initial commit after reorganisation

nixos/framework/5FA64909521A5C85992F26E0F819AEFF941BB849.asc

@@ -0,0 +1,19 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: 5FA6 4909 521A 5C85 992F  26E0 F819 AEFF 941B B849
+Comment: Patrick Michl <me@fuckwit.dev>
+
+xjMEZVznURYJKwYBBAHaRw8BAQdAY6kEvvqAX6UfHbBiOJu0GHbToHcC2zXWpV7G
+u86g+5TNHlBhdHJpY2sgTWljaGwgPG1lQGZ1Y2t3aXQuZGV2PsKTBBMWCgA7FiEE
+X6ZJCVIaXIWZLybg+Bmu/5QbuEkFAmVc51ECGwMFCwkIBwICIgIGFQoJCAsCBBYC
+AwECHgcCF4AACgkQ+Bmu/5QbuElnEQD/SoMuzgedYlqAdbHTRh1ckGK62tJIXISo
+hXC4tAVkAEkA/28Sc/eMdVHlQcMlBqDlmmIK8MbYQ5qD+5xh6Qf9+94EzjMEZVzn
+URYJKwYBBAHaRw8BAQdAX8YZ1V9Yd0W15YkjxMaKYS0ZWmLXWcuUu4g/nOufxyDC
+eAQYFgoAIBYhBF+mSQlSGlyFmS8m4PgZrv+UG7hJBQJlXOdRAhsgAAoJEPgZrv+U
+G7hJVocA/1nNMexPp/+zvAO7vaAusdiZ+9gbFSuvNRRIj5+o53YaAP0Qa9UalO0X
+qjhXRY27M7eS9lN9ZR+Bj2YOv0aZkNz9B844BGVc51ESCisGAQQBl1UBBQEBB0AW
+CcU49wTZxSOZ3SvxcqZ6yQfwiu+MjfbHPkVlXv1qJQMBCAfCdwQYFgoAIBYhBF+m
+SQlSGlyFmS8m4PgZrv+UG7hJBQJlXOdRAhsMAAoJEPgZrv+UG7hJd6MBAI20ZORk
+PfJmDRcMaxKpfbqnfe/f2rFF9jtxc4200gE/APjH9sJAnaz6La70XDf0FpqjEavs
+dPn9K5o/FCiNKroN
+=u7c7
+-----END PGP PUBLIC KEY BLOCK-----

nixos/framework/configuration.nix

@@ -0,0 +1,139 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [./hardware-configuration.nix];
+
+  boot.bootspec.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_6_6;
+
+  system.stateVersion = "23.11"; # Did you read the comment?
+  networking = {
+    hostName = "framework";
+    search = ["1.1.1.1" "1.0.0.1" "8.8.8.8"];
+    networkmanager.enable = true;
+  };
+
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  security.pam.services.swaylock = {};
+
+  services = {
+    illum.enable = true;
+    fwupd.enable = true;
+    fprintd.enable = true;
+    pcscd.enable = true;
+    tlp = {
+      enable = true;
+      settings = {
+        # AC
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+        CPU_MIN_PERF_ON_AC = 0;
+        CPU_MAX_PERF_ON_AC = 100;
+
+        # BAT
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+        CPU_MIN_PERF_ON_BAT = 0;
+        CPU_MAX_PERF_ON_BAT = 50;
+      };
+    };
+
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "yes";
+      };
+    };
+
+    xserver = {
+      enable = true;
+      layout = "us";
+
+      libinput.enable = true;
+
+      desktopManager = {
+        xterm.enable = false;
+        gnome.enable = false;
+        plasma5.enable = false;
+      };
+
+      displayManager = {
+        gdm = {
+          enable = true;
+          wayland = true;
+        };
+      };
+    };
+
+    logind = {
+      lidSwitch = "suspend";
+      lidSwitchDocked = "ignore";
+      lidSwitchExternalPower = "ignore";
+      extraConfig = "HoldoffTimeoutSec=300s";
+    };
+  };
+
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  users.users.patrick = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+  };
+  home-manager.useGlobalPkgs = true;
+  home-manager.users.patrick = ./home.nix;
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    curl
+    htop
+    podman
+    pinentry
+    qemu
+    OVMF
+  ];
+
+  programs = {
+    hyprland.enable = true;
+    gnupg.agent.enable = true;
+  };
+
+  # nix = {
+  #   gc = {
+  #     automatic = true;
+  #     dates = "weekly";
+  #     options = "--delete-older-than 7d";
+  #   };
+
+  #   package = pkgs.nixVersions.stable;
+  #   # registry.nixpkgs.flake = inputs.nixpkgs;
+
+  #   settings = {
+  #     auto-optimise-store = true;
+
+  #     experimental-features = ["nix-command" "flakes"];
+
+  #     # Avoid unwanted garbage collection when using nix-direnv
+  #     # keep-outputs = true;
+  #     # keep-derivations = true;
+  #   };
+  # };
+}

nixos/framework/hardware-configuration.nix

@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "uas" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/87481706-b924-4987-b8c5-ab6a70b2c3c6";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.gpgSupport = true;
+  boot.initrd.luks.devices.cryptroot = {
+    device = "/dev/disk/by-uuid/4b2ec3e2-2e6b-4a5a-923c-08ac3bf2d24e";
+    gpgCard = {
+      publicKey = ./5FA64909521A5C85992F26E0F819AEFF941BB849.asc;
+      gracePeriod = 15;
+      encryptedPass = ./key.gpg;
+    };
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/63B5-8D33";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u1c2.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/framework/home.nix

@@ -0,0 +1,112 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    helix
+    firefox-devedition
+    git
+    alacritty
+    eww-wayland
+    pinentry
+    rofi-wayland
+    acpi
+    sops
+  ];
+
+  programs.bash.enable = true;
+  programs.swaylock.enable = true;
+
+  programs.waybar = {
+    enable = true;
+
+    settings.mainbar = {
+      layer = "top";
+      position = "top";
+      height = 30;
+
+      modules-left = ["hyprland/workspaces"];
+      modules-right = ["pulseaudio" "network" "cpu" "memory" "temperature" "battery" "clock" "tray"];
+    };
+  };
+
+  programs.helix = {
+    enable = true;
+    defaultEditor = true;
+
+    settings = {
+      theme = "onedark";
+
+      editor = {
+        line-number = "relative";
+        true-color = true;
+        gutters = ["diagnostics" "spacer" "line-numbers" "spacer" "diff"];
+        cursorline = true;
+        completion-trigger-len = 2;
+
+        cursor-shape = {
+          insert = "bar";
+          normal = "block";
+          select = "underline";
+        };
+
+        lsp = {
+          display-messages = true;
+          display-inlay-hints = true;
+        };
+
+        statusline = {
+          left = ["mode" "spinner"];
+          center = ["file-name"];
+          right = ["diagnostics" "selections" "position" "file-encoding" "file-line-ending" "file-type" "version-control"];
+
+          mode = {
+            normal = "NORMAL";
+            insert = "INSERT";
+            select = "SELECT";
+          };
+        };
+      };
+    };
+  };
+
+  programs.thunderbird = {
+    enable = true;
+    profiles = {
+      main = {
+        isDefault = true;
+        withExternalGnupg = true;
+      };
+    };
+  };
+
+  accounts.email.accounts = {
+    patrick = {
+      primary = true;
+      realName = "Patrick Michl";
+      address = "me@fuckwit.dev";
+      userName = "me@fuckwit.dev";
+      gpg = {
+        key = "5FA64909521A5C85992F26E0F819AEFF941BB849";
+        signByDefault = true;
+      };
+      imap = {
+        host = "mail.fuckwit.dev";
+        port = 143;
+        tls = {
+          useStartTls = true;
+        };
+      };
+      smtp = {
+        host = "mail.fuckwit.dev";
+        port = 587;
+        tls = {
+          useStartTls = true;
+        };
+      };
+      thunderbird = {
+        enable = true;
+        profiles = ["main"];
+      };
+    };
+  };
+
+  home.stateVersion = "23.11";
+}