Skip to content

Instantly share code, notes, and snippets.

@mogorman

mogorman/configuration.nix

Created July 17, 2020 18:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mogorman/1618b69049abb3db4d931a176b99ba95 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mogorman/1618b69049abb3db4d931a176b99ba95 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration.nix
{ config, lib, pkgs, ... }:
let
home-manager = builtins.fetchTarball {
url = "https://github.com/rycee/home-manager/archive/master.tar.gz";
};
impermanence = builtins.fetchTarball {
url =
"https://github.com/nix-community/impermanence/archive/master.tar.gz";
};
emacs = builtins.fetchTarball {
url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
};
in
{
imports =
[
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
"${home-manager}/nixos"
"${impermanence}/nixos.nix"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
neededForBoot = true;
options = [ "defaults" "size=8G" "mode=755" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C3B6-791C";
fsType = "vfat";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/cf578d60-babe-4bd1-aa25-8d8e99006baf";
neededForBoot = true;
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/47628b11-4fc1-48a2-80a4-aa52ea923955"; }
];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
system.stateVersion = "20.03"; # Did you read the comment?
networking.hostName = "dent";
time.timeZone = "US/Eastern";
networking.networkmanager.enable = true;
boot.initrd.luks.gpgSupport = true;
boot.initrd.luks.devices = {
root = {
device = "/dev/sda2";
preLVM = true;
allowDiscards = true;
gpgCard = {
gracePeriod = 25;
encryptedPass = "${/nix/persist/boot_pass/pass.gpg}";
publicKey = "${/nix/persist/boot_pass/mog.asc}";
};
};
};
hardware.nitrokey.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
security.pam.enableSSHAgentAuth = true;
environment.etc."vim/vimrc".text = ''
set nocompatible
syntax on
set backspace=indent,eol,start
set mouse-=a
'';
systemd.tmpfiles.rules = [
"L /var/lib/bluetooth - - - - /nix/persist/var/lib/bluetooth"
"L /etc/NetworkManager/system-connections - - - - /nix/persist/etc/NetworkManager/system-connections"
];
environment.etc."machine-id".source = "/nix/persist/etc/machine-id";
environment.etc."nixos".source = "/nix/persist/etc/nixos";
environment.etc."ssh/ssh_host_rsa_key".source
= "/nix/persist/etc/ssh/ssh_host_rsa_key";
environment.etc."ssh/ssh_host_rsa_key.pub".source
= "/nix/persist/etc/ssh/ssh_host_rsa_key.pub";
environment.etc."ssh/ssh_host_ed25519_key".source
= "/nix/persist/etc/ssh/ssh_host_ed25519_key";
environment.etc."ssh/ssh_host_ed25519_key.pub".source
= "/nix/persist/etc/ssh/ssh_host_ed25519_key.pub";
environment.persistence."/nix/persist" = {
directories = [
"/mog"
];
files = [
];
};
users.mutableUsers = false;
users.users.mog = {
isNormalUser = true;
createHome = true;
group = "users";
extraGroups = [ "networkmanager" "wheel" "dialout" "vboxusers" "docker" "libvirtd" "nitrokey" "plugdev" ];
uid = 1000;
hashedPassword = "$6$ejVrOQWib3P9U$vJcq2KH.sJsgEMvX9iqNmWUiyumI25d7ap2fwNt9k0FBVrZZhis5P/lQBt/3I8m4HiR9aOSnW.DNhagVMJD..0";
};
home-manager.users.mog = { pkgs, ... }: {
imports = [ "${impermanence}/home-manager.nix" ];
programs.home-manager.enable = true;
home.persistence."/nix/persist/home/mog" = {
directories = [
".ssh" ".gnupg/private-keys-v1.d" ".gnupg/openpgp-revocs.d" "Downloads" "code" "downloads"
".config/dconf" ".config/hexchat" ".config/gnome-initial-setup-done"
".config/vlc" ".config/gtk-3.0" ".config/goa-1.0" ".config/Signal" ".config/Slack"
".cache/mozilla" ".mozilla"
".local/share/keyrings"
".local/share/gnome-settings-daemon"
".local/share/gnome-shell"
];
files = [ ".bash_history" ".gnupg/pubring.gpg" ".gnupg/secring.gpg" ".gnupg/trustdb.gpg" ];
};
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
enableExtraSocket = true;
enableSshSupport = true;
};
programs.direnv.enable = true;
programs.fzf.enable = true;
programs.command-not-found.enable = true;
programs.bash = {
enable = true;
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
initExtra = ''
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
'';
};
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.editor = false;
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.useDHCP = false;
networking.interfaces.wlan0.useDHCP = false;
services.udev = {
extraRules = ''
ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="34:13:e8:37:5c:fd", NAME="wlan0"
# Rule for USB Receiver
SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c53e", MODE="0660", TAG+="uaccess", GROUP="dialout"
# Rule when connected via Bluetooth
# Updated rule, thanks to Torsten Maehne (https://github.com/maehne)
SUBSYSTEMS=="input", ATTRS{name}=="SPOTLIGHT*", MODE="0660", TAG+="uaccess", GROUP="dialout"
'';
};
services.tlp.enable = true;
services.tlp.extraConfig = ''
USB_BLACKLIST="1d50:60e6 20a0:4108"
'';
services.openssh.enable = true;
services.blueman.enable = true;
virtualisation.docker.enable = true;
networking.firewall.enable = false;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.wacom.enable = true;
services.xserver.libinput.enable = true;
services.xserver.modules = [ pkgs.xf86_input_wacom ];
environment.variables = { MOZ_USE_XINPUT2="1"; };
services.xserver.layout = "us";
services.printing.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true;
hardware.pulseaudio.package = pkgs.pulseaudioFull;
hardware.bluetooth.enable = true;
services.logind.lidSwitch = "lock";
services.logind.lidSwitchDocked = "lock";
services.logind.lidSwitchExternalPower = "lock";
services.fstrim.enable = true;
services.fstrim.interval = "daily";
# Enable Wireguard
networking.wireguard.interfaces = {
wg0 = {
ips = [ "192.168.255.5/24" ];
privateKeyFile = "/nix/persist/wireguard/wireguard-private";
peers = [
{
publicKey = "U++AMnQZh5xnD2GL5ORgj1DTsu7CYvdy4akUMvD4yj8=";
allowedIPs = [ "192.168.255.0/24" ];
endpoint = "home.rldn.net:51820";
persistentKeepalive = 25;
}
];
};
};
services.avahi.enable = true;
services.avahi.nssmdns = true;
services.lorri.enable = true;
nixpkgs.overlays = [
(import (builtins.fetchTarball {
url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
}))
];
environment.systemPackages = with pkgs; [
vim
firefox
direnv
lorri
binutils-unwrapped
onboard
gnome3.gnome-tweak-tool
xorg.xeyes
vlc
hexchat
signal-desktop
slack
zoom-us
gpa
gnome3.evolution
evolution-ews
gnomeExtensions.night-theme-switcher
gnomeExtensions.caffeine
gnomeExtensions.clipboard-indicator
gnomeExtensions.appindicator
gnomeExtensions.drop-down-terminal
tilix
fzf
gitAndTools.gitFull
];
nixpkgs.config = {
pulseaudio = true;
allowUnfree = true;
packageOverrides = super: let self = super.pkgs; in {
steam = super.steam.override {
extraPkgs = p: with p; [
glxinfo # for diagnostics
nettools # for `hostname`, which some scripts expect
];
};
mplayer = super.mplayer.override {
pulseSupport = true;
};
};
};
programs.bash.enableCompletion = true;
console.keyMap = "us";
console.font = "Lat2-Terminus16";
i18n = {
defaultLocale = "en_US.UTF-8";
};
fonts = {
enableFontDir = true;
enableGhostscriptFonts = true;
fonts = with pkgs; [
inconsolata # monospaced
ubuntu_font_family # Ubuntu fonts
unifont # some international languages
corefonts
mononoki
victor-mono
ankacoder
ankacoder-condensed
terminus_font
terminus_font_ttf
];
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment