nix

2026-03-24 17:00:49 +01:00
commit da32fc7529
8 changed files with 772 additions and 0 deletions
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -0,0 +1,103 @@
+{
+  pkgs,
+  userName,
+  ...
+}:
+{
+  nixpkgs.config.allowUnfree = true;
+
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 14d";
+    };
+  };
+
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    configurationLimit = 10;
+    device = "nodev";
+    efiSupport = true;
+    enableCryptodisk = true;
+    useOSProber = true;
+    zfsSupport = true;
+  };
+
+  time.timeZone = "Europe/Stockholm";
+  i18n.defaultLocale = "sv_SE.UTF-8";
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "sv-latin1";
+  };
+
+  networking.useNetworkd = true;
+  systemd.network.enable = true;
+  systemd.network.wait-online.enable = false;
+  services.resolved.enable = true;
+  services.openssh.enable = true;
+
+  systemd.network.networks."10-wired" = {
+    matchConfig.Name = [
+      "en*"
+      "eth*"
+    ];
+    networkConfig = {
+      DHCP = "yes";
+      IPv6AcceptRA = true;
+    };
+    dhcpV4Config.RouteMetric = 100;
+    dhcpV6Config.RouteMetric = 100;
+  };
+
+  programs.zsh.enable = true;
+  programs.htop.enable = true;
+  programs.tmux.enable = true;
+  programs.git.enable = true;
+  programs.lazygit.enable = true;
+  programs.bat.enable = true;
+  programs.nix-ld.enable = true;
+
+  users.defaultUserShell = pkgs.zsh;
+
+  environment.sessionVariables = {
+    EDITOR = "nvim";
+    NIXOS_OZONE_WL = "1";
+  };
+
+  environment.systemPackages = with pkgs; [
+    cowsay
+    fortune
+    lolcat
+    curl
+    eza
+    fzf
+    neovim
+    odt2txt
+    openssl
+    stow
+    tpm2-tools
+    unzip
+    wget
+    zsh
+  ];
+
+  security.sudo.wheelNeedsPassword = true;
+
+  users.users.${userName}.openssh.authorizedKeys.keys = [ ];
+}
--- a/modules/desktop-hyprland.nix
+++ b/modules/desktop-hyprland.nix
@@ -0,0 +1,113 @@
+{ pkgs, ... }:
+{
+  programs.dconf.enable = true;
+  programs.hyprland.enable = true;
+  programs.thunar.enable = true;
+  programs.thunderbird.enable = true;
+  programs.xwayland.enable = true;
+
+  hardware.graphics.enable = true;
+
+  security.polkit.enable = true;
+  security.rtkit.enable = true;
+
+  services.displayManager.defaultSession = "hyprland";
+  services.displayManager.sddm = {
+    enable = true;
+    wayland.enable = true;
+  };
+
+  security.pam.services.login.enableGnomeKeyring = true;
+  security.pam.services.sddm.enableGnomeKeyring = true;
+
+  services.gnome.gnome-keyring.enable = true;
+  services.gvfs.enable = true;
+  services.libinput.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    wireplumber.enable = true;
+  };
+  services.tumbler.enable = true;
+  services.udisks2.enable = true;
+
+  xdg.portal = {
+    enable = true;
+    xdgOpenUsePortal = true;
+    extraPortals = [
+      pkgs.xdg-desktop-portal-gtk
+      pkgs.xdg-desktop-portal-hyprland
+    ];
+  };
+
+  fonts.packages = with pkgs; [
+    jetbrains-mono
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-color-emoji
+  ];
+
+  fonts.fontconfig.defaultFonts = {
+    monospace = [ "JetBrains Mono" ];
+    sansSerif = [ "Noto Sans" ];
+    serif = [ "Noto Serif" ];
+    emoji = [ "Noto Color Emoji" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    brightnessctl
+    catfish
+    cliphist
+    dunst
+    ffmpegthumbnailer
+    firefox
+    flatpak
+    ghostty
+    gcr
+    glib
+    grim
+    hypridle
+    hyprlock
+    hyprpaper
+    jq
+    kdePackages.breeze
+    libgsf
+    libnotify
+    libsecret
+    libsForQt5.qt5ct
+    libsForQt5.qtstyleplugin-kvantum
+    mpv
+    pavucontrol
+    papirus-icon-theme
+    playerctl
+    python3
+    qt6Packages.qt6ct
+    qt6Packages.qtstyleplugin-kvantum
+    rofi
+    slurp
+    socat
+    telegram-desktop
+    waybar
+    wezterm
+    wl-clipboard
+    ristretto
+    thunar-archive-plugin
+    thunar-volman
+    zathura
+  ];
+
+  systemd.user.services.hyprpolkitagent = {
+    description = "Hyprland polkit agent";
+    wantedBy = [ "graphical-session.target" ];
+    after = [ "graphical-session.target" ];
+    partOf = [ "graphical-session.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.hyprpolkitagent}/bin/hyprpolkitagent";
+      Restart = "on-failure";
+      RestartSec = 1;
+    };
+  };
+
+}
--- a/modules/zfs-root.nix
+++ b/modules/zfs-root.nix
@@ -0,0 +1,28 @@
+{ ... }:
+{
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.devNodes = "/dev/disk/by-id";
+  boot.initrd.systemd.enable = true;
+  boot.initrd.luks.devices.cryptroot = {
+    device = "/dev/disk/by-partlabel/cryptroot";
+    allowDiscards = true;
+    crypttabExtraOpts = [
+      "tpm2-device=auto"
+      "tpm2-pcrs=7"
+    ];
+  };
+
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true;
+    tctiEnvironment.enable = true;
+  };
+
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+    autoSnapshot.enable = true;
+  };
+
+  services.fstrim.enable = false;
+}