[ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
+ inputs.extra-container.nixosModules.default
+ inputs.microvm.nixosModules.host
];
# Bootloader.
boot.initrd.kernelModules = [ "amdgpu" ];
boot.consoleLogLevel = 0;
boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
-
- networking.hostName = "nixos"; # Define your hostname.
+ boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
+
+ # incus admin init --minimal
+ # incus image list images:
+ # incus launch images:ubuntu/noble <name>
+ # incus exec <name> -- /bin/bash
+ # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
+ # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
+ virtualisation.incus.enable = true;
+ virtualisation.incus.ui.enable = true;
+ networking.nftables.enable = true;
+ networking.firewall.trustedInterfaces = [ "incusbr0" ];
+
+ networking.hostName = "thinkpad"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.download-buffer-size = 500000000;
- nix.package = pkgs.nixVersions.nix_2_28;
+ nix.settings.trusted-users = ["root" "ps"];
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
programs.dconf.enable = true;
programs.steam.enable = true;
+ # Containers
+ containers = {
+ im = {
+ ephemeral = true;
+ # privateNetwork = true;
+ localAddress = "10.23.45.2";
+ hostAddress = "10.23.45.1";
+
+ bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
+ bindMounts."/per".isReadOnly = false;
+
+ extraFlags = [
+ "--property='MemoryMax=60M'"
+ "--property='MemoryHigh=50M'"
+ "--property='CPUQuota=4%'"
+ ];
+
+ config = { config, pkgs, ... }: {
+ imports = [ inputs.impermanence.nixosModules.impermanence ];
+
+ environment.persistence."/per" = {
+ directories = [
+ "/var/log"
+ "/var/lib"
+ { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
+ ];
+ files = [];
+ };
+ environment.systemPackages = with pkgs; [ helix python312 deno ];
+
+ users.users.ps = { isNormalUser = true; };
+
+ networking.firewall.allowedTCPPorts = [ 80 8080 ];
+
+ system.stateVersion = "25.05";
+ };
+ };
+ };
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = "eth0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+
# Services
services = {
-
+ displayManager = {
+ defaultSession = "xfce+i3";
+ };
+ desktopManager = {
+ plasma6.enable = true;
+ };
xserver = {
enable = true;
- # Enable the GNOME Desktop Environment.
- # displayManager.gdm.enable = true;
- # desktopManager.gnome.enable = true;
-
- # displayManager.sddm.enable = true;
- # desktopManager.budgie.enable = true;
-
- # desktopManager.deepin.enable = true;
- # displayManager.lightdm.enable = true;
-
- # displayManager.gdm.enable = true;
- # desktopManager.plasma5.enable = true;
-
displayManager = {
- defaultSession = "xfce+i3";
lightdm = {
enable = true;
greeters.gtk = {
xterm.enable = false;
xfce = {
enable = true;
- # noDesktop = true;
+ noDesktop = true;
enableXfwm = false;
};
};
windowManager.i3.enable = true;
windowManager.awesome.enable = true;
+ windowManager.herbstluftwm.enable = true;
xkb = {
layout = "de";
};
};
+ systemd.user.services.plasma-i3wm = {
+ wantedBy = [ "plasma-workspace-x11.target" ];
+ # before = [ "plasma-workspace-x11.target" ];
+ description = "Launch Plasma with i3";
+ environment = lib.mkForce {};
+ serviceConfig = {
+ ExecStart = "${pkgs.i3}/bin/i3";
+ Restart = "on-failure";
+ };
+ };
+ systemd.user.services.plasma-workspace-x11.after = [ "plasma-i3wm.target" ];
+ systemd.user.services.plasma-kwin_x11.enable = false;
+
services.autorandr = {
enable = true;
matchEdid = true;
dataDir = "/home/ps/sync";
configDir = "/home/ps/.config/syncthing";
};
+
+ # services.auto-cpufreq.enable = true;
+ services.auto-cpufreq.settings = {
+ battery = {
+ governor = "powersave";
+ turbo = "never";
+ };
+ charger = {
+ governor = "performance";
+ turbo = "auto";
+ };
+ };
+
+ # services.tlp = {
+ # enable = true;
+ # settings = {
+ # CPU_SCALING_GOVERNOR_ON_AC = "performance";
+ # CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+ #
+ # CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
+ # CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+ #
+ # PLATFORM_PROFILE_ON_AC = "balanced";
+ # PLATFORM_PROFILE_ON_BAT = "low-power";
+ #
+ # CPU_BOOST_ON_AC = "1";
+ # CPU_BOOST_ON_BAT = "0";
+ #
+ # AMDGPU_ABM_LEVEL_ON_AC = "0";
+ # AMDGPU_ABM_LEVEL_ON_BAT = "3";
+ #
+ # CPU_MIN_PERF_ON_AC = 0;
+ # CPU_MAX_PERF_ON_AC = 100;
+ # CPU_MIN_PERF_ON_BAT = 0;
+ # CPU_MAX_PERF_ON_BAT = 20;
+ #
+ # # START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge
+ # STOP_CHARGE_THRESH_BAT0 = 90; # 85 and above it stops charging
+ # };
+ # };
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# OpenGL
- # hardware.graphics.enable = true;
hardware = {
graphics = {
enable = true;
enable32Bit = true;
+ extraPackages = with pkgs; [
+ rocmPackages.clr.icd
+ mesa.opencl
+ amf
+ ];
};
amdgpu.amdvlk = {
enable = true;
support32Bit.enable = true;
};
-};
+ };
# services.logind = {
# extraConfig = "HandlePowerKey=suspend";
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint ];
+ # Enable scanners
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
+ services.avahi.enable = true;
+ services.avahi.nssmdns4 = true;
+ services.avahi.reflector = true;
+ services.udev.packages = [ pkgs.sane-airscan ];
+
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
- services.blueman.enable = true;
+ # services.blueman.enable = true;
# Enable sound with pipewire.
- hardware.pulseaudio.enable = false;
+ services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
isNormalUser = true;
description = "Patrick";
shell = pkgs.bash;
- extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" ];
- };
- sshd = {
- isSystemUser = true;
- packages = [
- pkgs.python3
- ];
- group = "ssh";
+ extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
};
+ # sshd = {
+ # isSystemUser = true;
+ # packages = [
+ # pkgs.python3
+ # ];
+ # group = "ssh";
+ # };
chirp = {
isSystemUser = true;
packages = [
inherit inputs;
inherit wallpaper;
};
- # users = {
- # "ps" = import ./home.nix;
- # };
- users.ps.imports = [ ./home.nix ];
+ users = {
+ "ps" = import ./home-ps.nix;
+ "root" = { home.stateVersion = "24.05"; };
+ };
+ sharedModules = [
+ (import ./home-common.nix)
+ ];
};
# Enable automatic login for the user.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
+
+ environment.variables = {
+ RUSTICL_ENABLE = "radeonsi";
+ };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
- args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zig
- args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zls
+ args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master
+ args.inputs.zls.packages.${pkgs.system}.zls
args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice
+ args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban
vim wget file git kitty i3 gdb
mosh
cmake
+ entr
+ asciinema asciinema-agg
+ shellify
+ deno
+ typst
scrcpy
xsel
+ xcwd
+
+ pinta
+ mupdf
+ davinci-resolve
pavucontrol
syncthingtray
# xfce plugins
+ xfce.xfce4-panel
xfce.xfce4-pulseaudio-plugin
- # xfce.xfce4-verve-plugin
+ # xfce.xfce4-verve-plugin
xfce.xfce4-notes-plugin
# xfce.xfce4-timer-plugin
# xfce.xfce4-windowck-plugin
# Enable the OpenSSH daemon.
services.openssh = {
- enable = false;
+ enable = true;
ports = [ 22 ];
- settings = {
- PasswordAuthentication = false;
- PermitRootLogin = "no";
- };
- authorizedKeysCommand =
- let keys = pkgs.writers.writePython3Bin "keys" {} ''
- import sys
-
- args = sys.argv
-
- print(args)
- '';
- in
- "${keys}/bin/keys";
- authorizedKeysCommandUser = "ps";
+ # settings = {
+ # PasswordAuthentication = false;
+ # PermitRootLogin = "no";
+ # };
+ # authorizedKeysCommand =
+ # let keys = pkgs.writers.writePython3Bin "keys" {} ''
+ # import sys
+ #
+ # args = sys.argv
+ #
+ # print(args)
+ # '';
+ # in
+ # "${keys}/bin/keys";
+ # authorizedKeysCommandUser = "ps";
};
# Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 ];
- networking.firewall.allowedUDPPorts = [ 5901 53317 ];
+ networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ];
+ networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
projects / flake_thinkpad / blobdiff