matthew.binning/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/configuration.nix

265 lines
6.2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
hostConfigs = {
crossbox = [ ./sdr.nix ./syncthing.nix ./forgejo.nix ./radicale.nix ./ollama.nix ./docuseal.nix ./nginx.nix ];
anvil = [ ./sdr.nix ./syncthing.nix ];
};
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
] ++ hostConfigs.crossbox;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
cargo
curl
docker-compose
gcc
git
gnupg
imv
lmstudio
mpv
neovim
openssl
# Alias vi even with sudo.
(pkgs.writeShellScriptBin "vi" ''
exec ${pkgs.neovim}/bin/nvim "$@"
'')
pinentry-curses
rsync
rustc
tldr
vscodium
# Hyprland essentials
hyprpaper # Wallpaper daemon
hypridle # Idle daemon
hyprlock # Lock screen
xdg-utils # XDG utilities
#polkit-kde-agent # Polkit authentication agent
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
rocmPackages.clr.icd # ROCm OpenCL runtime
rocmPackages.clr
rocmPackages.rocminfo
rocmPackages.rocm-runtime
];
};
networking.hostName = "crossbox";
# Enables wireless support via wpa_supplicant.
# networking.wireless.enable = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.networkmanager.enable = true;
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
};
# Hyprland configuration
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
# Display manager for Hyprland
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
# XDG portal for screen sharing and other desktop features
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
services.xserver = {
enable = true;
xkb = {
layout = "us";
variant = "";
};
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# Define a user account. Don't forget to set a password with 'passwd'.
users.users.brimlock = {
isNormalUser = true;
home = "/home/brimlock";
description = "brimlock";
extraGroups = [ "docker" "networkmanager" "wheel" "video" "render" ];
packages = with pkgs; [
# Hyprland utilities and applications
waybar # Status bar
wofi # Application launcher
kitty # Terminal emulator
dunst # Notification daemon
swaylock # Screen locker
swayidle # Idle management daemon
wlogout # Logout menu
grim # Screenshot tool
slurp # Screen area selector
wl-clipboard # Clipboard utilities
brightnessctl # Brightness control
pavucontrol # Audio control
networkmanagerapplet # Network manager applet
# File manager and utilities
nautilus
gnome-themes-extra
# Additional tools
libreoffice
grub2_efi
exfatprogs
];
};
# Install firefox system-wide as well
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Add cachix for faster builds
nix.settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
environment.variables.EDITOR = "nvim";
# Polkit for privilege escalation
#security.polkit.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "25.11";
# Crossbox Configuration
environment.shellAliases = {
vi = "nvim";
vim = "nvim";
};
security.sudo = {
enable = true;
extraRules = [
{
users = [ "brimlock" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
# List services that you want to enable:
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
# Disable automatic suspend.
# Otherwise SSH tunnels and HDMI signals break.
services.logind = {
settings = {
Login = {
HandleLidSwitch = "ignore";
HandleHibernateKey = "ignore";
HandleSuspendKey = "ignore";
HandlePowerKey = "ignore";
};
};
};
# Disable automatic suspend for SystemD.
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;
virtualisation.docker = {
enable = true;
autoPrune = {
enable = true;
dates = "weekly";
};
rootless = {
enable = true;
setSocketVariable = true;
};
};
}
Reference in a new issue View git blame Copy permalink