From e0ccfe0e5e11cc876bf9df28faf3c7121d2f71a4 Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Mon, 3 Nov 2025 12:07:34 +0100 Subject: [PATCH] initial laptop state after enabling aarch64 emulation --- configuration.nix | 228 +++++++++++++++++++++++++++++++++++++ flake.lock | 192 +++++++++++++++++++++++++++++++ flake.nix | 38 +++++++ hardware-configuration.nix | 42 +++++++ 4 files changed, 500 insertions(+) create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..23da815 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,228 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nixpkgs.config = { + allowUnfree = true; + android_sdk.accept_license = true; + }; + + # Use the systemd-boot EFI boot loader. + boot = { + binfmt.emulatedSystems = [ "aarch64-linux" ]; + plymouth = { + enable = true; + theme = "abstract_ring_alt"; + themePackages = with pkgs; [ + # By default we would install all themes + (adi1090x-plymouth-themes.override { + selected_themes = [ "abstract_ring_alt" ]; + }) + ]; + }; + + # Enable "Silent boot" + consoleLogLevel = 3; + initrd.verbose = false; + initrd.systemd.enable = true; + kernelParams = [ + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + # Hide the OS choice for bootloaders. + # It's still possible to open the bootloader list by pressing any key + # It will just not appear on screen unless a key is pressed + loader.timeout = 0; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.enable = lib.mkForce false; + + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }; + + networking.hostName = "kemptop"; + networking.networkmanager.enable = true; + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + nix = { + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + users.users.kemp = { + isNormalUser = true; + extraGroups = [ + "wheel" + "adbusers" + "wireshark" + "networkmanager" + ]; + }; + + environment.systemPackages = with pkgs; [ + wget + usbutils + git + pkg-config + openssl + tree + rustc + cargo + rustfmt + edid-decode + file + acpica-tools + ethtool + cmake + zip + texlive.combined.scheme-full + texpresso + uv + distrobox + lshw + pciutils + sbctl + adw-gtk3 + + + + # GUI programs + + android-studio-full + zed-editor-fhs + nautilus + zoom-us + spotify + prismlauncher + qdirstat + zenmap + mission-center + seahorse + zathura + (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {}) + google-chrome + tor-browser + + # Libreoffice + libreoffice-qt + hunspell + hunspellDicts.de_AT + hunspellDicts.en_US + + # fish shell setup + fishPlugins.done + fishPlugins.fzf-fish + fishPlugins.forgit + #fishPlugins.hydro + fzf + fishPlugins.grc + grc + + # LSP + nil + nixd + rust-analyzer + #cargotom + ]; + environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; + + services.displayManager.cosmic-greeter.enable = true; + services.displayManager.autoLogin = { + enable = true; + user = "kemp"; + }; + services.desktopManager.cosmic.enable = true; + services.desktopManager.cosmic.xwayland.enable = true; + services.fwupd.enable = true; + services.pipewire.enable = true; + services.fprintd.enable = true; + services.flatpak.enable = true; + services.printing.enable = true; + services.printing.drivers = [ pkgs.hplipWithPlugin ]; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + services.gnome.gnome-keyring.enable = true; # secret service + + + security.pam.services.login.enableGnomeKeyring = true; + security.pam.services.login.fprintAuth = true; + security.polkit.enable = true; # polkit + + programs.firefox.enable = true; + programs.wireshark.enable = true; + programs.wireshark.package = pkgs.wireshark; + programs.adb.enable = true; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting # Disable greeting + ''; + }; + programs.bash = { + interactiveShellInit = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + }; + + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" + ''; + + + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a61d23c --- /dev/null +++ b/flake.lock @@ -0,0 +1,192 @@ +{ + "nodes": { + "crane": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1761827175, + "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "lanzaboote": "lanzaboote", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761878277, + "narHash": "sha256-6fCtyVdTzoQejwoextAu7dCLoy5fyD3WVh+Qm7t2Nhg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6604534e44090c917db714faa58d47861657690c", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c45c017 --- /dev/null +++ b/flake.nix @@ -0,0 +1,38 @@ +{ + description = "kemptop flake"; + + inputs = { + nixpkgs = { + url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + nixos-hardware.url = "github:NixOS/nixos-hardware"; + + lanzaboote = { + url = "github:nix-community/lanzaboote"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + }; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + }; + + outputs = { self, nixpkgs, nixos-hardware, lanzaboote,rust-overlay }: { + nixosConfigurations = { + kemptop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + + lanzaboote.nixosModules.lanzaboote + ./configuration.nix + nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen5 + ]; + }; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..0fb45b8 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8b09fd02-ca92-48a5-bf25-55365595a79c"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/86faa083-e18a-462e-95fa-2a0b0737d6e0"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F907-7B0D"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}