initial commit

application-configuration.nix

@@ -0,0 +1,46 @@
+{ lib, pkgs, ... }:
+{
+  users.users.caleb = {
+    packages = with pkgs;
+      [
+        ## apps
+        firefox
+        kate
+        qalculate-qt
+        keepassxc
+        libsForQt5.krdc
+        libreoffice-qt
+        isoimagewriter
+        qdirstat
+        signal-desktop
+        monero-gui
+        tor-browser-bundle-bin
+        yubikey-manager-qt
+
+        # FAF
+        jq
+        cabextract
+      ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    openjdk8
+  ];
+
+  # Enable mullvad vpn
+  services.mullvad-vpn.package = pkgs.mullvad-vpn;
+  services.mullvad-vpn.enable = true;
+
+  # Enable tailscale
+  services.tailscale.enable = true;
+
+  # install Steam
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  # yubikey
+  services.pcscd.enable = true;
+}

bootloader-configuration.nix

@@ -0,0 +1,30 @@
+{ ... }:
+{
+  # Grub bootloader
+  boot.loader = {
+    timeout = 0;
+    efi.canTouchEfiVariables = true;
+    grub = {
+      enable = true;
+      efiSupport = true;
+      default = "saved";
+      device = "nodev";
+      splashImage = null;
+      extraConfig = ''set timeout_style=hidden'';
+
+      # other menu entries
+      extraEntries =
+        ''menuentry "System shutdown" {
+  	   halt
+         }
+
+         menuentry "System restart" {
+	   reboot
+         }
+
+         menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
+	   fwsetup
+         }'';
+    };
+  };
+}

configuration.nix

@@ -0,0 +1,169 @@
+{ config, lib, pkgs, ... }:
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ./bootloader-configuration.nix
+      ./surfacebook-configuration.nix
+      ./application-configuration.nix
+      ./software-development-configuration.nix
+      ./school-configuration.nix
+    ];
+
+  # Enable networking and bluetooth
+  networking.networkmanager.enable = true;
+  systemd.services.NetworkManager-wait-online.enable = false; #disable wait online since it is broken
+  networking.hostName = "surface";
+  hardware.bluetooth.enable = true;
+
+  # Set time zone.
+  time.timeZone = "America/New_York";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Enable opengl
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  # Allow unfree and insecure packages
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "vista-fonts"
+    "corefonts"
+
+    "steam"
+    "steam-original"
+    "steam-run"
+    "vscode-extension-ms-vscode-cpptools"
+    "vscode-extension-ms-vscode-remote-remote-ssh"
+
+    "nvidia-x11"
+    "nvidia-settings"
+    "vscode"
+    "code"
+  ];
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;
+
+  # Configure keymap in X11
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  # fonts
+  fonts.packages = with pkgs; [
+    vistafonts
+    corefonts
+    nerdfonts # nvcahd dependency
+  ];
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.caleb = {
+    isNormalUser = true;
+    description = "caleb";
+    extraGroups = [ "networkmanager" "wheel" ];
+    hashedPassword = "$y$j9T$v6EDyPW8C/K.Th4xg8MHL/$tA67k6U0kLtafTNNW2DM7j.xObjPSaZFQ4e/beBX7g2";
+    packages = with pkgs;
+      [
+        # spellcheck
+        hunspell
+        hunspellDicts.en-us
+        hunspellDicts.en-us-large
+      ];
+  };
+
+  # disable sudo password for wheel 
+  security.sudo.wheelNeedsPassword = false;
+
+  # List packages installed in system profile:
+  environment.systemPackages = with pkgs; [
+    appimage-run
+    git
+    protontricks
+    steam-run
+    wget
+    winetricks
+    wineWowPackages.stable
+    ripgrep # nvchad dependency 
+  ];
+
+  #neovim 
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+    configure = {
+      packages.nvchad-complete = with pkgs.vimPlugins; {
+        start = [
+          nvchad
+          nvchad-ui
+        ];
+      };
+    };
+  };
+
+  # enable mac address randomization
+  networking.networkmanager.wifi.macAddress = "random";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  services.printing.drivers = [ pkgs.brlaser ];
+
+  # remote build
+  nix.buildMachines = [{
+    hostName = "january";
+    system = "x86_64-linux";
+    protocol = "ssh-ng";
+    maxJobs = 1;
+    speedFactor = 2;
+    supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    mandatoryFeatures = [ ];
+  }];
+  nix.distributedBuilds = true;
+  # optional, useful when the builder has a faster internet connection than yours
+  nix.extraOptions = ''
+    	  builders-use-substitutes = true
+    	'';
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11";
+}

hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/83947a1f-1322-4bd8-8a90-6e729d7d01dd";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC62-4777";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

school-configuration.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    nmap
+    wireshark
+    arduino-cli
+
+    # senior design
+    gnuradio
+    conda
+    uhd
+  ];
+}

software-development-configuration.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    # languages
+    rustup
+    cmake
+    gcc
+    python3Full
+
+    # vscode
+    nixpkgs-fmt
+    vscode
+  ];
+}

surfacebook-configuration.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+# nvidia-offload script
+let
+  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
+    export __NV_PRIME_RENDER_OFFLOAD=1
+    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
+    export __GLX_VENDOR_LIBRARY_NAME=nvidia
+    export __VK_LAYER_NV_optimus=NVIDIA_only
+    exec "$@"
+  '';
+in
+{
+  imports =
+    [
+      <nixos-hardware/microsoft/surface/common>
+    ];
+
+  ##### SB3 Hardware ##### 
+  # surface kernel config
+  users.users.caleb.extraGroups = [ "surface-control" ];
+  microsoft-surface.surface-control.enable = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
+  # Nvidia driver setup
+  hardware.nvidia = {
+    modesetting.enable = true;
+    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    nvidiaSettings = true;
+    powerManagement = {
+      enable = true;
+      finegrained = true;
+    };
+    prime = {
+      offload = {
+        enable = true;
+        enableOffloadCmd = true;
+      };
+
+      intelBusId = "PCI:0:2:0";
+      nvidiaBusId = "PCI:2:0:0";
+    };
+  };
+
+  # disable systemd services
+  systemd.services = {
+    nvidia-resume = {
+      enable = false;
+      restartIfChanged = false;
+    };
+  };
+
+  # power tuning
+  powerManagement.powertop.enable = true;
+}