diff --git a/nixos/flake.lock b/nixos/flake.lock index 38320cc..b82d463 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -25,16 +25,16 @@ ] }, "locked": { - "lastModified": 1747688870, - "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5f1f641b289553927b3801580598d200a501863", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -62,26 +62,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751274312, - "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "lastModified": 1758589230, + "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -104,11 +104,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724283233, - "narHash": "sha256-XMPn6YHwFOJCGLE9M5F3AEFKA0u+maf8CpIEWmvaQTQ=", + "lastModified": 1758594056, + "narHash": "sha256-6XyKDRWqBngw1g73e789iyIaw/0VF04ELk/ATtlkTVU=", "owner": "ThinkChaos", "repo": "openconnect-sso", - "rev": "94f1ddfef1662d56ede0a093bcfc3d23156bc1a1", + "rev": "2041471efd331d0591d34e122aefb02690fb233a", "type": "github" }, "original": { @@ -174,11 +174,11 @@ ] }, "locked": { - "lastModified": 1758007585, - "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -265,11 +265,11 @@ ] }, "locked": { - "lastModified": 1757304371, - "narHash": "sha256-EZ3Vwgh5xgXuiPUmr9e1a9dEu3hvEWhRurAKpsAwB2A=", + "lastModified": 1758600385, + "narHash": "sha256-lRK96/otQ9JAkrjYFkK8sKloujhZ+eS3RFFerMdEKAg=", "owner": "youwen5", "repo": "zen-browser-flake", - "rev": "3968348af022fe88468ef8de4f9683076e2e5e4b", + "rev": "8fdac24a43e541c644ea26b48ff886533d367155", "type": "github" }, "original": { diff --git a/nixos/flake.nix b/nixos/flake.nix index 80814dc..60e1025 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -2,12 +2,12 @@ description = "System configuration of my machines using flakes"; inputs = { - nixpkgs.url = "nixpkgs/nixos-24.11"; + nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; openconnect-sso = { @@ -71,11 +71,11 @@ }; modules = [ - home-manager.nixosModule - sops-nix.nixosModules.sops - ./modules ./users + + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops ]; }; @@ -83,6 +83,7 @@ Tibo-NixDesk.modules = [ ./hosts/Tibo-NixDesk ]; Tibo-NixFat.modules = [ ./hosts/Tibo-NixFat ]; Tibo-NixTest.modules = [ ./hosts/Tibo-NixTest ]; + Tibo-NixTop.modules = [ ./hosts/Tibo-NixTop ]; }; }; } diff --git a/nixos/hosts/Tibo-NixTop/default.nix b/nixos/hosts/Tibo-NixTop/default.nix new file mode 100644 index 0000000..5de8df4 --- /dev/null +++ b/nixos/hosts/Tibo-NixTop/default.nix @@ -0,0 +1,193 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + sisyphus = { + desktop.hyprland.enable = true; + + hardware = { + eid.enable = true; + nvidia = { + enable = true; + model = "Quadro T2000"; + }; + yubikey.enable = true; + }; + + networking = { + networkmanager.enable = true; + openconnect-sso.enable = true; + }; + + nix = { + flakes.enable = true; + gc.onFull.enable = true; + }; + + programs = { + direnv.enable = true; + home-manager.enable = true; + sops.enable = true; + ssh.enable = true; + }; + + services = { + pipewire.enable = true; + tailscale.enable = true; + }; + + users.tdpeuter.enable = true; + + virtualisation = { + docker.enable = true; + virtualbox.enable = true; + }; + }; + + boot = { + initrd = { + # Use EFI and YubiKey + kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ]; + + luks = { + # Enable YubiKey PBA + yubikeySupport = true; + devices."encrypted".yubikey = { + slot = 2; + twoFactor = false; + gracePeriod = 10; + keyLength = 64; + saltLength = 16; + storage.device = "/dev/nvme0n1p1"; + }; + }; + }; + + loader = { + # Use the systemd-boot EFI boot loader. + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Use latest kernel. + kernelPackages = pkgs.linuxPackages_latest; + }; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; + + programs.zsh.enable = true; + + services = { + auto-cpufreq = { + enable = true; + settings = { + battery = { + governor = "powersave"; + turbo = "never"; + }; + charger = { + governor = "performance"; + turbo = "auto"; + }; + }; + }; + + logind = { + # Handle the laptop lid switch as follows: + lidSwitch = "hybrid-sleep"; + lidSwitchExternalPower = "lock"; + lidSwitchDocked = "ignore"; + + # Handle the power key + powerKey = "suspend"; + }; + + + power-profiles-daemon.enable = false; + + thermald.enable = true; + + xserver = { + # Keyboard layout + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + + # Touchpad + libinput.enable = true; + }; + + networking = { + hostName = "Tibo-NixTop"; # Define your hostname. + }; + + # Set your time zone. + time.timeZone = "Europe/Brussels"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_GB.UTF-8"; # LANG + extraLocaleSettings.LC_TIME = "nl_BE.UTF-8"; + }; + + console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + useXkbConfig = true; # use xkb.options in tty. + }; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment = { + # Enabled to allow installed binaries in ~/.local/bin + localBinInPath = true; + + systemPackages = with pkgs; [ + git + vim-full # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + w3m + wget + zenith-nvidia + ]; + }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} + diff --git a/nixos/hosts/Tibo-NixTop/hardware-configuration.nix b/nixos/hosts/Tibo-NixTop/hardware-configuration.nix new file mode 100644 index 0000000..ac27dba --- /dev/null +++ b/nixos/hosts/Tibo-NixTop/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e759b10f-7949-4094-9272-d91340dcc5b6"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."encrypted".device = "/dev/disk/by-uuid/2b6586fa-8823-4add-94f3-132aab17b7b8"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/12CE-A600"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/modules/desktop/gnome/default.nix b/nixos/modules/desktop/gnome/default.nix index e522780..2ce218c 100644 --- a/nixos/modules/desktop/gnome/default.nix +++ b/nixos/modules/desktop/gnome/default.nix @@ -6,54 +6,30 @@ in { options.sisyphus.desktop.gnome.enable = lib.mkEnableOption "GNOME"; config = lib.mkIf cfg.enable { - services.xserver = { - enable = true; + services = { + gnome = { + core-apps.enable = false; + core-developer-tools.enable = false; + core-shell.enable = true; + }; - excludePackages = with pkgs; [ - xterm - ]; + xserver = { + enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; + excludePackages = with pkgs; [ + xterm + ]; + + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + + videoDrivers = [ "nvidia" ]; + }; }; # Start a new instance of application instead of going to that window. environment.systemPackages = with pkgs.gnomeExtensions; [ launch-new-instance ]; - - # Do not use these packages - environment.gnome.excludePackages = (with pkgs; [ - baobab - epiphany # Web browser - evince # Document viewer - gnome-connections # Remote desktop client - gnome-console - gnome-photos - gnome-text-editor - gnome-tour - loupe # Image viewer - snapshot # Camera - ]) ++ (with pkgs.gnome; [ - eog # Image viewer - file-roller # Archive manager - geary # Mail client - gedit - gnome-calculator - gnome-calendar - gnome-characters - gnome-clocks - gnome-contacts - gnome-disk-utility - gnome-font-viewer - gnome-logs - gnome-maps - gnome-music - gnome-system-monitor - gnome-weather - simple-scan - totem # Movie player - yelp # Help viewer - ]); }; } diff --git a/nixos/modules/desktop/hyprland/default.nix b/nixos/modules/desktop/hyprland/default.nix index f4ee140..73ace5d 100644 --- a/nixos/modules/desktop/hyprland/default.nix +++ b/nixos/modules/desktop/hyprland/default.nix @@ -23,6 +23,8 @@ in { waycorner wlsunset wl-clipboard # Copying to system clipboard in vim + wl-mirror # Mirror an output + wdisplays # Tool to configure displays glib @@ -45,9 +47,9 @@ in { }; services = { + dbus.enable = true; displayManager.ly.enable = true; gnome.gnome-keyring.enable = true; - power-profiles-daemon.enable = true; xserver.videoDrivers = [ "nvidia" ]; }; }; diff --git a/nixos/modules/virtualisation/virtualbox/default.nix b/nixos/modules/virtualisation/virtualbox/default.nix index a86ada5..4d5ee2c 100644 --- a/nixos/modules/virtualisation/virtualbox/default.nix +++ b/nixos/modules/virtualisation/virtualbox/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs-unstable, ... }: let cfg = config.sisyphus.virtualisation.virtualbox; @@ -11,6 +11,7 @@ in { enable = true; enableExtensionPack = true; enableHardening = true; + package = pkgs-unstable.virtualbox; }; guest = { enable = true; @@ -20,6 +21,12 @@ in { }; }; + + # https://www.virtualbox.org/ticket/22248#comment:1 + # and + # https://github.com/NixOS/nixpkgs/pull/444438 + boot.kernelParams = [ "kvm.enable_virt_at_load=0" ]; + # Define the group users.groups.vboxusers = {}; diff --git a/nixos/overlays/spotify/default.nix b/nixos/overlays/spotify/default.nix index fc77396..84be4da 100644 --- a/nixos/overlays/spotify/default.nix +++ b/nixos/overlays/spotify/default.nix @@ -9,7 +9,7 @@ final: prev: { sha256 = "sha256-UzpHAHpQx2MlmBNKm2turjeVmgp5zXKWm3nZbEo0mYE="; }; - cargoHash = "sha256-oHfk68mAIcmOenW7jn71Xpt8hWVDtxyInWhVN2rH+kk="; + cargoHash = "sha256-oGpe+kBf6kBboyx/YfbQBt1vvjtXd1n2pOH6FNcbF8M="; buildInputs = with final; [ cargo diff --git a/nixos/users/tdpeuter/dotfiles.nix b/nixos/users/tdpeuter/dotfiles.nix index d56b93e..53d0e4d 100644 --- a/nixos/users/tdpeuter/dotfiles.nix +++ b/nixos/users/tdpeuter/dotfiles.nix @@ -78,14 +78,13 @@ in { source = ../../../stow/zellij/.config/zellij; }; ".gnupg" = { - enable = false; - # inherit (config.programs.gnupg.agent) enable; # TODO Enable Me + inherit (config.programs.gnupg.agent) enable; source = ../../../stow/gnupg/.gnupg; recursive = true; -# onChange = '' -# chmod 700 /home/tdpeuter/.gnupg -# chmod 600 /home/tdpeuter/.gnupg/* -# ''; + onChange = '' + chmod 700 /home/tdpeuter/.gnupg + # chmod 600 /home/tdpeuter/.gnupg/* # Already read-only? + ''; }; ".ssh/config" = lib.mkIf config.sisyphus.programs.ssh.enable { inherit (config.sisyphus.programs.ssh) enable; @@ -104,12 +103,10 @@ in { } (lib.mkIf (config.users.users.tdpeuter.shell == pkgs.zsh) { ".oh-my-zsh" = { - enable = config.users.users.tdpeuter.shell == pkgs.zsh; source = "${pkgs.oh-my-zsh}/share/oh-my-zsh"; recursive = true; }; ".oh-my-zsh/themes/tdpeuter.zsh-theme" = { - enable = config.users.users.tdpeuter.shell == pkgs.zsh; source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme; }; ".zshrc" = { diff --git a/nixos/users/tdpeuter/firefox.nix b/nixos/users/tdpeuter/firefox.nix index b24a25b..09cd1d6 100644 --- a/nixos/users/tdpeuter/firefox.nix +++ b/nixos/users/tdpeuter/firefox.nix @@ -14,6 +14,7 @@ in { nativeMessagingHosts = with pkgs; [ tridactyl-native ]; + # https://mozilla.github.io/policy-templates/ extraPolicies = { DisableFirefoxStudies = true; DisablePocket = true; @@ -26,7 +27,20 @@ in { # https://discourse.nixos.org/t/declare-firefox-extensions-and-settings/36265 ExtensionSettings = { - "amazom@search.mozilla.org".installation_mode = "blocked"; + "amazon@search.mozilla.org".installation_mode = "blocked"; + "google@search.mozilla.org".installation_mode = "blocked"; + }; + + # Anything in about:config + Preferences = { + "browser.newtabpage.activity-stream.showSponsoredCheckboxes" = { + Value = false; + Status = "locked"; + }; + "browser.newtabpage.pinned" = { + Value = "[]"; + Status = "default"; + }; }; }; @@ -42,12 +56,24 @@ in { ]; profiles.tdpeuter.search= { - default = "DuckDuckGo"; + default = "ddg"; # Reference by id instead of by name force = true; engines = { - "Bing".metaData.hidden = true; - "eBay".metaData.hidden = true; + "bing".metaData.hidden = true; + "ebay".metaData.hidden = true; + "GitHub" = { + urls = [{ + template = "https://github.com/search"; + params = [ + { name = "q"; value = "{searchTerms}"; } + { name = "type"; value = "repositories"; } + ]; + }]; + + icon = "${pkgs.icosystem}/share/icons/icosystem/scalable/apps/github-mark.svg"; + definedAliases = [ "@gh" ]; + }; "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; @@ -71,18 +97,6 @@ in { icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; - "GitHub" = { - urls = [{ - template = "https://github.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - { name = "type"; value = "repositories"; } - ]; - }]; - - icon = "${pkgs.icosystem}/share/icons/icosystem/scalable/apps/github-mark.svg"; - definedAliases = [ "@gh" ]; - }; }; }; };