Skip to content

Instantly share code, notes, and snippets.

@Tombert

Tombert/configuration2.nix

Created March 26, 2025 22:21
Show Gist options
  • Save Tombert/8497dc1583b981c95c8de964afed8eae to your computer and use it in GitHub Desktop.
Save Tombert/8497dc1583b981c95c8de964afed8eae to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration2.nix
{ config, lib, pkgs, ... }:
let
user = "tombert";
hostname = "puter";
in {
system.stateVersion = "24.05";
time = { timeZone = "America/New_York"; };
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
"tpm_tis"
];
luks.devices.main = {
device = "/dev/disk/by-uuid/56188553-f321-4a80-b4e9-cb6212ab1244";
allowDiscards = true;
};
};
kernelModules = [
"v4l2loopback"
"thunderbolt"
"atlantic"
"st"
"sg"
"mpt3sas"
"amdgpu"
"xpad"
];
extraModulePackages = [ pkgs.linuxPackages_latest.v4l2loopback ];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [ "usbcore.autosuspend=-1" ];
};
networking = {
wireless.iwd.enable = true;
firewall = {
enable = true;
allowedUDPPorts = [ 1900 5350 5351 5353 ];
};
};
hardware = {
#decklink.enable = true;
xone.enable = true;
graphics = {
enable = true;
enable32Bit = true;
};
cpu.amd.updateMicrocode = true;
enableAllFirmware = true;
};
networking = { hostName = hostname; };
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
powerManagement.powertop.enable = true; # powertop, auto-cpufreq, thermald
programs = {
system-config-printer.enable = true;
zsh.enable = true;
steam.enable = true;
};
users = {
defaultUserShell = pkgs.zsh;
#defaultUserShell = pkgs.nushell;
mutableUsers = false;
users = {
"root" = { uid = 0; };
"${user}" = {
isNormalUser = true;
uid = 1001;
group = "users";
extraGroups = [
"audio"
"docker"
"i2c"
"kvm"
"lp"
"pipewire"
"podman"
"scanner"
"tss"
"video"
"wheel"
];
initialPassword = "pw123";
openssh.authorizedKeys.keys = [ ];
};
};
};
xdg.portal = {
enable = true;
wlr.enable = true;
};
# xdg = {
# autostart.enable = true;
# portal = {
# enable = true;
# config.common.default = "wlr";
# extraPortals = [pkgs.xdg-desktop-portal-wlr];
# wlr.enable = true;
# };
# };
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export NIXOS_OZONE_WL=1
export XDG_CURRENT_DESKTOP=sway
export SDL_VIDEODRIVER=wayland,x11
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export QT_QPA_PLATFORM=wayland
'';
};
services = {
xserver.displayManager.gdm.enable = false;
greetd.enable = false;
open-webui = {
enable = false;
port = 8081;
environment = {};
};
pulseaudio.enable = false;
hardware = { bolt.enable = true; };
resolved.enable = true;
printing = {
logLevel = "debug";
stateless = true;
enable = true;
drivers = [ pkgs.gutenprint pkgs.splix ];
};
consul = {
enable = true;
webUi = true;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
system-config-printer.enable = true;
gnome.gnome-keyring.enable = true;
# enable sway window manager
#xserver = {
# enable = true;
# displayManager = {
# gdm.enable = true;
# };
# desktopManager.gnome.enable = true;
#};
openssh = {
enable = false;
openFirewall = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
};
pipewire = {
enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
snapper = {
configs = {
home = {
SUBVOLUME = "/home";
ALLOW_USERS = [ user ];
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
};
persist = {
SUBVOLUME = "/persist";
ALLOW_USERS = [ user ];
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
};
};
};
thermald = { enable = true; };
};
systemd = {
services = {
iwd.serviceConfig.BindPaths = "/persist/iwd:/var/lib/iwd";
nix-daemon.serviceConfig.Environment = "TMPDIR=/swap/build";
};
};
environment = {
variables = {
PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";
XCURSOR_SIZE = "96";
XCURSOR_THEME = "Adwaita";
XDG_CURRENT_DESKTOP = "sway";
NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs;
lib.mkMerge [
# custom
[
# console stuff
bat
parallel
unzip
tmux
openssl
foot
dconf-editor
waybar
jq
iw
]
[
# Development
neovim
iwgtk
evince
imv
zsh-fzf-history-search
galculator
gcc
libgcc
octaveFull
fzf
silver-searcher
gnumake
clang
curlFull
cmake
jetbrains.idea-community
graalvm-ce
#temurin-bin
#jdk21
clojure
gradle
vscode
texliveFull
#okular
adobe-reader
nfs-utils
filezilla
transmission-remote-gtk
qemu
wget
kdePackages.calligra
]
[
# Fonts
comic-mono
adwaita-icon-theme
]
[
# math stuff
tlaplusToolbox
alloy6
workcraft
]
[
# Games
r2modman
_86Box-with-roms
aisleriot
protonplus
wine
winetricks
itch
lutris
heroic
gamescope
bigpemu
mgba
gdevelop
]
[
# encryption
pass
git
gnupg
pinentry
]
[
# Configuration
gnome-tweaks
]
[
# media
openscad
vlc
drawio
obs-studio
linuxPackages.v4l2loopback
v4l-utils
pavucontrol
blackmagic-desktop-video
opentoonz
lightworks
bitwig-studio
krita
]
[
# communication stuff
skypeforlinux
teams-for-linux
discord
signal-desktop
protonvpn-gui
]
[
# web stuff
firefox
google-chrome
chromium
brave
]
[
# Bureaucratic
obsidian
djview
mutt
protonmail-bridge
libreoffice
onlyoffice-bin
]
[
# utilities
wl-clipboard
gnome-system-monitor
swaybg
gnome-calculator
calc
ulauncher
slurp
cups
system-config-printer
virtualbox
asunder
makemkv
rocmPackages.clr
nautilus
xfce.thunar
xdg-desktop-portal
xfce.tumbler # for thumbnails
dbus
gvfs
]
[
# Tape
hpe-ltfs
mt-st
mtx
linuxKernel.packages.linux_zen.xone
]
[
# network
ethtool
]
[
# group of programs 3
fx
black
]
];
};
zramSwap = {
enable = true;
memoryPercent = 20;
algorithm = "zstd";
};
fileSystems = let
dev = "/dev/mapper/main";
fsDisk = "btrfs";
fsTmp = "tmpfs";
fsBind = "none";
atime = "noatime";
comp = "compress-force=zstd:3";
bindOpts = [ "bind" ];
in {
"/" = {
device = "none";
fsType = fsTmp;
options = [ "defaults" "size=16G" "mode=755" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/persist" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=persist" ];
};
"/home" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=home" ];
};
"/swap" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=swap" ];
};
"/data" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=data" ];
};
"/cache" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=cache" ];
};
"/nix" = {
device = dev;
fsType = fsDisk;
options = [ "subvol=nix" atime comp ];
};
"/etc/nixos" = {
device = "/persist/nixos";
fsType = fsBind;
options = bindOpts;
};
"/var/log/journal" = {
device = "/persist/journal";
fsType = fsBind;
options = bindOpts;
};
"/root/.cache" = {
device = "/cache/rootcache";
fsType = fsBind;
options = bindOpts;
};
"/var/cache" = {
device = "/cache/varcache";
fsType = fsBind;
options = bindOpts;
};
"/var/lib/bluetooth" = {
device = "/persist/bluetooth";
fsType = fsBind;
options = bindOpts;
};
};
swapDevices = [{ device = "/swap/swapfile"; }];
networking.useDHCP = lib.mkDefault true;
nixpkgs = {
config = {
permittedInsecurePackages = [
"python-2.7.18.8"
"adobe-reader-9.5.5"
"electron-27.3.11"
"libtiff-4.0.3-opentoonz"
];
allowUnfree = true;
};
hostPlatform = lib.mkDefault "x86_64-linux";
};
#[ { device = "/swap/swapfile"; } ];
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment