💾 Archived View for perso.pw › blog › articles › my-nixos.gmi captured on 2024-03-21 at 15:46:49. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
Let me share my NixOS configuration file, the one in /etc/nixos/configuration.nix that describe what is installed on my Lenovo T470 laptop.
The base of NixOS is that you declare every user, services, network and system settings in a file, and finally it configures itself to match your expectations. You can also install global packages and per-user packages. It makes a system environment reproducible and reliable.
{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # run garbage collector at 19h00 everyday # and remove stuff older than 60 days nix.gc.automatic = true; nix.gc.dates = "19:00"; nix.gc.persistent = true; nix.gc.options = "--delete-older-than 60d"; # clean /tmp at boot boot.cleanTmpDir = true; # latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; # sync disk when buffer reach 6% of memory boot.kernel.sysctl = { "vm.dirty_ratio" = 6; }; # allow non free stuff nixpkgs.config.allowUnfree = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "t470"; time.timeZone = "Europe/Paris"; networking.networkmanager.enable = true; # wireguard VPN networking.wireguard.interfaces = { wg0 = { ips = [ "192.168.5.1/24" ]; listenPort = 1234; privateKeyFile = "/root/wg-private"; peers = [ { # server publicKey = "MY PUB KEY"; endpoint = "SERVER:PORT"; allowedIPs = [ "192.168.5.0/24" ]; }]; }; }; # firejail firefox by default programs.firejail.wrappedBinaries = { firefox = { executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; }; }; # azerty keyboard <3 i18n.defaultLocale = "fr_FR.UTF-8"; console = { # font = "Lat2-Terminus16"; keyMap = "fr"; }; # clean logs older than 2d services.cron.systemCronJobs = [ "0 20 * * * root journalctl --vacuum-time=2d" ]; # nvidia prime offload rendering for eGPU hardware.nvidia.modesetting.enable = true; hardware.nvidia.prime.sync.allowExternalGpu = true; hardware.nvidia.prime.offload.enable = true; hardware.nvidia.prime.nvidiaBusId = "PCI:10:0:0"; hardware.nvidia.prime.intelBusId = "PCI:0:2:0"; services.xserver.videoDrivers = ["nvidia" ]; # programs programs.steam.enable = true; programs.firejail.enable = true; programs.fish.enable = true; programs.gamemode.enable = true; programs.ssh.startAgent = true; # services services.acpid.enable = true; services.thermald.enable = true; services.fwupd.enable = true; services.vnstat.enable = true; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.xfce.enable = false; services.xserver.desktopManager.gnome.enable = false; # Configure keymap in X11 services.xserver.layout = "fr"; services.xserver.xkbOptions = "eurosign:e"; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # Enable touchpad support services.xserver.libinput.enable = true; users.users.solene = { isNormalUser = true; shell = pkgs.fish; packages = with pkgs; [ gajim audacity chromium dmd dtools kate kdeltachat pavucontrol rclone rclone-browser zim claws-mail mpv musikcube git-annex ]; extraGroups = [ "wheel" "sudo" "networkmanager" ]; }; # my gaming users running steam/lutris/emulators users.users.gaming = { isNormalUser = true; shell = pkgs.fish; extraGroups = [ "networkmanager" "video" ]; packages = with pkgs; [ lutris firefox ]; }; users.users.aria = { isNormalUser = true; shell = pkgs.fish; packages = with pkgs; [ aria2 ]; }; # global packages environment.systemPackages = with pkgs; [ ncdu kakoune git rsync restic tmux fzf ]; # Enable the OpenSSH daemon. services.openssh.enable = true; # Open ports in the firewall. networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ]; # user aria can only use tun0 networking.firewall.extraCommands = " iptables -A OUTPUT -o lo -m owner --uid-owner 1002 -j ACCEPT iptables -A OUTPUT -o tun0 -m owner --uid-owner 1002 -j ACCEPT iptables -A OUTPUT -m owner --uid-owner 1002 -j REJECT "; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? }