initial commit

os/configuration.nix

@@ -0,0 +1,128 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  nix = {
+    package = pkgs.nixFlakes;
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+
+  nixpkgs.config.allowUnfree = true;
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  #  networking.hostName = "nixos";
+  #  networking.networkmanager.enable = true;
+
+  #  time.timeZone = "Europe/Zurich";
+  #  i18n.defaultLocale = "en_US.UTF-8";
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+
+  # xserver
+  # services.xserver = {
+  #   enable = true;
+  #   layout = "ch";
+  #   xkbVariant = "";
+  #   # Enable the KDE Plasma Desktop Environment.
+  #   displayManager.sddm.enable = true;
+  #   desktopManager.plasma5.enable = true;
+  # };
+  # Configure console keymap
+  #console.keyMap = "sg";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = false;
+  # security.rtkit.enable = true;
+  # services.pipewire = {
+  #   enable = true;
+  #   alsa.enable = true;
+  #   alsa.support32Bit = true;
+  #   pulse.enable = true;
+  #   # If you want to use JACK applications, uncomment this
+  #   #jack.enable = true;
+
+  #   # use the example session manager (no others are packaged yet so this is enabled by default,
+  #   # no need to redefine it in your config for now)
+  #   #media-session.enable = true;
+  # };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  #  users.users.master = {
+  #    isNormalUser = true;
+  #    description = "master";
+  #    extraGroups = [ "networkmanager" "wheel" ];
+  #    packages = with pkgs; [
+  #      kate
+  #    ];
+  #  };
+
+  # Allow unfree packages
+  #nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  #  environment.systemPackages = with pkgs; [
+  #    fd
+  #    fzf
+  #    ripgrep
+  #    jq
+  #    git
+  #    pinentry
+  #    vim
+  #    gcc
+  #    unzip
+  #    wget
+  #    plasma5Packages.bismuth
+  #    kdeconnect
+  #    firefox
+  #    thunderbird
+  #    remmina
+  #  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+  # networking.firewall = {
+  #   enable = true;
+  #   allowedTCPPortRanges = [
+  #     { from = 1714; to = 1764; } # KDE Connect
+  #   ];
+  #   allowedUDPPortRanges = [
+  #     { from = 1714; to = 1764; } # KDE Connect
+  #   ];
+  # };
+
+}

os/flake.lock

@@ -0,0 +1,49 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1687871164,
+        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1688109178,
+        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

os/flake.nix

@@ -0,0 +1,29 @@
+{
+  description = "flake for nixos";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    home-manager.url = "github:nix-community/home-manager/release-23.05";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager }: {
+    nixosConfigurations = {
+      nixos = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          home-manager.nixosModules.home-manager
+          ./configuration.nix
+          ./system/i18n.nix
+          ./system/network.nix
+          ./system/sound.nix
+          ./system/xserver.nix
+          ./system/virtualisation.nix
+          ./system/packages.nix
+          ./users/demo.nix
+          ./users/master.nix
+        ];
+      };
+    };
+  };
+}

os/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/6ee375f9-a8ab-4160-b2d7-99678ed98ada";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/3354-0135";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/a9ace4f2-ac01-41fa-9be9-67f9cc1fad34"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

os/system/i18n.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+
+  time.timeZone = "Europe/Zurich";
+  i18n.defaultLocale = "en_US.UTF-8";
+  console.keyMap = "sg";
+}

os/system/network.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }: {
+
+  networking = {
+
+    hostName = "nixos";
+    networkmanager.enable = true;
+
+    firewall = {
+      enable = true;
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; } # KDE Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; } # KDE Connect
+      ];
+    };
+
+  };
+
+}

os/system/packages.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    fd
+    fzf
+    ripgrep
+    jq
+    git
+    gnumake
+    pinentry
+    vim
+    gcc
+    unzip
+    wget
+    plasma5Packages.bismuth
+    kdeconnect
+    firefox
+    thunderbird
+    remmina
+    docker-buildx
+  ];
+}

os/system/sound.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }: {
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+}

os/system/virtualisation.nix

@@ -0,0 +1,3 @@
+{ pkgs, ... }: {
+  virtualisation.docker.enable = true;
+}

os/system/xserver.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  services.xserver = {
+    enable = true;
+    layout = "ch";
+    xkbVariant = "";
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5.enable = true;
+  };
+}

os/users/demo.nix

@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+  users.users.demo.isNormalUser = true;
+  users.users.demo.initialPassword = "demo";
+  system.stateVersion = "23.05";
+}

os/users/master.nix

@@ -0,0 +1,54 @@
+{ pkgs, ... }: {
+
+  users.users.master = {
+    isNormalUser = true;
+    description = "master";
+    initialPassword = "master";
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+
+  home-manager.users.master = {
+
+    home.stateVersion = "23.05";
+    home.username = "master";
+    home.homeDirectory = "/home/master";
+    home.packages = with pkgs; [
+      nerdfonts
+      tmux
+      btop
+      ranger
+      vscode
+      nodejs
+      terraform
+      consul
+      nomad
+      packer
+      cargo
+      kubectl
+      chromium
+    ];
+
+    programs.home-manager.enable = true;
+
+    programs.bash = {
+      enable = true;
+    };
+
+    programs.starship = {
+      enable = true;
+      enableBashIntegration = true;
+      settings = {
+        directory.fish_style_pwd_dir_length = 1;
+        directory.truncation_length = 2;
+      };
+    };
+
+    programs.neovim = {
+      enable = true;
+      defaultEditor = true;
+      viAlias = true;
+      vimAlias = true;
+      vimdiffAlias = true;
+    };
+  };
+}