1 # Edit this configuration file to define what should be installed on
2 # your system. Help is available in the configuration.nix(5) man page
3 # and in the NixOS manual (accessible by running ‘nixos-help’).
5 { config, pkgs, inputs, lib, ... } @ args:
9 # tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet";
10 # session = "${pkgs.sway}/bin/sway";
12 wallpaper = pkgs.fetchurl {
13 url = "https://w.wallhaven.cc/full/ex/wallhaven-exrqrr.jpg";
14 sha256 = "sha256-RYN8KwJPDMfxrcosbpmjON0Y+I58IhB1Ke36LdohsxA=";
20 [ # Include the results of the hardware scan.
21 ./hardware-configuration.nix
22 inputs.home-manager.nixosModules.default
23 inputs.extra-container.nixosModules.default
24 inputs.microvm.nixosModules.host
25 inputs.fakwin.nixosModules.default
29 boot.tmp.cleanOnBoot = true;
30 boot.loader.systemd-boot.enable = true;
31 boot.loader.efi.canTouchEfiVariables = true;
32 boot.plymouth.enable = true;
33 boot.plymouth.theme = "bgrt";
34 boot.initrd.verbose = false;
35 boot.initrd.systemd.enable = true;
36 boot.initrd.kernelModules = [ "amdgpu" ];
37 boot.consoleLogLevel = 0;
38 boot.kernelPackages = pkgs.linuxPackages_latest;
39 boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
41 # incus admin init --minimal
42 # incus image list images:
43 # incus launch images:ubuntu/noble <name>
44 # incus exec <name> -- /bin/bash
45 # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
46 # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
47 virtualisation.incus.enable = true;
48 virtualisation.incus.ui.enable = true;
49 networking.nftables.enable = true;
50 networking.firewall.trustedInterfaces = [ "incusbr0" ];
52 networking.hostName = "thinkpad"; # Define your hostname.
53 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
55 nix.settings.experimental-features = [ "nix-command" "flakes" ];
56 nix.settings.download-buffer-size = 500000000;
57 nix.settings.trusted-users = ["root" "ps"];
59 # Configure network proxy if necessary
60 # networking.proxy.default = "http://user:password@proxy:port/";
61 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
64 networking.networkmanager.enable = true;
67 time.timeZone = "Europe/Berlin";
69 # Select internationalisation properties.
70 i18n.defaultLocale = "de_DE.UTF-8";
72 i18n.extraLocaleSettings = {
73 LC_ADDRESS = "de_DE.UTF-8";
74 LC_IDENTIFICATION = "de_DE.UTF-8";
75 LC_MEASUREMENT = "de_DE.UTF-8";
76 LC_MONETARY = "de_DE.UTF-8";
77 LC_NAME = "de_DE.UTF-8";
78 LC_NUMERIC = "de_DE.UTF-8";
79 LC_PAPER = "de_DE.UTF-8";
80 LC_TELEPHONE = "de_DE.UTF-8";
81 LC_TIME = "de_DE.UTF-8";
84 programs.dconf.enable = true;
85 programs.steam.enable = true;
91 # privateNetwork = true;
92 localAddress = "10.23.45.2";
93 hostAddress = "10.23.45.1";
95 bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
96 bindMounts."/per".isReadOnly = false;
99 "--property='MemoryMax=60M'"
100 "--property='MemoryHigh=50M'"
101 "--property='CPUQuota=4%'"
104 config = { config, pkgs, ... }: {
105 imports = [ inputs.impermanence.nixosModules.impermanence ];
107 environment.persistence."/per" = {
111 { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
115 environment.systemPackages = with pkgs; [ helix python312 deno ];
117 users.users.ps = { isNormalUser = true; };
119 networking.firewall.allowedTCPPorts = [ 80 8080 ];
121 system.stateVersion = "25.05";
125 networking.nat.enable = true;
126 networking.nat.internalInterfaces = ["ve-+"];
127 networking.nat.externalInterface = "eth0";
128 networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
134 sddm.autoLogin.relogin = true;
135 defaultSession = "xfce+i3";
138 plasma6.enable = true;
147 name = "plasma-i3wm";
148 start = "KDEWM=${pkgs.i3}/bin/i3 /run/current-system/sw/bin/startplasma-x11";
154 xterm.enable = false;
155 wallpaper.mode = "center";
162 windowManager.i3.enable = true;
163 # windowManager.awesome.enable = true;
164 # windowManager.herbstluftwm.enable = true;
168 variant = "nodeadkeys";
169 options = "caps:ctrl_modifier";
171 excludePackages = [ pkgs.xterm ];
172 videoDrivers = ["amdgpu"];
173 # libinput.enable = true;
177 systemd.user.services.plasma-kwin_x11.enable = false;
178 services.fakwin.enable = true;
180 services.autorandr = {
185 "set-wallpaper" = "set-wallpaper";
190 services.syncthing = {
193 dataDir = "/home/ps/sync";
194 configDir = "/home/ps/.config/syncthing";
197 # services.auto-cpufreq.enable = true;
198 services.auto-cpufreq.settings = {
200 governor = "powersave";
204 governor = "performance";
212 # CPU_SCALING_GOVERNOR_ON_AC = "performance";
213 # CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
215 # CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
216 # CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
218 # PLATFORM_PROFILE_ON_AC = "balanced";
219 # PLATFORM_PROFILE_ON_BAT = "low-power";
221 # CPU_BOOST_ON_AC = "1";
222 # CPU_BOOST_ON_BAT = "0";
224 # AMDGPU_ABM_LEVEL_ON_AC = "0";
225 # AMDGPU_ABM_LEVEL_ON_BAT = "3";
227 # CPU_MIN_PERF_ON_AC = 0;
228 # CPU_MAX_PERF_ON_AC = 100;
229 # CPU_MIN_PERF_ON_BAT = 0;
230 # CPU_MAX_PERF_ON_BAT = 20;
232 # # START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge
233 # STOP_CHARGE_THRESH_BAT0 = 90; # 85 and above it stops charging
237 services.udev.extraRules = ''
238 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
246 extraPackages = with pkgs; [
255 support32Bit.enable = true;
259 # services.logind = {
260 # extraConfig = "HandlePowerKey=suspend";
261 # lidSwitch = "suspend";
264 # Configure console keymap
265 console.keyMap = "de-latin1-nodeadkeys";
267 # Enable CUPS to print documents.
268 services.printing.enable = true;
269 services.printing.drivers = [ pkgs.gutenprint ];
272 hardware.sane.enable = true;
273 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
274 services.avahi.enable = true;
275 services.avahi.nssmdns4 = true;
276 services.avahi.reflector = true;
277 services.udev.packages = [ pkgs.sane-airscan ];
280 hardware.bluetooth.enable = true;
281 hardware.bluetooth.powerOnBoot = false;
282 # services.blueman.enable = true;
284 # Enable sound with pipewire.
285 services.pulseaudio.enable = false;
286 security.rtkit.enable = true;
287 services.pipewire = {
290 alsa.support32Bit = true;
292 # If you want to use JACK applications, uncomment this
295 # use the example session manager (no others are packaged yet so this is enabled by default,
296 # no need to redefine it in your config for now)
297 #media-session.enable = true;
303 # Enable touchpad support (enabled default in most desktopManager).
304 # services.libinput.touchpad = {
305 # naturalScrolling = false;
308 # Define a user account. Don't forget to set a password with ‘passwd’.
309 users.groups.ssh = {};
313 description = "Patrick";
315 extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
318 # isSystemUser = true;
331 initialPassword = "chirp";
335 security.polkit.enable = true;
336 security.sudo.wheelNeedsPassword = false;
339 backupFileExtension = "backup";
345 "ps" = import ./home-ps.nix;
346 "root" = { home.stateVersion = "24.05"; };
349 (import ./home-common.nix)
353 # Enable automatic login for the user.
354 # services.displayManager.autoLogin.enable = true;
355 # services.displayManager.autoLogin.user = "ps";
356 # services.getty.autologinUser = "ps";
358 # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
359 # systemd.services."getty@tty1".enable = false;
360 # systemd.services."autovt@tty1".enable = false;
362 # Allow unfree packages
363 nixpkgs.config.allowUnfree = true;
366 environment.variables = {
367 RUSTICL_ENABLE = "radeonsi";
369 # List packages installed in system profile. To search, run:
371 environment.systemPackages = with pkgs; [
372 args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master
373 args.inputs.zls.packages.${pkgs.system}.zls
374 args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice
375 args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban
376 vim wget file git kitty i3 gdb
380 asciinema asciinema-agg
400 xfce.xfce4-pulseaudio-plugin
401 # xfce.xfce4-verve-plugin
402 xfce.xfce4-notes-plugin
403 # xfce.xfce4-timer-plugin
404 # xfce.xfce4-windowck-plugin
405 xfce.thunar-archive-plugin
406 # xfce.xfce4-i3-workspaces-plugin
407 # xfce.xfce4-xkb-plugin
408 xfce.xfce4-whiskermenu-plugin
412 programs.xfconf.enable = true;
413 programs.nix-ld.enable = true;
414 programs.direnv.enable = true;
415 programs.direnv.nix-direnv.enable = true;
417 services.fwupd.enable = true;
419 # Some programs need SUID wrappers, can be configured further or are
420 # started in user sessions.
421 # programs.mtr.enable = true;
422 # programs.gnupg.agent = {
424 # enableSSHSupport = true;
427 # List services that you want to enable:
429 # Enable the OpenSSH daemon.
434 # PasswordAuthentication = false;
435 # PermitRootLogin = "no";
437 # authorizedKeysCommand =
438 # let keys = pkgs.writers.writePython3Bin "keys" {} ''
446 # "${keys}/bin/keys";
447 # authorizedKeysCommandUser = "ps";
450 # Open ports in the firewall.
451 networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ];
452 networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ];
453 # Or disable the firewall altogether.
454 # networking.firewall.enable = false;
456 # This value determines the NixOS release from which the default
457 # settings for stateful data, like file locations and database versions
458 # on your system were taken. It‘s perfectly fine and recommended to leave
459 # this value at the release version of the first install of this system.
460 # Before changing this value read the documentation for this option
461 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
462 system.stateVersion = "24.05"; # Did you read the comment?
projects / flake_thinkpad / blob