CrazyChaoz/Kemptop-NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial laptop state after enabling aarch64 emulation

Browse source
This commit is contained in:
Stefan Kempinger 2025-11-03 12:07:34 +01:00
commit e0ccfe0e5e
4 changed files with 500 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

228
configuration.nix Normal file
View file

@ -0,0 +1,228 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nixpkgs.config = {
allowUnfree = true;
android_sdk.accept_license = true;
};
# Use the systemd-boot EFI boot loader.
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
plymouth = {
enable = true;
theme = "abstract_ring_alt";
themePackages = with pkgs; [
# By default we would install all themes
(adi1090x-plymouth-themes.override {
selected_themes = [ "abstract_ring_alt" ];
})
];
};
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
initrd.systemd.enable = true;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 0;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
networking.hostName = "kemptop";
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
users.users.kemp = {
isNormalUser = true;
extraGroups = [
"wheel"
"adbusers"
"wireshark"
"networkmanager"
];
};
environment.systemPackages = with pkgs; [
wget
usbutils
git
pkg-config
openssl
tree
rustc
cargo
rustfmt
edid-decode
file
acpica-tools
ethtool
cmake
zip
texlive.combined.scheme-full
texpresso
uv
distrobox
lshw
pciutils
sbctl
adw-gtk3
# GUI programs
android-studio-full
zed-editor-fhs
nautilus
zoom-us
spotify
prismlauncher
qdirstat
zenmap
mission-center
seahorse
zathura
(pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {})
google-chrome
tor-browser
# Libreoffice
libreoffice-qt
hunspell
hunspellDicts.de_AT
hunspellDicts.en_US
# fish shell setup
fishPlugins.done
fishPlugins.fzf-fish
fishPlugins.forgit
#fishPlugins.hydro
fzf
fishPlugins.grc
grc
# LSP
nil
nixd
rust-analyzer
#cargotom
];
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
services.displayManager.cosmic-greeter.enable = true;
services.displayManager.autoLogin = {
enable = true;
user = "kemp";
};
services.desktopManager.cosmic.enable = true;
services.desktopManager.cosmic.xwayland.enable = true;
services.fwupd.enable = true;
services.pipewire.enable = true;
services.fprintd.enable = true;
services.flatpak.enable = true;
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplipWithPlugin ];
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.gnome.gnome-keyring.enable = true; # secret service
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.login.fprintAuth = true;
security.polkit.enable = true; # polkit
programs.firefox.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
programs.adb.enable = true;
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting # Disable greeting
'';
};
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

192
flake.lock generated Normal file
View file

@ -0,0 +1,192 @@
{
"nodes": {
"crane": {
"locked": {
"lastModified": 1754269165,
"narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
"owner": "ipetkov",
"repo": "crane",
"rev": "444e81206df3f7d92780680e45858e31d2f07a08",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754091436,
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1756744479,
"narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "747b7912f49e2885090c83364d88cf853a020ac1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1761827175,
"narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761878277,
"narHash": "sha256-6fCtyVdTzoQejwoextAu7dCLoy5fyD3WVh+Qm7t2Nhg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6604534e44090c917db714faa58d47861657690c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

38
flake.nix Normal file
View file

@ -0,0 +1,38 @@
{
description = "kemptop flake";
inputs = {
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable";
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixos-hardware, lanzaboote,rust-overlay }: {
nixosConfigurations = {
kemptop = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
lanzaboote.nixosModules.lanzaboote
./configuration.nix
nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen5
];
};
};
};
}

42
hardware-configuration.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8b09fd02-ca92-48a5-bf25-55365595a79c";
fsType = "btrfs";
};
boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/86faa083-e18a-462e-95fa-2a0b0737d6e0";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F907-7B0D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}