add selinunte (desktop gaming system)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

.sops.yaml

@@ -7,11 +7,9 @@ keys:
     # cspell:disable
     - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
     - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
-    #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
     - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
+    - &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
     # cspell:enable
-servers: &servers
-    - *palatine-hill
 # add new users by executing: sops users/<user>/secrets.yaml
 # then have someone already in the repo run the below
 #
@@ -38,6 +36,13 @@ creation_rules:
             - *admin_alice
           age:
             - *artemision
+    - path_regex: systems/selinunte/secrets.*\.yaml$
+      key_groups:
+        - pgp:
+            - *admin_alice
+          age:
+            - *artemision
+            - *selinunte
     - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
       key_groups:
         - pgp:

systems/palatine-hill/default.nix

@@ -3,5 +3,8 @@
   users = [ "alice" ];
   modules = [
     # inputs.attic.nixosModules.atticd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.supermicro
   ];
 }

systems/selinunte/audio.nix

@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+
+{
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  services = {
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      # If you want to use JACK applications, uncomment this
+      #jack.enable = true;
+    };
+
+    pipewire.wireplumber.configPackages = [
+      (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
+        bluez_monitor.properties = {
+        	["bluez5.enable-sbc-xq"] = true,
+        	["bluez5.enable-msbc"] = true,
+        	["bluez5.enable-hw-volume"] = true,
+        	["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+        }
+      '')
+    ];
+    blueman.enable = true;
+  };
+
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  environment.systemPackages = with pkgs; [ pavucontrol ];
+
+  programs.noisetorch.enable = true;
+}

systems/selinunte/configuration.nix

@@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./audio.nix
+    ./desktop.nix
+    ./fonts.nix
+    ./graphics.nix
+    ./polkit.nix
+    ./programs.nix
+    ./steam.nix
+    ./stylix.nix
+  ];
+
+  time.timeZone = "America/New_York";
+
+  # temp workaround for building while in nixos-enter
+  #services.logrotate.checkConfig = false;
+
+  networking = {
+    hostId = "9f2e1ff9";
+    firewall.enable = true;
+    useNetworkd = true;
+  };
+
+  boot = {
+    useSystemdBoot = true;
+    default = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  services = {
+    flatpak.enable = true;
+    gvfs.enable = true;
+    openssh.enable = lib.mkForce false;
+  };
+
+  system.stateVersion = "25.05";
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+  };
+}

systems/selinunte/default.nix

@@ -0,0 +1,23 @@
+{ inputs, ... }:
+{
+  system = "x86_64-linux";
+  home = true;
+  sops = true;
+  server = false;
+  users = [ "alice" ];
+  modules = [
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+    inputs.nixos-hardware.nixosModules.common-gpu-nvidia-sync
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
+    inputs.stylix.nixosModules.stylix
+    {
+      environment.systemPackages = [
+        inputs.wired-notify.packages.x86_64-linux.default
+        inputs.hyprland-contrib.packages.x86_64-linux.grimblast
+      ];
+    }
+  ];
+}

systems/selinunte/desktop.nix

@@ -0,0 +1,44 @@
+{ pkgs, ... }:
+
+{
+  # installs hyprland, and its dependencies
+
+  programs = {
+    hyprland = {
+      enable = true;
+      xwayland.enable = true;
+      withUWSM = true;
+    };
+    hyprlock.enable = true;
+    ydotool.enable = true;
+  };
+  # Optional, hint electron apps to use wayland:
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.gdm = {
+        enable = true;
+        wayland = true;
+      };
+    };
+
+    dbus = {
+      enable = true;
+      implementation = "broker";
+    };
+  };
+
+  powerManagement = {
+    enable = true;
+    resumeCommands = ''
+      ${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [
+    libsForQt5.qt5.qtwayland
+    qt6.qtwayland
+  ];
+}

systems/selinunte/fonts.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  fonts = {
+    fontconfig.enable = true;
+    enableDefaultPackages = true;
+    packages = with pkgs.nerd-fonts; [
+      fira-code
+      droid-sans-mono
+      hack
+      dejavu-sans-mono
+      noto
+      open-dyslexic
+    ];
+  };
+}

systems/selinunte/graphics.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  hardware.graphics = {
+    ## radv: an open-source Vulkan driver from freedesktop
+    enable = true;
+    enable32Bit = true;
+
+  };
+}

systems/selinunte/hardware.nix

@@ -0,0 +1,96 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd.availableKernelModules = [
+      "nvme"
+      "xhci_pci"
+      "thunderbolt"
+      "usb_storage"
+      "usbhid"
+      "sd_mod"
+      "ip_vs"
+      "ip_vs_rr"
+      "nf_conntrack"
+    ];
+    initrd.kernelModules = [
+      "dm-snapshot"
+      "r8152"
+    ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+    kernelParams = [
+      "amdgpu.sg_display=0"
+      "amdgpu.graphics_sg=0"
+      "amdgpu.abmlevel=3"
+    ];
+  };
+
+  fileSystems = {
+
+    "/" = lib.mkDefault {
+      device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/5AD7-6005";
+      fsType = "vfat";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

systems/selinunte/polkit.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+  security.polkit.enable = true;
+  environment.systemPackages = with pkgs; [ polkit_gnome ];
+
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+      };
+    };
+  };
+}

systems/selinunte/programs.nix

@@ -0,0 +1,114 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    act
+    alacritty
+    attic-client
+    amdgpu_top
+    bat
+    bitwarden-cli
+    bfg-repo-cleaner
+    brightnessctl
+    btop
+    calibre
+    # calibre dedrm?
+    candy-icons
+    chromium
+    chromedriver
+    croc
+    deadnix
+    direnv
+    easyeffects
+    eza
+    fanficfare
+    ferium
+    fd
+    file
+    firefox
+    # gestures replacement
+    git
+    glances
+    gpu-viewer
+    grim
+    helvum
+    htop
+    hwloc
+    ipmiview
+    iperf3
+    # ipscan
+    jp2a
+    jq
+    kdePackages.kdenlive
+    kitty
+    kubectl
+    kubernetes-helm
+    libreoffice-fresh
+    libtool
+    lsof
+    lynis
+    masterpdfeditor4
+    minikube
+    mons
+    mpv
+    # nbt explorer?
+    ncdu
+    nemo-with-extensions
+    neofetch
+    neovim
+    nix-init
+    nix-output-monitor
+    nix-prefetch
+    nix-tree
+    nixpkgs-fmt
+    nmap
+    obs-studio
+    obsidian
+    ocrmypdf
+    pciutils
+    #disabled until wxpython compat with python3.12
+    #playonlinux
+    prismlauncher
+    protonmail-bridge
+    protontricks
+    proxychains
+    qrencode
+    redshift
+    restic
+    ripgrep
+    rpi-imager
+    rofi-wayland
+    samba
+    signal-desktop
+    # signal in tray?
+    siji
+    simple-mtpfs
+    skaffold
+    slack
+    slurp
+    smartmontools
+    snyk
+    sops
+    spotify
+    spotify-player
+    #swaylock/waylock?
+    sweet-nova
+    telegram-desktop
+    terraform
+    tig
+    tokei
+    tree
+    unipicker
+    unzip
+    uutils-coreutils-noprefix
+    ventoy
+    vesktop
+    vscode
+    watchman
+    wget
+    wl-clipboard
+    yq
+    yt-dlp
+    zoom-us
+    zoxide
+  ];
+}

systems/selinunte/steam.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = [ pkgs.steam-run ];
+  hardware.steam-hardware.enable = true;
+  programs = {
+    gamescope = {
+      enable = true;
+      capSysNice = true;
+    };
+    steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      localNetworkGameTransfers.openFirewall = true;
+      extraCompatPackages = with pkgs; [ proton-ge-bin ];
+      gamescopeSession.enable = true;
+      extest.enable = true;
+    };
+  };
+}

systems/selinunte/stylix.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+# let
+# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
+#   numWallpapers =
+#   $((1 + $RANDOM % 10))
+
+# in
+{
+  stylix = {
+    enable = true;
+    image = "${pkgs.hyprland}/share/hypr/wall2.png";
+
+    #image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
+    polarity = "dark";
+  };
+}