All NixOS config changes since last commit

This commit is contained in:
Arne Keller 2022-02-04 18:59:47 +01:00
parent 87c74b0141
commit 2f77fe642b

View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
let let
my-python3-packages = python3-packages: with python3-packages; [ my-python3-packages = python3-packages: with python3-packages; [
@ -11,6 +11,10 @@ let
pyside2 pyside2
markdown markdown
psutil psutil
scipy
numpy
pillow
]; ];
#my-python2-packages = python2-packages: with python2-packages; [ #my-python2-packages = python2-packages: with python2-packages; [
# pip setuptools # pip setuptools
@ -22,8 +26,12 @@ let
# pyopengl-accelerate # pyopengl-accelerate
#]; #];
python3-with-my-packages = pkgs.python3.withPackages my-python3-packages; python3-with-my-packages = pkgs.python3.withPackages my-python3-packages;
#python2-with-my-packages = pkgs.python2.withPackages my-python2-packages; #python2-with-my-packages = pkgs.python2.withPackages my-python2-packages;
linuxPackages = pkgs.linuxPackages_5_10; linuxPackages = pkgs.linuxPackages_5_10;
mpvPlus = pkgs.mpv-with-scripts.override {
scripts = [ pkgs.mpvScripts.mpris ];
};
microsoftErgonomicKeyboard = pkgs.callPackage /home/arne/nixpkgs/microsoft-ergonomic-keyboard { kernel = linuxPackages.kernel; };
in in
{ {
imports = imports =
@ -31,13 +39,20 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
# Use the systemd-boot EFI boot loader. nix.autoOptimiseStore = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = linuxPackages; boot.kernelPackages = linuxPackages;
boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; #boot.kernelPatches = [
boot.kernelModules = [ "v4l2loopback" ]; # {
boot.kernelParams = [ "mitigations=off" ]; # name = "fixup MS keyboard";
# patch = /home/arne/src/linux-5.10.62/0001-change-it.patch;
# }
#];
boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback microsoftErgonomicKeyboard ];
boot.kernelModules = [ "v4l2loopback" "nct6775" "hid_microsoft_ergonomic" ];
boot.kernelParams = [ "mitigations=off" "amdgpu.noretry=0" ];
boot.kernel.sysctl = { boot.kernel.sysctl = {
# enable Alt+SysRq commands # enable Alt+SysRq commands
"kernel.sysrq" = 1; "kernel.sysrq" = 1;
@ -57,12 +72,32 @@ in
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
hardware.mcelog.enable = true;
services.fstrim.enable = true; services.fstrim.enable = true;
services.journald.extraConfig = "SystemMaxUse=100M"; services.journald.extraConfig = "SystemMaxUse=100M";
#hardware.bluetooth.enable = true;
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp39s0.useDHCP = true; networking.interfaces.enp39s0.useDHCP = true;
#networking.interfaces.enp42s0f3u2.useDHCP = false;
#networking.interfaces.enp42s0f3u2.proxyARP = true;
#networking.interfaces.enp42s0f3u2.ipv4.routes = [
# {
# address = "10.0.0.0";
# prefixLength = 24;
# }
#];
#networking.interfaces.enp42s0f3u2.ipv4.addresses = [
# {
# address = "10.0.0.1";
# prefixLength = 24;
# }
#];
networking.hostName = "nixOS"; networking.hostName = "nixOS";
#networking.hosts = {
# "10.0.0.2" = [ "arne-ThinkPad-T410" ];
#};
networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedConnections = false;
networking.firewall.rejectPackets = true; networking.firewall.rejectPackets = true;
networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ]; networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ];
@ -80,7 +115,7 @@ in
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults insults Defaults insults
Defaults timestamp_timeout=-1 Defaults timestamp_timeout=10
''; '';
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -99,7 +134,6 @@ in
KDE_UTF8_FILENAMES = "1"; KDE_UTF8_FILENAMES = "1";
ANDROID_SDK_HOME = "$HOME/.cache"; ANDROID_SDK_HOME = "$HOME/.cache";
GRADLE_USER_HOME = "$HOME/.cache/gradle"; GRADLE_USER_HOME = "$HOME/.cache/gradle";
MATHEMATICA_USERBASE = "$HOME/.cache/mathematica";
XCOMPOSECACHE = "$HOME/.cache/X11/xcompose"; XCOMPOSECACHE = "$HOME/.cache/X11/xcompose";
}; };
environment.extraInit = '' environment.extraInit = ''
@ -125,17 +159,29 @@ in
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.enableCtrlAltBackspace = true; services.xserver.enableCtrlAltBackspace = true;
services.xserver.libinput.enable = true; services.xserver.libinput.enable = true;
services.xserver.layout = "us"; #services.xserver.libinput.accelProfile = "flat";
services.xserver.xkbVariant = "dvorak"; services.xserver.layout = "dvorak-custom";
services.xserver.extraLayouts = {
dvorak-custom = {
description = "Dvorak customized";
languages = [ "eng" ];
symbolsFile = /home/arne/.config/dvorak-custom;
};
};
services.xserver.autoRepeatDelay = 183;
services.xserver.autoRepeatInterval = 33;
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.job.logToJournal = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma5.enable = true;
xdg.portal.enable = true; xdg.portal.enable = true;
xdg.portal.gtkUsePortal = true; xdg.portal.gtkUsePortal = true;
fonts.enableDefaultFonts = true; fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
noto-fonts-emoji noto-fonts-emoji
liberation_ttf liberation_ttf
cozette
font-awesome
]; ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@ -143,6 +189,10 @@ in
#virtualisation.anbox.enable = true; #virtualisation.anbox.enable = true;
# services.printing.enable = true; # services.printing.enable = true;
services.trilium-server.enable = true;
#services.trilium-server.dataDir = "/home/arne/.local/share/trilium-sync-server-data";
#services.trilium-server.host = "192.168.178.21";
services.trilium-server.port = 12783;
services.boinc.enable = true; services.boinc.enable = true;
services.vnstat.enable = true; services.vnstat.enable = true;
services.gitlab-runner.enable = true; services.gitlab-runner.enable = true;
@ -150,11 +200,12 @@ in
shell = { shell = {
registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration"; registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration";
executor = "shell"; executor = "shell";
buildsDir = "/tmp/builds_dir";
}; };
shell2 = { #shell2 = {
registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv"; # registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv";
executor = "shell"; # executor = "shell";
}; #};
}; };
services.openvpn.servers = { services.openvpn.servers = {
kit-split = { kit-split = {
@ -172,9 +223,24 @@ in
}; };
# services.logmein-hamachi.enable = true; # services.logmein-hamachi.enable = true;
sound.enable = true; sound.enable = false;
hardware.pulseaudio.enable = true; #hardware.pulseaudio.enable = false;
hardware.pulseaudio.support32Bit = true; #hardware.pulseaudio.support32Bit = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# this does not exist (yet?)
#pulse.support32Bit = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
hardware.opengl.enable = true; hardware.opengl.enable = true;
hardware.opengl.driSupport = true; hardware.opengl.driSupport = true;
@ -184,7 +250,7 @@ in
users.users.arne = { users.users.arne = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "docker" "adbusers" ]; extraGroups = [ "wheel" "docker" "adbusers" "wireshark" "audio" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -197,55 +263,43 @@ in
"mathematica" "mathematica"
"idea-ultimate" "idea-ultimate"
"android-studio-stable" "android-studio-stable"
#"logmein-hamachi"
]; ];
packageOverrides = super: let self = super.pkgs; in { packageOverrides = super: let self = super.pkgs; in {
maven = super.maven.override { maven = super.maven.override {
jdk = super.pkgs.jdk11; jdk = super.pkgs.jdk11;
}; };
# remove tesseract and ImageMagick # remove openssl/curl
ripgrep-all = super.ripgrep-all.overrideDerivation (attrs: { rustup = super.rustup.overrideAttrs (attrs: rec {
postInstall = '' buildInputs = [ super.pkgs.zlib ];
wrapProgram $out/bin/rga \ cargoBuildFlags = [ "--no-default-features --features no-self-update,reqwest-backend,reqwest-rustls-tls" ];
--prefix PATH ":" "${super.pkgs.lib.makeBinPath [ super.pkgs.pandoc super.pkgs.poppler_utils super.pkgs.ripgrep ]}" doCheck = false;
'';
doInstallCheck = false;
}); });
qbittorrent = super.qbittorrent.overrideAttrs (attrs: rec {
version = "4.3.4.1";
src = pkgs.fetchFromGitHub {
owner = "qbittorrent";
repo = "qbittorrent";
rev = "release-4.3.4.1"; # TODO: is there some reason this also has to be specified?
sha256 = "0hpv99ky077h5rvxxd76l5xv99ivqa1hq6739jp1gvl4w6w3cbgc";
};
});
# remove openssl
#rustup = super.rustup.overrideAttrs (attrs: rec {
# buildInputs = [ super.pkgs.zlib ];
# # this does not actually work due to #103130
# cargoBuildFlags = [ "--no-default-features" "--features" "no-self-update" "reqwest-backend" "reqwest-rustls-tls" ];
# doCheck = false;
#});
}; };
}; };
programs.steam.enable = true; programs.steam.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
programs.zsh.enableGlobalCompInit = false; programs.zsh.enableGlobalCompInit = false;
programs.zsh.interactiveShellInit = ''
source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
'';
programs.command-not-found.enable = false;
programs.adb.enable = true; programs.adb.enable = true;
programs.gnupg.agent = { programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = false;
pinentryFlavor = "qt"; pinentryFlavor = "qt";
}; };
# do not show unlock prompt on login
security.pam.services.sddm.enableKwallet = lib.mkOverride 0 false;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# standard utilities # standard utilities
coreutils coreutils
gzip gzip
gcc
manpages manpages
dnsutils dnsutils
vim htop curl wget file zsh git vim htop curl wget file zsh git git-branchless
tree killall tree killall
# premium utilities # premium utilities
jq tmux jq tmux
@ -255,6 +309,7 @@ in
iotop iotop
img2pdf img2pdf
pdftk pdftk
exa
fd fd
zoxide zoxide
fzf fzf
@ -263,39 +318,47 @@ in
ffmpeg_4 ffmpeg_4
# programming environments # programming environments
geckodriver #geckodriver
#python2-with-my-packages #python2-with-my-packages
python3-with-my-packages python3-with-my-packages
jdk11 maven visualvm jdk8
#visualvm
rustup rustup
jupyter cargo-outdated cargo-edit
#jupyter
vscodium vscodium
jetbrains.idea-ultimate jetbrains.idea-ultimate
#androidStudioPackages.stable #androidStudioPackages.stable
nodejs #nodejs
gcc10 gnumake cmake
llvmPackages_11.bintools
# cplex
key
# CLI applications # CLI applications
lynx lynx
droidcam droidcam
sqlite sqlite
borgbackup borgbackup
nix-tree nix-tree rnix-hashes
gallery-dl #gallery-dl
youtube-dl yt-dlp
plantuml #plantuml
tectonic #tectonic
docker-compose docker-compose
qemu qemu
graphviz graphviz
# GUI applications # GUI applications
sqlitebrowser sqlitebrowser
gimp (gimp-with-plugins.override { plugins = [ gimpPlugins.gmic ]; })
firefox firefox
thunderbird thunderbird
ungoogled-chromium
keepassxc keepassxc
josm josm
anki #anki
tor-browser-bundle-bin tor-browser-bundle-bin
mathematica mathematica
gparted gparted
@ -303,27 +366,25 @@ in
qdirstat qdirstat
filelight filelight
libreoffice-fresh libreoffice-fresh
filezilla
qbittorrent qbittorrent
tdesktop tdesktop
yakuake okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect alacritty
kdeApplications.kruler okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect kmag
plasma5Packages.kruler
kdeconnect kdeconnect
plasma-vault plasma-vault
ksshaskpass ksshaskpass
notepadqq notepadqq
mpv mpvPlus
bitcoin
xorg.xkbcomp #xorg.xkbcomp
xorg.xrandr xorg.xrandr
#evtest
lm_sensors lm_sensors
xclip xclip
ntfs3g ntfs3g
cryptsetup pinentry-qt cryptsetup pinentry-qt
wineWowPackages.full
winetricks
cdrkit cdrkit
vnstat vnstat
aspellDicts.de aspellDicts.de
@ -332,15 +393,19 @@ in
linuxPackages.perf linuxPackages.perf
perf-tools perf-tools
smartmontools smartmontools
libfaketime #libfaketime
afl #afl
# Games # Games
multimc multimc
minecraft #minecraft
#logmein-hamachi #logmein-hamachi
update-resolv-conf update-resolv-conf # for OpenVPN configs
# List of packages to get on demand
#wineWowPackages.full
#winetricks
]; ];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions