From 3e366daa1f5afbfae718e14805d0523fce0415e1 Mon Sep 17 00:00:00 2001 From: Rachel Lambda Samuelsson Date: Tue, 25 Jul 2023 11:40:05 +0200 Subject: [PATCH] initial commit --- .gitignore | 1 + nixos/configuration.nix | 373 +++++++++++++++++++++++++++++++ nixos/hardware-configuration.nix | 40 ++++ readme.md | 2 + 4 files changed, 416 insertions(+) create mode 100644 .gitignore create mode 100644 nixos/configuration.nix create mode 100644 nixos/hardware-configuration.nix create mode 100644 readme.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9bd9b01 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.~undo-tree~ diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..06f4500 --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,373 @@ +{ config, pkgs, ... }: +let SAX2 = pkgs.fetchurl { + name = "SAX2"; + url = "https://abrudz.github.io/SAX2/SAX2.ttf"; + sha256 = "sha256-DgvDWXO2fnKZNu9EvQOq8GNMTU3PUdp85+/0ZHdRXZc="; + + recursiveHash = true; + + downloadToTemp = true; + postFetch = '' + mkdir -p "$out/share/fonts/truetype" + mv "$downloadedFile" "$out/share/fonts/truetype/SAX2.ttf" + ''; + }; +in +rec { + + # [HARDWARE] + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + + ]; + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + services.logind = { + lidSwitch = "hibernate"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "hibernate"; + }; + services.tlp = { + enable = true; + settings = { + TLP_DEFAULT_MODE = "BAT"; + DISK_IDLE_SECS_ON_AC = 0; + DISK_IDLE_SECS_ON_BAT = 5; + MAX_LOST_WORK_SECS_ON_AC = 15; + MAX_LOST_WORK_SECS_ON_BAT = 120; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + CPU_SCALING_MIN_FREQ_ON_AC = 400000; + CPU_SCALING_MAX_FREQ_ON_AC = 4700000; + CPU_SCALING_MIN_FREQ_ON_BAT = 400000; + CPU_SCALING_MAX_FREQ_ON_BAT = 2700000; + CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 30; + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + SCHED_POWERSAVE_ON_AC = 0; + SCHED_POWERSAVE_ON_BAT = 1; + NMI_WATCHDOG = 0; + DISK_DEVICES = "nvme0n1"; + }; + }; + services.power-profiles-daemon.enable = false; + + # [BOOT / DISK ENCRYPTION] + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + enableCryptodisk = true; + theme = "/boot/grub/themes/sayonara"; + }; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.initrd = { + availableKernelModules = [ "aesni_intel" "cryptd" ]; + secrets = { "/boot/key" = "/boot/key"; }; + luks.mitigateDMAAttacks = true; + luks.devices = { + root = { + device = "/dev/disk/by-uuid/91114176-b6cc-4454-89df-e2bf5c1fac0a"; + keyFile = "/boot/key"; + preLVM = true; + }; + }; + }; + + # [NETWORKING] + networking.hostName = "lambda"; + networking.networkmanager = { + enable = true; + wifi.powersave = true; + wifi.scanRandMacAddress = true; + wifi.macAddress = "random"; + }; + # Xenia's router sucks + networking.resolvconf.enable = true; + networking.nameservers = [ "8.8.8.8" ]; + networking.resolvconf.dnsExtensionMechanism = false; + + # [NFS] + fileSystems."/home/rachel/music" = { + device = "rachel.cafe:/srv/music"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; + }; + + # [LOCALE] + time.timeZone = "Europe/Stockholm"; + i18n.defaultLocale = "en_GB.UTF-8"; + i18n.supportedLocales = [ "sv_SE.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" ] ; + console = { + font = "LatGrkCyr-12x22"; + keyMap = "us"; + }; + + # [NIX] + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + gc = { + automatic = true; + dates = "monthly"; + options = "--delete-older-than 30d"; + }; + }; + + nixpkgs.config.allowUnfree = true; + + # [DESKTOP / XORG / WAYLAND] + services.xserver = { + enable = true; + desktopManager.plasma5.enable = true; + displayManager.startx.enable = true; + layout = "us,se"; + xkbOptions = "grp:alt_caps_toggle"; + libinput = { + enable = true; + touchpad = { + naturalScrolling = true; + accelProfile = "flat" ; + tapping = false; + }; + }; + }; + + # [SOUND] + sound.enable = false; + services.pipewire = { + enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + + pulse.enable = true; + + wireplumber.enable = true; + }; + + + # [PACKAGES] + environment.systemPackages = with pkgs; [ + git + neovim + ]; + + # [SERVICES] + services.printing.enable = true; + + # [SECURITY / FIREWALL] + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ ]; + networking.firewall.allowedUDPPorts = [ ]; + security.doas = { + enable = true; + extraRules = [{ + runAs = "root"; + groups = [ "wheel" ]; + noPass = false; + keepEnv = true; + }]; + }; + + # [USER / HOME MANAGER] + users.users.rachel = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "video" "input" "audio" "wireshark" ]; + }; + + home-manager.users.rachel = rec { + home = { + username = "rachel"; + homeDirectory = "/home/rachel"; + packages = with pkgs; [ + neofetch + pfetch + unzip + zip + xz + gzip + bzip2 + p7zip + usbutils + pciutils + nettools + nmap + arp-scan + acpi + julia + python3 + ghc + firefox + sxiv + zathura + gnupg + agda + rofi + discord + pinentry_qt + dig + xxd + mpv + zoom-us + slack + imagemagick + ffmpeg + sl + cowsay + lolcat + fortune + banner + yt-dlp + libreoffice + protonmail-bridge + pass + protonvpn-cli + protonvpn-gui + thunderbird + tidal-hifi + signal-desktop + transmission-gtk + xclip + clinfo + glxinfo + vulkan-tools + obs-studio + file + gimp + SAX2 + twemoji-color-font + bat + steam + steam-run + ]; + stateVersion = system.stateVersion; + }; + + xdg.userDirs = { + enable = true; + createDirectories = true; + desktop = "${home.homeDirectory}"; + documents = "${home.homeDirectory}/doc"; + download = "${home.homeDirectory}/dwn"; + music = "${home.homeDirectory}/music"; + pictures = "${home.homeDirectory}/img"; + publicShare = "${home.homeDirectory}/srv"; + templates = "${home.homeDirectory}/doc/templates"; + videos = "${home.homeDirectory}/vid"; + }; + + + programs = { + bash = { + enable = true; + enableCompletion = true; + historyFile = "/dev/null"; + sessionVariables = { + PS1 ="\\033[1m\\u\\033[0m@\\033[1m\\h\\033[0m: \\w\nλ "; + BROWSER = "firefox"; + XINITRC = "${home.homeDirectory}/bin/xinitrc"; + XAUTHORITY = "${home.homeDirectory}/.local/share/Xauthority"; + PASH_KEYID = "3E4A909C8FEF6E3783699C79DFC26EF8EDAD6D71"; + QT_AUTO_SCREEN_FACTOR = 1; + EDITOR = "emacsclient"; + PATH = "${home.homeDirectory}/bin:$PATH"; + NIX_SHELL_PRESERVE_PROMPT=1; + }; + shellAliases = { + x = "startx"; + rm = "rm -i"; + cal = "cal -m"; + }; + initExtra = '' + source ~/.profile + set -o vi + [ "$IN_NIX_SHELL" ] && export PS1="''${PS1%λ }❄ " + ''; + }; + + + emacs = { + enable = true; + package = pkgs.emacs-gtk; + extraPackages = epkgs: with epkgs; with melpaStablePackages; [ + magit + nix-mode + julia-repl + julia-mode + lean-mode + proof-general + pdf-tools + dune + tuareg + idris-mode + haskell-emacs-base + multi-vterm + dmenu + markdown-preview-mode + markdown-mode + exwm + org-superstar + org-fragtog + visual-fill + writeroom-mode + haskell-emacs + treemacs-evil + treemacs + solarized-theme + doom-modeline + all-the-icons-dired + page-break-lines + all-the-icons + dashboard + org-evil + zotero + vterm + undo-fu + latex-math-preview + haskell-mode + evil-surround + undo-tree + evil-org + evil + evil-commentary + evil-leader + meow + purescript-mode + ]; + }; + + git = { + enable = true; + userName = "Rachel Lambda Samuelsson"; + userEmail = "depsterr@protonmail.com"; + extraConfig = { + init.defaultBranch = "master"; + }; + }; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..fcab65f --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a01807bd-d4d4-4a5e-a887-a8823b26a301"; + fsType = "ext4"; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/73E2-BD52"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/549ac191-b104-4184-910e-d1941e0cf839"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..958f127 --- /dev/null +++ b/readme.md @@ -0,0 +1,2 @@ +# nix +This is my nixos configuration, once I have multiple machines running nix I'll devise some modular approach with device specific options in different files. I'm also interested in switching to a flakes based configuration at some point.