Add initial legacy configuration

nixos-modules/base-system/default.nix

@@ -0,0 +1,4 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
+}

nixos-modules/base/applications.nix

@@ -0,0 +1,87 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  environment.systemPackages =
+    with pkgs;
+    [
+      tmux
+      pciutils
+      dmidecode
+      smartmontools
+      borgbackup
+      iw
+      killall
+      bc
+      efibootmgr
+      efitools
+      efivar
+      mkpasswd
+      rename
+      wipe
+      gnupg
+      pass-wayland
+      pwgen
+      powertop
+      lm_sensors
+      sbctl
+    ]
+    ++ [
+      nixfmt-rfc-style
+      nix-index
+      nix-diff
+      nixpkgs-review
+      nixos-option
+    ]
+    ++ [
+      autojump
+      powerline-go
+    ]
+    ++ [
+      # File Utilities
+      ripgrep
+      unzip
+      p7zip
+      unrar
+      iotop
+      cabextract
+      tree
+      vim
+      vimPlugins.pathogen
+      vimPlugins.airline
+      git
+      git-lfs
+    ]
+    ++ [
+      # Filesystem & Disk Utilities
+      exfat
+      samba
+      cifs-utils
+      keyutils # required for cifs kerberos auth
+      sshfs-fuse
+      hdparm
+      mtpfs
+      ntfs3g
+      smartmontools
+      parted
+      usbutils
+    ]
+    ++ [
+      # Networking Utilities
+      nmap
+      bind
+      curl
+      wget
+      tor
+      whois
+      wol
+      rsync
+      sshuttle
+      iftop
+      mailutils
+      imapsync
+      bluez-tools
+    ];
+}

nixos-modules/base/default.nix

@@ -0,0 +1,112 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+
+let
+  users = {
+    fhauser = {
+      uid = 1000;
+      isNormalUser = true;
+      description = "Fabian Hauser";
+      group = "fhauser";
+      extraGroups = [
+        "wheel"
+        "video"
+        "docker"
+        "networkmanager"
+        "libvirtd"
+        "adbusers"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
+      ];
+    };
+  };
+in
+{
+  imports = [
+    inputs.private.nixosModules.users # Contains hashedPasswords for users.
+    ./unfree.nix
+    ./applications.nix
+  ];
+
+  boot.loader.timeout = 2;
+  boot.tmp.useTmpfs = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.bootspec.enable = true;
+
+  catppuccin = {
+    flavor = "mocha";
+    tty.enable = true;
+  };
+
+  console.keyMap = "de_CH-latin1";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  users.mutableUsers = false;
+  users.groups = {
+    fhauser.gid = 1000;
+  };
+  users.users = users // {
+    root.openssh.authorizedKeys.keys =
+      with lib;
+      concatLists (
+        mapAttrsToList (
+          _name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
+        ) users
+      );
+  };
+
+  # Package management
+  nix = {
+    settings.trusted-users = [
+      "root"
+      "@wheel"
+    ];
+    optimise.automatic = true;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 60d";
+    };
+    package = pkgs.nixVersions.stable;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  # System Services
+  services.btrfs.autoScrub.enable = true;
+  services.fwupd.enable = true;
+
+  # Network services
+  networking.networkmanager.enable = true;
+  networking.firewall = {
+    allowPing = true;
+    allowedTCPPorts = [ 22 ];
+  };
+  systemd.services.NetworkManager-wait-online.enable = false;
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
+
+  # Default Settings
+  environment.etc = {
+    gitconfig.source = ./etc/gitconfig;
+    vimrc.source = ./etc/vimrc;
+  };
+
+  programs.autojump.enable = true;
+  programs.vim = {
+    enable = true;
+    defaultEditor = true;
+  };
+  environment.systemPackages = [ pkgs.comma ];
+
+  services.dbus.implementation = "broker";
+}

nixos-modules/base/etc/gitconfig

@@ -0,0 +1,31 @@
+[core]
+        packedGitWindowSize = 16m
+        packedGitLimit = 64m
+[pack]
+        windowMemory = 64m
+        packSizeLimit = 64m
+        thread = 1
+        deltaCacheSize = 1m
+[color]
+    branch = auto
+    diff = auto
+    status = auto
+[push]
+    default = simple
+[pull]
+    rebase = true
+[branch]
+    autosetuprebase = always
+[commit]
+#   gpgsign = true
+[tag]
+#   gpgsign = true
+
+[alias]
+    s = status --short --branch
+    a = add --patch
+    c = commit --message
+    l = log --color --graph --pretty=format:'%Cred%h%Creset - %C(bold)%s%Creset%C(yellow)%d%Creset %C(green)%an%Creset %C(cyan)%cr%Creset' --abbrev-commit
+    d = diff
+[diff]
+#   noprefix = true

nixos-modules/base/etc/vimrc

@@ -0,0 +1,54 @@
+
+" Use Vim settings, rather than Vi settings (much better!).
+" This must be first, because it changes other options as a side effect.
+" Avoid side effects when it was already reset.
+if &compatible
+  set nocompatible
+endif
+
+" Convenient command to see the difference between the current buffer and the
+" file it was loaded from, thus the changes you made.
+" Only define it when not defined already.
+" Revert with: ":delcommand DiffOrig".
+if !exists(":DiffOrig")
+  command DiffOrig vert new | set bt=nofile | r ++edit # | 0d_ | diffthis
+          \ | wincmd p | diffthis
+endif
+
+" Don't wake up system with blinking cursor:
+" http://www.linuxpowertop.org/known.php
+let &guicursor = &guicursor . ",a:blinkon0"
+
+
+
+
+""""""""""""""""""""""""""
+"  Design Settings
+""""""""""""""""""""""""""
+set background=dark
+colorscheme elflord
+
+""""""""""""""""""""""""""
+" Other Settings
+""""""""""""""""""""""""""
+set ignorecase                  " Ignore search case
+set autoindent                  " Newline with automatic text indent
+set ruler                       " Show current position
+set pastetoggle=<F2>
+set ignorecase
+set hidden
+
+set splitbelow
+set splitright
+
+set tabstop=2
+set shiftwidth=2
+set softtabstop=2
+set expandtab
+
+set listchars="eol:¬,tab:>·,trail:~,extends:>,precedes:<,space:␣"
+set grepprg=ack\ -k
+
+filetype plugin indent on
+syntax on
+

nixos-modules/base/unfree.nix

@@ -0,0 +1,56 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "unrar"
+
+      "steam"
+      "steam-run"
+      "steam-original"
+      "steam-unwrapped"
+
+      "hplip"
+
+      "google-chrome"
+      "spotify"
+      "spotify-unwrapped"
+      "discord"
+      "teamviewer"
+      "todoist-electron"
+      "todoist-electron-8.10.1"
+      "obsidian"
+
+      "davinci-resolve"
+      "davinci-resolve-18.6.3"
+
+      "lightworks"
+      "lightworks-2023.1"
+      "nvidia-cg-toolkit-3.1"
+      "nvidia-cg-toolkit"
+
+      "corefonts"
+      "camingo-code"
+      "helvetica-neue-lt-std"
+      #"kochi-substitute-naga10"
+      "ttf-envy-code-r"
+      "vista-fonts"
+      "vista-fonts-chs"
+      "xkcd-font-unstable"
+      "xkcd-font"
+      "xkcd-font-unstable-2017-08-24"
+      "ricty"
+
+      "pycharm-professional"
+      "idea-ultimate"
+      "android-studio-stable"
+      "android-studio-beta"
+
+      "vmware-view"
+    ];
+}

nixos-modules/default.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+
+  imports = [
+    ./base
+    ./base-system
+    ./desktop
+    ./filesystems
+    #./hardware #TODO
+    ./home-manager
+    ./printing
+    ./theme
+  ];
+}

nixos-modules/desktop/default.nix

@@ -0,0 +1,15 @@
+{
+  ...
+}:
+{
+
+  imports = [
+    ./desktop-environment.nix
+    ./greeter.nix
+    ./hardware.nix
+    ./office-suite.nix
+    ./security.nix
+    ./video.nix
+    ./llm.nix
+  ];
+}

nixos-modules/desktop/desktop-environment.nix

@@ -0,0 +1,81 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+let
+  mkDefault = lib.mkDefault;
+in
+{
+
+  environment.systemPackages = with pkgs; [
+    freetype
+    lxappearance
+    sound-theme-freedesktop
+
+    qt5.qtwayland # Required for qt applications
+  ];
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.sessionVariables.DO_NOT_TRACK = "1";
+
+  programs = {
+    gnome-terminal.enable = false;
+    evolution = {
+      enable = true;
+      #plugins = [ pkgs.evolution-ews ];
+    };
+    geary.enable = false;
+    light.enable = true;
+
+    dconf.enable = true;
+
+    sway.enable = true;
+  };
+
+  services.gnome = {
+    # TODO: Do this manually and not all at once.
+    core-utilities.enable = true;
+    core-os-services.enable = false;
+
+    gnome-keyring.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-remote-desktop.enable = true;
+    sushi.enable = false;
+  };
+
+  ##########
+  # gnome.core-os-services excerpt
+
+  security.polkit.enable = true;
+  services.power-profiles-daemon.enable = false; # TODO: Remove
+
+  # Explicitly enabled since GNOME will be severely broken without these.
+  xdg.mime.enable = true;
+  xdg.icons.enable = true;
+
+  # Harmonize Qt5 application style and also make them use the portal for file chooser dialog.
+  qt = {
+    enable = mkDefault true;
+    platformTheme = mkDefault "gnome";
+    style = mkDefault "adwaita";
+  };
+
+  # Needed for themes and backgrounds
+  environment.pathsToLink = [
+    "/share" # TODO: https://github.com/NixOS/nixpkgs/issues/47173
+  ];
+
+  # GVFS
+  services.gvfs.enable = true;
+
+  # Flatpak
+  services.flatpak.enable = true;
+
+  # Portals
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+}

nixos-modules/desktop/greeter.nix

@@ -0,0 +1,35 @@
+{
+  ...
+}:
+{
+
+  services.xserver.windowManager.i3.enable = false;
+
+  services.displayManager = {
+    defaultSession = "sway";
+  };
+
+  # Enable touchpad support.
+  services.libinput.enable = true;
+
+  services.xserver = {
+    enable = true;
+    desktopManager.xterm.enable = false;
+    displayManager = {
+      startx.enable = false;
+      lightdm.enable = false;
+      gdm = {
+        enable = true;
+        wayland = true;
+      };
+    };
+
+    # TODO: Extract i18n
+    xkb = {
+      layout = "ch,de";
+      options = "eurosign:e";
+    };
+
+    updateDbusEnvironment = true;
+  };
+}

nixos-modules/desktop/hardware.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+{
+
+  services.blueman.enable = true;
+
+  # Enable sound.
+  nixpkgs.config.pulseaudio = true;
+
+  services.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    pulse.enable = true;
+  };
+  security.rtkit.enable = true;
+
+  hardware = {
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+        intel-compute-runtime
+        intel-media-driver
+        libvdpau-va-gl
+        vaapiVdpau
+      ];
+
+    };
+    acpilight.enable = true;
+    bluetooth = {
+      enable = true;
+      package = pkgs.bluez;
+    };
+    logitech.wireless = {
+      enable = true;
+      enableGraphical = true;
+    };
+  };
+
+  services.hardware.bolt.enable = true;
+  services.udisks2.enable = true;
+  services.upower.enable = config.powerManagement.enable;
+
+  programs.light.enable = true;
+  programs.adb.enable = true;
+
+  services.fprintd = {
+    enable = true;
+    package = pkgs.fprintd-tod;
+    tod = {
+      enable = true;
+      driver = pkgs.libfprint-2-tod1-vfs0090;
+    };
+  };
+}

nixos-modules/desktop/llm.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+
+  services.ollama.enable = true;
+
+  services.nextjs-ollama-llm-ui = {
+    enable = true;
+    port = 7001;
+  };
+}

nixos-modules/desktop/office-suite.nix

@@ -0,0 +1,180 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+
+  # Hamster
+  environment.systemPackages = with pkgs; [
+    hamster
+  ];
+  programs.hamster.enable = true;
+
+  # Fonts
+  fonts.packages = with pkgs; [
+    #    google-fonts # Breaks fwesome
+    lalezar-fonts
+    nahid-fonts
+    nika-fonts
+    agave
+    aileron
+    amiri
+    andagii
+    #andika # Breaks Font-Awesome
+    ankacoder
+    ankacoder-condensed
+    aurulent-sans
+    caladea
+    cantarell-fonts
+    carlito
+    cascadia-code
+    #charis-sil # Breaks Font-Awesome
+    cherry
+    cnstrokeorder
+    comfortaa
+    comic-neue
+    comic-relief
+    #    corefonts # breaks fawesome
+    culmus
+    clearlyU
+    creep
+    crimson
+    dejavu_fonts
+    dina-font
+    #doulos-sil # Breaks Font-Awesome
+    cabin
+    camingo-code
+    cooper-hewitt
+    #d2coding
+    dosis
+    dosemu_fonts
+    eb-garamond
+    eunomia
+    ferrum
+    #    fixedsys-excelsior # Breaks fawesome
+    emacs-all-the-icons-fonts
+    emojione
+    encode-sans
+    envypn-font
+    fantasque-sans-mono
+    fira
+    fira-code
+    fira-code-symbols
+    fira-mono
+    #gentium
+    #gentium-book-basic
+    #gohufont
+    #go-font
+    #gubbi-font
+    #gyre-fonts
+    #hack-font
+    ##helvetica-neue-lt-std
+    #hanazono
+    #hermit
+    #hyperscrypt-font
+    #ia-writer-duospace
+    #inconsolata
+    #inconsolata-lgc
+    ##input-fonts
+    #inriafonts
+    #iosevka
+    #iosevka-bin
+    #ipafont
+    #ipaexfont
+    #iwona
+    #jetbrains-mono
+    #jost
+    #kanji-stroke-order-font
+    #latinmodern-math
+    #lato
+    #league-of-moveable-type
+    ##liberation-sans-narrow
+    #libertine
+    #libertinus
+    #libre-baskerville
+    #libre-bodoni
+    #libre-caslon
+    #libre-franklin
+    #lmmath
+    #lmodern
+    #luculent
+    #marathi-cursive
+    #manrope
+    #material-design-icons
+    #material-icons
+    #meslo-lg
+    #migmix
+    #migu
+    #medio
+    #mno16
+    #monoid
+    #mononoki
+    #montserrat
+    #mph_2b_damase
+    #mplus-outline-fonts
+    #mro-unicode
+    #myrica
+    #nafees
+    #nanum-gothic-coding
+    #national-park-typeface
+    #office-code-pro
+    #oldstandard
+    #oldsindhi
+    #open-dyslexic
+    open-sans
+    orbitron
+    overpass
+    oxygenfonts
+    #pecita
+    #paratype-pt-mono # Breaks fawseome
+    #paratype-pt-sans # Breaks fawseome
+    #paratype-pt-serif # Breaks fawseome
+    penna
+    poly
+    powerline-fonts
+    profont
+    proggyfonts
+    public-sans
+    redhat-official-fonts
+    route159
+    #sarasa-gothic
+    seshat
+    scheherazade
+    #signwriting
+    stix-otf
+    stix-two
+    quattrocento
+    quattrocento-sans
+    raleway
+    recursive
+    rhodium-libre
+    roboto
+    roboto-mono
+    roboto-slab
+    hasklig
+    siji
+    source-code-pro
+    source-sans-pro
+    source-serif-pro
+    tamsyn
+    theano
+    tenderness
+    terminus_font
+    tipa
+    twemoji-color-font
+    twitter-color-emoji
+    ubuntu_font_family
+    #ucs-fonts
+    ultimate-oldschool-pc-font-pack
+    victor-mono
+    work-sans
+    wqy_microhei
+    wqy_zenhei
+    xits-math
+    xkcd-font
+    yanone-kaffeesatz
+    norwester-font
+    font-awesome
+  ]; # Generated with `cd /home/fhauser/projects/nixos/nixpkgs/pkgs/data/fonts; echo *`
+}

nixos-modules/desktop/security.nix

@@ -0,0 +1,13 @@
+{
+  ...
+}:
+
+{
+  services.pcscd.enable = true;
+
+  # Make pam accept both password and fingerprint
+  security.pam.services.swaylock.rules.auth = {
+    fprintd.order = 11601;
+    unix.args = [ "nullok" ];
+  };
+}

nixos-modules/desktop/video.nix

@@ -0,0 +1,10 @@
+{
+  ...
+}:
+
+{
+  #boot.kernelModules = [ "v4l2loopback" ];
+  #boot.extraModulePackages = [ pkgs.linuxPackages_latest.v4l2loopback ];
+
+  programs.steam.enable = true;
+}

nixos-modules/filesystems/default.nix

@@ -0,0 +1,4 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.disko.nixosModules.disko ];
+}

nixos-modules/hardware/amd-board.nix

@@ -0,0 +1,69 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  thunderboltDevices = ''
+    THUNDERBOLT_DEVICES="$(${pkgs.pciutils}/bin/lspci -D | ${pkgs.gnugrep}/bin/grep -i thunderbolt | cut --delimiter=' ' --fields=1)"
+  '';
+  forceThunderboltOnScript = pkgs.writeScriptBin "force-thunderbolt-power-on" ''
+    #!${pkgs.stdenv.shell}
+
+    ${thunderboltDevices}
+
+    echo "Force PCI power on all thunderbolt devices"
+    for DEVICE in $THUNDERBOLT_DEVICES; do
+      echo 'on' > "/sys/bus/pci/devices/$DEVICE/power/control"
+    done
+  '';
+  thunderboltDockRestart = pkgs.writeScriptBin "thunderbolt-dock-restart" ''
+    #!${pkgs.stdenv.shell}
+
+    ${thunderboltDevices}
+
+    echo "Force PCI remove on all thunderbolt devices"
+    for DEVICE in $THUNDERBOLT_DEVICES; do
+      echo 1 > /sys/bus/pci/devices/$DEVICE/remove
+      echo "Dropped device $DEVICE"
+    done
+
+
+    echo 'Please re-plug the dock and confirm [enter]'
+    read
+
+    echo 'Rescanning PCI devices...'
+    echo 1 > /sys/bus/pci/rescan
+
+    echo 'Done.'
+  '';
+in
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "xhci_pci"
+    "ahci"
+    "virtio-pci"
+    "igb"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "uhid"
+  ];
+  boot.extraModulePackages = [ ];
+  boot.kernelParams = [ "acpi_enforce_resources=lax" ];
+
+  environment.systemPackages = [ thunderboltDockRestart ];
+
+  hardware.cpu.amd.updateMicrocode = true;
+  nix.settings.max-jobs = lib.mkDefault 24;
+
+  powerManagement.powerUpCommands = "${forceThunderboltOnScript}/bin/force-thunderbolt-power-on";
+}

nixos-modules/hardware/ecc-memory.nix

@@ -0,0 +1,8 @@
+{
+  ...
+}:
+{
+  hardware.rasdaemon = {
+    enable = true;
+  };
+}

nixos-modules/hardware/thinkpad-x1-gen9.nix

@@ -0,0 +1,42 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  hardwareModules,
+  pkgFccUnlock,
+  ...
+}:
+{
+
+  imports = with hardwareModules; [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    hardwareModules.lenovo-thinkpad-x1-9th-gen
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "ahci"
+    "usbhid"
+  ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  boot.initrd.kernelModules = [ "dm-snapshot" ]; # TODO: This should be moved to defaults
+
+  environment.systemPackages = with pkgs; [
+    modemmanager
+    libmbim
+  ];
+
+  environment.etc."ModemManager/fcc-unlock.d/1eac:1001" = {
+    source = "${pkgFccUnlock}/bin/fcc-unlock";
+  };
+
+  # CPU Configuration
+  hardware.cpu.intel.updateMicrocode = true;
+  services.throttled.enable = true;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+}

nixos-modules/home-manager/default.nix

@@ -0,0 +1,12 @@
+{ inputs, ... }:
+
+{
+
+  imports = [ inputs.home-manager.nixosModules.home-manager ];
+
+  home-manager = {
+    backupFileExtension = ".hm-bak";
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+}

nixos-modules/printing/default.nix

@@ -0,0 +1,17 @@
+{
+  ...
+}:
+
+{
+  #services.printing = {
+  #  enable = true;
+  #  drivers = with pkgs; [
+  #    gutenprint
+  #    hplip
+  #    splix
+  #  ];
+  #};
+
+  #services.system-config-printer.enable = true;
+  #programs.system-config-printer.enable = true;
+}

nixos-modules/theme/default.nix

@@ -0,0 +1,6 @@
+{ inputs, ... }:
+
+{
+  imports = [ inputs.catppuccin.nixosModules.catppuccin ];
+
+}