atridad/lavitz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Home manager

Browse Source
This commit is contained in:
Atridad Lahiji
2026-01-22 10:44:27 -07:00
parent da9d7b4bff
commit f918c336fe
11 changed files with 184 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
flake.nix Normal file
View File

@@ -0,0 +1,27 @@
{
description = "Lavitz System Config";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
nixosConfigurations = {
lavitz = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.atridad = import ./home.nix;
}
];
};
};
};
}

113
home.nix Normal file
View File

@@ -0,0 +1,113 @@
{ config, pkgs, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in
{
home.username = "atridad";
home.homeDirectory = "/home/atridad";
home.stateVersion = "25.11";
home.file."Assets".source = ./assets;
programs.git = {
enable = true;
userName = "Atridad Lahiji";
userEmail = "me@atri.dad";
extraConfig = {
init.defaultBranch = "main";
gpg.format = "ssh";
};
};
programs.librewolf = {
enable = true;
package = pkgs.librewolf.override {
extraPolicies = {
ExtensionSettings = {
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
installation_mode = "force_installed";
};
"floccus@handmadeideas.org" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
installation_mode = "force_installed";
};
};
Preferences = {
"browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
"extensions.pocket.enabled" = lock-false;
};
};
};
settings = {
"browser.topsites.contile.enabled" = false;
"browser.formfill.enable" = false;
"browser.search.suggest.enabled" = false;
"browser.search.suggest.enabled.private" = false;
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.system.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
};
dconf.settings = {
"org/gnome/shell" = {
disable-user-extensions = false;
favorite-apps = [
"librewolf.desktop"
"org.gnome.Console.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
};
"org/gnome/desktop/applications/browser" = {
exec = "librewolf";
};
"org/gnome/desktop/background" = {
picture-uri = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
picture-uri-dark = "file://${config.home.homeDirectory}/Assets/wallpapers/cali.png";
};
"org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:minimize,maximize,close";
};
};
home.packages = with pkgs; [
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
];
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "librewolf.desktop";
"x-scheme-handler/http" = "librewolf.desktop";
"x-scheme-handler/https" = "librewolf.desktop";
"x-scheme-handler/about" = "librewolf.desktop";
"x-scheme-handler/unknown" = "librewolf.desktop";
};
};
}

9
modules/assets.nix
View File

@@ -1,14 +1,7 @@
{ config, pkgs, lib, ... }:
let
settings = import ../settings.nix;
# The assets folder from the project root
assetsPath = ../assets;
in
{
# Use tmpfiles.rules to create the symlink at boot/activation
# L+ forces the creation of the symlink, removing existing file/dir if necessary
systemd.tmpfiles.rules = [
"L+ /home/${settings.username}/Assets - - - - ${assetsPath}"
"L+ /home/atridad/Assets - - - - ${../assets}"
];
}

34
modules/audio.nix
View File

@@ -3,7 +3,6 @@
{
security.rtkit.enable = true;
# Pipewire
services.pipewire = {
enable = true;
alsa.enable = true;
@@ -14,15 +13,28 @@
};
services.pipewire.extraConfig.pipewire."92-low-latency" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 256;
"default.clock.min-quantum" = 256;
"default.clock.max-quantum" = 1024;
};
};
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 1024;
"default.clock.min-quantum" = 512;
"default.clock.max-quantum" = 2048;
};
};
services.pipewire.wireplumber.extraConfig = {
"monitor.alsa.rules" = [
{
matches = [ { "node.name" = "~alsa_output.*"; } ];
actions = {
update-props = {
"session.suspend-timeout-seconds" = 0;
"dither.method" = "rectangular";
};
};
}
];
};
# DeepFilterNet noise reduction filter chain
services.pipewire.extraConfig.pipewire."99-deepfilter-source" = {
"context.modules" = [
{
@@ -37,9 +49,7 @@
name = "deepfilter";
plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so";
label = "deep_filter_mono";
control = {
"Attenuation Limit (dB)" = 100;
};
control = { "Attenuation Limit (dB)" = 100; };
}
];
};

12
modules/desktop.nix
View File

@@ -1,11 +1,17 @@
{ config, pkgs, ... }:
{
services.desktopManager.plasma6.enable = true;
services.xserver.enable = true;
services.displayManager.sddm.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.displayManager.sddm.wayland.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]);
services.udev.packages = with pkgs; [ gnome-settings-daemon ];
services.printing.enable = true;
}

9
modules/locale.nix
View File

@@ -1,12 +1,7 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{
# Time zone
time.timeZone = settings.timezone;
time.timeZone = "America/Edmonton";
# Internationalization properties
i18n.defaultLocale = settings.locale;
i18n.defaultLocale = "en_CA.UTF-8";
}

10
modules/networking.nix
View File

@@ -1,10 +1,7 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{
networking.hostName = settings.hostname;
networking.hostName = "lavitz";
networking.networkmanager = {
enable = true;
@@ -14,17 +11,12 @@ in
networking.firewall = {
enable = true;
# Allowed ports
allowedTCPPorts = [
# Sunshine
47984 47989 48010
# SyncThing
8384 22000
];
allowedUDPPorts = [
# Sunshine
47998 47999 48000 48010
# SyncThing
22000 21027
];
};

24
modules/packages.nix
View File

@@ -1,23 +1,17 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{
# Enable unfree globally
nixpkgs.config.allowUnfree = true;
environment.variables.BROWSER = "librewolf";
environment.variables.SSH_AUTH_SOCK = "/home/${settings.username}/.bitwarden-ssh-agent.sock";
environment.variables.SSH_AUTH_SOCK = "/home/atridad/.bitwarden-ssh-agent.sock";
environment.systemPackages =
with pkgs; [
# Browsers and comms
discord
signal-desktop
librewolf
# Development tools
gnumake
openssh
nodePackages."pnpm"
@@ -37,7 +31,6 @@ in
wget
unzip
# Desktop applications
bitwarden-desktop
vlc
streamrip
@@ -50,7 +43,6 @@ in
onlyoffice-desktopeditors
protege
# KDE
kdePackages.kcalc
kdePackages.kcolorchooser
kdePackages.ksystemlog
@@ -63,7 +55,6 @@ in
wl-clipboard
];
# Programs with extra configuration
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
@@ -75,17 +66,4 @@ in
programs.steam.extraPackages = [ pkgs.jdk ];
programs.obs-studio.enable = true;
programs.git = {
enable = true;
config = {
user = {
name = "${settings.gitName}";
email = "${settings.gitEmail}";
signingkey = "${settings.gitKey}";
};
gpg.format = "ssh";
commit.gpgsign = true;
};
};
}

16
modules/services.nix
View File

@@ -1,27 +1,20 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{
# Hardened OpenSSH
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
# Authentication
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitEmptyPasswords = false;
# Security hardening
X11Forwarding = false;
AllowTcpForwarding = false;
AllowAgentForwarding = false;
AllowStreamLocalForwarding = false;
# Session settings
ClientAliveInterval = 300;
ClientAliveCountMax = 2;
MaxAuthTries = 3;
@@ -30,13 +23,10 @@ in
};
};
# Tailscale
services.tailscale.enable = true;
# Fwupd
services.fwupd.enable = true;
# Sunshine
services.sunshine = {
enable = true;
autoStart = true;
@@ -60,9 +50,9 @@ in
syncthing = {
enable = true;
group = "wheel";
user = "${settings.username}";
dataDir = "/home/${settings.username}/syncthing/data";
configDir = "/home/${settings.username}/syncthing/conf";
user = "atridad";
dataDir = "/home/atridad/syncthing/data";
configDir = "/home/atridad/syncthing/conf";
};
};

11
modules/users.nix
View File

@@ -1,18 +1,15 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
in
{
users.groups.plugdev.gid = 69420;
users.users.${settings.username} = {
users.users.atridad = {
isNormalUser = true;
description = settings.userDescription;
extraGroups = settings.userGroups;
description = "Atridad Lahiji";
extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" "input" "video" ];
shell = pkgs.bash;
};
# Security
security.sudo.execWheelOnly = true;
security.audit.enable = true;
security.auditd.enable = true;

11
settings.example.nix
View File

@@ -1,11 +0,0 @@
{
hostname = "nixos";
username = "user";
userDescription = "User";
timezone = "America/Edmonton";
locale = "en_CA.UTF-8";
userGroups = [ "networkmanager" "wheel" "docker" "plugdev" ];
gitName = "User Name";
gitEmail = "user@email.com";
gitKey = "ssh-ed25519 ...";
}