initial commit

.gitignore

@@ -0,0 +1 @@
+/result

configuration/backups.nix

@@ -0,0 +1,39 @@
+{pkgs, ...}: {
+  services.btrbk = {
+    instances = {
+      home-daily = {
+        onCalendar = "daily";
+        settings = {
+          ssh_identity = builtins.toString ../../id_ed25519;
+          ssh_user = "btrbk";
+          snapshot_preserve_min = "1m";
+          snapshot_preserve = "3m";
+          # target = "raw ssh://shared-vm-nixos/mnt/tank/home/aubrey/btrfsSnapshots";
+          volume = {
+            "/" = {
+              subvolume = "home";
+              snapshot_dir = "/snapshots";
+            };
+          };
+        };
+      };
+      home = {
+        onCalendar = "hourly";
+        settings = {
+          timestamp_format = "long";
+          snapshot_preserve_min = "1w";
+          snapshot_preserve = "2w";
+          volume = {
+            "/" = {
+              snapshot_dir = "/snapshots";
+              subvolume = "home";
+            };
+          };
+        };
+      };
+    };
+  };
+  systemd.tmpfiles.rules = [
+    "d /snapshots 0755 root root"
+  ];
+}

configuration/configuration.nix

@@ -0,0 +1,141 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  system = pkgs.system;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    ./packages.nix
+    ./backups.nix
+  ];
+  nixpkgs = {
+    overlays = import ./overlays.nix {inherit inputs;};
+  };
+
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  boot.kernelPackages = pkgs.linuxPackages_zen;
+  boot.supportedFilesystems = ["btrfs"];
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowInsecurePredicate = pkg: true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "aubrey-laptop-nixos";
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "America/Regina";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.inputMethod = {
+    enable = true;
+    type = "fcitx5";
+    fcitx5 = {
+      waylandFrontend = true;
+      addons = with pkgs; [
+        fcitx5-mozc
+        kdePackages.fcitx5-qt
+        kdePackages.fcitx5-configtool
+      ];
+    };
+  };
+
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true;
+  };
+
+  services.displayManager.sddm = {
+    enable = true;
+    wayland = {
+      enable = true;
+    };
+  };
+  services.desktopManager.plasma6.enable = true;
+
+  services.printing.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+  services.libinput.enable = true;
+
+  users.users.aubrey = {
+    description = "Aubrey";
+    isNormalUser = true;
+    extraGroups = ["wheel" "plugdev" "wireshark" "libvirtd"];
+    packages = with pkgs; [
+      tree
+    ];
+    shell = pkgs.nushell;
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  programs.firefox.enable = true;
+  programs.thunderbird.enable = true;
+
+  programs.virt-manager.enable = true;
+  users.groups.libvirtd.members = ["aubrey"];
+  virtualisation.spiceUSBRedirection.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu.vhostUserPackages = with pkgs; [virtiofsd];
+  };
+
+  programs._1password.enable = true;
+  programs._1password-gui = {
+    enable = true;
+    polkitPolicyOwners = ["aubrey"];
+  };
+  environment.etc = {
+    "1password/custom_allowed_browsers" = {
+      text = ''
+        zen
+        zen-bin
+        .zen-wrapped
+        .zen-bin-wrapped
+      '';
+      mode = "0755";
+    };
+  };
+  environment.etc.seat = {
+    target = "udev/rules.d/50-switch.rules";
+    text = ''
+      SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
+    '';
+  };
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark-qt;
+  };
+  services.tailscale.enable = true;
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  system.stateVersion = "24.11";
+}

configuration/hardware-configuration.nix

@@ -0,0 +1,67 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55";
+    fsType = "btrfs";
+    options = ["subvol=root"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/6B14-24A1";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55";
+    fsType = "btrfs";
+    options = ["subvol=nix"];
+  };
+
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55";
+    fsType = "btrfs";
+    options = ["subvol=persist"];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55";
+    fsType = "btrfs";
+    options = ["subvol=log"];
+    neededForBoot = true;
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55";
+    fsType = "btrfs";
+    options = ["subvol=home"];
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u2u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

configuration/overlays.nix

@@ -0,0 +1,8 @@
+{inputs, ...}: [
+  (final: _prev: {
+    unstable = import inputs.nixpkgs-unstable {
+      system = final.system;
+      config.allowUnfree = true;
+    };
+  })
+]

configuration/packages.nix

@@ -0,0 +1,110 @@
+{pkgs, ...}: let
+  system = pkgs.system;
+  extensions =
+    (import (builtins.fetchGit {
+      url = "https://github.com/nix-community/nix-vscode-extensions";
+      ref = "refs/heads/master";
+      rev = "370af219cf4ad7660e3ad4577849fb0478edb33c";
+    }))
+    .extensions
+    .${system};
+  vscodeExtensions = with pkgs;
+  with extensions.vscode-marketplace; [
+    trag1c.gleam-theme
+    rust-lang.rust-analyzer
+    arrterian.nix-env-selector
+    bbenoist.nix
+    vscodevim.vim
+    tamasfe.even-better-toml
+    mtxr.sqltools
+    mtxr.sqltools-driver-sqlite
+    thenuprojectcontributors.vscode-nushell-lang
+    vscode-icons-team.vscode-icons
+    mkhl.direnv
+    mkornelsen.vscode-arm64
+    vscode-extensions.ms-vscode.cpptools-extension-pack
+    vscode-extensions.llvm-vs-code-extensions.vscode-clangd
+    svelte.svelte-vscode
+    ms-vscode.cmake-tools
+    ms-dotnettools.vscode-dotnet-runtime
+    vscode-extensions.ms-dotnettools.csharp
+    vscode-extensions.ms-dotnettools.csdevkit
+    visualstudiotoolsforunity.vstuc
+    surendrajat.apklab
+    loyieking.smalise
+  ];
+in {
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-emoji
+    liberation_ttf
+    fira-code
+    fira-code-symbols
+    mplus-outline-fonts.githubRelease
+    dina-font
+    proggyfonts
+    comic-mono
+  ];
+
+  environment.systemPackages = with pkgs;
+  with import ../packages pkgs; [
+    neovim
+    python3
+    unzip
+    ripgrep
+    gitkraken
+    lua51Packages.lua
+    lua51Packages.luarocks
+    clang
+    mako
+    wl-clipboard
+    wget
+    wezterm
+    git
+    vesktop
+    pnpm
+    kdePackages.plasma-systemmonitor
+    shutter
+    direnv
+    killall
+    llvmPackages_19.clang-unwrapped
+    neofetch
+    avalonia-ilspy
+    obsidian
+    libreoffice-still
+    vlc
+    zen-browser
+    bruno
+    chromium
+    nmap
+    nixos-rebuild
+    fusee-nano
+    ghidra-bin
+    jetbrains.clion
+    jetbrains.idea-ultimate
+    obs-studio
+    tea
+    miniserve
+    remmina
+    prismlauncher
+    unstable.dotnetCorePackages.dotnet_9.sdk
+    unstable.jetbrains.rider
+    libfaketime
+    unityhub
+    kdePackages.kcalc
+    material-maker
+    blender
+    jdk23
+    ryujinx
+    pinta
+    gh
+    renderdoc
+    rclone
+    digital
+    nodejs
+
+    (builtins.getFlake "github:Sanae6/010editor-flake").packages."${system}".default
+    (vscode-with-extensions.override {inherit vscodeExtensions;})
+  ];
+}

flake.lock

@@ -0,0 +1,44 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1739357830,
+        "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1739214665,
+        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,21 @@
+rec {
+  description = "NixOS configs";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    ...
+  } @ inputs: {
+    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
+
+    nixosConfigurations.aubrey-laptop-nixos = nixpkgs.lib.nixosSystem {
+      specialArgs = {inherit inputs;};
+      modules = [./configuration/configuration.nix];
+    };
+  };
+}

packages/default.nix

@@ -0,0 +1,3 @@
+pkgs: {
+  zen-browser = pkgs.callPackage ./zen-browser.nix {};
+}

packages/zen-browser.nix

@@ -0,0 +1,97 @@
+{pkgs, ...}: let
+  runtimeLibs = with pkgs;
+    [
+      libGL
+      libGLU
+      libevent
+      libffi
+      libjpeg
+      libpng
+      libstartup_notification
+      libvpx
+      libwebp
+      stdenv.cc.cc
+      fontconfig
+      libxkbcommon
+      zlib
+      freetype
+      gtk3
+      libxml2
+      dbus
+      xcb-util-cursor
+      alsa-lib
+      libpulseaudio
+      pango
+      atk
+      cairo
+      gdk-pixbuf
+      glib
+      udev
+      libva
+      mesa
+      libnotify
+      cups
+      pciutils
+      ffmpeg
+      libglvnd
+      pipewire
+    ]
+    ++ (with pkgs.xorg; [
+      libxcb
+      libX11
+      libXcursor
+      libXrandr
+      libXi
+      libXext
+      libXcomposite
+      libXdamage
+      libXfixes
+      libXScrnSaver
+    ]);
+in
+  pkgs.stdenv.mkDerivation rec {
+    system = "x86_64-linux";
+    version = "1.7.6b";
+    pname = "zen-browser";
+
+    src = builtins.fetchTarball {
+      url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen.linux-x86_64.tar.xz";
+      sha256 = "sha256:19v6n0a1j63i8i7c9615lh1fmbz8jakwyiy11imc9vbq1n6z0nm9";
+    };
+
+    desktopSrc = ./.;
+
+    phases = ["installPhase" "fixupPhase"];
+
+    nativeBuildInputs = [pkgs.makeWrapper pkgs.copyDesktopItems pkgs.wrapGAppsHook];
+
+    installPhase = "  mkdir -p $out/bin && cp -r $src/* $out/bin\n  install -D $desktopSrc/zen.desktop $out/share/applications/zen.desktop\n  install -D $src/browser/chrome/icons/default/default128.png $out/share/icons/hicolor/128x128/apps/zen.png\n";
+
+    fixupPhase = ''
+      chmod 755 $out/bin/*
+      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/zen
+      wrapProgram $out/bin/zen --set LD_LIBRARY_PATH "${
+        pkgs.lib.makeLibraryPath runtimeLibs
+      }" \
+                      --set MOZ_LEGACY_PROFILES 1 --set MOZ_ALLOW_DOWNGRADE 1 --set MOZ_APP_LAUNCHER zen --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
+      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/zen-bin
+      wrapProgram $out/bin/zen-bin --set LD_LIBRARY_PATH "${
+        pkgs.lib.makeLibraryPath runtimeLibs
+      }" \
+                      --set MOZ_LEGACY_PROFILES 1 --set MOZ_ALLOW_DOWNGRADE 1 --set MOZ_APP_LAUNCHER zen --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
+      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/glxtest
+      wrapProgram $out/bin/glxtest --set LD_LIBRARY_PATH "${
+        pkgs.lib.makeLibraryPath runtimeLibs
+      }"
+      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/updater
+      wrapProgram $out/bin/updater --set LD_LIBRARY_PATH "${
+        pkgs.lib.makeLibraryPath runtimeLibs
+      }"
+      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/vaapitest
+      wrapProgram $out/bin/vaapitest --set LD_LIBRARY_PATH "${
+        pkgs.lib.makeLibraryPath runtimeLibs
+      }"
+    '';
+
+    meta.mainProgram = "zen";
+  }

packages/zen.desktop

@@ -0,0 +1,25 @@
+[Desktop Entry]
+Name=Zen Browser
+Exec=zen %u
+Icon=zen
+Type=Application
+MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall;application/pdf;application/json;
+StartupWMClass=zen-alpha
+Categories=Network;WebBrowser;
+StartupNotify=true
+Terminal=false
+X-MultipleArgs=false
+Keywords=Internet;WWW;Browser;Web;Explorer;
+Actions=new-window;new-private-window;profilemanager;
+
+[Desktop Action new-window]
+Name=Open a New Window
+Exec=zen %u
+
+[Desktop Action new-private-window]
+Name=Open a New Private Window
+Exec=zen --private-window %u
+
+[Desktop Action profilemanager]
+Name=Open the Profile Manager
+Exec=zen --ProfileManager %u

switch.nu

@@ -0,0 +1,36 @@
+#!/usr/bin/env nu
+def "get hostname" [hostname?: string] { $hostname | default (hostname) };
+def --wrapped rebuild [subcmd: string, hostname: string, ...rest] {
+  nix fmt
+  git add -A # make sure the goddamn files are added because nix stores won't include unchecked files
+  if $hostname == (hostname) {
+    sudo nixos-rebuild --flake $".#(hostname)" --impure $subcmd ...$rest
+  } else {
+    let r = echo ...$rest | into string;
+    nix-shell -p nixos-rebuild --command $"nixos-rebuild --flake .#($hostname) --target-host ($hostname) --use-remote-sudo ($subcmd) ($r)";
+  }
+};
+
+def --wrapped "main switch" [
+  --hostname (-h): string, # the hostname of the machine to push to
+  ...rest
+] {
+  let hostname = (get hostname $hostname);
+  rebuild switch $hostname ...$rest
+}
+
+def --wrapped "main boot" [
+  --restart (-r) # restart after building
+  --hostname (-h): string, # the hostname of the machine to push to
+  ...rest
+] {
+  let hostname = (get hostname $hostname);
+  rebuild boot $hostname ...$rest
+  if $restart {
+    ssh $hostname -t "sudo reboot now"
+  }
+}
+
+def main [] {
+  main switch -h (hostname)
+}