# Edit this configuration file to define what should be installed on# your sys

1. # Edit this configuration file to define what should be installed on
2. # your system. Help is available in the configuration.nix(5) man page
3. # and in the NixOS manual (accessible by running ‘nixos-help’).
4.  
5. { config, pkgs, ... }:
6.  
7. let
8. home-manager = builtins.fetchTarball {
9. url = "https://github.com/rycee/home-manager/archive/master.tar.gz";
10. };
11.  
12. impermanence = builtins.fetchTarball {
13. url =
14. "https://github.com/nix-community/impermanence/archive/master.tar.gz";
15. };
16.  
17. emacs = builtins.fetchTarball {
18. url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
19. };
20. in
21. {
22. imports =
23. [ # Include the results of the hardware scan.
24. ./hardware-configuration.nix
25. "${home-manager}/nixos"
26. "${impermanence}/nixos.nix"
27. ];
28.  
29. system.stateVersion = "20.03"; # Did you read the comment?
30. networking.hostName = "dent";
31.  
32. time.timeZone = "US/Eastern";
33.  
34. networking.networkmanager.enable = true;
35.  
36. boot.initrd.luks.gpgSupport = true;
37. boot.initrd.luks.devices = {
38. root = {
39. device = "/dev/sda2";
40. # device = "/dev/disk/by-uuid/0decdb2d-934a-4f86-a17f-f76c5c806679";
41. preLVM = true;
42. allowDiscards = true;
43. gpgCard = {
44. gracePeriod = 25;
45. encryptedPass = "${/nix/persist/boot_pass/pass.gpg}";
46. publicKey = "${/nix/persist/boot_pass/mog.asc}";
47. };
48. };
49. };
50.  
51. hardware.nitrokey.enable = true;
52. programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
53. security.pam.enableSSHAgentAuth = true;
54.  
55. environment.etc."vim/vimrc".text = ''
56. set nocompatible
57. syntax on
58. set backspace=indent,eol,start
59. set mouse-=a
60. '';
61.  
62. environment.persistence."/nix/persist" = {
63. directories = [
64. "/etc/nixos"
65. "/etc/NetworkManager/system-connections"
66. ];
67. files = [
68. "/etc/machine-id"
69. "/etc/ssh/ssh_host_rsa_key"
70. "/etc/ssh/ssh_host_rsa_key.pub"
71. "/etc/ssh/ssh_host_ed25519_key"
72. "/etc/ssh/ssh_host_ed25519_key.pub"
73. ];
74. };
75.  
76. users.mutableUsers = false;
77. users.users.mog = {
78. isNormalUser = true;
79. createHome = true;
80. group = "users";
81. extraGroups = [ "networkmanager" "wheel" "dialout" "vboxusers" "docker" "libvirtd" "nitrokey" "plugdev" ];
82. uid = 1000;
83. };
84. home-manager.users.mog = { pkgs, ... }: {
85. imports = [ "${impermanence}/home-manager.nix" ];
86.  
87. programs.home-manager.enable = true;
88.  
89. home.persistence."/nix/persist/home/mog" = {
90. directories = [ ".ssh" "Downloads" ".config/hexchat" ];
91. files = [ ".bash_history" ];
92. };
93. };
94.  
95. boot.loader.systemd-boot.enable = true;
96. boot.loader.efi.canTouchEfiVariables = true;
97. boot.loader.systemd-boot.editor = false;
98.  
99. # fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
100. boot.kernelPackages = pkgs.linuxPackages_latest;
101.  
102. networking.useDHCP = false;
103. networking.interfaces.wlp6s0.useDHCP = false;
104.  
105. services.udev = {
106. extraRules = ''
107. ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="34:13:e8:37:5c:fd", NAME="wlan0"
108. # Rule for USB Receiver
109. SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c53e", MODE="0660", TAG+="uaccess", GROUP="dialout"
110.  
111. # Rule when connected via Bluetooth
112. # Updated rule, thanks to Torsten Maehne (https://github.com/maehne)
113. SUBSYSTEMS=="input", ATTRS{name}=="SPOTLIGHT*", MODE="0660", TAG+="uaccess", GROUP="dialout"
114. '';
115. };
116.  
117. services.tlp.enable = true;
118. services.tlp.extraConfig = ''
119. USB_BLACKLIST="1d50:60e6 20a0:4108"
120. '';
121.  
122. services.openssh.enable = true;
123. services.blueman.enable = true;
124. virtualisation.docker.enable = true;
125. networking.firewall.enable = false;
126.  
127. # Enable the X11 windowing system.
128. services.xserver.enable = true;
129. services.xserver.wacom.enable = true;
130. services.xserver.libinput.enable = true;
131. services.xserver.modules = [ pkgs.xf86_input_wacom ];
132. environment.variables = { MOZ_USE_XINPUT2="1"; };
133.  
134. services.xserver.layout = "us";
135. services.printing.enable = true;
136.  
137. services.xserver.displayManager.gdm.enable = true;
138. services.xserver.desktopManager.gnome3.enable = true;
139.  
140. sound.enable = true;
141. hardware.pulseaudio.enable = true;
142. hardware.opengl.driSupport32Bit = true;
143. hardware.pulseaudio.support32Bit = true;
144.  
145. hardware.pulseaudio.package = pkgs.pulseaudioFull;
146. hardware.bluetooth.enable = true;
147.  
148. services.logind.lidSwitch = "lock";
149. services.logind.lidSwitchDocked = "lock";
150.  
151. services.fstrim.enable = true;
152. services.fstrim.interval = "daily";
153.  
154.  
155. services.avahi.enable = true;
156. services.avahi.nssmdns = true;
157. services.lorri.enable = true;
158.  
159. # nixpkgs.overlays = [
160. # (import (builtins.fetchGit {
161. # url = "https://github.com/nix-community/emacs-overlay.git";
162. # ref = "66270257dde436cd434083746ae4a30ca4a870a0";
163. # }))
164. # ];
165. nixpkgs.overlays = [
166. (import (builtins.fetchTarball {
167. url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
168. }))
169. ];
170.  
171. environment.systemPackages = with pkgs; [
172. vim
173. firefox
174. ];
175.  
176. programs.bash.enableCompletion = true;
177.  
178. console.keyMap = "us";
179. console.font = "Lat2-Terminus16";
180. i18n = {
181. defaultLocale = "en_US.UTF-8";
182. };
183.  
184. fonts = {
185. enableFontDir = true;
186. enableGhostscriptFonts = true;
187. fonts = with pkgs; [
188. inconsolata # monospaced
189. ubuntu_font_family # Ubuntu fonts
190. unifont # some international languages
191. corefonts
192. mononoki
193. victor-mono
194. ankacoder
195. ankacoder-condensed
196. terminus_font
197. terminus_font_ttf
198. ];
199. };
200. }