joachim/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/nixos/dustbowl.nix
joachimschmidt557 70e3c548f2
dustbowl: disable lightdm and disable systemd-boot
2022-01-26 15:19:18 +01:00

334 lines
7.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ emacs-overlay, nixpkgs }:
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
/etc/nixos/hardware-configuration.nix
./cachix.nix
];
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
builders-use-substitutes = true
'';
distributedBuilds = true;
registry.nixpkgs.flake = nixpkgs;
};
# Kernel version
boot.kernelPackages = pkgs.linuxPackages_5_15;
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
boot.loader.grub = {
enable = true;
version = 2;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/70c16b36-14b6-4939-9fc9-210774614e72";
preLVM = true;
};
};
# Set sysctl parameters
boot.kernel.sysctl = {
# Useful for rr
"kernel.perf_event_paranoid" = 1;
};
networking.hostName = "dustbowl"; # Define your hostname.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.wireless.interfaces = [ "wlp2s0" ];
# networking.wireless.userControlled.enable = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.wlp2s0.useDHCP = true;
# Add TeleSec root certificate to /etc/ explicitly for eduroam
environment.etc."ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem".source = pkgs.fetchurl {
url = "https://www.pki.dfn.de/fileadmin/PKI/zertifikate/T-TeleSec_GlobalRoot_Class_2.pem";
sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";
};
# services.dnscrypt-proxy2 = {
# enable = true;
# settings = {
# require_nolog = true;
# require_nofilter = true;
# sources.public-resolvers = {
# urls = [ "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ];
# cache_file = "public-resolvers.md";
# minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
# refresh_delay = 72;
# };
# };
# };
# udev rules
services.udev.packages = with pkgs; [
yubikey-personalization
];
# services.logind.lidSwitch = "ignore";
# Configure console
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
};
# Set location (e.g. for redshift)
location = {
latitude = 1.3766;
longitude = 103.8160;
};
environment.systemPackages = with pkgs; [
ntfs3g
file
usbutils
pciutils
calc
wget
unzip
zip
psmisc
htop
vim
vis
git
pamix
bubblewrap
openconnect
yubikey-personalization
yubico-pam
nmap
bind.dnsutils
# X server setup
# dwm
# st
alacritty
xsel
mons
maim
# Wayland setup
grim
slurp
wl-clipboard
mako
# GUI software
emacsPgtk
firefox
thunderbird
mpv
zathura
imv
];
environment.pathsToLink = [ "/libexec" ];
# Use doas instead of sudo
security.sudo.enable = false;
security.doas = {
enable = true;
extraRules = [
{
groups = ["wheel"];
persist = true;
keepEnv = true;
}
];
};
# Enable gnupg
programs.gnupg.agent.enable = true;
programs.fish.enable = true;
# Steam
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: rec {
# Override firefox
firefox = pkgs.firefox.override {
forceWayland = true;
};
};
nixpkgs.overlays = [ emacs-overlay.overlay ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.firewall.allowedUDPPorts = [ 8080 ];
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplipWithPlugin ];
hardware.sane = {
enable = true;
brscan4.enable = true;
extraBackends = [ pkgs.hplipWithPlugin ];
};
systemd.user.services.wlsunset = {
description = "wlsunset colour temperature adjuster";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.wlsunset}/bin/wlsunset \
-l 49.5 \
-L 8.4 \
-t 2000 \
'';
RestartSec = 3;
Restart = "always";
};
};
# Hardware
# Enable sound.
sound.enable = true;
# Bluetooth
hardware.bluetooth.enable = true;
systemd.services.bluetooth.serviceConfig.ExecStart =
let args = [ "-f" "/etc/bluetooth/main.conf" "-E" ];
in lib.mkForce [ "" "${config.hardware.bluetooth.package}/libexec/bluetooth/bluetoothd ${lib.escapeShellArgs args}" ];
# UPower
services.upower.enable = true;
# RealtimeKit
security.rtkit.enable = true;
# Video acceleration
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
# Enable the X11 windowing system.
services.xserver = {
enable = true;
layout = "de";
xkbModel = "pc105";
xkbVariant = "neo_qwertz";
dpi = 150;
displayManager.startx.enable = true;
desktopManager.xterm.enable = false;
};
# PipeWire
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
# Window manager
services.xserver.windowManager.i3 = {
enable = true;
extraPackages = with pkgs; [
dmenu
i3status
i3lock
];
};
services.xserver.libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
scrollMethod = "twofinger";
};
};
services.compton = {
enable = true;
backend = "glx";
vSync = true;
};
systemd.user.services.picom.serviceConfig.Restart = lib.mkForce "no";
# xss-lock
programs.xss-lock = {
enable = true;
lockerCommand = "${pkgs.i3lock}/bin/i3lock";
};
# Sway
programs.sway.enable = true;
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
};
# Fonts
fonts.fonts = with pkgs; [
fira-code
noto-fonts noto-fonts-emoji noto-fonts-extra
];
fonts.fontconfig = {
enable = true;
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "Fira Code" ];
sansSerif = [ "Noto Sans" ];
};
};
virtualisation.libvirtd.enable = true;
users.users.joachim = {
isNormalUser = true;
home = "/home/joachim";
shell = pkgs.fish;
extraGroups = [ "wheel" "scanner" "libvirtd" ];
};
# Yubikey PAM
security.pam.yubico = {
enable = true;
mode = "challenge-response";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.03"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink