monologiq/systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Paul-Mathias Logue 2025-12-12 12:02:26 +01:00
commit 03f9a9de88
5 changed files with 717 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

273
configuration.nix Normal file
View file

@ -0,0 +1,273 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ inputs, config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.xbootldrMountPoint = "/boot";
boot.loader.efi.efiSysMountPoint = "/efi";
boot.initrd.luks.devices.cryptroot = {
device = "/dev/disk/by-uuid/9aaac705-2737-4222-9887-51131acec90c";
};
networking.hostName = "hermes"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.wireless.iwd.enable = true;
# Set your time zone.
time.timeZone = "Europe/Paris";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.avahi.enable = true;
hardware.graphics.enable = true;
services.xserver.videoDrivers = [ "modesetting" "nvidia" ];
hardware.nvidia.open = true;
hardware.nvidia.nvidiaSettings = true;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
hardware.graphics.extraPackages = with pkgs; [
intel-media-driver # VA-API (iHD) userspace
vpl-gpu-rt # oneVPL (QSV) runtime
];
programs.nix-ld.enable = true;
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD"; # Prefer the modern iHD backend
# VDPAU_DRIVER = "va_gl"; # Only if using libvdpau-va-gl
};
hardware.nvidia.prime = {
# offload.enable = true;
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:2:0:0";
};
# May help if FFmpeg/VAAPI/QSV init fails (esp. on Arc with i915):
hardware.enableRedistributableFirmware = true;
boot.kernelParams = [ "i915.enable_guc=3" ];
programs.niri.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.pml = {
isNormalUser = true;
extraGroups = [ "i2c" "wheel" ]; # Enable sudo for the user.
};
# programs.firefox.enable = true;
# List packages installed in system profile.
# You can use https://search.nixos.org/ to find more packages (and options).
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
sbctl
alacritty
fuzzel
libva-utils
firefox
(openrgb.overrideAttrs (old: {
src = pkgs.fetchFromGitLab {
owner = "CalcProgrammer1";
repo="OpenRGB";
rev = "release_candidate_1.0rc2";
sha256 = "vdIA9i1ewcrfX5U7FkcRR+ISdH5uRi9fz9YU5IkPKJQ=";
};
patches = [
./remove_systemd_service.patch
];
postPatch = ''
patchShebangs scripts/build-udev-rules.sh
substituteInPlace scripts/build-udev-rules.sh \
--replace-fail /usr/bin/env "${pkgs.coreutils}/bin/env"
'';
version = "1.0rc2";
}))
i2c-tools
];
fonts.fontconfig = {
enable = true;
antialias = true;
hinting = {
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "default";
};
defaultFonts = {
serif = [ "SF Pro" "DejaVu Serif" ];
sansSerif = [ "SF Pro" "DejaVu Sans" ];
monospace = [ "Iosevka" "DejaVu Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
};
fonts.packages = with pkgs; [
noto-fonts-color-emoji
(iosevka.override {
set = "cavalier";
privateBuildPlan = {
family = "Iosevka Cavalier";
spacing = "normal";
serifs = "sans";
noCvSs = false;
exportGlyphNames = true;
variants.inherits = "ss08";
variants.weights.Regular = {
shape = 400;
menu = 400;
css = 400;
};
variants.weights.Bold = {
shape = 700;
menu = 700;
css = 700;
};
variants.weights.Italic = {
angle = 9.4;
shape = "italic";
menu = "italic";
css = "italic";
};
variants.weights.Upright = {
angle = 0;
shape = "upright";
menu = "upright";
css = "upright";
};
};
})
];
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
# Certain features, including CLI integration and system authentication support,
# require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = [ "pml" ];
};
#services.hardware.openrgb.enable = true;
services.udev.packages = [ pkgs.openrgb ];
boot.kernelModules = [ "i2c-dev" ];
hardware.i2c.enable = true;
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
firefox
'';
mode = "0755";
};
};
hardware.bluetooth.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true; # if not already enabled
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment the following
jack.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

272
flake.lock generated Normal file
View file

@ -0,0 +1,272 @@
{
"nodes": {
"apple-fonts": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"ny": "ny",
"sf-arabic": "sf-arabic",
"sf-armenian": "sf-armenian",
"sf-compact": "sf-compact",
"sf-georgian": "sf-georgian",
"sf-hebrew": "sf-hebrew",
"sf-mono": "sf-mono",
"sf-pro": "sf-pro"
},
"locked": {
"lastModified": 1758228441,
"narHash": "sha256-3mA9oFuhJ1EHyhPd17g/EuJi4jDYPGhyxkEitdh3Kmc=",
"owner": "Lyndeno",
"repo": "apple-fonts.nix",
"rev": "aba9944f6606a69ebedf7bfb723316139eec3f72",
"type": "github"
},
"original": {
"owner": "Lyndeno",
"repo": "apple-fonts.nix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1765145449,
"narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
"owner": "ipetkov",
"repo": "crane",
"rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": [
"nixpkgs"
],
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1765382359,
"narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.0.0",
"repo": "lanzaboote",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1765311797,
"narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
"rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
"revCount": 903162,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.903162%2Brev-09eb77e94fa25202af8f3e81ddc7353d9970ac1b/019b095a-7dde-7122-8fd5-afa2e9e17894/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/%2A"
}
},
"ny": {
"flake": false,
"locked": {
"narHash": "sha256-3257NAH4qlan2YHVLpNRy7x8IJqR2pal3OzFo/ykqXs=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/NY.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/NY.dmg"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765016596,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"apple-fonts": "apple-fonts",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765075567,
"narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sf-arabic": {
"flake": false,
"locked": {
"narHash": "sha256-/0gjRimqvZyE60xYxxPdlU+7Q2LJnnvtbmwOP0YmS9U=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Arabic.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Arabic.dmg"
}
},
"sf-armenian": {
"flake": false,
"locked": {
"narHash": "sha256-rRoDkbNMYkzOHZmQm96Zv80TZvRlAeoxkv4pMHP5nUg=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Armenian.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Armenian.dmg"
}
},
"sf-compact": {
"flake": false,
"locked": {
"narHash": "sha256-WeqT80cdK/XzTLSaJs5DHodzxoeAzwL/xTgdq0YwQbM=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Compact.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Compact.dmg"
}
},
"sf-georgian": {
"flake": false,
"locked": {
"narHash": "sha256-IevVNOC28IiR45YfI3PsZzXLMRxuB5u7UiE53Zn6tRU=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Georgian.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Georgian.dmg"
}
},
"sf-hebrew": {
"flake": false,
"locked": {
"narHash": "sha256-Dw84kYwMpCtKKKqm8cZcQ9TZ7GayU5MO7W0LJw0Rcwk=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Hebrew.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Hebrew.dmg"
}
},
"sf-mono": {
"flake": false,
"locked": {
"narHash": "sha256-ICdHRFdNL7PM/fXJUzS7LgZxZiqcyIuCMHLze4En4vg=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Mono.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Mono.dmg"
}
},
"sf-pro": {
"flake": false,
"locked": {
"narHash": "sha256-vprahHpCUf9O8RualBrEuLEfuLfzI/2d8AQmwlCGPPk=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Pro.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Pro.dmg"
}
}
},
"root": "root",
"version": 7
}

60
flake.nix Normal file
View file

@ -0,0 +1,60 @@
{
description = "A SecureBoot-enabled NixOS configurations";
inputs = {
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
lanzaboote = {
url = "github:nix-community/lanzaboote/v1.0.0";
inputs.nixpkgs.follows = "nixpkgs";
};
apple-fonts.url= "github:Lyndeno/apple-fonts.nix";
apple-fonts.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, lanzaboote, apple-fonts, ...}: {
nixosConfigurations = {
hermes = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
# This is not a complete NixOS configuration and you need to reference
# your normal configuration here.
lanzaboote.nixosModules.lanzaboote
./configuration.nix
./hardware-configuration.nix
({ pkgs, lib, ... }: {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
fonts.packages = [
apple-fonts.packages."x86_64-linux".sf-pro
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.bootspec.enable = true;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
})
];
};
};
};
}

95
hardware-configuration.nix Normal file
View file

@ -0,0 +1,95 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/9aaac705-2737-4222-9887-51131acec90c";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/afbb025b-f483-4b79-9702-645cfca09e8b";
fsType = "ext4";
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/5E49-BE19";
fsType = "vfat";
options = [ "fmask=0137" "dmask=0027" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/cache" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_cache" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/spool" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_spool" ];
};
fileSystems."/var/tmp" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_tmp" ];
};
fileSystems."/var/lib/machines" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_lib_machines" ];
};
fileSystems."/var/lib/portables" =
{ device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
fsType = "btrfs";
options = [ "subvol=@var_lib_portables" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp131s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp132s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

17
remove_systemd_service.patch Normal file
View file

@ -0,0 +1,17 @@
diff --git a/OpenRGB.pro b/OpenRGB.pro
index df7082b6..0022e5fa 100644
--- a/OpenRGB.pro
+++ b/OpenRGB.pro
@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) {
icon.files+=qt/org.openrgb.OpenRGB.png
metainfo.path=$$PREFIX/share/metainfo/
metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml
- systemd_service.path=/etc/systemd/system
- systemd_service.files+=qt/openrgb.service
- INSTALLS += target desktop icon metainfo udev_rules systemd_service
+ # systemd_service.path=/etc/systemd/system
+ # systemd_service.files+=qt/openrgb.service
+ INSTALLS += target desktop icon metainfo udev_rules # systemd_service
}
#-----------------------------------------------------------------------------------------------#