dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom
dots / moonlark / configuration.nix
at fb8f12cd85d92b9cc9d8ae6328acc92736e3efaa 7.3 kB view raw
1 2# This is your system's configuration file. 3# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) 4{ 5 inputs, 6 lib, 7 config, 8 pkgs, 9 ... 10}: { 11 # You can import other NixOS modules here 12 imports = [ 13 # If you want to use modules from other flakes (such as nixos-hardware): 14 inputs.hardware.nixosModules.framework-11th-gen-intel 15 16 # Import your generated (nixos-generate-config) hardware configuration 17 ./hardware-configuration.nix 18 19 # Import home-manager's configuration 20 ./home-manager.nix 21 22 # Import disko's configuration 23 ./disk-config.nix 24 25 # hpyrland config 26 # ./hyprland 27 28 ./pam.nix 29 ]; 30 31 nixpkgs = { 32 # Configure your nixpkgs instance 33 config = { 34 # Disable if you don't want unfree packages 35 allowUnfree = true; 36 }; 37 }; 38 39 nix = let 40 flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; 41 in { 42 settings = { 43 # Enable flakes and new 'nix' command 44 experimental-features = "nix-command flakes"; 45 # Opinionated: disable global registry 46 flake-registry = ""; 47 # Workaround for https://github.com/NixOS/nix/issues/9574 48 nix-path = config.nix.nixPath; 49 }; 50 # Opinionated: disable channels 51 channel.enable = false; 52 53 # Opinionated: make flake registry and nix path match flake inputs 54 registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; 55 nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; 56 }; 57 58 time = { 59 timeZone = "America/New_York"; 60 hardwareClockInLocalTime = true; 61 }; 62 63 services.automatic-timezoned.enable = true; 64 65 environment.systemPackages = map lib.lowPrio [ 66 pkgs.curl 67 inputs.agenix.packages.x86_64-linux.default 68 pkgs.wpa_supplicant_gui 69 pkgs.overskride 70 pkgs.alacritty 71 pkgs.zsh 72 pkgs.starship 73 pkgs.swww 74 pkgs.sunwait 75 pkgs.sunpaper 76 pkgs.wluma 77 pkgs.brightnessctl 78 inputs.hyprland-contrib.packages.${pkgs.system}.grimblast 79 pkgs.mako 80 pkgs.hyprpicker 81 pkgs.notify-desktop 82 pkgs.bc 83 pkgs.wl-clipboard 84 pkgs.psmisc 85 pkgs.jq 86 pkgs.playerctl 87 pkgs.firefox 88 pkgs.slack 89 pkgs.gnome.nautilus 90 pkgs.gnome.file-roller 91 pkgs.polkit_gnome 92 pkgs.fprintd 93 pkgs.gitMinimal 94 pkgs.github-desktop 95 pkgs.udiskie 96 pkgs.neofetch 97 pkgs.cava 98 pkgs.go 99 pkgs.bun 100 ]; 101 102 services.gnome.gnome-keyring.enable = true; 103 programs.dconf.enable = true; 104 105 systemd = { 106 user.services.polkit-gnome-authentication-agent-1 = { 107 description = "polkit-gnome-authentication-agent-1"; 108 wantedBy = [ "graphical-session.target" ]; 109 wants = [ "graphical-session.target" ]; 110 after = [ "graphical-session.target" ]; 111 serviceConfig = { 112 Type = "simple"; 113 ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; 114 Restart = "on-failure"; 115 RestartSec = 1; 116 TimeoutStopSec = 10; 117 }; 118 }; 119 }; 120 121 fonts.packages = with pkgs; [ 122 nerdfonts 123 fira 124 ]; 125 126 environment.sessionVariables = { 127 XDG_CACHE_HOME = "$HOME/.cache"; 128 XDG_CONFIG_HOME = "$HOME/.config"; 129 XDG_DATA_HOME = "$HOME/.local/share"; 130 SUNPAPERDIR = "${lib.getExe pkgs.sunpaper}"; 131 XDG_STATE_HOME = "$HOME/.local/state"; 132 NIXOS_OZONE_WL = "1"; 133 }; 134 135 # import the secret 136 age.identityPaths = [ "/home/kierank/.ssh/id_rsa" "/etc/ssh/id_rsa" "/mnt/etc/ssh/id_rsa" ]; 137 age.secrets.wifi = { 138 file = ../secrets/wifi.age; 139 owner = "kierank"; 140 }; 141 142 # setup the network 143 networking = { 144 hostName = "moonlark"; 145 wireless = { 146 environmentFile = config.age.secrets.wifi.path; 147 userControlled.enable = true; 148 enable = true; 149 networks = { 150 "KlukasNet".psk = "@PSK_HOME@"; 151 "Everseen".psk = "@PSK_HOTSPOT@"; 152 }; 153 }; 154 }; 155 156 programs.zsh.enable = true; 157 # TODO: Configure your system-wide user settings (groups, etc), add more users as needed. 158 users.users = { 159 kierank = { 160 # You can skip setting a root password by passing '--no-root-passwd' to nixos-install. 161 # Be sure to change it (using passwd) after rebooting! 162 initialPassword = "lolzthisaintsecure!"; 163 isNormalUser = true; 164 shell = pkgs.zsh; 165 openssh.authorizedKeys.keys = [ 166 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 167 ]; 168 extraGroups = ["wheel" "networkmanager" "audio" "video" "docker" "plugdev" "input"]; 169 }; 170 root.openssh.authorizedKeys.keys = [ 171 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= kierank@mockingjay" 172 ]; 173 }; 174 175 programs.hyprland.enable = true; 176 services.hypridle.enable = true; 177 178 # enable cups 179 services.printing.enable = true; 180 services.avahi = { 181 enable = true; 182 nssmdns4 = true; 183 openFirewall = true; 184 }; 185 186 187 # enable bluetooth 188 hardware.bluetooth.enable = true; 189 190 # enable pipewire 191 # rtkit is optional but recommended 192 security.rtkit.enable = true; 193 services.pipewire = { 194 enable = true; 195 alsa.enable = true; 196 alsa.support32Bit = true; 197 pulse.enable = true; 198 # If you want to use JACK applications, uncomment this 199 jack.enable = true; 200 }; 201 202 # This setups a SSH server. Very important if you're setting up a headless system. 203 # Feel free to remove if you don't need it. 204 services.openssh = { 205 enable = true; 206 settings = { 207 # Opinionated: forbid root login through SSH. 208 PermitRootLogin = "no"; 209 # Opinionated: use keys only. 210 # Remove if you want to SSH using passwords 211 PasswordAuthentication = false; 212 }; 213 }; 214 215 services.devmon.enable = true; 216 services.gvfs.enable = true; 217 services.udisks2.enable = true; 218 219 # Requires at least 5.16 for working wi-fi and bluetooth. 220 # https://community.frame.work/t/using-the-ax210-with-linux-on-the-framework-laptop/1844/89 221 boot = { 222 kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.16") (lib.mkDefault pkgs.linuxPackages_latest); 223 loader.grub = { 224 # no need to set devices, disko will add all devices that have a EF02 partition to the list already 225 device = "nodev"; 226 efiSupport = true; 227 efiInstallAsRemovable = true; 228 }; 229 supportedFilesystems = [ "ntfs" ]; 230 }; 231 232 # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion 233 system.stateVersion = "23.05"; 234}