add os config

flake.nix

@@ -15,7 +15,7 @@
     st-flexipatch.url = "https://git.antoinevaure.fr/ant/st-flexipatch/archive/master.zip";
   };
 
-  outputs = { ... }@inputs:
+  outputs = { nixpkgs, ... }@inputs:
     let
       system = "x86_64-linux";
       pkgs = inputs.nixpkgs.legacyPackages.${system};
@@ -33,7 +33,7 @@
 
           modules = [
             { home.username = "anvaure"; }
-            ./home.nix
+            ./home/home.nix
             { home.packages = [ nixgl.nixGLIntel ]; }
             { home.packages = [ inputs.st-flexipatch.packages.${system}.st ]; }
           ];
@@ -50,25 +50,34 @@
 
           modules = [
             { home.username = "ant"; }
-            ./home.nix
+            ./home/home.nix
           ];
         };
 
-      homeConfigurations."ant@nixos" =
+      homeConfigurations."ant@basado" =
         inputs.home-manager.lib.homeManagerConfiguration {
           inherit pkgs;
 
           extraSpecialArgs = {
             inherit pkgs-unstable;
             variant = "default";
+            inherit inputs;
           };
 
           modules = [
             { home.username = "ant"; }
-            ./home.nix
+            ./home/home.nix
             { home.packages = [ inputs.st-flexipatch.packages.${system}.st ]; }
             { wayland.windowManager.hyprland.package = pkgs-unstable.hyprland; }
           ];
         };
+
+      nixosConfigurations.basado = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./os/configuration.nix
+        ]
+        ;
+      };
     };
 }

os/configuration.nix

@@ -0,0 +1,206 @@
+# Edit this conle to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  nix.package = pkgs.nixVersions.latest;
+  nix.settings = { experimental-features = [ "nix-command" "flakes" ]; };
+
+  boot.loader = {
+    grub = {
+      enable = true;
+      efiSupport = true;
+      device = "nodev";
+      configurationLimit = 20;
+    };
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot";
+    };
+  };
+
+  # unlock over ssh
+  boot.initrd = {
+    availableKernelModules = [ "igb" ];
+    network = {
+      enable = true;
+      udhcpc = {
+        enable = true;
+        extraArgs = [ "--background" "--retries" "1" ];
+      };
+      flushBeforeStage2 = true;
+      ssh = {
+        enable = true;
+        port = 22;
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCTCKcHgCZOlGeCEz0+HcoYMyXzFy3l3igsG+nhMC8Z ant@moon "
+        ];
+        # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
+        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      };
+      postCommands = ''
+        # Automatically ask for the password on SSH login
+        echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+      '';
+    };
+  };
+  hardware.bluetooth.enable = true; # enables support for Bluetooth
+  hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
+
+  swapDevices = [{
+    device = "/var/lib/swapfile";
+    size = 64 * 1024;
+  }];
+
+  boot.kernelParams = [ "quiet" "amd_iommu=on" ];
+  boot.supportedFilesystems = [ "ntfs" ];
+  boot.plymouth = {
+    enable = true;
+    theme = "fade-in";
+  };
+
+  networking.hostName = "basado"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "Europe/Paris";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "fr_FR.UTF-8";
+    LC_IDENTIFICATION = "fr_FR.UTF-8";
+    LC_MEASUREMENT = "fr_FR.UTF-8";
+    LC_MONETARY = "fr_FR.UTF-8";
+    LC_NAME = "fr_FR.UTF-8";
+    LC_NUMERIC = "fr_FR.UTF-8";
+    LC_PAPER = "fr_FR.UTF-8";
+    LC_TELEPHONE = "fr_FR.UTF-8";
+    LC_TIME = "fr_FR.UTF-8";
+  };
+  services.xserver.xkb = {
+    layout = "fr";
+    variant = "";
+  };
+  console.keyMap = "fr";
+
+  programs.fish.enable = true;
+
+  users.users.ant = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    description = "ant";
+    extraGroups =
+      [ "networkmanager" "wheel" "video" "libvirtd" "msr" "docker" ];
+    packages = with pkgs; [ ];
+  };
+
+  users.users.anvaure = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups =
+      [ "networkmanager" "video" "libvirtd" "msr" "docker" ];
+    packages = with pkgs; [ ];
+  };
+
+  fileSystems."/home/ant/disk1" = {
+    device = "/dev/disk/by-uuid/3c0cd1c9-a7d1-4e6b-834a-297a0c10f11a";
+    fsType = "ext4";
+  };
+
+  fileSystems."/home/ant/disk2" = {
+    device = "/dev/disk/by-uuid/519c0a56-fab0-408e-bc8f-23f63ad618c7";
+    fsType = "ext4";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [ neovim where-is-my-sddm-theme ];
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  services.xserver.enable = true;
+  services.displayManager = {
+    defaultSession = "hyprland";
+    autoLogin = {
+      enable = false;
+      user = "ant";
+    };
+    sddm = {
+      enable = true;
+      wayland.enable = true;
+      extraPackages = [ pkgs.where-is-my-sddm-theme ];
+      theme = "where_is_my_sddm_theme";
+    };
+  };
+
+  security.rtkit.enable = true;
+  security.pam.services.swaylock = { };
+  security.polkit.enable = true;
+  security.pam.services.ant.enableGnomeKeyring = true;
+  services.gnome.gnome-keyring.enable = true;
+
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # NVIDIA
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.beta;
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = true;
+    nvidiaSettings = false;
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services.udisks2.enable = true;
+  programs.gamemode.enable = true;
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
+  programs.light.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings.X11Forwarding = true;
+    settings.PasswordAuthentication = false;
+    openFirewall = true;
+  };
+
+  networking.firewall.enable = true;
+
+  virtualisation.docker = { enable = true; };
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
+  services.ollama = {
+    enable = true;
+    acceleration = "cuda";
+  };
+  services.immich.enable = true;
+
+  programs.nix-ld.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+}

os/hardware-configuration.nix

@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f1848c14-f0c2-4753-8493-03489322459a";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-805f30ed-2c7b-494b-ac87-e9542d479a77".device = "/dev/disk/by-uuid/805f30ed-2c7b-494b-ac87-e9542d479a77";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3DAD-3605";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  fileSystems."/home/ant/disk2" =
+    { device = "/dev/disk/by-uuid/519c0a56-fab0-408e-bc8f-23f63ad618c7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/home/ant/disk1" =
+    { device = "/dev/disk/by-uuid/3c0cd1c9-a7d1-4e6b-834a-297a0c10f11a";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp8s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}