301 lines
9.8 KiB
Nix
301 lines
9.8 KiB
Nix
|
{ config, pkgs, lib, ... }:
|
|||
|
let
|
|||
|
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
|
|||
|
#!/bin/bash
|
|||
|
export __NV_PRIME_RENDER_OFFLOAD=1
|
|||
|
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
|||
|
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
|||
|
export __VK_LAYER_NV_optimus=NVIDIA_only
|
|||
|
exec "$@"
|
|||
|
'';
|
|||
|
|
|||
|
in {
|
|||
|
imports = [ # Include the results of the hardware scan.
|
|||
|
./hardware-configuration.nix
|
|||
|
<home-manager/nixos>
|
|||
|
];
|
|||
|
|
|||
|
specialisation = {
|
|||
|
external-display.configuration = {
|
|||
|
system.nixos.tags = [ "externer-Monitor" ];
|
|||
|
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
|||
|
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
|||
|
};
|
|||
|
};
|
|||
|
specialisation = {
|
|||
|
dual-display.configuration = {
|
|||
|
system.nixos.tags = [ "dual-monitor" ];
|
|||
|
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
|||
|
hardware.nvidia.prime.sync.enable = lib.mkForce true;
|
|||
|
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
|||
|
};
|
|||
|
};
|
|||
|
|
|||
|
# Bootloader.
|
|||
|
# boot.loader.systemd-boot.enable = true;
|
|||
|
boot.loader.efi.canTouchEfiVariables = true;
|
|||
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|||
|
boot.loader.grub.enable = true;
|
|||
|
boot.loader.grub.efiSupport = true;
|
|||
|
boot.loader.grub.version = 2;
|
|||
|
boot.loader.grub.device = "nodev";
|
|||
|
boot.loader.grub.useOSProber = true;
|
|||
|
|
|||
|
hardware.tuxedo-keyboard.enable = true;
|
|||
|
boot.kernelParams = [
|
|||
|
"tuxedo_keyboard.mode=0" # https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam
|
|||
|
"tuxedo_keyboard.brightness=255"
|
|||
|
"tuxedo_keyboard.color_left=0xff0a0a"
|
|||
|
];
|
|||
|
# Setup keyfile
|
|||
|
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
|
|||
|
boot.extraModprobeConfig = ''
|
|||
|
options kvm_intel nested=1
|
|||
|
options kvm_intel emulate_invalid_guest_state=0
|
|||
|
options kvm ignore_msrs=1
|
|||
|
'';
|
|||
|
|
|||
|
boot.initrd.luks.devices."luks-a7b1ba69-0951-4347-886e-4c0c24c2b871".keyFile =
|
|||
|
"/crypto_keyfile.bin";
|
|||
|
networking.hostName = "m3-nix"; # Define your hostname.
|
|||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|||
|
networking.firewall.extraCommands =
|
|||
|
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
|
|||
|
# Configure network proxy if necessary
|
|||
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
|||
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|||
|
|
|||
|
# Enable networking
|
|||
|
networking.networkmanager.enable = true;
|
|||
|
networking.wg-quick.interfaces = {
|
|||
|
wg0 = {
|
|||
|
address = [ "10.13.13.4/24" ];
|
|||
|
dns = [ "192.168.178.75" ];
|
|||
|
privateKeyFile = "/root/wg/peer_m3arch/privatekey-peer_m3arch";
|
|||
|
|
|||
|
peers = [{
|
|||
|
publicKey = "zA3c0S33ZsX5oRMRCrNDYg6pCMLdRurLV+7cU2Chbwk=";
|
|||
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
|||
|
endpoint = "45.132.245.244:51820";
|
|||
|
persistentKeepalive = 25;
|
|||
|
}];
|
|||
|
};
|
|||
|
};
|
|||
|
nix.extraOptions = ''
|
|||
|
experimental-features = nix-command
|
|||
|
'';
|
|||
|
nix.settings.experimental-features = "nix-command flakes";
|
|||
|
programs.wireshark.enable = true;
|
|||
|
# Set your time zone.
|
|||
|
time.timeZone = "Europe/Berlin";
|
|||
|
|
|||
|
# Select internationalisation properties.
|
|||
|
i18n.defaultLocale = "de_DE.utf8";
|
|||
|
services.auto-cpufreq.enable = true;
|
|||
|
services.tlp.enable = true;
|
|||
|
services.fstrim.enable = true;
|
|||
|
services.cron = {
|
|||
|
enable = true;
|
|||
|
systemCronJobs = [ "" ];
|
|||
|
};
|
|||
|
services.hardware.bolt.enable = true;
|
|||
|
services.gvfs = {
|
|||
|
enable = true;
|
|||
|
package = pkgs.gnome3.gvfs;
|
|||
|
};
|
|||
|
#services.xserver.videoDrivers = [ "intel" ];
|
|||
|
hardware.nvidia = {
|
|||
|
prime = {
|
|||
|
offload.enable = true;
|
|||
|
|
|||
|
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
|
|||
|
intelBusId = "PCI:0:2:0";
|
|||
|
|
|||
|
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
|
|||
|
nvidiaBusId = "PCI:1:0:0";
|
|||
|
};
|
|||
|
modesetting.enable = true;
|
|||
|
powerManagement.finegrained = true;
|
|||
|
powerManagement.enable = true;
|
|||
|
};
|
|||
|
services.xserver = {
|
|||
|
enable = true;
|
|||
|
exportConfiguration = true;
|
|||
|
videoDrivers = [ "nvidia" ];
|
|||
|
displayManager = {
|
|||
|
defaultSession = "xfce+i3";
|
|||
|
lightdm = { enable = true; };
|
|||
|
};
|
|||
|
desktopManager = {
|
|||
|
xterm.enable = false;
|
|||
|
xfce = {
|
|||
|
enable = true;
|
|||
|
noDesktop = true;
|
|||
|
enableXfwm = false;
|
|||
|
#thunarPlugins = [ pkgs.xfce.thunar-archive-plugin ];
|
|||
|
};
|
|||
|
};
|
|||
|
windowManager.i3.package = pkgs.i3-gaps;
|
|||
|
windowManager.i3.enable = true;
|
|||
|
};
|
|||
|
programs.thunar.plugins = [ pkgs.xfce.thunar-archive-plugin ];
|
|||
|
services.xserver.screenSection = ''
|
|||
|
Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
|
|||
|
Option "AllowIndirectGLXProtocol" "off"
|
|||
|
Option "TripleBuffer" "on"
|
|||
|
'';
|
|||
|
hardware.opengl.enable = true;
|
|||
|
hardware.opengl.driSupport32Bit = true;
|
|||
|
|
|||
|
# Enable the X11 windowing system.
|
|||
|
# services.xserver.enable = true;
|
|||
|
|
|||
|
# Enable the XFCE Desktop Environment.
|
|||
|
# services.xserver.desktopManager.xfce.enable = true;
|
|||
|
|
|||
|
services.kubo = { enable = true; };
|
|||
|
|
|||
|
# Configure keymap in X11
|
|||
|
services.xserver = {
|
|||
|
layout = "de";
|
|||
|
xkbOptions = "ctrl:nocaps";
|
|||
|
};
|
|||
|
|
|||
|
# Configure console keymap
|
|||
|
console.keyMap = "de";
|
|||
|
|
|||
|
# Enable CUPS to print documents.
|
|||
|
services.printing.enable = true;
|
|||
|
# Enable sound with pipewire.
|
|||
|
sound.enable = true;
|
|||
|
sound.mediaKeys.enable = true;
|
|||
|
hardware.pulseaudio.enable = false;
|
|||
|
security.rtkit.enable = true;
|
|||
|
services.pipewire = {
|
|||
|
enable = true;
|
|||
|
alsa.enable = true;
|
|||
|
alsa.support32Bit = true;
|
|||
|
pulse.enable = true;
|
|||
|
# If you want to use JACK applications, uncomment this
|
|||
|
#jack.enable = true;
|
|||
|
|
|||
|
# use the example session manager (no others are packaged yet so this is enabled by default,
|
|||
|
# no need to redefine it in your config for now)
|
|||
|
#media-session.enable = true;
|
|||
|
};
|
|||
|
|
|||
|
users.defaultUserShell = pkgs.fish;
|
|||
|
# Enable touchpad support (enabled default in most desktopManager).
|
|||
|
# services.xserver.libinput.enable = true;
|
|||
|
|
|||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|||
|
users.users.m3tam3re = {
|
|||
|
isNormalUser = true;
|
|||
|
description = "m3tam3re";
|
|||
|
extraGroups =
|
|||
|
[ "networkmanager" "wheel" "libvirtd" "flatpak" "docker" "wireshark" ];
|
|||
|
};
|
|||
|
|
|||
|
# home-manager.users.m3tam3re = { pkgs, ... }: {
|
|||
|
# home.packages = [ pkgs.home-manager ];
|
|||
|
# programs.bash.enable = true;
|
|||
|
#};
|
|||
|
programs.fish = {
|
|||
|
enable = true;
|
|||
|
useBabelfish = true;
|
|||
|
vendor.functions.enable = true;
|
|||
|
vendor.config.enable = true;
|
|||
|
vendor.completions.enable = true;
|
|||
|
};
|
|||
|
|
|||
|
# Allow unfree packages
|
|||
|
nixpkgs.config.allowUnfree = true;
|
|||
|
services.flatpak.enable = true;
|
|||
|
# xdg desktop intergration (required for flatpak)
|
|||
|
|
|||
|
xdg.portal = {
|
|||
|
enable = true;
|
|||
|
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
|||
|
};
|
|||
|
# Enable Virtualization
|
|||
|
virtualisation.libvirtd.enable = true;
|
|||
|
virtualisation.libvirtd.qemu.swtpm.enable = true;
|
|||
|
virtualisation.libvirtd.qemu.ovmf.enable = true;
|
|||
|
virtualisation.docker = {
|
|||
|
enable = true;
|
|||
|
enableOnBoot = true;
|
|||
|
};
|
|||
|
# List packages installed in system profile. To search, run:
|
|||
|
# $ nix search wget
|
|||
|
environment.systemPackages = [
|
|||
|
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
|||
|
pkgs.alacritty
|
|||
|
pkgs.curl
|
|||
|
pkgs.docker
|
|||
|
pkgs.docker-compose
|
|||
|
pkgs.exa
|
|||
|
pkgs.firefox
|
|||
|
pkgs.killall
|
|||
|
pkgs.libpng
|
|||
|
pkgs.neovim
|
|||
|
pkgs.OVMFFull
|
|||
|
pkgs.pam_gnupg
|
|||
|
pkgs.ripgrep
|
|||
|
pkgs.swtpm
|
|||
|
pkgs.tmux
|
|||
|
pkgs.tree
|
|||
|
pkgs.wget
|
|||
|
nvidia-offload
|
|||
|
];
|
|||
|
services.udev.extraRules = ''
|
|||
|
# Trezor
|
|||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|||
|
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
|
|||
|
# Trezor v2
|
|||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|||
|
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
|
|||
|
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", GROUP="users", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
|
|||
|
ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
|
|||
|
'';
|
|||
|
programs.steam = {
|
|||
|
enable = true;
|
|||
|
remotePlay.openFirewall = true;
|
|||
|
dedicatedServer.openFirewall = true;
|
|||
|
};
|
|||
|
programs.gamemode.enable = true;
|
|||
|
# Some programs need SUID wrappers, can be configured further or are
|
|||
|
# started in user sessions.
|
|||
|
# programs.mtr.enable = true;
|
|||
|
# programs.gnupg.agent = {
|
|||
|
# enable = true;
|
|||
|
# enableSSHSupport = true;
|
|||
|
# };
|
|||
|
|
|||
|
# List services that you want to enable:
|
|||
|
|
|||
|
# Enable the OpenSSH daemon.
|
|||
|
# services.openssh.enable = true;
|
|||
|
programs.ssh.askPassword = "";
|
|||
|
|
|||
|
# Open ports in the firewall.
|
|||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|||
|
# Or disable the firewall altogether.
|
|||
|
# networking.firewall.enable = false;
|
|||
|
nix.gc = {
|
|||
|
automatic = true;
|
|||
|
options = "--delete-older-than 30d";
|
|||
|
};
|
|||
|
nix.optimise.automatic = true;
|
|||
|
|
|||
|
# This value determines the NixOS release from which the default
|
|||
|
# settings for stateful data, like file locations and database versions
|
|||
|
# on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
|
|||
|
# this value at the release version of the first install of this system.
|
|||
|
# Before changing this value read the documentation for this option
|
|||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|||
|
system.stateVersion = "22.05"; # Did you read the comment?
|
|||
|
|
|||
|
}
|