{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./system
./packages
];
# Bootloader
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
#loader.systemd-boot.consoleMode = "2";
loader.systemd-boot.editor = false;
loader.systemd-boot.memtest86.enable = true;
consoleLogLevel = 3; # silence ACPI "errors" (default is 4)
plymouth.enable = true;
tmp.useTmpfs = true;
tmp.tmpfsSize = "50%"; # set to auto to dynamically grow
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
#kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod;
initrd.network.openvpn.enable = true;
};
# Enable Kernel same-page merging
hardware.ksm.enable = true;
# Enable networking
networking ={
networkmanager.enable = true;
networkmanager.plugins = with pkgs; [ networkmanager-openvpn ];
usePredictableInterfaceNames = false;
hostName = "wlin001-nixos";
};
#programs.nm-applet.enable = true;
#users.extraGroups.networkmanager.members = [ "root" "zulumann" ];
# Set your time zone
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure console keymap
console.keyMap = "de";
# Define a user account. Dont forget to set a password with passwd.
users.users.zulumann = {
isNormalUser = true;
description = "Henrik Lutzmann";
extraGroups = [ "networkmanager" "wheel" "audio" "video" ];
openssh.authorizedKeys.keyFiles = [ /etc/nixos/secrets/authorized_keys ];
packages = with pkgs; [ ];
};
# Enable Firmware
hardware = {
#enableAllFirmware = true;
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
#cpu.intel.updateMicrocode = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Enable ZramSwap
zramSwap = {
enable = true;
priority = 100;
memoryPercent = 25;
algorithm = "zstd";
};
# Automatic Upgrades
system.autoUpgrade = {
enable = false;
allowReboot = false;
channel = "https://channels.nixos.org/nixos-24.11";
};
# NixOS Settings
documentation.nixos.enable = true;
nix = {
gc.automatic = true;
gc.options = "--delete-older-than 7d";
optimise.automatic = true;
optimise.dates = [ "weekly" ];
settings.auto-optimise-store = true;
settings.cores = 4; # maximum number of concurrent tasks during one build
settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel
settings.sandbox = true; # perform builds in a sandboxed environment
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# Filesystems
fileSystems."/run" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=6G" ]; # Adjust based on your preferences and needs
};
# Fixed : better to use Dynamic
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=7G" ]; # Adjust based on your preferences and needs
};
# No access time and continuous TRIM for SSD
fileSystems."/".options = [ "noatime" "discard" ];
fileSystems."/home".options = [ "noatime" "discard" ];
fileSystems."/run/media/zulumann/HDD1.5TB" = {
device = "/dev/disk/by-uuid/58acb50a-9718-44fb-a7e6-199d7ef811d4";
fsType = "ext4";
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
fileSystems."/run/media/zulumann/HDD01" = {
device = "/dev/disk/by-uuid/31838396-c72f-4681-af5d-a2976459e28b";
fsType = "ext4";
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
fileSystems."/home/zulumann/VM-Image" = {
device = "/dev/disk/by-uuid/6a1bce14-88cb-4864-841e-2d384c8a853c";
fsType = "ext4";
options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
# List services that you want to enable:
services = {
acpid.enable = true;
ananicy.enable = true;
#fwupd.enable = true;
gvfs.enable = true;
haveged.enable = true;
preload.enable = true;
udisks2.enable = true;
#tumbler.enable = true;
};
# Enable OpenSSH
services.openssh = {
enable = true;
openFirewall = true;
settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false;
};
# Enable sound with pipewire
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
#media-session.enable = true;
};
# Enable Avahi
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
# Enable tmux
programs.tmux.enable = true;
# Setup bash
programs.bash = {
completion.enable = true;
enableLsColors = true;
shellAliases = {
set-default-boot="sudo /run/current-system/bin/switch-to-configuration boot";
full-system-clean="nix-collect-garbage -d && sudo nix-collect-garbage -d";
full-system-upgrade="sudo nixos-rebuild switch --upgrade && flatpak update -y && nix-env -u '*'";
list-system-configurations="ls -l /nix/var/nix/profiles/system-*-link";
system-rebuild="sudo nixos-rebuild switch";
system-repair="sudo nixos-rebuild switch --repair";
full-system-repair="sudo nix-store --verify --check-contents --repair";
system-upgrade-information="sudo nixos-rebuild switch --upgrade dry-build";
local-upgrade="sudo nix-channel --update nixpkgs && nix-env -u '*'";
};
};
environment.systemPackages = with pkgs; [
bash
bash-completion
bash-preexec
bashdb
bashSnippets
nix-bash-completions
tmux
];
# Open ports in the firewall
# netstat -ntulp
networking.firewall = {
enable = false;
allowPing = true;
logRefusedConnections = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
allowedTCPPortRanges = [ ];
allowedUDPPortRanges = [ ];
};
system.stateVersion = "24.11";
}