initial setup with impermanence

2025-06-07 16:05:38 +03:00
commit 86b4fcd2fc
19 changed files with 700 additions and 0 deletions
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+{
+	nix.buildMachines = [ {
+	 hostName = "builder";
+	 system = "x86_64-linux";
+         protocol = "ssh-ng";
+	 # if the builder supports building for multiple architectures, 
+	 # replace the previous line by, e.g.
+	 # systems = ["x86_64-linux" "aarch64-linux"];
+	 maxJobs = 16;
+	 speedFactor = 8;
+	 supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+	 mandatoryFeatures = [ ];
+	}] ;
+	nix.distributedBuilds = true;
+	# optional, useful when the builder has a faster internet connection than yours
+	nix.extraOptions = ''
+	  builders-use-substitutes = true
+	'';
+	programs.ssh.extraConfig = ''
+        Host builder	
+	HostName 192.168.1.222
+	Port 9022
+	StrictHostKeyChecking=accept-new
+        '';
+}
+
@@ -0,0 +1,5 @@
+{ config, ... }:
+{
+  services.displayManager.gdm.enable = true;
+  services.desktopManager.gnome.enable = true;
+}
@@ -0,0 +1,9 @@
+{ config, ... }:
+{
+  services.xserver.enable = true;
+  hardware.graphics.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  programs.kdeconnect.enable = true;
+
+}
@@ -0,0 +1,31 @@
+{
+  description = "NixOS configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    home-manager.url = "github:nix-community/home-manager";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs =
+    { nixpkgs, home-manager, ... }:
+    {
+      nixosConfigurations = {
+        hostname = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            ./configuration.nix
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.jdoe = ./home.nix;
+
+              # Optionally, use home-manager.extraSpecialArgs to pass
+              # arguments to home.nix
+            }
+          ];
+        };
+      };
+    };
+}
@@ -0,0 +1,146 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "id": "flake-utils",
+        "type": "indirect"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1749243446,
+        "narHash": "sha256-P1gumhZN5N9q+39ndePHYrtwOwY1cGx+VoXGl+vTm7A=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2d7d65f65b61fdfce23278e59ca266ddd0ef0a36",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1748693115,
+        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1741379970,
+        "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "impermanence": "impermanence",
+        "nixpkgs": "nixpkgs",
+        "yandex-music": "yandex-music"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "yandex-music": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2",
+        "ymExe": "ymExe"
+      },
+      "locked": {
+        "lastModified": 1748739739,
+        "narHash": "sha256-utcv++Te4VEW4SkPVrUyxRjVnmWEj97dQsTWBzS2Ac0=",
+        "owner": "cucumber-sp",
+        "repo": "yandex-music-linux",
+        "rev": "2efccc9e9671618c1f04a3f0c87f5b537a84cba5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cucumber-sp",
+        "repo": "yandex-music-linux",
+        "type": "github"
+      }
+    },
+    "ymExe": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-xkBpCCSAsXDJqNEhsx7xC1LRUyr06R0QO/gPF9Th/4g=",
+        "type": "file",
+        "url": "https://music-desktop-application.s3.yandex.net/stable/Yandex_Music_x64_5.53.1.exe"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://music-desktop-application.s3.yandex.net/stable/Yandex_Music_x64_5.53.1.exe"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
@@ -0,0 +1,58 @@
+{
+  nixConfig = {
+    experimental-features = [
+      "flakes"
+      "nix-command"
+    ];
+  };
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    impermanence.url = "github:nix-community/impermanence";
+    yandex-music.url = "github:cucumber-sp/yandex-music-linux";
+    home-manager = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, impermanence, home-manager, ...}@inputs: {
+    nixosConfigurations = {
+      Ratchet = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          impermanence.nixosModules.impermanence
+          ./hosts/generic/configuration_generic.nix
+          ./hosts/generic/users.nix
+          ./hosts/Ratchet/hardware-Ratchet.nix
+          ./hosts/generic/persistence.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.yaroslav = import ./home/yaroslav/home.nix;
+          }
+        ];
+      };
+      Aphelion = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          impermanence.nixosModules.impermanence
+          ./hosts/generic/persistence.nix
+          ./hosts/generic/configuration_generic.nix
+          ./hosts/generic/users.nix
+          ./hosts/Aphelion/hardware-Aphelion.nix
+          ./hosts/Aphelion/nvidia.nix
+          ./desktop/gnome.nix
+          ./misc/disable_suspend.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useUserPackages = true;
+            home-manager.users.yaroslav = import ./home/yaroslav/Aphelion/Aphelion.nix;
+          }
+        ];
+      };
+    };
+  };
+}
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ../home.nix
+    ./mpd.nix
+  ];
+}
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+  services.mpd = {
+    enable = true;
+    musicDirectory = /vol/Trash/Music;
+    network.listenAddress = "any";
+    extraConfig = ''
+      audio_output {
+        type            "pipewire"
+        name            "PipeWire Sound Server"
+      }
+    '';
+  };
+}
@@ -0,0 +1,92 @@
+{ config, pkgs, lib, ... }:
+
+let
+  fromGitHub = ref: repo: pkgs.vimUtils.buildVimPlugin {
+    pname = "${lib.strings.sanitizeDerivationName repo}";
+    version = ref;
+    src = builtins.fetchGit {
+      url = "https://github.com/${repo}.git";
+      ref = ref;
+    };
+  };
+in
+
+{
+  imports = [
+    ./nvim.nix
+  ];
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home.username = "yaroslav";
+  home.homeDirectory = "/home/yaroslav";
+  home.sessionVariables = {
+    EDITOR = "nvim";
+    XDG_DATA_DIRS="$HOME/.nix-profile/share:$XDG_DATA_DIRS";
+  };
+  services.ssh-agent.enable = true;
+  programs.ssh = {
+    enable = true;
+  };
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    autosuggestion.enable = true;
+    syntaxHighlighting.enable = true;
+    oh-my-zsh = {
+      enable = true;
+      };
+    initContent = ''
+      source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme
+      test -f ~/.p10k.zsh && source ~/.p10k.zsh
+      eval "$(ssh-agent -s)"
+      ssh-add ~/.ssh/id_github
+    '';
+  };
+  programs.ncmpcpp = {
+    enable = true;
+  };
+  services.mpd-mpris.enable = true;
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "obsidian"
+    "yandex-music"
+  ];
+  home.packages = with pkgs; [
+    firefox
+    mc
+    htop
+    yt-dlp
+    zsh-powerlevel10k
+    meslo-lgs-nf
+    keepassxc
+    remmina
+    nekoray
+    python3
+#    prismlauncher
+    kdePackages.kcalc
+    ayugram-desktop
+    distrobox
+    thunderbird
+    scrcpy
+    android-tools
+    linux-wifi-hotspot
+    nmap
+    nil
+    obs-studio
+    nicotine-plus
+  ];
+
+  xdg.enable = true;
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "24.11";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}
@@ -0,0 +1,61 @@
+{ pkgs, lib, config, ... }:
+
+{
+home.packages = with pkgs; [
+  pyright
+  python312Packages.pynvim-pp
+];
+
+programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+    plugins = with pkgs.vimPlugins; [
+      nvim-lspconfig
+      nvim-treesitter.withAllGrammars
+      plenary-nvim
+      gruvbox-material
+      mini-nvim
+      nvim-tree-lua
+      nvim-lspconfig
+      coq_nvim
+      vim-nix
+    ];
+    extraLuaConfig = ''
+     local function my_on_attach(bufnr)
+       local api = require "nvim-tree.api"
+
+       local function opts(desc)
+         return { desc = "nvim-tree: " .. desc, buffer = bufnr, noremap = true, silent = true, nowait = true }
+       end
+
+       -- default mappings
+       api.config.mappings.default_on_attach(bufnr)
+
+       -- custom mappingse
+       vim.keymap.set('n', '?',     api.tree.toggle_help,                  opts('Help'))
+       end
+
+       -- pass to setup along with your other options
+       require("nvim-tree").setup {
+         on_attach = my_on_attach,
+	 sort = {
+           sorter = "case_sensitive",
+         },
+         view = {
+           width = 30,
+         },
+         renderer = {
+           group_empty = true,
+         },
+         filters = {
+           dotfiles = false,
+         },
+       }
+      vim.lsp.enable('pyright')
+      vim.lsp.enable('nil_ls')
+    '';
+};
+
+}
@@ -0,0 +1,7 @@
+{ pkgs, ...}:
+{
+  imports = [ <plasma-manager/modules> ];
+  programs.plasma = {
+    enable = true;
+
+
@@ -0,0 +1,64 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+  boot.kernelPackages = pkgs.linuxPackages_zen;
+
+  fileSystems."/" =
+    { #device = "/dev/disk/by-uuid/3126fadd-b793-4110-bcb7-577b7978cba2";
+      #fsType = "btrfs";
+      #options = [ "subvol=@nixos" ];
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=1G" "mode=755" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/3126fadd-b793-4110-bcb7-577b7978cba2";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/595C-784B";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/home/yaroslav" =
+    { device = "none";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=1G" "uid=1000" "gid=100" ];
+    };
+  fileSystems."/vol/Trash" = {
+      device = "/dev/mapper/yarikpc-trash";
+      fsType = "ext4";
+      options = [ "defaults" "size=1G" "uid=1000" "gid=100" ];
+    };
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.lxdbr0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth9787cb37.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  networking.hostName = "Aphelion";
+}
@@ -0,0 +1,17 @@
+{ config, lib, ... }:
+{
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "nvidia-x11"
+      "nvidia-settings"
+    ];
+  boot.initrd.kernelModules = [ "nvidia" ];
+  hardware.graphics.enable = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    open = true;
+    nvidiaSettings = true;
+  };
+}
@@ -0,0 +1,55 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "none";
+      fsType = "tmpfs";
+      options = ["defaults" "size=1G" "mode=755"];
+    };
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/067a8472-18d0-49d4-961d-dbe07d8cc1a7";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" "compress=zstd"];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/067a8472-18d0-49d4-961d-dbe07d8cc1a7";
+      fsType = "btrfs";
+      options = [ "subvol=@home" "compress=zstd"];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/67E3-17ED";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+  fileSystems."/home/yaroslav/tmp" =
+    {
+      device = "nome";
+      fsType = "tmpfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+{
+  nix.settings.experimental-features = [ "nix-command" "flakes"];
+  # loader setup
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  }; 
+
+  # timezone
+  time.timeZone = "Europe/Moscow";
+
+  programs.zsh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+    wget
+  ];
+
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+  };
+
+  services.openssh.enable = true;
+
+  # networking
+  networking.networkmanager.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.nftables.enable = true;
+
+  # locales
+  i18n.extraLocales = [ "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" "ru_RU.UTF-8/UTF-8" ];
+  
+}
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+{
+  environment.persistence."/nix/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/lib/systemd/timers"
+      "/etc/NetworkManager"
+      "/var/lib/sddm"
+      "/etc/ssh"
+      "/etc/nixos"
+      "/var/lib/incus"
+      { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
+    ];
+    files = [
+      "/etc/machine-id"
+      { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+    ];
+  };
+}
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.yaroslav = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "incus-admin" "networkmanager" "libvirtd" ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.zsh;
+    packages = with pkgs; [
+      tree
+    ];
+    initialHashedPassword = "$6$.r5fJE91KtrOA2T.$JVjtzlFWx.RsTsNmO5WOsi1MhK6TUTKo8K5F2GgG.bAXYuYjGu4sK3SMzhk4oJ9FBoAcnyHmk7sLMsgLbUeoE1";
+  };
+}
@@ -0,0 +1,28 @@
+{ pkgs, config, lib, ... }:
+
+{
+    environment = {
+    systemPackages = [ pkgs.qemu ];
+    };
+    systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
+    boot.binfmt.emulatedSystems = [
+        "aarch64-linux"
+        "riscv64-linux"
+    ];
+    virtualisation.libvirtd = {
+        enable = true;
+        qemu = {
+        package = pkgs.qemu_kvm;
+        runAsRoot = true;
+        swtpm.enable = true;
+        ovmf = {
+            enable = true;
+            packages = [(pkgs.OVMF.override {
+                secureBoot = true;
+                tpmSupport = true;
+            }).fd];
+        };
+        };
+    };
+    boot.extraModprobeConfig = "options kvm_amd nested=1";
+}
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  systemd.targets.sleep.enable = false;
+  systemd.targets.suspend.enable = false;
+  systemd.targets.hibernate.enable = false;
+  systemd.targets.hybrid-sleep.enable = false;
+}