From 3c7124593c6e0dbefe061f36b9ede32811998618 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 15 Feb 2024 13:37:52 -0600 Subject: [PATCH] clean up configuration.nix to move all configurations to the same locations --- configuration.nix | 496 +++++++++++++++++++++++----------------------- 1 file changed, 244 insertions(+), 252 deletions(-) diff --git a/configuration.nix b/configuration.nix index f5785fa..e3e47b3 100644 --- a/configuration.nix +++ b/configuration.nix @@ -4,6 +4,9 @@ { config, lib, pkgs, ... }: let + user = "matt"; + hostname = "matt-nixos"; + timezone = "America/Chicago"; # discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages. discover-wrapped = pkgs.symlinkJoin { @@ -25,157 +28,270 @@ in # Enable nix flakes and nix-command tools nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Enable non free - nixpkgs.config.allowUnfree = true; + # Configure bootloader with lanzaboot and secureboot + boot = { + loader = { + systemd-boot = { + enable = false; + configurationLimit = 2; + }; - time.hardwareClockInLocalTime = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = false; - boot.loader.systemd-boot.configurationLimit = 2; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; -# boot.plymouth.enable = true; - boot.bootspec.enable = true; - boot.consoleLogLevel = 3; - boot.kernelParams = [ - "quiet" "amdgpu.ppfeaturemask=0xffffffff" - ]; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - settings = { - default = "@saved"; - console-mode = "max"; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + settings = { + default = "@saved"; + console-mode = "max"; + }; + configurationLimit = 2; + }; + + # Override kernel to latest + kernelPackages = pkgs.linuxPackages_latest; + + kernelParams = [ + "quiet" "amdgpu.ppfeaturemask=0xffffffff" + ]; + + consoleLogLevel = 3; + bootspec.enable = true; + + # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023 + kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1; + + # Enable AppImage + binfmt.registrations.appimage = { + wrapInterpreterInShell = false; + interpreter = "${pkgs.appimage-run}/bin/appimage-run"; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; }; - configurationLimit = 2; }; - services.fwupd.enable = true; - hardware.enableAllFirmware = true; + # Hardware configs + hardware = { + # Bluetooth + bluetooth.enable = true; - # Override kernel to latest - boot.kernelPackages = pkgs.linuxPackages_latest; + # Xbox controllers + xpadneo.enable = true; - networking.hostName = "matt-nixos"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + # Steam udev rules for remote play + steam-hardware.enable = true; - # Bluetooth - hardware.bluetooth.enable = true; - hardware.xpadneo.enable = true; + # Enable all firmware + enableAllFirmware = true; - # Steam udev rules for remote play - hardware.steam-hardware.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023 - boot.kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - - # Enable the Plasma 5 Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - # services.xserver.desktopManager.plasma5.enable = true; - services.xserver.desktopManager.plasma6.enable = true; - # services.xserver.displayManager.defaultSession = "plasmawayland"; - services.xserver.displayManager.defaultSession = "plasma"; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # enable auto discovery of printers - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; -}; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; + # Disable pulse audio in favor of pipewire + pulseaudio.enable = false; + + opengl.enable = true; + # Enables support for 32bit libs that steam uses + opengl.driSupport32Bit = true; }; - # Enable Flatpak - services.flatpak.enable = true; + # Services configs + services = { + # Enable firmware updates + fwupd.enable = true; + + # Enable the X11 windowing system. + xserver = { + enable = true; + + # Enable the Plasma 6 Desktop Environment. + displayManager = { + sddm.enable = true; + defaultSession = "plasma"; + }; + desktopManager.plasma6.enable = true; + }; + + # Enable CUPS to print documents. + printing.enable = true; + + # configure pipewire + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # enable auto discovery of printers + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + # Enable Flatpak + flatpak.enable = true; + + flatpak.packages = [ + "com.discordapp.Discord" + "com.spotify.Client" + "com.visualstudio.code" + "it.mijorus.gearlever" + "org.libreoffice.LibreOffice" + "net.davidotek.pupgui2" # Proton-Up Qt + "io.github.prateekmedia.appimagepool" + ]; + }; + + # Networking configs + networking = { + hostName = hostname; + + # Enable Network Manager + networkmanager.enable = true; + }; + + # Time config + time = { + # Set your time zone. + timeZone = timezone; + hardwareClockInLocalTime = true; + } + # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ]; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; - services.flatpak.packages = [ - "com.discordapp.Discord" - "com.spotify.Client" - "com.visualstudio.code" - "it.mijorus.gearlever" - "org.libreoffice.LibreOffice" - "net.davidotek.pupgui2" # Proton-Up Qt - "io.github.prateekmedia.appimagepool" - ]; + # Security config + security = { + rtkit.enable = true; - # Enable AppImage - boot.binfmt.registrations.appimage = { - wrapInterpreterInShell = false; - interpreter = "${pkgs.appimage-run}/bin/appimage-run"; - recognitionType = "magic"; - offset = 0; - mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; - magicOrExtension = ''\x7fELF....AI\x02''; + # configure sudo + sudo = { + enable = true; + extraRules = [{ + commands = [ + { + command = "${pkgs.systemd}/bin/systemctl suspend"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.systemd}/bin/reboot"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.systemd}/bin/poweroff"; + options = [ "NOPASSWD" ]; + } + { + command = "/home/matt/nix-config/reset_wifi"; + options = [ "NOPASSWD" ]; + } + ]; + groups = [ "wheel" ]; + }]; + }; + + # Configure polkit + polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ((action.id == "org.corectrl.helper.init" || + action.id == "org.corectrl.helperkiller.init") && + subject.local == true && + subject.active == true && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } + }); + ''; + }; }; - # Force radv - environment.variables.AMD_VULKAN_ICD = "RADV"; + # Configure environment + environment = { + # List packages installed in system profile. To search, run: + # $ nix search wget + systemPackages = with pkgs; [ + vim + wget + nano + os-prober + efibootmgr + git + sbctl + gparted + discover-wrapped + pciutils + papirus-icon-theme + vulkan-tools + aspell + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + aha + clinfo + neofetch + gamescope + mangohud + goverlay + heroic + ]; - hardware.opengl.extraPackages = [ - pkgs.amdvlk - ]; + # Force radv + variables.AMD_VULKAN_ICD = "RADV"; + }; - # To enable Vulkan support for 32-bit applications, also add: - hardware.opengl.extraPackages32 = [ - pkgs.driversi686Linux.amdvlk - ]; - hardware.opengl.enable = true; + # Configure programs + programs = { + fish.enable = true; + java.enable = true; + corectrl.enable = true; - # For etcher - nixpkgs.config.permittedInsecurePackages = [ - "electron-19.1.9" - ]; + # Steam + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; + # Configure nixpkgs + nixpkgs = { + config = { + # Enable non free + allowUnfree = true; - programs.fish.enable = true; + permittedInsecurePackages = [ + # allow insecure electron for etcher + "electron-19.1.9" + ]; + + packageOverrides = pkgs: { + steam = pkgs.steam.override { + extraPkgs = pkgs: with pkgs; [ + xorg.libXcursor + xorg.libXi + xorg.libXinerama + xorg.libXScrnSaver + libpng + libpulseaudio + libvorbis + stdenv.cc.cc.lib + libkrb5 + keyutils + ]; + }; + }; + }; + }; # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.matt = { + users.users."${user}" = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. shell = pkgs.fish; @@ -188,130 +304,6 @@ in ]; }; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - nano - os-prober - efibootmgr - git - sbctl - gparted - discover-wrapped - pciutils - papirus-icon-theme - vulkan-tools - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - aha - clinfo - # eglinfo - # glxinfo - # wayland-info - - neofetch - gamescope - mangohud - goverlay - heroic - ]; - - programs.java.enable = true; - programs.corectrl.enable = true; - - # Steam - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; - hardware.opengl.driSupport32Bit = true; # Enables support for 32bit libs that steam uses - - nixpkgs.config.packageOverrides = pkgs: { - steam = pkgs.steam.override { - extraPkgs = pkgs: with pkgs; [ - xorg.libXcursor - xorg.libXi - xorg.libXinerama - xorg.libXScrnSaver - libpng - libpulseaudio - libvorbis - stdenv.cc.cc.lib - libkrb5 - keyutils - ]; - }; - }; - - security.sudo = { - enable = true; - extraRules = [{ - commands = [ - { - command = "${pkgs.systemd}/bin/systemctl suspend"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/reboot"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/poweroff"; - options = [ "NOPASSWD" ]; - } - { - command = "/home/matt/nix-config/reset_wifi"; - options = [ "NOPASSWD" ]; - } - ]; - groups = [ "wheel" ]; - }]; - }; - - security.polkit = { - enable = true; - extraConfig = '' - polkit.addRule(function(action, subject) { - if ((action.id == "org.corectrl.helper.init" || - action.id == "org.corectrl.helperkiller.init") && - subject.local == true && - subject.active == true && - subject.isInGroup("wheel")) { - return polkit.Result.YES; - } - }); - ''; - }; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. #