20231203_configuration.nix

1. # Things that you have to do manually
2. # if you are re-installing or Gnome settings lost
3. # sign in to The Good Drive in Gnome file manager to mount that drive
4. # sing in to Google in Gnome - Online accounts
5. # use screen grabs from Google, Proton, Amazon, Bitwarden, in Authy and
6. # gnome authenticator to re-establish OTP provision
7. # sign into firefox
8. # probably more.....
9. # before you start logging into loads of site in firefox....
10. # set in firefox - settings - privacy & security - under use sustom settings for history
11. # untick "clear history when firefox closes" and this should keep you logged into e.g. fosstodon (which is where I tested it)
12.  
13. # Edit this configuration file to define what should be installed on
14. # your system. Help is available in the configuration.nix(5) man page
15. # and in the NixOS manual (accessible by running ‘nixos-help’).
16.  
17. # 2023-11-27 ,lib added for parental controls
18. { config, pkgs, ... }:
19. #{ config, pkgs, lib, ...}:
20.  
21. {
22. imports =
23. [ # Include the results of the hardware scan.
24. ./hardware-configuration.nix
25. # 2023-11-27 from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
26. #./nixos-parental-controls.nix
27. ];
28.  
29. # Bootloader.
30. boot.loader.systemd-boot.enable = true;
31. boot.loader.efi.canTouchEfiVariables = true;
32.  
33. networking.hostName = "nixos"; # Define your hostname.
34. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
35.  
36. # Configure network proxy if necessary
37. # networking.proxy.default = "http://user:password@proxy:port/";
38. # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
39.  
40. # Enable networking
41. networking.networkmanager.enable = true;
42.  
43. # Set your time zone.
44. time.timeZone = "Europe/Berlin";
45.  
46. # Select internationalisation properties.
47. i18n.defaultLocale = "en_GB.UTF-8";
48.  
49. i18n.extraLocaleSettings = {
50. LC_ADDRESS = "de_DE.UTF-8";
51. LC_IDENTIFICATION = "de_DE.UTF-8";
52. LC_MEASUREMENT = "de_DE.UTF-8";
53. LC_MONETARY = "de_DE.UTF-8";
54. LC_NAME = "de_DE.UTF-8";
55. LC_NUMERIC = "de_DE.UTF-8";
56. LC_PAPER = "de_DE.UTF-8";
57. LC_TELEPHONE = "de_DE.UTF-8";
58. LC_TIME = "de_DE.UTF-8";
59. };
60.  
61. # Enable the X11 windowing system.
62. services.xserver.enable = true;
63.  
64. # Enable the GNOME Desktop Environment.
65. services.xserver.displayManager.gdm.enable = true;
66. services.xserver.desktopManager.gnome.enable = true;
67.  
68. # Configure keymap in X11
69. services.xserver = {
70. layout = "de";
71. xkbVariant = "";
72. };
73.  
74. # Configure console keymap
75. console.keyMap = "de";
76.  
77. # Enable CUPS to print documents.
78. services.printing.enable = true;
79. # see https://nixos.wiki/wiki/Printing
80. services.printing.drivers = [pkgs.brlaser];
81. services.avahi = {
82. enable = true;
83. nssmdns = true;
84. openFirewall = true;
85. };
86.  
87. # Enable sound with pipewire.
88. sound.enable = true;
89. hardware.pulseaudio.enable = false;
90. security.rtkit.enable = true;
91. services.pipewire = {
92. enable = true;
93. alsa.enable = true;
94. alsa.support32Bit = true;
95. pulse.enable = true;
96. # If you want to use JACK applications, uncomment this
97. #jack.enable = true;
98.  
99. # use the example session manager (no others are packaged yet so this is enabled by default,
100. # no need to redefine it in your config for now)
101. #media-session.enable = true;
102. };
103.  
104. # Enable touchpad support (enabled default in most desktopManager).
105. # services.xserver.libinput.enable = true;
106.  
107. # Define a user account. Don't forget to set a password with ‘passwd’.
108. users.users.adingbatponder = {
109. isNormalUser = true;
110. description = "adingbatponder";
111. extraGroups = [ "networkmanager" "wheel" ];
112. packages = with pkgs; [
113. firefox
114. # thunderbird
115. ];
116. };
117.  
118. # 2023-11-27 define a child1 account for parental controls
119. users.users.child1 = {
120. isNormalUser = true;
121. description = "child1";
122. extraGroups = [ "networkmanager"]; # removed "wheel" as compared with adingbatponder
123. packages = with pkgs; [
124. firefox
125. # thunderbird
126. ];
127. };
128.  
129.  
130. # Allow unfree packages
131. nixpkgs.config.allowUnfree = true;
132.  
133. # List packages installed in system profile. To search, run:
134. # $ nix search wget
135. environment.systemPackages = with pkgs; [
136. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
137. # wget
138. # bitwarden as GUI crashed in some generatons.
139. # from: https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/2
140. # Try running the bitwarden app from the terminal with the command
141. # bitwarden --disable-gpu
142. # Alternatively try running it from the terminal with
143. # env WAYLAND_DISPLAY= bitwarden
144. bitwarden #for problems see above
145. protonvpn-gui
146. # authy failed to work so intalled google-authenticator even though apparently it is not so fab
147. authy
148. # google-authenticator runs from command line> google-authenticator
149. google-authenticator
150. # Gnome authenticator
151. authenticator
152. gnome.gnome-keyring
153. protonmail-bridge
154. threema-desktop
155. whatsapp-for-linux
156. # following removed because it seem not to result in any icon
157. # home-assistant-component-tests.govee_ble
158. gimp
159. vscode
160. git
161. thunderbird
162. # firefox stopped working 23-11-23 so installed fork librewolf on recommendation of Project Insanity@pi_crew@chaos.social
163. librewolf
164. firefox
165. # brave installed becaus firefox crashed for certain security setting pages in bitwarden.com
166. brave
167. gnome.gnome-tweaks
168. # element-desktop does not launch any sensible gui to tried element-web instead
169. # element-desktop
170. element-web
171. skypeforlinux
172. teams-for-linux
173. # teams commented out because creates errors
174. # teams
175. # pdf stuff
176. # recommended on https://opensource.com/alternatives/adobe-acrobat
177. evince
178. # just a random simple one
179. mupdf
180. # command line stuff follows:
181. usbutils
182. protonvpn-cli
183. # end of command line stuff.
184. # modem for sim lte
185. modemmanager
186. modem-manager-gui
187. # for testing script
188. # screen
189. # irssi
190. etcher #to make OS images
191. # python39 # required by default.nix in /etc/nixos/per-user-blocky
192. emacs # GNU emacs - if you can't beat them, join them: https://www.gnu.org/software/emacs/
193. vlc #video stuff
194. bottom # system monitor run from command line: btm
195. audacity # sound editor with graphical UI
196. nextcloud-client # nextcloud https://nextcloud.com/
197. ];
198.  
199. nixpkgs.config.permittedInsecurePackages = [
200. # 27-10-2023 to make error for bitwarden pass following recommendation from @Janik@chaos.social
201. "electron-24.8.6"
202.  
203. # 18-11-2023 for teams to work
204. # "teams-1.5.00.23861"
205. "electron-12.2.3" # for etcher to work
206. "electron-19.1.9" # for upgrade to 23.11 to work see ** note 03-12-2023
207. ];
208.  
209. systemd.user.services.startprotonvpn = {
210. # startprotonvpn is the arbitrary name I have given this service
211. description = "makes proton vpn start when user logs in after machine has just been booted";
212. script = ''
213. ${pkgs.protonvpn-cli}/bin/protonvpn-cli r
214. '';
215. # to run protonvpn from the command line the package protonvpn-cli was listed above in the environment.systempackages
216. # the option r uses the previously used protonvpn connection as set by user manually in the GUI or command line
217. # the so called killswitch setting (if on it cuts internet access if the vpn connection is lost or otherwise not active) in the GUI is on in this case - not sure that matters for this to work
218. wantedBy = [ "graphical-session.target" ];
219. partOf = [ "graphical-session.target" ];
220. };
221. # if running the the following command at the command line:
222. # systemctl status startprotonvpn.service
223. # the shell returns the following message:
224. # Unit startprotonvpn.service could not be found.
225. # so testing the above so-called service by eliminating error messages when using the above systemctl command was/is a waste of time in this case
226.  
227.  
228. # Some programs need SUID wrappers, can be configured further or are
229. # started in user sessions.
230. # programs.mtr.enable = true;
231. # programs.gnupg.agent = {
232. # enable = true;
233. # enableSSHSupport = true;
234. # };
235.  
236. # List services that you want to enable:
237.  
238. # Enable the OpenSSH daemon.
239. # services.openssh.enable = true;
240.  
241. # Open ports in the firewall.
242. # networking.firewall.allowedTCPPorts = [ ... ];
243. # networking.firewall.allowedUDPPorts = [ ... ];
244. # Or disable the firewall altogether.
245. # networking.firewall.enable = false;
246.  
247. # This value determines the NixOS release from which the default
248. # settings for stateful data, like file locations and database versions
249. # on your system were taken. It‘s perfectly fine and recommended to leave
250. # this value at the release version of the first install of this system.
251. # Before changing this value read the documentation for this option
252. # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
253. system.stateVersion = "23.05"; # Did you read the comment?
254.  
255.  
256. # # this is an attempt at parental conrols
257. # # 27-11-23
258. # # from https://github.com/jazmit/nixos-parental-controls/blob/main/nixos-parental-controls.nix
259. # # made in /ect/nixos the directory for per-user-blocky
260. # # put the module in imports above
261. # # from https://github.com/jazmit/nixos-parental-controls/tree/main
262. # # using the link above but puttin import elsewhere and adding lib as above
263. #services.parental-controls = {
264. # # set to false because not working
265. # enable = true;
266. # default = {
267. # mode = "blacklist";
268. # block-ads = true;
269. # };
270. # # added adingbatponder here
271. # per-user = {
272. # adingbatponder = {
273. # mode = "blacklist";
274. # blacklist = [
275. # "/bbc/"
276. # ];
277. # };
278. # #per-user = {
279. # child1 = {
280. # mode = "whitelist";
281. # whitelist = [
282. # "/bbc/"
283. # "/numbots/"
284. # "/ttrockstars/"
285. # "/lichess/"
286. # "/typingclub.com/"
287. # "/cloudflare/"
288. # "/googleapis/"
289. # "/gstatic.com/"
290. # "/prismatic.io/"
291. # "/hs-scripts.com/"
292. # ];
293. # };
294. # # child2 = {
295. # # mode = "blacklist";
296. # # block-adult = true;
297. # # blacklist = [
298. # # "/youtube/"
299. # # ];
300. # # };
301. # };
302. # };
303.  
304.  
305. # version control
306. # as suggested by Thomas Woolford
307. # @twoolie@ioc.exchange
308. # he wrote on 27-11-23 in fosstodon
309. # This will create a folder in /etc named nixos-built-with that will be filled
310. # with the contents of /etc/nixos at the time that
311. # the current generation was built.
312. # https://ioc.exchange/@twoolie/111501690072498877
313. # testing shows this overwrites the previous one each time
314. environment.etc."nixos-built-with".source = ./.;
315. } #inserted to see if error goes away
316. #** note 03-12-2023
317. #3-12-2023 for upgrade to 23.11
318. # as per
319. #sudo nix-channel --add https://channels.nixos.org/nixos-23.11 nixos
320. #sudo nixos-rebuild boot --upgrade
321. ## You probably get some errors and warnings here that you need to take care
322. ## of, do so and repeat until the above command succeeds
323. #sudo shutdown -r now
324. # end ** note 03-12-2023
325.  
326. # from
327. # https://discourse.nixos.org/t/how-to-get-back-to-a-kernel-version-where-all-packages-work-as-they-used-to/36020/6
328. #When you rebuild your system after changing configuration.nix, the result depends both on the contents of configuration.nix and on the current value of the nixos channel for root.
329. #That channel is updated if you run nixos-rebuild with the --upgrade option, and not otherwise.
330. #So the reason you keep getting the newer kernel is because the newer value of the nixos channel specifies a newer kernel version.
331. #
332. #If you want to build the current configuration.nix against an older value of the nixos channel, you can rollback the channel itself using nix-channel --rollback, optionally specifying a channel generation number.
333. #You can see the channel generations with
334. # ls /nix/var/nix/profiles/per-user/root
335. #—each entry that looks like channels-*-link indicates a generation number.
336. #If you rollback your channel (do this as root!) to a sufficiently old generation, and then run nixos-rebuild without --upgrade, you’ll get all the package versions (including the kernel) associated with the channel at the time of that channel generation,
337. #configured with the current contents of configuration.nix. No restoring anything from backup.
338.  
339.  
340.