32 KiB
JawZ NixOS workstation configuration
[0/6]- DECLARATION
- SYSTEM CONFIGURATION
- GNOME
- SOUND
- SECURITY
- NIXPKGS SETTINGS
- NORMAL USERS
- USER PACKAGES
- HOME-MANAGER
- ENVIRONMENT
- PROGRAMS
- SERVICES
- SYSTEMD
- FONTCONFIG
- HARDWARE
- VIRTUALISATION
- CLOSE SYSTEM
TODO
[0/6]
-
System configurations
[0/8]- Bluetooth multiple devices + pass-through
-
dotfiles
[0/4]- migrate config to home-manager
- migrate dconf to home-manager
-
Misc
[0/3]- Figure out how to get rid of xterm
DECLARATION
Here I will declare the dependencies and variables that I call multiple times through the config file, such as the current version of NixOS, repositories and even some scripts that I reuse on systemd configurations.
- version: used by both NixOS and home-manager to dictate the state repository from which to pull configurations, modules and packages.
- myEmail myName: used by git and acme
- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current CPU specifications.
- home-manager: the channel containing the packages matching the NixOS state version, with a commented out to the unstable master.
- unstable: a sort of overlay that allows to prepend "unstable" to a package, to pull from the unstable channel rather than precompiled binaries on a case by case use.
- nixGaming: a channel containing some tweaks and optimized packages for gaming.
- jawz*: scripts that will reuse multiple times through the config, such as on systemd, and as such this feels like a safe way to compile them only once.
{ config, lib, pkgs, ... }:
let
version = "23.11";
cpuArch = "x86_64-linux";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
cpuArchitecture = "znver3";
home-manager = builtins.fetchTarball
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball
"https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
};
nixGaming = import
(builtins.fetchTarball
"https://github.com/fufexan/nix-gaming/archive/master.tar.gz");
jawzTasks = pkgs.writeScriptBin
"tasks" (builtins.readFile ../scripts/tasks.sh);
in
{ # Remember to close this bracket at the end of the documentThese are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules once it becomes too cluttered, for example, I may create a module for systemd units.
- agenix: an encryption system which cleans up the nix-configuration files from
passwords and other secrets.
- pipewireLowLatency: better sound for games, but also, music sounds a bit less compressed, who knows, I'm half deaf.
imports = [
# <agenix/modules/age.nix>
./fstab.nix
(import "${home-manager}/nixos")
# nixGaming.nixosModules.pipewireLowLatency
];SYSTEM CONFIGURATION
NETWORKING
Sets sensible networking options, such as setting up a hostname, and creating a hosts file with the static IP and hostname of other devices on my network.
Also open ports on the firewall for LAN connectivity, and well keeping commented what each port does, I declared the firwewall ports with variables, because I don't care to figure out whether I need TCP or UDP so let's open both, and repetition is maddening.
networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "workstation";
networkmanager.enable = true;
extraHosts = ''
192.168.1.69 server
'';
firewall = let
openFirewallPorts = [
7860 # gpt
6674 # ns-usbloader
];
openFirewallPortRanges = [
{ from = 1714; to = 1764; } # kdeconnect
];
in
{
enable = true;
allowedTCPPorts = openFirewallPorts;
allowedUDPPorts = openFirewallPorts;
allowedTCPPortRanges = openFirewallPortRanges;
allowedUDPPortRanges = openFirewallPortRanges;
};
};TIMEZONE & LOCALE
For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date. LC_MONETARY, it's also a personal preference.
hardwareClockInLocalTime allows dual booting without the time getting messed up between boots.
time = {
timeZone = "America/Mexico_City";
hardwareClockInLocalTime = true;
};
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};SYSTEM/NIX CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix.
The version value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system.
Lastly I configure in here cachix repositories, which is a website that keeps a cache of nixbuilds for easy quick deployments without having to compile everything from scratch.
- gc: automatically garbage-collects.
- auto-optimise-store: hard-links binaries whenever possible.
- system-features: features present on compiling time.
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-${cpuArchitecture}"
"gccarch-skylake"
];
in {
gc = {
automatic = true;
dates = "weekly";
};
distributedBuilds = true;
settings = {
cores = 16;
auto-optimise-store = true;
trusted-users = [ "nixremote" ];
system-features = featuresList;
# experimental-features = [
# "nix-command" "flakes"
# ];
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
"https://ai.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
];
};
};GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for Wayland is not perfect yet. At the time being, the ability to switch through GDM from Wayland to XORG, it's pretty handy, but in the future these settings will require an update.
Sets up GNOME as the default desktop environment, while excluding some undesirable packages from installing.
Lastly, since there is not a dedicated customization module per-say I setup qt options in here, for the sake of gnome consistency.
services = {
xserver = {
videoDrivers = [ "nvidia" ];
enable = true;
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
};
layout = "us";
libinput.enable = true;
};
};
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
# gnome-shell-extensions
baobab
])
++ (with pkgs.gnome; [
# totem
gedit
gnome-music
epiphany
gnome-characters
yelp
gnome-font-viewer
# cheese
]);
# Sets up QT to use adwaita themes.
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita";
};SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable pulseaudio. This is a basic PipeWire configuration that can support alsa/pulse backends.
lowLatency is a module of nix-gaming, and hardware bluetooth settings are there to allegedly improve the quality of bluetooth in the system, to this day, bluetooth and I remain enemies.
sound.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# lowLatency = {
# enable = true;
# quantum = 64;
# rate = 48000;
# };
};
hardware.pulseaudio.enable = false;SECURITY
Disabled password in sudo for commodity, but this is obviously not recommended, regarding rkit, that setting enables pipewire to run with real-time capabilities. And lastly, the acme settings are for signing certificates.
The pam limits exists so NixOS can compile the entire system without running into "Too many files open" errors.
security = {
polkit.enable = true;
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};NIXPKGS SETTINGS
Allow non-free, sadly is a requirement for some of my drivers, besides that, here is a good place to declare some package overrides as well as permit unsafe packages.
localSystem allows me to compile the entire operating system optimized to my CPU architecture and other build flags.
note if using gcc.arch flags, comment out hostPlatform and viceversa.
nixpkgs = {
hostPlatform = lib.mkDefault cpuArch;
config = {
allowUnfree = true;
permittedInsecurePackages = [ ];
};
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
};NORMAL USERS
Being part of the "wheel" group, means that the user has root privileges. The piracy.gid is so I have read/write access permissions on all the hard drives split among my multiple systems, the rest of the groups are self explanatory.
users = {
groups = {
piracy.gid = 985;
nixremote.gid = 555;
};
users = {
nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
];
};
jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "scanner"
"lp" "piracy" "kavita" "video" "docker"
"libvirt" "rslsync"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIParbc033V2/yPsuhBQ8NPbnsEI/Ec0N4Lk6RJubTFfZ jawz@workstation"
];
};USER PACKAGES
This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.
Begin the block to install user packages.
packages = (with pkgs; [HUNSPELL
These dictionaries are compatible with Firefox, Doom Emacs and LibreOffice.
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.es_ES
hunspellDicts.en_CA-largeCUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the main draws of Linux for me.
# Themes
adw-gtk3
gnome.gnome-tweaks # tweaks for the gnome desktop environment
# gradience # theme customizer, allows you to modify adw-gtk3 themes
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
"ComicShannsMono" "OpenDyslexic"
"Ubuntu" "FiraCode" "Iosevka" ];
})
symbola
(papirus-icon-theme.override {
color = "adwaita";
})GUI PACKAGES
All of my GUI applications categorized to make it easier to identify what each application does, and the justification for is existence on my system.
ART AND DEVELOPMENT
Art and development applications are together, as a game-developer one of my goals is to create a workflow between this ecosystem of applications.
godot_4 # game development
unstable.gdtoolkit # gdscript language server
blender # cgi animation and sculpting
gimp # the coolest bestest art program to never exist
krita # art to your heart desire!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes
# drawpile # arty party with friends!!
pureref # create inspiration/reference boardsGAMING
So far gaming has been a lot less painful than I could have originally anticipated, most everything seems to run seamlessly.
Most packages on this section are set to unstable so we compile the newest possible binaries, which is handy mostly for frequently developed emulators.
I never figured out why, but lutris will give me wine errors unless both wine64 and wineWow are installed.
note Steam is setup way later on the config file.
note Roblox uninstalled as there is ongoing drama regarding Linux users.
wineWowPackages.stable
(lutris.override {
extraPkgs = pkgs: [
winetricks
wine64Packages.stable
wineWowPackages.stable
];
})
cartridges # games launcher
heroic # install epic games
gamemode # optimizes linux to have better gaming performance
# grapejuice # roblox manager
# minecraft # minecraft official launcher
protonup-qt # update proton-ge
ns-usbloader # load games into my switch
# emulators
rpcs3 # ps3 emulator
pcsx2 # ps2 emulator
cemu # wii u emulator
dolphin-emu # wii emulator
citra-nightly # 3Ds emulator
snes9x-gtk # snes emulatorPRODUCTIVITY
An assorted list of productivity-oriented apps which I will never use.
libreoffice # office, but based
calibre # ugly af eBook library manager
# foliate # gtk eBook reader
# newsflash # feed reader, syncs with nextcloud
# wike # gtk wikipedia wow!
# denaro # manage your finances
furtherance # I packaged this one tehee track time utility
gnome.simple-scan # scannerMISC
Most of these apps, are part of the gnome circle, and I decide to install them if just for a try and play a little. Most I keep commented out as an archive, so I remember their names in case I want to check them out or recommend them to someone.
blanket # background noise
pika-backup # backups
metadata-cleaner # remove any metadata and geolocation from files
# sequeler # friendly SQL client
# czkawka # duplicate finder
# celeste # sync tool for any cloud providerMULTIMEDIA
Overwhelmingly player applications, used for videos and music, while most of my consumption has moved towards jellyfin, it's still worth the install of most of these, for now.
easyeffects # equalizer
celluloid # video player
# cozy # audiobooks player
# hakuneko # manga & comic GUI downloader
# gnome-podcasts # podcast player
handbrake # video converter, may be unnecessary
curtail # image compressor
pitivi # video editor
identity # compare images or videos
gnome-obfuscate # censor private information
mousai # poor man shazam
tagger # tag music files
obs-studio # screen recorder & streamer
shortwave # listen to world radio
nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent clientWEB
Stuff that I use to interact with the web, web browsers, chats, download managers, etc.
protonmail-bridge # bridge for protonmail
firefox # web browser that allows to disable spyware
tor-browser-bundle-bin # dark web, so dark!
chromium # web browser with spyware included
telegram-desktop # furry chat
nicotine-plus # remember Ares?
vesktop
(pkgs.discord.override {
withOpenASAR = true;
# withVencord = true;
})
# hugo # website engineCOMMAND-LINE PACKAGES
cli and tui packages, which on their own right are as or more powerful than the packages on the previous section.
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility checker, somewhat useful
du-dust # rusty du similar to gdu
(ripgrep.override {withPCRE2 = true;}) # modern grep
trash-cli # oop! did not meant to delete that
eza # like ls but with colors
gocryptfs # encrypted filesystem! shhh!!!
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
imagemagick # photoshop what??
ffmpeg # not ffmpreg, the coolest video conversion tool!
torrenttools # create torrent files from the terminal!
vcsi # video thumbnails for torrents, can I replace it with ^?MY SCRIPTS
Here I compile my own scripts into binaries.
jawzTasks
(writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))DEVELOPMENT PACKAGES
Assorted development packages and libraries, categorized by languages.
# required (optionally) by doom emacs, but still are rather useful
tree-sitter # code parsing based on symbols and shit, I do not get it
graphviz # graphs
tetex
languagetool # proofreader for English
# these two are for doom everywhere
xorg.xwininfo
xdotool
xclip
tldr # man for retards
exercism # learn to code
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
pipenv # python development workflow for humans
(python3.withPackages (ps: with ps; [
# poetry # dependency management made easy
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
]))
# C# & Rust
# omnisharp-roslyn # c# linter and code formatter
# HASKELL
ghc # compiler
haskell-language-server # lsp
# DOCKER
dockfmt
# JS
nodejs # not as bad as I thought
# jq # lintingCUSTOM PYTHON SCRIPTS
Libraries & apps not found on the nix-store and scripts made by me.
]) ++ (with pkgs.python3Packages; [
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ tqdm ];
})NODEJS PACKAGES
Language servers and linters.
]) ++ (with pkgs.nodePackages; [
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package managerGNOME EXTENSIONS
The last line can is there to allow for the installation of gnome-extensions from the unstable channel.
]) ++ (with pkgs; [
# lm_sensors # for extension, displays cpu temp
libgda # for pano shell extension
]) ++ (with pkgs.gnomeExtensions; [
appindicator # applets for open applications
reading-strip # like putting a finger on every line I read
tactile # window manager
pano # clipboard manager
freon # hardware temperature monitor
# blur-my-shell # make the overview more visually appealing
# gamemode # I guess I'm a gamer now?
# burn-my-windows
# forge # window manager
# ]) ++ (with unstable.pkgs.gnomeExtensions; [CLOSE USER PACKAGES
]); }; }; };# <--- end of package listHOME-MANAGER
HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system.
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }:{
home.stateVersion = "${version}";DOTFILES
I opted out of using home-manager to declare my package environment, and instead I use it exclusively for setting up my dotfiles.
BASH
Declares my .bashrc file, and sets up some environment and functions.
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
cp = "cp -i";
mv = "mv -i";
mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
b = "bat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = "cd /mnt/pool/scrapping/JawZ/gallery-dl &&
xdg-open \"$(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique-extensions = "fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn";
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
NIXOSDIR=/home/jawz/Development/NixOS
nix-store --add-fixed sha256 $NIXOSDIR/scripts/PureRef-1.11.1_x64.Appimage
nixfmt $NIXOSDIR/workstation/*.nix
sudo unbuffer nixos-rebuild switch -I \
nixos-config=$NIXOSDIR/workstation/configuration.nix \
|& nom
}
'';
};XDG
Configurations for XDG directories, as well as installing dotfiles from the sub-directory on this repository.
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
"python/pythonrc".source = ../dotfiles/pythonrc;
};
};HOME-MANAGER PROGRAMS
Program declarations that are exclusive to home-manager, declaring packages this way allows for extra configuration and integration beyond installing the packages on the user environment, it's the only exception I make to installing packages through home-manager.
programs = {
emacs.enable = true;
helix = {
enable = true;
};
hstr.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};HOME-MANAGER USER-SERVICES
Lorri helps optimize emacs compilations, and the declaring emacs as a service through home-manager fixes the bug where emacs loads so quickly that can not connect to a graphic environment unless restarting the systemd service.
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = with pkgs; (
(emacsPackagesFor emacs-gtk).emacsWithPackages (
epkgs: [ epkgs.vterm ]
)
);
startWithUserSession = "graphical";
};
};CLOSING HOME-MANAGER
}; };ENVIRONMENT
These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging.
The environment.etc block allows for bluetooth devices to control volume, pause, and other things through the headset controls.
Declare environment variables whose function is to clear-up the $HOME directory from as much bloat as possible, as well as some minor graphical tweaks some applications use.
environment = {
etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
systemPackages = with pkgs; [
# virt-manager
docker-compose
wget
gwe
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="${XDG_DATA_HOME}/wine";
PYTHONSTARTUP="${XDG_CONFIG_HOME}/python/pythonrc";
STACK_ROOT="${XDG_DATA_HOME}/stack";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};
};PROGRAMS
Some programs get enabled and installed through here, as well as the activation of some services.
programs = {
starship.enable = true;
tmux.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
geary = {
enable = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
};SERVICES
Miscellaneous services, managed by systemd.
- avahi: allows to discover/connect to devices through their hostname on the same network.
- fstrim/btrfs: file-system services.
- psd: profile-sync-daemon, loads the Chrome/Firefox profile to ram.
services = {
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
};
avahi = {
enable = true;
nssmdns = true;
};
psd.enable = true;
smartd.enable = true;
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
};
};
resilio = {
deviceName = "chichis";
enable = true;
useUpnp = true;
enableWebUI = true;
httpPass = "528491";
httpLogin = "chichis";
httpListenPort = 9876;
httpListenAddr = "0.0.0.0";
directoryRoot = "/resilio";
};
};SYSTEMD
Home-manager, is not as flushed out when it comes to creating systemd units, so the best way to define them for now, is using nix.
systemd = {
services = { };
timers = { };
user = {
services = {
tasks = {
restartIfChanged = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzTasks
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
};
timers = {
tasks = {
enable = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
};
};FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don not care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
tip once that Wayland is ready for deployment, I probably can remove this
setting.
fonts.fontconfig.enable = true;HARDWARE
Computer-specific hardware settings. The power management settings default to "performance".
- nvidia: GPU drivers.
- sane: hp scanner drivers.
- cpu.amd: microcode patches.
- opentabletdriver: overrides the default generic nvidia drivers.
- opengl: required for gaming, as pug drivers as well as video acceleration.
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
};
};
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
sane = {
enable = true;
extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ];
};
opentabletdriver = {
enable = true;
daemon.enable = false;
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
nvidia-vaapi-driver
vaapiVdpau
libvdpau-va-gl
];
};
};VIRTUALISATION
Basic docker settings to be able to run some images, although most docker images run on my server.
On this section, you can also add virtual machines settings.
# programs.virt-manager.enable = true;
programs.dconf.enable = true; # virt-manager requires dconf to remember settings
virtualisation = {
libvirtd.enable = false;
docker = {
enable = true;
enableNvidia = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
};
};CLOSE SYSTEM
}