lukrecja/nixos-dots
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor into modules

Browse Source
This commit is contained in:
Lukrecja Pleskaczyńska
2026-03-10 23:22:08 +01:00
parent 1b9d24ce15
commit e58d5a7a18
29 changed files with 386 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

382
nixos/configuration.nix
View File

@@ -1,360 +1,52 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [
[ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./modules/boot/bootloader.nix
./modules/boot/kernel.nix
./modules/boot/tpm.nix
./modules/desktop/fonts.nix
./modules/desktop/greetd.nix
./modules/desktop/xdg.nix
./modules/desktop/xwayland.nix
./modules/filesystems.nix
./modules/hardware/bluetooth.nix
./modules/hardware/gpu.nix
./modules/hardware/power.nix
./modules/hardware/rtl-sdr.nix
./modules/hardware/scanner.nix
./modules/hardware/tablet.nix
./modules/hardware/udev.nix
./modules/networking/general.nix
./modules/networking/tailscale.nix
./modules/networking/vpn.nix
./modules/packages.nix
./modules/services/flatpak.nix
./modules/services/printing.nix
./modules/services/smb.nix
./modules/services/ssh.nix
./modules/users.nix
./modules/virtualization.nix
./modules/wireshark.nix
]; ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.resumeDevice = "/dev/mapper/luksroot";
boot.extraModprobeConfig = ''
options mt7921_common disable_clc=1
options atkbd reset=1 softrepeat=1
options i8042 nomux=1 reset=1 nopnp=1 kbdreset=1 direct=1 dumbkbd=1
'';
# Blacklist built-in RTL modules
boot.blacklistedKernelModules = [
"dvb_usb_rtl28xxu"
"rtl2832"
"rtl2830"
];
# Kernel parameters for power saving
boot.kernelParams = [
# CRITICAL FIX: Disable ACPI for i8042 (ASUS BIOS bug workaround)
"i8042.noacpi" # Disable buggy ASUS ACPI keyboard controller
"i8042.reset=1" # Force reset i8042
"i8042.nomux=1" # No multiplexing
"i8042.nopnp=1" # Ignore PnP detection
"atkbd.softrepeat=1" # Software key repeat
"amd_pstate=active" # Use AMD P-State driver for better power management
"amd_pstate.shared_mem=1"
# "pcie_aspm.policy=powersupersave" # Aggressive PCIe power management
"amdgpu.gpu_recovery=1" # Enable automatic GPU recovery
"amdgpu.runpm=0" # Disable runtime PM (major hang cause)
###"amdgpu.dcdebugmask=0x400"
#"amdgpu.dcdebugmask=0x10" # Disable PSR (panel self-refresh)
#"amdgpu.ppfeaturemask=0xf7fff" # Disable GFXOFF
];
# Disable TPM
systemd.tpm2.enable = false;
boot.initrd.systemd.tpm2.enable = false;
# Enable swap file
swapDevices = [{ device = "/swap/swapfile"; }];
# Override btrfs mount options from hardware-configuration.nix
fileSystems."/" = {
options = [ "subvol=@" "compress=zstd" "space_cache=v2" "noatime"
"lazytime" "ssd" "discard=async" ];
};
fileSystems."/home" = {
options = [ "subvol=@home" "compress=zstd" "space_cache=v2" "noatime"
"lazytime" "ssd" "discard=async" ];
};
fileSystems."/var/log" = {
options = [ "subvol=@log" "compress=zstd" "space_cache=v2" "noatime"
"lazytime" "ssd" "discard=async" ];
};
fileSystems."/swap" = {
options = [ "subvol=@swap" "noatime" "ssd" "discard=async" ];
};
# Enable NetworkManager and set network host name
networking.networkmanager.enable = true;
networking.hostName = "lusia-laptop";
# NetworkManager power saving for WiFi
networking.networkmanager.wifi.powersave = true;
# Enable Tailscale
services.tailscale.enable = true;
# Trust the Tailscale interface
networking.firewall.trustedInterfaces = [ "tailscale0" ];
# Disable reverse path filtering for Tailscale, change kernel writeback options
boot.kernel.sysctl = {
"net.ipv4.conf.tailscale0.rp_filter" = 0;
"vm.dirty_ratio" = 10;
"vm.dirty_background_ratio" = 5;
"vm.swappiness" = 10;
};
# Enable resolved
services.resolved.enable = true;
# Set DNS
networking.nameservers = [ "9.9.9.9" ];
# OpenVPN services
# VSTech VPN (with DNS for bgs.local domain)
services.openvpn.servers.vstech = {
config = ''
client
remote 51.83.143.81
proto udp
port 649
dev tun
topology subnet
ca /home/lusia/VSTech-vpn/ca.crt
cert /home/lusia/VSTech-vpn/Klient251.crt
key /home/lusia/VSTech-vpn/Klient251.inline
tls-crypt /home/lusia/VSTech-vpn/ta.key
auth sha512
data-ciphers aes-256-cbc
data-ciphers-fallback aes-256-cbc
key-direction 1
keepalive 10 120
'';
updateResolvConf = false;
# Manually set DNS after connection
up = ''
${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1
${pkgs.systemd}/bin/resolvectl domain $dev bgs.local
'';
down = ''
${pkgs.systemd}/bin/resolvectl revert $dev
'';
};
# CAT VPN
services.openvpn.servers.cat = {
config = ''
client
remote 79.133.193.211
proto tcp
port 1194
dev tun
topology subnet
ca /home/lusia/vpn/ca.crt
cert /home/lusia/vpn/client18.crt
key /home/lusia/vpn/client18.key
auth sha256
data-ciphers AES-256-CBC
key-direction 1
'';
updateResolvConf = true;
};
# Enable upower service
services.upower.enable = true;
# Set your time zone.
time.timeZone = "Europe/Warsaw"; time.timeZone = "Europe/Warsaw";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console.keyMap = "pl";
keyMap = "pl";
};
# Enable fish
programs.fish.enable = true;
# Enable greetd with tuigreet
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
user = "greeter";
};
};
};
# Essential for niri
security.polkit.enable = true;
services.gnome.gnome-keyring.enable = true;
# XDG Portal for file pickers or screen sharing
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome ];
config = {
common = {
default = [ "gtk" ];
"org.freedesktop.impl.portal.ScreenCast" = [ "gnome" ];
"org.freedesktop.impl.portal.Screenshot" = [ "gnome" ];
};
};
};
# Enable dconf
programs.dconf.enable = true;
users.groups.plugdev = {};
users.users.lusia = {
isNormalUser = true;
description = "Lukrecja";
extraGroups = [ "wheel" "networkmanager" "docker" "plugdev" "scanner" "lp" "wireshark" "libvirtd" "kvm" "vboxusers" "dialout" ];
initialPassword = "pass";
shell = pkgs.fish;
};
# Import udev rules for probe-rs
services.udev.packages = [
(pkgs.writeTextFile {
name = "probe-rs-udev-rules";
destination = "/etc/udev/rules.d/69-probe-rs.rules";
text = builtins.readFile ./udev-rules/69-probe-rs.rules;
})
];
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
services.openssh.enable = true;
security.sudo.enable = true;
# Enable virtualisation
virtualisation.libvirtd.enable = true;
# Enable VirtualBox
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.enableExtensionPack = true;
# Enable xwayland
programs.xwayland.enable = true;
# Set a session variable for icon theme
environment.sessionVariables = rec {
QT_QPA_PLATFORMTHEME = "qt5ct";
};
environment.systemPackages = with pkgs; [
git
curl
wget
vim
fish
kitty
#asusctl
powertop # For monitoring power consumption
openvpn
nodejs
gnumake
gcc
cmake
xwayland-satellite
busybox
libdecor
file
cifs-utils
samba
gvfs
];
# Enable Wireshark with proper groups
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
# Fonts
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
pkgs.nerd-fonts.fira-code
];
# For SMB shares
services.gvfs.enable = true;
# Printers
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.printing = {
enable = true;
drivers = with pkgs; [
cups-filters
cups-browsed
];
};
# Enable Flatpaks
services.flatpak.enable = true;
# Enable Docker
virtualisation.docker.enable = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable Bluetooth (but it will be blocked by default to save power) system.stateVersion = "24.11";
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false; # Don't power on bluetooth at boot
hardware.sane.enable = true;
# Configure epsonds for network scanning
environment.etc."sane.d/epsonds.conf".text = ''
net EPSOND80395.local
'';
# Enable OpenTabletDriver
hardware.opentabletdriver.enable = true;
hardware.uinput.enable = true;
# Enable kernel modules
boot.kernelModules = [ "uinput" "usbmon" "kvm-amd" ];
# Enable PPD for power options
services.power-profiles-daemon.enable = true;
# Enable AMD GPU graphics acceleration
hardware.graphics = {
enable = true;
enable32Bit = true; # For 32-bit applications/games
};
# Enable RTL-SDL module
hardware.rtl-sdr.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
} }

10
nixos/flake.nix
View File

@@ -5,14 +5,10 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
}; };
outputs = inputs@{ nixpkgs, home-manager, ... }: { outputs = inputs: {
nixosConfigurations = { nixosConfigurations.lusia-laptop = inputs.nixpkgs.lib.nixosSystem {
lusia-laptop = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [ ./configuration.nix ];
./configuration.nix
];
};
}; };
}; };
} }

13
nixos/home.nix
View File

@@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
home.username = "lusia";
home.homeDirectory = "/home/lusia";
home.stateVersion = "24.11";
programs.kitty = {
enable = true;
};
programs.home-manager.enable = true;
}

7
nixos/modules/boot/bootloader.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.resumeDevice = "/dev/mapper/luksroot";
}

26
nixos/modules/boot/kernel.nix Normal file
View File

@@ -0,0 +1,26 @@
{ ... }:
{
boot.extraModprobeConfig = ''
options mt7921_common disable_clc=1
options atkbd reset=1 softrepeat=1
options i8042 nomux=1 reset=1 nopnp=1 kbdreset=1 direct=1 dumbkbd=1
'';
boot.kernelParams = [
# CRITICAL FIX: Disable ACPI for i8042 (ASUS BIOS bug workaround)
"i8042.noacpi"
"i8042.reset=1"
"i8042.nomux=1"
"i8042.nopnp=1"
"atkbd.softrepeat=1"
# AMD P-State driver for better power management
"amd_pstate=active"
"amd_pstate.shared_mem=1"
# GPU
"amdgpu.gpu_recovery=1"
"amdgpu.runpm=0"
];
boot.kernelModules = [ "usbmon" ];
}

6
nixos/modules/boot/tpm.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
systemd.tpm2.enable = false;
boot.initrd.systemd.tpm2.enable = false;
}

10
nixos/modules/desktop/fonts.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
nerd-fonts.fira-code
];
}

13
nixos/modules/desktop/greetd.nix Normal file
View File

@@ -0,0 +1,13 @@
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
user = "greeter";
};
};
};
}

22
nixos/modules/desktop/xdg.nix Normal file
View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.dconf.enable = true;
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
];
config = {
common = {
default = [ "gtk" ];
"org.freedesktop.impl.portal.ScreenCast" = [ "gnome" ];
"org.freedesktop.impl.portal.Screenshot" = [ "gnome" ];
};
};
};
}

9
nixos/modules/desktop/xwayland.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
programs.xwayland.enable = true;
environment.sessionVariables = {
QT_QPA_PLATFORMTHEME = "qt5ct";
};
}

27
nixos/modules/filesystems.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }:
{
fileSystems."/" = {
options = [ "subvol=@" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ];
};
fileSystems."/home" = {
options = [ "subvol=@home" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ];
};
fileSystems."/var/log" = {
options = [ "subvol=@log" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ];
};
fileSystems."/swap" = {
options = [ "subvol=@swap" "noatime" "ssd" "discard=async" ];
};
swapDevices = [{ device = "/swap/swapfile"; }];
boot.kernel.sysctl = {
"vm.dirty_ratio" = 10;
"vm.dirty_background_ratio" = 5;
"vm.swappiness" = 10;
};
}

6
nixos/modules/hardware/bluetooth.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
}

8
nixos/modules/hardware/gpu.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
}

6
nixos/modules/hardware/power.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
services.upower.enable = true;
services.power-profiles-daemon.enable = true;
}

11
nixos/modules/hardware/rtl-sdr.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
hardware.rtl-sdr.enable = true;
boot.blacklistedKernelModules = [
"dvb_usb_rtl28xxu"
"rtl2832"
"rtl2830"
];
}

9
nixos/modules/hardware/scanner.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
hardware.sane.enable = true;
environment.etc."sane.d/epsonds.conf".text = ''
net EPSOND80395.local
'';
}

7
nixos/modules/hardware/tablet.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
hardware.opentabletdriver.enable = true;
hardware.uinput.enable = true;
boot.kernelModules = [ "uinput" ];
}

11
nixos/modules/hardware/udev.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
services.udev.packages = [
(pkgs.writeTextFile {
name = "probe-rs-udev-rules";
destination = "/etc/udev/rules.d/69-probe-rs.rules";
text = builtins.readFile ../../udev-rules/69-probe-rs.rules;
})
];
}

11
nixos/modules/networking/general.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
networking.hostName = "lusia-laptop";
networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = true;
networking.nameservers = [ "9.9.9.9" ];
services.resolved.enable = true;
}

11
nixos/modules/networking/tailscale.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
services.tailscale.enable = true;
networking.firewall.trustedInterfaces = [ "tailscale0" ];
boot.kernel.sysctl = {
"net.ipv4.conf.tailscale0.rp_filter" = 0;
};
}

55
nixos/modules/networking/vpn.nix Normal file
View File

@@ -0,0 +1,55 @@
{ pkgs, ... }:
{
# VSTech VPN (with DNS for bgs.local domain)
services.openvpn.servers.vstech = {
config = ''
client
remote 51.83.143.81
proto udp
port 649
dev tun
topology subnet
ca /home/lusia/VSTech-vpn/ca.crt
cert /home/lusia/VSTech-vpn/Klient251.crt
key /home/lusia/VSTech-vpn/Klient251.inline
tls-crypt /home/lusia/VSTech-vpn/ta.key
auth sha512
data-ciphers aes-256-cbc
data-ciphers-fallback aes-256-cbc
key-direction 1
keepalive 10 120
'';
updateResolvConf = false;
up = ''
${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1
${pkgs.systemd}/bin/resolvectl domain $dev bgs.local
'';
down = ''
${pkgs.systemd}/bin/resolvectl revert $dev
'';
};
# CAT VPN
services.openvpn.servers.cat = {
config = ''
client
remote 79.133.193.211
proto tcp
port 1194
dev tun
topology subnet
ca /home/lusia/vpn/ca.crt
cert /home/lusia/vpn/client18.crt
key /home/lusia/vpn/client18.key
auth sha256
data-ciphers AES-256-CBC
key-direction 1
'';
updateResolvConf = true;
};
}

25
nixos/modules/packages.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
git
curl
wget
vim
fish
kitty
powertop
openvpn
nodejs
gnumake
gcc
cmake
xwayland-satellite
busybox
libdecor
file
cifs-utils
samba
gvfs
];
}

5
nixos/modules/services/flatpak.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
services.flatpak.enable = true;
}

17
nixos/modules/services/printing.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.printing = {
enable = true;
drivers = with pkgs; [
cups-filters
cups-browsed
];
};
}

5
nixos/modules/services/smb.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
services.gvfs.enable = true;
}

5
nixos/modules/services/ssh.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
services.openssh.enable = true;
}

16
nixos/modules/users.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }:
{
users.groups.plugdev = {};
users.users.lusia = {
isNormalUser = true;
description = "Lukrecja";
extraGroups = [ "wheel" "networkmanager" "docker" "plugdev" "scanner" "lp" "wireshark" "libvirtd" "kvm" "vboxusers" "dialout" ];
initialPassword = "pass";
shell = pkgs.fish;
};
programs.fish.enable = true;
security.sudo.enable = true;
}

12
nixos/modules/virtualization.nix Normal file
View File

@@ -0,0 +1,12 @@
{ ... }:
{
virtualisation.libvirtd.enable = true;
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.enableExtensionPack = true;
virtualisation.docker.enable = true;
boot.kernelModules = [ "kvm-amd" ];
}

6
nixos/modules/wireshark.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }:
{
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
}