# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). { lib, config, pkgs, pkgs-stable, ... }: let nixPath = "/etc/nixPath"; in { imports = [ ./mounts.nix ./akkotest.nix ]; # boot.kernelPackages = pkgs.linuxPackages_zen; # Use the systemd-boot EFI boot loader. # NOT! Let's use GRUB instead # https://nixos.org/manual/nixos/stable/#sec-installation # boot.loader.efi.efiSysMountPoint = "/boot"; boot.loader.systemd-boot.enable = false; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; device = "nodev"; efiSupport = true; theme = "${pkgs.fetchFromGitHub { owner = "catppuccin"; repo = "grub"; rev = "803c5df0e83aba61668777bb96d90ab8f6847106"; hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; efiInstallAsRemovable = false; # useOSProber = true; extraEntries = '' menuentry 'Windows 10' --class windows --class os { insmod part_gpt insmod fat set root='hd0,gpt4' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E else search --no-floppy --fs-uuid --set=root 8D94-2A4E fi chainloader /EFI/Microsoft/Boot/bootmgfw.efi } menuentry 'Ventoy' { insmod part_gpt insmod fat # set root='hd0,gpt4' # if [ x$feature_platform_search_hint = xy ]; then # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D # else # search --no-floppy --fs-uuid --set=root BDAD-470D # fi search --no-floppy --fs-uuid --set=root BDAD-470D chainloader /EFI/BOOT/BOOTX64.EFI } ''; }; boot.tmp.cleanOnBoot = true; # NTFS support boot.supportedFilesystems = [ "ntfs" ]; # btrfs options fileSystems = { "/".options = [ "compress=zstd" ]; "/home".options = [ "compress=zstd" ]; "/nix".options = [ "compress=zstd" "noatime" ]; }; boot.kernel.sysctl."kernel.sysrq" = 244; boot.plymouth = { enable = true; themePackages = [ (pkgs.catppuccin-plymouth.override { variant = "macchiato"; }) ]; theme = "catppuccin-macchiato"; }; boot.initrd.systemd.enable = true; # ==[SECURITY]== # LUKS options # boot.initrd.luks.fido2Support = true; boot.initrd.luks.devices = { crypted = { device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1"; header = "/dev/disk/by-partuuid/3c43dda3-6a23-7148-add5-84354a28a59e"; preLVM = true; crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; # fido2.credential = ""; # fido2.passwordLess = true; }; }; # sudo and doas security.doas = { enable = true; extraRules = [{ users = [ "lgm" ]; persist = true; }]; }; # PAM security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; doas.u2fAuth = true; }; security.pam.u2f = { enable = true; settings = { cue = true; interactive = true; }; }; # Make sure opengl is enabled hardware.graphics = { enable = true; # These extrapackages I added later but it didn't help extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; }; # Tell Xorg to use the nvidia driver (also valid for Wayland) services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { # Modesetting is needed for most Wayland compositors modesetting.enable = true; # Use the open source version of the kernel module # Only available on driver 515.43.04+ open = false; # Enable the nvidia settings menu nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; # NVIDIA hardware.nvidia.prime = { offload = { enable = true; enableOffloadCmd = true; }; sync.enable = false; intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; }; specialisation."nvidia-full".configuration = { environment.etc."specialisation".text = "nvidia-full"; system.nixos.tags = ["nvidia-full"]; hardware.nvidia.prime = { offload.enable = lib.mkForce false; offload.enableOffloadCmd = lib.mkForce false; sync.enable = lib.mkForce true; }; environment.systemPackages = [ (pkgs.writeShellScriptBin "nvidia-offload" '' echo "nvidia full mode on, simply executing $@" exec "$@" '') ]; }; programs.gamemode.enable = true; # VirtualBox virtualisation.docker.enable = true; virtualisation.waydroid.enable = true; virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.package = pkgs.virtualbox; users.extraGroups.vboxusers.members = [ "lgm" ]; networking.hostName = "lgm-nixos"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Asia/Tbilisi"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. # }; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { # LC_ADDRESS = "ru_RU.UTF-8"; # LC_IDENTIFICATION = "ru_RU.UTF-8"; # LC_MEASUREMENT = "ru_RU.UTF-8"; # LC_MONETARY = "ru_RU.UTF-8"; # LC_NAME = "ru_RU.UTF-8"; # LC_NUMERIC = "ru_RU.UTF-8"; # LC_PAPER = "ru_RU.UTF-8"; # LC_TELEPHONE = "ru_RU.UTF-8"; LC_TIME = "ru_RU.UTF-8"; }; # Enable the X11 windowing system. services.xserver.enable = true; services.displayManager.sddm.enable = true; # Didn't like, the theme is a bit buggy # services.xserver.displayManager.sddm.theme = "${pkgs.fetchFromGitHub { # owner = "catppuccin"; # repo = "sddm"; # rev = "7fc67d1027cdb7f4d833c5d23a8c34a0029b0661"; # hash = "sha256-SjYwyUvvx/ageqVH5MmYmHNRKNvvnF3DYMJ/f2/L+Go="; # }}/src/catppuccin-latte/"; services.desktopManager.plasma6.enable = true; services.displayManager.defaultSession = "plasma"; # programs.command-not-found.enable = false; # programs.nix-index.enable = true; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; # fish programs.fish = { enable = true; }; programs.nh = { enable = true; clean.enable = true; clean.extraArgs = "--keep-since 7d --keep 2"; }; # KDE Programs # Currently installs plasma5 variant, disabled as module, enabled manually instead services.dbus.packages = [ pkgs.kdePackages.kpmcore ]; # programs.partition-manager.enable = true; programs.kdeconnect.enable = true; programs.adb.enable = true; # Steam programs.steam = { enable = true; gamescopeSession.enable = true; remotePlay.openFirewall = true; # dedicatedServer.openFirewall = true; }; services.xrdp = { enable = true; defaultWindowManager = "startplasma-x11"; # openFirewall = true; }; services.postgresql = { enable = true; ensureDatabases = [ "testdb" ]; ensureUsers = [ { name = "lgm"; } ]; authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all all trust ''; }; # Configure keymap in X11 # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.lgm = { isNormalUser = true; description = "lgm"; extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" "wireshark"]; shell = pkgs.fish; }; nixpkgs.config.allowUnfree = true; systemd.tmpfiles.rules = [ "L+ ${nixPath} - - - - ${pkgs.path}" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.nixPath = [ "nixpkgs=${nixPath}" ]; nix.channel.enable = false; # Sops sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; secrets.example_key = {}; # secrets.porkbun = { # sopsFile = ../../secrets/porkbun.env; # format = "dotenv"; # }; }; # OnlyKey hardware.onlykey.enable = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ # programs.partition-manager installs plasma5 variant, so we have to work around kdePackages.partitionmanager kdePackages.kpmcore kdePackages.kaccounts-providers kdePackages.kaccounts-integration git git-crypt vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget python3 curl # more stuff gnome-network-displays miraclecast parted exfatprogs gparted tmux # graalvm17-ce distrobox (let base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSUserEnv (base // { name = "fhs"; targetPkgs = pkgs: ( (base.targetPkgs pkgs) ++ [ pkg-config ncurses ] ); profile = "export FHS=1"; runScript = "bash"; extraOutputsToInstall = ["dev"]; })) ]; fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-emoji ]; environment.variables.EDITOR = "vim"; environment.variables.FLAKE = "/home/lgm/nixos-cfg?submodules=1"; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; # enableSSHSupport = true; }; programs.ssh.startAgent = true; zramSwap = { enable = true; # swapDevices = 2; }; # List services that you want to enable: # services.peroxide.enable = true; # Enable the OpenSSH daemon. # services.openssh.enable = true; services.openssh = { enable = true; settings.PermitRootLogin = "no"; }; # Open ports in the firewall. networking.firewall.trustedInterfaces = [ "p2p-wl+" "tailscale0" ]; networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ]; networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 26000 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # enable NAT for the containers networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "wlp3s0"; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; services.tailscale = { enable = true; }; services.logind.lidSwitchExternalPower = "lock"; hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }