hosts/wyndle/configuration.nix (view raw)
1{ self, config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ];
8
9 boot = {
10 loader.systemd-boot.enable = true;
11 loader.systemd-boot.consoleMode = "max";
12 loader.efi.canTouchEfiVariables = true;
13 kernel.sysctl."net.ipv4.ip_forward" = 1;
14 resumeDevice = "/dev/nvme0n1p2";
15 kernelPackages = pkgs.linuxPackages_latest;
16 kernelModules = [ "i2c-dev" ];
17 };
18
19 boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ];
20 boot.extraModprobeConfig = ''
21 blacklist nouveau
22 options nouveau modeset=0
23 '';
24
25 networking = {
26 nameservers = [ "8.8.8.8" "8.8.4.4" ];
27 networkmanager.enable = true;
28 hostName = "wyndle";
29 useDHCP = false;
30 interfaces.wlp6s0.useDHCP = true;
31 firewall.checkReversePath = "loose";
32 };
33
34 i18n.defaultLocale = "en_US.UTF-8";
35 i18n.inputMethod = {
36 enabled = "ibus";
37 };
38 time.timeZone = "Europe/Helsinki";
39
40 nixpkgs.config = {
41 allowUnfree = true;
42 allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
43 "steam"
44 "steam-original"
45 "steam-runtime"
46 ];
47 st = {
48 conf = builtins.readFile ../../programs/st/config.h;
49 extraLibs = with pkgs; [ harfbuzz ];
50 patches = [
51 ../../patches/st/xres.diff
52 ../../patches/st/bright.diff
53 ../../patches/st/ligatures.diff
54 ];
55 };
56 chromium = {
57 commandLineArgs = "--ozone-platform=wayland";
58 };
59 firefox.enablePlasmaBrowserIntegration = true;
60 };
61
62 nixpkgs.overlays = with self.overlays; [
63 prompt
64 customPkgs
65 ];
66
67 environment = {
68 sessionVariables = rec {
69 NIXOS_OZONE_WL = "1";
70 };
71 variables = {
72 MOZ_USE_XINPUT2 = "1";
73 GDK_SCALE = "2";
74 GDK_DPI_SCALE = "1";
75 };
76 systemPackages = with pkgs; [
77 man-pages
78 git
79 man-pages-posix
80 (lib.hiPrio pkgs.bashInteractive_5)
81 ];
82 gnome.excludePackages = (with pkgs; [
83 gnome-photos
84 gnome-tour
85 ]) ++ (with pkgs.gnome; [
86 cheese
87 epiphany
88 geary
89 totem
90 ]);
91 };
92
93 documentation = {
94 dev.enable = true;
95 man.generateCaches = true;
96 };
97
98 users.motd = with config; ''
99 Host ${networking.hostName}
100 OS NixOS ${system.nixos.release} (${system.nixos.codeName})
101 Version ${system.nixos.version}
102 Kernel ${boot.kernelPackages.kernel.version}
103 '';
104
105 console = {
106 font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
107 keyMap = "us";
108 };
109
110 hardware = {
111 bluetooth = {
112 enable = true;
113 powerOnBoot = true;
114 disabledPlugins = [ "sap" ];
115 };
116 nvidia.prime = {
117 offload.enable = false;
118 amdgpuBusId = "PCI:8:0:0";
119 nvidiaBusId = "PCI:1:0:0";
120 };
121 logitech.wireless = {
122 enable = true;
123 enableGraphical = true;
124 };
125 };
126
127 services = {
128 asusd = {
129 enable = true;
130 enableUserService = true;
131 };
132 supergfxd = {
133 enable = true;
134 settings = {
135 mode = "integrated";
136 vfio_enable = false;
137 vfio_save = false;
138 always_reboot = true;
139 no_logind = false;
140 logout_timeout_s = 180;
141 };
142
143 };
144 pipewire = {
145 enable = true;
146 wireplumber.enable = true;
147 alsa.enable = true;
148 alsa.support32Bit = true;
149 pulse.enable = true;
150 };
151 xserver = {
152 enable = true;
153 xkb.layout = "us";
154 desktopManager.gnome.enable = true;
155 displayManager.gdm.enable = true;
156 dpi = 192;
157 videoDrivers = [ "amdgpu" ];
158 screenSection = ''
159 Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
160 Option "AllowIndirectGLXProtocol" "off"
161 Option "TripleBuffer" "on"
162 '';
163 };
164
165 libinput = {
166 enable = true;
167 mouse = {
168 scrollButton = 8;
169 scrollMethod = "button";
170 };
171 };
172
173 ddccontrol.enable = true;
174 tailscale.enable = true;
175 # 1. chmod for rootless backligh1t
176 # 2. lotus58 bootloader mode for rootless qmk flashing
177 udev = {
178 extraRules = ''
179 ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="amdgpu_bl1", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
180 ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
181 KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
182
183 # Remove NVIDIA USB xHCI Host Controller devices, if present
184 ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
185 # Remove NVIDIA USB Type-C UCSI devices, if present
186 ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
187 # Remove NVIDIA Audio devices, if present
188 ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
189 # Remove NVIDIA VGA/3D controller devices
190 ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
191 '';
192 extraHwdb = ''
193 evdev:input:b0003v0B05p19B6*
194 KEYBOARD_KEY_ff31007c=f20 # x11 mic-mute
195 '';
196 path = [
197 pkgs.coreutils
198 ];
199 };
200 logind.extraConfig = ''
201 HandlePowerKey=hibernate
202 '';
203
204 keyd = {
205 enable = true;
206 keyboards.default = {
207 ids = [ "*" ];
208 extraConfig = ''
209 [main]
210 capslock = overload(capslock, rightalt)
211 leftmeta = layer(meta_mac)
212 rightmeta = layer(meta_mac)
213 leftalt = layer(option_mac)
214 rightalt = layer(option_mac)
215
216 [capslock]
217 h = left
218 j = down
219 k = up
220 l = right
221
222 # Activates when both capslock and shift is pressed
223 [capslock+shift]
224 h = C-left
225 j = C-down
226 k = C-up
227 l = C-right
228
229 # macOS style bindings
230 [meta_mac:M]
231 l = C-l
232 a = C-a
233 t = C-t
234 w = C-w
235 f = C-f
236 c = C-c
237 v = C-v
238 backspace = C-backspace
239
240 [option_mac:A]
241 backspace = C-backspace
242 '';
243 };
244 };
245 pcscd.enable = true;
246 };
247
248 virtualisation.docker = {
249 enable = true;
250 logDriver = "json-file";
251 extraOptions = ''
252 --insecure-registry "http://sini:5000"
253 '';
254 };
255
256 security = {
257 doas.enable = true;
258 sudo.enable = true;
259 doas.extraConfig = ''
260 permit nopass :wheel
261 '';
262 doas.extraRules = [{
263 users = [ "icy" ];
264 }];
265 pki.certificateFiles = [ ./ca.crt ];
266 };
267
268 powerManagement = {
269 enable = true;
270 powertop.enable = true;
271 };
272
273 users.users.icy = {
274 isNormalUser = true;
275 extraGroups = [ "wheel" "docker" "audio" "video" "dialout" "i2c" ];
276 };
277
278 programs = {
279 steam.enable = true;
280 gamemode.enable = true;
281 };
282
283 nix = {
284 package = pkgs.nixVersions.stable;
285 extraOptions = ''
286 experimental-features = nix-command flakes ca-derivations
287 warn-dirty = false
288 keep-outputs = false
289 '';
290 settings = {
291 trusted-users = [
292 "root"
293 "icy"
294 ];
295 };
296 };
297
298 # https://github.com/NixOS/nixpkgs/issues/180175
299 systemd.services.systemd-udevd.restartIfChanged = false;
300 systemd.services.NetworkManager-wait-online.enable = lib.mkForce
301 false;
302
303
304 # This value determines the NixOS release from which the default
305 # settings for stateful data, like file locations and database versions
306 # on your system were taken. It‘s perfectly fine and recommended to leave
307 # this value at the release version of the first install of this system.
308 # Before changing this value read the documentation for this option
309 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
310 system.stateVersion = "21.11"; # Did you read the comment?
311
312}
313