diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..adb1db2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,27 @@ +{ + description = "Lavitz System Config"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, home-manager, ... }@inputs: { + nixosConfigurations = { + lavitz = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.atridad = import ./home.nix; + } + ]; + }; + }; + }; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..677cce8 --- /dev/null +++ b/home.nix @@ -0,0 +1,113 @@ +{ config, pkgs, ... }: + +let + lock-false = { + Value = false; + Status = "locked"; + }; + lock-true = { + Value = true; + Status = "locked"; + }; +in +{ + home.username = "atridad"; + home.homeDirectory = "/home/atridad"; + home.stateVersion = "25.11"; + + home.file."Assets".source = ./assets; + + programs.git = { + enable = true; + userName = "Atridad Lahiji"; + userEmail = "me@atri.dad"; + extraConfig = { + init.defaultBranch = "main"; + gpg.format = "ssh"; + }; + }; + + programs.librewolf = { + enable = true; + package = pkgs.librewolf.override { + extraPolicies = { + ExtensionSettings = { + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; + installation_mode = "force_installed"; + }; + "floccus@handmadeideas.org" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + Preferences = { + "browser.contentblocking.category" = { Value = "strict"; Status = "locked"; }; + "extensions.pocket.enabled" = lock-false; + }; + }; + }; + settings = { + "browser.topsites.contile.enabled" = false; + "browser.formfill.enable" = false; + "browser.search.suggest.enabled" = false; + "browser.search.suggest.enabled.private" = false; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.showSearchSuggestionsFirst" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.system.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + }; + }; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "librewolf.desktop" + "org.gnome.Console.desktop" + "org.gnome.Nautilus.desktop" + ]; + }; + + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + enable-hot-corners = false; + }; + + "org/gnome/desktop/applications/browser" = { + exec = "librewolf"; + }; + + "org/gnome/desktop/background" = { + picture-uri = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png"; + picture-uri-dark = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png"; + }; + + "org/gnome/desktop/wm/preferences" = { + button-layout = "appmenu:minimize,maximize,close"; + }; + }; + + home.packages = with pkgs; [ + gnomeExtensions.appindicator + gnomeExtensions.blur-my-shell + ]; + + xdg.mimeApps = { + enable = true; + defaultApplications = { + "text/html" = "librewolf.desktop"; + "x-scheme-handler/http" = "librewolf.desktop"; + "x-scheme-handler/https" = "librewolf.desktop"; + "x-scheme-handler/about" = "librewolf.desktop"; + "x-scheme-handler/unknown" = "librewolf.desktop"; + }; + }; +} diff --git a/modules/assets.nix b/modules/assets.nix index c14acb7..b9a9244 100644 --- a/modules/assets.nix +++ b/modules/assets.nix @@ -1,14 +1,7 @@ { config, pkgs, lib, ... }: -let - settings = import ../settings.nix; - # The assets folder from the project root - assetsPath = ../assets; -in { - # Use tmpfiles.rules to create the symlink at boot/activation - # L+ forces the creation of the symlink, removing existing file/dir if necessary systemd.tmpfiles.rules = [ - "L+ /home/${settings.username}/Assets - - - - ${assetsPath}" + "L+ /home/atridad/Assets - - - - ${../assets}" ]; } diff --git a/modules/audio.nix b/modules/audio.nix index 2be4ea3..62832ae 100644 --- a/modules/audio.nix +++ b/modules/audio.nix @@ -3,7 +3,6 @@ { security.rtkit.enable = true; - # Pipewire services.pipewire = { enable = true; alsa.enable = true; @@ -14,15 +13,28 @@ }; services.pipewire.extraConfig.pipewire."92-low-latency" = { - "context.properties" = { - "default.clock.rate" = 48000; - "default.clock.quantum" = 256; - "default.clock.min-quantum" = 256; - "default.clock.max-quantum" = 1024; - }; - }; + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.quantum" = 1024; + "default.clock.min-quantum" = 512; + "default.clock.max-quantum" = 2048; + }; + }; + + services.pipewire.wireplumber.extraConfig = { + "monitor.alsa.rules" = [ + { + matches = [ { "node.name" = "~alsa_output.*"; } ]; + actions = { + update-props = { + "session.suspend-timeout-seconds" = 0; + "dither.method" = "rectangular"; + }; + }; + } + ]; + }; - # DeepFilterNet noise reduction filter chain services.pipewire.extraConfig.pipewire."99-deepfilter-source" = { "context.modules" = [ { @@ -37,9 +49,7 @@ name = "deepfilter"; plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so"; label = "deep_filter_mono"; - control = { - "Attenuation Limit (dB)" = 100; - }; + control = { "Attenuation Limit (dB)" = 100; }; } ]; }; diff --git a/modules/desktop.nix b/modules/desktop.nix index 27bfb53..9da763c 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,11 +1,17 @@ { config, pkgs, ... }: { - services.desktopManager.plasma6.enable = true; + services.xserver.enable = true; - services.displayManager.sddm.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; - services.displayManager.sddm.wayland.enable = true; + environment.gnome.excludePackages = (with pkgs; [ + gnome-photos + gnome-tour + ]); + + services.udev.packages = with pkgs; [ gnome-settings-daemon ]; services.printing.enable = true; } diff --git a/modules/locale.nix b/modules/locale.nix index fdd4f48..416d8d3 100644 --- a/modules/locale.nix +++ b/modules/locale.nix @@ -1,12 +1,7 @@ { config, pkgs, ... }: -let - settings = import ../settings.nix; -in { - # Time zone - time.timeZone = settings.timezone; + time.timeZone = "America/Edmonton"; - # Internationalization properties - i18n.defaultLocale = settings.locale; -} \ No newline at end of file + i18n.defaultLocale = "en_CA.UTF-8"; +} diff --git a/modules/networking.nix b/modules/networking.nix index a71ebd2..a5fb7c2 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,10 +1,7 @@ { config, pkgs, ... }: -let - settings = import ../settings.nix; -in { - networking.hostName = settings.hostname; + networking.hostName = "lavitz"; networking.networkmanager = { enable = true; @@ -14,17 +11,12 @@ in networking.firewall = { enable = true; - # Allowed ports allowedTCPPorts = [ - # Sunshine 47984 47989 48010 - # SyncThing 8384 22000 ]; allowedUDPPorts = [ - # Sunshine 47998 47999 48000 48010 - # SyncThing 22000 21027 ]; }; diff --git a/modules/packages.nix b/modules/packages.nix index 55e4dc0..800d097 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -1,23 +1,17 @@ { config, pkgs, ... }: -let - settings = import ../settings.nix; -in { - # Enable unfree globally nixpkgs.config.allowUnfree = true; environment.variables.BROWSER = "librewolf"; - environment.variables.SSH_AUTH_SOCK = "/home/${settings.username}/.bitwarden-ssh-agent.sock"; + environment.variables.SSH_AUTH_SOCK = "/home/atridad/.bitwarden-ssh-agent.sock"; environment.systemPackages = with pkgs; [ - # Browsers and comms discord signal-desktop librewolf - # Development tools gnumake openssh nodePackages."pnpm" @@ -37,7 +31,6 @@ in wget unzip - # Desktop applications bitwarden-desktop vlc streamrip @@ -50,7 +43,6 @@ in onlyoffice-desktopeditors protege - # KDE kdePackages.kcalc kdePackages.kcolorchooser kdePackages.ksystemlog @@ -63,7 +55,6 @@ in wl-clipboard ]; - # Programs with extra configuration programs.steam = { enable = true; remotePlay.openFirewall = true; @@ -75,17 +66,4 @@ in programs.steam.extraPackages = [ pkgs.jdk ]; programs.obs-studio.enable = true; - - programs.git = { - enable = true; - config = { - user = { - name = "${settings.gitName}"; - email = "${settings.gitEmail}"; - signingkey = "${settings.gitKey}"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - }; } diff --git a/modules/services.nix b/modules/services.nix index 5f822dc..4b89d1a 100644 --- a/modules/services.nix +++ b/modules/services.nix @@ -1,27 +1,20 @@ { config, pkgs, ... }: -let - settings = import ../settings.nix; -in { - # Hardened OpenSSH services.openssh = { enable = true; ports = [ 22 ]; settings = { - # Authentication PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitEmptyPasswords = false; - # Security hardening X11Forwarding = false; AllowTcpForwarding = false; AllowAgentForwarding = false; AllowStreamLocalForwarding = false; - # Session settings ClientAliveInterval = 300; ClientAliveCountMax = 2; MaxAuthTries = 3; @@ -30,13 +23,10 @@ in }; }; - # Tailscale services.tailscale.enable = true; - # Fwupd services.fwupd.enable = true; - # Sunshine services.sunshine = { enable = true; autoStart = true; @@ -60,9 +50,9 @@ in syncthing = { enable = true; group = "wheel"; - user = "${settings.username}"; - dataDir = "/home/${settings.username}/syncthing/data"; - configDir = "/home/${settings.username}/syncthing/conf"; + user = "atridad"; + dataDir = "/home/atridad/syncthing/data"; + configDir = "/home/atridad/syncthing/conf"; }; }; diff --git a/modules/users.nix b/modules/users.nix index a9ed61c..b645c22 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,18 +1,15 @@ { config, pkgs, ... }: -let - settings = import ../settings.nix; -in { users.groups.plugdev.gid = 69420; - users.users.${settings.username} = { + users.users.atridad = { isNormalUser = true; - description = settings.userDescription; - extraGroups = settings.userGroups; + description = "Atridad Lahiji"; + extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" "input" "video" ]; + shell = pkgs.bash; }; - # Security security.sudo.execWheelOnly = true; security.audit.enable = true; security.auditd.enable = true; diff --git a/settings.example.nix b/settings.example.nix deleted file mode 100644 index 83ca3fb..0000000 --- a/settings.example.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - hostname = "nixos"; - username = "user"; - userDescription = "User"; - timezone = "America/Edmonton"; - locale = "en_CA.UTF-8"; - userGroups = [ "networkmanager" "wheel" "docker" "plugdev" ]; - gitName = "User Name"; - gitEmail = "user@email.com"; - gitKey = "ssh-ed25519 ..."; -}