# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: let fsOptions = [ "noatime" "ssd" "space_cache" "compress=lzo" ]; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./packages.nix (builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware"; rev = "c0182a06982f82a47356c91d78d80d2af29bd7f1"; } + "/lenovo/thinkpad/t440s") # home manager integration ]; # encrypted partitions boot.initrd.luks = { devices = { "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; }; reusePassphrases = true; }; fileSystems."/".options = fsOptions ++ [ "subvol=nixos_root" ]; fileSystems."/home".options = fsOptions ++ [ "subvol=home" ]; boot.tmpOnTmpfs = true; fileSystems."/tmp".fsType = "tmpfs"; services.davfs2.enable = true; # try newer kernels boot.kernelPackages = pkgs.linuxPackages_latest; services.fstrim.enable = true; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; }; # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; zramSwap = { enable = true; memoryPercent = 20; }; boot.kernel.sysctl."vm.swappiness" = 9; # powermanagement services.tlp = { enable = true; extraConfig = '' SATA_LINKPWR_ON_BAT=medium_power SATA_LINKPWR_ON_AC=max_performance ''; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelParams = [ "iwlwifi.fw_monitor=1" ]; # enable iwlwifi debugging networking.hostName = "thinknix"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. i18n = { consoleFont = "Lat2-Terminus16"; consoleKeyMap = "de"; defaultLocale = "de_DE.UTF-8"; }; # Set your time zone. time.timeZone = "Europe/Berlin"; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.bash.enableCompletion = true; # programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; programs.ssh.startAgent = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # for KDE connect # Or disable the firewall altogether. # networking.firewall.enable = false; networking.networkmanager.enable = true; services.avahi.enable = true; # Enable CUPS to print documents. services.printing = { enable = true; drivers = [ pkgs.hplip ]; }; # scanners hardware.sane = { enable = true; extraBackends = [ pkgs.hplip ]; }; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # decouple pulseaudio application and sink volumes hardware.pulseaudio.daemon.config = {flat-volumes = "no";}; # Bluetooth hardware.bluetooth.enable = true; hardware.pulseaudio.package = pkgs.pulseaudioFull; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; services.xserver.videoDrivers = [ "modesetting" "intel" ]; # Enable touchpad support. services.xserver.libinput.enable = true; # Enable the KDE Desktop Environment. services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.extraUsers.spiollinux = { isNormalUser = true; uid = 1000; extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" ]; shell = pkgs.zsh; }; #home-manager.users.spiollinux = import "${users.users.spiollinux.home}/nixconfigs/home/home.nix" { pkgs, ...}; # wireshark noroot gropu users.groups.wireshark.gid = 500; security.wrappers.dumpcap = { source = "${pkgs.wireshark}/bin/dumpcap"; permissions = "u+xs,g+x"; owner = "root"; group = "wireshark"; }; programs.zsh = { enable = true; autosuggestions.enable = true; }; services.psd.enable = true; services.smartd = { enable = true; devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; } ]; }; fonts = { enableFontDir = true; fontconfig.enable = true; }; # fix nix-env memory issues boot.kernel.sysctl."vm.overcommit_memory" = "1"; # keep build-time deps around for offline-rebuilding nix.extraOptions = '' gc-keep-outputs = true gc-keep-derivations = true trusted-users = spiollinux ''; # use all cores for building nix.buildCores = 0; # package debugging programs.sysdig.enable = true; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "18.09"; # Did you read the comment? }