dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom
dots / moonlark / configuration.nix
at c3450a447907c5b8815b888926de6bc2ceca109c 7.3 kB view raw
1 2# This is your system's configuration file. 3# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) 4{ 5 inputs, 6 lib, 7 config, 8 pkgs, 9 ... 10}: { 11 # You can import other NixOS modules here 12 imports = [ 13 # If you want to use modules from other flakes (such as nixos-hardware): 14 inputs.hardware.nixosModules.framework-11th-gen-intel 15 16 # Import your generated (nixos-generate-config) hardware configuration 17 ./hardware-configuration.nix 18 19 # Import home-manager's configuration 20 ./home-manager.nix 21 22 # Import disko's configuration 23 ./disk-config.nix 24 25 # hpyrland config 26 # ./hyprland 27 28 ./pam.nix 29 ]; 30 31 nixpkgs = { 32 # Configure your nixpkgs instance 33 config = { 34 # Disable if you don't want unfree packages 35 allowUnfree = true; 36 }; 37 }; 38 39 nix = let 40 flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; 41 in { 42 settings = { 43 # Enable flakes and new 'nix' command 44 experimental-features = "nix-command flakes"; 45 # Opinionated: disable global registry 46 flake-registry = ""; 47 # Workaround for https://github.com/NixOS/nix/issues/9574 48 nix-path = config.nix.nixPath; 49 }; 50 # Opinionated: disable channels 51 channel.enable = false; 52 53 # Opinionated: make flake registry and nix path match flake inputs 54 registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; 55 nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; 56 }; 57 58 time = { 59 timeZone = "America/New_York"; 60 hardwareClockInLocalTime = true; 61 }; 62 63 services.automatic-timezoned.enable = true; 64 65 environment.systemPackages = map lib.lowPrio [ 66 pkgs.curl 67 inputs.agenix.packages.x86_64-linux.default 68 pkgs.wpa_supplicant_gui 69 pkgs.alacritty 70 pkgs.zsh 71 pkgs.starship 72 pkgs.swww 73 pkgs.sunwait 74 pkgs.sunpaper 75 pkgs.wluma 76 pkgs.brightnessctl 77 inputs.hyprland-contrib.packages.${pkgs.system}.grimblast 78 pkgs.mako 79 pkgs.notify-desktop 80 pkgs.bc 81 pkgs.wl-clipboard 82 pkgs.psmisc 83 pkgs.jq 84 pkgs.playerctl 85 pkgs.firefox 86 pkgs.slack 87 pkgs.gnome.nautilus 88 pkgs.gnome.file-roller 89 pkgs.polkit_gnome 90 pkgs.fprintd 91 pkgs.gitMinimal 92 (pkgs.vscode-with-extensions.override { 93 vscodeExtensions = with pkgs.vscode-extensions; [ 94 bbenoist.nix 95 ]; 96 }) 97 pkgs.github-desktop 98 pkgs.udiskie 99 pkgs.neofetch 100 ]; 101 102 services.gnome.gnome-keyring.enable = true; 103 programs.dconf.enable = true; 104 105 systemd = { 106 user.services.polkit-gnome-authentication-agent-1 = { 107 description = "polkit-gnome-authentication-agent-1"; 108 wantedBy = [ "graphical-session.target" ]; 109 wants = [ "graphical-session.target" ]; 110 after = [ "graphical-session.target" ]; 111 serviceConfig = { 112 Type = "simple"; 113 ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; 114 Restart = "on-failure"; 115 RestartSec = 1; 116 TimeoutStopSec = 10; 117 }; 118 }; 119 }; 120 121 fonts.packages = with pkgs; [ 122 nerdfonts 123 fira 124 ]; 125 126 environment.sessionVariables = { 127 XDG_CACHE_HOME = "$HOME/.cache"; 128 XDG_CONFIG_HOME = "$HOME/.config"; 129 XDG_DATA_HOME = "$HOME/.local/share"; 130 SUNPAPERDIR = "${lib.getExe pkgs.sunpaper}"; 131 XDG_STATE_HOME = "$HOME/.local/state"; 132 NIXOS_OZONE_WL = "1"; 133 }; 134 135 # import the secret 136 age.identityPaths = [ "/home/kierank/.ssh/id_rsa" "/etc/ssh/id_rsa" "/mnt/etc/ssh/id_rsa" ]; 137 age.secrets.wifi = { 138 file = ../secrets/wifi.age; 139 owner = "kierank"; 140 }; 141 142 # setup the network 143 networking = { 144 hostName = "moonlark"; 145 wireless = { 146 environmentFile = config.age.secrets.wifi.path; 147 userControlled.enable = true; 148 enable = true; 149 networks = { 150 "KlukasNet".psk = "@PSK_HOME@"; 151 "Everseen".psk = "@PSK_HOTSPOT@"; 152 }; 153 }; 154 }; 155 156 programs.zsh.enable = true; 157 # TODO: Configure your system-wide user settings (groups, etc), add more users as needed. 158 users.users = { 159 kierank = { 160 # You can skip setting a root password by passing '--no-root-passwd' to nixos-install. 161 # Be sure to change it (using passwd) after rebooting! 162 initialPassword = "lolzthisaintsecure!"; 163 isNormalUser = true; 164 shell = pkgs.zsh; 165 openssh.authorizedKeys.keys = [ 166 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 167 ]; 168 extraGroups = ["wheel" "networkmanager" "audio" "video" "docker" "plugdev" "input"]; 169 }; 170 root.openssh.authorizedKeys.keys = [ 171 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 172 ]; 173 }; 174 175 programs.hyprland.enable = true; 176 services.hypridle.enable = true; 177 178 # enable cups 179 services.printing.enable = true; 180 181 # enable bluetooth 182 hardware.bluetooth.enable = true; 183 184 # enable pipewire 185 # rtkit is optional but recommended 186 security.rtkit.enable = true; 187 services.pipewire = { 188 enable = true; 189 alsa.enable = true; 190 alsa.support32Bit = true; 191 pulse.enable = true; 192 # If you want to use JACK applications, uncomment this 193 jack.enable = true; 194 }; 195 196 # This setups a SSH server. Very important if you're setting up a headless system. 197 # Feel free to remove if you don't need it. 198 services.openssh = { 199 enable = true; 200 settings = { 201 # Opinionated: forbid root login through SSH. 202 PermitRootLogin = "no"; 203 # Opinionated: use keys only. 204 # Remove if you want to SSH using passwords 205 PasswordAuthentication = false; 206 }; 207 }; 208 209 services.devmon.enable = true; 210 services.gvfs.enable = true; 211 services.udisks2.enable = true; 212 213 # Requires at least 5.16 for working wi-fi and bluetooth. 214 # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89 215 boot = { 216 kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (lib.mkDefault pkgs.linuxPackages_latest); 217 loader.grub = { 218 # no need to set devices, disko will add all devices that have a EF02 partition to the list already 219 device = "nodev"; 220 efiSupport = true; 221 efiInstallAsRemovable = true; 222 }; 223 supportedFilesystems = [ "ntfs" ]; 224 }; 225 226 # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion 227 system.stateVersion = "23.05"; 228}