From a1f7f43c95c049628e826856ec589b339cd4f5db Mon Sep 17 00:00:00 2001
From: Quentin Aristote <quentin@aristote.fr>
Date: Fri, 6 Aug 2021 18:51:59 +0200
Subject: initial commit

---
 nixos/boot.nix                   | 38 ++++++++++++++++++++++
 nixos/configuration.nix          | 51 ++++++++++++++++++++++++++++++
 nixos/desktop.nix                | 63 +++++++++++++++++++++++++++++++++++++
 nixos/hardware-configuration.nix | 33 +++++++++++++++++++
 nixos/locale.nix                 | 15 +++++++++
 nixos/networking.nix             | 68 ++++++++++++++++++++++++++++++++++++++++
 nixos/services.nix               | 19 +++++++++++
 nixos/users.nix                  | 18 +++++++++++
 8 files changed, 305 insertions(+)
 create mode 100644 nixos/boot.nix
 create mode 100644 nixos/configuration.nix
 create mode 100644 nixos/desktop.nix
 create mode 100644 nixos/hardware-configuration.nix
 create mode 100644 nixos/locale.nix
 create mode 100644 nixos/networking.nix
 create mode 100644 nixos/services.nix
 create mode 100644 nixos/users.nix

(limited to 'nixos')

diff --git a/nixos/boot.nix b/nixos/boot.nix
new file mode 100644
index 0000000..8c7b28c
--- /dev/null
+++ b/nixos/boot.nix
@@ -0,0 +1,38 @@
+{ config, ... }:
+
+{
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi = { canTouchEfiVariables = true; };
+    grub = {
+      enable = true;
+      version = 2;
+      efiSupport = true;
+      enableCryptodisk = true;
+      device = "nodev";
+      # extraEntries =
+      #   # Recovery mode
+      #   # Generate the image with generate-recovery.sh
+      #   ''
+      #   menuentry "NixOS - Recovery" {
+      #   search --set=drive1 -fs-uuid 330B-45DE 
+      #          linux ($drive1)//kernels/recovery-linux-bzImage loglevel=4
+      #          initrd ($drive1)//kernels/recovery-initrd
+      #   }
+      #   '';
+    };
+  };
+
+  # Decrypt disk
+  boot.initrd.luks.devices = {
+    sda3_crypt = {
+      name = "sda3_crypt";
+      device = "/dev/disk/by-uuid/ba5dc9cd-3a73-4a01-880b-8720844307ae";
+      preLVM = true;
+    };
+  };
+}
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
new file mode 100644
index 0000000..85f432e
--- /dev/null
+++ b/nixos/configuration.nix
@@ -0,0 +1,51 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <home-manager/nixos>
+
+    ./boot.nix
+    ./locale.nix
+    ./networking.nix
+    ./desktop.nix
+    ./users.nix
+    ./services.nix
+  ];
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [ vim busybox coreutils openssl ];
+  nixpkgs.config = { allowUnfree = true; };
+
+  nix = {
+    # package = pkgs.nixUnstable;
+    # extraOptions = ''
+    # experimental-features = nix-command flakes
+    # '';
+    autoOptimiseStore = true;
+    gc = {
+      automatic = false;
+      dates = "weekly";
+    };
+  };
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
diff --git a/nixos/desktop.nix b/nixos/desktop.nix
new file mode 100644
index 0000000..bf9909f
--- /dev/null
+++ b/nixos/desktop.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, nixpkgs, ... }:
+
+let
+  # background-image = builtins.path {
+  #   name = "background-image";
+  #   path = /home/qaristote/.background-image;
+  # };
+  background-image = config.home-manager.users.qaristote.home.wallpaper;
+in {
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio = {
+    enable = true;
+    support32Bit = true;
+    package = pkgs.pulseaudioFull;
+    extraConfig = ''
+      load-module module-dbus-protocol
+    '';
+  };
+  nixpkgs.config.pulseaudio = true;
+
+  # Enable X server
+  services.xserver = {
+    enable = true;
+    desktopManager.xfce.enable = true;
+    windowManager.i3.enable = true;
+    displayManager = {
+      lightdm = {
+        enable = true;
+        background = background-image;
+        greeters.gtk = {
+          enable = true;
+          theme = {
+            name = "Arc-Dark";
+            package = pkgs.arc-theme;
+          };
+          iconTheme = {
+            name = "Breeze-dark";
+            package = pkgs.breeze-icons;
+          };
+        };
+      };
+      defaultSession = "xfce+i3";
+    };
+    # Hardware
+    libinput.enable = true;
+    layout = "fr";
+    autoRepeatDelay = 200;
+  };
+
+  # Enable all users to change hardware settings (brightness, backlight)
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
+    ACTION=="add", SUBSYSTEM=="leds", KERNEL=="dell::kbd_backlight", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/brightness"
+  '';
+}
diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix
new file mode 100644
index 0000000..b308ee1
--- /dev/null
+++ b/nixos/hardware-configuration.nix
@@ -0,0 +1,33 @@
+{ lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f5809224-8478-474f-b25d-dde1ada37957";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/330B-45DE";
+    fsType = "vfat";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/8a6efcde-2361-40d5-a341-62188c014618";
+    fsType = "ext4";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/0cf1b50c-670c-4dc6-bb91-fc45d6148028"; }];
+
+  hardware.firmware = with pkgs; [ firmwareLinuxNonfree ];
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  programs.steam.enable = true;
+}
diff --git a/nixos/locale.nix b/nixos/locale.nix
new file mode 100644
index 0000000..1c79541
--- /dev/null
+++ b/nixos/locale.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+
+{
+  time.timeZone = "Europe/Paris";
+  location = {
+    latitude = 48.856614;
+    longitude = 2.3522219;
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };
+}
diff --git a/nixos/networking.nix b/nixos/networking.nix
new file mode 100644
index 0000000..92111a1
--- /dev/null
+++ b/nixos/networking.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "latitude-7490";
+
+  # NetworkManager
+  environment.systemPackages = with pkgs; [ networkmanager ];
+  networking.networkmanager = {
+    enable = true;
+    unmanaged = [ "interface-name:ve-*" ];
+  };
+
+  # Hosts
+  networking.hosts = {
+    "10.3.141.1" = [ "raspberrypi.local" ];
+    "10.233.1.2" = [ "searx.aristote.fr" "quentin.aristote.fr" "aristote.fr" ];
+  };
+
+  # DHCP
+  networking.interfaces.enp0s31f6.useDHCP = true;
+  networking.interfaces.wlp2s0.useDHCP = true;
+
+  # NAT
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+  };
+  networking = {
+    nat = {
+      enable = true;
+      internalInterfaces = [ "ve-+" ];
+      externalInterface = "tun0";
+    };
+  };
+
+  # Firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # Syncthing
+      22000
+    ];
+    allowedTCPPortRanges = [
+      # KDEConnect
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
+    allowedUDPPorts = [
+      # Syncthing
+      22000
+      21027
+      # Wireguard
+      # 51820
+    ];
+    allowedUDPPortRanges = [
+      # KDE Connect
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
+  };
+
+  # Bluetooth
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+}
diff --git a/nixos/services.nix b/nixos/services.nix
new file mode 100644
index 0000000..720bf2b
--- /dev/null
+++ b/nixos/services.nix
@@ -0,0 +1,19 @@
+{ pkgs, config, ... }:
+
+{
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  services = {
+    fcron = {
+      enable = true;
+      allow = [ "qaristote" ];
+      systab = ''
+        # Update the system.
+        @daily root sudo ${pkgs.nix}/bin/nix-channel --update; sudo ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch
+      '';
+    };
+  };
+}
diff --git a/nixos/users.nix b/nixos/users.nix
new file mode 100644
index 0000000..04265e0
--- /dev/null
+++ b/nixos/users.nix
@@ -0,0 +1,18 @@
+{ ... }:
+
+{
+  users.users.qaristote = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel" # Enable ‘sudo’ for the user.
+      "audio"
+      "networkmanager"
+    ];
+  };
+
+  home-manager = {
+    users.qaristote = import /home/qaristote/.config/nixpkgs;
+    useGlobalPkgs = false;
+    useUserPackages = true; # to enable fontconfig inside home-manager
+  };
+}
-- 
cgit v1.2.3