initial config

2026-04-20 15:08:47 +00:00
commit 8f4daf76b8
27 changed files with 1458 additions and 0 deletions
--- a/modules/system/boot.nix
+++ b/modules/system/boot.nix
@@ -0,0 +1,13 @@
+# ==========================================
+# BOOT CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.configurationLimit = 10;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Use the latest kernel
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+}
--- a/modules/system/desktop.nix
+++ b/modules/system/desktop.nix
@@ -0,0 +1,77 @@
+# ==========================================
+# DESKTOP ENVIRONMENT — Hyprland + Waybar + Walker
+# ==========================================
+# Omarchy-inspired: keyboard-first tiling Wayland compositor
+# with a clean status bar and fast application launcher.
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  # Hyprland compositor
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+
+  # greetd + tuigreet (minimal TUI login — no bloated DMs)
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd Hyprland";
+        user = "greeter";
+      };
+    };
+  };
+
+  # Disable other display managers
+  services.xserver.enable = false;
+
+  # Polkit for privilege escalation prompts
+  security.polkit.enable = true;
+
+  # GNOME Keyring for secrets/passwords
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+
+  # Screen locking
+  programs.hyprlock.enable = true;
+
+  # Idle management
+  services.hypridle.enable = true;
+
+  # XDG Desktop Portal (screen sharing, file pickers)
+  xdg.portal = {
+    enable = true;
+    extraPortals = [
+      pkgs.xdg-desktop-portal-hyprland
+      pkgs.xdg-desktop-portal-gtk
+    ];
+  };
+
+  # Keyboard — caps lock as escape (omarchy default)
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+    options = "caps:escape";
+  };
+
+  # Desktop packages available system-wide
+  environment.systemPackages = with pkgs; [
+    waybar             # Status bar
+    walker             # Application launcher
+    mako               # Notification daemon
+    wl-clipboard       # Wayland clipboard
+    cliphist           # Clipboard history
+    brightnessctl      # Backlight control
+    playerctl          # Media key control
+    swayosd            # On-screen display for volume/brightness
+    grim               # Screenshot
+    slurp              # Region selection
+    swappy             # Screenshot editor
+    wdisplays          # Display configurator
+    networkmanagerapplet # Tray network widget
+    blueman            # Bluetooth manager
+    polkit_gnome       # Polkit GUI agent
+  ];
+}
--- a/modules/system/firewall.nix
+++ b/modules/system/firewall.nix
@@ -0,0 +1,13 @@
+# ==========================================
+# FIREWALL CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  # UFW-style firewall — deny all inbound by default
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+  };
+}
--- a/modules/system/fonts.nix
+++ b/modules/system/fonts.nix
@@ -0,0 +1,24 @@
+# ==========================================
+# FONTS CONFIGURATION
+# ==========================================
+# Omarchy default: JetBrainsMono Nerd Font
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  fonts.packages = with pkgs; [
+    nerd-fonts.jetbrains-mono
+    nerd-fonts.fira-code
+    nerd-fonts._0xproto
+    nerd-fonts.droid-sans-mono
+    noto-fonts
+    noto-fonts-emoji
+  ];
+
+  fonts.fontconfig.defaultFonts = {
+    monospace = [ "JetBrainsMono Nerd Font" "FiraCode Nerd Font" ];
+    sansSerif = [ "Noto Sans" ];
+    serif = [ "Noto Serif" ];
+    emoji = [ "Noto Color Emoji" ];
+  };
+}
--- a/modules/system/hardware.nix
+++ b/modules/system/hardware.nix
@@ -0,0 +1,34 @@
+# ==========================================
+# HARDWARE & AUDIO CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  services.printing.enable = true;
+
+  # Audio — PipeWire (replaces PulseAudio)
+  security.rtkit.enable = true;
+  services.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    wireplumber.enable = true;
+  };
+
+  # GPU — uncomment the section for your hardware:
+
+  # --- NVIDIA ---
+  # hardware.nvidia.modesetting.enable = true;
+  # services.xserver.videoDrivers = [ "nvidia" ];
+
+  # --- AMD ---
+  # hardware.amdgpu.enable = true;
+
+  # --- Intel (12th Gen i7-12700H) ---
+  hardware.graphics.enable = true;
+}
--- a/modules/system/network.nix
+++ b/modules/system/network.nix
@@ -0,0 +1,27 @@
+# ==========================================
+# NETWORKING & TIME CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  networking.networkmanager.enable = true;
+
+  # Disable wait-online to speed up boot
+  systemd.services.NetworkManager-wait-online.enable = false;
+
+  # Set your timezone
+  time.timeZone = "Europe/Riga";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "lv_LV.UTF-8";
+    LC_IDENTIFICATION = "lv_LV.UTF-8";
+    LC_MEASUREMENT = "lv_LV.UTF-8";
+    LC_MONETARY = "lv_LV.UTF-8";
+    LC_NAME = "lv_LV.UTF-8";
+    LC_NUMERIC = "lv_LV.UTF-8";
+    LC_PAPER = "lv_LV.UTF-8";
+    LC_TELEPHONE = "lv_LV.UTF-8";
+    LC_TIME = "lv_LV.UTF-8";
+  };
+}
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -0,0 +1,23 @@
+# ==========================================
+# NIX CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+    auto-optimise-store = true;
+    max-jobs = "auto";
+    cores = 0;
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  system.stateVersion = "25.11";
+}
--- a/modules/system/services.nix
+++ b/modules/system/services.nix
@@ -0,0 +1,32 @@
+# ==========================================
+# SYSTEM SERVICES CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  # Zsh at system level (config lives in home-manager)
+  programs.zsh.enable = true;
+
+  # Docker
+  virtualisation.docker = {
+    enable = true;
+    autoPrune = {
+      enable = true;
+      dates = "weekly";
+      flags = [ "--all" "--volumes" ];
+    };
+  };
+
+  # nix-ld — run unpatched binaries (Cursor, Codex, etc.)
+  programs.nix-ld.enable = true;
+  programs.nix-ld.libraries = with pkgs; [
+    stdenv.cc.cc
+    zlib
+    fuse3
+    icu
+    nss
+    openssl
+    curl
+    expat
+  ];
+}
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@@ -0,0 +1,21 @@
+# ==========================================
+# USER CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  users.users.matiss = {
+    isNormalUser = true;
+    description = "Matiss";
+    extraGroups = [ "networkmanager" "wheel" "docker" "video" "render" "input" ];
+    shell = pkgs.zsh;
+  };
+
+  # Core system packages (available to all users)
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+    wget
+    curl
+  ];
+}
--- a/modules/system/vpn.nix
+++ b/modules/system/vpn.nix
@@ -0,0 +1,14 @@
+# ==========================================
+# VPN CONFIGURATION — Tailscale
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "client";
+  };
+
+  # Loose rpfilter for Tailscale subnet routing
+  networking.firewall.checkReversePath = "loose";
+}