nix/configuration.nix
2023-07-01 16:55:06 +09:00

223 lines
No EOL
5.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
# Nix Reference Manual:
# https://nixos.org/manual/nix/stable/
# NixOS Packages / Options:
# https://search.nixos.org/packages?
# Other things to consider:
# Telegraf
{ lib, config, pkgs, ... }: {
imports =
[
# Gnome configuration file.
./desktops/gnome.nix
# Promtail logging
./software/promtail.nix
];
# Keep the system up-to-date automatically
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
channel = https://channels.nixos.org/nixos-23.05;
};
};
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
# Hibernation resume device:
boot.resumeDevice = "/dev/disk/by-uuid/67600fc1-6d26-4d2f-b2d3-a99174654058";
# Plymouth splash screen
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.kernelParams = ["quiet"];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Enable swap on luks
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".device = "/dev/disk/by-uuid/9704447e-6bd0-4a35-9c24-20cbab81c431";
boot.initrd.luks.devices."luks-9704447e-6bd0-4a35-9c24-20cbab81c431".keyFile = "/crypto_keyfile.bin";
# Enable networking
networking = {
hostName = "${hostname}";
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ ];
};
};
# Set your time zone.
time.timeZone = "Asia/Tokyo";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure the fingerprint reader
services.fprintd = {
enable = true;
tod.enable = true;
tod.driver = pkgs.libfprint-2-tod1-vfs0090;
};
# Configure keymap in X11
services.xserver = {
enable = true;
layout = "us";
xkbVariant = "";
libinput = {
enable = true;
touchpad.tapping = true;
};
# Enable nVidia drivers
videoDrivers = [ "nvidia" ];
autorun = true;
};
# Enable nVidia PRIME Render Offload
# https://github.com/NixOS/nixos-hardware/blob/master/lenovo/thinkpad/p1/3th-gen/nvidia.nix
hardware.nvidia.prime = {
# Bus ID of the Intel GPU.
intelBusId = lib.mkDefault "PCI:0:2:0";
# Bus ID of the NVIDIA GPU.
nvidiaBusId = lib.mkDefault "PCI:1:0:0";
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.albert = {
isNormalUser = true;
description = "Albert J. Copeland";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
firefox
bitwarden
steam
lutris
vlc
vscodium
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Enable flakes: https://nixos.wiki/wiki/Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# List packages installed in system profile. To search, run:
environment.systemPackages = with pkgs; [
# Secureboot
sbctl
# Fingerprint Reader
fprintd
# General packages
# https://github.com/gvolpe/dconf2nix
dconf2nix
wget
vim
git
curl
htop
iftop
nload
iotop
glxinfo
tailscale
neofetch
];
# Enable the OpenSSH daemon and Tailscale.
services.openssh.enable = true;
services.tailscale.enable = true;
# Garbage collection -- Keep the system clean
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# Configure BASH exports
programs = {
bash = {
enableCompletion = true;
enableLsColors = true;
shellAliases = {
d = "docker";
dc = "docker-compose";
de = "docker exec -it";
ddate = "date +%Y.%m.%d";
dday = "date +%A";
cp = "rsync -avr";
g = "git";
ga = "git add -A";
gb = "git branch";
gc = "git commit";
gca = "git commit -a";
gco = "git checkout";
gd = "git diff";
gp = "git pull --prune";
gpu = "git push origin HEAD";
gs = "git status -sb";
hs = "home-manager switch";
ll = "ls -lah";
rm = "rm -i";
tdate = "date +%Y.%m.%d..%H.%M";
ttime = "date +%H.%M";
nr = "nixos-rebuild";
};
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}