jeffydc.xyz
My Nix Infra
nix
nixos
1{
2 config,
3 pkgs,
4 ...
5}@inputs:
6with inputs;
7let
8 my = config.my;
9in
10{
11 imports = [
12 ./config.nix
13 ./desktop.nix
14 ];
15
16 # Linux FHS
17 # https://github.com/Mic92/nix-ld
18 programs.nix-ld = {
19 enable = true;
20 };
21 programs.ssh = {
22 enableAskPassword = true;
23 startAgent = true;
24 extraConfig = "AddKeysToAgent yes";
25 };
26 programs.gnupg.agent.enable = true;
27
28 # fonts
29 fonts = {
30 enableDefaultPackages = true;
31 fontDir.enable = true;
32
33 packages = with pkgs; [
34 font-awesome
35
36 noto-fonts
37 noto-fonts-cjk-serif
38 noto-fonts-cjk-sans
39 noto-fonts-color-emoji
40
41 # source-sans
42 # source-serif
43 # source-han-sans
44 # source-han-serif
45
46 jetbrains-mono
47 ];
48
49 fontconfig.defaultFonts = {
50 serif = [
51 "Noto Serif"
52 # "Source Han Serif SC"
53 # "Source Han Serif TC"
54 "Noto Color Emoji"
55 ];
56 sansSerif = [
57 "Noto Sans"
58 # "Source Han Sans SC"
59 # "Source Han Sans TC"
60 "Noto Color Emoji"
61 ];
62 monospace = [
63 "JetBrainsMono"
64 "Noto Color Emoji"
65 ];
66 emoji = [ "Noto Color Emoji" ];
67 };
68 };
69
70 # gui apps
71 environment.systemPackages =
72 with pkgs;
73 [
74 brave
75 discord
76 ghostty
77 mpv
78 sublime-merge
79 telegram-desktop
80 vscode
81 # xdg
82 xdg-utils
83 xdg-user-dirs
84 ]
85 ++ import ./pkgs.nix { inherit pkgs; };
86 programs.firefox = {
87 enable = true;
88 preferences = {
89 "apz.overscroll.enabled" = false;
90 };
91 };
92 programs.chromium = {
93 enable = true;
94 extensions = [
95 "nngceckbapebfimnlniiiahkandclblb" # Bitwarden
96 "nhdogjmejiglipccpnnnanhbledajbpd" # Vue devtools
97 "ophjlpahpchlmihnnnihgmmeilfjmjjc" # LINE
98 ];
99 extraOpts = {
100 "DnsOverHttpsMode" = "automatic";
101 };
102 };
103
104 # locale
105 time.timeZone = "Asia/Taipei";
106 i18n.inputMethod = {
107 enable = true;
108 type = "fcitx5";
109 fcitx5 = {
110 addons = with pkgs; [
111 fcitx5-rime
112 fcitx5-gtk
113 ];
114 waylandFrontend = true;
115 };
116 };
117 i18n.defaultLocale = "en_US.UTF-8";
118 i18n.extraLocaleSettings = {
119 LC_ADDRESS = "en_US.UTF-8";
120 LC_IDENTIFICATION = "en_US.UTF-8";
121 LC_MEASUREMENT = "en_US.UTF-8";
122 LC_MONETARY = "en_US.UTF-8";
123 LC_NAME = "en_US.UTF-8";
124 LC_NUMERIC = "en_US.UTF-8";
125 LC_PAPER = "en_US.UTF-8";
126 LC_TELEPHONE = "en_US.UTF-8";
127 LC_TIME = "ja_JP.UTF-8";
128 };
129
130 # nix settings
131 nixpkgs.config.allowUnfree = true;
132 nix = {
133 settings = {
134 experimental-features = "nix-command flakes";
135 auto-optimise-store = true;
136 };
137 gc = {
138 automatic = true;
139 options = "--delete-older-than 7d";
140 dates = "weekly";
141 };
142 channel.enable = false;
143 };
144
145 # virtualisation
146 virtualisation.podman = {
147 enable = true;
148 dockerCompat = false;
149 autoPrune = {
150 enable = false;
151 dates = "weekly";
152 };
153 };
154 virtualisation.docker = {
155 enable = true;
156 autoPrune = {
157 enable = false;
158 dates = "weekly";
159 };
160 };
161 virtualisation.virtualbox = {
162 host = {
163 enable = false;
164 };
165 };
166
167 # users
168 programs.fish.enable = true;
169 users = {
170 mutableUsers = true;
171 groups.${my.username} = { };
172 users.${my.username} = {
173 home = "/home/${my.username}";
174 name = "${my.username}";
175 description = "${my.username}";
176 isNormalUser = true;
177 shell = my.shell;
178 initialHashedPassword = "$y$j9T$O7VoQkhQTjxjK598z6hMG1$aSZFDwnZng.WpV6ulvT.Dt0qul5cnZAolnHnT8N9mZ4";
179 extraGroups = [
180 "${my.username}"
181 "networkmanager"
182 "wheel"
183 ];
184 };
185 };
186
187 boot.tmp.useTmpfs = true;
188 systemd.services.nix-daemon = {
189 environment.TMPDIR = "/var/tmp";
190 };
191
192 services.power-profiles-daemon.enable = false;
193 services.tlp.enable = true;
194
195 services.displayManager.sddm = {
196 enable = true;
197 wayland.enable = true;
198 };
199
200 services.xserver = {
201 enable = false;
202 };
203
204 services.printing.enable = false;
205
206 # Enable sound with pipewire.
207 security.rtkit.enable = true;
208 services.pulseaudio.enable = false;
209 services.pipewire = {
210 enable = true;
211 alsa.enable = true;
212 alsa.support32Bit = true;
213 pulse.enable = true;
214 # If you want to use JACK applications, uncomment this
215 # jack.enable = true;
216
217 # use the example session manager (no others are packaged yet so this is enabled by default,
218 # no need to redefine it in your config for now)
219 # media-session.enable = true;
220 };
221
222 # Fuse filesystem that returns symlinks to executables based on the PATH of
223 # the requesting process. This is useful to execute shebangs on NixOS that
224 # assume hard coded locations in locations like /bin or /usr/bin etc.
225 services.envfs.enable = true;
226
227 # Bluetooth
228 hardware.bluetooth.enable = true;
229
230 networking = {
231 networkmanager.enable = true;
232 networkmanager.insertNameservers = [ "1.1.1.1" ];
233 };
234
235 # https://discourse.nixos.org/t/slow-build-at-building-man-cache/52365/3
236 documentation.man.generateCaches = false;
237
238 security.pki.certificates = [
239 # csrootca
240 ''
241 -----BEGIN CERTIFICATE-----
242 MIIGfTCCBGWgAwIBAgIJANtNHd4pchD1MA0GCSqGSIb3DQEBDQUAMIHUMQswCQYD
243 VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMRYwFAYDVQQHDA1Ic2luLUNodSBDaXR5
244 MScwJQYDVQQKDB5OYXRpb25hbCBDaGlhby1UdW5nIFVuaXZlcnNpdHkxJzAlBgNV
245 BAsMHkRlcGFydG1lbnQgb2YgQ29tcHV0ZXIgU2NpZW5jZTEmMCQGA1UEAwwdTkNU
246 VSBDUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEWE2hlbHBA
247 Y3MubmN0dS5lZHUudHcwHhcNMTcxMjA2MTc0MzE2WhcNMjcxMjA0MTc0MzE2WjCB
248 1DELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEWMBQGA1UEBwwNSHNpbi1D
249 aHUgQ2l0eTEnMCUGA1UECgweTmF0aW9uYWwgQ2hpYW8tVHVuZyBVbml2ZXJzaXR5
250 MScwJQYDVQQLDB5EZXBhcnRtZW50IG9mIENvbXB1dGVyIFNjaWVuY2UxJjAkBgNV
251 BAMMHU5DVFUgQ1MgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkB
252 FhNoZWxwQGNzLm5jdHUuZWR1LnR3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
253 CgKCAgEAvOZF59xipyzkRVbWTqMCf94ucr4ze6mTtctDnqpFFRfFC0ksXKVFZbhf
254 /N9dSTw+i8WJQY/RZc5jHNx7E+fnNdURBQniyuiXBTTicoVYp1Uef56CAYbEZDfp
255 VQmmovcGv8gEuZ4L/CFMwsFFFab2epS7A7u7wk0dnhFBpvC0RigqQIwtlBc/M0WA
256 a8C9cwBzxpblpa0TY3pMbI3KPxLnflTrlPqCrlcWCuChen3Z1Lzu5C9EgavPJsYU
257 bmGwOayP4cie59dVYzCrmi6/XHMsfWuJ4vAHVOJqV1JeKbS65MfOVE+UVNKAGaLO
258 a6RaVcy0M5IAhTGSi+kZeBgVC0c5yoNZ7NHyG1EOOBg6CoNsWW4B8F2780s6ofRG
259 Ukl2+HGf6nvqgUsU3cyyZ09OFk4gDTPAj24VSG5uAdCUst1aaTxwl2yr1jNHSy3R
260 pxjGkx7DGWBveRwFl9sTxAyD+k/7eJ+ygJk4D5JxaMsOM334aBwsYoqhzwePL7SC
261 LXcj92qj4DFasCmQSFUpKkT7YLJvTi16RwGM2qGklSTfxm5jWCI6XXNTkgyPZXZd
262 76QnyCkT3w224M/g5MziPFyMrHfYnJl2tX2AKq6qS32uk6UQw1FH4lpxPuLc5F//
263 yXG4/5j3+apMm3jhFcIQ3vuqZV3kz88HeeuBPbRwajkrhPxS/BcCAwEAAaNQME4w
264 HQYDVR0OBBYEFNPLn9RQJ0u6prsffVi3a0QGxSgjMB8GA1UdIwQYMBaAFNPLn9RQ
265 J0u6prsffVi3a0QGxSgjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIB
266 AGd5PjBAeWqpAM7kaGrKHY/d+kS1tKPH/c9HJcIsrZGNImKyuJ0KXLhmwIBMrARQ
267 9Ly2km8FZEo1LKPd6EYzKzru/xUdY/vz2UO/4aouOyNn6rI9umXaahPKElSN6gka
268 NIPY7DpGcaCmtMzE13e7wbh9IkqwWPrzRNwaZKybWyWp6/AJCSc6PoqqW0+3plBA
269 XuCDlM6XJF8duqWcdJKBcdCwdYdrHtb0xcwEG4XF+G04R6uEA0AfCIylvwjOAKN/
270 5AeiYJ+hz837XE3i1CZmsNR5uo1erijVuyMN8DD/9pr2QwYP/4b7nCSDMckTrHez
271 um7gMtYIoy4OnLvSddjUboRpor/iaE1H/3LK1gvnMbII45EhUdPKIN2/nlfY0g5T
272 jx9OW2UXl33WlZT7oA1II87CV2H6k72TnH6fDjGFepWPsnJQ+Fk7+zHSbJEIFJzr
273 49rK+dahSjt3C9GB7aJu/NOhGA1W8iaWEyYPO/FOfmvJZwMlZgbeN0utWyJ1zsi5
274 DWaofN3JwjaAD4nJfIbTF1iINJ3NhjIRETTQ31G/AWhV8H8ZCK+4iE+rQ3OuWzYU
275 vd5u4z/jaVcUnJKukM0e9VAgxEC7A8rRFgko5XjKXrCZgkzbhQWA0uzYvx0ghIMe
276 x8AH/WxuNFhZq3OmgppgVaGeuOvN7xSEbLACAOekJWp1
277 -----END CERTIFICATE-----
278 ''
279 ];
280
281 # This value determines the NixOS release from which the default
282 # settings for stateful data, like file locations and database versions
283 # on your system were taken. It‘s perfectly fine and recommended to leave
284 # this value at the release version of the first install of this system.
285 # Before changing this value read the documentation for this option
286 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
287 system.stateVersion = "25.05"; # Did you read the comment?
288}