diff --git a/.gitignore b/.gitignore index 47771e6..b2be92b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ -*.qcow2 result -*-template diff --git a/Justfile b/Justfile new file mode 100644 index 0000000..3b50b49 --- /dev/null +++ b/Justfile @@ -0,0 +1,32 @@ +up: + nix flake update + +boot: + nixos-rebuild boot --flake . --use-remote-sudo + +switch: + git add . + git commit -a -m "update" + nixos-rebuild switch --flake . --use-remote-sudo + +debug: + nixos-rebuild switch --flake . --use-remote-sudo --show-trace --verbose + +# Update specific input +# usage: make upp i=home-manager +upp: + nix flake update $(i) + +history: + nix profile history --profile /nix/var/nix/profiles/system + +repl: + nix repl -f flake:nixpkgs + +clean: + # remove all generations older than 7 days + sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d + +gc: + # garbage collect all unused nix store entries + sudo nix-collect-garbage --delete-old diff --git a/data/authorized_keys.nix b/data/authorized_keys.nix new file mode 100644 index 0000000..e661a7e --- /dev/null +++ b/data/authorized_keys.nix @@ -0,0 +1,7 @@ +[ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJTqgIA+klcgOz+LSxwj6ZPP+pFrviu171Dgif0oIVlIxA8PGupKataDLrAAKOunpGgMTLGnEDLfWAsC1BxdG9qxdUphDuoXlY4hXWypsm01bEMbEPyomHrDS9SABbAl15/cGdEricBCBqUa6j+rs7nZcKLDSr4jkNDKxEGmJCVodquM8F+u4DN0MYgN+yoKTIijMVPK7uzFB3X1OdLQB770R/nGRd3p180Ixs8BKmbp2Mc5rrSQ+bFOQQbM8E7jDv3SCRzbKBr7I6VvASi62bpXaAlXbcRcXciyaPLdWAcwqDNIkMrlTVeF947d9enDin0PX+wQAlgm3kWgJpuHSK1eScZd+NLuD6IXTQyse5cMoEtqUGcp4SXN6hqc1EthQ4wWAmCQPw5SUCd53I0fSwRA9Ik3mCX6UlLw2M41Q+zd3axXeNDG1gtDyWoafHKM38JZrCk+d56xOH9J43esDgH7gZtno+Nspt/YkgHCbV6BB0mxjkgSGj/EhgQUjrWpU= aly@DESKTOP-QJO3LML" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIteUtsZCWRz7CdEZwatVoJZOHyhoDxoECidQjUSrU+ u0_a315@localhost" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" +] diff --git a/flake.lock b/flake.lock index 00e85bd..ce4a9c4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1755928099, - "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "4a44fb9f7555da362af9d499817084f4288a957f", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755922037, - "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=", + "lastModified": 1758346548, + "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c", + "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c3a241c..4565376 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,4 @@ { - description = "NixOS configuration"; - inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; home-manager = { @@ -11,76 +9,18 @@ outputs = inputs@{ nixpkgs, home-manager, ... }: { nixosConfigurations = { - aly-desktop = nixpkgs.lib.nixosSystem { + "aly-laptop" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ({ config, pkgs, ... }: { - system.stateVersion = "25.05"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - environment.systemPackages = with pkgs; [ - git - vim - wget - ]; - environment.variables.EDITOR = "vim"; - security.sudo.wheelNeedsPassword = false; - - networking.hostName = "aly-desktop"; - networking.networkmanager.enable = true; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - pulse.enable = true; - }; - time.timeZone = "Australia/Brisbane"; - users.users.aly = { - isNormalUser = true; - description = "aly"; - initialPassword = "test"; - extraGroups = [ "networkmanager" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa9sXpYiDXy6L9dQHcKkK45PBgZHo0PCz/ejmvhDW6Z aly@aurora" - ]; - packages = with pkgs; [ - # firefox - # thunderbird - ]; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - PermitRootLogin = "no"; # disable root login - PasswordAuthentication = false; # disable password login - }; - openFirewall = true; - }; - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.displayManager.autoLogin.user = "aly"; - services.xserver.desktopManager.gnome.enable = true; - }) - + ./hw/aly-laptop.nix + ./system/aly-laptop.nix + ./system/global.nix home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - - home-manager.users.aly = import ./home.nix; - - # Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix + home-manager.users.aly = import ./home/aly.nix; } - - ({ pkgs, ... }: { - environment.etc."nixos".source = ./.; - }) ]; }; }; diff --git a/home.nix b/home.nix deleted file mode 100644 index 3ef77c0..0000000 --- a/home.nix +++ /dev/null @@ -1,156 +0,0 @@ -{ config, pkgs, ... }: - -{ - home.username = "aly"; - home.homeDirectory = "/home/aly"; - - # link the configuration file in current directory to the specified location in home directory - # home.file.".config/i3/wallpaper.jpg".source = ./wallpaper.jpg; - - # link all files in `./scripts` to `~/.config/i3/scripts` - # home.file.".config/i3/scripts" = { - # source = ./scripts; - # recursive = true; # link recursively - # executable = true; # make all files executable - # }; - - # encode the file content in nix configuration file directly - # home.file.".xxx".text = '' - # xxx - # ''; - - # set cursor size and dpi for 4k monitor - xresources.properties = { - "Xcursor.size" = 16; - "Xft.dpi" = 172; - }; - - # Packages that should be installed to the user profile. - home.packages = with pkgs; [ - # here is some command line tools I use frequently - # feel free to add your own or remove some of them - - neofetch - nnn # terminal file manager - - # archives - zip - xz - unzip - p7zip - - # utils - ripgrep # recursively searches directories for a regex pattern - jq # A lightweight and flexible command-line JSON processor - yq-go # yaml processor https://github.com/mikefarah/yq - eza # A modern replacement for ‘ls’ - fzf # A command-line fuzzy finder - - # networking tools - mtr # A network diagnostic tool - iperf3 - dnsutils # `dig` + `nslookup` - ldns # replacement of `dig`, it provide the command `drill` - aria2 # A lightweight multi-protocol & multi-source command-line download utility - socat # replacement of openbsd-netcat - nmap # A utility for network discovery and security auditing - ipcalc # it is a calculator for the IPv4/v6 addresses - - # misc - cowsay - file - which - tree - gnused - gnutar - gawk - zstd - gnupg - - # nix related - # - # it provides the command `nom` works just like `nix` - # with more details log output - nix-output-monitor - - # productivity - hugo # static site generator - glow # markdown previewer in terminal - - btop # replacement of htop/nmon - iotop # io monitoring - iftop # network monitoring - - # system call monitoring - strace # system call monitoring - ltrace # library call monitoring - lsof # list open files - - # system tools - sysstat - lm_sensors # for `sensors` command - ethtool - pciutils # lspci - usbutils # lsusb - ]; - - # basic configuration of git, please change to your own - programs.git = { - enable = true; - userName = "alyssadev"; - userEmail = "alyssa.dev.smith@gmail.com"; - }; - - # starship - an customizable prompt for any shell - programs.starship = { - enable = true; - # custom settings - settings = { - add_newline = false; - aws.disabled = true; - gcloud.disabled = true; - line_break.disabled = true; - }; - }; - - # alacritty - a cross-platform, GPU-accelerated terminal emulator - programs.alacritty = { - enable = true; - # custom settings - settings = { - env.TERM = "xterm-256color"; - font = { - size = 12; - draw_bold_text_with_bright_colors = true; - }; - scrolling.multiplier = 5; - selection.save_to_clipboard = true; - }; - }; - - programs.bash = { - enable = true; - enableCompletion = true; - # TODO add your custom bashrc here - bashrcExtra = '' - export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" - ''; - - # set some aliases, feel free to add more or remove some - shellAliases = { - k = "kubectl"; - urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'"; - urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'"; - }; - }; - - # This value determines the home Manager release that your - # configuration is compatible with. This helps avoid breakage - # when a new home Manager release introduces backwards - # incompatible changes. - # - # You can update home Manager without changing this value. See - # the home Manager release notes for a list of state version - # changes in each release. - home.stateVersion = "25.05"; -} diff --git a/home/aly.nix b/home/aly.nix new file mode 100644 index 0000000..7e5d313 --- /dev/null +++ b/home/aly.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: + +{ + home.username = "aly"; + home.homeDirectory = "/home/aly"; + xresources.properties = { + "Xcursor.size" = 16; + "Xft.dpi" = 172; + }; + home.packages = with pkgs; [ + gnome-tweaks firefox obs-studio rpi-imager + neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils + ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd + gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool + pciutils usbutils nix-output-monitor + ]; + programs.git = { + enable = true; + userName = "alydev"; + userEmail = "alyssa.dev.smith@gmail.com"; + }; + + programs.bash = { + enable = true; + enableCompletion = true; + bashrcExtra = '' + export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" + ''; + }; + home.stateVersion = "25.05"; +} diff --git a/hw/aly-laptop.nix b/hw/aly-laptop.nix new file mode 100644 index 0000000..8401719 --- /dev/null +++ b/hw/aly-laptop.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "uas" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ef82934f-dab4-42bb-9b9a-2b8d74c4e4e4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/35CB-B28A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9a5ddb1d-cc66-4861-ba04-f4a3e4363500"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/system/aly-laptop.nix b/system/aly-laptop.nix new file mode 100644 index 0000000..6784bbd --- /dev/null +++ b/system/aly-laptop.nix @@ -0,0 +1,8 @@ +({ config, pkgs, ... }: { + networking.hostName = "aly-laptop"; + services.logind = { + lidSwitch = "suspend"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "ignore"; + }; +}) diff --git a/system/global.nix b/system/global.nix new file mode 100644 index 0000000..8ffbaae --- /dev/null +++ b/system/global.nix @@ -0,0 +1,45 @@ +({ config, pkgs, ... }: { + system.stateVersion = "25.05"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + cargo rustc just git vim wget gcc gnumake autoconf automake pkg-config + ]; + environment.variables.EDITOR = "vim"; + security.sudo.wheelNeedsPassword = false; + + networking.networkmanager.enable = true; + + services.flatpak.enable = true; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; +})