feat: add flake-based NixOS and Home Manager config

Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
2026-02-08 13:53:41 +11:00
parent 9744d08bb5
commit 45f457156a
8 changed files with 481 additions and 0 deletions
--- a/hosts/sam-4screen-desktop/configuration.nix
+++ b/hosts/sam-4screen-desktop/configuration.nix
@@ -0,0 +1,134 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  # ---
+  # Bootloader / kernel
+  # ---
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Known-good baseline from niri-4screen.md
+  boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ];
+
+  # ---
+  # Identity
+  # ---
+  networking.hostName = "sam-4screen-desktop";
+  time.timeZone = "Australia/Sydney";
+
+  # ---
+  # Networking
+  # ---
+  networking.networkmanager.enable = true;
+
+  networking.networkmanager.ensureProfiles.profiles."Wired connection 1" = {
+    connection = {
+      id = "Wired connection 1";
+      type = "802-3-ethernet";
+      interface-name = "enp0s31f6";
+      autoconnect = true;
+    };
+
+    ethernet = { };
+
+    ipv4 = {
+      method = "manual";
+      addresses = [ "192.168.20.27/24" ];
+      gateway = "192.168.20.1";
+      dns = "192.168.20.35;192.168.20.13;";
+      ignore-auto-dns = true;
+      never-default = false;
+    };
+
+    ipv6 = {
+      method = "auto";
+    };
+  };
+
+  # ---
+  # Users
+  # ---
+  users.users.sam = {
+    isNormalUser = true;
+    description = "Sam";
+    extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ];
+  };
+
+  # ---
+  # SSH
+  # ---
+  services.openssh.enable = true;
+  services.openssh.openFirewall = true;
+  # Defaulting to keys-only for safety. If you explicitly want password auth for the migration,
+  # flip this to true.
+  services.openssh.settings.PasswordAuthentication = false;
+
+  # ---
+  # Audio (PipeWire)
+  # ---
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+  };
+
+  # ---
+  # Docker
+  # ---
+  virtualisation.docker.enable = true;
+
+  # ---
+  # Mounts
+  # ---
+  fileSystems."/data" = {
+    device = "/dev/disk/by-uuid/27febd74-20aa-4a3a-92c1-6fdd1ad7e88e";
+    fsType = "ext4";
+    options = [ "nofail" "x-systemd.device-timeout=1s" ];
+  };
+
+  # ---
+  # Niri + login (greetd)
+  # ---
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        user = "greeter";
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd 'niri --session'";
+      };
+    };
+  };
+
+  # Wayland portals (refine later if screencast needs a different backend)
+  xdg.portal = {
+    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
+  # Minimal system packages needed for the session and core usability
+  environment.systemPackages = with pkgs; [
+    niri
+    greetd.tuigreet
+    xwayland
+    wl-clipboard
+    grim
+    slurp
+  ];
+
+  # ---
+  # NVIDIA (simple, first-boot stable config; PRIME tuning later)
+  # ---
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia.modesetting.enable = true;
+
+  # ---
+  # NixOS release compatibility
+  # ---
+  system.stateVersion = "24.05";
+}