jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/configuration.org

1094 lines
28 KiB
Org Mode
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#+TITLE: JawZ NixOS main Configuration
#+AUTHOR: Danilo Reyes
#+PROPERTY: header-args :tangle configuration.nix
#+auto_tangle: t
* TODO [0/6]
- [ ] System configurations [0/8]
- [ ] fail2ban
- [ ] Bluetooth multiple devices + pass-through
- [ ] SSH settings
- [ ] Automatic updates
- [ ] Firewall ports
- [ ] Topgrade (perhaps unnecessary)
- [ ] dotfiles [0/4]
- [ ] create a declarative Firefox or Librewolf install
- [ ] migrate config to home-manager
- [ ] migrate share to home-manager
- [ ] migrate dconf to home-manager
- [-] Migrate apps [3/6]
- [-] paru
- [ ] appimages
- [-] Compile missing apps [1/8]
- [-] zap init
- [-] font-downloader
- [ ] SaveDesktop (flathub)
- [ ] gelata
- [ ] menulibre
- [ ] Misc [0/3]
- [ ] Figure out how to get rid of xterm
- [ ] wine-discord-ipc-bridge
https://github.com/fufexan/nix-gaming
- [ ] make binaries of my own scripts
https://github.com/asimpson/dotfiles/blob/899b45e1586aac04d4e5541d638bbbffc66b4bba/nixos/scripts.nix
* ABOUT
Setting up the document. Also in theory this should allow me to set up
variables, and other functions.
#+begin_src nix
{ config, pkgs, ... }:
let
VERSION = "22.11";
# HOME-MANAGER = builtins.fetchTarball
# "https://github.com/nix-community/home-manager/archive/master.tar.gz";
UNSTABLE_TARBALL = builtins.fetchTarball
https://github.com/nixos/nixpkgs/tarball/master;
unstable = import UNSTABLE_TARBALL {
config = config.nixpkgs.config;
};
nextcloud_scrapsync = pkgs.writeScriptBin
"nextcloud_scrapsync" (builtins.readFile ./scripts/nextcloud_scrapsync.sh);
mateo-current = pkgs.writeScriptBin
"mateo-current" (builtins.readFile ./scripts/current.sh);
mateo-forecast = pkgs.writeScriptBin
"mateo-forecast" (builtins.readFile ./scripts/forecast.sh);
manage_library = pkgs.writeScriptBin
"manage_library" (builtins.readFile ./scripts/manage_library.fish);
ffmpeg4discord = pkgs.writeScriptBin
"ffmpeg4discord" (builtins.readFile ./scripts/ffmpeg4discord.py);
in
{ # Remember to close this bracket at the end of the document
#+end_src
* IMPORTS
These are files and modules which get loaded onto the configuration file, in the
future I may segment this file into different modules, but for the time being,
the two ones I need are hardware and home-manager.
#+begin_src nix
imports = [
./hardware-configuration.nix
<home-manager/nixos>
];
#+end_src
* SYSTEM CONFIGURATION
** NETWORKING
At the moment, I don't have a wireless card on this computer, however as I build
a new system, such setting may come in handy.
#+begin_src nix
networking.hostName = "workstation";
#+end_src
Pick *ONLY ONE* of the below networking options.
- *wireless.enable* enables wireless support via wpa_supplicant.
- *NetworkManager* it's the default of GNOME, and easiest to use and integrate.
#+begin_src nix
# networking.wireless.enable = true;
networking.networkmanager.enable = true;
#+end_src
** TIMEZONE
#+begin_src nix
time.timeZone = "America/Mexico_City";
#+end_src
** LOCALE
For some reason, useXkbConfig throws an error when building the system, either
way it is an unnecessary setting as my keyboards are the default en_US, only
locale set to Canadian out because I prefer how it displays the date.
#+begin_src nix
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
#+end_src
* GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for
Wayland isn't perfect yet. At the time being, the ability to switch through GDM
from Wayland to XORG, it's pretty handy, but in the future these settings will
require an update.
Sets up GNOME as the default desktop environment, while excluding some
undesirable packages from installing.
#+begin_src nix
services = {
xserver = {
enable = true;
# videoDrivers = [ "nvidia" "modesetting" ];
videoDrivers = [ "nvidia" ];
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
# wacom.enable = true;
layout = "us";
libinput.enable = true; # Wacom required?
# useGlamor = true;
};
};
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
# gnome-shell-extensions
baobab
])
++ (with pkgs.gnome; [
# totem
gedit
gnome-music
epiphany
gnome-characters
yelp
gnome-font-viewer
cheese
]);
#+end_src
* SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/
This is a basic PipeWire configuration, in the future stuff like Bluetooth or
latency will require expanding these settings.
#+begin_src nix
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
#+end_src
* SECURITY
Recently, I've gotten frustrated with OpenDoas, as such I've decided to
temporarily enable Sudo, but in the future, I plan to revert that decision.
** SUDO
Disabled password for commodity, but this is obviously not recommended.
#+begin_src nix
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
#+end_src
** OPENDOAS
It's mayor advantage over Sudo, is that is being a smaller package, being lessen known
means that there is less security risks associated with it, overall a less
bloated more secure package. Which comes with the caveat that due to it's age,
there is little support for it. Constantly having to resort to hack solutions
such as patches or symlinks.
#+begin_src nix
# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
# users = [ "jawz" ];
# keepEnv = true;
# #persist = true;
# noPass = true;
# }];
#+end_src
* USER PACKAGES
Being part of the "wheel" group, means that the user has root privileges.
This allows to install non-free packages, and also a toggle for installing
packages from the unstable repository by prepending "unstable" to the package
name.
#+begin_src nix
nixpkgs.config = {
allowUnfree = true;
};
#+end_src
This section of the document categorizes and organizes all he packages that I
want installed, attempting to group them as dependencies of others when
necessary.
It has come to my attention, that using home-manager to manage packages, isn't a
recommended thing, while in theory there should be no errors with it, being a
downstream package there is no warranty that an upstream change will break
things with a new upgrade, breaking thus, the declarative nature of NixOs, for
that purpose, I have decided to keep home-manager as a module, with the
intention of reduce the number of dotfiles, however I will keep it exclusively
as a dotfile and service manager.
#+begin_src nix
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "scanner" "lp" ];
initialPassword = "password";
shell = pkgs.fish;
openssh = {
authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" ];
};
packages = (with pkgs; [
#+end_src
** GUI PACKAGES
All of my GUI applications categorized to make it easier to identify what each
application does, and the justification for is existence on my system.
*** ART AND DEVELOPMENT
Art and development applications are together, as a game-developer one of my
goals is to create a workflow between this ecosystem of applications.
#+begin_src nix
blender # cgi animation and sculpting
godot # game development
unstable.gdtoolkit # gdscript language server
krita # art to your heart desire!
# drawpile # arty party with friends!!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes
unstable.pureref # create inspiration/reference boards
unstable.gimp # the coolest bestest art program to never exist
#+end_src
*** GAMING
So far gaming has been a lot less painful than I could have originally
anticipated, most everything seems to run seamlessly.
=note= Roblox uninstalled as there is ongoing drama regarding linux users.
#+begin_src nix
lutris # game/emulator manager
# unstable.grapejuice # roblox manager
minecraft # minecraft official launcher
parsec-bin # remote gaming with friends
unstable.protonup-qt # update proton-ge
#+end_src
*** PRODUCTIVITY
This is the section where the apps that help me be productive come, a lot of
this are not used as often as I wish…
#+begin_src nix
libreoffice-fresh # office, but based
calibre # ugly af eBook library manager
foliate # gtk eBook reader
gnome-feeds # feed reader, maybe will replace with nextcloud
# unstable.wike # gtk wikipedia wow!
unstable.furtherance # I made this one tehee track time utility
gnome.simple-scan # scanner
#+end_src
*** MISC
Most of these apps, are part of the gnome circle, and I decide to install them
if just for a try and play a little.
#+begin_src nix
# sequeler # friendly SQL client
blanket # background noise
unstable.czkawka # duplicate finder
pika-backup # backups
# tilix # used to be my favourite terminal, but it's so outdated, that each time I use it less and less…
gnome-obfuscate # censor private information
metadata-cleaner # remove any metadata and geolocation from files
gnome-recipes # migrate these to mealie and delete
unstable.denaro # manage your finances
# unstable.celeste # sync tool for any cloud provider
# libgda # for pano shell extension
#+end_src
*** MULTIMEDIA
Overwhelmingly player applications, used for videos and music, while most of my
consumption has moved towards Danilo-flix, it's still worth the install of most
of these, for now.
#+begin_src nix
celluloid # video player
cozy # audiobooks player
gnome-podcasts # podcast player
handbrake # video converter, may be unnecessary
curtail # image compressor
pitivi # video editor
unstable.identity # compare images or videos
mousai # poor man shazam
tagger # tag music files
# bottles # wine prefix manager
obs-studio # screen recorder & streamer
shortwave # listen to world radio
nextcloud-client # teehee
#+end_src
*** Web
Stuff that I use to interact with the web, web browsers, chats, downloaders,
etc.
#+begin_src nix
discord # chat
google-chrome # web browser with spyware included
firefox # web browser that allows to disable spyware
librewolf # no spyware web browser
tor-browser-bundle-bin # dark web, so dark!
# hugo # website engine
nicotine-plus # remember Ares?
warp # never used, but supposedly cool for sharing files
HentaiAtHome # uh-oh
#+end_src
** COMMAND-LINE PACKAGES
#+begin_src nix
yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
# ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
vcsi # video thumbnails for torrents, can I replace it with ^?
mediainfo # technical info about videos, needed by some of my scripts
tree-sitter # code parsing, required by Doom emacs
xdg-ninja # help declutter $HOME
torrenttools # create torrent files from the terminal!
lm_sensors # for extension, displays cpu temp
# My own scripts
nextcloud_scrapsync
ffmpeg4discord
manage_library
mateo-current
mateo-forecast
jq
#+end_src
** DEVELOPMENT PACKAGES
#+begin_src nix
# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
languagetool # proofreader for English. check if works without the service
graphviz # graphs
# these two are for doom everywhere
xorg.xwininfo
xdotool
# development environment
nix-direnv # creates ephimeral environments
direnv # manages development environment
exercism # learn to code
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
nodePackages.bash-language-server # LSP support
file # required by my tasks script?
gnome.zenity # dependency of my scripts
xclip # manipulate clipboard from scripts
# NIX
nixfmt # linting
# PYTHON.
python3 # base language
pipenv # python development workflow for humans
# C# & Rust
omnisharp-roslyn # c# linter and code formatter
# HASKELL
# cabal-install # haskell interface
# JS
# jq # linting
nodejs # not as bad as I thought
#+end_src
** HUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
#+begin_src nix
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
#+end_src
** CUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the
main draws of Linux for me.
#+begin_src nix
# Themes
adwaita-qt
unstable.adw-gtk3
unstable.gradience # theme customizer, allows you to modify adw-gtk3 themes
gnome.gnome-tweaks # tweaks for the gnome desktop environment
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" "FiraCode" "Iosevka" ];
})
symbola
(papirus-icon-theme.override {
color = "adwaita";
})
#+end_src
** PYTHON
#+begin_src nix
]) ++ (with pkgs.python310Packages; [
black # Python code formatter
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pipx # install python packages in a virtual environment
poetry # dependency management made easy
pyflakes # checks source code for errors
pylint # bug and style checker for python
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
#+end_src
** BAT-EXTRAS
#+begin_src nix
]) ++ (with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
#+end_src
** FISH PLUGINS
#+begin_src nix
]) ++ (with pkgs.fishPlugins; [
sponge # keep history clean from typos
fzf-fish # fish command line with fzf keybindings
colored-man-pages # self explanatory
autopair-fish # who has time for a closing bracket?
bass # integrate bash utilities on fish
#+end_src
** GNOME EXTENSIONS
#+begin_src nix
]) ++ (with pkgs.gnomeExtensions; [
appindicator
gsconnect
freon
panel-scroll
reading-strip
tactile
pano
#+end_src
** NODEJS PACKAGES
#+begin_src nix
]) ++ (with pkgs.nodePackages; [
dockerfile-language-server-nodejs
markdownlint-cli
prettier
pnpm
]); }; # <--- end of package list
#+end_src
* MISC SETTINGS
** ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
=tip= once that Wayland is ready for deployment, I probably can remove this
setting.
#+begin_src nix
fonts.fontconfig.enable = true;
#+end_src
* HOME-MANAGER
** HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory,
also allow for upgrades when rebuilding the system.
#+begin_src nix
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
#+end_src
** PACKAGES
#+begin_src nix
home-manager.users.jawz = { config, pkgs, ... }:{
# imports = [ ./dotfiles/dconf.nix ];
home.stateVersion = VERSION;
home.packages = with pkgs; [ ];
#+end_src
** DOTFILES
*** FISH
#+begin_src nix
programs.starship.enable = true;
programs.fish = {
enable = true;
# useBabelfish = true; This setting doens't work from inside home-manager
shellAliases = {
ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time";
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery = "open (find /mnt/disk2/scrapping/JawZ/gallery-dl -type d | fzf)";
unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
};
shellAbbrs = {
dl = "download -u jawz -i";
ex = "ls";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xeu";
};
interactiveShellInit = ''
#+end_src
#+begin_src fish
function fish_greeting
pokemon-colorscripts -r --no-title
end
# Lists
set -l list_root ${config.home.homeDirectory}/.config/jawz/lists/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
set command_timeout = 30
set GPG_TTY (tty)
# Set EMACS/VI mode
function fish_user_key_bindings
# fish_default_key_bindings
fish_vi_key_bindings
end
#+end_src
#+begin_src nix
'';
#+end_src
#+begin_src nix
functions = {
nixos-magic = ''
#+end_src
#+begin_src fish
set -l nix_file "$HOME/Development/NixOS/configuration.nix"
set -l hardware_file "$HOME/Development/NixOS/hardware-configuration.nix"
nixfmt $nix_file
nixfmt $hardware_file
sudo nixos-rebuild switch -I nixos-config=$nix_file
#+end_src
#+begin_src nix
'';
mkcd = ''
#+end_src
#+begin_src fish
mkdir -pv $argv
cd $argv
#+end_src
#+begin_src nix
'';
};
};
#+end_src
*** OTHER
#+begin_src nix
programs = {
bat = {
enable = true;
config = {
# map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
pager = "less -FR";
theme = "base16"; };
};
git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@outlook.com";
};
# gpg = {
# enable = true;
# homedir = "${config.xdg.dataHome}/gnupg";
# };
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
#+end_src
*** XDG
#+begin_src nix
xdg = {
enable = true;
userDirs = {
enable = true;
# createDirectories = true;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
# publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ./dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ./dotfiles/htop/htoprc;
};
};
#+end_src
** USER-SERVICES
#+begin_src nix
services = {
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
};
#+end_src
** CLOSING HOME-MANAGER
#+begin_src nix
};
#+end_src
* ENVIRONMENT PACKAGES
These are a MUST to ensure the optimal function of nix, without these, recovery
may be challenging.
#+begin_src nix
environment.systemPackages = with pkgs; [
wget
docker-compose # easy way to migrate my docker anywhere!
];
#+end_src
* ENVIRONMENT VARIABLES
#+begin_src nix
environment.variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
SCRIPTS = "\${HOME}/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
# OPTIONS
HISTFILE = "\${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# Themes
# GTK_THEME = "Adwaita:light";
# QT_QPA_PLATFORMTHEME = "adwaita";
# QT_STYLE_OVERRIDE = "adwaita";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};
#+end_src
* DOCKER
Virtualization settings for Docker. NixOS offers an option to declaratively run
docker-compose images using [[https://nixos.wiki/wiki/Docker][Arion]]. Could be an interesting thing to try out.
#+begin_src nix
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
enableNvidia = true;
};
#+end_src
* SNAPRAID
It's a parity raid utility which creates a scheme similar to what UNRAID
offered, except not in real time, I schedule it to run every night, so it keeps
my files sync, while it is possible to use snapraid as a solution to keep a
historic backup of your files, I am more concerned with the whole disk recovery
in case of failure, as such a frequent sync fits my preferences.
#+begin_src nix
snapraid = {
enable = true;
touchBeforeSync = true;
sync.interval = "02:00";
scrub = {
plan = 10;
olderThan = 10;
interval = "4:00";
};
parityFiles = [
"/mnt/parity/snapraid.parity"
];
extraConfig = ''
autosave 50
'';
exclude = [
"/tmp/"
"/lost+found/"
"/multimedia/downloads/"
"/scrapping/nextcloud/"
"/backups/"
];
dataDisks = {
d1 = "/mnt/disk1/";
d2 = "/mnt/disk2/";
};
contentFiles = [
"/var/snapraid.content"
"/mnt/disk1/snapraid.content"
"/mnt/disk2/snapraid.content"
];
};
#+end_src
* PROGRAMS & SERVICES
Some programs get enabled and installed through here, as well as the activation
of some services.
#+begin_src nix
programs = {
mtr.enable = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
geary = {
enable = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
};
services = {
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
};
# ipp-usb.enable = true; # usb scanner
avahi.enable = true;
avahi.nssmdns = true;
fstrim.enable = true;
# jellyfin = {
# enable = true;
# group = "jawz";
# user = "jawz";
# };
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/mnt/disk1"
"/mnt/disk2"
];
};
mediatomb.enable = true;
openssh = {
enable = true;
ports = [ 25152 ];
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
startWhenNeeded = true;
listenAddresses = [
{
addr = "0.0.0.0";
port = 25152;
}
];
};
# udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
};
#+end_src
* SYSTEMD
Home-manager, is not as flushed out when it comes to creating systemd units, so
the best way to define them for now, is using nix.
#+begin_src nix
systemd.services = {
"docker-compose" = {
enable = true;
restartIfChanged = true;
description = "Start docker-compose servers";
after = [ "docker.service" "docker.socket" ];
requires = [ "docker.service" "docker.socket" ];
wantedBy = [ "default.target" ];
environment = {
FILE = "/home/jawz/Development/Docker/docker-compose.yml";
};
path = [
pkgs.docker-compose
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
};
};
"mateo-current" = {
enable = true;
restartIfChanged = true;
description = "current weather";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.jq
pkgs.curl
mateo-current
];
serviceConfig = {
Restart = "on-failure";
WorkingDirectory="/home/jawz/Development/Scripts/open-mateo";
ExecStart = "${mateo-current}/bin/mateo-current";
};
};
"mateo-forecast" = {
enable = true;
restartIfChanged = true;
description = "forecast weather";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.jq
pkgs.curl
mateo-forecast
];
serviceConfig = {
Restart = "on-failure";
WorkingDirectory="/home/jawz/Development/Scripts/open-mateo";
ExecStart = "${mateo-forecast}/bin/mateo-forecast";
};
};
"nextcloud_scrapsync" = {
description = "Sync scrapped files with nextcloud";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
nextcloud_scrapsync
];
serviceConfig = {
RestartSec = 30;
ExecStart = "${nextcloud_scrapsync}/bin/nextcloud_scrapsync";
};
};
};
systemd.timers = {
"nextcloud_scrapsync" = {
enable = true;
description = "Sync scrapped files with nextcloud";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar= [
"*-*-* 01:32:00"
"*-*-* 08:32:00"
"*-*-* 14:32:00"
"*-*-* 20:32:00"
];
RandomizedDelaySec = 30;
Persistent = true;
};
};
"mateo-current" = {
enable = true;
description = "Sync scrapped files with nextcloud";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1m";
OnUnitActiveSec = "1h";
RandomizedDelaySec = 30;
Persistent = true;
};
};
"mateo-forecast" = {
enable = true;
description = "Sync scrapped files with nextcloud";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar= [
"*-*-* 06:05:00"
"*-*-* 18:05:00"
];
RandomizedDelaySec = 30;
Persistent = true;
};
};
};
systemd.user.services = {
"HentaiAtHome" = {
enable = true;
restartIfChanged = true;
description = "Run hentai@home server";
wantedBy = [ "default.target" ];
path = [
pkgs.HentaiAtHome
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
WorkingDirectory="/mnt/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
};
};
"manage_library" = {
enable = true;
restartIfChanged = true;
description = "Run the manage library fish script";
wantedBy = [ "default.target" ];
path = [
pkgs.fish
manage_library
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${manage_library}/bin/manage_library";
};
};
};
#+end_src
* FIREWALL
Open ports in the firewall.
=TIP= list what app a port belongs to in a table.
#+begin_src nix
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
#+end_src
* FINAL SYSTEM CONFIGURATIONS
** CREATE COPY OF NIXOS CONFIGURATION
Copy the NixOS configuration file and link it from the resulting system
(/run/current-system/configuration.nix). This is useful in case you
accidentally delete configuration.nix.
#+begin_src nix
system.copySystemConfiguration = true;
nix.gc = {
automatic = true;
dates = "weekly";
};
#+end_src
** NIX VERSION
This value determines the NixOS release from which the default settings for
stateful data, like file locations and database versions on your system.
Its perfectly fine and recommended to leave this value at the release version
of the first install of this system.
Before changing this value read the documentation for this option.
#+begin_src nix
system.stateVersion = VERSION;
#+end_src
** CLOSING :D
That super pesky closing bracket.
#+begin_src nix
}
#+end_src
Reference in New Issue View Git Blame Copy Permalink