1 # Edit this configuration file to define what should be installed on
2 # your system. Help is available in the configuration.nix(5) man page
3 # and in the NixOS manual (accessible by running ‘nixos-help’).
5 { config, pkgs, inputs, lib, ... } @ args:
9 # tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet";
10 # session = "${pkgs.sway}/bin/sway";
12 wallpaper = pkgs.fetchurl {
13 url = "https://w.wallhaven.cc/full/ex/wallhaven-exrqrr.jpg";
14 sha256 = "sha256-RYN8KwJPDMfxrcosbpmjON0Y+I58IhB1Ke36LdohsxA=";
20 [ # Include the results of the hardware scan.
21 ./hardware-configuration.nix
22 inputs.home-manager.nixosModules.default
23 inputs.extra-container.nixosModules.default
24 inputs.microvm.nixosModules.host
28 boot.tmp.cleanOnBoot = true;
29 boot.loader.systemd-boot.enable = true;
30 boot.loader.efi.canTouchEfiVariables = true;
31 boot.plymouth.enable = true;
32 boot.plymouth.theme = "bgrt";
33 boot.initrd.verbose = false;
34 boot.initrd.systemd.enable = true;
35 boot.initrd.kernelModules = [ "amdgpu" ];
36 boot.consoleLogLevel = 0;
37 boot.kernelPackages = pkgs.linuxPackages_latest;
38 boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
40 # incus admin init --minimal
41 # incus image list images:
42 # incus launch images:ubuntu/noble <name>
43 # incus exec <name> -- /bin/bash
44 # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
45 # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
46 virtualisation.incus.enable = true;
47 virtualisation.incus.ui.enable = true;
48 networking.nftables.enable = true;
49 networking.firewall.trustedInterfaces = [ "incusbr0" ];
51 networking.hostName = "thinkpad"; # Define your hostname.
52 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
54 nix.settings.experimental-features = [ "nix-command" "flakes" ];
55 nix.settings.download-buffer-size = 500000000;
56 nix.settings.trusted-users = ["root" "ps"];
58 # Configure network proxy if necessary
59 # networking.proxy.default = "http://user:password@proxy:port/";
60 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
63 networking.networkmanager.enable = true;
66 time.timeZone = "Europe/Berlin";
68 # Select internationalisation properties.
69 i18n.defaultLocale = "de_DE.UTF-8";
71 i18n.extraLocaleSettings = {
72 LC_ADDRESS = "de_DE.UTF-8";
73 LC_IDENTIFICATION = "de_DE.UTF-8";
74 LC_MEASUREMENT = "de_DE.UTF-8";
75 LC_MONETARY = "de_DE.UTF-8";
76 LC_NAME = "de_DE.UTF-8";
77 LC_NUMERIC = "de_DE.UTF-8";
78 LC_PAPER = "de_DE.UTF-8";
79 LC_TELEPHONE = "de_DE.UTF-8";
80 LC_TIME = "de_DE.UTF-8";
83 programs.dconf.enable = true;
84 programs.steam.enable = true;
90 # privateNetwork = true;
91 localAddress = "10.23.45.2";
92 hostAddress = "10.23.45.1";
94 bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
95 bindMounts."/per".isReadOnly = false;
98 "--property='MemoryMax=60M'"
99 "--property='MemoryHigh=50M'"
100 "--property='CPUQuota=4%'"
103 config = { config, pkgs, ... }: {
104 imports = [ inputs.impermanence.nixosModules.impermanence ];
106 environment.persistence."/per" = {
110 { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
114 environment.systemPackages = with pkgs; [ helix python312 deno ];
116 users.users.ps = { isNormalUser = true; };
118 networking.firewall.allowedTCPPorts = [ 80 8080 ];
120 system.stateVersion = "25.05";
124 networking.nat.enable = true;
125 networking.nat.internalInterfaces = ["ve-+"];
126 networking.nat.externalInterface = "eth0";
127 networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
132 defaultSession = "xfce+i3";
135 plasma6.enable = true;
146 package = pkgs.qogir-theme;
150 package = pkgs.qogir-icon-theme;
153 name = "volantes_light_cursors";
154 package = pkgs.volantes-cursors;
157 background = "${wallpaper}";
162 xterm.enable = false;
169 windowManager.i3.enable = true;
170 windowManager.awesome.enable = true;
171 windowManager.herbstluftwm.enable = true;
175 variant = "nodeadkeys";
176 options = "caps:ctrl_modifier";
178 excludePackages = [ pkgs.xterm ];
179 videoDrivers = ["amdgpu"];
180 # libinput.enable = true;
184 systemd.user.services.plasma-i3wm = {
185 wantedBy = [ "plasma-workspace-x11.target" ];
186 description = "Launch Plasma with i3";
187 before = [ "plasma-workspace-x11.target" ];
188 environment = lib.mkForce {};
190 ExecStart = "${pkgs.i3}/bin/i3";
191 Restart = "on-failure";
194 systemd.user.services.plasma-kwin_x11.enable = false;
196 services.autorandr = {
201 "set-wallpaper" = "set-wallpaper";
206 services.syncthing = {
209 dataDir = "/home/ps/sync";
210 configDir = "/home/ps/.config/syncthing";
213 # services.auto-cpufreq.enable = true;
214 services.auto-cpufreq.settings = {
216 governor = "powersave";
220 governor = "performance";
228 # CPU_SCALING_GOVERNOR_ON_AC = "performance";
229 # CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
231 # CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
232 # CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
234 # PLATFORM_PROFILE_ON_AC = "balanced";
235 # PLATFORM_PROFILE_ON_BAT = "low-power";
237 # CPU_BOOST_ON_AC = "1";
238 # CPU_BOOST_ON_BAT = "0";
240 # AMDGPU_ABM_LEVEL_ON_AC = "0";
241 # AMDGPU_ABM_LEVEL_ON_BAT = "3";
243 # CPU_MIN_PERF_ON_AC = 0;
244 # CPU_MAX_PERF_ON_AC = 100;
245 # CPU_MIN_PERF_ON_BAT = 0;
246 # CPU_MAX_PERF_ON_BAT = 20;
248 # # START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge
249 # STOP_CHARGE_THRESH_BAT0 = 90; # 85 and above it stops charging
253 services.udev.extraRules = ''
254 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
262 extraPackages = with pkgs; [
271 support32Bit.enable = true;
275 # services.logind = {
276 # extraConfig = "HandlePowerKey=suspend";
277 # lidSwitch = "suspend";
280 # Configure console keymap
281 console.keyMap = "de-latin1-nodeadkeys";
283 # Enable CUPS to print documents.
284 services.printing.enable = true;
285 services.printing.drivers = [ pkgs.gutenprint ];
288 hardware.sane.enable = true;
289 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
290 services.avahi.enable = true;
291 services.avahi.nssmdns4 = true;
292 services.avahi.reflector = true;
293 services.udev.packages = [ pkgs.sane-airscan ];
296 hardware.bluetooth.enable = true;
297 hardware.bluetooth.powerOnBoot = false;
298 # services.blueman.enable = true;
300 # Enable sound with pipewire.
301 services.pulseaudio.enable = false;
302 security.rtkit.enable = true;
303 services.pipewire = {
306 alsa.support32Bit = true;
308 # If you want to use JACK applications, uncomment this
311 # use the example session manager (no others are packaged yet so this is enabled by default,
312 # no need to redefine it in your config for now)
313 #media-session.enable = true;
319 # Enable touchpad support (enabled default in most desktopManager).
320 # services.libinput.touchpad = {
321 # naturalScrolling = false;
324 # Define a user account. Don't forget to set a password with ‘passwd’.
325 users.groups.ssh = {};
329 description = "Patrick";
331 extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
334 # isSystemUser = true;
347 initialPassword = "chirp";
351 security.polkit.enable = true;
352 security.sudo.wheelNeedsPassword = false;
355 backupFileExtension = "backup";
361 "ps" = import ./home-ps.nix;
364 (import ./home-common.nix)
368 # Enable automatic login for the user.
369 # services.displayManager.autoLogin.enable = true;
370 # services.displayManager.autoLogin.user = "ps";
371 # services.getty.autologinUser = "ps";
373 # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
374 # systemd.services."getty@tty1".enable = false;
375 # systemd.services."autovt@tty1".enable = false;
377 # Allow unfree packages
378 nixpkgs.config.allowUnfree = true;
381 environment.variables = {
382 RUSTICL_ENABLE = "radeonsi";
384 # List packages installed in system profile. To search, run:
386 environment.systemPackages = with pkgs; [
387 args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master
388 args.inputs.zls.packages.${pkgs.system}.zls
389 args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice
390 args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban
391 vim wget file git kitty i3 gdb
395 asciinema asciinema-agg
412 xfce.xfce4-pulseaudio-plugin
413 # xfce.xfce4-verve-plugin
414 xfce.xfce4-notes-plugin
415 # xfce.xfce4-timer-plugin
416 # xfce.xfce4-windowck-plugin
417 xfce.thunar-archive-plugin
418 # xfce.xfce4-i3-workspaces-plugin
419 # xfce.xfce4-xkb-plugin
420 xfce.xfce4-whiskermenu-plugin
424 programs.xfconf.enable = true;
425 programs.nix-ld.enable = true;
427 services.fwupd.enable = true;
429 # Some programs need SUID wrappers, can be configured further or are
430 # started in user sessions.
431 # programs.mtr.enable = true;
432 # programs.gnupg.agent = {
434 # enableSSHSupport = true;
437 # List services that you want to enable:
439 # Enable the OpenSSH daemon.
444 # PasswordAuthentication = false;
445 # PermitRootLogin = "no";
447 # authorizedKeysCommand =
448 # let keys = pkgs.writers.writePython3Bin "keys" {} ''
456 # "${keys}/bin/keys";
457 # authorizedKeysCommandUser = "ps";
460 # Open ports in the firewall.
461 networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ];
462 networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ];
463 # Or disable the firewall altogether.
464 # networking.firewall.enable = false;
466 # This value determines the NixOS release from which the default
467 # settings for stateful data, like file locations and database versions
468 # on your system were taken. It‘s perfectly fine and recommended to leave
469 # this value at the release version of the first install of this system.
470 # Before changing this value read the documentation for this option
471 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
472 system.stateVersion = "24.05"; # Did you read the comment?
projects / flake_thinkpad / blob