knazarov/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/configuration.nix

715 lines
20 KiB
Nix
Raw Normal View History

Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, nixpkgs, pkgs, home-manager, ... }:
let
Add automation around git-plan
2023-08-15 14:25:03 +00:00
my_python = (pkgs.python3.withPackages (ps: with ps; [
git_plan]));
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
in
{
imports =
[
#./gnupg.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.extraOptions = ''
!include ${config.sops.secrets.github_token.path}
bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040
'';
sops = {
environment.SOPS_GPG_EXEC = "${pkgs.gnupg}/bin/gpg";
defaultSopsFile = ./secrets.yaml;
secrets = {
fastmail_password = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
github_token = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
Add automation around git-plan
2023-08-15 14:25:03 +00:00
git_plan_config = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
git_plan_credentials = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
mullvad_account = {};
};
};
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Mainly to access SMB shares on local network
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.knazarov = {
isNormalUser = true;
description = "Konstantin Nazarov";
extraGroups = [
"networkmanager"
"wheel"
config.users.groups.keys.name
];
packages = with pkgs; [];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGxebDydOcs7URJjXFHMU++ruaZOJpXbK4ixH19pWTsX7WtxxriZxD4+RQ3oyllGG/8sEFzEe0NoTHUPU6YrBpfwT/ekGDmCJHtvZ+rZs+cRQd6tObfAUip1B1Mcvhuaj0prnrbfohOuHpvQ/L8TogIKuHgczDmud4KGUu0mxCsUHbD5tlKpsgN+dJXkvjxsO7JhhF9JpFTrYAU0gTuBPTt3ynpnZKrE1NgnE0iy+CEr/v41dLqxw3fUjT3nOFUQ1l/VKTw5mLt5Iw7XmBLuFGLRAVrwzXxeBCfYqKGYgY4QV8HCcVpcqC8zWmRskiRetzQ/5HwRagm4yZr0I+LZ305nGB0cSJzLWXXOUF6SDg2cqAXFpF/o2LoFCmaV5h3jmCGOUrowF7oV4mYwBMWfabrbZx21z/R56GkAOOEKc2h+Qh5wIj4yayX081SkqJK3J9+3vGG4VvXnwGnPnWQFqrzeedyV74maffGBGFYm0UOcD+oG6EwM+7MEUBpJm9m4c= knazarov"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkDvP2BO1uV0AwEjABYFEiA2BbGo1IsSht4emYMRLgi root@mira"
];
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# needed to request polkit access (for instance, for SMB shares)
lxqt.lxqt-policykit
vim
waybar
foot
wayland
xdg-utils
glib
dracula-theme
gnome3.adwaita-icon-theme
swaylock
swayidle
wl-clipboard
qutebrowser
keyd
tdesktop
git
source-code-pro
pavucontrol
brightnessctl
sops
age
ssh-to-age
syncthing
pass
pkgs.gnupg
pciutils
slack
q-sh
transmission-gtk
mpv
imv
okular
yt-dlp
evince # document viewer
firefox
gthumb
unzip
somafm-cli
yubikey-manager
yubikey-manager-qt
gnome.gedit # temporary
ripgrep
file
zoom-us
obs-studio
gnome.nautilus
xfce.thunar
zig
morph
gomuks
nheko
mullvad-vpn
mullvad
Add USB auto-mounting and git-plan
2023-08-14 21:50:06 +00:00
usbutils
Add git send-email support
2023-08-19 18:18:44 +00:00
wf-recorder
Turn server and wacom stylus setup
2023-09-09 21:17:02 +00:00
xournalpp
dnsutils
Commit latest bunch of small changes
2023-09-26 20:19:24 +00:00
graphviz
Turn server and wacom stylus setup
2023-09-09 21:17:02 +00:00
#network-manager-applet
Switch to clang-tools from clang16
2023-08-08 23:20:59 +00:00
(clang-tools.override { llvmPackages = llvmPackages_16; }) # mainly for clang-format
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
(emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
Migrate to released emacs 29 and reduce animations in gtk
2023-08-04 16:45:18 +00:00
package = emacs29-pgtk.overrideAttrs (old: {
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
withTreeSitter = true;
});
alwaysEnsure = true;
extraEmacsPackages = epkgs: [
pkgs.mu
epkgs.treesit-grammars.with-all-grammars
];
})
# wget
Add automation around git-plan
2023-08-15 14:25:03 +00:00
my_python
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
];
services.mullvad-vpn = {
enable = true;
};
Turn server and wacom stylus setup
2023-09-09 21:17:02 +00:00
systemd.services."mullvad-daemon".postStart = let
mullvad = config.services.mullvad-vpn.package;
in ''
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
while ! ${mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
${mullvad}/bin/mullvad account login `cat /var/run/secrets/mullvad_account`
${mullvad}/bin/mullvad auto-connect set on
${mullvad}/bin/mullvad tunnel ipv6 set on
'';
Turn server and wacom stylus setup
2023-09-09 21:17:02 +00:00
services.fwupd.enable = true;
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
services.gnome.gnome-keyring.enable = true;
services.emacs.package = nixpkgs.emacsUnstablePgtk;
# Enables wayland support in electron apps (e.g. slack)
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Set default browser to qutebrowser in electron apps
environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.qutebrowser}/bin/qutebrowser";
# Set default browser to qutebrowser everywhere else
xdg.mime.defaultApplications = {
"text/html" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
};
# Enable screen sharing on Wayland
xdg = {
portal = {
enable = true;
Add git send-email support
2023-08-19 18:18:44 +00:00
wlr.enable = true;
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.package = pkgs.gnupg;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# List services that you want to enable:
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
Add git send-email support
2023-08-19 18:18:44 +00:00
wireplumber.enable = true;
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
};
Tune PipeWire settings, and block some of the bots on my site
2023-08-17 17:33:56 +00:00
# Disable unneeded PipeWire devices and rename the ones I use to more recognizable names
environment.etc."wireplumber/main.lua.d/51-device-rename.lua".text = ''
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_output.usb-Audioengine_LLC_Audioengine_2__AE202010001A2002-00.analog-stereo" },
},
},
apply_properties = {
["node.description"] = "Speakers",
["node.nick"] = "Speakers",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_output.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-chat" },
},
},
apply_properties = {
["node.description"] = "Headphones",
["node.nick"] = "Headphones",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_input.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-chat" },
},
},
apply_properties = {
["node.description"] = "Headphone Mic",
["node.nick"] = "Headphone Mic",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_output.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-game" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_output.pci-0000_14_00.1.hdmi-stereo" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_input.usb-MACROSILICON_USB_Video-02.analog-stereo" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
'';
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
services.dbus.enable = true;
services.greetd = {
enable = true;
settings = rec {
initial_session = {
command = "${pkgs.sway}/bin/sway";
user = "knazarov";
};
default_session = initial_session;
};
};
services.keyd = {
enable = true;
Switch to a stable nixos channel (23.05)
2023-08-21 22:42:02 +00:00
ids = [ "*" ];
settings = {
main = {
capslock = "overload(control, esc)";
leftalt = "layer(meta_mac)";
leftmeta = "layer(alt)";
};
"meta_mac:M" = {
c = "C-insert";
v = "S-insert";
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
};
};
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# settings = {
# passwordAuthentication = false;
# kbdInteractiveAuthentication = false;
# };
};
networking.firewall.allowedTCPPorts = [
# Syncthing
8384 22000
];
networking.firewall.allowedUDPPorts = [
# Syncthing
22000 21027
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
# needed for sway
security.polkit.enable = true;
# needed for pipewire
security.rtkit.enable = true;
# allow remote rebuilds
nix.settings.trusted-users = [ "@wheel" ];
# needed for YubiKey smartcard support
services.pcscd.enable = true;
fonts.fontDir.enable = true;
Switch to a stable nixos channel (23.05)
2023-08-21 22:42:02 +00:00
fonts.fonts = with pkgs; [
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
dejavu_fonts
source-code-pro
font-awesome # for waybar indicators
];
home-manager.users.knazarov = {
/* The home.stateVersion option does not have a default and must be set */
home.stateVersion = "23.05";
programs.bash = {
enable = true;
bashrcExtra = ''
if [[ "$INSIDE_EMACS" = 'vterm' ]] \
&& [[ -n ''${EMACS_VTERM_PATH} ]] \
&& [[ -f ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh ]]; then
source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh
fi
'';
};
Migrate to released emacs 29 and reduce animations in gtk
2023-08-04 16:45:18 +00:00
gtk = {
enable = true;
gtk3.extraConfig = {
Properly enable clang-format and disable animations in gtk
2023-08-04 20:18:56 +00:00
gtk-enable-animations = "0";
};
gtk4.extraConfig = {
gtk-enable-animations = "0";
Migrate to released emacs 29 and reduce animations in gtk
2023-08-04 16:45:18 +00:00
};
};
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
programs.gpg = {
enable = true;
package = pkgs.gnupg;
Add automation around git-plan
2023-08-15 14:25:03 +00:00
publicKeys = [
{source = ./gpg_public_key.asc; trust="ultimate"; }
{source = ./pgp_keys/FB4809DC51A4F483.asc; trust= "ultimate"; }
];
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
settings = {
default-key = "0x0560020C9C577C1B";
};
mutableKeys = false;
mutableTrust = false;
};
programs.git = {
enable = true;
Add git send-email support
2023-08-19 18:18:44 +00:00
package = pkgs.gitAndTools.gitFull; # needed for git send-email support
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
userName = "Konstantin Nazarov";
userEmail = "mail@knazarov.com";
signing = {
gpgPath = "${pkgs.gnupg}/bin/gpg2";
key = "0x0560020C9C577C1B";
signByDefault = true;
};
};
accounts.email = {
maildirBasePath = "${config.users.users.knazarov.home}/Maildir";
accounts = {
personal = let account = "mail@knazarov.com"; in {
primary = true;
flavor = "fastmail.com";
address = account;
userName = account;
realName = "Konstantin Nazarov";
passwordCommand = "cat /run/secrets/fastmail_password";
gpg = {
key = "0x0560020C9C577C1B";
signByDefault = true;
};
mu.enable = true;
msmtp.enable = true;
mbsync = {
enable = true;
# Folders existing on the server, but not locally, will be created.
create = "maildir";
};
};
};
};
programs.mu = {
enable = true;
};
programs.msmtp.enable = true;
programs.mbsync = {
enable = true;
};
#services.easyeffects = {
# enable = true;
#};
services.swayidle = {
enable = true;
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -f -c 000000";}
{ timeout = 600;
command = "${pkgs.sway}/bin/swaymsg \"output * dpms off\"";
resumeCommand = "${pkgs.sway}/bin/swaymsg \"output * dpms on\"";}
];
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock -f -c 000000"; }
];
};
wayland.windowManager.sway = {
enable = true;
xwayland = true;
config = rec {
modifier = "Mod4";
terminal = "foot";
bars = [{
"command" = "waybar";
}];
keybindings = pkgs.lib.mkOptionDefault {
"XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
"XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
"XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "exec brightnessctl s +5%";
"XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
"Mod4+Return" = "exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'";
"Mod4+space" = "exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q";
"Mod4+p" = "exec '${pkgs.grim}/bin/grim -g \"$$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png'";
};
output = {
"*" = { bg = "${./wallpaper.jpg} fill";};
"Lenovo Group Limited LEN T32p-20 VNA4VRNY" = { scale = "1.5"; };
};
input = {
"type:keyboard" = {
xkb_layout = "us,ru";
xkb_options = "grp:alt_space_toggle";
};
};
gaps = {
inner = 10;
outer = 5;
};
colors.unfocused = {border = "#dddddd";
background = "#dddddd";
text = "#888888";
indicator = "#888888";
childBorder = "#888888";};
};
extraConfig = ''
for_window [title="mylauncher"] floating enable
Switch to a stable nixos channel (23.05)
2023-08-21 22:42:02 +00:00
for_window [title="Firefox.*Sharing Indicator"] floating enable;
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
default_border pixel 3
Turn server and wacom stylus setup
2023-09-09 21:17:02 +00:00
input 1386:885:Wacom_Intuos_M_Pen map_to_output HDMI-A-1
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
'';
};
programs.foot = {
enable = true;
settings = {
main = {
font="monospace:size=10";
};
colors = {
background="feffff";
foreground="333333";
regular0="333333";
regular1="bd4436";
regular2="008700";
regular3="cdcc42";
regular4="0017f5";
regular5="b92cc6";
regular6="5bbdf9";
regular7="c7c7c7";
bright0="333333";
bright1="bd4436";
bright2="008700";
bright3="cdcc42";
bright4="0017f5";
bright5="b92cc6";
bright6="5bbdf9";
bright7="feffff";
};
key-bindings = {
clipboard-copy="Control+Insert";
clipboard-paste="Shift+Insert";
primary-paste="Control+Shift+v";
};
};
};
programs.qutebrowser = {
enable = true;
searchEngines = {
DEFAULT = "https://kagi.com/search?q={}";
g = "https://www.google.com/search?hl=en&q={}";
};
#config.set('content.media.video_capture', True, 'https://www.meet.google.com')
settings = {
tabs.position = "left";
content.cookies.accept = "no-3rdparty";
};
extraConfig = ''
config.set('content.javascript.can_access_clipboard', True, 'amazon.com')
config.set('content.javascript.can_access_clipboard', True, 'awsapps.com')
config.set('content.media.audio_capture', True, 'https://meet.google.com')
config.set('content.media.video_capture', True, 'https://meet.google.com')
config.set('content.media.audio_video_capture', True, 'https://meet.google.com')
config.set('content.notifications.enabled', False, 'https://meet.google.com')
config.set('content.register_protocol_handler', False, 'https://calendar.google.com?cid=%25s')
'';
keyBindings = {
insert = {
"<Shift+Ins>" = "insert-text -- {clipboard}";
};
};
};
programs.waybar = {
enable = true;
settings = [{
layer = "top";
position = "top";
height = 24;
modules-left = ["sway/workspaces" "sway/mode"];
modules-center = ["sway/window"];
modules-right =
[ "idle_inhibitor" "battery" "clock" "tray" ];
clock.format = "{:%Y-%m-%d %H:%M}";
battery = {
states = {
# good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-alt = "{time} {icon}";
format-icons = ["" "" "" "" ""];
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
}];
};
services.syncthing = {
enable = true;
};
home.pointerCursor = {
name = "Adwaita";
package = pkgs.gnome.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
};
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
};
services.udev.packages = [
pkgs.android-udev-rules
];
Add USB auto-mounting and git-plan
2023-08-14 21:50:06 +00:00
#udevadm info --query=all --name=/dev/sda1 | grep ID_SERIAL
Tune PipeWire settings, and block some of the bots on my site
2023-08-17 17:33:56 +00:00
services.udev.extraRules =
''ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", '' +
''ENV{ID_FS_USAGE}=="filesystem", ENV{ID_SERIAL_SHORT}=="Hidizs_AP80PRO", '' +
''RUN{program}+="${pkgs.systemd}/bin/systemd-mount --owner knazarov '' +
''--no-block --automount=yes --collect $devnode /media"'';
Add automation around git-plan
2023-08-15 14:25:03 +00:00
systemd.timers."git_plan" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec="1h";
OnUnitActiveSec="1h";
Unit = "git_plan.service";
};
};
systemd.services."git_plan" = {
script = ''
${my_python}/bin/python3 -m git_plan -c /var/run/secrets/git_plan_config -r /var/run/secrets/git_plan_credentials oneshot
'';
serviceConfig = {
Type = "oneshot";
User = "knazarov";
StateDirectory="git_plan";
Environment="PYTHONUNBUFFERED=1";
};
};
systemd.timers."git_plan_pr" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar= "Mon,Tue,Wed,Thu,Fri *-*-* 10:00:00";
Unit = "git_plan_pr.service";
};
};
systemd.services."git_plan_pr" = {
script = ''
${my_python}/bin/python3 -m git_plan -c /var/run/secrets/git_plan_config -r /var/run/secrets/git_plan_credentials pr
'';
serviceConfig = {
Type = "oneshot";
User = "knazarov";
StateDirectory="git_plan";
Environment="PYTHONUNBUFFERED=1";
};
};
Initial release of my NixOS configuration
2023-07-30 16:18:49 +00:00
}
Reference in a new issue Copy permalink