#+TITLE: JawZ NixOS workstation configuration #+AUTHOR: Danilo Reyes #+PROPERTY: header-args :tangle configuration.nix #+auto_tangle: t * TODO [0/6] - [ ] System configurations [0/8] - [ ] Bluetooth multiple devices + pass-through - [ ] dotfiles [0/4] - [ ] migrate config to home-manager - [ ] migrate dconf to home-manager - [ ] Misc [0/3] - [ ] Figure out how to get rid of xterm * DECLARATION Here I will declare the dependencies and variables that will be used multiple times through the config file, such as the current version of NixOS, repositories and even some scripts that will be reused on systemd configurations. - version: used by both NixOS and home-manager to dictate the state repository from which to pull configurations, modules and packages. - myEmail myName: used by git and acme - cpuArchitecture: used by NixOS to optimize the compiled binaries to my current CPU specifications. - home-manager: the channel containing the packages matching the NixOS state version, with a commented out to the unstable master. - unstable: a sort of overlay that allows to prepend "unstable" to a package, to pull from the unstable channel rather than precompiled binaries on a case by case use. - nixGaming: a channel containing some tweaks and optimized packages for gaming. - jawz*: scripts that will be reused multiple times through the config, such as on systemd, and as such this feels like a safe way to compile them only once. #+begin_src nix { config, lib, pkgs, ... }: let version = "23.05"; myEmail = "CaptainJawZ@outlook.com"; myName = "Danilo Reyes"; cpuArchitecture = "znver3"; home-manager = builtins.fetchTarball # "https://github.com/nix-community/home-manager/archive/master.tar.gz"; "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; unstable = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { config = config.nixpkgs.config; }; nixGaming = import (builtins.fetchTarball "https://github.com/fufexan/nix-gaming/archive/master.tar.gz"); jawzTasks = pkgs.writeScriptBin "tasks" (builtins.readFile ../scripts/tasks.sh); in { # Remember to close this bracket at the end of the document #+end_src These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules once it becomes too cluttered, for example, I may create a module for systemd units. - agenix: an encryption system which cleans up the nix-configuration files from passwords and other secrets. - pipewireLowLatency: better sound for games, but also, music sounds a bit less compressed, who knows, I'm half deaf. #+begin_src nix imports = [ # ./fstab.nix (import "${home-manager}/nixos") nixGaming.nixosModules.pipewireLowLatency ]; #+end_src * SYSTEM CONFIGURATION ** NETWORKING Sets sensible networking options, such as setting up a hostname, and creating a hosts file with the static IP and hostname of other devices on my network. Also open ports on the firewall for LAN connectivity, and well keeping commented what each port does, I declared the firwewall ports with variables, because I can not be bothered to figure out whether I need TCP or UDP so let's open both, and repetition is maddening. #+begin_src nix networking = { useDHCP = lib.mkDefault true; hostName = "workstation"; networkmanager.enable = true; extraHosts = '' 192.168.1.69 server ''; firewall = let openFirewallPorts = [ 7860 # gpt 6674 # ns-usbloader ]; openFirewallPortRanges = [ { from = 1714; to = 1764; } # kdeconnect ]; in { enable = true; allowedTCPPorts = openFirewallPorts; allowedUDPPorts = openFirewallPorts; allowedTCPPortRanges = openFirewallPortRanges; allowedUDPPortRanges = openFirewallPortRanges; }; }; #+end_src ** TIMEZONE & LOCALE For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date. LC_MONETARY, it's also a personal preference. #+begin_src nix time.timeZone = "America/Mexico_City"; i18n = { defaultLocale = "en_CA.UTF-8"; extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; }; }; console = { font = "Lat2-Terminus16"; keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. }; #+end_src ** SYSTEM/NIX CONFIGURATIONS The first setting creates a copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix. The version value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Lastly I configure in here cachix repositories, which is a website that keeps a cache of nixbuilds for easy quick deployments without having to compile everything from scratch. - gc: automatically garbage-collects. - auto-optimise-store: hard-links binaries whenever possible. - system-features: features present on compiling time. #+begin_src nix system = { copySystemConfiguration = true; stateVersion = "${version}"; }; nix = let featuresList = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-${cpuArchitecture}" "gccarch-skylake" ]; in { gc = { automatic = true; dates = "weekly"; }; buildMachines = [ { hostName = "server"; system = "x86_64-linux"; sshUser = "nixremote"; maxJobs = 4; speedFactor = 1; supportedFeatures = featuresList; } ]; distributedBuilds = true; settings = { cores = 12; auto-optimise-store = true; system-features = featuresList; substituters = [ "https://nix-gaming.cachix.org" "https://nixpkgs-python.cachix.org" "https://devenv.cachix.org" "https://cuda-maintainers.cachix.org" ]; trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" ]; }; }; #+end_src * GNOME At the time of writing this file, I require of X11, as the NVIDIA support for Wayland is not perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update. Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing. Lastly, since there is not a dedicated customization module per-say I setup qt options in here, for the sake of gnome consistency. #+begin_src nix services = { xserver = { videoDrivers = [ "nvidia" ]; enable = true; displayManager.gdm.enable = true; desktopManager = { gnome.enable = true; }; layout = "us"; libinput.enable = true; }; }; environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour gnome-text-editor gnome-connections # gnome-shell-extensions baobab ]) ++ (with pkgs.gnome; [ # totem gedit gnome-music epiphany gnome-characters yelp gnome-font-viewer cheese ]); # Sets up QT to use adwaita themes. qt = { enable = true; # platformTheme = "gnome"; style = "adwaita-dark"; }; #+end_src * SOUND In order to avoid issues with PipeWire, the wiki recommends to disable pulseaudio. This is a basic PipeWire configuration that can support alsa/pulse backends. lowLatency is a module of nix-gaming, and hardware bluetooth settings are there to allegedly improve the quality of bluetooth in the system, to this day, bluetooth and I remain enemies. #+begin_src nix sound.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; lowLatency = { enable = true; quantum = 64; rate = 48000; }; }; hardware = { pulseaudio.enable = false; bluetooth.enable = true; bluetooth.settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; #+end_src * SECURITY Disabled password in sudo for commodity, but this is obviously not recommended, regarding rkit, that setting enables pipewire to run with real-time capabilities. And lastly, the acme settings are for signing certificates. The pam limits exists so NixOS can compile the entire system without running into "Too many files open" errors. #+begin_src nix security = { rtkit.enable = true; sudo = { enable = true; wheelNeedsPassword = false; }; pam.loginLimits = [{ domain = "*"; type = "soft"; item = "nofile"; value = "8192"; }]; }; #+end_src * NIXPKGS SETTINGS Allow non-free, sadly is a requirement for some of my drivers, besides that, here is a good place to declare some package overrides as well as permit unsafe packages. localSystem allows me to compile the entire operating system optimized to my CPU architecture and other build flags. =note= if using gcc.arch flags, comment out hostPlatform and viceversa. #+begin_src nix nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config.allowUnfree = true; # localSystem = { # gcc.arch = cpuArchitecture; # gcc.tune = cpuArchitecture; # system = "x86_64-linux"; # }; }; #+end_src * NORMAL USERS Being part of the "wheel" group, means that the user has root privileges. The piracy.gid is so I have read/write access permissions on all the hard drives split among my multiple systems, the rest of the groups are self explanatory. #+begin_src nix users = { groups = { piracy.gid = 985; }; users.jawz = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "scanner" "lp" "piracy" "kavita" "video" "docker" ]; initialPassword = "password"; openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ/TtwLIR/JNp1Sr3TLV/eQK52n2htF8sg/RYfz60z3 jawz@server" ]; }; #+end_src * USER PACKAGES This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary. Begin the block to install user packages. #+begin_src nix packages = (with pkgs; [ #+end_src ** HUNSPELL These dictionaries are compatible with Firefox, Doom Emacs and LibreOffice. #+begin_src nix hunspell hunspellDicts.it_IT hunspellDicts.es_MX hunspellDicts.en_CA #+end_src ** CUSTOMIZATION PACKAGES Themes and other customization, making my DE look the way I want is one of the main draws of Linux for me. #+begin_src nix # Themes adw-gtk3 gnome.gnome-tweaks # tweaks for the gnome desktop environment # gradience # theme customizer, allows you to modify adw-gtk3 themes # Fonts (nerdfonts.override { fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" "FiraCode" "Iosevka" ]; }) symbola (papirus-icon-theme.override { color = "adwaita"; }) #+end_src ** GUI PACKAGES All of my GUI applications categorized to make it easier to identify what each application does, and the justification for is existence on my system. *** ART AND DEVELOPMENT Art and development applications are together, as a game-developer one of my goals is to create a workflow between this ecosystem of applications. #+begin_src nix godot_4 # game development gdtoolkit # gdscript language server blender # cgi animation and sculpting gimp # the coolest bestest art program to never exist krita # art to your heart desire! mypaint # not the best art program mypaint-brushes # but it's got some mypaint-brushes1 # nice damn brushes # drawpile # arty party with friends!! pureref # create inspiration/reference boards #+end_src *** GAMING So far gaming has been a lot less painful than I could have originally anticipated, most everything seems to run seamlessly. Most packages on this section are set to unstable so we compile the newest possible binaries, which is handy mostly for frequently developed emulators. I never figured out why, but lutris will give me wine errors unless both wine64 and wineWow are installed. =note= Steam is setup way later on the config file. =note= Roblox uninstalled as there is ongoing drama regarding Linux users. #+begin_src nix (lutris.override { extraPkgs = pkgs: [ winetricks wine64Packages.stable wineWowPackages.stable ]; }) # nixGaming.packages.${pkgs.hostPlatform.system}.wine-tkg # nixGaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge # vulkan-tools # needed? stuff for vulkan drivers I suppose unstable.heroic # install epic games gamemode # optimizes linux to have better gaming performance # grapejuice # roblox manager # minecraft # minecraft official launcher parsec-bin # remote gaming with friends protonup-qt # update proton-ge unstable.ns-usbloader # load games into my switch # emulators unstable.rpcs3 # ps3 emulator unstable.pcsx2 # ps2 emulator unstable.cemu # wii u emulator unstable.dolphin-emu # wii emulator unstable.citra-nightly # 3Ds emulator unstable.snes9x-gtk # snes emulator #+end_src *** PRODUCTIVITY An assorted list of productivity-oriented apps which I will never use. #+begin_src nix libreoffice-fresh # office, but based calibre # ugly af eBook library manager foliate # gtk eBook reader newsflash # feed reader, syncs with nextcloud wike # gtk wikipedia wow! denaro # manage your finances furtherance # I made this one tehee track time utility gnome.simple-scan # scanner #+end_src *** MISC Most of these apps, are part of the gnome circle, and I decide to install them if just for a try and play a little. Most are kept commented out as an archive, so I remember their names in case I want to check them out or recommend them to someone. #+begin_src nix blanket # background noise pika-backup # backups metadata-cleaner # remove any metadata and geolocation from files # sequeler # friendly SQL client # czkawka # duplicate finder # celeste # sync tool for any cloud provider #+end_src *** MULTIMEDIA Overwhelmingly player applications, used for videos and music, while most of my consumption has moved towards jellyfin, it's still worth the install of most of these, for now. #+begin_src nix celluloid # video player cozy # audiobooks player komikku # manga & comic GUI downloader gnome-podcasts # podcast player handbrake # video converter, may be unnecessary curtail # image compressor pitivi # video editor identity # compare images or videos gnome-obfuscate # censor private information mousai # poor man shazam tagger # tag music files obs-studio # screen recorder & streamer shortwave # listen to world radio nextcloud-client # self-hosted google-drive alternative #+end_src *** WEB Stuff that I use to interact with the web, web browsers, chats, download managers, etc. #+begin_src nix firefox # web browser that allows to disable spyware tor-browser-bundle-bin # dark web, so dark! chromium # web browser with spyware included telegram-desktop # furry chat nicotine-plus # remember Ares? warp # never used, but supposedly cool for sharing files (pkgs.discord.override { # withOpenASAR = true; withVencord = true; }) # hugo # website engine #+end_src ** COMMAND-LINE PACKAGES cli and tui packages, which on their own right are as or more powerful than the packages on the previous section. =note= exa is no longer maintained, and will soon be replaced by eza, a maintained fork. #+begin_src nix unstable.yt-dlp # downloads videos from most video websites unstable.gallery-dl # similar to yt-dlp but for most image gallery websites fd # modern find, faster searches fzf # fuzzy finder! super cool and useful gdu # disk-space utility checker, somewhat useful du-dust # rusty du similar to gdu ripgrep # modern grep trashy # oop! did not meant to delete that unstable.eza # like ls but with colors gocryptfs # encrypted filesystem! shhh!!! rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS ffmpeg # not ffmpreg, the coolest video conversion tool! # torrenttools # create torrent files from the terminal! # vcsi # video thumbnails for torrents, can I replace it with ^? #+end_src *** MY SCRIPTS Here I compile my own scripts into binaries. #+begin_src nix jawzTasks (writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py)) (writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh)) (writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh)) (writeScriptBin "run" (builtins.readFile ../scripts/run.sh)) (writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh)) #+end_src *** DEVELOPMENT PACKAGES Assorted development packages and libraries, categorized by languages. #+begin_src nix # required (optionally) by doom emacs, but still are rather useful tree-sitter # code parsing based on symbols and shit, I do not get it graphviz # graphs tetex # languagetool # proofreader for English # these two are for doom everywhere xorg.xwininfo xdotool xclip tldr # man for retards exercism # learn to code # SH bats # testing system, required by Exercism bashdb # autocomplete shellcheck # linting shfmt # a shell parser and formatter # NIX expect # keep color when nom'ing nix-output-monitor # autistic nix builds nixfmt # linting cachix # why spend time compiling? # PYTHON. python3 # base language pipenv # python development workflow for humans # poetry # dependency management made easy # C# & Rust # omnisharp-roslyn # c# linter and code formatter # HASKELL # cabal-install # haskell interface # JS nodejs # not as bad as I thought # jq # linting #+end_src *** PYTHON #+begin_src nix ]) ++ (with pkgs.python3Packages; [ flake8 # wraper for pyflakes, pycodestyle and mccabe isort # sort Python imports nose # testing and running python scripts pyflakes # checks source code for errors pytest # framework for writing tests speedtest-cli # check internet speed from the comand line editorconfig # follow rules of contributin black # Python code formatter pylint # bug and style checker for python (buildPythonApplication rec { pname = "download"; version = "1.5"; src = ../scripts/download/.; doCheck = false; buildInputs = [ setuptools ]; propagatedBuildInputs = [ pyyaml types-pyyaml ]; }) (buildPythonApplication rec { pname = "ffpb"; version = "0.4.1"; src = fetchPypi { inherit pname version; sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk="; }; doCheck = false; buildInputs = [ setuptools ]; propagatedBuildInputs = [ tqdm ]; }) #+end_src *** NODEJS PACKAGES Mostly language servers and linters. #+begin_src nix ]) ++ (with pkgs.nodePackages; [ # Language servers dockerfile-language-server-nodejs yaml-language-server bash-language-server vscode-json-languageserver pyright markdownlint-cli # Linter prettier # Linter pnpm # Package manager #+end_src ** GNOME EXTENSIONS The last line can be commented to allow for the installation of gnome-extensions from the unstable channel. #+begin_src nix ]) ++ (with pkgs; [ # lm_sensors # for extension, displays cpu temp libgda # for pano shell extension ]) ++ (with pkgs.gnomeExtensions; [ appindicator # applets for open applications panel-scroll # scroll well to change workspaces reading-strip # like putting a finger on every line I read tactile # window manager pano # clipboard manager # freon # hardware temperature monitor # blur-my-shell # make the overview more visually appealing # gamemode # I guess I'm a gamer now? # burn-my-windows # forge # window manager # ]) ++ (with unstable.pkgs.gnomeExtensions; [ #+end_src ** CLOSE USER PACKAGES #+begin_src nix ]); }; };# <--- end of package list #+end_src * HOME-MANAGER ** HOME-MANAGER SETTINGS These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system. #+begin_src nix home-manager = { useUserPackages = true; useGlobalPkgs = true; users.jawz = { config, pkgs, ... }:{ home.stateVersion = "${version}"; #+end_src ** DOTFILES I opted out of using home-manager to declare my package environment, and instead I use it exclusively for setting up my dotfiles. *** BASH Declares my .bashrc file, and sets up some environment and functions. #+begin_src nix programs.bash = { enable = true; historyFile = "\${XDG_STATE_HOME}/bash/history"; historyControl = [ "erasedups" "ignorespace" ]; shellAliases = { hh = "hstr"; ls = "eza --icons --group-directories-first"; edit = "emacsclient -t"; comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\""; gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\""; cp = "cp -i"; mv = "mv -i"; mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit"; mkdir = "mkdir -p"; rm = "trash"; ".." = "cd .."; "..." = "cd ../.."; ".3" = "cd ../../.."; ".4" = "cd ../../../.."; ".5" = "cd ../../../../.."; dl = "download -u jawz -i"; e = "edit"; c = "cat"; f = "fzf --multi --exact -i"; sc = "systemctl --user"; jc = "journalctl --user -xefu"; open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl \ && xdg-open \"$(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\""; unique-extensions = "fd -tf | rev | cut -d. -f1 | rev \ | tr '[:upper:]' '[:lower:]' | sort \ | uniq --count | sort -rn"; }; enableVteIntegration = true; initExtra = '' ,#+begin_src bash $HOME/.local/bin/pokemon-colorscripts -r --no-title # Lists list_root="${config.xdg.configHome}"/jawz/lists/jawz export LW=$list_root/watch.txt export LI=$list_root/instant.txt export LC=$list_root/comic.txt export command_timeout=30 if command -v fzf-share >/dev/null; then source "$(fzf-share)/key-bindings.bash" source "$(fzf-share)/completion.bash" fi nixos-reload () { NIXOSDIR=/home/jawz/Development/NixOS nix-store --add-fixed sha256 $NIXOSDIR/scripts/PureRef-1.11.1_x64.Appimage nixfmt $NIXOSDIR/workstation/*.nix sudo unbuffer nixos-rebuild switch -I \ nixos-config=$NIXOSDIR/workstation/configuration.nix \ |& nom } ''; }; #+end_src *** XDG Configurations for XDG directories, as well as installing dotfiles from the sub-directory on this repository. #+begin_src nix xdg = { enable = true; userDirs = { enable = true; createDirectories = false; desktop = "${config.home.homeDirectory}"; documents = "${config.home.homeDirectory}/Documents"; download = "${config.home.homeDirectory}/Downloads"; music = "${config.home.homeDirectory}/Music"; pictures = "${config.home.homeDirectory}/Pictures"; templates = "${config.xdg.dataHome}/Templates"; videos = "${config.home.homeDirectory}/Videos"; }; configFile = { "wgetrc".source = ../dotfiles/wget/wgetrc; "configstore/update-notifier-npm-check.json".source = ../dotfiles/npm/update-notifier-npm-check.json; "npm/npmrc".source = ../dotfiles/npm/npmrc; "gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json; "htop/htoprc".source = ../dotfiles/htop/htoprc; }; }; #+end_src ** HOME-MANAGER PROGRAMS Program declarations that are exclusive to home-manager, declaring packages this way allows for extra configuration and integration beyond installing the packages on the user environment, it's the only exception I make to installing packages through home-manager. #+begin_src nix programs = { hstr.enable = true; emacs.enable = true; direnv = { enable = true; enableBashIntegration = true; nix-direnv.enable = true; }; bat = { enable = true; config = { pager = "less -FR"; theme = "base16"; }; extraPackages = with pkgs.bat-extras; [ batman # man pages batpipe # piping batgrep # ripgrep batdiff # this is getting crazy! batwatch # probably my next best friend prettybat # trans your sourcecode! ]; }; git = { enable = true; userName = "${myName}"; userEmail = "${myEmail}"; }; htop = { enable = true; package = pkgs.htop-vim; }; }; #+end_src ** HOME-MANAGER USER-SERVICES Lorri helps optimize emacs compilations, and the declaring emacs as a service through home-manager fixes the bug where emacs loads so quickly that can not connect to a graphic environment unless restarting the systemd service. #+begin_src nix services = { lorri.enable = true; emacs = { enable = true; defaultEditor = true; package = pkgs.emacs; startWithUserSession = "graphical"; }; }; #+end_src ** CLOSING HOME-MANAGER #+begin_src nix }; }; #+end_src * ENVIRONMENT These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging. The environment.etc block allows for bluetooth devices to control volume, pause, and other things through the headset controls. Declare environment variables whose function is mostly to clear-up the $HOME directory from as much bloat as possible, as well as some minor graphical tweaks some applications use. #+begin_src nix environment = { etc = { "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' bluez_monitor.properties = { ["bluez5.enable-sbc-xq"] = true, ["bluez5.enable-msbc"] = true, ["bluez5.enable-hw-volume"] = true, ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" } ''; }; systemPackages = with pkgs; [ wget gwe ]; variables = rec { # PATH XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_STATE_HOME = "\${HOME}/.local/state"; # DEV PATH CABAL_DIR = "${XDG_CACHE_HOME}/cabal"; CARGO_HOME = "${XDG_DATA_HOME}/cargo"; GEM_HOME = "${XDG_DATA_HOME}/ruby/gems"; GEM_PATH = "${XDG_DATA_HOME}/ruby/gems"; GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs"; GOPATH = "${XDG_DATA_HOME}/go"; NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc"; PNPM_HOME = "${XDG_DATA_HOME}/pnpm"; PSQL_HISTORY="${XDG_DATA_HOME}/psql_history"; REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history"; WINEPREFIX="${XDG_DATA_HOME}/wine"; # OPTIONS HISTFILE = "${XDG_STATE_HOME}/bash/history"; LESSHISTFILE = "-"; GHCUP_USE_XDG_DIRS = "true"; RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; ELECTRUMDIR = "${XDG_DATA_HOME}/electrum"; VISUAL = "emacsclient -ca emacs"; WGETRC = "${XDG_CONFIG_HOME}/wgetrc"; XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose"; "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java"; DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker"; # NVIDIA CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; # Themes # WEBKIT_DISABLE_COMPOSITING_MODE = "1"; CALIBRE_USE_SYSTEM_THEME = "1"; PATH = [ "\${HOME}/.local/bin" "\${XDG_CONFIG_HOME}/emacs/bin" "\${XDG_DATA_HOME}/npm/bin" "\${XDG_DATA_HOME}/pnpm" ]; }; }; #+end_src * PROGRAMS Some programs get enabled and installed through here, as well as the activation of some services. #+begin_src nix programs = { starship.enable = true; fzf.fuzzyCompletion = true; neovim = { enable = true; vimAlias = true; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; geary = { enable = true; }; steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; kdeconnect = { enable = true; package = pkgs.gnomeExtensions.gsconnect; }; }; #+end_src * SERVICES Miscellaneous services, most of which are managed by systemd. - avahi: allows to discover/connect to devices through their hostname on the same network. - fstrim/btrfs: file-system services. - hardware.openrgb: enables to tune hardware RGB. - psd: profile-sync-daemon, loads the chrome/firefox profile to ram. #+begin_src nix services = { printing = { enable = true; drivers = [ pkgs.hplip pkgs.hplipWithPlugin ]; }; avahi = { enable = true; nssmdns = true; }; psd.enable = true; fstrim.enable = true; btrfs.autoScrub = { enable = true; fileSystems = [ "/" ]; }; hardware.openrgb = { enable = true; package = unstable.openrgb; motherboard = "amd"; }; openssh = { enable = true; openFirewall = true; startWhenNeeded = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; }; }; #+end_src * SYSTEMD Home-manager, is not as flushed out when it comes to creating systemd units, so the best way to define them for now, is using nix. #+begin_src nix systemd = { services = { }; timers = { }; user = { services = { tasks = { restartIfChanged = true; description = "Run a tasks script which keeps a lot of things organized"; wantedBy = [ "default.target" ]; path = [ pkgs.bash pkgs.nix jawzTasks ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${jawzTasks}/bin/tasks"; }; }; }; timers = { tasks = { enable = true; description = "Run a tasks script which keeps a lot of things organized"; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "*:0/10"; }; }; }; }; }; #+end_src * FONTCONFIG If enabled, a Fontconfig configuration file will point to a set of default fonts. If you don not care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts. =tip= once that Wayland is ready for deployment, I probably can remove this setting. #+begin_src nix fonts.fontconfig.enable = true; #+end_src * HARDWARE Computer-specific hardware settings. The power management settings are defaulted to "performance". - nvidia: GPU drivers. - sane: hp scanner drivers. - cpu.amd: microcode patches. - opentabletdriver: overrides the default generic nvidia drivers. - opengl: required for gaming, as pug drivers as well as video acceleration. #+begin_src nix powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware = { cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nvidia = { modesetting.enable = true; powerManagement.enable = true; }; sane = { enable = true; extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ]; }; opentabletdriver = { enable = true; package = unstable.opentabletdriver; daemon.enable = false; }; opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ nvidia-vaapi-driver vaapiVdpau libvdpau-va-gl ]; }; }; ### TEMPORARY PATCH, pinning up the linux kernel due to a bug with newer versions. boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_1.override { argsOverride = rec { src = pkgs.fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; sha256 = "Vnc3mQ28kmWWageGOSghqfpVn9NGSU/R7/BQ2+s4OlI="; }; version = "6.1.52"; modDirVersion = "6.1.52"; }; }); #+end_src * DOCKER Basic docker settings to be able to run some images, although most docker images run on my server. #+begin_src nix virtualisation.docker = { enable = true; storageDriver = "btrfs"; enableNvidia = true; }; #+end_src * CLOSE SYSTEM #+begin_src nix } #+end_src