commit 4211c5f7f880f39fabe0e1ba6f72b7e76bbde4d6 Author: Stefan Kempinger Date: Tue Jan 20 13:23:38 2026 +0100 initial state of laptop as a part of a large nixos config diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..56cefbb --- /dev/null +++ b/flake.lock @@ -0,0 +1,183 @@ +{ + "nodes": { + "crane": { + "locked": { + "lastModified": 1767744144, + "narHash": "sha256-9/9ntI0D+HbN4G0TrK3KmHbTvwgswz7p8IEJsWyef8Q=", + "owner": "ipetkov", + "repo": "crane", + "rev": "2fb033290bf6b23f226d4c8b32f7f7a16b043d7e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit": "pre-commit", + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1768307256, + "narHash": "sha256-3yDvlAqWa0Vk3B9hFRJJrSs1xc+FwVQFLtu//VrTR4c=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "7e031eb535a494582f4fc58735b5aecba7b57058", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1768736227, + "narHash": "sha256-qgGq7CfrYKc3IBYQ7qp0Z/ZXndQVC5Bj0N8HW9mS2rM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d447553bcbc6a178618d37e61648b19e744370df", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-safe": { + "locked": { + "lastModified": 1764283775, + "narHash": "sha256-Z+uaM0oj4++O2h6I54EmNE90xvd/jDeOEvW4vpW4GTE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae6ee9e9de6f149f675349e43d6786875d22b3d1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae6ee9e9de6f149f675349e43d6786875d22b3d1", + "type": "github" + } + }, + "pre-commit": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767281941, + "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "lanzaboote": "lanzaboote", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "nixpkgs-safe": "nixpkgs-safe", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768704795, + "narHash": "sha256-Y33TAp2BHEcuspYvcmBXXD0qdvjftv73PwyKTDOjoSY=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "4b7472a78857ac789fb26616040f55cfcbd36c6e", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/kemptop/configuration.nix b/kemptop/configuration.nix new file mode 100644 index 0000000..c1f08ba --- /dev/null +++ b/kemptop/configuration.nix @@ -0,0 +1,290 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + inputs, + ... +}: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nixpkgs.config = { + allowUnfree = true; + android_sdk.accept_license = true; + }; + + # Use the systemd-boot EFI boot loader. + boot = { + binfmt.emulatedSystems = [ "aarch64-linux" ]; + plymouth = { + enable = true; + theme = "abstract_ring_alt"; + themePackages = with pkgs; [ + # By default we would install all themes + (adi1090x-plymouth-themes.override { + selected_themes = [ "abstract_ring_alt" ]; + }) + ]; + }; + + supportedFilesystems = [ "ntfs" ]; + + # Enable "Silent boot" + consoleLogLevel = 3; + initrd.verbose = false; + initrd.systemd.enable = true; + #bad: 6.12.62 + #bad: 6.17.12 + #good: 6.12.59 + #bad: 6.12.60 + #kernelPackages = (import inputs.nixpkgs-safe {system = "x86_64-linux"; }).linuxPackages; + #kernelPackages = pkgs.linuxPackages_6_17; + kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_12.override { # (#4) + argsOverride = rec { + src = pkgs.fetchFromGitHub { + owner = "torvalds"; + repo = "linux"; + # (#1) -> put the bisect revision here + rev = "17c3a66d7ea2d303f783796d62f99e2e23b68c90"; + # (#2) -> clear the sha; run a build, get the sha, populate the sha + sha256 = "sha256-2XyrJmaZPa2TaVrwwjXM0z3Dyj794FDdmOTyRuH3z/A="; + }; + + dontStrip = true; + # (#3) `head Makefile` from the kernel and put the right version numbers here + version = "6.12.59"; + modDirVersion = "6.12.59"; + }; +}); + kernelParams = [ + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + # Hide the OS choice for bootloaders. + # It's still possible to open the bootloader list by pressing any key + # It will just not appear on screen unless a key is pressed + loader.timeout = 0; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.enable = lib.mkForce false; + #loader.systemd-boot.configurationLimit = 3; + + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }; + + networking.hostName = "kemptop"; + networking.hostId = "5506a8e8"; + networking.networkmanager = { + enable = true; + plugins = with pkgs; [ + networkmanager-openvpn + ]; + }; + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + nix = { + extraOptions = '' + experimental-features = nix-command flakes impure-derivations ca-derivations + ''; + }; + + users.users.kemp = { + isNormalUser = true; + extraGroups = [ + "wheel" + "adbusers" + "wireshark" + "networkmanager" + "libvirt" + ]; + }; + + environment.systemPackages = with pkgs; [ + wget + usbutils + inetutils + pciutils + git + pkg-config + openssl + tree + rustc + cargo + rustfmt + edid-decode + file + acpica-tools + ethtool + cmake + zip + texlive.combined.scheme-full + distrobox + lshw + sbctl + adw-gtk3 + inkscape + traceroute + nix-output-monitor + dig + stdenv.cc + cmake + perl + smartmontools + gnumake + xz + android-tools + + # GUI programs + + android-studio-full + zed-editor + nautilus + zoom-us + spotify + prismlauncher + qdirstat + zenmap + mission-center + seahorse + texstudio + (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {}) + google-chrome + tor-browser + zathura + vlc + jetbrains.idea + + # Libreoffice + libreoffice-qt + hunspell + hunspellDicts.de_AT + hunspellDicts.en_US + + # fish shell setup + fishPlugins.done + fishPlugins.fzf-fish + fishPlugins.forgit + #fishPlugins.hydro + fzf + fishPlugins.grc + grc + + # LSP + nil + nixd + rust-analyzer + #cargotom + + + #niri + #alacritty fuzzel swaylock mako swayidle + ]; + environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; + + services.displayManager.cosmic-greeter.enable = true; + services.displayManager.autoLogin = { + enable = true; + user = "kemp"; + }; + services.desktopManager.cosmic.enable = true; + services.desktopManager.cosmic.xwayland.enable = true; + services.fwupd.enable = true; + services.pipewire.enable = true; + services.fprintd.enable = true; + services.flatpak.enable = true; + services.printing.enable = true; + services.hardware.bolt.enable = true; + services.printing.drivers = [ pkgs.hplipWithPlugin ]; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + services.gnome.gnome-keyring.enable = true; # secret service + + + security.pam.services.login.enableGnomeKeyring = true; + security.pam.services.login.fprintAuth = true; + security.polkit.enable = true; # polkit + + programs.nix-ld = { + enable = true; + libraries = pkgs.steam-run.args.multiPkgs pkgs; +}; + + #programs.niri.enable = true; + #security.pam.services.swaylock = {}; + #programs.waybar.enable = true; # top bar + + programs.firefox.enable = true; + programs.wireshark.enable = true; + programs.wireshark.package = pkgs.wireshark; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting # Disable greeting + ''; + }; + programs.bash = { + interactiveShellInit = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; + + programs.virt-manager.enable = true; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + }; + virtualisation.libvirtd.enable = true; + + + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" + ''; + + powerManagement.powertop.enable = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} diff --git a/kemptop/hardware-configuration.nix b/kemptop/hardware-configuration.nix new file mode 100644 index 0000000..0fb45b8 --- /dev/null +++ b/kemptop/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8b09fd02-ca92-48a5-bf25-55365595a79c"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/86faa083-e18a-462e-95fa-2a0b0737d6e0"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F907-7B0D"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}