# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, inputs, lib, ... } @ args: let # tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet"; # session = "${pkgs.sway}/bin/sway"; # username = "ps"; wallpaper = pkgs.fetchurl { url = "https://w.wallhaven.cc/full/ex/wallhaven-exrqrr.jpg"; sha256 = "sha256-RYN8KwJPDMfxrcosbpmjON0Y+I58IhB1Ke36LdohsxA="; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix inputs.home-manager.nixosModules.default inputs.extra-container.nixosModules.default inputs.microvm.nixosModules.host inputs.fakwin.nixosModules.default ]; # Bootloader. boot.tmp.cleanOnBoot = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.plymouth.enable = true; boot.plymouth.theme = "bgrt"; boot.initrd.verbose = false; boot.initrd.systemd.enable = true; boot.initrd.kernelModules = [ "amdgpu" ]; boot.consoleLogLevel = 0; boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ]; # incus admin init --minimal # incus image list images: # incus launch images:ubuntu/noble # incus exec -- /bin/bash # incus exec -- adduser --shell /bin/bash --ingroup sudo ps # incus exec -- su - ps -c 'tmux new-session -A -s main' virtualisation.incus.enable = true; virtualisation.incus.ui.enable = true; networking.nftables.enable = true; networking.firewall.trustedInterfaces = [ "incusbr0" ]; networking.hostName = "thinkpad"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.download-buffer-size = 500000000; nix.settings.trusted-users = ["root" "ps"]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "de_DE.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; programs.dconf.enable = true; programs.steam.enable = true; # Containers containers = { im = { ephemeral = true; # privateNetwork = true; localAddress = "10.23.45.2"; hostAddress = "10.23.45.1"; bindMounts."/per".hostPath = "/var/lib/nixos-containers/im"; bindMounts."/per".isReadOnly = false; extraFlags = [ "--property='MemoryMax=60M'" "--property='MemoryHigh=50M'" "--property='CPUQuota=4%'" ]; config = { config, pkgs, ... }: { imports = [ inputs.impermanence.nixosModules.impermanence ]; environment.persistence."/per" = { directories = [ "/var/log" "/var/lib" { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; } ]; files = []; }; environment.systemPackages = with pkgs; [ helix python312 deno ]; users.users.ps = { isNormalUser = true; }; networking.firewall.allowedTCPPorts = [ 80 8080 ]; system.stateVersion = "25.05"; }; }; }; networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "eth0"; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; # Services services = { displayManager = { sddm.enable = true; sddm.autoLogin.relogin = true; defaultSession = "xfce+i3"; }; desktopManager = { plasma6.enable = true; }; xserver = { enable = true; displayManager = { session = [ { manage = "desktop"; name = "plasma-i3wm"; start = "KDEWM=${pkgs.i3}/bin/i3 /run/current-system/sw/bin/startplasma-x11"; } ]; }; desktopManager = { xterm.enable = false; wallpaper.mode = "center"; xfce = { enable = true; noDesktop = true; enableXfwm = false; }; }; windowManager.i3.enable = true; # windowManager.awesome.enable = true; # windowManager.herbstluftwm.enable = true; xkb = { layout = "de"; variant = "nodeadkeys"; options = "caps:ctrl_modifier"; }; excludePackages = [ pkgs.xterm ]; videoDrivers = ["amdgpu"]; # libinput.enable = true; }; }; systemd.user.services.plasma-kwin_x11.enable = false; services.fakwin.enable = true; services.autorandr = { enable = true; matchEdid = true; hooks = { postswitch = { "set-wallpaper" = "set-wallpaper"; }; }; }; services.syncthing = { enable = true; user = "ps"; dataDir = "/home/ps/sync"; configDir = "/home/ps/.config/syncthing"; }; # services.auto-cpufreq.enable = true; services.auto-cpufreq.settings = { battery = { governor = "powersave"; turbo = "never"; }; charger = { governor = "performance"; turbo = "auto"; }; }; # services.tlp = { # enable = true; # settings = { # CPU_SCALING_GOVERNOR_ON_AC = "performance"; # CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; # # CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; # CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; # # PLATFORM_PROFILE_ON_AC = "balanced"; # PLATFORM_PROFILE_ON_BAT = "low-power"; # # CPU_BOOST_ON_AC = "1"; # CPU_BOOST_ON_BAT = "0"; # # AMDGPU_ABM_LEVEL_ON_AC = "0"; # AMDGPU_ABM_LEVEL_ON_BAT = "3"; # # CPU_MIN_PERF_ON_AC = 0; # CPU_MAX_PERF_ON_AC = 100; # CPU_MIN_PERF_ON_BAT = 0; # CPU_MAX_PERF_ON_BAT = 20; # # # START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge # STOP_CHARGE_THRESH_BAT0 = 90; # 85 and above it stops charging # }; # }; services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" ''; # OpenGL hardware = { graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ rocmPackages.clr.icd mesa.opencl amf ]; }; amdgpu.amdvlk = { enable = true; support32Bit.enable = true; }; }; # services.logind = { # extraConfig = "HandlePowerKey=suspend"; # lidSwitch = "suspend"; # }; # Configure console keymap console.keyMap = "de-latin1-nodeadkeys"; # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint ]; # Enable scanners hardware.sane.enable = true; hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ]; services.avahi.enable = true; services.avahi.nssmdns4 = true; services.avahi.reflector = true; services.udev.packages = [ pkgs.sane-airscan ]; # Enable Bluetooth hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = false; # services.blueman.enable = true; # Enable sound with pipewire. services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; services.jack = { jackd.enable = true; }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.touchpad = { # naturalScrolling = false; # }; # Define a user account. Don't forget to set a password with ‘passwd’. users.groups.ssh = {}; users.users = { ps = { isNormalUser = true; description = "Patrick"; shell = pkgs.bash; extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ]; }; # sshd = { # isSystemUser = true; # packages = [ # pkgs.python3 # ]; # group = "ssh"; # }; chirp = { isSystemUser = true; packages = [ pkgs.python3 ]; group = "ssh"; shell = pkgs.bash; initialPassword = "chirp"; }; }; security.polkit.enable = true; security.sudo.wheelNeedsPassword = false; home-manager = { backupFileExtension = "backup"; extraSpecialArgs = { inherit inputs; inherit wallpaper; }; users = { "ps" = import ./home-ps.nix; "root" = { home.stateVersion = "24.05"; }; }; sharedModules = [ (import ./home-common.nix) ]; }; # Enable automatic login for the user. # services.displayManager.autoLogin.enable = true; # services.displayManager.autoLogin.user = "ps"; # services.getty.autologinUser = "ps"; # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 # systemd.services."getty@tty1".enable = false; # systemd.services."autovt@tty1".enable = false; # Allow unfree packages nixpkgs.config.allowUnfree = true; environment.variables = { RUSTICL_ENABLE = "radeonsi"; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master args.inputs.zls.packages.${pkgs.system}.zls args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban vim wget file git kitty i3 gdb mosh cmake entr asciinema asciinema-agg shellify deno typst jdt-language-server google-java-format scrcpy xsel xcwd pinta mupdf davinci-resolve pavucontrol syncthingtray # xfce plugins xfce.xfce4-panel xfce.xfce4-pulseaudio-plugin # xfce.xfce4-verve-plugin xfce.xfce4-notes-plugin # xfce.xfce4-timer-plugin # xfce.xfce4-windowck-plugin xfce.thunar-archive-plugin # xfce.xfce4-i3-workspaces-plugin # xfce.xfce4-xkb-plugin xfce.xfce4-whiskermenu-plugin ]; programs.xfconf.enable = true; programs.nix-ld.enable = true; programs.direnv.enable = true; programs.direnv.nix-direnv.enable = true; services.fwupd.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh = { enable = true; ports = [ 22 ]; # settings = { # PasswordAuthentication = false; # PermitRootLogin = "no"; # }; # authorizedKeysCommand = # let keys = pkgs.writers.writePython3Bin "keys" {} '' # import sys # # args = sys.argv # # print(args) # ''; # in # "${keys}/bin/keys"; # authorizedKeysCommandUser = "ps"; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ]; networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? }