jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/configuration.org

893 lines
20 KiB
Org Mode
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#+TITLE: JawZ NixOS main Configuration
#+AUTHOR: Danilo Reyes
#+PROPERTY: header-args :tangle configuration.nix
#+auto_tangle: t
* TODO
- [ ] Clean up configuration file
- [ ] Check music [0/5]
- [ ] Last.fm
- [ ] Libre.fm (optional)
- [ ] Beet plugins work
- [ ] Beet web server works
- [ ] Move music around
- [ ] System configurations [0/6]
- [ ] Bluetooth multiple devices + pass-through
- [ ] Automatic updates
- [ ] SSH settings
- [ ] Automatic garbage collection
- [ ] Firewall ports
- [ ] Topgrade (perhaps unnecessary)
- [ ] SystemD services [0/3]
- [ ] FStrim
- [ ] BTRFS scrub
- [ ] Personal scripts [0/3]
- [ ] download
- [ ] Instagram
- [ ] startup tasks
- [ ] Migrate dotfiles [0/3]
- [ ] .config [0/3]
- [ ] celluloid [0/2]
- [ ] Make sure plugins work
- [ ] Declare plugins?
- [ ] Firefox [0/7]
https://ffprofile.com/#finish
- [ ] Extensions
- [ ] Settings
- [ ] Gnome integration
- [ ] Profile
- [ ] Bookmarks
- [ ] Extra security/privacy config
- [ ] gallery-dl integration
- [ ]
- [ ] .var
- [ ] .local/share [0/2]
- [ ] beets
- [ ] mpd
- [ ] Migrate apps [0/4]
- [ ] paru
- [ ] pipx
- [ ] pip IMPORTANT for beet
- [ ] appimages
- [ ] Figure out how to get rid of xterm
- [ ] Compile missing apps [0/4]
- [ ] Identity
https://gitlab.gnome.org/YaLTeR/identity
Only challenge may be gstreamer, but probably not an issue. May be the easier one to package.
- [ ] Bats
https://github.com/bats-core/bats-core
- [ ] wine-discord-ipc-bridge
https://github.com/fufexan/nix-gaming
- [ ] make binaries of my own scripts
https://github.com/asimpson/dotfiles/blob/899b45e1586aac04d4e5541d638bbbffc66b4bba/nixos/scripts.nix
- [ ] AdwCustomizer [0/1]
https://github.com/AdwCustomizerTeam/AdwCustomizer
- [ ] Figure out pip
- [ ] (optional) adw-gtk3 theme
https://github.com/lassekongo83/adw-gtk3#readme
I think it can be locally installed, no need for theme, but in case
https://github.com/NixOS/nixpkgs/blob/nixos-22.05/pkgs/data/themes/vertex/default.nix#L32
* ABOUT
Setting up the document.
#+begin_src nix
{ config, pkgs, ... }:
{ # Remember to close this bracket at the end of the document
#+end_src
** IMPORTS
These are files and modules which get loaded onto the configuration file, in the
future I may segment this file into different modules, but for the time being,
the two ones I need are hardware and home-manager.
#+begin_src nix
imports = [
./hardware-configuration.nix
<home-manager/nixos>
];
#+end_src
* BOOT
I am comfortable with the defaults which NixOS recommends for UEFI systems.
#+begin_src nix
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#+end_src
* SYSTEM CONFIGURATION
** NETWORKING
At the moment, I don't have a wireless card on this computer, however as I build
a new system, such setting may come in handy.
#+begin_src nix
networking.hostName = "workstation";
#+end_src
Pick *ONLY ONE* of the below networking options.
- *wireless.enable* enables wireless support via wpa_supplicant.
- *NetworkManager* it's the default of GNOME, and easiest to use and integrate.
#+begin_src nix
# networking.wireless.enable = true;
networking.networkmanager.enable = true;
#+end_src
** TIMEZONE
#+begin_src nix
time.timeZone = "America/Mexico_City";
#+end_src
** LOCALE
For some reason, useXkbConfig throws an error when building the system, either
way it is an unnecessary setting as my keyboards are the default en_US, only
locale set to Canadian out because I prefer how it displays the date.
#+begin_src nix
i18n.defaultLocale = "en_CA.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
#+end_src
* DISPLAY MANAGER
At the time of writing this file, I require of X11, as the NVIDIA support for
Wayland isn't perfect yet. At the time being, the ability to switch through GDM
from Wayland to XORG, it's pretty handy, but in the future these settings will
require an update.
#+begin_src nix
services.xserver.enable = true;
#+end_src
As previously mentioned, the settings for useXkbConfig prompt issues.
#+begin_src nix
services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
#+end_src
* GNOME
Sets up GNOME as the default desktop environment, while excluding some
undesirable packages from installing.
#+begin_src nix
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
baobab
])
++ (with pkgs.gnome; [
totem
gedit
gnome-music
epiphany
gnome-characters
yelp
simple-scan
gnome-font-viewer
]);
#+end_src
* HARDWARE
** BLUETOOTH
#+begin_src nix
hardware.bluetooth.enable = true;
#+end_src
** SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/
This is a basic PipeWire configuration, in the future stuff like Bluetooth or
latency will require expanding these settings.
#+begin_src nix
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
#+end_src
* SECURITY
Recently, I've gotten frustrated with OpenDoas, as such I've decided to
temporarily enable Sudo, but in the future, I plan to revert that decision.
** SUDO
#+begin_src nix
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
#+end_src
** OPENDOAS
It's mayor advantage over Sudo, is that is being a smaller package, being lessen known
means that there is less security risks associated with it, overall a less
bloated more secure package. Which comes with the caveat that due to it's age,
there is little support for it. Constantly having to resort to hack solutions
such as patches or symlinks.
#+begin_src nix
# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
# users = [ "jawz" ];
# keepEnv = true;
# #persist = true;
# noPass = true;
# }];
#+end_src
* USER
Being part of the "wheel" group, means that the user has root privileges.
#+begin_src nix
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
initialPassword = "password";
shell = pkgs.fish;
packages = with pkgs; [ ];
};
#+end_src
* MISC SETTINGS
** ALLOW NON FREE packages
#+begin_src nix
nixpkgs.config = { allowUnfree = true; };
#+end_src
** ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
=tip= once that Wayland is ready for deployment, I probably can remove this
setting.
#+begin_src nix
fonts.fontconfig.enable = true;
#+end_src
** WACOM
This setting could be a requirement for my tablet to properly work. Even
though, my tablet is Huion, the Linux Wacom drivers cover most of the settings.
#+begin_src nix
# services.xserver.libinput.enable = true;
#+end_src
* HOME-MANAGER
** HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory,
also allow for upgrades when rebuilding the system.
#+begin_src nix
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
#+end_src
** PACKAGES
This section of the document categorizes and organizes all he packages that I
want installed, attempting to group them as dependencies of others when
necessary.
#+begin_src nix
home-manager.users.jawz = { config, pkgs, ... }:{
imports = [ ./dotfiles/dconf.nix ];
home.packages = with pkgs; [
#+end_src
*** GUI PACKAGES
#+begin_src nix
blanket # background noise
blender # cgi animation and sculpting
celluloid # video player
cozy # audiobooks player
czkawka # duplicate finder
discord # chat
dropbox # cloud sync
# foliate # ebook reader
# gnome-podcasts # podcast player
# gnome-recipes # migrate these to mealie and delete
godot # game development
google-chrome # web browser
handbrake # video converter, may be unnecessary
# krita # art to your heart desire!
# libreoffice-fresh # office, but based
# lutris # game/emulator manager
megasync # cloud sync
mpdevil # ugly icon, but pretty mpd client nwn
# pika-backup # backups
pitivi # video editor
tilix # terminal
#+end_src
*** MISC PACKAGES
#+begin_src nix
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mpdas # scrobble mpd songs to last.fm
#+end_src
*** COMMAND-LINE PACKAGES
#+begin_src nix
gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
#+end_src
*** DEVELOPMENT PACKAGES
**** DOOM EMACS
#+begin_src nix
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
# SH
bashdb # autocomplete
shellcheck # linting
nodePackages.bash-language-server # LSP support
# NIX
nixfmt # linting
# PYTHON.
python # base language
# HASKELL
# cabal-install # haskell interface
# JS
# jq # linting
# Node-js
# nodePackages.pnpm
#+end_src
**** EXERCISM
#+begin_src nix
#+end_src
*** GNOME EXTENSIONS
#+begin_src nix
gnomeExtensions.appindicator
gnomeExtensions.gsconnect
gnome.gnome-tweaks
#+end_src
*** HUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
#+begin_src nix
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
#+end_src
*** CUSTOMIZATION PACKAGES
Also, this finishes the packages array, put new modules above.
#+begin_src nix
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" ];
})
# (papirus-icon-theme.override {
# color = "grey";
# })
];
#+end_src
** DOTFILES
*** FISH
#+begin_src nix
programs.starship.enable = true;
programs.fish = {
enable = true;
# useBabelfish = true; This setting doens't work from inside home-manager
shellAliases = {
ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time";
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery = "open (find ${config.xdg.userDirs.download}/To\ Organize/gdl-organizing/ -type d | fzf)";
unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
};
shellAbbrs = {
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xeu";
};
interactiveShellInit = ''
#+end_src
#+begin_src fish
set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/Dropboxxx/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
set GPG_TTY (tty)
# Set EMACS/VI mode
function fish_user_key_bindings
# fish_default_key_bindings
fish_vi_key_bindings
end
#+end_src
#+begin_src nix
'';
#+end_src
#+begin_src nix
functions = {
nix_magic = ''
#+end_src
#+begin_src fish
nixfmt ~/MEGAsync/nixos/configuration.nix
sudo rsync -r ~/MEGAsync/nixos/ /etc/nixos/
sudo nixos-rebuild switch
#+end_src
#+begin_src nix
'';
};
};
#+end_src
*** BAT
#+begin_src nix
programs.bat = {
enable = true;
config = {
# map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
pager = "less -FR";
theme = "base16"; };
};
#+end_src
*** BEETS
#+begin_src nix
programs.beets = {
enable = true;
settings = {
directory = "${config.xdg.userDirs.music}";
library = "${config.xdg.dataHome}/beets/musiclibrary.db";
plugins = "embedart fetchart lyrics discogs spotify deezer edit lastgenre mbsync replaygain scrub mpdupdate duplicates info fish ftintitle fuzzy";
ignore_hidden = true;
threaded = true;
duplicate = {
album = false;
delete = false;
};
ftintitle = {
auto = true;
drop = true;
format = "feat. {0}";
};
fetchart = {
maxwidth = 1000;
quality = 70;
enforce_ratio = true;
lastfm_key = "aeae592346534482202bd94bc14a80c4";
fanarttv_key = "f12b0931d2f971a5b5215c3f451bafb7";
sources = "*";
cover_format = "JPEG";
};
embedart = {
auto = true;
maxwidth = 1000;
quality = 70;
remove_art_file = false;
ifempty = true;
};
lyrics = {
auto = true;
sources = "*";
};
replaygain = {
auto = true;
overwrite = true;
peak = "true";
backend = "ffmpeg";
};
lastgenre = {
auto = true;
canonical = true;
force = true;
source = "album";
count = 1;
title_case = true;
};
mpd = {
host = "localhost";
port = 6600;
};
ui = {
color = true;
};
"import" = {
move = true;
write = true;
genres = true;
log = "${config.xdg.dataHome}/beets/beetslog.txt";
};
replace = {
"[\\\\/]" = ""; # \ /
"^\\." = ""; # dotfiles
"[\\x00-\\x1f]" = ""; # NULL to US
"\\x00" = ""; # NULL
"[<>:\"\\?\\*\\|]" = ""; # <>:"?*|
"\\.$" = ""; # dot at the end
"\\s+$" = ""; # ends with whitespace
"^\\s+" = ""; # starts with whitespace
"^-" = ""; # starts with -
};
paths = {
default = "$albumartist/$album/$track $title";
singleton = "Singletons/$artist - $title";
comp = "$album/$track $title";
"albumtype:soundtrack" = "Soundtracks/$album/$track $title";
};
convert = {
auto = true;
embed = true;
delete_originals = true;
extension = "opus";
# command = "ffmpeg -i $source -y -vn -acodec libopus -ab 256k $dest";
};
};
};
#+end_src
*** GIT
#+begin_src nix
programs.git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@outlook.com";
};
#+end_src
*** GNUPG
#+begin_src nix
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};
#+end_src
*** HTOP
#+begin_src nix
programs.htop = {
enable = true;
package = pkgs.htop-vim;
};
xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc;
#+end_src
*** XDG
#+begin_src nix
xdg = {
enable = true;
};
xdg.userDirs = {
enable = true;
# createDirectories = true;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
#+end_src
*** OTHER
#+begin_src nix
xdg.configFile = {
"wgetrc".source = ./dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
# "gopass/config.yml".source = ./dotfiles/gopass/config.yml;
"mpdasrc".source = ./dotfiles/mpdas/mpdasrc;
};
#+end_src
** USER-SERVICES
*** MPD
#+begin_src nix
services.mpd = {
enable = true;
musicDirectory = "${config.xdg.userDirs.music}";
network.listenAddress = "any";
# network.startWhenNeeded = true;
extraConfig = ''
#+end_src
#+begin_src conf
restore_paused "yes"
auto_update "yes"
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
# zeroconf_enabled "yes"
# zeroconf_name "Music Player @ %h"
input {
plugin "curl"
# proxy "proxy.isp.com:8080"
# proxy_user "user"
# proxy_password "password"
}
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
replaygain "auto"
replaygain_limit "yes"
volume_normalization "yes"
#+end_src
#+begin_src nix
'';
};
#+end_src
*** MPD EXTENSIONS
#+begin_src nix
services.mpd-discord-rpc.enable = true;
services.mpdris2 = {
enable = true;
multimediaKeys = true;
mpd.host = "localhost";
};
#+end_src
** CLOSING HOME-MANAGER
#+begin_src nix
};
#+end_src
* ENVIRONMENT PACKAGES
These are a MUST to ensure the optimal function of nix, without these, recovery
may be challenging.
#+begin_src nix
environment.systemPackages = with pkgs; [
wget
git
];
#+end_src
* ENVIRONMENT VARIABLES
#+begin_src nix
environment.sessionVariables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
SCRIPTS = "/home/jawz/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
# OPTIONS
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=/home/jawz/.config/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# FISH
fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher";
# Themes
# GTK_THEME = "Adwaita:light";
# QT_QPA_PLATFORMTHEME = "adwaita-dark";
# QT_STYLE_OVERRIDE = "adwaita";
# CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${XDG_BIN_HOME}"
"\${XDG_CONFIG_HOME}/emacs/bin"
# "\${XDG_DATA_HOME}/npm/bin"
# "\${XDG_DATA_HOME}/pnpm"
"\${SCRIPTS}"
];
};
#+end_src
* WRAPPERS
Some programs need SUID wrappers.
** NETWORK DIAGNOSTICS TOOL
I don't know what it does, but it's recommended.
#+begin_src nix
programs.mtr.enable = true;
#+end_src
** GNUPG
#+begin_src nix
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
#+end_src
* SYSTEM-SERVICES
** CADDY
#+begin_src nix
# services.caddy = {
# enable = true;
# email = "CaptainJawZ@outlook.com";
# configFile = ./dotfiles/Caddyfile;
# # config = ''
# # torrent.danilo-reyes.com {
# # reverse_proxy localhost:9091
# # }
# # '';
# };
#+end_src
** EMACS
#+begin_src nix
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs28NativeComp;
};
#+end_src
** HARD-DRIVE MAINTENANCE
#+begin_src nix
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
# "/torrents"
# "/home/jawz/.local/hd" # Maybe change mount point?
];
};
#+end_src
** OPENSSH
#+begin_src nix
services.openssh = {
enable = true;
ports = [ 25152 ];
};
#+end_src
** UDEV
#+begin_src nix
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
#+end_src
* FIREWALL
Open ports in the firewall.
=TIP= list what app a port belongs to in a table.
#+begin_src nix
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
#+end_src
* FINAL SYSTEM CONFIGURATIONS
** CREATE COPY OF NIXOS CONFIGURATION
Copy the NixOS configuration file and link it from the resulting system
(/run/current-system/configuration.nix). This is useful in case you
accidentally delete configuration.nix.
#+begin_src nix
system.copySystemConfiguration = true;
#+end_src
** NIX VERSION
This value determines the NixOS release from which the default settings for
stateful data, like file locations and database versions on your system.
Its perfectly fine and recommended to leave this value at the release version
of the first install of this system.
Before changing this value read the documentation for this option.
#+begin_src nix
system.stateVersion = "22.05";
#+end_src
** CLOSING :D
That super pesky closing bracket.
#+begin_src nix
}
#+end_src
Reference in New Issue View Git Blame Copy Permalink