nixconf

nixos dots
git clone git://popovic.xyz/nixos.config.git
Log | Files | Refs

configuration.nix (4538B)

      1 {
      2   pkgs,
      3   lib,
      4   hostName,
      5   inputs,
      6   isDarwin,
      7   ...
      8 }:
      9 {
     10   imports = [
     11     ../../users/root.nix
     12     ../../modules/nix-settings.nix
     13     ../../modules/nm.nix
     14   ];
     15 
     16   sops.defaultSopsFile = ../../secrets.yaml;
     17   sops.defaultSopsFormat = "yaml";
     18   sops.age.keyFile = "/home/mika/.config/sops/age/keys.txt";
     19 
     20   system.stateVersion = "26.05";
     21 
     22   # vm
     23   virtualisation.vmVariant = {
     24     virtualisation = {
     25       diskSize = 50 * 1028; # 50 GB
     26       memorySize = 16 * 1028; # 16 GB
     27       cores = 6;
     28       resolution = {
     29         x = 1600;
     30         y = 900;
     31       };
     32       qemu.options = [
     33         "-enable-kvm"
     34         "-cpu host"
     35         "-display gtk,zoom-to-fit=false"
     36         "-vga virtio"
     37       ];
     38     };
     39   };
     40 
     41   virtualisation.docker = {
     42     enable = true;
     43   };
     44 
     45   # boot
     46   boot = {
     47     loader = {
     48       systemd-boot.enable = true;
     49       efi.canTouchEfiVariables = true;
     50     };
     51     kernelPackages = pkgs.linuxPackages_latest;
     52     kernelParams = [
     53       "loglevel=3"
     54       "nowatchdog"
     55       "migrations=auto"
     56       "amd_iommu=on"
     57       "iommu=pt"
     58       "rtc_cmos.use_acpi_alarm=1"
     59       "usbcore.autosuspend=-1"
     60       "pcie_port_pm=off"
     61       "acpi.no_ec_wakup=1"
     62     ];
     63     supportedFilesystems = [
     64       "btrfs"
     65       "ext4"
     66       "vfat"
     67       "ntfs"
     68     ];
     69   };
     70 
     71   # netowrk
     72   networking.hostName = "${hostName}";
     73   networking.wireless.enable = true;
     74 
     75   networking.firewall = {
     76     enable = false;
     77     allowedTCPPorts = [ ];
     78     allowedUDPPorts = [ ];
     79   };
     80 
     81   # time/locale
     82   i18n.defaultLocale = "en_US.UTF-8";
     83 
     84   # programs
     85   programs = {
     86     nix-ld.enable = true;
     87     zsh.enable = true;
     88     dconf.enable = true;
     89     gnupg.agent = {
     90       enable = true;
     91       enableSSHSupport = true;
     92     };
     93   };
     94 
     95   environment.variables = {
     96     __ETC_ZSHRC_SOURCED = "1";
     97     __ETC_ZSHENV_SOURCED = "1";
     98   };
     99 
    100   # users
    101   users = {
    102     users = {
    103       mika = {
    104         isNormalUser = true;
    105         extraGroups = [
    106           "wheel"
    107           "docker"
    108         ];
    109         initialPassword = "123";
    110         shell = pkgs.zsh;
    111       };
    112       root = {
    113         shell = pkgs.zsh;
    114       };
    115     };
    116   };
    117   security.sudo.wheelNeedsPassword = false;
    118 
    119   powerManagement.powertop.enable = true;
    120 
    121   # services
    122   services = {
    123     automatic-timezoned.enable = true;
    124     gvfs.enable = true;
    125     udisks2.enable = true;
    126     upower.enable = true;
    127     fwupd.enable = true;
    128     openssh.enable = true;
    129     tlp.enable = false;
    130     power-profiles-daemon.enable = true;
    131     pipewire = {
    132       enable = true;
    133       alsa.enable = true;
    134       alsa.support32Bit = true;
    135       pulse.enable = true;
    136     };
    137     xserver = {
    138       enable = true;
    139       serverFlagsSection = ''
    140         Option "Xauth" "$XAUTHORITY"
    141       '';
    142       displayManager.startx = {
    143         enable = true;
    144       };
    145     };
    146     getty.autologinUser = "mika";
    147     logind.settings.Login = {
    148       SleepOperation = "suspend-then-hibernate";
    149       HandlePowerKey = "suspend-then-hibernate";
    150       HandleLidSwitch = "suspend-then-hibernate";
    151       HandlePowerKeyLongPress = "poweroff";
    152     };
    153   }
    154   // lib.optionalAttrs (!isDarwin) {
    155     gnome.gnome-keyring.enable = true;
    156     security.pam.services.gdm.enableGnomeKeyring = true;
    157     libinput = {
    158       enable = true;
    159       touchpad.naturalScrolling = false;
    160     };
    161     openssh = {
    162       enable = false;
    163       settings = {
    164         PasswordAuthentication = false;
    165         KbdInteractiveAuthentication = false;
    166         PermitRootLogin = "no";
    167         AllowUsers = [ "mika" ];
    168       };
    169     };
    170   };
    171 
    172   systemd.sleep.settings.Sleep = {
    173     HibernateDelaySec = "20m";
    174   };
    175 
    176   systemd.network.links."10-wlan0" = {
    177     matchConfig.MACAddress = "14:AC:60:29:82:AB";
    178     linkConfig.Name = "wlan0";
    179   };
    180 
    181   # hardware
    182   hardware.bluetooth.enable = true;
    183   hardware.sensor.iio.enable = false; # disable light sensors
    184   security.rtkit.enable = true;
    185   security.pam.services.swaylock = {
    186     text = ''
    187       auth include login
    188     '';
    189   };
    190 
    191   # packages
    192   nixpkgs.config.allowUnfree = true;
    193   nixpkgs.overlays = [ inputs.niri.overlays.niri ];
    194   environment.systemPackages = with pkgs; [
    195     neovim
    196     wget
    197     git
    198     nix
    199     curl
    200     tree
    201     coreutils
    202     stdenv
    203     dbus-broker
    204     pciutils
    205     util-linux
    206     pstree
    207     wireguard-tools
    208     gnome.gvfs
    209     ntfs3g
    210 
    211     upower
    212     lm_sensors
    213     acpilight
    214   ];
    215 
    216   # fonts
    217   fonts.packages = with pkgs; [
    218     nerd-fonts.terminess-ttf
    219     noto-fonts
    220     noto-fonts-color-emoji
    221     terminus_font
    222     liberation_ttf
    223     fira-code
    224     fira-code-symbols
    225     ubuntu-classic
    226     corefonts
    227   ];
    228   fonts.fontconfig.useEmbeddedBitmaps = true;
    229 }