jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/configuration.org

19 KiB
Executable File
Raw Blame History

JawZ NixOS main Configuration

TODO [2/10]

ABOUT

Setting up the document.

{ config, pkgs, ... }:
{ # Remember to close this bracket at the end of the document

IMPORTS

These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules, but for the time being, the two ones I need are hardware and home-manager.

imports = [
  ./hardware-configuration.nix
  <home-manager/nixos>
];

SYSTEM CONFIGURATION

NETWORKING

At the moment, I don't have a wireless card on this computer, however as I build a new system, such setting may come in handy.

networking.hostName = "workstation";

Pick ONLY ONE of the below networking options.

  • wireless.enable enables wireless support via wpa_supplicant.
  • NetworkManager it's the default of GNOME, and easiest to use and integrate.
# networking.wireless.enable = true;
networking.networkmanager.enable = true;

TIMEZONE 

time.timeZone = "America/Mexico_City";

LOCALE

For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date.

i18n = {
  defaultLocale = "en_CA.UTF-8";
  extraLocaleSettings = {
    LC_MONETARY = "es_MX.UTF-8";
  };
};
console = {
  font = "Lat2-Terminus16";
  keyMap = "us";
  #  useXkbConfig = true; # use xkbOptions in tty.
};

GNOME

At the time of writing this file, I require of X11, as the NVIDIA support for Wayland isn't perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update.

Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing.

services = {
  xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
    layout = "us";
    libinput.enable = true; # Wacom required?
  };
};

environment.gnome.excludePackages = (with pkgs; [
  gnome-photos
  gnome-tour
  gnome-text-editor
  gnome-connections
  baobab
])
++ (with pkgs.gnome; [
  totem
  gedit
  gnome-music
  epiphany
  gnome-characters
  yelp
  simple-scan
  gnome-font-viewer
]);

SOUND

In order to avoid issues with PipeWire, the wiki recommends to disable sound.enable This is a basic PipeWire configuration, in the future stuff like Bluetooth or latency will require expanding these settings.

hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
  enable = true;
  alsa.enable = true;
  alsa.support32Bit = true;
  pulse.enable = true;
};

SECURITY

Recently, I've gotten frustrated with OpenDoas, as such I've decided to temporarily enable Sudo, but in the future, I plan to revert that decision.

SUDO

Disabled password for commodity, but this is obviously not recommended.

security.sudo = {
  enable = true;
  wheelNeedsPassword = false;
};

OPENDOAS

It's mayor advantage over Sudo, is that is being a smaller package, being lessen known means that there is less security risks associated with it, overall a less bloated more secure package. Which comes with the caveat that due to it's age, there is little support for it. Constantly having to resort to hack solutions such as patches or symlinks.

# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
#   users = [ "jawz" ];
#   keepEnv = true;
#   #persist = true;
#   noPass = true;
# }];

USER

Being part of the "wheel" group, means that the user has root privileges.

users.users.jawz = {
  isNormalUser = true;
  extraGroups = [ "wheel" "networkmanager" "docker" ];
  initialPassword = "password";
  shell = pkgs.fish;
  packages = with pkgs; [ ];
};

MISC SETTINGS

ALLOW NON FREE packages 

nixpkgs.config = { allowUnfree = true; };

ENABLE FONTCONFIG

If enabled, a Fontconfig configuration file will point to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts. tip once that Wayland is ready for deployment, I probably can remove this setting.

fonts.fontconfig.enable = true;

HOME-MANAGER

HOME-MANAGER SETTINGS

These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system.

home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;

PACKAGES

This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.

home-manager.users.jawz = { config, pkgs, ... }:{
    # imports = [ ./dotfiles/dconf.nix ];
    home.stateVersion = "22.11";
    home.packages = (with pkgs; [

GUI PACKAGES   ATTACH 

# Art
blender # cgi animation and sculpting
godot # game development
krita # art to your heart desire!
drawpile # arty party with friends!!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes

# Gaming
lutris # game/emulator manager
grapejuice # roblox manager
minecraft # minecraft official launcher
parsec-bin # remote gaming with friends

# Productivity
libreoffice-fresh # office, but based
calibre # ugly af eBook library manager
foliate # gtk eBook reader
gnome.simple-scan # document scanner
gnome-feeds # feed reader, maybe will replace with nextcloud
tagger # tag music files

# Misc
sequeler # friendly SQL client
blanket # background noise
czkawka # duplicate finder
# pika-backup # backups
tilix # terminal
gnome-obfuscate # censor private information
metadata-cleaner # remove any metadata and geolocation from files
# gnome-recipes # migrate these to mealie and delete

# Multimedia
celluloid # video player
cozy # audiobooks player
gnome-podcasts # podcast player
handbrake # video converter, may be unnecessary
curtail # image compressor
pitivi # video editor
# identity # compare images or videos
mousai # poor man shazam
# bottles # wine prefix manager
obs-studio # screen recorder & streamer
shortwave # listen to world radio

# Web
discord # chat
google-chrome # web browser with spyware included
firefox # web browser that allows to disable spyware
librewolf # no spyware web browser
tor-browser-bundle-bin # dark web, so dark!
# hugo # website engine
nicotine-plus # remember Ares?
warp # never used, but supposedly cool for sharing files

COMMAND-LINE PACKAGES 

gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
yt-dlp # downloads videos from most video websites
neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
vcsi # video thumbnails for torrents, can I replace it with ^?
mediainfo # technical info about videos, needed by some of my scripts
tree-sitter # code parsing, required by Doom emacs
xdg-ninja # help declutter $HOME
torrenttools # create torrent files from the terminal!

DEVELOPMENT PACKAGES 

# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
languagetool # proofreader for English.  check if works without the service

# development environment
nix-direnv # nix implementation of direnv
exercism # learn to code

# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
nodePackages.bash-language-server # LSP support

# NIX
nixfmt # linting

# PYTHON.
python3 # base language
pipenv # python development workflow for humans

# C# & Rust
omnisharp-roslyn

# HASKELL
# cabal-install # haskell interface

# JS
# jq # linting
# Node-js
# nodePackages.pnpm

GNOME EXTENSIONS 

gnome.gnome-tweaks

gnomeExtensions.appindicator
gnomeExtensions.gsconnect

HUNSPELL

These dictionaries work with Firefox, Doom Emacs and LibreOffice.

hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA

CUSTOMIZATION PACKAGES

Also, this finishes the packages array, put new modules above.

# Themes
adwaita-qt

# Fonts
(nerdfonts.override {
  fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" "FiraCode" "Iosevka" ];
})

# (papirus-icon-theme.override {
#   color = "grey";
# })

PYTHON 

]) ++ (with pkgs.python310Packages; [
  black # Python code formatter
  flake8 # wraper for pyflakes, pycodestyle and mccabe
  gdtoolkit # gdscript parser
  isort # sort Python imports
  nose # testing and running python scripts
  pipx # install python packages in a virtual environment
  poetry # dependency management made easy
  pyflakes # checks source code for errors
  pylint # bug and style checker for python
  pytest # framework for writing tests
  speedtest-cli # check internet speed from the comand line
]);

DOTFILES

FISH 

programs.starship.enable = true;
programs.fish = {
  enable = true;
  # useBabelfish = true; This setting doens't work from inside home-manager
  shellAliases = {
    ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time";
    edit = "emacsclient -t";
    comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
    gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
    open_gallery = "open (find /mnt/disk2/scrapping/JawZ/gallery-dl -type d | fzf)";
    unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
    cp = "cp -i";
    mv = "mv -i";
    mkdir = "mkdir -p";
    rm = "trash";
    ".." = "cd ..";
    "..." = "cd ../..";
    ".3" = "cd ../../..";
    ".4" = "cd ../../../..";
    ".5" = "cd ../../../../..";
  };
  shellAbbrs = {
    dl = "download -u jawz -i";
    ex = "ls";
    e = "edit";
    c = "cat";
    f = "fzf --multi --exact -i";
    sc = "systemctl --user";
    jc = "journalctl --user -xeu";
  };
  interactiveShellInit = ''
set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/.config/jawz/lists/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt

set GPG_TTY (tty)

# Set EMACS/VI mode
function fish_user_key_bindings
    # fish_default_key_bindings
    fish_vi_key_bindings
end
'';
functions = {
  nixos-magic = ''
set -l nix_file "$HOME/Development/NixOS/configuration.nix"
echo $nix_file
nixfmt $nix_file
sudo nixos-rebuild switch -I nixos-config=$nix_file
    '';
  };
};

BAT 

programs.bat = {
  enable = true;
  config = {
    # map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
    pager = "less -FR";
    theme = "base16"; };
};

GIT 

programs.git = {
  enable = true;
  userName  = "Danilo Reyes";
  userEmail = "CaptainJawZ@outlook.com";
};

GNUPG 

programs.gpg = {
  enable = true;
  homedir = "${config.xdg.dataHome}/gnupg";
};

HTOP 

programs.htop = {
  enable = true;
  package = pkgs.htop-vim;
};
xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc;

XDG 

xdg = {
  enable = true;
};
xdg.userDirs = {
  enable = true;
  # createDirectories = true;
  desktop = "${config.home.homeDirectory}";
  documents = "${config.home.homeDirectory}/Documents";
  download = "${config.home.homeDirectory}/Downloads";
  music = "${config.home.homeDirectory}/Music";
  pictures = "${config.home.homeDirectory}/Pictures";
  # publicShare = "${config.home.homeDirectory}/.local/hd/Public";
  templates = "${config.home.homeDirectory}/.local/share/Templates";
  videos = "${config.home.homeDirectory}/Videos";
};

OTHER 

xdg.configFile = {
  "wgetrc".source = ./dotfiles/wget/wgetrc;
  "configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
  "npm/npmrc".source = ./dotfiles/npm/npmrc;
  "gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
};

USER-SERVICES

MPD EXTENSIONS 

# services.mpd-discord-rpc.enable = true;
# services.mpdris2 = {
#   enable = true;
#   multimediaKeys = true;
#   mpd.host = "localhost";
# };

CLOSING HOME-MANAGER 

};

ENVIRONMENT PACKAGES

These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging.

environment.systemPackages = with pkgs; [
  wget
  docker-compose
];

ENVIRONMENT VARIABLES 

environment.sessionVariables = rec {
  # PATH
  XDG_CACHE_HOME  = "\${HOME}/.cache";
  XDG_CONFIG_HOME = "\${HOME}/.config";
  XDG_BIN_HOME    = "\${HOME}/.local/bin";
  XDG_DATA_HOME   = "\${HOME}/.local/share";
  XDG_STATE_HOME  = "\${HOME}/.local/state";

  SCRIPTS = "\${HOME}/Development/Scripts";

  # DEV PATH
  CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
  CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
  CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
  GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
  GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
  GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
  GOPATH = "\${XDG_DATA_HOME}/go";
  NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
  PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
  # OPTIONS
  LESSHISTFILE = "-";
  GHCUP_USE_XDG_DIRS = "true";
  RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
  ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
  VISUAL = "emacsclient -ca emacs";
  WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
  "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
  # NVIDIA
  CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
  # GBM_BACKEND = "nvidia-drm";
  # "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
  # FISH
  fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher";
  # Themes
  # GTK_THEME = "Adwaita:light";
  # QT_QPA_PLATFORMTHEME = "adwaita-dark";
  # QT_STYLE_OVERRIDE = "adwaita";
  # CALIBRE_USE_SYSTEM_THEME = "1";

  PATH = [
    "\${XDG_BIN_HOME}"
    "\${XDG_CONFIG_HOME}/emacs/bin"
    # "\${XDG_DATA_HOME}/npm/bin"
    # "\${PNPM_HOME}"
    # "\${SCRIPTS}"
  ];
};

DOCKER

Virtualization settings for Docker. NixOS offers an option to declaratively run docker-compose images using Arion. Could be an interesting thing to try out.

virtualisation.docker = {
    enable = true;
    storageDriver = "btrfs";
    enableNvidia = true;
};

PROGRAMS & SERVICES

Some programs need SUID wrappers.

programs = {
  mtr.enable = true;
  gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  geary = {
    enable = true;
  };
  steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };
};

services = {
  printing.enable = true;
  emacs = {
    enable = true;
    defaultEditor = true;
    package = pkgs.emacs;
  };
  fstrim.enable = true;
  btrfs.autoScrub = {
    enable = true;
    fileSystems = [
      "/"
      "/mnt/disk1"
      "/mnt/disk2"
    ];
  };
  openssh = {
    enable = true;
    ports = [ 25152 ];
  };
  udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};

FIREWALL

Open ports in the firewall. TIP list what app a port belongs to in a table.

# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;

FINAL SYSTEM CONFIGURATIONS

CREATE COPY OF NIXOS CONFIGURATION

Copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix.

system.copySystemConfiguration = true;

NIX VERSION

This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. Its perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read the documentation for this option.

system.stateVersion = "22.11";

CLOSING :D

That super pesky closing bracket.

}