# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, inputs, ... }: let unstable = inputs.nixos-unstable; localfork = import /home/spiollinux/src/nixpkgs { }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./packages.nix ]; services.davfs2.enable = true; # try newer kernels #boot.kernelPackages = pkgs.linuxPackages_latest; services.fstrim.enable = true; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; }; # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; zramSwap = { enable = true; memoryPercent = 20; }; boot.kernel.sysctl."vm.swappiness" = 9; boot.loader.efi.canTouchEfiVariables = true; # UEFI secure boot environment.systemPackages = [ pkgs.sbctl ]; # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false # for now. boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; }; # make the boot look good boot.plymouth.enable = true; networking.hostName = "thinknix"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # configure console console = { font = "Lat2-Terminus16"; keyMap = "de"; }; # Select internationalisation properties. i18n = { defaultLocale = "de_DE.UTF-8"; }; # Set your time zone. time.timeZone = "Europe/Berlin"; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.bash.enableCompletion = true; programs.wireshark = { enable = true; package = pkgs.wireshark; }; programs.adb.enable = true; # programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; programs.ssh.startAgent = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect # Or disable the firewall altogether. # networking.firewall.enable = false; networking.networkmanager.enable = true; services.avahi.enable = true; # Enable CUPS to print documents. services.printing = { enable = true; drivers = [ pkgs.hplip ]; }; # scanners hardware.sane = { enable = true; extraBackends = [ pkgs.hplip ]; }; # Enable sound. sound.enable = true; hardware.pulseaudio = { enable = true; # decouple pulseaudio application and sink volumes daemon.config = { flat-volumes = "no"; }; # C3D2 hq music zeroconf.discovery.enable = true; zeroconf.publish.enable = true; }; # Bluetooth hardware.bluetooth = { enable = true; settings.General.Disable = "Headset"; # disable headset profile }; hardware.pulseaudio = { package = pkgs.pulseaudioFull; }; # Nitrokey support services.udev.packages = [ pkgs.nitrokey-udev-rules ]; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. services.xserver.libinput.enable = true; # while libinput also supports graphic tablets, enable more-specific wacom driver services.xserver.wacom.enable = true; # Enable the KDE Desktop Environment. services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; # dconf required for several Gnome applications like Cawbird programs.dconf.enable = true; # Flatpak support services.flatpak.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.spiollinux = { isNormalUser = true; uid = 1000; extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ]; shell = pkgs.zsh; }; # enable virtualbox support virtualisation.virtualbox.host = { enable = true; #enableExtensionPack = true; }; # allow PUEL license nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ]; users.extraGroups.vboxusers.members = [ "spiollinux" ]; programs.zsh = { enable = true; autosuggestions.enable = true; }; # profile sync daemon services.psd.enable = true; services.smartd = { enable = true; devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; }; # block certain sites to prevent procrastination systemd.services.procrastinationstop = { serviceConfig.Type = "oneshot"; wantedBy = [ ]; script = '' ln -sf ${pkgs.writeText "blockedHosts" '' 127.0.0.1 localhost ::1 localhost 127.0.0.2 ${config.networking.hostName} ::1 ${config.networking.hostName} ::1 twitter.com 127.0.0.1 twitter.com ::1 api.twitter.com 127.0.0.1 api.twitter.com ::1 toot.matereal.eu 127.0.0.1 toot.matereal.eu ::1 tagesschau.de 127.0.0.1 tagesschau.de ::1 dnn.de 127.0.0.1 www.dnn.de ::1 www.dnn.de 127.0.0.1 dnn.de ''} /etc/hosts ''; }; systemd.services.procrastinationstart = { serviceConfig.Type = "oneshot"; wantedBy = [ ]; script = '' ln -sf /etc/static/hosts /etc/hosts ''; }; fonts = { fontDir.enable = true; fontconfig.enable = true; fontconfig.includeUserConf = true; }; # Enable all sysrq functions (useful to recover from some issues): boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command) nix = { # expose all flake inputs through nix Path and registry registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // { nixpkgs.flake = inputs.nixpkgs; }; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; # keep build-time deps around for offline-rebuilding settings = { # keep around all inputs necessary for offline-rebuilding the system keep-outputs = true; keep-derivations = true; trusted-users = [ "spiollinux" ]; experimental-features = [ "nix-command" "flakes" "repl-flake" ]; # use all cores for building cores = 0; }; }; # override tmpdir for daemon #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp"; # remote builders #nix.buildMachines = [ # { # hostName = "build01.nix-community.org"; # sshUser = "ssh-ng://schmittlauch"; # sshKey = "/root/.ssh/remote_builder_key"; # system = "x86_64-linux"; # maxJobs = 64; # supportedFeatures = [ # "big-parallel" # "kvm" # "nixos-test" # ]; # } #]; programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H"; # package debugging # programs.sysdig.enable = true; # declarative containers containers = { # hash2PubSim = import ./Hash2PubTestbed.nix # { # inherit pkgs config; # experimentUid = config.users.users.spiollinux.uid; # projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW"; # }; }; # stop NetworkManager from managing virtual interfaces networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "18.09"; # Did you read the comment? }