#+TITLE: JawZ NixOS main Configuration #+AUTHOR: Danilo Reyes #+PROPERTY: header-args :tangle configuration.nix #+auto_tangle: t * TODO - [ ] Clean up configuration file - [ ] Check music [0/5] - [ ] Last.fm - [ ] Libre.fm (optional) - [ ] Beet plugins work - [ ] Beet web server works - [ ] Move music around - [ ] System configurations [0/6] - [ ] Bluetooth multiple devices + pass-through - [ ] Automatic updates - [ ] SSH settings - [ ] Automatic garbage collection - [ ] Firewall ports - [ ] Topgrade (perhaps unnecessary) - [ ] SystemD services [0/3] - [ ] FStrim - [ ] BTRFS scrub - [ ] Personal scripts [0/3] - [ ] download - [ ] Instagram - [ ] startup tasks - [ ] Migrate dotfiles [0/3] - [ ] .config [0/3] - [ ] celluloid [0/2] - [ ] Make sure plugins work - [ ] Declare plugins? - [ ] Firefox [0/7] https://ffprofile.com/#finish - [ ] Extensions - [ ] Settings - [ ] Gnome integration - [ ] Profile - [ ] Bookmarks - [ ] Extra security/privacy config - [ ] gallery-dl integration - [ ] - [ ] .var - [ ] .local/share [0/2] - [ ] beets - [ ] mpd - [ ] Migrate apps [0/4] - [ ] paru - [ ] pipx - [ ] pip IMPORTANT for beet - [ ] appimages - [ ] Figure out how to get rid of xterm - [ ] Compile missing apps [0/4] - [ ] Identity https://gitlab.gnome.org/YaLTeR/identity Only challenge may be gstreamer, but probably not an issue. May be the easier one to package. - [ ] Bats https://github.com/bats-core/bats-core - [ ] wine-discord-ipc-bridge https://github.com/fufexan/nix-gaming - [ ] make binaries of my own scripts https://github.com/asimpson/dotfiles/blob/899b45e1586aac04d4e5541d638bbbffc66b4bba/nixos/scripts.nix - [ ] AdwCustomizer [0/1] https://github.com/AdwCustomizerTeam/AdwCustomizer - [ ] Figure out pip - [ ] (optional) adw-gtk3 theme https://github.com/lassekongo83/adw-gtk3#readme I think it can be locally installed, no need for theme, but in case https://github.com/NixOS/nixpkgs/blob/nixos-22.05/pkgs/data/themes/vertex/default.nix#L32 * ABOUT Setting up the document. #+begin_src nix { config, pkgs, ... }: { # Remember to close this bracket at the end of the document #+end_src ** IMPORTS These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules, but for the time being, the two ones I need are hardware and home-manager. #+begin_src nix imports = [ ./hardware-configuration.nix ]; #+end_src * BOOT I am comfortable with the defaults which NixOS recommends for UEFI systems. #+begin_src nix boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; #+end_src * SYSTEM CONFIGURATION ** NETWORKING At the moment, I don't have a wireless card on this computer, however as I build a new system, such setting may come in handy. #+begin_src nix networking.hostName = "workstation"; #+end_src Pick *ONLY ONE* of the below networking options. - *wireless.enable* enables wireless support via wpa_supplicant. - *NetworkManager* it's the default of GNOME, and easiest to use and integrate. #+begin_src nix # networking.wireless.enable = true; networking.networkmanager.enable = true; #+end_src ** TIMEZONE #+begin_src nix time.timeZone = "America/Mexico_City"; #+end_src ** LOCALE For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date. #+begin_src nix i18n.defaultLocale = "en_CA.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. }; #+end_src * DISPLAY MANAGER At the time of writing this file, I require of X11, as the NVIDIA support for Wayland isn't perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update. #+begin_src nix services.xserver.enable = true; #+end_src As previously mentioned, the settings for useXkbConfig prompt issues. #+begin_src nix services.xserver.layout = "us"; # services.xserver.xkbOptions = { # "eurosign:e"; # "caps:escape" # map caps to escape. # }; #+end_src * GNOME Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing. #+begin_src nix services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour gnome-text-editor gnome-connections baobab ]) ++ (with pkgs.gnome; [ totem gedit gnome-music epiphany gnome-characters yelp simple-scan gnome-font-viewer ]); #+end_src * HARDWARE ** BLUETOOTH #+begin_src nix hardware.bluetooth.enable = true; #+end_src ** SOUND In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/ This is a basic PipeWire configuration, in the future stuff like Bluetooth or latency will require expanding these settings. #+begin_src nix hardware.pulseaudio.enable = false; sound.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; #+end_src * SECURITY Recently, I've gotten frustrated with OpenDoas, as such I've decided to temporarily enable Sudo, but in the future, I plan to revert that decision. ** SUDO #+begin_src nix security.sudo = { enable = true; wheelNeedsPassword = false; }; #+end_src ** OPENDOAS It's mayor advantage over Sudo, is that is being a smaller package, being lessen known means that there is less security risks associated with it, overall a less bloated more secure package. Which comes with the caveat that due to it's age, there is little support for it. Constantly having to resort to hack solutions such as patches or symlinks. #+begin_src nix # security.sudo.enable = false; # security.doas.enable = true; # security.doas.extraRules = [{ # users = [ "jawz" ]; # keepEnv = true; # #persist = true; # noPass = true; # }]; #+end_src * USER Being part of the "wheel" group, means that the user has root privileges. #+begin_src nix users.users.jawz = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; initialPassword = "password"; shell = pkgs.fish; packages = with pkgs; [ ]; }; #+end_src * MISC SETTINGS ** ALLOW NON FREE packages #+begin_src nix nixpkgs.config = { allowUnfree = true; }; #+end_src ** ENABLE FONTCONFIG If enabled, a Fontconfig configuration file will point to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts. =tip= once that Wayland is ready for deployment, I probably can remove this setting. #+begin_src nix fonts.fontconfig.enable = true; #+end_src ** WACOM This setting could be a requirement for my tablet to properly work. Even though, my tablet is Huion, the Linux Wacom drivers cover most of the settings. #+begin_src nix # services.xserver.libinput.enable = true; #+end_src * HOME-MANAGER ** HOME-MANAGER SETTINGS These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system. #+begin_src nix home-manager.useUserPackages = true; home-manager.useGlobalPkgs = true; #+end_src ** PACKAGES This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary. #+begin_src nix home-manager.users.jawz = { config, pkgs, ... }:{ imports = [ ./dotfiles/dconf.nix ]; home.packages = with pkgs; [ #+end_src *** GUI PACKAGES #+begin_src nix blanket # background noise blender # cgi animation and sculpting celluloid # video player cozy # audiobooks player czkawka # duplicate finder discord # chat dropbox # cloud sync # foliate # ebook reader # gnome-podcasts # podcast player # gnome-recipes # migrate these to mealie and delete godot # game development google-chrome # web browser handbrake # video converter, may be unnecessary # krita # art to your heart desire! # libreoffice-fresh # office, but based # lutris # game/emulator manager megasync # cloud sync mpdevil # ugly icon, but pretty mpd client nwn # pika-backup # backups pitivi # video editor tilix # terminal #+end_src *** MISC PACKAGES #+begin_src nix ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem mpdas # scrobble mpd songs to last.fm #+end_src *** COMMAND-LINE PACKAGES #+begin_src nix gdu # disk-space utility, somewhat useful gocryptfs # encrypted filesystem! shhh!!! exa # like ls but with colors trash-cli # oop! didn't meant to delete that ffmpeg_5 # coolest video converter! #+end_src *** DEVELOPMENT PACKAGES **** DOOM EMACS #+begin_src nix fd # modern find, faster searches fzf # fuzzy finder! super cool and useful ripgrep # modern grep # SH bashdb # autocomplete shellcheck # linting nodePackages.bash-language-server # LSP support # NIX nixfmt # linting # PYTHON. python # base language # HASKELL # cabal-install # haskell interface # JS # jq # linting # Node-js # nodePackages.pnpm #+end_src **** EXERCISM #+begin_src nix #+end_src *** GNOME EXTENSIONS #+begin_src nix gnomeExtensions.appindicator gnomeExtensions.gsconnect gnome.gnome-tweaks #+end_src *** HUNSPELL These dictionaries work with Firefox, Doom Emacs and LibreOffice. #+begin_src nix hunspell hunspellDicts.it_IT hunspellDicts.es_MX hunspellDicts.en_CA #+end_src *** CUSTOMIZATION PACKAGES Also, this finishes the packages array, put new modules above. #+begin_src nix # Fonts (nerdfonts.override { fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" ]; }) # (papirus-icon-theme.override { # color = "grey"; # }) ]; #+end_src ** DOTFILES *** FISH #+begin_src nix programs.starship.enable = true; programs.fish = { enable = true; # useBabelfish = true; This setting doens't work from inside home-manager shellAliases = { ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time"; edit = "emacsclient -t"; comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)"; gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)"; open_gallery = "open (find ${config.xdg.userDirs.download}/To\ Organize/gdl-organizing/ -type d | fzf)"; unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u"; cp = "cp -i"; mv = "mv -i"; mkdir = "mkdir -p"; rm = "trash"; ".." = "cd .."; "..." = "cd ../.."; ".3" = "cd ../../.."; ".4" = "cd ../../../.."; ".5" = "cd ../../../../.."; }; shellAbbrs = { dl = "download -u jawz -i"; e = "edit"; c = "cat"; f = "fzf --multi --exact -i"; sc = "systemctl --user"; jc = "journalctl --user -xeu"; }; interactiveShellInit = '' #+end_src #+begin_src fish set fish_greeting "pika pika chu!!!! also remember fisher!" # Lists set -l list_root ${config.home.homeDirectory}/Dropboxxx/jawz set lw $list_root/watch.txt set li $list_root/instant.txt set lc $list_root/comic.txt set GPG_TTY (tty) # Set EMACS/VI mode function fish_user_key_bindings # fish_default_key_bindings fish_vi_key_bindings end #+end_src #+begin_src nix ''; #+end_src #+begin_src nix functions = { nix_magic = '' #+end_src #+begin_src fish nixfmt ~/MEGAsync/nixos/configuration.nix sudo rsync -r ~/MEGAsync/nixos/ /etc/nixos/ sudo nixos-rebuild switch #+end_src #+begin_src nix ''; }; }; #+end_src *** BAT #+begin_src nix programs.bat = { enable = true; config = { # map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ]; pager = "less -FR"; theme = "base16"; }; }; #+end_src *** BEETS #+begin_src nix programs.beets = { enable = true; settings = { directory = "${config.xdg.userDirs.music}"; library = "${config.xdg.dataHome}/beets/musiclibrary.db"; plugins = "embedart fetchart lyrics discogs spotify deezer edit lastgenre mbsync replaygain scrub mpdupdate duplicates info fish ftintitle fuzzy"; ignore_hidden = true; threaded = true; duplicate = { album = false; delete = false; }; ftintitle = { auto = true; drop = true; format = "feat. {0}"; }; fetchart = { maxwidth = 1000; quality = 70; enforce_ratio = true; lastfm_key = "aeae592346534482202bd94bc14a80c4"; fanarttv_key = "f12b0931d2f971a5b5215c3f451bafb7"; sources = "*"; cover_format = "JPEG"; }; embedart = { auto = true; maxwidth = 1000; quality = 70; remove_art_file = false; ifempty = true; }; lyrics = { auto = true; sources = "*"; }; replaygain = { auto = true; overwrite = true; peak = "true"; backend = "ffmpeg"; }; lastgenre = { auto = true; canonical = true; force = true; source = "album"; count = 1; title_case = true; }; mpd = { host = "localhost"; port = 6600; }; ui = { color = true; }; "import" = { move = true; write = true; genres = true; log = "${config.xdg.dataHome}/beets/beetslog.txt"; }; replace = { "[\\\\/]" = ""; # \ / "^\\." = ""; # dotfiles "[\\x00-\\x1f]" = ""; # NULL to US "\\x00" = ""; # NULL "[<>:\"\\?\\*\\|]" = ""; # <>:"?*| "\\.$" = ""; # dot at the end "\\s+$" = ""; # ends with whitespace "^\\s+" = ""; # starts with whitespace "^-" = ""; # starts with - }; paths = { default = "$albumartist/$album/$track $title"; singleton = "Singletons/$artist - $title"; comp = "$album/$track $title"; "albumtype:soundtrack" = "Soundtracks/$album/$track $title"; }; convert = { auto = true; embed = true; delete_originals = true; extension = "opus"; # command = "ffmpeg -i $source -y -vn -acodec libopus -ab 256k $dest"; }; }; }; #+end_src *** GIT #+begin_src nix programs.git = { enable = true; userName = "Danilo Reyes"; userEmail = "CaptainJawZ@outlook.com"; }; #+end_src *** GNUPG #+begin_src nix programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg"; }; #+end_src *** HTOP #+begin_src nix programs.htop = { enable = true; package = pkgs.htop-vim; }; xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc; #+end_src *** XDG #+begin_src nix xdg = { enable = true; }; xdg.userDirs = { enable = true; # createDirectories = true; desktop = "${config.home.homeDirectory}"; documents = "${config.home.homeDirectory}/Documents"; download = "${config.home.homeDirectory}/Downloads"; music = "${config.home.homeDirectory}/Music"; pictures = "${config.home.homeDirectory}/Pictures"; publicShare = "${config.home.homeDirectory}/.local/hd/Public"; templates = "${config.home.homeDirectory}/.local/share/Templates"; videos = "${config.home.homeDirectory}/Videos"; }; #+end_src *** OTHER #+begin_src nix xdg.configFile = { "wgetrc".source = ./dotfiles/wget/wgetrc; "configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json; "npm/npmrc".source = ./dotfiles/npm/npmrc; "gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json; # "gopass/config.yml".source = ./dotfiles/gopass/config.yml; "mpdasrc".source = ./dotfiles/mpdas/mpdasrc; }; #+end_src ** USER-SERVICES *** MPD #+begin_src nix services.mpd = { enable = true; musicDirectory = "${config.xdg.userDirs.music}"; network.listenAddress = "any"; # network.startWhenNeeded = true; extraConfig = '' #+end_src #+begin_src conf restore_paused "yes" auto_update "yes" follow_outside_symlinks "yes" follow_inside_symlinks "yes" # zeroconf_enabled "yes" # zeroconf_name "Music Player @ %h" input { plugin "curl" # proxy "proxy.isp.com:8080" # proxy_user "user" # proxy_password "password" } audio_output { type "pipewire" name "PipeWire Sound Server" } audio_output { type "fifo" name "my_fifo" path "/tmp/mpd.fifo" format "44100:16:2" } replaygain "auto" replaygain_limit "yes" volume_normalization "yes" #+end_src #+begin_src nix ''; }; #+end_src *** MPD EXTENSIONS #+begin_src nix services.mpd-discord-rpc.enable = true; services.mpdris2 = { enable = true; multimediaKeys = true; mpd.host = "localhost"; }; #+end_src ** CLOSING HOME-MANAGER #+begin_src nix }; #+end_src * ENVIRONMENT PACKAGES These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging. #+begin_src nix environment.systemPackages = with pkgs; [ wget git ]; #+end_src * ENVIRONMENT VARIABLES #+begin_src nix environment.sessionVariables = rec { # PATH XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_DATA_HOME = "\${HOME}/.local/share"; SCRIPTS = "/home/jawz/Development/Scripts"; # DEV PATH CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config"; CABAL_DIR = "\${XDG_CACHE_HOME}/cabal"; CARGO_HOME = "\${XDG_DATA_HOME}/cargo"; GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems"; GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems"; GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs"; GOPATH = "\${XDG_DATA_HOME}/go"; NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc"; PNPM_HOME = "\${XDG_DATA_HOME}/pnpm"; # OPTIONS LESSHISTFILE = "-"; GHCUP_USE_XDG_DIRS = "true"; RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum"; VISUAL = "emacsclient -ca emacs"; WGETRC = "\${XDG_CONFIG_HOME}/wgetrc"; "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=/home/jawz/.config/java"; # NVIDIA CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv"; # GBM_BACKEND = "nvidia-drm"; # "__GLX_VENDOR_LIBRARY_NAME" = "nvidia"; # FISH fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher"; # Themes # GTK_THEME = "Adwaita:light"; # QT_QPA_PLATFORMTHEME = "adwaita-dark"; # QT_STYLE_OVERRIDE = "adwaita"; # CALIBRE_USE_SYSTEM_THEME = "1"; PATH = [ "\${XDG_BIN_HOME}" "\${XDG_CONFIG_HOME}/emacs/bin" # "\${XDG_DATA_HOME}/npm/bin" # "\${XDG_DATA_HOME}/pnpm" "\${SCRIPTS}" ]; }; #+end_src * WRAPPERS Some programs need SUID wrappers. ** NETWORK DIAGNOSTICS TOOL I don't know what it does, but it's recommended. #+begin_src nix programs.mtr.enable = true; #+end_src ** GNUPG #+begin_src nix programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; #+end_src * SYSTEM-SERVICES ** CADDY #+begin_src nix # services.caddy = { # enable = true; # email = "CaptainJawZ@outlook.com"; # configFile = ./dotfiles/Caddyfile; # # config = '' # # torrent.danilo-reyes.com { # # reverse_proxy localhost:9091 # # } # # ''; # }; #+end_src ** EMACS #+begin_src nix services.emacs = { enable = true; defaultEditor = true; package = pkgs.emacs28NativeComp; }; #+end_src ** HARD-DRIVE MAINTENANCE #+begin_src nix services.fstrim.enable = true; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" # "/torrents" # "/home/jawz/.local/hd" # Maybe change mount point? ]; }; #+end_src ** OPENSSH #+begin_src nix services.openssh = { enable = true; ports = [ 25152 ]; }; #+end_src ** UDEV #+begin_src nix services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; #+end_src * FIREWALL Open ports in the firewall. =TIP= list what app a port belongs to in a table. #+begin_src nix # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; #+end_src * FINAL SYSTEM CONFIGURATIONS ** CREATE COPY OF NIXOS CONFIGURATION Copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix. #+begin_src nix system.copySystemConfiguration = true; #+end_src ** NIX VERSION This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read the documentation for this option. #+begin_src nix system.stateVersion = "22.05"; #+end_src ** CLOSING :D That super pesky closing bracket. #+begin_src nix } #+end_src