#+TITLE: Readme #+AUTHOR: Chris Cochrun mailto:chris@tfcconnection.org * Welcome This repository contains all of my dotfiles to the many programs I like to use on Linux. This is primarily built with NixOS and Emacs. This is done through literate programming. So basically this README file has all the source code for the entire system. (or at least it will once I get it all finished) As is common in org-mode literate programming, I'm using a feature of org-mode to bring in config that exists elsewhere called org-babel tangle and noweb. The syntax =<>= brings in the named blocks that are above. Meaning that through this single document I can consolidate configuration. This may not work for you, but I prefer it. You will see the blocks to be brought into the bracket syntax by a named section like #+NAME: ... This creates files that have everything in them, making them bigger and maybe filled with more things, but makes this document much easier to read and easier for me to handle things. Again, if this doesn't work for you, sorry it's just the way that I like to do it. * NixOS The biggest part of this is through NixOS. NixOS is a declarative way of building an OS for Linux and allows an immutable and reproducible system. I really like that last part. I enjoy my config to be the same no matter how many machines I place it on. I'd also one day like this to be modular so that I'll have some switches that can turn on and off certain features. Let's start with the core of this, the flake. ** flake.nix This is not a wholly complex setup with flakes. I've seen far more complex and unique ones. But the basic idea is to have a few of our inputs setup to bring in the expected pkgs and then output things to the correct system/user. Note how in the outputs I do have some duplicated code. That is will disappear as I grow more accustomed to flakes and nix. Anyhow, the important things to gather in this file are that I'm making sure to use non-free software by making pkgs =config = { allowUnfree = true; }=. This ensures that things like the non-free linux kernel are accessible. Also, syl is my laptop and kaladin is my desktop. So those are going to be unique in the future. Both include the home-manager module. Primarily I chose that route so that I could use the same command to update the entire system without needing to update the system and user stuff seperately. #+begin_src nix :tangle flake.nix { description = "The Flake"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.05"; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; hyprland = { url = "github:vaxerski/Hyprland"; inputs.nixpkgs.follows = "nixpkgs"; }; emacs = { url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-bitcoin = { url = "github:fort-nix/nix-bitcoin/release"; }; }; outputs = { nixpkgs, nixpkgs-stable, home-manager, hyprland, emacs, nix-bitcoin, ... }: let system = "x86_64-linux"; username = "chris"; pkgsForSystem = import nixpkgs { inherit system; config = { allowUnfree = true; }; overlays = [ emacs.overlay (self: super: { awesome = super.awesome.overrideAttrs (old: rec { pname = "awesome"; version = "git-20220614-3a54221"; src = super.fetchFromGitHub { owner = "awesomeWM"; repo = "awesome"; rev = "3a542219f3bf129546ae79eb20e384ea28fa9798"; sha256 = "4z3w6iuv+Gw2xRvhv2AX4suO6dl82woJn0p1nkEx3uM="; }; patches = []; }); } ) (self: super: { qt5ct = super.qt5ct.overrideAttrs (old: rec { patches = (old.patches or []) ++ [ ../../qt5ct.patch ]; }); } ) ]; }; lib = nixpkgs.lib; # unstable = nixpkgs; in { nixosConfigurations = { syl = lib.nixosSystem { inherit system; pkgs = pkgsForSystem; modules = [ ./system/syl/configuration.nix home-manager.nixosModules.home-manager hyprland.nixosModules.default { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.chris = import ./user/home.nix; programs.hyprland.enable = true; } ]; }; kaladin = lib.nixosSystem { inherit system; pkgs = pkgsForSystem; modules = [ ./system/kaladin/configuration.nix home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.chris = import ./user/home.nix; } ]; }; dalinar = nixpkgs-stable.lib.nixosSystem { inherit system; modules = [ ./system/dalinar/configuration.nix nix-bitcoin.nixosModules.default ]; }; }; }; } #+end_src ** General All my machines have these settings. Every machine has it's own hardware config and we'll throw in the cachix piece here too. #+NAME: hardware #+begin_src nix imports = [ ./hardware-configuration.nix /etc/nixos/cachix.nix ]; #+end_src Let's make sure all the machines have their pkgs setup to be unstable and using the flake system. #+NAME: experimental-features #+begin_src nix nix = { extraOptions = "experimental-features = nix-command flakes"; package = pkgs.nixVersions.unstable; }; #+end_src I use plasma and awesome mostly as my desktop. Also all desktops will likely need ntfs support in order to work with windows devices. #+NAME: desktop #+begin_src nix boot.supportedFilesystems = [ "ntfs" ]; services.xserver = { enable = true; windowManager.awesome = { enable = true; package = pkgs.awesome; }; displayManager = { startx.enable = true; defaultSession = "plasmawayland"; sddm = { enable = true; enableHidpi = true; }; }; desktopManager.plasma5 = { enable = true; runUsingSystemd = true; }; # desktopManager.gnome.enable = true; }; services.avahi = { enable = true; nssmdns = true; }; #+end_src In order to make sure the kde xdg-portals are used we need this #+NAME: xdg-portals #+begin_src nix xdg.portals.extraPortals = [ "xdg-desktop-portal-kde" ]; #+end_src To use pipewire there are some specific setup pieces that I like to have. #+NAME: pipewire #+begin_src nix # Enable sound. security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; wireplumber.enable = true; }; # Needed for some pipewire progs and other gtk apps programs.dconf.enable = true; #+end_src To make sure certain things are setup properly I'll modify the shells a bit. #+NAME: shell #+begin_src nix # Set default shell to be dash for speed # Apparently this is bad because a lot of nix relies on bash # environment.binsh = "${pkgs.dash}/bin/dash"; environment.homeBinInPath = true; programs.fish.enable = true; programs.zsh.enable = true; #+end_src And here are environment variables I need in all computers #+NAME: env #+begin_src nix EDITOR = "emacsclient -t -a"; VISUAL = "emacsclient -c -a"; # Fixing Qt apps in other environments # Thought I needed this but apparently they are working fine without it. # QT_XCB_GL_INTEGRATION = "xcb_egl"; # QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.qt5.qtbase.bin}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins/platforms"; #+end_src #+NAME: samba #+begin_src nix services.samba-wsdd.enable = true; services.samba = { enable = true; extraConfig = '' workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = 192.168.0. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = { public = { path = "/home/chris/Public"; "read only" = false; browsable = true; "guest ok" = true; comment = "Share"; }; }; }; #+end_src Now lets turn on docker and podman. I create a lot of containers for my job. #+NAME: containers #+begin_src nix virtualisation.podman.enable = true; virtualisation.docker.enable = true; virtualisation.libvirtd = { enable = true; qemu = { runAsRoot = false; ovmf = { enable = true; packages = [ pkgs.OVMFFull.fd pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd ]; }; swtpm.enable = true; }; }; #+end_src *** Packages Here are a list of packages that I like to have on all machines. These first base packages are used on all systems. From laptops, to desktops, and even servers. #+NAME: base-packages #+begin_src nix vim wget killall git tmux dutree cachix unzip unrar p7zip zip gzip usbutils binutils podman-compose exa # img2pdf yt-dlp bat rsync jq ripgrep fd ffmpeg-full imagemagick libheif trash-cli htop btop bc sysstat procs pandoc samba blesh # OVMFFull quickemu #+end_src These are just for general graphical machines. Laptops, and desktops. #+NAME: general-packages #+begin_src nix discover # kde-rounded-corners lightly-qt pinentry pinentry-qt hunspell caffeine-ng hunspellDicts.en_US transmission openssh ark ifuse dash light ttyper kget audacity krename kwallet-pam plasma5Packages.kwallet libimobiledevice sddm-kcm ydotool bottles jitsi-meet-electron imv feh tagutil python310Packages.mutagen python310Packages.audiotools mpv nerdfonts latte-dock alacritty libsForQt5.bismuth libnotify rofi-wayland waybar eww wlrctl hyprpaper swaylock-fancy aha glxinfo vulkan-tools wayland-utils # mkchromecast plocate papirus-icon-theme phinger-cursors plasma-hud kde-cli-tools gzip qrencode brave scribus # appflowy darktable qutebrowser virt-manager virt-viewer # firefox kate kdialog plasma5Packages.khotkeys openlp inkscape libreoffice-fresh vlc neochat haskellPackages.greenclip pulsemixer any-nix-shell wtype xdotool wmctrl xcape xclip maim unclutter-xfixes bluez-tools networkmanager_dmenu plasma5Packages.qt5ct lxappearance spotdl kdenlive # natron digikam rubberband texlive.combined.scheme-full wlroots picom-next pamixer playerctl jellyfin-mpv-shim pfetch macchina gimp powertop element-desktop-wayland scrcpy python python3 airshipper # hyprland #+end_src Here are some dev tools that I often have on a few devices. #+NAME: dev-tools #+begin_src nix android-tools nix-index meson ninja gnumake gcc gdb clang clang-tools cmake qtcreator extra-cmake-modules pkg-config libsForQt5.wrapQtAppsHook python310Packages.pyqt5 # LIBRARIES FOR DEV qt5.full qt5.qtbase qt5.qtquickcontrols2 qt5.qtx11extras libsForQt5.appstream-qt libsForQt5.kdelibs4support libsForQt5.kirigami2 libsForQt5.ki18n libsForQt5.kcoreaddons # plasma5Packages.kirigami2 sqlite fennel #+end_src Let's create our own custom LightlyShaders package. This is in it's own file for now. #+NAME: lightlyshaders #+begin_src nix (libsForQt5.callPackage ../../LightlyShaders {}) #+end_src Firefox has it's own setup #+NAME: firefox #+begin_src nix nixpkgs.config.firefox.enableTridactyl = true; #+end_src Here are the two main overlays I like to use. One for Emacs and another for the AwesomeWM. For some reason the emacs overlay has a specific sha256. So I'll create it in each config. #+NAME: overlays #+begin_src nix (self: super: { myAwesome = super.awesome.overrideAttrs (old: rec { pname = "myAwesome"; version = "git-20220614-3a54221"; src = super.fetchFromGitHub { owner = "awesomeWM"; repo = "awesome"; rev = "3a542219f3bf129546ae79eb20e384ea28fa9798"; sha256 = "4z3w6iuv+Gw2xRvhv2AX4suO6dl82woJn0p1nkEx3uM="; }; patches = []; }); } ) (self: super: { qt5ct = super.qt5ct.overrideAttrs (old: rec { patches = (old.patches or []) ++ [ ../../qt5ct.patch ]; }); } ) #+end_src *** Emacs Emacs service #+NAME: emacs #+begin_src nix services.emacs = { enable = true; package = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm epkgs.magit epkgs.pdf-tools pkgs.mu ])); }; #+end_src ** Syl Syl is my laptop and has some configuration unique to that. In particular, it's a Framework Laptop. Honestly a great piece of tech. Love it. Notice how I am including all of my software here. It may be a big file, but having all of it in one place means I can easily grok through it and remove something. *** Config #+begin_src nix :tangle system/syl/configuration.nix :noweb yes { lib, config, pkgs, callPackage, ... }: { <> <> # Use the systemd-boot EFI boot loader. boot.kernelPackages = pkgs.linuxPackages_zen; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.kernelModules = [ "i915" ]; nixpkgs.config.allowUnfree = true; boot.kernelParams = [ "mem_sleep_default=deep" "nvme.noacpi=1" ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.acpilight.enable = lib.mkDefault true; networking.hostName = "syl"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Set your time zone. time.timeZone = "America/Chicago"; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; networking.interfaces.wlp170s0.useDHCP = true; <> # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; hardware.uinput.enable = true; hardware.bluetooth.enable = true; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) libvdpau-va-gl ]; }; services.xserver.videoDrivers = ["intel"]; <> # Configure keymap in X11 services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; systemd.services.display-manager = { wants = [ "systemd-user-sessions.service" "multi-user.target" "network-online.target" ]; after = [ "systemd-user-sessions.service" "multi-user.target" "network-online.target" ]; }; # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ]; # Enable fingerprint services.fprintd.enable = true; # programs.qt5ct.enable = true; <> # Turn on flatpak services.flatpak.enable = true; # Some other things services.thermald.enable = true; services.power-profiles-daemon.enable = false; services.tlp = { enable = true; settings = { CPU_SCALING_GOVERNOR_ON_AC="performance"; CPU_SCALING_GOVERNOR_ON_BAT="powersave"; CPU_ENERGY_PERF_POLICY_ON_AC="balance_performance"; CPU_ENERGY_PERF_POLICY_ON_BAT="power"; PCIE_ASPM_ON_AC="default"; PCIE_ASPM_ON_BAT="powersupersave"; SCHED_POWERSAVE_ON_AC=0; SCHED_POWERSAVE_ON_BAT=1; START_CHARGE_THRESH_BAT1=70; STOP_CHARGE_THRESH_BAT1=80; USB_ALLOWLIST="32ac:0002"; }; }; services.usbmuxd.enable = true; services.fstrim.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; <> environment.variables = { <> VDPAU_DRIVER = lib.mkIf config.hardware.opengl.enable (lib.mkDefault "va_gl"); }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chris = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "input" "uinput" ]; }; programs.partition-manager.enable = true; programs.kdeconnect.enable = true; security.pam.services.kwallet = { name = "kwallet"; enableKwallet = true; }; security.pam.services.sddm.enableKwallet = true; virtualisation.waydroid.enable = true; # <> # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ <> <> neofetch afetch yafetch freshfetch disfetch bunnyfetch fet-sh macchina # Dev tools <> <> ]; services.emacs = { enable = true; package = with pkgs; ((emacsPackagesFor emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm epkgs.magit epkgs.pdf-tools pkgs.mu ])); }; <> # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? } #+end_src *** Hardware Now in the =hardware-configuration.nix= file, I didn't change much because I wanted to keep it roughly the same in case things do get overwritten, but this is another nice feature of literate programming, should things change in the /etc folder, I'll have this readme as a backup of what it was before the changes. #+begin_src nix :tangle system/syl/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" "acpi_call" ]; boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; boot.loader.efi.efiSysMountPoint = "/boot/efi"; zramSwap.enable = true; fileSystems."/" = { device = "/dev/disk/by-uuid/db28ba7c-a15d-4c81-8373-99f2f171cac5"; fsType = "btrfs"; options = [ "subvol=@" ]; }; fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/BA76-3723"; fsType = "vfat"; }; swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # high-resolution display hardware.video.hidpi.enable = lib.mkDefault true; } #+end_src ** Kaladin Kaladin is my desktop machine. A powerhouse for the most part with a recent i7 and 64gb of memory and an Nvidia 1080. Basically I use this for video editing, animation, and some other things. Here is it's configuration. *** Config #+begin_src nix :tangle system/kaladin/configuration.nix :noweb yes { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; <> # Use the systemd-boot EFI boot loader. boot = { kernelPackages = pkgs.linuxPackages_zen; kernelParams = [ "mem_sleep_default=deep" ]; initrd.kernelModules = [ "amdgpu" ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; nixpkgs.config.allowUnfree = true; networking.hostName = "kaladin"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Set your time zone. time.timeZone = "America/Chicago"; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; networking.interfaces.enp0s31f6.useDHCP = true; networking.interfaces.wlp7s0.useDHCP = true; <> # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # Set default shell to be dash for speed environment.binsh = "${pkgs.dash}/bin/dash"; # NVIDIA services.xserver.videoDrivers = [ "nvidia" ]; hardware = { opengl = { enable = true; extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; }; nvidia = { modesetting.enable = true; powerManagement.enable = true; }; }; <> # Configure keymap in X11 services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ]; <> # Turn on flatpak services.flatpak.enable = true; services.usbmuxd.enable = true; services.fstrim.enable = true; <> environment.variables = { <> }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chris = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "input" "no-internet" ]; # Enable ‘sudo’ for the user. }; programs.partition-manager.enable = true; programs.kdeconnect.enable = true; security.pam.services.kwallet = { name = "kwallet"; enableKwallet = true; }; security.pam.services.sddm.enableKwallet = true; virtualisation.waydroid.enable = true; # services.ethminer = { # enable = true; # pool = "us-eth.2miners.com:2020"; # toolkit = "cuda"; # rig = "kaladin"; # wallet = "0xE43c525d05Ac52303cb43772Eb209824AE328CA3"; # registerMail = "ceth@cochrun.xyz"; # }; programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ <> <> blender neofetch # ethminer lutris protonup nvtop # Dev tools <> <> ]; nixpkgs.overlays = [ (import (builtins.fetchTarball { url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz; sha256 = "1v1n30a2ai5mnlkrkwv4mfczd3601sqxxlawadxariblfvg7qz4j"; })) <> ]; <> <> # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; # services.caddy = { # enable = true; # virtualHosts = { # "videosdani.tfcconnection.org".extraConfig = '' # reverse_proxy localhost:9000 # ''; # }; # virtualHosts = { # "videosdani.tfcconnection.org:1935".extraConfig = '' # reverse_proxy localhost:1935 # ''; # }; # }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? } #+end_src *** hardware And here is it's hardware config. #+begin_src nix :tangle system/kaladin/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ]; fileSystems."/" = { device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10"; fsType = "btrfs"; options = [ "subvol=@" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ]; }; fileSystems."/home" = { device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10"; fsType = "btrfs"; options = [ "subvol=@home" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ]; }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10"; fsType = "btrfs"; options = [ "subvol=@nix" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ]; }; fileSystems."/var/log" = { device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10"; fsType = "btrfs"; options = [ "subvol=@log" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ]; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/35A0-C1F1"; fsType = "vfat"; }; swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } #+end_src Kaladin is still not fullly setup, so I'll be working on that more and more as time goes. ** Dalinar Dalinar is my home server. It's built with an old laptop at the moment, but the way everything is orchestrated is to protect from screw ups. *** Configuration Dalinar's config is of course server oriented. #+begin_src nix :tangle system/dalinar/configuration.nix { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix = { extraOptions = "experimental-features = nix-command flakes"; package = pkgs.nixFlakes; }; nixpkgs.config.allowUnFree = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "dalinar"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "America/Chicago"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # Enable the X11 windowing system. # services.xserver.enable = true; # Configure keymap in X11 # services.xserver.layout = "us"; # services.xserver.xkbOptions = { # "eurosign:e"; # "caps:escape" # map caps to escape. # }; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. # sound.enable = true; # hardware.pulseaudio.enable = true; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl ]; }; environment.homeBinInPath = true; programs.fish.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chris = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim wget yt-dlp bat ripgrep ffmpeg-full rsync dutree tmux git samba exa jq fd bc sysstat procs btop htop unzip #blesh ]; virtualisation.docker.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; nix-bitcoin = { generateSecrets = true; operator = { enable = true; name = "chris"; }; }; # List services that you want to enable: services.locate = { enable = true; locate = pkgs.plocate; localuser = null; }; # Enable the OpenSSH daemon. services.openssh.enable = true; services.fstrim.enable = true; services.logind = { lidSwitch = "ignore"; lidSwitchExternalPower = "ignore"; }; services.monero = { enable = true; dataDir = "/storage/monero"; }; services.bitcoind = { enable = true; listen = true; dataDir = "/storage/bitcoind"; }; services.clightning = { enable = true; dataDir = "/storage/clightning"; }; services.rtl = { enable = true; dataDir = "/storage/rtl"; nightTheme = true; extraCurrency = "USD"; nodes.clightning.enable = true; }; # DDCLIENT services.ddclient = { enable = true; configFile = /home/chris/ddclient.conf; #domains = [ # "nc.cochrun.xyz" # "home.cochrun.xyz" # "mail.cochrun.xyz" # "jelly.cochrun.xyz" #]; #passwordFile = "/etc/nixos/ddclientp"; #protocol = "namecheap"; #use = "web, web=dynamicdns.park-your-domain.com/getip"; #server = "dynamicdns.park-your-domain.com"; #username = "cochrun.xyz"; #extraConfig = '' #use=web, web=dynamicdns.park-your-domain.com/getip #protocol=namecheap #server=dynamicdns.park-your-domain.com #login=livingseedco.shop #password=e157e42337fc4ccd850d0a3904733f46 #@ #use=web, web=dynamicdns.park-your-domain.com/getip #protocol=namecheap #server=dynamicdns.park-your-domain.com #login=cochrun.xyz #password=94602c373f9f4743838bf567def2eb72 #@,nc.cochrun.xyz,home.cochrun.xyz,mail.cochrun.xyz,jelly.cochrun.xyz #''; }; # CADDY services.caddy = { enable = true; virtualHosts = { "home.cochrun.xyz".extraConfig = '' reverse_proxy localhost:8123 ''; }; virtualHosts = { "jelly.cochrun.xyz".extraConfig = '' reverse_proxy localhost:8096 ''; }; virtualHosts = { "livingseedco.shop".extraConfig = '' reverse_proxy localhost:8282 ''; }; virtualHosts = { "sonarr.cochrun.xyz".extraConfig = '' reverse_proxy localhost:7879 ''; }; virtualHosts = { "192.168.1.2".extraConfig = '' reverse_proxy localhost:9091 ''; }; virtualHosts = { "rtl.cochrun.xyz".extraConfig = '' reverse_proxy localhost:3000 ''; }; virtualHosts = { "nc.cochrun.xyz".extraConfig = '' reverse_proxy localhost:8080 encode gzip redir /.well-known/carddav /remote.php/carddav 301 redir /.well-known/caldav /remote.php/caldav 301 header Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" ''; }; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an # an error and provide instructions for migrating your config to the new release. nix-bitcoin.configVersion = "0.0.77"; } #+end_src *** Hardware Configuration Dalinar's hardware #+begin_src nix :tangle system/dalinar/hardware-configuration.nix # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/103a24d5-ffb5-4f7c-ab68-48e0b766b3ac"; fsType = "btrfs"; options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ]; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/55C5-7725"; fsType = "vfat"; }; fileSystems."/storage" = { device = "/dev/disk/by-uuid/f1804953-14e5-42db-a974-1e18f16d884c"; fsType = "btrfs"; options = [ "noatime" "nodiratime" "compress=zstd" ]; }; swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } #+end_src ** Home I also use home-manager for managing dotfiles. This means that everything is contained in this folder and then tangled out to their respective places when rebuilding the system. #+begin_src nix :tangle user/home.nix { config, lib, pkgs, ... }: { # Home Manager needs a bit of information about you and the # paths it should manage. home.username = "chris"; home.homeDirectory = "/home/chris"; # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards # incompatible changes. # # You can update Home Manager without changing this value. See # the Home Manager release notes for a list of state version # changes in each release. home.stateVersion = "21.11"; # Did you read the comment? # Let Home Manager install and manage itself. programs.home-manager.enable = true; # accounts.email.accounts = { # personal = { # address = "chris@cochrun.xyz"; # mbsync.enable = true; # create = "maildir"; # mu.enable = true; # imap = { # host = "mail.cochrun.xyz"; # port = 993; # tls.enable = true; # }; # smtp = { # host = "mail.cochrun.xyz"; # port = 25; # tls.enable = true; # }; # }; # work = { # address = "chris@tfcconnection.org"; # mbsync.enable = true; # create = "maildir"; # mu.enable = true; # imap = { # host = "outlook.office365.com"; # port = 993; # tls.enable = true; # }; # smtp = { # host = "mail.cochrun.xyz"; # port = 25; # tls.enable = true; # }; # }; # }; programs.git = { enable = true; userName = "Chris Cochrun"; userEmail = "chris@cochrun.xyz"; }; home.packages = with pkgs; [ ]; programs.mu.enable = true; programs.mbsync = { enable = true; extraConfig = '' IMAPAccount gmail Host imap.gmail.com User ccochrun21@gmail.com PassCmd "rbw get gmail" AuthMechs LOGIN SSLType IMAPS SSLVersions SSLv3 # CertificateFile /opt/local/share/curl/curl-ca-bundle.crt IMAPAccount office Host outlook.office365.com User chris@tfcconnection.org PassCmd "rbw get 'Office 365'" AuthMechs LOGIN SSLType IMAPS IMAPAccount outlook Host outlook.office365.com User chris.cochrun@outlook.com PassCmd "rbw get outlook" AuthMechs LOGIN SSLType IMAPS IMAPAccount cochrun Host mail.cochrun.xyz User chris@cochrun.xyz PassCmd "rbw get 'Office 365'" AuthMechs LOGIN SSLType IMAPS # SSLVersions SSLv3 # CertificateFile /opt/local/share/curl/curl-ca-bundle.crt # THEN WE SPECIFY THE LOCAL AND REMOTE STORAGE # - THE REMOTE STORAGE IS WHERE WE GET THE MAIL FROM (E.G., THE # SPECIFICATION OF AN IMAP ACCOUNT) # - THE LOCAL STORAGE IS WHERE WE STORE THE EMAIL ON OUR COMPUTER # REMOTE STORAGE (USE THE IMAP ACCOUNT SPECIFIED ABOVE) IMAPStore gmail-remote Account gmail MaildirStore gmail-local Path ~/Maildir/gmail/ Inbox ~/Maildir/gmail/INBOX IMAPStore office-remote Account office # LOCAL STORAGE (CREATE DIRECTORIES with mkdir -p Maildir/gmail) MaildirStore office-local Path ~/Maildir/office/ Inbox ~/Maildir/office/INBOX Subfolders Verbatim IMAPStore outlook-remote Account outlook MaildirStore outlook-local Path ~/Maildir/outlook/ Inbox ~/Maildir/outlook/INBOX Subfolders Verbatim IMAPStore cochrun-remote Account cochrun MaildirStore cochrun-local Path ~/Maildir/cochrun/ Inbox ~/Maildir/cochrun/INBOX Subfolders Verbatim # CONNECTIONS SPECIFY LINKS BETWEEN REMOTE AND LOCAL FOLDERS # # CONNECTIONS ARE SPECIFIED USING PATTERNS, WHICH MATCH REMOTE MAIl # FOLDERS. SOME COMMONLY USED PATTERS INCLUDE: # # 1 "*" TO MATCH EVERYTHING # 2 "!DIR" TO EXCLUDE "DIR" # 3 "DIR" TO MATCH DIR Channel gmail-inbox Far :gmail-remote: Near :gmail-local: Patterns "INBOX" Create Both Expunge Both SyncState * Channel gmail-trash Far :gmail-remote:"[Gmail]/Bin" Near :gmail-local:"[Gmail].Bin" Create Both Expunge Both SyncState * Channel gmail-sent Far :gmail-remote:"[Gmail]/Sent Mail" Near :gmail-local:"[Gmail].Sent Mail" Create Both Expunge Both SyncState * Channel gmail-all Far :gmail-remote:"[Gmail]/All Mail" Near :gmail-local:"[Gmail].All Mail" Create Both Expunge Both SyncState * Channel gmail-starred Far :gmail-remote:"[Gmail]/Starred" Near :gmail-local:"[Gmail].Starred" Create Both Expunge Both SyncState * Channel office-inbox Far :office-remote: Near :office-local: Patterns "*" Create Both Expunge Both SyncState * Channel outlook-inbox Far :outlook-remote: Near :outlook-local: Patterns "*" Create Both Expunge Both SyncState * Channel cochrun-inbox Far :cochrun-remote: Near :cochrun-local: Patterns "*" Create Both Expunge Both SyncState * # GROUPS PUT TOGETHER CHANNELS, SO THAT WE CAN INVOKE # MBSYNC ON A GROUP TO SYNC ALL CHANNELS # # FOR INSTANCE: "mbsync gmail" GETS MAIL FROM # "gmail-inbox", "gmail-sent", and "gmail-trash" # # Group gmail # Channel gmail-inbox # Channel gmail-sent # Channel gmail-trash # Channel gmail-all # Channel gmail-starred Group office Channel office-inbox Group outlook Channel outlook-inbox Group cochrun Channel cochrun-inbox ''; }; programs.msmtp.enable = true; services.mbsync.enable = true; programs.obs-studio = { enable = true; plugins = [ pkgs.obs-studio-plugins.obs-websocket pkgs.obs-studio-plugins.obs-move-transition ]; }; services.nextcloud-client = { enable = true; startInBackground = true; }; services.syncthing.enable = true; # services.kdeconnect.enable = true; services.easyeffects.enable = true; services.espanso = { enable = true; settings = { toggle_key = "RIGHT_CTRL"; matches = [ { # dates trigger = ":date"; replace = "{{mydate}}"; vars = [{ name = "mydate"; type = "date"; params = {format = "%m/%d/%Y";}; }]; } { # Shell commands trigger = ":shell"; replace = "{{output}}"; vars = [{ name = "output"; type = "shell"; params = { cmd = "echo Hello from your shell";}; }]; } { # simple text trigger = ":gml"; replace = "ccochrun21@gmail.com"; } { trigger = ":otl"; replace = "chris.cochrun@outlook.com"; } { trigger = ":tfcml"; replace = "chris@tfcconnection.org"; } { trigger = ":name"; replace = "Chris Cochrun"; } { trigger = ":cn"; replace = "A Giant Gummy Lizard"; } ]; }; }; home.file.".config/rofi" = { source = ../rofi; recursive = true; }; programs.firefox = { enable = true; package = pkgs.firefox-wayland.override { cfg = { enableTridactylNative = true; }; }; profiles.chris = { name = "default"; path = "nw77o6yc.default"; isDefault = true; }; }; home.file.".mozilla/firefox/nw77o6yc.default/chrome" = { source = ../firefox/chrome; recursive = true; }; home.file.".config/tridactyl" = { source = ../tridactyl; recursive = true; }; programs.rbw.enable = true; home.file.".config/rbw" = { source = ../rbw; recursive = true; }; home.file.".config/fish/config.fish" = { source = ../fish/config.fish; }; home.file.".config/fish/functions" = { source = ../fish/functions; }; programs.direnv.enable = true; programs.direnv.nix-direnv.enable = true; # programs.qutebrowser.enable = true; home.file.".config/qutebrowser/config.py" = { source = ../qutebrowser/config.py; }; home.file.".config/qutebrowser/bookmarks" = { source = ../qutebrowser/bookmarks; }; home.file.".config/qutebrowser/css" = { source = ../qutebrowser/css; }; home.file.".config/qutebrowser/quickmarks" = { source = ../qutebrowser/quickmarks; }; home.file.".config/qutebrowser/qsettings" = { source = ../qutebrowser/qsettings; }; home.file.".config/mpv" = { source = ../mpv; recursive = true; }; home.file.".config/imv" = { source = ../imv; recursive = true; }; home.file.".config/macchina" = { source = ../macchina; recursive = true; }; home.file.".config/awesome" = { source = ../awesome; recursive = true; }; home.file.".config/awesome/bling" = { source = ../awesome/bling; recursive = true; }; home.file.".config/awesome/rubato" = { source = ../awesome/rubato; recursive = true; }; home.file.".config/alacritty" = { source = ../alacritty; recursive = true; }; home.file.".config/picom.conf" = { source = ../picom.conf; }; # home.file.".config/networkmanager-dmenu/config.ini" = { # source = ../networkmanager-dmenu/config.ini; # }; home.file."bin" = { source = ../scripts; recursive = true; }; home.shellAliases = { ls = "exa -l"; la = "exa -la"; mpf = "mpv --profile=fast"; mps = "mpv --profile=slow"; ec = "emacsclient -t"; ecc = "emacsclient -c"; mkdir = "mkdir -pv"; nupd = "update-nix"; nupg = "upgrade-nix"; suspend = "systemctl suspend"; sysuse = "systemctl --user"; myip = "curl icanhazip.com"; nixs = "nix search nixpkgs"; ytd = "yt-dlp -o ~/Videos/%(title)s.%(ext)s"; }; programs.starship = { enable = true; enableBashIntegration = true; }; programs.bash = { enable = true; bashrcExtra = '' # export ENV_EFI_CODE_SECURE=/run/libvirt/nix-ovmf/OVMF_CODE.fd ENV_EFI_VARS_SECURE=/run/libvirt/nix-ovmf/OVMF_VARS.fd source $(blesh-share) ble-face auto_complete="fg=238" # eval "$(starship init bash)" ''; }; programs.zsh = { enable = true; enableAutosuggestions = true; enableCompletion = true; enableSyntaxHighlighting = true; autocd = true; dotDir = ".config/zsh"; shellAliases = { ls = "exa -l"; la = "exa -la"; mpf = "mpv --profile=fast"; mps = "mpv --profile=slow"; ec = "emacsclient -t"; ecc = "emacsclient -c"; mkdir = "mkdir -pv"; nupd = "update-nix"; nupg = "upgrade-nix"; suspend = "systemctl suspend"; sysuse = "systemctl --user"; myip = "curl icanhazip.com"; }; initExtra = '' macchina ''; }; xdg.desktopEntries = { mpv-slow = { name = "MPV"; genericName = "Play from MPV but at normal speed"; exec = "alacritty -e mpv --profile=slow %U"; terminal = true; categories = [ "Application" ]; mimeType = [ "audio/ogg" "audio/mpeg" "audio/opus" "audio/x-opus+ogg" "audio/x-wav" ]; }; imv-rifle = { name = "IMV"; genericName = "Show images in current directory in IMV"; exec = "/home/chris/bin/rifle-imv %U"; terminal = false; categories = [ "Application" ]; mimeType = [ "image/gif" "image/jpeg" "image/png" "image/heif" ]; }; }; systemd.user.services = { ydotoold = { Unit = { Description = "An auto-input utility for wayland"; Documentation = [ "man:ydotool(1)" "man:ydotoold(8)" ]; }; Service = { ExecStart = "/run/current-system/sw/bin/ydotoold --socket-path /tmp/ydotools"; }; Install = { WantedBy = ["default.target"]; }; }; jellyfin-mpv-shim = { Unit = { Description = "Play Jellyfin media in mpv"; After = "graphical-session-pre.target"; }; Service = { ExecStart = "/run/current-system/sw/bin/jellyfin-mpv-shim"; }; Install = { WantedBy = ["graphical-session.target"]; }; }; nextlcoud-client = { Unit = { Description = "Nextcloud Client"; After = [ "graphical-session.target" ]; # PartOf = [ "plasma-workspace.target" ]; }; # Install = { WantedBy = [ "plasma-workspace.target" ]; }; }; }; } #+end_src * Thanks! * EXTRA Possible efibootmgr command to make efistub work on desktop #+begin_src sh efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "Arch Linux" --loader /boot/vmlinuz-linux-zen --unicode 'root=PARTUUID=d920ee9c-3b42-4c83-9c4c-a33406421ed1 rootflags=subvol=@ rw noatime nodiratime compress=zstd:3 ssd space_cache initrd=\initramfs-linux-zen.img' --verbose #+end_src