353 lines
9.0 KiB
Nix
353 lines
9.0 KiB
Nix
{ config, pkgs, ... }:
|
||
|
||
let
|
||
my-python3-packages = python3-packages: with python3-packages; [
|
||
pip setuptools
|
||
z3
|
||
requests
|
||
beautifulsoup4
|
||
tkinter
|
||
lxml
|
||
pyside2
|
||
markdown
|
||
psutil
|
||
];
|
||
#my-python2-packages = python2-packages: with python2-packages; [
|
||
# pip setuptools
|
||
# cython
|
||
# pygame
|
||
# numpy
|
||
# pillow
|
||
# pyopengl
|
||
# pyopengl-accelerate
|
||
#];
|
||
python3-with-my-packages = pkgs.python3.withPackages my-python3-packages;
|
||
#python2-with-my-packages = pkgs.python2.withPackages my-python2-packages;
|
||
linuxPackages = pkgs.linuxPackages_5_10;
|
||
in
|
||
{
|
||
imports =
|
||
[ # Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
];
|
||
|
||
# Use the systemd-boot EFI boot loader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.kernelPackages = linuxPackages;
|
||
boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
|
||
boot.kernelModules = [ "v4l2loopback" ];
|
||
boot.kernelParams = [ "mitigations=off" ];
|
||
boot.kernel.sysctl = {
|
||
# enable Alt+SysRq commands
|
||
"kernel.sysrq" = 1;
|
||
"vm.swappiness" = 1;
|
||
"net.ipv4.ip_forward" = 1;
|
||
# silence kernel warning
|
||
"fs.suid_dumpable" = 0;
|
||
};
|
||
# disable coredumps
|
||
systemd.coredump.extraConfig = ''
|
||
Storage=none
|
||
'';
|
||
security.pam.loginLimits = [
|
||
{ domain = "*"; item = "core"; type = "hard"; value = "0"; }
|
||
];
|
||
# /tmp should be a tmpfs
|
||
boot.tmpOnTmpfs = true;
|
||
|
||
hardware.cpu.amd.updateMicrocode = true;
|
||
services.fstrim.enable = true;
|
||
services.journald.extraConfig = "SystemMaxUse=100M";
|
||
|
||
networking.useDHCP = false;
|
||
networking.interfaces.enp39s0.useDHCP = true;
|
||
networking.hostName = "nixOS";
|
||
networking.firewall.logRefusedConnections = false;
|
||
networking.firewall.rejectPackets = true;
|
||
networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ];
|
||
networking.firewall.allowedTCPPortRanges = [
|
||
# KDE Connect
|
||
{ from = 1714; to = 1764; }
|
||
];
|
||
networking.firewall.allowedUDPPorts = [ 12975 ];
|
||
networking.firewall.allowedUDPPortRanges = [
|
||
# KDE Connect
|
||
{ from = 1714; to = 1764; }
|
||
];
|
||
# Or disable the firewall altogether.
|
||
#networking.firewall.enable = false;
|
||
|
||
security.sudo.extraConfig = ''
|
||
Defaults insults
|
||
Defaults timestamp_timeout=-1
|
||
'';
|
||
|
||
time.timeZone = "Europe/Berlin";
|
||
i18n.defaultLocale = "de_DE.UTF-8";
|
||
console = {
|
||
keyMap = "dvorak";
|
||
};
|
||
environment.sessionVariables = {
|
||
XDG_CONFIG_HOME = "$HOME/.config";
|
||
XDG_CACHE_HOME = "$HOME/.cache";
|
||
XDG_DATA_HOME = "$HOME/.local/share";
|
||
|
||
KDEHOME = "$HOME/.config/kde";
|
||
KDESYCOCA = "$HOME/.cache/kdesycoca";
|
||
KDE_HOME_READONLY = "1";
|
||
KDE_UTF8_FILENAMES = "1";
|
||
ANDROID_SDK_HOME = "$HOME/.cache";
|
||
GRADLE_USER_HOME = "$HOME/.cache/gradle";
|
||
MATHEMATICA_USERBASE = "$HOME/.cache/mathematica";
|
||
XCOMPOSECACHE = "$HOME/.cache/X11/xcompose";
|
||
};
|
||
environment.extraInit = ''
|
||
export XAUTHORITY=/tmp/Xauthority
|
||
[ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY"
|
||
'';
|
||
environment.etc = {
|
||
"zshenv.local" = {
|
||
text = ''
|
||
ZDOTDIR=$HOME/.config/zsh
|
||
'';
|
||
mode = "0444";
|
||
};
|
||
"sysconfig/lm_sensors".text = ''
|
||
HWMON_MODULES="nct6775"
|
||
'';
|
||
#"adobe/mms.cfg".text = ''
|
||
# AllowListUrlPattern=*://kongregate.com
|
||
# AllowListUrlPattern=*://*.kongregate.com
|
||
#'';
|
||
};
|
||
|
||
services.xserver.enable = true;
|
||
services.xserver.enableCtrlAltBackspace = true;
|
||
services.xserver.libinput.enable = true;
|
||
services.xserver.layout = "us";
|
||
services.xserver.xkbVariant = "dvorak";
|
||
services.xserver.displayManager.sddm.enable = true;
|
||
services.xserver.desktopManager.plasma5.enable = true;
|
||
xdg.portal.enable = true;
|
||
xdg.portal.gtkUsePortal = true;
|
||
|
||
fonts.enableDefaultFonts = true;
|
||
fonts.fonts = with pkgs; [
|
||
noto-fonts-emoji
|
||
liberation_ttf
|
||
];
|
||
|
||
virtualisation.docker.enable = true;
|
||
virtualisation.docker.logDriver = "journald";
|
||
#virtualisation.anbox.enable = true;
|
||
|
||
# services.printing.enable = true;
|
||
services.boinc.enable = true;
|
||
services.vnstat.enable = true;
|
||
services.gitlab-runner.enable = true;
|
||
services.gitlab-runner.services = {
|
||
shell = {
|
||
registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration";
|
||
executor = "shell";
|
||
};
|
||
shell2 = {
|
||
registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv";
|
||
executor = "shell";
|
||
};
|
||
};
|
||
services.openvpn.servers = {
|
||
kit-split = {
|
||
config = ''
|
||
config /home/arne/Documents/KIT/kit-split.ovpn
|
||
'';
|
||
autoStart = false;
|
||
};
|
||
kit = {
|
||
config = ''
|
||
config /home/arne/Documents/KIT/kit.ovpn
|
||
'';
|
||
autoStart = false;
|
||
};
|
||
};
|
||
# services.logmein-hamachi.enable = true;
|
||
|
||
sound.enable = true;
|
||
hardware.pulseaudio.enable = true;
|
||
hardware.pulseaudio.support32Bit = true;
|
||
|
||
hardware.opengl.enable = true;
|
||
hardware.opengl.driSupport = true;
|
||
hardware.opengl.driSupport32Bit = true;
|
||
hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ];
|
||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
|
||
|
||
users.users.arne = {
|
||
isNormalUser = true;
|
||
extraGroups = [ "wheel" "docker" "adbusers" ];
|
||
shell = pkgs.zsh;
|
||
};
|
||
|
||
nixpkgs.config = {
|
||
allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
|
||
"minecraft-launcher"
|
||
"steam"
|
||
"steam-original"
|
||
"steam-runtime"
|
||
"mathematica"
|
||
"idea-ultimate"
|
||
"android-studio-stable"
|
||
#"logmein-hamachi"
|
||
];
|
||
packageOverrides = super: let self = super.pkgs; in {
|
||
maven = super.maven.override {
|
||
jdk = super.pkgs.jdk11;
|
||
};
|
||
# remove tesseract and ImageMagick
|
||
ripgrep-all = super.ripgrep-all.overrideDerivation (attrs: {
|
||
postInstall = ''
|
||
wrapProgram $out/bin/rga \
|
||
--prefix PATH ":" "${super.pkgs.lib.makeBinPath [ super.pkgs.pandoc super.pkgs.poppler_utils super.pkgs.ripgrep ]}"
|
||
'';
|
||
doInstallCheck = false;
|
||
});
|
||
qbittorrent = super.qbittorrent.overrideAttrs (attrs: rec {
|
||
version = "4.3.4.1";
|
||
src = pkgs.fetchFromGitHub {
|
||
owner = "qbittorrent";
|
||
repo = "qbittorrent";
|
||
rev = "release-4.3.4.1"; # TODO: is there some reason this also has to be specified?
|
||
sha256 = "0hpv99ky077h5rvxxd76l5xv99ivqa1hq6739jp1gvl4w6w3cbgc";
|
||
};
|
||
});
|
||
# remove openssl
|
||
#rustup = super.rustup.overrideAttrs (attrs: rec {
|
||
# buildInputs = [ super.pkgs.zlib ];
|
||
# # this does not actually work due to #103130
|
||
# cargoBuildFlags = [ "--no-default-features" "--features" "no-self-update" "reqwest-backend" "reqwest-rustls-tls" ];
|
||
# doCheck = false;
|
||
#});
|
||
};
|
||
};
|
||
programs.steam.enable = true;
|
||
programs.zsh.enable = true;
|
||
programs.zsh.enableGlobalCompInit = false;
|
||
programs.adb.enable = true;
|
||
programs.gnupg.agent = {
|
||
enable = true;
|
||
enableSSHSupport = true;
|
||
pinentryFlavor = "qt";
|
||
};
|
||
environment.systemPackages = with pkgs; [
|
||
# standard utilities
|
||
coreutils
|
||
gzip
|
||
gcc
|
||
manpages
|
||
dnsutils
|
||
vim htop curl wget file zsh git
|
||
tree killall
|
||
# premium utilities
|
||
jq tmux
|
||
ripgrep
|
||
ripgrep-all
|
||
p7zip
|
||
iotop
|
||
img2pdf
|
||
pdftk
|
||
fd
|
||
zoxide
|
||
fzf
|
||
entr
|
||
oxipng
|
||
ffmpeg_4
|
||
|
||
# programming environments
|
||
geckodriver
|
||
#python2-with-my-packages
|
||
python3-with-my-packages
|
||
jdk11 maven visualvm
|
||
rustup
|
||
jupyter
|
||
vscodium
|
||
jetbrains.idea-ultimate
|
||
#androidStudioPackages.stable
|
||
nodejs
|
||
|
||
# CLI applications
|
||
lynx
|
||
droidcam
|
||
sqlite
|
||
borgbackup
|
||
nix-tree
|
||
gallery-dl
|
||
youtube-dl
|
||
plantuml
|
||
tectonic
|
||
docker-compose
|
||
qemu
|
||
graphviz
|
||
|
||
# GUI applications
|
||
sqlitebrowser
|
||
gimp
|
||
firefox
|
||
thunderbird
|
||
keepassxc
|
||
josm
|
||
anki
|
||
tor-browser-bundle-bin
|
||
mathematica
|
||
gparted
|
||
trilium-desktop
|
||
qdirstat
|
||
filelight
|
||
libreoffice-fresh
|
||
filezilla
|
||
qbittorrent
|
||
tdesktop
|
||
yakuake okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect
|
||
kdeApplications.kruler
|
||
kdeconnect
|
||
plasma-vault
|
||
ksshaskpass
|
||
notepadqq
|
||
mpv
|
||
bitcoin
|
||
|
||
xorg.xkbcomp
|
||
xorg.xrandr
|
||
lm_sensors
|
||
|
||
xclip
|
||
ntfs3g
|
||
cryptsetup pinentry-qt
|
||
wineWowPackages.full
|
||
winetricks
|
||
cdrkit
|
||
vnstat
|
||
aspellDicts.de
|
||
hunspellDicts.de-de
|
||
#texlive.combined.scheme-full
|
||
linuxPackages.perf
|
||
perf-tools
|
||
smartmontools
|
||
libfaketime
|
||
afl
|
||
|
||
# Games
|
||
multimc
|
||
minecraft
|
||
#logmein-hamachi
|
||
|
||
update-resolv-conf
|
||
];
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "20.09"; # Did you read the comment?
|
||
}
|