Initial Config

.gitignore

@@ -0,0 +1,2 @@
+settings.nix
+hardware-configuration.nix

configure.sh

@@ -0,0 +1,246 @@
+#!/usr/bin/env bash
+
+# Change into script dir.
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
+nixosDir=$(pwd)
+
+# Defaults
+defaultHostname="nixos"
+defaultSwap="8G"
+defaultName="grmrgecko"
+defaultDescription="James Coleman"
+defaultGitName="GRMrGecko"
+defaultGitEmail="grmrgecko@gmail.com"
+
+# A simple function to print an array.
+CHOICE=0
+chooseOpts() {
+    local opts i
+    CHOICE=-1
+    opts=("$@")
+    # Keep an index to properly index the options.
+    i=0
+    echo
+    # For each option, print it and increment the index.
+    for opt in "${opts[@]}"; do
+        echo "$i) $opt"
+        i=$((i+1))
+    done
+    # Ask for their choice.
+    echo
+    echo -n "Enter choice: "
+    read -r CHOICE
+    # Check inputted index range.
+    if ((CHOICE >= ${#opts[@]} || CHOICE < 0)); then
+        echo "Invalid range"
+        chooseOpts "$@"
+    fi
+}
+
+# A looping function to choose Y or N.
+chooseYN() {
+    local default=""
+    if [[ "$1" =~ \[.*([YN]).*\] ]]; then
+        default=${BASH_REMATCH[1]}
+    fi
+    echo -n "$1: "
+    read -r CHOICE
+    [[ -z $CHOICE ]] && CHOICE=$default
+    if [[ "$CHOICE" =~ ^[yY]$ ]]; then
+        CHOICE="y"
+    elif [[ "$CHOICE" =~ ^[nN]$ ]]; then
+        CHOICE="n"
+    else
+        chooseYN "$1"
+    fi
+}
+
+# Determine video drivers based on PCI devices.
+videoDrivers="unknown"
+pciRaw=$(lspci | grep -E 'VGA')
+if [[ "$pciRaw" =~ QXL ]]; then
+    videoDrivers="qxl"
+elif [[ "$pciRaw" =~ NVIDIA ]]; then
+    videoDrivers="nvidia"
+elif [[ "$pciRaw" =~ AMD ]]; then
+    videoDrivers="amdgpu"
+fi
+
+# Get the packages souce, rather its unstable or stable.
+PACKAGESOPTS=(
+    "stable"
+    "unstable"
+)
+echo "Packages source"
+chooseOpts "${PACKAGESOPTS[@]}"
+PACKAGES=${PACKAGESOPTS[$CHOICE]}
+
+# Get the profile for this system.
+PROFILEOPTS=()
+# Build profile list from profiles directory.
+for profile in ./profiles/*.nix; do
+    PROFILEOPTS+=("$(basename "${profile%.*}")")
+done
+echo "Choose your profile"
+chooseOpts "${PROFILEOPTS[@]}"
+PROFILE=${PROFILEOPTS[$CHOICE]}
+
+# Get the hostname.
+echo -n "Choose hostname [$defaultHostname]: "
+read -r hostName
+[[ -z $hostName ]] && hostName=$defaultHostname
+
+# Determine default disk.
+diskDefault=""
+[[ -e /dev/sda ]] && diskDefault="/dev/sda"
+[[ -e /dev/vda ]] && diskDefault="/dev/vda"
+echo
+echo "Select a disk from the list below:"
+# List disks to allow a choice to be made without stopping
+# configuration and verifying available disks.
+lsblk -o PATH,ID-LINK,SIZE -t
+echo
+echo -n "Choose disk (/dev/disk/by-id/{ID-LINK}) [$diskDefault]: "
+read -r disk
+# If selected disk is none, use the default disk determined above.
+[[ -z $disk ]] && disk=$diskDefault
+
+# Get the swap size.
+echo -n "Swap size [$defaultSwap]: "
+read -r swapSize
+[[ -z $swapSize ]] && swapSize=$defaultSwap
+
+# Determine if we should LUKS encrypt the disk.
+luks="false"
+chooseYN "Use LUKS Encryption? [N/y]"
+if [[ "$CHOICE" == "y" ]]; then
+    luks="true"
+    # Get a password from the user, with confirmation to ensure
+    # we are not setting a typo.
+    while true; do
+        echo -n "Enter your luks encryption passphrase: "
+        read -r -s luksPasswd
+        echo -n "Confirm your luks encryption passphrase: "
+        read -r -s confirmLuksPasswd
+        if [[ "$luksPasswd" == "$confirmLuksPasswd" ]]; then
+            break
+        fi
+        echo "Passwords do not match, try again."
+    done
+    # Save the password to the tmpfs for disko to pick up during partitioning.
+    echo "$luksPasswd" > /tmp/secret.key
+fi
+
+# Get username for the main user.
+echo -n "Main user name [$defaultName]: "
+read -r name
+[[ -z $name ]] && name=$defaultName me
+
+# Get description for the main user.
+echo -n "Main user description [$defaultDescription]: "
+read -r description
+[[ -z $description ]] && description=$defaultDescription
+
+# Determine password for main user, verifying no typos.
+while true; do
+    echo -n "Enter password for main user: "
+    read -r -s mainPasswd
+    echo -n "Confirm your password for main user: "
+    read -r -s confirmMainPasswd
+    if [[ "$mainPasswd" == "$confirmMainPasswd" ]]; then
+        break
+    fi
+    echo "Passwords do not match, try again."
+done
+# Use mkpasswd to create a hashed password with the lastest
+# linux password hashing algorithm.
+password=$(mkpasswd "$mainPasswd")
+
+# Determine SSH keys to allow into the system.
+sshKeys=()
+while true; do
+    echo "To exit loop, press enter."
+    echo -n "Add ssh key (Github Username or ssh key): "
+    read -r keyToAdd
+
+    # If empty, exit loop as all keys were selected.
+    [[ -z $keyToAdd ]] && break
+
+    # If matches an ssh public key, add to list.
+    if [[ "$keyToAdd" =~ ^ssh-.* ]]; then
+        echo "Added key: $keyToAdd"
+        sshKeys+=("$keyToAdd")
+        continue
+    fi
+
+    # If is an username, check github for all keys and add them.
+    if [[ "$keyToAdd" =~ ([a-zA-Z0-9]+) ]]; then
+        githubUsername=${BASH_REMATCH[1]}
+        while read -r key; do
+            if [[ $key == "Not Found" ]]; then
+                echo "Github user provided not found"
+                continue
+            fi
+            echo "Adding key: $key"
+            sshKeys+=("$key")
+        done < <(curl -s -q "https://github.com/$githubUsername.keys")
+    fi
+done
+
+# Determine if we want to autologin to the main user,
+# this may be desirable on full disk encrypted machines.
+autoLogin="false"
+chooseYN "Autologin to main user? [N/y]"
+if [[ "$CHOICE" == "y" ]]; then
+    autoLogin="true"
+fi
+
+# Get git name.
+echo -n "Git name [$defaultGitName]: "
+read -r gitName
+[[ -z $gitName ]] && gitName=$defaultGitName me
+
+# Get git email.
+echo -n "Git email [$defaultGitEmail]: "
+read -r gitEmail
+[[ -z $gitEmail ]] && gitEmail=$defaultGitEmail
+
+# Generate settings.nix file with above choosen options.
+echo "Generating settings.nix:"
+cat <<EOF | tee "$nixosDir/settings.nix"
+rec {
+  system = "x86_64-linux";
+  timezone = "America/Chicago";
+  locale = "en_US.UTF-8";
+  packages = "${PACKAGES}";
+  profile = "${PROFILE}";
+  hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
+  hostName = "${hostName}";
+  videoDrivers = "${videoDrivers}";
+  disk = {
+    device = "${disk}";
+    swapSize = "${swapSize}";
+    luks = ${luks};
+  };
+  user = {
+    name = "${name}";
+    description = "${description}";
+    hashedPassword = "${password}";
+    openssh.authorizedKeys.keys = [$(printf ' "%s"' "${sshKeys[@]}") ];
+    autoLogin = ${autoLogin};
+  };
+  root = {
+    hashedPassword = user.hashedPassword;
+    openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys;
+  };
+  git = {
+    name = "${gitName}";
+    email = "${gitEmail}";
+  };
+}
+EOF
+
+# Generate hardware-configuration.nix without filesystems as we use the disko partitoning flake.
+echo
+echo "Generating hardware-configuration.nix"
+nixos-generate-config --no-filesystems --show-hardware-config | tee "$nixosDir/hardware-configuration.nix"

flake.lock

@@ -0,0 +1,86 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1715217706,
+        "narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1715486357,
+        "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1715106579,
+        "narHash": "sha256-gZMgKEGiK6YrwGBiccZ1gemiUwjsZ1Zv49KYOgmX2fY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "8be0d8a1ed4f96d99b09aa616e2afd47acc3da89",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1715087517,
+        "narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b211b392b8486ee79df6cdfb1157ad2133427a29",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,81 @@
+{
+  description = "Nixos config flake";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = inputs@{ self, ... }:
+  let
+    settings = (if (builtins.pathExists ./settings.nix)
+                      then
+                        (import ./settings.nix)
+                      else
+                        (import ./settings-default.nix)
+                      );
+
+    nixpkgs = (if (settings.packages == "stable")
+              then
+                inputs.nixpkgs
+              else
+                inputs.nixpkgs-unstable
+              );
+
+    overlay-unstable = final: prev: {
+        unstable = import inputs.nixpkgs-unstable {
+          system = settings.system;
+          config.allowUnfree = true;
+        };
+    };
+
+    pkgs = (import nixpkgs {
+              system = settings.system;
+              config = {
+                allowUnfree = true;
+                allowUnfreePredicate = (_: true);
+              };
+              overlays = [ overlay-unstable ];
+            });
+
+    mkSystem = config: nixpkgs.lib.nixosSystem {
+      system = settings.system;
+      specialArgs = {
+        inherit inputs;
+        inherit pkgs;
+        inherit settings;
+      };
+      modules = [
+        config
+        inputs.disko.nixosModules.disko
+        inputs.home-manager.nixosModules.default
+      ];
+    };
+
+    mkHome = config: inputs.home-manager.lib.homeManagerConfiguration {
+      inherit pkgs;
+      extraSpecialArgs = {
+        inherit inputs;
+        inherit settings;
+      };
+      modules = [ config ];
+    };
+  in {
+    nixosConfigurations.default = mkSystem ./hosts/default/configuration.nix;
+    nixosConfigurations.tama = mkSystem ./hosts/tama/configuration.nix;
+
+    homeConfigurations = {
+      ${settings.user.name} = mkHome ./users/main-user.nix;
+    };
+  };
+}

hosts/default/configuration.nix

@@ -0,0 +1,19 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Enable flakes for package pinning.
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  
+  # Import modules.
+  imports = [
+    ../../hardware-configuration.nix
+    ../../profiles/${settings.profile}.nix
+  ];
+
+  # Do not change the following.
+  system.stateVersion = "23.11";
+}

hosts/tama/configuration.nix

@@ -0,0 +1,26 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Enable flakes for package pinning.
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  
+  # Import modules.
+  imports = [
+    ../../hardware-configuration.nix
+    ../../profiles/${settings.profile}.nix
+    ../../modules/nixos/zfs.nix
+  ];
+
+  # Enable NFS export for kvm storage.
+  services.nfs.server.enable = true;
+  services.nfs.server.exports = ''
+    /mnt/kvm        10.0.100.5(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.7(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.8(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.13(rw,async,no_subtree_check,no_root_squash,fsid=1)
+  '';
+
+  # Do not change the following.
+  system.stateVersion = "23.11";
+}

install.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Change into script dir.
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
+nixosDir=$(pwd)
+
+# Get short hostname to work with host specific configurations.
+host=$(hostname -s)
+if [[ -n $nixHostOverride ]]; then
+    host=$nixHostOverride
+fi
+
+# Confirm host configuration is available; If not, we should not continue.
+if ! grep -q "nixosConfigurations.$host" flake.nix; then
+    host="default"
+fi
+
+# Install NixOS.
+# shellcheck disable=SC2068
+nix --extra-experimental-features 'nix-command flakes' run 'github:nix-community/disko#disko-install' -- --impure --flake "path:$nixosDir/#$host" $@

modules/home/git.nix

@@ -0,0 +1,9 @@
+{pkgs, settings, ...}:
+
+{
+  programs.git = {
+    enable = true;
+    userName = settings.git.name;
+    userEmail = settings.git.email;
+  };
+}

modules/home/zsh.nix

@@ -0,0 +1,8 @@
+{pkgs, settings, ...}:
+
+{
+  programs.zsh = {
+    enable = true;
+    dotDir = ".config/zsh";
+  };
+}

modules/nixos/common.nix

@@ -0,0 +1,100 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Import modules.
+  imports = [
+    (import (if (settings.disk.luks)
+        then
+          ./disko-luks.nix
+        else
+          ./disko.nix
+      ) {
+      device = settings.disk.device;
+      swapSize = settings.disk.swapSize;
+    })
+  ] ++ (if settings.videoDrivers=="unknown" then [] else [ ./video-drivers/${settings.videoDrivers}.nix ]);
+
+  # Allow unfree packages.
+  nixpkgs.config.allowUnfree = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = [ "btrfs" ];
+
+  # BTRFS Scrubbing Services.
+  services.btrfs.autoScrub.enable = true;
+  services.btrfs.autoScrub.interval = "weekly";
+
+  # Set your time zone.
+  time.timeZone = settings.timezone;
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = settings.locale;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkb.options in tty.
+  # };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  users.groups.mlocate = {};
+  environment.systemPackages = with pkgs; [
+    # Text Editors
+    vim
+    nano
+    
+    # Network
+    wget
+    curl
+    git
+    rsync
+    borgbackup
+
+    # Disk Tools
+    btrfs-progs
+    nfs-utils
+    parted
+    ncdu
+    pv
+
+    # System Tools
+    sudo
+    cron
+    mlocate
+    tmux
+    killall
+    pciutils
+
+    # Performance monitor
+    nmon
+    iotop
+    htop
+  ];
+
+  # Compatibility with scripts.
+  system.activationScripts.binbash = {
+    text =
+    ''
+      ln -sfn /run/current-system/sw/bin/bash /bin/bash
+    '';
+  };
+
+  # Nix Package Auto Cleanup
+  nix = {
+    settings.auto-optimise-store = true;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-oder-than 7d";
+    };
+  };
+}

modules/nixos/desktop-environments/hyperland.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  programs.hyprland = {
+    # Install the packages from nixpkgs
+    enable = true;
+    # Whether to enable XWayland
+    xwayland.enable = true;
+  };
+
+  # Extra global packages for guis.
+  environment.systemPackages = with pkgs; [
+    xdg-desktop-portal-hyprland
+  ];
+}

modules/nixos/desktop-environments/plasma.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Enable the Desktop Environment.
+  services.xserver.desktopManager.plasma5.enable = false;
+  services.desktopManager.plasma6.enable = true;
+}

modules/nixos/desktop.nix

@@ -0,0 +1,88 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Import desktop environments.
+  imports = [
+    ./desktop-environments/plasma.nix
+    ./desktop-environments/hyperland.nix
+  ];
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the Display Manager.
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.wayland.enable = true;
+
+  # Enable automatic login for the user.
+  services.displayManager.autoLogin.enable = settings.user.autoLogin;
+  services.displayManager.autoLogin.user = if settings.user.autoLogin then settings.user.name else "";
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable Flatpak
+  services.flatpak.enable = true;
+
+  # Install firefox.
+  programs.firefox.enable = true;
+
+  # Gui applications for the main user.
+  users.users.${settings.user.name}.packages = with pkgs; [
+    # Internet
+    thunderbird
+    ungoogled-chromium
+
+    # Remote management
+    remmina
+    transmission-remote-gtk
+
+    # Development
+    kate
+    arduino-ide
+
+    # Multimedia
+    clementine
+    mpv
+    vlc
+    kdePackages.k3b
+
+    # Software defined radio
+    gqrx
+  ];
+
+  # Kodi
+  services.xserver.desktopManager.kodi.enable = true;
+  services.xserver.desktopManager.kodi.package = pkgs.kodi.withPackages (pkgs: with pkgs; [
+    # osmc-skin
+    jellyfin
+    pvr-hdhomerun
+    pvr-iptvsimple
+  ]);
+
+  # Extra global packages for guis.
+  environment.systemPackages = with pkgs; [
+    xdg-utils
+    xdg-desktop-portal
+  ];
+}

modules/nixos/disko-luks.nix

@@ -0,0 +1,65 @@
+{
+  device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id",
+  swapSize ? "8G",
+  ...
+}: {
+  disko.devices = {
+    disk.main = {
+      inherit device;
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            name = "boot";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountOptions = [ "fmask=0022" "dmask=0022" ];
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "luks";
+              name = "crypted";
+              settings.allowDiscards = true;
+              passwordFile = "/tmp/secret.key";
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ];
+
+                subvolumes = {
+                  "/root" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/";
+                  };
+
+                  "/home" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/home";
+                  };
+
+                  "/nix" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/nix";
+                  };
+
+                  "/swap" = {
+                    mountOptions = [ "noatime" ];
+                    mountpoint = "/swap";
+                    swap.swapfile.size = swapSize;
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/disko.nix

@@ -0,0 +1,59 @@
+{
+  device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id",
+  swapSize ? "8G",
+  ...
+}: {
+  disko.devices = {
+    disk.main = {
+      inherit device;
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            name = "boot";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountOptions = [ "fmask=0022" "dmask=0022" ];
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+
+              subvolumes = {
+                "/root" = {
+                  mountOptions = [ "compress=zstd" ];
+                  mountpoint = "/";
+                };
+
+                "/home" = {
+                  mountOptions = [ "compress=zstd" ];
+                  mountpoint = "/home";
+                };
+
+                "/nix" = {
+                  mountOptions = [ "compress=zstd" ];
+                  mountpoint = "/nix";
+                };
+
+                "/swap" = {
+                  mountOptions = [ "noatime" ];
+                  mountpoint = "/swap";
+                  swap.swapfile.size = swapSize;
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/docker.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Install Docker
+  virtualisation.docker.enable = true;
+  virtualisation.docker.storageDriver = "btrfs";
+  users.users.${settings.user.name}.extraGroups = [ "docker" ];
+
+  # Distrobox
+  environment.systemPackages = with pkgs; [
+    distrobox
+  ];
+}

modules/nixos/gaming.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Enable steam for gamming.
+  programs.steam.enable = true;
+
+  # Gui applications for the main user.
+  users.users.${settings.user.name}.packages = with pkgs; [
+      lutris
+  ];
+}

modules/nixos/management.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    cockpit
+  ];
+
+  services.cockpit = {
+    enable = true;
+    port = 9090;
+    settings = {
+      WebService = {
+        AllowUnencrypted = true;
+      };
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.settings.PermitRootLogin = "without-password";
+}

modules/nixos/monitoring.nix

@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+{
+  users.groups.telegraf = {};
+  users.users.telegraf = {
+    isNormalUser = false;
+    isSystemUser = true;
+    group = "telegraf";
+  };
+
+  # List packages installed in system profile.
+  environment.systemPackages = with pkgs; [
+    telegraf
+    smartmontools
+    nvme-cli
+    lm_sensors
+  ];
+
+  security.sudo = {
+    enable = true;
+    extraRules = [{
+      commands = [
+        {
+          command = "${pkgs.smartmontools}/bin/smartctl";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "${pkgs.nvme-cli}/bin/nvme";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+      users = [ "telegraf" ];
+    }];
+  };
+
+  systemd.services.telegraf = {
+    enable = true;
+    description = "Telegraf";
+    after = [ "network.target" ];
+    path = [
+      "/run/wrappers"
+      pkgs.lm_sensors
+      pkgs.smartmontools
+      pkgs.nvme-cli
+    ];
+    serviceConfig = {
+      Type = "notify";
+      NotifyAccess = "all";
+      User = "telegraf";
+      ExecStart = "${pkgs.telegraf}/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d";
+      ExecReload = "/bin/kill -HUP $MAINPID";
+      Restart = "on-failure";
+      RestartForceExitStatus = "SIGPIPE";
+      KillMode = "mixed";
+      TimeoutStopSec = "5";
+      LimitMEMLOCK = "8M:8M";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

modules/nixos/network.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Network host configuration.
+  networking.hostId = settings.hostId;
+  networking.hostName = settings.hostName;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+  networking.networkmanager.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    dnsutils
+    iperf
+    nmap
+    netcat-gnu
+  ];
+}

modules/nixos/users.nix

@@ -0,0 +1,50 @@
+{ inputs, config, lib, pkgs, settings, ... }:
+
+{
+  services.syncthing = {
+    enable = true;
+    guiAddress = "0.0.0.0:8384";
+    user = settings.user.name;
+    dataDir = "/home/${settings.user.name}";
+  };
+
+  # Enable ZSH.
+  programs.zsh.enable = true;
+
+  # Rebuild users.
+  users.mutableUsers = false;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.groups.${settings.user.name}.gid = 1000;
+  users.users.${settings.user.name} = {
+    isNormalUser = true;
+    description = settings.user.description;
+    extraGroups = [ "networkmanager" "wheel" ];
+    uid = 1000;
+    group = settings.user.name;
+    shell = pkgs.zsh;
+    hashedPassword = settings.user.hashedPassword;
+    openssh.authorizedKeys.keys = settings.user.openssh.authorizedKeys.keys;
+  };
+  users.users.root = {
+    shell = pkgs.zsh;
+    hashedPassword = settings.root.hashedPassword;
+    openssh.authorizedKeys.keys = settings.root.openssh.authorizedKeys.keys;
+  };
+
+  environment.systemPackages = with pkgs; [
+    unstable.nodejs_22
+    pure-prompt
+    fastfetch
+  ];
+
+  home-manager = {
+    extraSpecialArgs = {
+      inherit inputs;
+      inherit settings;
+    };
+    users = {
+      ${settings.user.name} = import ../../users/main-user.nix;
+    };
+  };
+}

modules/nixos/video-drivers/amdgpu.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Display drivers.
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  services.xserver.videoDrivers = [ "amdgpu" ];
+}

modules/nixos/video-drivers/nvidia.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Display drivers.
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware.nvidia = {
+
+    # Modesetting is required.
+    modesetting.enable = false;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    # Enable this if you have graphical corruption issues or application crashes after waking
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+    # of just the bare essentials.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+}

modules/nixos/video-drivers/qxl.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Display drivers.
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  services.xserver.videoDrivers = [ "qxl" ];
+  # services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;
+}

modules/nixos/virtualization.nix

@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.extraHosts =
+    ''
+      10.0.100.5 kiki kiki.gec.im
+      10.0.100.6 tama tama.gec.im
+      10.0.100.7 kate kate.gec.im
+      10.0.100.8 mika mika.gec.im
+      10.0.100.13 gaming-pc gaming-pc.gec.im
+    '';
+
+  networking.localCommands =
+    ''
+      /run/current-system/sw/bin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
+    '';
+
+  boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
+  boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
+  boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
+
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_full;
+      runAsRoot = true;
+      swtpm.enable = true;
+      ovmf = {
+        enable = true;
+        packages = [(pkgs.OVMF.override {
+          secureBoot = true;
+          tpmSupport = true;
+        }).fd];
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    (python311.withPackages(ps: with ps; [ pip pandas requests libvirt lxml packaging ]))
+    qemu_full
+    libvirt
+    swtpm
+    edk2
+  ];
+
+  # Compatibility with libvirt internals.
+  system.activationScripts.binqemu = {
+    text =
+    ''
+      ln -sfn /run/current-system/sw/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64
+    '';
+  };
+}

modules/nixos/zfs.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.supportedFilesystems = [ "zfs" ];
+
+  # Set kernel to latest compatible version with ZFS.
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  environment.systemPackages = with pkgs; [
+    zfs
+  ];
+
+  services.zfs.autoScrub.enable = true;
+}

profiles/desktop.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Import modules.
+  imports = [
+    ../modules/nixos/common.nix
+    ../modules/nixos/network.nix
+    ../modules/nixos/users.nix
+    ../modules/nixos/management.nix
+    ../modules/nixos/desktop.nix
+    ../modules/nixos/docker.nix
+  ];
+}

profiles/gaming-pc.nix

@@ -0,0 +1,9 @@
+{ config, lib, pkgs, settings, ... }:
+
+{
+  # Import modules.
+  imports = [
+    ./desktop.nix
+    ../modules/nixos/gaming.nix
+  ];
+}

profiles/virtual-machine-host.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, settings, ... }:
+
+{ 
+  # Import modules.
+  imports = [
+    ../modules/nixos/common.nix
+    ../modules/nixos/network.nix
+    ../modules/nixos/users.nix
+    ../modules/nixos/management.nix
+    ../modules/nixos/monitoring.nix
+    ../modules/nixos/virtualization.nix
+  ];
+
+  # Allow unsupported SPF+ modules.
+  boot.kernelParams = [
+    "ixgbe.allow_unsupported_sfp=1"
+  ];
+}

rebuild.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Change into script dir.
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
+nixosDir=$(pwd)
+
+# Get short hostname to work with host specific configurations.
+host=$(hostname -s)
+if [[ -n $nixHostOverride ]]; then
+    host=$nixHostOverride
+fi
+
+# Confirm host configuration is available; If not, we should not continue.
+if ! grep -q "nixosConfigurations.$host" flake.nix; then
+    host="default"
+fi
+
+# Rebuild and switch.
+# shellcheck disable=SC2068
+nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@

rsync.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# Change into script dir.
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
+nixosDir=$(pwd)
+
+# Sync configuration via rsync.
+rsync -av --delete --exclude settings.nix --exclude hardware-configuration.nix "$nixosDir/" "$1:nixos/"

settings-default.nix

@@ -0,0 +1,30 @@
+rec {
+  system = "x86_64-linux";
+  timezone = "America/Chicago";
+  locale = "en_US.UTF-8";
+  packages = "stable";
+  profile = "desktop";
+  hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
+  hostName = "nixos";
+  videoDrivers = "unknown";
+  disk = {
+    device = "/dev/sda";
+    swapSize = "8G";
+    luks = false;
+  };
+  user = {
+    name = "grmrgecko";
+    description = "James Coleman";
+    hashedPassword = "";
+    openssh.authorizedKeys.keys = [];
+    autoLogin = false;
+  };
+  root = {
+    hashedPassword = user.hashedPassword;
+    openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys;
+  };
+  git = {
+    name = "GRMrGecko";
+    email = "grmrgecko@gmail.com";
+  };
+}

update.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Change into script dir.
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
+nixosDir=$(pwd)
+
+# Get short hostname to work with host specific configurations.
+host=$(hostname -s)
+if [[ -n $nixHostOverride ]]; then
+    host=$nixHostOverride
+fi
+
+# Confirm host configuration is available; If not, we should not continue.
+if ! grep -q "nixosConfigurations.$host" flake.nix; then
+    host="default"
+fi
+
+# Update nixpkgs.
+if ! sudo -u grmrgecko nix flake update "$nixosDir"; then
+    echo "Update failed"
+    exit 1
+fi
+
+# Add updated lock file to git staging for rebuild below.
+sudo -u grmrgecko git add flake.lock
+
+# Commit update.
+sudo -u grmrgecko git commit -m "Flake update $(date)"
+
+# Rebuild and switch.
+# shellcheck disable=SC2068
+nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@

users/main-user.nix

@@ -0,0 +1,24 @@
+{pkgs, settings, ...}:
+
+{
+  imports = [
+    ../modules/home/git.nix
+    ../modules/home/zsh.nix
+  ];
+
+  home.username = settings.user.name;
+  home.homeDirectory = "/home/${settings.user.name}";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "23.11";
+}