nixos.org (12074B)
1 #+TITLE:Nixos Config 2 #+AUTHOR: Crazazy 3 #+INCLUDE: ./style.org 4 For now this is the way I'm configuring nixos. There is no flakes here, just a configuration.nix and a bunch of other 5 stuff 6 * Prefix 7 The nixos config is going to consist of a bunch of "imports" which are just a bunch of configs 8 in the imports part of the main configuration. Then we can put each part of said config on its own source block 9 This does require a bit of a prefix, that lets us access packages, existing configuration and library functions 10 #+begin_src nix :tangle configuration.nix :noweb no-export :padline no 11 { config, lib, pkgs, ... }: 12 let 13 sources = import ./nix/sources.nix; 14 nur = import sources.NUR { inherit pkgs; }; 15 nurModules = import sources.NUR { }; 16 in 17 { 18 imports = [ 19 <<nixos-config>> 20 ]; 21 } 22 #+end_src 23 * Configuration 24 :PROPERTIES: 25 :header-args: :tangle no :noweb-ref nixos-config 26 :END: 27 28 ** Hardware 29 Normal nixos installation comes with a hardware-configuration file. we are not going to add the contents of that 30 file here ourself, but instead add it as an external module. This is the only place where we'll do this 31 #+begin_src nix 32 ./hardware-configuration.nix 33 #+end_src 34 Also i want to have a full bluetooth experience 35 #+begin_src nix 36 { 37 hardware.bluetooth = { 38 enable = true; 39 package = pkgs.bluez; 40 }; 41 } 42 #+end_src 43 ** personal stuff 44 First, some personal stuff, so that I can tel people my computer is mine 45 #+begin_src nix 46 { 47 options.mainUser = with lib; mkOption { 48 type = types.str; 49 default = builtins.getEnv "USER"; 50 }; 51 } 52 #+end_src 53 54 and then the actual info: 55 #+begin_src nix 56 { 57 mainUser = "erik"; 58 networking.hostName = "RACEMONSTER"; 59 time.timeZone = "Europe/Amsterdam"; 60 } 61 #+end_src 62 ** Main user config 63 This sets up a (secret) default password for the main user and also sets some default groups 64 #+begin_src nix 65 { 66 users.mutableUsers = false; 67 # Define a user account. Don't forget to set a password with ‘passwd’. 68 users.users.${config.mainUser} = { 69 initialHashedPassword = "$6$XTH/sALyqg$G.bMWemErh4KGCAjUfT16DL96QMn/4NTmxlw6Z26wUVJn.tagQG.Fzmrz7uPkdiWZbBBFWP36.YA4hw9AcL8Q1"; 70 isNormalUser = true; 71 extraGroups = [ "video" "wheel" "NetworkManager" ]; # Enable ‘sudo’ for the user. 72 # shell = pkgs.nushell; 73 }; 74 } 75 #+end_src 76 Furthermore, I want to have some prefabs available in my $PATH if I make them 77 #+begin_src nix 78 { 79 environment.shellInit = 80 '' 81 if [ -h /etc/nixos/nix-prefabs/result ]; then 82 export PATH=$PATH:/etc/nixos/nix-prefabs/result/bin 83 fi 84 ''; 85 } 86 #+end_src 87 ** Init system 88 nixos is started with systemd-boot, since we don't run any other distros 89 #+begin_src nix 90 { 91 boot.loader.systemd-boot.enable = true; 92 boot.loader.efi.canTouchEfiVariables = true; 93 } 94 #+end_src 95 ** nixpkgs setup 96 not much info here right now. emacs itself now refers to emacsng 97 #+begin_src nix 98 { 99 nix.package = pkgs.nixVersions.stable; 100 programs.nix-ld = { 101 enable = true; 102 # use all the libraries that AppImage uses to load an image 103 libraries = with pkgs; [fuse] ++ (with appimageTools.defaultFhsEnvArgs; multiPkgs pkgs ++ targetPkgs pkgs); 104 }; 105 nixpkgs.config.allowUnfree = true; 106 nixpkgs.overlays = [ 107 (final: prev: { 108 emacs = (import sources.emacs-ng).outputs.packages."x86_64-linux".default; 109 emacsWithPackages = final.emacs.pkgs.withPackages; 110 }) 111 ]; 112 } 113 #+end_src 114 *** cachix 115 Cachix and other substitute servers allow you to not have to compile things as much as you are supposed to 116 We will create a small module for cachix before we put in the rest declaratively 117 #+begin_src nix 118 { 119 options.nix.cacheAttrs = with lib; mkOption { 120 type = with types; attrsOf str; 121 default = {}; 122 123 }; 124 config = with lib; { 125 nix.settings.substituters = builtins.attrNames config.nix.cacheAttrs; 126 nix.settings.trusted-public-keys = builtins.attrValues config.nix.cacheAttrs; 127 }; 128 } 129 #+end_src 130 With the config in hand, we can now quickly and easily declare our substitute servers 131 #+begin_src nix 132 { 133 nix.cacheAttrs = { 134 "https://crazazy.cachix.org" = "crazazy.cachix.org-1:3KaIHK26pkvd5palJH5A4Re1Hn2+GDV+aXYnftMYAm4="; 135 "https://emacsng.cachix.org" = "emacsng.cachix.org-1:i7wOr4YpdRpWWtShI8bT6V7lOTnPeI7Ho6HaZegFWMI="; 136 # "https://ethancedwards8.cachix.org" = "ethancedwards8.cachix.org-1:YMasjqyFnDreRQ9GXmnPIshT3tYyFHE2lUiNhbyIxOc="; 137 "https://nix-community.cachix.org" = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; 138 # "https://nrdxp.cachix.org" = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="; 139 # "https://rycee.cachix.org" = "rycee.cachix.org-1:TiiXyeSk0iRlzlys4c7HiXLkP3idRf20oQ/roEUAh/A="; 140 # "https://cache.iog.io" = "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="; 141 }; 142 } 143 #+end_src 144 ** udev binds 145 I have a bindmount system so that I can easily make binds to persistent directories from my home directory 146 This should prevent clutter 147 *** The config 148 This part is quite advanced. It makes entries for filesystems and then makes a systemd service to re-assign 149 generated temporary directories to the owner of the home folder 150 #+begin_src nix 151 { 152 options = with lib; { 153 homeBinds = mkOption { 154 type = with types; listOf str; 155 default = [ ]; 156 description = "Bind mounts in your home folder"; 157 }; 158 persistRoot = mkOption { 159 type = types.str; 160 default = "/nix/persist"; 161 }; 162 }; 163 config = with lib; mkIf (config.homeBinds != [ ]) { 164 fileSystems = genAttrs (map (loc: "/home/${config.mainUser}/${loc}") config.homeBinds) 165 (loc: { 166 device = "${config.persistRoot}${loc}"; 167 fsType = "none"; 168 options = [ "bind" ]; 169 }); 170 systemd.services.fix-home-perms = { 171 wantedBy = [ "multi-user.target" ]; 172 after = map (loc: "${builtins.replaceStrings ["/"] ["-"] loc}.mount") config.homeBinds; 173 serviceConfig.Type = "oneshot"; 174 script = "chown -R ${config.mainUser} /home/${config.mainUser}"; 175 }; 176 }; 177 } 178 #+end_src 179 *** The binds 180 These are the binds themselves, they change frequently 181 #+begin_src nix 182 { 183 homeBinds = [ 184 ".config/keybase" 185 ".local/share/keybase" 186 ".ssh" 187 "Desktop" 188 "Documents/uni-docs" 189 "Documents/IdeaProjects" 190 "Documents/java-jars" 191 "Documents/notes" 192 "Music" 193 "Videos" 194 ]; 195 } 196 #+end_src 197 ** Visual stuff 198 I don't acutally literally live in the terminal. So we have to implement some xorg and other stuff 199 *** Basics 200 Enable printing, sound and a good keyboard, along with x11 itself 201 #+begin_src nix 202 { 203 # Enable CUPS to print documents. 204 services.printing.enable = true; 205 206 # Enable sound. 207 sound.enable = true; 208 hardware.pulseaudio.enable = true; 209 210 # Enable the X11 windowing system. 211 services.xserver.enable = true; 212 services.xserver.layout = "us"; 213 services.xserver.xkbVariant = "altgr-intl"; 214 services.xserver.xkbOptions = "eurosign:e"; 215 # touchpad controls 216 services.xserver.libinput.enable = true; 217 } 218 #+end_src 219 *** XFCE 220 I have decided to be lazy and not install a fancy window manager or whatever into the system. Thats headache 221 #+begin_src nix 222 { 223 services.xserver.displayManager.lightdm.enable = true; 224 services.xserver.desktopManager.xfce.enable = true; 225 } 226 #+end_src 227 ** Networking 228 Some default network settings for my laptop 229 #+begin_src nix 230 { 231 networking.networkmanager.enable = true; # Enables wireless support via NetworkManager 232 } 233 #+end_src 234 ** packages 235 *** Core packages 236 These are the normal packages that I use for core maintenance. I use a special hardened version of firefox that takes in some addons as well 237 [[https://github.com/nix-community/nur-combined/blob/master/repos/ijohanne/pkgs/firefox-hardened/default.nix][Hardened firefox source]] 238 #+begin_src nix 239 { 240 environment.systemPackages = let 241 myFirefox = with pkgs; wrapFirefox firefox-esr-unwrapped { 242 nixExtensions = builtins.filter lib.isDerivation (builtins.attrValues nur.repos.crazazy.firefox-addons); 243 244 extraPolicies = { 245 CaptivePortal = false; 246 DisableFirefoxStudies = true; 247 DisablePocket = true; 248 DisableTelemetry = true; 249 DisableFirefoxAccounts = true; 250 DontCheckDefaultBrowser = true; 251 FirefoxHome = { 252 Pocket = false; 253 Snippets = false; 254 }; 255 UserMessaging = { 256 ExtensionRecommendations = false; 257 SkipOnboarding = true; 258 }; 259 }; 260 extraPrefs = '' 261 // Show more ssl cert infos 262 lockPref("security.identityblock.show_extended_validation", true); 263 // Enable userchrome css 264 lockPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); 265 // Enable light dev tools 266 lockPref("devtools.theme","light"); 267 // Misc other settings 268 lockPref("extensions.autoDisableScopes", 0); 269 lockPref("browser.uidensity", 1); 270 lockPref("browser.search.openintab", true); 271 lockPref("extensions.update.enabled", false); 272 lockPref("identity.fxaccounts.enabled", false); 273 lockPref("signon.rememberSignons", false); 274 lockPref("signon.rememberSignons.visibilityToggle", false); 275 lockPref("media.eme.enabled", true); 276 lockPref("browser.eme.ui.enabled", true); 277 lockPref("xpinstall.signatures.required",false); 278 lockPref("browser.shell.checkDefaultBrowser", false ); 279 ''; 280 }; 281 in 282 with pkgs; [ 283 # bun 284 # compcert 285 curl 286 deno 287 discord 288 gitFull 289 graalvm17-ce 290 libreoffice 291 mpv 292 # nur.repos.crazazy.seamonkey 293 myFirefox 294 unzip zip 295 vim 296 (wine.override { wineBuild = "wineWow"; }) 297 ]; 298 # persistent directory for my browser details 299 homeBinds = [ 300 ".mozilla/firefox" 301 ".config/discord" 302 ".wine" 303 ]; 304 } 305 #+end_src 306 *** Steam 307 I like to play videogames sometimes, however steam also requires a little more special attention 308 #+begin_src nix 309 { 310 imports = [ 311 nurModules.repos.crazazy.modules.private.steam-config 312 ]; 313 homeBinds = [ 314 ".local/share/Steam" 315 ]; 316 environment.systemPackages = with pkgs; [ 317 steam 318 ]; 319 } 320 #+end_src 321 *** Emacs 322 Emacs needs to be integrated into the rest of the system. We are going to do that via a emacs daemon 323 #+begin_src nix 324 { 325 services.emacs = { 326 package = import ./emacs.nix; 327 defaultEditor = true; 328 enable = true; 329 }; 330 homeBinds = [ 331 # ".config/emacs" 332 ]; 333 } 334 #+end_src 335 *** QEMU & frens 336 I also sometimes run qemu vms. The qemu's manager will be libvirtd, but not sure if I will even use that 337 #+begin_src nix 338 { 339 virtualisation.libvirtd.enable = true; 340 } 341 #+end_src