Home manager

2026-01-22 10:44:27 -07:00
parent da9d7b4bff
commit f918c336fe
11 changed files with 184 additions and 94 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,27 @@
 {
  description = "Lavitz System Config";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = { self, nixpkgs, home-manager, ... }@inputs: {
    nixosConfigurations = {
      lavitz = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./configuration.nix
          home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.users.atridad = import ./home.nix;
          }
        ];
      };
    };
  };
 }
--- a/home.nix
+++ b/home.nix
@@ -0,0 +1,113 @@
 { config, pkgs, ... }:
 let
  lock-false = {
    Value = false;
    Status = "locked";
  };
  lock-true = {
    Value = true;
    Status = "locked";
  };
 in
 {
  home.username = "atridad";
  home.homeDirectory = "/home/atridad";
  home.stateVersion = "25.11";
  home.file."Assets".source = ./assets;
  programs.git = {
    enable = true;
    userName = "Atridad Lahiji";
    userEmail = "me@atri.dad";
    extraConfig = {
      init.defaultBranch = "main";
      gpg.format = "ssh";
    };
  };
  programs.librewolf = {
    enable = true;
    package = pkgs.librewolf.override {
      extraPolicies = {
        ExtensionSettings = {
          "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
            install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
            installation_mode = "force_installed";
          };
          "floccus@handmadeideas.org" = {
            install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
            installation_mode = "force_installed";
          };
        };
        Preferences = {
          "browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
          "extensions.pocket.enabled" = lock-false;
        };
      };
    };
    settings = {
      "browser.topsites.contile.enabled" = false;
      "browser.formfill.enable" = false;
      "browser.search.suggest.enabled" = false;
      "browser.search.suggest.enabled.private" = false;
      "browser.urlbar.suggest.searches" = false;
      "browser.urlbar.showSearchSuggestionsFirst" = false;
      "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
      "browser.newtabpage.activity-stream.feeds.snippets" = false;
      "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
      "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
      "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
      "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
      "browser.newtabpage.activity-stream.showSponsored" = false;
      "browser.newtabpage.activity-stream.system.showSponsored" = false;
      "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
    };
  };
  dconf.settings = {
    "org/gnome/shell" = {
      disable-user-extensions = false;
      favorite-apps = [
        "librewolf.desktop"
        "org.gnome.Console.desktop"
        "org.gnome.Nautilus.desktop"
      ];
    };
    "org/gnome/desktop/interface" = {
      color-scheme = "prefer-dark";
      enable-hot-corners = false;
    };
    "org/gnome/desktop/applications/browser" = {
      exec = "librewolf";
    };
    "org/gnome/desktop/background" = {
      picture-uri = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
      picture-uri-dark = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
    };
    "org/gnome/desktop/wm/preferences" = {
      button-layout = "appmenu:minimize,maximize,close";
    };
  };
  home.packages = with pkgs; [
    gnomeExtensions.appindicator
    gnomeExtensions.blur-my-shell
  ];
  xdg.mimeApps = {
    enable = true;
    defaultApplications = {
      "text/html" = "librewolf.desktop";
      "x-scheme-handler/http" = "librewolf.desktop";
      "x-scheme-handler/https" = "librewolf.desktop";
      "x-scheme-handler/about" = "librewolf.desktop";
      "x-scheme-handler/unknown" = "librewolf.desktop";
    };
  };
 }
--- a/modules/assets.nix
+++ b/modules/assets.nix
@@ -1,14 +1,7 @@
 { config, pkgs, lib, ... }:
 let
  settings = import ../settings.nix;
  # The assets folder from the project root
  assetsPath = ../assets;
 in
 {
  # Use tmpfiles.rules to create the symlink at boot/activation
  # L+ forces the creation of the symlink, removing existing file/dir if necessary
  systemd.tmpfiles.rules = [
-    "L+ /home/${settings.username}/Assets - - - - ${assetsPath}"
+    "L+ /home/atridad/Assets - - - - ${../assets}"
  ];
 }
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -3,7 +3,6 @@
 {
  security.rtkit.enable = true;
  # Pipewire
  services.pipewire = {
    enable = true;
    alsa.enable = true;
@@ -14,15 +13,28 @@
  };
  services.pipewire.extraConfig.pipewire."92-low-latency" = {
-     "context.properties" = {
+    "context.properties" = {
-       "default.clock.rate" = 48000;
+      "default.clock.rate" = 48000;
-       "default.clock.quantum" = 256;
+      "default.clock.quantum" = 1024;
-       "default.clock.min-quantum" = 256;
+      "default.clock.min-quantum" = 512;
-       "default.clock.max-quantum" = 1024;
+      "default.clock.max-quantum" = 2048;
-     };
+    };
-   };
+  };
  services.pipewire.wireplumber.extraConfig = {
    "monitor.alsa.rules" = [
      {
        matches = [ { "node.name" = "~alsa_output.*"; } ];
        actions = {
          update-props = {
            "session.suspend-timeout-seconds" = 0;
            "dither.method" = "rectangular";
          };
        };
      }
    ];
  };
  # DeepFilterNet noise reduction filter chain
  services.pipewire.extraConfig.pipewire."99-deepfilter-source" = {
    "context.modules" = [
      {
@@ -37,9 +49,7 @@
                name = "deepfilter";
                plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so";
                label = "deep_filter_mono";
-                control = {
+                control = { "Attenuation Limit (dB)" = 100; };
                  "Attenuation Limit (dB)" = 100;
                };
              }
            ];
          };
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -1,11 +1,17 @@
 { config, pkgs, ... }:
 {
-  services.desktopManager.plasma6.enable = true;
+  services.xserver.enable = true;
-  services.displayManager.sddm.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
-  services.displayManager.sddm.wayland.enable = true;
+  environment.gnome.excludePackages = (with pkgs; [
    gnome-photos
    gnome-tour
  ]);
  services.udev.packages = with pkgs; [ gnome-settings-daemon ];
  services.printing.enable = true;
 }
--- a/modules/locale.nix
+++ b/modules/locale.nix
@@ -1,12 +1,7 @@
 { config, pkgs, ... }:
 let
  settings = import ../settings.nix;
 in
 {
-  # Time zone
+  time.timeZone = "America/Edmonton";
  time.timeZone = settings.timezone;
-  # Internationalization properties
+  i18n.defaultLocale = "en_CA.UTF-8";
  i18n.defaultLocale = settings.locale;
 }
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,10 +1,7 @@
 { config, pkgs, ... }:
 let
  settings = import ../settings.nix;
 in
 {
-  networking.hostName = settings.hostname;
+  networking.hostName = "lavitz";
  networking.networkmanager = {
    enable = true;
@@ -14,17 +11,12 @@ in
  networking.firewall = {
    enable = true;
    # Allowed ports
    allowedTCPPorts = [
      # Sunshine
      47984 47989 48010
      # SyncThing
      8384 22000
    ];
    allowedUDPPorts = [
      # Sunshine
      47998 47999 48000 48010
      # SyncThing
      22000 21027
    ];
  };
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -1,23 +1,17 @@
 { config, pkgs, ... }:
 let
  settings = import ../settings.nix;
 in
 {
  # Enable unfree globally
  nixpkgs.config.allowUnfree = true;
  environment.variables.BROWSER = "librewolf";
-  environment.variables.SSH_AUTH_SOCK = "/home/${settings.username}/.bitwarden-ssh-agent.sock";
+  environment.variables.SSH_AUTH_SOCK = "/home/atridad/.bitwarden-ssh-agent.sock";
  environment.systemPackages =
    with pkgs; [
      # Browsers and comms
      discord
      signal-desktop
      librewolf
      # Development tools
      gnumake
      openssh
      nodePackages."pnpm"
@@ -37,7 +31,6 @@ in
      wget
      unzip
      # Desktop applications
      bitwarden-desktop
      vlc
      streamrip
@@ -50,7 +43,6 @@ in
      onlyoffice-desktopeditors
      protege
      # KDE
      kdePackages.kcalc
      kdePackages.kcolorchooser
      kdePackages.ksystemlog
@@ -63,7 +55,6 @@ in
      wl-clipboard
    ];
  # Programs with extra configuration
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
@@ -75,17 +66,4 @@ in
  programs.steam.extraPackages = [ pkgs.jdk ];
  programs.obs-studio.enable = true;
  programs.git = {
    enable = true;
    config = {
      user = {
        name = "${settings.gitName}";
        email = "${settings.gitEmail}";
        signingkey = "${settings.gitKey}";
      };
      gpg.format = "ssh";
      commit.gpgsign = true;
    };
  };
 }
--- a/modules/services.nix
+++ b/modules/services.nix
@@ -1,27 +1,20 @@
 { config, pkgs, ... }:
 let
  settings = import ../settings.nix;
 in
 {
  # Hardened OpenSSH
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      # Authentication
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitEmptyPasswords = false;
      # Security hardening
      X11Forwarding = false;
      AllowTcpForwarding = false;
      AllowAgentForwarding = false;
      AllowStreamLocalForwarding = false;
      # Session settings
      ClientAliveInterval = 300;
      ClientAliveCountMax = 2;
      MaxAuthTries = 3;
@@ -30,13 +23,10 @@ in
    };
  };
  # Tailscale
  services.tailscale.enable = true;
  # Fwupd
  services.fwupd.enable = true;
  # Sunshine
  services.sunshine = {
      enable = true;
      autoStart = true;
@@ -60,9 +50,9 @@ in
      syncthing = {
          enable = true;
          group = "wheel";
-          user = "${settings.username}";
+          user = "atridad";
-          dataDir = "/home/${settings.username}/syncthing/data";
+          dataDir = "/home/atridad/syncthing/data";
-          configDir = "/home/${settings.username}/syncthing/conf";
+          configDir = "/home/atridad/syncthing/conf";
      };
  };
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,18 +1,15 @@
 { config, pkgs, ... }:
 let
  settings = import ../settings.nix;
 in
 {
  users.groups.plugdev.gid = 69420;
-  users.users.${settings.username} = {
+  users.users.atridad = {
    isNormalUser = true;
-    description = settings.userDescription;
+    description = "Atridad Lahiji";
-    extraGroups = settings.userGroups;
+    extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" "input" "video" ];
    shell = pkgs.bash;
  };
  # Security
  security.sudo.execWheelOnly = true;
  security.audit.enable = true;
  security.auditd.enable = true;
--- a/settings.example.nix
+++ b/settings.example.nix
@@ -1,11 +0,0 @@
 {
  hostname = "nixos";
  username = "user";
  userDescription = "User";
  timezone = "America/Edmonton";
  locale = "en_CA.UTF-8";
  userGroups = [ "networkmanager" "wheel" "docker" "plugdev" ];
  gitName = "User Name";
  gitEmail = "user@email.com";
  gitKey = "ssh-ed25519 ...";
 }