From 6a6ceba53be87e7d91e96e188fb6ecad7c14f354 Mon Sep 17 00:00:00 2001 From: Aubrey Taylor Date: Sun, 16 Feb 2025 15:15:35 -0600 Subject: [PATCH] initial commit --- .gitignore | 1 + configuration/backups.nix | 39 +++++++ configuration/configuration.nix | 141 +++++++++++++++++++++++ configuration/hardware-configuration.nix | 67 +++++++++++ configuration/overlays.nix | 8 ++ configuration/packages.nix | 110 ++++++++++++++++++ flake.lock | 44 +++++++ flake.nix | 21 ++++ packages/default.nix | 3 + packages/zen-browser.nix | 97 ++++++++++++++++ packages/zen.desktop | 25 ++++ switch.nu | 36 ++++++ 12 files changed, 592 insertions(+) create mode 100644 .gitignore create mode 100644 configuration/backups.nix create mode 100644 configuration/configuration.nix create mode 100644 configuration/hardware-configuration.nix create mode 100644 configuration/overlays.nix create mode 100644 configuration/packages.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 packages/default.nix create mode 100644 packages/zen-browser.nix create mode 100644 packages/zen.desktop create mode 100755 switch.nu diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c4a847d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/result diff --git a/configuration/backups.nix b/configuration/backups.nix new file mode 100644 index 0000000..3177576 --- /dev/null +++ b/configuration/backups.nix @@ -0,0 +1,39 @@ +{pkgs, ...}: { + services.btrbk = { + instances = { + home-daily = { + onCalendar = "daily"; + settings = { + ssh_identity = builtins.toString ../../id_ed25519; + ssh_user = "btrbk"; + snapshot_preserve_min = "1m"; + snapshot_preserve = "3m"; + # target = "raw ssh://shared-vm-nixos/mnt/tank/home/aubrey/btrfsSnapshots"; + volume = { + "/" = { + subvolume = "home"; + snapshot_dir = "/snapshots"; + }; + }; + }; + }; + home = { + onCalendar = "hourly"; + settings = { + timestamp_format = "long"; + snapshot_preserve_min = "1w"; + snapshot_preserve = "2w"; + volume = { + "/" = { + snapshot_dir = "/snapshots"; + subvolume = "home"; + }; + }; + }; + }; + }; + }; + systemd.tmpfiles.rules = [ + "d /snapshots 0755 root root" + ]; +} diff --git a/configuration/configuration.nix b/configuration/configuration.nix new file mode 100644 index 0000000..d92aedb --- /dev/null +++ b/configuration/configuration.nix @@ -0,0 +1,141 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: let + system = pkgs.system; +in { + imports = [ + ./hardware-configuration.nix + ./packages.nix + ./backups.nix + ]; + nixpkgs = { + overlays = import ./overlays.nix {inherit inputs;}; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + boot.kernelPackages = pkgs.linuxPackages_zen; + boot.supportedFilesystems = ["btrfs"]; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowInsecurePredicate = pkg: true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "aubrey-laptop-nixos"; + networking.networkmanager.enable = true; + + time.timeZone = "America/Regina"; + + i18n.defaultLocale = "en_US.UTF-8"; + i18n.inputMethod = { + enable = true; + type = "fcitx5"; + fcitx5 = { + waylandFrontend = true; + addons = with pkgs; [ + fcitx5-mozc + kdePackages.fcitx5-qt + kdePackages.fcitx5-configtool + ]; + }; + }; + + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; + }; + + services.displayManager.sddm = { + enable = true; + wayland = { + enable = true; + }; + }; + services.desktopManager.plasma6.enable = true; + + services.printing.enable = true; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + services.libinput.enable = true; + + users.users.aubrey = { + description = "Aubrey"; + isNormalUser = true; + extraGroups = ["wheel" "plugdev" "wireshark" "libvirtd"]; + packages = with pkgs; [ + tree + ]; + shell = pkgs.nushell; + }; + + security.sudo.wheelNeedsPassword = false; + + programs.firefox.enable = true; + programs.thunderbird.enable = true; + + programs.virt-manager.enable = true; + users.groups.libvirtd.members = ["aubrey"]; + virtualisation.spiceUSBRedirection.enable = true; + virtualisation.libvirtd = { + enable = true; + qemu.vhostUserPackages = with pkgs; [virtiofsd]; + }; + + programs._1password.enable = true; + programs._1password-gui = { + enable = true; + polkitPolicyOwners = ["aubrey"]; + }; + environment.etc = { + "1password/custom_allowed_browsers" = { + text = '' + zen + zen-bin + .zen-wrapped + .zen-bin-wrapped + ''; + mode = "0755"; + }; + }; + environment.etc.seat = { + target = "udev/rules.d/50-switch.rules"; + text = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" + ''; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + programs.wireshark = { + enable = true; + package = pkgs.wireshark-qt; + }; + services.tailscale.enable = true; + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + system.stateVersion = "24.11"; +} diff --git a/configuration/hardware-configuration.nix b/configuration/hardware-configuration.nix new file mode 100644 index 0000000..c4affe2 --- /dev/null +++ b/configuration/hardware-configuration.nix @@ -0,0 +1,67 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6B14-24A1"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55"; + fsType = "btrfs"; + options = ["subvol=persist"]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55"; + fsType = "btrfs"; + options = ["subvol=log"]; + neededForBoot = true; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/bc150328-fa6d-4b25-b6c5-a31d22881a55"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp193s0f3u2u3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/configuration/overlays.nix b/configuration/overlays.nix new file mode 100644 index 0000000..bc2ec6d --- /dev/null +++ b/configuration/overlays.nix @@ -0,0 +1,8 @@ +{inputs, ...}: [ + (final: _prev: { + unstable = import inputs.nixpkgs-unstable { + system = final.system; + config.allowUnfree = true; + }; + }) +] diff --git a/configuration/packages.nix b/configuration/packages.nix new file mode 100644 index 0000000..ddae28a --- /dev/null +++ b/configuration/packages.nix @@ -0,0 +1,110 @@ +{pkgs, ...}: let + system = pkgs.system; + extensions = + (import (builtins.fetchGit { + url = "https://github.com/nix-community/nix-vscode-extensions"; + ref = "refs/heads/master"; + rev = "370af219cf4ad7660e3ad4577849fb0478edb33c"; + })) + .extensions + .${system}; + vscodeExtensions = with pkgs; + with extensions.vscode-marketplace; [ + trag1c.gleam-theme + rust-lang.rust-analyzer + arrterian.nix-env-selector + bbenoist.nix + vscodevim.vim + tamasfe.even-better-toml + mtxr.sqltools + mtxr.sqltools-driver-sqlite + thenuprojectcontributors.vscode-nushell-lang + vscode-icons-team.vscode-icons + mkhl.direnv + mkornelsen.vscode-arm64 + vscode-extensions.ms-vscode.cpptools-extension-pack + vscode-extensions.llvm-vs-code-extensions.vscode-clangd + svelte.svelte-vscode + ms-vscode.cmake-tools + ms-dotnettools.vscode-dotnet-runtime + vscode-extensions.ms-dotnettools.csharp + vscode-extensions.ms-dotnettools.csdevkit + visualstudiotoolsforunity.vstuc + surendrajat.apklab + loyieking.smalise + ]; +in { + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + liberation_ttf + fira-code + fira-code-symbols + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + comic-mono + ]; + + environment.systemPackages = with pkgs; + with import ../packages pkgs; [ + neovim + python3 + unzip + ripgrep + gitkraken + lua51Packages.lua + lua51Packages.luarocks + clang + mako + wl-clipboard + wget + wezterm + git + vesktop + pnpm + kdePackages.plasma-systemmonitor + shutter + direnv + killall + llvmPackages_19.clang-unwrapped + neofetch + avalonia-ilspy + obsidian + libreoffice-still + vlc + zen-browser + bruno + chromium + nmap + nixos-rebuild + fusee-nano + ghidra-bin + jetbrains.clion + jetbrains.idea-ultimate + obs-studio + tea + miniserve + remmina + prismlauncher + unstable.dotnetCorePackages.dotnet_9.sdk + unstable.jetbrains.rider + libfaketime + unityhub + kdePackages.kcalc + material-maker + blender + jdk23 + ryujinx + pinta + gh + renderdoc + rclone + digital + nodejs + + (builtins.getFlake "github:Sanae6/010editor-flake").packages."${system}".default + (vscode-with-extensions.override {inherit vscodeExtensions;}) + ]; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..bf235fc --- /dev/null +++ b/flake.lock @@ -0,0 +1,44 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1739357830, + "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..f75eee6 --- /dev/null +++ b/flake.nix @@ -0,0 +1,21 @@ +rec { + description = "NixOS configs"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + }; + + outputs = { + self, + nixpkgs, + ... + } @ inputs: { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; + + nixosConfigurations.aubrey-laptop-nixos = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [./configuration/configuration.nix]; + }; + }; +} diff --git a/packages/default.nix b/packages/default.nix new file mode 100644 index 0000000..f3badf1 --- /dev/null +++ b/packages/default.nix @@ -0,0 +1,3 @@ +pkgs: { + zen-browser = pkgs.callPackage ./zen-browser.nix {}; +} diff --git a/packages/zen-browser.nix b/packages/zen-browser.nix new file mode 100644 index 0000000..5c075ac --- /dev/null +++ b/packages/zen-browser.nix @@ -0,0 +1,97 @@ +{pkgs, ...}: let + runtimeLibs = with pkgs; + [ + libGL + libGLU + libevent + libffi + libjpeg + libpng + libstartup_notification + libvpx + libwebp + stdenv.cc.cc + fontconfig + libxkbcommon + zlib + freetype + gtk3 + libxml2 + dbus + xcb-util-cursor + alsa-lib + libpulseaudio + pango + atk + cairo + gdk-pixbuf + glib + udev + libva + mesa + libnotify + cups + pciutils + ffmpeg + libglvnd + pipewire + ] + ++ (with pkgs.xorg; [ + libxcb + libX11 + libXcursor + libXrandr + libXi + libXext + libXcomposite + libXdamage + libXfixes + libXScrnSaver + ]); +in + pkgs.stdenv.mkDerivation rec { + system = "x86_64-linux"; + version = "1.7.6b"; + pname = "zen-browser"; + + src = builtins.fetchTarball { + url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen.linux-x86_64.tar.xz"; + sha256 = "sha256:19v6n0a1j63i8i7c9615lh1fmbz8jakwyiy11imc9vbq1n6z0nm9"; + }; + + desktopSrc = ./.; + + phases = ["installPhase" "fixupPhase"]; + + nativeBuildInputs = [pkgs.makeWrapper pkgs.copyDesktopItems pkgs.wrapGAppsHook]; + + installPhase = " mkdir -p $out/bin && cp -r $src/* $out/bin\n install -D $desktopSrc/zen.desktop $out/share/applications/zen.desktop\n install -D $src/browser/chrome/icons/default/default128.png $out/share/icons/hicolor/128x128/apps/zen.png\n"; + + fixupPhase = '' + chmod 755 $out/bin/* + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/zen + wrapProgram $out/bin/zen --set LD_LIBRARY_PATH "${ + pkgs.lib.makeLibraryPath runtimeLibs + }" \ + --set MOZ_LEGACY_PROFILES 1 --set MOZ_ALLOW_DOWNGRADE 1 --set MOZ_APP_LAUNCHER zen --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/zen-bin + wrapProgram $out/bin/zen-bin --set LD_LIBRARY_PATH "${ + pkgs.lib.makeLibraryPath runtimeLibs + }" \ + --set MOZ_LEGACY_PROFILES 1 --set MOZ_ALLOW_DOWNGRADE 1 --set MOZ_APP_LAUNCHER zen --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/glxtest + wrapProgram $out/bin/glxtest --set LD_LIBRARY_PATH "${ + pkgs.lib.makeLibraryPath runtimeLibs + }" + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/updater + wrapProgram $out/bin/updater --set LD_LIBRARY_PATH "${ + pkgs.lib.makeLibraryPath runtimeLibs + }" + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/vaapitest + wrapProgram $out/bin/vaapitest --set LD_LIBRARY_PATH "${ + pkgs.lib.makeLibraryPath runtimeLibs + }" + ''; + + meta.mainProgram = "zen"; + } diff --git a/packages/zen.desktop b/packages/zen.desktop new file mode 100644 index 0000000..df5b81a --- /dev/null +++ b/packages/zen.desktop @@ -0,0 +1,25 @@ +[Desktop Entry] +Name=Zen Browser +Exec=zen %u +Icon=zen +Type=Application +MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall;application/pdf;application/json; +StartupWMClass=zen-alpha +Categories=Network;WebBrowser; +StartupNotify=true +Terminal=false +X-MultipleArgs=false +Keywords=Internet;WWW;Browser;Web;Explorer; +Actions=new-window;new-private-window;profilemanager; + +[Desktop Action new-window] +Name=Open a New Window +Exec=zen %u + +[Desktop Action new-private-window] +Name=Open a New Private Window +Exec=zen --private-window %u + +[Desktop Action profilemanager] +Name=Open the Profile Manager +Exec=zen --ProfileManager %u diff --git a/switch.nu b/switch.nu new file mode 100755 index 0000000..ad04a77 --- /dev/null +++ b/switch.nu @@ -0,0 +1,36 @@ +#!/usr/bin/env nu +def "get hostname" [hostname?: string] { $hostname | default (hostname) }; +def --wrapped rebuild [subcmd: string, hostname: string, ...rest] { + nix fmt + git add -A # make sure the goddamn files are added because nix stores won't include unchecked files + if $hostname == (hostname) { + sudo nixos-rebuild --flake $".#(hostname)" --impure $subcmd ...$rest + } else { + let r = echo ...$rest | into string; + nix-shell -p nixos-rebuild --command $"nixos-rebuild --flake .#($hostname) --target-host ($hostname) --use-remote-sudo ($subcmd) ($r)"; + } +}; + +def --wrapped "main switch" [ + --hostname (-h): string, # the hostname of the machine to push to + ...rest +] { + let hostname = (get hostname $hostname); + rebuild switch $hostname ...$rest +} + +def --wrapped "main boot" [ + --restart (-r) # restart after building + --hostname (-h): string, # the hostname of the machine to push to + ...rest +] { + let hostname = (get hostname $hostname); + rebuild boot $hostname ...$rest + if $restart { + ssh $hostname -t "sudo reboot now" + } +} + +def main [] { + main switch -h (hostname) +}