Migrate to new Flake based configuration

Merge pull request #1 from c4em/nouveau
2023-06-25 10:46:14 +00:00 · 2023-06-25 10:46:14 +00:00 · 3a6fe3c1d2
commit 3a6fe3c1d2
parent 98d6777b26 2a0aedbd67
34 changed files with 456 additions and 310 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 nixos/result
 pw
 .stfolder
--- a/README.md
+++ b/README.md
@ -1,41 +1,41 @@
 ### Old Hyprland config can be found [here](https://github.com/c4em/nixos-system-config/tree/deprecated)
 # nixos-system-config
-Modular NixOS configuration with dotfiles. 
+Modular multi-purpose NixOS configuration.
-## Usage
+
-You should have basic knowledge of NixOS before using this project. Begin at `configuration.nix` and read through the files by following imports. 
+## About
-Everything should be commented. If something is not satisfactory, feel free to open up an issue or pull request.
+Feel free to do whatever with this configuration.  
 This configuration [erases your darlings](https://grahamc.com/blog/erase-your-darlings/) using ZFS snapshots.  
 Currently only used for my homeserver, [desktop runs on Gentoo](https://git.dirae.org/caem/dotfiles).  
 ## Layout
 ```
-/etc/nixos/
+/nix/config
-├── configuration.nix             ; master configuration file
+├── flake.lock
-├── environments                  ; Desktop environment specific config
+├── flake.nix                   ; Master configuration file
-│   └── plasma.nix
+├── overlays                    ; Package overlays
-├── hardware-configuration.nix    ; Replace this with your current hardware-configuration.nix
+├── packages                    ; Packages with configurations
-├── overlays                      ; Package overlays
+│   ├── nginx
-├── packages                      ; Package specifix configuration
+│   │   └── homeserver.nix
-├── profile.nix                   ; Specify the profile to use
+│   ├── syncthing
-├── profiles                      ; Profiles, for example for different machines or workflows
+│   │   └── homeserver.nix
-│   └── workstation.nix
+│   └── vim
-├── sets                          ; Sets of packages to install
+│       └── package.nix
-│   ├── base
+├── pw                          ; Password of your user
 ├── sets                        ; Sets of packages 
 │   └── meta
 │       └── sysadmin.nix
 ├── systems                     ; System specific configuration
 │   ├── common.nix
 │   ├── hardware                ; Hardware configuration of each system
 │   │   ├── homeserver.nix
 │   │   └── qemu-vm.nix
 │   ├── homeserver.nix
 │   ├── persist                 ; Persistence configuration of each system
 │   │   ├── common.nix
-│   │   ├── devel.nix
+│   │   ├── homeserver.nix
-│   │   └── plasma.nix
+│   │   └── qemu-vm.nix
-│   ├── devel
+│   └── qemu-vm.nix
-│   │   ├── c.nix
+└── users                       ; User specific configuration
-│   │   └── git.nix
+    ├── media.nix
-│   ├── drivers
+    ├── none.nix
 │   │   ├── nvidia.nix
 │   │   └── tablet.nix
 │   └── graphics
 │       ├── art.nix
 │       └── video.nix
 ├── username.nix                   ; Set current user
 └── users                          ; Users
    └── user.nix
 ```
 ## Todo
 - [ ] Hyprland configuration
 - [ ] Clean up sets directory
 - [ ] Add screenshots to README.md
 - [ ] Home-manager configuration
--- a/configuration.nix
+++ b/configuration.nix
@ -1,43 +0,0 @@
 # Master configuration file
 { config, pkgs, ... }:
 let
  # User configurations are stored under ./user/[username].nix
  # Set the corresponding value in ./username.nix
  user = import ./username.nix;
 in
 {
  imports = [
    ./users/${user}.nix
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    # Uncomment the profile you want to use
    ./profiles/workstation.nix
  ];
  # General NixOS configuration
  nix = {
    settings.auto-optimise-store = true;
    # Automatically remove generations older than a week
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  # Use the unstable channel
  system.autoUpgrade = {
    enable = true;
    channel = "https://nixos.org/channels/nixos-unstable";
  };
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.05";
 }
--- a/environments/plasma.nix
+++ b/environments/plasma.nix
@ -1,11 +0,0 @@
 { config, pkgs, ... }:
 {
  imports = [
    ../sets/base/plasma.nix
  ];
  services.xserver.enable = true;
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
 }
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,60 @@
 {
  "nodes": {
    "impermanence": {
      "locked": {
        "lastModified": 1684264534,
        "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1686921029,
        "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "impermanence": "impermanence",
        "nixpkgs": "nixpkgs",
        "unstable": "unstable"
      }
    },
    "unstable": {
      "locked": {
        "lastModified": 1686960236,
        "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,34 @@
 {
    description = "Modular multi-purpose NixOS configuration.";
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
        unstable.url = "github:nixos/nixpkgs/nixos-unstable";
        # https://nixos.wiki/wiki/Impermanence
        impermanence.url = "github:nix-community/impermanence";
    };
    outputs = { self, nixpkgs, ... }@attrs: let
        user = "user"; # Select user from `./users` directory
    in {
        nixosConfigurations.homeserver = nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = attrs;
            modules = [ 
                ./users/${user}.nix
                ./systems/homeserver.nix
            ];
        };
        # Debugging VM configuration
        nixosConfigurations.qemu-vm = nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = attrs;
            modules = [ 
                ./users/${user}.nix
                ./systems/qemu-vm.nix
            ];
        };
    };
 }
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -1,43 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/56ec7666-a2ea-4e77-9015-00151b9b7884";
      fsType = "btrfs";
      options = [ "subvol=@" ];
    };
  fileSystems."/boot/efi" =
    { device = "/dev/disk/by-uuid/F076-283D";
      fsType = "vfat";
    };
  fileSystems."/mnt/vault" = {
    device = "/dev/disk/by-uuid/048d175b-0e3e-4ec7-955b-3d9a45f9f237";
    fsType = "xfs";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp34s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/packages/nginx/homeserver.nix
+++ b/packages/nginx/homeserver.nix
@ -0,0 +1,13 @@
 { ... }:
 {
    services.nginx.enable = true;
    services.nginx.virtualHosts."192.168.2.69" = {
        root = "/mnt/mass/Torrents";
        extraConfig = ''
            autoindex on;
        '';
    };
    networking.firewall.allowedTCPPorts = [ 80 ];
 }
--- a/packages/syncthing/homeserver.nix
+++ b/packages/syncthing/homeserver.nix
@ -0,0 +1,18 @@
 { ... }:
 {
    imports = [
        ../../users/media.nix
    ];
    services.syncthing = {
        enable = true;
        user = "media";
        dataDir = "/mnt/mass";
        configDir = "/mnt/mass/Services/Syncthing";
        guiAddress = "0.0.0.0:8384";
    };
    networking.firewall.allowedTCPPorts = [ 8384 22000 ];
    networking.firewall.allowedUDPPorts = [ 22000 21027 ];
 }
--- a/packages/vim/package.nix
+++ b/packages/vim/package.nix
@ -0,0 +1,34 @@
 { pkgs, ... }:
 {
    environment.variables = { EDITOR = "vim"; };
    environment.systemPackages = with pkgs; [
        ((vim_configurable.override { }).customize{
            name = "vim";
            vimrcConfig.packages.plugins = with pkgs.vimPlugins; {
                start = [ vim-nix ];
                opt = [];
            };
            vimrcConfig.customRC = ''
                syntax on
                set tabstop=4
                set shiftwidth=4 smarttab
                set expandtab
                set noswapfile
                set incsearch 
                set noerrorbells
                set smartindent
                set number
                set relativenumber
                set nobackup
                set scrolloff=8
                set sidescrolloff=8
                set fileencoding='utf-8'
                set nohlsearch
            '';
        })
    ];
 }
--- a/profile.nix
+++ b/profile.nix
@ -1,2 +0,0 @@
 # Select profile from ./profiles/ directory
 "workstation"
--- a/profiles/workstation.nix
+++ b/profiles/workstation.nix
@ -1,69 +0,0 @@
 { config, pkgs, ... }:
 {
  imports = [
    # Environments
    ../environments/plasma.nix # KDE/Plasma
    # ../environments/hyprland.nix # Todo
    # Package sets
    ../sets/base/common.nix
    ../sets/drivers/nvidia.nix
    ../sets/drivers/tablet.nix
    ../sets/base/devel.nix
    ../sets/graphics/art.nix
    ../sets/graphics/video.nix
  ];
  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Hostname
  networking.hostName = "nixos";
  # Networking
  networking.networkmanager.enable = true;
  # Timezone
  time.timeZone = "Europe/Berlin";
  # Locale
  i18n.defaultLocale = "en_US.UTF-8";
  console.keyMap = "uk";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };
  services.xserver = {
    layout = "gb";
    xkbVariant = "";
  };
  # Nvidia
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.opengl.enable = true;
  hardware.nvidia.modesetting.enable = true;
  # Enable audio
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };
 }
--- a/sets/base/common.nix
+++ b/sets/base/common.nix
@ -1,11 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    neovim
    firefox
    neofetch
    tree
  ];
 }
--- a/sets/base/devel.nix
+++ b/sets/base/devel.nix
@ -1,9 +0,0 @@
 { config, pkgs, ... }:
 {
  imports = [
    ../devel/git.nix
    ../devel/c.nix
  ];
 }
--- a/sets/base/plasma.nix
+++ b/sets/base/plasma.nix
@ -1,7 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    kate
  ];
 }
--- a/sets/devel/c.nix
+++ b/sets/devel/c.nix
@ -1,11 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    gcc
    clang
    clang-tools
    gnumake
  ];
 }
--- a/sets/devel/git.nix
+++ b/sets/devel/git.nix
@ -1,7 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    git
  ];
 }
--- a/sets/drivers/nvidia.nix
+++ b/sets/drivers/nvidia.nix
@ -1,8 +0,0 @@
 { config, pkgs, ... }:
 {
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.opengl.enable = true;
  hardware.nvidia.modesetting.enable = true;
 }
--- a/sets/drivers/tablet.nix
+++ b/sets/drivers/tablet.nix
@ -1,7 +0,0 @@
 { config, pkgs, ... }:
 {
  hardware.opentabletdriver.enable = true;
  hardware.opentabletdriver.daemon.enable = true;
 }
--- a/sets/graphics/art.nix
+++ b/sets/graphics/art.nix
@ -1,9 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    krita
    gimp
  ];
 }
--- a/sets/graphics/video.nix
+++ b/sets/graphics/video.nix
@ -1,8 +0,0 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    kdenlive
  ];
 }
--- a/sets/meta/sysadmin.nix
+++ b/sets/meta/sysadmin.nix
@ -0,0 +1,12 @@
 { pkgs, ... }:
 {
    environment.systemPackages = with pkgs; [
        htop
        wget
        curl
        git
    ];
    services.openssh.enable = true;
 }
--- a/systems/common.nix
+++ b/systems/common.nix
@ -0,0 +1,20 @@
 # Common configuration for all systems
 {  ... }:
 {
    nix = {
        settings.auto-optimise-store = true;
        # Clean generations older than a week
        gc = {
            automatic = false; # Flip this to do it automatically
            dates = "weekly";
            options = "--delete-older-than 7d";
        };
    };
    nixpkgs.config.allowUnfree = true;
    system.stateVersion = "23.05";
 }
--- a/systems/hardware/homeserver.nix
+++ b/systems/hardware/homeserver.nix
@ -0,0 +1,49 @@
 { config, lib, modulesPath, ... }:
 {
  imports = [ 
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  boot.initrd.postDeviceCommands = lib.mkAfter ''
    zfs rollback -r local/root@blank
  '';
  fileSystems."/" = { 
      device = "local/root";
      fsType = "zfs";
  };
  fileSystems."/boot" = {
      device = "/dev/disk/by-uuid/5C0E-1600";
      fsType = "vfat";
  };
  fileSystems."/nix" = {
      device = "local/nix";
      fsType = "zfs";
  };
  fileSystems."/mnt/mass" = {
      device = "/dev/disk/by-uuid/f04baac4-40a9-4115-b09d-83b252ee69ad";
      fsType = "xfs";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/systems/hardware/qemu-vm.nix
+++ b/systems/hardware/qemu-vm.nix
@ -0,0 +1,45 @@
 {lib, modulesPath, ... }:
 {
  imports = [ 
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.initrd.postDeviceCommands = lib.mkAfter ''
    zfs rollback -r local/root@blank
  '';
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.zfs.devNodes = "/dev/disk/by-path";
  fileSystems."/" = { 
     device = "local/root";
     fsType = "zfs";
  };
  fileSystems."/boot" = { 
      device = "/dev/disk/by-uuid/1FD8-C4B8";
      fsType = "vfat";
  };
  fileSystems."/nix" = { 
      device = "local/nix";
      fsType = "zfs";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/systems/homeserver.nix
+++ b/systems/homeserver.nix
@ -0,0 +1,57 @@
 { ... }:
 {
    imports = [
        ./common.nix
        ./hardware/homeserver.nix
        ./persist/homeserver.nix
        ../sets/meta/sysadmin.nix
        ../packages/vim/package.nix
        ../packages/nginx/homeserver.nix
        ../packages/syncthing/homeserver.nix
    ];
    boot = {
        loader = {
            efi = {
                canTouchEfiVariables = true;
            };
            grub = {
                enable = true;
                efiSupport = true;
                device = "nodev";
            };
        };
        kernel = {
            sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
        };
    };
    networking = {
        hostName = "homeserver";
        enableIPv6 = false;
        hostId = "95f846dc";
        interfaces = {
            eno1.ipv4.addresses = [{
                address = "192.168.2.69";
                prefixLength = 24;
            }];
        };
        nameservers = [ "1.1.1.1" "8.8.8.8" ];
        defaultGateway = "192.168.2.1";
        firewall = {
            enable = true;
            allowedTCPPorts = [ 22 ]; 
        };
    };
    time.timeZone = "Europe/Berlin";
    console.keyMap = "uk";
    # To not mess up SSH sessions from weird terminals
    environment.sessionVariables = rec {
        TERM = "xterm";
    };
 }
--- a/systems/persist/common.nix
+++ b/systems/persist/common.nix
@ -0,0 +1,18 @@
 { impermanence, ... }:
 {
    imports = [
        impermanence.nixosModules.impermanence
    ];
    environment.persistence."/nix/persist/common" = {
        directories = [
            "/etc/ssh"
            "/var/lib"
        ];
        files = [
            "/etc/machine-id"
        ];
    };
 }
--- a/systems/persist/homeserver.nix
+++ b/systems/persist/homeserver.nix
@ -0,0 +1,7 @@
 { ... }:
 {
    imports = [
        ./common.nix
    ];
 }
--- a/systems/persist/qemu-vm.nix
+++ b/systems/persist/qemu-vm.nix
@ -0,0 +1,7 @@
 { ... }:
 {
    imports = [
        ./common.nix
    ];
 }
--- a/systems/qemu-vm.nix
+++ b/systems/qemu-vm.nix
@ -0,0 +1,18 @@
 { ... }:
 {
    imports = [
        ./hardware/qemu-vm.nix
        ../sets/meta/sysadmin.nix
        ../packages/vim/package.nix
        ./common.nix
        ./persist/qemu-vm.nix
    ];
    boot.loader.grub.enable = true;
    boot.loader.grub.device = "/dev/vda";
    networking.hostId = "e78229f8";
    time.timeZone = "Europe/Berlin";
 }
--- a/username.nix
+++ b/username.nix
@ -1,2 +0,0 @@
 # Select user from the ./users/ directory
 "user"
--- a/users/media.nix
+++ b/users/media.nix
@ -0,0 +1,8 @@
 { ... }:
 {
    users.users.media = {
        isNormalUser = true;
        description = "media";
    };
 }
--- a/users/none.nix
+++ b/users/none.nix
@ -0,0 +1 @@
 { } 
--- a/users/user.nix
+++ b/users/user.nix
@ -1,30 +1,20 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
-  imports = [
+    users.users.user = {
-  ];
+        isNormalUser = true;
-
+        passwordFile = "/nix/config/pw"; # mkpasswd in config dir 
-  users.users.user = {
+        description = "user";
-    isNormalUser = true;
+        extraGroups = [
-    description = "user";
+            "wheel"
-    extraGroups = [
+            "audio"
-      "wheel" 
+            "video"
-      "networkmanager"
+            "docker"
-      "audio"
+            "podman"
-      "video"
+            "networkmanager"
-      "docker"
+            "kvm"
-      "plugdev"
+            "libvirt"
-    ];
+            "plugdev"
-  };
+        ];
-
+    };
  # Set to false to disable sudo password prompt
  security = {
    sudo.wheelNeedsPassword = true;
  };
 #  home-manager.users.user = {
 #    home.stateVersion = "22.11";
 #  };
  # programs.home-manager.enable = true;
 }
		`@ -1,2 +0,0 @@`
			`# Select profile from ./profiles/ directory`
			`"workstation"`
		`@ -1,2 +0,0 @@`
			`# Select user from the ./users/ directory`
			`"user"`