lilith/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lilith:a9d0f1e6b7e6dfff30773d11dd1ff32d517cdc06
Branches Tags
lilith:main
..
compare: lilith:44fc8ce45650958caff59d393c231e0d87bff9a3
Branches Tags
lilith:main

8 commits
a9d0f1e6b7 ... 44fc8ce456

Author SHA1 Message Date
Lilith
44fc8ce456
system 2025-02-27 01:31:04 +01:00
Lilith
c4eed0e32f
system 2025-02-27 01:27:54 +01:00
Lilith
836a7e0e2c
env 2025-02-27 00:44:53 +01:00
Lilith
a425c0a14e
packages 2025-02-27 00:40:34 +01:00
Lilith
72cd7b3696
users 2025-02-27 00:37:57 +01:00
Lilith
240a322ec6
gitignore 2025-02-27 00:09:35 +01:00
Lilith
b4f599ffbc
delete 2025-02-27 00:09:12 +01:00
Lilith
6afe7c562d
headless/home 2025-02-27 00:08:36 +01:00
21 changed files with 319 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
old
result

6
flake.nix
View file

@ -32,11 +32,13 @@
outputs = {
self,
nixpkgs,
home-manager,
...
} @ inputs: let
inherit (nixpkgs) lib;
defaultConfig = {
desktop = true;
};
makeHost = host: let
@ -51,6 +53,10 @@
./hosts/${host}/hardware-configuration.nix
./system
{networking.hostName = host;}
]
++ lib.optionals config.desktop [
home-manager
./home
];
};
in {

1
headless/default.nix Normal file
View file

@ -0,0 +1 @@
{...}: {}

1
home/default.nix Normal file
View file

@ -0,0 +1 @@
{...}: {}

9
system/audio.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

3
system/bluetooth.nix Normal file
View file

@ -0,0 +1,3 @@
{...}: {
hardware.bluetooth.enable = true;
}

11
system/btrfs.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
services.btrfs.autoScrub = {
enable = true;
interval = "Fri 07:00";
fileSystems = [
"/persist"
"/nix"
];
};
}

21
system/default.nix
View file

@ -1,5 +1,26 @@
{...}: {
imports = [
./boot.nix
./packages.nix
./env.nix
./btrfs.nix
./users.nix
./networking.nix
./persistence.nix
./nix.nix
./audio.nix
./ssh.nix
./syncthing.nix
./wayland.nix
./steam.nix
./nfs.nix
./fonts.nix
./bluetooth.nix
./zsh.nix
];
system.stateVersion = "24.11";
}

9
system/env.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
time.timeZone = "Europe/Berlin";
environment.variables = {
EDITOR = "hx";
VISUAL = "hx";
FLAKE = "/home/lilith/nixos";
};
}

6
system/fonts.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
twemoji-color-font
];
}

19
system/networking.nix Normal file
View file

@ -0,0 +1,19 @@
{...}: {
networking.networkmanager = {
enable = true;
wifi.macAddress = "random";
ethernet.macAddress = "random";
};
networking.nftables = {
enable = true;
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22 # ssh
22000 # syncthing
];
};
}

13
system/nfs.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }: {
fileSystems."/mnt/nas" = {
device = "nixserver:/share";
fsType = "nfs";
options = [
"nfsvers=4.2"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=600"
"_netdev"
];
};
}

15
system/nix.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
nix = {
gc = {
automatic = true;
dates = "05:30";
options = "--delete-older-than 7d";
};
settings = {
keep-outputs = true;
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
trusted-users = ["root" "@wheel"];
};
};
}

21
system/packages.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ...}: {
environment.systemPackages = with pkgs; [
age
compsize
duf
eza
bat
file
htop
btop
git
jq
yq
du-dust
ripgrep
sops
wget
wireguard-tools
zip
];
}

60
system/persistence.nix Normal file
View file

@ -0,0 +1,60 @@
{impermanence, conf, lib, config, ...}: {
imports = [impermanence.nixosModule];
environment.persistence."/persist/data" = {
hideMounts = true;
directories = [
"/etc/NetworkManager/system-connections"
"/var/lib/bluetooth"
];
files = [];
users.lilith = {
directories = [
".config/syncthing"
".config/sops"
".config/keepassxc"
".config/obsidian"
".config/vesktop"
".gnupg"
".ssh"
".thunderbird"
".mozilla"
"nixos"
"sync"
"obsidian"
"code"
".keepass"
];
files = [];
}
};
environment.persistence."/persist/cache" = {
hideMounts = true;
directories = [
"/root/.cache/nix"
"/var/lib/btrfs"
"/var/lib/nixos"
"/var/lib/systemd/backlight"
"/var/lib/systemd/timers"
"/var/log"
];
files = [
"/etc/machine-id"
];
users.lilith = {
directories = [
".cache/nix"
".cache/keepassxc"
".cargo"
".local/state/wireplumber"
"tmp"
];
files = [];
};
};
}

11
system/ssh.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
networking.firewall.allowedTCPPorts = [22];
services.openssh = {
enable = true;
ports = [22];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}

5
system/steam.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
programs.steam.enable = true;
programs.steam.remotePlay.openFirewall = true;
}

49
system/syncthing.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, ...}: let
host = networking.hostName;
in {
sops.secrets."syncthing/key.pem" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
};
sops.secrets."syncthing/cert.pem" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
};
services.syncthing = {
enable = true;
user = lilith;
dataDir = "/home/lilith";
configDir = "/home/lilith/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
key = config.sops.secrets."syncthing/key.pem".path;
cert = config.sops.secrets."syncthing/cert.pem".path;
devices = {
"phone" = {id = "C2CKYRP-72UNJRX-MUPZIUY-CCHQYGF-6T4NA6B-MO7AEZB-RSN5EAG-CN2JCAF";};
"nixserver" = {id = "DW6GTZ3-3JPAHLO-UEB3LBL-AWOX3BT-QPI7ODT-OZ6Q4YR-K3KK22C-5RY3XQZ";};
"lilith-pc" = {id = "37HHP4Q-NNQRQPQ-MVSIHAX-BK2A3GL-O6K4WXA-Y7ZQ5GZ-BY4UTFH-LG4HYAY";};
"lilith-pad" = {id = "GQJA6WA-G5YZZSN-4OOQMVE-JPIR22N-VFHPY4O-XMRG37D-DALH4R2-7DCTMQK";};
"lilith-old" = {id = "MSUZJ6K-4CIFE5D-ILO6FE4-SPRPTZI-VEWZQ7F-ECARCCF-2VLVMDQ-2HQUAAS";};
};
folders = {
"rdcj2-mfyb4" = {
path = "/home/lilith/sync";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
"sdpfs-2beqd" = {
path = "/home/lilith/.keepass";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
"7qim7-yzqpn" = {
path = "/home/lilith/obsidian";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
};
};
};
}

30
system/users.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, ...}: let
host = config.networking.hostName;
in {
users.mutableUsers = false;
users.users = {
lilith = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "networkmanager" ];
hashedPasswordFile = config.sops.secrets."user/password".path;
};
};
sops.secrets = {
"user/password" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
neededForUsers = true;
};
"user/ssh/private" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519";
owner = "lilith";
};
"user/ssh/public" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519.pub";
owner = "lilith";
};
};
}

24
system/wayland.nix Normal file
View file

@ -0,0 +1,24 @@
{...}: {
hardware.graphics.enable = true;
security.polkit.enable = true;
security.pam.services.hyprlock = {};
services.dbus.enable = true;
programs.hyprland.enable = true;
services.greetd = {
enable = true;
settings = {
default_session = {
user = "lilith";
command = "Hyprland";
};
initial_session = {
user = "lilith";
command = "Hyprland";
};
};
};
}

4
system/zsh.nix Normal file
View file

@ -0,0 +1,4 @@
{pkgs, ...}: {
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
}