{ config, pkgs, ... }: let my-python3-packages = python3-packages: with python3-packages; [ pip setuptools z3 requests beautifulsoup4 tkinter lxml pyside2 markdown psutil ]; #my-python2-packages = python2-packages: with python2-packages; [ # pip setuptools # cython # pygame # numpy # pillow # pyopengl # pyopengl-accelerate #]; python3-with-my-packages = pkgs.python3.withPackages my-python3-packages; #python2-with-my-packages = pkgs.python2.withPackages my-python2-packages; linuxPackages = pkgs.linuxPackages_5_10; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = linuxPackages; boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.kernelParams = [ "mitigations=off" ]; boot.kernel.sysctl = { # enable Alt+SysRq commands "kernel.sysrq" = 1; "vm.swappiness" = 1; "net.ipv4.ip_forward" = 1; # silence kernel warning "fs.suid_dumpable" = 0; }; # disable coredumps systemd.coredump.extraConfig = '' Storage=none ''; security.pam.loginLimits = [ { domain = "*"; item = "core"; type = "hard"; value = "0"; } ]; # /tmp should be a tmpfs boot.tmpOnTmpfs = true; hardware.cpu.amd.updateMicrocode = true; services.fstrim.enable = true; services.journald.extraConfig = "SystemMaxUse=100M"; networking.useDHCP = false; networking.interfaces.enp39s0.useDHCP = true; networking.hostName = "nixOS"; networking.firewall.logRefusedConnections = false; networking.firewall.rejectPackets = true; networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ]; networking.firewall.allowedTCPPortRanges = [ # KDE Connect { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPorts = [ 12975 ]; networking.firewall.allowedUDPPortRanges = [ # KDE Connect { from = 1714; to = 1764; } ]; # Or disable the firewall altogether. #networking.firewall.enable = false; security.sudo.extraConfig = '' Defaults insults Defaults timestamp_timeout=-1 ''; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.UTF-8"; console = { keyMap = "dvorak"; }; environment.sessionVariables = { XDG_CONFIG_HOME = "$HOME/.config"; XDG_CACHE_HOME = "$HOME/.cache"; XDG_DATA_HOME = "$HOME/.local/share"; KDEHOME = "$HOME/.config/kde"; KDESYCOCA = "$HOME/.cache/kdesycoca"; KDE_HOME_READONLY = "1"; KDE_UTF8_FILENAMES = "1"; ANDROID_SDK_HOME = "$HOME/.cache"; GRADLE_USER_HOME = "$HOME/.cache/gradle"; MATHEMATICA_USERBASE = "$HOME/.cache/mathematica"; XCOMPOSECACHE = "$HOME/.cache/X11/xcompose"; }; environment.extraInit = '' export XAUTHORITY=/tmp/Xauthority [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY" ''; environment.etc = { "zshenv.local" = { text = '' ZDOTDIR=$HOME/.config/zsh ''; mode = "0444"; }; "sysconfig/lm_sensors".text = '' HWMON_MODULES="nct6775" ''; #"adobe/mms.cfg".text = '' # AllowListUrlPattern=*://kongregate.com # AllowListUrlPattern=*://*.kongregate.com #''; }; services.xserver.enable = true; services.xserver.enableCtrlAltBackspace = true; services.xserver.libinput.enable = true; services.xserver.layout = "us"; services.xserver.xkbVariant = "dvorak"; services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; xdg.portal.enable = true; xdg.portal.gtkUsePortal = true; fonts.enableDefaultFonts = true; fonts.fonts = with pkgs; [ noto-fonts-emoji liberation_ttf ]; virtualisation.docker.enable = true; virtualisation.docker.logDriver = "journald"; #virtualisation.anbox.enable = true; # services.printing.enable = true; services.boinc.enable = true; services.vnstat.enable = true; services.gitlab-runner.enable = true; services.gitlab-runner.services = { shell = { registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration"; executor = "shell"; }; shell2 = { registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv"; executor = "shell"; }; }; services.openvpn.servers = { kit-split = { config = '' config /home/arne/Documents/KIT/kit-split.ovpn ''; autoStart = false; }; kit = { config = '' config /home/arne/Documents/KIT/kit.ovpn ''; autoStart = false; }; }; # services.logmein-hamachi.enable = true; sound.enable = true; hardware.pulseaudio.enable = true; hardware.pulseaudio.support32Bit = true; hardware.opengl.enable = true; hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ]; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; users.users.arne = { isNormalUser = true; extraGroups = [ "wheel" "docker" "adbusers" ]; shell = pkgs.zsh; }; nixpkgs.config = { allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-launcher" "steam" "steam-original" "steam-runtime" "mathematica" "idea-ultimate" "android-studio-stable" #"logmein-hamachi" ]; packageOverrides = super: let self = super.pkgs; in { maven = super.maven.override { jdk = super.pkgs.jdk11; }; # remove tesseract and ImageMagick ripgrep-all = super.ripgrep-all.overrideDerivation (attrs: { postInstall = '' wrapProgram $out/bin/rga \ --prefix PATH ":" "${super.pkgs.lib.makeBinPath [ super.pkgs.pandoc super.pkgs.poppler_utils super.pkgs.ripgrep ]}" ''; doInstallCheck = false; }); qbittorrent = super.qbittorrent.overrideAttrs (attrs: rec { version = "4.3.4.1"; src = pkgs.fetchFromGitHub { owner = "qbittorrent"; repo = "qbittorrent"; rev = "release-4.3.4.1"; # TODO: is there some reason this also has to be specified? sha256 = "0hpv99ky077h5rvxxd76l5xv99ivqa1hq6739jp1gvl4w6w3cbgc"; }; }); # remove openssl #rustup = super.rustup.overrideAttrs (attrs: rec { # buildInputs = [ super.pkgs.zlib ]; # # this does not actually work due to #103130 # cargoBuildFlags = [ "--no-default-features" "--features" "no-self-update" "reqwest-backend" "reqwest-rustls-tls" ]; # doCheck = false; #}); }; }; programs.steam.enable = true; programs.zsh.enable = true; programs.zsh.enableGlobalCompInit = false; programs.adb.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; pinentryFlavor = "qt"; }; environment.systemPackages = with pkgs; [ # standard utilities coreutils gzip gcc manpages dnsutils vim htop curl wget file zsh git tree killall # premium utilities jq tmux ripgrep ripgrep-all p7zip iotop img2pdf pdftk fd zoxide fzf entr oxipng ffmpeg_4 # programming environments geckodriver #python2-with-my-packages python3-with-my-packages jdk11 maven visualvm rustup jupyter vscodium jetbrains.idea-ultimate #androidStudioPackages.stable nodejs # CLI applications lynx droidcam sqlite borgbackup nix-tree gallery-dl youtube-dl plantuml tectonic docker-compose qemu graphviz # GUI applications sqlitebrowser gimp firefox thunderbird keepassxc josm anki tor-browser-bundle-bin mathematica gparted trilium-desktop qdirstat filelight libreoffice-fresh filezilla qbittorrent tdesktop yakuake okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect kdeApplications.kruler kdeconnect plasma-vault ksshaskpass notepadqq mpv bitcoin xorg.xkbcomp xorg.xrandr lm_sensors xclip ntfs3g cryptsetup pinentry-qt wineWowPackages.full winetricks cdrkit vnstat aspellDicts.de hunspellDicts.de-de #texlive.combined.scheme-full linuxPackages.perf perf-tools smartmontools libfaketime afl # Games multimc minecraft #logmein-hamachi update-resolv-conf ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? }