diff --git a/flake.lock b/flake.lock index cfbf99d8..6cd3abfd 100644 --- a/flake.lock +++ b/flake.lock @@ -89,6 +89,39 @@ "type": "github" } }, + "crane_2": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "rust-overlay": [ + "lanzaboote", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -184,6 +217,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flakelib": { "inputs": { "fl-config": "fl-config", @@ -225,6 +279,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -424,6 +500,37 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane_2", + "flake-compat": [ + "flake-compat" + ], + "flake-parts": "flake-parts", + "flake-utils": [ + "utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682802423, + "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "64b903ca87d18cef2752c19c098af275c6e51d63", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.3.0", + "repo": "lanzaboote", + "type": "github" + } + }, "mach-nix": { "inputs": { "flake-utils": [ @@ -498,11 +605,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1706834982, - "narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=", + "lastModified": 1710123225, + "narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "83e571bb291161682b9c3ccd48318f115143a550", + "rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba", "type": "github" }, "original": { @@ -529,16 +636,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1705957679, - "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "lastModified": 1678872516, + "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } @@ -581,6 +688,37 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1681413034, + "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pypi-deps-db": { "flake": false, "locked": { @@ -616,6 +754,7 @@ "hyprlock": "hyprlock", "hyprsome": "hyprsome", "konawall-py": "konawall-py", + "lanzaboote": "lanzaboote", "mach-nix": "mach-nix", "minecraft": "minecraft", "nix-index-database": "nix-index-database", @@ -635,6 +774,31 @@ "xdph": "xdph" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682129965, + "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2c417c0460b788328220120c698630947547ee83", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "scalpel": { "inputs": { "nixpkgs": [ @@ -663,7 +827,9 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1707015547, diff --git a/flake.nix b/flake.nix index 8c69ff36..482d5cda 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,16 @@ nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.3.0"; + + # Optional but recommended to limit the size of your system closure. + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "utils"; + flake-compat.follows = "flake-compat"; + }; + }; flakelibstd = { url = "github:flakelib/std"; inputs.nix-std.follows = "std"; @@ -88,7 +98,10 @@ # secrets sops-nix = { url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs"; + }; }; # secrets templating scalpel = { diff --git a/home/environments/hyprland/hyprland.nix b/home/environments/hyprland/hyprland.nix index 087073db..36ae9192 100644 --- a/home/environments/hyprland/hyprland.nix +++ b/home/environments/hyprland/hyprland.nix @@ -33,6 +33,10 @@ in { systemd = { enable = true; variables = ["--all"]; + extraCommands = [ + "systemctl --user stop graphical-session.target" + "systemctl --user start hyprland-session.target" + ]; }; xwayland.enable = true; settings = { @@ -76,6 +80,8 @@ in { "${pkgs.mako}/bin/mako" "${pkgs.udiskie}/bin/udiskie &" "${pkgs.pasystray}/bin/pasystray" + "${pkgs.systemd}/bin/systemctl restart waybar --user" + "${pkgs.systemd}/bin/systemctl restart konawall-py --user" ]; exec = [ ]; @@ -112,9 +118,9 @@ in { "$mod, G, togglegroup," "$mod SHIFT, N, changegroupactive, f" "$mod SHIFT, P, changegroupactive, b" - "$mod, R, togglesplit," "$mod, T, togglefloating," - "$mod SHIFT, P, pseudo," + "$mod SHIFT, T, togglesplit," + "$mod SHIFT, X, pseudo," "$mod ALT, ,resizeactive," "$mod, Escape, exec, wlogout -p layer-shell" "$mod, L, exec, loginctl lock-session" @@ -127,6 +133,10 @@ in { "$mod SHIFT, right, movewindow, r" "$mod SHIFT, up, movewindow, u" "$mod SHIFT, down, movewindow, d" + "$mod ALT, left, movewindoworgroup, l" + "$mod ALT, right, movewindoworgroup, r" + "$mod ALT, up, movewindoworgroup, u" + "$mod ALT, down, movewindoworgroup, d" "$mod, P, exec, ${pkgs.hyprpicker}/bin/hyprpicker -na" diff --git a/home/environments/hyprland/konawall.nix b/home/environments/hyprland/konawall.nix index f9189ef7..c74c063f 100644 --- a/home/environments/hyprland/konawall.nix +++ b/home/environments/hyprland/konawall.nix @@ -4,19 +4,6 @@ config, ... }: let - systemd.user.services.konawall-py = { - Unit = { - Description = "konawall-py"; - X-Restart-Triggers = [(toString config.xdg.configFile."konawall/config.toml".source)]; - After = ["hyprland-session.target"]; - }; - Service = { - ExecStart = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; - Restart = "always"; - }; - Install = {WantedBy = ["hyprland-session.target"];}; - }; - konawallConfig = { interval = 60 * 5; rotate = true; @@ -33,6 +20,19 @@ }; }; in { + systemd.user.services.konawall-py = { + Unit = { + Description = "konawall-py"; + X-Restart-Triggers = [(toString config.xdg.configFile."konawall/config.toml".source)]; + After = ["hyprland-session.target" "network-online.target"]; + }; + Service = { + ExecStart = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; + Restart = "on-failure"; + RestartSec = "1s"; + }; + Install = {WantedBy = ["hyprland-session.target"];}; + }; xdg.configFile = { "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; }; diff --git a/home/profiles/graphical/firefox.nix b/home/profiles/graphical/firefox.nix index 2784b20c..fec60ef8 100644 --- a/home/profiles/graphical/firefox.nix +++ b/home/profiles/graphical/firefox.nix @@ -120,7 +120,7 @@ "beacon.enabled" = false; "browser.search.geoip.url" = ""; "browser.search.region" = "CA"; - "browser.search.suggest.enabled" = false; + "browser.search.suggest.enabled" = true; "browser.search.update" = false; "browser.selfsupport.url" = ""; "extensions.getAddons.cache.enabled" = false; diff --git a/home/profiles/neovim/default.nix b/home/profiles/neovim/default.nix index dd52b1fb..58a67fe4 100644 --- a/home/profiles/neovim/default.nix +++ b/home/profiles/neovim/default.nix @@ -56,6 +56,10 @@ in { bufferline-nvim # Language Server nvim-lspconfig + # tree + nui-nvim + neo-tree-nvim + # tree sitter (pkgs.vimPlugins.nvim-treesitter.withPlugins (_: with pkgs.tree-sitter-grammars; [ tree-sitter-c diff --git a/nixos/hardware/amd_cpu.nix b/nixos/hardware/amd_cpu.nix deleted file mode 100644 index fd6738b1..00000000 --- a/nixos/hardware/amd_cpu.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib.modules) mkDefault; -in { - boot.kernelModules = ["kvm-amd"]; - hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/hardware/amd_gpu.nix b/nixos/hardware/amd_gpu.nix deleted file mode 100644 index f16a5f97..00000000 --- a/nixos/hardware/amd_gpu.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - boot.kernelParams = [ - "amdgpu.gpu_recovery=1" - ]; -} diff --git a/nixos/hardware/framework/color.nix b/nixos/hardware/framework/color.nix deleted file mode 100644 index b6cd57a1..00000000 --- a/nixos/hardware/framework/color.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - pkgs, - ... -}: { - home-manager.users.kat.wayland.windowManager.hyprland.settings.exec-once = [ - "${pkgs.colord}/bin/colormgr import-profile ${./framework-icc.icm}" - ]; -} diff --git a/nixos/hardware/framework/imports.nix b/nixos/hardware/framework/imports.nix index 37f10952..6ff19e4f 100644 --- a/nixos/hardware/framework/imports.nix +++ b/nixos/hardware/framework/imports.nix @@ -4,10 +4,8 @@ ... }: { imports = - (with tree.nixos.hardware; [ - amd_cpu - amd_gpu - uefi + (with tree.nixos.profiles; [ + uefi ]) ++ [ inputs.nixos-hardware.outputs.nixosModules.framework-13-7040-amd diff --git a/nixos/hardware/intel_cpu.nix b/nixos/hardware/intel_cpu.nix deleted file mode 100644 index e412ab20..00000000 --- a/nixos/hardware/intel_cpu.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: let -in { - boot.kernelModules = ["kvm-intel"]; - services.thermald.enable = true; -} diff --git a/nixos/hardware/intel_gpu.nix b/nixos/hardware/intel_gpu.nix deleted file mode 100644 index ca88aa53..00000000 --- a/nixos/hardware/intel_gpu.nix +++ /dev/null @@ -1,13 +0,0 @@ -{pkgs, ...}: { - services.xserver.videoDrivers = ["intel"]; - hardware.opengl = { - enable = true; - driSupport = true; - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - ]; - }; -} diff --git a/nixos/profiles/bootable/grub.nix b/nixos/profiles/bootable/grub.nix index 07743971..78c53740 100644 --- a/nixos/profiles/bootable/grub.nix +++ b/nixos/profiles/bootable/grub.nix @@ -1,8 +1,9 @@ -_: { - boot.loader = { +{config, lib, ... }: let + inherit (lib.modules) mkIf; + in { + boot.loader = mkIf (config.boot.loader.grub.enable) { timeout = null; grub = { - enable = false; useOSProber = true; splashImage = ./splash.jpg; extraConfig = '' diff --git a/nixos/profiles/bootable/zfs.nix b/nixos/profiles/bootable/zfs.nix deleted file mode 100644 index 8c3c3bff..00000000 --- a/nixos/profiles/bootable/zfs.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - std, - config, - lib, - ... -}: let - inherit (std) list; - inherit (lib.modules) mkDefault mkIf; -in { - boot = mkIf (list.elem "zfs" config.boot.supportedFilesystems) { - kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages; - zfs.enableUnstable = true; - }; -} diff --git a/nixos/hardware/uefi.nix b/nixos/profiles/uefi.nix similarity index 100% rename from nixos/hardware/uefi.nix rename to nixos/profiles/uefi.nix diff --git a/nixos/profiles/wireless/wifi.nix b/nixos/profiles/wireless/wifi.nix index 16c93606..9ae5c88e 100644 --- a/nixos/profiles/wireless/wifi.nix +++ b/nixos/profiles/wireless/wifi.nix @@ -12,6 +12,7 @@ in { networking = { networkmanager = { enable = true; + wifi.backend = "iwd"; connectionConfig = { "ipv6.ip6-privacy" = mkForce 0; }; diff --git a/systems/koishi.nix b/systems/koishi.nix index bf4c4d09..4d1cd2ca 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -1,71 +1,85 @@ _: let - hostConfig = { - tree, - pkgs, - lib, - inputs, - ... - }: { - imports = - (with tree.nixos.hardware; [ - framework - ]) - ++ (with tree.nixos.profiles; [ +hostConfig = { + tree, + pkgs, + lib, + inputs, + ... +}: { + imports = + (with tree.nixos.hardware; [ + framework + ]) + ++ (with tree.nixos.profiles; [ graphical + gaming wireless laptop bcachefs - ]) - ++ (with tree.nixos.environments; [ + ]) + ++ (with tree.nixos.environments; [ hyprland - ]); - config = { - home-manager.users.kat.imports = - (with tree.home.profiles; [ - graphical - devops - ]) - ++ (with tree.home.environments; [ + ]); + config = let + inherit (lib.modules) mkForce; + in { + home-manager.users.kat.imports = + (with tree.home.profiles; [ + graphical + devops + ]) + ++ (with tree.home.environments; [ hyprland - ]); + ]); - environment.systemPackages = with pkgs; [ - parsec-bin - ]; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/861e8815-9327-4e49-915b-73a3b0bdfa25"; - fsType = "bcachefs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/DD84-303D"; - fsType = "vfat"; - }; + environment.systemPackages = with pkgs; [ + parsec-bin + sbctl + ]; + services.avahi = { + nssmdns = true; + enable = true; + ipv4 = true; + ipv6 = true; + publish = { + enable = true; + addresses = true; + workstation = true; }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/04bd322e-dca0-43b8-b588-cc0ef1b1488e";} - ]; - - boot = { - supportedFilesystems = ["ntfs"]; - loader = { - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - systemd-boot.enable = true; - }; - }; - - networking = { - useDHCP = false; - }; - - system.stateVersion = "24.05"; }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/861e8815-9327-4e49-915b-73a3b0bdfa25"; + fsType = "bcachefs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/DD84-303D"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/04bd322e-dca0-43b8-b588-cc0ef1b1488e";} + ]; + + boot = { + supportedFilesystems = ["ntfs"]; + loader = { + systemd-boot.enable = mkForce false; + }; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; + + networking = { + useDHCP = false; + }; + + system.stateVersion = "24.05"; }; +}; in { arch = "x86_64"; type = "NixOS"; diff --git a/tree.nix b/tree.nix index c1cb51b5..c8b37db6 100644 --- a/tree.nix +++ b/tree.nix @@ -76,6 +76,7 @@ minecraft.nixosModules.minecraft-servers sops-nix.nixosModules.sops base16.nixosModules.base16 + lanzaboote.nixosModules.lanzaboote ]; }; };