all repos — dotfiles @ ae310e4781a30287d3e01a0a1431ffd9d1eb38a3

my *nix dotfiles

hosts/wyndle/configuration.nix (view raw)

  1{ self, config, pkgs, lib, ... }:
  2
  3{
  4  imports =
  5    [
  6      ./hardware-configuration.nix
  7    ];
  8
  9  boot = {
 10    loader.systemd-boot.enable = true;
 11    loader.systemd-boot.consoleMode = "max";
 12    loader.efi.canTouchEfiVariables = true;
 13    kernel.sysctl."net.ipv4.ip_forward" = 1;
 14    resumeDevice = "/dev/nvme0n1p2";
 15    kernelPackages = pkgs.linuxPackages_latest;
 16    kernelModules = [ "i2c-dev" ];
 17  };
 18
 19  boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ];
 20  boot.extraModprobeConfig = ''
 21    blacklist nouveau
 22    options nouveau modeset=0
 23  '';
 24
 25  networking = {
 26    nameservers = [ "8.8.8.8" "8.8.4.4" ];
 27    networkmanager.enable = true;
 28    hostName = "wyndle";
 29    useDHCP = false;
 30    interfaces.wlp6s0.useDHCP = true;
 31    firewall.checkReversePath = "loose";
 32  };
 33
 34  i18n.defaultLocale = "en_US.UTF-8";
 35  i18n.inputMethod = {
 36    enabled = "ibus";
 37  };
 38  time.timeZone = "Europe/Helsinki";
 39
 40  nixpkgs.config = {
 41    allowUnfree = true;
 42    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
 43      "steam"
 44      "steam-original"
 45      "steam-runtime"
 46    ];
 47    st = {
 48      conf = builtins.readFile ../../programs/st/config.h;
 49      extraLibs = with pkgs; [ harfbuzz ];
 50      patches = [
 51        ../../patches/st/xres.diff
 52        ../../patches/st/bright.diff
 53        ../../patches/st/ligatures.diff
 54      ];
 55    };
 56    chromium = {
 57      commandLineArgs = "--ozone-platform=wayland";
 58    };
 59    firefox.enablePlasmaBrowserIntegration = true;
 60  };
 61
 62  nixpkgs.overlays = with self.overlays; [
 63    prompt
 64    customPkgs
 65  ];
 66
 67  environment = {
 68    sessionVariables = rec {
 69      NIXOS_OZONE_WL = "1";
 70    };
 71    variables = {
 72      MOZ_USE_XINPUT2 = "1";
 73      GDK_SCALE = "2";
 74      GDK_DPI_SCALE = "1";
 75    };
 76    systemPackages = with pkgs; [
 77      man-pages
 78      git
 79      man-pages-posix
 80      (lib.hiPrio pkgs.bashInteractive_5)
 81    ];
 82    gnome.excludePackages = (with pkgs; [
 83      gnome-photos
 84      gnome-tour
 85    ]) ++ (with pkgs.gnome; [
 86      cheese
 87      epiphany
 88      geary
 89      totem
 90    ]);
 91  };
 92
 93  documentation = {
 94    dev.enable = true;
 95    man.generateCaches = true;
 96  };
 97
 98  users.motd = with config; ''
 99    Host       ${networking.hostName}
100    OS         NixOS ${system.nixos.release} (${system.nixos.codeName})
101    Version    ${system.nixos.version}
102    Kernel     ${boot.kernelPackages.kernel.version}
103  '';
104
105  console = {
106    font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
107    keyMap = "us";
108  };
109
110  hardware = {
111    bluetooth = {
112      enable = true;
113      powerOnBoot = true;
114      disabledPlugins = [ "sap" ];
115    };
116    nvidia.prime = {
117      offload.enable = false;
118      amdgpuBusId = "PCI:8:0:0";
119      nvidiaBusId = "PCI:1:0:0";
120    };
121    logitech.wireless = {
122      enable = true;
123      enableGraphical = true;
124    };
125  };
126
127  services = {
128    asusd = {
129      enable = true;
130      enableUserService = true;
131    };
132    supergfxd = {
133      enable = true;
134      settings = {
135        mode = "integrated";
136        vfio_enable = false;
137        vfio_save = false;
138        always_reboot = true;
139        no_logind = false;
140        logout_timeout_s = 180;
141      };
142
143    };
144    pipewire = {
145      enable = true;
146      wireplumber.enable = true;
147      alsa.enable = true;
148      alsa.support32Bit = true;
149      pulse.enable = true;
150    };
151    xserver = {
152      enable = true;
153      xkb.layout = "us";
154      desktopManager.gnome.enable = true;
155      displayManager.gdm.enable = true;
156      dpi = 192;
157      videoDrivers = [ "amdgpu" ];
158      screenSection = ''
159        Option         "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
160        Option         "AllowIndirectGLXProtocol" "off"
161        Option         "TripleBuffer" "on"
162      '';
163    };
164
165    libinput = {
166      enable = true;
167      mouse = {
168        scrollButton = 8;
169        scrollMethod = "button";
170      };
171    };
172
173    ddccontrol.enable = true;
174    tailscale.enable = true;
175    # 1. chmod for rootless backligh1t
176    # 2. lotus58 bootloader mode for rootless qmk flashing
177    udev = {
178      extraRules = ''
179        ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="amdgpu_bl1", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
180        ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
181        KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
182
183        # Remove NVIDIA USB xHCI Host Controller devices, if present
184        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
185        # Remove NVIDIA USB Type-C UCSI devices, if present
186        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
187        # Remove NVIDIA Audio devices, if present
188        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
189        # Remove NVIDIA VGA/3D controller devices
190        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
191      '';
192      extraHwdb = ''
193        evdev:input:b0003v0B05p19B6*
194          KEYBOARD_KEY_ff31007c=f20 # x11 mic-mute
195      '';
196      path = [
197        pkgs.coreutils
198      ];
199    };
200    logind.extraConfig = ''
201      HandlePowerKey=hibernate
202    '';
203
204    keyd = {
205      enable = true;
206      keyboards.default = {
207        ids = [ "*" ];
208        extraConfig = ''
209          [main]
210          capslock = overload(capslock, rightalt)
211          leftmeta = layer(meta_mac)
212          rightmeta = layer(meta_mac)
213          leftalt = layer(option_mac)
214          rightalt = layer(option_mac)
215
216          [capslock]
217          h = left
218          j = down
219          k = up
220          l = right
221
222          # Activates when both capslock and shift is pressed
223          [capslock+shift]
224          h = C-left
225          j = C-down
226          k = C-up
227          l = C-right
228
229          # macOS style bindings
230          [meta_mac:M]
231          l = C-l
232          a = C-a
233          t = C-t
234          w = C-w
235          f = C-f
236          c = C-c
237          v = C-v
238          backspace = C-backspace
239
240          [option_mac:A]
241          backspace = C-backspace
242        '';
243      };
244    };
245    pcscd.enable = true;
246  };
247
248  virtualisation.docker = {
249    enable = true;
250    logDriver = "json-file";
251    extraOptions = ''
252      --insecure-registry "http://sini:5000"
253    '';
254  };
255
256  security = {
257    doas.enable = true;
258    sudo.enable = true;
259    doas.extraConfig = ''
260      permit nopass :wheel
261    '';
262    doas.extraRules = [{
263      users = [ "icy" ];
264    }];
265    pki.certificateFiles = [ ./ca.crt ];
266  };
267
268  powerManagement = {
269    enable = true;
270    powertop.enable = true;
271  };
272
273  users.users.icy = {
274    isNormalUser = true;
275    extraGroups = [ "wheel" "docker" "audio" "video" "dialout" "i2c" ];
276  };
277
278  programs = {
279    steam.enable = true;
280    gamemode.enable = true;
281  };
282
283  nix = {
284    package = pkgs.nixVersions.stable;
285    extraOptions = ''
286      experimental-features = nix-command flakes ca-derivations
287      warn-dirty = false
288      keep-outputs = false
289    '';
290    settings = {
291      trusted-users = [
292        "root"
293        "icy"
294      ];
295    };
296  };
297
298  # https://github.com/NixOS/nixpkgs/issues/180175
299  systemd.services.systemd-udevd.restartIfChanged = false;
300  systemd.services.NetworkManager-wait-online.enable = lib.mkForce
301    false;
302
303
304  # This value determines the NixOS release from which the default
305  # settings for stateful data, like file locations and database versions
306  # on your system were taken. It‘s perfectly fine and recommended to leave
307  # this value at the release version of the first install of this system.
308  # Before changing this value read the documentation for this option
309  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
310  system.stateVersion = "21.11"; # Did you read the comment?
311
312}
313