nixos.org (14527B)
1 #+TITLE:Nixos Config 2 #+AUTHOR: Crazazy 3 #+INCLUDE: ./style.org 4 For now this is the way I'm configuring nixos. There is no flakes here, just a configuration.nix and a bunch of other 5 stuff 6 * Prefix 7 The nixos config is going to consist of a bunch of "imports" which are just a bunch of configs 8 in the imports part of the main configuration. Then we can put each part of said config on its own source block 9 This does require a bit of a prefix, that lets us access packages, existing configuration and library functions 10 #+begin_src nix :tangle configuration.nix :noweb no-export :padline no 11 { config, lib, pkgs, ... }: 12 let 13 sources = import ./nix/sources.nix; 14 nur = import sources.NUR { inherit pkgs; }; 15 nurModules = import sources.NUR { }; 16 in 17 { 18 imports = [ 19 <<nixos-config>> 20 ]; 21 } 22 #+end_src 23 * Configuration 24 :PROPERTIES: 25 :header-args: :tangle no :noweb-ref nixos-config 26 :END: 27 28 ** Hardware 29 Normal nixos installation comes with a hardware-configuration file. we are not going to add the contents of that 30 file here ourself, but instead add it as an external module. This is the only place where we'll do this 31 #+begin_src nix 32 ./hardware-configuration.nix 33 #+end_src 34 Also i want to have a full bluetooth experience 35 #+begin_src nix 36 { 37 hardware.bluetooth = { 38 enable = true; 39 package = pkgs.bluez; 40 }; 41 } 42 #+end_src 43 ** personal stuff 44 First, some personal stuff, so that I can tel people my computer is mine 45 #+begin_src nix 46 { 47 options.mainUser = with lib; mkOption { 48 type = types.str; 49 default = builtins.getEnv "USER"; 50 }; 51 } 52 #+end_src 53 54 and then the actual info: 55 #+begin_src nix 56 { 57 mainUser = "erik"; 58 networking.hostName = "RACEMONSTER"; 59 time.timeZone = "Europe/Amsterdam"; 60 } 61 #+end_src 62 ** Main user config 63 This sets up a (secret) default password for the main user and also sets some default groups 64 #+begin_src nix 65 { 66 users.mutableUsers = false; 67 # Define a user account. Don't forget to set a password with ‘passwd’. 68 users.users.${config.mainUser} = { 69 initialHashedPassword = "$6$XTH/sALyqg$G.bMWemErh4KGCAjUfT16DL96QMn/4NTmxlw6Z26wUVJn.tagQG.Fzmrz7uPkdiWZbBBFWP36.YA4hw9AcL8Q1"; 70 isNormalUser = true; 71 extraGroups = [ "video" "wheel" "NetworkManager" ]; # Enable ‘sudo’ for the user. 72 # shell = pkgs.nushell; 73 }; 74 } 75 #+end_src 76 Furthermore, I want to have some prefabs available in my $PATH if I make them 77 #+begin_src nix 78 { 79 environment.shellInit = 80 '' 81 if [ -h /etc/nixos/nix-prefabs/result ]; then 82 export PATH=$PATH:/etc/nixos/nix-prefabs/result/bin 83 fi 84 ''; 85 } 86 #+end_src 87 ** Init system 88 nixos is started with systemd-boot, since we don't run any other distros 89 #+begin_src nix 90 { 91 boot.loader.systemd-boot.enable = true; 92 boot.loader.efi.canTouchEfiVariables = true; 93 } 94 #+end_src 95 ** nixpkgs setup 96 not much info here right now. emacs itself now refers to emacsng 97 #+begin_src nix 98 { 99 nix.package = pkgs.nixVersions.stable; 100 programs.nix-ld = { 101 enable = true; 102 # use all the libraries that AppImage uses to load an image 103 libraries = with pkgs; [fuse] ++ (with appimageTools.defaultFhsEnvArgs; multiPkgs pkgs ++ targetPkgs pkgs); 104 }; 105 nixpkgs.config.allowUnfree = true; 106 nixpkgs.overlays = [ 107 (final: prev: { 108 emacs = (import sources.emacs-ng).outputs.packages."x86_64-linux".default; 109 emacsWithPackages = final.emacs.pkgs.withPackages; 110 inherit (nur.repos) instantos; 111 }) 112 ]; 113 } 114 #+end_src 115 *** cachix 116 Cachix and other substitute servers allow you to not have to compile things as much as you are supposed to 117 We will create a small module for cachix before we put in the rest declaratively 118 #+begin_src nix 119 { 120 options.nix.cacheAttrs = with lib; mkOption { 121 type = with types; attrsOf str; 122 default = {}; 123 124 }; 125 config = with lib; { 126 nix.settings.substituters = builtins.attrNames config.nix.cacheAttrs; 127 nix.settings.trusted-public-keys = builtins.attrValues config.nix.cacheAttrs; 128 }; 129 } 130 #+end_src 131 With the config in hand, we can now quickly and easily declare our substitute servers 132 #+begin_src nix 133 { 134 nix.cacheAttrs = { 135 "https://crazazy.cachix.org" = "crazazy.cachix.org-1:3KaIHK26pkvd5palJH5A4Re1Hn2+GDV+aXYnftMYAm4="; 136 "https://emacsng.cachix.org" = "emacsng.cachix.org-1:i7wOr4YpdRpWWtShI8bT6V7lOTnPeI7Ho6HaZegFWMI="; 137 # "https://ethancedwards8.cachix.org" = "ethancedwards8.cachix.org-1:YMasjqyFnDreRQ9GXmnPIshT3tYyFHE2lUiNhbyIxOc="; 138 "https://nix-community.cachix.org" = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; 139 # "https://nrdxp.cachix.org" = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="; 140 # "https://rycee.cachix.org" = "rycee.cachix.org-1:TiiXyeSk0iRlzlys4c7HiXLkP3idRf20oQ/roEUAh/A="; 141 # "https://cache.iog.io" = "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="; 142 }; 143 } 144 #+end_src 145 ** udev binds 146 I have a bindmount system so that I can easily make binds to persistent directories from my home directory 147 This should prevent clutter 148 *** The config 149 This part is quite advanced. It makes entries for filesystems and then makes a systemd service to re-assign 150 generated temporary directories to the owner of the home folder 151 #+begin_src nix 152 { 153 options = with lib; { 154 homeBinds = mkOption { 155 type = with types; listOf str; 156 default = [ ]; 157 description = "Bind mounts in your home folder"; 158 }; 159 persistRoot = mkOption { 160 type = types.str; 161 default = "/nix/persist"; 162 }; 163 }; 164 config = with lib; mkIf (config.homeBinds != [ ]) { 165 fileSystems = genAttrs (map (loc: "/home/${config.mainUser}/${loc}") config.homeBinds) 166 (loc: { 167 device = "${config.persistRoot}${loc}"; 168 fsType = "none"; 169 options = [ "bind" ]; 170 }); 171 systemd.services.fix-home-perms = { 172 wantedBy = [ "multi-user.target" ]; 173 after = map (loc: "${builtins.replaceStrings ["/"] ["-"] loc}.mount") config.homeBinds; 174 serviceConfig.Type = "oneshot"; 175 script = "chown -R ${config.mainUser} /home/${config.mainUser}"; 176 }; 177 }; 178 } 179 #+end_src 180 *** The binds 181 These are the binds themselves, they change frequently 182 #+begin_src nix 183 { 184 homeBinds = [ 185 ".config/keybase" 186 ".local/share/keybase" 187 ".ssh" 188 "Desktop" 189 "Documents/uni-docs" 190 "Documents/IdeaProjects" 191 "Documents/java-jars" 192 "Documents/notes" 193 "Music" 194 "Videos" 195 ]; 196 } 197 #+end_src 198 ** Visual stuff (X11) :noexport: 199 I don't acutally literally live in the terminal. So we have to implement some xorg and other stuff 200 *** Basics 201 Enable printing, sound and a good keyboard, along with x11 itself 202 #+begin_src nix :noweb-ref no 203 { 204 # Enable CUPS to print documents. 205 services.printing.enable = true; 206 207 # Enable sound. 208 sound.enable = true; 209 hardware.pulseaudio.enable = true; 210 211 # Enable the X11 windowing system. 212 services.xserver.enable = true; 213 services.xserver.layout = "us"; 214 services.xserver.xkbVariant = "altgr-intl"; 215 services.xserver.xkbOptions = "eurosign:e"; 216 # touchpad controls 217 services.xserver.libinput.enable = true; 218 } 219 #+end_src 220 *** instantos 221 I have decided to be lazy and not install a fancy window manager or whatever into the system. Thats headache 222 #+begin_src nix :noweb-ref no 223 { 224 environment.systemPackages = with pkgs.instantos; [ 225 imenu 226 islide 227 instantassist 228 instantconf 229 instantdata 230 instantdotfiles 231 instantlogo 232 instantmenu 233 instantnotify 234 instantsettings 235 instantshell 236 instantthemes 237 instantutils 238 instantwallpaper 239 instantwelcome 240 instantwidgets 241 instantwm 242 instantst 243 paperbash 244 rangerplugins 245 spotify-adblock 246 pkgs.dash 247 pkgs.xdg-user-dirs 248 pkgs.papirus-icon-theme 249 pkgs.arc-theme 250 pkgs.xorg.xeyes 251 pkgs.rofi 252 pkgs.ranger 253 ]; 254 services.xserver.displayManager.lightdm.enable = true; 255 services.xserver.windowManager.session = lib.singleton 256 { name = "instantwm"; 257 start = '' 258 startinstantos & 259 waitPID=$! 260 ''; 261 }; 262 } 263 #+end_src 264 ** Visual stuff (wayland) 265 After all, why /shouldn't/ I try wayland? 😈 266 #+begin_src nix 267 { 268 programs.wayfire.enable = true; 269 programs.wayfire.plugins = with pkgs.wayfirePlugins; [ 270 wcm 271 wf-shell 272 wayfire-plugins-extra 273 ]; 274 sound.enable = true; 275 fonts.packages = with pkgs; [ 276 noto-fonts 277 noto-fonts-cjk 278 noto-fonts-emoji 279 liberation_ttf 280 fira-code 281 fira-code-symbols 282 mplus-outline-fonts.githubRelease 283 dina-font 284 proggyfonts 285 ]; 286 environment.systemPackages = with pkgs; [ 287 wofi waypipe 288 ]; 289 } 290 #+end_src 291 ** Networking 292 Some default network settings for my laptop 293 #+begin_src nix 294 { 295 networking.networkmanager.enable = true; # Enables wireless support via NetworkManager 296 } 297 #+end_src 298 ** packages 299 *** Core packages 300 These are the normal packages that I use for core maintenance. I use a special hardened version of firefox that takes in some addons as well 301 [[https://github.com/nix-community/nur-combined/blob/master/repos/ijohanne/pkgs/firefox-hardened/default.nix][Hardened firefox source]] 302 #+begin_src nix 303 { 304 environment.systemPackages = let 305 myFirefox = with pkgs; wrapFirefox librewolf-unwrapped { 306 nixExtensions = builtins.filter lib.isDerivation (builtins.attrValues nur.repos.crazazy.firefox-addons); 307 libName = "librewolf"; 308 extraPolicies = { 309 CaptivePortal = false; 310 DisableFirefoxStudies = true; 311 DisablePocket = true; 312 DisableTelemetry = true; 313 DisableFirefoxAccounts = true; 314 DontCheckDefaultBrowser = true; 315 FirefoxHome = { 316 Pocket = false; 317 Snippets = false; 318 }; 319 UserMessaging = { 320 ExtensionRecommendations = false; 321 SkipOnboarding = true; 322 }; 323 }; 324 extraPrefs = '' 325 // Show more ssl cert infos 326 lockPref("security.identityblock.show_extended_validation", true); 327 // Enable userchrome css 328 lockPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); 329 // Enable light dev tools 330 lockPref("devtools.theme","light"); 331 // Misc other settings 332 lockPref("extensions.autoDisableScopes", 0); 333 lockPref("browser.uidensity", 1); 334 lockPref("browser.search.openintab", true); 335 lockPref("extensions.update.enabled", false); 336 lockPref("identity.fxaccounts.enabled", false); 337 lockPref("signon.rememberSignons", false); 338 lockPref("signon.rememberSignons.visibilityToggle", false); 339 lockPref("media.eme.enabled", true); 340 lockPref("browser.eme.ui.enabled", true); 341 lockPref("xpinstall.signatures.required",false); 342 lockPref("browser.shell.checkDefaultBrowser", false ); 343 ''; 344 }; 345 in 346 with pkgs; [ 347 bun 348 # compcert 349 curl 350 # deno 351 discord 352 gitFull 353 graalvm-ce 354 libreoffice 355 # krdc 356 mpv 357 # nur.repos.crazazy.seamonkey 358 myFirefox 359 unzip zip 360 vim 361 # vieb 362 (wine.override { wineBuild = "wineWow"; }) 363 ]; 364 # persistent directory for my browser details 365 homeBinds = [ 366 # ".mozilla/firefox" 367 ".config/discord" 368 ".wine" 369 ]; 370 } 371 #+end_src 372 *** Researchware 373 I am doing a research project and I need certain software to make that happen 374 #+begin_src nix :noweb-ref no 375 { 376 virtualisation.vswitch.enable = true; 377 environment.systemPackages = with pkgs; [ 378 mininet 379 # not universal for all pythons but it works for now 380 (python3.withPackages (p: [(p.mininet-python.overrideAttrs (_: { 381 postInstall = "cp $py/bin/mn $py/lib/python3.10/site-packages/mininet/__main__.py"; 382 }))])) 383 opam 384 bindfs 385 ]; 386 } 387 #+end_src 388 *** Steam 389 I like to play videogames sometimes, however steam also requires a little more special attention 390 #+begin_src nix 391 { 392 imports = [ 393 # nurModules.repos.crazazy.modules.private.steam-config 394 ]; 395 programs.steam.enable = true; 396 homeBinds = [ 397 ".local/share/Steam" 398 ]; 399 environment.systemPackages = with pkgs; [ 400 steam 401 ]; 402 } 403 #+end_src 404 *** Emacs 405 Emacs needs to be integrated into the rest of the system. We are going to do that via a emacs daemon 406 #+begin_src nix 407 { 408 services.emacs = { 409 # package = import ./emacs.nix; 410 package = pkgs.emacs29-pgtk; 411 defaultEditor = true; 412 enable = true; 413 }; 414 homeBinds = [ 415 ".config/emacs" 416 ]; 417 } 418 #+end_src 419 *** QEMU & frens 420 I also sometimes run qemu vms. The qemu's manager will be libvirtd, but not sure if I will even use that 421 #+begin_src nix 422 { 423 virtualisation.libvirtd.enable = true; 424 } 425 #+end_src 426