commit 56a13f49322107554082b35859f2b2e219a44c43 Author: Kyle Isom Date: Fri Apr 11 02:02:07 2025 -0700 In the beginning there was darkness. diff --git a/README.org b/README.org new file mode 100644 index 0000000..51a3f21 --- /dev/null +++ b/README.org @@ -0,0 +1,15 @@ +#+TITLE: imladris NixOS config + +* Imladris NixOS config + + imladris is my Thinkpad X1 carbon tailored for focused computing. + + Baseline specs for reference: + + + Gen 7 14" + + CPU: i7-8665U @ 1.90GHz + + 16GB RAM + + 512GB SSD + + The primary things I want to use it for are writing, lisping, and working on + uLisp or other portable computing projects. diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..1b14f9e --- /dev/null +++ b/configuration.nix @@ -0,0 +1,519 @@ +{ config, pkgs, lib, ... }: + +let + emScript = pkgs.writeScriptBin "em" '' + #!/usr/bin/env zsh + + if [ -z "$DISPLAY" ] + then + NW="" + else + NW="-n" + fi + + if [ -z "$@" ] + then + cd $HOME + fi + + emacsclient $NW -c -a "" "$@" + ''; + + home-manager = builtins.fetchGit { + url = "https://github.com/nix-community/home-manager.git"; + ref = "master"; + }; + + pubKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYpsgH3ltPvS3E0LE1IRpp5cJzKU4usv+OlCxnLXRfo kyle@hephaestus" + ]; + userBase = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = pubKeys; + }; + + homeBase = { + programs.git = { + enable = true; + lfs.enable = true; + + userName = "K. Isom"; + userEmail = "kyle@imap.cc"; + + aliases = { + log = "log --color=never"; + }; + + extraConfig = { + color = { + branch = false; + diff = true; + interactive = false; + log = false; + status = false; + ui = false; + }; + + push = { + default = "simple"; + }; + + transfer = { + fsckobjects = true; + }; + + fetch = { + fsckobjects = true; + }; + + sendemail = { + smtpserver = "mail.messagingengine.com"; + smtpuser = "kyle@imap.cc"; + smtpAuth = "PLAIN"; + smtpEncryption = "tls"; + smtpserverport = 587; + cc = "${homeBase.programs.git.userEmail}"; + confirm = "auto"; + }; + }; + }; + + programs.firefox = { + enable = true; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + ublock-origin + bitwarden + ]; + profiles = { + default = { + settings = { + "app.normandy.enabled" = false; + "app.shield.optoutstudies.enabled" = false; + "app.update.auto" = false; + "apz.peek_messages.enabled" = false; + "browser.aboutConfig.showWarning" = false; + "browser.bookmarks.showMobileBookmarks" = true; + "browser.ctrlTab.recentlyUsedOrder" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.newtabpage.activity-stream.asrouter.providers.snippets" = "{}"; + "browser.newtabpage.activity-stream.feeds.section.highlights" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.feeds.system.topsites" = false; + "browser.newtabpage.activity-stream.feeds.system.topstories" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.enabled" = false; + "browser.proton.enabled" = true; + "browser.safebrowsing.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.search.update" = false; + "browser.startup.homepage" = "about:blank"; + "browser.tabs.warnOnClose" = false; + "browser.urlbar.placeholderName" = "DuckDuckGo"; + "browser.urlbar.suggest.topsites" = false; + "browser.urlbar.update1" = true; + "distribution.searchplugins.defaultLocale" = "en-US"; + "extensions.getAddons.search.browseURL" = " https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%"; + "extensions.htmlaboutaddons.recommendations.enabled" = false; + "extensions.pocket.api" = "localhost"; + "extensions.pocket.enabled" = false; + "extensions.pocket.oAuthConsumerKey" = "butts"; + "extensions.pocket.site" = "localhost"; + "general.useragent.locale" = "en-US"; + "geo.enabled" = false; + "identity.fxaccounts.account.device.name" = config.networking.hostName; + "media.autoplay.default" = 1; + "media.navigator.enabled" = false; + "network.trr.mode" = 5; + "privacy.firstparty.isolate" = true; + "privacy.resistFingerprinting" = true; + "privacy.trackingprotection.cryptomining.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.fingerprinting.enabled" = true; + "privacy.trackingprotection.socialtracking.annotate.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "reader.color_scheme" = "sepia"; + "services.sync.declinedEngines" = "addons,passwords,prefs"; + "services.sync.engine.addons" = false; + "services.sync.engine.passwords" = false; + "services.sync.engine.prefs" = false; + "services.sync.engineStatusChanged.addons" = true; + "services.sync.engineStatusChanged.prefs" = true; + "signon.rememberSignons" = false; + }; + }; + }; + }; + + programs.zsh = { + enable = true; + shellAliases = { + vi = "nvim"; + }; + initExtra = '' + export PATH=$HOME/bin:$HOME/.local/bin:$PATH + export GOPATH=$HOME + ''; + }; + + programs.fzf = { + enable = true; + enableZshIntegration = true; + }; + + programs.neovim = { + enable = true; + extraConfig = '' + set backspace=indent,eol,start + set cindent autoindent + set confirm + set encoding=utf-8 + set incsearch + set hidden + set mouse=a + set nocompatible + set noexpandtab + set nohlsearch + set number + set ruler + set showcmd + set showmatch + set showmode + set tags=./tags,tags,/usr/src/sys/arch/amd64/tags,/var/db/libc.tags + set t_Co=256 + set ttyfast + source /usr/share/vim/vim81/ftplugin/man.vim + + filetype plugin on + + nnoremap :tag + nnoremap :pop + + nnoremap :bprev + + " fix glitches in certain terminals + " backspace + imap ^? ^H + + " f7 toggles spelling on/off + nn :setlocal spell! spell? + + " view binary files as hex + " Convert to hex and back; does not save changes + nn :%!xxd -g 1 + nn :%!xxd -g 1 -r + + " makefile magic + " compiler stuff + let g:compiler_gcc_ignore_unmatched_lines=1 + let mapleader=',' + " quickfix :make + nmap m :wa:silent! make \| redraw! \| cw + vmap m :wa:silent! make \| redraw! \| cw + nn ,c :silent! make clean \| redraw! \| cw + " handy shortcuts + map h :ccl + map s :cw + map l :cl + " jump between messages + map n :cn + map p :cp + + " format selection + map f :!fmt + + + " @c comment, @u uncomment, @p print function name + let @u='0xx$xx^[' + let @c='I/*^[A*/^[' + let @p='ofprintf(stderr, "%s\n", __func__);^[' + + :ab #d #define + :ab #i #include + + autocmd FileType make setlocal noexpandtab + autocmd FileType c setlocal noexpandtab + autocmd FileType cc setlocal noexpandtab + autocmd FileType python setlocal expandtab shiftwidth=4 softtabstop=4 + autocmd FileType ada setlocal expandtab shiftwidth=3 softtabstop=3 tabstop=3 + + " Plugins + + " Initialization + call plug#begin('~/.vim/bundle') + + Plug 'scrooloose/nerdtree' + Plug 'junegunn/fzf' + Plug 'fatih/vim-go', { 'for': 'go' } + Plug 'ambv/black', { 'for': 'python' } + Plug 'mileszs/ack.vim' + Plug 'racer-rust/vim-racer', { 'for': 'rust' } + + " Themes + Plug 'KKPMW/oldbook-vim' + Plug 'agreco/vim-citylights' + Plug 'xdefrag/vim-beelzebub' + Plug 'logico-dev/typewriter' + Plug 'vim-scripts/wombat256.vim' + + call plug#end() + + " NERDTree + map o :NERDTree + + " FZF + nmap (fzf-maps-n) + xmap (fzf-maps-x) + omap (fzf-maps-o) + imap (fzf-complete-word) + imap (fzf-complete-path) + imap (fzf-complete-file-ag) + imap (fzf-complete-line) + + command! FZFBuffers call fzf#run({'source': map(range(1, bufnr('$')), 'bufname(v:val)'), 'sink': 'e', 'down': '30%'}) + map b :FZFBuffers + + " Ack + if executable('ag') + let g:ackprg = 'ag --vimgrep' + endif + + " The space is signficant. + map / :Ack + + " Go stuff + map i :GoImports + map i :GoImports + + let g:go_fmt_autosave = 1 + let g:go_fmt_command = "goimports" + + au FileType rust nmap gd (rust-def) + autocmd Filetype c,cpp inoremap t :wa:silent! make test \| redraw! \| cw + autocmd Filetype go map t :wa:GoTest + autocmd Filetype go map C-] :w:GoDef + autocmd Filetype go map C-\ :w:GoDefPop + + + colorscheme oldbook + ''; + }; + + programs.emacs = { + enable = true; + extraPackages = epkgs: [ + epkgs.nix-mode + epkgs.magit + epkgs.org + ]; + }; + }; +in +{ + imports = + [ + ./hardware-configuration.nix + (import "${home-manager}/nixos") + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "nodev"; + boot.loader.grub.efiSupport = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.luks.devices = { + luksroot = { + name = "luksroot"; + device = "/dev/nvme0n1p2"; + preLVM = true; + allowDiscards = true; + }; + }; + boot.kernelPackages = pkgs.linuxPackages_latest; + + nix.autoOptimiseStore = true; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; + + time.timeZone = "America/Los_Angeles"; + networking.hostName = "imladris"; + networking.networkmanager.enable = true; + + networking.useDHCP = false; + networking.interfaces.wlp2s0.useDHCP = true; + services.resolved.enable = true; + services.resolved.fallbackDns = [ + "1.1.1.1" + "8.8.8.8" + ]; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + permitRootLogin = "prohibit-password"; + # passwordAuthentication = false; + }; + + security.doas = { + enable = true; + extraRules = [{ + users = ["kyle"]; + keepEnv = true; + noPass = true; + }]; + }; + + services.cron.enable = true; + + + i18n.defaultLocale = "en_US.UTF-8"; + + services.xserver.enable = true; + # services.xserver.desktopManager.mate.enable = true; + # services.xserver.windowManager.stumpwm.enable = true; + services.xserver.windowManager.i3.enable = true; + services.xserver.displayManager.gdm = { + enable = true; + wayland = false; + }; + + # from a previous platform, but might be similar. + # icarus is an "AMD Ryzen 5 PRO 4650U with Radeon Graphics" machine. + # services.xserver.videoDrivers = [ "amdgpu" ]; + # services.xserver.useGlamor = true; + + # In case of tearing, this is reported to fix the issue. The intel driver is + # outdated (last updated in 2015), so try to avoid this. + # services.xserver.videoDrivers = [ "intel" ]; + # services.xserver.deviceSection = '' + # Option "DRI" "2" + # Option "TearFree" "true" + # ''; + + services.xserver.libinput.enable = true; + services.xserver.xkbOptions = "ctrl:swapcaps"; + console.useXkbConfig = true; + + sound.enable = true; + hardware.pulseaudio.enable = true; + + users.users.kyle = userBase // { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "dialout" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + nixpkgs.config.allowUnfree = true; # needed for amdgpu + nixpkgs.config.packageOverrides = pkgs: { + doas = pkgs.doas.override { withPAM = false; }; + nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { + inherit pkgs; + }; + }; + environment.systemPackages = with pkgs; [ + ag + arduino + binutils-unwrapped + bitwarden + cloc + cscope + doas + elinks + emacs + emScript + feh + ffmpeg + file + fira-code + firefox + fzf + gcc + gdb + gforth + git + gnumake + go + go-font + hexyl + htop + i3 + keychain + lagrange + libzip + mercurial + mg + mutt + nmap + obsidian + ops + pciutils + picocom + pwgen + python3Full + sbcl + scdoc + scrot + stumpwm + syncthing + syncthing-cli + syncthing-tray + tailscale + tcpdump + texinfo + texliveFull + tmux + tree + vimHugeX + vscode + wget + xfce.xfce4-terminal + ]; + + fonts.fonts = with pkgs; [ + fira-code + fira-code-symbols + go-font + ]; + + + # services.syncthing = { + # enable = true; + # user = "kyle"; + # dataDir = "/home/kyle/Sync"; + # configDir = "/home/kyle/.config/syncthing"; + # }; + services.tailscale.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.zsh.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + + home-manager.users.root = homeBase; + home-manager.users.kyle = homeBase; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..92d5b88 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8cc8eca6-5a2d-4db1-a12d-06cd52b19726"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A93D-156F"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/ca4b5cbb-9cbb-4356-ba38-96f55b8f7711"; } + ]; + +}