diff --git a/.sops.yaml b/.sops.yaml index 332a93d..627d319 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,11 +7,9 @@ keys: # cspell:disable - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh + - &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 # cspell:enable -servers: &servers - - *palatine-hill # add new users by executing: sops users//secrets.yaml # then have someone already in the repo run the below # @@ -38,6 +36,13 @@ creation_rules: - *admin_alice age: - *artemision + - path_regex: systems/selinunte/secrets.*\.yaml$ + key_groups: + - pgp: + - *admin_alice + age: + - *artemision + - *selinunte - path_regex: systems/palatine-hill/docker/wg/.*\.conf$ key_groups: - pgp: diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index d469ee0..4dd7c60 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -3,5 +3,8 @@ users = [ "alice" ]; modules = [ # inputs.attic.nixosModules.atticd + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate + inputs.nixos-hardware.nixosModules.supermicro ]; } diff --git a/systems/selinunte/audio.nix b/systems/selinunte/audio.nix new file mode 100644 index 0000000..17c1dd8 --- /dev/null +++ b/systems/selinunte/audio.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: + +{ + # rtkit is optional but recommended + security.rtkit.enable = true; + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + }; + + pipewire.wireplumber.configPackages = [ + (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" '' + bluez_monitor.properties = { + ["bluez5.enable-sbc-xq"] = true, + ["bluez5.enable-msbc"] = true, + ["bluez5.enable-hw-volume"] = true, + ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" + } + '') + ]; + blueman.enable = true; + }; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + environment.systemPackages = with pkgs; [ pavucontrol ]; + + programs.noisetorch.enable = true; +} diff --git a/systems/selinunte/configuration.nix b/systems/selinunte/configuration.nix new file mode 100644 index 0000000..788b9d5 --- /dev/null +++ b/systems/selinunte/configuration.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ + ./audio.nix + ./desktop.nix + ./fonts.nix + ./graphics.nix + ./polkit.nix + ./programs.nix + ./steam.nix + ./stylix.nix + ]; + + time.timeZone = "America/New_York"; + + # temp workaround for building while in nixos-enter + #services.logrotate.checkConfig = false; + + networking = { + hostId = "9f2e1ff9"; + firewall.enable = true; + useNetworkd = true; + }; + + boot = { + useSystemdBoot = true; + default = true; + }; + + i18n = { + defaultLocale = "en_US.utf8"; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + services = { + flatpak.enable = true; + gvfs.enable = true; + openssh.enable = lib.mkForce false; + }; + + system.stateVersion = "25.05"; + + sops = { + defaultSopsFile = ./secrets.yaml; + }; +} diff --git a/systems/selinunte/default.nix b/systems/selinunte/default.nix new file mode 100644 index 0000000..ee8d0a3 --- /dev/null +++ b/systems/selinunte/default.nix @@ -0,0 +1,23 @@ +{ inputs, ... }: +{ + system = "x86_64-linux"; + home = true; + sops = true; + server = false; + users = [ "alice" ]; + modules = [ + inputs.nixos-hardware.nixosModules.common-pc + inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.nixos-hardware.nixosModules.common-gpu-nvidia-sync + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate + inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower + inputs.stylix.nixosModules.stylix + { + environment.systemPackages = [ + inputs.wired-notify.packages.x86_64-linux.default + inputs.hyprland-contrib.packages.x86_64-linux.grimblast + ]; + } + ]; +} diff --git a/systems/selinunte/desktop.nix b/systems/selinunte/desktop.nix new file mode 100644 index 0000000..3e0dfa6 --- /dev/null +++ b/systems/selinunte/desktop.nix @@ -0,0 +1,44 @@ +{ pkgs, ... }: + +{ + # installs hyprland, and its dependencies + + programs = { + hyprland = { + enable = true; + xwayland.enable = true; + withUWSM = true; + }; + hyprlock.enable = true; + ydotool.enable = true; + }; + # Optional, hint electron apps to use wayland: + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + services = { + xserver = { + enable = true; + displayManager.gdm = { + enable = true; + wayland = true; + }; + }; + + dbus = { + enable = true; + implementation = "broker"; + }; + }; + + powerManagement = { + enable = true; + resumeCommands = '' + ${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf + ''; + }; + + environment.systemPackages = with pkgs; [ + libsForQt5.qt5.qtwayland + qt6.qtwayland + ]; +} diff --git a/systems/selinunte/fonts.nix b/systems/selinunte/fonts.nix new file mode 100644 index 0000000..e8ab0fa --- /dev/null +++ b/systems/selinunte/fonts.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + fonts = { + fontconfig.enable = true; + enableDefaultPackages = true; + packages = with pkgs.nerd-fonts; [ + fira-code + droid-sans-mono + hack + dejavu-sans-mono + noto + open-dyslexic + ]; + }; +} diff --git a/systems/selinunte/graphics.nix b/systems/selinunte/graphics.nix new file mode 100644 index 0000000..486f856 --- /dev/null +++ b/systems/selinunte/graphics.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + hardware.graphics = { + ## radv: an open-source Vulkan driver from freedesktop + enable = true; + enable32Bit = true; + + }; +} diff --git a/systems/selinunte/hardware.nix b/systems/selinunte/hardware.nix new file mode 100644 index 0000000..7f7c52f --- /dev/null +++ b/systems/selinunte/hardware.nix @@ -0,0 +1,96 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "usbhid" + "sd_mod" + "ip_vs" + "ip_vs_rr" + "nf_conntrack" + ]; + initrd.kernelModules = [ + "dm-snapshot" + "r8152" + ]; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + kernelParams = [ + "amdgpu.sg_display=0" + "amdgpu.graphics_sg=0" + "amdgpu.abmlevel=3" + ]; + }; + + fileSystems = { + + "/" = lib.mkDefault { + device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + ]; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/5AD7-6005"; + fsType = "vfat"; + options = [ + "noatime" + "nodiratime" + ]; + }; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ]; + + boot.initrd.luks.devices = { + "nixos-pv" = { + device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a"; + preLVM = true; + allowDiscards = true; + }; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/systems/selinunte/polkit.nix b/systems/selinunte/polkit.nix new file mode 100644 index 0000000..1b012c9 --- /dev/null +++ b/systems/selinunte/polkit.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + security.polkit.enable = true; + environment.systemPackages = with pkgs; [ polkit_gnome ]; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/systems/selinunte/programs.nix b/systems/selinunte/programs.nix new file mode 100644 index 0000000..217e5cc --- /dev/null +++ b/systems/selinunte/programs.nix @@ -0,0 +1,114 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + act + alacritty + attic-client + amdgpu_top + bat + bitwarden-cli + bfg-repo-cleaner + brightnessctl + btop + calibre + # calibre dedrm? + candy-icons + chromium + chromedriver + croc + deadnix + direnv + easyeffects + eza + fanficfare + ferium + fd + file + firefox + # gestures replacement + git + glances + gpu-viewer + grim + helvum + htop + hwloc + ipmiview + iperf3 + # ipscan + jp2a + jq + kdePackages.kdenlive + kitty + kubectl + kubernetes-helm + libreoffice-fresh + libtool + lsof + lynis + masterpdfeditor4 + minikube + mons + mpv + # nbt explorer? + ncdu + nemo-with-extensions + neofetch + neovim + nix-init + nix-output-monitor + nix-prefetch + nix-tree + nixpkgs-fmt + nmap + obs-studio + obsidian + ocrmypdf + pciutils + #disabled until wxpython compat with python3.12 + #playonlinux + prismlauncher + protonmail-bridge + protontricks + proxychains + qrencode + redshift + restic + ripgrep + rpi-imager + rofi-wayland + samba + signal-desktop + # signal in tray? + siji + simple-mtpfs + skaffold + slack + slurp + smartmontools + snyk + sops + spotify + spotify-player + #swaylock/waylock? + sweet-nova + telegram-desktop + terraform + tig + tokei + tree + unipicker + unzip + uutils-coreutils-noprefix + ventoy + vesktop + vscode + watchman + wget + wl-clipboard + yq + yt-dlp + zoom-us + zoxide + ]; +} diff --git a/systems/selinunte/secrets.yaml b/systems/selinunte/secrets.yaml new file mode 100644 index 0000000..e69de29 diff --git a/systems/selinunte/steam.nix b/systems/selinunte/steam.nix new file mode 100644 index 0000000..c172c7c --- /dev/null +++ b/systems/selinunte/steam.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = [ pkgs.steam-run ]; + hardware.steam-hardware.enable = true; + programs = { + gamescope = { + enable = true; + capSysNice = true; + }; + steam = { + enable = true; + remotePlay.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + extraCompatPackages = with pkgs; [ proton-ge-bin ]; + gamescopeSession.enable = true; + extest.enable = true; + }; + }; +} diff --git a/systems/selinunte/stylix.nix b/systems/selinunte/stylix.nix new file mode 100644 index 0000000..06053da --- /dev/null +++ b/systems/selinunte/stylix.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +# let +# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } '' +# numWallpapers = +# $((1 + $RANDOM % 10)) + +# in +{ + stylix = { + enable = true; + image = "${pkgs.hyprland}/share/hypr/wall2.png"; + + #image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png"; + polarity = "dark"; + }; +}