sam/nixos-4screen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add flake-based NixOS and Home Manager config

Browse Source 
Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
This commit is contained in:
sam rolfe
2026-02-08 13:53:41 +11:00
parent 9744d08bb5
commit 45f457156a
8 changed files with 481 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.gitignore vendored
View File

@@ -5,3 +5,15 @@ results/generated_home.nix
# Optional: ignore all generated results drafts (keep if you don't want them tracked)
# results/generated_*.nix
# Common secret/env files (never commit)
.env
.env.*
*.pem
*.key
*.p12
# Nix build artifacts
result
result-*
.nixos-*

1
1) Normal file
View File

@@ -0,0 +1 @@
git ls-files results/generated_home.nix

1
2) If it prints the file (meaning it’s tracked) Normal file
View File

@@ -0,0 +1 @@
git rm --cached results/generated_home.nix

181
docs/software_inventory.md Normal file
View File

@@ -0,0 +1,181 @@
# Software Inventory (Source of Truth)
This document is the canonical software list for the NixOS migration.
It consolidates prior notes and recon logs into a deduplicated plan.
Legend:
- **NOW (Base boot / day-1)** = required for first successful NixOS boot and daily workflow basics
- **SOON** = useful early, but not required to boot and log in
- **LATER** = intentionally deferred until after a stable base system
- **DEFER (Docker later)** = explicitly not installed on base system (will be deployed as containers later)
---
## 1) NOW (Base boot / day-1)
### Desktop / session (Wayland)
- **niri** (primary compositor)
- **greetd + tuigreet** (display/login manager)
- **xwayland** (X11 compatibility where needed)
- **xdg-desktop-portal** + **xdg-desktop-portal-gtk** (portals for file pickers / screen share baseline)
- Clipboard:
- **wl-clipboard**
- Screenshots (Wayland):
- **grim**
- **slurp**
### Core system services
- **NetworkManager**
- Static IPv4 for wired: `enp0s31f6 = 192.168.20.27/24`
- Gateway: `192.168.20.1`
- DNS: `192.168.20.35`, `192.168.20.13`
- **OpenSSH server** (sshd)
- **PipeWire audio** (Pulse + ALSA) + **WirePlumber**
- **Firewall** (NixOS default; open SSH port only)
### Terminal / shell
- **kitty**
- **zsh**
- **oh-my-zsh**
- **powerlevel10k**
- Integrations enabled:
- **atuin**
- **fzf**
- **zoxide**
### Core CLI tools (daily essentials)
- **git**
- **neovim**
- Search/file tools:
- **ripgrep (rg)**
- **fd**
- Modern replacements:
- **bat**
- **eza**
- Convenience:
- **curl**
- **wget**
---
## 2) SOON (after base boot is stable)
These are commonly used, easy wins, but not required for “first login”.
### Dev tools
- Compilers / build:
- **gcc**
- **gnumake**
- **pkg-config**
- Language toolchains (pick pinned versions later):
- **nodejs**
- **python3** (+ `python3Packages.pip` as needed)
- **go**
- Rust strategy: prefer **rustup** if you need toolchain flexibility, otherwise `rustc`/`cargo` from nixpkgs.
### CLI utilities commonly used in the previous setup
- **jq**
- **btop**
- **lazygit**
- **zellij**
- **tealdeer (tldr)**
- **navi**
- **yazi**
- **dua-cli (dua)**
- **unzip / zip / p7zip**
- Clipboard (X11 fallback / mixed):
- **xclip** (optional; Wayland-first systems typically rely on `wl-clipboard`)
### Apps from Ubuntu recon (snap list) with Nix equivalents
From `logs/04_nixos_recon.log` snap list:
- `code`**vscode** (unfree)
- `firefox`**firefox**
- `thunderbird`**thunderbird**
- `telegram-desktop`**telegram-desktop**
- `spotify`**spotify** (unfree)
- `nushell`**nushell**
- `mqtt-explorer`**mqtt-explorer** (verify availability in nixpkgs)
- `notepad-plus-plus` → consider **notepadqq** or run via Wine (see “LATER”)
---
## 3) LATER (deliberately deferred until base is reliable)
### Desktop apps / optional GUI
- **Google Chrome** (unfree) (install once graphics/session is stable)
- **LibreOffice**
- **VLC**
- **Flameshot**
- Note: Flameshot on Wayland can be quirky; ensure portals + permissions work first.
- **Timeshift**
- Note: NixOS typically prefers rollback/snapshots via filesystem tooling (e.g., Btrfs snapshots). Use only if you explicitly want it.
### Remote desktop / admin tools
- **Tailscale** (client)
- **RustDesk** (service/app)
### Networking / diagnostics tools (as needed)
- **nmap**
- **arp-scan / arpwatch**
- **minicom / screen / cu**
- **ethtool**
- **tcpdump**
### Notepad++ situation
- `notepad-plus-plus` snap existed on Ubuntu.
- NixOS options:
- **notepadqq** (native)
- **Wine** route (more moving parts)
- Keep this until the base system is stable.
---
## 4) DEFER (Docker later)
These are explicitly postponed and should NOT be part of the base NixOS install.
- **Apprise** — **DEFER (Docker later)**
- **Obsidian** — **DEFER (Docker later)**
---
## 5) AI / Agentic stack (LATER; not part of base boot)
From `ai_dev_plan.md` and `software_to_add.md`, intentionally excluded from day-1:
- Orchestration / pipelines:
- **Airflow**
- **Windmill**
- **Activepieces**
- Prototyping:
- **Flowise**
- RAG / DB:
- **Chroma**
- Crawling:
- **Selenium / Playwright**
- **Firecrawl**
- Agent frameworks:
- **LangChain / LangGraph**
- CLI AI tools:
- **Aider**
- **OpenCode**
- **Gemini CLI**
- **Goose / MCP tooling**
- Model routing:
- **OpenRouter**
Plan: bring these up later via Docker Compose on top of a stable NixOS base.
---
## 6) Notes / policies
### Secrets policy (hard requirement)
- Do **not** commit API keys, tokens, WiFi PSKs, certificates, or private keys into git.
- Prefer:
- `~/.config/environment.d/*.conf` (local-only)
- a secrets manager (e.g. **sops-nix**) once the base system is stable
### Graphics strategy note (pending confirmation)
- Hardware includes Intel HD 630 + NVIDIA Quadro P620.
- Final graphics configuration will depend on which GPU is actually driving the 4 monitors.

35
flake.nix Normal file
View File

@@ -0,0 +1,35 @@
{
description = "sam-4screen-desktop NixOS + Home Manager flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, home-manager, ... }:
let
system = "x86_64-linux";
in
{
nixosConfigurations.sam-4screen-desktop = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
# Allow unfree (Chrome/Spotify/VSCode/NVIDIA, etc.)
{ nixpkgs.config.allowUnfree = true; }
./hosts/sam-4screen-desktop/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.sam = import ./home/sam/home.nix;
}
];
};
};
}

99
home/sam/home.nix Normal file
View File

@@ -0,0 +1,99 @@
{ config, pkgs, ... }:
{
home.stateVersion = "24.05";
programs.home-manager.enable = true;
# ---
# Shell (zsh + oh-my-zsh + powerlevel10k)
# ---
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
oh-my-zsh = {
enable = true;
theme = "powerlevel10k/powerlevel10k";
plugins = [ "git" ];
};
shellAliases = {
ls = "eza --icons --git";
ll = "eza -l --icons --git";
la = "eza -la --icons --git";
tree = "eza --tree";
cat = "bat --color=always --paging=never";
};
};
programs.powerlevel10k = {
enable = true;
# Optional: link your p10k config once you add it to the repo
# home.file.".p10k.zsh".source = ./p10k.zsh;
};
# ---
# Shell tools
# ---
programs.atuin = {
enable = true;
enableZshIntegration = true;
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.zoxide = {
enable = true;
enableZshIntegration = true;
};
# ---
# Terminal / editor
# ---
programs.kitty.enable = true;
programs.neovim = {
enable = true;
defaultEditor = true;
};
# ---
# Packages (NOW list + a few safe essentials)
# ---
home.packages = with pkgs; [
git
curl
wget
eza
bat
ripgrep
fd
btop
lazygit
zellij
tealdeer
navi
yazi
dua
jq
unzip
zip
p7zip
];
# ---
# Secrets policy
# ---
# Do NOT put API keys here (or anywhere in git).
# Preferred approach (local-only):
# ~/.config/environment.d/10-secrets.conf
# or add sops-nix later.
}

134
hosts/sam-4screen-desktop/configuration.nix Normal file
View File

@@ -0,0 +1,134 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
# ---
# Bootloader / kernel
# ---
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Known-good baseline from niri-4screen.md
boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ];
# ---
# Identity
# ---
networking.hostName = "sam-4screen-desktop";
time.timeZone = "Australia/Sydney";
# ---
# Networking
# ---
networking.networkmanager.enable = true;
networking.networkmanager.ensureProfiles.profiles."Wired connection 1" = {
connection = {
id = "Wired connection 1";
type = "802-3-ethernet";
interface-name = "enp0s31f6";
autoconnect = true;
};
ethernet = { };
ipv4 = {
method = "manual";
addresses = [ "192.168.20.27/24" ];
gateway = "192.168.20.1";
dns = "192.168.20.35;192.168.20.13;";
ignore-auto-dns = true;
never-default = false;
};
ipv6 = {
method = "auto";
};
};
# ---
# Users
# ---
users.users.sam = {
isNormalUser = true;
description = "Sam";
extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ];
};
# ---
# SSH
# ---
services.openssh.enable = true;
services.openssh.openFirewall = true;
# Defaulting to keys-only for safety. If you explicitly want password auth for the migration,
# flip this to true.
services.openssh.settings.PasswordAuthentication = false;
# ---
# Audio (PipeWire)
# ---
security.rtkit.enable = true;
services.pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
# ---
# Docker
# ---
virtualisation.docker.enable = true;
# ---
# Mounts
# ---
fileSystems."/data" = {
device = "/dev/disk/by-uuid/27febd74-20aa-4a3a-92c1-6fdd1ad7e88e";
fsType = "ext4";
options = [ "nofail" "x-systemd.device-timeout=1s" ];
};
# ---
# Niri + login (greetd)
# ---
services.greetd = {
enable = true;
settings = {
default_session = {
user = "greeter";
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd 'niri --session'";
};
};
};
# Wayland portals (refine later if screencast needs a different backend)
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Minimal system packages needed for the session and core usability
environment.systemPackages = with pkgs; [
niri
greetd.tuigreet
xwayland
wl-clipboard
grim
slurp
];
# ---
# NVIDIA (simple, first-boot stable config; PRIME tuning later)
# ---
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.modesetting.enable = true;
# ---
# NixOS release compatibility
# ---
system.stateVersion = "24.05";
}

18
hosts/sam-4screen-desktop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,18 @@
# -----------------------------------------------------------------------------
# PLACEHOLDER hardware-configuration.nix
#
# Replace this file with the REAL generated hardware configuration from the
# NixOS installer before installing / switching to this host configuration.
#
# How:
# 1) Boot the NixOS installer ISO
# 2) Partition/mount target as planned
# 3) Run: nixos-generate-config --root /mnt
# 4) Copy the generated /mnt/etc/nixos/hardware-configuration.nix into:
# hosts/sam-4screen-desktop/hardware-configuration.nix
# -----------------------------------------------------------------------------
{ config, lib, pkgs, modulesPath, ... }:
{
}