nixconfigs/nixos/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  fsOptions = [ "noatime" "ssd" "space_cache" "compress=lzo" ];

in {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./packages.nix
      (builtins.fetchGit {
        url = "https://github.com/NixOS/nixos-hardware";
        rev = "a9033dcc5fc57b67bd30ec02a585c6054d14d67d";
      } + "/lenovo/thinkpad/t440s")
    ];

  # encrypted partitions
  boot.initrd.luks = 
    { devices =
      { "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
        "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
      };
      reusePassphrases = true;
    };

  fileSystems."/".options = fsOptions ++ [ "subvol=nixos_root" ];
  fileSystems."/home".options = fsOptions ++ [ "subvol=home" ];
  boot.tmpOnTmpfs = true;
  fileSystems."/tmp".fsType = "tmpfs";

  # try newer kernels
  boot.kernelPackages = pkgs.linuxPackages_latest;

  services.fstrim.enable = true;
  services.btrfs.autoScrub =
	{ enable = true;
	  fileSystems = [ "/" "/home" ];
	};

  # exfat support
  #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

  zramSwap = 
	{ enable = true;
	  memoryPercent = 20;
	};
  boot.kernel.sysctl."vm.swappiness" = 9;

  # powermanagement
  services.tlp = 
    { enable = true;
      extraConfig = ''
      SATA_LINKPWR_ON_BAT=medium_power
      SATA_LINKPWR_ON_AC=max_performance
      '';
    };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "thinknix";
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Select internationalisation properties.
  i18n = {
    consoleFont = "Lat2-Terminus16";
    consoleKeyMap = "de";
    defaultLocale = "de_DE.UTF-8";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;
  
  programs.ssh.startAgent = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
  networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # for KDE connect
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  
  networking.networkmanager.enable = true;

  services.avahi.enable = true;

  # Enable CUPS to print documents.
  services.printing = 
    { enable = true;
      drivers = [ pkgs.hplip ];
    };
  # scanners
  hardware.sane = 
    { enable = true;
      extraBackends = [ pkgs.hplip ];
    };

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = true;

  # Bluetooth
  hardware.bluetooth.enable = true;
  hardware.pulseaudio.package = pkgs.pulseaudioFull;

  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.layout = "de";
  services.xserver.xkbOptions = "eurosign:e";

  services.xserver.videoDrivers = [ "modesetting" "intel" ];

  # Enable touchpad support.
  services.xserver.libinput.enable = true;

  # Enable the KDE Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.extraUsers.spiollinux = {
    isNormalUser = true;
    uid = 1000;
    extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark"];
    shell = pkgs.zsh;
  };

  # wireshark noroot gropu
  users.groups.wireshark.gid = 500;
  security.wrappers.dumpcap = {
    source = "${pkgs.wireshark}/bin/dumpcap";
    permissions = "u+xs,g+x";
    owner = "root";
    group = "wireshark";
};

  programs.zsh = 
    { enable = true;
      autosuggestions.enable = true;
    };

  services.psd =
    { enable = true;
	  users = ["spiollinux"];
	};

  services.smartd =
    {  enable = true;
       devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; } ];
    };


    fonts = {
      enableFontDir = true;
      fontconfig.enable = true;
    };

  # fix nix-env memory issues
  boot.kernel.sysctl."vm.overcommit_memory" = "1";
  # keep build-time deps around for offline-rebuilding
  nix.extraOptions = ''
    gc-keep-outputs = true
    gc-keep-derivations = true
  '';
  # use all cores for building
  nix.buildCores = 0;

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "18.09"; # Did you read the comment?

}