Revert context commit
This commit is contained in:
Melvin Ragusa
@@ -1,229 +0,0 @@
|
||||
# NixOS Repo Notes (atlas/server/laptop)
|
||||
|
||||
This document summarizes the current NixOS configuration repo layout, patterns, and
|
||||
modules as implemented in `flake.nix`, `hosts/**/configuration.nix`, and `modules/**.nix`.
|
||||
|
||||
## Setup Details (What This Config Builds)
|
||||
|
||||
- Flake-based multi-host NixOS: `atlas` (desktop), `laptop` (desktop no gaming), `server`
|
||||
(headless). See `flake.nix` and `hosts/README.md`.
|
||||
- Channel: `nixos-unstable` via `inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";`
|
||||
in `flake.nix`.
|
||||
- Kernel: CachyOS kernel via `nix-cachyos-kernel` overlay added in `flake.nix` modules list.
|
||||
- Desktop uses `pkgs.cachyosKernels.linuxPackages-cachyos-latest-x86_64-v3` in
|
||||
`modules/core/boot.nix`.
|
||||
- Server uses `pkgs.cachyosKernels.linuxPackages-cachyos-server` in
|
||||
`modules/core/boot_server.nix`.
|
||||
- Bootloader: Limine with Secure Boot enabled.
|
||||
- `boot.loader.limine.enable = true;`
|
||||
- `boot.loader.limine.secureBoot.enable = true;`
|
||||
- Wallpaper set to `wallpaper/nix.png`.
|
||||
- Disk encryption (atlas hardware config currently checked in):
|
||||
- Root: LUKS2 `cryptroot` mapped to `/dev/mapper/cryptroot` with XFS (`hosts/atlas/hardware-configuration.nix`).
|
||||
- Swap: LUKS2 `cryptswap` with keyfile at `/var/lib/secrets/swap.key` included in initrd.
|
||||
- `boot.resumeDevice = "/dev/mapper/cryptswap";` in `modules/core/boot.nix`.
|
||||
- Boot UX and kernel params:
|
||||
- Plymouth enabled (`nixos-bgrt`) and `quiet/splash/loglevel` tuned in `modules/core/boot.nix`.
|
||||
- `boot.initrd.systemd.enable = true;`.
|
||||
- Scheduler tuning: `services.scx.enable = true; services.scx.scheduler = "scx_lavd";`
|
||||
in `modules/core/boot.nix` (and `modules/core/boot_server.nix`).
|
||||
- Nix settings:
|
||||
- `nix-command` + `flakes` enabled in `modules/core/system.nix`.
|
||||
- Unfree allowed: `nixpkgs.config.allowUnfree = true;`.
|
||||
- Auto upgrade weekly + GC daily (delete older than 10d) in `modules/core/system.nix`.
|
||||
- `system.stateVersion = "26.05";`.
|
||||
- Networking defaults (core module):
|
||||
- `networking.networkmanager.enable = true;`
|
||||
- `services.openssh.enable = true;`
|
||||
- `services.tailscale.enable = true;`
|
||||
- `networking.hostName = "nix";` (see “Notable Repo Quirks” below).
|
||||
- Locale:
|
||||
- Timezone `Europe/Berlin`
|
||||
- Default locale `en_US.UTF-8` with many `de_DE.UTF-8` `LC_*` overrides
|
||||
- Console keymap `de-latin1-nodeadkeys`
|
||||
- Desktop stack (atlas/laptop):
|
||||
- Display manager: `ly` via `services.displayManager.ly.enable = true;`
|
||||
- Session: `services.displayManager.defaultSession = "niri";`
|
||||
- WM/Compositor: `programs.niri.enable = true;` (`modules/desktop/niri.nix`)
|
||||
- XDG portals: enabled with GTK portal + polkit agent user service
|
||||
- Audio: PipeWire + WirePlumber, Bluetooth enabled; Pulseaudio disabled.
|
||||
- Flatpak: enabled and adds Flathub remote during activation.
|
||||
- Gaming (atlas):
|
||||
- Steam with firewall openings and Proton GE.
|
||||
- GameMode with sysctl tuning and `gamescope`.
|
||||
- Wine staging + udev rules for game devices.
|
||||
- Dev tooling:
|
||||
- Docker enabled with weekly auto prune.
|
||||
- `direnv` + `nix-direnv` enabled.
|
||||
- Large CLI/dev package set including `nixd`, `nil`, `nixfmt`, `claude-code`, and `opencode`.
|
||||
|
||||
## Repository Structure and Import Graph
|
||||
|
||||
- Host entrypoints are under `hosts/<hostname>/configuration.nix`:
|
||||
- `hosts/atlas/configuration.nix` imports:
|
||||
- `./hardware-configuration.nix`
|
||||
- `../../modules/core`
|
||||
- `../../modules/hardware`
|
||||
- `../../modules/desktop`
|
||||
- `../../modules/services`
|
||||
- `../../modules/dev`
|
||||
- `../../modules/gaming`
|
||||
- `hosts/laptop/configuration.nix` imports:
|
||||
- core/hardware/desktop/dev plus a subset of services modules
|
||||
- `hosts/server/configuration.nix` imports:
|
||||
- specific core/hardware modules + `../../modules/dev` + `../../modules/services/maintenance.nix`
|
||||
- enables `services.openssh.enable = true;` explicitly (core also enables it)
|
||||
|
||||
### Flake Outputs and Host Construction
|
||||
|
||||
`flake.nix` defines:
|
||||
|
||||
- `specialArgs = { inherit inputs username; };` so modules can reference:
|
||||
- `username` for user paths (e.g. `users.users.${username}`; `MusicFolder = "/home/${username}/Music"`).
|
||||
- `inputs` for flake packages (e.g. Zen browser, Noctalia shell, Opencode).
|
||||
- A helper `mkHost hostname = nixpkgs.lib.nixosSystem { ... }` that loads:
|
||||
- `./hosts/${hostname}/configuration.nix`
|
||||
- an inline module setting `nixpkgs.overlays = [ inputs.nix-cachyos-kernel.overlays.pinned ];`
|
||||
- `nixConfig` binary caches:
|
||||
- `nix-community` Cachix
|
||||
- `attic.xuyh0120.win/lantian`
|
||||
|
||||
### Module Categories
|
||||
|
||||
`modules/default.nix` aggregates:
|
||||
|
||||
- `modules/core/default.nix`
|
||||
- `modules/hardware/default.nix`
|
||||
- `modules/desktop/default.nix`
|
||||
- `modules/services/default.nix`
|
||||
- `modules/dev/default.nix`
|
||||
- `modules/gaming/default.nix`
|
||||
|
||||
Each category `default.nix` is “imports only” style.
|
||||
|
||||
## Configuration Patterns Used
|
||||
|
||||
- **Module function signature**:
|
||||
- Most modules follow `{ config, pkgs, lib, ... }:` plus `inputs` and/or `username` when needed.
|
||||
- **Centralized username**:
|
||||
- `flake.nix` sets `username = "pinj";` and passes it via `specialArgs`.
|
||||
- **Accessing packages from flake inputs**:
|
||||
- Pattern used in `modules/desktop/apps.nix` and `modules/dev/tools.nix`:
|
||||
- `inputs.<name>.packages.${pkgs.stdenv.hostPlatform.system}.default`
|
||||
- **Overlays**:
|
||||
- Global CachyOS kernel overlay is injected from `flake.nix`.
|
||||
- Dev category also adds a local overlay:
|
||||
- `modules/dev/default.nix` sets `nixpkgs.overlays = [ (import ../../overlays/firebase-tools.nix) ];`
|
||||
- `overlays/firebase-tools.nix` forces `firebase-tools` to use `nodejs_22` when available.
|
||||
- **System packages as the main mechanism**:
|
||||
- Many features are enabled by adding to `environment.systemPackages` in the relevant module.
|
||||
- **Host-specific composition**:
|
||||
- “Desktop features” are composed by importing modules; server imports a smaller subset.
|
||||
|
||||
## Modules Used (By Category)
|
||||
|
||||
### Core (`modules/core/*`)
|
||||
|
||||
- `modules/core/boot.nix`
|
||||
- Limine boot + Secure Boot, kernel selection, Plymouth, kernel params
|
||||
- scx scheduler configuration
|
||||
- `modules/core/boot_server.nix`
|
||||
- Same structure as `boot.nix` but uses `linuxPackages-cachyos-server`
|
||||
- `modules/core/system.nix`
|
||||
- Nix flakes enablement, auto upgrade, GC, allowUnfree, `system.stateVersion`
|
||||
- `modules/core/networking.nix`
|
||||
- NetworkManager, OpenSSH, Tailscale, default hostname
|
||||
- `modules/core/users.nix`
|
||||
- Creates `users.users.${username}` with Fish shell and group memberships
|
||||
- Enables Fish and Zsh
|
||||
- `modules/core/localization.nix`
|
||||
- Timezone/locale and console keymap
|
||||
|
||||
### Hardware (`modules/hardware/*`)
|
||||
|
||||
- `modules/hardware/storage.nix`
|
||||
- Mount points for several ext4 SSDs under `/mnt/*` with `nofail` and GVFS visibility
|
||||
- Weekly fstrim
|
||||
- zram swap enabled (`memoryPercent = 100`, `algorithm = "zstd"`)
|
||||
- `modules/hardware/audio.nix`
|
||||
- PipeWire + WirePlumber config, 32-bit ALSA support, Bluetooth enabled
|
||||
- Adds audio utilities (`pavucontrol`, `pwvucontrol`, `playerctl`)
|
||||
- `modules/hardware/gpu-amd.nix`
|
||||
- AMD graphics stack, 32-bit support, VA-API/VDPAU helpers, ROCm ICD
|
||||
- CoreCtrl + AMD overdrive
|
||||
- `modules/hardware/power.nix`
|
||||
- power-profiles-daemon + CPU governor
|
||||
|
||||
### Desktop (`modules/desktop/*`)
|
||||
|
||||
- `modules/desktop/niri.nix`
|
||||
- Enables X server, `ly` display manager, default session `niri`, XKB layout
|
||||
- `modules/desktop/portals.nix`
|
||||
- XDG portal (GTK), polkit enabled + user `polkit-gnome-agent` systemd service
|
||||
- Wayland-related env vars and utilities
|
||||
- `modules/desktop/theming.nix`
|
||||
- Font packages + fontconfig defaults, gtk/qt theming utilities
|
||||
- `modules/desktop/apps.nix`
|
||||
- GUI app set
|
||||
- Installs Zen browser via flake input
|
||||
- Installs Noctalia shell via flake input
|
||||
- Enables Flatpak + adds Flathub remote in activation script
|
||||
- Enables GNOME keyring, `programs.yazi`, and `programs.firefox`
|
||||
|
||||
### Services (`modules/services/*`)
|
||||
|
||||
- `modules/services/avahi.nix`
|
||||
- Avahi mDNS publishing + firewall openings
|
||||
- `modules/services/printing.nix`
|
||||
- CUPS printing
|
||||
- `modules/services/maintenance.nix`
|
||||
- `psd`, `fwupd`, `earlyoom`, `plocate` periodic indexing
|
||||
- `modules/services/navidrome.nix`
|
||||
- Local-only Navidrome on `127.0.0.1:4533` with `MusicFolder=/home/${username}/Music`
|
||||
- Ensures `~/Music` exists via tmpfiles
|
||||
|
||||
### Development (`modules/dev/*`)
|
||||
|
||||
- `modules/dev/docker.nix`
|
||||
- Docker enabled + weekly auto prune; includes `docker-compose` and `lazydocker`
|
||||
- `modules/dev/shell.nix`
|
||||
- Fish prompt and shell init (Ghostty integration if present), lots of aliases/abbrs
|
||||
- Fish plugins and CLI QoL tools
|
||||
- `modules/dev/tools.nix`
|
||||
- Toolchains and CLIs (node/python/rustup, compilers, nix tooling, cloud CLIs, AI tools)
|
||||
- Installs Opencode via flake input
|
||||
|
||||
### Gaming (`modules/gaming/*`)
|
||||
|
||||
- `modules/gaming/steam.nix`
|
||||
- Steam enabled, firewall exceptions, Proton GE, steam hardware udev rules
|
||||
- `modules/gaming/gamemode.nix`
|
||||
- GameMode enabled with renice + AMD perf-level config
|
||||
- Sysctl tuning for gaming workloads
|
||||
- Includes `gamemode` and `gamescope`
|
||||
- `modules/gaming/wine.nix`
|
||||
- Wine staging + helpers; controller udev rules
|
||||
|
||||
## Operational Commands (Repo-Local)
|
||||
|
||||
- Evaluate and validate:
|
||||
- `nix flake check`
|
||||
- Build without activating:
|
||||
- `sudo nixos-rebuild dry-build --flake .#atlas`
|
||||
- `sudo nixos-rebuild dry-build --flake .#laptop`
|
||||
- `sudo nixos-rebuild dry-build --flake .#server`
|
||||
- Activate (on target machine):
|
||||
- `sudo nixos-rebuild switch --flake .#atlas` (or `#laptop`, `#server`)
|
||||
- Format:
|
||||
- `nixfmt **/*.nix`
|
||||
|
||||
## Notable Repo Quirks / Potential Follow-Ups
|
||||
|
||||
- `modules/core/networking.nix` sets `networking.hostName = "nix";` which will apply to all
|
||||
hosts unless overridden elsewhere (host configs currently comment about setting hostname).
|
||||
- `scripts/setup-secureboot.sh` and `scripts/install-fde.sh` reference `#nixos` in their
|
||||
example commands, but `flake.nix` defines `#atlas`, `#server`, and `#laptop`.
|
||||
- `modules/core/boot_server.nix` file header comment says `modules/core/boot.nix` (cosmetic).
|
||||
- `hosts/server/hardware-configuration.nix` and `hosts/laptop/hardware-configuration.nix`
|
||||
are identical to `hosts/atlas/hardware-configuration.nix` in this repo snapshot (likely placeholders).
|
||||
|
||||
Reference in New Issue
Block a user