{ description = "Stationette nix config"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; disko.url = "github:nix-community/disko/latest"; impermanence.url = "github:nix-community/impermanence"; home-manager = { url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, impermanence, disko, home-manager, ... } @ inputs: let lib = nixpkgs.lib; system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; in { nixosConfigurations = { stationette = nixpkgs.lib.nixosSystem { modules = [ ./hardware-configuration.nix disko.nixosModules.disko impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager { # nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/latest#disko-install -- --flake ./#stationette --disk stationette --write-efi-boot-entries /dev/sda disko.devices = { disk = { stationette = { type = "disk"; device = "/dev/sda"; # Check this with lsblk content = { type = "gpt"; partitions = { ESP = { size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "fmask=0022" "dmask=0022" "umask=0077" ]; }; }; root = { size = "100%"; content = { type = "btrfs"; extraArgs = [ "-f" ]; # Force overwrite subvolumes = { "/root" = { mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/persist" = { mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/swap" = { mountpoint = "/.swapvol"; swap.swapfile.size = "8G"; }; }; }; }; }; }; }; }; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; environment = { persistence."/persist" = { hideMounts = true; directories = [ "/var/log" "/var/lib/bluetooth" "/var/lib/networkmanager" "/var/lib/nixos" "/etc/ssh" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" ]; files = [ "/etc/machine-id" ]; }; systemPackages = with pkgs; [ hyprpaper libnotify mako qt6.qtwayland hypridle hyprlock hyprpicker wlogout wl-clipboard waybar bat #highlight btop eza fzf iwd git #gnumake #neofetch neovim ripgrep tldr unzip openssl wget zip zoxide jq lazygit #sqlit less mlocate tree tmux tmuxinator wget zenity gum yazi rsync p7zip impala xdg-terminal-exec ]; }; networking = { hostName = "stationette"; networkmanager.enable = true; }; users.users.chris = { uid = 1000; isNormalUser = true; initialPassword = "changeme123"; shell = pkgs.zsh; extraGroups = [ "chris" "wheel" "networkmanager" ]; }; programs = { zsh = { enable = true; }; hyprland = { enable = true; }; }; services = { openssh.enable = true; dbus.enable = true; displayManager = { sddm = { enable = true; wayland.enable = true; theme = "maya"; }; autoLogin.enable = true; autoLogin.user = "chris"; defaultSession = "hyprland"; }; }; system.stateVersion = "25.11"; home-manager = { users.chris = { pkgs, lib, ... }: { home = { username = "chris"; homeDirectory = "/home/chris"; stateVersion = "25.11"; persistence."/persist" = { directories = [ "Downloads" "Tower" ".config/dotfiles" ".config/nvim" ".config/nixos" ".config/sinew.in/Enpass" ".local/share/direnv" ".local/share/nvim" ".local/share/zoxide" ".local/share/Enpass" ".ssh" ]; }; activation.setupDotfiles = lib.hm.dag.entryAfter ["writeBoundary"] '' if [[ -v DRY_RUN ]]; then echo "Dry run: Would bootstrap dotfiles from labs.scarif.space" exit fi TEMP_DIR=$(mktemp -d) DOTFILES_DIR="$HOME/.config/dotfiles" DOTFILES_GIT_DIR="$DOTFILES_DIR/.git" if [ ! -d "$DOTFILES_GIT_DIR" ]; then echo "No local repository so cloning from remote" SOURCE="https://labs.scarif.space/chris/dotfiles.git" ${pkgs.git}/bin/git clone -b main "$SOURCE" "$TEMP_DIR" mv "$TEMP_DIR/.git" "$DOTFILES_GIT_DIR" else echo "Local repository found so cloning from there" ${pkgs.git}/bin/git clone -b main "$DOTFILES_GIT_DIR" "$TEMP_DIR" ${pkgs.git}/bin/git --git-dir="$DOTFILES_GIT_DIR" --work-tree="$TEMP_DIR" pull --rebase || true fi echo "Copying dot files to home" ${pkgs.coreutils}/bin/cp -rfT "$TEMP_DIR" "$HOME" NVIM_DIR="$HOME/.config/nvim" echo "Neovim config not initialised so initialising from remote" ${pkgs.git}/bin/git --git-dir="$DOTFILES_GIT_DIR" --work-tree="$HOME" submodule set-url ".config/nvim" https://labs.scarif.space/chris/nvim.git ${pkgs.git}/bin/git --git-dir="$DOTFILES_GIT_DIR" --work-tree="$HOME" submodule update --init || true ${pkgs.git}/bin/git --git-dir="$DOTFILES_GIT_DIR" --work-tree="$HOME" submodule set-url ".config/nvim" git@labs.scarif.space:chris/nvim.git cd "$HOME" echo "Cleanup" ${pkgs.coreutils}/bin/rm -rf "$TEMP_DIR" # Add test file with timestamp ${pkgs.coreutils}/bin/touch "$HOME/.bootstrap-success-$(date +%s)" echo "Dotfiles bootstrapped successfully." ''; packages = with pkgs; [ # jetbrains.rider # android-studio # beekeeper-studio # brave # discord # spotify # go # lua # nodePackages.pnpm # (python3.withPackages (python-pkgs: [ python-pkgs.pip python-pkgs.requests ])) # rustup # zig # obsidian # thunderbird # libreoffice-qt # pkgs-unstable.nerd-fonts.fira-code # hunspell # blueberry # steam # steam-run # viewnior # pkgs-unstable.hyprshot # catppuccin-cursors.macchiatoBlue # catppuccin-gtk # papirus-folders # pkgs-unstable.php84Packages.composer # pkgs-unstable.php84Packages.xdebug # pkgs-unstable.php84Extensions.sqlite3 # pkgs-unstable.php84Extensions.redis # pkgs-unstable.php84Extensions.sodium # pkgs-unstable.php84Extensions.pgsql # pkgs-unstable.php84Extensions.iconv # pkgs-unstable.php84Extensions.gd # pkgs-unstable.php84Extensions.zip # php # antigravity # gimp # kdePackages.dolphin enpass enpass-cli expressvpn # jellyfin-ffmpeg # inkscape # krita # libreoffice-fresh # nextcloud-client # nodejs_24 # signal-desktop # sxiv # tenacity # unzip zathura ghostty yarn uwsm # wally-cli # kdePackages.wacomtablet # kdePackages.print-manager # mpv # vlc # telegram-desktop ]; }; programs = let lock-false = { Value = false; Status = "locked"; }; lock-true = { Value = true; Status = "locked"; }; in { firefox = { enable = true; package = pkgs.wrapFirefox pkgs.firefox-unwrapped { extraPolicies = { DisableTelemetry = true; DisableFirefoxStudies = true; EnableTrackingProtection = { Value= true; Locked = true; Cryptomining = true; Fingerprinting = true; }; DisablePocket = true; DisableFirefoxAccounts = true; DisableAccounts = true; DisableFirefoxScreenshots = true; OverrideFirstRunPage = ""; OverridePostUpdatePage = ""; DontCheckDefaultBrowser = true; DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab" DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on" SearchBar = "unified"; # alternative: "separate" /* ---- EXTENSIONS ---- */ ExtensionSettings = { "*".installation_mode = "allowed"; # blocks all addons except the ones specified below # Enpass "firefox-enpass@enpass.io" = { install_url = "https://dl.enpass.io/stable/extensions/firefox/versions/v6.11.10.2/enpass_password_manager-6.11.10.2.xpi"; installation_mode = "force_installed"; }; }; /* ---- PREFERENCES ---- */ # Set preferences shared by all profiles. Preferences = { "browser.contentblocking.category" = { Value = "strict"; Status = "locked"; }; "extensions.pocket.enabled" = lock-false; "extensions.screenshots.disabled" = lock-true; "browser.topsites.contile.enabled" = lock-false; "browser.formfill.enable" = lock-false; "browser.search.suggest.enabled" = lock-false; "browser.search.suggest.enabled.private" = lock-false; "browser.urlbar.suggest.searches" = lock-false; "browser.urlbar.showSearchSuggestionsFirst" = lock-false; "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; "browser.newtabpage.activity-stream.showSponsored" = lock-false; "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; }; }; }; }; }; nixpkgs = { config = { allowUnfree = true; allowUnfreePredicate = (_: true); permittedInsecurePackages = [ "electron-25.9.0" # Obsidian "beekeeper-studio-5.3.4" ]; }; }; }; extraSpecialArgs = { inherit inputs; }; }; } ]; }; }; # Standalone home-manager configuration entrypoint #homeConfigurations = { # chris = home-manager.lib.homeManagerConfiguration { # inherit pkgs; # extraSpecialArgs = { # inherit inputs; # }; # modules = [ # ./home # ]; # }; #}; }; }