{ config, lib, pkgs, ... }: let hostName = "wlin001-nixos"; userName = "zulumann"; userDescription = "Henrik Lutzmann"; userDir = "/home/zulumann"; userEmail = "zulumann_70@gmx.de"; stateVersion = "24.11"; in { imports = [ ./hardware-configuration.nix ./config ]; # Bootloader boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; #loader.systemd-boot.consoleMode = "2"; loader.systemd-boot.editor = false; loader.systemd-boot.memtest86.enable = true; consoleLogLevel = 3; # silence ACPI "errors" (default is 4) plymouth.enable = true; tmp.useTmpfs = true; tmp.tmpfsSize = "50%"; # set to auto to dynamically grow tmp.cleanOnBoot = true; kernelPackages = pkgs.linuxPackages_latest; #kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod; # initrd.network.openvpn.enable = true; initrd.systemd.enable = true; }; # Enable Kernel same-page merging hardware.ksm.enable = true; # Enable networking networking ={ networkmanager.enable = true; networkmanager.plugins = with pkgs; [ networkmanager-openvpn ]; usePredictableInterfaceNames = false; hostName = "${hostName}"; }; # Set your time zone time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "de_DE.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; # Configure console console = { enable = true; earlySetup = true; font = "Lat2-Terminus16"; packages = with pkgs; [terminus_font]; keyMap = "de"; #useXkbConfig = true; # use xkb.options in tty. }; # Define a user account. Dont forget to set a password with passwd. users.users."${userName}" = { isNormalUser = true; description = "${userDescription}"; extraGroups = [ "networkmanager" "wheel" "audio" "video" ]; openssh.authorizedKeys.keyFiles = [ /etc/nixos/config/home/ssh/authorized_keys ]; packages = with pkgs; [ ]; }; # Enable Firmware hardware = { #enableAllFirmware = true; enableRedistributableFirmware = true; cpu.amd.updateMicrocode = true; #cpu.intel.updateMicrocode = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # Enable ZramSwap zramSwap = { enable = true; priority = 100; memoryPercent = 25; algorithm = "zstd"; }; # Automatic Upgrades system.autoUpgrade = { enable = false; allowReboot = false; channel = "https://channels.nixos.org/nixos-${stateVersion}"; }; # NixOS Settings documentation.nixos.enable = true; nix = { gc.automatic = true; gc.options = "--delete-older-than 7d"; optimise.automatic = true; optimise.dates = [ "weekly" ]; settings.auto-optimise-store = true; settings.cores = 4; # maximum number of concurrent tasks during one build settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel settings.sandbox = true; # perform builds in a sandboxed environment }; # Filesystems fileSystems."/run" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "size=6G" ]; # Adjust based on your preferences and needs }; # Fixed : better to use Dynamic fileSystems."/tmp" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "size=7G" ]; # Adjust based on your preferences and needs }; # No access time and continuous TRIM for SSD fileSystems."/".options = [ "noatime" "discard" ]; fileSystems."/home".options = [ "noatime" "discard" ]; fileSystems."${userDir}/VM-Image" = { device = "/dev/disk/by-uuid/3b47d34d-618a-4a33-9f65-cde6e0d6467e"; fsType = "ext4"; options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ]; }; # List services that you want to enable: services = { acpid.enable = true; ananicy.enable = true; #fwupd.enable = true; gvfs.enable = true; haveged.enable = true; preload.enable = true; udisks2.enable = true; }; # Enable OpenSSH services.openssh = { enable = true; openFirewall = true; settings.PermitRootLogin = "no"; settings.PasswordAuthentication = false; }; # Enable cron service services.cron = { enable = true; systemCronJobs = [ "@hourly ${userName} ${userDir}/.rsync-backup.sh" ]; }; # Enable sound with pipewire hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; #media-session.enable = true; }; # Enable Avahi services.avahi = { enable = true; openFirewall = true; nssmdns4 = true; publish = { enable = true; addresses = true; domain = true; hinfo = true; userServices = true; workstation = true; }; }; # Open ports in the firewall # netstat -ntulp networking.firewall = { enable = false; allowPing = true; logRefusedConnections = true; allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; allowedTCPPortRanges = [ ]; allowedUDPPortRanges = [ ]; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = true; system.stateVersion = "${stateVersion}"; }