wayne/system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
7aad0e3876
system/configuration.nix

525 lines
17 KiB
Nix
Raw Normal View History

Initial Commit
2024-10-14 17:28:31 -04:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ lib, config, pkgs, zen-browser, hyprland, inputs, ... }:
let
unstable = import <nixpkgs> {
overlays = pkgs.overlays;
};
# flake-compat = builtins.fetchTarball "https://github.com/edolstra/flake-compat/archive/master.tar.gz";
# hyprland = (import flake-compat {
# src = builtins.fetchTarball "https://github.com/hyprwm/Hyprland/archive/main.tar.gz";
# sha256 = "qY6zh8gdgioEgCDOgT+SnK9QZ3OtGi+eXqqzcsYWKe8=";
# }).defaultNix;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "launchpad"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.extraHosts = ''
192.168.12.20 router.local
192.168.12.21 switch.local
192.168.12.25 dhcpd.local
192.168.12.40 launchpad.local
192.168.12.41 xeon.local
192.168.12.80 robo.local
192.168.12.81 nas.local
192.168.12.83 homeassistant.local
192.168.12.60 toons.local
45.58.52.52 www
172.245.111.249 est
216.189.156.74 mail
'';
networking.interfaces.enp4s0.ipv4.addresses = [ {
address = "192.168.12.40";
prefixLength = 24;
} ];
networking.defaultGateway = "192.168.12.20";
networking.nameservers = [ "192.168.12.25" ];
networking.firewall = {
allowedTCPPortRanges = [ { from = 35000; to = 36000; } { from = 5000; to = 6000; } { from = 8000; to = 9000; } ];
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
};
# Enable networking
networking.networkmanager.enable = true;
fileSystems."/mnt/share/Music" = {
device = "//nas.local/Music";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable the X11 windowing system.
# You can disable this if you're only using the Wayland session.
services.xserver = {
enable = false;
xkb = {
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
};
hardware.opengl = { # Renamed hardware.graphics
enable = true; # Renamed
package = pkgs.mesa.drivers; # Renamed
# 32bit Support
driSupport32Bit = true; # Renamed
# package32 = pkgsi686Linux.mesa.drivers;
};
# hardware.graphics = { # Only in unstable
# enable = true;
# package = pkgs.mesa.drivers;
# enable32Bit = true;
# };
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# xdg.portal = {
# enable = false;
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# extraPortals = [ inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland pkgs.kdePackages.xdg-desktop-portal-kde ];
# };
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
autoNumlock = true;
enableHidpi = true;
settings = {
X11 = {
MinimumVT = 7;
DisplayCommand="/etc/sddm/Xsetup";
};
};
wayland = {
enable = true;
};
};
# services.pentablet.enable = true;
# environment.etc."ssdm.conf.d/10-wayland.conf".text = ''
# [General]
# DisplayServer=wayland
# GreeterEnvironment=QT_WAYLAND_SHELL_INTEGRATION=layer-shell
# [Wayland]
# CompositorCommand=kwin_wayland --drm --no-lockscreen --no-global-shortcuts --locale1
# '';
# environment.etc."sddm/Xsetup".text = ''
# #!/usr/bin/env bash
# xrandr --output DP-5 --auto --primary
# xrandr --output DP-4 --left-of DP-5 --noprimary
# xrandr --output DP-2 --right-of DP-5 --rotate left --noprimary
# '';
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.SDDM_INITIAL_VT = "VT 7";
services.desktopManager.plasma6.enable = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
# package = pkgs.hyprland;
# package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
# portalPackage = pkgs.xdg-desktop-portal-hyprland;
# portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
# programs.uwsm = {
# enable = true; # You must configure waylandCompositors suboptions
# waylandCompositors = {
# hyprland = {
# prettyName = "Hyprland";
# comment = "Hyprland compositor managed by UWSM";
# binPath = "/run/current-system/sw/bin/Hyprland";
# };
# };
# };
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function (action, subject) {
if (
subject.isInGroup("users") &&
[
"org.freedesktop.login1.reboot",
"org.freedesktop.login1.reboot-multiple-sessions",
"org.freedesktop.login1.power-off",
"org.freedesktop.login1.power-off-multiple-sessions",
].indexOf(action.id) !== -1
) {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
var YES = polkit.Result.YES;
var permission = {
// required for udisks1:
"org.freedesktop.udisks.filesystem-mount": YES,
"org.freedesktop.udisks.luks-unlock": YES,
"org.freedesktop.udisks.drive-eject": YES,
"org.freedesktop.udisks.drive-detach": YES,
// required for udisks2:
"org.freedesktop.udisks2.filesystem-mount": YES,
"org.freedesktop.udisks2.encrypted-unlock": YES,
"org.freedesktop.udisks2.eject-media": YES,
"org.freedesktop.udisks2.power-off-drive": YES,
// required for udisks2 if using udiskie from another seat (e.g. systemd):
"org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
"org.freedesktop.udisks2.filesystem-unmount-others": YES,
"org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
"org.freedesktop.udisks2.encrypted-unlock-system": YES,
"org.freedesktop.udisks2.eject-media-other-seat": YES,
"org.freedesktop.udisks2.power-off-drive-other-seat": YES
};
if (subject.isInGroup("storage")) {
return permission[action.id];
}
});
'';
};
# security.pam.services = {
# login.enableKwallet = false;
# login.kwallet = {
# enable = true;
# package = pkgs.plasma5Packages.kwallet-pam;
# };
# sddm = {
# enableKwallet = true;
# text = ''
# # Enable pam_kwallet5 for sddm
# auth optional pam_kwallet5.so
# session optional pam_kwallet5.so auto_start
# '';
# };
# };
# security.pam.services.wayne.kwallet.enable = true;
# security.pam.services.wayne.kwallet.package = pkgs.plasma5Packages.kwallet-pam;
# Redirect syslog to TTY12
systemd.services."systemd-journald-tty12" = {
description = "Forward syslog to TTY12";
serviceConfig = {
ExecStart = "/bin/sh -c 'journalctl -f > /dev/tty12'";
};
wantedBy = [ "multi-user.target" ];
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable Flakes
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
max-jobs = 12; # Adjust this to your CPU core count or slightly below
};
# Define a user account. Don't forget to set a password with passwd.
users = {
groups = {
wayne.gid = 1000;
vmail.gid = 2000;
storage.gid = 2010;
dialout = {};
plugdev = {};
uinput = {};
};
users = {
wayne = {
isNormalUser = true;
description = "Wayne Hayes";
extraGroups = [ "networkmanager" "wheel" "docker" "wayne" "vmail" "uinput" "storage" ];
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
kdePackages.kate
];
shell = pkgs.zsh;
};
};
};
security.sudo = {
enable = true;
extraConfig = ''
%wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-service
%wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-control
'';
};
systemd.services.StartInputRemapperDaemonAtLogin = {
enable = false;
description = "Start input-remapper daemon after login";
unitConfig = {
Type = "simple";
};
script = lib.getExe(pkgs.writeShellApplication {
name = "start-input-mapper-daemon";
runtimeInputs = with pkgs; [input-remapper procps su];
text = ''
until pgrep -u wayne; do
sleep 1
done
sleep 2
until [ $(pgrep -c -u root "input-remapper") -eq 4 ]; do
input-remapper-service&
sleep 1
input-remapper-helper&
sleep 1
done
su wayne -c "input-remapper-control --command stop-all"
su wayne -c "input-remapper-control --command autoload"
sleep infinity
'';
});
wantedBy = [ "default.target" ];
};
# Possible weird bug
# systemd.services.ReloadInputRemapperAfterSleep = {
# enable = true;
# description = "Reload input-remapper config after sleep";
# after = [ "suspend.target" ];
# unitConfig = {
# Type = "forking";
# };
# serviceConfig.User = "wayne";
# script = lib.getExe(pkgs.writeShellApplication {
# name = "reload-input-mapper-config";
# runtimeInputs = with pkgs; [input-remapper ps gawk];
# text = ''
# until [[ $(ps aux | awk '$11~"input-remapper" && $12="<defunct>" {print $0}' | wc -l) -eq 0 ]]; do
# input-remapper-control --command stop-all
# input-remapper-control --command autoload
# sleep 1
# done
# '';
# });
# wantedBy = [ "suspend.target" ];
# };
# Install firefox.
programs.firefox.enable = true;
programs.zsh.enable = true;
# Allow unfree packages
nixpkgs.config = {
allowUnfree = true;
cudaSupport = true;
acceptedLicenses = [ "unfree" "unfreeRedistributable" ];
};
programs.nix-ld.enable = true;
# programs.nix-ld.libraries = with pkgs; [
# libusb
# kdePackages.qt5compat kdePackages.full
# libsForQt5.full
# libGL
# gcc glib xorg.libXext
# ];
nixpkgs.config.permittedInsecurePackages = [
"freeimage-unstable-2021-11-01"
];
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
daemon.settings = {
userland-proxy = false;
ipv6 = false;
};
};
services = {
printing.enable = true;
ollama = {
enable = true;
acceleration = "cuda";
models = "/var/lib/ollama/models";
environmentVariables = {};
};
input-remapper = {
enable = true;
enableUdevRules = true;
package = pkgs.input-remapper;
serviceWantedBy = [ "graphical.target" ];
};
# dbus.implementation = "dbus"; # The option `services.dbus.implementation' has conflicting definition values: - In `/nix/store/60sn02zhawl3kwn0r515zff3h6hg6ydz-source/nixos/modules/programs/wayland/uwsm.nix': "broker"
udisks2.enable = true;
logrotate.enable = true;
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
# kmonad = {
# enable = true;
# keyboards = {
# myKMonadOutput = {
# device = "/dev/input/by-id/usb-Hanvon_Ugee_Shortcut_Remote_000000000000000-event-kbd";
# config = builtins.readFile /home/wayne/.config/kmonad/hanvon-ugee.kbd;
# };
# };
# };
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget git sshfs
pciutils
zsh
cryptsetup
home-manager
wpa_supplicant
lynx
nix-index nix-prefetch-scripts nix-prefetch
docker_27 docker-compose
direnv nix-direnv
# xdg-desktop-portal-hyprland
clinfo glxinfo vulkan-tools wayland-utils wl-clipboard
kdePackages.kdeplasma-addons kdePackages.qtstyleplugin-kvantum kdePackages.full kdePackages.qtwebengine kdePackages.qtpositioning kdePackages.qtlocation
kdePackages.ark plasma5Packages.kwallet-pam kdePackages.dolphin kdePackages.kwallet kdePackages.kwalletmanager kdePackages.konsole
evtest input-remapper dbus uwsm # keyd
cudaPackages.cudatoolkit # cudaPackages.cuda-samples
cifs-utils mesa libGL udiskie
# steam-run
];
fonts.packages = with pkgs; [
nerdfonts
garamond-libre
liberation_ttf
ubuntu_font_family
libre-baskerville
libre-bodoni
];
fonts.fontDir.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
nix.settings.auto-optimise-store = true;
nix.settings.access-tokens = "nas.local/git=PAT:glpat-bfbAJxv_4tmgySBZcPSZ";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}
Reference in New Issue Copy Permalink