dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom
dots / moonlark / configuration.nix
at a5718841baf50f3ac42afe6c6da1d916d17fb0ce 7.7 kB view raw
1 2# This is your system's configuration file. 3# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) 4{ 5 inputs, 6 lib, 7 config, 8 pkgs, 9 ... 10}: { 11 # You can import other NixOS modules here 12 imports = [ 13 # If you want to use modules from other flakes (such as nixos-hardware): 14 inputs.hardware.nixosModules.framework-11th-gen-intel 15 16 # Import your generated (nixos-generate-config) hardware configuration 17 ./hardware-configuration.nix 18 19 # Import home-manager's configuration 20 ./home-manager.nix 21 22 # Import disko's configuration 23 ./disk-config.nix 24 25 # hpyrland config 26 # ./hyprland 27 28 ./pam.nix 29 30 # tuigreet 31 ./greetd.nix 32 ]; 33 34 nixpkgs = { 35 # Configure your nixpkgs instance 36 config = { 37 # Disable if you don't want unfree packages 38 allowUnfree = true; 39 }; 40 }; 41 42 nix = let 43 flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; 44 in { 45 settings = { 46 # Enable flakes and new 'nix' command 47 experimental-features = "nix-command flakes"; 48 # Opinionated: disable global registry 49 flake-registry = ""; 50 # Workaround for https://github.com/NixOS/nix/issues/9574 51 nix-path = config.nix.nixPath; 52 }; 53 # Opinionated: disable channels 54 channel.enable = false; 55 56 # Opinionated: make flake registry and nix path match flake inputs 57 registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; 58 nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; 59 }; 60 61 time = { 62 timeZone = "America/New_York"; 63 hardwareClockInLocalTime = true; 64 }; 65 66 services.automatic-timezoned.enable = true; 67 68 environment.systemPackages = map lib.lowPrio [ 69 pkgs.curl 70 inputs.agenix.packages.x86_64-linux.default 71 pkgs.wpa_supplicant_gui 72 pkgs.overskride 73 pkgs.alacritty 74 pkgs.zsh 75 pkgs.starship 76 pkgs.swww 77 pkgs.sunwait 78 pkgs.sunpaper 79 pkgs.wluma 80 pkgs.brightnessctl 81 inputs.hyprland-contrib.packages.${pkgs.system}.grimblast 82 pkgs.mako 83 pkgs.hyprpicker 84 pkgs.notify-desktop 85 pkgs.bc 86 pkgs.wl-clipboard 87 pkgs.psmisc 88 pkgs.jq 89 pkgs.playerctl 90 pkgs.firefox 91 pkgs.slack 92 pkgs.gnome.nautilus 93 pkgs.gnome.totem 94 pkgs.loupe 95 pkgs.gnome.file-roller 96 pkgs.polkit_gnome 97 pkgs.fprintd 98 pkgs.gitMinimal 99 pkgs.github-desktop 100 pkgs.udiskie 101 pkgs.neofetch 102 pkgs.cava 103 pkgs.go 104 pkgs.bun 105 pkgs.pitivi 106 ]; 107 108 services.gnome.gnome-keyring.enable = true; 109 programs.dconf.enable = true; 110 111 systemd = { 112 user.services.polkit-gnome-authentication-agent-1 = { 113 description = "polkit-gnome-authentication-agent-1"; 114 wantedBy = [ "graphical-session.target" ]; 115 wants = [ "graphical-session.target" ]; 116 after = [ "graphical-session.target" ]; 117 serviceConfig = { 118 Type = "simple"; 119 ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; 120 Restart = "on-failure"; 121 RestartSec = 1; 122 TimeoutStopSec = 10; 123 }; 124 }; 125 }; 126 127 fonts.packages = with pkgs; [ 128 nerdfonts 129 fira 130 ]; 131 132 environment.sessionVariables = { 133 XDG_CACHE_HOME = "$HOME/.cache"; 134 XDG_CONFIG_HOME = "$HOME/.config"; 135 XDG_DATA_HOME = "$HOME/.local/share"; 136 SUNPAPERDIR = "${lib.getExe pkgs.sunpaper}"; 137 XDG_STATE_HOME = "$HOME/.local/state"; 138 NIXOS_OZONE_WL = "1"; 139 }; 140 141 # import the secret 142 age.identityPaths = [ "/home/kierank/.ssh/id_rsa" "/etc/ssh/id_rsa" "/mnt/etc/ssh/id_rsa" ]; 143 age.secrets.wifi = { 144 file = ../secrets/wifi.age; 145 owner = "kierank"; 146 }; 147 148 # setup the network 149 networking = { 150 hostName = "moonlark"; 151 wireless = { 152 environmentFile = config.age.secrets.wifi.path; 153 userControlled.enable = true; 154 enable = true; 155 networks = { 156 "KlukasNet".psk = "@PSK_HOME@"; 157 "Everseen".psk = "@PSK_HOTSPOT@"; 158 }; 159 }; 160 }; 161 162 programs.zsh.enable = true; 163 # TODO: Configure your system-wide user settings (groups, etc), add more users as needed. 164 users.users = { 165 kierank = { 166 # You can skip setting a root password by passing '--no-root-passwd' to nixos-install. 167 # Be sure to change it (using passwd) after rebooting! 168 initialPassword = "lolzthisaintsecure!"; 169 isNormalUser = true; 170 shell = pkgs.zsh; 171 openssh.authorizedKeys.keys = [ 172 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 173 ]; 174 extraGroups = ["wheel" "networkmanager" "audio" "video" "docker" "plugdev" "input"]; 175 }; 176 root.openssh.authorizedKeys.keys = [ 177 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 178 ]; 179 }; 180 181 programs.hyprland.enable = true; 182 services.hypridle.enable = true; 183 184 # enable cups 185 services.printing.enable = true; 186 services.avahi = { 187 enable = true; 188 nssmdns4 = true; 189 openFirewall = true; 190 }; 191 192 193 # enable bluetooth 194 hardware.bluetooth.enable = true; 195 196 # enable pipewire 197 # rtkit is optional but recommended 198 security.rtkit.enable = true; 199 services.pipewire = { 200 enable = true; 201 alsa.enable = true; 202 alsa.support32Bit = true; 203 pulse.enable = true; 204 # If you want to use JACK applications, uncomment this 205 jack.enable = true; 206 }; 207 208 # This setups a SSH server. Very important if you're setting up a headless system. 209 # Feel free to remove if you don't need it. 210 services.openssh = { 211 enable = true; 212 settings = { 213 # Opinionated: forbid root login through SSH. 214 PermitRootLogin = "no"; 215 # Opinionated: use keys only. 216 # Remove if you want to SSH using passwords 217 PasswordAuthentication = false; 218 }; 219 }; 220 221 networking.firewall = { 222 enable = true; 223 allowedTCPPorts = [ 4455 ]; 224 allowedUDPPorts = [ 4455 ]; 225 }; 226 227 228 services.devmon.enable = true; 229 services.gvfs.enable = true; 230 services.udisks2.enable = true; 231 232 services.logind.extraConfig = '' 233 # don't shutdown when power button is short-pressed 234 HandlePowerKey=ignore 235 HandlePowerKeyLongPress=poweroff 236 ''; 237 238 # Requires at least 5.16 for working wi-fi and bluetooth. 239 # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89 240 boot = { 241 kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (lib.mkDefault pkgs.linuxPackages_latest); 242 loader.grub = { 243 # no need to set devices, disko will add all devices that have a EF02 partition to the list already 244 device = "nodev"; 245 efiSupport = true; 246 efiInstallAsRemovable = true; 247 }; 248 supportedFilesystems = [ "ntfs" ]; 249 }; 250 251 # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion 252 system.stateVersion = "23.05"; 253}