diff --git a/common/base.nix b/common/base.nix index bad46dc..3329219 100644 --- a/common/base.nix +++ b/common/base.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: { - nix = { package = pkgs.nixUnstable; extraOptions = '' @@ -15,7 +14,8 @@ automatic = true; options = "--delete-older-than 7d"; }; - + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; }; environment.systemPackages = with pkgs; [ @@ -27,19 +27,7 @@ pciutils coreutils-full killall + git-crypt ]; - networking.networkmanager.enable = true; - networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ]; - - services.timesyncd.enable = true; - networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; - - i18n.defaultLocale = "ru_RU.UTF-8"; - console = { - font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz"; - keyMap = "us"; - packages = with pkgs; [ terminus_font ]; - }; - } \ No newline at end of file diff --git a/roles/laptop.nix b/common/laptop.nix similarity index 80% rename from roles/laptop.nix rename to common/laptop.nix index 58c8eef..b26664e 100644 --- a/roles/laptop.nix +++ b/common/laptop.nix @@ -5,8 +5,9 @@ powertop lm_sensors ]; + + boot.plymouth.enable = true; + services.tlp.enable = true; services.upower.enable = true; - - networking.wireless.iwd.enable = true; } \ No newline at end of file diff --git a/common/locale.nix b/common/locale.nix new file mode 100644 index 0000000..418502d --- /dev/null +++ b/common/locale.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: + +{ + time.timeZone = "Europe/Moscow"; + + i18n.defaultLocale = "ru_RU.UTF-8"; + console = { + font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz"; + keyMap = "us"; + packages = with pkgs; [ terminus_font ]; + }; +} \ No newline at end of file diff --git a/common/networking.nix b/common/networking.nix new file mode 100644 index 0000000..6e467d8 --- /dev/null +++ b/common/networking.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + networking.wireless.iwd.enable = true; + networking.wireless.iwd.settings = { + General = { + EnableNetworkConfiguration = true; + }; + }; + + networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ]; + + services.timesyncd.enable = true; + networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; +} \ No newline at end of file diff --git a/common/remote-access.nix b/common/remote-access.nix new file mode 100644 index 0000000..af1aa9c --- /dev/null +++ b/common/remote-access.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + programs.mosh.enable = true; +} \ No newline at end of file diff --git a/common/user.nix b/common/user.nix index e6a95b9..82e0cb6 100644 --- a/common/user.nix +++ b/common/user.nix @@ -1,9 +1,12 @@ { config, pkgs, ... }: -{ +let + secrets = import ../secrets.nix; +in { users.users.ivabus = { isNormalUser = true; extraGroups = [ "wheel" ]; + uid = 1000; packages = with pkgs; [ tree cargo @@ -12,6 +15,11 @@ gitFull ]; shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + # Air M2 macOS + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE=" + ]; + hashedPassword = secrets.hashed-password; }; programs.zsh = { @@ -21,7 +29,47 @@ programs.gnupg.agent.enable = true; programs.ssh.startAgent = true; - programs.git = { - enable = true; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.ivabus = { + gtk = { + enable = true; + theme = { + name = "Catppuccin-Macchiato-Standard-Blue-dark"; + package = pkgs.catppuccin-gtk.override { + accents = [ "blue" ]; + tweaks = [ "rimless" ]; + size = "standard"; + variant = "macchiato"; + }; + }; + iconTheme = { + name = "Mint-Y-Blue"; + package = pkgs.cinnamon.mint-y-icons; + }; + cursorTheme = { + name = "Catppuccin-Macchiato-Dark-Cursors"; + package = pkgs.catppuccin-cursors.macchiatoDark; + }; + font = { + name = "Ubuntu"; + size = 9; + package = pkgs.ubuntu_font_family; + }; + }; + home.pointerCursor = { + name = "Catppuccin-Macchiato-Dark-Cursors"; + package = pkgs.catppuccin-cursors.macchiatoDark; + x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors"; + }; + programs.git = { + enable = true; + userName = "Ivan Bushchik"; + userEmail = "ivabus@ivabus.dev"; + signing.key = "DF1D910360471F0CCF076E449F6DDABE11A2674D"; + signing.signByDefault = true; + package = pkgs.gitAndTools.gitFull; + }; + home.stateVersion = "23.05"; }; } \ No newline at end of file diff --git a/flake.nix b/flake.nix index 998f7bd..b98a51d 100644 --- a/flake.nix +++ b/flake.nix @@ -11,16 +11,22 @@ }; - outputs = { self, nixpkgs, ... }@inputs: { + outputs = { self, nixpkgs, home-manager, ... }@inputs: { # Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM) nixosConfigurations."stella" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + home-manager.nixosModules.home-manager ./common/base.nix ./common/user.nix - ./roles/laptop.nix + ./common/laptop.nix + ./common/networking.nix + ./common/locale.nix + ./common/remote-access.nix ./roles/graphical.nix - ./roles/gaming.nix + #./roles/gaming.nix + ./roles/devel.nix + ./roles/yggdrasil-client.nix ./machines/stella/configuration.nix ./machines/stella/hardware.nix ]; diff --git a/machines/stella/configuration.nix b/machines/stella/configuration.nix index 5dfed17..b61d086 100644 --- a/machines/stella/configuration.nix +++ b/machines/stella/configuration.nix @@ -6,16 +6,10 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "stella"; - time.timeZone = "Europe/Moscow"; services.xserver.videoDrivers=["amdgpu"]; boot.initrd.kernelModules=["amdgpu"]; - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - system.stateVersion = "23.05"; } diff --git a/machines/stella/hardware.nix b/machines/stella/hardware.nix index 3339db0..f740056 100644 --- a/machines/stella/hardware.nix +++ b/machines/stella/hardware.nix @@ -39,5 +39,5 @@ STOP_CHARGE_THRESH_BAT0 = 80; }; powerManagement.enable = true; - powerManagement.cpuFreqGovernor = "powersave"; + powerManagement.cpuFreqGovernor = "performance"; } diff --git a/roles/devel.nix b/roles/devel.nix new file mode 100644 index 0000000..06fb2d8 --- /dev/null +++ b/roles/devel.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + jetbrains.clion + rustc + cargo + rustup + vscode + clang + llvm + lld + ]; +} diff --git a/roles/gaming.nix b/roles/gaming.nix index e2e9dcc..e6b91b9 100644 --- a/roles/gaming.nix +++ b/roles/gaming.nix @@ -1,3 +1,4 @@ + { config, pkgs, ... }: { diff --git a/roles/graphical.nix b/roles/graphical.nix index e08219b..10832c1 100644 --- a/roles/graphical.nix +++ b/roles/graphical.nix @@ -9,11 +9,12 @@ mpv glib ffmpeg - cinnamon.mint-y-icons + cinnamon.nemo usbmuxd telegram-desktop + keepassxc ]; - services.fwupd.enable = true; + services.greetd = { enable = true; vt = 7; @@ -37,7 +38,6 @@ swaylock poweralertd kanshi - catppuccin-cursors libsForQt5.qt5ct mako pulseaudio @@ -55,15 +55,29 @@ enable = true; alsa.enable = true; pulse.enable = true; + alsa.support32Bit = true; + jack.enable = true; + }; + + qt = { + enable = true; + platformTheme = "gtk2"; + style = "gtk2"; }; services.dbus.enable = true; - fonts.fonts = with pkgs; [ + fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk noto-fonts-emoji jetbrains-mono font-awesome + #google-fonts + liberation_ttf + open-sans + roboto + roboto-mono + kochi-substitute ]; } \ No newline at end of file diff --git a/roles/yggdrasil-client.nix b/roles/yggdrasil-client.nix new file mode 100644 index 0000000..10b35a2 --- /dev/null +++ b/roles/yggdrasil-client.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + services.yggdrasil = { + enable = true; + persistentKeys = true; + settings = { + Peers = [ + "tls://ygg.iva.bz:50002" + ]; + }; + }; +} \ No newline at end of file diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..12ad542 --- /dev/null +++ b/secrets.nix @@ -0,0 +1,9 @@ + +let + canaryHash = builtins.hashFile "sha256" ./secrets/canary; + expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c"; +in + if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?" + else { + hashed-password = builtins.readFile ./secrets/hashed-password; + } \ No newline at end of file diff --git a/secrets/.gitattributes b/secrets/.gitattributes new file mode 100644 index 0000000..e62dd61 --- /dev/null +++ b/secrets/.gitattributes @@ -0,0 +1,2 @@ +* filter=git-crypt diff=git-crypt +.gitattributes !filter !diff \ No newline at end of file diff --git a/secrets/canary b/secrets/canary new file mode 100644 index 0000000..1e2e937 Binary files /dev/null and b/secrets/canary differ diff --git a/secrets/hashed-password b/secrets/hashed-password new file mode 100644 index 0000000..5fc645a Binary files /dev/null and b/secrets/hashed-password differ