{ description = "Stationette nix config"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; disko.url = "github:nix-community/disko/latest"; impermanence.url = "github:nix-community/impermanence"; home-manager.url = "github:nix-community/home-manager/release-25.11"; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, impermanence, disko, home-manager, ... } @ inputs: let lib = nixpkgs.lib; system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; in { nixosConfigurations = { stationette = nixpkgs.lib.nixosSystem { modules = [ ./hardware-configuration.nix disko.nixosModules.disko impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager { environment.persistence."/persist" = { hideMounts = true; directories = [ "/var/log" "/var/lib/bluetooth" "/var/lib/networkmanager" "/etc/ssh" ]; files = [ "/etc/machine-id" ]; }; # nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/latest#disko-install -- --flake ./#stationette --write-efi-boot-entries --disk stationette /dev/sda disko.devices = { disk = { stationette = { type = "disk"; device = "/dev/sda"; # Check this with lsblk content = { type = "gpt"; partitions = { ESP = { size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "fmask=0022" "dmask=0022" "umask=0077" ]; }; }; root = { size = "100%"; content = { type = "btrfs"; extraArgs = [ "-f" ]; # Force overwrite subvolumes = { "/root" = { mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/persist" = { mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/swap" = { mountpoint = "/.swapvol"; swap.swapfile.size = "8G"; }; }; }; }; }; }; }; }; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; networking = { hostName = "stationette"; networkmanager.enable = true; }; users.users.chris = { uid = 1000; isNormalUser = true; initialPassword = "changeme123"; shell = pkgs.zsh; extraGroups = [ "chris" "wheel" "networkmanager" ]; }; programs.zsh = { enable = true; }; system.stateVersion = "25.11"; environment.systemPackages = with pkgs; [ bat #highlight btop eza fzf git #gnumake #neofetch neovim ripgrep tldr unzip openssl wget zip zoxide jq lazygit #sqlit less mlocate tree tmux tmuxinator wget zenity gum yazi rsync p7zip impala ]; home-manager = { users.chris = { pkgs, lib, ... }: { home = { username = "chris"; homeDirectory = "/home/chris"; stateVersion = "25.11"; persistence."/persist" = { directories = [ "Downloads" "Tower" ".config/dotfiles" ".local/share/direnv" ".ssh" ]; }; activation.setupDotfiles = lib.hm.dag.entryAfter ["writeBoundary"] '' if [[ -v DRY_RUN ]]; then echo "Dry run: Would bootstrap dotfiles from labs.scarif.space" fi DOTFILES_DIR="$HOME/.config/dotfiles" if [ -d "$DOTFILES_DIR/.git" ]; then # Restore tracked files from the local metadata ${pkgs.git}/bin/git --git-dir="$DOTFILES_DIR/.git" --work-tree="$HOME" checkout -f ${pkgs.git}/bin/git submodule update --init --recursive else echo "Dotfiles not found. Running bootstrap script..." # Setup a temporary workspace TEMP_DIR=$(mktemp -d) # Clone the repo (using the public URL for the initial pull) ${pkgs.git}/bin/git clone -b main https://labs.scarif.space/chris/dotfiles.git "$TEMP_DIR" # Copy files to HOME ${pkgs.coreutils}/bin/cp -rfT "$TEMP_DIR" "$HOME" # Initialize the separate git directory ${pkgs.coreutils}/bin/mkdir -p "$DOTFILES_DIR" cd "$HOME" ${pkgs.git}/bin/git init --separate-git-dir "$DOTFILES_DIR/.git" "$HOME" # Update submodules ${pkgs.git}/bin/git submodule set-url ".config/nvim" https://labs.scarif.space/chris/nvim.git ${pkgs.git}/bin/git submodule update --init # Set URLs back to SSH ${pkgs.git}/bin/git submodule set-url ".config/nvim" git@labs.scarif.space:chris/nvim.git ${pkgs.git}/bin/git remote set-url origin git@labs.scarif.space:chris/dotfiles.git # Clean up ${pkgs.coreutils}/bin/rm -rf "$TEMP_DIR" ${pkgs.coreutils}/bin/rm -f "$HOME/.git" echo "Dotfiles bootstrapped successfully." fi ''; packages = with pkgs; [ # jetbrains.rider # android-studio # beekeeper-studio # brave # discord # spotify # go # lua # nodePackages.pnpm # (python3.withPackages (python-pkgs: [ python-pkgs.pip python-pkgs.requests ])) # rustup # zig # obsidian # thunderbird # libreoffice-qt # pkgs-unstable.nerd-fonts.fira-code # hunspell # blueberry # steam # steam-run # viewnior # pkgs-unstable.hyprshot # catppuccin-cursors.macchiatoBlue # catppuccin-gtk # papirus-folders # pkgs-unstable.php84Packages.composer # pkgs-unstable.php84Packages.xdebug # pkgs-unstable.php84Extensions.sqlite3 # pkgs-unstable.php84Extensions.redis # pkgs-unstable.php84Extensions.sodium # pkgs-unstable.php84Extensions.pgsql # pkgs-unstable.php84Extensions.iconv # pkgs-unstable.php84Extensions.gd # pkgs-unstable.php84Extensions.zip # php # antigravity # gimp # kdePackages.dolphin # enpass # enpass-cli # expressvpn # jellyfin-ffmpeg # inkscape # krita # libreoffice-fresh # nextcloud-client # nodejs_24 # signal-desktop # sxiv # tenacity # unzip # zathura # ghostty # wally-cli # kdePackages.wacomtablet # kdePackages.print-manager # mpv # vlc # telegram-desktop ]; }; programs = let lock-false = { Value = false; Status = "locked"; }; lock-true = { Value = true; Status = "locked"; }; in { # firefox = { # enable = true; # package = pkgs.wrapFirefox pkgs.firefox-unwrapped { # extraPolicies = { # DisableTelemetry = true; # DisableFirefoxStudies = true; # EnableTrackingProtection = { # Value= true; # Locked = true; # Cryptomining = true; # Fingerprinting = true; # }; # DisablePocket = true; # DisableFirefoxAccounts = true; # DisableAccounts = true; # DisableFirefoxScreenshots = true; # OverrideFirstRunPage = ""; # OverridePostUpdatePage = ""; # DontCheckDefaultBrowser = true; # DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab" # DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on" # SearchBar = "unified"; # alternative: "separate" # /* ---- EXTENSIONS ---- */ # ExtensionSettings = { # "*".installation_mode = "allowed"; # blocks all addons except the ones specified below # # Enpass # "firefox-enpass@enpass.io" = { # install_url = "https://dl.enpass.io/stable/extensions/firefox/versions/v6.11.10.2/enpass_password_manager-6.11.10.2.xpi"; # installation_mode = "force_installed"; # }; # }; # /* ---- PREFERENCES ---- */ # # Set preferences shared by all profiles. # Preferences = { # "browser.contentblocking.category" = { Value = "strict"; Status = "locked"; }; # "extensions.pocket.enabled" = lock-false; # "extensions.screenshots.disabled" = lock-true; # "browser.topsites.contile.enabled" = lock-false; # "browser.formfill.enable" = lock-false; # "browser.search.suggest.enabled" = lock-false; # "browser.search.suggest.enabled.private" = lock-false; # "browser.urlbar.suggest.searches" = lock-false; # "browser.urlbar.showSearchSuggestionsFirst" = lock-false; # "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; # "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; # "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; # "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; # "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; # "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; # "browser.newtabpage.activity-stream.showSponsored" = lock-false; # "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; # "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; # }; # }; # }; # }; }; nixpkgs = { config = { allowUnfree = true; allowUnfreePredicate = (_: true); permittedInsecurePackages = [ "electron-25.9.0" # Obsidian "beekeeper-studio-5.3.4" ]; }; }; }; extraSpecialArgs = { inherit inputs; }; }; } ]; }; }; # Standalone home-manager configuration entrypoint #homeConfigurations = { # chris = home-manager.lib.homeManagerConfiguration { # inherit pkgs; # extraSpecialArgs = { # inherit inputs; # }; # modules = [ # ./home # ]; # }; #}; }; }