25 KiB
Executable File
25 KiB
Executable File
JawZ NixOS workstation configuration
[0/6]- DECLARATION
- SYSTEM CONFIGURATION
- GNOME
- SOUND
- SECURITY
- NIXPKGS
- NORMAL USERS
- USER PACKAGES
- HOME-MANAGER
- ENVIRONMENT PACKAGES
- ENVIRONMENT VARIABLES
- SNAPRAID
- PROGRAMS
- SERVICES
- SYSTEMD
- MISC SETTINGS
- FINAL SYSTEM CONFIGURATIONS
TODO
[0/6]
-
System configurations
[0/8]- fail2ban
-
Misc
[0/3]- Figure out how to get rid of xterm
DECLARATION
Here I will declare the dependencies and variables that will be used multiple times through the config file, such as the current version of NixOS, repositories and even some scripts that will be reused on systemd configurations.
VARIABLES
- Global version number so NixOS and Home-Manager are in sync
- The unstable part allows me to build packages from the unstable channel by prepending "unstable" to a package name.
- The next part creates a simple build of some of my simple scripts, turning them into binaries which then I can integrate into the nix-store as well as declared systemd units.
{ config, pkgs, ... }:
let
version = "23.05";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
};
sshKeyBattlestation = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation";
jawzManageLibrary = pkgs.writeScriptBin
"manage-library" (builtins.readFile ../scripts/manage-library.sh);
jawzTasks = pkgs.writeScriptBin
"tasks" (builtins.readFile ../scripts/tasks.sh);
in
{ # Remember to close this bracket at the end of the documentIMPORTS
These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules once it becomes too cluttered, for example, I may create a module for systemd units.
imports = [
./hardware-configuration.nix
./servers.nix
# ./openldap.nix
# <agenix/modules/age.nix>
(import "${home-manager}/nixos")
];SYSTEM CONFIGURATION
NETWORKING
At the moment, I don't have a wireless card on this computer, however as I build a new system, such setting may come in handy.
Pick ONLY ONE of the below networking options.
- wireless.enable enables wireless support via wpa_supplicant.
- NetworkManager it's the default of GNOME, and easiest to use and integrate.
networking = {
enableIPv6 = false;
hostName = "workstation";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 battlestation
'';
firewall = let
open_firewall_ports = [
6969 # HentaiAtHome
51413 # torrent sedding
9091 # qbittorrent
2049 # nfs
];
open_firewall_port_ranges = [ ];
in {
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
};TIMEZONE & LOCALE
For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date.
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for Wayland is not perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update.
Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing.
services = {
xserver = {
enable = true;
displayManager.defaultSession = "xfce";
desktopManager = {
xfce.enable = true;
xterm.enable = false;
};
layout = "us";
libinput.enable = true; # Wacom required?
};
};SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable sound.enable This is a basic PipeWire configuration, in the future stuff like Bluetooth or latency will require expanding these settings.
hardware.pulseaudio.enable = false;
sound.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};SECURITY
Disabled password in sudo for commodity, but this is obviously not recommended, regarding rkit, that setting enables pipewire to run with real-time capabilities. And lastly, the acme settings are for signing certificates.
security = {
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
acme = {
acceptTerms = true;
defaults.email = "${myEmail}";
};
};NIXPKGS
Allow non-free, sadly is a requirement for some of my drivers, besides that, here is a good place to declare some package overrides as well as permit unsafe packages.
nixpkgs.config = {
allowUnfree = true;
};NORMAL USERS
Being part of the "wheel" group, means that the user has root privileges.
users.users.root.openssh.authorizedKeys.keys = [ sshKeyBattlestation ];
users.groups.nixremote = {
name = "nixremote";
gid = 555;
};
users.users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
sshKeyBattlestation
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyCBh8BmemoclUuTdmPsad/ROu15WlfyHtUrxU/+uAPwMvgniq0QzJg4ctHxFk+Fgg7YhHlf9vRVgtnrjXONf9XqSqUfA69rMsev8unNiJytOJ4J3X2YWYJQMZmJ33zudqxcTFjDXG7n4vC+Gfu9bKEeD/h+Vov47p8/DIBW+p/IYyICt8P5BRPGDDfmDIhslqUdxpq6F2TEtI33n68je4C8yiOBTSHGKNimK/NUpyEf8LtXPSuh/DXwigse1po+ft9nZ92mH/vHfsSU7a93xDhqPiyQbjqROa4YDt8D4tzpesTnYLDEvphJ5sS8wGe7PAtXnnXjQlVH0p1uC+AMu+U4RH8szK9/TukC5OWDn4uPrmLjfHi3jRCUpUT8ZMBaotzSpj9aitGnBtl8eNfJEP2FQuYNdVXJNiLGShCPqdRo0tpA8I77+oGF81RPT6HAugJWPfRvOyd+p0fJUM9tUShZTU873deFPIt4S0y27L+qI3fu6p1lrVc7l6aXHhvc= root@battlestation"
];
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker"
"scanner" "lp" "piracy" "kavita"
"render" "video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
sshKeyBattlestation
];
};This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.
USER PACKAGES
Begin the block to install user packages.
packages = (with pkgs; [COMMAND-LINE PACKAGES
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
gdu # disk-space utility, somewhat useful
du-dust # rusty du
exa # like ls but with colors
trashy # oop! didn't meant to delete that
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
tree-sitter # code parsing, required by Doom emacsMY SCRIPTS
Here I compile my own scripts into binaries
jawzManageLibrary
jawzTasks
(writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "chat-dl" (builtins.readFile ../scripts/chat-dl.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))DEVELOPMENT PACKAGES
# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
# languagetool # proofreader for English. check if works without the service
graphviz # graphs
tetex
# these two are for doom everywhere
xorg.xwininfo
xdotool
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
python3 # base language
# pipenv # python development workflow for humans
# poetry # dependency management made easy
# JS
nodejs # not as bad as I thoughtHUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CACUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the main draws of Linux for me.
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
"Ubuntu" "FiraCode" "Iosevka" ];
})
symbolaPYTHON
]) ++ (with pkgs.python3Packages; [
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ tqdm ];
})
# (buildPythonApplication rec {
# pname = "qbit_manage";
# version = "4.0.3";
# src = fetchPypi {
# inherit pname version;
# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
# };
# doCheck = true;
# buildInputs = [ setuptools ];
# propagatedBuildInputs =
# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
# })BAT-EXTRAS
]) ++ (with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!NODEJS PACKAGES
]) ++ (with pkgs.nodePackages; [
dockerfile-language-server-nodejs # LSP
bash-language-server # LSP
pyright # LSP
markdownlint-cli # Linter
prettier # Linter
pnpm # Package manager
]); }; # <--- end of package listHOME-MANAGER
HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system.
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.users.jawz = { config, pkgs, ... }:{
home.stateVersion = "${version}";DOTFILES
BASH
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" ];
shellAliases = {
ls = "exa --icons --group-directories-first";
edit = "emacsclient -t";
comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
cp = "cp -i";
mv = "mv -i";
mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
};
enableVteIntegration = true;
initExtra = ''$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
# GPG_TTY=$(tty)
# export GPG_TTY
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/workstation/*.nix
sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
} '';
};OTHER
programs = {
emacs = {
enable = true;
};
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};XDG
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
};
};USER-SERVICES
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
};CLOSING HOME-MANAGER
};ENVIRONMENT PACKAGES
These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging.
environment.systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
dlib
];ENVIRONMENT VARIABLES
environment.variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="\${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="\${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="\${XDG_DATA_HOME}/wine";
# OPTIONS
HISTFILE = "\${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "\${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG="\${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# Themes
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};SNAPRAID
It's a parity raid utility which creates a scheme similar to what UNRAID offered, except not in real time, I schedule it to run every night, so it keeps my files sync, while it is possible to use snapraid as a solution to keep a historic backup of your files, I am more concerned with the whole disk recovery in case of failure, as such a frequent sync fits my preferences.
snapraid = {
enable = true;
touchBeforeSync = true;
sync.interval = "02:00";
scrub = {
plan = 10;
olderThan = 10;
interval = "4:00";
};
parityFiles = [
"/mnt/parity/snapraid.parity"
];
extraConfig = ''
autosave 5000
'';
exclude = [
"/tmp/"
"/lost+found/"
"/multimedia/downloads/"
"/scrapping/nextcloud/"
"/backups/"
"/glue/Spankbank/____UNORGANIZED/Chaturbate/"
"/nextcloud/nextcloud.log"
];
dataDisks = {
d1 = "/mnt/disk1/";
d2 = "/mnt/disk2/";
};
contentFiles = [
"/var/snapraid.content"
"/mnt/disk1/snapraid.content"
"/mnt/disk2/snapraid.content"
];
};PROGRAMS
Some programs get enabled and installed through here, as well as the activation of some services.
programs = {
starship.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
msmtp = {
enable = true;
accounts.default = {
auth = true;
host = "smtp.gmail.com";
port = 587;
tls = true;
from = "stunner6399@gmail.com";
user = "stunner6399@gmail.com";
password = "eqyctcgjdykqeuwt";
};
};
};SERVICES
Miscellaneous services, most of which are managed by systemd.
services = {
minidlna = {
enable = true;
openFirewall = true;
settings = {
inotify = "yes";
media_dir = [
"/mnt/disk2/glue"
"/mnt/disk1/multimedia/downloads"
];
};
};
avahi = {
enable = true;
nssmdns = true;
};
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/mnt/disk1"
"/mnt/disk2"
];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};SYSTEMD
Home-manager, is not as flushed out when it comes to creating systemd units, so the best way to define them for now, is using nix.
systemd = {
packages = [ pkgs.qbittorrent-nox ];
services = {
"qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
};
timers = { };
user = {
services = {
HentaiAtHome = {
enable = true;
restartIfChanged = true;
description = "Run hentai@home server";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
WorkingDirectory="/mnt/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
};
};
unpackerr = {
enable = true;
restartIfChanged = true;
description = "Run unpackerr";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
};
};
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzManageLibrary
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzTasks
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
path = [
pkgs.python3
pkgs.pipenv
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
};
};
};
timers = {
tasks = {
enable = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
qbit_manage = {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
};
};MISC SETTINGS
ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
tip once that Wayland is ready for deployment, I probably can remove this
setting.
fonts.fontconfig.enable = true;NFS
fileSystems = {
"/export/disk1" = {
device = "/mnt/disk1";
options = ["bind"];
};
"/export/disk2" = {
device = "/mnt/disk2";
options = ["bind"];
};
"/export/seedbox" = {
device = "/mnt/seedbox";
options = ["bind"];
};
"/export/jawz" = {
device = "/home/jawz";
options = ["bind"];
};
};
services.nfs = {
server = {
enable = true;
exports = ''
/export 192.168.1.64(rw,fsid=0,no_subtree_check)
/export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check)
'';
};
};FINAL SYSTEM CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix.
The version value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system.
Lastly I configure in here Cachix repositories, which is a website that keeps a cache of nixbuilds for easy quick deployments without having to compile everything from scratch.
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = {
settings = {
trusted-users = [ "nixremote" ];
auto-optimise-store = true;
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
];
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
gc = {
automatic = true;
dates = "weekly";
};
};
}