schmittlauch
/
nixconfigs
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
nixconfigs/nixos/configuration.nix

300 lines
7.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { };
localfork = import /home/spiollinux/src/nixpkgs { };
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./packages.nix
];
services.davfs2.enable = true;
# try newer kernels
#boot.kernelPackages = pkgs.linuxPackages_latest;
# use old kernel because 5.4 and 5.5 might be buggy with intel graphics
#boot.kernelPackages = pkgs.linuxPackages_4_19;
services.fstrim.enable = true;
services.btrfs.autoScrub =
{
enable = true;
fileSystems = [ "/" "/home" ];
};
# exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
zramSwap =
{
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
# powermanagement
services.tlp =
{
enable = false;
settings = {
"SATA_LINKPWR_ON_BAT" = "medium_power";
"SATA_LINKPWR_ON_AC" = "max_performance";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# make the boot look good
boot.plymouth.enable = true;
networking.hostName = "thinknix";
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# configure console
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
# Select internationalisation properties.
i18n = {
defaultLocale = "de_DE.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.wireshark =
{
enable = true;
package = pkgs.wireshark;
};
programs.adb.enable = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
#programs.ssh.startAgent = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.networkmanager.enable = true;
services.avahi.enable = true;
# Enable CUPS to print documents.
services.printing =
{
enable = true;
drivers = [ pkgs.hplip ];
};
# scanners
hardware.sane =
{
enable = true;
extraBackends = [ pkgs.hplip ];
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio = {
enable = true;
# decouple pulseaudio application and sink volumes
daemon.config = { flat-volumes = "no"; };
# C3D2 hq music
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
};
# Bluetooth
hardware.bluetooth = {
enable = true;
settings.General.Disable = "Headset"; # disable headset profile
};
hardware.pulseaudio = {
package = pkgs.pulseaudioFull;
};
# Nitrokey support
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
services.xserver.libinput.enable = true;
# while libinput also supports graphic tablets, enable more-specific wacom driver
services.xserver.wacom.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# dconf required for several Gnome applications like Cawbird
programs.dconf.enable = true;
# Flatpak support
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
# Define a user account. Don't forget to set a password with passwd.
users.users.spiollinux = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ];
shell = pkgs.zsh;
};
# enable virtualbox support
virtualisation.virtualbox.host = {
enable = true;
#enableExtensionPack = true;
};
# allow PUEL license
nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
users.extraGroups.vboxusers.members = [ "spiollinux" ];
programs.zsh =
{
enable = true;
autosuggestions.enable = true;
};
# profile sync daemon
services.psd.enable = true;
services.smartd =
{
enable = true;
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
};
# block certain sites to prevent procrastination
systemd.services.procrastinationstop = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf ${pkgs.writeText "blockedHosts" ''
127.0.0.1 localhost
::1 localhost
127.0.0.2 ${config.networking.hostName}
::1 ${config.networking.hostName}
::1 twitter.com
127.0.0.1 twitter.com
::1 api.twitter.com
127.0.0.1 api.twitter.com
::1 toot.matereal.eu
127.0.0.1 toot.matereal.eu
::1 tagesschau.de
127.0.0.1 tagesschau.de
::1 dnn.de
127.0.0.1 www.dnn.de
::1 www.dnn.de
127.0.0.1 dnn.de
''} /etc/hosts
'';
};
systemd.services.procrastinationstart = {
serviceConfig.Type = "oneshot";
wantedBy = [ ];
script = ''
ln -sf /etc/static/hosts /etc/hosts
'';
};
fonts = {
fontDir.enable = true;
fontconfig.enable = true;
fontconfig.includeUserConf = true;
};
# Enable all sysrq functions (useful to recover from some issues):
boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)
# keep build-time deps around for offline-rebuilding
nix.settings = {
# keep around all inputs necessary for offline-rebuilding the system
keep-outputs = true;
keep-derivations = true;
trusted-users = [ "spiollinux" ];
experimental-features = [ "nix-command" "flakes" ];
# use all cores for building
cores = 0;
};
# override tmpdir for daemon
#systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
# remote builders
#nix.buildMachines = [
# {
# hostName = "build01.nix-community.org";
# sshUser = "ssh-ng://schmittlauch";
# sshKey = "/root/.ssh/remote_builder_key";
# system = "x86_64-linux";
# maxJobs = 64;
# supportedFeatures = [
# "big-parallel"
# "kvm"
# "nixos-test"
# ];
# }
#];
programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
# package debugging
# programs.sysdig.enable = true;
# declarative containers
containers = {
# hash2PubSim = import ./Hash2PubTestbed.nix
# {
# inherit pkgs config;
# experimentUid = config.users.users.spiollinux.uid;
# projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
# };
};
# stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink