madoka
/
dotfiles
mirrorاز https://github.com/ludovicopiero/dotfiles


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
							{
  config,
  pkgs,
  lib,
  inputs,
  system,
  ...
}: {
  imports = [
    ./hardware-configuration.nix
    ./persist.nix

    # Shared Configuration
    ../shared/configuration.nix
  ];

  sops = {
    defaultSopsFile = ./secrets.yaml;
    age.sshKeyPaths = ["/home/ludovico/.ssh/id_ed25519" "/home/ludovico/.ssh/id_rsa"];
    secrets.ludovico.neededForUsers = true;
    secrets.root.neededForUsers = true;
    secrets.wireguardPrivateKey = {
      inherit (config.users.users.systemd-network) group;
      reloadUnits = ["systemd-networkd.service"];
      mode = "0640";
    };
    secrets.wireguardPresharedKey = {
      inherit (config.users.users.systemd-network) group;
      reloadUnits = ["systemd-networkd.service"];
      mode = "0640";
    };
  };

  users = {
    mutableUsers = false;
    users.root.passwordFile = config.sops.secrets.root.path;
    users.ludovico = {
      passwordFile = config.sops.secrets.ludovico.path;
      isNormalUser = true;
      home = "/home/ludovico";
      shell = pkgs.fish;

      extraGroups =
        [
          "wheel"
          "video"
          "audio"
          "realtime"
        ]
        ++ pkgs.lib.optional config.virtualisation.libvirtd.enable "libvirtd"
        ++ pkgs.lib.optional config.virtualisation.docker.enable "docker"
        ++ pkgs.lib.optional config.networking.networkmanager.enable "networkmanager";
    };
  };

  # An anime game launcher
  programs = {
    anime-game-launcher.enable = true;
    anime-borb-launcher.enable = true;
    honkers-railway-launcher.enable = true;
  };

  boot = {
    loader.systemd-boot.enable = true;
    loader.systemd-boot.configurationLimit = 5;
    loader.efi.canTouchEfiVariables = true;
    loader.efi.efiSysMountPoint = "/boot";
    kernelPackages = pkgs.linuxPackages_xanmod_latest;
    supportedFilesystems = ["ntfs" "btrfs"];
  };

  hardware.bluetooth.enable = true;

  # OpenGL
  environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; # AMDVLK or RADV
  boot = {
    initrd.kernelModules = ["amdgpu"];
    kernelParams = ["amd_pstate=passive" "initcall_blacklist=acpi_cpufreq_init"];
    # kernelModules = ["amd-pstate"];
  };
  hardware = {
    enableRedistributableFirmware = true;
    cpu.amd.updateMicrocode = true;
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
      extraPackages = with pkgs; [
        # amdvlk
        rocm-opencl-icd
        rocm-opencl-runtime
      ];
      # extraPackages32 = with pkgs; [driversi686Linux.amdvlk];
    };
  };

  virtualisation.libvirtd.enable = true; # Qemu
  environment.systemPackages = lib.attrValues {
    inherit
      (pkgs)
      authy
      discord-canary
      exa
      firefox
      fzf
      gamescope
      lutris
      mailspring
      mangohud
      ripgrep
      steam
      tdesktop
      webcord-vencord
      virt-manager
      virt-viewer
      qemu
      OVMF
      gvfs
      qbittorrent
      /*
      Audio & Video
      */
      
      mpv
      kdenlive # Video Editor
      gimp
      mediainfo
      glaxnimate
      ;

    inherit
      (inputs.nixpkgs-wayland.packages.${system})
      grim
      slurp
      wf-recorder
      wl-clipboard
      wlogout
      ;

    inherit (inputs.self.packages.${system}) koneko;
    inherit (pkgs.qt6) qtwayland;
    inherit (inputs.nil.packages.${system}) default;
    inherit (inputs.hyprland-contrib.packages.${system}) grimblast;

    # use OCR and copy to clipboard
    ocrScript = let
      inherit (pkgs) grim libnotify slurp tesseract5 wl-clipboard;
      _ = lib.getExe;
    in
      pkgs.writers.writeDashBin "wl-ocr" ''
        ${_ grim} -g "$(${_ slurp})" -t ppm - | ${_ tesseract5} - - | ${wl-clipboard}/bin/wl-copy
        ${_ libnotify} "$(${wl-clipboard}/bin/wl-paste)"
      '';
  };

  programs = {
    gamemode = {
      enable = true;
      settings = {
        custom = {
          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
        };
      };
    };
    fish.enable = true;
    hyprland.enable = true;
  };

  # unlock GPG keyring on login
  security = {
    pam.services.greetd.gnupg.enable = true;
    pam.services.greetd.enableGnomeKeyring = true;
    pam.services.swaylock.text = "auth include login";
  };
  environment.etc."greetd/environments".text = ''
    Hyprland
    sway
    fish
  '';

  # TLP For Laptop
  services = {
    gvfs.enable = true;
    tlp.enable = true;
    tlp.settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "performance";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      RADEON_DPM_STATE_ON_AC = "performance";
      RADEON_DPM_STATE_ON_BAT = "battery";

      # https://linrunner.de/en/tlp/docs/tlp-faq.html#battery
      # use "tlp fullcharge" to override temporarily
      START_CHARGE_THRESH_BAT0 = 85;
      STOP_CHARGE_THRESH_BAT0 = 90;
      START_CHARGE_THRESH_BAT1 = 85;
      STOP_CHARGE_THRESH_BAT1 = 90;

      SOUND_POWER_SAVE_ON_AC = 0;
    };

    greetd = let
      user = "ludovico";
      greetd = "${pkgs.greetd.greetd}/bin/greetd";
      gtkgreet = "${pkgs.greetd.gtkgreet}/bin/gtkgreet";

      sway-kiosk = command: "${pkgs.sway}/bin/sway --config ${pkgs.writeText "kiosk.config" ''
        output * bg #000000 solid_color
        exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
        exec "${command}; ${pkgs.sway}/bin/swaymsg exit"
      ''}";
    in {
      enable = true;
      vt = 7;
      settings = {
        default_session = {
          command = sway-kiosk "${gtkgreet} -l -c 'Hyprland'";
          inherit user;
        };
      };
    };

    xserver = {
      enable = true;
      layout = "us"; # Configure keymap
      libinput.enable = true;
      deviceSection = ''
        Option "TearFree" "true"
      '';

      displayManager = {
        lightdm.enable = false;
      };
    };
  };

  xdg.portal = {
    enable = true;
    wlr.enable = lib.mkForce false;
    extraPortals = with pkgs;
    with inputs; [
      xdg-desktop-portal-gtk
      # xdph.packages.${pkgs.system}.default
    ];
  };

  networking.wg-quick.interfaces = {
    wg0 = {
      autostart = true;
      address = ["10.66.66.3/32" "fd42:42:42::3/128"];
      dns = ["103.235.73.71"];
      privateKeyFile = config.sops.secrets.wireguardPrivateKey.path;

      peers = [
        {
          publicKey = "6c2tFt3lF9+/UiSuxwrKBypON0U2y7wYGn9DWEBmi2A=";
          presharedKeyFile = config.sops.secrets.wireguardPresharedKey.path;
          allowedIPs = ["0.0.0.0/0" "::/0"];
          endpoint = "103.235.73.71:50935";
          persistentKeepalive = 25;
        }
      ];
    };
  };

  # Remove Bloat
  documentation.doc.enable = lib.mkForce false;
}