diff --git a/README.md b/README.md index c80bb7d..7b991e8 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,9 @@ nixos-config/ git clone ~/nixos-config cd ~/nixos-config +# Create the host directory (replace with your actual hostname) +mkdir -p hosts/ + # Replace the placeholder hardware-configuration.nix with your actual one cp /etc/nixos/hardware-configuration.nix hosts// ``` @@ -60,10 +63,12 @@ Edit the following files and replace these placeholders: | `` | `America/New_York` | `modules/common.nix` | | `` | `en_US.UTF-8` | `modules/common.nix` | -Also rename `hosts/hostname/` to match your actual hostname. +Also rename the `hosts/hostname/` directory to match your actual hostname, and ensure the same hostname is used for all `` placeholders (including in `flake.nix`). ### 3. Stage Files in Git +**IMPORTANT:** Flakes require all files to be tracked by git before building. + ```bash cd ~/nixos-config git add . @@ -78,11 +83,16 @@ nix flake show ### 5. Build and Switch +**IMPORTANT:** Ensure all files are staged in git (step 3) before building. + ```bash # Build and switch to dev config as main system profile sudo nixos-rebuild switch --flake .#dev -# Build gaming config as separate boot profile +# (Optional) Test gaming config without committing it as a boot option +sudo nixos-rebuild test --flake .#gaming + +# Build gaming config as separate boot profile (available after next reboot) sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ``` @@ -94,20 +104,22 @@ Boot menu should show: ## Updating -**IMPORTANT:** Always update both profiles together to avoid kernel/Mesa version drift: +**IMPORTANT:** Always update both profiles together to avoid kernel/Mesa version drift. + +### After Configuration Changes ```bash cd ~/nixos-config -git add . +git add . # Stage your configuration changes sudo nixos-rebuild switch --flake .#dev sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ``` -To update flake inputs: +### Updating Flake Inputs Only ```bash nix flake update -git add flake.lock +git add flake.lock # Only stage the lock file, not other changes sudo nixos-rebuild switch --flake .#dev sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ``` @@ -124,19 +136,24 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ### Change Password +Generate a password hash and update `modules/common.nix`: ```bash -passwd +mkpasswd -m sha-512 +# Copy the output and replace in common.nix ``` ### Setup MangoWC +MangoWC is configured to auto-start via greetd. To customize it: + ```bash mkdir -p ~/.config/mango cp /etc/mango/config.conf ~/.config/mango/config.conf -# Create autostart script +# Create autostart script for Noctalia shell cat > ~/.config/mango/autostart.sh << 'EOF' #!/bin/bash +# Ensure quickshell is in PATH (it should be as a user package) qs -c noctalia-shell & EOF chmod +x ~/.config/mango/autostart.sh @@ -147,9 +164,13 @@ Add to `~/.config/mango/config.conf`: exec-once="~/.config/mango/autostart.sh" ``` -### Auto-start MangoWC from TTY +### Dev Profile: Docker Access -Add to `~/.bash_profile` or `~/.zprofile`: +After switching to the dev profile for the first time, you must log out and log back in (or reboot) for Docker group membership to take effect. + +### Auto-start MangoWC from TTY (Alternative) + +If not using greetd, add to `~/.bash_profile` or `~/.zprofile`: ```bash if [[ -z $WAYLAND_DISPLAY ]] && [[ $(tty) == /dev/tty1 ]]; then exec mango diff --git a/flake.nix b/flake.nix index fcc918a..49664cc 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,9 @@ { description = "NixOS - Isolated Gaming & Dev configurations"; + # SECURITY NOTE: After first build, commit flake.lock to pin inputs to specific + # commits. Update via `nix flake update` only from trusted sources. + # This protects against supply-chain attacks from upstream changes. inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -24,13 +27,18 @@ outputs = { self, nixpkgs, mango, quickshell, noctalia, ... }@inputs: let system = "x86_64-linux"; + lib = nixpkgs.lib; specialArgs = { inherit inputs system; }; + # Verify mango flake exports the expected module + mangoModule = assert lib.hasAttrByPath [ "nixosModules" "mango" ] mango; + mango.nixosModules.mango; + # IMPORTANT: Replace with actual hostname commonModules = [ ./hosts//hardware-configuration.nix ./modules/common.nix - mango.nixosModules.mango + mangoModule ]; in { nixosConfigurations = { diff --git a/hosts/hostname/hardware-configuration.nix b/hosts/hostname/hardware-configuration.nix index 583607a..e75fc5b 100644 --- a/hosts/hostname/hardware-configuration.nix +++ b/hosts/hostname/hardware-configuration.nix @@ -7,7 +7,8 @@ # To generate a new hardware configuration, run: # sudo nixos-generate-config --show-hardware-config > hardware-configuration.nix # -# This placeholder will NOT work for actual system builds. +# This placeholder will NOT work for actual system builds - the UUIDs below +# are placeholders that must be replaced with your actual disk UUIDs. { config, lib, pkgs, modulesPath, ... }: @@ -22,20 +23,21 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - # Example filesystem configuration (replace with your actual mounts) - # fileSystems."/" = { - # device = "/dev/disk/by-uuid/YOUR-ROOT-UUID"; - # fsType = "ext4"; - # }; - # - # fileSystems."/boot" = { - # device = "/dev/disk/by-uuid/YOUR-BOOT-UUID"; - # fsType = "vfat"; - # }; - # - # swapDevices = [ - # { device = "/dev/disk/by-uuid/YOUR-SWAP-UUID"; } - # ]; + # IMPORTANT: Replace these UUIDs with your actual disk UUIDs + # Find your UUIDs with: lsblk -f + fileSystems."/" = { + device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-SWAP-UUID"; } + ]; # CPU microcode updates for AMD hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/modules/common.nix b/modules/common.nix index 974d5a4..a22beee 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -21,8 +21,8 @@ # AMD GPU - RDNA 4 (RX 9060 XT) + Zen 3 CPU (5700G) # -------------------------------------------------------------------------- - # CRITICAL: RDNA 4 requires navi44 firmware blobs - hardware.enableAllFirmware = true; + # RDNA 4 requires navi44 firmware blobs (included in redistributable firmware) + hardware.enableRedistributableFirmware = true; # Use the modern amdgpu NixOS module (cleaner than manual initrd config) hardware.amdgpu.initrd.enable = true; @@ -69,6 +69,16 @@ # Enable seatd for session management services.seatd.enable = true; + # Use greetd to automatically start a MangoWC session on login + services.greetd = { + enable = true; + settings.default_session = { + command = "mango"; + # IMPORTANT: Replace with actual username + user = ""; + }; + }; + # -------------------------------------------------------------------------- # USER ACCOUNT # -------------------------------------------------------------------------- @@ -76,8 +86,9 @@ users.users. = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; - # Set initial password or use hashedPassword - initialPassword = "changeme"; + # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 + # Then replace the placeholder below with the generated hash + hashedPassword = ""; packages = with pkgs; [ # -- Noctalia Shell -- inputs.quickshell.packages.${system}.default @@ -121,9 +132,9 @@ # FONTS # -------------------------------------------------------------------------- fonts.packages = with pkgs; [ - # Nerd fonts - syntax changed in nixpkgs after 24.05 - # If using older nixpkgs: (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) - # Current nixpkgs-unstable uses individual packages: + # Nerd fonts: current syntax for nixos-unstable and NixOS >= 24.05 + # For older nixpkgs (before this change), use: + # (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) nerd-fonts.jetbrains-mono # Other fonts @@ -166,5 +177,5 @@ # IMPORTANT: Set to the NixOS version of your install media # Check with: nixos-version # Do NOT change this after initial install - system.stateVersion = "25.05"; + system.stateVersion = "24.11"; } diff --git a/modules/dev.nix b/modules/dev.nix index fa88c80..bcf47d9 100644 --- a/modules/dev.nix +++ b/modules/dev.nix @@ -23,6 +23,8 @@ }; # IMPORTANT: Replace with actual username + # NOTE: After first enabling/applying this dev profile, you must log out and + # log back in (or reboot) for the docker group membership to take effect. users.users..extraGroups = [ "docker" ]; # -------------------------------------------------------------------------- diff --git a/modules/gaming.nix b/modules/gaming.nix index 8f1656e..ad40843 100644 --- a/modules/gaming.nix +++ b/modules/gaming.nix @@ -27,7 +27,7 @@ enableRenice = true; settings = { general = { - renice = 10; + renice = -10; # Negative value = higher priority for games }; gpu = { apply_gpu_optimisations = "accept-responsibility"; @@ -48,6 +48,11 @@ }; }; + # NOTE: Profile-specific group membership + # The user must be in the "corectrl" and "gamemode" groups for these + # programs to function correctly. These groups are only added when using + # the gaming profile. If you need consistent group membership across + # both profiles, add these groups to common.nix instead. # IMPORTANT: Replace with actual username users.users..extraGroups = [ "corectrl" "gamemode" ]; @@ -91,11 +96,4 @@ # may crash without this setting due to high mmap requirements. "vm.max_map_count" = 2147483642; }; - - # Additional kernel params for gaming (appends to common.nix params) - boot.kernelParams = [ - "amd_pstate=active" # Inherited from common, but explicit for clarity - "mitigations=off" # Optional: Disable CPU mitigations for ~5% perf gain - # Remove this line if security is a concern - ]; }