henrov/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Copied my functional folder, started generalising henrovnix and writing documentation

Browse Source
This commit is contained in:
Henro Veijer
2026-02-23 19:55:30 +01:00
parent 99b2f7ae89
commit c8ca5bd3ec
8843 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
henrovnix_ok/configuration/apps/install_flatpaks.nix
+104
View File
@@ -0,0 +1,104 @@
{ config, pkgs, lib, flakeRoot, ... }:
let
moduleName = "install-flatpaks";
flatpakConfPath = flakeRoot + "/assets/conf/apps/flatpaks.conf";
raw = builtins.readFile flatpakConfPath;
# Explicit "\n" so we never accidentally split into characters
rawLines = lib.splitString "\n" raw;
# Guard: if we accidentally split into characters, rawLines length ~= stringLength raw
_guard = assert !(
builtins.stringLength raw > 1 &&
builtins.length rawLines == builtins.stringLength raw
); true;
cleanLine = l:
let
noCR = lib.replaceStrings [ "\r" ] [ "" ] l;
noInlineComment = lib.head (lib.splitString "#" noCR);
in
lib.strings.trim noInlineComment;
entries =
builtins.filter (l: l != "")
(map cleanLine rawLines);
# Flatpak app IDs are reverse-DNS style like org.example.App (at least 2 dots).
# We'll validate and fail early with a clear message.
dotCount = s: builtins.length (lib.splitString "." s) - 1;
isValidId = s:
(dotCount s) >= 2; # matches the error you're seeing: "at least 2 periods"
_validate =
builtins.seq _guard (
builtins.map (id:
if isValidId id then true else
throw ''
${moduleName}: invalid Flatpak ID in flatpaks.conf (needs reverse-DNS with at least 2 dots)
Token : ${builtins.toJSON id}
flatpaks.conf : ${toString flatpakConfPath}
Fix: remove stray tokens/headers, or comment them out with '#'.
''
) entries
);
# Use validated entries
flatpakApps = builtins.seq _validate entries;
syncFlatpaks = pkgs.writeShellScript "sync-flatpaks" ''
set -euo pipefail
# Use the deployed config path (matches environment.etc below)
CONF="/etc/flatpak/flatpaks.conf"
if [[ -f "$CONF" ]]; then
echo "flatpak-sync: using $CONF"
else
echo "flatpak-sync: WARNING: $CONF not found, using embedded list"
fi
if ! flatpak remotes --system --columns=name | grep -qx flathub; then
flatpak remote-add --system --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
fi
desired_apps=(
${lib.concatStringsSep "\n" (map (a: ''"${a}"'') flatpakApps)}
)
for app in "''${desired_apps[@]}"; do
if ! flatpak info --system "$app" >/dev/null 2>&1; then
flatpak install --system -y --noninteractive flathub "$app"
fi
done
'';
in
{
services.flatpak.enable = true;
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Deploy the config file for runtime visibility/debugging
environment.etc."flatpak/flatpaks.conf".source = flatpakConfPath;
systemd.services.flatpak-sync = {
description = "Install Flatpak apps listed in flatpaks.conf";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = syncFlatpaks;
};
restartTriggers = [ flatpakConfPath ];
path = [ pkgs.flatpak pkgs.coreutils pkgs.gnugrep pkgs.gnused ];
};
}
henrovnix_ok/configuration/apps/install_packages.nix
+53
View File
@@ -0,0 +1,53 @@
{ config, lib, pkgs, flakeRoot, inputs, ... }:
let
packagesConfPath = flakeRoot + "/assets/conf/apps/packages.conf";
raw = builtins.readFile packagesConfPath;
# IMPORTANT: explicit "\n" so we never accidentally split into characters
rawLines = lib.splitString "\n" raw;
# Guard: if we accidentally split into characters, rawLines length ~= stringLength raw
_guard = assert !(
builtins.stringLength raw > 1 &&
builtins.length rawLines == builtins.stringLength raw
); true;
cleanLine = l:
let
noCR = lib.replaceStrings [ "\r" ] [ "" ] l;
noInlineComment = lib.head (lib.splitString "#" noCR);
in
lib.strings.trim noInlineComment;
entries =
builtins.filter (l: l != "")
(map cleanLine rawLines);
resolvePkg = name:
let
parts = lib.splitString "." name;
found = lib.attrByPath parts null pkgs;
in
if found == null then
throw ''
install_packages.nix: package not found in pkgs
Token : ${builtins.toJSON name}
packages.conf : ${toString packagesConfPath}
Hint : check the attribute name on search.nixos.org/packages
''
else
found;
packages = builtins.seq _guard (map resolvePkg entries);
zenBrowser =
inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default;
in
{
environment.systemPackages =
packages
++ [ zenBrowser ];
}
henrovnix_ok/configuration/core/boot.nix
+27
View File
@@ -0,0 +1,27 @@
{ pkgs, ... } :
{
boot = {
initrd = {
verbose = false; # its a lot of logs. dont need it, unless we do.
kernelModules = [ ]; # no kernel modules on boot
};
extraModulePackages = [ ]; # no extra packages on boot either
kernelPackages = pkgs.linuxPackages_latest; # latest greatest linux kernel
kernelParams = [ "silent" ]; # quiet those logs
consoleLogLevel = 0; # quiten more logs
plymouth.enable = true; # graphical boot animation instead
supportedFilesystems = [ "ntfs" ]; # should see the ntfs (windows)
loader = {
systemd-boot.enable = true; # systemd-boot
systemd-boot.configurationLimit = 10;
efi.canTouchEfiVariables = true; # allow editing efi to edit the boot loader
timeout = 5; # grub timeout to make a selection
};
};
}
henrovnix_ok/configuration/core/files.nix
+29
View File
@@ -0,0 +1,29 @@
{ pkgs, user, config, ... }:
{
environment.systemPackages = with pkgs; [
zip
unzip
p7zip
usbutils
udiskie
file-roller
];
programs.thunar = {
enable = true;
plugins = with pkgs; [
thunar-archive-plugin
thunar-media-tags-plugin
thunar-volman
thunar-vcs-plugin
];
};
programs.xfconf.enable = true; # to save thunar settings
services = {
gvfs.enable = true; # Mount, trash, and other functionalities
tumbler.enable = true; # Thumbnail support for images
udisks2.enable = true; # Auto mount usb drives
};
}
henrovnix_ok/configuration/core/locale.nix
+24
View File
@@ -0,0 +1,24 @@
{ user, ... } :
let
locale = user.locale;
defaultLocale = "nl_NL.UTF-8";
in
{
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Select internationalisation properties.
i18n.defaultLocale = defaultLocale;
i18n.extraLocaleSettings = {
LC_ADDRESS = locale;
LC_IDENTIFICATION = locale;
LC_MEASUREMENT = locale;
LC_MONETARY = locale;
LC_NAME = locale;
LC_NUMERIC = locale;
LC_PAPER = locale;
LC_TELEPHONE = locale;
LC_TIME = defaultLocale;
};
}
henrovnix_ok/configuration/core/login-lightdm.nix
+139
View File
@@ -0,0 +1,139 @@
{ config, pkgs, lib, ... }:
let
lightdmConf = builtins.readFile ../../assets/conf/core/lightdm.conf;
lockPng = ../../assets/lock.png;
greeterConfPath = ../../assets/conf/core/lightdm-gtk-greeter.conf;
greeterRaw = builtins.readFile greeterConfPath;
# Extract "key = value" from the greeter conf.
# Returns null if not found.
getIniValue = key:
let
lines = lib.splitString "\n" greeterRaw;
# Captures the value part (group 0) from a single line.
# We match line-by-line because Nix regex does NOT support PCRE flags like (?s).
m =
let
ms = builtins.filter (x: x != null) (map (line:
builtins.match
("^[[:space:]]*" + key + "[[:space:]]*=[[:space:]]*([^#;]+).*$")
line
) lines);
in
if ms == [] then null else builtins.elemAt ms 0;
in
if m == null then null else lib.strings.trim (builtins.elemAt m 0);
# In your greeter.conf these are *package keys*, not theme names.
themePkgKey = getIniValue "theme-name";
iconPkgKey = getIniValue "icon-theme-name";
cursorPkgKey = getIniValue "cursor-theme-name";
cursorSizeStr = getIniValue "cursor-theme-size";
cursorSize =
if cursorSizeStr == null then null
else lib.toInt (lib.strings.trim cursorSizeStr);
# Map package-keys (from greeter.conf) -> { package, name }
#
# IMPORTANT:
# - "name" must be the real theme/icon/cursor NAME as seen under share/themes or share/icons.
# - "package" is the Nixpkgs derivation providing it.
pkgMap = {
catppuccinThemePkg = {
package = pkgs.catppuccin-gtk.override {
accents = [ "blue" ];
variant = "mocha";
size = "standard";
tweaks = [ ];
};
name = "Catppuccin-Mocha-Standard-Blue-Dark";
};
papirus-icon-theme = {
package = pkgs.papirus-icon-theme;
name = "Papirus-Dark";
};
bibata-cursors = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
};
pick = key:
if key == null then
throw "lightdm: missing required key in ${toString greeterConfPath}"
else if !(pkgMap ? "${key}") then
throw "lightdm: unknown package key '${key}' in ${toString greeterConfPath}. Known keys: ${lib.concatStringsSep ", " (builtins.attrNames pkgMap)}"
else
pkgMap."${key}";
themeSel = pick themePkgKey;
iconSel = pick iconPkgKey;
cursorSel = pick cursorPkgKey;
# Rewrite greeter.conf so LightDM sees REAL names, not package keys.
# Also force background to lockPng.
greeterFixed =
''
[greeter]
theme-name = ${themeSel.name}
icon-theme-name = ${iconSel.name}
cursor-theme-name = ${cursorSel.name}
${lib.optionalString (cursorSize != null) "cursor-theme-size = ${toString cursorSize}"}
''
+ "\n"
+ greeterRaw;
in
{
services.greetd.enable = false;
services.xserver = {
enable = true;
desktopManager.xterm.enable = false;
displayManager.lightdm = {
enable = true;
background = lockPng;
greeters.gtk = {
enable = true;
theme = {
name = themeSel.name;
package = themeSel.package;
};
iconTheme = {
name = iconSel.name;
package = iconSel.package;
};
cursorTheme = {
name = cursorSel.name;
package = cursorSel.package;
} // lib.optionalAttrs (cursorSize != null) {
size = cursorSize;
};
# This includes your (rewritten) greeter config.
extraConfig = greeterFixed;
};
extraConfig = lightdmConf;
};
};
programs.hyprland.enable = true;
# Optional: make them available system-wide as well
environment.systemPackages = [
themeSel.package
iconSel.package
cursorSel.package
];
}
henrovnix_ok/configuration/core/login-tuigreeter.nix
+14
View File
@@ -0,0 +1,14 @@
{ pkgs, user, ... } :
{
environment.systemPackages = with pkgs; [
tuigreet
];
services.greetd = {
enable = true;
settings = {
default_session = {
command = pkgs.lib.mkForce "${pkgs.tuigreet}/bin/tuigreet --remember --time --time-format '%I:%M %p | %a %h | %F'";
};
};
};
}
henrovnix_ok/configuration/core/networking.nix
+21
View File
@@ -0,0 +1,21 @@
{ pkgs, lib, ... }:
{
networking = {
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
networkmanager.wifi.backend = "iwd";
wireless.iwd.enable = true;
wireless.userControlled.enable = true;
firewall = {
enable = true;
# KDE Connect: discovery + encrypted connections
allowedTCPPortRanges = [
{ from = 1714; to = 1764; }
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; }
];
};
};
environment.systemPackages = with pkgs; [ impala ];
}
henrovnix_ok/configuration/core/nix-settings.nix
+38
View File
@@ -0,0 +1,38 @@
{ pkgs, user, ... } :
{
nix.settings = {
# enable flakes
experimental-features = ["nix-command" "flakes"];
# add a cache that speed up new applications by downloading binaries
# from the trusted cache instead of compiling from sourcer
substituters = [
"https://nix-community.cachix.org"
];
# trust the cache public key
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# allow proprietary software on this machine. I'm not a purist.
nixpkgs.config.allowUnfree = true;
# unityhub depends on this... for now
nixpkgs.config.permittedInsecurePackages = [ "libxml2-2.13.8" ];
# this declares how often old configurations are cleared up.
# i cleanup anything older than a week, every week.
nix.gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "weekly";
};
programs = {
# command line utility that makes applying changes easy and pretty
nh = {
enable = true;
flake = "/home/${user.username}/system";
};
};
}
henrovnix_ok/configuration/default.nix
+79
View File
@@ -0,0 +1,79 @@
{ pkgs, user, ... } :
{
imports = [
./apps/install_flatpaks.nix
./apps/install_packages.nix
./core/files.nix
./core/locale.nix
./core/networking.nix
./core/nix-settings.nix
#./core/login-tuigreeter.nix
./core/login-lightdm.nix
./desktop/audio.nix
./desktop/hyprland.nix
./dev/terminal.nix
./core/boot.nix
./services/services.nix
];
environment.systemPackages = with pkgs; [
wget # fetch utility
curl # more fetch utility
binutils # executable utilities, like ld
dmidecode # tool for dumping system info
libnotify # notification daemon
python3 # nice to have this ready for quick things
cacert # certificate authority
remmina # remote desktop app
#rg # ripgrep
wev # for finding keypresses
tree # list foldetrtree's
file # filinfo
htop # sysmonitor
solaar # logitech controller
git # source control
# jetbrains.pycharm # Dev and course environment
];
# to enable icons with wlogout
# https://github.com/catppuccin/nix/issues/584
programs.gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
users.users.${user.username} = {
isNormalUser = true;
description = "henrov";
extraGroups = [
"networkmanager" # allow editing network connections
"wheel" # can do sudo
"scanner" # access to the network scanner
"lp" # access to the printer
];
};
programs = {
nix-ld.enable = true; # helps with linking troubles with dynamic libraries
appimage.enable = true; # allow appimage installations
dconf.enable = true; # to save user settings
gnupg.agent = {
# pgp client
enable = true;
enableSSHSupport = true;
};
firefox.enable = true; # browser
wireshark.enable = true; # vpn
};
fonts.packages = with pkgs; [
aporetic
nerd-fonts.iosevka
];
# enable the catppuccin theme for everything with mocha + blue accents
catppuccin.enable = true;
catppuccin.flavor = "mocha";
catppuccin.accent = "blue";
system.stateVersion = user.stateVersion;
}
henrovnix_ok/configuration/desktop/audio.nix
+70
View File
@@ -0,0 +1,70 @@
{ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
pipewire
wireplumber
alsa-utils
pulseaudio
pamixer
pavucontrol
];
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
security.rtkit.enable = true;
# Helps on many laptops (Intel SOF etc.)
hardware.enableRedistributableFirmware = true;
# Prefer analog over HDMI/DP in a machine-agnostic way
services.pipewire.wireplumber.extraConfig."51-audio-priorities" = {
"monitor.alsa.rules" = [
# De-prioritize HDMI / DisplayPort sinks
{
matches = [
{ "node.name" = "~alsa_output\\..*HDMI.*"; }
{ "node.name" = "~alsa_output\\..*DisplayPort.*"; }
];
actions.update-props = {
"priority.session" = 100;
"priority.driver" = 100;
};
}
# Prefer analog sinks (speakers/headphones)
{
matches = [
{ "node.name" = "~alsa_output\\..*analog.*"; }
{ "node.name" = "~alsa_output\\..*Headphones.*"; }
{ "node.name" = "~alsa_output\\..*Speaker.*"; }
];
actions.update-props = {
"priority.session" = 2000;
"priority.driver" = 2000;
};
}
];
};
# Optional: clear "sticky" user-selected defaults so priority rules win
systemd.user.services.wireplumber-clear-default-nodes = {
description = "Clear WirePlumber saved default nodes (avoid HDMI becoming sticky)";
after = [ "wireplumber.service" ];
partOf = [ "wireplumber.service" ];
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.coreutils}/bin/rm -f %h/.local/state/wireplumber/default-nodes";
};
};
}
henrovnix_ok/configuration/desktop/hyprland.nix
+58
View File
@@ -0,0 +1,58 @@
{ pkgs, ... }:
{
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
};
services.dbus.enable = true;
security.polkit.enable = true;
services.flatpak.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
services.gvfs.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
];
config.common.default = [ "hyprland" "gtk" ];
};
environment.systemPackages = with pkgs; [
walker
uwsm
hyprland-qtutils
hyprpolkitagent
grimblast
];
programs = {
uwsm.enable = true;
uwsm.waylandCompositors.hyprland = {
prettyName = "Hyprland";
comment = "Hyprland compositor managed by UWSM";
binPath = "/run/current-system/sw/bin/Hyprland";
};
hyprland = {
withUWSM = true;
enable = true;
xwayland.enable = true;
};
};
environment.sessionVariables = {
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
NIXOS_OZONE_WL = "1";
XCURSOR_SIZE = "24";
};
security.pam.services.hyprlock = { };
# Optional; GNOME-specific (keep only if you really use gnome-keyring integration)
security.pam.services.gdm.enableGnomeKeyring = true;
}
henrovnix_ok/configuration/dev/terminal.nix
+8
View File
@@ -0,0 +1,8 @@
{ pkgs, user, ... }:
{
console.useXkbConfig = true;
users.users.${user.username}.shell = pkgs.zsh;
programs.zsh.enable = true;
environment.shells = [ pkgs.zsh ];
environment.pathsToLink = [ "/share/zsh" ];
}
henrovnix_ok/configuration/services/services.nix
+23
View File
@@ -0,0 +1,23 @@
{ user, ...} :
{
services = {
blueman.enable = true; # bluetooth manager
fwupd.enable = true; # firmware updating service
fstrim.enable = true; # ssd maintenance service
thermald.enable = true; # thermal regulation service
printing.enable = true; # printing services, cups
gnome.gnome-keyring.enable = true; # keyring
flatpak.enable = true; # allow installing things from flatpaks
#flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
# printer discovery
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
virtualisation.docker.enable = true; # enable docker
users.users.${user.username}.extraGroups = [ "docker" ]; # add self to docker user group
}