ivandimitrov8080/configuration.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vm changes

Browse Source
This commit is contained in:
Ivan Kirilov Dimitrov 2024-07-04 08:38:33 +02:00
parent 068bbcff91
commit 4de15ebaf9
No known key found for this signature in database
GPG Key ID: 0BDAD4B211C49294
7 changed files with 203 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -0,0 +1 @@
result

5
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: default all home nixos update clean .PHONY: default all home nixos vm update clean
default: all default: all
@ -10,6 +10,9 @@ home:
nixos: nixos:
doas nixos-rebuild switch --flake ./. doas nixos-rebuild switch --flake ./.
vm:
nixos-rebuild build-vm --flake ./.#vm
update: update:
nix flake update nix flake update

1
default.nix
View File

@ -18,7 +18,6 @@ top@{ inputs, ... }: {
inputs.sal.overlays.default inputs.sal.overlays.default
]; ];
}; };
stateVersion = "24.05";
}; };
}; };
} }

6
home/configs/ivand/default.nix
View File

@ -1,6 +1,6 @@
toplevel@{ inputs, withSystem, ... }: toplevel@{ inputs, withSystem, ... }:
{ {
flake.homeConfigurations.ivand = withSystem "x86_64-linux" (ctx@{ pkgs, stateVersion, ... }: flake.homeConfigurations.ivand = withSystem "x86_64-linux" (ctx@{ pkgs, ... }:
inputs.home-manager.lib.homeManagerConfiguration { inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit pkgs;
modules = modules =
@ -9,15 +9,15 @@ toplevel@{ inputs, withSystem, ... }:
in in
[ [
{ {
home.stateVersion = stateVersion; home.stateVersion = "24.05";
} }
inputs.nid.hmModules.nix-index inputs.nid.hmModules.nix-index
inputs.catppuccin.homeManagerModules.catppuccin
mods.all mods.all
mods.dev mods.dev
mods.essential mods.essential
mods.random mods.random
mods.reminders mods.reminders
inputs.catppuccin.homeManagerModules.catppuccin
]; ];
}); });
} }

1
home/modules/packages/default.nix
View File

@ -30,7 +30,6 @@
xonotic xonotic
tor-browser tor-browser
electrum electrum
monero-cli
bisq-desktop bisq-desktop
]; ];
} }

16
nixos/configs/default.nix
View File

@ -3,7 +3,8 @@ let
system = "x86_64-linux"; system = "x86_64-linux";
in in
{ {
flake.nixosConfigurations.nixos = withSystem system (ctx@{ config, inputs', ... }: flake.nixosConfigurations = {
nixos = withSystem system (ctx@{ config, inputs', ... }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs inputs'; inherit inputs inputs';
@ -13,6 +14,17 @@ in
./nova-hardware.nix ./nova-hardware.nix
inputs.hosts.nixosModule inputs.hosts.nixosModule
inputs.catppuccin.nixosModules.catppuccin inputs.catppuccin.nixosModules.catppuccin
] ++ (with toplevel.config.flake.nixosModules; [ wireguard catppuccin boot security xdg networking users services programs env rest ]); ] ++ (with toplevel.config.flake.nixosModules; [ grub base sound security ivand wireless wireguard style ]);
}); });
vm = withSystem system (ctx@{ config, inputs', ... }:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs inputs';
packages = config.packages;
};
modules = [
inputs.hosts.nixosModule
] ++ (with toplevel.config.flake.nixosModules; [ vm base security testUser ]);
});
};
} }

290
nixos/modules/default.nix
View File

@ -1,5 +1,98 @@
{ moduleWithSystem, ... }: { { moduleWithSystem, ... }: {
flake.nixosModules = { flake.nixosModules = {
grub = {
boot = {
loader = {
grub = {
enable = true;
useOSProber = true;
efiSupport = true;
device = "nodev";
};
efi = {
canTouchEfiVariables = true;
};
};
};
};
base = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
system.stateVersion = "24.05";
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
i18n.supportedLocales = [ "all" ];
time.timeZone = "Europe/Prague";
fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji noto-fonts-lgc-plus ];
environment = {
systemPackages = with pkgs; [
cmatrix
coreutils-full
cryptsetup
fd
file
git
glibc
gnumake
mlocate
moreutils
openssl
srm
unzip
vim
zip
];
shells = with pkgs; [ zsh nushell ];
};
programs = {
zsh.enable = true;
nix-ld.enable = true;
dconf.enable = true;
};
services = {
dbus.enable = true;
};
networking = {
stevenBlackHosts = {
enable = true;
blockFakenews = true;
blockGambling = true;
};
};
});
sound = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
};
});
security = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
security = {
sudo = {
enable = false;
execWheelOnly = true;
extraRules = [
{
groups = [ "wheel" ];
}
];
};
doas = {
enable = true;
extraRules = [
# Allow wheel to run all commands without password and keep user env.
{ groups = [ "wheel" ]; noPass = true; keepEnv = true; }
];
};
polkit.enable = true;
rtkit.enable = true;
pam = { services = { swaylock = { }; }; };
};
});
wireguard = { wireguard = {
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
wg0 = { wg0 = {
@ -16,63 +109,7 @@
}; };
}; };
}; };
catppuccin = { wireless = {
catppuccin = {
enable = true;
flavor = "mocha";
};
boot.loader.grub.catppuccin.enable = true;
};
boot = {
boot = {
loader = {
grub = {
enable = true;
useOSProber = true;
efiSupport = true;
device = "nodev";
};
efi = {
canTouchEfiVariables = true;
};
};
kernelModules = [ "v4l2loopback" ];
};
};
security = moduleWithSystem (toplevel@{ ... }: nixos@{ pkgs, ... }: {
security = {
sudo = {
enable = false;
execWheelOnly = true;
extraRules = [
{
groups = [ "wheel" ];
commands = [{ command = "${pkgs.light}/bin/light"; options = [ "SETENV" "NOPASSWD" ]; }];
}
];
};
doas = {
enable = true;
extraRules = [
# Allow wheel to run all commands without password and keep user env.
{ groups = [ "wheel" ]; noPass = true; keepEnv = true; }
];
};
polkit.enable = true;
rtkit.enable = true;
pam = { services = { swaylock = { }; }; };
};
});
xdg = {
xdg = {
portal = {
enable = true;
wlr.enable = true;
config.common.default = "*";
};
};
};
networking = {
networking = { networking = {
wireless = { wireless = {
enable = true; enable = true;
@ -112,14 +149,9 @@
}; };
}; };
}; };
stevenBlackHosts = {
enable = true;
blockFakenews = true;
blockGambling = true;
}; };
}; };
}; ivand = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
users = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
@ -144,67 +176,89 @@
extraGroups = { mlocate = { }; }; extraGroups = { mlocate = { }; };
}; };
}); });
services = { testUser = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
services = { users = {
ollama.enable = true; defaultUserShell = pkgs.zsh;
xserver.videoDrivers = [ "nouveau" ]; users = {
dbus.enable = true; test = {
flatpak.enable = true; isNormalUser = true;
pipewire = { createHome = true;
enable = true; initialPassword = "test";
alsa.enable = true; extraGroups = [
pulse.enable = true; "adbusers"
}; "adm"
}; "audio"
}; "bluetooth"
programs = { "dialout"
programs = { "flatpak"
zsh.enable = true; "kvm"
nix-ld.enable = true; "mlocate"
adb.enable = true; "render"
dconf.enable = true; "video"
}; "wheel"
};
env = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
environment = {
systemPackages = with pkgs; [
cmatrix
coreutils-full
cryptsetup
dig
fd
file
git
glibc
gnumake
jq
mlocate
moreutils
ntfs3g
openssl
srm
unzip
vim
zip
]; ];
shells = with pkgs; [ zsh nushell ]; };
};
extraGroups = { mlocate = { }; };
}; };
}); });
rest = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { style = {
nix = { catppuccin = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
system.stateVersion = "24.05";
hardware = {
graphics = {
enable = true; enable = true;
flavor = "mocha";
};
boot.loader.grub.catppuccin.enable = true;
};
flatpak = {
xdg = {
portal = {
enable = true;
wlr.enable = true;
config.common.default = "*";
};
};
services.flatpak.enable = true;
};
ai = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
services = {
ollama.enable = true;
};
});
vm = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: {
nixpkgs.hostPlatform = "x86_64-linux";
virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm
virtualisation = {
memorySize = 8192;
cores = 4;
resolution = {
x = 1920;
y = 1080;
};
diskImage = "$HOME/doc/vm.qcow2";
qemu = {
options = [ "-vga qxl" "-spice port=5900,addr=127.0.0.1,disable-ticketing=on" ];
};
};
services = {
displayManager.sddm.enable = true;
xserver = {
enable = true;
desktopManager.xfce.enable = true;
videoDrivers = [ "qxl" ];
};
spice-autorandr.enable = true;
spice-vdagentd.enable = true;
spice-webdavd.enable = true;
};
environment = {
systemPackages = with pkgs; [
xorg.xf86videoqxl
tor-browser
gnupg
];
}; };
}; };
i18n.supportedLocales = [ "all" ];
time.timeZone = "Europe/Prague";
fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji noto-fonts-lgc-plus ];
}); });
}; };
} }