290 lines
7.4 KiB
Nix
290 lines
7.4 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
nixpkgs.config = {
|
|
allowUnfree = true;
|
|
android_sdk.accept_license = true;
|
|
};
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot = {
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
plymouth = {
|
|
enable = true;
|
|
theme = "abstract_ring_alt";
|
|
themePackages = with pkgs; [
|
|
# By default we would install all themes
|
|
(adi1090x-plymouth-themes.override {
|
|
selected_themes = [ "abstract_ring_alt" ];
|
|
})
|
|
];
|
|
};
|
|
|
|
supportedFilesystems = [ "ntfs" ];
|
|
|
|
# Enable "Silent boot"
|
|
consoleLogLevel = 3;
|
|
initrd.verbose = false;
|
|
initrd.systemd.enable = true;
|
|
#bad: 6.12.62
|
|
#bad: 6.17.12
|
|
#good: 6.12.59
|
|
#bad: 6.12.60
|
|
#kernelPackages = (import inputs.nixpkgs-safe {system = "x86_64-linux"; }).linuxPackages;
|
|
#kernelPackages = pkgs.linuxPackages_6_17;
|
|
kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_12.override { # (#4)
|
|
argsOverride = rec {
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "torvalds";
|
|
repo = "linux";
|
|
# (#1) -> put the bisect revision here
|
|
rev = "17c3a66d7ea2d303f783796d62f99e2e23b68c90";
|
|
# (#2) -> clear the sha; run a build, get the sha, populate the sha
|
|
sha256 = "sha256-2XyrJmaZPa2TaVrwwjXM0z3Dyj794FDdmOTyRuH3z/A=";
|
|
};
|
|
|
|
dontStrip = true;
|
|
# (#3) `head Makefile` from the kernel and put the right version numbers here
|
|
version = "6.12.59";
|
|
modDirVersion = "6.12.59";
|
|
};
|
|
});
|
|
kernelParams = [
|
|
"quiet"
|
|
"splash"
|
|
"boot.shell_on_fail"
|
|
"udev.log_priority=3"
|
|
"rd.systemd.show_status=auto"
|
|
];
|
|
# Hide the OS choice for bootloaders.
|
|
# It's still possible to open the bootloader list by pressing any key
|
|
# It will just not appear on screen unless a key is pressed
|
|
loader.timeout = 0;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
loader.systemd-boot.enable = lib.mkForce false;
|
|
#loader.systemd-boot.configurationLimit = 3;
|
|
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
};
|
|
|
|
networking.hostName = "kemptop";
|
|
networking.hostId = "5506a8e8";
|
|
networking.networkmanager = {
|
|
enable = true;
|
|
plugins = with pkgs; [
|
|
networkmanager-openvpn
|
|
];
|
|
};
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
# Configure network proxy if necessary
|
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
|
|
nix = {
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes impure-derivations ca-derivations
|
|
'';
|
|
};
|
|
|
|
users.users.kemp = {
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
"wheel"
|
|
"adbusers"
|
|
"wireshark"
|
|
"networkmanager"
|
|
"libvirt"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
usbutils
|
|
inetutils
|
|
pciutils
|
|
git
|
|
pkg-config
|
|
openssl
|
|
tree
|
|
rustc
|
|
cargo
|
|
rustfmt
|
|
edid-decode
|
|
file
|
|
acpica-tools
|
|
ethtool
|
|
cmake
|
|
zip
|
|
texlive.combined.scheme-full
|
|
distrobox
|
|
lshw
|
|
sbctl
|
|
adw-gtk3
|
|
inkscape
|
|
traceroute
|
|
nix-output-monitor
|
|
dig
|
|
stdenv.cc
|
|
cmake
|
|
perl
|
|
smartmontools
|
|
gnumake
|
|
xz
|
|
android-tools
|
|
|
|
# GUI programs
|
|
|
|
android-studio-full
|
|
zed-editor
|
|
nautilus
|
|
zoom-us
|
|
spotify
|
|
prismlauncher
|
|
qdirstat
|
|
zenmap
|
|
mission-center
|
|
seahorse
|
|
texstudio
|
|
(pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {})
|
|
google-chrome
|
|
tor-browser
|
|
zathura
|
|
vlc
|
|
jetbrains.idea
|
|
|
|
# Libreoffice
|
|
libreoffice-qt
|
|
hunspell
|
|
hunspellDicts.de_AT
|
|
hunspellDicts.en_US
|
|
|
|
# fish shell setup
|
|
fishPlugins.done
|
|
fishPlugins.fzf-fish
|
|
fishPlugins.forgit
|
|
#fishPlugins.hydro
|
|
fzf
|
|
fishPlugins.grc
|
|
grc
|
|
|
|
# LSP
|
|
nil
|
|
nixd
|
|
rust-analyzer
|
|
#cargotom
|
|
|
|
|
|
#niri
|
|
#alacritty fuzzel swaylock mako swayidle
|
|
];
|
|
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
|
|
|
|
services.displayManager.cosmic-greeter.enable = true;
|
|
services.displayManager.autoLogin = {
|
|
enable = true;
|
|
user = "kemp";
|
|
};
|
|
services.desktopManager.cosmic.enable = true;
|
|
services.desktopManager.cosmic.xwayland.enable = true;
|
|
services.fwupd.enable = true;
|
|
services.pipewire.enable = true;
|
|
services.fprintd.enable = true;
|
|
services.flatpak.enable = true;
|
|
services.printing.enable = true;
|
|
services.hardware.bolt.enable = true;
|
|
services.printing.drivers = [ pkgs.hplipWithPlugin ];
|
|
services.avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
services.gnome.gnome-keyring.enable = true; # secret service
|
|
|
|
|
|
security.pam.services.login.enableGnomeKeyring = true;
|
|
security.pam.services.login.fprintAuth = true;
|
|
security.polkit.enable = true; # polkit
|
|
|
|
programs.nix-ld = {
|
|
enable = true;
|
|
libraries = pkgs.steam-run.args.multiPkgs pkgs;
|
|
};
|
|
|
|
#programs.niri.enable = true;
|
|
#security.pam.services.swaylock = {};
|
|
#programs.waybar.enable = true; # top bar
|
|
|
|
programs.firefox.enable = true;
|
|
programs.wireshark.enable = true;
|
|
programs.wireshark.package = pkgs.wireshark;
|
|
programs.fish = {
|
|
enable = true;
|
|
interactiveShellInit = ''
|
|
set fish_greeting # Disable greeting
|
|
'';
|
|
};
|
|
programs.bash = {
|
|
interactiveShellInit = ''
|
|
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
|
then
|
|
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
|
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
|
fi
|
|
'';
|
|
};
|
|
|
|
programs.virt-manager.enable = true;
|
|
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
};
|
|
virtualisation.libvirtd.enable = true;
|
|
|
|
|
|
systemd.user.extraConfig = ''
|
|
DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
|
|
'';
|
|
|
|
powerManagement.powertop.enable = true;
|
|
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
#
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
#
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
|
# to actually do that.
|
|
#
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
# out of date, out of support, or vulnerable.
|
|
#
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
# and migrated your data accordingly.
|
|
#
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
system.stateVersion = "25.05"; # Did you read the comment?
|
|
|
|
}
|