# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). { config, pkgs, pkgs-stable, secrets, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configurations/laptop.nix ]; # Use the systemd-boot EFI boot loader. # NOT! Let's use GRUB instead # https://nixos.org/manual/nixos/stable/#sec-installation # boot.loader.efi.efiSysMountPoint = "/boot"; boot.loader.systemd-boot.enable = false; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; device = "nodev"; efiSupport = true; theme = "${pkgs.fetchFromGitHub { owner = "catppuccin"; repo = "grub"; rev = "803c5df0e83aba61668777bb96d90ab8f6847106"; hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; efiInstallAsRemovable = false; # useOSProber = true; extraEntries = '' menuentry 'Windows 10' --class windows --class os { insmod part_gpt insmod fat set root='hd0,gpt4' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.windows_efi_uuid} else search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.windows_efi_uuid} fi chainloader /EFI/Microsoft/Boot/bootmgfw.efi } menuentry 'Ventoy' { insmod part_gpt insmod fat # set root='hd0,gpt4' # if [ x$feature_platform_search_hint = xy ]; then # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.ventoy_efi_uuid} # else # search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} # fi search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} chainloader /EFI/BOOT/BOOTX64.EFI } ''; }; # NTFS support boot.supportedFilesystems = [ "ntfs" ]; # btrfs options fileSystems = { "/".options = [ "compress=zstd" ]; "/home".options = [ "compress=zstd" ]; "/nix".options = [ "compress=zstd" "noatime" ]; }; boot.kernel.sysctl."kernel.sysrq" = 244; boot.plymouth = { enable = true; themePackages = [ (pkgs.catppuccin-plymouth.override { variant = "macchiato"; }) ]; theme = "catppuccin-macchiato"; }; boot.initrd.systemd.enable = true; # ==[SECURITY]== # LUKS options # boot.initrd.luks.fido2Support = true; boot.initrd.luks.devices = with secrets.drive-ids.luks; { crypted = { inherit device; inherit header; preLVM = true; crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; # fido2.credential = ""; # fido2.passwordLess = true; }; }; # sudo and doas security.doas = { enable = true; extraRules = [{ users = [ "lgm" ]; persist = true; }]; }; # PAM security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; doas.u2fAuth = true; }; security.pam.u2f = { enable = true; cue = true; interactive = true; }; # Make sure opengl is enabled hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; # Tell Xorg to use the nvidia driver (also valid for Wayland) services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { # Modesetting is needed for most Wayland compositors modesetting.enable = true; # Use the open source version of the kernel module # Only available on driver 515.43.04+ open = false; # Enable the nvidia settings menu nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; # NVIDIA hardware.nvidia.prime = { offload = { enable = true; enableOffloadCmd = true; }; intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; }; programs.gamemode.enable = true; # VirtualBox virtualisation.docker.enable = true; virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enableExtensionPack = true; users.extraGroups.vboxusers.members = [ "lgm" ]; networking.hostName = "lgm-nixos"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Volgograd"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. # }; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { # LC_ADDRESS = "ru_RU.UTF-8"; # LC_IDENTIFICATION = "ru_RU.UTF-8"; # LC_MEASUREMENT = "ru_RU.UTF-8"; # LC_MONETARY = "ru_RU.UTF-8"; # LC_NAME = "ru_RU.UTF-8"; # LC_NUMERIC = "ru_RU.UTF-8"; # LC_PAPER = "ru_RU.UTF-8"; # LC_TELEPHONE = "ru_RU.UTF-8"; LC_TIME = "ru_RU.UTF-8"; }; # Enable the X11 windowing system. services.xserver.enable = true; # Enable the Plasma 5 Desktop Environment. services.xserver.displayManager.sddm.enable = true; # Didn't like, the theme is a bit buggy # services.xserver.displayManager.sddm.theme = "${pkgs.fetchFromGitHub { # owner = "catppuccin"; # repo = "sddm"; # rev = "7fc67d1027cdb7f4d833c5d23a8c34a0029b0661"; # hash = "sha256-SjYwyUvvx/ageqVH5MmYmHNRKNvvnF3DYMJ/f2/L+Go="; # }}/src/catppuccin-latte/"; services.xserver.desktopManager.plasma5.enable = true; services.xserver.displayManager.defaultSession = "plasmawayland"; # programs.command-not-found.enable = false; # programs.nix-index.enable = true; # fish programs.fish = { enable = true; }; # KDE Programs programs.partition-manager.enable = true; programs.kdeconnect.enable = true; programs.adb.enable = true; # Steam programs.steam = { enable = true; # remotePlay.openFirewall = true; # dedicatedServer.openFirewall = true; }; # Configure keymap in X11 # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.lgm = { isNormalUser = true; description = "lgm"; extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"]; shell = pkgs.fish; }; nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # nix.nixPath = [] # OnlyKey hardware.onlykey.enable = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ git git-crypt vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget curl python3 # more stuff gnome-network-displays miraclecast parted exfatprogs gparted tmux # graalvm17-ce jetbrains.jdk distrobox (let base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSUserEnv (base // { name = "fhs"; targetPkgs = pkgs: ( (base.targetPkgs pkgs) ++ [ pkg-config ncurses ] ); profile = "export FHS=1"; runScript = "bash"; extraOutputsToInstall = ["dev"]; })) ]; environment.variables.EDITOR = "vim"; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; # enableSSHSupport = true; }; programs.ssh.startAgent = true; # List services that you want to enable: # services.peroxide.enable = true; # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. networking.firewall.trustedInterfaces = [ "p2p-wl+" ]; networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ]; networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }