CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial state of laptop as a part of a large nixos config

Browse source
This commit is contained in:
Stefan Kempinger 2026-01-20 13:23:38 +01:00
commit 4211c5f7f8
3 changed files with 515 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

183
flake.lock generated Normal file
View file

@ -0,0 +1,183 @@
{
"nodes": {
"crane": {
"locked": {
"lastModified": 1767744144,
"narHash": "sha256-9/9ntI0D+HbN4G0TrK3KmHbTvwgswz7p8IEJsWyef8Q=",
"owner": "ipetkov",
"repo": "crane",
"rev": "2fb033290bf6b23f226d4c8b32f7f7a16b043d7e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": [
"nixpkgs"
],
"pre-commit": "pre-commit",
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1768307256,
"narHash": "sha256-3yDvlAqWa0Vk3B9hFRJJrSs1xc+FwVQFLtu//VrTR4c=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "7e031eb535a494582f4fc58735b5aecba7b57058",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1768736227,
"narHash": "sha256-qgGq7CfrYKc3IBYQ7qp0Z/ZXndQVC5Bj0N8HW9mS2rM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d447553bcbc6a178618d37e61648b19e744370df",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-safe": {
"locked": {
"lastModified": 1764283775,
"narHash": "sha256-Z+uaM0oj4++O2h6I54EmNE90xvd/jDeOEvW4vpW4GTE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae6ee9e9de6f149f675349e43d6786875d22b3d1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae6ee9e9de6f149f675349e43d6786875d22b3d1",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-safe": "nixpkgs-safe",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768704795,
"narHash": "sha256-Y33TAp2BHEcuspYvcmBXXD0qdvjftv73PwyKTDOjoSY=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4b7472a78857ac789fb26616040f55cfcbd36c6e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

290
kemptop/configuration.nix Normal file
View file

@ -0,0 +1,290 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nixpkgs.config = {
allowUnfree = true;
android_sdk.accept_license = true;
};
# Use the systemd-boot EFI boot loader.
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
plymouth = {
enable = true;
theme = "abstract_ring_alt";
themePackages = with pkgs; [
# By default we would install all themes
(adi1090x-plymouth-themes.override {
selected_themes = [ "abstract_ring_alt" ];
})
];
};
supportedFilesystems = [ "ntfs" ];
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
initrd.systemd.enable = true;
#bad: 6.12.62
#bad: 6.17.12
#good: 6.12.59
#bad: 6.12.60
#kernelPackages = (import inputs.nixpkgs-safe {system = "x86_64-linux"; }).linuxPackages;
#kernelPackages = pkgs.linuxPackages_6_17;
kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_12.override { # (#4)
argsOverride = rec {
src = pkgs.fetchFromGitHub {
owner = "torvalds";
repo = "linux";
# (#1) -> put the bisect revision here
rev = "17c3a66d7ea2d303f783796d62f99e2e23b68c90";
# (#2) -> clear the sha; run a build, get the sha, populate the sha
sha256 = "sha256-2XyrJmaZPa2TaVrwwjXM0z3Dyj794FDdmOTyRuH3z/A=";
};
dontStrip = true;
# (#3) `head Makefile` from the kernel and put the right version numbers here
version = "6.12.59";
modDirVersion = "6.12.59";
};
});
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 0;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.enable = lib.mkForce false;
#loader.systemd-boot.configurationLimit = 3;
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
networking.hostName = "kemptop";
networking.hostId = "5506a8e8";
networking.networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openvpn
];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
nix = {
extraOptions = ''
experimental-features = nix-command flakes impure-derivations ca-derivations
'';
};
users.users.kemp = {
isNormalUser = true;
extraGroups = [
"wheel"
"adbusers"
"wireshark"
"networkmanager"
"libvirt"
];
};
environment.systemPackages = with pkgs; [
wget
usbutils
inetutils
pciutils
git
pkg-config
openssl
tree
rustc
cargo
rustfmt
edid-decode
file
acpica-tools
ethtool
cmake
zip
texlive.combined.scheme-full
distrobox
lshw
sbctl
adw-gtk3
inkscape
traceroute
nix-output-monitor
dig
stdenv.cc
cmake
perl
smartmontools
gnumake
xz
android-tools
# GUI programs
android-studio-full
zed-editor
nautilus
zoom-us
spotify
prismlauncher
qdirstat
zenmap
mission-center
seahorse
texstudio
(pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {})
google-chrome
tor-browser
zathura
vlc
jetbrains.idea
# Libreoffice
libreoffice-qt
hunspell
hunspellDicts.de_AT
hunspellDicts.en_US
# fish shell setup
fishPlugins.done
fishPlugins.fzf-fish
fishPlugins.forgit
#fishPlugins.hydro
fzf
fishPlugins.grc
grc
# LSP
nil
nixd
rust-analyzer
#cargotom
#niri
#alacritty fuzzel swaylock mako swayidle
];
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
services.displayManager.cosmic-greeter.enable = true;
services.displayManager.autoLogin = {
enable = true;
user = "kemp";
};
services.desktopManager.cosmic.enable = true;
services.desktopManager.cosmic.xwayland.enable = true;
services.fwupd.enable = true;
services.pipewire.enable = true;
services.fprintd.enable = true;
services.flatpak.enable = true;
services.printing.enable = true;
services.hardware.bolt.enable = true;
services.printing.drivers = [ pkgs.hplipWithPlugin ];
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.gnome.gnome-keyring.enable = true; # secret service
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.login.fprintAuth = true;
security.polkit.enable = true; # polkit
programs.nix-ld = {
enable = true;
libraries = pkgs.steam-run.args.multiPkgs pkgs;
};
#programs.niri.enable = true;
#security.pam.services.swaylock = {};
#programs.waybar.enable = true; # top bar
programs.firefox.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting # Disable greeting
'';
};
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
programs.virt-manager.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
virtualisation.libvirtd.enable = true;
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
powerManagement.powertop.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

42
kemptop/hardware-configuration.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8b09fd02-ca92-48a5-bf25-55365595a79c";
fsType = "btrfs";
};
boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/86faa083-e18a-462e-95fa-2a0b0737d6e0";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F907-7B0D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}