nixos/.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &tdpeuter@Tibo-NixFat age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
+
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *tdpeuter@Tibo-NixFat
+

nixos/flake.nix

@@ -19,6 +19,10 @@
         utils.follows = "flake-utils";
       };
     };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+        inputs.nixpkgs.follows = "nixpkgs";
+    };
     utils = {
       url = "github:gytis-ivaskevicius/flake-utils-plus";
       inputs.flake-utils.follows = "flake-utils";
@@ -27,7 +31,7 @@
 
   outputs = inputs@{
     self, nixpkgs,
-    devshell, flake-utils, home-manager, utils,
+    devshell, flake-utils, home-manager, sops-nix, utils,
     ... }:
     let
       system = "x86_64-linux";
@@ -43,11 +47,13 @@
         inherit system;
         modules = [
           home-manager.nixosModule
+          sops-nix.nixosModules.sops
           ./modules
         ];
       };
 
       hosts = {
+        Tibo-NixDesk.modules = [ ./hosts/Tibo-NixDesk ];
         Tibo-NixFat.modules  = [ ./hosts/Tibo-NixFat  ];
         Tibo-NixTest.modules = [ ./hosts/Tibo-NixTest ];
       };

nixos/hosts/Tibo-NixDesk/default.nix

@@ -0,0 +1,79 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../modules/hardware/nvidia
+
+      ../../modules/apps/virtualbox
+      ../../modules/des/gnome
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  # Enable networking
+  networking.hostName = "Tibo-NixDesk"; # Define your hostname.
+  networking.networkmanager.enable = true;
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Brussels";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_GB.utf8";
+
+  # Configure keymap in X11
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+
+}

nixos/hosts/Tibo-NixDesk/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5e4bacff-07fb-4d3a-8ac6-d535c913659b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/4D30-B01D";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/hosts/Tibo-NixFat/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     ./hardware-configuration.nix
+    ../../modules/hardware/nvidia.nix
 
     ../../modules/apps/virtualbox
     ../../modules/des/gnome
@@ -43,10 +44,6 @@
   # };
 
   services.xserver = {
-    enable = true;
-
-    videoDrivers = [ "nvidia" ]; # Also for wayland compositors
-    
     # Configure keymap in X11
     layout = "us";
     xkbVariant = "";
@@ -78,21 +75,6 @@
   # Enable touchpad support (enabled default in most desktopManager).
   services.xserver.libinput.enable = true;
   
-  # NVIDIA drivers
-  hardware = {
-    opengl.enable = true;
-    nvidia = {
-      open = true;
-      #     package = config.boot.kernelPackages.nvidiaPackages.stable;
-      modesetting.enable = true;
-      #     prime = {
-      #         offload.enable = true;
-      #         intelBusId = "PCI::00:02:0";
-      #         nvidiaBusId = "PCI:01:00:0";
-      #     };
-    };
-  };
-  
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
   

nixos/modules/apps/default.nix

@@ -2,6 +2,7 @@
     imports = [
         ./alacritty
         ./firefox
+        ./steam
         ./thunderbird
         # ./virtualbox
     ];

nixos/modules/apps/steam/default.nix

@@ -0,0 +1,8 @@
+{ inputs, lib, config, pkgs, ... }:
+
+{
+  programs.steam = {
+    enable = true;
+  };
+  
+}

nixos/modules/default.nix

@@ -26,6 +26,8 @@
     shell = pkgs.zsh;
   };
 
+  home-manager.useGlobalPkgs = true;
+
   home-manager.users.tdpeuter = { pkgs, ... }: {
     home = {
       username = "tdpeuter";
@@ -60,7 +62,6 @@
 
     programs = {
       home-manager.enable = true;
-            
       direnv = {
         enable = true;
         nix-direnv.enable = true;

nixos/modules/des/gnome/default.nix

@@ -8,14 +8,32 @@
     displayManager.gdm.enable = true;
     desktopManager.gnome.enable = true;
 
+    excludePackages = with pkgs; [
+      xterm
+    ];
   };
 
+  environment.systemPackages = with pkgs; [
+    gnomeExtensions.launch-new-instance
+  ];
+
   environment.gnome.excludePackages = (with pkgs; [
+    epiphany # Web browser
+    gnome-console
     gnome-photos
+    gnome-text-editor
     gnome-tour
-        xterm
   ]) ++ (with pkgs.gnome; [
+    geary # Mail client
     gedit
-        gnome-terminal
+    gnome-calendar
+    gnome-clocks
+    gnome-contacts
+    gnome-maps
+    gnome-music
+    gnome-weather
+    simple-scan
+    totem # Movie player
+    yelp # Help viewer
   ]);
 }

nixos/modules/des/plasma/default.nix

@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.xserver = {
+    enable = true;
+
+    displayManager.sddm = {
+      enable = true;
+      # https://discourse.nixos.org/t/plasma-wayland-session-not-available-from-sddm/13447/2
+      settings.Wayland.SessionDir = "${pkgs.plasma5Packages.plasma-workspace}/share/wayland-sessions";
+    };
+    
+    desktopManager.plasma5 = {
+      enable = true;
+      useQtScaling = true;
+
+      excludePackages = with pkgs.libsForQt5; [
+        elisa
+        okular
+        khelpcenter
+        konsole
+        print-manager
+        plasma-systemmonitor
+        gwenview
+      ];
+    };
+    
+    excludePackages = with pkgs; [
+      xterm
+    ];
+  };
+}

nixos/modules/hardware/nvidia.nix

@@ -0,0 +1,33 @@
+{ inputs, lib, config, pkgs, ... }:
+
+let
+  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
+    export __NV_PRIME_RENDER_OFFLOAD=1
+    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
+    export __GLX_VENDOR_LIBRARY_NAME=nvidia
+    export __VK_LAYER_NV_optimus=NVIDIA_only
+    exec "$@"
+  '';
+in
+{
+  nixpkgs.config.allowUnfree = true;
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware = {
+    opengl.enable = true;
+    nvidia = {
+      open = true;
+      package = config.boot.kernelPackages.nvidiaPackages.stable;
+      modesetting.enable = true;
+    };
+  };
+
+  # Offloading
+  # environment.systemPackages = [ nvidia-offload ];
+  # hardware.nvidia.prime = {
+  #   offload.enable = true;
+  #   intelBusId = "PCI::00:02:0";
+  #   nvidiaBusId = "PCI:01:00:0";
+  # };
+}

nixos/modules/utils/ssh/default.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
+}

nixos/secrets/sops/age/keys.txt

@@ -0,0 +1,3 @@
+# created: 2023-04-11T14:44:53+02:00
+# public key: age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
+AGE-SECRET-KEY-10J7MWCWQQY33TVNMQ9AMH4TH5LULSVAZ539P9QG3NA2Z3LTMXAFS2QQ4NG