20 KiB
Executable File
JawZ NixOS main Configuration
- TODO
- ABOUT
- BOOT
- SYSTEM CONFIGURATION
- DISPLAY MANAGER
- GNOME
- HARDWARE
- SECURITY
- USER
- MISC SETTINGS
- HOME-MANAGER
- ENVIRONMENT PACKAGES
- ENVIRONMENT VARIABLES
- WRAPPERS
- SYSTEM-SERVICES
- FIREWALL
- FINAL SYSTEM CONFIGURATIONS
TODO
-
Check music
[0/5]- Last.fm
- Libre.fm (optional)
- Beet plugins work
- Beet web server works
- Move music around
-
System configurations
[0/6]- Bluetooth multiple devices + pass-through
- Automatic updates
- SSH settings
- Automatic garbage collection
- Firewall ports
- Topgrade (perhaps unnecessary)
-
SystemD services
[0/3]- FStrim
- BTRFS scrub
-
Personal scripts
[0/3]- download
- startup tasks
-
Migrate dotfiles
[0/3]-
.config
[0/3]-
celluloid
[0/2]- Make sure plugins work
- Declare plugins?
-
Firefox
[0/7]https://ffprofile.com/#finish- Extensions
- Settings
- Gnome integration
- Profile
- Bookmarks
- Extra security/privacy config
- gallery-dl integration
- [ ]
-
- .var
-
.local/share
[0/2]- beets
- mpd
-
-
Migrate apps
[0/4]- paru
- pipx
- pip IMPORTANT for beet
- appimages
- Figure out how to get rid of xterm
-
Compile missing apps
[0/4]- Identity https://gitlab.gnome.org/YaLTeR/identity Only challenge may be gstreamer, but probably not an issue. May be the easier one to package.
- Bats https://github.com/bats-core/bats-core
- wine-discord-ipc-bridge https://github.com/fufexan/nix-gaming
- make binaries of my own scripts https://github.com/asimpson/dotfiles/blob/899b45e1586aac04d4e5541d638bbbffc66b4bba/nixos/scripts.nix
-
AdwCustomizer
[0/1]https://github.com/AdwCustomizerTeam/AdwCustomizer- Figure out pip
- (optional) adw-gtk3 theme https://github.com/lassekongo83/adw-gtk3#readme I think it can be locally installed, no need for theme, but in case https://github.com/NixOS/nixpkgs/blob/nixos-22.05/pkgs/data/themes/vertex/default.nix#L32
ABOUT
Setting up the document.
{ config, pkgs, ... }:
{ # Remember to close this bracket at the end of the documentIMPORTS
These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules, but for the time being, the two ones I need are hardware and home-manager.
imports = [
./hardware-configuration.nix
<home-manager/nixos>
];BOOT
I am comfortable with the defaults which NixOS recommends for UEFI systems.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;SYSTEM CONFIGURATION
NETWORKING
At the moment, I don't have a wireless card on this computer, however as I build a new system, such setting may come in handy.
networking.hostName = "workstation";Pick ONLY ONE of the below networking options.
- wireless.enable enables wireless support via wpa_supplicant.
- NetworkManager it's the default of GNOME, and easiest to use and integrate.
# networking.wireless.enable = true;
networking.networkmanager.enable = true;TIMEZONE
time.timeZone = "America/Mexico_City";LOCALE
For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date.
i18n.defaultLocale = "en_CA.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};DISPLAY MANAGER
At the time of writing this file, I require of X11, as the NVIDIA support for Wayland isn't perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update.
services.xserver.enable = true;As previously mentioned, the settings for useXkbConfig prompt issues.
services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };GNOME
Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
baobab
])
++ (with pkgs.gnome; [
totem
gedit
gnome-music
epiphany
gnome-characters
yelp
simple-scan
gnome-font-viewer
]);HARDWARE
BLUETOOTH
hardware.bluetooth.enable = true;SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable sound.enable This is a basic PipeWire configuration, in the future stuff like Bluetooth or latency will require expanding these settings.
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};SECURITY
Recently, I've gotten frustrated with OpenDoas, as such I've decided to temporarily enable Sudo, but in the future, I plan to revert that decision.
SUDO
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};OPENDOAS
It's mayor advantage over Sudo, is that is being a smaller package, being lessen known means that there is less security risks associated with it, overall a less bloated more secure package. Which comes with the caveat that due to it's age, there is little support for it. Constantly having to resort to hack solutions such as patches or symlinks.
# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
# users = [ "jawz" ];
# keepEnv = true;
# #persist = true;
# noPass = true;
# }];USER
Being part of the "wheel" group, means that the user has root privileges.
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
initialPassword = "password";
shell = pkgs.fish;
packages = with pkgs; [ ];
};MISC SETTINGS
ALLOW NON FREE packages
nixpkgs.config = { allowUnfree = true; };ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
tip once that Wayland is ready for deployment, I probably can remove this
setting.
fonts.fontconfig.enable = true;WACOM
This setting could be a requirement for my tablet to properly work. Even though, my tablet is Huion, the Linux Wacom drivers cover most of the settings.
# services.xserver.libinput.enable = true;HOME-MANAGER
HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system.
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;PACKAGES
This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.
home-manager.users.jawz = { config, pkgs, ... }:{
imports = [ ./dotfiles/dconf.nix ];
home.packages = with pkgs; [GUI PACKAGES
blanket # background noise
blender # cgi animation and sculpting
celluloid # video player
cozy # audiobooks player
czkawka # duplicate finder
discord # chat
dropbox # cloud sync
# foliate # ebook reader
# gnome-podcasts # podcast player
# gnome-recipes # migrate these to mealie and delete
godot # game development
google-chrome # web browser
handbrake # video converter, may be unnecessary
# krita # art to your heart desire!
# libreoffice-fresh # office, but based
# lutris # game/emulator manager
megasync # cloud sync
mpdevil # ugly icon, but pretty mpd client nwn
# pika-backup # backups
pitivi # video editor
tilix # terminalMISC PACKAGES
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mpdas # scrobble mpd songs to last.fmCOMMAND-LINE PACKAGES
gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!DEVELOPMENT PACKAGES
DOOM EMACS
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
# SH
bashdb # autocomplete
shellcheck # linting
nodePackages.bash-language-server # LSP support
# NIX
nixfmt # linting
# PYTHON.
python # base language
# HASKELL
# cabal-install # haskell interface
# JS
# jq # linting
# Node-js
# nodePackages.pnpmEXERCISM
GNOME EXTENSIONS
gnomeExtensions.appindicator
gnomeExtensions.gsconnect
gnome.gnome-tweaksHUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CACUSTOMIZATION PACKAGES
Also, this finishes the packages array, put new modules above.
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" ];
})
# (papirus-icon-theme.override {
# color = "grey";
# })
];DOTFILES
FISH
programs.starship.enable = true;
programs.fish = {
enable = true;
# useBabelfish = true; This setting doens't work from inside home-manager
shellAliases = {
ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time";
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery = "open (find ${config.xdg.userDirs.download}/To\ Organize/gdl-organizing/ -type d | fzf)";
unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
};
shellAbbrs = {
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xeu";
};
interactiveShellInit = ''set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/Dropboxxx/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
set GPG_TTY (tty)
# Set EMACS/VI mode
function fish_user_key_bindings
# fish_default_key_bindings
fish_vi_key_bindings
end'';functions = {
nix_magic = ''nixfmt ~/MEGAsync/nixos/configuration.nix
sudo rsync -r ~/MEGAsync/nixos/ /etc/nixos/
sudo nixos-rebuild switch '';
};
};BAT
programs.bat = {
enable = true;
config = {
# map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
pager = "less -FR";
theme = "base16"; };
};BEETS
programs.beets = {
enable = true;
settings = {
directory = "${config.xdg.userDirs.music}";
library = "${config.xdg.dataHome}/beets/musiclibrary.db";
plugins = "embedart fetchart lyrics discogs spotify deezer edit lastgenre mbsync replaygain scrub mpdupdate duplicates info fish ftintitle fuzzy";
ignore_hidden = true;
threaded = true;
duplicate = {
album = false;
delete = false;
};
ftintitle = {
auto = true;
drop = true;
format = "feat. {0}";
};
fetchart = {
maxwidth = 1000;
quality = 70;
enforce_ratio = true;
lastfm_key = "aeae592346534482202bd94bc14a80c4";
fanarttv_key = "f12b0931d2f971a5b5215c3f451bafb7";
sources = "*";
cover_format = "JPEG";
};
embedart = {
auto = true;
maxwidth = 1000;
quality = 70;
remove_art_file = false;
ifempty = true;
};
lyrics = {
auto = true;
sources = "*";
};
replaygain = {
auto = true;
overwrite = true;
peak = "true";
backend = "ffmpeg";
};
lastgenre = {
auto = true;
canonical = true;
force = true;
source = "album";
count = 1;
title_case = true;
};
mpd = {
host = "localhost";
port = 6600;
};
ui = {
color = true;
};
"import" = {
move = true;
write = true;
genres = true;
log = "${config.xdg.dataHome}/beets/beetslog.txt";
};
replace = {
"[\\\\/]" = ""; # \ /
"^\\." = ""; # dotfiles
"[\\x00-\\x1f]" = ""; # NULL to US
"\\x00" = ""; # NULL
"[<>:\"\\?\\*\\|]" = ""; # <>:"?*|
"\\.$" = ""; # dot at the end
"\\s+$" = ""; # ends with whitespace
"^\\s+" = ""; # starts with whitespace
"^-" = ""; # starts with -
};
paths = {
default = "$albumartist/$album/$track $title";
singleton = "Singletons/$artist - $title";
comp = "$album/$track $title";
"albumtype:soundtrack" = "Soundtracks/$album/$track $title";
};
convert = {
auto = true;
embed = true;
delete_originals = true;
extension = "opus";
# command = "ffmpeg -i $source -y -vn -acodec libopus -ab 256k $dest";
};
};
};GIT
programs.git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@outlook.com";
};GNUPG
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};HTOP
programs.htop = {
enable = true;
package = pkgs.htop-vim;
};
xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc;XDG
xdg = {
enable = true;
};
xdg.userDirs = {
enable = true;
# createDirectories = true;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};OTHER
xdg.configFile = {
"wgetrc".source = ./dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
# "gopass/config.yml".source = ./dotfiles/gopass/config.yml;
"mpdasrc".source = ./dotfiles/mpdas/mpdasrc;
};USER-SERVICES
MPD
services.mpd = {
enable = true;
musicDirectory = "${config.xdg.userDirs.music}";
network.listenAddress = "any";
# network.startWhenNeeded = true;
extraConfig = '' restore_paused "yes"
auto_update "yes"
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
# zeroconf_enabled "yes"
# zeroconf_name "Music Player @ %h"
input {
plugin "curl"
# proxy "proxy.isp.com:8080"
# proxy_user "user"
# proxy_password "password"
}
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
replaygain "auto"
replaygain_limit "yes"
volume_normalization "yes" '';
};MPD EXTENSIONS
services.mpd-discord-rpc.enable = true;
services.mpdris2 = {
enable = true;
multimediaKeys = true;
mpd.host = "localhost";
};CLOSING HOME-MANAGER
};ENVIRONMENT PACKAGES
These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging.
environment.systemPackages = with pkgs; [
wget
git
];ENVIRONMENT VARIABLES
environment.sessionVariables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
SCRIPTS = "/home/jawz/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
# OPTIONS
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=/home/jawz/.config/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# FISH
fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher";
# Themes
# GTK_THEME = "Adwaita:light";
# QT_QPA_PLATFORMTHEME = "adwaita-dark";
# QT_STYLE_OVERRIDE = "adwaita";
# CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${XDG_BIN_HOME}"
"\${XDG_CONFIG_HOME}/emacs/bin"
# "\${XDG_DATA_HOME}/npm/bin"
# "\${XDG_DATA_HOME}/pnpm"
"\${SCRIPTS}"
];
};WRAPPERS
Some programs need SUID wrappers.
NETWORK DIAGNOSTICS TOOL
I don't know what it does, but it's recommended.
programs.mtr.enable = true;GNUPG
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};SYSTEM-SERVICES
CADDY
# services.caddy = {
# enable = true;
# email = "CaptainJawZ@outlook.com";
# configFile = ./dotfiles/Caddyfile;
# # config = ''
# # torrent.danilo-reyes.com {
# # reverse_proxy localhost:9091
# # }
# # '';
# };EMACS
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs28NativeComp;
};HARD-DRIVE MAINTENANCE
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
# "/torrents"
# "/home/jawz/.local/hd" # Maybe change mount point?
];
};OPENSSH
services.openssh = {
enable = true;
ports = [ 25152 ];
};UDEV
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];FIREWALL
Open ports in the firewall.
TIP list what app a port belongs to in a table.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;FINAL SYSTEM CONFIGURATIONS
CREATE COPY OF NIXOS CONFIGURATION
Copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix.
system.copySystemConfiguration = true;NIX VERSION
This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read the documentation for this option.
system.stateVersion = "22.05";CLOSING :D
That super pesky closing bracket.
}