diff --git a/hosts/sam-4screen-desktop/configuration.nix b/hosts/sam-4screen-desktop/configuration.nix index b1b966b..86f9a9d 100644 --- a/hosts/sam-4screen-desktop/configuration.nix +++ b/hosts/sam-4screen-desktop/configuration.nix @@ -1,10 +1,15 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ]; + # --- + # Nix (enable flakes on the installed system) + # --- + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # --- # Bootloader / kernel # --- @@ -30,7 +35,7 @@ id = "Wired connection 1"; type = "802-3-ethernet"; interface-name = "enp0s31f6"; - autoconnect = true; + autoconnect = "true"; }; ethernet = { }; @@ -40,8 +45,8 @@ addresses = [ "192.168.20.27/24" ]; gateway = "192.168.20.1"; dns = "192.168.20.35;192.168.20.13;"; - ignore-auto-dns = true; - never-default = false; + ignore-auto-dns = "true"; + never-default = "false"; }; ipv6 = { @@ -52,10 +57,13 @@ # --- # Users # --- + programs.zsh.enable = true; + users.users.sam = { isNormalUser = true; description = "Sam"; extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ]; + shell = pkgs.zsh; }; # --- @@ -67,6 +75,20 @@ # flip this to true. services.openssh.settings.PasswordAuthentication = false; + # --- + # dconf (helps portals/GTK apps) + # --- + programs.dconf.enable = true; + + # --- + # OpenGL (important for NVIDIA Wayland apps) + # --- + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + # --- # Audio (PipeWire) # --- @@ -76,6 +98,7 @@ pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; + wireplumber.enable = true; }; # --- @@ -100,7 +123,10 @@ settings = { default_session = { user = "greeter"; - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd 'niri --session'"; + command = + "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${ + lib.escapeShellArg "${pkgs.niri}/bin/niri --session" + }"; }; }; }; @@ -126,6 +152,7 @@ # --- services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.modesetting.enable = true; + hardware.nvidia.nvidiaSettings = true; # --- # NixOS release compatibility diff --git a/results/generated_home.nix b/results/generated_home.nix index 1c53ba4..9e7cf05 100755 --- a/results/generated_home.nix +++ b/results/generated_home.nix @@ -90,14 +90,18 @@ # --- # 5. ENVIRONMENT & API KEYS # --- - # WARNING: Storing secrets in plain text is a security risk. - # Consider using a tool like sops-nix for production environments. - home.sessionVariables = { - OPENAI_API_KEY = "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"; - TAVILY_API_KEY = "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"; - DEEPSEEK_API_KEY = "sk-26c66e4dd5b34017bd66f7aef748c625"; - }; - + # SECURITY: Do NOT store secrets in git-tracked Nix files. + # Use a local-only file such as: + # ~/.config/environment.d/10-secrets.conf + # or adopt sops-nix / agenix later. + # + # Example (DO NOT COMMIT): + # home.sessionVariables = { + # OPENAI_API_KEY = "…"; + # TAVILY_API_KEY = "…"; + # DEEPSEEK_API_KEY = "…"; + # }; + # Add custom binary paths to your environment home.sessionPath = [ # For the 'opencode' CLI tool @@ -117,4 +121,3 @@ # This section is a placeholder for linking config files from a Git repo. # e.g., home.file.".config/nvim/init.vim".source = ./config/nvim/init.vim; } -