# Edit this configuration file to define what should be installed on# your sys

1. # Edit this configuration file to define what should be installed on
2. # your system. Help is available in the configuration.nix(5) man page
3. # and in the NixOS manual (accessible by running ‘nixos-help’).
4.  
5. { config, lib, pkgs, ... }:
6. let
7. baseconfig = { allowUnfree = true; };
8. unstable = import <unstable> { config= baseconfig; };
9. in
10. {
11. imports =
12. [ # Include the results of the hardware scan.
13. ./hardware-configuration.nix
14. ./common.nix
15. ./secrets.nix
16. ./packages.nix
17. ./services/kibana_es.nix
18. ./services/tor.nix
19. ./networkmanager.nix
20. # ./wireguard.nix
21. ];
22.  
23. # Use the systemd-boot EFI boot loader.
24. boot.loader.systemd-boot.enable = true;
25. boot.loader.efi.canTouchEfiVariables = true;
26.  
27. # boot.initrd.gpgCard = {
28. # encryptedPass = "/boot/pass.gpg";
29. # publicKey = "/boot/mog/mog.asc";
30. # };
31. #
32. boot.initrd.luks.devices = [
33. {
34. name = "root";
35. device = "/dev/disk/by-uuid/a3e56c05-51f2-4758-a9ef-20efd6e606f7";
36. preLVM = true;
37. allowDiscards = true;
38. # gpgSupport = true;
39.  
40. }
41. ];
42.  
43. system.stateVersion = "19.03"; # Did you read the comment?
44.  
45. # https://bugzilla.kernel.org/show_bug.cgi?id=110941
46. boot.kernelParams = [ "intel_pstate=no_hwp" "acpi_call "];
47.  
48. # Supposedly better for the SSD.
49. fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
50.  
51. # boot.kernelPackages = pkgs.linuxPackages_5_1;
52. boot.kernelPackages = unstable.linuxPackages_latest;
53. networking.hostName = "ford"; # Define your hostname.
54.  
55. # Some programs need SUID wrappers, can be configured further or are
56. # started in user sessions.
57. programs.mtr.enable = true;
58. programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
59.  
60. # List services that you want to enable:
61.  
62. # Enable the OpenSSH daemon.
63. services.openssh.enable = true;
64. virtualisation.docker.enable = true;
65. networking.firewall.enable = false;
66.  
67. # Enable sound.
68. sound.enable = true;
69. hardware.pulseaudio.enable = true;
70.  
71. # Enable the X11 windowing system.
72. services.xserver.enable = true;
73. services.xserver.layout = "us";
74.  
75. services.xserver.libinput.enable = true;
76. ### services.xserver.displayManager.lightdm.enable = true;
77. ### services.xserver.desktopManager.gnome3.enable = true;
78. ### services.xserver.desktopManager.xfce.enable = true;
79. ### programs.ssh.startAgent = false;
80. # Define a user account. Don't forget to set a password with ‘passwd’.
81. users.extraUsers.mog = {
82. isNormalUser = true;
83. createHome = true;
84. group = "users";
85. extraGroups = [ "networkmanager" "wheel" "dialout" "vboxusers" "docker" "libvirtd" "nitrokey" "plugdev" ];
86. uid = 1000;
87. };
88.  
89.  
90. networking.extraHosts = "
91. 127.0.0.1 ford localhost
92. ";
93.  
94. hardware.bumblebee.enable = true;
95.  
96. hardware.cpu.intel.updateMicrocode =
97. lib.mkDefault config.hardware.enableRedistributableFirmware;
98.  
99. hardware.opengl.extraPackages = with pkgs; [
100. vaapiIntel
101. vaapiVdpau
102. libvdpau-va-gl
103. ];
104.  
105. boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call wireguard ];
106.  
107. systemd.services.cpu-throttling = {
108. enable = true;
109. description = "Sets the offset to 3 °C, so the new trip point is 97 °C";
110. documentation = [
111. "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues"
112. ];
113. path = [ pkgs.msr-tools ];
114. script = "wrmsr -a 0x1a2 0x3000000";
115. serviceConfig = {
116. Type = "oneshot";
117. };
118. wantedBy = [
119. "timers.target"
120. ];
121. };
122.  
123. systemd.timers.cpu-throttling = {
124. enable = true;
125. description = "Set cpu heating limit to 97 °C";
126. documentation = [
127. "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues"
128. ];
129. timerConfig = {
130. OnActiveSec = 60;
131. OnUnitActiveSec = 60;
132. Unit = "cpu-throttling.service";
133. };
134. wantedBy = [
135. "timers.target"
136. ];
137. };
138.  
139.  
140.  
141. hardware.opengl.driSupport32Bit = true;
142. hardware.pulseaudio.support32Bit = true;
143.  
144. hardware.pulseaudio.package = pkgs.pulseaudioFull;
145. hardware.bluetooth.enable = true;
146. #networking.dnsExtensionMechanism = false;
147. #networking.resolvconf.dnsExtensionMechanism = false;
148. services.autorandr.enable = true;
149.  
150. services.udev = {
151. path = [ pkgs.xorg.setxkbmap pkgs.xorg.xinput ];
152. extraRules = ''
153. SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="f617", ATTR{idProduct}=="0905", RUN+="${pkgs.bash}/bin/bash /home/mog/.bin/udevfixkb ${pkgs.xorg.setxkbmap}/bin/setxkbmap", OWNER="mog"
154. ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:f9:cd:c5", NAME="eth0"
155. ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:a4:e9:cd", NAME="eth1"
156. ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="18:1d:ea:00:a6:4a", NAME="wlan0"
157. SUBSYSTEM=="input", ATTRS{name}=="8Bitdo SF30 Pro", MODE="0666", ENV{ID_INPUT_JOYSTICK}="1"
158.  
159. ATTR{idVendor}=="1d50", ATTR{idProduct}=="60e6", SYMLINK+="greatfet-one-%k", MODE="660", GROUP="dialout"
160. ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="nxp-dfu-%k", MODE="660", GROUP="dialout"
161.  
162. SUBSYSTEM=="usb", ATTR{idVendor}=="04b4", ATTR{idProduct}=="8613", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
163. SUBSYSTEM=="usb", ATTR{idVendor}=="04b4", ATTR{idProduct}=="00f1", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
164. SUBSYSTEM=="usb", ATTR{idVendor}=="0403", ATTR{idProduct}=="601f", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
165. SUBSYSTEM=="usb", ATTR{idVendor}=="1d50", ATTR{idProduct}=="6108", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
166. SUBSYSTEM=="xillybus", MODE="666", OPTIONS="last_rule"
167. '';
168. };
169. services.logind.lidSwitch = "ignore";
170.  
171. #virtualisation.virtualbox.host.enable = true;
172. #virtualisation.virtualbox.host.enableExtensionPack = true;
173. ###
174.  
175. services.fstrim.enable = true;
176.  
177. zramSwap.enable = true;
178. zramSwap.memoryPercent = 100;
179. zramSwap.numDevices = 1;
180. boot.tmpOnTmpfs = true;
181.  
182. boot.cleanTmpDir = true;
183. #android_sdk.accept_license = true;
184.  
185. environment.etc."nixos/active".text = config.system.nixos.label;
186.  
187. services.undervolt = {
188. enable = true;
189. coreOffset = "-85";
190. # temp = "97";
191. gpuOffset = "0";
192. uncoreOffset = "-85";
193. analogioOffset = "0";
194. };
195.  
196. # security.pam.services.<name?>.enableGnomeKeyring
197. services.xserver.displayManager.gdm.enable = true;
198. services.xserver.desktopManager.gnome3.enable = true;
199. services.gnome3.chrome-gnome-shell.enable = true;
200.  
201. #boot.plymouth.enable = true;
202. ###
203. ###services.xserver.desktopManager.xfce.enableXfwm = false;
204. ###services.xserver.desktopManager.xfce.noDesktop = true;
205. ###services.xserver.desktopManager.xfce.thunarPlugins = [ pkgs.xfce.thunar-archive-plugin ];
206. ###services.xserver.desktopManager.xfce.extraSessionCommands = ''
207. ###stumpwm
208. ###'';
209.  
210. services.keybase.enable = true;
211. services.kbfs.enable = true;
212.  
213. services.tlp.enable = true;
214. services.tlp.extraConfig = ''
215. START_CHARGE_THRESH_BAT0=50
216. STOP_CHARGE_THRESH_BAT0=80
217. USB_BLACKLIST="1d50:60e6 20a0:4108"
218. '';
219.  
220. nix.binaryCaches = [
221. "https://cache.nixos.org/"
222.  
223. # This assumes that you use the default `nix-serve` port of 5000
224. # "https://nix.rldn.net/"
225. ];
226.  
227. nix.binaryCachePublicKeys = [
228. "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
229.  
230. # Replace the following string with the contents of the
231. # `nix-serve.pub` file you generated in the "Server configuration"
232. # section above
233. # "nix.rldn.net-1:41SDd7l+A6qqpUPC8Tu43ThJucFQG+WdrwJtHFF0MZM="
234. ];
235.  
236. programs.mosh.enable = true;
237.  
238. services.avahi.enable = true;
239.  
240. #services.fwupd.enable = true;
241. #oraclejdk.accept_license = true;
242. ###services.nscd.config = ''
243. ### server-user nscd
244. ### threads 1
245. ### paranoia no
246. ### debug-level 0
247. ###
248. ### enable-cache passwd yes
249. ### positive-time-to-live passwd 600
250. ### negative-time-to-live passwd 20
251. ### suggested-size passwd 211
252. ### check-files passwd yes
253. ### persistent passwd no
254. ### shared passwd yes
255. ###
256. ### enable-cache group yes
257. ### positive-time-to-live group 3600
258. ### negative-time-to-live group 60
259. ### suggested-size group 211
260. ### check-files group yes
261. ### persistent group no
262. ### shared group yes
263. ###
264. ### enable-cache hosts yes
265. ### positive-time-to-live hosts 600
266. ### negative-time-to-live hosts 0
267. ### suggested-size hosts 211
268. ### check-files hosts yes
269. ### persistent hosts no
270. ### shared hosts yes
271. ###'';
272. }