zulumann/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80068a528373382311d688786081b8ee711a91c5
NixOS/nixos_24.11_cinnamon/configuration.nix
zulumann 80068a5283 2025.06.02
2025-06-02 01:33:56 +02:00

225 lines
6.0 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
hostName = "wlin001-nixos";
userName = "zulumann";
userDescription = "Henrik Lutzmann";
userDir = "/home/zulumann";
userEmail = "zulumann_70@gmx.de";
stateVersion = "24.11";
in
{
imports = [
./hardware-configuration.nix
./config
];
# Bootloader
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
#loader.systemd-boot.consoleMode = "2";
loader.systemd-boot.editor = false;
loader.systemd-boot.memtest86.enable = true;
consoleLogLevel = 3; # silence ACPI "errors" (default is 4)
plymouth.enable = true;
tmp.useTmpfs = true;
tmp.tmpfsSize = "50%"; # set to auto to dynamically grow
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
#kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod;
# initrd.network.openvpn.enable = true;
initrd.systemd.enable = true;
};
# Enable Kernel same-page merging
hardware.ksm.enable = true;
# Enable networking
networking ={
networkmanager.enable = true;
networkmanager.plugins = with pkgs; [ networkmanager-openvpn ];
usePredictableInterfaceNames = false;
hostName = "${hostName}";
};
# Set your time zone
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure console
console = {
enable = true;
earlySetup = true;
font = "Lat2-Terminus16";
packages = with pkgs; [terminus_font];
keyMap = "de";
#useXkbConfig = true; # use xkb.options in tty.
};
# Define a user account. Dont forget to set a password with passwd.
users.users."${userName}" = {
isNormalUser = true;
description = "${userDescription}";
extraGroups = [ "networkmanager" "wheel" "audio" "video" ];
openssh.authorizedKeys.keyFiles = [ /etc/nixos/config/home/ssh/authorized_keys ];
packages = with pkgs; [ ];
};
# Enable Firmware
hardware = {
#enableAllFirmware = true;
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
#cpu.intel.updateMicrocode = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Enable ZramSwap
zramSwap = {
enable = true;
priority = 100;
memoryPercent = 25;
algorithm = "zstd";
};
# Automatic Upgrades
system.autoUpgrade = {
enable = false;
allowReboot = false;
channel = "https://channels.nixos.org/nixos-${stateVersion}";
};
# NixOS Settings
documentation.nixos.enable = true;
nix = {
gc.automatic = true;
gc.options = "--delete-older-than 7d";
optimise.automatic = true;
optimise.dates = [ "weekly" ];
settings.auto-optimise-store = true;
settings.cores = 4; # maximum number of concurrent tasks during one build
settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel
settings.sandbox = true; # perform builds in a sandboxed environment
};
# Filesystems
fileSystems."/run" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=6G" ]; # Adjust based on your preferences and needs
};
# Fixed : better to use Dynamic
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=7G" ]; # Adjust based on your preferences and needs
};
# No access time and continuous TRIM for SSD
fileSystems."/".options = [ "noatime" "discard" ];
fileSystems."/home".options = [ "noatime" "discard" ];
fileSystems."${userDir}/VM-Image" = {
device = "/dev/disk/by-uuid/3b47d34d-618a-4a33-9f65-cde6e0d6467e";
fsType = "ext4";
options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
# List services that you want to enable:
services = {
acpid.enable = true;
ananicy.enable = true;
#fwupd.enable = true;
gvfs.enable = true;
haveged.enable = true;
preload.enable = true;
udisks2.enable = true;
};
# Enable OpenSSH
services.openssh = {
enable = true;
openFirewall = true;
settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false;
};
# Enable cron service
services.cron = {
enable = true;
systemCronJobs = [ "@hourly ${userName} ${userDir}/.rsync-backup.sh" ];
};
# Enable sound with pipewire
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
#media-session.enable = true;
};
# Enable Avahi
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
# Open ports in the firewall
# netstat -ntulp
networking.firewall = {
enable = false;
allowPing = true;
logRefusedConnections = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
allowedTCPPortRanges = [ ];
allowedUDPPortRanges = [ ];
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
system.stateVersion = "${stateVersion}";
}
Reference in New Issue View Git Blame Copy Permalink