bwc9876.dev / nixos-config
Flake for my NixOS devices
fork atom

Update

bwc9876.dev 529c8ea0 24af169c

verified
+115 -120
unified split
+6
base/nix.nix
··· 4 4 lib, 5 5 ... 6 6 }: { 7 + environment.systemPackages = with pkgs; [ 8 + nh 9 + nix-output-monitor 10 + comma-with-db 11 + ]; 12 + 7 13 nix = { 8 14 channel.enable = false; 9 15 registry.p.flake = inputs.self;
+5 -2
base/shell.nix
··· 4 4 programs.fish.enable = true; 5 5 documentation.man.generateCaches = false; 6 6 programs.ssh.startAgent = true; 7 + 8 + security.sudo.extraConfig = '' 9 + Defaults lecture = never 10 + ''; 11 + 7 12 environment = { 8 13 shells = with pkgs; [nushell fish]; 9 14 variables.EDITOR = "nvim"; 10 15 11 16 systemPackages = with pkgs; [ 12 17 nushell 13 - comma-with-db 14 18 file 15 19 screen 16 20 util-linux 17 21 inetutils 18 22 just 19 - nix-output-monitor 20 23 man-pages 21 24 htop 22 25 dig
+46 -97
flake.lock
··· 15 15 "nuscht-search": "nuscht-search" 16 16 }, 17 17 "locked": { 18 - "lastModified": 1735634086, 19 - "narHash": "sha256-DTcB/kBZULyJztXXnH3OVF5LHLl+O670DuLZZNUMnNo=", 18 + "lastModified": 1736069220, 19 + "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", 20 20 "owner": "catppuccin", 21 21 "repo": "nix", 22 - "rev": "63290ea1d2a28e65195017ed78a81cfc242ef0df", 22 + "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", 23 23 "type": "github" 24 24 }, 25 25 "original": { ··· 79 79 ] 80 80 }, 81 81 "locked": { 82 - "lastModified": 1728330715, 83 - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", 82 + "lastModified": 1735644329, 83 + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", 84 84 "owner": "numtide", 85 85 "repo": "devshell", 86 - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", 86 + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", 87 87 "type": "github" 88 88 }, 89 89 "original": { ··· 151 151 ] 152 152 }, 153 153 "locked": { 154 - "lastModified": 1733312601, 155 - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", 154 + "lastModified": 1735774679, 155 + "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=", 156 156 "owner": "hercules-ci", 157 157 "repo": "flake-parts", 158 - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", 158 + "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66", 159 159 "type": "github" 160 160 }, 161 161 "original": { ··· 184 184 }, 185 185 "flake-utils_2": { 186 186 "inputs": { 187 - "systems": "systems_3" 187 + "systems": "systems_2" 188 188 }, 189 189 "locked": { 190 190 "lastModified": 1731533236, ··· 230 230 "nixpkgs": [ 231 231 "nixvim", 232 232 "nixpkgs" 233 - ], 234 - "nixpkgs-stable": [ 235 - "nixvim", 236 - "nixpkgs" 237 233 ] 238 234 }, 239 235 "locked": { 240 - "lastModified": 1734797603, 241 - "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", 236 + "lastModified": 1735882644, 237 + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", 242 238 "owner": "cachix", 243 239 "repo": "git-hooks.nix", 244 - "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", 240 + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", 245 241 "type": "github" 246 242 }, 247 243 "original": { ··· 301 297 ] 302 298 }, 303 299 "locked": { 304 - "lastModified": 1735774425, 305 - "narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=", 300 + "lastModified": 1736089250, 301 + "narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=", 306 302 "owner": "nix-community", 307 303 "repo": "home-manager", 308 - "rev": "5f6aa268e419d053c3d5025da740e390b12ac936", 304 + "rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196", 309 305 "type": "github" 310 306 }, 311 307 "original": { ··· 336 332 "type": "github" 337 333 } 338 334 }, 339 - "hyprland-qtutils": { 340 - "inputs": { 341 - "hyprutils": "hyprutils", 342 - "nixpkgs": [ 343 - "nixpkgs" 344 - ], 345 - "systems": "systems_2" 346 - }, 335 + "imperm": { 347 336 "locked": { 348 - "lastModified": 1734906472, 349 - "narHash": "sha256-pWPRv/GA/X/iAwoE6gMNUqn/ZeJX1IeLPRpZI0tTPK0=", 350 - "owner": "hyprwm", 351 - "repo": "hyprland-qtutils", 352 - "rev": "c77109d7e1ddbcdb87cafd32ce411f76328ae152", 337 + "lastModified": 1734945620, 338 + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", 339 + "owner": "nix-community", 340 + "repo": "impermanence", 341 + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", 353 342 "type": "github" 354 343 }, 355 344 "original": { 356 - "owner": "hyprwm", 357 - "repo": "hyprland-qtutils", 358 - "type": "github" 359 - } 360 - }, 361 - "hyprutils": { 362 - "inputs": { 363 - "nixpkgs": [ 364 - "hyprland-qtutils", 365 - "nixpkgs" 366 - ], 367 - "systems": [ 368 - "hyprland-qtutils", 369 - "systems" 370 - ] 371 - }, 372 - "locked": { 373 - "lastModified": 1734796073, 374 - "narHash": "sha256-TnuKsa8OHrSJEmHm3TLGOWbPNA1gRjmZLsRzKrCqOsg=", 375 - "owner": "hyprwm", 376 - "repo": "hyprutils", 377 - "rev": "c3331116ebd0b71df5ae8c6efe9a7f94148b03bf", 378 - "type": "github" 379 - }, 380 - "original": { 381 - "owner": "hyprwm", 382 - "repo": "hyprutils", 345 + "owner": "nix-community", 346 + "repo": "impermanence", 383 347 "type": "github" 384 348 } 385 349 }, ··· 472 436 ] 473 437 }, 474 438 "locked": { 475 - "lastModified": 1735478292, 476 - "narHash": "sha256-Ys9pSP9ch0SthhpbjnkCSJ9ZLfaNKnt/dcy7swjmS1A=", 439 + "lastModified": 1735956190, 440 + "narHash": "sha256-svzx3yVXD5tbBJZCn3Lt1RriH8GHo6CyVUPTHejf7sU=", 477 441 "owner": "lnl7", 478 442 "repo": "nix-darwin", 479 - "rev": "71a3a075e3229a7518d76636bb762aef2bcb73ac", 443 + "rev": "3feaf376d75d3d58ebf7e9a4f584d00628548ad9", 480 444 "type": "github" 481 445 }, 482 446 "original": { ··· 492 456 ] 493 457 }, 494 458 "locked": { 495 - "lastModified": 1735443188, 496 - "narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=", 459 + "lastModified": 1736047960, 460 + "narHash": "sha256-hutd85FA1jUJhhqBRRJ+u7UHO9oFGD/RVm2x5w8WjVQ=", 497 461 "owner": "Mic92", 498 462 "repo": "nix-index-database", 499 - "rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544", 463 + "rev": "816a6ae88774ba7e74314830546c29e134e0dffb", 500 464 "type": "github" 501 465 }, 502 466 "original": { ··· 523 487 }, 524 488 "nixpkgs": { 525 489 "locked": { 526 - "lastModified": 1735471104, 527 - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", 490 + "lastModified": 1735834308, 491 + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", 528 492 "owner": "NixOS", 529 493 "repo": "nixpkgs", 530 - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", 494 + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", 531 495 "type": "github" 532 496 }, 533 497 "original": { ··· 586 550 "treefmt-nix": "treefmt-nix" 587 551 }, 588 552 "locked": { 589 - "lastModified": 1735802549, 590 - "narHash": "sha256-aS03+IGLexQt5HL+tLZqSko6Jpxa+eozqcide/pab34=", 553 + "lastModified": 1736112263, 554 + "narHash": "sha256-tSYWCZhs21SVg+X6jQrHGchok3db6nqZ4vL+x2ySJWk=", 591 555 "owner": "nix-community", 592 556 "repo": "nixvim", 593 - "rev": "3285bbda0aa0151c3b1914758e6950dfb554962f", 557 + "rev": "7896856db1de897e95333aed381f06fa8788fff7", 594 558 "type": "github" 595 559 }, 596 560 "original": { ··· 632 596 ] 633 597 }, 634 598 "locked": { 635 - "lastModified": 1733773348, 636 - "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", 599 + "lastModified": 1735854821, 600 + "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", 637 601 "owner": "NuschtOS", 638 602 "repo": "search", 639 - "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", 603 + "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", 640 604 "type": "github" 641 605 }, 642 606 "original": { ··· 697 661 "catppuccin": "catppuccin", 698 662 "gh-grader-preview": "gh-grader-preview", 699 663 "hm": "hm", 700 - "hyprland-qtutils": "hyprland-qtutils", 664 + "imperm": "imperm", 701 665 "lanzaboote": "lanzaboote", 702 666 "nix-index-db": "nix-index-db", 703 667 "nixos-hardware": "nixos-hardware", ··· 736 700 ] 737 701 }, 738 702 "locked": { 739 - "lastModified": 1735784864, 740 - "narHash": "sha256-tIl5p3ueaPw7T5T1UXkLc8ISMk6Y8CI/D/rd0msf73I=", 703 + "lastModified": 1736130662, 704 + "narHash": "sha256-z+WGez9oTR2OsiUWE5ZhIpETqM1ogrv6Xcd24WFi6KQ=", 741 705 "owner": "oxalica", 742 706 "repo": "rust-overlay", 743 - "rev": "04d5f1836721461b256ec452883362c5edc5288e", 707 + "rev": "2f5d4d9cd31cc02c36e51cb2e21c4b25c4f78c52", 744 708 "type": "github" 745 709 }, 746 710 "original": { ··· 766 730 }, 767 731 "systems_2": { 768 732 "locked": { 769 - "lastModified": 1689347949, 770 - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 771 - "owner": "nix-systems", 772 - "repo": "default-linux", 773 - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 774 - "type": "github" 775 - }, 776 - "original": { 777 - "owner": "nix-systems", 778 - "repo": "default-linux", 779 - "type": "github" 780 - } 781 - }, 782 - "systems_3": { 783 - "locked": { 784 733 "lastModified": 1681028828, 785 734 "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 786 735 "owner": "nix-systems", ··· 802 751 ] 803 752 }, 804 753 "locked": { 805 - "lastModified": 1735135567, 806 - "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", 754 + "lastModified": 1735905407, 755 + "narHash": "sha256-1hKMRIT+QZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o=", 807 756 "owner": "numtide", 808 757 "repo": "treefmt-nix", 809 - "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", 758 + "rev": "29806abab803e498df96d82dd6f34b32eb8dd2c8", 810 759 "type": "github" 811 760 }, 812 761 "original": {
+2 -4
flake.nix
··· 26 26 nixvim.url = "github:nix-community/nixvim"; 27 27 nixvim.inputs.nixpkgs.follows = "nixpkgs"; 28 28 nixvim.inputs.home-manager.follows = "hm"; 29 - hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils"; 30 - hyprland-qtutils.inputs.nixpkgs.follows = "nixpkgs"; 29 + imperm.url = "github:nix-community/impermanence"; 31 30 }; 32 31 33 32 outputs = inputs @ { ··· 43 42 rust-overlay, 44 43 catppuccin, 45 44 nixvim, 46 - hyprland-qtutils, 45 + imperm, 47 46 }: let 48 47 lib = (import ./lib.nix) nixpkgs.lib; 49 48 pkgsForWithOverlays = system: overlays: ··· 55 54 ow-mod-man.overlays.default 56 55 rust-overlay.overlays.default 57 56 nix-index-db.overlays.nix-index 58 - hyprland-qtutils.overlays.default 59 57 ] 60 58 ++ overlays; 61 59 };
+3 -4
justfile
··· 11 11 alias b := build 12 12 # b: build the configuration 13 13 build: 14 - nom build .#nixosConfigurations.$HOSTNAME.config.system.build.toplevel 14 + nh os build . 15 15 16 16 [private] 17 17 alias s := switch 18 18 # s: activate configuration & add to boot menu 19 19 switch: 20 - sudo nixos-rebuild switch --flake .# --log-format internal-json |& nom --json 20 + nh os switch --ask . 21 21 22 22 [private] 23 23 alias c := check ··· 35 35 alias gc := garbage-collect 36 36 # gc: Run nix collect-garbage -d 37 37 garbage-collect: 38 - nix-collect-garbage -d 39 - sudo nix-collect-garbage -d 38 + nh clean all 40 39 41 40 [private] 42 41 alias iso := generate-iso
+8
roles/dev/js.nix
··· 1 1 {pkgs, ...}: { 2 + home-manager.users.bean.xdg.configFile."astro/config.json".text = builtins.toJSON { 3 + telemetry = { 4 + enabled = false; 5 + anonymousId = ""; 6 + notifiedAt = "0"; 7 + }; 8 + }; 9 + 2 10 environment.systemPackages = with pkgs; [ 3 11 nodejs 4 12 nodePackages.pnpm
+1 -1
roles/graphics/audio.nix
··· 1 1 {pkgs, ...}: { 2 2 # When you squint and don't think about it, audio is graphics (I don't wanna make anoher role bc why would I do that) 3 - hardware.pulseaudio.enable = false; 3 + services.pulseaudio.enable = false; 4 4 5 5 security.rtkit.enable = true; # Allows pipewire and friends to run realtime 6 6
+3
roles/imperm+secureboot.nix
··· 1 + {...}: { 2 + boot.lanzaboote.pkiBundle = "/nix/persist/secure/secureboot"; 3 + }
+40 -11
roles/imperm.nix
··· 1 - {config, ...}: { 1 + { 2 + config, 3 + inputs, 4 + ... 5 + }: let 6 + persistRoot = "/nix/persist"; # Anything important we want backed up 7 + secureRoot = "${persistRoot}/secure"; # Files and directories we want only root to access 8 + cacheRoot = "/nix/cache"; # Anything not as important that we can stand losing 9 + in { 10 + imports = [inputs.imperm.nixosModules.default]; 2 11 # Requires /nix/persist to exist 3 12 # TODO: Bind mount game save directories 4 13 5 14 environment.etc."machine-id".text = builtins.hashString "md5" config.networking.hostName; 6 15 7 - environment.persistence."/nix/persist" = { 16 + users.mutableUsers = false; 17 + users.users = { 18 + bean.hashedPasswordFile = "${secureRoot}/hashed-passwd"; 19 + root.hashedPasswordFile = "${secureRoot}/hashed-passwd"; 20 + }; 21 + 22 + fileSystems."/tmp/nix-build" = { 23 + device = "${cacheRoot}/nix-build"; 24 + options = ["bind" "X-fstrim.notrim" "x-gvfs-hide"]; 25 + }; 26 + 27 + systemd.services.nix-daemon = { 28 + environment.TMPDIR = "/tmp/nix-build"; 29 + unitConfig.RequiresMountsFor = ["/tmp/nix-build" "/nix/store"]; 30 + }; 31 + 32 + environment.persistence.${cacheRoot} = { 8 33 enable = true; 9 34 hideMounts = true; 10 35 directories = [ ··· 15 40 "/var/lib/systemd/timers" 16 41 "/var/lib/systemd/backlight" 17 42 "/var/lib/systemd/rfkill" 18 - "/etc/NetworkManager/system-connections" 19 - "/etc/passwd" 20 - "/etc/shadow" 21 - "/etc/secureboot" 22 43 { 23 44 directory = "/var/lib/colord"; 24 45 user = "colord"; 25 46 group = "colord"; 26 47 mode = "u=rwx,g=rx,o="; 27 48 } 49 + ]; 50 + users.bean.directories = [ 51 + ".cache" 52 + ".local/share/Steam" # Most saves are cloud backed up or in .local/share and I don't want to back up games themselves 53 + "" 54 + ]; 55 + }; 56 + 57 + environment.persistence.${persistRoot} = { 58 + enable = true; 59 + hideMounts = true; 60 + directories = [ 61 + "/etc/NetworkManager/system-connections" 28 62 ]; 29 63 files = [ 30 64 { ··· 65 99 ".local/share/nvim" 66 100 ".local/share/user-places.xbel" 67 101 ".config/vesktop" 68 - { 69 - directory = ".local/share/Steam"; 70 - method = "symlink"; 71 - } 72 - ".local/share/zoxide" 73 102 ]; 74 103 files = [ 75 104 ".config/nushell/history.txt"
+1 -1
systems/test.nix
··· 8 8 9 9 includeBaseMods = true; 10 10 11 - roles = ["latest-linux" "normalboot" "vm"]; 11 + roles = ["latest-linux" "normalboot" "imperm"]; 12 12 extraModules = []; 13 13 }; 14 14 }