250 lines
7.0 KiB
Nix
250 lines
7.0 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./system
|
|
./packages
|
|
];
|
|
|
|
# Bootloader
|
|
boot = {
|
|
loader.systemd-boot.enable = true;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
#loader.systemd-boot.consoleMode = "2";
|
|
loader.systemd-boot.editor = false;
|
|
loader.systemd-boot.memtest86.enable = true;
|
|
|
|
consoleLogLevel = 3; # silence ACPI "errors" (default is 4)
|
|
plymouth.enable = true;
|
|
tmp.useTmpfs = true;
|
|
tmp.tmpfsSize = "50%"; # set to auto to dynamically grow
|
|
tmp.cleanOnBoot = true;
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
#kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod;
|
|
initrd.network.openvpn.enable = true;
|
|
};
|
|
|
|
# Enable Kernel same-page merging
|
|
hardware.ksm.enable = true;
|
|
|
|
# Enable networking
|
|
networking ={
|
|
networkmanager.enable = true;
|
|
networkmanager.plugins = with pkgs; [ networkmanager-openvpn ];
|
|
usePredictableInterfaceNames = false;
|
|
hostName = "wlin001-nixos";
|
|
};
|
|
|
|
#programs.nm-applet.enable = true;
|
|
|
|
#users.extraGroups.networkmanager.members = [ "root" "zulumann" ];
|
|
|
|
# Set your time zone
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "de_DE.UTF-8";
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "de_DE.UTF-8";
|
|
LC_IDENTIFICATION = "de_DE.UTF-8";
|
|
LC_MEASUREMENT = "de_DE.UTF-8";
|
|
LC_MONETARY = "de_DE.UTF-8";
|
|
LC_NAME = "de_DE.UTF-8";
|
|
LC_NUMERIC = "de_DE.UTF-8";
|
|
LC_PAPER = "de_DE.UTF-8";
|
|
LC_TELEPHONE = "de_DE.UTF-8";
|
|
LC_TIME = "de_DE.UTF-8";
|
|
};
|
|
|
|
# Configure console keymap
|
|
console.keyMap = "de";
|
|
|
|
# Define a user account. Dont forget to set a password with passwd.
|
|
users.users.zulumann = {
|
|
isNormalUser = true;
|
|
description = "Henrik Lutzmann";
|
|
extraGroups = [ "networkmanager" "wheel" "audio" "video" ];
|
|
openssh.authorizedKeys.keyFiles = [ /etc/nixos/secrets/authorized_keys ];
|
|
packages = with pkgs; [ ];
|
|
};
|
|
|
|
# Enable Firmware
|
|
hardware = {
|
|
#enableAllFirmware = true;
|
|
enableRedistributableFirmware = true;
|
|
cpu.amd.updateMicrocode = true;
|
|
#cpu.intel.updateMicrocode = true;
|
|
};
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
programs.mtr.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
# Enable ZramSwap
|
|
zramSwap = {
|
|
enable = true;
|
|
priority = 100;
|
|
memoryPercent = 25;
|
|
algorithm = "zstd";
|
|
};
|
|
|
|
# Automatic Upgrades
|
|
system.autoUpgrade = {
|
|
enable = false;
|
|
allowReboot = false;
|
|
channel = "https://channels.nixos.org/nixos-24.11";
|
|
};
|
|
|
|
# NixOS Settings
|
|
documentation.nixos.enable = true;
|
|
nix = {
|
|
gc.automatic = true;
|
|
gc.options = "--delete-older-than 7d";
|
|
optimise.automatic = true;
|
|
optimise.dates = [ "weekly" ];
|
|
settings.auto-optimise-store = true;
|
|
settings.cores = 4; # maximum number of concurrent tasks during one build
|
|
settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel
|
|
settings.sandbox = true; # perform builds in a sandboxed environment
|
|
};
|
|
|
|
# Copy the NixOS configuration file and link it from the resulting system
|
|
# (/run/current-system/configuration.nix). This is useful in case you
|
|
# accidentally delete configuration.nix.
|
|
system.copySystemConfiguration = true;
|
|
|
|
# Filesystems
|
|
fileSystems."/run" = {
|
|
device = "tmpfs";
|
|
fsType = "tmpfs";
|
|
options = [ "size=6G" ]; # Adjust based on your preferences and needs
|
|
};
|
|
|
|
# Fixed : better to use Dynamic
|
|
fileSystems."/tmp" = {
|
|
device = "tmpfs";
|
|
fsType = "tmpfs";
|
|
options = [ "size=7G" ]; # Adjust based on your preferences and needs
|
|
};
|
|
|
|
# No access time and continuous TRIM for SSD
|
|
fileSystems."/".options = [ "noatime" "discard" ];
|
|
fileSystems."/home".options = [ "noatime" "discard" ];
|
|
|
|
fileSystems."/run/media/zulumann/HDD1.5TB" = {
|
|
device = "/dev/disk/by-uuid/58acb50a-9718-44fb-a7e6-199d7ef811d4";
|
|
fsType = "ext4";
|
|
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
|
|
};
|
|
|
|
fileSystems."/run/media/zulumann/HDD01" = {
|
|
device = "/dev/disk/by-uuid/31838396-c72f-4681-af5d-a2976459e28b";
|
|
fsType = "ext4";
|
|
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
|
|
};
|
|
|
|
fileSystems."/home/zulumann/VM-Image" = {
|
|
device = "/dev/disk/by-uuid/6a1bce14-88cb-4864-841e-2d384c8a853c";
|
|
fsType = "ext4";
|
|
options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ];
|
|
};
|
|
|
|
# List services that you want to enable:
|
|
services = {
|
|
acpid.enable = true;
|
|
ananicy.enable = true;
|
|
#fwupd.enable = true;
|
|
gvfs.enable = true;
|
|
haveged.enable = true;
|
|
preload.enable = true;
|
|
udisks2.enable = true;
|
|
#tumbler.enable = true;
|
|
};
|
|
|
|
# Enable OpenSSH
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings.PermitRootLogin = "no";
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
# Enable sound with pipewire
|
|
hardware.pulseaudio.enable = false;
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
jack.enable = true;
|
|
#media-session.enable = true;
|
|
};
|
|
|
|
# Enable Avahi
|
|
services.avahi = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
nssmdns4 = true;
|
|
publish = {
|
|
enable = true;
|
|
addresses = true;
|
|
domain = true;
|
|
hinfo = true;
|
|
userServices = true;
|
|
workstation = true;
|
|
};
|
|
};
|
|
|
|
# Enable tmux
|
|
programs.tmux.enable = true;
|
|
|
|
# Setup bash
|
|
programs.bash = {
|
|
completion.enable = true;
|
|
enableLsColors = true;
|
|
shellAliases = {
|
|
set-default-boot="sudo /run/current-system/bin/switch-to-configuration boot";
|
|
full-system-clean="nix-collect-garbage -d && sudo nix-collect-garbage -d";
|
|
full-system-upgrade="sudo nixos-rebuild switch --upgrade && flatpak update -y && nix-env -u '*'";
|
|
list-system-configurations="ls -l /nix/var/nix/profiles/system-*-link";
|
|
system-rebuild="sudo nixos-rebuild switch";
|
|
system-repair="sudo nixos-rebuild switch --repair";
|
|
full-system-repair="sudo nix-store --verify --check-contents --repair";
|
|
system-upgrade-information="sudo nixos-rebuild switch --upgrade dry-build";
|
|
local-upgrade="sudo nix-channel --update nixpkgs && nix-env -u '*'";
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
bash
|
|
bash-completion
|
|
bash-preexec
|
|
bashdb
|
|
bashSnippets
|
|
nix-bash-completions
|
|
tmux
|
|
];
|
|
|
|
# Open ports in the firewall
|
|
# netstat -ntulp
|
|
networking.firewall = {
|
|
enable = false;
|
|
allowPing = true;
|
|
logRefusedConnections = true;
|
|
allowedTCPPorts = [ ];
|
|
allowedUDPPorts = [ ];
|
|
allowedTCPPortRanges = [ ];
|
|
allowedUDPPortRanges = [ ];
|
|
};
|
|
|
|
system.stateVersion = "24.11";
|
|
|
|
}
|