nixconfigs/nixos/configuration.nix

281 lines
7.3 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { };
localfork = import /home/spiollinux/src/nixpkgs { };
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./packages.nix
];
services.davfs2.enable = true;
# try newer kernels
#boot.kernelPackages = pkgs.linuxPackages_latest;
# use old kernel because 5.4 and 5.5 might be buggy with intel graphics
#boot.kernelPackages = pkgs.linuxPackages_4_19;
services.fstrim.enable = true;
services.btrfs.autoScrub =
{
enable = true;
fileSystems = [ "/" "/home" ];
};
# exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
zramSwap =
{
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
# powermanagement
services.tlp =
{
enable = true;
settings = {
"SATA_LINKPWR_ON_BAT" = "medium_power";
"SATA_LINKPWR_ON_AC" = "max_performance";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# make the boot look good
boot.plymouth.enable = true;
networking.hostName = "thinknix";
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# configure console
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
# Select internationalisation properties.
i18n = {
defaultLocale = "de_DE.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.wireshark =
{
enable = true;
package = pkgs.wireshark;
};
programs.adb.enable = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
#programs.ssh.startAgent = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.networkmanager.enable = true;
services.avahi.enable = true;
# Enable CUPS to print documents.
services.printing =
{
enable = true;
drivers = [ pkgs.hplip ];
};
# scanners
hardware.sane =
{
enable = true;
extraBackends = [ pkgs.hplip ];
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio = {
enable = true;
# decouple pulseaudio application and sink volumes
daemon.config = { flat-volumes = "no"; };
# C3D2 hq music
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
};
# Bluetooth
hardware.bluetooth = {
enable = true;
settings.General.Disable = "Headset"; # disable headset profile
};
hardware.pulseaudio = {
package = pkgs.pulseaudioFull;
};
# Nitrokey support
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
services.xserver.libinput.enable = true;
# while libinput also supports graphic tablets, enable more-specific wacom driver
services.xserver.wacom.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# dconf required for several Gnome applications like Cawbird
programs.dconf.enable = true;
# Flatpak support
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
# Define a user account. Don't forget to set a password with passwd.
users.users.spiollinux = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ];
shell = pkgs.zsh;
};
# enable virtualbox support
virtualisation.virtualbox.host = {
enable = true;
#enableExtensionPack = true;
};
# allow PUEL license
nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
users.extraGroups.vboxusers.members = [ "spiollinux" ];
programs.zsh =
{
enable = true;
autosuggestions.enable = true;
};
# profile sync daemon
services.psd.enable = true;
services.smartd =
{
enable = true;
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
};
# block certain sites to prevent procrastination
systemd.services.procrastinationstop = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf ${pkgs.writeText "blockedHosts" ''
127.0.0.1 localhost
::1 localhost
127.0.0.2 ${config.networking.hostName}
::1 ${config.networking.hostName}
::1 twitter.com
127.0.0.1 twitter.com
::1 api.twitter.com
127.0.0.1 api.twitter.com
::1 toot.matereal.eu
127.0.0.1 toot.matereal.eu
::1 tagesschau.de
127.0.0.1 tagesschau.de
::1 dnn.de
127.0.0.1 www.dnn.de
::1 www.dnn.de
127.0.0.1 dnn.de
''} /etc/hosts
'';
};
systemd.services.procrastinationstart = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf /etc/static/hosts /etc/hosts
'';
};
fonts = {
fontDir.enable = true;
fontconfig.enable = true;
fontconfig.includeUserConf = true;
};
# Enable all sysrq functions (useful to recover from some issues):
boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)
# keep build-time deps around for offline-rebuilding
nix.extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
trusted-users = spiollinux
'';
# use all cores for building
nix.buildCores = 0;
# override tmpdir for daemon
#systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
# package debugging
# programs.sysdig.enable = true;
# declarative containers
containers = {
# hash2PubSim = import ./Hash2PubTestbed.nix
# {
# inherit pkgs config;
# experimentUid = config.users.users.spiollinux.uid;
# projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
# };
};
# stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}