diff options
| author | Preston Pan <ret2pop@gmail.com> | 2024-12-24 23:02:49 -0800 |
|---|---|---|
| committer | Preston Pan <ret2pop@gmail.com> | 2024-12-24 23:02:49 -0800 |
| commit | 3310c90259c488c01551c7cb439bf1d61fc75585 (patch) | |
| tree | fa1e3242db9a16b39bf6ca579f9d434d06bfb450 | |
| parent | 92851fff0176c15624f51acb61449635b22ef27b (diff) | |
first diverging branch
| -rw-r--r-- | README.org | 4 | ||||
| -rw-r--r-- | configuration.nix | 396 | ||||
| -rw-r--r-- | flake.lock | 307 | ||||
| -rw-r--r-- | flake.nix | 21 | ||||
| -rw-r--r-- | home.nix | 107 |
5 files changed, 542 insertions, 293 deletions
@@ -1,5 +1,5 @@ -* Introduction -HyprNixMacs is a configuration that centers around the usage of NixOS and Emacs. +* Introduction (Forked from HyprNixMacs) +ToughNix is a configuration that centers around the usage of NixOS and Emacs. Note that at the time of writing, I use hyprland as my window manager, but that might change, and therefore hyprnixmacs may not be as accurate of a name. This entire configuration uses the [[https://github.com/catppuccin/catppuccin][catppuccin theme]]. diff --git a/configuration.nix b/configuration.nix index 9c84dc1..303e697 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, inputs, ... }: { imports = @@ -6,33 +6,167 @@ ./hardware-configuration.nix ]; + documentation = { + enable = true; + man.enable = true; + dev.enable = true; + }; + + environment = { + etc = { + securetty.text = '' + # /etc/securetty: list of terminals on which root is allowed to login. + # See securetty(5) and login(1). + ''; + }; + }; + # environment = { + # memoryAllocator.provider = "scudo"; + # variables.SCUDO_OPTIONS = "ZeroContents=1"; + # }; + + # environment = { + # memoryAllocator.provider = "graphene-hardened-light"; + # }; + + systemd = { + coredump.enable = false; + network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; + tmpfiles.settings = { + "restricthome"."/home/*".Z.mode = "~0700"; + + "restrictetcnixos"."/etc/nixos/*".Z = { + mode = "0000"; + user = "root"; + group = "root"; + }; + }; + }; boot = { + initrd.luks.devices."luks-30d6b69f-1ec0-4111-b5d3-c0138d485a49".device = "/dev/disk/by-uuid/30d6b69f-1ec0-4111-b5d3-c0138d485a49"; + + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + loader = { - systemd-boot.enable = true; + systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true; }; + kernelModules = [ "snd-seq" "snd-rawmidi" "xhci_hcd" ]; + kernelParams = [ - "usbcore.autosuspend=-1" - "usbcore.quirks=0763:0015:i" + "debugfs=off" + "page_alloc.shuffle=1" + "slab_nomerge" + "page_poison=1" + + # madaidan + "pti=on" + "randomize_kstack_offset=on" + "vsyscall=none" + "module.sig_enforce=1" + "lockdown=confidentiality" + + # cpu + "spectre_v2=on" + "spec_store_bypass_disable=on" + "tsx=off" + "tsx_async_abort=full,nosmt" + "mds=full,nosmt" + "l1tf=full,force" + "nosmt=force" + "kvm.nx_huge_pages=force" + + # hardened + "extra_latent_entropy" + + # mineral + "init_on_alloc=1" + "random.trust_cpu=off" + "random.trust_bootloader=off" + "intel_iommu=on" + "amd_iommu=force_isolation" + "iommu=force" + "iommu.strict=1" + "init_on_free=1" + "quiet" + "loglevel=0" + ]; + + blacklistedKernelModules = [ + "netrom" + "rose" + + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" ]; - # kernelPackages = pkgs.linuxKernel.packages.linux_6_1; + + kernel.sysctl = { + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; + + # madaidan + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; + + # net + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + + "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.secure_redirects" = false; + "net.ipv4.conf.default.accept_redirects" = false; + "net.ipv4.conf.default.secure_redirects" = false; + "net.ipv6.conf.all.accept_redirects" = false; + "net.ipv6.conf.default.accept_redirects" = false; + }; }; networking = { - hostName = "continuity"; - networkmanager.enable = true; + hostName = "continuity-dell"; + networkmanager = { + enable = true; + # wifi.macAddress = ""; + }; firewall = { - allowedTCPPorts = [ 22 80 443 6600 8000 8080 18080 37889 11434 7777 ]; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; }; }; hardware = { + cpu.intel.updateMicrocode = true; bluetooth = { enable = true; powerOnBoot = true; @@ -40,32 +174,43 @@ opengl = { enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - nvidia-vaapi-driver - ]; - }; - - nvidia = { - modesetting.enable = true; - powerManagement = { - enable = true; - finegrained = false; - }; - nvidiaSettings = true; - open = false; - package = config.boot.kernelPackages.nvidiaPackages.stable; }; pulseaudio.enable = false; }; services = { + chrony = { + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + }; + + jitterentropy-rngd.enable = true; + resolved.dnssec = true; + usbguard.enable = true; dbus = { apparmor = "enabled"; }; + tor = { + enable = true; + openFirewall = true; + client = { + enable = true; + socksListenAddress = { + IsolateDestAddr = true; + addr = "127.0.0.1"; + port = 9050; + }; + dns.enable = true; + }; + torsocks = { + enable = true; + server = "127.0.0.1:9050"; + }; + }; + xserver = { displayManager = { startx.enable = true; @@ -88,7 +233,7 @@ options = "caps:escape"; }; - videoDrivers = [ "nvidia" ]; + videoDrivers = []; enable = true; }; @@ -126,70 +271,6 @@ enable = true; }; - # External - calibre-web = { - enable = true; - user = "preston"; - openFirewall = true; - - listen = { - port = 9999; - ip = "0.0.0.0"; - }; - - options = { - enableBookUploading = true; - enableKepubify = true; - enableBookConversion = true; - calibreLibrary = "/home/preston/books/physics/"; - }; - }; - - monero = { - enable = true; - }; - - tor = { - enable = true; - openFirewall = true; - }; - - i2pd = { - enable = true; - address = "0.0.0.0"; - inTunnels = { - }; - outTunnels = { - }; - }; - - ollama = { - enable = true; - acceleration = "cuda"; - # host = "0.0.0.0"; - }; - - # Email Service - dovecot2 = { - enable = true; - enableImap = true; - enablePop3 = true; - }; - - postfix = { - enable = true; - config = { - }; - }; - - # Git server - gitDaemon = { - enable = true; - exportAll = true; - listenAddress = "0.0.0.0"; - basePath = "/srv/git"; - }; - openssh = { enable = true; settings = { @@ -200,70 +281,6 @@ }; }; - nginx = { - enable = true; - - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - appendHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # This might create errors - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - - virtualHosts = { - "ret2pop.net" = { - # addSSL = true; - # enableACME = true; - root = "/home/preston/ret2pop-website/"; - }; - }; - }; - - # xmrig = { - # enable = true; - # package = pkgs.xmrig-mo; - # settings = { - # autosave = true; - # cpu = true; - # opencl = false; - # cuda = false; - # pools = [ - # { - # url = "pool.supportxmr.com:443"; - # user = "49Yyj1PBXSefihA88bm8RzaKiaBizrDoWTnQy4kKVRWU5vnnqx7CfWbEe9ioKTozYWBMa9Am81q9uMgBdhj8iAriF47TQnM"; - # keepalive = true; - # tls = true; - # } - # ]; - # }; - # }; - # Misc. udev.packages = with pkgs; [ platformio-core @@ -273,20 +290,10 @@ printing.enable = true; udisks2.enable = true; - blueman.enable = true; }; programs = { - # nix-autobahn.enable = true; nix-ld.enable = true; - - nix-ld.libraries = with pkgs; [ - - # Add any missing dynamic libraries for unpackaged programs - - # here, NOT in environment.systemPackages - - ]; zsh.enable = true; light.enable = true; ssh.enableAskPassword = false; @@ -294,17 +301,14 @@ nixpkgs.config = { allowUnfree = true; - cudaSupport = true; - permittedInsecurePackages = [ - "nix-2.15.3" - ]; + cudaSupport = false; }; security = { - # acme = { - # acceptTerms = true; - # defaults.email = "ret2pop@gmail.com"; - # }; + apparmor = { + enable = true; + killUnconfinedConfinables = true; + }; pam.loginLimits = [ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } @@ -314,6 +318,27 @@ lockKernelModules = true; protectKernelImage = true; + allowSimultaneousMultithreading = false; + forcePageTableIsolation = true; + + tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + + auditd.enable = true; + audit.enable = true; + chromiumSuidSandbox.enable = true; + sudo.enable = false; + doas = { + enable = true; + extraRules = [{ + users = [ "preston" ]; + keepEnv = true; + persist = true; + }]; + }; }; xdg.portal = { @@ -324,15 +349,13 @@ }; environment.systemPackages = with pkgs; [ - curl - git - groff - nixd - cudatoolkit + cryptsetup restic - cudaPackages.cudnn - cudaPackages.libcublas - linuxPackages.nvidia_x11 + sbctl + linux-manual + man-pages + man-pages-posix + tree ]; users = { @@ -341,19 +364,10 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" ]; - git = { - isSystemUser = true; - home = "/srv/git"; - shell = "${pkgs.git}/bin/git-shell"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" - ]; - }; - preston = { isNormalUser = true; description = "Preston Pan"; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" ]; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" ]; shell = pkgs.zsh; packages = [ ]; @@ -363,12 +377,10 @@ nix.settings.experimental-features = "nix-command flakes"; - virtualisation.docker.enable = true; - time.timeZone = "America/Vancouver"; i18n.defaultLocale = "en_CA.UTF-8"; system = { - stateVersion = "23.11"; + stateVersion = "24.11"; nixos = { tags = [ "fixing-hammer88" ]; }; @@ -1,5 +1,26 @@ { "nodes": { + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -7,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717032306, - "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -20,6 +41,104 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -27,59 +146,102 @@ ] }, "locked": { - "lastModified": 1716729592, - "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1716769173, - "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=", + "lastModified": 1734529975, + "narHash": "sha256-ze3IJksru9dN0keqUxY0WNf8xrwfs8Ty/z9v/keyBbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632", + "rev": "72d11d40b9878a67c38f003c240c2d2e1811e72a", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1716655032, - "narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=", + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1716651315, - "narHash": "sha256-iMgzIeedMqf30TXZ439zW3Yvng1Xm9QTGO+ZwG1IWSw=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1731763621, + "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5187508b11177ef4278edf19616f44f21cc8c69", + "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", "type": "github" }, "original": { @@ -90,12 +252,17 @@ } }, "nur": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_2", + "treefmt-nix": "treefmt-nix" + }, "locked": { - "lastModified": 1717033543, - "narHash": "sha256-NPi7ALqH4zqQhO3SGfch6n4BgnA+uom/RhWjKvpqt50=", + "lastModified": 1734702355, + "narHash": "sha256-MakJkKkxwbtPdekqi3GgS5apYvgzXtRFD9UkANwYEM8=", "owner": "nix-community", "repo": "NUR", - "rev": "c02be2dfaed084a9a0d1cae4d313e681f003971f", + "rev": "a34b164e68571dc686f256ef32cc4c3755749fb0", "type": "github" }, "original": { @@ -104,10 +271,38 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", "home-manager": "home-manager", + "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", "nur": "nur", "scripts": "scripts", @@ -115,6 +310,31 @@ "wallpapers": "wallpapers" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "scripts": { "locked": { "lastModified": 1709958643, @@ -132,15 +352,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1716692524, - "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "962797a8d7f15ed7033031731d0bb77244839960", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { @@ -149,6 +368,42 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "wallpapers": { "locked": { "lastModified": 1710138216, @@ -15,13 +15,17 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nur.url = "github:nix-community/NUR"; sops-nix.url = "github:Mic92/sops-nix"; scripts.url = "github:ret2pop/scripts"; wallpapers.url = "github:ret2pop/wallpapers"; }; - outputs = { nixpkgs, home-manager, nur, disko, ... }@attrs: { + outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, ... }@attrs: { nixosConfigurations = { live = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -35,9 +39,9 @@ nurpkgs = import nixpkgs { system = "x86_64-linux"; }; }; in - { - imports = [ ]; - }) + { + imports = [ ]; + }) (nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") ./configuration.nix disko.nixosModules.disko @@ -53,7 +57,7 @@ ]; }; - continuity = nixpkgs.lib.nixosSystem { + continuity-dell = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; modules = [ @@ -65,9 +69,10 @@ nurpkgs = import nixpkgs { system = "x86_64-linux"; }; }; in - { - imports = [ ]; - }) + { + imports = [ ]; + }) + lanzaboote.nixosModules.lanzaboote ./configuration.nix disko.nixosModules.disko home-manager.nixosModules.home-manager @@ -7,28 +7,20 @@ stateVersion = "23.11"; packages = with pkgs; [ + acpilight alsa-utils - alsa-scarlett-gui - ardour - audacity autobuild - bisq-desktop + bitcoin bear - blender bun cargo clang clang-tools - cmatrix - cowsay - croc curl - cryptsetup - dmenu electrum ffmpeg fira-code - fluidsynth + font-awesome_6 fswebcam ghostscript git @@ -39,10 +31,8 @@ helvum imagemagick inkscape - kdenlive kicad krita - light libnotify miniserve monero-gui @@ -50,11 +40,11 @@ mpc-cli mu nixd + nil nixfmt-rfc-style noto-fonts noto-fonts-cjk - obs-cli - obs-studio + noto-fonts-emoji octaveFull openscad openscad-lsp @@ -62,38 +52,33 @@ pavucontrol pfetch pinentry - pipes - podman-desktop poetry python3 python312Packages.jedi - qjackctl - qsynth - qpwgraph rsync rust-analyzer rustfmt - slack - simplex-chat-desktop sox swww - telegram-desktop texliveFull - timeshift - # typescript-language-server typescript tor-browser + torsocks vesktop vim vscode-langservers-extracted - wget x11_ssh_askpass xdg-utils - signal-desktop (aspellWithDicts (dicts: with dicts; [ en en-computers en-science ])) (nerdfonts.override { fonts = [ "Iosevka" ]; }) - (pass.withExtensions (ext: with ext; [ pass-otp pass-import pass-genphrase pass-update pass-tomb])) + (pass.withExtensions (ext: with ext; [ + pass-otp + pass-import + pass-genphrase + pass-update + pass-tomb + ])) ]; }; @@ -107,7 +92,7 @@ font = "Fira Code 10"; defaultTimeout = 3000; extraConfig = '' -on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config +on-notify=exec mpv /home/preston/sounds/notification.wav --no-config --no-video ''; }; @@ -216,8 +201,8 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config r = "gammastep -O 3000"; ns = "nix-shell"; n = "nix"; - nfu = "cd /etc/nixos/ && sudo nix flake update"; - rb = "sudo nixos-rebuild switch"; + nfu = "cd /etc/nixos/ && doas nix flake update"; + rb = "doas nixos-rebuild switch"; }; }; @@ -745,8 +730,7 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config * { border: none; border-radius: 0px; - /*font-family: Fira Code, Iosevka Nerd Font, Noto Sans CJK;*/ - font-family: Iosevka, FontAwesome, Noto Sans CJK; + font-family: Iosevka Nerd Font, FontAwesome, Noto Sans CJK; font-size: 14px; font-style: normal; min-height: 0; @@ -996,6 +980,7 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config output = [ "HDMI-A-1" + "eDP-1" "DP-2" "DP-3" ]; @@ -1004,8 +989,13 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config modules-center = [ "hyprland/window" ]; modules-right = [ "battery" "clock" ]; + battery = { + format = "{icon} {capacity}%"; + format-icons = ["" "" "" "" "" ]; + }; + clock = { - format = "{:%a %d, %b %H:%M}"; + format = "⏰ {:%a %d, %b %H:%M}"; }; }; }; @@ -1014,9 +1004,7 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config zsh = { enable = true; initExtra = '' - export CUDA_PATH=${pkgs.cudatoolkit} - # export LD_LIBRARY_PATH=${pkgs.linuxPackages.nvidia_x11}/lib - export EXTRA_LDFLAGS="-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib" + umask 0077 export EXTRA_CCFLAGS="-I/usr/include" source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh export QT_QPA_PLATFORM="wayland" @@ -1037,8 +1025,8 @@ on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config g = "git"; v = "vim"; py = "python3"; - rb = "sudo nixos-rebuild switch"; - nfu = "cd /etc/nixos/ && sudo nix flake update"; + rb = "doas nixos-rebuild switch"; + nfu = "cd /etc/nixos/ && doas nix flake update"; i3 = "exec ${pkgs.i3-gaps}/bin/i3"; }; loginExtra = '' @@ -1072,6 +1060,7 @@ on-notif |