nixconfigs/nixos/configuration.nix

307 lines
8.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }:
let
unstable = inputs.nixos-unstable;
localfork = import /home/spiollinux/src/nixpkgs { };
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./packages.nix
];
services.davfs2.enable = true;
# try newer kernels
#boot.kernelPackages = pkgs.linuxPackages_latest;
services.fstrim.enable = true;
services.btrfs.autoScrub =
{
enable = true;
fileSystems = [ "/" "/home" ];
};
# exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
zramSwap =
{
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
boot.loader.efi.canTouchEfiVariables = true;
# UEFI secure boot
environment.systemPackages = [
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# make the boot look good
boot.plymouth.enable = true;
networking.hostName = "thinknix";
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# configure console
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
# Select internationalisation properties.
i18n = {
defaultLocale = "de_DE.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.wireshark =
{
enable = true;
package = pkgs.wireshark;
};
programs.adb.enable = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
programs.ssh.startAgent = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.networkmanager.enable = true;
services.avahi.enable = true;
# Enable CUPS to print documents.
services.printing =
{
enable = true;
drivers = [ pkgs.hplip ];
};
# scanners
hardware.sane =
{
enable = true;
extraBackends = [ pkgs.hplip ];
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio = {
enable = true;
# decouple pulseaudio application and sink volumes
daemon.config = { flat-volumes = "no"; };
# C3D2 hq music
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
};
# Bluetooth
hardware.bluetooth = {
enable = true;
settings.General.Disable = "Headset"; # disable headset profile
};
hardware.pulseaudio = {
package = pkgs.pulseaudioFull;
};
# Nitrokey support
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
services.xserver.libinput.enable = true;
# while libinput also supports graphic tablets, enable more-specific wacom driver
services.xserver.wacom.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# dconf required for several Gnome applications like Cawbird
programs.dconf.enable = true;
# Flatpak support
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
# Define a user account. Don't forget to set a password with passwd.
users.users.spiollinux = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ];
shell = pkgs.zsh;
};
# enable virtualbox support
virtualisation.virtualbox.host = {
enable = true;
#enableExtensionPack = true;
};
# allow PUEL license
nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
users.extraGroups.vboxusers.members = [ "spiollinux" ];
programs.zsh =
{
enable = true;
autosuggestions.enable = true;
};
# profile sync daemon
services.psd.enable = true;
services.smartd =
{
enable = true;
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
};
# block certain sites to prevent procrastination
systemd.services.procrastinationstop = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf ${pkgs.writeText "blockedHosts" ''
127.0.0.1 localhost
::1 localhost
127.0.0.2 ${config.networking.hostName}
::1 ${config.networking.hostName}
::1 twitter.com
127.0.0.1 twitter.com
::1 api.twitter.com
127.0.0.1 api.twitter.com
::1 toot.matereal.eu
127.0.0.1 toot.matereal.eu
::1 tagesschau.de
127.0.0.1 tagesschau.de
::1 dnn.de
127.0.0.1 www.dnn.de
::1 www.dnn.de
127.0.0.1 dnn.de
''} /etc/hosts
'';
};
systemd.services.procrastinationstart = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf /etc/static/hosts /etc/hosts
'';
};
fonts = {
fontDir.enable = true;
fontconfig.enable = true;
fontconfig.includeUserConf = true;
};
# Enable all sysrq functions (useful to recover from some issues):
boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)
nix = {
# expose all flake inputs through nix Path and registry
registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // {
nixpkgs.flake = inputs.nixpkgs;
};
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# keep build-time deps around for offline-rebuilding
settings = {
# keep around all inputs necessary for offline-rebuilding the system
keep-outputs = true;
keep-derivations = true;
trusted-users = [ "spiollinux" ];
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
# use all cores for building
cores = 0;
};
};
# override tmpdir for daemon
#systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
# remote builders
#nix.buildMachines = [
# {
# hostName = "build01.nix-community.org";
# sshUser = "ssh-ng://schmittlauch";
# sshKey = "/root/.ssh/remote_builder_key";
# system = "x86_64-linux";
# maxJobs = 64;
# supportedFeatures = [
# "big-parallel"
# "kvm"
# "nixos-test"
# ];
# }
#];
programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
# package debugging
# programs.sysdig.enable = true;
# declarative containers
containers = {
# hash2PubSim = import ./Hash2PubTestbed.nix
# {
# inherit pkgs config;
# experimentUid = config.users.users.spiollinux.uid;
# projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
# };
};
# stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}