[Tibo-NixTop] Add host

nixos/flake.lock

@@ -25,16 +25,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1747688870,
-        "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d5f1f641b289553927b3801580598d200a501863",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -62,26 +62,26 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1751274312,
-        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
+        "lastModified": 1758589230,
+        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
+        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
         "type": "indirect"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1757745802,
-        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
+        "lastModified": 1758427187,
+        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
+        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
         "type": "github"
       },
       "original": {
@@ -104,11 +104,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1724283233,
-        "narHash": "sha256-XMPn6YHwFOJCGLE9M5F3AEFKA0u+maf8CpIEWmvaQTQ=",
+        "lastModified": 1758594056,
+        "narHash": "sha256-6XyKDRWqBngw1g73e789iyIaw/0VF04ELk/ATtlkTVU=",
         "owner": "ThinkChaos",
         "repo": "openconnect-sso",
-        "rev": "94f1ddfef1662d56ede0a093bcfc3d23156bc1a1",
+        "rev": "2041471efd331d0591d34e122aefb02690fb233a",
         "type": "github"
       },
       "original": {
@@ -174,11 +174,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758007585,
-        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
+        "lastModified": 1758425756,
+        "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
+        "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762",
         "type": "github"
       },
       "original": {
@@ -265,11 +265,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757304371,
-        "narHash": "sha256-EZ3Vwgh5xgXuiPUmr9e1a9dEu3hvEWhRurAKpsAwB2A=",
+        "lastModified": 1758600385,
+        "narHash": "sha256-lRK96/otQ9JAkrjYFkK8sKloujhZ+eS3RFFerMdEKAg=",
         "owner": "youwen5",
         "repo": "zen-browser-flake",
-        "rev": "3968348af022fe88468ef8de4f9683076e2e5e4b",
+        "rev": "8fdac24a43e541c644ea26b48ff886533d367155",
         "type": "github"
       },
       "original": {

nixos/flake.nix

@@ -2,12 +2,12 @@
   description = "System configuration of my machines using flakes";
 
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.11";
+    nixpkgs.url = "nixpkgs/nixos-25.05";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
 
     flake-utils.url = "github:numtide/flake-utils";
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     openconnect-sso = {
@@ -71,11 +71,11 @@
         };
 
         modules = [
-          home-manager.nixosModule
-          sops-nix.nixosModules.sops
-
           ./modules
           ./users
+
+          home-manager.nixosModules.home-manager
+          sops-nix.nixosModules.sops
         ];
       };
 
@@ -83,6 +83,7 @@
         Tibo-NixDesk.modules = [ ./hosts/Tibo-NixDesk ];
         Tibo-NixFat.modules  = [ ./hosts/Tibo-NixFat  ];
         Tibo-NixTest.modules = [ ./hosts/Tibo-NixTest ];
+        Tibo-NixTop.modules  = [ ./hosts/Tibo-NixTop  ];
       };
     };
 }

nixos/hosts/Tibo-NixTop/default.nix

@@ -0,0 +1,193 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  sisyphus = {
+    desktop.hyprland.enable = true;
+
+    hardware = {
+      eid.enable = true;
+      nvidia = {
+        enable = true;
+        model = "Quadro T2000";
+      };
+      yubikey.enable = true;
+    };
+
+    networking = {
+      networkmanager.enable = true;
+      openconnect-sso.enable = true;
+    };
+
+    nix = {
+      flakes.enable = true;
+      gc.onFull.enable = true;
+    };
+
+    programs = {
+      direnv.enable = true;
+      home-manager.enable = true;
+      sops.enable = true;
+      ssh.enable = true;
+    };
+
+    services = {
+      pipewire.enable = true;
+      tailscale.enable = true;
+    };
+
+    users.tdpeuter.enable = true;
+
+    virtualisation = {
+      docker.enable = true;
+      virtualbox.enable = true;
+    };
+  };
+
+  boot = {
+    initrd = {
+      # Use EFI and YubiKey
+      kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
+
+      luks = {
+        # Enable YubiKey PBA
+        yubikeySupport = true;
+        devices."encrypted".yubikey = {
+          slot = 2;
+          twoFactor = false;
+          gracePeriod = 10;
+          keyLength = 64;
+          saltLength = 16;
+          storage.device = "/dev/nvme0n1p1";
+        };
+      };
+    };
+
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    # Use latest kernel.
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = false;
+  };
+
+  programs.zsh.enable = true;
+
+  services = {
+    auto-cpufreq = {
+      enable = true;
+      settings = {
+        battery = {
+          governor = "powersave";
+          turbo = "never";
+        };
+        charger = {
+          governor = "performance";
+          turbo = "auto";
+        };
+      };
+    };
+
+    logind = {
+      # Handle the laptop lid switch as follows:
+      lidSwitch = "hybrid-sleep";
+      lidSwitchExternalPower = "lock";
+      lidSwitchDocked = "ignore";
+
+      # Handle the power key
+      powerKey = "suspend";
+    };
+
+
+    power-profiles-daemon.enable = false;
+
+    thermald.enable = true;
+
+    xserver = {
+      # Keyboard layout
+      xkb = {
+        layout = "us";
+        variant = "altgr-intl";
+      };
+    };
+
+    # Touchpad
+    libinput.enable = true;
+  };
+
+  networking = {
+    hostName = "Tibo-NixTop"; # Define your hostname.
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Brussels";
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_GB.UTF-8"; # LANG
+    extraLocaleSettings.LC_TIME = "nl_BE.UTF-8";
+  };
+
+  console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+    useXkbConfig = true; # use xkb.options in tty.
+  };
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.libinput.enable = true;
+
+  # List packages installed in system profile.
+  # You can use https://search.nixos.org/ to find more packages (and options).
+  environment = {
+    # Enabled to allow installed binaries in ~/.local/bin
+    localBinInPath = true;
+
+    systemPackages = with pkgs; [
+      git
+      vim-full # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      w3m
+      wget
+      zenith-nvidia
+    ];
+  };
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}
+

nixos/hosts/Tibo-NixTop/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e759b10f-7949-4094-9272-d91340dcc5b6";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."encrypted".device = "/dev/disk/by-uuid/2b6586fa-8823-4add-94f3-132aab17b7b8";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/modules/desktop/gnome/default.nix

@@ -6,54 +6,30 @@ in {
   options.sisyphus.desktop.gnome.enable = lib.mkEnableOption "GNOME";
 
   config = lib.mkIf cfg.enable {
-    services.xserver = {
-      enable = true;
+    services = {
+      gnome = {
+        core-apps.enable = false;
+        core-developer-tools.enable = false;
+        core-shell.enable = true;
+      };
 
-      excludePackages = with pkgs; [
-        xterm
-      ];
+      xserver = {
+        enable = true;
 
-      displayManager.gdm.enable = true;
-      desktopManager.gnome.enable = true;
+        excludePackages = with pkgs; [
+          xterm
+        ];
+
+        displayManager.gdm.enable = true;
+        desktopManager.gnome.enable = true;
+
+        videoDrivers = [ "nvidia" ];
+      };
     };
 
     # Start a new instance of application instead of going to that window.
     environment.systemPackages = with pkgs.gnomeExtensions; [
       launch-new-instance
     ];
-
-    # Do not use these packages
-    environment.gnome.excludePackages = (with pkgs; [
-      baobab
-      epiphany          # Web browser
-      evince            # Document viewer
-      gnome-connections # Remote desktop client
-      gnome-console
-      gnome-photos
-      gnome-text-editor
-      gnome-tour
-      loupe             # Image viewer
-      snapshot          # Camera
-    ]) ++ (with pkgs.gnome; [
-      eog               # Image viewer
-      file-roller       # Archive manager
-      geary             # Mail client
-      gedit
-      gnome-calculator
-      gnome-calendar
-      gnome-characters
-      gnome-clocks
-      gnome-contacts
-      gnome-disk-utility
-      gnome-font-viewer
-      gnome-logs
-      gnome-maps
-      gnome-music
-      gnome-system-monitor
-      gnome-weather
-      simple-scan
-      totem             # Movie player
-      yelp              # Help viewer
-    ]);
   };
 }

nixos/modules/desktop/hyprland/default.nix

@@ -23,6 +23,8 @@ in {
         waycorner
         wlsunset
         wl-clipboard # Copying to system clipboard in vim
+        wl-mirror # Mirror an output
+        wdisplays # Tool to configure displays
 
         glib
 
@@ -45,9 +47,9 @@ in {
     };
 
     services = {
+      dbus.enable = true;
       displayManager.ly.enable = true;
       gnome.gnome-keyring.enable = true;
-      power-profiles-daemon.enable = true;
       xserver.videoDrivers = [ "nvidia" ];
     };
   };

nixos/modules/virtualisation/virtualbox/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs-unstable, ... }:
 
 let
   cfg = config.sisyphus.virtualisation.virtualbox;
@@ -11,6 +11,7 @@ in {
         enable = true;
         enableExtensionPack = true;
         enableHardening = true;
+        package = pkgs-unstable.virtualbox;
       };
       guest = {
         enable = true;
@@ -20,6 +21,12 @@ in {
       };
     };
 
+
+    # https://www.virtualbox.org/ticket/22248#comment:1
+    # and
+    # https://github.com/NixOS/nixpkgs/pull/444438
+    boot.kernelParams = [ "kvm.enable_virt_at_load=0" ];
+
     # Define the group
     users.groups.vboxusers = {};
 

nixos/overlays/spotify/default.nix

@@ -9,7 +9,7 @@ final: prev: {
       sha256 = "sha256-UzpHAHpQx2MlmBNKm2turjeVmgp5zXKWm3nZbEo0mYE=";
     };
 
-    cargoHash = "sha256-oHfk68mAIcmOenW7jn71Xpt8hWVDtxyInWhVN2rH+kk=";
+    cargoHash = "sha256-oGpe+kBf6kBboyx/YfbQBt1vvjtXd1n2pOH6FNcbF8M=";
 
     buildInputs = with final; [
       cargo

nixos/users/tdpeuter/dotfiles.nix

@@ -78,14 +78,13 @@ in {
               source = ../../../stow/zellij/.config/zellij;
             };
             ".gnupg" = {
-              enable = false;
-              # inherit (config.programs.gnupg.agent) enable; # TODO Enable Me
+              inherit (config.programs.gnupg.agent) enable;
               source = ../../../stow/gnupg/.gnupg;
               recursive = true;
-#              onChange = ''
-#                chmod 700 /home/tdpeuter/.gnupg
-#                chmod 600 /home/tdpeuter/.gnupg/*
-#              '';
+              onChange = ''
+                chmod 700 /home/tdpeuter/.gnupg
+                # chmod 600 /home/tdpeuter/.gnupg/* # Already read-only?
+              '';
             };
             ".ssh/config" = lib.mkIf config.sisyphus.programs.ssh.enable {
               inherit (config.sisyphus.programs.ssh) enable;
@@ -104,12 +103,10 @@ in {
           }
           (lib.mkIf (config.users.users.tdpeuter.shell == pkgs.zsh) {
             ".oh-my-zsh" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
               source = "${pkgs.oh-my-zsh}/share/oh-my-zsh";
               recursive = true;
             };
             ".oh-my-zsh/themes/tdpeuter.zsh-theme" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
               source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme;
             };
             ".zshrc" = {

nixos/users/tdpeuter/firefox.nix

@@ -14,6 +14,7 @@ in {
         nativeMessagingHosts = with pkgs; [
           tridactyl-native
         ];
+        # https://mozilla.github.io/policy-templates/
         extraPolicies = {
           DisableFirefoxStudies = true;
           DisablePocket = true;
@@ -26,7 +27,20 @@ in {
 
           # https://discourse.nixos.org/t/declare-firefox-extensions-and-settings/36265
           ExtensionSettings = {
-            "amazom@search.mozilla.org".installation_mode = "blocked";
+            "amazon@search.mozilla.org".installation_mode = "blocked";
+            "google@search.mozilla.org".installation_mode = "blocked";
+          };
+
+          # Anything in about:config
+          Preferences = {
+            "browser.newtabpage.activity-stream.showSponsoredCheckboxes" = {
+              Value = false;
+              Status = "locked";
+            };
+            "browser.newtabpage.pinned" = {
+              Value = "[]";
+              Status = "default";
+            };
           };
         };
 
@@ -42,12 +56,24 @@ in {
       ];
 
       profiles.tdpeuter.search= {
-        default = "DuckDuckGo";
+        default = "ddg"; # Reference by id instead of by name
         force = true;
         engines = {
-          "Bing".metaData.hidden = true;
-          "eBay".metaData.hidden = true;
+          "bing".metaData.hidden = true;
+          "ebay".metaData.hidden = true;
 
+          "GitHub" = {
+            urls = [{
+              template = "https://github.com/search";
+              params = [
+                { name = "q"; value = "{searchTerms}"; }
+                { name = "type"; value = "repositories"; }
+              ];
+            }];
+
+            icon = "${pkgs.icosystem}/share/icons/icosystem/scalable/apps/github-mark.svg";
+            definedAliases = [ "@gh" ];
+          };
           "Nix Packages" = {
             urls = [{
               template = "https://search.nixos.org/packages";
@@ -71,18 +97,6 @@ in {
             icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
             definedAliases = [ "@no" ];
           };
-          "GitHub" = {
-            urls = [{
-              template = "https://github.com/search";
-              params = [
-                { name = "q"; value = "{searchTerms}"; }
-                { name = "type"; value = "repositories"; }
-              ];
-            }];
-
-            icon = "${pkgs.icosystem}/share/icons/icosystem/scalable/apps/github-mark.svg";
-            definedAliases = [ "@gh" ];
-          };
         };
       };
     };