petrichor
/
boxen
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
boxen/configuration.nix

310 lines
9.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
let
# local = import ./local.nix { inherit config pkgs lib; };
# hostName = local.networking.hostName;
# host-config = ./machines + "/${hostName}.nix";
# optionalPath = path: lib.lists.optional (builtins.pathExists path) path;
in {
imports = [
# <home-manager/nixos>
# ./hardware-configuration.nix
# ./local.nix
./cachix.nix
]; # ++ optionalPath host-config;
documentation.info.enable = lib.mkForce false;
# Nix ######################################################################
system.stateVersion = "20.03"; # Leave this alone (see configuration.nix(5))
nixpkgs.config = {
allowUnfree = true;
joypixels.acceptLicense = true;
packageOverrides = pkgs: {
nur = import (builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
};
nixpkgs.overlays = [
# (self: super: { libvirt = (import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/066676b839a217f6b1b5d8ab05842604d33b7258.tar.gz") {}).libvirt; })
];
nix = {
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "12:00";
options = "--delete-older-than 14d";
};
};
# Kernel ###################################################################
boot = {
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = [ "v4l2loopback" ];
kernel.sysctl = {
"net.core.rmem_max" = 2500000;
"vm.swappiness" = 10;
};
};
# Users ####################################################################
users.users.jez = {
isNormalUser = true;
group = "jez";
extraGroups = [ "wheel" "video" "audio" "networkmanager" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ ./data/yubikey_ssh.pub ];
};
users.groups.jez = { };
users.users.elly.isNormalUser = true;
# home-manager.users.jez = import ./home/jez/home.nix;
environment.shells = with pkgs; [ bashInteractive bash fish zsh ];
# Networking ###############################################################
networking = {
useDHCP = false;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
22000 # SyncThing
];
allowedUDPPorts = [
21027 # SyncThing
];
};
};
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
};
};
services.openssh.enable = true;
programs.mosh.enable = true;
# Bluetooth ################################################################
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
services.blueman.enable = true;
# Security #################################################################
security.wrappers = {
ping = {
source = "${pkgs.iputils.out}/bin/ping";
owner = "nobody";
group = "nogroup";
capabilities = "cap_net_raw+ep";
};
};
# Localisation #############################################################
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "ter-124n";
packages = [ pkgs.terminus_font ];
keyMap = "us";
};
# General ##################################################################
environment.systemPackages = with pkgs; [
cachix
wget
vim
git
mercurial
tree
iputils
ripgrep
refind
terminus_font
];
documentation = {
man.generateCaches = true;
dev.enable = true;
};
# Desktop environment ####################################################
hardware.opengl.driSupport32Bit = true;
services.xserver = {
enable = true;
layout = "us";
libinput.enable = true;
displayManager.lightdm = {
enable = true;
greeters.enso.enable = true;
extraSeatDefaults = ''
greeter-hide-users = false
greeter-show-manual-login = true
'';
};
desktopManager.gnome.enable = true;
displayManager.sessionPackages = let
emacs-caged-desktop =
pkgs.writeTextDir "share/wayland-sessions/emacs-caged.desktop" ''
[Desktop Entry]
Name=Emacs, Caged
Comment=Just emacs, nothing else
Exec=${pkgs.cage}/bin/cage -- ${pkgs.emacs}/bin/emacs
Type=Application
'';
emacs-caged = emacs-caged-desktop.overrideAttrs
(oldattrs: { passthru.providedSessions = [ "emacs-caged" ]; });
in [ emacs-caged ];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
services.dbus.packages = [ pkgs.gnome3.dconf ];
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
};
services.printing.enable = true;
services.flatpak.enable = true;
# Sound ####################################################################
sound.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
security.rtkit.enable = true;
# Fonts ####################################################################
fonts.fonts = with pkgs; [
iosevka
fira
fira-code
merriweather
gentium
gentium-book-basic
open-sans
joypixels
noto-fonts-emoji
font-awesome
];
# Location #################################################################
location = {
provider = "manual";
# Somewhere roughly in the North of England
latitude = 54.0;
longitude = 1.0;
};
# Services #################################################################
services.accounts-daemon.enable = true;
services.pcscd = {
enable = true;
plugins = [ pkgs.ccid ]; # Needed for GPG + Yubikey
};
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
users.groups.libvirtd.members = [ "jez" ];
# see https://github.com/xeji/nixpkgs/blob/1894a2ace97cc61cf833f712581d31cf2c650c35/pkgs/development/libraries/spice-gtk/default.nix#L39
security.wrappers.spice-client-glib-usb-acl-helper.source =
"${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
services.netdata.enable = true;
# Hardware #################################################################
services.udev.extraRules = ''
# Atmel DFU
### ATmega16U2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2fef", TAG+="uaccess"
### ATmega32U2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", TAG+="uaccess"
### ATmega16U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff3", TAG+="uaccess"
### ATmega32U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", TAG+="uaccess"
### AT90USB64
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff9", TAG+="uaccess"
### AT90USB128
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", TAG+="uaccess"
# Input Club
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c11", ATTRS{idProduct}=="b007", TAG+="uaccess"
# STM32duino
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="0003", TAG+="uaccess"
# STM32 DFU
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
# BootloadHID
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", TAG+="uaccess"
# USBAspLoader
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", TAG+="uaccess"
# ModemManager should ignore the following devices
# Atmel SAM-BA (Massdrop)
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
# Caterina (Pro Micro)
## Spark Fun Electronics
### Pro Micro 3V3/8MHz
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9203", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### Pro Micro 5V/16MHz
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9205", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### LilyPad 3V3/8MHz (and some Pro Micro clones)
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
## Pololu Electronics
### A-Star 32U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="0101", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
## Arduino SA
### Leonardo
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### Micro
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
## Adafruit Industries LLC
### Feather 32U4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000c", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### ItsyBitsy 32U4 3V3/8MHz
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000d", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### ItsyBitsy 32U4 5V/16MHz
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000e", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
## dog hunter AG
### Leonardo
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
### Micro
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
'';
}
Reference in New Issue View Git Blame Copy Permalink