];
# Bootloader.
- boot.tmp.cleanOnBoot = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
- # incus admin init --minimal
- # incus image list images:
- # incus launch images:ubuntu/noble <name>
- # incus exec <name> -- /bin/bash
- # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
- # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
- virtualisation.incus.enable = true;
- virtualisation.incus.ui.enable = true;
- networking.nftables.enable = true;
- networking.firewall.trustedInterfaces = [ "incusbr0" ];
-
- networking.hostName = "thinkpad"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
- nix.settings.download-buffer-size = 500000000;
- nix.settings.trusted-users = ["root" "ps"];
-
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
- # Enable networking
- networking.networkmanager.enable = true;
-
- # Set your time zone.
- time.timeZone = "Europe/Berlin";
-
- # Select internationalisation properties.
- i18n.defaultLocale = "de_DE.UTF-8";
-
- i18n.extraLocaleSettings = {
- LC_ADDRESS = "de_DE.UTF-8";
- LC_IDENTIFICATION = "de_DE.UTF-8";
- LC_MEASUREMENT = "de_DE.UTF-8";
- LC_MONETARY = "de_DE.UTF-8";
- LC_NAME = "de_DE.UTF-8";
- LC_NUMERIC = "de_DE.UTF-8";
- LC_PAPER = "de_DE.UTF-8";
- LC_TELEPHONE = "de_DE.UTF-8";
- LC_TIME = "de_DE.UTF-8";
- };
programs.dconf.enable = true;
programs.steam.enable = true;
- # Containers
- containers = {
- im = {
- ephemeral = true;
- # privateNetwork = true;
- localAddress = "10.23.45.2";
- hostAddress = "10.23.45.1";
-
- bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
- bindMounts."/per".isReadOnly = false;
-
- extraFlags = [
- "--property='MemoryMax=60M'"
- "--property='MemoryHigh=50M'"
- "--property='CPUQuota=4%'"
- ];
-
- config = { config, pkgs, ... }: {
- imports = [ inputs.impermanence.nixosModules.impermanence ];
-
- environment.persistence."/per" = {
- directories = [
- "/var/log"
- "/var/lib"
- { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
- ];
- files = [];
- };
- environment.systemPackages = with pkgs; [ helix python312 deno ];
-
- users.users.ps = { isNormalUser = true; };
-
- networking.firewall.allowedTCPPorts = [ 80 8080 ];
-
- system.stateVersion = "25.05";
- };
- };
- };
- networking.nat.enable = true;
- networking.nat.internalInterfaces = ["ve-+"];
- networking.nat.externalInterface = "eth0";
- networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# Services
services = {
};
};
- services.syncthing = {
- enable = true;
- user = "ps";
- dataDir = "/home/ps/sync";
- configDir = "/home/ps/.config/syncthing";
- };
-
# services.auto-cpufreq.enable = true;
services.auto-cpufreq.settings = {
battery = {
# lidSwitch = "suspend";
# };
- # Configure console keymap
- console.keyMap = "de-latin1-nodeadkeys";
-
- # Enable CUPS to print documents.
- services.printing.enable = true;
- services.printing.drivers = [ pkgs.gutenprint ];
-
- # Enable scanners
- hardware.sane.enable = true;
- hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
- services.avahi.enable = true;
- services.avahi.nssmdns4 = true;
- services.avahi.reflector = true;
- services.udev.packages = [ pkgs.sane-airscan ];
-
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
# naturalScrolling = false;
# };
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.groups.ssh = {};
- users.users = {
- ps = {
- isNormalUser = true;
- description = "Patrick";
- shell = pkgs.bash;
- extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
- };
- # sshd = {
- # isSystemUser = true;
- # packages = [
- # pkgs.python3
- # ];
- # group = "ssh";
- # };
- chirp = {
- isSystemUser = true;
- packages = [
- pkgs.python3
- ];
- group = "ssh";
- shell = pkgs.bash;
- initialPassword = "chirp";
- };
- };
-
- security.polkit.enable = true;
- security.sudo.wheelNeedsPassword = false;
-
- home-manager = {
- backupFileExtension = "backup";
- extraSpecialArgs = {
- inherit inputs;
- inherit wallpaper;
- };
- users = {
- "ps" = import ./home-ps.nix;
- "root" = { home.stateVersion = "24.05"; };
- };
- sharedModules = [
- (import ./home-common.nix)
- ];
- };
-
- # Enable automatic login for the user.
- # services.displayManager.autoLogin.enable = true;
- # services.displayManager.autoLogin.user = "ps";
- # services.getty.autologinUser = "ps";
-
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
# systemd.services."getty@tty1".enable = false;
# systemd.services."autovt@tty1".enable = false;
# Allow unfree packages
- nixpkgs.config.allowUnfree = true;
environment.variables = {
RUSTICL_ENABLE = "radeonsi";
};
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master
- args.inputs.zls.packages.${pkgs.system}.zls
- args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice
- args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban
- vim wget file git kitty i3 gdb
- mosh
- cmake
- entr
- asciinema asciinema-agg
- shellify
- deno
- typst
- jdt-language-server
- google-java-format
-
- scrcpy
-
- xsel
- xcwd
-
- pinta
- mupdf
- davinci-resolve
-
- pavucontrol
- syncthingtray
- # xfce plugins
- xfce.xfce4-panel
- xfce.xfce4-pulseaudio-plugin
- # xfce.xfce4-verve-plugin
- xfce.xfce4-notes-plugin
- # xfce.xfce4-timer-plugin
- # xfce.xfce4-windowck-plugin
- xfce.thunar-archive-plugin
- # xfce.xfce4-i3-workspaces-plugin
- # xfce.xfce4-xkb-plugin
- xfce.xfce4-whiskermenu-plugin
-
- ];
-
- programs.xfconf.enable = true;
- programs.nix-ld.enable = true;
- programs.direnv.enable = true;
- programs.direnv.nix-direnv.enable = true;
-
- services.fwupd.enable = true;
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh = {
- enable = true;
- ports = [ 22 ];
- # settings = {
- # PasswordAuthentication = false;
- # PermitRootLogin = "no";
- # };
- # authorizedKeysCommand =
- # let keys = pkgs.writers.writePython3Bin "keys" {} ''
- # import sys
- #
- # args = sys.argv
- #
- # print(args)
- # '';
- # in
- # "${keys}/bin/keys";
- # authorizedKeysCommandUser = "ps";
- };
# Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ];
- networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "24.05"; # Did you read the comment?
}
projects / flake_thinkpad / blobdiff