2018-09-25 23:09:53 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
fsOptions = [ "noatime" "ssd" "space_cache" "compress=lzo" ];
|
|
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
imports =
|
|
|
|
|
[ # Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
./packages.nix
|
2018-12-03 01:37:46 +01:00
|
|
|
|
(builtins.fetchGit {
|
|
|
|
|
url = "https://github.com/NixOS/nixos-hardware";
|
2019-01-09 10:42:12 +01:00
|
|
|
|
rev = "a9033dcc5fc57b67bd30ec02a585c6054d14d67d";
|
2018-12-03 01:37:46 +01:00
|
|
|
|
} + "/lenovo/thinkpad/t440s")
|
2019-10-10 01:05:02 +02:00
|
|
|
|
# home manager integration
|
|
|
|
|
<home-manager/nixos>
|
2018-09-25 23:09:53 +02:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# encrypted partitions
|
|
|
|
|
boot.initrd.luks =
|
|
|
|
|
{ devices =
|
2018-10-12 11:08:52 +02:00
|
|
|
|
{ "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
|
|
|
|
|
"cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
|
2018-09-25 23:09:53 +02:00
|
|
|
|
};
|
2018-10-07 16:49:34 +02:00
|
|
|
|
reusePassphrases = true;
|
2018-09-25 23:09:53 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/".options = fsOptions ++ [ "subvol=nixos_root" ];
|
|
|
|
|
fileSystems."/home".options = fsOptions ++ [ "subvol=home" ];
|
2018-10-11 15:44:44 +02:00
|
|
|
|
boot.tmpOnTmpfs = true;
|
|
|
|
|
fileSystems."/tmp".fsType = "tmpfs";
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2019-01-09 12:16:33 +01:00
|
|
|
|
# try newer kernels
|
2019-06-18 17:00:59 +02:00
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
2019-01-09 12:16:33 +01:00
|
|
|
|
|
2018-09-25 23:09:53 +02:00
|
|
|
|
services.fstrim.enable = true;
|
2018-10-25 01:30:53 +02:00
|
|
|
|
services.btrfs.autoScrub =
|
2019-01-14 13:24:34 +01:00
|
|
|
|
{ enable = true;
|
|
|
|
|
fileSystems = [ "/" "/home" ];
|
|
|
|
|
};
|
2018-10-25 01:30:53 +02:00
|
|
|
|
|
2018-10-13 19:58:56 +02:00
|
|
|
|
# exfat support
|
2019-01-09 12:16:33 +01:00
|
|
|
|
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2018-10-22 23:49:39 +02:00
|
|
|
|
zramSwap =
|
2019-01-14 13:24:34 +01:00
|
|
|
|
{ enable = true;
|
|
|
|
|
memoryPercent = 20;
|
|
|
|
|
};
|
2018-10-22 23:49:39 +02:00
|
|
|
|
boot.kernel.sysctl."vm.swappiness" = 9;
|
|
|
|
|
|
2018-09-26 14:03:53 +02:00
|
|
|
|
# powermanagement
|
2018-10-11 15:44:44 +02:00
|
|
|
|
services.tlp =
|
|
|
|
|
{ enable = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
SATA_LINKPWR_ON_BAT=medium_power
|
|
|
|
|
SATA_LINKPWR_ON_AC=max_performance
|
|
|
|
|
'';
|
|
|
|
|
};
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
2019-04-08 13:06:20 +02:00
|
|
|
|
boot.kernelParams = [ "iwlwifi.fw_monitor=1" ]; # enable iwlwifi debugging
|
|
|
|
|
|
2018-09-25 23:09:53 +02:00
|
|
|
|
networking.hostName = "thinknix";
|
|
|
|
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n = {
|
|
|
|
|
consoleFont = "Lat2-Terminus16";
|
|
|
|
|
consoleKeyMap = "de";
|
|
|
|
|
defaultLocale = "de_DE.UTF-8";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
|
|
|
# started in user sessions.
|
|
|
|
|
programs.bash.enableCompletion = true;
|
|
|
|
|
# programs.mtr.enable = true;
|
|
|
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
|
|
|
|
|
|
|
|
# List services that you want to enable:
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
# services.openssh.enable = true;
|
2018-10-14 18:01:06 +02:00
|
|
|
|
|
|
|
|
|
programs.ssh.startAgent = true;
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
|
|
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
|
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
2019-01-09 12:16:29 +01:00
|
|
|
|
networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
|
|
|
|
networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # for KDE connect
|
2018-09-25 23:09:53 +02:00
|
|
|
|
# Or disable the firewall altogether.
|
|
|
|
|
# networking.firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
|
|
2018-10-03 23:48:19 +02:00
|
|
|
|
services.avahi.enable = true;
|
|
|
|
|
|
2018-09-25 23:09:53 +02:00
|
|
|
|
# Enable CUPS to print documents.
|
2018-09-26 15:20:59 +02:00
|
|
|
|
services.printing =
|
|
|
|
|
{ enable = true;
|
|
|
|
|
drivers = [ pkgs.hplip ];
|
|
|
|
|
};
|
|
|
|
|
# scanners
|
|
|
|
|
hardware.sane =
|
|
|
|
|
{ enable = true;
|
|
|
|
|
extraBackends = [ pkgs.hplip ];
|
|
|
|
|
};
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
|
|
|
|
# Enable sound.
|
|
|
|
|
sound.enable = true;
|
|
|
|
|
hardware.pulseaudio.enable = true;
|
2019-10-02 22:26:15 +02:00
|
|
|
|
# decouple pulseaudio application and sink volumes
|
|
|
|
|
hardware.pulseaudio.daemon.config = {flat-volumes = "no";};
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2018-09-26 15:24:25 +02:00
|
|
|
|
# Bluetooth
|
|
|
|
|
hardware.bluetooth.enable = true;
|
|
|
|
|
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
|
|
|
|
|
2018-09-25 23:09:53 +02:00
|
|
|
|
# Enable the X11 windowing system.
|
|
|
|
|
services.xserver.enable = true;
|
|
|
|
|
services.xserver.layout = "de";
|
|
|
|
|
services.xserver.xkbOptions = "eurosign:e";
|
|
|
|
|
|
2018-09-26 02:07:43 +02:00
|
|
|
|
services.xserver.videoDrivers = [ "modesetting" "intel" ];
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
|
|
|
|
# Enable touchpad support.
|
|
|
|
|
services.xserver.libinput.enable = true;
|
|
|
|
|
|
|
|
|
|
# Enable the KDE Desktop Environment.
|
|
|
|
|
services.xserver.displayManager.sddm.enable = true;
|
|
|
|
|
services.xserver.desktopManager.plasma5.enable = true;
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.extraUsers.spiollinux = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
uid = 1000;
|
2019-07-26 06:32:17 +02:00
|
|
|
|
extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" ];
|
2018-09-25 23:09:53 +02:00
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
|
};
|
2019-10-10 01:05:02 +02:00
|
|
|
|
#home-manager.users.spiollinux = import "${users.users.spiollinux.home}/nixconfigs/home/home.nix" { pkgs, ...};
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2018-11-11 13:23:57 +01:00
|
|
|
|
# wireshark noroot gropu
|
|
|
|
|
users.groups.wireshark.gid = 500;
|
|
|
|
|
security.wrappers.dumpcap = {
|
|
|
|
|
source = "${pkgs.wireshark}/bin/dumpcap";
|
|
|
|
|
permissions = "u+xs,g+x";
|
|
|
|
|
owner = "root";
|
|
|
|
|
group = "wireshark";
|
|
|
|
|
};
|
|
|
|
|
|
2018-09-26 02:07:43 +02:00
|
|
|
|
programs.zsh =
|
|
|
|
|
{ enable = true;
|
2018-10-07 16:49:34 +02:00
|
|
|
|
autosuggestions.enable = true;
|
2018-09-26 02:07:43 +02:00
|
|
|
|
};
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2019-04-12 11:44:49 +02:00
|
|
|
|
services.psd.enable = true;
|
2018-10-13 22:11:30 +02:00
|
|
|
|
|
2018-09-26 15:16:04 +02:00
|
|
|
|
services.smartd =
|
|
|
|
|
{ enable = true;
|
|
|
|
|
devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; } ];
|
|
|
|
|
};
|
|
|
|
|
|
2018-10-31 00:20:14 +01:00
|
|
|
|
|
|
|
|
|
fonts = {
|
|
|
|
|
enableFontDir = true;
|
|
|
|
|
fontconfig.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2018-10-13 19:56:31 +02:00
|
|
|
|
# fix nix-env memory issues
|
|
|
|
|
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
|
|
|
|
# keep build-time deps around for offline-rebuilding
|
|
|
|
|
nix.extraOptions = ''
|
|
|
|
|
gc-keep-outputs = true
|
|
|
|
|
gc-keep-derivations = true
|
|
|
|
|
'';
|
2018-10-22 23:49:39 +02:00
|
|
|
|
# use all cores for building
|
|
|
|
|
nix.buildCores = 0;
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
2019-10-02 22:26:15 +02:00
|
|
|
|
# package debugging
|
|
|
|
|
programs.sysdig.enable = true;
|
|
|
|
|
|
2018-09-25 23:09:53 +02:00
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
2018-10-12 11:08:52 +02:00
|
|
|
|
system.stateVersion = "18.09"; # Did you read the comment?
|
2018-09-25 23:09:53 +02:00
|
|
|
|
|
|
|
|
|
}
|