From 45f457156aee0ed237b86f90956268ff1c88cdf9 Mon Sep 17 00:00:00 2001 From: sam rolfe Date: Sun, 8 Feb 2026 13:53:41 +1100 Subject: [PATCH] feat: add flake-based NixOS and Home Manager config Co-authored-by: aider (openrouter/openai/gpt-5.2) --- .gitignore | 12 ++ 1) | 1 + ... it prints the file (meaning it’s tracked) | 1 + docs/software_inventory.md | 181 ++++++++++++++++++ flake.nix | 35 ++++ home/sam/home.nix | 99 ++++++++++ hosts/sam-4screen-desktop/configuration.nix | 134 +++++++++++++ .../hardware-configuration.nix | 18 ++ 8 files changed, 481 insertions(+) create mode 100644 1) create mode 100644 2) If it prints the file (meaning it’s tracked) create mode 100644 docs/software_inventory.md create mode 100644 flake.nix create mode 100644 home/sam/home.nix create mode 100644 hosts/sam-4screen-desktop/configuration.nix create mode 100644 hosts/sam-4screen-desktop/hardware-configuration.nix diff --git a/.gitignore b/.gitignore index 0e880dd..55b5ab7 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,15 @@ results/generated_home.nix # Optional: ignore all generated results drafts (keep if you don't want them tracked) # results/generated_*.nix + +# Common secret/env files (never commit) +.env +.env.* +*.pem +*.key +*.p12 + +# Nix build artifacts +result +result-* +.nixos-* diff --git a/1) b/1) new file mode 100644 index 0000000..16604af --- /dev/null +++ b/1) @@ -0,0 +1 @@ +git ls-files results/generated_home.nix diff --git a/2) If it prints the file (meaning it’s tracked) b/2) If it prints the file (meaning it’s tracked) new file mode 100644 index 0000000..dbe8c8f --- /dev/null +++ b/2) If it prints the file (meaning it’s tracked) @@ -0,0 +1 @@ +git rm --cached results/generated_home.nix diff --git a/docs/software_inventory.md b/docs/software_inventory.md new file mode 100644 index 0000000..e8b6208 --- /dev/null +++ b/docs/software_inventory.md @@ -0,0 +1,181 @@ +# Software Inventory (Source of Truth) + +This document is the canonical software list for the NixOS migration. +It consolidates prior notes and recon logs into a deduplicated plan. + +Legend: +- **NOW (Base boot / day-1)** = required for first successful NixOS boot and daily workflow basics +- **SOON** = useful early, but not required to boot and log in +- **LATER** = intentionally deferred until after a stable base system +- **DEFER (Docker later)** = explicitly not installed on base system (will be deployed as containers later) + +--- + +## 1) NOW (Base boot / day-1) + +### Desktop / session (Wayland) +- **niri** (primary compositor) +- **greetd + tuigreet** (display/login manager) +- **xwayland** (X11 compatibility where needed) +- **xdg-desktop-portal** + **xdg-desktop-portal-gtk** (portals for file pickers / screen share baseline) +- Clipboard: + - **wl-clipboard** +- Screenshots (Wayland): + - **grim** + - **slurp** + +### Core system services +- **NetworkManager** + - Static IPv4 for wired: `enp0s31f6 = 192.168.20.27/24` + - Gateway: `192.168.20.1` + - DNS: `192.168.20.35`, `192.168.20.13` +- **OpenSSH server** (sshd) +- **PipeWire audio** (Pulse + ALSA) + **WirePlumber** +- **Firewall** (NixOS default; open SSH port only) + +### Terminal / shell +- **kitty** +- **zsh** + - **oh-my-zsh** + - **powerlevel10k** + - Integrations enabled: + - **atuin** + - **fzf** + - **zoxide** + +### Core CLI tools (daily essentials) +- **git** +- **neovim** +- Search/file tools: + - **ripgrep (rg)** + - **fd** +- Modern replacements: + - **bat** + - **eza** +- Convenience: + - **curl** + - **wget** + +--- + +## 2) SOON (after base boot is stable) + +These are commonly used, easy wins, but not required for “first login”. + +### Dev tools +- Compilers / build: + - **gcc** + - **gnumake** + - **pkg-config** +- Language toolchains (pick pinned versions later): + - **nodejs** + - **python3** (+ `python3Packages.pip` as needed) + - **go** + - Rust strategy: prefer **rustup** if you need toolchain flexibility, otherwise `rustc`/`cargo` from nixpkgs. + +### CLI utilities commonly used in the previous setup +- **jq** +- **btop** +- **lazygit** +- **zellij** +- **tealdeer (tldr)** +- **navi** +- **yazi** +- **dua-cli (dua)** +- **unzip / zip / p7zip** +- Clipboard (X11 fallback / mixed): + - **xclip** (optional; Wayland-first systems typically rely on `wl-clipboard`) + +### Apps from Ubuntu recon (snap list) with Nix equivalents +From `logs/04_nixos_recon.log` snap list: +- `code` → **vscode** (unfree) +- `firefox` → **firefox** +- `thunderbird` → **thunderbird** +- `telegram-desktop` → **telegram-desktop** +- `spotify` → **spotify** (unfree) +- `nushell` → **nushell** +- `mqtt-explorer` → **mqtt-explorer** (verify availability in nixpkgs) +- `notepad-plus-plus` → consider **notepadqq** or run via Wine (see “LATER”) + +--- + +## 3) LATER (deliberately deferred until base is reliable) + +### Desktop apps / optional GUI +- **Google Chrome** (unfree) (install once graphics/session is stable) +- **LibreOffice** +- **VLC** +- **Flameshot** + - Note: Flameshot on Wayland can be quirky; ensure portals + permissions work first. +- **Timeshift** + - Note: NixOS typically prefers rollback/snapshots via filesystem tooling (e.g., Btrfs snapshots). Use only if you explicitly want it. + +### Remote desktop / admin tools +- **Tailscale** (client) +- **RustDesk** (service/app) + +### Networking / diagnostics tools (as needed) +- **nmap** +- **arp-scan / arpwatch** +- **minicom / screen / cu** +- **ethtool** +- **tcpdump** + +### Notepad++ situation +- `notepad-plus-plus` snap existed on Ubuntu. + - NixOS options: + - **notepadqq** (native) + - **Wine** route (more moving parts) + - Keep this until the base system is stable. + +--- + +## 4) DEFER (Docker later) + +These are explicitly postponed and should NOT be part of the base NixOS install. + +- **Apprise** — **DEFER (Docker later)** +- **Obsidian** — **DEFER (Docker later)** + +--- + +## 5) AI / Agentic stack (LATER; not part of base boot) + +From `ai_dev_plan.md` and `software_to_add.md`, intentionally excluded from day-1: + +- Orchestration / pipelines: + - **Airflow** + - **Windmill** + - **Activepieces** +- Prototyping: + - **Flowise** +- RAG / DB: + - **Chroma** +- Crawling: + - **Selenium / Playwright** + - **Firecrawl** +- Agent frameworks: + - **LangChain / LangGraph** +- CLI AI tools: + - **Aider** + - **OpenCode** + - **Gemini CLI** + - **Goose / MCP tooling** +- Model routing: + - **OpenRouter** + +Plan: bring these up later via Docker Compose on top of a stable NixOS base. + +--- + +## 6) Notes / policies + +### Secrets policy (hard requirement) +- Do **not** commit API keys, tokens, WiFi PSKs, certificates, or private keys into git. +- Prefer: + - `~/.config/environment.d/*.conf` (local-only) + - a secrets manager (e.g. **sops-nix**) once the base system is stable + +### Graphics strategy note (pending confirmation) +- Hardware includes Intel HD 630 + NVIDIA Quadro P620. +- Final graphics configuration will depend on which GPU is actually driving the 4 monitors. diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..022c760 --- /dev/null +++ b/flake.nix @@ -0,0 +1,35 @@ +{ + description = "sam-4screen-desktop NixOS + Home Manager flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + in + { + nixosConfigurations.sam-4screen-desktop = nixpkgs.lib.nixosSystem { + inherit system; + + modules = [ + # Allow unfree (Chrome/Spotify/VSCode/NVIDIA, etc.) + { nixpkgs.config.allowUnfree = true; } + + ./hosts/sam-4screen-desktop/configuration.nix + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.sam = import ./home/sam/home.nix; + } + ]; + }; + }; +} diff --git a/home/sam/home.nix b/home/sam/home.nix new file mode 100644 index 0000000..b41e729 --- /dev/null +++ b/home/sam/home.nix @@ -0,0 +1,99 @@ +{ config, pkgs, ... }: + +{ + home.stateVersion = "24.05"; + + programs.home-manager.enable = true; + + # --- + # Shell (zsh + oh-my-zsh + powerlevel10k) + # --- + programs.zsh = { + enable = true; + enableAutosuggestions = true; + enableSyntaxHighlighting = true; + + oh-my-zsh = { + enable = true; + theme = "powerlevel10k/powerlevel10k"; + plugins = [ "git" ]; + }; + + shellAliases = { + ls = "eza --icons --git"; + ll = "eza -l --icons --git"; + la = "eza -la --icons --git"; + tree = "eza --tree"; + cat = "bat --color=always --paging=never"; + }; + }; + + programs.powerlevel10k = { + enable = true; + # Optional: link your p10k config once you add it to the repo + # home.file.".p10k.zsh".source = ./p10k.zsh; + }; + + # --- + # Shell tools + # --- + programs.atuin = { + enable = true; + enableZshIntegration = true; + }; + + programs.fzf = { + enable = true; + enableZshIntegration = true; + }; + + programs.zoxide = { + enable = true; + enableZshIntegration = true; + }; + + # --- + # Terminal / editor + # --- + programs.kitty.enable = true; + + programs.neovim = { + enable = true; + defaultEditor = true; + }; + + # --- + # Packages (NOW list + a few safe essentials) + # --- + home.packages = with pkgs; [ + git + curl + wget + + eza + bat + ripgrep + fd + + btop + lazygit + zellij + tealdeer + navi + yazi + dua + jq + + unzip + zip + p7zip + ]; + + # --- + # Secrets policy + # --- + # Do NOT put API keys here (or anywhere in git). + # Preferred approach (local-only): + # ~/.config/environment.d/10-secrets.conf + # or add sops-nix later. +} diff --git a/hosts/sam-4screen-desktop/configuration.nix b/hosts/sam-4screen-desktop/configuration.nix new file mode 100644 index 0000000..b1b966b --- /dev/null +++ b/hosts/sam-4screen-desktop/configuration.nix @@ -0,0 +1,134 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # --- + # Bootloader / kernel + # --- + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Known-good baseline from niri-4screen.md + boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ]; + + # --- + # Identity + # --- + networking.hostName = "sam-4screen-desktop"; + time.timeZone = "Australia/Sydney"; + + # --- + # Networking + # --- + networking.networkmanager.enable = true; + + networking.networkmanager.ensureProfiles.profiles."Wired connection 1" = { + connection = { + id = "Wired connection 1"; + type = "802-3-ethernet"; + interface-name = "enp0s31f6"; + autoconnect = true; + }; + + ethernet = { }; + + ipv4 = { + method = "manual"; + addresses = [ "192.168.20.27/24" ]; + gateway = "192.168.20.1"; + dns = "192.168.20.35;192.168.20.13;"; + ignore-auto-dns = true; + never-default = false; + }; + + ipv6 = { + method = "auto"; + }; + }; + + # --- + # Users + # --- + users.users.sam = { + isNormalUser = true; + description = "Sam"; + extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ]; + }; + + # --- + # SSH + # --- + services.openssh.enable = true; + services.openssh.openFirewall = true; + # Defaulting to keys-only for safety. If you explicitly want password auth for the migration, + # flip this to true. + services.openssh.settings.PasswordAuthentication = false; + + # --- + # Audio (PipeWire) + # --- + security.rtkit.enable = true; + services.pipewire = { + enable = true; + pulse.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + }; + + # --- + # Docker + # --- + virtualisation.docker.enable = true; + + # --- + # Mounts + # --- + fileSystems."/data" = { + device = "/dev/disk/by-uuid/27febd74-20aa-4a3a-92c1-6fdd1ad7e88e"; + fsType = "ext4"; + options = [ "nofail" "x-systemd.device-timeout=1s" ]; + }; + + # --- + # Niri + login (greetd) + # --- + services.greetd = { + enable = true; + settings = { + default_session = { + user = "greeter"; + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd 'niri --session'"; + }; + }; + }; + + # Wayland portals (refine later if screencast needs a different backend) + xdg.portal = { + enable = true; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + # Minimal system packages needed for the session and core usability + environment.systemPackages = with pkgs; [ + niri + greetd.tuigreet + xwayland + wl-clipboard + grim + slurp + ]; + + # --- + # NVIDIA (simple, first-boot stable config; PRIME tuning later) + # --- + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.modesetting.enable = true; + + # --- + # NixOS release compatibility + # --- + system.stateVersion = "24.05"; +} diff --git a/hosts/sam-4screen-desktop/hardware-configuration.nix b/hosts/sam-4screen-desktop/hardware-configuration.nix new file mode 100644 index 0000000..c34eba3 --- /dev/null +++ b/hosts/sam-4screen-desktop/hardware-configuration.nix @@ -0,0 +1,18 @@ +# ----------------------------------------------------------------------------- +# PLACEHOLDER hardware-configuration.nix +# +# Replace this file with the REAL generated hardware configuration from the +# NixOS installer before installing / switching to this host configuration. +# +# How: +# 1) Boot the NixOS installer ISO +# 2) Partition/mount target as planned +# 3) Run: nixos-generate-config --root /mnt +# 4) Copy the generated /mnt/etc/nixos/hardware-configuration.nix into: +# hosts/sam-4screen-desktop/hardware-configuration.nix +# ----------------------------------------------------------------------------- + +{ config, lib, pkgs, modulesPath, ... }: + +{ +}