atridad/lavitz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Home manager

Browse Source
This commit is contained in:
Atridad Lahiji
2026-01-22 10:44:27 -07:00
parent da9d7b4bff
commit f918c336fe
11 changed files with 184 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
flake.nix Normal file
View File

@@ -0,0 +1,27 @@
{
description = "Lavitz System Config";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
nixosConfigurations = {
lavitz = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.atridad = import ./home.nix;
}
];
};
};
};
}

113
home.nix Normal file
View File

@@ -0,0 +1,113 @@
{ config, pkgs, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in
{
home.username = "atridad";
home.homeDirectory = "/home/atridad";
home.stateVersion = "25.11";
home.file."Assets".source = ./assets;
programs.git = {
enable = true;
userName = "Atridad Lahiji";
userEmail = "me@atri.dad";
extraConfig = {
init.defaultBranch = "main";
gpg.format = "ssh";
};
};
programs.librewolf = {
enable = true;
package = pkgs.librewolf.override {
extraPolicies = {
ExtensionSettings = {
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
installation_mode = "force_installed";
};
"floccus@handmadeideas.org" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
installation_mode = "force_installed";
};
};
Preferences = {
"browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
"extensions.pocket.enabled" = lock-false;
};
};
};
settings = {
"browser.topsites.contile.enabled" = false;
"browser.formfill.enable" = false;
"browser.search.suggest.enabled" = false;
"browser.search.suggest.enabled.private" = false;
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.system.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
};
dconf.settings = {
"org/gnome/shell" = {
disable-user-extensions = false;
favorite-apps = [
"librewolf.desktop"
"org.gnome.Console.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
};
"org/gnome/desktop/applications/browser" = {
exec = "librewolf";
};
"org/gnome/desktop/background" = {
picture-uri = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
picture-uri-dark = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
};
"org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:minimize,maximize,close";
};
};
home.packages = with pkgs; [
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
];
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "librewolf.desktop";
"x-scheme-handler/http" = "librewolf.desktop";
"x-scheme-handler/https" = "librewolf.desktop";
"x-scheme-handler/about" = "librewolf.desktop";
"x-scheme-handler/unknown" = "librewolf.desktop";
};
};
}

9
modules/assets.nix
View File

@@ -1,14 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
settings = import ../settings.nix;
# The assets folder from the project root
assetsPath = ../assets;
in
{ {
# Use tmpfiles.rules to create the symlink at boot/activation
# L+ forces the creation of the symlink, removing existing file/dir if necessary
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ /home/${settings.username}/Assets - - - - ${assetsPath}" "L+ /home/atridad/Assets - - - - ${../assets}"
]; ];
} }

26
modules/audio.nix
View File

@@ -3,7 +3,6 @@
{ {
security.rtkit.enable = true; security.rtkit.enable = true;
# Pipewire
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@@ -16,13 +15,26 @@
services.pipewire.extraConfig.pipewire."92-low-latency" = { services.pipewire.extraConfig.pipewire."92-low-latency" = {
"context.properties" = { "context.properties" = {
"default.clock.rate" = 48000; "default.clock.rate" = 48000;
"default.clock.quantum" = 256; "default.clock.quantum" = 1024;
"default.clock.min-quantum" = 256; "default.clock.min-quantum" = 512;
"default.clock.max-quantum" = 1024; "default.clock.max-quantum" = 2048;
}; };
}; };
# DeepFilterNet noise reduction filter chain services.pipewire.wireplumber.extraConfig = {
"monitor.alsa.rules" = [
{
matches = [ { "node.name" = "~alsa_output.*"; } ];
actions = {
update-props = {
"session.suspend-timeout-seconds" = 0;
"dither.method" = "rectangular";
};
};
}
];
};
services.pipewire.extraConfig.pipewire."99-deepfilter-source" = { services.pipewire.extraConfig.pipewire."99-deepfilter-source" = {
"context.modules" = [ "context.modules" = [
{ {
@@ -37,9 +49,7 @@
name = "deepfilter"; name = "deepfilter";
plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so"; plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so";
label = "deep_filter_mono"; label = "deep_filter_mono";
control = { control = { "Attenuation Limit (dB)" = 100; };
"Attenuation Limit (dB)" = 100;
};
} }
]; ];
}; };

12
modules/desktop.nix
View File

@@ -1,11 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.desktopManager.plasma6.enable = true; services.xserver.enable = true;
services.displayManager.sddm.enable = true; services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.displayManager.sddm.wayland.enable = true; environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]);
services.udev.packages = with pkgs; [ gnome-settings-daemon ];
services.printing.enable = true; services.printing.enable = true;
} }

9
modules/locale.nix
View File

@@ -1,12 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{ {
# Time zone time.timeZone = "America/Edmonton";
time.timeZone = settings.timezone;
# Internationalization properties i18n.defaultLocale = "en_CA.UTF-8";
i18n.defaultLocale = settings.locale;
} }

10
modules/networking.nix
View File

@@ -1,10 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{ {
networking.hostName = settings.hostname; networking.hostName = "lavitz";
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
@@ -14,17 +11,12 @@ in
networking.firewall = { networking.firewall = {
enable = true; enable = true;
# Allowed ports
allowedTCPPorts = [ allowedTCPPorts = [
# Sunshine
47984 47989 48010 47984 47989 48010
# SyncThing
8384 22000 8384 22000
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
# Sunshine
47998 47999 48000 48010 47998 47999 48000 48010
# SyncThing
22000 21027 22000 21027
]; ];
}; };

24
modules/packages.nix
View File

@@ -1,23 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{ {
# Enable unfree globally
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.variables.BROWSER = "librewolf"; environment.variables.BROWSER = "librewolf";
environment.variables.SSH_AUTH_SOCK = "/home/${settings.username}/.bitwarden-ssh-agent.sock"; environment.variables.SSH_AUTH_SOCK = "/home/atridad/.bitwarden-ssh-agent.sock";
environment.systemPackages = environment.systemPackages =
with pkgs; [ with pkgs; [
# Browsers and comms
discord discord
signal-desktop signal-desktop
librewolf librewolf
# Development tools
gnumake gnumake
openssh openssh
nodePackages."pnpm" nodePackages."pnpm"
@@ -37,7 +31,6 @@ in
wget wget
unzip unzip
# Desktop applications
bitwarden-desktop bitwarden-desktop
vlc vlc
streamrip streamrip
@@ -50,7 +43,6 @@ in
onlyoffice-desktopeditors onlyoffice-desktopeditors
protege protege
# KDE
kdePackages.kcalc kdePackages.kcalc
kdePackages.kcolorchooser kdePackages.kcolorchooser
kdePackages.ksystemlog kdePackages.ksystemlog
@@ -63,7 +55,6 @@ in
wl-clipboard wl-clipboard
]; ];
# Programs with extra configuration
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
@@ -75,17 +66,4 @@ in
programs.steam.extraPackages = [ pkgs.jdk ]; programs.steam.extraPackages = [ pkgs.jdk ];
programs.obs-studio.enable = true; programs.obs-studio.enable = true;
programs.git = {
enable = true;
config = {
user = {
name = "${settings.gitName}";
email = "${settings.gitEmail}";
signingkey = "${settings.gitKey}";
};
gpg.format = "ssh";
commit.gpgsign = true;
};
};
} }

16
modules/services.nix
View File

@@ -1,27 +1,20 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{ {
# Hardened OpenSSH
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 22 ]; ports = [ 22 ];
settings = { settings = {
# Authentication
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PermitEmptyPasswords = false; PermitEmptyPasswords = false;
# Security hardening
X11Forwarding = false; X11Forwarding = false;
AllowTcpForwarding = false; AllowTcpForwarding = false;
AllowAgentForwarding = false; AllowAgentForwarding = false;
AllowStreamLocalForwarding = false; AllowStreamLocalForwarding = false;
# Session settings
ClientAliveInterval = 300; ClientAliveInterval = 300;
ClientAliveCountMax = 2; ClientAliveCountMax = 2;
MaxAuthTries = 3; MaxAuthTries = 3;
@@ -30,13 +23,10 @@ in
}; };
}; };
# Tailscale
services.tailscale.enable = true; services.tailscale.enable = true;
# Fwupd
services.fwupd.enable = true; services.fwupd.enable = true;
# Sunshine
services.sunshine = { services.sunshine = {
enable = true; enable = true;
autoStart = true; autoStart = true;
@@ -60,9 +50,9 @@ in
syncthing = { syncthing = {
enable = true; enable = true;
group = "wheel"; group = "wheel";
user = "${settings.username}"; user = "atridad";
dataDir = "/home/${settings.username}/syncthing/data"; dataDir = "/home/atridad/syncthing/data";
configDir = "/home/${settings.username}/syncthing/conf"; configDir = "/home/atridad/syncthing/conf";
}; };
}; };

11
modules/users.nix
View File

@@ -1,18 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{ {
users.groups.plugdev.gid = 69420; users.groups.plugdev.gid = 69420;
users.users.${settings.username} = { users.users.atridad = {
isNormalUser = true; isNormalUser = true;
description = settings.userDescription; description = "Atridad Lahiji";
extraGroups = settings.userGroups; extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" "input" "video" ];
shell = pkgs.bash;
}; };
# Security
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
security.audit.enable = true; security.audit.enable = true;
security.auditd.enable = true; security.auditd.enable = true;

11
settings.example.nix
View File

@@ -1,11 +0,0 @@
{
hostname = "nixos";
username = "user";
userDescription = "User";
timezone = "America/Edmonton";
locale = "en_CA.UTF-8";
userGroups = [ "networkmanager" "wheel" "docker" "plugdev" ];
gitName = "User Name";
gitEmail = "user@email.com";
gitKey = "ssh-ed25519 ...";
}