-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfiguration.nix
170 lines (148 loc) · 4.81 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# Author: Viacheslav Lotsmanov
# License: MIT https://raw.githubusercontent.com/unclechu/nixos-config/master/LICENSE
args@{ config, options, pkgs, lib, ... }:
let
inherit (import ./constants.nix)
wenzelUserName
systemProfile
rawdevinputGroupName
backlightcontrolGroupName
cpumodecontrolGroupName
jackaudioGroupName
audioGroupName
;
grant-access-to-input-devices = pkgs.callPackage utils/grant-access-to-input-devices {};
laptop-backlight = pkgs.callPackage utils/laptop-backlight {};
cpu-mode-switch = pkgs.callPackage utils/cpu-mode-switch {};
my-packages = import ./my-packages.nix args;
in
{
imports = [
my-packages.configuration
./gui.nix
./fonts.nix
./opengl.nix
./boot.nix
./network.nix
./user-specific.nix
./machine-specific.nix
./qt-apps-crashing-fix.nix
] ++ (
let path = ./secret.nix; in
lib.optional (builtins.pathExists path) path
) ++ (
let path = ./machine-specific.secret.nix; in
lib.optional (builtins.pathExists path) path
);
system = {
stateVersion = "20.09";
fsPackages = [pkgs.xfsprogs.bin];
};
nix = {
nixPath =
options.nix.nixPath.default
++ [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs = {
config.permittedInsecurePackages = [
# In 23.05 Python 2 marked as end-of-life.
# It seems like system-activation scripts depends on Python 2.
# Or maybe some NixOS module causes this dependency to appear in there.
# TODO: Try to figure out what depends on Python 2.
"python-2.7.18.6"
# Temporary exception for some of the Matrix clients.
"olm-3.2.16"
];
overlays = (import ./overlays) ++ [
# A hack to make system profile name available in all of the modules.
# It’s available as “pkgs.systemProfile” but only inside this NixOS configuration
# (not available in <nixpkgs> channel).
(self: super: { systemProfile = systemProfile.default; })
];
};
i18n.defaultLocale = "en_US.UTF-8";
console.keyMap = "us";
time.timeZone = "Europe/Helsinki";
# shellInit = ''
# export FOO=bar
# '';
environment = {
variables = {
EDITOR = "nvim";
TERMINAL = "termite";
};
sessionVariables = {
LV2_PATH = "/run/current-system/sw/lib/lv2";
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs = {
seahorse.enable = true;
dconf.enable = true;
gpaste.enable = true;
file-roller.enable = true;
bash.enableCompletion = true;
zsh.enable = true;
zsh.enableCompletion = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
# TODO configure, see https://framagit.org/mpo/era-configuration-nix
# chromium = {};
};
sound.enable = true;
hardware = {
pulseaudio = {
enable = true;
support32Bit = true; # Support 32-bit applications just in case
# Usually I’m permanently running JACK daemon forwarding PulseAudio into it
package = pkgs.pulseaudio.override { jackaudioSupport = true; };
};
};
services = {
printing.enable = false; # CUPS to print documents (have no printer yet)
upower.enable = true; # Getting info about battery charge via D-Bus
gvfs.enable = true; # Mount, trash, and other stuff
tumbler.enable = true; # Thumbnails for images
ratbagd.enable = true; # Gaming mouse configuration daemon
# See also https://nixos.wiki/wiki/JACK
# I’m starting JACK manually via “jack_control start” or QjackCtl
# jack = {
# jackd.enable = true;
# # alsa.enable = true; # support ALSA-only programs via ALSA JACK PCM plugin
# # loopback.enable = true; # support ALSA-only programms via loopback device (e.g. Steam)
# };
};
security = {
wrappers =
let
rootSuidGroup = source: group: {
${source.name} = {
source = source;
permissions = "u+xs,g+x";
owner = "root";
group = group;
};
};
in
rootSuidGroup grant-access-to-input-devices rawdevinputGroupName
//
rootSuidGroup laptop-backlight backlightcontrolGroupName
//
rootSuidGroup cpu-mode-switch cpumodecontrolGroupName
;
pam.loginLimits = [
{ domain = "@${audioGroupName}"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@${audioGroupName}"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@${audioGroupName}"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@${audioGroupName}"; item = "nofile"; type = "hard"; value = "99999"; }
];
};
}