evar/nixos-framework-laptop-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-framework-laptop-config/nixos/default.nix

261 lines
6.1 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./device.nix
./disk-config.nix
./hardware-configuration.nix
./audio/pipewire.nix
./impermanence.nix
./nix-maintenance.nix
# ./hardening.nix
./boot-pretty.nix
./vscode-server.nix
./desktop/plasma
./tailscale.nix
./users.nix
./user-system-config.nix
./vm.nix
(import ./kvmfr.nix { std = inputs.nix-std.lib; lib = lib; pkgs = pkgs; config = config; })
./libvirtd.nix
./osrs.nix
];
# So that I can get to the netgear router
# networking.extraHosts = ''
# 10.0.0.152 routerlogin.net
# 10.0.0.152 www.routerlogin.net
# '';
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
xdg.portal.config.common.default = "gtk";
security.polkit.enable = true;
systemd.services.fprxintd = {
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "simple";
};
services.fprintd.enable = true;
vfio = {
enable = true;
earlyKMS = true;
applyACSpatch = true;
};
virtualisation.kvmfr = {
enable = true;
devices = [
{
size = 128;
permissions = {
user = "evar";
group = "qemu-libvirtd";
mode = "0660";
};
}
];
};
# # https://gist.github.com/j-brn/716a03822d256bc5bf5d77b951c7915c
# virtualisation.kvmfr = {
# enable = true;
# shm = {
# enable = true;
# size = 64;
# user = "evar";
# group = "libvirtd";
# mode = "0660";
# };
# };
# Allows referring to this flake by the shorthand `nixos-config`, which lets you do e.g.
# nix repl nixos-config
nix.registry.nixos-config.to = {
type = "git";
url = "file://${config.users.users.evar.home}/git/nixos-framework-laptop-config";
};
# In order to catch all logs, we need to mount this early enough in the boot process.
fileSystems."/var/log".neededForBoot = true;
zramSwap = {
enable = true;
memoryPercent = 25;
};
# This is not ideal for a laptop.
# For solution watch https://github.com/nix-community/impermanence/issues/153
time.timeZone = "America/New_York";
nix.settings = {
# unclutters home folder
use-xdg-base-directories = true;
# adding a community binary cache
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg)
[
"keyguard"
"steam"
# "steam-original"
# "steam-run"
"steam-unwrapped"
"obsidian"
"rider"
"rust-rover"
"spotify"
];
# basically agrees to some license stuff
hardware.enableRedistributableFirmware = true;
### Boot
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.systemd.enable = true;
### Session management
services.displayManager.autoLogin = {
# only if there's any encripted disks
enable = config.boot.initrd.luks.devices != {};
user = "evar";
};
### Networking
networking.networkmanager = {
enable = true;
# Per https://kokada.dev/blog/an-unordered-list-of-hidden-gems-inside-nixos/
# May improve reliability
wifi.backend = "iwd";
};
services.openssh.enable = true;
### Stuff for running a dhcp server for wobbuffet stuff
### MAKE SURE TO DISABLE THIS BEFORE NORMAL OPERATION
# networking.networkmanager.dns = "dnsmasq";
# systemd.network.networks = {
# matchConfig.name = "en0";
# address = [
# "192.168.70.1/24"
# ];
# networkConfig = {
# ConfigureWithoutCarrier = true;
# };
# };
# services.dnsmasq = {
# enable = true;
# settings = {
# port = 0;
# interface = "en0";
# listen-address = "192.168.70.1";
# dhcp-range = [ "192.168.70.2,192.168.70.255,1h" ];
# dhcp-option = "option:router,192.168.70.1";
# };
# };
### System software
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.unifi
pkgs.git
pkgs.gdu
pkgs.kubectl
pkgs.kubernetes-helm
pkgs.k9s
pkgs.exfatprogs # for mkfs.exfat
pkgs.parted # for partprobe
pkgs.gparted
# For thinkorswim
# TODO: Should be elsewhere
pkgs.distrobox
];
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
programs.adb.enable = true;
# Miscellaneous
# helps some things access battery info
services.upower.enable = true;
# dynamic mounting of connected devices
services.udisks2.enable = true;
services.printing.enable = true;
# service discovery, hostname lookups, etc.
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# For the music server
networking.firewall.allowedUDPPorts = [
# DLNA discovery (SSDP)
1900
];
hardware.bluetooth = {
powerOnBoot = true;
settings.General.Experimental = "true";
};
# allows connecting to virtualized directories
services.gvfs.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink