cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Christoph Schmatzler
2025-08-03 20:35:48 +02:00
parent ffc78043e6
commit 2ddffc74c9
17 changed files with 476 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
flake.nix
View File

@@ -32,15 +32,40 @@
flake = false; flake = false;
}; };
}; };
outputs = { self, darwin, nix-homebrew, homebrew-bundle, homebrew-core, homebrew-cask, home-manager, nixpkgs, disko, agenix, secrets } @inputs: outputs =
{
self,
darwin,
nix-homebrew,
homebrew-bundle,
homebrew-core,
homebrew-cask,
home-manager,
nixpkgs,
disko,
agenix,
secrets,
}@inputs:
let let
user = "cschmatzler"; user = "cschmatzler";
linuxSystems = [ "x86_64-linux" ]; linuxSystems = [ "x86_64-linux" ];
darwinSystems = [ "aarch64-darwin" ]; darwinSystems = [ "aarch64-darwin" ];
forAllSystems = f: nixpkgs.lib.genAttrs (linuxSystems ++ darwinSystems) f; forAllSystems = f: nixpkgs.lib.genAttrs (linuxSystems ++ darwinSystems) f;
devShell = system: let pkgs = nixpkgs.legacyPackages.${system}; in { devShell =
default = with pkgs; mkShell { system:
nativeBuildInputs = with pkgs; [ bashInteractive git age age-plugin-yubikey ]; let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default =
with pkgs;
mkShell {
nativeBuildInputs = with pkgs; [
bashInteractive
git
age
age-plugin-yubikey
];
shellHook = with pkgs; '' shellHook = with pkgs; ''
export EDITOR=vim export EDITOR=vim
''; '';
@@ -48,12 +73,14 @@
}; };
mkApp = scriptName: system: { mkApp = scriptName: system: {
type = "app"; type = "app";
program = "${(nixpkgs.legacyPackages.${system}.writeScriptBin scriptName '' program = "${
(nixpkgs.legacyPackages.${system}.writeScriptBin scriptName ''
#!/usr/bin/env bash #!/usr/bin/env bash
PATH=${nixpkgs.legacyPackages.${system}.git}/bin:$PATH PATH=${nixpkgs.legacyPackages.${system}.git}/bin:$PATH
echo "Running ${scriptName} for ${system}" echo "Running ${scriptName} for ${system}"
exec ${self}/apps/${system}/${scriptName} exec ${self}/apps/${system}/${scriptName}
'')}/bin/${scriptName}"; '')
}/bin/${scriptName}";
}; };
mkLinuxApps = system: { mkLinuxApps = system: {
"apply" = mkApp "apply" system; "apply" = mkApp "apply" system;
@@ -76,9 +103,11 @@
in in
{ {
devShells = forAllSystems devShell; devShells = forAllSystems devShell;
apps = nixpkgs.lib.genAttrs linuxSystems mkLinuxApps // nixpkgs.lib.genAttrs darwinSystems mkDarwinApps; apps =
nixpkgs.lib.genAttrs linuxSystems mkLinuxApps // nixpkgs.lib.genAttrs darwinSystems mkDarwinApps;
darwinConfigurations = nixpkgs.lib.genAttrs darwinSystems (system: darwinConfigurations = nixpkgs.lib.genAttrs darwinSystems (
system:
darwin.lib.darwinSystem { darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = inputs; specialArgs = inputs;
@@ -103,12 +132,15 @@
} }
); );
nixosConfigurations = nixpkgs.lib.genAttrs linuxSystems (system: nixpkgs.lib.nixosSystem { nixosConfigurations = nixpkgs.lib.genAttrs linuxSystems (
system:
nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = inputs; specialArgs = inputs;
modules = [ modules = [
disko.nixosModules.disko disko.nixosModules.disko
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager
{
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
@@ -117,6 +149,7 @@
} }
./hosts/nixos ./hosts/nixos
]; ];
}); }
);
}; };
} }

34
hosts/darwin/default.nix
View File

@@ -1,6 +1,13 @@
{ agenix, config, pkgs, ... }: {
agenix,
config,
pkgs,
...
}:
let user = "cschmatzler"; in let
user = "cschmatzler";
in
{ {
imports = [ imports = [
@@ -13,13 +20,23 @@ let user = "cschmatzler"; in
nix = { nix = {
package = pkgs.nix; package = pkgs.nix;
settings = { settings = {
trusted-users = [ "@admin" "${user}" ]; trusted-users = [
substituters = [ "https://nix-community.cachix.org" "https://cache.nixos.org" ]; "@admin"
"${user}"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org"
];
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
}; };
gc = { gc = {
automatic = true; automatic = true;
interval = { Weekday = 0; Hour = 2; Minute = 0; }; interval = {
Weekday = 0;
Hour = 2;
Minute = 0;
};
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
extraOptions = '' extraOptions = ''
@@ -27,9 +44,12 @@ let user = "cschmatzler"; in
''; '';
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages =
with pkgs;
[
agenix.packages."${pkgs.system}".default agenix.packages."${pkgs.system}".default
] ++ (import ../../modules/shared/packages.nix { inherit pkgs; }); ]
++ (import ../../modules/shared/packages.nix { inherit pkgs; });
system = { system = {
checks.verifyNixPath = false; checks.verifyNixPath = false;

69
hosts/nixos/default.nix
View File

@@ -1,7 +1,15 @@
{ config, inputs, pkgs, agenix, ... }: {
config,
inputs,
pkgs,
agenix,
...
}:
let user = "cschmatzler"; let
keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8iAnIaa1deoc7jw8YACPNVka1ZFJxhnU4G74TmS+p" ]; in user = "cschmatzler";
keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8iAnIaa1deoc7jw8YACPNVka1ZFJxhnU4G74TmS+p" ];
in
{ {
imports = [ imports = [
../../modules/nixos/secrets.nix ../../modules/nixos/secrets.nix
@@ -19,7 +27,14 @@ let user = "cschmatzler";
}; };
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
# Uncomment for AMD GPU # Uncomment for AMD GPU
# initrd.kernelModules = [ "amdgpu" ]; # initrd.kernelModules = [ "amdgpu" ];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@@ -42,8 +57,14 @@ let user = "cschmatzler";
nixPath = [ "nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos" ]; nixPath = [ "nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos" ];
settings = { settings = {
allowed-users = [ "${user}" ]; allowed-users = [ "${user}" ];
trusted-users = [ "@admin" "${user}" ]; trusted-users = [
substituters = [ "https://nix-community.cachix.org" "https://cache.nixos.org" ]; "@admin"
"${user}"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org"
];
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
}; };
@@ -206,12 +227,29 @@ let user = "cschmatzler";
log-level = "info"; log-level = "info";
wintypes = { wintypes = {
normal = { fade = true; shadow = false; }; normal = {
tooltip = { fade = true; shadow = false; opacity = 0.75; focus = true; full-shadow = false; }; fade = true;
dock = { shadow = false; }; shadow = false;
dnd = { shadow = false; }; };
popup_menu = { opacity = 1.0; }; tooltip = {
dropdown_menu = { opacity = 1.0; }; fade = true;
shadow = false;
opacity = 0.75;
focus = true;
full-shadow = false;
};
dock = {
shadow = false;
};
dnd = {
shadow = false;
};
popup_menu = {
opacity = 1.0;
};
dropdown_menu = {
opacity = 1.0;
};
}; };
}; };
}; };
@@ -241,7 +279,6 @@ let user = "cschmatzler";
ledger.enable = true; ledger.enable = true;
}; };
# Add docker daemon # Add docker daemon
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.logDriver = "json-file"; virtualisation.docker.logDriver = "json-file";
@@ -266,7 +303,8 @@ let user = "cschmatzler";
# Don't require password for users in `wheel` group for these commands # Don't require password for users in `wheel` group for these commands
security.sudo = { security.sudo = {
enable = true; enable = true;
extraRules = [{ extraRules = [
{
commands = [ commands = [
{ {
command = "${pkgs.systemd}/bin/reboot"; command = "${pkgs.systemd}/bin/reboot";
@@ -274,7 +312,8 @@ let user = "cschmatzler";
} }
]; ];
groups = [ "wheel" ]; groups = [ "wheel" ];
}]; }
];
}; };
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [

3
modules/darwin/casks.nix
View File

@@ -1,2 +1 @@
_: _: [ ]
[]

7
modules/darwin/files.nix
View File

@@ -1,2 +1,7 @@
{ user, config, pkgs, ... }: {
user,
config,
pkgs,
...
}:
{ } { }

17
modules/darwin/home-manager.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, home-manager, ... }: {
config,
pkgs,
lib,
home-manager,
...
}:
let let
user = "cschmatzler"; user = "cschmatzler";
@@ -28,7 +34,14 @@ in
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
users.${user} = { pkgs, config, lib, ... }:{ users.${user} =
{
pkgs,
config,
lib,
...
}:
{
home = { home = {
enableNixpkgsReleaseCheck = false; enableNixpkgsReleaseCheck = false;
packages = pkgs.callPackage ./packages.nix { }; packages = pkgs.callPackage ./packages.nix { };

7
modules/darwin/packages.nix
View File

@@ -1,8 +1,11 @@
{ pkgs }: { pkgs }:
with pkgs; with pkgs;
let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in let
shared-packages ++ [ shared-packages = import ../shared/packages.nix { inherit pkgs; };
in
shared-packages
++ [
dockutil dockutil
_1password-gui _1password-gui
raycast raycast

12
modules/darwin/secrets.nix
View File

@@ -1,6 +1,14 @@
{ config, pkgs, agenix, secrets, ... }: {
config,
pkgs,
agenix,
secrets,
...
}:
let user = "cschmatzler"; in let
user = "cschmatzler";
in
{ {
age.identityPaths = [ age.identityPaths = [
"/Users/${user}/.ssh/id_ed25519" "/Users/${user}/.ssh/id_ed25519"

3
modules/nixos/files.nix
View File

@@ -4,7 +4,8 @@ let
home = builtins.getEnv "HOME"; home = builtins.getEnv "HOME";
xdg_configHome = "${home}/.config"; xdg_configHome = "${home}/.config";
xdg_dataHome = "${home}/.local/share"; xdg_dataHome = "${home}/.local/share";
xdg_stateHome = "${home}/.local/state"; in xdg_stateHome = "${home}/.local/state";
in
{ {
"${xdg_configHome}/bspwm/bspwmrc" = { "${xdg_configHome}/bspwm/bspwmrc" = {

17
modules/nixos/home-manager.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
user = "cschmatzler"; user = "cschmatzler";
@@ -6,13 +11,15 @@ let
shared-programs = import ../shared/home-manager.nix { inherit config pkgs lib; }; shared-programs = import ../shared/home-manager.nix { inherit config pkgs lib; };
shared-files = import ../shared/files.nix { inherit config pkgs; }; shared-files = import ../shared/files.nix { inherit config pkgs; };
polybar-user_modules = builtins.readFile (pkgs.replaceVars ./config/polybar/user_modules.ini { polybar-user_modules = builtins.readFile (
pkgs.replaceVars ./config/polybar/user_modules.ini {
packages = "${xdg_configHome}/polybar/bin/check-nixos-updates.sh"; packages = "${xdg_configHome}/polybar/bin/check-nixos-updates.sh";
searchpkgs = "${xdg_configHome}/polybar/bin/search-nixos-updates.sh"; searchpkgs = "${xdg_configHome}/polybar/bin/search-nixos-updates.sh";
launcher = "${xdg_configHome}/polybar/bin/launcher.sh"; launcher = "${xdg_configHome}/polybar/bin/launcher.sh";
powermenu = "${xdg_configHome}/rofi/bin/powermenu.sh"; powermenu = "${xdg_configHome}/rofi/bin/powermenu.sh";
calendar = "${xdg_configHome}/polybar/bin/popup-calendar.sh"; calendar = "${xdg_configHome}/polybar/bin/popup-calendar.sh";
}); }
);
polybar-config = pkgs.replaceVars ./config/polybar/config.ini { polybar-config = pkgs.replaceVars ./config/polybar/config.ini {
font0 = "DejaVu Sans:size=12;3"; font0 = "DejaVu Sans:size=12;3";
@@ -112,6 +119,8 @@ in
}; };
}; };
programs = shared-programs // { gpg.enable = true; }; programs = shared-programs // {
gpg.enable = true;
};
} }

7
modules/nixos/packages.nix
View File

@@ -1,8 +1,11 @@
{ pkgs }: { pkgs }:
with pkgs; with pkgs;
let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in let
shared-packages ++ [ shared-packages = import ../shared/packages.nix { inherit pkgs; };
in
shared-packages
++ [
# Security and authentication # Security and authentication
yubikey-agent yubikey-agent

12
modules/nixos/secrets.nix
View File

@@ -1,6 +1,14 @@
{ config, pkgs, agenix, secrets, ... }: {
config,
pkgs,
agenix,
secrets,
...
}:
let user = "cschmatzler"; in let
user = "cschmatzler";
in
{ {
age.identityPaths = [ age.identityPaths = [
"/home/${user}/.ssh/id_ed25519" "/home/${user}/.ssh/id_ed25519"

14
modules/shared/default.nix
View File

@@ -9,10 +9,14 @@
}; };
overlays = overlays =
let path = ../../overlays; in with builtins; let
map (n: import (path + ("/" + n))) path = ../../overlays;
(filter (n: match ".*\\.nix" n != null || in
pathExists (path + ("/" + n + "/default.nix"))) with builtins;
(attrNames (readDir path))); map (n: import (path + ("/" + n))) (
filter (n: match ".*\\.nix" n != null || pathExists (path + ("/" + n + "/default.nix"))) (
attrNames (readDir path)
)
);
}; };
} }

3
modules/shared/files.nix
View File

@@ -1,2 +1 @@
{ pkgs, config, ... }: { pkgs, config, ... }: { }
{}

29
modules/shared/home-manager.nix
View File

@@ -1,8 +1,15 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let name = "Christoph Schmatzler"; let
name = "Christoph Schmatzler";
user = "cschmatzler"; user = "cschmatzler";
email = "christoph@schmatzler.com"; in email = "christoph@schmatzler.com";
in
{ {
zsh = { zsh = {
enable = true; enable = true;
@@ -86,23 +93,15 @@ let name = "Christoph Schmatzler";
ssh = { ssh = {
enable = true; enable = true;
includes = [ includes = [
(lib.mkIf pkgs.stdenv.hostPlatform.isLinux (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/config_external")
"/home/${user}/.ssh/config_external" (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/config_external")
)
(lib.mkIf pkgs.stdenv.hostPlatform.isDarwin
"/Users/${user}/.ssh/config_external"
)
]; ];
matchBlocks = { matchBlocks = {
"github.com" = { "github.com" = {
identitiesOnly = true; identitiesOnly = true;
identityFile = [ identityFile = [
(lib.mkIf pkgs.stdenv.hostPlatform.isLinux (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github")
"/home/${user}/.ssh/id_github" (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github")
)
(lib.mkIf pkgs.stdenv.hostPlatform.isDarwin
"/Users/${user}/.ssh/id_github"
)
]; ];
}; };
}; };

3
modules/shared/packages.nix
View File

@@ -1,6 +1,7 @@
{ pkgs }: { pkgs }:
with pkgs; [ with pkgs;
[
age age
age-plugin-yubikey age-plugin-yubikey
bat bat

1
result
View File

@@ -1 +0,0 @@
/nix/store/n2fqwnq3a9v4l273ka2hbn1b3c72v6x2-darwin-system-25.11.e04a388