diff --git a/README.md b/README.md index c70f696..41a2fbe 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ There are 3 main templates in this repository: - `darwin` - The system configuration for the Darwin operating system (macOS) -- `system` - The system configuration for the Linux operating system +- `system` - A complete NixOS system configuration template for the Linux operating system - `home-manager` - The configuration for the home-manager #### With Darwin (macOS) @@ -30,13 +30,15 @@ There are 3 main templates in this repository: #### With NixOS -1. Run `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake new -t github:auxolotl/templates#system NixFiles` -2. Move into your new system with `cd NixFiles` -3. Fill in your `hostName` in `flake.nix` -4. Run `nixos-generate-config --show-hardware-config > hardware-configuration.nix` to generate configuration based on your filesystems and drivers -5. Run `nixos-rebuild build --flake .#hostName`, replacing hostName with your new hostName +1. Install a base NixOS system +2. Run `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake new -t github:auxolotl/templates#system NixFiles` +3. Move into your new system with `cd NixFiles` +4. Fill in your `hostName` in `flake.nix` +5. Run `nixos-generate-config --show-hardware-config > host/hardware-configuration.nix` to generate configuration based on your filesystems and drivers +6. Edit the `host/configuration.nix` file with your desired system configuration +7. Run `nixos-rebuild build --flake .#hostName`, replacing hostName with your new hostName -Congratulations, you are now using Aux! +Congratulations, you are now using NixOS! #### With Home-manager diff --git a/flake.lock b/flake.lock index b42f514..9e65ebe 100644 --- a/flake.lock +++ b/flake.lock @@ -2,15 +2,15 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1714562304, - "narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=", - "owner": "auxolotl", + "lastModified": 1718149104, + "narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7", + "rev": "e913ae340076bbb73d9f4d3d065c2bca7caafb16", "type": "github" }, "original": { - "owner": "auxolotl", + "owner": "nixos", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" diff --git a/system/README.md b/system/README.md new file mode 100644 index 0000000..762bb01 --- /dev/null +++ b/system/README.md @@ -0,0 +1,93 @@ +# Auxolotl New User System Configuration + +A ready-to-run NixOS configuration with opinionated defaults. + +The goal of this config is to make it as easy as possible to build a NixOS system for an out-of-the-box experience similar to user-friendly distributions like Ubuntu, Fedora, or Mint. Nearly all configuration is done by editing `host/configuration.nix`. Where possible, we provided simple boolean (true/false) flags for enabling things like GPU drivers and desktop environments. These options are made available under the `aux.system` namespace. You can, of course, extend this template however you'd like. + +## Getting Started + +1. [Install a fresh copy of NixOS and boot into your new system](https://nixos.org/manual/nixos/stable/index.html#ch-installation). +2. Open a terminal and create a new copy of this template by running `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake new -t github:auxolotl/templates#system nixos-config`. +3. Change into the new folder using `cd nixos-config`. +4. Run `nixos-generate-config --show-hardware-config` to generate your system's `hardware-configuration.nix` file. Copy this file into the `host` folder, overwriting the existing `hardware-configuration.nix` file. +5. Edit `flake.nix` and set the following variables: + 1. Change `hostName` to the hostname you want to give this system. + 2. If your system is running on an architecture other than 64-bit Linux, change `platform` to the architecture that you're using. Details on the various options are documented in `flake.nix`. +6. Edit the `host/configuration.nix` file to suit your needs. This file documents all of the different options available. In most cases, you can enable an option by changing `false` to `true`. + 1. Change the `username` variable. If you installed NixOS using the standard install medium, you can change this to match the username you chose during installation. Otherwise, it will create a new user account. + 2. If you're creating a new user account, don't forget to set its password by running `sudo passwd `. +7. Run `sudo nixos-rebuild boot --flake .#` and restart. +8. Enjoy your new NixOS system! + +## Additional options + +This section is for options that require additional information or setup. + +### Hardware-specific options + +NixOS-Hardware is a community library of NixOS modules to work around quirks with specific kinds of hardware, especially laptops and SBCs like Raspberry Pis. If you know your system's model, you can see if it's available in [NixOS-Hardware by checking the project's flake.nix](https://github.com/NixOS/nixos-hardware/blob/master/flake.nix). If so, add its module to your host's `flake.nix` like so: + +```nix +modules = [ + ... + nixos-hardware.nixosModules.framework-13th-gen-intel + ... +] +``` + +#### Nvidia GPU support + +For users with a hybrid Nvidia GPU setup (e.g. laptop users), there's some additional setup you need to do. This setup requires you to find the PCI bus IDs for your Nvidia GPU and your secondary GPU (usually an integrated Intel or AMD GPU). [The NixOS wiki has instructions on how to find these](https://nixos.wiki/wiki/Nvidia#Laptop_Configuration:_Hybrid_Graphics_.28Nvidia_Optimus_PRIME.29). Once you have the bus IDs, you can set `aux.system.gpu.nvidia.hybrid.busIDs.intel` or `aux.system.gpu.nvidia.hybrid.busIDs.amd`. + +### Secure Boot support + +This configuration supports [Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot) systems, but with some additional setup required. Secure Boot is a UEFI standard meant to prevent tampering with the pre-boot process, e.g. by a malicious third-party replacing your kernel image with a compromised image. In NixOS, Secure Boot support is provided by the [Lanzaboote](https://github.com/nix-community/lanzaboote) project. + +To enable Secure Boot support: + +1. Install NixOS using the default `systemd-boot` bootloader, and with Secure Boot disabled via UEFI. To confirm this, run `bootctl status` on a fresh NixOS installation and look for output similar to the following: + ```sh + $ bootctl status + System: + Firmware: UEFI 2.70 (Lenovo 0.4720) + Secure Boot: disabled (disabled) + TPM2 Support: yes + Boot into FW: supported + + Current Boot Loader: + Product: systemd-boot 251.7 + ... + ``` +2. Generate a set of Secure Boot keys by running the following command: `sudo sbctl create-keys`. This creates a set of keys in `/etc/secureboot`. +3. Enable Secure Boot in your system configuration by setting `aux.system.bootloader.secureboot.enable = true;`. +4. Rebuild your system using `nixos-rebuild switch --flake .`. +5. Confirm that Secure Boot has been set up properly by running `sudo sbctl verify`: + ```sh + Verifying file database and EFI images in /boot... + ✓ /boot/EFI/BOOT/BOOTX64.EFI is signed + ✓ /boot/EFI/Linux/nixos-generation-355.efi is signed + ✓ /boot/EFI/Linux/nixos-generation-356.efi is signed + ✗ /boot/EFI/nixos/0n01vj3mq06pc31i2yhxndvhv4kwl2vp-linux-6.1.3-bzImage.efi is not signed + ✓ /boot/EFI/systemd/systemd-bootx64.efi is signed + ``` +6. Reboot into your system's UEFI firmware. An easy way to do this from a running system is to run `systemctl reboot --firmware-setup`. In UEFI, set Secure Boot to setup mode. This will vary by system and UEFI vendor. On a ThinkPad, you can find these settings by selecting the "Security" tab, then the "Secure Boot" entry. Set "Secure Boot" to enabled, then select "Reset to Setup Mode". Save your changes and exit. + - On systems where there is no setup mode, choose the option to erase the existing Platform key, and/or to allow third-party keys. +7. Once you've rebooted into NixOS, run this command to enroll your keys: `sudo sbctl enroll-keys --microsoft`. You should see the following output: + ```sh + Enrolling keys to EFI variables... + With vendor keys from microsoft...✓ + Enrolled keys to the EFI variables! + ``` +8. Reboot your system, then verify your keys were installed correctly using `bootctl status`: + ```sh + System: + Firmware: UEFI 2.70 (Lenovo 0.4720) + Firmware Arch: x64 + Secure Boot: enabled (user) + TPM2 Support: yes + Boot into FW: supported + ``` + +#### Disabling Secure Boot + +To disable Secure Boot, just set `aux.system.bootloader.secureboot.enable = false;` and rebuild the system. \ No newline at end of file diff --git a/system/configuration.nix b/system/configuration.nix deleted file mode 100644 index 9880c93..0000000 --- a/system/configuration.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # hardware.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.axol = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ firefox ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option allows you to use some features (flakes and the new Nix CLI) which have not yet been stabilized. - # Although they aren't yet stabilized, many Nix users use them and simple workflows are unlikely to break - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix = { - - gc.automatic = true; - - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.05"; # Did you read the comment? -} diff --git a/system/flake.nix b/system/flake.nix index 9a0337d..371893f 100644 --- a/system/flake.nix +++ b/system/flake.nix @@ -1,28 +1,97 @@ { - description = "A simple system flake using some Aux defaults"; + description = "A system flake with various options for bootstrapping a complete NixOS install."; - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + inputs = { + + # Import the desired Nix channel. Defaults to unstable, which uses a fully tested rolling release model. + # You can find a list of channels at https://nixos.wiki/wiki/Nix_channels + # To follow a different channel, replace `nixos-unstable` with the channel name, e.g. `nixos-24.05`. + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # Use Lix in place of Nix. + # If you'd rather use regular Nix, remove `lix-module.nixosModules.default` from the `modules` section below. + # To learn more about Lix, see https://lix.systems/ + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0-rc1.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Flatpak support + nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1"; + + # SecureBoot support + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.0"; + + # NixOS hardware quirks + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # Home-manager support + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; outputs = - inputs@{ nixpkgs, ... }: + inputs@{ + self, + home-manager, + lanzaboote, + lix-module, + nix-flatpak, + nixos-hardware, + nixpkgs, + ... + }: let - system = "x86_64-linux"; - hostName = builtins.abort "You need to fill in your hostName"; # Set this variable equal to your hostName + ###*** IMPORTANT: Please set your system's hostname here ***### + hostName = builtins.abort "Please set the 'hostName' variable in flake.nix"; + + /* + What kind of system are you running NixOS on? + If you're not sure, leave this as the default. + + Options are: + x86_64-linux - (Default) 64-bit PCs. + aarch64-linux - 64-bit ARM PCs. + x86_64-darwin - Intel Macs. + aarch64-darwin - M-series Macs. + */ + platform = "x86_64-linux"; in { - nixosConfigurations.${hostName} = nixpkgs.lib.nixosSystem { - modules = [ - ./configuration.nix - - { - networking.hostName = hostName; - nixpkgs.hostPlatform = system; - } - ]; - + nixosConfigurations."${hostName}" = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; + modules = [ + { + networking.hostName = hostName; + nixpkgs.hostPlatform = platform; + home-manager = { + /* + When running, Home Manager will use the global package cache. + It will also back up any files that it would otherwise overwrite. + The originals will have the extension ".home-manager_backup". + */ + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "home-manager_backup"; + }; + } + ./modules/autoimport.nix + home-manager.nixosModules.home-manager + lanzaboote.nixosModules.lanzaboote + lix-module.nixosModules.default + nix-flatpak.nixosModules.nix-flatpak + ./host/configuration.nix + + # NixOS-Hardware + # Add your model from this list: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix + # nixos-hardware.nixosModules.framework-13th-gen-intel + ]; }; + + formatter.${platform} = nixpkgs.legacyPackages.${platform}.nixfmt-rfc-style; }; } diff --git a/system/host/configuration.nix b/system/host/configuration.nix new file mode 100644 index 0000000..16af6c8 --- /dev/null +++ b/system/host/configuration.nix @@ -0,0 +1,129 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + # Do not change this value! This tracks when NixOS was installed on your system. + stateVersion = "24.11"; + + # Set the username for the initial user. + username = builtins.abort "Please set your username via the 'username' variable in configuration.nix"; +in +{ + imports = [ ./hardware-configuration.nix ]; + + system.stateVersion = stateVersion; + + ###*** Configure your system below this line. ***### + # Set your time zone. + # To see all available timezones, run `timedatectl list-timezones`. + time.timeZone = "Europe/Amsterdam"; + + # Define your user account(s). If this user doesn't already have a password, don't forget to set one using `passwd`. + users.users.${username} = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + + # Enter any additional packages specific to this user here. + packages = with pkgs; [ ]; + }; + + # Configure home-manager for your user. + # For configuration options, see https://nix-community.github.io/home-manager/#using-home-manager + home-manager.users.${username} = { + # The state version is required and should stay at the version you originally installed. + home.stateVersion = stateVersion; + + programs = { + # Let home Manager install and manage itself. + home-manager.enable = true; + }; + }; + + # Configure the system. + aux.system = { + # Enable to allow unfree (e.g. closed source) packages. + # Some settings may override this (e.g. enabling Nvidia GPU support). + # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree + allowUnfree = false; + + # Enable Secure Boot support. + # IMPORTANT: Read the README before enabling this option! + bootloader.secureboot.enable = false; + + # Change the default text editor. Options are "emacs", "nano", or "vim". + editor = "nano"; + + ui.flatpak = { + # Enable Flatpak support. + enable = false; + + # Define Flatpak packages to install. + packages = [ ]; + }; + + # Additional system packages to install. + packages = [ ]; + + # Change how long old generations are kept for. + retentionPeriod = "30d"; + + # Enable GPU support. + gpu = { + # Enable AMD GPU support. + amd.enable = false; + + # Enable Intel GPU support. + intel.enable = false; + + nvidia = { + # Enable Nvidia GPU support. + enable = false; + + hybrid = { + # Enables support for hybrid GPUs (e.g. for laptops and systems with integrated GPUs). + enable = false; + # Define the bus IDs for your GPUs. + # For more info on where to find bus IDs, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29 + busIDs = { + nvidia = ""; + intel = ""; + amd = ""; + }; + + # Enable sync mode for faster performance at the cost of higher battery usage. + # If sync is disabled, you'll need to run GPU-accelerated applications using 'nvidia-offload '. + sync = false; + }; + }; + }; + + ui.desktops = { + # Enable the Budgie desktop environment. + # https://buddiesofbudgie.org/ + budgie.enable = false; + + # Enable the Hyprland desktop environment. + # https://hyprland.org/ + hyprland.enable = false; + + # Enable the Gnome desktop environment. + # https://www.gnome.org/ + gnome.enable = false; + + # Enable the KDE desktop environment. + # https://kde.org/ + kde.useX11 = false; + + # Enable the XFCE desktop environment. + # https://xfce.org/ + xfce.enable = false; + }; + }; + + # Enable printing via CUPS + services.printing.enable = false; +} diff --git a/system/hardware-configuration.nix b/system/host/hardware-configuration.nix similarity index 100% rename from system/hardware-configuration.nix rename to system/host/hardware-configuration.nix diff --git a/system/modules/autoimport.nix b/system/modules/autoimport.nix new file mode 100644 index 0000000..3b770fd --- /dev/null +++ b/system/modules/autoimport.nix @@ -0,0 +1,27 @@ +# Auto-import Nix files in this folder, recursively. +# Sourced from https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix +{ lib, ... }: +with lib; +let + # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype + getDir = + dir: + mapAttrs (file: type: if type == "directory" then getDir "${dir}/${file}" else type) ( + builtins.readDir dir + ); + + # Collects all files of a directory as a list of strings of paths + files = + dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); + + # Search all files and folders within and below the current directory. + # Filters out files and directories that don't belong, and makes the strings absolute. + validFiles = + dir: + map (file: ./. + "/${file}") ( + filter (file: file != "autoimport.nix" && hasSuffix ".nix" file) (files dir) + ); +in +{ + imports = validFiles ./.; +} diff --git a/system/modules/system/bluetooth.nix b/system/modules/system/bluetooth.nix new file mode 100644 index 0000000..8eecd22 --- /dev/null +++ b/system/modules/system/bluetooth.nix @@ -0,0 +1,37 @@ +# Configures bluetooth. +{ + lib, + config, + pkgs, + ... +}: + +let + cfg = config.aux.system.bluetooth; +in +{ + + options = { + aux.system.bluetooth = { + enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth"); + }; + }; + + config = lib.mkIf cfg.enable { + # Set up Bluetooth + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + Experimental = true; + KernelExperimental = true; + }; + }; + }; + + # Add Bluetooth LE audio support + environment.systemPackages = with pkgs; [ liblc3 ]; + }; +} diff --git a/system/modules/system/bootloader.nix b/system/modules/system/bootloader.nix new file mode 100644 index 0000000..f38a1ac --- /dev/null +++ b/system/modules/system/bootloader.nix @@ -0,0 +1,73 @@ +# Configuration options specific to bootloader management. +# SecureBoot is handled via Lanzaboote. See https://github.com/nix-community/lanzaboote +{ + config, + lib, + pkgs, + ... +}: + +# Bootloader +let + cfg = config.aux.system.bootloader; +in +{ + + options = { + aux.system.bootloader = { + enable = lib.mkOption { + description = "Automatically configures the bootloader. Set to false to configure manually."; + type = lib.types.bool; + default = true; + }; + + secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support."); + tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support."); + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.secureboot.enable { + boot = { + # Enable Secure Boot + bootspec.enable = true; + + # Use Lanzaboote in place of systemd-boot. + loader.systemd-boot.enable = false; + loader.efi.canTouchEfiVariables = true; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; + }) + + # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM + (lib.mkIf (cfg.tpm2.enable) { + boot.initrd = { + # Enable systemd for TPM auto-unlocking + systemd.enable = true; + + availableKernelModules = [ "tpm_crb" ]; + kernelModules = [ "tpm_crb" ]; + }; + # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module + environment.systemPackages = with pkgs; [ tpm2-tss ]; + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + }) + + # Use the default systemd-boot bootloader. + (lib.mkIf (!cfg.secureboot.enable) { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }) + ] + ); +} diff --git a/system/modules/system/editor.nix b/system/modules/system/editor.nix new file mode 100644 index 0000000..0d38083 --- /dev/null +++ b/system/modules/system/editor.nix @@ -0,0 +1,42 @@ +# Basic system-wide text editor configuration. +{ + pkgs, + config, + lib, + inputs, + ... +}: + +let + cfg = config.aux.system.editor; +in +{ + options = { + aux.system.editor = lib.mkOption { + description = "Selects the default text editor."; + default = "nano"; + type = lib.types.enum [ + "vim" + "nano" + "emacs" + ]; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf (cfg == "emacs") { + services.emacs = { + enable = true; + defaultEditor = true; + }; + }) + (lib.mkIf (cfg == "nano") { + programs.nano = { + enable = true; + syntaxHighlight = true; + }; + environment.variables."EDITOR" = "nano"; + }) + (lib.mkIf (cfg == "vim") { programs.vim.defaultEditor = true; }) + ]; +} diff --git a/system/modules/system/gpu/amd.nix b/system/modules/system/gpu/amd.nix new file mode 100644 index 0000000..b24c647 --- /dev/null +++ b/system/modules/system/gpu/amd.nix @@ -0,0 +1,27 @@ +# Enables AMD GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.amd; +in +{ + options = { + aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support."); + }; + + config = lib.mkIf cfg.enable { + boot.initrd.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; + + hardware.graphics = { + extraPackages = [ pkgs.amdvlk ]; + # 32-bit application compatibility + enable32Bit = true; + extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; + }; + }; +} diff --git a/system/modules/system/gpu/intel.nix b/system/modules/system/gpu/intel.nix new file mode 100644 index 0000000..2f94c7c --- /dev/null +++ b/system/modules/system/gpu/intel.nix @@ -0,0 +1,44 @@ +# Enables Intel GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.intel; +in +{ + options = { + aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support."); + }; + + config = lib.mkIf cfg.enable { + # Configuration options from NixOS-Hardware: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/intel/default.nix + boot.initrd.kernelModules = [ "i915" ]; + + environment.variables.VDPAU_DRIVER = "va_gl"; + + hardware.graphics.extraPackages = with pkgs; [ + ( + if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then + vaapiIntel + else + intel-vaapi-driver + ) + libvdpau-va-gl + intel-media-driver + ]; + + hardware.graphics.extraPackages32 = with pkgs.driversi686Linux; [ + ( + if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then + vaapiIntel + else + intel-vaapi-driver + ) + libvdpau-va-gl + intel-media-driver + ]; + }; +} diff --git a/system/modules/system/gpu/nvidia.nix b/system/modules/system/gpu/nvidia.nix new file mode 100644 index 0000000..d08deb6 --- /dev/null +++ b/system/modules/system/gpu/nvidia.nix @@ -0,0 +1,81 @@ +# Enables Nvidia GPU support. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.gpu.nvidia; +in +{ + options = { + aux.system.gpu.nvidia = { + enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support."); + hybrid = { + enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support."); + sync = lib.mkEnableOption ( + lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage." + ); + busIDs = { + nvidia = lib.mkOption { + description = "The bus ID for your Nvidia GPU."; + type = lib.types.str; + example = "PCI:0:2:0"; + default = ""; + }; + intel = lib.mkOption { + description = "The bus ID for your integrated Intel GPU. If you don't have an Intel GPU, you can leave this blank."; + type = lib.types.str; + example = "PCI:14:0:0"; + default = ""; + }; + amd = lib.mkOption { + description = "The bus ID for your integrated AMD GPU. If you don't have an AMD GPU, you can leave this blank."; + type = lib.types.str; + example = "PCI:54:0:0"; + default = ""; + }; + }; + }; + }; + + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = (cfg.hybrid.busIDs.nvidia != ""); + message = "You need to define a bus ID for your Nvidia GPU. To learn how to find the bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29."; + } + { + assertion = (cfg.hybrid.busIDs.intel != "" || cfg.busIDs.amd != ""); + message = "You need to define a bus ID for your non-Nvidia GPU. To learn how to find your bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29."; + } + ]; + + aux.system.allowUnfree = true; + + services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ]; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau ]; + + hardware.nvidia = { + modesetting.enable = true; + nvidiaSettings = lib.mkIf (config.aux.system.ui.desktops.enable) true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + prime = lib.mkIf cfg.hybrid.enable { + + offload = lib.mkIf (!cfg.hybrid.sync) { + enable = true; + enableOffloadCmd = true; # Provides `nvidia-offload` command. + }; + + sync.enable = lib.mkIf cfg.hybrid.sync true; + + nvidiaBusId = cfg.hybrid.busIDs.nvidia; + intelBusId = cfg.hybrid.busIDs.intel; + amdgpuBusId = cfg.hybrid.busIDs.amd; + }; + }; + }; +} diff --git a/system/modules/system/networking.nix b/system/modules/system/networking.nix new file mode 100644 index 0000000..ccee94f --- /dev/null +++ b/system/modules/system/networking.nix @@ -0,0 +1,11 @@ +# Configure basic networking options. +_: { + networking = { + # Enable networking via NetworkManager + networkmanager.enable = true; + + # Enable firewall + nftables.enable = true; + firewall.enable = true; + }; +} diff --git a/system/modules/system/nix.nix b/system/modules/system/nix.nix new file mode 100644 index 0000000..b1c7f18 --- /dev/null +++ b/system/modules/system/nix.nix @@ -0,0 +1,50 @@ +# Core Nix configuration +{ + pkgs, + config, + lib, + inputs, + ... +}: + +let + cfg = config.aux.system; +in +{ + options = { + aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install."); + aux.system.retentionPeriod = lib.mkOption { + description = "How long to retain NixOS generations. Defaults to 30 days (30d)."; + type = lib.types.str; + default = "30d"; + }; + }; + config = { + nixpkgs.config.allowUnfree = cfg.allowUnfree; + + nix = { + # Enable Flakes + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + # Enable periodic nix store optimization + optimise.automatic = true; + + # Enable weekly garbage collection. Delete generations that are older than two weeks. + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than ${cfg.retentionPeriod}"; + }; + + # Configure NixOS to use the same software channel as Flakes + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + }; + + # Support for standard, dynamically-linked executables + programs.nix-ld.enable = true; + }; +} diff --git a/system/modules/system/system.nix b/system/modules/system/system.nix new file mode 100644 index 0000000..c00816e --- /dev/null +++ b/system/modules/system/system.nix @@ -0,0 +1,52 @@ +# Base system settings and options +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system; +in +{ + options = { + aux.system.packages = lib.mkOption { + description = "Additional system packages to install. This is just a wrapper for environment.systemPackages."; + type = lib.types.listOf lib.types.package; + default = [ ]; + example = lib.literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; + }; + }; + config = { + # Install the latest kernel + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + + # Set up the environment + environment = { + # Install base packages + systemPackages = + config.aux.system.packages + ++ (with pkgs; [ + bash + dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113 + direnv + git + home-manager + p7zip + ]); + }; + services = { + # Enable fwupd (firmware updater) + fwupd.enable = true; + + # Enable trim on supported drives + fstrim.enable = true; + + # Enable disk monitoring + smartd = { + enable = true; + autodetect = true; + }; + }; + }; +} diff --git a/system/modules/ui/audio.nix b/system/modules/ui/audio.nix new file mode 100644 index 0000000..08b8562 --- /dev/null +++ b/system/modules/ui/audio.nix @@ -0,0 +1,51 @@ +# Enables audio support. +{ + pkgs, + lib, + config, + ... +}: + +let + cfg = config.aux.system.ui.audio; +in +{ + options = { + aux.system.ui.audio = { + enable = lib.mkEnableOption (lib.mdDoc "Enables audio."); + enableLowLatency = lib.mkEnableOption ( + lib.mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup." + ); + }; + }; + + config = lib.mkIf cfg.enable { + # Enable sound with pipewire. + sound.enable = true; + security.rtkit.enable = true; + hardware.pulseaudio = { + enable = false; + package = pkgs.pulseaudioFull; # Enable extra audio codecs + }; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + # Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup + extraConfig.pipewire = lib.mkIf cfg.enableLowLatency { + "92-low-latency.conf" = { + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.quantum" = 32; + "default.clock.min-quantum" = 32; + "default.clock.max-quantum" = 32; + }; + }; + }; + }; + }; +} diff --git a/system/modules/ui/desktops/budgie.nix b/system/modules/ui/desktops/budgie.nix new file mode 100644 index 0000000..b0afca8 --- /dev/null +++ b/system/modules/ui/desktops/budgie.nix @@ -0,0 +1,33 @@ +# Enables the Budgie desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.budgie; +in +{ + options = { + aux.system.ui.desktops.budgie.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Budgie desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops = { + enable = true; + displayManager = lib.mkOptionDefault "lightdm"; + }; + + services.xserver = { + enable = true; + desktopManager.budgie.enable = + if config.services.xserver.desktopManager.gnome.enable then + builtins.abort "Budgie and Gnome cannot be enabled at the same time due to a bug. For details and a possible workaround, please see https://discourse.nixos.org/t/help-i-cant-have-pantheon-gnome-and-plasma-installed-on-my-system-at-the-same-time/47346" + else + true; + }; + }; +} diff --git a/system/modules/ui/desktops/common.nix b/system/modules/ui/desktops/common.nix new file mode 100644 index 0000000..96f5744 --- /dev/null +++ b/system/modules/ui/desktops/common.nix @@ -0,0 +1,103 @@ +# Common desktop environment modules +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.system.ui.desktops; +in +{ + options = { + aux.system.ui.desktops = { + enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support."); + xkb = lib.mkOption { + description = "The keyboard layout to use by default. Defaults to us."; + type = lib.types.attrs; + default = { + layout = "us"; + variant = ""; + }; + }; + displayManager = lib.mkOption { + description = "The display manager to use to start a desktop session."; + type = lib.types.enum [ + "gdm" + "lightdm" + "sddm" + "sddm_wayland" + ]; + }; + }; + }; + + config = lib.mkIf cfg.enable { + aux.system = { + bluetooth.enable = true; + ui.audio.enable = true; + }; + + boot = { + # Enable Plymouth for graphical bootsplash. + plymouth = { + enable = true; + theme = "bgrt"; + }; + + # Add kernel parameters + kernelParams = [ "quiet" ]; + }; + + services = { + # Configure the xserver + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Configure keymap in X11 + xkb = config.aux.system.ui.desktops.xkb; + + # Set the display manager + displayManager = { + gdm.enable = (cfg.displayManager == "gdm"); + lightdm.enable = (cfg.displayManager == "lightdm"); + }; + }; + + displayManager = { + sddm.enable = (cfg.displayManager == "sddm"); + sddm.wayland.enable = (cfg.displayManager == "sddm_wayland"); + }; + + # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case). + libinput.enable = true; + }; + + # Support for AppImage files + programs.appimage = { + enable = true; + binfmt = true; + }; + + # Install full GStreamer capabilities. + # References: + # https://wiki.nixos.org/wiki/GStreamer + # https://github.com/NixOS/nixpkgs/issues/195936 + environment = { + sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" ( + with pkgs.gst_all_1; + [ + gstreamer + gst-plugins-base + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + gst-vaapi + ] + ); + }; + }; +} diff --git a/system/modules/ui/desktops/gnome.nix b/system/modules/ui/desktops/gnome.nix new file mode 100644 index 0000000..043744b --- /dev/null +++ b/system/modules/ui/desktops/gnome.nix @@ -0,0 +1,59 @@ +# Enables the Gnome desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.gnome; +in +{ + options = { + aux.system.ui.desktops.gnome.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Gnome Desktop Environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops = { + enable = true; + displayManager = lib.mkOverride 500 "gdm"; + }; + + # Enable Gnome + services.xserver = { + # Remove default packages that came with the install + excludePackages = [ pkgs.xterm ]; + + desktopManager.gnome.enable = lib.mkDefault true; + }; + + environment = { + # Remove extraneous Gnome packages + gnome.excludePackages = with pkgs.gnome; [ + gnome-software # Built-in software manager + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]; + + # Install additional quality-of-life packages + systemPackages = with pkgs; [ + gnome-tweaks # Gnome tweak tool + gnome-themes-extra # Additional themes + ]; + }; + + # Manually set askPassword to avoid a conflict with KDE + programs.ssh.askPassword = "${pkgs.gnome.seahorse}/libexec/seahorse/ssh-askpass"; + + # Gnome UI integration for KDE apps + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +} diff --git a/system/modules/ui/desktops/hyprland.nix b/system/modules/ui/desktops/hyprland.nix new file mode 100644 index 0000000..18f06f0 --- /dev/null +++ b/system/modules/ui/desktops/hyprland.nix @@ -0,0 +1,28 @@ +# Enables the Hyprland desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.hyprland; +in +{ + options = { + aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the Hyprland desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops.enable = true; + + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + # Optional: hint Electron apps to use Wayland: + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + }; +} diff --git a/system/modules/ui/desktops/kde.nix b/system/modules/ui/desktops/kde.nix new file mode 100644 index 0000000..96a1baf --- /dev/null +++ b/system/modules/ui/desktops/kde.nix @@ -0,0 +1,48 @@ +# Enables the KDE desktop environment. +{ + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.system.ui.desktops.kde; +in +{ + options = { + aux.system.ui.desktops.kde = { + enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment."); + useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland."); + }; + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops = { + enable = true; + displayManager = if cfg.useX11 then lib.mkDefault "sddm" else lib.mkDefault "sddm_wayland"; + }; + + programs.dconf.enable = true; + + # Fix blank messages in KMail. See https://nixos.wiki/wiki/KDE#KMail_Renders_Blank_Messages + environment.sessionVariables = { + NIX_PROFILES = "${pkgs.lib.concatStringsSep " " ( + pkgs.lib.reverseList config.environment.profiles + )}"; + }; + + services = { + desktopManager.plasma6.enable = true; + + xserver.displayManager = lib.mkIf cfg.useX11 { defaultSession = "plasmaX11"; }; + }; + + # Enable Gnome integration + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +} diff --git a/system/modules/ui/desktops/xfce.nix b/system/modules/ui/desktops/xfce.nix new file mode 100644 index 0000000..ba0d004 --- /dev/null +++ b/system/modules/ui/desktops/xfce.nix @@ -0,0 +1,35 @@ +# Enables the XFCE desktop environment. +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.ui.desktops.xfce; +in +{ + options = { + aux.system.ui.desktops.xfce.enable = lib.mkEnableOption ( + lib.mdDoc "Enables the XFCE desktop environment." + ); + }; + + config = lib.mkIf cfg.enable { + aux.system.ui.desktops = { + enable = true; + displayManager = lib.mkOptionDefault "lightdm"; + }; + + services = { + displayManager.defaultSession = "xfce"; + xserver = { + enable = true; + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + }; + }; + }; +} diff --git a/system/modules/ui/flatpak.nix b/system/modules/ui/flatpak.nix new file mode 100644 index 0000000..e477443 --- /dev/null +++ b/system/modules/ui/flatpak.nix @@ -0,0 +1,85 @@ +# Enable support for Flatpak applications +{ + nix-flatpak, + pkgs, + config, + lib, + ... +}: + +let + cfg = config.aux.system.ui.flatpak; +in +with lib; +{ + options = { + aux.system.ui.flatpak = { + enable = mkEnableOption (mdDoc "Enables Flatpak support."); + packages = lib.mkOption { + description = "Flatpak packages to install."; + type = lib.types.listOf lib.types.str; + default = [ ]; + example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]"; + }; + }; + }; + + config = mkIf cfg.enable { + # Enable Flatpak + services.flatpak = { + enable = true; + + # Manage all Flatpak packages and remotes + uninstallUnmanaged = true; + + # Enable automatic updates alongside nixos-rebuild + update.onActivation = true; + + # Add remote(s) + remotes = [ + { + name = "flathub"; + location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; + } + ]; + + # Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak + packages = cfg.packages; + }; + + # Workaround for getting Flatpak apps to use system fonts, icons, and cursors + # For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263 + # NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache: + # flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v + system.fsPackages = [ pkgs.bindfs ]; + fileSystems = + let + mkRoSymBind = path: { + device = path; + fsType = "fuse.bindfs"; + options = [ + "ro" + "resolve-symlinks" + "x-gvfs-hide" + ]; + }; + aggregatedIcons = pkgs.buildEnv { + name = "system-icons"; + paths = with pkgs; [ + (lib.mkIf config.aux.system.ui.desktops.gnome.enable gnome.gnome-themes-extra) + (lib.mkIf config.aux.system.ui.desktops.kde.enable kdePackages.breeze-icons) + ]; + pathsToLink = [ "/share/icons" ]; + }; + aggregatedFonts = pkgs.buildEnv { + name = "system-fonts"; + paths = config.fonts.packages; + pathsToLink = [ "/share/fonts" ]; + }; + in + { + "/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons"; + "/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts"; + }; + }; +}