrepl
./roles/zsh
./util/unfree_polyfill
2024-12-20 22:37:44 -05:00
] ;
2024-12-17 15:26:10 -05:00
2024-12-20 22:37:44 -05:00
nix . settings . experimental-features = [
" n i x - c o m m a n d "
" f l a k e s "
] ;
2024-12-19 18:09:48 -05:00
nix . settings . trusted-users = [ " @ w h e e l " ] ;
2024-12-17 15:26:10 -05:00
2024-12-23 10:00:01 -05:00
# boot.kernelPackages = pkgs.linuxPackages_6_11;
2024-12-19 19:52:27 -05:00
hardware . enableRedistributableFirmware = true ;
2024-12-19 19:36:10 -05:00
2025-05-04 12:31:33 -04:00
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
2025-05-12 19:06:04 -04:00
# Keep outputs so we can build offline.
nix . extraOptions = ''
keep-outputs = true
keep-derivations = true
'' ;
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot . supportedFilesystems . zfs = true ;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
2024-12-21 17:15:54 -05:00
services . getty = {
autologinUser = " t a l e x a n d e r " ; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true ;
} ;
2024-12-17 15:26:10 -05:00
users . mutableUsers = false ;
users . users . talexander = {
isNormalUser = true ;
createHome = true ; # https://github.com/NixOS/nixpkgs/issues/6481
2024-12-20 15:22:46 -05:00
group = " t a l e x a n d e r " ;
2024-12-17 15:26:10 -05:00
extraGroups = [ " w h e e l " ] ;
2024-12-20 15:22:46 -05:00
uid = 11235 ;
2024-12-17 15:26:10 -05:00
packages = with pkgs ; [
tree
] ;
# Generate with `mkpasswd -m scrypt`
hashedPassword = " $ 7 $ C U . . . . / . . . . V X v N Q 8 z a 3 w S G p d z G X N T 5 0 / $ H c F t n / y v w P M C w 4 8 8 8 B e l p i A P L A x e / z U 8 7 f D . d / N 6 U 4 8 " ;
openssh . authorizedKeys . keys = [
" s s h - e d 2 5 5 1 9 A A A A C 3 N z a C 1 l Z D I 1 N T E 5 A A A A I G u + k 5 l r i r o k d W 5 z V d R V B O q E O A v A P l I k G / M d J N c 9 g 5 k y "
" s k - s s h - e d 2 5 5 1 9 @ o p e n s s h . c o m A A A A G n N r L X N z a C 1 l Z D I 1 N T E 5 Q G 9 w Z W 5 z c 2 g u Y 2 9 t A A A A I E I 6 m u 6 I 5 J p + I b 0 v J x a p G H b E S h Z j y v z V 8 j z 5 D n z D r I 3 9 A A A A B H N z a D o = "
" s k - s s h - e d 2 5 5 1 9 @ o p e n s s h . c o m A A A A G n N r L X N z a C 1 l Z D I 1 N T E 5 Q G 9 w Z W 5 z c 2 g u Y 2 9 t A A A A I A F N c S X w v y + b r Y T O G o 5 6 G 9 3 P t u q 2 M m Z s j v R W A f M q b m M L A A A A B H N z a D o = "
] ;
} ;
2024-12-20 15:22:46 -05:00
users . groups . talexander . gid = 11235 ;
2024-12-20 22:37:44 -05:00
home-manager . users . talexander =
{ pkgs , . . . }:
{
# The state version is required and should stay at the version you
# originally installed.
home . stateVersion = " 2 4 . 1 1 " ;
} ;
2024-12-17 15:26:10 -05:00
2025-03-23 17:07:12 -04:00
home-manager . users . root =
{ pkgs , . . . }:
{
# The state version is required and should stay at the version you
# originally installed.
home . stateVersion = " 2 4 . 1 1 " ;
} ;
2024-12-17 15:26:10 -05:00
# Automatic garbage collection
2025-01-18 11:33:39 -05:00
nix . gc = lib . mkIf ( ! config . me . buildingIso ) {
2024-12-17 15:26:10 -05:00
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true ;
randomizedDelaySec = " 1 4 m " ;
2025-01-01 13:31:45 -05:00
options = " - - d e l e t e - o l d e r - t h a n 3 0 d " ;
2024-12-17 15:26:10 -05:00
} ;
2025-01-19 10:35:31 -05:00
nix . settings . auto-optimise-store = ! config . me . buildingIso ;
2024-12-17 15:26:10 -05:00
# Use doas instead of sudo
security . doas . enable = true ;
security . doas . wheelNeedsPassword = false ;
security . sudo . enable = false ;
2024-12-20 22:37:44 -05:00
security . doas . extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true ;
persist = true ; # Only ask for a password the first time.
}
] ;
2024-12-17 15:26:10 -05:00
environment . systemPackages = with pkgs ; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
2024-12-20 17:06:02 -05:00
ripgrep
2024-12-20 21:06:04 -05:00
strace
2025-01-15 21:12:28 -05:00
ltrace
trace-cmd # ftrace
2024-12-20 21:06:04 -05:00
tcpdump
2024-12-26 21:28:31 -05:00
git-crypt
2025-01-12 18:29:48 -05:00
gnumake
2025-01-19 11:05:00 -05:00
ncdu
2025-01-24 19:01:51 -05:00
nix-tree
2025-01-24 20:58:03 -05:00
libarchive # bsdtar
2025-01-29 19:40:44 -05:00
lsof
2025-01-31 21:29:05 -05:00
doas-sudo-shim # To support --use-remote-sudo for remote builds
2025-02-09 10:08:32 -05:00
dmidecode # Read SMBIOS information.
2025-02-19 20:43:27 -05:00
ipcalc
2025-03-23 15:28:49 -04:00
gptfdisk # for cgdisk
2025-03-28 18:58:58 -04:00
nix-output-monitor # For better view into nixos-rebuild
2025-05-10 21:29:37 -04:00
nix-serve-ng # Serve nix store over http
2024-12-17 15:26:10 -05:00
] ;
services . openssh = {
enable = true ;
settings = {
PasswordAuthentication = false ;
KbdInteractiveAuthentication = false ;
} ;
hostKeys = [
{
path = " / p e r s i s t / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y " ;
type = " e d 2 5 5 1 9 " ;
}
{
path = " / p e r s i s t / s s h / s s h _ h o s t _ r s a _ k e y " ;
type = " r s a " ;
bits = 4096 ;
}
] ;
} ;
2024-12-21 10:18:28 -05:00
environment . persistence . " / p e r s i s t " = lib . mkIf ( ! config . me . buildingIso ) {
2024-12-17 15:26:10 -05:00
hideMounts = true ;
directories = [
" / v a r / l i b / i w d " # Wifi settings
" / v a r / l i b / n i x o s " # Contains user information (uids/gids)
2024-12-21 10:18:28 -05:00
" / v a r / l i b / s y s t e m d " # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
" / v a r / l o g / j o u r n a l " # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
2024-12-17 15:26:10 -05:00
] ;
files = [
2024-12-21 10:18:28 -05:00
" / e t c / m a c h i n e - i d " # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
2024-12-17 15:26:10 -05:00
" / e t c / s s h / s s h _ h o s t _ r s a _ k e y "
" / e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b "
" / e t c / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y "
" / e t c / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y . p u b "
] ;
2025-01-24 20:36:37 -05:00
users . talexander = {
directories = [
{
directory = " p e r s i s t " ;
user = " t a l e x a n d e r " ;
group = " t a l e x a n d e r " ;
mode = " 0 7 0 0 " ;
}
] ;
} ;
2024-12-17 15:26:10 -05:00
} ;
# Write a list of the currently installed packages to /etc/current-system-packages
environment . etc . " c u r r e n t - s y s t e m - p a c k a g e s " . text =
let
packages = builtins . map ( p : " ${ p . name } " ) config . environment . systemPackages ;
sortedUnique = builtins . sort builtins . lessThan ( lib . unique packages ) ;
formatted = builtins . concatStringsSep " \n " sortedUnique ;
in
2024-12-20 22:37:44 -05:00
formatted ;
2024-12-17 15:26:10 -05:00
2025-01-24 18:53:57 -05:00
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
2024-12-17 15:26:10 -05:00
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
2025-01-24 18:36:14 -05:00
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
2024-12-17 15:26:10 -05:00
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system . stateVersion = " 2 4 . 1 1 " ; # Did you read the comment?
}
