nixos-dots

nixos dots
git clone git://popovic.xyz/nixos-dots.git
Log | Files | Refs

configuration.nix (4580B)

      1 {
      2   pkgs,
      3   lib,
      4   hostName,
      5   isDarwin,
      6   inputs,
      7   ...
      8 }:
      9 {
     10   imports = [
     11     ../../users/root.nix
     12     ../../modules/nix_settings.nix
     13     ../../modules/nm.nix
     14   ];
     15 
     16   sops.defaultSopsFile = ../../secrets.yaml;
     17   sops.defaultSopsFormat = "yaml";
     18   sops.age.keyFile = "/home/mika/.config/sops/age/keys.txt";
     19 
     20   system.stateVersion = "26.05";
     21 
     22   # vm
     23   virtualisation.vmVariant = {
     24     virtualisation = {
     25       diskSize = 50 * 1028; # 50 GB
     26       memorySize = 16 * 1028; # 16 GB
     27       cores = 6;
     28       resolution = {
     29         x = 1600;
     30         y = 900;
     31       };
     32       qemu.options = [
     33         "-enable-kvm"
     34         "-cpu host"
     35         "-display gtk,zoom-to-fit=false"
     36         "-vga virtio"
     37       ];
     38     };
     39   };
     40 
     41   #  virtualisation.docker = {
     42   #    enable = true;
     43   #    rootless = {
     44   #      enable = true;
     45   #      setSocketVariable = true;
     46   #    };
     47   #  };
     48 
     49   # boot
     50   boot = {
     51     loader = {
     52       systemd-boot.enable = true;
     53       efi.canTouchEfiVariables = true;
     54     };
     55     kernelPackages = pkgs.linuxPackages_latest;
     56     kernelParams = [
     57       "loglevel=3"
     58       "nowatchdog"
     59       "migrations=auto"
     60       "amd_iommu=on"
     61       "iommu=pt"
     62       "rtc_cmos.use_acpi_alarm=1"
     63       "usbcore.autosuspend=-1"
     64       "pcie_port_pm=off"
     65       "acpi.no_ec_wakup=1"
     66     ];
     67     supportedFilesystems = [
     68       "btrfs"
     69       "ext4"
     70       "vfat"
     71       "ntfs"
     72     ];
     73   };
     74 
     75   # netowrk
     76   networking.hostName = "${hostName}";
     77   networking.wireless.enable = true;
     78 
     79   networking.firewall = {
     80     enable = true;
     81     allowedTCPPorts = [ ];
     82     allowedUDPPorts = [ ];
     83   };
     84 
     85   # time/locale
     86   i18n.defaultLocale = "en_US.UTF-8";
     87 
     88   # programs
     89   programs = {
     90     nix-ld.enable = true;
     91     zsh.enable = true;
     92     dconf.enable = true;
     93     gnupg.agent = {
     94       enable = true;
     95       enableSSHSupport = true;
     96     };
     97   };
     98 
     99   environment.variables = {
    100     __ETC_ZSHRC_SOURCED = "1";
    101     __ETC_ZSHENV_SOURCED = "1";
    102   };
    103 
    104   # users
    105   users = {
    106     users = {
    107       mika = {
    108         isNormalUser = true;
    109         extraGroups = [
    110           "wheel"
    111           "docker"
    112         ];
    113         initialPassword = "123";
    114         shell = pkgs.zsh;
    115       };
    116       root = {
    117         shell = pkgs.zsh;
    118       };
    119     };
    120   };
    121   security.sudo.wheelNeedsPassword = false;
    122 
    123   powerManagement.powertop.enable = true;
    124 
    125   # services
    126   services = {
    127     automatic-timezoned.enable = true;
    128     gvfs.enable = true;
    129     udisks2.enable = true;
    130     upower.enable = true;
    131     fwupd.enable = true;
    132     openssh.enable = true;
    133     tlp.enable = false;
    134     power-profiles-daemon.enable = true;
    135     pipewire = {
    136       enable = true;
    137       alsa.enable = true;
    138       alsa.support32Bit = true;
    139       pulse.enable = true;
    140     };
    141     xserver = {
    142       enable = true;
    143       serverFlagsSection = ''
    144         Option "Xauth" "$XAUTHORITY"
    145       '';
    146       displayManager.startx = {
    147         enable = true;
    148       };
    149     };
    150     getty.autologinUser = "mika";
    151     logind.settings.Login = {
    152       SleepOperation = "suspend-then-hibernate";
    153       HandlePowerKey = "suspend-then-hibernate";
    154       HandleLidSwitch = "suspend-then-hibernate";
    155       HandlePowerKeyLongPress = "poweroff";
    156     };
    157   }
    158   // lib.optionalAttrs (!isDarwin) {
    159     gnome.gnome-keyring.enable = true;
    160     libinput = {
    161       enable = true;
    162       touchpad.naturalScrolling = false;
    163     };
    164     openssh = {
    165       enable = false;
    166       settings = {
    167         PasswordAuthentication = false;
    168         KbdInteractiveAuthentication = false;
    169         PermitRootLogin = "no";
    170         AllowUsers = [ "myUser" ];
    171       };
    172     };
    173   };
    174 
    175   systemd.sleep.settings.Sleep = {
    176     HibernateDelaySec = "20m";
    177   };
    178 
    179   systemd.network.links."10-wlan0" = {
    180     matchConfig.MACAddress = "14:AC:60:29:82:AB";
    181     linkConfig.Name = "wlan0";
    182   };
    183 
    184   # hardware
    185   hardware.bluetooth.enable = true;
    186   hardware.sensor.iio.enable = false; # disable light sensors
    187   security.rtkit.enable = true;
    188   security.pam.services.swaylock = {
    189     text = ''
    190       auth include login
    191     '';
    192   };
    193 
    194   # packages
    195   nixpkgs.config.allowUnfree = true;
    196   nixpkgs.overlays = [ inputs.niri.overlays.niri ];
    197   environment.systemPackages = with pkgs; [
    198     neovim
    199     wget
    200     git
    201     nix
    202     curl
    203     tree
    204     coreutils
    205     stdenv
    206     dbus-broker
    207     pciutils
    208     util-linux
    209     pstree
    210     wireguard-tools
    211     gnome.gvfs
    212     ntfs3g
    213 
    214     upower
    215     lm_sensors
    216     acpilight
    217   ];
    218 
    219   # fonts
    220   fonts.packages = with pkgs; [
    221     nerd-fonts.terminess-ttf
    222     noto-fonts
    223     noto-fonts-color-emoji
    224     terminus_font
    225     liberation_ttf
    226     fira-code
    227     fira-code-symbols
    228     ubuntu-classic
    229     corefonts
    230   ];
    231   fonts.fontconfig.useEmbeddedBitmaps = true;
    232 }