Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Things that you have to do manually
- # if you are re-installing or Gnome settings lost
- # sign in to The Good Drive in Gnome file manager to mount that drive
- # sing in to Google in Gnome - Online accounts
- # use screen grabs from Google, Proton, Amazon, Bitwarden, in Authy and
- # gnome authenticator to re-establish OTP provision
- # sign into firefox
- # probably more.....
- # before you start logging into loads of site in firefox....
- # set in firefox - settings - privacy & security - under use sustom settings for history
- # untick "clear history when firefox closes" and this should keep you logged into e.g. fosstodon (which is where I tested it)
- # Edit this configuration file to define what should be installed on
- # your system. Help is available in the configuration.nix(5) man page
- # and in the NixOS manual (accessible by running ‘nixos-help’).
- # 2023-11-27 ,lib added for parental controls
- { config, pkgs, ... }:
- #{ config, pkgs, lib, ...}:
- {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- # 2023-11-27 from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
- #./nixos-parental-controls.nix
- ];
- # Bootloader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- networking.hostName = "nixos"; # Define your hostname.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- # Configure network proxy if necessary
- # networking.proxy.default = "http://user:password@proxy:port/";
- # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
- # Enable networking
- networking.networkmanager.enable = true;
- # Set your time zone.
- time.timeZone = "Europe/Berlin";
- # Select internationalisation properties.
- i18n.defaultLocale = "en_GB.UTF-8";
- i18n.extraLocaleSettings = {
- LC_ADDRESS = "de_DE.UTF-8";
- LC_IDENTIFICATION = "de_DE.UTF-8";
- LC_MEASUREMENT = "de_DE.UTF-8";
- LC_MONETARY = "de_DE.UTF-8";
- LC_NAME = "de_DE.UTF-8";
- LC_NUMERIC = "de_DE.UTF-8";
- LC_PAPER = "de_DE.UTF-8";
- LC_TELEPHONE = "de_DE.UTF-8";
- LC_TIME = "de_DE.UTF-8";
- };
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- # Enable the GNOME Desktop Environment.
- services.xserver.displayManager.gdm.enable = true;
- services.xserver.desktopManager.gnome.enable = true;
- # Configure keymap in X11
- services.xserver = {
- layout = "de";
- xkbVariant = "";
- };
- # Configure console keymap
- console.keyMap = "de";
- # Enable CUPS to print documents.
- services.printing.enable = true;
- # see https://nixos.wiki/wiki/Printing
- services.printing.drivers = [pkgs.brlaser];
- services.avahi = {
- enable = true;
- nssmdns = true;
- openFirewall = true;
- };
- # Enable sound with pipewire.
- sound.enable = true;
- hardware.pulseaudio.enable = false;
- security.rtkit.enable = true;
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- # If you want to use JACK applications, uncomment this
- #jack.enable = true;
- # use the example session manager (no others are packaged yet so this is enabled by default,
- # no need to redefine it in your config for now)
- #media-session.enable = true;
- };
- # Enable touchpad support (enabled default in most desktopManager).
- # services.xserver.libinput.enable = true;
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.users.adingbatponder = {
- isNormalUser = true;
- description = "adingbatponder";
- extraGroups = [ "networkmanager" "wheel" ];
- packages = with pkgs; [
- firefox
- # thunderbird
- ];
- };
- # 2023-11-27 define a child1 account for parental controls
- users.users.child1 = {
- isNormalUser = true;
- description = "child1";
- extraGroups = [ "networkmanager"]; # removed "wheel" as compared with adingbatponder
- packages = with pkgs; [
- firefox
- # thunderbird
- ];
- };
- # Allow unfree packages
- nixpkgs.config.allowUnfree = true;
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
- # wget
- # bitwarden as GUI crashed in some generatons.
- # from: https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/2
- # Try running the bitwarden app from the terminal with the command
- # bitwarden --disable-gpu
- # Alternatively try running it from the terminal with
- # env WAYLAND_DISPLAY= bitwarden
- bitwarden #for problems see above
- protonvpn-gui
- # authy failed to work so intalled google-authenticator even though apparently it is not so fab
- authy
- # google-authenticator runs from command line> google-authenticator
- google-authenticator
- # Gnome authenticator
- authenticator
- gnome.gnome-keyring
- protonmail-bridge
- threema-desktop
- whatsapp-for-linux
- # following removed because it seem not to result in any icon
- # home-assistant-component-tests.govee_ble
- gimp
- vscode
- git
- thunderbird
- # firefox stopped working 23-11-23 so installed fork librewolf on recommendation of Project Insanity@pi_crew@chaos.social
- librewolf
- firefox
- # brave installed becaus firefox crashed for certain security setting pages in bitwarden.com
- brave
- gnome.gnome-tweaks
- # element-desktop does not launch any sensible gui to tried element-web instead
- # element-desktop
- element-web
- skypeforlinux
- teams-for-linux
- # teams commented out because creates errors
- # teams
- # pdf stuff
- # recommended on https://opensource.com/alternatives/adobe-acrobat
- evince
- # just a random simple one
- mupdf
- # command line stuff follows:
- usbutils
- protonvpn-cli
- # end of command line stuff.
- # modem for sim lte
- modemmanager
- modem-manager-gui
- # for testing script
- # screen
- # irssi
- etcher #to make OS images
- # python39 # required by default.nix in /etc/nixos/per-user-blocky
- emacs # GNU emacs - if you can't beat them, join them: https://www.gnu.org/software/emacs/
- vlc #video stuff
- bottom # system monitor run from command line: btm
- audacity # sound editor with graphical UI
- nextcloud-client # nextcloud https://nextcloud.com/
- ];
- nixpkgs.config.permittedInsecurePackages = [
- # 27-10-2023 to make error for bitwarden pass following recommendation from @Janik@chaos.social
- "electron-24.8.6"
- # 18-11-2023 for teams to work
- # "teams-1.5.00.23861"
- "electron-12.2.3" # for etcher to work
- "electron-19.1.9" # for upgrade to 23.11 to work see ** note 03-12-2023
- ];
- systemd.user.services.startprotonvpn = {
- # startprotonvpn is the arbitrary name I have given this service
- description = "makes proton vpn start when user logs in after machine has just been booted";
- script = ''
- ${pkgs.protonvpn-cli}/bin/protonvpn-cli r
- '';
- # to run protonvpn from the command line the package protonvpn-cli was listed above in the environment.systempackages
- # the option r uses the previously used protonvpn connection as set by user manually in the GUI or command line
- # the so called killswitch setting (if on it cuts internet access if the vpn connection is lost or otherwise not active) in the GUI is on in this case - not sure that matters for this to work
- wantedBy = [ "graphical-session.target" ];
- partOf = [ "graphical-session.target" ];
- };
- # if running the the following command at the command line:
- # systemctl status startprotonvpn.service
- # the shell returns the following message:
- # Unit startprotonvpn.service could not be found.
- # so testing the above so-called service by eliminating error messages when using the above systemctl command was/is a waste of time in this case
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
- # List services that you want to enable:
- # Enable the OpenSSH daemon.
- # services.openssh.enable = true;
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "23.05"; # Did you read the comment?
- # # this is an attempt at parental conrols
- # # 27-11-23
- # # from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
- # # made in /ect/nixos the directory for per-user-blocky
- # # put the module in imports above
- # # from https://github.com/jazmit/nixos-parental-controls/tree/main
- # # using the link above but puttin import elsewhere and adding lib as above
- #services.parental-controls = {
- # # set to false because not working
- # enable = true;
- # default = {
- # mode = "blacklist";
- # block-ads = true;
- # };
- # # added adingbatponder here
- # per-user = {
- # adingbatponder = {
- # mode = "blacklist";
- # blacklist = [
- # "/bbc/"
- # ];
- # };
- # #per-user = {
- # child1 = {
- # mode = "whitelist";
- # whitelist = [
- # "/bbc/"
- # "/numbots/"
- # "/ttrockstars/"
- # "/lichess/"
- # "/typingclub.com/"
- # "/cloudflare/"
- # "/googleapis/"
- # "/gstatic.com/"
- # "/prismatic.io/"
- # "/hs-scripts.com/"
- # ];
- # };
- # # child2 = {
- # # mode = "blacklist";
- # # block-adult = true;
- # # blacklist = [
- # # "/youtube/"
- # # ];
- # # };
- # };
- # };
- # version control
- # as suggested by Thomas Woolford
- # @twoolie@ioc.exchange
- # he wrote on 27-11-23 in fosstodon
- # This will create a folder in /etc named nixos-built-with that will be filled
- # with the contents of /etc/nixos at the time that
- # the current generation was built.
- # https://ioc.exchange/@twoolie/111501690072498877
- # testing shows this overwrites the previous one each time
- environment.etc."nixos-built-with".source = ./.;
- } #inserted to see if error goes away
- #** note 03-12-2023
- #3-12-2023 for upgrade to 23.11
- # as per
- #sudo nix-channel --add https://channels.nixos.org/nixos-23.11 nixos
- #sudo nixos-rebuild boot --upgrade
- ## You probably get some errors and warnings here that you need to take care
- ## of, do so and repeat until the above command succeeds
- #sudo shutdown -r now
- # end ** note 03-12-2023
- # from
- # https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/6
- #When you rebuild your system after changing configuration.nix, the result depends both on the contents of configuration.nix and on the current value of the nixos channel for root.
- #That channel is updated if you run nixos-rebuild with the --upgrade option, and not otherwise.
- #So the reason you keep getting the newer kernel is because the newer value of the nixos channel specifies a newer kernel version.
- #
- #If you want to build the current configuration.nix against an older value of the nixos channel, you can rollback the channel itself using nix-channel --rollback, optionally specifying a channel generation number.
- #You can see the channel generations with
- # ls /nix/var/nix/profiles/per-user/root
- #—each entry that looks like channels-*-link indicates a generation number.
- #If you rollback your channel (do this as root!) to a sufficiently old generation, and then run nixos-rebuild without --upgrade, you’ll get all the package versions (including the kernel) associated with the channel at the time of that channel generation,
- #configured with the current contents of configuration.nix. No restoring anything from backup.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement