Declarative NixOS configuration for personal machines (ragnarok, mimir)
- Nix 84.3%
- Shell 14.5%
- Just 1.2%
Adrian Kowalczyk
5184c3a009
All checks were successful
Tekton CI / nix-build-mimir Success
After spending a day actually using mimir, accumulated friction got fixed in one pass. niri (home/vrozaksen/niri.nix): - touchpad tap-to-click OFF (accidental clicks were ruining the day) - swayidle on spawn-at-startup: lock on lid/sleep/resume + auto-lock at 10min idle + DPMS off at 15min + suspend at 30min. Closes a real security hole — sleep was waking with no password prompt. - screenshot annotator swappy → satty (Rust, modern UI, more tools, auto-clipboard via --copy-command). Mod+Shift+S keeps same role, output writes timestamped file into ~/Pictures/Screenshots. - Mod+D rebound from fuzzel to noctalia-shell launcher (theming and category integration). fuzzel kept installed as fallback, binding commented for one-line revert. - blueman-applet autostart commented — noctalia panel exposes the same BT pair/connect surface. blueman-manager (full GUI) stays for OBEX/file-transfer when needed. - swaybg autostart commented — noctalia has its own wallpaper engine and overrides any external painter; configure via noctalia Settings. - vesktop autostart replaces discord --start-minimized (vesktop is the daily driver per earlier decision; discord stays as fallback). - openrgb --server spawn removed — services.hardware.openrgb already starts the daemon as a systemd unit (was duplicate; T480 has nothing to control anyway). shell: - Dropped fortune | cowsay | lolcat from fish_greeting (cow wasn't earning its keep). fastfetch stays, gated by FASTFETCH_LAUNCHED so it prints once per terminal tree. - Removed fortune + cowsay from systemPackages (now unused). nix substituters (modules/core/nix.nix): - substituters → extra-substituters (and matching for trusted-public-keys). Was duplicating cache.nixos.org because the NixOS default already includes it. Now: niri.cachix.org (from niri-flake nixConfig) + cache.vzkn.eu/main (ours) + cache.nixos.org (default), no dupes. apps (modules/desktop/apps.nix): - proton-pass — Linux client. Proton Drive has no native Linux client yet; web UI at https://drive.proton.me. hardware (modules/hardware/amd.nix): - boot.kernelParams = ["mem_sleep_default=deep"]. AMD desktop boards default to s2idle / S0ix ("modern standby"), which often wakes up half-broken. Forcing classic ACPI S3 gives clean resume. Will apply to ragnarok (or any host importing modules/hardware/amd.nix). secrets infrastructure: - .sops.yaml regex now matches secrets/*.{yaml,env} so the upcoming wifi.env can be encrypted with the same rules. - modules/services/wifi.nix added as a stub (NOT imported anywhere yet). Uses networking.networkmanager.ensureProfiles.environmentFiles to inject SSID + PSK from the sops dotenv file at activation time — no plaintext PSK in the nix store. Migration recipe in the file header. Import from a host once secrets/wifi.env is staged. |
||
|---|---|---|
| .renovate | ||
| .tekton | ||
| home/vrozaksen | ||
| hosts/mimir | ||
| installer | ||
| modules | ||
| scripts | ||
| secrets | ||
| .gitignore | ||
| .renovaterc.json5 | ||
| .sops.yaml | ||
| flake.lock | ||
| flake.nix | ||
| Justfile | ||
| lefthook.yml | ||
| LICENSE | ||
| README.md | ||
| statix.toml | ||
nix-config
Declarative NixOS configuration for personal machines (ragnarok, mimir)