trespaul.com / config
My NixOS config.
fork atom
config / modules / common.nix
at main 233 lines 6.4 kB view raw
trespaul.com common: use kmscon; use run0 instead of sudo.
27cb0d9c
1{ inputs, lib, config, pkgs, ... }: 2 3{ 4 system.stateVersion = "23.11"; 5 6 nix = 7 { settings = 8 { experimental-features = 9 [ "nix-command" "flakes" "cgroups"] ++ 10 ( if config.nix.package.pname == "lix" 11 then [ "pipe-operator" ] 12 else [ "pipe-operators" ] 13 ); 14 trusted-users = [ "paul" ]; 15 auto-optimise-store = true; 16 use-xdg-base-directories = true; 17 use-cgroups = true; 18 warn-dirty = false; 19 substituters = 20 [ "https://nix-community.cachix.org" 21 "https://deploy-rs.cachix.org" 22 ]; 23 trusted-public-keys = 24 [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 25 "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" 26 ]; 27 }; 28 gc = 29 { automatic = true; 30 dates = "weekly"; 31 options = "--delete-older-than 5d"; 32 persistent = true; 33 }; 34 }; 35 36 boot = 37 { loader = 38 { systemd-boot = 39 { enable = true; 40 editor = false; 41 configurationLimit = 5; 42 }; 43 efi.canTouchEfiVariables = true; 44 }; 45 initrd.systemd.enable = true; 46 tmp.useTmpfs = true; 47 }; 48 49 networking = 50 { networkmanager.enable = true; 51 nftables.enable = true; 52 firewall = 53 { enable = true; 54 trustedInterfaces = [ "tailscale0" "virbr0" "vnet2" ]; 55 interfaces."podman*".allowedUDPPorts = [ 53 ]; 56 }; 57 hosts = 58 { "100.77.247.56" = # leontion 59 [ "miniflux.leontion.in.trespaul.com" 60 "home.leontion.in.trespaul.com" 61 # "actual.leontion.in.trespaul.com" 62 ]; 63 "100.121.98.126" = # metrodorus 64 [ "jelly.metrodorus.in.trespaul.com" ]; 65 }; 66 }; 67 68 powerManagement = 69 { enable = true; 70 powertop.enable = true; 71 }; 72 73 systemd.services = 74 { NetworkManager-wait-online.enable = false; 75 nix-daemon.environment.TMPDIR = "/var/tmp"; # don't use tmpfs 76 }; 77 78 time.timeZone = "Africa/Johannesburg"; 79 80 i18n = 81 { defaultLocale = "en_ZA.UTF-8"; 82 extraLocaleSettings.LC_TIME = "en_GB.UTF-8"; 83 }; 84 85 services = 86 { 87 thermald.enable = true; 88 throttled.enable = lib.mkDefault true; 89 dbus.implementation = "broker"; 90 power-profiles-daemon.enable = false; 91 fwupd.enable = true; 92 kmscon = 93 { enable = true; 94 fonts = [ { name = "Iosevka Extended"; package = pkgs.iosevka; } ]; 95 }; 96 97 auto-cpufreq = 98 { enable = true; 99 settings = 100 { charger.governor = "performance"; 101 battery = 102 { governor = "powersave"; 103 enable_thresholds = true; 104 start_threshold = 60; 105 stop_threshold = 80; 106 }; 107 }; 108 }; 109 110 system76-scheduler = 111 { enable = true; 112 settings.cfsProfiles.enable = true; 113 }; 114 115 xserver.xkb = 116 { layout = "za"; 117 variant = ""; 118 }; 119 120 }; 121 122 security = 123 { 124 # sudo-rs.enable = true; 125 sudo.enable = false; 126 run0.enableSudoAlias = true; 127 128 # for audio 129 rtkit.enable = true; 130 }; 131 132 hardware = 133 { graphics = 134 { enable = true; 135 extraPackages = with pkgs; 136 [ intel-media-driver 137 #intel-ocl 138 intel-compute-runtime 139 intel-vaapi-driver 140 libva-vdpau-driver 141 ]; 142 }; 143 bluetooth.enable = true; 144 }; 145 146 users = 147 { defaultUserShell = pkgs.zsh; 148 users = 149 let 150 authorizedKeys = 151 [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyBG5QyF1rZ9M7gm+cPVSpsWyGPgLQNKIrAn/EKmgEv paul@paulpad" ]; 152 in 153 { root.openssh.authorizedKeys.keys = authorizedKeys; 154 paul = 155 { isNormalUser = true; 156 description = "Paul Joubert"; 157 extraGroups = 158 [ "networkmanager" "wheel" "audio" "dialout" 159 "adbusers" "wireshark" "scanner" 160 ]; 161 shell = pkgs.nushell; 162 linger = true; 163 openssh.authorizedKeys.keys = authorizedKeys; 164 }; 165 }; 166 }; 167 168 programs = 169 { zsh.enable = true; # necessary for defaultUserShell 170 virt-manager.enable = true; 171 npm.npmrc = 172 '' 173 prefix=$\{XDG_DATA_HOME}/npm 174 cache=$\{XDG_CACHE_HOME}/npm 175 init-module=$\{XDG_CONFIG_HOME}/npm/config/npm-init.js 176 ''; 177 }; 178 179 virtualisation = 180 { libvirtd.enable = true; 181 containers.enable = true; 182 oci-containers.backend = "podman"; 183 podman = 184 { enable = true; 185 dockerCompat = true; 186 defaultNetwork.settings.dns_enabled = true; 187 }; 188 }; 189 190 191 nixpkgs.config = 192 { allowUnfree = true; 193 permittedInsecurePackages = []; 194 }; 195 196 environment = 197 { variables = 198 { EDITOR = "hx"; 199 PAGER = "bat"; 200 201 # user paths, not ideal here but doesn't work in home.nix? 202 ANDROID_HOME = "/home/paul/.local/share/android"; 203 ANDROID_USER_HOME = "/home/paul/.local/share/android"; 204 GNUPGHOME = "/home/paul/.local/share/gnupg"; 205 IPYTHONDIR = "/home/paul/.config/ipython"; 206 JUPYTER_CONFIG_DIR = "/home/paul/.config/jupyter"; 207 PYTHONSTARTUP = "/home/paul/.config/python/pythonrc"; 208 PARALLEL_HOME = "/home/paul/.config/parallel"; 209 CABAL_CONFIG = "/home/paul/.config/cabal/config"; 210 CABAL_DIR = "/home/paul/.local/share/cabal"; 211 CARGO_HOME = "/home/paul/.local/share/cargo"; 212 NODE_REPL_HISTORY = "/home/paul/.local/share/node_repl_history"; 213 RENPY_PATH_TO_SAVES = "/home/paul/.local/share/renpy"; 214 NPM_CONFIG_USERCONFIG = "/home/paul/.config/npm/npmrc"; 215 FLY_CONFIG_DIR = "/home/paul/.local/state/fly"; 216 }; 217 218 shells = with pkgs; [ zsh nushell ]; 219 220 systemPackages = with pkgs; 221 [ curl 222 git 223 helix 224 wget 225 bat 226 deploy-rs 227 libheif 228 libheif.out 229 ]; 230 231 pathsToLink = [ "share/thumbnailers" ]; 232 }; 233}