{ config, pkgs, lib, ... }: let nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' #!/bin/bash export __NV_PRIME_RENDER_OFFLOAD=1 export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 export __GLX_VENDOR_LIBRARY_NAME=nvidia export __VK_LAYER_NV_optimus=NVIDIA_only exec "$@" ''; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; specialisation = { external-display.configuration = { system.nixos.tags = [ "externer-Monitor" ]; hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.powerManagement.finegrained = lib.mkForce false; }; }; specialisation = { dual-display.configuration = { system.nixos.tags = [ "dual-monitor" ]; hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.prime.sync.enable = lib.mkForce true; hardware.nvidia.powerManagement.finegrained = lib.mkForce false; }; }; # Bootloader. # boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.grub.enable = true; boot.loader.grub.efiSupport = true; boot.loader.grub.version = 2; boot.loader.grub.device = "nodev"; boot.loader.grub.useOSProber = true; hardware.tuxedo-keyboard.enable = true; boot.kernelParams = [ "tuxedo_keyboard.mode=0" # https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam "tuxedo_keyboard.brightness=255" "tuxedo_keyboard.color_left=0xff0a0a" ]; # Setup keyfile boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; boot.extraModprobeConfig = '' options kvm_intel nested=1 options kvm_intel emulate_invalid_guest_state=0 options kvm ignore_msrs=1 ''; boot.initrd.luks.devices."luks-a7b1ba69-0951-4347-886e-4c0c24c2b871".keyFile = "/crypto_keyfile.bin"; networking.hostName = "m3-nix"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.firewall.extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; networking.wg-quick.interfaces = { wg0 = { address = [ "10.13.13.4/24" ]; dns = [ "192.168.178.75" ]; privateKeyFile = "/root/wg/peer_m3arch/privatekey-peer_m3arch"; peers = [{ publicKey = "zA3c0S33ZsX5oRMRCrNDYg6pCMLdRurLV+7cU2Chbwk="; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "45.132.245.244:51820"; persistentKeepalive = 25; }]; }; }; nix.extraOptions = '' experimental-features = nix-command ''; nix.settings.experimental-features = "nix-command flakes"; programs.wireshark.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "de_DE.utf8"; services.auto-cpufreq.enable = true; services.tlp.enable = true; services.fstrim.enable = true; services.cron = { enable = true; systemCronJobs = [ "" ]; }; services.hardware.bolt.enable = true; services.gvfs = { enable = true; package = pkgs.gnome3.gvfs; }; #services.xserver.videoDrivers = [ "intel" ]; hardware.nvidia = { prime = { offload.enable = true; # Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA intelBusId = "PCI:0:2:0"; # Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA nvidiaBusId = "PCI:1:0:0"; }; modesetting.enable = true; powerManagement.finegrained = true; powerManagement.enable = true; }; services.xserver = { enable = true; exportConfiguration = true; videoDrivers = [ "nvidia" ]; displayManager = { defaultSession = "xfce+i3"; lightdm = { enable = true; }; }; desktopManager = { xterm.enable = false; xfce = { enable = true; noDesktop = true; enableXfwm = false; #thunarPlugins = [ pkgs.xfce.thunar-archive-plugin ]; }; }; windowManager.i3.package = pkgs.i3-gaps; windowManager.i3.enable = true; }; programs.thunar.plugins = [ pkgs.xfce.thunar-archive-plugin ]; services.xserver.screenSection = '' Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}" Option "AllowIndirectGLXProtocol" "off" Option "TripleBuffer" "on" ''; hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; # Enable the X11 windowing system. # services.xserver.enable = true; # Enable the XFCE Desktop Environment. # services.xserver.desktopManager.xfce.enable = true; services.kubo = { enable = true; }; # Configure keymap in X11 services.xserver = { layout = "de"; xkbOptions = "ctrl:nocaps"; }; # Configure console keymap console.keyMap = "de"; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound with pipewire. sound.enable = true; sound.mediaKeys.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; users.defaultUserShell = pkgs.fish; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.m3tam3re = { isNormalUser = true; description = "m3tam3re"; extraGroups = [ "networkmanager" "wheel" "libvirtd" "flatpak" "docker" "wireshark" ]; }; # home-manager.users.m3tam3re = { pkgs, ... }: { # home.packages = [ pkgs.home-manager ]; # programs.bash.enable = true; #}; programs.fish = { enable = true; useBabelfish = true; vendor.functions.enable = true; vendor.config.enable = true; vendor.completions.enable = true; }; # Allow unfree packages nixpkgs.config.allowUnfree = true; services.flatpak.enable = true; # xdg desktop intergration (required for flatpak) xdg.portal = { enable = true; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; # Enable Virtualization virtualisation.libvirtd.enable = true; virtualisation.libvirtd.qemu.swtpm.enable = true; virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.docker = { enable = true; enableOnBoot = true; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. pkgs.alacritty pkgs.curl pkgs.docker pkgs.docker-compose pkgs.exa pkgs.firefox pkgs.killall pkgs.libpng pkgs.neovim pkgs.OVMFFull pkgs.pam_gnupg pkgs.ripgrep pkgs.swtpm pkgs.tmux pkgs.tree pkgs.wget nvidia-offload ]; services.udev.extraRules = '' # Trezor SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl" # Trezor v2 SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl" ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", GROUP="users", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" ''; programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; programs.gamemode.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; programs.ssh.askPassword = ""; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; nix.gc = { automatic = true; options = "--delete-older-than 30d"; }; nix.optimise.automatic = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }