initial commit + sops!

2025-01-02 23:29:54 -06:00
parent 0d690aa523
commit a2ec55e821
13 changed files with 1001 additions and 0 deletions
--- a/hosts/tito/configuration.nix
+++ b/hosts/tito/configuration.nix
@@ -0,0 +1,172 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  username,
+  stylix,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules/nvidia.nix
+    ../../modules/gnome.nix
+# Does not play nicely with Nvidia right now
+#    ../../modules/hyprland/hyprland.nix
+      inputs.sops-nix.nixosModules.sops
+    ];
+
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+  sops.age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
+
+  sops.secrets."protonvpn/norway_config" = {};
+  sops.secrets."protonvpn/us_config" = {};
+  sops.secrets."protonvpn/auth-user-pass" = {};
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernel.sysctl = {
+      "vm.swappiness" = 10;
+    };
+  };
+
+  networking = {
+    hostName = "tito";
+    networkmanager.enable = true;
+  };
+
+  services = {
+    printing.enable = true;
+    openssh.enable = true;
+    tailscale.enable = true;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+  };
+
+  programs = {
+    steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      dedicatedServer.openFirewall = true;
+    };
+    chromium.enable = true;
+    nh = {
+      enable = true;
+      #clean.enable = true;
+      #clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/etc/nixos";
+    };
+  };
+
+  hardware.bluetooth.enable = true;
+  virtualisation.docker.enable = true;
+
+  users.users.${username} = {
+    isNormalUser = true;
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "audito"
+      "video"
+      "input"
+      "docker"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+    gcc
+    tailscale
+    firefox
+    htop
+    nerdfonts
+    kitty
+    yazi
+    nodejs
+    openvpn
+    audio-recorder
+    qemu
+    qemu_kvm
+    spotify
+    strawberry
+
+  ];
+
+  services.flatpak.enable = true;
+  services.openvpn.servers = {
+    proton-norway = {
+      autoStart = false;
+      config = '' 
+        config ${config.sops.secrets."protonvpn/norway_config".path} 
+        auth-user-pass ${config.sops.secrets."protonvpn/auth-user-pass".path}
+        '';
+    };
+    proton-united-states = {
+      autoStart = false;
+      config = '' 
+        config ${config.sops.secrets."protonvpn/us_config".path} 
+        auth-user-pass ${config.sops.secrets."protonvpn/auth-user-pass".path}
+        '';
+    };
+  };
+
+#  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/da-one-ocean.yaml";
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml";
+  #stylix.image = /home/jared/Pictures/venice.jpg;
+  stylix.image = /home/jared/Pictures/tropea.jpg;
+
+  stylix.targets.gnome.enable = true;
+  stylix.cursor.package = pkgs.vimix-cursor-theme;
+  stylix.cursor.name = "Vimix-Cursors";
+#  stylix.enable = true;
+#  stylix.targets.kitty.enable = true;
+
+  system.stateVersion = "23.11";
+  # ============= Maybe common ============= #
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  networking.nameservers = [
+      "192.168.1.3"
+      "9.9.9.9"
+      "1.1.1.1"
+  ];
+
+  time.timeZone = "America/Chicago";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+}
--- a/hosts/tito/hardware-configuration.nix
+++ b/hosts/tito/hardware-configuration.nix
@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/b030079d-d72f-43a8-a437-4368f4275b66";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A646-15B0";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}