n8r/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updates to work computer

Browse Source
This commit is contained in:
Nate Anderson 2025-04-23 08:53:30 -06:00
parent 00d88f052b
commit d24ebbf153
9 changed files with 209 additions and 68 deletions

42
flake.lock generated
View File

@ -5,11 +5,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1737579274, "lastModified": 1745352209,
"narHash": "sha256-8kBIYfn8TI9jbffhDNS12SdbQHb9ITXflwcgIJBeGqw=", "narHash": "sha256-u3vJEzi6zxgG59KXjMR5koERsdKT5nd1OEKCpr6zgn8=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "06f0ea19334bcc8112e6d671fd53e61f9e3ad63a", "rev": "6268e50dbb0ac9375e110560395b5dc199e4dfb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736373539, "lastModified": 1744743431,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,11 +62,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1736012469, "lastModified": 1744463964,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -78,11 +78,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1738410390, "lastModified": 1745234285,
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e", "rev": "c11863f1e964833214b767f4a369c6e6a7aba141",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1738435198, "lastModified": 1745279238,
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=", "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3", "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -110,11 +110,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1738142207, "lastModified": 1745234285,
"narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9d3ae807ebd2981d593cddd0080856873139aa40", "rev": "c11863f1e964833214b767f4a369c6e6a7aba141",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -131,11 +131,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1738362438, "lastModified": 1745419524,
"narHash": "sha256-EO2dVkMVLThWqv4hobEZEZGWBEuH2Z9SYqQDrbLSclU=", "narHash": "sha256-oDRzqjH44hOEvJAyA1A+pCp01+rkjEvW1+AXCCvEYNE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "95ddad0ff0e67c90314c6ca46324dce5f9a910d2", "rev": "a5724250ee4c962f1fbfe992061e296955277961",
"type": "github" "type": "github"
}, },
"original": { "original": {

16
nate-work/default.nix
View File

@ -11,6 +11,7 @@
imports = [ imports = [
./desktop-configuration.nix ./desktop-configuration.nix
./nixos/hardware-configuration.nix ./nixos/hardware-configuration.nix
./nixos/auto-update.nix
]; ];
deskCfg = { deskCfg = {
@ -30,19 +31,8 @@
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
### TODO add these to security.nix file autoCfg = {
# Auto Update System userName = userName;
system.autoUpgrade = {
enable = true;
flake = inputs.self.outPath;
flags = [
"--update-input"
"nixpkgs"
"nixpkgs-unstable"
"-L" # print build logs
];
dates = "05:00";
randomizedDelaySec = "45min";
}; };
services.clamav.daemon.enable = true; services.clamav.daemon.enable = true;

7
nate-work/desktop-configuration.nix
View File

@ -61,7 +61,12 @@ in
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
time.timeZone = timeZone; time.timeZone = timeZone;
hardware.sane = {
enable = true;
brscan5.enable = true;
};
main_user = { main_user = {
enable = true; enable = true;
userName = deskCfg.userName; userName = deskCfg.userName;

15
nate-work/modules/home-manager/home.nix
View File

@ -75,6 +75,7 @@
mariadb mariadb
lsp-ai lsp-ai
python3 python3
cmake
# Go stuff # Go stuff
go go
@ -83,6 +84,14 @@
go-tools go-tools
golangci-lint golangci-lint
# clojure
jre17_minimal
clojure
clojure-lsp
cljfmt
leiningen
emacs
### LSP's ### LSP's
gopls gopls
nil # Nix LSP nil # Nix LSP
@ -92,6 +101,8 @@
python311Packages.python-lsp-server python311Packages.python-lsp-server
gopls gopls
delve delve
yaml-language-server
elixir-ls
### Misc ### Misc
usbutils usbutils
@ -133,6 +144,7 @@
yt-dlp yt-dlp
libimobiledevice libimobiledevice
ifuse ifuse
simple-scan
# #
# Communication # Communication
@ -149,7 +161,7 @@
kdePackages.filelight kdePackages.filelight
hugo hugo
go-swag go-swag
llama-cpp unstable.llama-cpp
# #
# Style # Style
@ -194,7 +206,6 @@
home.sessionVariables = { home.sessionVariables = {
# BAT_THEME="Catppuccin Macchiato"; # BAT_THEME="Catppuccin Macchiato";
EDITOR = "hx"; EDITOR = "hx";
NIXOS_OZONE_WL = "1";
XCURSOR_THEME = "Bibata-Modern-Classic"; XCURSOR_THEME = "Bibata-Modern-Classic";
XCURSOR_SIZE = "24"; XCURSOR_SIZE = "24";
HYPRCURSOR_THEME = "Bibata-Modern-Classic"; HYPRCURSOR_THEME = "Bibata-Modern-Classic";

29
nate-work/modules/hypr/hypr_home.nix
View File

@ -46,6 +46,8 @@ in
touchpad = { touchpad = {
natural_scroll = true; natural_scroll = true;
}; };
follow_mouse = 0; # cursor movement will change focus
float_switch_override_focus = 0;
}; };
bezier = [ bezier = [
"easeout, 0, 0.55, 0.45, 1" "easeout, 0, 0.55, 0.45, 1"
@ -155,30 +157,32 @@ in
bindl = [ bindl = [
# trigger when the switch is turning on # trigger when the switch is turning on
", switch:on:Lid Switch, exec, hyprctl keyword monitor 'eDP-1, disable' && nwg-panel" ", switch:on:Lid Switch, exec, hyprctl keyword monitor 'eDP-1, disable' && nwg-panel"
# ", switch:on:[switch name], exec, hyprctl dispatch dpms off eDP-1 "
# trigger when the switch is turning off # trigger when the switch is turning off
", switch:off:Lid Switch, exec, hyprctl keyword monitor 'eDP-1, 2560x1600@165, 0x0, 1.00' && nwg-panel" ", switch:off:Lid Switch, exec, hyprctl keyword monitor 'eDP-1, 2560x1600@165, 0x0, 1.00' && nwg-panel"
# ", switch:off:[switch name], exec, hyprctl dispatch dpms on eDP-1"
]; ];
windowrulev2 = [ windowrulev2 = [
# float keepass windows, put main window in scratch # float keepass windows, put main window in scratch
"float, class:^(org.keepassxc.KeePassXC)$" "float, class:^(org.keepassxc.KeePassXC)$"
"workspace special:scratch silent, class:^(org.keepassxc.KeePassXC)$ title:\[Locked\]" "workspace special:scratch silent, class:^(org.keepassxc.KeePassXC)$ title:\[Locked\]"
# float music windows and move to music workspace # float music windows and move to music workspace
"tag +fmusic, class:^(firefox)$, title:^(YouTube Mozilla Firefox)$" # "tag +fmusic, class:^(firefox)$, title:^(YouTube — Mozilla Firefox)$"
"float, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube" # "float, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube"
"workspace special:music silent, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube" # "workspace special:music silent, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube"
"size 800 400, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube" # "size 800 400, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube"
"move 100%-w-20 100%-h-20, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube" # "move 100%-w-20 100%-h-20, tag:^(fmusic)$"# class:^(firefox)$, title:YouTube"
]; ];
# Auto tile new unspecified monitors to the right, in preferred resolution
monitor = [ monitor = [
"eDP-1, 2560x1600@165, 0x0, 1.00" "eDP-1, 2560x1600@165, 0x0, 1.00"
# At home monitor setup, 144 for hdmi bandwidth # At home monitor setup, 144 for hdmi bandwidth
"desc:LG Electronics LG ULTRAGEAR+ 406NTJJ6B876, 3840x2160@144, auto, 1, vrr, 1" "desc:LG Electronics LG ULTRAGEAR+ 406NTJJ6B876, 3840x2160@144, auto, 1, vrr, 1"
"desc:LG Electronics LG HDR WQHD 403MXVW10247, 3440x1440@84.96, auto, 1, vrr, 1" # Work monitor over USBC
", preferred, auto, 1" "eDP-2, 3440x1440@99.98Hz, auto, 1, vrr, 1"
"eDP-3, 3440x1440@99.98Hz, auto, 1, vrr, 1"
# Auto tile new unspecified monitors to the right, in preferred resolution
", preferred, auto-right, 1"
]; ];
cursor = { cursor = {
no_hardware_cursors = true; no_hardware_cursors = true;
@ -189,6 +193,11 @@ in
force_default_wallpaper = 0; force_default_wallpaper = 0;
disable_hyprland_logo = true; disable_hyprland_logo = true;
}; };
render = {
explicit_sync = 1;
explicit_sync_kms = 1;
direct_scanout = "no";
};
}; };
wayland.windowManager.hyprland.systemd.variables = ["--all"]; wayland.windowManager.hyprland.systemd.variables = ["--all"];

23
nate-work/modules/hypr/hyprland.nix
View File

@ -55,10 +55,11 @@ in
sessionVariables = { sessionVariables = {
# use wayland # use wayland
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";
# NIXOS_OZONE_WL = "1";
T_QPA_PLATFORM = "wayland"; T_QPA_PLATFORM = "wayland";
GDK_BACKEND = "wayland"; GDK_BACKEND = "wayland";
WLR_NO_HARDWARE_CURSORS = "1"; WLR_NO_HARDWARE_CURSORS = "1";
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NIXOS_OZONE_WL = "1";
# For hyprland # For hyprland
# Only enable if not using on-the-go # Only enable if not using on-the-go
GBM_BACKEND = if isOnTheGo then "" else "nvidia-drm"; GBM_BACKEND = if isOnTheGo then "" else "nvidia-drm";
@ -79,18 +80,32 @@ in
]; ];
}; };
programs.virt-manager.enable = true;
virtualisation = { virtualisation = {
docker = { docker = {
enable = true; enable = true;
enableOnBoot = true; enableOnBoot = true;
package = unstable.docker_25; package = unstable.docker_25;
}; };
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
};
};
spiceUSBRedirection.enable = true;
# containers.cdi.dynamic.nvidia.enable = true; # containers.cdi.dynamic.nvidia.enable = true;
# podman = { # podman = {
# enable = true; # enable = true;
# dockerCompat = true; # dockerCompat = true;
# }; # };
}; };
boot.initrd.supportedFilesystems = { nfs = true; };
users.groups.libvirtd.members = ["nate"];
# enable nvidia passthru for containers # enable nvidia passthru for containers
# hardware.nvidia-container-toolkit.enable = true; # hardware.nvidia-container-toolkit.enable = true;
@ -222,11 +237,11 @@ in
# Enable this if you have graphical corruption issues or application crashes after waking # Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials. # of just the bare essentials.
powerManagement.enable = true; powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use. # Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer). # Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = true; powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the # Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver). # independent third-party "nouveau" open source driver).
@ -235,7 +250,7 @@ in
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+ # Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting. # Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false; open = true;
# Enable the Nvidia settings menu, # Enable the Nvidia settings menu,
# accessible via `nvidia-settings`. # accessible via `nvidia-settings`.

16
nate-work/modules/user/main_user.nix
View File

@ -38,18 +38,18 @@ in
}) })
(lib.mkIf cfg.isDesktopUser { (lib.mkIf cfg.isDesktopUser {
extraGroups = [ extraGroups = [
"wheel"
"networkmanager"
cfg.userName
"video"
"audio"
# For android
"adbusers" "adbusers"
# For serial interfaces "audio"
cfg.userName
"dialout" "dialout"
# For docker
"docker" "docker"
"lp"
"networkmanager"
"scanner"
"syncthing" "syncthing"
"video"
"wheel"
]; ];
}) })
]; ];

113
nate-work/nixos/auto-update.nix Normal file
View File

@ -0,0 +1,113 @@
{ config, pkgs, lib, ...}:
let
autoCfg = config.autoCfg;
in
{
options.autoCfg= {
userName = lib.mkOption {
type = lib.types.str;
description = "username for enabling sudo-less system updates";
};
};
config = {
# Make sure the user can use sudo for nixos-rebuild without password
security.sudo.extraRules = [
{
users = [ autoCfg.userName ];
commands = [
{
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
];
}
];
# Disable builtin auto-update because we hand-rollin
system.autoUpgrade.enable = false;
# Define user services and timers
systemd.user.services.nixos-flake-update = {
description = "Update NixOS Flake Inputs";
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "nixos-flake-update.sh" ''
set -e
cd ~/nixos
echo "Updating flake inputs..."
${pkgs.nix}/bin/nix flake lock \
--update-input nixpkgs \
--update-input nixpkgs-unstable
echo "Flake inputs updated successfully"
'';
};
environment = {
NIX_CONFIG = "experimental-features = nix-command flakes";
};
};
systemd.user.services.nixos-rebuild = {
description = "Rebuild NixOS";
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "nixos-rebuild.sh" ''
set -e
echo "Rebuilding NixOS..."
${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
-L \
--flake ~/nixos#nate-work
echo "NixOS rebuild completed successfully"
'';
};
};
# Combined service that runs both update and rebuild in sequence
systemd.user.services.nixos-upgrade = {
description = "Update and Rebuild NixOS";
serviceConfig = {
Type = "oneshot";
# Use a shell script to run both operations in sequence
ExecStart = pkgs.writeShellScript "nixos-complete-upgrade.sh" ''
set -e
echo "Starting complete NixOS upgrade process..."
# First update the flake inputs
systemctl --user start nixos-flake-update.service
systemctl --user status nixos-flake-update.service --no-pager
# Then rebuild if the update was successful
if [ $? -eq 0 ]; then
systemctl --user start nixos-rebuild.service
systemctl --user status nixos-rebuild.service --no-pager
else
echo "Flake update failed, skipping rebuild"
exit 1
fi
echo "Complete NixOS upgrade process finished"
'';
};
environment = {
NIX_CONFIG = "experimental-features = nix-command flakes";
};
};
# Timer to run the upgrade service
systemd.user.timers.nixos-upgrade = {
description = "Timer for NixOS Upgrade";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "12:00";
RandomizedDelaySec = "45min";
Persistent = true; # Run immediately if last run was missed
};
};
};
}

16
nate/modules/user/main_user.nix
View File

@ -38,18 +38,16 @@ in
}) })
(lib.mkIf cfg.isDesktopUser { (lib.mkIf cfg.isDesktopUser {
extraGroups = [ extraGroups = [
"wheel"
"networkmanager"
"corectrl"
cfg.userName
"video"
"audio"
# For android
"adbusers" "adbusers"
# For serial interfaces "audio"
cfg.userName
"corectrl"
"dialout" "dialout"
# For docker
"docker" "docker"
"networkmanager"
"video"
"wheel"
]; ];
}) })
]; ];