+26

configuration.nix

··· 1 1 + { config, ... }: { 2 2 + imports = [ 3 3 + ./hardware-configuration.nix 4 4 + ./networking.nix # generated at runtime by nixos-infect 5 5 + 6 6 + ]; 7 7 + 8 8 + networking.hostName = "focaccia"; 9 9 + 10 10 + #boot.kernelParams = [ "ip=1.2.3.4::1.2.3.1:255.255.255.192:myhostname:enp35s0:off" ]; 11 11 + #networking = { 12 12 + # useDHCP = false; 13 13 + # interfaces."enp35s0" = { 14 14 + # ipv4.addresses = [{ address = "1.2.3.4"; prefixLength = 26; }]; 15 15 + # ipv6.addresses = [{ address = "2a01:xx:xx::1"; prefixLength = 64; }]; 16 16 + # }; 17 17 + # defaultGateway = "1.2.3.1"; 18 18 + # defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; }; 19 19 + #}; 20 20 + 21 21 + networking.firewall.allowedTCPPorts = [8000] ++ config.services.openssh.ports; 22 22 + 23 23 + #services.openssh = { 24 24 + # enable = true; 25 25 + #}; 26 26 + }

+7

flake.nix

··· 58 58 flake = { 59 59 overlays.default = _: packages'; 60 60 61 61 + # Personal computers 61 62 nixosConfigurations.fettuccine = lib.nixosSystem { 62 63 modules = [ ./systems/fettuccine ]; 63 64 inherit specialArgs; ··· 65 66 66 67 nixosConfigurations.pappardelle = lib.nixosSystem { 67 68 modules = [ ./systems/pappardelle ]; 69 69 + inherit specialArgs; 70 70 + }; 71 71 + 72 72 + # Servers 73 73 + nixosConfigurations.focaccia = lib.nixosSystem { 74 74 + modules = [ ./systems/focaccia ]; 68 75 inherit specialArgs; 69 76 }; 70 77

+5 -93

systems/common.nix

··· 1 1 # Common configs for all machines. 2 2 { 3 3 config, 4 4 - pkgs, 5 5 - lib, 6 4 inputs, 7 5 ... 8 6 }: 9 7 { 10 8 imports = [ 11 9 inputs.nixos-generators.nixosModules.all-formats 12 12 - ../users 13 10 ]; 14 11 15 12 system.stateVersion = "25.05"; ··· 47 44 overlays = [ inputs.self.overlays.default ]; 48 45 }; 49 46 50 50 - # Enable building and testing aarch64 packages for Nixpkgs dev 51 51 - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; 52 52 - nix.settings.extra-platforms = [ "aarch64-linux" ]; 53 53 - 54 54 - boot = { 55 55 - loader = { 56 56 - limine = { 57 57 - enable = true; 58 58 - maxGenerations = 10; 59 59 - enrollConfig = true; 60 60 - secureBoot.enable = true; 61 61 - }; 62 62 - efi.canTouchEfiVariables = true; 63 63 - }; 64 64 - 65 65 - # Silence NixOS Stage 1 logs, jump straight into plymouth 66 66 - consoleLogLevel = 0; 67 67 - initrd = { 68 68 - verbose = false; 69 69 - systemd.enable = true; 70 70 - }; 71 71 - plymouth.enable = true; 72 72 - kernelParams = [ 73 73 - "quiet" 74 74 - "plymouth.use-simpledrm" 75 75 - "i915.fastboot=1" 76 76 - ]; 77 77 - 78 78 - tmp.useTmpfs = true; 47 47 + boot.tmp = { 48 48 + cleanOnBoot = true; 49 49 + useTmpfs = true; 79 50 }; 80 51 81 52 # Make Nix use /var/tmp for building, so that 82 53 # large files don't have to live in tmpfs 83 54 systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp"; 84 55 85 85 - # Use native Wayland when possible 86 86 - environment.variables = { 87 87 - # This *should* be enough for most Electron apps 88 88 - ELECTRON_OZONE_PLATFORM_HINT = "auto"; 89 89 - 90 90 - # Apply Nixpkgs-specific flags too 91 91 - NIXOS_OZONE_WL = "1"; 92 92 - 93 93 - # Some SDL 2 apps are very naughty and don't work nicely under Wayland 94 94 - SDL_VIDEODRIVER = "x11"; 95 95 - 96 96 - # SDL 3 should be able to use native Wayland just fine. 97 97 - SDL_VIDEO_DRIVER = "wayland"; 98 98 - }; 99 99 - 100 100 - services = { 101 101 - # Use dbus-broker for higher D-Bus performance 102 102 - dbus.implementation = "broker"; 103 103 - 104 104 - # Some things sadly don't like being in Nixpkgs 105 105 - flatpak.enable = true; 106 106 - 107 107 - # Makes sure auto-mounting disks still work when not using a 108 108 - # traditional desktop environment like GNOME or KDE 109 109 - udisks2.enable = true; 110 110 - 111 111 - # Dynamically adjust performance settings based on load 112 112 - # instead of power-profile-daemon's rigid profiles 113 113 - tlp.enable = true; 114 114 - 115 115 - # Nobody likes PulseAudio in this household 116 116 - pulseaudio.enable = false; 117 117 - 118 118 - pipewire = { 119 119 - enable = true; 120 120 - pulse.enable = true; 121 121 - 122 122 - # Some weird apps still talk to ALSA directly 123 123 - alsa.enable = true; 124 124 - 125 125 - # JACK should only be necessary for some professional audio 126 126 - # software (e.g. DAWs like Ardour or video editing software 127 127 - # like DaVinci Resolve), but we enable it no matter what 128 128 - jack.enable = true; 129 129 - }; 130 130 - }; 131 131 - 132 132 - # Real-time audio software like DAWs are 133 133 - # *crippled* without rtkit 134 134 - security.rtkit.enable = true; 56 56 + # Use dbus-broker for higher D-Bus performance 57 57 + services.dbus.implementation = "broker"; 135 58 136 59 zramSwap = { 137 60 enable = true; 138 61 algorithm = "zstd"; 139 62 }; 140 140 - 141 141 - networking.networkmanager.enable = true; 142 63 143 64 system = { 144 144 - # Thank @luishfonseca for this 145 145 - # https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix 146 146 - activationScripts.diff = { 147 147 - supportsDryActivation = true; 148 148 - text = '' 149 149 - ${lib.getExe pkgs.nvd} --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig" 150 150 - ''; 151 151 - }; 152 152 - 153 65 # thanks to @getchoo 154 66 autoUpgrade = { 155 67 enable = true;

+42

systems/focaccia/default.nix

··· 1 1 + { 2 2 + ... 3 3 + }: 4 4 + { 5 5 + imports = [ 6 6 + ../common.nix 7 7 + ./hardware-configuration.nix 8 8 + ./networking.nix 9 9 + ]; 10 10 + 11 11 + networking.hostName = "focaccia"; 12 12 + networking.domain = ""; 13 13 + 14 14 + users.users.leah = { 15 15 + enable = true; 16 16 + isNormalUser = true; 17 17 + description = "Leah C"; 18 18 + extraGroups = [ 19 19 + "wheel" # 1984 powers 20 20 + ]; 21 21 + home = "/home/leah"; 22 22 + 23 23 + openssh.authorizedKeys.keys = [ 24 24 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz" 25 25 + ]; 26 26 + }; 27 27 + 28 28 + services.openssh = { 29 29 + enable = true; 30 30 + ports = [ 42069 ]; 31 31 + settings.PermitRootLogin = "prohibit-password"; 32 32 + }; 33 33 + 34 34 + programs.mosh = { 35 35 + enable = true; 36 36 + openFirewall = true; 37 37 + }; 38 38 + 39 39 + users.users.root.openssh.authorizedKeys.keys = [ 40 40 + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz'' 41 41 + ]; 42 42 + }

+17

systems/focaccia/hardware-configuration.nix

··· 1 1 + { modulesPath, ... }: 2 2 + { 3 3 + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 4 4 + boot.loader.grub.device = "/dev/sda"; 5 5 + boot.initrd.availableKernelModules = [ 6 6 + "ata_piix" 7 7 + "uhci_hcd" 8 8 + "xen_blkfront" 9 9 + "vmw_pvscsi" 10 10 + ]; 11 11 + boot.initrd.kernelModules = [ "nvme" ]; 12 12 + fileSystems."/" = { 13 13 + device = "/dev/sda1"; 14 14 + fsType = "ext4"; 15 15 + }; 16 16 + nixpkgs.hostPlatform = "x86_64-linux"; 17 17 + }

+54

systems/focaccia/networking.nix

··· 1 1 + { lib, ... }: 2 2 + { 3 3 + # This file was populated at runtime with the networking 4 4 + # details gathered from the active system. 5 5 + networking = { 6 6 + nameservers = [ 7 7 + "8.8.8.8" 8 8 + ]; 9 9 + defaultGateway = "172.31.1.1"; 10 10 + defaultGateway6 = { 11 11 + address = "fe80::1"; 12 12 + interface = "eth0"; 13 13 + }; 14 14 + dhcpcd.enable = false; 15 15 + usePredictableInterfaceNames = lib.mkForce false; 16 16 + interfaces = { 17 17 + eth0 = { 18 18 + ipv4.addresses = [ 19 19 + { 20 20 + address = "91.98.165.5"; 21 21 + prefixLength = 32; 22 22 + } 23 23 + ]; 24 24 + ipv6.addresses = [ 25 25 + { 26 26 + address = "2a01:4f8:1c1a:7e40::1"; 27 27 + prefixLength = 64; 28 28 + } 29 29 + { 30 30 + address = "fe80::9000:6ff:fe7e:385d"; 31 31 + prefixLength = 64; 32 32 + } 33 33 + ]; 34 34 + ipv4.routes = [ 35 35 + { 36 36 + address = "172.31.1.1"; 37 37 + prefixLength = 32; 38 38 + } 39 39 + ]; 40 40 + ipv6.routes = [ 41 41 + { 42 42 + address = "fe80::1"; 43 43 + prefixLength = 128; 44 44 + } 45 45 + ]; 46 46 + }; 47 47 + 48 48 + }; 49 49 + }; 50 50 + services.udev.extraRules = '' 51 51 + ATTR{address}=="92:00:06:7e:38:5d", NAME="eth0" 52 52 + 53 53 + ''; 54 54 + }

+94 -1

systems/laptop.nix

··· 1 1 # Laptop configuration for when I'm on the move 2 2 { 3 3 + lib, 3 4 pkgs, 4 5 ... 5 6 }: 6 7 { 7 8 imports = [ 8 9 ./common.nix 10 10 + ../users 9 11 ]; 10 12 11 11 - boot.kernelPackages = pkgs.linuxPackages_xanmod_latest; 13 13 + # Enable building and testing aarch64 packages for Nixpkgs dev 14 14 + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; 15 15 + nix.settings.extra-platforms = [ "aarch64-linux" ]; 16 16 + 17 17 + boot = { 18 18 + kernelPackages = pkgs.linuxPackages_xanmod_latest; 19 19 + 20 20 + loader = { 21 21 + limine = { 22 22 + enable = true; 23 23 + maxGenerations = 10; 24 24 + enrollConfig = true; 25 25 + secureBoot.enable = true; 26 26 + }; 27 27 + efi.canTouchEfiVariables = true; 28 28 + }; 29 29 + 30 30 + # Silence NixOS Stage 1 logs, jump straight into plymouth 31 31 + consoleLogLevel = 0; 32 32 + initrd = { 33 33 + verbose = false; 34 34 + systemd.enable = true; 35 35 + }; 36 36 + plymouth.enable = true; 37 37 + kernelParams = [ 38 38 + "quiet" 39 39 + "plymouth.use-simpledrm" 40 40 + "i915.fastboot=1" 41 41 + ]; 42 42 + }; 43 43 + 44 44 + services = { 45 45 + # Some things sadly don't like being in Nixpkgs 46 46 + flatpak.enable = true; 47 47 + 48 48 + # Makes sure auto-mounting disks still work when not using a 49 49 + # traditional desktop environment like GNOME or KDE 50 50 + udisks2.enable = true; 51 51 + 52 52 + # Dynamically adjust performance settings based on load 53 53 + # instead of power-profile-daemon's rigid profiles 54 54 + tlp.enable = true; 55 55 + 56 56 + # Nobody likes PulseAudio in this household 57 57 + pulseaudio.enable = false; 58 58 + 59 59 + pipewire = { 60 60 + enable = true; 61 61 + pulse.enable = true; 62 62 + 63 63 + # Some weird apps still talk to ALSA directly 64 64 + alsa.enable = true; 65 65 + 66 66 + # JACK should only be necessary for some professional audio 67 67 + # software (e.g. DAWs like Ardour or video editing software 68 68 + # like DaVinci Resolve), but we enable it no matter what 69 69 + jack.enable = true; 70 70 + }; 71 71 + }; 72 72 + 73 73 + # Real-time audio software like DAWs are 74 74 + # *crippled* without rtkit 75 75 + security.rtkit.enable = true; 76 76 + 77 77 + # Use native Wayland when possible 78 78 + environment.variables = { 79 79 + # This *should* be enough for most Electron apps 80 80 + ELECTRON_OZONE_PLATFORM_HINT = "auto"; 81 81 + 82 82 + # Apply Nixpkgs-specific flags too 83 83 + NIXOS_OZONE_WL = "1"; 84 84 + 85 85 + # Some SDL 2 apps are very naughty and don't work nicely under Wayland 86 86 + SDL_VIDEODRIVER = "x11"; 87 87 + 88 88 + # SDL 3 should be able to use native Wayland just fine. 89 89 + SDL_VIDEO_DRIVER = "wayland"; 90 90 + }; 91 91 + 92 92 + networking.networkmanager.enable = true; 12 93 13 94 # Allow GPU usage monitoring utilities like `intel_gpu_top` 14 95 # to function without superuser access ··· 16 97 17 98 # Update the system timezone according to physical location 18 99 systemd.services.automatic-timezoned.enable = true; 100 100 + 101 101 + # Show a pretty diff 102 102 + system = { 103 103 + # Thank @luishfonseca for this 104 104 + # https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix 105 105 + activationScripts.diff = { 106 106 + supportsDryActivation = true; 107 107 + text = '' 108 108 + ${lib.getExe pkgs.nvd} --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig" 109 109 + ''; 110 110 + }; 111 111 + }; 19 112 20 113 specialisation.china.configuration = { 21 114 # cache.nixos.org is *unbearably* slow when accessed from Mainland China.