diff --git a/README.md b/README.md index c70f696..41a2fbe 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ There are 3 main templates in this repository: - `darwin` - The system configuration for the Darwin operating system (macOS) -- `system` - The system configuration for the Linux operating system +- `system` - A complete NixOS system configuration template for the Linux operating system - `home-manager` - The configuration for the home-manager #### With Darwin (macOS) @@ -30,13 +30,15 @@ There are 3 main templates in this repository: #### With NixOS -1. Run `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake new -t github:auxolotl/templates#system NixFiles` -2. Move into your new system with `cd NixFiles` -3. Fill in your `hostName` in `flake.nix` -4. Run `nixos-generate-config --show-hardware-config > hardware-configuration.nix` to generate configuration based on your filesystems and drivers -5. Run `nixos-rebuild build --flake .#hostName`, replacing hostName with your new hostName +1. Install a base NixOS system +2. Run `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake new -t github:auxolotl/templates#system NixFiles` +3. Move into your new system with `cd NixFiles` +4. Fill in your `hostName` in `flake.nix` +5. Run `nixos-generate-config --show-hardware-config > host/hardware-configuration.nix` to generate configuration based on your filesystems and drivers +6. Edit the `host/configuration.nix` file with your desired system configuration +7. Run `nixos-rebuild build --flake .#hostName`, replacing hostName with your new hostName -Congratulations, you are now using Aux! +Congratulations, you are now using NixOS! #### With Home-manager diff --git a/flake.lock b/flake.lock index b42f514..9e65ebe 100644 --- a/flake.lock +++ b/flake.lock @@ -2,15 +2,15 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1714562304, - "narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=", - "owner": "auxolotl", + "lastModified": 1718149104, + "narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7", + "rev": "e913ae340076bbb73d9f4d3d065c2bca7caafb16", "type": "github" }, "original": { - "owner": "auxolotl", + "owner": "nixos", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" diff --git a/system/README.md b/system/README.md new file mode 100644 index 0000000..9ad5572 --- /dev/null +++ b/system/README.md @@ -0,0 +1,12 @@ +# Auxolotl System Template + +A (nearly) complete and ready-to-run NixOS template. + +## Getting Started + +1. Install a fresh copy of NixOS and boot into your new system. +2. Run [command] to generate your system's `hardware-configuration.nix` file. +3. Copy `hardware-configuration.nix` into the `hosts/myHost` folder. +4. Edit the `hosts/myHost/configuration.nix` file to suit your needs. This file is fully documented with all of the different options available in this template. +5. Run `nixos-rebuild boot --flake .` and restart. +6. Enjoy your new NixOS system! diff --git a/system/configuration.nix b/system/configuration.nix deleted file mode 100644 index f58affc..0000000 --- a/system/configuration.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # hardware.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.axol = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ firefox ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option allows you to use some features (flakes and the new Nix CLI) which have not yet been stabilized. - # Although they aren't yet stabilized, many Nix users use them and simple workflows are unlikely to break - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix = { - - gc.automatic = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - }; - system.stateVersion = "24.05"; # Did you read the comment? -} diff --git a/system/flake.nix b/system/flake.nix index 9a0337d..2125b01 100644 --- a/system/flake.nix +++ b/system/flake.nix @@ -1,28 +1,58 @@ { - description = "A simple system flake using some Aux defaults"; + description = "A system flake with various options for bootstrapping a complete Aux install."; - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + inputs = { + # Import Auxolotl libs + auxlib.url = "https://git.auxolotl.org/auxolotl/labs/archive/main.tar.gz?dir=lib"; + + # Import the desired Nixpkgs repo. Defaults to unstable. + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + + # SecureBoot support + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.0"; + }; outputs = - inputs@{ nixpkgs, ... }: + inputs@{ + self, + nixpkgs, + lanzaboote, + auxlib, + ... + }: let + forAllSystems = + function: + nixpkgs.lib.genAttrs [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ] (system: function nixpkgs.legacyPackages.${system}); + + baseModules = [ + ./modules/autoimport.nix + lanzaboote.nixosModules.lanzaboote + ]; + system = "x86_64-linux"; hostName = builtins.abort "You need to fill in your hostName"; # Set this variable equal to your hostName in { - nixosConfigurations.${hostName} = nixpkgs.lib.nixosSystem { - modules = [ - ./configuration.nix - + nixosConfigurations."myHost" = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + system = "x86_64-linux"; + modules = baseModules ++ [ + ./host/configuration.nix { networking.hostName = hostName; nixpkgs.hostPlatform = system; } ]; - - specialArgs = { - inherit inputs; - }; }; + + formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); }; } diff --git a/system/host/configuration.nix b/system/host/configuration.nix new file mode 100644 index 0000000..18158e1 --- /dev/null +++ b/system/host/configuration.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + ###*** Please set these variables first. ***### + nixpkgs.hostPlatform = "x86_64-linux"; # This assumes this is a standard 64-bit Linux system. + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Define a user account. Don't forget to set a password with `passwd`. + users.users.axol = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ ]; # Enter any additional packages specific to this user here. + }; + + ###*** This is where you toggle options. ***### + ###*** To enable an option, set its value to "true". ***### + aux = { + editor = "nano"; # Change the default text editor. Options are "emacs", "nano", or "vim". + ui.desktops = { + gnome.enable = false; # Enable the Gnome desktop environment. + kde.enable = false; # Enable the KDE desktop environment. + }; + }; + + # Enable printing via CUPS + services.printing.enable = false; + + # Do not change this value! + system.stateVersion = "24.11"; +} diff --git a/system/hardware-configuration.nix b/system/host/hardware-configuration.nix similarity index 100% rename from system/hardware-configuration.nix rename to system/host/hardware-configuration.nix diff --git a/system/modules/autoimport.nix b/system/modules/autoimport.nix new file mode 100644 index 0000000..3b770fd --- /dev/null +++ b/system/modules/autoimport.nix @@ -0,0 +1,27 @@ +# Auto-import Nix files in this folder, recursively. +# Sourced from https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix +{ lib, ... }: +with lib; +let + # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype + getDir = + dir: + mapAttrs (file: type: if type == "directory" then getDir "${dir}/${file}" else type) ( + builtins.readDir dir + ); + + # Collects all files of a directory as a list of strings of paths + files = + dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); + + # Search all files and folders within and below the current directory. + # Filters out files and directories that don't belong, and makes the strings absolute. + validFiles = + dir: + map (file: ./. + "/${file}") ( + filter (file: file != "autoimport.nix" && hasSuffix ".nix" file) (files dir) + ); +in +{ + imports = validFiles ./.; +} diff --git a/system/modules/system/bootloader.nix b/system/modules/system/bootloader.nix new file mode 100644 index 0000000..5eea015 --- /dev/null +++ b/system/modules/system/bootloader.nix @@ -0,0 +1,66 @@ +# Configuration options specific to bootloader management. +# SecureBoot is handled via Lanzaboote. See https://github.com/nix-community/lanzaboote +{ + config, + lib, + pkgs, + ... +}: + +# Bootloader +let + cfg = config.aux.bootloader; +in +{ + + options = { + aux.bootloader = { + enable = lib.mkOption { + description = "Automatically configures the bootloader. Set to false to configure manually."; + type = lib.types.bool; + default = true; + }; + + secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support."); + tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support."); + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.secureboot.enable { + boot = { + # Enable Secure Boot + bootspec.enable = true; + + # Use Lanzaboote in place of systemd-boot. + loader.systemd-boot.enable = false; + loader.efi.canTouchEfiVariables = true; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; + }) + + # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM + (lib.mkIf (cfg.tpm2.enable) { + # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module + environment.systemPackages = with pkgs; [ tpm2-tss ]; + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + }) + + # Use the default systemd-boot bootloader. + (lib.mkIf (!cfg.secureboot.enable) { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }) + ] + ); +} diff --git a/system/modules/system/editor.nix b/system/modules/system/editor.nix new file mode 100644 index 0000000..60844aa --- /dev/null +++ b/system/modules/system/editor.nix @@ -0,0 +1,42 @@ +# Basic system-wide text editor configuration. +{ + pkgs, + config, + lib, + inputs, + ... +}: + +let + cfg = config.aux.editor; +in +{ + options = { + aux.editor = lib.mkOption { + description = "Selects the default text editor."; + default = "nano"; + type = lib.types.enum [ + "vim" + "nano" + "emacs" + ]; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf (cfg == "emacs") { + services.emacs = { + enable = true; + defaultEditor = true; + }; + }) + (lib.mkIf (cfg == "nano") { + programs.nano = { + enable = true; + syntaxHighlight = true; + }; + environment.variables."EDITOR" = "nano"; + }) + (lib.mkIf (cfg == "vim") { programs.vim.defaultEditor = true; }) + ]; +} diff --git a/system/modules/system/nix.nix b/system/modules/system/nix.nix new file mode 100644 index 0000000..10c374b --- /dev/null +++ b/system/modules/system/nix.nix @@ -0,0 +1,24 @@ +# Core Nix configuration +{ + pkgs, + config, + lib, + inputs, + ... +}: +{ + nix = { + # Enable Flakes + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + # Enable periodic nix store optimization + optimise.automatic = true; + + # Configure NixOS to use the same software channel as Flakes + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + }; +} diff --git a/system/modules/ui/audio.nix b/system/modules/ui/audio.nix new file mode 100644 index 0000000..d895c5f --- /dev/null +++ b/system/modules/ui/audio.nix @@ -0,0 +1,51 @@ +# Enables audio support. +{ + pkgs, + lib, + config, + ... +}: + +let + cfg = config.aux.ui.audio; +in +{ + options = { + aux.ui.audio = { + enable = lib.mkEnableOption (lib.mdDoc "Enables audio."); + enableLowLatency = lib.mkEnableOption ( + lib.mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup." + ); + }; + }; + + config = lib.mkIf cfg.enable { + # Enable sound with pipewire. + sound.enable = true; + security.rtkit.enable = true; + hardware.pulseaudio = { + enable = false; + package = pkgs.pulseaudioFull; # Enable extra audio codecs + }; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + # Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup + extraConfig.pipewire = lib.mkIf cfg.enableLowLatency { + "92-low-latency.conf" = { + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.quantum" = 32; + "default.clock.min-quantum" = 32; + "default.clock.max-quantum" = 32; + }; + }; + }; + }; + }; +} diff --git a/system/modules/ui/desktops/common.nix b/system/modules/ui/desktops/common.nix new file mode 100644 index 0000000..2080be3 --- /dev/null +++ b/system/modules/ui/desktops/common.nix @@ -0,0 +1,50 @@ +# Common desktop environment modules +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.ui.desktops; +in +{ + options = { + aux.ui.desktops = { + enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support."); + xkb = lib.mkOption { + description = "The keyboard layout to use by default. Defaults to us."; + type = lib.types.attrs; + default = { + layout = "us"; + variant = ""; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + aux.ui.audio.enable = true; + + services = { + # Configure the xserver + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case). + libinput.enable = true; + + # Configure keymap in X11 + xkb = config.aux.ui.desktops.xkb; + }; + }; + + # Support for AppImage files + programs.appimage = { + enable = true; + binfmt = true; + }; + }; +} diff --git a/system/modules/ui/desktops/gnome.nix b/system/modules/ui/desktops/gnome.nix new file mode 100644 index 0000000..a7fd0ab --- /dev/null +++ b/system/modules/ui/desktops/gnome.nix @@ -0,0 +1,71 @@ +# Enables the Gnome desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.ui.desktops.gnome; +in +{ + options = { + aux.ui.desktops.gnome.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Gnome Desktop Environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.ui.desktops.enable = true; + + # Enable Gnome + services.xserver = { + # Remove default packages that came with the install + excludePackages = [ pkgs.xterm ]; + + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + }; + + environment = { + # Remove extraneous Gnome packages + gnome.excludePackages = with pkgs.gnome; [ + gnome-software # Built-in software manager + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]; + + # Install additional quality-of-life packages + systemPackages = with pkgs; [ + gnome-tweaks # Gnome tweak tool + gnome-themes-extra # Additional themes + ]; + + # Install GStreamer plugins + # References: + # https://wiki.nixos.org/wiki/GStreamer + # https://github.com/NixOS/nixpkgs/issues/195936 + sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" ( + with pkgs.gst_all_1; + [ + gstreamer + gst-plugins-base + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + gst-vaapi + ] + ); + }; + + # Gnome UI integration for KDE apps + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +} diff --git a/system/modules/ui/desktops/kde.nix b/system/modules/ui/desktops/kde.nix new file mode 100644 index 0000000..6d67acd --- /dev/null +++ b/system/modules/ui/desktops/kde.nix @@ -0,0 +1,40 @@ +# Enables the KDE desktop environment. +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.ui.desktops.kde; +in +{ + options = { + aux.ui.desktops.kde = { + enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment."); + useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland."); + }; + }; + + config = lib.mkIf cfg.enable { + aux.ui.desktops.enable = true; + + services = { + displayManager.sddm.enable = true; + desktopManager.plasma6.enable = true; + + xserver.displayManager = lib.mkIf cfg.useX11 { + defaultSession = "plasmaX11"; + sddm.wayland.enable = true; + }; + }; + + # Enable Gnome integration + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +}