wayne/system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
7aad0e3876
system/configuration.nix
wayne 7aad0e3876 Initial Commit
2024-10-14 14:28:31 -07:00

525 lines
17 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ lib, config, pkgs, zen-browser, hyprland, inputs, ... }:
let
unstable = import <nixpkgs> {
overlays = pkgs.overlays;
};
# flake-compat = builtins.fetchTarball "https://github.com/edolstra/flake-compat/archive/master.tar.gz";
# hyprland = (import flake-compat {
# src = builtins.fetchTarball "https://github.com/hyprwm/Hyprland/archive/main.tar.gz";
# sha256 = "qY6zh8gdgioEgCDOgT+SnK9QZ3OtGi+eXqqzcsYWKe8=";
# }).defaultNix;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "launchpad"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.extraHosts = ''
192.168.12.20 router.local
192.168.12.21 switch.local
192.168.12.25 dhcpd.local
192.168.12.40 launchpad.local
192.168.12.41 xeon.local
192.168.12.80 robo.local
192.168.12.81 nas.local
192.168.12.83 homeassistant.local
192.168.12.60 toons.local
45.58.52.52 www
172.245.111.249 est
216.189.156.74 mail
'';
networking.interfaces.enp4s0.ipv4.addresses = [ {
address = "192.168.12.40";
prefixLength = 24;
} ];
networking.defaultGateway = "192.168.12.20";
networking.nameservers = [ "192.168.12.25" ];
networking.firewall = {
allowedTCPPortRanges = [ { from = 35000; to = 36000; } { from = 5000; to = 6000; } { from = 8000; to = 9000; } ];
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
};
# Enable networking
networking.networkmanager.enable = true;
fileSystems."/mnt/share/Music" = {
device = "//nas.local/Music";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable the X11 windowing system.
# You can disable this if you're only using the Wayland session.
services.xserver = {
enable = false;
xkb = {
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
};
hardware.opengl = { # Renamed hardware.graphics
enable = true; # Renamed
package = pkgs.mesa.drivers; # Renamed
# 32bit Support
driSupport32Bit = true; # Renamed
# package32 = pkgsi686Linux.mesa.drivers;
};
# hardware.graphics = { # Only in unstable
# enable = true;
# package = pkgs.mesa.drivers;
# enable32Bit = true;
# };
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# xdg.portal = {
# enable = false;
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# extraPortals = [ inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland pkgs.kdePackages.xdg-desktop-portal-kde ];
# };
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
autoNumlock = true;
enableHidpi = true;
settings = {
X11 = {
MinimumVT = 7;
DisplayCommand="/etc/sddm/Xsetup";
};
};
wayland = {
enable = true;
};
};
# services.pentablet.enable = true;
# environment.etc."ssdm.conf.d/10-wayland.conf".text = ''
# [General]
# DisplayServer=wayland
# GreeterEnvironment=QT_WAYLAND_SHELL_INTEGRATION=layer-shell
# [Wayland]
# CompositorCommand=kwin_wayland --drm --no-lockscreen --no-global-shortcuts --locale1
# '';
# environment.etc."sddm/Xsetup".text = ''
# #!/usr/bin/env bash
# xrandr --output DP-5 --auto --primary
# xrandr --output DP-4 --left-of DP-5 --noprimary
# xrandr --output DP-2 --right-of DP-5 --rotate left --noprimary
# '';
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.SDDM_INITIAL_VT = "VT 7";
services.desktopManager.plasma6.enable = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
# package = pkgs.hyprland;
# package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
# portalPackage = pkgs.xdg-desktop-portal-hyprland;
# portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
# programs.uwsm = {
# enable = true; # You must configure waylandCompositors suboptions
# waylandCompositors = {
# hyprland = {
# prettyName = "Hyprland";
# comment = "Hyprland compositor managed by UWSM";
# binPath = "/run/current-system/sw/bin/Hyprland";
# };
# };
# };
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function (action, subject) {
if (
subject.isInGroup("users") &&
[
"org.freedesktop.login1.reboot",
"org.freedesktop.login1.reboot-multiple-sessions",
"org.freedesktop.login1.power-off",
"org.freedesktop.login1.power-off-multiple-sessions",
].indexOf(action.id) !== -1
) {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
var YES = polkit.Result.YES;
var permission = {
// required for udisks1:
"org.freedesktop.udisks.filesystem-mount": YES,
"org.freedesktop.udisks.luks-unlock": YES,
"org.freedesktop.udisks.drive-eject": YES,
"org.freedesktop.udisks.drive-detach": YES,
// required for udisks2:
"org.freedesktop.udisks2.filesystem-mount": YES,
"org.freedesktop.udisks2.encrypted-unlock": YES,
"org.freedesktop.udisks2.eject-media": YES,
"org.freedesktop.udisks2.power-off-drive": YES,
// required for udisks2 if using udiskie from another seat (e.g. systemd):
"org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
"org.freedesktop.udisks2.filesystem-unmount-others": YES,
"org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
"org.freedesktop.udisks2.encrypted-unlock-system": YES,
"org.freedesktop.udisks2.eject-media-other-seat": YES,
"org.freedesktop.udisks2.power-off-drive-other-seat": YES
};
if (subject.isInGroup("storage")) {
return permission[action.id];
}
});
'';
};
# security.pam.services = {
# login.enableKwallet = false;
# login.kwallet = {
# enable = true;
# package = pkgs.plasma5Packages.kwallet-pam;
# };
# sddm = {
# enableKwallet = true;
# text = ''
# # Enable pam_kwallet5 for sddm
# auth optional pam_kwallet5.so
# session optional pam_kwallet5.so auto_start
# '';
# };
# };
# security.pam.services.wayne.kwallet.enable = true;
# security.pam.services.wayne.kwallet.package = pkgs.plasma5Packages.kwallet-pam;
# Redirect syslog to TTY12
systemd.services."systemd-journald-tty12" = {
description = "Forward syslog to TTY12";
serviceConfig = {
ExecStart = "/bin/sh -c 'journalctl -f > /dev/tty12'";
};
wantedBy = [ "multi-user.target" ];
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable Flakes
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
max-jobs = 12; # Adjust this to your CPU core count or slightly below
};
# Define a user account. Don't forget to set a password with passwd.
users = {
groups = {
wayne.gid = 1000;
vmail.gid = 2000;
storage.gid = 2010;
dialout = {};
plugdev = {};
uinput = {};
};
users = {
wayne = {
isNormalUser = true;
description = "Wayne Hayes";
extraGroups = [ "networkmanager" "wheel" "docker" "wayne" "vmail" "uinput" "storage" ];
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
kdePackages.kate
];
shell = pkgs.zsh;
};
};
};
security.sudo = {
enable = true;
extraConfig = ''
%wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-service
%wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-control
'';
};
systemd.services.StartInputRemapperDaemonAtLogin = {
enable = false;
description = "Start input-remapper daemon after login";
unitConfig = {
Type = "simple";
};
script = lib.getExe(pkgs.writeShellApplication {
name = "start-input-mapper-daemon";
runtimeInputs = with pkgs; [input-remapper procps su];
text = ''
until pgrep -u wayne; do
sleep 1
done
sleep 2
until [ $(pgrep -c -u root "input-remapper") -eq 4 ]; do
input-remapper-service&
sleep 1
input-remapper-helper&
sleep 1
done
su wayne -c "input-remapper-control --command stop-all"
su wayne -c "input-remapper-control --command autoload"
sleep infinity
'';
});
wantedBy = [ "default.target" ];
};
# Possible weird bug
# systemd.services.ReloadInputRemapperAfterSleep = {
# enable = true;
# description = "Reload input-remapper config after sleep";
# after = [ "suspend.target" ];
# unitConfig = {
# Type = "forking";
# };
# serviceConfig.User = "wayne";
# script = lib.getExe(pkgs.writeShellApplication {
# name = "reload-input-mapper-config";
# runtimeInputs = with pkgs; [input-remapper ps gawk];
# text = ''
# until [[ $(ps aux | awk '$11~"input-remapper" && $12="<defunct>" {print $0}' | wc -l) -eq 0 ]]; do
# input-remapper-control --command stop-all
# input-remapper-control --command autoload
# sleep 1
# done
# '';
# });
# wantedBy = [ "suspend.target" ];
# };
# Install firefox.
programs.firefox.enable = true;
programs.zsh.enable = true;
# Allow unfree packages
nixpkgs.config = {
allowUnfree = true;
cudaSupport = true;
acceptedLicenses = [ "unfree" "unfreeRedistributable" ];
};
programs.nix-ld.enable = true;
# programs.nix-ld.libraries = with pkgs; [
# libusb
# kdePackages.qt5compat kdePackages.full
# libsForQt5.full
# libGL
# gcc glib xorg.libXext
# ];
nixpkgs.config.permittedInsecurePackages = [
"freeimage-unstable-2021-11-01"
];
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
daemon.settings = {
userland-proxy = false;
ipv6 = false;
};
};
services = {
printing.enable = true;
ollama = {
enable = true;
acceleration = "cuda";
models = "/var/lib/ollama/models";
environmentVariables = {};
};
input-remapper = {
enable = true;
enableUdevRules = true;
package = pkgs.input-remapper;
serviceWantedBy = [ "graphical.target" ];
};
# dbus.implementation = "dbus"; # The option `services.dbus.implementation' has conflicting definition values: - In `/nix/store/60sn02zhawl3kwn0r515zff3h6hg6ydz-source/nixos/modules/programs/wayland/uwsm.nix': "broker"
udisks2.enable = true;
logrotate.enable = true;
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
# kmonad = {
# enable = true;
# keyboards = {
# myKMonadOutput = {
# device = "/dev/input/by-id/usb-Hanvon_Ugee_Shortcut_Remote_000000000000000-event-kbd";
# config = builtins.readFile /home/wayne/.config/kmonad/hanvon-ugee.kbd;
# };
# };
# };
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget git sshfs
pciutils
zsh
cryptsetup
home-manager
wpa_supplicant
lynx
nix-index nix-prefetch-scripts nix-prefetch
docker_27 docker-compose
direnv nix-direnv
# xdg-desktop-portal-hyprland
clinfo glxinfo vulkan-tools wayland-utils wl-clipboard
kdePackages.kdeplasma-addons kdePackages.qtstyleplugin-kvantum kdePackages.full kdePackages.qtwebengine kdePackages.qtpositioning kdePackages.qtlocation
kdePackages.ark plasma5Packages.kwallet-pam kdePackages.dolphin kdePackages.kwallet kdePackages.kwalletmanager kdePackages.konsole
evtest input-remapper dbus uwsm # keyd
cudaPackages.cudatoolkit # cudaPackages.cuda-samples
cifs-utils mesa libGL udiskie
# steam-run
];
fonts.packages = with pkgs; [
nerdfonts
garamond-libre
liberation_ttf
ubuntu_font_family
libre-baskerville
libre-bodoni
];
fonts.fontDir.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
nix.settings.auto-optimise-store = true;
nix.settings.access-tokens = "nas.local/git=PAT:glpat-bfbAJxv_4tmgySBZcPSZ";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink