configuration.nix 5.64 KB
Newer Older
1
{ config, lib, pkgs, ... }:
2 3

{
4
  imports = [ ./common.nix ./hardware-configuration.nix ./host.nix ];
5

6 7 8 9 10 11 12 13
  boot = {
    initrd = {
      luks.devices.crypted.keyFile = "/crypto_keyfile.bin";
      prepend = ["${/crypto_keyfile.cpio.gz}"];
    };

    loader.grub.enableCryptodisk = true;
  };
14

15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
  environment = {
    etc."fuse.conf".text = "user_allow_other";

    systemPackages = with pkgs; [
      acpid
      aspellDicts.de
      aspellDicts.en
      aspellDicts.en-computers
      aspellDicts.en-science
      aspellDicts.fr
      aspellDicts.nb
      awesome
      bash
      bash-completion
      bc
      bind
      bluez
      cargo
      cbatticon
      cdrdao
      cdrtools
      chromium
      coreutils
      cron
      dhcpcd
      diffoscope
      digikam
      dmidecode
      docker
      docker-compose
      dos2unix
      evince
      extundelete
      file
      findutils
      firefox
      firefox-devedition-bin
      fortune
      gcc
      gdb
      geoclue2
      gimp
      gitFull
      gnome3.adwaita-icon-theme
      gnome3.eog
      gnome3.nautilus
      gnome3.simple-scan
      gnumake
      gnupg
      gnuplot
      graphviz
      hicolor-icon-theme
      hugin
      iftop
      imagemagick
      inkscape
      iotop
      jdk
      jdk11
      jetbrains.idea-ultimate
      jhead
      jmtpfs
      jq
      keepassxc
      keychain
      killall
      libnotify
      libreoffice
      libvdpau
      libxslt
      lightdm
      lsof
      lxd
      mcomix
      meld
      mlocate
      ncdu
      netcat-gnu
      networkmanagerapplet
      ntfs3g
      numlockx
      openresolv
      openscad
      openvpn
      optipng
      oxygen-icons5
      pandoc
      patch
      pavucontrol
      perl528Packages.perlldap
      pidgin
      powertop
      pulseaudio
108
      python37
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
      python37Packages.argcomplete
      python37Packages.black
      python37Packages.flake8
      python37Packages.mypy
      python37Packages.pip
      qpdf
      qt5ct
      rclone
      redshift
      ripgrep
      rsync
      rustc
      rustup
      rxvt_unicode
      scorched3d
      scrot
      shellcheck
      simplescreenrecorder
      sqlite
      sshfs
      steam
      streamlink
      tango-icon-theme
      tcpdump
      terminus_font
      thunderbird
      tor-browser-bundle-bin
      transmission-gtk
      vagrant
      vim
      vlc
      wget
      wireshark
      xclip
      xfce.thunar-archive-plugin
      xfce.thunar-volman
      xfce.tumbler
      xfce.xfce4-icon-theme
      xorg.xdpyinfo
      xorg.xkill
      xorg.xmodmap
      xournal
      youtube-dl
      zip
    ];
  };
155 156

  fileSystems = {
157 158
    "/".device = lib.mkForce "/dev/mapper/vg-root";
    "/home".device = lib.mkForce "/dev/mapper/vg-home";
159 160 161 162 163
  };

  hardware = {
    bluetooth = {
      enable = true;
164 165
      extraConfig =
        "\n        [General]\n        Enable=Source,Sink,Media,Socket\n      ";
166
    };
Victor Engmark's avatar
Victor Engmark committed
167
    opengl.driSupport32Bit = true;
168 169 170 171
    pulseaudio = {
      enable = true;
      extraModules = [ pkgs.pulseaudio-modules-bt ];
      package = pkgs.pulseaudioFull;
Victor Engmark's avatar
Victor Engmark committed
172
      support32Bit = true;
173
    };
Victor Engmark's avatar
Victor Engmark committed
174 175 176 177
    sane = {
      enable = true;
      extraBackends = [ pkgs.hplipWithPlugin ];
    };
Victor Engmark's avatar
Victor Engmark committed
178
    steam-hardware.enable = true;
179 180 181 182 183 184 185 186 187 188 189 190
  };

  i18n = {
    consoleFont = "Lat2-Terminus16";
    consoleKeyMap = "dvorak";
    defaultLocale = "en_NZ.UTF-8";
  };

  networking.networkmanager.enable = true;

  nixpkgs.config.allowUnfree = true;

191
  programs = {
192
    adb.enable = true;
193 194 195 196 197
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    light.enable = true;
198 199
    ssh.extraConfig =
      "\n      IdentitiesOnly yes\n      PasswordAuthentication no\n    ";
200
  };
201 202 203

  services = {
    acpid.enable = true;
204 205 206
    actkbd = {
      enable = true;
      bindings = [
207 208 209 210 211 212 213 214 215 216
        {
          keys = [ 224 ];
          events = [ "key" ];
          command = "/run/current-system/sw/bin/light -U 10";
        }
        {
          keys = [ 225 ];
          events = [ "key" ];
          command = "/run/current-system/sw/bin/light -A 10";
        }
217 218
      ];
    };
219 220 221 222
    avahi = {
      enable = true;
      nssmdns = true;
    };
Victor Engmark's avatar
Victor Engmark committed
223 224 225 226 227
    compton = {
      backend = "glx";
      enable = true;
      vSync = "opengl-swc";
    };
228
    cron.enable = true;
Victor Engmark's avatar
Victor Engmark committed
229
    fail2ban.enable = true;
Victor Engmark's avatar
Victor Engmark committed
230
    gnome3.gvfs.enable = true;
231
    openssh = {
232
      extraConfig = "\n        AllowGroups users\n      ";
233 234 235 236 237
      challengeResponseAuthentication = false;
      enable = true;
      passwordAuthentication = false;
      permitRootLogin = "no";
    };
238 239 240 241
    printing = {
      enable = true;
      drivers = [ pkgs.hplip ];
    };
242 243 244
    redshift = {
      enable = true;
      provider = "geoclue2";
245 246 247 248
      temperature = {
        day = 6500;
        night = 3500;
      };
249
    };
Victor Engmark's avatar
Victor Engmark committed
250 251 252 253
    tor = {
      client.enable = true;
      enable = true;
    };
254
    xserver = {
255 256 257 258
      desktopManager.xfce = {
        enable = true;
        noDesktop = true;
      };
259 260 261 262 263 264 265 266
      displayManager.lightdm.enable = true;
      enable = true;
      layout = "us";
      libinput.enable = true;
      windowManager = {
        awesome.enable = true;
        default = "awesome";
      };
267 268 269
      xautolock = {
        enable = true;
        enableNotifier = true;
Victor Engmark's avatar
Victor Engmark committed
270
        locker = ''${pkgs.xlockmore}/bin/xlock -mode blank'';
271 272
        notifier =
          ''${pkgs.libnotify}/bin/notify-send "Locking in 10 seconds"'';
273
      };
274 275 276 277 278 279 280
      xkbOptions = "compose:caps";
      xkbVariant = "dvorak-alt-intl";
    };
  };

  sound.enable = true;

281
  swapDevices = [{ device = "/dev/mapper/vg-swap"; }];
282 283 284 285

  system.stateVersion = "19.03";

  virtualisation = {
Victor Engmark's avatar
Victor Engmark committed
286 287 288 289 290 291 292
    docker = {
      autoPrune = {
        dates = "daily";
        flags = [ "--all" "--volumes" ];
      };
      enable = true;
    };
293 294 295
    lxd.enable = true;
  };
}