First commit

2026-02-22 17:28:02 +01:00
parent 7a70268785
commit 6bacf1878e
9011 changed files with 114470 additions and 0 deletions
@@ -0,0 +1,14 @@
+{ pkgs, ...}:
+{
+  environment.systemPackages = with pkgs; [ pamixer ];
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  # pipewire needs realtime scheduling access
+  security.rtkit.enable = true;
+}
@@ -0,0 +1,27 @@
+{ pkgs, ... } :
+{
+  boot = {
+    initrd = {
+      verbose = false;     # its a lot of logs. dont need it, unless we do.
+      kernelModules = [ ]; # no kernel modules on boot
+    };
+
+    extraModulePackages = [ ];                   # no extra packages on boot either
+    kernelPackages = pkgs.linuxPackages_latest;  # latest greatest linux kernel
+    kernelParams = [ "silent" ];                 # quiet those logs
+
+    consoleLogLevel = 0;                         # quiten more logs
+    plymouth.enable = true;                      # graphical boot animation instead
+
+    supportedFilesystems = [ "ntfs" ];           # should see the ntfs (windows)
+
+    loader = {
+      systemd-boot.enable = true;                # systemd-boot
+      systemd-boot.configurationLimit = 2;
+      efi.canTouchEfiVariables = true;           # allow editing efi to edit the boot loader
+
+
+      timeout = 5;                               # grub timeout to make a selection
+    };
+  };
+}
@@ -0,0 +1,9 @@
+{ pkgs, user, ... }:
+{
+  console.useXkbConfig = true;
+  users.users.${user.username}.shell = pkgs.zsh;
+
+  environment.shells = with pkgs; [ zsh ];
+  programs.zsh.enable = true;
+  environment.pathsToLink = [ "/share/zsh" ];
+}
@@ -0,0 +1,80 @@
+{ pkgs, user, ... } :
+{
+  imports = [
+    ./boot.nix
+    ./login.nix
+    ./cli.nix
+    ./files.nix
+    ./locale.nix
+    ./nix-settings.nix
+    ./networking.nix
+    ./hyprland.nix
+    ./services.nix
+    ./audio.nix
+    #./steam.nix
+    #./sops.nix
+    ./packages.nix
+    ./flatpak.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    wget       # fetch utility
+    curl       # more fetch utility
+    binutils   # executable utilities, like ld
+    dmidecode  # tool for dumping system info
+    libnotify  # notification daemon
+    python3    # nice to have this ready for quick things
+    cacert     # certificate authority
+    remmina    # remote desktop app
+    #rg         # ripgrep
+    wev        # for finding keypresses
+    tree       # list foldetrtree's
+    file       # filinfo
+    htop       # sysmonitor
+    solaar     # logitech controller
+    git        # source control
+   # jetbrains.pycharm # Dev and course environment
+  
+  
+  ];
+  
+  # to enable icons with wlogout
+  # https://github.com/catppuccin/nix/issues/584
+  programs.gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
+
+  users.users.${user.username} = {
+    isNormalUser = true;
+    description = "henrov";
+    extraGroups = [
+      "networkmanager" # allow editing network connections
+      "wheel"          # can do sudo
+      "scanner"        # access to the network scanner
+      "lp"             # access to the printer
+    ];
+  };
+
+  programs = {
+    nix-ld.enable = true;   # helps with linking troubles with dynamic libraries
+    appimage.enable = true; # allow appimage installations
+    dconf.enable = true;    # to save user settings
+    gnupg.agent = {
+      # pgp client
+      enable = true;
+      enableSSHSupport = true;
+    };
+    firefox.enable = true;   # browser
+    wireshark.enable = true; # vpn
+  };
+
+  fonts.packages = with pkgs; [
+    aporetic
+    nerd-fonts.iosevka
+  ];
+
+  # enable the catppuccin theme for everything with mocha + blue accents
+  catppuccin.enable = true;
+  catppuccin.flavor = "mocha";
+  catppuccin.accent = "blue";
+
+  system.stateVersion = user.stateVersion;
+}
@@ -0,0 +1,28 @@
+{ pkgs, user, config, ... } :
+{
+  environment.systemPackages = with pkgs; [
+    zip
+    unzip
+    p7zip
+    usbutils
+    udiskie
+  ];
+
+  programs.thunar = {
+    enable = true;
+    plugins = with pkgs.xfce; [
+      thunar-archive-plugin
+      thunar-media-tags-plugin
+      thunar-volman
+    ];
+  };
+
+  programs.file-roller.enable = true; # thunar zip support
+  programs.xfconf.enable = true; # to save thunar settings
+
+  services = {
+    gvfs.enable = true;    # Mount, trash, and other functionalities
+    tumbler.enable = true; # Thumbnail support for images
+    udisks2.enable = true; # Auto mount usb drives
+  };
+}
@@ -0,0 +1,81 @@
+{ config, pkgs, lib, ... }:
+
+let
+  # Adjust this path if your module lives elsewhere in the repo
+  flatpakConfPath = ../assets/conf/apps/flatpak.conf;
+
+  # Parse flatpak.conf: ignore empty lines and comments
+  flatpakApps =
+    let
+      lines = lib.splitString "\n" (builtins.readFile flatpakConfPath);
+      cleaned = map (l: lib.strings.trim l) lines;
+    in
+      builtins.filter (l: l != "" && !(lib.hasPrefix "#" l)) cleaned;
+
+  # Shell script that:
+  # - adds Flathub if missing
+  # - installs missing apps
+  # - (optional) removes apps not in the list
+  syncFlatpaks = pkgs.writeShellScript "sync-flatpaks" ''
+    set -euo pipefail
+
+    # Ensure Flathub remote exists (system-wide)
+    if ! flatpak remotes --system --columns=name | grep -qx flathub; then
+      flatpak remote-add --system --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+    fi
+
+    desired_apps=(
+      ${lib.concatStringsSep "\n" (map (a: ''"${a}"'') flatpakApps)}
+    )
+
+    # Install desired apps if missing
+    for app in "''${desired_apps[@]}"; do
+      if ! flatpak info --system "$app" >/dev/null 2>&1; then
+        flatpak install --system -y --noninteractive flathub "$app"
+      fi
+    done
+
+    # OPTIONAL: remove system apps not listed (uncomment to enforce strictly)
+    # installed="$(flatpak list --system --app --columns=application | sed '/^$/d')"
+    # for app in $installed; do
+    #   keep=0
+    #   for want in "''${desired_apps[@]}"; do
+    #     if [ "$app" = "$want" ]; then keep=1; break; fi
+    #   done
+    #   if [ "$keep" -eq 0 ]; then
+    #     flatpak uninstall --system -y --noninteractive "$app" || true
+    #   fi
+    # done
+  '';
+in
+{
+  # Native NixOS Flatpak support
+  services.flatpak.enable = true; # enables Flatpak on NixOS :contentReference[oaicite:1]{index=1}
+
+  # Strongly recommended for Flatpak desktop integration
+  # (Adjust portals to your DE/WM if you want, this is a safe default.)
+  xdg.portal = {
+    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
+  # Ensure the config file is present on the system (optional but convenient)
+  environment.etc."flatpak/flatpak.conf".source = flatpakConfPath;
+
+  # Run sync after boot and after rebuilds, once networking is up
+  systemd.services.flatpak-sync = {
+    description = "Install Flatpak apps listed in flatpak.conf";
+    wantedBy = [ "multi-user.target" ];
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = syncFlatpaks;
+    };
+
+    # Re-run when the config changes (best-effort)
+    restartTriggers = [ flatpakConfPath ];
+    path = [ pkgs.flatpak pkgs.coreutils pkgs.gnugrep pkgs.gnused ];
+  };
+}
@@ -0,0 +1,80 @@
+{ pkgs, ... }:
+{
+  nix.settings = {
+    # add the hyprland cache so that we dont build hyprland from source
+    substituters = [ "https://hyprland.cachix.org" ];
+    trusted-public-keys = [
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+    ];
+  };
+
+  # these extra portals allow for things like screen sharing
+  xdg = {
+    portal = {
+      enable = true;
+      extraPortals = [
+        pkgs.xdg-desktop-portal-wlr
+        pkgs.xdg-desktop-portal-gtk
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    hyprland            # the actual package
+    walker              # launcher
+    uwsm                # wayland session manager
+    hyprland-qtutils    # needed by hyprland
+    hyprpolkitagent     # polkit agent
+    grimblast           # screenshot
+  ];
+
+  # we use uwsm to manage launching hyprland
+  # uswm will add hyprland to the login sessions with tuigreet.
+  programs = {
+    uwsm.enable = true;
+    uwsm.waylandCompositors = {
+      hyprland = {
+        prettyName = "Hyprland";
+        comment = "Hyprland compositor managed by UWSM";
+        binPath = "/run/current-system/sw/bin/Hyprland";
+      };
+    };
+
+    hyprland = {
+      withUWSM  = true;
+      enable = true;
+      xwayland.enable = true;
+    };
+  };
+
+  # this is mainly for the lock screen
+  # lock.png is provided elsewhere
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+    };
+
+
+    displayManager = {
+      lightdm.background = ./lock.png;
+    };
+  };
+
+  # this is a lot of env vars.
+  # and this requires some cleanup
+  # but hyprland moves fast and some of these are probably outdated already
+  environment.sessionVariables = {
+    XDG_SESSION_TYPE="wayland";
+    XDG_CURRENT_DESKTOP="Hyprland";
+    XDG_SESSION_DESKTOP="Hyprland";
+    NIXOS_OZONE_WL="1";
+    XCURSOR_SIZE="24";
+  };
+
+  # allow hyprlock (lockscreen) to lock user session
+  security.pam.services.hyprlock = { };
+  security.polkit.enable = true;
+  security.pam.services.gdm.enableGnomeKeyring = true;
+}
@@ -0,0 +1,24 @@
+{ user, ... } :
+let
+  locale = user.locale;
+  defaultLocale = "nl_NL.UTF-8";
+in
+{
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = defaultLocale;
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = defaultLocale;
+  };
+}
@@ -0,0 +1,15 @@
+{ pkgs, user, ... } :
+{
+  environment.systemPackages = with pkgs; [
+    tuigreet
+  ];
+
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = pkgs.lib.mkForce "${pkgs.tuigreet}/bin/tuigreet --remember --time --time-format '%I:%M %p | %a • %h | %F'";
+      };
+    };
+  };
+}
@@ -0,0 +1,16 @@
+{ pkgs, ... } : {
+  networking = {
+    # allow automatic ip assignment when connecting to a network
+    useDHCP = pkgs.lib.mkDefault true;
+    networkmanager.enable = true;
+    firewall.enable = true;
+
+    # let wifi info be NOT declarative, allowing user to configure wifi.
+    wireless.userControlled.enable = true;
+    wireless.iwd.enable = true;
+    networkmanager.wifi.backend = "wpa_supplicant";
+  };
+
+  # tui to manage wifi networks
+  environment.systemPackages = with pkgs; [ impala ];
+}
@@ -0,0 +1,38 @@
+{ pkgs, user, ... } :
+{
+  nix.settings = {
+    # enable flakes
+    experimental-features = ["nix-command" "flakes"];
+
+    # add a cache that speed up new applications by downloading binaries
+    # from the trusted cache instead of compiling from sourcer
+    substituters = [
+      "https://nix-community.cachix.org"
+    ];
+    # trust the cache public key
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+
+  # allow proprietary software on this machine. I'm not a purist.
+  nixpkgs.config.allowUnfree = true;
+  # unityhub depends on this... for now
+  nixpkgs.config.permittedInsecurePackages = [ "libxml2-2.13.8" ];
+
+  # this declares how often old configurations are cleared up.
+  # i cleanup anything older than a week, every week.
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 7d";
+    dates = "weekly";
+  };
+
+  programs = {
+    # command line utility that makes applying changes easy and pretty
+    nh = {
+      enable = true;
+      flake = "/home/${user.username}/system";
+    };
+  };
+}
@@ -0,0 +1,41 @@
+{ lib, pkgs, ... }:
+
+let
+  # Adjust this path if you place apps.nix elsewhere in the repo.
+  # Best practice: keep it relative to the flake repo so flakes can read it.
+  packagesConfPath = ../assets/conf/apps/packages.conf;
+
+  raw = builtins.readFile packagesConfPath;
+
+  # Split into lines, trim whitespace, drop empty lines and comment lines.
+  lines =
+    let
+      all = lib.splitString "\n" raw;
+      trimmed = map lib.strings.trim all;
+    in
+      builtins.filter (l: l != "" && !(lib.hasPrefix "#" l)) trimmed;
+
+  # Resolve a name like:
+  #   "wget" -> pkgs.wget
+  #   "kdePackages.okular" -> pkgs.kdePackages.okular
+  #   "_1password-gui" -> pkgs."_1password-gui"
+  resolvePkg = name:
+    let
+      parts = lib.splitString "." name;
+      found = lib.attrByPath parts null pkgs;
+    in
+      if found == null then
+        throw ''
+          apps.nix: Package "${name}" from ${toString packagesConfPath} not found in pkgs.
+          Only packages available on https://search.nixos.org/packages can be installed.
+          Fix the name (or attribute path) and rebuild.
+        ''
+      else
+        found;
+
+  packages = map resolvePkg lines;
+
+in
+{
+  environment.systemPackages = packages;
+}
@@ -0,0 +1,23 @@
+{ user, ...} :
+{
+  services = {
+    blueman.enable = true;                # bluetooth manager
+    fwupd.enable = true;                  # firmware updating service
+    fstrim.enable = true;                 # ssd maintenance service
+    thermald.enable = true;               # thermal regulation service
+    printing.enable = true;               # printing services, cups
+    gnome.gnome-keyring.enable = true;    # keyring
+    flatpak.enable = true;                # allow installing things from flatpaks
+    #flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+
+    # printer discovery
+    avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
+  };
+
+  virtualisation.docker.enable = true;    # enable docker
+  users.users.${user.username}.extraGroups = [ "docker" ]; # add self to docker user group
+}
@@ -0,0 +1,10 @@
+#  { user, ...} :
+#  {
+#    sops.defaultSopsFile = ../secrets/secrets.yaml;
+#    sops.defaultSopsFormat = "yaml";
+#    sops.age.keyFile = "/home/${user.username}/.config/sops/age/keys.txt";
+#
+#    sops.secrets.claude_key = { # anthropic claude api key, used in emacs
+#      owner = "${user.username}";
+#    };
+#  }
@@ -0,0 +1,80 @@
+{ pkgs, ... }:
+{
+  nix.settings = {
+    # add the hyprland cache so that we dont build hyprland from source
+    substituters = [ "https://hyprland.cachix.org" ];
+    trusted-public-keys = [
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+    ];
+  };
+
+  # these extra portals allow for things like screen sharing
+  xdg = {
+    portal = {
+      enable = true;
+      extraPortals = [
+        pkgs.xdg-desktop-portal-wlr
+        pkgs.xdg-desktop-portal-gtk
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    hyprland            # the actual package
+    walker              # launcher
+    uwsm                # wayland session manager
+    hyprland-qtutils    # needed by hyprland
+    hyprpolkitagent     # polkit agent
+    grimblast           # screenshot
+  ];
+
+  # we use uwsm to manage launching hyprland
+  # uswm will add hyprland to the login sessions with tuigreet.
+  programs = {
+    uwsm.enable = true;
+    uwsm.waylandCompositors = {
+      hyprland = {
+        prettyName = "Hyprland";
+        comment = "Hyprland compositor managed by UWSM";
+        binPath = "/run/current-system/sw/bin/Hyprland";
+      };
+    };
+
+    hyprland = {
+      withUWSM  = true;
+      enable = true;
+      xwayland.enable = true;
+    };
+  };
+
+  # this is mainly for the lock screen
+  # lock.png is provided elsewhere
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+    };
+
+
+    displayManager = {
+      lightdm.background = ./lock.png;
+    };
+  };
+
+  # this is a lot of env vars.
+  # and this requires some cleanup
+  # but hyprland moves fast and some of these are probably outdated already
+  environment.sessionVariables = {
+    XDG_SESSION_TYPE="wayland";
+    XDG_CURRENT_DESKTOP="Hyprland";
+    XDG_SESSION_DESKTOP="Hyprland";
+    NIXOS_OZONE_WL="1";
+    XCURSOR_SIZE="24";
+  };
+
+  # allow hyprlock (lockscreen) to lock user session
+  security.pam.services.hyprlock = { };
+  security.polkit.enable = true;
+  security.pam.services.gdm.enableGnomeKeyring = true;
+}