nixos.org (15164B)
1 #+TITLE:Nixos Config 2 #+AUTHOR: Crazazy 3 #+INCLUDE: ./style.org 4 For now this is the way I'm configuring nixos. There is no flakes here, just a configuration.nix and a bunch of other 5 stuff 6 * Prefix 7 The nixos config is going to consist of a bunch of "imports" which are just a bunch of configs 8 in the imports part of the main configuration. Then we can put each part of said config on its own source block 9 This does require a bit of a prefix, that lets us access packages, existing configuration and library functions 10 #+begin_src nix :tangle configuration.nix :noweb no-export :padline no 11 { config, lib, pkgs, ... }: 12 let 13 sources = import ./nix/sources.nix; 14 nur = import sources.NUR { inherit pkgs; }; 15 nurModules = import sources.NUR { }; 16 in 17 { 18 imports = [ 19 <<nixos-config>> 20 ]; 21 } 22 #+end_src 23 * Configuration 24 :PROPERTIES: 25 :header-args: :tangle no :noweb-ref nixos-config 26 :END: 27 28 ** Hardware 29 Normal nixos installation comes with a hardware-configuration file. we are not going to add the contents of that 30 file here ourself, but instead add it as an external module. This is the only place where we'll do this 31 #+begin_src nix 32 ./hardware-configuration.nix 33 #+end_src 34 Also i want to have a full bluetooth experience 35 #+begin_src nix 36 { 37 hardware.bluetooth = { 38 enable = true; 39 package = pkgs.bluez; 40 }; 41 } 42 #+end_src 43 ** personal stuff 44 First, some personal stuff, so that I can tel people my computer is mine 45 #+begin_src nix 46 { 47 options.mainUser = with lib; mkOption { 48 type = types.str; 49 default = builtins.getEnv "USER"; 50 }; 51 } 52 #+end_src 53 54 and then the actual info: 55 #+begin_src nix 56 { 57 mainUser = "erik"; 58 networking.hostName = "RACEMONSTER"; 59 time.timeZone = "Europe/Amsterdam"; 60 } 61 #+end_src 62 ** Main user config 63 This sets up a (secret) default password for the main user and also sets some default groups 64 #+begin_src nix 65 { 66 users.mutableUsers = false; 67 # Define a user account. Don't forget to set a password with ‘passwd’. 68 users.users.${config.mainUser} = { 69 initialHashedPassword = "$6$XTH/sALyqg$G.bMWemErh4KGCAjUfT16DL96QMn/4NTmxlw6Z26wUVJn.tagQG.Fzmrz7uPkdiWZbBBFWP36.YA4hw9AcL8Q1"; 70 isNormalUser = true; 71 extraGroups = [ "video" "wheel" "NetworkManager" ]; # Enable ‘sudo’ for the user. 72 # shell = pkgs.nushell; 73 }; 74 } 75 #+end_src 76 Furthermore, I want to have some prefabs available in my $PATH if I make them 77 #+begin_src nix 78 { 79 environment.shellInit = 80 '' 81 if [ -h /etc/nixos/nix-prefabs/result ]; then 82 export PATH=$PATH:/etc/nixos/nix-prefabs/result/bin 83 fi 84 ''; 85 } 86 #+end_src 87 ** Init system 88 nixos is started with systemd-boot, since we don't run any other distros 89 #+begin_src nix 90 { 91 boot.loader.systemd-boot.enable = true; 92 boot.loader.efi.canTouchEfiVariables = true; 93 } 94 #+end_src 95 ** nixpkgs setup 96 not much info here right now. emacs itself now refers to emacsng 97 #+begin_src nix 98 { 99 # nix.package = pkgs.nixVersions.stable; 100 programs.nix-ld = { 101 enable = true; 102 # use all the libraries that AppImage uses to load an image 103 libraries = with pkgs; [fuse] ++ (with appimageTools.defaultFhsEnvArgs; multiPkgs pkgs ++ targetPkgs pkgs); 104 }; 105 nixpkgs.config.allowUnfree = true; 106 nixpkgs.overlays = [ 107 (final: prev: { 108 emacs = (import sources.emacs-ng).outputs.packages."x86_64-linux".default; 109 emacsWithPackages = final.emacs.pkgs.withPackages; 110 inherit (nur.repos) instantos; 111 }) 112 ]; 113 } 114 #+end_src 115 116 *** Lix 117 I've decided to get the new [[https://lix.systems/add-to-config/][Lix]] package manager, because I think their different 118 ideas for progressing the package manager fit with my personal views 119 #+begin_src nix 120 (import 121 ( 122 (fetchTarball { url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; }) + "/module.nix" 123 ) 124 { 125 lix = fetchTarball { url = "https://git.lix.systems/lix-project/lix/archive/2.90-beta.1.tar.gz"; }; 126 } 127 ) 128 #+end_src 129 *** cachix 130 Cachix and other substitute servers allow you to not have to compile things as much as you are supposed to 131 We will create a small module for cachix before we put in the rest declaratively 132 #+begin_src nix 133 { 134 options.nix.cacheAttrs = with lib; mkOption { 135 type = with types; attrsOf str; 136 default = {}; 137 138 }; 139 config = with lib; { 140 nix.settings.substituters = builtins.attrNames config.nix.cacheAttrs; 141 nix.settings.trusted-public-keys = builtins.attrValues config.nix.cacheAttrs; 142 }; 143 } 144 #+end_src 145 With the config in hand, we can now quickly and easily declare our substitute servers 146 #+begin_src nix 147 { 148 nix.cacheAttrs = { 149 "https://crazazy.cachix.org" = "crazazy.cachix.org-1:3KaIHK26pkvd5palJH5A4Re1Hn2+GDV+aXYnftMYAm4="; 150 "https://emacsng.cachix.org" = "emacsng.cachix.org-1:i7wOr4YpdRpWWtShI8bT6V7lOTnPeI7Ho6HaZegFWMI="; 151 # "https://ethancedwards8.cachix.org" = "ethancedwards8.cachix.org-1:YMasjqyFnDreRQ9GXmnPIshT3tYyFHE2lUiNhbyIxOc="; 152 "https://nix-community.cachix.org" = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; 153 # "https://nrdxp.cachix.org" = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="; 154 "https://cache.lix.systems" = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" 155 # "https://rycee.cachix.org" = "rycee.cachix.org-1:TiiXyeSk0iRlzlys4c7HiXLkP3idRf20oQ/roEUAh/A="; 156 # "https://cache.iog.io" = "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="; 157 }; 158 } 159 #+end_src 160 ** udev binds 161 I have a bindmount system so that I can easily make binds to persistent directories from my home directory 162 This should prevent clutter 163 *** The config 164 This part is quite advanced. It makes entries for filesystems and then makes a systemd service to re-assign 165 generated temporary directories to the owner of the home folder 166 #+begin_src nix 167 { 168 options = with lib; { 169 homeBinds = mkOption { 170 type = with types; listOf str; 171 default = [ ]; 172 description = "Bind mounts in your home folder"; 173 }; 174 persistRoot = mkOption { 175 type = types.str; 176 default = "/nix/persist"; 177 }; 178 }; 179 config = with lib; mkIf (config.homeBinds != [ ]) { 180 fileSystems = genAttrs (map (loc: "/home/${config.mainUser}/${loc}") config.homeBinds) 181 (loc: { 182 device = "${config.persistRoot}${loc}"; 183 fsType = "none"; 184 options = [ "bind" ]; 185 }); 186 systemd.services.fix-home-perms = { 187 wantedBy = [ "multi-user.target" ]; 188 after = map (loc: "${builtins.replaceStrings ["/"] ["-"] loc}.mount") config.homeBinds; 189 serviceConfig.Type = "oneshot"; 190 script = "chown -R ${config.mainUser} /home/${config.mainUser}"; 191 }; 192 }; 193 } 194 #+end_src 195 *** The binds 196 These are the binds themselves, they change frequently 197 #+begin_src nix 198 { 199 homeBinds = [ 200 ".config/keybase" 201 ".local/share/keybase" 202 ".ssh" 203 "Desktop" 204 "Documents/uni-docs" 205 "Documents/IdeaProjects" 206 "Documents/java-jars" 207 "Documents/notes" 208 "Music" 209 "Videos" 210 ]; 211 } 212 #+end_src 213 ** Visual stuff (X11) :noexport: 214 I don't acutally literally live in the terminal. So we have to implement some xorg and other stuff 215 *** Basics 216 Enable printing, sound and a good keyboard, along with x11 itself 217 #+begin_src nix :noweb-ref no 218 { 219 # Enable CUPS to print documents. 220 services.printing.enable = true; 221 222 # Enable sound. 223 sound.enable = true; 224 hardware.pulseaudio.enable = true; 225 226 # Enable the X11 windowing system. 227 services.xserver.enable = true; 228 services.xserver.layout = "us"; 229 services.xserver.xkbVariant = "altgr-intl"; 230 services.xserver.xkbOptions = "eurosign:e"; 231 # touchpad controls 232 services.xserver.libinput.enable = true; 233 } 234 #+end_src 235 *** instantos 236 I have decided to be lazy and not install a fancy window manager or whatever into the system. Thats headache 237 #+begin_src nix :noweb-ref no 238 { 239 environment.systemPackages = with pkgs.instantos; [ 240 imenu 241 islide 242 instantassist 243 instantconf 244 instantdata 245 instantdotfiles 246 instantlogo 247 instantmenu 248 instantnotify 249 instantsettings 250 instantshell 251 instantthemes 252 instantutils 253 instantwallpaper 254 instantwelcome 255 instantwidgets 256 instantwm 257 instantst 258 paperbash 259 rangerplugins 260 spotify-adblock 261 pkgs.dash 262 pkgs.xdg-user-dirs 263 pkgs.papirus-icon-theme 264 pkgs.arc-theme 265 pkgs.xorg.xeyes 266 pkgs.rofi 267 pkgs.ranger 268 ]; 269 services.xserver.displayManager.lightdm.enable = true; 270 services.xserver.windowManager.session = lib.singleton 271 { name = "instantwm"; 272 start = '' 273 startinstantos & 274 waitPID=$! 275 ''; 276 }; 277 } 278 #+end_src 279 ** Visual stuff (wayland) 280 After all, why /shouldn't/ I try wayland? 😈 281 #+begin_src nix 282 { 283 programs.wayfire.enable = true; 284 programs.wayfire.plugins = with pkgs.wayfirePlugins; [ 285 wcm 286 wf-shell 287 wayfire-plugins-extra 288 ]; 289 sound.enable = true; 290 fonts.packages = with pkgs; [ 291 noto-fonts 292 noto-fonts-cjk 293 noto-fonts-emoji 294 liberation_ttf 295 fira-code 296 fira-code-symbols 297 mplus-outline-fonts.githubRelease 298 dina-font 299 proggyfonts 300 ]; 301 environment.systemPackages = with pkgs; [ 302 wofi waypipe 303 ]; 304 } 305 #+end_src 306 ** Networking 307 Some default network settings for my laptop 308 #+begin_src nix 309 { 310 networking.networkmanager.enable = true; # Enables wireless support via NetworkManager 311 } 312 #+end_src 313 ** packages 314 *** Core packages 315 These are the normal packages that I use for core maintenance. I use a special hardened version of firefox that takes in some addons as well 316 [[https://github.com/nix-community/nur-combined/blob/master/repos/ijohanne/pkgs/firefox-hardened/default.nix][Hardened firefox source]] 317 #+begin_src nix 318 { 319 environment.systemPackages = let 320 myFirefox = with pkgs; wrapFirefox librewolf-unwrapped { 321 nixExtensions = builtins.filter lib.isDerivation (builtins.attrValues nur.repos.crazazy.firefox-addons); 322 libName = "librewolf"; 323 extraPolicies = { 324 CaptivePortal = false; 325 DisableFirefoxStudies = true; 326 DisablePocket = true; 327 DisableTelemetry = true; 328 DisableFirefoxAccounts = true; 329 DontCheckDefaultBrowser = true; 330 FirefoxHome = { 331 Pocket = false; 332 Snippets = false; 333 }; 334 UserMessaging = { 335 ExtensionRecommendations = false; 336 SkipOnboarding = true; 337 }; 338 }; 339 extraPrefs = '' 340 // Show more ssl cert infos 341 lockPref("security.identityblock.show_extended_validation", true); 342 // Enable userchrome css 343 lockPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); 344 // Enable light dev tools 345 lockPref("devtools.theme","light"); 346 // Misc other settings 347 lockPref("extensions.autoDisableScopes", 0); 348 lockPref("browser.uidensity", 1); 349 lockPref("browser.search.openintab", true); 350 lockPref("extensions.update.enabled", false); 351 lockPref("identity.fxaccounts.enabled", false); 352 lockPref("signon.rememberSignons", false); 353 lockPref("signon.rememberSignons.visibilityToggle", false); 354 lockPref("media.eme.enabled", true); 355 lockPref("browser.eme.ui.enabled", true); 356 lockPref("xpinstall.signatures.required",false); 357 lockPref("browser.shell.checkDefaultBrowser", false ); 358 ''; 359 }; 360 in 361 with pkgs; [ 362 bun 363 # compcert 364 curl 365 # deno 366 discord 367 gitFull 368 graalvm-ce 369 libreoffice 370 # krdc 371 mpv 372 # nur.repos.crazazy.seamonkey 373 myFirefox 374 unzip zip 375 vim 376 # vieb 377 (wine.override { wineBuild = "wineWow"; }) 378 ]; 379 # persistent directory for my browser details 380 homeBinds = [ 381 # ".mozilla/firefox" 382 ".config/discord" 383 ".wine" 384 ]; 385 } 386 #+end_src 387 *** Researchware 388 I am doing a research project and I need certain software to make that happen 389 #+begin_src nix :noweb-ref no 390 { 391 virtualisation.vswitch.enable = true; 392 environment.systemPackages = with pkgs; [ 393 mininet 394 # not universal for all pythons but it works for now 395 (python3.withPackages (p: [(p.mininet-python.overrideAttrs (_: { 396 postInstall = "cp $py/bin/mn $py/lib/python3.10/site-packages/mininet/__main__.py"; 397 }))])) 398 opam 399 bindfs 400 ]; 401 } 402 #+end_src 403 *** Steam 404 I like to play videogames sometimes, however steam also requires a little more special attention 405 #+begin_src nix 406 { 407 imports = [ 408 # nurModules.repos.crazazy.modules.private.steam-config 409 ]; 410 programs.steam.enable = true; 411 homeBinds = [ 412 ".local/share/Steam" 413 ]; 414 environment.systemPackages = with pkgs; [ 415 steam 416 ]; 417 } 418 #+end_src 419 *** Emacs 420 Emacs needs to be integrated into the rest of the system. We are going to do that via a emacs daemon 421 #+begin_src nix 422 { 423 services.emacs = { 424 # package = import ./emacs.nix; 425 package = pkgs.emacs29-pgtk; 426 defaultEditor = true; 427 enable = true; 428 }; 429 homeBinds = [ 430 ".config/emacs" 431 ]; 432 } 433 #+end_src 434 *** QEMU & frens 435 I also sometimes run qemu vms. The qemu's manager will be libvirtd, but not sure if I will even use that 436 #+begin_src nix 437 { 438 virtualisation.libvirtd.enable = true; 439 } 440 #+end_src