dotfiles/entropy/nixos/configuration.nix

431 lines
11 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, unstable, lib, ... }:
#let
# use unstable nixpkgs for some specific packages that are still in-dev:
# sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable
# sudo nix-channel --update
#unstable = import <nixos-unstable> { config = config.nixpkgs.config; };
#in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Hardware support for Moonlander & U2F
./modules/hardware.nix
# Network & VPN configuration
./modules/networking.nix
./modules/audio.nix
./modules/video.nix
#./modules/v4l2loopback.nix
./modules/virtualisation.nix
# Desktop configuration
./modules/sway.nix
./modules/kde.nix
# old i3 compositor
# ./modules/i3.nix
./modules/printing.nix
./modules/backup.nix
# include and configure R
./modules/r.nix
# python with modules
./modules/python.nix
];
# OVERRIDES ##########################################################
nixpkgs.config.permittedInsecurePackages = [
#"electron-25.9.0"
#"freeimage-unstable-2021-11-01"
];
# set up LUKS discovery
boot.initrd.luks.devices.cryptlvm.device = "/dev/disk/by-uuid/f382cd01-9048-4b1b-8a73-48e1f61e6c08";
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# NOTE(feliix42): Didn't work as I wanted it to so...
# boot.plymouth = {
# enable = true;
# theme = "breeze";
# };
# ------------ kernel -------------------------------------------------------
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_11;
services.fwupd.enable = true;
# ------------ time, location & input ---------------------------------------
# Set your time zone.
time.timeZone = "Europe/Berlin"; # "US/Pacific";
# time.timeZone = "America/New_York";
# geoclue2 does not yield a location at home, so I'll make the manual configuration the default
# location.provider = "geoclue2";
location.provider = "manual";
# using the location of the cafe ascii should be good enough
location.latitude = 51.0250869;
location.longitude = 13.7210005;
# RIT
# location.latitude = 43.084902;
# location.longitude = -77.678352;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
#font = "Lat2-Terminus16";
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
keyMap = pkgs.lib.mkForce "uk";
};
# use the xkb-config from the X server
console.useXkbConfig = true;
# Configure keymap in X11
services.xserver.xkb.layout = "gb";
services.xserver.xkb.options = "eurosign:e,ctrl:nocaps,compose:ralt";
# enable touchpad support
services.libinput.enable = true;
# ------------ Nix Config ---------------------------------------------------
nix = {
package = pkgs.nixVersions.stable;
# the builders-use-substitutes is optional; useful when the builder has a faster internet connection than yours
extraOptions = ''
experimental-features = nix-command flakes
builders-use-substitutes = true
'';
buildMachines = [{
# hostName = "ada";
hostName = "141.30.52.34";
sshUser = "builder";
system = "x86_64-linux";
# if the builder supports building for multiple architectures,
# replace the previous line by, e.g.,
# systems = ["x86_64-linux" "aarch64-linux"];
maxJobs = 2;
speedFactor = 2;
supportedFeatures = [ "big-parallel" "kvm" ];
mandatoryFeatures = [ ];
# base64 -w0 /etc/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlTcFY3cVJUZEdXVlpYNFlITnFYZXBYNjZUK0U1dGdCbnAwTlJOTmtKbzcgcm9vdEBhZGEK";
sshKey = "/home/felix/.ssh/id_ed25519";
# }
# {
# hostName = "elm";
# sshUser = "builder";
# system = "x86_64-linux";
# # if the builder supports building for multiple architectures,
# # replace the previous line by, e.g.,
# # systems = ["x86_64-linux" "aarch64-linux"];
# maxJobs = 1;
# speedFactor = 1;
# supportedFeatures = [ "big-parallel" "kvm" ];
# mandatoryFeatures = [ ];
# publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNXTk9oL3ozQjZmSXRGd2lTenlqeDBUTnIveUl6bHNsazdEeEtNcE5sdmwgcm9vdEBlbG0K";
# sshKey = "/home/felix/.ssh/id_ed25519";
}] ;
distributedBuilds = true;
settings.trusted-users = [
"root"
"@wheel"
];
};
# ------------ security -----------------------------------------------------
# Define a user account. Don't forget to set a password with passwd.
users.users.felix = {
createHome = true;
isNormalUser = true;
extraGroups = [ "wheel" "video" "audio" "dialout" ]; # wheel: Enable sudo for the user.
group = "users";
home = "/home/felix";
shell = pkgs.fish;
};
# allow user felix to run openconnect without password
security.sudo.extraRules = [
{
users = [ "felix" ];
commands = [
{ command = "${pkgs.openconnect}/bin/openconnect"; options = [ "NOPASSWD" ]; }
];
}
];
security.pam.u2f = {
enable = true;
settings.cue = true;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = lib.mkForce pkgs.pinentry-curses;
};
# ------------ programs -----------------------------------------------------
programs.fish.enable = true;
# programs.vim.defaultEditor = true;
programs.neovim = {
enable = true;
defaultEditor = true;
};
programs.ssh.setXAuthLocation = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
};
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
};
programs.mosh.enable = true;
programs.nix-index = {
enable = true;
enableZshIntegration = true;
enableBashIntegration = true;
enableFishIntegration = true;
};
programs.command-not-found.enable = false;
# List of packages installed in system profile.
environment.systemPackages = with pkgs; [
## basic command line tooling
wget
w3m
htop
btop
bat
lsd
unstable.eza
ripgrep
fzf
tokei
vim
#sshfs
ncdu
tldr
unzip
bind
inetutils
usbutils
moreutils
file
#tmux
zellij
libqalculate
## xdg-open
xdg-utils
## shell extras
nushell
## password management
pass
## admin foo
ansible
## mail
isync
msmtp
neomutt urlscan
notmuch
aspell # spell checking in mail
thunderbird
## Rust
rustup
cargo-flamegraph
cargo-watch
unstable.rust-analyzer
helix
## other programming languages and compilers
stack
unstable.haskell-language-server
gcc
binutils-unwrapped
gnumake
cmake
ninja
gdb
ccls
# valgrind
# heaptrack
## nix-community/comma
comma
nix-output-monitor
nil
# provided by my own overlay
mlir
circt
llvmPackages_18.clang
llvmPackages_18.lldb
llvmPackages_18.libcxx
#llvmPackages_18.libcxxabi
llvmPackages_18.libllvm
llvmPackages_18.llvm-manpages
llvmPackages_18.openmp
llvmPackages_18.bintools
clang-tools_18
lit
## I heard you like man pages?
man-pages
## git and friends
gitAndTools.delta
gitAndTools.gitui
difftastic
## terminal, browsers, text editing, note taking
alacritty
wezterm
nautilus
# TODO(feliix42): Fix at some point!
# unstable.vscode.fhs
tree-sitter # for NVIM completions
ghostwriter
unstable.obsidian
## file managers
# lol
## file sharing
nextcloud-client
## document viewers
pdfpc
zathura
## image manipulation
# gimp
inkscape
libheif
imagemagick
## LaTeX
texlive.combined.scheme-full
## Citation management
zotero
## the eternal pain continues
libreoffice-fresh
## video and media applications
zoom-us
spotify
mpv
ffmpeg-full
musikcube
playerctl
## messenger
slack
tdesktop
signal-desktop
## networking
openconnect
];
services.dbus.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-kde
xdg-desktop-portal-gtk
];
wlr = {
enable = true;
settings = {
screencast = {
output_name = "eDP-1";
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
};
# install fonts
fonts.packages = with pkgs; [
font-awesome
fira
fira-code
fira-code-symbols
iosevka
roboto
roboto-mono
roboto-slab
open-sans
overpass
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.hack
nerd-fonts.sauce-code-pro
nerd-fonts.roboto-mono
nerd-fonts.iosevka
nerd-fonts.iosevka-term
];
# periodic automated mail fetching
systemd.user.services.mbsync = {
description = "Automated mail fetch and tagging";
serviceConfig = {
Type = "oneshot";
};
path = with pkgs; [ bash isync notmuch ];
script = "mbsync -a";
postStop = "/home/felix/.config/neomutt/notmuch-hook.sh";
};
systemd.user.timers.mbsync = {
description = "Automated mail fetch and processing";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10m";
OnUnitInactiveSec = "10m";
};
};
# systemd.user.services.mailfetch = {
# enable = true;
# description = "Automatically fetches new mails.";
# wantedBy = [ "graphical-session.target" ];
# after = [ "graphical-session.target" ];
# serviceConfig = {
# Restart = "always";
# RestartSec = "60";
# };
# path = with pkgs; [ bash notmuch isync ];
# script = ''
# mbsync -a && /home/felix/.config/neomutt/notmuch-hook.sh
# '';
# };
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}