{ config, lib, pkgs, ... }: let my-python3-packages = python3-packages: with python3-packages; [ pip setuptools z3 requests beautifulsoup4 tkinter lxml pyside2 markdown psutil scipy numpy pillow ]; #my-python2-packages = python2-packages: with python2-packages; [ # pip setuptools # cython # pygame # numpy # pillow # pyopengl # pyopengl-accelerate #]; python3-with-my-packages = pkgs.python3.withPackages my-python3-packages; #python2-with-my-packages = pkgs.python2.withPackages my-python2-packages; linuxPackages = pkgs.linuxPackages_5_10; mpvPlus = pkgs.mpv-with-scripts.override { scripts = [ pkgs.mpvScripts.mpris ]; }; microsoftErgonomicKeyboard = pkgs.callPackage /home/arne/nixpkgs/microsoft-ergonomic-keyboard { kernel = linuxPackages.kernel; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix.autoOptimiseStore = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = linuxPackages; #boot.kernelPatches = [ # { # name = "fixup MS keyboard"; # patch = /home/arne/src/linux-5.10.62/0001-change-it.patch; # } #]; boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback microsoftErgonomicKeyboard ]; boot.kernelModules = [ "v4l2loopback" "nct6775" "hid_microsoft_ergonomic" ]; boot.kernelParams = [ "mitigations=off" "amdgpu.noretry=0" ]; boot.kernel.sysctl = { # enable Alt+SysRq commands "kernel.sysrq" = 1; "vm.swappiness" = 1; "net.ipv4.ip_forward" = 1; # silence kernel warning "fs.suid_dumpable" = 0; }; # disable coredumps systemd.coredump.extraConfig = '' Storage=none ''; security.pam.loginLimits = [ { domain = "*"; item = "core"; type = "hard"; value = "0"; } ]; # /tmp should be a tmpfs boot.tmpOnTmpfs = true; hardware.cpu.amd.updateMicrocode = true; hardware.mcelog.enable = true; services.fstrim.enable = true; services.journald.extraConfig = "SystemMaxUse=100M"; #hardware.bluetooth.enable = true; networking.useDHCP = false; networking.interfaces.enp39s0.useDHCP = true; #networking.interfaces.enp42s0f3u2.useDHCP = false; #networking.interfaces.enp42s0f3u2.proxyARP = true; #networking.interfaces.enp42s0f3u2.ipv4.routes = [ # { # address = "10.0.0.0"; # prefixLength = 24; # } #]; #networking.interfaces.enp42s0f3u2.ipv4.addresses = [ # { # address = "10.0.0.1"; # prefixLength = 24; # } #]; networking.hostName = "nixOS"; #networking.hosts = { # "10.0.0.2" = [ "arne-ThinkPad-T410" ]; #}; networking.firewall.logRefusedConnections = false; networking.firewall.rejectPackets = true; networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ]; networking.firewall.allowedTCPPortRanges = [ # KDE Connect { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPorts = [ 12975 ]; networking.firewall.allowedUDPPortRanges = [ # KDE Connect { from = 1714; to = 1764; } ]; # Or disable the firewall altogether. #networking.firewall.enable = false; security.sudo.extraConfig = '' Defaults insults Defaults timestamp_timeout=10 ''; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.UTF-8"; console = { keyMap = "dvorak"; }; environment.sessionVariables = { XDG_CONFIG_HOME = "$HOME/.config"; XDG_CACHE_HOME = "$HOME/.cache"; XDG_DATA_HOME = "$HOME/.local/share"; KDEHOME = "$HOME/.config/kde"; KDESYCOCA = "$HOME/.cache/kdesycoca"; KDE_HOME_READONLY = "1"; KDE_UTF8_FILENAMES = "1"; ANDROID_SDK_HOME = "$HOME/.cache"; GRADLE_USER_HOME = "$HOME/.cache/gradle"; XCOMPOSECACHE = "$HOME/.cache/X11/xcompose"; }; environment.extraInit = '' export XAUTHORITY=/tmp/Xauthority [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY" ''; environment.etc = { "zshenv.local" = { text = '' ZDOTDIR=$HOME/.config/zsh ''; mode = "0444"; }; "sysconfig/lm_sensors".text = '' HWMON_MODULES="nct6775" ''; #"adobe/mms.cfg".text = '' # AllowListUrlPattern=*://kongregate.com # AllowListUrlPattern=*://*.kongregate.com #''; }; services.xserver.enable = true; services.xserver.enableCtrlAltBackspace = true; services.xserver.libinput.enable = true; #services.xserver.libinput.accelProfile = "flat"; services.xserver.layout = "dvorak-custom"; services.xserver.extraLayouts = { dvorak-custom = { description = "Dvorak customized"; languages = [ "eng" ]; symbolsFile = /home/arne/.config/dvorak-custom; }; }; services.xserver.autoRepeatDelay = 183; services.xserver.autoRepeatInterval = 33; services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.job.logToJournal = true; services.xserver.desktopManager.plasma5.enable = true; xdg.portal.enable = true; xdg.portal.gtkUsePortal = true; fonts.enableDefaultFonts = true; fonts.fonts = with pkgs; [ noto-fonts-emoji liberation_ttf cozette font-awesome ]; virtualisation.docker.enable = true; virtualisation.docker.logDriver = "journald"; #virtualisation.anbox.enable = true; # services.printing.enable = true; services.trilium-server.enable = true; #services.trilium-server.dataDir = "/home/arne/.local/share/trilium-sync-server-data"; #services.trilium-server.host = "192.168.178.21"; services.trilium-server.port = 12783; services.boinc.enable = true; services.vnstat.enable = true; services.gitlab-runner.enable = true; services.gitlab-runner.services = { shell = { registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration"; executor = "shell"; buildsDir = "/tmp/builds_dir"; }; #shell2 = { # registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv"; # executor = "shell"; #}; }; services.openvpn.servers = { kit-split = { config = '' config /home/arne/Documents/KIT/kit-split.ovpn ''; autoStart = false; }; kit = { config = '' config /home/arne/Documents/KIT/kit.ovpn ''; autoStart = false; }; }; # services.logmein-hamachi.enable = true; sound.enable = false; #hardware.pulseaudio.enable = false; #hardware.pulseaudio.support32Bit = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # this does not exist (yet?) #pulse.support32Bit = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; hardware.opengl.enable = true; hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ]; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; users.users.arne = { isNormalUser = true; extraGroups = [ "wheel" "docker" "adbusers" "wireshark" "audio" ]; shell = pkgs.zsh; }; nixpkgs.config = { allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-launcher" "steam" "steam-original" "steam-runtime" "mathematica" "idea-ultimate" "android-studio-stable" ]; packageOverrides = super: let self = super.pkgs; in { maven = super.maven.override { jdk = super.pkgs.jdk11; }; # remove openssl/curl rustup = super.rustup.overrideAttrs (attrs: rec { buildInputs = [ super.pkgs.zlib ]; cargoBuildFlags = [ "--no-default-features --features no-self-update,reqwest-backend,reqwest-rustls-tls" ]; doCheck = false; }); }; }; programs.steam.enable = true; programs.zsh.enable = true; programs.zsh.enableGlobalCompInit = false; programs.zsh.interactiveShellInit = '' source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh ''; programs.command-not-found.enable = false; programs.adb.enable = true; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; programs.gnupg.agent = { enable = true; enableSSHSupport = false; pinentryFlavor = "qt"; }; # do not show unlock prompt on login security.pam.services.sddm.enableKwallet = lib.mkOverride 0 false; environment.systemPackages = with pkgs; [ # standard utilities coreutils gzip manpages dnsutils vim htop curl wget file zsh git git-branchless tree killall # premium utilities jq tmux ripgrep ripgrep-all p7zip iotop img2pdf pdftk exa fd zoxide fzf entr oxipng ffmpeg_4 # programming environments #geckodriver #python2-with-my-packages python3-with-my-packages jdk8 #visualvm rustup cargo-outdated cargo-edit #jupyter vscodium jetbrains.idea-ultimate #androidStudioPackages.stable #nodejs gcc10 gnumake cmake llvmPackages_11.bintools # cplex key # CLI applications lynx droidcam sqlite borgbackup nix-tree rnix-hashes #gallery-dl yt-dlp #plantuml #tectonic docker-compose qemu graphviz # GUI applications sqlitebrowser (gimp-with-plugins.override { plugins = [ gimpPlugins.gmic ]; }) firefox thunderbird ungoogled-chromium keepassxc josm #anki tor-browser-bundle-bin mathematica gparted trilium-desktop qdirstat filelight libreoffice-fresh qbittorrent tdesktop alacritty okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect kmag plasma5Packages.kruler kdeconnect plasma-vault ksshaskpass notepadqq mpvPlus #xorg.xkbcomp xorg.xrandr #evtest lm_sensors xclip ntfs3g cryptsetup pinentry-qt cdrkit vnstat aspellDicts.de hunspellDicts.de-de #texlive.combined.scheme-full linuxPackages.perf perf-tools smartmontools #libfaketime #afl # Games multimc #minecraft #logmein-hamachi update-resolv-conf # for OpenVPN configs # List of packages to get on demand #wineWowPackages.full #winetricks ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? }