20240107_configuration.nix

1. # Things that you have to do manually
2. # if you are re-installing or Gnome settings lost
3. # sign in to The Good Drive in Gnome file manager to mount that drive
4. # sing in to Google in Gnome - Online accounts
5. # use screen grabs from Google, Proton, Amazon, Bitwarden, in Authy and
6. # gnome authenticator to re-establish OTP provision
7. # sign into firefox
8. # probably more.....
9. # before you start logging into loads of site in firefox....
10. # set in firefox - settings - privacy & security - under use sustom settings for history
11. # untick "clear history when firefox closes" and this should keep you logged into e.g. fosstodon (which is where I tested it)
12.  
13. # Edit this configuration file to define what should be installed on
14. # your system. Help is available in the configuration.nix(5) man page
15. # and in the NixOS manual (accessible by running ‘nixos-help’).
16.  
17. # 2023-11-27 ,lib added for parental controls
18. { config, pkgs, ... }: # lib added for printing 6-1-24
19. #{ config, pkgs, lib, ...}:
20.  
21. {
22. imports =
23. [ # Include the results of the hardware scan.
24. ./hardware-configuration.nix
25. # 2023-11-27 from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
26. #./nixos-parental-controls.nix
27. ];
28.  
29. # Bootloader.
30. boot.loader.systemd-boot.enable = true;
31. boot.loader.efi.canTouchEfiVariables = true;
32.  
33. networking.hostName = "nixos"; # Define your hostname.
34. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
35.  
36. # Configure network proxy if necessary
37. # networking.proxy.default = "http://user:password@proxy:port/";
38. # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
39.  
40. # Enable networking
41. networking.networkmanager.enable = true;
42.  
43. # Set your time zone.
44. time.timeZone = "Europe/Berlin";
45.  
46. # Select internationalisation properties.
47. i18n.defaultLocale = "en_GB.UTF-8";
48.  
49. i18n.extraLocaleSettings = {
50. LC_ADDRESS = "de_DE.UTF-8";
51. LC_IDENTIFICATION = "de_DE.UTF-8";
52. LC_MEASUREMENT = "de_DE.UTF-8";
53. LC_MONETARY = "de_DE.UTF-8";
54. LC_NAME = "de_DE.UTF-8";
55. LC_NUMERIC = "de_DE.UTF-8";
56. LC_PAPER = "de_DE.UTF-8";
57. LC_TELEPHONE = "de_DE.UTF-8";
58. LC_TIME = "de_DE.UTF-8";
59. };
60.  
61. # Enable the X11 windowing system.
62. services.xserver.enable = true;
63.  
64. # Enable the GNOME Desktop Environment.
65. services.xserver.displayManager.gdm.enable = true;
66. services.xserver.desktopManager.gnome.enable = true;
67.  
68. # Configure keymap in X11
69. services.xserver = {
70. layout = "de";
71. xkbVariant = "";
72. };
73.  
74. # Configure console keymap
75. console.keyMap = "de";
76.  
77. # Enable CUPS to print documents.
78. services.printing.enable = true;
79. # see https://nixos.wiki/wiki/Printing
80. services.printing.drivers = [pkgs.brlaser]; #not sure if this is being used by the setup below....
81. # the service below was causing troule so I did the direct hardware.printers below
82. #services.avahi = {
83. #enable = true;
84. #nssmdns = true;
85. #openFirewall = true;
86. #};
87.  
88. # 05-01-2024 getting error in CUPS
89. #
90. # potentially useful website to debug this:
91. # https://devicetests.com/fixing-cups-browsed-error-ubuntu-printing
92. # to get cups type the following into the address bar of a browser:
93. # http://localhost:631/
94. # I deleted the printers from the Gnome settings and rebooted.
95. # cups and gnome have this printer only then:
96. # Brother_MFC_L3770CDW_series
97. # then the error message came up in cups next to the printer:
98. # “No suitable Destination Host found by cups-browsed”
99. # running the following at the command line fixed it:
100. # systemctl restart cups-browsed
101. # but doing this when there were two differently named printers before dit not fix it.
102. # the above is totally tempremental - seems to be paused all the time
103. # https://discourse.nixos.org/t/brother-dcp-572dw-wrapper/8113/2
104. # suggests the following:
105. # start 06012024
106.  
107. #hardware =
108. ##let
109. ## brother = "Brother_MFC_L3770CDW_series";
110. ## hostName = "printer.nixos"; #??? where get this from ??? host is the printer ???? see web link
111. ##in
112. #{
113. # printers = {
114. # ensureDefaultPrinter = "Brother_MFC_L3770CDW_series" ;
115. # ensurePrinters = [
116. # {
117. # name = "Brother_MFC_L3770CDW_series" ;
118. # deviceUri = "ipp://192.168.2.31:631/printers/Brother_MFC_L3770CDW_series";
119. # model = "everywhere";
120. # description = "Brother_MFC_L3770CDW";
121. # location = "upstairs upstairs";
122. # }
123. # ];
124. # };
125. #};
126. # but the above did not work for all sorts or reasons perhaps....
127.  
128. # 7-1-24 install printer using wiki https://nixos.wiki/wiki/Printing#Printer_sharing
129. # section "adding printers"
130. # use this URL to check what CUPS is doing: http://localhost:631/printers/
131. # run this command line command (intalled as package in the packages bit below) as an option for printer control: system-config-printer
132. hardware.printers = {
133. ensurePrinters = [
134. {
135. name = "Brother_MFC_L3770CDW_series";
136. location = "Home; upstairs upstairs";
137. deviceUri = "http://192.168.2.31:631"; #there is only one printer on that port so no further name specified...
138. # note that the wiki example has deviceUri = "http://192.168.178.2:631/printers/Dell_1250c";
139. # so perhaps if there is more than one printer one has to be more specific...
140. # using device uri from "discovered" by CUPS using the when "change printer" menu in CUPS did not work
141. model = "drv:///sample.drv/generic.ppd"; #using this works on 7-1-23 18:28
142. # to see which drivers are installed and available
143. # as stated in https://www.cups.org/doc/admin.html under "Printer Drivers and PPDs"
144. # use command line:
145. # lpinfo -m
146. # but this CUPS site recommends in fact using "everywhere" option....
147. # model = "everywhere";
148. # but this produces error containing amongst other things the following message:
149. # "lpadmin: IPP Everywhere driver requires an IPP connection."
150. # and this error present whether or not avahi service is commented out above --- even after reboot ----
151. # the above is used with services.avahi NOT used i.e commented out above
152. ppdOptions = {
153. PageSize = "A4";
154. };
155. }
156. ];
157. ensureDefaultPrinter = "Brother_MFC_L3770CDW_series";
158. };
159.  
160. # dnssd://Brother%20MFC-L3770CDW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-3c2af4d70a6b
161.  
162. # end 060102024
163. # Enable sound with pipewire.
164. sound.enable = true;
165. hardware.pulseaudio.enable = false;
166. security.rtkit.enable = true;
167. services.pipewire = {
168. enable = true;
169. alsa.enable = true;
170. alsa.support32Bit = true;
171. pulse.enable = true;
172. # If you want to use JACK applications, uncomment this
173. #jack.enable = true;
174.  
175. # use the example session manager (no others are packaged yet so this is enabled by default,
176. # no need to redefine it in your config for now)
177. #media-session.enable = true;
178. };
179.  
180. # Enable touchpad support (enabled default in most desktopManager).
181. # services.xserver.libinput.enable = true;
182.  
183. # Define a user account. Don't forget to set a password with ‘passwd’.
184. users.users.adingbatponder = {
185. isNormalUser = true;
186. description = "adingbatponder";
187. extraGroups = [ "networkmanager" "wheel" ];
188. packages = with pkgs; [
189. firefox
190. # thunderbird
191. ];
192. };
193.  
194. # 2023-11-27 define a child1 account for parental controls
195. users.users.child1 = {
196. isNormalUser = true;
197. description = "child1";
198. extraGroups = [ "networkmanager"]; # removed "wheel" as compared with adingbatponder
199. packages = with pkgs; [
200. firefox
201. # thunderbird
202. ];
203. };
204.  
205.  
206. # Allow unfree packages
207. nixpkgs.config.allowUnfree = true;
208.  
209. # 10-12-2023 $$ suggestion from @[email protected]
210. # due to kernel issue as reported here:
211. # https://hachyderm.io/@danderson/111553570317756603
212. # which links to this:
213. # https://lwn.net/Articles/954285/
214.  
215. boot.kernelPackages = pkgs.linuxPackages_latest;
216.  
217. # end 10-12-2023 $$
218. # 10-12-2023
219. # setting nicer manpages
220. # from https://nixos.wiki/wiki/Man_pages
221. # first time then run
222. # man configuratoin.nix
223. # returns error
224. #
225. # so I ran
226. # makewhatis /nix/store/z7w66bgp3qym4imw6s8rk08lp8ns03lb-system-path/share/man
227. # and get something that works but does not seem as nice as it should be
228. # that kinda sucks do did the other stuff marked after §
229. #documentation.man = {
230. # In order to enable to mandoc man-db has to be disabled.
231. #man-db.enable = false;
232. #mandoc.enable = true;
233. #};
234. # $
235. # environment.systemPackages = [ pkgs.man-pages pkgs.man-pages-posix ];
236. # above is moved down
237. documentation.dev.enable = true;
238. # end $
239.  
240. # List packages installed in system profile. To search, run:
241. # $ nix search wget
242. environment.systemPackages = with pkgs; [
243. # $ 2023-12-10
244. man-pages
245. man-pages-posix
246. # $
247. groff # reads plain text and makes pdf - needed to manpage to pdf
248. # mandoc # from https://tex.stackexchange.com/questions/390724/how-to-create-pdf-from-linux-man-pages-so-that-style-is-presereved
249. # which above site recomments piping to mandoc -T pdf > filename.pdf
250. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
251. # wget
252. # bitwarden as GUI crashed in some generatons.
253. # from: https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/2
254. # Try running the bitwarden app from the terminal with the command
255. # bitwarden --disable-gpu
256. # Alternatively try running it from the terminal with
257. # env WAYLAND_DISPLAY= bitwarden
258. bitwarden #for problems see above
259. protonvpn-gui
260. # authy failed to work so intalled google-authenticator even though apparently it is not so fab
261. authy
262. # google-authenticator runs from command line> google-authenticator
263. google-authenticator
264. # Gnome authenticator
265. authenticator
266. gnome.gnome-keyring
267. protonmail-bridge
268. threema-desktop
269. whatsapp-for-linux
270. # following removed because it seem not to result in any icon
271. # home-assistant-component-tests.govee_ble
272. gimp
273. vscode
274. git
275. thunderbird
276. # firefox stopped working 23-11-23 so installed fork librewolf on recommendation of Project Insanity@[email protected]
277. librewolf
278. firefox
279. # brave installed becaus firefox crashed for certain security setting pages in bitwarden.com
280. brave
281. gnome.gnome-tweaks
282. # element-desktop does not launch any sensible gui to tried element-web instead
283. # element-desktop
284. element-web
285. skypeforlinux
286. teams-for-linux
287. # teams commented out because creates errors
288. # teams
289. # pdf stuff
290. # recommended on https://opensource.com/alternatives/adobe-acrobat
291. evince
292. # just a random simple one
293. mupdf
294. # command line stuff follows:
295. usbutils
296. protonvpn-cli
297. system-config-printer # to see printer behaviour in cups
298. # end of command line stuff.
299. # modem for sim lte
300. modemmanager
301. modem-manager-gui
302. # for testing script
303. # screen
304. # irssi
305. etcher #to make OS images
306. # python39 # required by default.nix in /etc/nixos/per-user-blocky
307. emacs # GNU emacs - if you can't beat them, join them: https://www.gnu.org/software/emacs/
308. vlc #video stuff
309. bottom # system monitor run from command line: btm
310. audacity # sound editor with graphical UI
311. nextcloud-client # nextcloud https://nextcloud.com/
312. libreoffice #essential
313. pandoc #docment format converter
314. #
315. #* imported list of packages follows, some commneted out:
316. #* 20240101 from https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
317. neofetch
318. nnn # terminal file manager
319.  
320. # archives
321. zip
322. xz
323. unzip
324. p7zip
325.  
326. # utils
327. ripgrep # recursively searches directories for a regex pattern
328. #jq # A lightweight and flexible command-line JSON processor
329. #yq-go # yaml processer https://github.com/mikefarah/yq
330. # exa # A modern replacement for ‘ls’ generates error
331. fzf # A command-line fuzzy finder
332.  
333. # networking tools
334. mtr # A network diagnostic tool
335. #iperf3
336. #dnsutils # `dig` + `nslookup`
337. #ldns # replacement of `dig`, it provide the command `drill`
338. #aria2 # A lightweight multi-protocol & multi-source command-line download utility
339. #socat # replacement of openbsd-netcat
340. #nmap # A utility for network discovery and security auditing
341. #ipcalc # it is a calculator for the IPv4/v6 addresses
342.  
343. # misc
344. cowsay
345. file
346. which
347. tree
348. gnused
349. gnutar
350. gawk
351. zstd
352. gnupg
353.  
354. # nix related
355. #
356. # it provides the command `nom` works just like `nix`
357. # with more details log output
358. nix-output-monitor
359.  
360. # productivity
361. hugo # static site generator
362. glow # markdown previewer in terminal
363.  
364. btop # replacement of htop/nmon
365. iotop # io monitoring
366. iftop # network monitoring
367.  
368. # system call monitoring
369. strace # system call monitoring
370. ltrace # library call monitoring
371. lsof # list open files
372.  
373. # system tools
374. sysstat
375. lm_sensors # for `sensors` command
376. ethtool
377. pciutils # lspci
378. usbutils # lsusb
379. #* 20240101 end of import from https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
380. ];
381.  
382. nixpkgs.config.permittedInsecurePackages = [
383. # 27-10-2023 to make error for bitwarden pass following recommendation from @[email protected]
384. "electron-24.8.6"
385.  
386. # 18-11-2023 for teams to work
387. # "teams-1.5.00.23861"
388. "electron-12.2.3" # for etcher to work
389. "electron-19.1.9" # for upgrade to 23.11 to work see ** note 03-12-2023
390. ];
391.  
392. systemd.user.services.startprotonvpn = {
393. # startprotonvpn is the arbitrary name I have given this service
394. description = "makes proton vpn start when user logs in after machine has just been booted";
395. script = ''
396. ${pkgs.protonvpn-cli}/bin/protonvpn-cli r
397. '';
398. # to run protonvpn from the command line the package protonvpn-cli was listed above in the environment.systempackages
399. # the option r uses the previously used protonvpn connection as set by user manually in the GUI or command line
400. # the so called killswitch setting (if on it cuts internet access if the vpn connection is lost or otherwise not active) in the GUI is on in this case - not sure that matters for this to work
401. wantedBy = [ "graphical-session.target" ];
402. partOf = [ "graphical-session.target" ];
403. };
404. # if running the the following command at the command line:
405. # systemctl status startprotonvpn.service
406. # the shell returns the following message:
407. # Unit startprotonvpn.service could not be found.
408. # so testing the above so-called service by eliminating error messages when using the above systemctl command was/is a waste of time in this case
409.  
410.  
411. # Some programs need SUID wrappers, can be configured further or are
412. # started in user sessions.
413. # programs.mtr.enable = true;
414. # programs.gnupg.agent = {
415. # enable = true;
416. # enableSSHSupport = true;
417. # };
418.  
419. # List services that you want to enable:
420.  
421. # Enable the OpenSSH daemon.
422. # services.openssh.enable = true;
423.  
424. # Open ports in the firewall.
425. # networking.firewall.allowedTCPPorts = [ ... ];
426. # networking.firewall.allowedUDPPorts = [ ... ];
427. # Or disable the firewall altogether.
428. # networking.firewall.enable = false;
429.  
430. # This value determines the NixOS release from which the default
431. # settings for stateful data, like file locations and database versions
432. # on your system were taken. It‘s perfectly fine and recommended to leave
433. # this value at the release version of the first install of this system.
434. # Before changing this value read the documentation for this option
435. # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
436. system.stateVersion = "23.05"; # Did you read the comment?
437.  
438.  
439. # # this is an attempt at parental conrols
440. # # 27-11-23
441. # # from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
442. # # made in /ect/nixos the directory for per-user-blocky
443. # # put the module in imports above
444. # # from https://github.com/jazmit/nixos-parental-controls/tree/main
445. # # using the link above but puttin import elsewhere and adding lib as above
446. #services.parental-controls = {
447. # # set to false because not working
448. # enable = true;
449. # default = {
450. # mode = "blacklist";
451. # block-ads = true;
452. # };
453. # # added adingbatponder here
454. # per-user = {
455. # adingbatponder = {
456. # mode = "blacklist";
457. # blacklist = [
458. # "/bbc/"
459. # ];
460. # };
461. # #per-user = {
462. # child1 = {
463. # mode = "whitelist";
464. # whitelist = [
465. # "/bbc/"
466. # "/numbots/"
467. # "/ttrockstars/"
468. # "/lichess/"
469. # "/typingclub.com/"
470. # "/cloudflare/"
471. # "/googleapis/"
472. # "/gstatic.com/"
473. # "/prismatic.io/"
474. # "/hs-scripts.com/"
475. # ];
476. # };
477. # # child2 = {
478. # # mode = "blacklist";
479. # # block-adult = true;
480. # # blacklist = [
481. # # "/youtube/"
482. # # ];
483. # # };
484. # };
485. # };
486.  
487.  
488. # version control
489. # as suggested by Thomas Woolford
490. # @[email protected]
491. # he wrote on 27-11-23 in fosstodon
492. # This will create a folder in /etc named nixos-built-with that will be filled
493. # with the contents of /etc/nixos at the time that
494. # the current generation was built.
495. # https://ioc.exchange/@twoolie/111501690072498877
496. # testing shows this overwrites the previous one each time
497. environment.etc."nixos-built-with".source = ./.;
498. } #inserted to see if error goes away
499. #** note 03-12-2023
500. #3-12-2023 for upgrade to 23.11
501. # as per https://discourse.nixos.org/t/nixos-23-11-released/36210/12
502. #sudo nix-channel --add https://channels.nixos.org/nixos-23.11 nixos
503. #sudo nixos-rebuild boot --upgrade
504. ## You probably get some errors and warnings here that you need to take care
505. ## of, do so and repeat until the above command succeeds
506. #sudo shutdown -r now
507. # end ** note 03-12-2023
508.  
509. # from
510. # https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/6
511. #When you rebuild your system after changing configuration.nix, the result depends both on the contents of configuration.nix and on the current value of the nixos channel for root.
512. #That channel is updated if you run nixos-rebuild with the --upgrade option, and not otherwise.
513. #So the reason you keep getting the newer kernel is because the newer value of the nixos channel specifies a newer kernel version.
514. #
515. #If you want to build the current configuration.nix against an older value of the nixos channel, you can rollback the channel itself using nix-channel --rollback, optionally specifying a channel generation number.
516. #You can see the channel generations with
517. # ls /nix/var/nix/profiles/per-user/root
518. #—each entry that looks like channels-*-link indicates a generation number.
519. #If you rollback your channel (do this as root!) to a sufficiently old generation, and then run nixos-rebuild without --upgrade, you’ll get all the package versions (including the kernel) associated with the channel at the time of that channel generation,
520. #configured with the current contents of configuration.nix. No restoring anything from backup.
521.