Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Edit this configuration file to define what should be installed on
- # your system. Help is available in the configuration.nix(5) man page
- # and in the NixOS manual (accessible by running ‘nixos-help’).
- { config, lib, pkgs, ... }:
- let
- baseconfig = { allowUnfree = true; };
- unstable = import <unstable> { config= baseconfig; };
- in
- {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ./common.nix
- ./secrets.nix
- ./packages.nix
- ./services/kibana_es.nix
- ./services/tor.nix
- ./networkmanager.nix
- # ./wireguard.nix
- ];
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- # boot.initrd.gpgCard = {
- # encryptedPass = "/boot/pass.gpg";
- # publicKey = "/boot/mog/mog.asc";
- # };
- #
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/a3e56c05-51f2-4758-a9ef-20efd6e606f7";
- preLVM = true;
- allowDiscards = true;
- # gpgSupport = true;
- }
- ];
- system.stateVersion = "19.03"; # Did you read the comment?
- # https://bugzilla.kernel.org/show_bug.cgi?id=110941
- boot.kernelParams = [ "intel_pstate=no_hwp" "acpi_call "];
- # Supposedly better for the SSD.
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- # boot.kernelPackages = pkgs.linuxPackages_5_1;
- boot.kernelPackages = unstable.linuxPackages_latest;
- networking.hostName = "ford"; # Define your hostname.
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- programs.mtr.enable = true;
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- # List services that you want to enable:
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- virtualisation.docker.enable = true;
- networking.firewall.enable = false;
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "us";
- services.xserver.libinput.enable = true;
- ### services.xserver.displayManager.lightdm.enable = true;
- ### services.xserver.desktopManager.gnome3.enable = true;
- ### services.xserver.desktopManager.xfce.enable = true;
- ### programs.ssh.startAgent = false;
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.extraUsers.mog = {
- isNormalUser = true;
- createHome = true;
- group = "users";
- extraGroups = [ "networkmanager" "wheel" "dialout" "vboxusers" "docker" "libvirtd" "nitrokey" "plugdev" ];
- uid = 1000;
- };
- networking.extraHosts = "
- 127.0.0.1 ford localhost
- ";
- hardware.bumblebee.enable = true;
- hardware.cpu.intel.updateMicrocode =
- lib.mkDefault config.hardware.enableRedistributableFirmware;
- hardware.opengl.extraPackages = with pkgs; [
- vaapiIntel
- vaapiVdpau
- libvdpau-va-gl
- ];
- boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call wireguard ];
- systemd.services.cpu-throttling = {
- enable = true;
- description = "Sets the offset to 3 °C, so the new trip point is 97 °C";
- documentation = [
- "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues"
- ];
- path = [ pkgs.msr-tools ];
- script = "wrmsr -a 0x1a2 0x3000000";
- serviceConfig = {
- Type = "oneshot";
- };
- wantedBy = [
- "timers.target"
- ];
- };
- systemd.timers.cpu-throttling = {
- enable = true;
- description = "Set cpu heating limit to 97 °C";
- documentation = [
- "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues"
- ];
- timerConfig = {
- OnActiveSec = 60;
- OnUnitActiveSec = 60;
- Unit = "cpu-throttling.service";
- };
- wantedBy = [
- "timers.target"
- ];
- };
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.support32Bit = true;
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
- hardware.bluetooth.enable = true;
- #networking.dnsExtensionMechanism = false;
- #networking.resolvconf.dnsExtensionMechanism = false;
- services.autorandr.enable = true;
- services.udev = {
- path = [ pkgs.xorg.setxkbmap pkgs.xorg.xinput ];
- extraRules = ''
- SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="f617", ATTR{idProduct}=="0905", RUN+="${pkgs.bash}/bin/bash /home/mog/.bin/udevfixkb ${pkgs.xorg.setxkbmap}/bin/setxkbmap", OWNER="mog"
- ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:f9:cd:c5", NAME="eth0"
- ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:a4:e9:cd", NAME="eth1"
- ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="18:1d:ea:00:a6:4a", NAME="wlan0"
- SUBSYSTEM=="input", ATTRS{name}=="8Bitdo SF30 Pro", MODE="0666", ENV{ID_INPUT_JOYSTICK}="1"
- ATTR{idVendor}=="1d50", ATTR{idProduct}=="60e6", SYMLINK+="greatfet-one-%k", MODE="660", GROUP="dialout"
- ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="nxp-dfu-%k", MODE="660", GROUP="dialout"
- SUBSYSTEM=="usb", ATTR{idVendor}=="04b4", ATTR{idProduct}=="8613", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
- SUBSYSTEM=="usb", ATTR{idVendor}=="04b4", ATTR{idProduct}=="00f1", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
- SUBSYSTEM=="usb", ATTR{idVendor}=="0403", ATTR{idProduct}=="601f", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
- SUBSYSTEM=="usb", ATTR{idVendor}=="1d50", ATTR{idProduct}=="6108", SYMLINK+="stream-%k", TAG+="uaccess", MODE="660", GROUP="dialout"
- SUBSYSTEM=="xillybus", MODE="666", OPTIONS="last_rule"
- '';
- };
- services.logind.lidSwitch = "ignore";
- #virtualisation.virtualbox.host.enable = true;
- #virtualisation.virtualbox.host.enableExtensionPack = true;
- ###
- services.fstrim.enable = true;
- zramSwap.enable = true;
- zramSwap.memoryPercent = 100;
- zramSwap.numDevices = 1;
- boot.tmpOnTmpfs = true;
- boot.cleanTmpDir = true;
- #android_sdk.accept_license = true;
- environment.etc."nixos/active".text = config.system.nixos.label;
- services.undervolt = {
- enable = true;
- coreOffset = "-85";
- # temp = "97";
- gpuOffset = "0";
- uncoreOffset = "-85";
- analogioOffset = "0";
- };
- # security.pam.services.<name?>.enableGnomeKeyring
- services.xserver.displayManager.gdm.enable = true;
- services.xserver.desktopManager.gnome3.enable = true;
- services.gnome3.chrome-gnome-shell.enable = true;
- #boot.plymouth.enable = true;
- ###
- ###services.xserver.desktopManager.xfce.enableXfwm = false;
- ###services.xserver.desktopManager.xfce.noDesktop = true;
- ###services.xserver.desktopManager.xfce.thunarPlugins = [ pkgs.xfce.thunar-archive-plugin ];
- ###services.xserver.desktopManager.xfce.extraSessionCommands = ''
- ###stumpwm
- ###'';
- services.keybase.enable = true;
- services.kbfs.enable = true;
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=50
- STOP_CHARGE_THRESH_BAT0=80
- USB_BLACKLIST="1d50:60e6 20a0:4108"
- '';
- nix.binaryCaches = [
- "https://cache.nixos.org/"
- # This assumes that you use the default `nix-serve` port of 5000
- # "https://nix.rldn.net/"
- ];
- nix.binaryCachePublicKeys = [
- "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
- # Replace the following string with the contents of the
- # `nix-serve.pub` file you generated in the "Server configuration"
- # section above
- # "nix.rldn.net-1:41SDd7l+A6qqpUPC8Tu43ThJucFQG+WdrwJtHFF0MZM="
- ];
- programs.mosh.enable = true;
- services.avahi.enable = true;
- #services.fwupd.enable = true;
- #oraclejdk.accept_license = true;
- ###services.nscd.config = ''
- ### server-user nscd
- ### threads 1
- ### paranoia no
- ### debug-level 0
- ###
- ### enable-cache passwd yes
- ### positive-time-to-live passwd 600
- ### negative-time-to-live passwd 20
- ### suggested-size passwd 211
- ### check-files passwd yes
- ### persistent passwd no
- ### shared passwd yes
- ###
- ### enable-cache group yes
- ### positive-time-to-live group 3600
- ### negative-time-to-live group 60
- ### suggested-size group 211
- ### check-files group yes
- ### persistent group no
- ### shared group yes
- ###
- ### enable-cache hosts yes
- ### positive-time-to-live hosts 600
- ### negative-time-to-live hosts 0
- ### suggested-size hosts 211
- ### check-files hosts yes
- ### persistent hosts no
- ### shared hosts yes
- ###'';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement