{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./system ./packages ]; # Bootloader boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; #loader.systemd-boot.consoleMode = "2"; loader.systemd-boot.editor = false; loader.systemd-boot.memtest86.enable = true; consoleLogLevel = 3; # silence ACPI "errors" (default is 4) plymouth.enable = true; tmp.useTmpfs = true; tmp.tmpfsSize = "50%"; # set to auto to dynamically grow tmp.cleanOnBoot = true; kernelPackages = pkgs.linuxPackages_latest; #kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod; initrd.network.openvpn.enable = true; }; # Enable Kernel same-page merging hardware.ksm.enable = true; # Enable networking networking ={ networkmanager.enable = true; networkmanager.plugins = with pkgs; [ networkmanager-openvpn ]; usePredictableInterfaceNames = false; hostName = "wlin001-nixos"; }; #programs.nm-applet.enable = true; #users.extraGroups.networkmanager.members = [ "root" "zulumann" ]; # Set your time zone time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "de_DE.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; # Configure console keymap console.keyMap = "de"; # Define a user account. Dont forget to set a password with passwd. users.users.zulumann = { isNormalUser = true; description = "Henrik Lutzmann"; extraGroups = [ "networkmanager" "wheel" "audio" "video" ]; openssh.authorizedKeys.keyFiles = [ /etc/nixos/secrets/authorized_keys ]; packages = with pkgs; [ ]; }; # Enable Firmware hardware = { #enableAllFirmware = true; enableRedistributableFirmware = true; cpu.amd.updateMicrocode = true; #cpu.intel.updateMicrocode = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # Enable ZramSwap zramSwap = { enable = true; priority = 100; memoryPercent = 25; algorithm = "zstd"; }; # Automatic Upgrades system.autoUpgrade = { enable = false; allowReboot = false; channel = "https://channels.nixos.org/nixos-24.11"; }; # NixOS Settings documentation.nixos.enable = true; nix = { gc.automatic = true; gc.options = "--delete-older-than 7d"; optimise.automatic = true; optimise.dates = [ "weekly" ]; settings.auto-optimise-store = true; settings.cores = 4; # maximum number of concurrent tasks during one build settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel settings.sandbox = true; # perform builds in a sandboxed environment }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = true; # Filesystems fileSystems."/run" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "size=6G" ]; # Adjust based on your preferences and needs }; # Fixed : better to use Dynamic fileSystems."/tmp" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "size=7G" ]; # Adjust based on your preferences and needs }; # No access time and continuous TRIM for SSD fileSystems."/".options = [ "noatime" "discard" ]; fileSystems."/home".options = [ "noatime" "discard" ]; fileSystems."/run/media/zulumann/HDD1.5TB" = { device = "/dev/disk/by-uuid/58acb50a-9718-44fb-a7e6-199d7ef811d4"; fsType = "ext4"; options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ]; }; fileSystems."/run/media/zulumann/HDD01" = { device = "/dev/disk/by-uuid/31838396-c72f-4681-af5d-a2976459e28b"; fsType = "ext4"; options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ]; }; fileSystems."/home/zulumann/VM-Image" = { device = "/dev/disk/by-uuid/6a1bce14-88cb-4864-841e-2d384c8a853c"; fsType = "ext4"; options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ]; }; # List services that you want to enable: services = { acpid.enable = true; ananicy.enable = true; #fwupd.enable = true; gvfs.enable = true; haveged.enable = true; preload.enable = true; udisks2.enable = true; #tumbler.enable = true; }; # Enable OpenSSH services.openssh = { enable = true; openFirewall = true; settings.PermitRootLogin = "no"; settings.PasswordAuthentication = false; }; # Enable sound with pipewire hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; #media-session.enable = true; }; # Enable Avahi services.avahi = { enable = true; openFirewall = true; nssmdns4 = true; publish = { enable = true; addresses = true; domain = true; hinfo = true; userServices = true; workstation = true; }; }; # Enable tmux programs.tmux.enable = true; # Setup bash programs.bash = { completion.enable = true; enableLsColors = true; shellAliases = { set-default-boot="sudo /run/current-system/bin/switch-to-configuration boot"; full-system-clean="nix-collect-garbage -d && sudo nix-collect-garbage -d"; full-system-upgrade="sudo nixos-rebuild switch --upgrade && flatpak update -y && nix-env -u '*'"; list-system-configurations="ls -l /nix/var/nix/profiles/system-*-link"; system-rebuild="sudo nixos-rebuild switch"; system-repair="sudo nixos-rebuild switch --repair"; full-system-repair="sudo nix-store --verify --check-contents --repair"; system-upgrade-information="sudo nixos-rebuild switch --upgrade dry-build"; local-upgrade="sudo nix-channel --update nixpkgs && nix-env -u '*'"; }; }; environment.systemPackages = with pkgs; [ bash bash-completion bash-preexec bashdb bashSnippets nix-bash-completions tmux ]; # Open ports in the firewall # netstat -ntulp networking.firewall = { enable = false; allowPing = true; logRefusedConnections = true; allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; allowedTCPPortRanges = [ ]; allowedUDPPortRanges = [ ]; }; system.stateVersion = "24.11"; }