+2

README.md

··· 1 1 + # nix 2 2 + various config files for my nix machine, released under 0BSD

+45

boot.nix

··· 1 1 + { lib, pkgs, ... }: 2 2 + let 3 3 + sources = import ./lon.nix; 4 4 + lanzaboote = import sources.lanzaboote { 5 5 + inherit pkgs; 6 6 + }; 7 7 + in 8 8 + { 9 9 + imports = [ 10 10 + lanzaboote.nixosModules.lanzaboote 11 11 + ]; 12 12 + 13 13 + boot = { 14 14 + kernel.sysctl."net.ipv4.ip_forward" = 1; 15 15 + 16 16 + loader.efi.canTouchEfiVariables = true; 17 17 + loader.systemd-boot.enable = lib.mkForce false; 18 18 + loader.systemd-boot.consoleMode = "auto"; 19 19 + loader.systemd-boot.edk2-uefi-shell.enable = true; 20 20 + loader.systemd-boot.configurationLimit = 3; 21 21 + 22 22 + lanzaboote = { 23 23 + enable = true; 24 24 + pkiBundle = "/var/lib/sbctl"; 25 25 + }; 26 26 + 27 27 + plymouth = { 28 28 + enable = true; 29 29 + theme = "breeze"; 30 30 + }; 31 31 + 32 32 + consoleLogLevel = 3; 33 33 + initrd.verbose = false; 34 34 + kernelParams = [ 35 35 + "quiet" 36 36 + "splash" 37 37 + "boot.shell_on_fail" 38 38 + "udev.log_priority=3" 39 39 + "rd.systemd.show_status=auto" 40 40 + ]; 41 41 + loader.timeout = 0; 42 42 + }; 43 43 + 44 44 + system.nixos.label = "NixOS"; 45 45 + }

+72

configuration.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + { 8 8 + imports = [ 9 9 + <home-manager/nixos> 10 10 + 11 11 + ./boot.nix 12 12 + ./hardware-configuration.nix 13 13 + ./nvidia.nix 14 14 + ./plasma.nix 15 15 + ./user.nix 16 16 + 17 17 + ./services/fwupd.nix 18 18 + ./services/tailscale.nix 19 19 + ]; 20 20 + 21 21 + nix.settings = { 22 22 + experimental-features = [ 23 23 + "nix-command" 24 24 + "flakes" 25 25 + ]; 26 26 + }; 27 27 + 28 28 + environment.variables.EDITOR = "nano"; 29 29 + 30 30 + system.stateVersion = "25.05"; 31 31 + system.copySystemConfiguration = true; 32 32 + 33 33 + networking.hostName = "racketeer"; 34 34 + networking.networkmanager.enable = true; 35 35 + networking.firewall.enable = false; 36 36 + 37 37 + time.timeZone = "America/Toronto"; 38 38 + i18n.defaultLocale = "en_US.UTF-8"; 39 39 + 40 40 + # console = { 41 41 + # font = "Lat2-Terminus16"; 42 42 + # keyMap = "us"; 43 43 + # useXkbConfig = true; 44 44 + # }; 45 45 + 46 46 + services.printing.enable = true; 47 47 + services.pipewire = { 48 48 + enable = true; 49 49 + pulse.enable = true; 50 50 + }; 51 51 + services.openssh.enable = true; 52 52 + 53 53 + environment.systemPackages = with pkgs; [ 54 54 + fastfetch 55 55 + hyfetch 56 56 + lon 57 57 + sbctl 58 58 + vim 59 59 + wget 60 60 + ]; 61 61 + 62 62 + programs.mtr.enable = true; 63 63 + programs.gnupg.agent = { 64 64 + enable = true; 65 65 + enableSSHSupport = true; 66 66 + }; 67 67 + 68 68 + security.sudo = { 69 69 + enable = true; 70 70 + wheelNeedsPassword = false; 71 71 + }; 72 72 + }

+61

hardware-configuration.nix

··· 1 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 + # and may be overwritten by future invocations. Please make changes 3 3 + # to /etc/nixos/configuration.nix instead. 4 4 + { 5 5 + config, 6 6 + lib, 7 7 + pkgs, 8 8 + modulesPath, 9 9 + ... 10 10 + }: 11 11 + 12 12 + { 13 13 + imports = [ 14 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 15 + ]; 16 16 + 17 17 + boot.initrd.availableKernelModules = [ 18 18 + "nvme" 19 19 + "xhci_pci" 20 20 + "ahci" 21 21 + "usb_storage" 22 22 + "uas" 23 23 + "usbhid" 24 24 + "sd_mod" 25 25 + ]; 26 26 + boot.initrd.kernelModules = [ ]; 27 27 + boot.kernelModules = [ "kvm-amd" ]; 28 28 + boot.extraModulePackages = [ ]; 29 29 + 30 30 + fileSystems."/" = { 31 31 + device = "/dev/disk/by-uuid/3874f70a-b479-4abe-943a-89ad34ad70c4"; 32 32 + fsType = "btrfs"; 33 33 + }; 34 34 + 35 35 + fileSystems."/boot" = { 36 36 + device = "/dev/disk/by-uuid/0C2B-5B30"; 37 37 + fsType = "vfat"; 38 38 + options = [ 39 39 + "fmask=0077" 40 40 + "dmask=0077" 41 41 + ]; 42 42 + }; 43 43 + 44 44 + swapDevices = [ 45 45 + { 46 46 + device = "/dev/disk/by-partuuid/d52b45b2-61e0-8641-921a-47bc74fbc2f3"; 47 47 + randomEncryption.enable = lib.mkDefault true; 48 48 + } 49 49 + ]; 50 50 + 51 51 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 52 52 + # (the default) this is the recommended approach. When using systemd-networkd it's 53 53 + # still possible to use this option, but it's recommended to use it in conjunction 54 54 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 55 55 + networking.useDHCP = lib.mkDefault true; 56 56 + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 57 57 + # networking.interfaces.wlp34s0.useDHCP = lib.mkDefault true; 58 58 + 59 59 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 60 60 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 61 61 + }

+16

lon.lock

··· 1 1 + { 2 2 + "version": "1", 3 3 + "sources": { 4 4 + "lanzaboote": { 5 5 + "type": "GitHub", 6 6 + "fetchType": "tarball", 7 7 + "frozen": true, 8 8 + "owner": "nix-community", 9 9 + "repo": "lanzaboote", 10 10 + "branch": "master", 11 11 + "revision": "v1.0.0", 12 12 + "url": "https://github.com/nix-community/lanzaboote/archive/v1.0.0.tar.gz", 13 13 + "hash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=" 14 14 + } 15 15 + } 16 16 + }

+53

lon.nix

··· 1 1 + # Generated by lon. Do not modify! 2 2 + let 3 3 + 4 4 + lock = builtins.fromJSON (builtins.readFile ./lon.lock); 5 5 + 6 6 + # Override with a path defined in an environment variable. If no variable is 7 7 + # set, the original path is used. 8 8 + overrideFromEnv = 9 9 + name: path: 10 10 + let 11 11 + replacement = builtins.getEnv "LON_OVERRIDE_${name}"; 12 12 + in 13 13 + if replacement == "" then 14 14 + path 15 15 + else 16 16 + # this turns the string into an actual Nix path (for both absolute and 17 17 + # relative paths) 18 18 + if builtins.substring 0 1 replacement == "/" then 19 19 + /. + replacement 20 20 + else 21 21 + /. + builtins.getEnv "PWD" + "/${replacement}"; 22 22 + 23 23 + fetchSource = 24 24 + args@{ fetchType, ... }: 25 25 + if fetchType == "git" then 26 26 + builtins.fetchGit ( 27 27 + { 28 28 + url = args.url; 29 29 + ref = args.branch; 30 30 + rev = args.revision; 31 31 + narHash = args.hash; 32 32 + submodules = args.submodules; 33 33 + } 34 34 + // ( 35 35 + if args ? lastModified then 36 36 + { 37 37 + inherit (args) lastModified; 38 38 + shallow = true; 39 39 + } 40 40 + else 41 41 + { } 42 42 + ) 43 43 + ) 44 44 + else if fetchType == "tarball" then 45 45 + builtins.fetchTarball { 46 46 + url = args.url; 47 47 + sha256 = args.hash; 48 48 + } 49 49 + else 50 50 + builtins.throw "Unsupported source type ${fetchType}"; 51 51 + 52 52 + in 53 53 + builtins.mapAttrs (name: args: overrideFromEnv name (fetchSource args)) lock.sources

+28

nvidia.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + { 8 8 + nixpkgs.config = { 9 9 + allowUnfree = true; 10 10 + allowUnfreePredicate = (_: true); 11 11 + }; 12 12 + 13 13 + hardware.graphics = { 14 14 + enable = true; 15 15 + }; 16 16 + 17 17 + services.xserver.videoDrivers = [ "nvidia" ]; 18 18 + 19 19 + hardware.nvidia = { 20 20 + modesetting.enable = true; 21 21 + powerManagement.enable = false; # bs bug 22 22 + powerManagement.finegrained = false; 23 23 + open = true; 24 24 + nvidiaSettings = true; 25 25 + package = config.boot.kernelPackages.nvidiaPackages.stable; 26 26 + }; 27 27 + 28 28 + }

+25

plasma.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + { 8 8 + services.xserver.enable = true; 9 9 + services.desktopManager.plasma6.enable = true; 10 10 + services.displayManager.sddm.enable = true; 11 11 + 12 12 + fonts.fontconfig.useEmbeddedBitmaps = true; 13 13 + 14 14 + fonts.packages = with pkgs; [ 15 15 + corefonts 16 16 + dejavu_fonts 17 17 + liberation_ttf 18 18 + nerd-fonts.jetbrains-mono 19 19 + noto-fonts 20 20 + noto-fonts-color-emoji 21 21 + twitter-color-emoji 22 22 + ubuntu-sans 23 23 + vista-fonts 24 24 + ]; 25 25 + }

+3

services/fwupd.nix

··· 1 1 + { 2 2 + services.fwupd.enable = true; 3 3 + }

+4

services/tailscale.nix

··· 1 1 + { 2 2 + services.tailscale.enable = true; 3 3 + services.tailscale.useRoutingFeatures = "both"; 4 4 + }

+62

user.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + { 8 8 + users.users.penny = { 9 9 + isNormalUser = true; 10 10 + extraGroups = [ 11 11 + "wheel" 12 12 + "networkmanager" 13 13 + ]; 14 14 + packages = with pkgs; [ 15 15 + tree 16 16 + ]; 17 17 + }; 18 18 + 19 19 + programs.firefox = { 20 20 + enable = true; 21 21 + }; 22 22 + 23 23 + programs.git = { 24 24 + enable = true; 25 25 + config = { 26 26 + user.name = "penny"; 27 27 + user.email = "penny@hexmani.ac"; 28 28 + init = { 29 29 + defaultBranch = "main"; 30 30 + }; 31 31 + }; 32 32 + }; 33 33 + 34 34 + home-manager.useUserPackages = true; 35 35 + home-manager.users.penny = 36 36 + { pkgs, ... }: 37 37 + { 38 38 + nixpkgs.config = { 39 39 + allowUnfree = true; 40 40 + allowUnfreePredicate = (_: true); 41 41 + }; 42 42 + 43 43 + home.packages = with pkgs; [ 44 44 + cider-2 45 45 + discord 46 46 + elixir 47 47 + elixir-ls 48 48 + ghostty 49 49 + gleam 50 50 + jetbrains-toolbox 51 51 + nil 52 52 + nixd 53 53 + plex-desktop 54 54 + plexamp 55 55 + vencord 56 56 + vscodium 57 57 + zed-editor 58 58 + ]; 59 59 + 60 60 + home.stateVersion = "25.11"; 61 61 + }; 62 62 + }