From f92edecbcb767295f04cfa620fd601efc079b877 Mon Sep 17 00:00:00 2001 From: alyssadev Date: Sun, 24 Aug 2025 23:09:19 +1000 Subject: [PATCH 01/13] init --- .gitignore | 3 ++ flake.lock | 49 +++++++++++++++++ flake.nix | 88 ++++++++++++++++++++++++++++++ home.nix | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 296 insertions(+) create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..47771e6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.qcow2 +result +*-template diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..00e85bd --- /dev/null +++ b/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755928099, + "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4a44fb9f7555da362af9d499817084f4288a957f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1755922037, + "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c3a241c --- /dev/null +++ b/flake.nix @@ -0,0 +1,88 @@ +{ + description = "NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, home-manager, ... }: { + nixosConfigurations = { + aly-desktop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ config, pkgs, ... }: { + system.stateVersion = "25.05"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + git + vim + wget + ]; + environment.variables.EDITOR = "vim"; + security.sudo.wheelNeedsPassword = false; + + networking.hostName = "aly-desktop"; + networking.networkmanager.enable = true; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + initialPassword = "test"; + extraGroups = [ "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa9sXpYiDXy6L9dQHcKkK45PBgZHo0PCz/ejmvhDW6Z aly@aurora" + ]; + packages = with pkgs; [ + # firefox + # thunderbird + ]; + }; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.displayManager.autoLogin.user = "aly"; + services.xserver.desktopManager.gnome.enable = true; + }) + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.users.aly = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix + } + + ({ pkgs, ... }: { + environment.etc."nixos".source = ./.; + }) + ]; + }; + }; + }; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..3ef77c0 --- /dev/null +++ b/home.nix @@ -0,0 +1,156 @@ +{ config, pkgs, ... }: + +{ + home.username = "aly"; + home.homeDirectory = "/home/aly"; + + # link the configuration file in current directory to the specified location in home directory + # home.file.".config/i3/wallpaper.jpg".source = ./wallpaper.jpg; + + # link all files in `./scripts` to `~/.config/i3/scripts` + # home.file.".config/i3/scripts" = { + # source = ./scripts; + # recursive = true; # link recursively + # executable = true; # make all files executable + # }; + + # encode the file content in nix configuration file directly + # home.file.".xxx".text = '' + # xxx + # ''; + + # set cursor size and dpi for 4k monitor + xresources.properties = { + "Xcursor.size" = 16; + "Xft.dpi" = 172; + }; + + # Packages that should be installed to the user profile. + home.packages = with pkgs; [ + # here is some command line tools I use frequently + # feel free to add your own or remove some of them + + neofetch + nnn # terminal file manager + + # archives + zip + xz + unzip + p7zip + + # utils + ripgrep # recursively searches directories for a regex pattern + jq # A lightweight and flexible command-line JSON processor + yq-go # yaml processor https://github.com/mikefarah/yq + eza # A modern replacement for ‘ls’ + fzf # A command-line fuzzy finder + + # networking tools + mtr # A network diagnostic tool + iperf3 + dnsutils # `dig` + `nslookup` + ldns # replacement of `dig`, it provide the command `drill` + aria2 # A lightweight multi-protocol & multi-source command-line download utility + socat # replacement of openbsd-netcat + nmap # A utility for network discovery and security auditing + ipcalc # it is a calculator for the IPv4/v6 addresses + + # misc + cowsay + file + which + tree + gnused + gnutar + gawk + zstd + gnupg + + # nix related + # + # it provides the command `nom` works just like `nix` + # with more details log output + nix-output-monitor + + # productivity + hugo # static site generator + glow # markdown previewer in terminal + + btop # replacement of htop/nmon + iotop # io monitoring + iftop # network monitoring + + # system call monitoring + strace # system call monitoring + ltrace # library call monitoring + lsof # list open files + + # system tools + sysstat + lm_sensors # for `sensors` command + ethtool + pciutils # lspci + usbutils # lsusb + ]; + + # basic configuration of git, please change to your own + programs.git = { + enable = true; + userName = "alyssadev"; + userEmail = "alyssa.dev.smith@gmail.com"; + }; + + # starship - an customizable prompt for any shell + programs.starship = { + enable = true; + # custom settings + settings = { + add_newline = false; + aws.disabled = true; + gcloud.disabled = true; + line_break.disabled = true; + }; + }; + + # alacritty - a cross-platform, GPU-accelerated terminal emulator + programs.alacritty = { + enable = true; + # custom settings + settings = { + env.TERM = "xterm-256color"; + font = { + size = 12; + draw_bold_text_with_bright_colors = true; + }; + scrolling.multiplier = 5; + selection.save_to_clipboard = true; + }; + }; + + programs.bash = { + enable = true; + enableCompletion = true; + # TODO add your custom bashrc here + bashrcExtra = '' + export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" + ''; + + # set some aliases, feel free to add more or remove some + shellAliases = { + k = "kubectl"; + urldecode = "python3 -c 'import sys, urllib.parse as ul; print(ul.unquote_plus(sys.stdin.read()))'"; + urlencode = "python3 -c 'import sys, urllib.parse as ul; print(ul.quote_plus(sys.stdin.read()))'"; + }; + }; + + # This value determines the home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new home Manager release introduces backwards + # incompatible changes. + # + # You can update home Manager without changing this value. See + # the home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "25.05"; +} From c897f66375d28aca1a13bdb3d278f178443b9581 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 18:28:17 +1000 Subject: [PATCH 02/13] Init --- .gitignore | 1 + Justfile | 27 ++++++++++++++++ flake.lock | 49 +++++++++++++++++++++++++++++ flake.nix | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ home.nix | 81 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 250 insertions(+) create mode 100644 .gitignore create mode 100644 Justfile create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..577b0a0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +hardware-configuration.nix diff --git a/Justfile b/Justfile new file mode 100644 index 0000000..51526ea --- /dev/null +++ b/Justfile @@ -0,0 +1,27 @@ +up: + nix flake update + +deploy: + nixos-rebuild switch --flake . --use-remote-sudo + +debug: + nixos-rebuild switch --flake . --use-remote-sudo --show-trace --verbose + +# Update specific input +# usage: make upp i=home-manager +upp: + nix flake update $(i) + +history: + nix profile history --profile /nix/var/nix/profiles/system + +repl: + nix repl -f flake:nixpkgs + +clean: + # remove all generations older than 7 days + sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d + +gc: + # garbage collect all unused nix store entries + sudo nix-collect-garbage --delete-old diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..ce4a9c4 --- /dev/null +++ b/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1758346548, + "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..721347d --- /dev/null +++ b/flake.nix @@ -0,0 +1,92 @@ +{ + description = "NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, home-manager, ... }: { + nixosConfigurations = { + aly-laptop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hardware-configuration.nix + ({ config, pkgs, ... }: { + networking.hostName = "aly-laptop"; + services.logind = { + lidSwitch = "suspend"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "ignore"; + }; + }) + ({ config, pkgs, ... }: { + system.stateVersion = "25.05"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + just + git + vim + wget + obs-studio + ]; + environment.variables.EDITOR = "vim"; + security.sudo.wheelNeedsPassword = false; + + networking.networkmanager.enable = true; + + services.flatpak.enable = true; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + }) + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.users.aly = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix + } + + ({ pkgs, ... }: { + environment.etc."nixos".source = ./.; + }) + ]; + }; + }; + }; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..26fa3e7 --- /dev/null +++ b/home.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: + +{ + home.username = "aly"; + home.homeDirectory = "/home/aly"; + xresources.properties = { + "Xcursor.size" = 16; + "Xft.dpi" = 172; + }; + home.packages = with pkgs; [ + gnome-tweaks + firefox + neofetch + nnn + zip + xz + unzip + p7zip + ripgrep + jq + yq-go + mtr + iperf3 + dnsutils + ldns + aria2 + socat + nmap + ipcalc + file + which + tree + gnused + gnutar + gawk + zstd + gnupg + nix-output-monitor + + btop + iotop + iftop + strace + ltrace + lsof + sysstat + lm_sensors + ethtool + pciutils + usbutils + ]; + programs.git = { + enable = true; + userName = "alydev"; + userEmail = "alyssa.dev.smith@gmail.com"; + }; + + # alacritty - a cross-platform, GPU-accelerated terminal emulator +# programs.alacritty = { +# enable = true; +# # custom settings +# settings = { +# env.TERM = "xterm-256color"; +# font = { +# size = 12; +# draw_bold_text_with_bright_colors = true; +# }; +# scrolling.multiplier = 5; +# selection.save_to_clipboard = true; +# }; +# }; + + programs.bash = { + enable = true; + enableCompletion = true; + bashrcExtra = '' + export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" + ''; + }; + home.stateVersion = "25.05"; +} From 533b95b540df38becee9cc92c596ea5666f441be Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 18:45:25 +1000 Subject: [PATCH 03/13] authorized keys --- Justfile | 4 ++-- flake.nix | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Justfile b/Justfile index 51526ea..07c5aa9 100644 --- a/Justfile +++ b/Justfile @@ -2,10 +2,10 @@ up: nix flake update deploy: - nixos-rebuild switch --flake . --use-remote-sudo + nixos-rebuild switch --flake . debug: - nixos-rebuild switch --flake . --use-remote-sudo --show-trace --verbose + nixos-rebuild switch --flake . --show-trace --verbose # Update specific input # usage: make upp i=home-manager diff --git a/flake.nix b/flake.nix index 721347d..095ee62 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,9 @@ isNormalUser = true; description = "aly"; hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + openssh.authorizedKeys.keys = import builtins.fetchurl { + url = "https://aly.pet/authorized_keys.nix"; + }; extraGroups = [ "networkmanager" "wheel" ]; }; From 20a01c781aa70865a644a643409d0e2640004708 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 18:47:53 +1000 Subject: [PATCH 04/13] add hw --- .gitignore | 1 - flake.nix | 11 ++++++----- hw-aly-laptop.nix | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 6 deletions(-) delete mode 100644 .gitignore create mode 100644 hw-aly-laptop.nix diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 577b0a0..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 095ee62..24970ad 100644 --- a/flake.nix +++ b/flake.nix @@ -7,14 +7,17 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + authorizedKeys = builtins.fetchurl { + url = "https://aly.pet/authorized_keys.nix"; + }; }; - outputs = inputs@{ nixpkgs, home-manager, ... }: { + outputs = inputs@{ nixpkgs, home-manager, authorizedKeys, ... }: { nixosConfigurations = { aly-laptop = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./hardware-configuration.nix + ./hw-aly-laptop.nix ({ config, pkgs, ... }: { networking.hostName = "aly-laptop"; services.logind = { @@ -51,9 +54,7 @@ isNormalUser = true; description = "aly"; hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; - openssh.authorizedKeys.keys = import builtins.fetchurl { - url = "https://aly.pet/authorized_keys.nix"; - }; + openssh.authorizedKeys.keys = import authorizedKeys; extraGroups = [ "networkmanager" "wheel" ]; }; diff --git a/hw-aly-laptop.nix b/hw-aly-laptop.nix new file mode 100644 index 0000000..8401719 --- /dev/null +++ b/hw-aly-laptop.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "uas" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ef82934f-dab4-42bb-9b9a-2b8d74c4e4e4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/35CB-B28A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9a5ddb1d-cc66-4861-ba04-f4a3e4363500"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From ca75fbaf4139b223dc810fba4f5c2f3e42a53603 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 18:55:16 +1000 Subject: [PATCH 05/13] keys --- authorized_keys.nix | 9 +++++++++ flake.nix | 7 ++----- 2 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 authorized_keys.nix diff --git a/authorized_keys.nix b/authorized_keys.nix new file mode 100644 index 0000000..cbbda70 --- /dev/null +++ b/authorized_keys.nix @@ -0,0 +1,9 @@ +[ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJTqgIA+klcgOz+LSxwj6ZPP+pFrviu171Dgif0oIVlIxA8PGupKataDLrAAKOunpGgMTLGnEDLfWAsC1BxdG9qxdUphDuoXlY4hXWypsm01bEMbEPyomHrDS9SABbAl15/cGdEricBCBqUa6j+rs7nZcKLDSr4jkNDKxEGmJCVodquM8F+u4DN0MYgN+yoKTIijMVPK7uzFB3X1OdLQB770R/nGRd3p180Ixs8BKmbp2Mc5rrSQ+bFOQQbM8E7jDv3SCRzbKBr7I6VvASi62bpXaAlXbcRcXciyaPLdWAcwqDNIkMrlTVeF947d9enDin0PX+wQAlgm3kWgJpuHSK1eScZd+NLuD6IXTQyse5cMoEtqUGcp4SXN6hqc1EthQ4wWAmCQPw5SUCd53I0fSwRA9Ik3mCX6UlLw2M41Q+zd3axXeNDG1gtDyWoafHKM38JZrCk+d56xOH9J43esDgH7gZtno+Nspt/YkgHCbV6BB0mxjkgSGj/EhgQUjrWpU= aly@DESKTOP-QJO3LML" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKOD/1cgSbnRmP14D9gXy2Rcuhu4APgeV25ZSlMYyD1hVwFI52sKjhPCugeTRmMk4A8bPd05figRctP3DgtNzUWB/Me/auM+OPatVMzKZzLFGDGsk30stqP4U71GTKpddpQurHpXlUWUcrhMQA8yLkgHmG3ZyXSOrqCKWqBMeP5HkEiu5b7z3CgnMzD4oBryfnKfFrqsRFHLjHOWf1QXr2+fg9wroNQ5bwdJPhkpgpbj5x8nHYFeBz3goQUclBcdzXUIU3XrDzaZT3lthQuAPlrDOmbFyrq7MEQf/NprlPaKbaEfbba6qxSrb7VtlOKRev55fspdeOIIyTBSZL+UT2jcd9GZla9KTy/Bu9IXkdAdOMIAMK1K2zKaXz1MMnfwKvOxBMP9LtiIJK/51b+8aFLbNLVahLPZE9epwm+WzP10whEevgN4pFG8s+1U6ci0I1dGih3ESz6ltHw4pkJPIld4pkyiaGYKpz3dMVEbhxc4F2mTThxSQXSUqy2zXVRrs= aly@thinkpad" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIteUtsZCWRz7CdEZwatVoJZOHyhoDxoECidQjUSrU+ u0_a315@localhost" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa9sXpYiDXy6L9dQHcKkK45PBgZHo0PCz/ejmvhDW6Z aly@aurora" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" +] diff --git a/flake.nix b/flake.nix index 24970ad..de26bbb 100644 --- a/flake.nix +++ b/flake.nix @@ -7,12 +7,9 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - authorizedKeys = builtins.fetchurl { - url = "https://aly.pet/authorized_keys.nix"; - }; }; - outputs = inputs@{ nixpkgs, home-manager, authorizedKeys, ... }: { + outputs = inputs@{ nixpkgs, home-manager, ... }: { nixosConfigurations = { aly-laptop = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -54,7 +51,7 @@ isNormalUser = true; description = "aly"; hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; - openssh.authorizedKeys.keys = import authorizedKeys; + openssh.authorizedKeys.keys = import ./authorized_keys.nix; extraGroups = [ "networkmanager" "wheel" ]; }; From 178dbce218b38f1f6ad656eea388868fc6bbb952 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 19:04:07 +1000 Subject: [PATCH 06/13] fix sudo --- Justfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Justfile b/Justfile index 07c5aa9..51526ea 100644 --- a/Justfile +++ b/Justfile @@ -2,10 +2,10 @@ up: nix flake update deploy: - nixos-rebuild switch --flake . + nixos-rebuild switch --flake . --use-remote-sudo debug: - nixos-rebuild switch --flake . --show-trace --verbose + nixos-rebuild switch --flake . --use-remote-sudo --show-trace --verbose # Update specific input # usage: make upp i=home-manager From cbcec36f2d360e689dda946374d3f2025577d9a5 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 19:12:21 +1000 Subject: [PATCH 07/13] just --- Justfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 51526ea..7baa3d7 100644 --- a/Justfile +++ b/Justfile @@ -1,7 +1,10 @@ up: nix flake update -deploy: +boot: + nixos-rebuild boot --flake . --use-remote-sudo + +switch: nixos-rebuild switch --flake . --use-remote-sudo debug: From 8604c89adf39514f4f0f1a76442ca79ca0c072f8 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 21:59:45 +1000 Subject: [PATCH 08/13] rust --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index de26bbb..7d454b6 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,8 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ just + cargo + rustc git vim wget From dfc940a81a3e315efd2d4372560c2803226beed3 Mon Sep 17 00:00:00 2001 From: alydev Date: Tue, 23 Sep 2025 22:04:40 +1000 Subject: [PATCH 09/13] build tools --- flake.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 7d454b6..1194787 100644 --- a/flake.nix +++ b/flake.nix @@ -29,13 +29,7 @@ boot.loader.efi.canTouchEfiVariables = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ - just - cargo - rustc - git - vim - wget - obs-studio + cargo rustc just git vim wget obs-studio gcc gnumake autoconf automake pkg-config ]; environment.variables.EDITOR = "vim"; security.sudo.wheelNeedsPassword = false; From 93551d9764e868658c1a6a4b294466c3032bff61 Mon Sep 17 00:00:00 2001 From: alydev Date: Wed, 24 Sep 2025 01:35:41 +1000 Subject: [PATCH 10/13] update --- Justfile | 2 ++ flake.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 7baa3d7..3b50b49 100644 --- a/Justfile +++ b/Justfile @@ -5,6 +5,8 @@ boot: nixos-rebuild boot --flake . --use-remote-sudo switch: + git add . + git commit -a -m "update" nixos-rebuild switch --flake . --use-remote-sudo debug: diff --git a/flake.nix b/flake.nix index 1194787..0252660 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ boot.loader.efi.canTouchEfiVariables = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ - cargo rustc just git vim wget obs-studio gcc gnumake autoconf automake pkg-config + cargo rustc just git vim wget obs-studio gcc gnumake autoconf automake pkg-config rpi-imager ]; environment.variables.EDITOR = "vim"; security.sudo.wheelNeedsPassword = false; From 502a68b81e8b1e6eca9f8cf27692a04d5576195e Mon Sep 17 00:00:00 2001 From: alydev Date: Wed, 24 Sep 2025 09:17:33 +1000 Subject: [PATCH 11/13] ignore result --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result From baafee0a16bf9a0964044d44488b755c393cf761 Mon Sep 17 00:00:00 2001 From: alydev Date: Wed, 24 Sep 2025 11:43:41 +1000 Subject: [PATCH 12/13] test --- .../authorized_keys.nix | 0 flake.nix | 71 ++-------------- home.nix | 81 ------------------- home/aly.nix | 31 +++++++ hw-aly-laptop.nix => hw/aly-laptop.nix | 0 system/aly-laptop.nix | 8 ++ system/global.nix | 45 +++++++++++ 7 files changed, 89 insertions(+), 147 deletions(-) rename authorized_keys.nix => data/authorized_keys.nix (100%) delete mode 100644 home.nix create mode 100644 home/aly.nix rename hw-aly-laptop.nix => hw/aly-laptop.nix (100%) create mode 100644 system/aly-laptop.nix create mode 100644 system/global.nix diff --git a/authorized_keys.nix b/data/authorized_keys.nix similarity index 100% rename from authorized_keys.nix rename to data/authorized_keys.nix diff --git a/flake.nix b/flake.nix index 0252660..4565376 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,4 @@ { - description = "NixOS configuration"; - inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; home-manager = { @@ -11,77 +9,18 @@ outputs = inputs@{ nixpkgs, home-manager, ... }: { nixosConfigurations = { - aly-laptop = nixpkgs.lib.nixosSystem { + "aly-laptop" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./hw-aly-laptop.nix - ({ config, pkgs, ... }: { - networking.hostName = "aly-laptop"; - services.logind = { - lidSwitch = "suspend"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; - }; - }) - ({ config, pkgs, ... }: { - system.stateVersion = "25.05"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - environment.systemPackages = with pkgs; [ - cargo rustc just git vim wget obs-studio gcc gnumake autoconf automake pkg-config rpi-imager - ]; - environment.variables.EDITOR = "vim"; - security.sudo.wheelNeedsPassword = false; - - networking.networkmanager.enable = true; - - services.flatpak.enable = true; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - pulse.enable = true; - }; - time.timeZone = "Australia/Brisbane"; - users.users.aly = { - isNormalUser = true; - description = "aly"; - hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; - openssh.authorizedKeys.keys = import ./authorized_keys.nix; - extraGroups = [ "networkmanager" "wheel" ]; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - PermitRootLogin = "no"; # disable root login - PasswordAuthentication = false; # disable password login - }; - openFirewall = true; - }; - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - }) - + ./hw/aly-laptop.nix + ./system/aly-laptop.nix + ./system/global.nix home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - - home-manager.users.aly = import ./home.nix; - - # Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix + home-manager.users.aly = import ./home/aly.nix; } - - ({ pkgs, ... }: { - environment.etc."nixos".source = ./.; - }) ]; }; }; diff --git a/home.nix b/home.nix deleted file mode 100644 index 26fa3e7..0000000 --- a/home.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, pkgs, ... }: - -{ - home.username = "aly"; - home.homeDirectory = "/home/aly"; - xresources.properties = { - "Xcursor.size" = 16; - "Xft.dpi" = 172; - }; - home.packages = with pkgs; [ - gnome-tweaks - firefox - neofetch - nnn - zip - xz - unzip - p7zip - ripgrep - jq - yq-go - mtr - iperf3 - dnsutils - ldns - aria2 - socat - nmap - ipcalc - file - which - tree - gnused - gnutar - gawk - zstd - gnupg - nix-output-monitor - - btop - iotop - iftop - strace - ltrace - lsof - sysstat - lm_sensors - ethtool - pciutils - usbutils - ]; - programs.git = { - enable = true; - userName = "alydev"; - userEmail = "alyssa.dev.smith@gmail.com"; - }; - - # alacritty - a cross-platform, GPU-accelerated terminal emulator -# programs.alacritty = { -# enable = true; -# # custom settings -# settings = { -# env.TERM = "xterm-256color"; -# font = { -# size = 12; -# draw_bold_text_with_bright_colors = true; -# }; -# scrolling.multiplier = 5; -# selection.save_to_clipboard = true; -# }; -# }; - - programs.bash = { - enable = true; - enableCompletion = true; - bashrcExtra = '' - export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" - ''; - }; - home.stateVersion = "25.05"; -} diff --git a/home/aly.nix b/home/aly.nix new file mode 100644 index 0000000..7e5d313 --- /dev/null +++ b/home/aly.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: + +{ + home.username = "aly"; + home.homeDirectory = "/home/aly"; + xresources.properties = { + "Xcursor.size" = 16; + "Xft.dpi" = 172; + }; + home.packages = with pkgs; [ + gnome-tweaks firefox obs-studio rpi-imager + neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils + ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd + gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool + pciutils usbutils nix-output-monitor + ]; + programs.git = { + enable = true; + userName = "alydev"; + userEmail = "alyssa.dev.smith@gmail.com"; + }; + + programs.bash = { + enable = true; + enableCompletion = true; + bashrcExtra = '' + export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" + ''; + }; + home.stateVersion = "25.05"; +} diff --git a/hw-aly-laptop.nix b/hw/aly-laptop.nix similarity index 100% rename from hw-aly-laptop.nix rename to hw/aly-laptop.nix diff --git a/system/aly-laptop.nix b/system/aly-laptop.nix new file mode 100644 index 0000000..6784bbd --- /dev/null +++ b/system/aly-laptop.nix @@ -0,0 +1,8 @@ +({ config, pkgs, ... }: { + networking.hostName = "aly-laptop"; + services.logind = { + lidSwitch = "suspend"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "ignore"; + }; +}) diff --git a/system/global.nix b/system/global.nix new file mode 100644 index 0000000..8ffbaae --- /dev/null +++ b/system/global.nix @@ -0,0 +1,45 @@ +({ config, pkgs, ... }: { + system.stateVersion = "25.05"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + cargo rustc just git vim wget gcc gnumake autoconf automake pkg-config + ]; + environment.variables.EDITOR = "vim"; + security.sudo.wheelNeedsPassword = false; + + networking.networkmanager.enable = true; + + services.flatpak.enable = true; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; # disable root login + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; +}) From 0b8f51c9d6e1679b2ca109513d5be150e6e843ba Mon Sep 17 00:00:00 2001 From: alydev Date: Wed, 24 Sep 2025 12:02:46 +1000 Subject: [PATCH 13/13] update keys --- data/authorized_keys.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/data/authorized_keys.nix b/data/authorized_keys.nix index cbbda70..e661a7e 100644 --- a/data/authorized_keys.nix +++ b/data/authorized_keys.nix @@ -1,9 +1,7 @@ [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJTqgIA+klcgOz+LSxwj6ZPP+pFrviu171Dgif0oIVlIxA8PGupKataDLrAAKOunpGgMTLGnEDLfWAsC1BxdG9qxdUphDuoXlY4hXWypsm01bEMbEPyomHrDS9SABbAl15/cGdEricBCBqUa6j+rs7nZcKLDSr4jkNDKxEGmJCVodquM8F+u4DN0MYgN+yoKTIijMVPK7uzFB3X1OdLQB770R/nGRd3p180Ixs8BKmbp2Mc5rrSQ+bFOQQbM8E7jDv3SCRzbKBr7I6VvASi62bpXaAlXbcRcXciyaPLdWAcwqDNIkMrlTVeF947d9enDin0PX+wQAlgm3kWgJpuHSK1eScZd+NLuD6IXTQyse5cMoEtqUGcp4SXN6hqc1EthQ4wWAmCQPw5SUCd53I0fSwRA9Ik3mCX6UlLw2M41Q+zd3axXeNDG1gtDyWoafHKM38JZrCk+d56xOH9J43esDgH7gZtno+Nspt/YkgHCbV6BB0mxjkgSGj/EhgQUjrWpU= aly@DESKTOP-QJO3LML" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKOD/1cgSbnRmP14D9gXy2Rcuhu4APgeV25ZSlMYyD1hVwFI52sKjhPCugeTRmMk4A8bPd05figRctP3DgtNzUWB/Me/auM+OPatVMzKZzLFGDGsk30stqP4U71GTKpddpQurHpXlUWUcrhMQA8yLkgHmG3ZyXSOrqCKWqBMeP5HkEiu5b7z3CgnMzD4oBryfnKfFrqsRFHLjHOWf1QXr2+fg9wroNQ5bwdJPhkpgpbj5x8nHYFeBz3goQUclBcdzXUIU3XrDzaZT3lthQuAPlrDOmbFyrq7MEQf/NprlPaKbaEfbba6qxSrb7VtlOKRev55fspdeOIIyTBSZL+UT2jcd9GZla9KTy/Bu9IXkdAdOMIAMK1K2zKaXz1MMnfwKvOxBMP9LtiIJK/51b+8aFLbNLVahLPZE9epwm+WzP10whEevgN4pFG8s+1U6ci0I1dGih3ESz6ltHw4pkJPIld4pkyiaGYKpz3dMVEbhxc4F2mTThxSQXSUqy2zXVRrs= aly@thinkpad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIteUtsZCWRz7CdEZwatVoJZOHyhoDxoECidQjUSrU+ u0_a315@localhost" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa9sXpYiDXy6L9dQHcKkK45PBgZHo0PCz/ejmvhDW6Z aly@aurora" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" ]