| alacritty | ||
| awesome | ||
| bpytop | ||
| cachix | ||
| chemacs | ||
| dunst | ||
| espanso | ||
| eww | ||
| firefox/chrome | ||
| fish | ||
| flameshot | ||
| hypr | ||
| imv | ||
| kanshi | ||
| kmonad | ||
| leftwm | ||
| LightlyShaders | ||
| lolcate | ||
| macchina | ||
| mako | ||
| modules | ||
| mpv | ||
| mpv-syl | ||
| networkmanager-dmenu | ||
| nyxt | ||
| oguri | ||
| pkgs | ||
| polybar | ||
| qutebrowser | ||
| rbw | ||
| river | ||
| rofi | ||
| RoundedSBE | ||
| scripts | ||
| surfingkeys | ||
| sway | ||
| sxiv/exec | ||
| system | ||
| systemd/user | ||
| taiwins | ||
| tridactyl | ||
| user | ||
| waybar | ||
| wayfire | ||
| wofi | ||
| ydotool | ||
| .gitmodules | ||
| .mbsyncrc | ||
| flake.lock | ||
| flake.nix | ||
| greenclip.toml | ||
| libinput-gestures.conf | ||
| picom.conf | ||
| qt5ct.patch | ||
| README.org | ||
| xinitrc | ||
| Xresources | ||
Readme
mailto:chris@tfcconnection.org
Welcome
This repository contains all of my dotfiles to the many programs I like to use on Linux. This is primarily built with NixOS and Emacs. This is done through literate programming. So basically this README file has all the source code for the entire system. (or at least it will once I get it all finished)
As is common in org-mode literate programming, I'm using a feature of org-mode to bring in config that exists elsewhere called org-babel tangle and noweb. The syntax <<something>> brings in the named blocks that are above. Meaning that through this single document I can consolidate configuration. This may not work for you, but I prefer it.
You will see the blocks to be brought into the bracket syntax by a named section like #+NAME: …
This creates files that have everything in them, making them bigger and maybe filled with more things, but makes this document much easier to read and easier for me to handle things. Again, if this doesn't work for you, sorry it's just the way that I like to do it.
NixOS
The biggest part of this is through NixOS. NixOS is a declarative way of building an OS for Linux and allows an immutable and reproducible system. I really like that last part. I enjoy my config to be the same no matter how many machines I place it on. I'd also one day like this to be modular so that I'll have some switches that can turn on and off certain features.
Let's start with the core of this, the flake.
flake.nix
This is not a wholly complex setup with flakes. I've seen far more complex and unique ones. But the basic idea is to have a few of our inputs setup to bring in the expected pkgs and then output things to the correct system/user.
Note how in the outputs I do have some duplicated code. That is will disappear as I grow more accustomed to flakes and nix. Anyhow, the important things to gather in this file are that I'm making sure to use non-free software by making pkgs config = { allowUnfree = true; }. This ensures that things like the non-free linux kernel are accessible.
Also, syl is my laptop and kaladin is my desktop. So those are going to be unique in the future.
Both include the home-manager module. Primarily I chose that route so that I could use the same command to update the entire system without needing to update the system and user stuff seperately.
{
description = "The Flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.05";
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
};
eww = {
url = "github:elkowar/eww";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/release";
};
libre-presenter = {
url = "gitlab:chriscochrun/church-presenter";
};
};
outputs = { nixpkgs, nixpkgs-stable, home-manager, hyprland, emacs, nix-bitcoin, libre-presenter, ... }:
let
system = "x86_64-linux";
username = "chris";
pkgsForSystem = import nixpkgs {
inherit system;
config = { allowUnfree = true; };
overlays = [
emacs.overlays.default
(self: super:
{
awesome = super.awesome.overrideAttrs (old: rec {
pname = "awesome";
version = "git-20220614-3a54221";
src = super.fetchFromGitHub {
owner = "awesomeWM";
repo = "awesome";
rev = "3a542219f3bf129546ae79eb20e384ea28fa9798";
sha256 = "4z3w6iuv+Gw2xRvhv2AX4suO6dl82woJn0p1nkEx3uM=";
};
patches = [];
});
}
)
(self: super:
{
qt5ct = super.qt5ct.overrideAttrs (old: rec {
patches = (old.patches or []) ++ [
../../qt5ct.patch
];
});
}
)
];
};
lib = nixpkgs.lib;
# unstable = nixpkgs;
in {
nixosConfigurations = {
syl = lib.nixosSystem {
inherit system;
pkgs = pkgsForSystem;
modules = [
./system/syl/configuration.nix
home-manager.nixosModules.home-manager
hyprland.nixosModules.default
# libre-presenter.defaultPackage
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.chris = import ./user/home.nix;
}
];
};
kaladin = lib.nixosSystem {
inherit system;
pkgs = pkgsForSystem;
modules = [
./system/kaladin/configuration.nix
home-manager.nixosModules.home-manager
hyprland.nixosModules.default
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.chris = import ./user/home.nix;
}
];
};
dalinar = nixpkgs-stable.lib.nixosSystem {
inherit system;
modules = [
./system/dalinar/configuration.nix
nix-bitcoin.nixosModules.default
];
};
kohlin = nixpkgs-stable.lib.nixosSystem {
inherit system;
modules = [
./system/kohlin/configuration.nix
nix-bitcoin.nixosModules.default
];
};
};
};
}General
All my machines have these settings.
Every machine has it's own hardware config and we'll throw in the cachix piece here too.
imports =
[
./hardware-configuration.nix
/etc/nixos/cachix.nix
];Let's make sure all the machines have their pkgs setup to be unstable and using the flake system.
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixVersions.unstable;
};I use plasma and hyprland mostly as my desktop. Also all desktops will likely need ntfs support in order to work with windows devices.
# This adds hyprland cache to cachix
nix.settings = {
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
boot.supportedFilesystems = [ "ntfs" ];
services.xserver = {
enable = true;
autorun = false;
# windowManager.awesome = {
# enable = true;
# package = pkgs.awesome;
# };
displayManager = {
startx.enable = true;
sddm = {
enable = false;
};
session = [
{
manage = "desktop";
name = "Hyprland";
start = ''
/home/chris/bin/hyprland &
waitPID=$!
'';
}
];
};
desktopManager.plasma5 = {
enable = true;
runUsingSystemd = true;
};
# desktopManager.gnome.enable = true;
};
services.greetd = {
enable = true;
settings = rec {
initial_session = {
command = "dbus-run-session startplasma-wayland";
user = "chris";
};
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time -r --window-padding 2 --cmd 'dbus-run-session startplasma-wayland'";
user = "greeter";
};
plasma_session = {
command = "dbus-run-session startplasma-wayland";
user = "chris";
};
hyprland_session = {
command = "/home/chris/bin/hyprland";
user = "chris";
};
};
};
environment.etc."greetd/environments".text = ''
/home/chris/bin/hyprland
fish
bash
dbus-run-session startplasma-wayland
'';
programs.hyprland = {
enable = true;
};
services.avahi = {
enable = true;
nssmdns = true;
};In order to make sure the kde xdg-portals are used we need this
xdg.portals.extraPortals = [ "xdg-desktop-portal-kde" ];To use pipewire there are some specific setup pieces that I like to have.
# Enable sound.
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
# Needed for some pipewire progs and other gtk apps
programs.dconf.enable = true;To make sure certain things are setup properly I'll modify the shells a bit.
# Set default shell to be dash for speed
# Apparently this is bad because a lot of nix relies on bash
# environment.binsh = "${pkgs.dash}/bin/dash";
environment.homeBinInPath = true;
programs.fish.enable = true;
programs.zsh.enable = true;And here are environment variables I need in all computers
EDITOR = "emacsclient -t -a";
VISUAL = "emacsclient -c -a";
# Fixing Qt apps in other environments
# Thought I needed this but apparently they are working fine without it.
# QT_XCB_GL_INTEGRATION = "xcb_egl";
# QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.qt5.qtbase.bin}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins/platforms";services.samba-wsdd.enable = true;
services.samba = {
enable = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/home/chris/Public";
"read only" = false;
browsable = true;
"guest ok" = true;
comment = "Share";
};
};
};Now lets turn on docker and podman. I create a lot of containers for my job.
virtualisation.podman.enable = true;
# virtualisation.docker.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu = {
runAsRoot = false;
ovmf = {
enable = true;
packages = [
pkgs.OVMFFull.fd
pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
];
};
swtpm.enable = true;
};
};Here is android dev tools packages properly setup for doing android flashes.
programs.adb.enable = true;
services.udev.packages = [ pkgs.android-udev-rules ];Packages
Here are a list of packages that I like to have on all machines.
These first base packages are used on all systems. From laptops, to desktops, and even servers.
vim
wget
killall
git
tmux
dutree
cachix
unzip
unrar
p7zip
zip
gzip
usbutils
binutils
podman-compose
exa
# img2pdf
yt-dlp
bat
rsync
jq
ripgrep
fd
socat
ffmpeg-full
imagemagick
libheif
trash-cli
htop
btop
bc
sysstat
procs
pandoc
samba
blesh
# OVMFFull
quickemuThese are just for general graphical machines. Laptops, and desktops.
discover
# kde-rounded-corners
lightly-qt
pinentry
pinentry-qt
hunspell
caffeine-ng
hunspellDicts.en_US
transmission
openssh
ark
ifuse
dash
brightnessctl
dunst
ttyper
kget
audacity
krename
kwallet-pam
plasma5Packages.kwallet
sierra-breeze-enhanced
libimobiledevice
bottles
# jitsi-meet-electron
imv
feh
tagutil
python310Packages.mutagen
python310Packages.audiotools
(mpv.override {scripts = with pkgs.mpvScripts; [ mpris youtube-quality sponsorblock ];})
ani-cli
mov-cli
nerdfonts
# latte-dock
plasma-browser-integration
alacritty
libsForQt5.bismuth
libnotify
rofi-wayland
wf-recorder
wofi
waybar
tridactyl-native
eww-wayland
wlrctl
hyprpaper
swaylock-fancy
aha
glxinfo
vulkan-tools
wayland-utils
nextcloud-client
# mkchromecast
plocate
# librepresenter.libre-presenter
papirus-icon-theme
phinger-cursors
plasma-hud
kde-cli-tools
gzip
qrencode
brave
scribus
darktable
qutebrowser
virt-manager
virt-viewer
# firefox
kate
kdialog
plasma5Packages.khotkeys
# openlp
inkscape
libreoffice-fresh
vlc
neochat
haskellPackages.greenclip
pulsemixer
any-nix-shell
wtype
xdotool
# ydotool
wmctrl
xcape
xclip
maim
unclutter-xfixes
bluez-tools
networkmanager_dmenu
plasma5Packages.qt5ct
lxappearance
spotdl
kdenlive
minetest
# natron
digikam
rubberband
texlive.combined.scheme-full
wlroots
picom-next
pamixer
playerctl
jellyfin-mpv-shim
pfetch
macchina
gimp
powertop
element-desktop-wayland
scrcpy
python
python3
airshipper
# hyprlandHere are some dev tools that I often have on a few devices.
# android-tools
nix-index
# meson
# ninja
# gnumake
# gcc
# gdb
# clang
# clang-tools
# cmake
# qtcreator
# extra-cmake-modules
# pkg-config
# libsForQt5.wrapQtAppsHook
# python310Packages.pyqt5
# LIBRARIES FOR DEV
# qt5.qtbase
# qt5.qtquickcontrols2
# qt5.qtx11extras
# libsForQt5.appstream-qt
# libsForQt5.kdelibs4support
# libsForQt5.kirigami2
# libsForQt5.ki18n
# libsForQt5.kcoreaddons
# plasma5Packages.kirigami2
sqlite
fennelLet's create our own custom LightlyShaders package. This is in it's own file for now.
# (libsForQt5.callPackage /home/chris/dev/LightlyShaders {})Let's also add our own package from my WIP presenter
# (libsForQt5.callPackage /home/chris/dev/church-presenter {})(import /home/chris/.dotfiles/ydotool { inherit lib stdenv util-linux cmake scdoc fetchFromGitHub; })Firefox has it's own setup
nixpkgs.config.firefox.enableTridactyl = true;Here are the two main overlays I like to use. One for Emacs and another for the AwesomeWM. For some reason the emacs overlay has a specific sha256. So I'll create it in each config.
(self: super:
{
myAwesome = super.awesome.overrideAttrs (old: rec {
pname = "myAwesome";
version = "git-20220614-3a54221";
src = super.fetchFromGitHub {
owner = "awesomeWM";
repo = "awesome";
rev = "3a542219f3bf129546ae79eb20e384ea28fa9798";
sha256 = "4z3w6iuv+Gw2xRvhv2AX4suO6dl82woJn0p1nkEx3uM=";
};
patches = [];
});
}
)
(self: super:
{
qt5ct = super.qt5ct.overrideAttrs (old: rec {
patches = (old.patches or []) ++ [
../../qt5ct.patch
];
});
}
)Emacs
Emacs service
services.emacs = {
enable = true;
package = with pkgs; ((emacsPackagesFor emacsPgtk).emacsWithPackages
(epkgs: with epkgs; [
vterm
magit
pdf-tools
consult-eglot
org
org-roam
command-log-mode
all-the-icons
doom-modeline
doom-themes
rainbow-delimiters
smartparens
aggressive-indent
adaptive-wrap
which-key
exec-path-from-shell
no-littering
tree-sitter
tree-sitter-langs
rustic
evil
evil-collection
general
evil-escape
evil-surround
evil-org
org-super-agenda
websocket
org-roam-ui
org-present
org-modern
org-re-reveal
org-re-reveal-ref
org-re-reveal-citeproc
ox-reveal
oer-reveal
ox-spectacle
unicode-fonts
emojify
undo-tree
visual-fill-column
toc-org
pulsar
vertico
consult
marginalia
all-the-icons-completion
embark
embark-consult
corfu
orderless
cape
devdocs
yasnippet
tempel
projectile
simple-httpd
avy
evil-avy
ace-link
ace-window
helpful
format-all
web-mode
lua-mode
nix-mode
cmake-mode
fennel-mode
yaml-mode
docker
docker-tramp
fish-mode
markdown-mode
qml-mode
csv-mode
restclient
ob-restclient
dart-mode
flutter
hover
direnv
all-the-icons-dired
dired-single
dired-rainbow
diredfl
dired-rsync
fd-dired
ledger-mode
org-msg
calfw
calfw-org
calfw-ical
org-caldav
org-wild-notifier
magit
sly
nov
elfeed
elfeed-org
bongo
emms
transmission
hass
pass
password-store
password-store-otp
plz
ement
mastodon
qrencode
gcmh
use-package
esh-autosuggest
pkgs.mu
]));
defaultEditor = true;
};Syl
Syl is my laptop and has some configuration unique to that. In particular, it's a Framework Laptop. Honestly a great piece of tech. Love it.
Notice how I am including all of my software here. It may be a big file, but having all of it in one place means I can easily grok through it and remove something.
Config
{ lib, config, pkgs, callPackage, ... }:
{
<<hardware>>
<<experimental-features>>
# Use the systemd-boot EFI boot loader.
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = [ "i915" ];
nixpkgs.config.allowUnfree = true;
boot.kernelParams = [ "mem_sleep_default=deep" "nvme.noacpi=1" ];
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.acpilight.enable = lib.mkDefault true;
networking.hostName = "syl"; # Define your hostname.
networking.networkmanager.enable = true;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
time.timeZone = "America/Chicago";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.wlp170s0.useDHCP = true;
<<containers>>
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
hardware.uinput.enable = true;
hardware.bluetooth.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
];
};
services.xserver.videoDrivers = ["intel"];
<<desktop>>
# Configure keymap in X11
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
systemd.services.display-manager = {
wants = [ "systemd-user-sessions.service" "multi-user.target" "network-online.target" ];
after = [ "systemd-user-sessions.service" "multi-user.target" "network-online.target" ];
};
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ];
# Enable fingerprint
services.fprintd.enable = true;
# programs.qt5ct.enable = true;
<<pipewire>>
# Turn on flatpak
services.flatpak.enable = true;
# Some other things
services.thermald.enable = true;
services.power-profiles-daemon.enable = false;
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC="performance";
CPU_SCALING_GOVERNOR_ON_BAT="powersave";
CPU_ENERGY_PERF_POLICY_ON_AC="balance_performance";
CPU_ENERGY_PERF_POLICY_ON_BAT="power";
PCIE_ASPM_ON_AC="default";
PCIE_ASPM_ON_BAT="powersupersave";
SCHED_POWERSAVE_ON_AC=0;
SCHED_POWERSAVE_ON_BAT=1;
START_CHARGE_THRESH_BAT1=70;
STOP_CHARGE_THRESH_BAT1=80;
USB_ALLOWLIST="32ac:0002";
};
};
services.usbmuxd.enable = true;
services.fstrim.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
<<shell>>
environment.variables = {
<<env>>
VDPAU_DRIVER = lib.mkIf config.hardware.opengl.enable (lib.mkDefault "va_gl");
# QT_QPA_PLATFORMTHEME = "qt5ct";
# QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
# QT_QPA_PLATFORM = "wayland;xcb";
# QT_AUTO_SCREEN_SCALE_FACTOR = "1";
};
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.chris = {
isNormalUser = true;
extraGroups = [ "adbusers" "wheel" "networkmanager" "input" "uinput" ];
};
<<android-tools>>
programs.partition-manager.enable = true;
programs.kdeconnect.enable = true;
security.pam.services.kwallet = {
name = "kwallet";
enableKwallet = true;
};
security.pam.services.sddm.enableKwallet = true;
# virtualisation.waydroid.enable = true;
# <<firefox>>
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
<<base-packages>>
<<general-packages>>
neofetch
afetch
yafetch
freshfetch
disfetch
bunnyfetch
fet-sh
macchina
# Dev tools
<<ydotool>>
<<dev-tools>>
<<lightlyshaders>>
<<librepresenter>>
];
<<emacs>>
<<samba>>
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
interval = "hourly";
prunePaths = [ "/tmp" "/nix/store" "/nix/var/log/nix" "/etc" "/bin" "/boot" "/usr" "/var" "/run" "/srv" "/sys" "/root" "/proc" "/opt" "/dev" "/home/chris/.emacs.d" "/home/chris/.config" "/home/chris/.nix-profile" "/home/chris/.profile" "/home/chris/dev/nixpkgs" "/home/chris/.cache" "/home/chris/.local" "/home/chris/.dotemacs" "/home/chris/.cargo" "/home/chris/.mozilla" "/home/chris/.var" "/home/chris/.dotfiles" "/home/chris/.dbus" "/home/chris/.android" "/var/lib"];
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}Hardware
Now in the hardware-configuration.nix file, I didn't change much because I wanted to keep it roughly the same in case things do get overwritten, but this is another nice feature of literate programming, should things change in the /etc folder, I'll have this readme as a backup of what it was before the changes.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.loader.efi.efiSysMountPoint = "/boot/efi";
zramSwap.enable = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/db28ba7c-a15d-4c81-8373-99f2f171cac5";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/BA76-3723";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}Kaladin
Kaladin is my desktop machine. A powerhouse for the most part with a recent i7 and 64gb of memory and an Nvidia 1080. Basically I use this for video editing, animation, and some other things. Here is it's configuration.
Config
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
<<experimental-features>>
# Use the systemd-boot EFI boot loader.
boot = {
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [ "mem_sleep_default=deep" ];
initrd.kernelModules = [ "amdgpu" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
nixpkgs.config.allowUnfree = true;
networking.hostName = "kaladin"; # Define your hostname.
networking.networkmanager.enable = true;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
time.timeZone = "America/Chicago";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s31f6.useDHCP = true;
networking.interfaces.wlp7s0.useDHCP = true;
<<containers>>
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Set default shell to be dash for speed
# environment.binsh = "${pkgs.dash}/bin/dash";
# NVIDIA
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.latest;
modesetting.enable = true;
powerManagement.enable = true;
};
};
services.xserver.screenSection = ''
Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
Option "AllowIndirectGLXProtocol" "off"
Option "TripleBuffer" "on"
'';
<<desktop>>
# Configure keymap in X11
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ];
<<pipewire>>
# Turn on flatpak
services.flatpak.enable = true;
services.usbmuxd.enable = true;
services.fstrim.enable = true;
<<shell>>
environment.variables = {
<<env>>
WLR_NO_HARDWARE_CURSORS = "1";
};
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.chris = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "input" "no-internet" ]; # Enable ‘sudo’ for the user.
};
programs.partition-manager.enable = true;
programs.kdeconnect.enable = true;
security.pam.services.kwallet = {
name = "kwallet";
enableKwallet = true;
};
security.pam.services.sddm.enableKwallet = true;
# virtualisation.waydroid.enable = true;
# services.ethminer = {
# enable = true;
# pool = "us-eth.2miners.com:2020";
# toolkit = "cuda";
# rig = "kaladin";
# wallet = "0xE43c525d05Ac52303cb43772Eb209824AE328CA3";
# registerMail = "ceth@cochrun.xyz";
# };
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
<<base-packages>>
<<general-packages>>
blender
neofetch
# ethminer
lutris
protonup
nvtop
# Dev tools
<<ydotool>>
<<dev-tools>>
<<lightlyshaders>>
<<librepresenter>>
];
# nixpkgs.overlays = [
# (import (builtins.fetchTarball {
# url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
# sha256 = "1v1n30a2ai5mnlkrkwv4mfczd3601sqxxlawadxariblfvg7qz4j";
# }))
# <<overlays>>
# ];
<<emacs>>
<<samba>>
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# services.caddy = {
# enable = true;
# virtualHosts = {
# "videosdani.tfcconnection.org".extraConfig = ''
# reverse_proxy localhost:9000
# '';
# };
# virtualHosts = {
# "videosdani.tfcconnection.org:1935".extraConfig = ''
# reverse_proxy localhost:1935
# '';
# };
# };
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}hardware
And here is it's hardware config.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ config.boot.kernelPackages.nvidiaPackages.latest ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/9b5a1a62-0de6-4e07-a541-634736980d10";
fsType = "btrfs";
options = [ "subvol=@log" "noatime" "ssd" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/run/media/chris/Storage" =
{ device = "/dev/disk/by-uuid/4c7d4273-7b72-4aa8-8e1c-e281543d06cb";
fsType = "btrfs";
options = [ "noatime" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/run/media/chris/backup" =
{ device = "/dev/disk/by-uuid/4286b9ef-e8ed-49a0-9eec-91b8ee05b2cb";
fsType = "btrfs";
options = [ "noatime" "space_cache" "clear_cache" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/35A0-C1F1";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}Kaladin is still not fullly setup, so I'll be working on that more and more as time goes.
Dalinar
Dalinar is my home server. It's built with an old laptop at the moment, but the way everything is orchestrated is to protect from screw ups.
Configuration
Dalinar's config is of course server oriented.
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixFlakes;
};
nixpkgs.config.allowUnFree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "dalinar"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/Chicago";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
environment.homeBinInPath = true;
programs.fish.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.chris = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
yt-dlp
bat
ripgrep
ffmpeg-full
rsync
dutree
tmux
git
samba
exa
jq
fd
bc
sysstat
procs
btop
htop
unzip
#blesh
];
virtualisation.docker.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
services.syncthing = {
enable = true;
dataDir = "/storage/syncthing";
openDefaultPorts = true;
configDir = "/home/chris/syncthing";
user = "chris";
group = "users";
guiAddress = "0.0.0.0:8384";
devices = {
syl = {
id = "AJMADOK-TENODAA-VSOEW2A-4RXY2XI-YNHIS7H-H3ZYAO5-3UQ64EE-O2N5BAY";
};
kaladin = {
id = "LH6523Z-QQ5F3A4-SINZDOI-UFMQBIX-ZV6Q5BQ-LTKVMDB-CRI6QG5-RRKJFQS";
};
shadow = {
id = "SGO2BUT-WDOB2B7-SD5BHKU-ES3BFZF-EZPFSQJ-B4744TP-SXKZS4O-SDLJ5QX";
};
tablet = {
id = "4HEXCNH-MCVBZQX-LQ735TG-P2VTJ7N-CZ5MK4P-ICZAPC7-YCXVEWV-7NILMA5";
};
kohlin = {
id = "BSWKBRR-2IJBCHA-UQY7DE7-CV2U2IL-PMFQFCJ-D5ZZJMU-FPYRUPC-MCC32QQ";
};
};
folders = {
music = {
id = "teqqy-rzvec";
path = "/storage/syncthing/Music";
devices = [ "syl" "kaladin" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
ebooks = {
id = "wziqy-7hyv9";
path = "/storage/syncthing/ebooks";
devices = [ "syl" "kaladin" "shadow" "tablet" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
notes = {
id = "zwshm-umwbt";
path = "/storage/syncthing/notes";
devices = [ "syl" "kaladin" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
librera = {
id = "vvtvj-osndy";
path = "/storage/syncthing/librera";
devices = [ "tablet" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
};
};
nix-bitcoin = {
generateSecrets = true;
operator = {
enable = true;
name = "chris";
};
};
# List services that you want to enable:
services.locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim.enable = true;
services.logind = {
lidSwitch = "ignore";
lidSwitchExternalPower = "ignore";
};
services.monero = {
enable = false;
dataDir = "/storage/monero";
};
services.bitcoind = {
enable = true;
listen = true;
dataDir = "/storage/bitcoind";
dbCache = 5000;
};
services.clightning = {
enable = true;
dataDir = "/storage/clightning";
};
services.rtl = {
enable = true;
dataDir = "/storage/rtl";
nightTheme = true;
extraCurrency = "USD";
nodes.clightning.enable = true;
};
# DDCLIENT
services.ddclient = {
enable = true;
configFile = /home/chris/ddclient.conf;
#domains = [
# "nc.cochrun.xyz"
# "home.cochrun.xyz"
# "mail.cochrun.xyz"
# "jelly.cochrun.xyz"
#];
#passwordFile = "/etc/nixos/ddclientp";
#protocol = "namecheap";
#use = "web, web=dynamicdns.park-your-domain.com/getip";
#server = "dynamicdns.park-your-domain.com";
#username = "cochrun.xyz";
#extraConfig = ''
#use=web, web=dynamicdns.park-your-domain.com/getip
#protocol=namecheap
#server=dynamicdns.park-your-domain.com
#login=livingseedco.shop
#password=e157e42337fc4ccd850d0a3904733f46
#@
#use=web, web=dynamicdns.park-your-domain.com/getip
#protocol=namecheap
#server=dynamicdns.park-your-domain.com
#login=cochrun.xyz
#password=94602c373f9f4743838bf567def2eb72
#@,nc.cochrun.xyz,home.cochrun.xyz,mail.cochrun.xyz,jelly.cochrun.xyz
#'';
};
# CADDY
services.caddy = {
enable = true;
virtualHosts = {
"home.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8123
'';
};
virtualHosts = {
"jelly.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8096
'';
};
virtualHosts = {
"livingseedco.shop".extraConfig = ''
reverse_proxy localhost:8282
'';
};
virtualHosts = {
"sonarr.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:7879
'';
};
virtualHosts = {
"radarr.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:7878
'';
};
virtualHosts = {
"192.168.1.2".extraConfig = ''
reverse_proxy localhost:9091
'';
};
virtualHosts = {
"rtl.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:3000
'';
};
virtualHosts = {
"nc.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8080
encode gzip
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
header Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
'';
};
};
systemd.services = {
# mail-cert-renew = {
# enable = true;
# serviceConfig = {
# Type = "oneshot";
# ExecStart = with pkgs.docker "sh -c /home/chris/bin/mail-cert-renew";
# };
# };
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
# The nix-bitcoin release version that your config is compatible with.
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an
# an error and provide instructions for migrating your config to the new release.
nix-bitcoin.configVersion = "0.0.77";
}Containers
Here are Dalinar's containers
First off, I'm not entirely sure how this works, but this is my best guess.
jellyfin = {
config = { config, pkgs, ... }:
{
# ...
};
};Hardware Configuration
Dalinar's hardware
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/103a24d5-ffb5-4f7c-ab68-48e0b766b3ac";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/55C5-7725";
fsType = "vfat";
};
fileSystems."/storage" =
{ device = "/dev/disk/by-uuid/f1804953-14e5-42db-a974-1e18f16d884c";
fsType = "btrfs";
options = [ "noatime" "nodiratime" "compress=zstd" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}Kohlin
Kohlin is another home server. It's built with an old laptop at the moment, but the way everything is orchestrated is to protect from screw ups.
Configuration
Kohlin's config is of course server oriented.
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixFlakes;
};
nixpkgs.config.allowUnFree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking.hostName = "kohlin"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/Chicago";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
environment.homeBinInPath = true;
programs.fish.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users = {
chris = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
yt-dlp
bat
ripgrep
ffmpeg-full
rsync
dutree
tmux
git
samba
exa
jq
fd
bc
sysstat
procs
btop
htop
unzip
#blesh
];
virtualisation.docker.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
services.syncthing = {
enable = true;
dataDir = "/storage/syncthing";
openDefaultPorts = true;
configDir = "/home/chris/syncthing";
user = "chris";
group = "users";
guiAddress = "0.0.0.0:8384";
devices = {
syl = {
id = "AJMADOK-TENODAA-VSOEW2A-4RXY2XI-YNHIS7H-H3ZYAO5-3UQ64EE-O2N5BAY";
};
kaladin = {
id = "LH6523Z-QQ5F3A4-SINZDOI-UFMQBIX-ZV6Q5BQ-LTKVMDB-CRI6QG5-RRKJFQS";
};
shadow = {
id = "SGO2BUT-WDOB2B7-SD5BHKU-ES3BFZF-EZPFSQJ-B4744TP-SXKZS4O-SDLJ5QX";
};
tablet = {
id = "4HEXCNH-MCVBZQX-LQ735TG-P2VTJ7N-CZ5MK4P-ICZAPC7-YCXVEWV-7NILMA5";
};
dalinar = {
id = "I6BKBTH-EYKIX5P-GRN6WY5-JHZNFM2-PKMNYU7-Q6JQQY5-EBEWSHO-XGZINAR";
};
};
folders = {
music = {
id = "teqqy-rzvec";
path = "/storage/syncthing/Music";
devices = [ "syl" "kaladin" "shadow" "dalinar"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
ebooks = {
id = "wziqy-7hyv9";
path = "/storage/syncthing/ebooks";
devices = [ "syl" "kaladin" "shadow" "tablet" "dalinar"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
notes = {
id = "zwshm-umwbt";
path = "/storage/syncthing/notes";
devices = [ "syl" "kaladin" "shadow" "dalinar"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
librera = {
id = "vvtvj-osndy";
path = "/storage/syncthing/librera";
devices = [ "tablet" "shadow" "dalinar"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
};
};
# List services that you want to enable:
nix-bitcoin = {
generateSecrets = true;
operator = {
enable = true;
name = "chris";
};
};
services.locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
services.openssh.enable = true;
services.fstrim.enable = true;
services.logind = {
lidSwitch = "ignore";
lidSwitchExternalPower = "ignore";
};
services.monero = {
enable = false;
dataDir = "/storage/monero";
};
services.bitcoind = {
enable = true;
listen = true;
dataDir = "/storage/bitcoind";
dbCache = 3000;
};
services.clightning = {
enable = true;
dataDir = "/storage/clightning";
};
services.rtl = {
enable = true;
dataDir = "/storage/rtl";
nightTheme = true;
extraCurrency = "USD";
nodes.clightning.enable = true;
};
# CADDY
services.caddy = {
enable = true;
};
systemd.services = {
# mail-cert-renew = {
# enable = true;
# serviceConfig = {
# Type = "oneshot";
# ExecStart = with pkgs.docker "sh -c /home/chris/bin/mail-cert-renew";
# };
# };
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}Containers
Hardware Configuration
Kohlin's hardware
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3dc76272-54d9-445e-846f-591cd407b085";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/DDA5-32A1";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b25464c5-2268-4963-80cb-6dc51dcba91b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}Home
I also use home-manager for managing dotfiles. This means that everything is contained in this folder and then tangled out to their respective places when rebuilding the system.
MPV
Here is my mpv config
# programs.mpv = {
# enable = true;
# scripts = with pkgs.mpvScripts; [ mpris thumbnail youtube-quality sponsorblock ];
# };
home.file.".config/mpv" = {
source = ../mpv;
recursive = true;
};General
{ config, lib, pkgs, ... }:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "chris";
home.homeDirectory = "/home/chris";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.11"; # Did you read the comment?
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# accounts.email.accounts = {
# personal = {
# address = "chris@cochrun.xyz";
# mbsync.enable = true;
# create = "maildir";
# mu.enable = true;
# imap = {
# host = "mail.cochrun.xyz";
# port = 993;
# tls.enable = true;
# };
# smtp = {
# host = "mail.cochrun.xyz";
# port = 25;
# tls.enable = true;
# };
# };
# work = {
# address = "chris@tfcconnection.org";
# mbsync.enable = true;
# create = "maildir";
# mu.enable = true;
# imap = {
# host = "outlook.office365.com";
# port = 993;
# tls.enable = true;
# };
# smtp = {
# host = "mail.cochrun.xyz";
# port = 25;
# tls.enable = true;
# };
# };
# };
programs.git = {
enable = true;
userName = "Chris Cochrun";
userEmail = "chris@cochrun.xyz";
};
home.packages = with pkgs; [
];
programs.mu.enable = true;
programs.mbsync = {
enable = true;
extraConfig = ''
IMAPAccount gmail
Host imap.gmail.com
User ccochrun21@gmail.com
PassCmd "rbw get gmail"
AuthMechs LOGIN
SSLType IMAPS
SSLVersions SSLv3
# CertificateFile /opt/local/share/curl/curl-ca-bundle.crt
IMAPAccount office
Host outlook.office365.com
User chris@tfcconnection.org
PassCmd "rbw get 'Office 365'"
AuthMechs LOGIN
SSLType IMAPS
IMAPAccount outlook
Host outlook.office365.com
User chris.cochrun@outlook.com
PassCmd "rbw get outlook"
AuthMechs LOGIN
SSLType IMAPS
IMAPAccount cochrun
Host mail.cochrun.xyz
User chris@cochrun.xyz
PassCmd "rbw get 'Office 365'"
AuthMechs LOGIN
SSLType IMAPS
# SSLVersions SSLv3
# CertificateFile /opt/local/share/curl/curl-ca-bundle.crt
# THEN WE SPECIFY THE LOCAL AND REMOTE STORAGE
# - THE REMOTE STORAGE IS WHERE WE GET THE MAIL FROM (E.G., THE
# SPECIFICATION OF AN IMAP ACCOUNT)
# - THE LOCAL STORAGE IS WHERE WE STORE THE EMAIL ON OUR COMPUTER
# REMOTE STORAGE (USE THE IMAP ACCOUNT SPECIFIED ABOVE)
IMAPStore gmail-remote
Account gmail
MaildirStore gmail-local
Path ~/Maildir/gmail/
Inbox ~/Maildir/gmail/INBOX
IMAPStore office-remote
Account office
# LOCAL STORAGE (CREATE DIRECTORIES with mkdir -p Maildir/gmail)
MaildirStore office-local
Path ~/Maildir/office/
Inbox ~/Maildir/office/INBOX
Subfolders Verbatim
IMAPStore outlook-remote
Account outlook
MaildirStore outlook-local
Path ~/Maildir/outlook/
Inbox ~/Maildir/outlook/INBOX
Subfolders Verbatim
IMAPStore cochrun-remote
Account cochrun
MaildirStore cochrun-local
Path ~/Maildir/cochrun/
Inbox ~/Maildir/cochrun/INBOX
Subfolders Verbatim
# CONNECTIONS SPECIFY LINKS BETWEEN REMOTE AND LOCAL FOLDERS
#
# CONNECTIONS ARE SPECIFIED USING PATTERNS, WHICH MATCH REMOTE MAIl
# FOLDERS. SOME COMMONLY USED PATTERS INCLUDE:
#
# 1 "*" TO MATCH EVERYTHING
# 2 "!DIR" TO EXCLUDE "DIR"
# 3 "DIR" TO MATCH DIR
Channel gmail-inbox
Far :gmail-remote:
Near :gmail-local:
Patterns "INBOX"
Create Both
Expunge Both
SyncState *
Channel gmail-trash
Far :gmail-remote:"[Gmail]/Bin"
Near :gmail-local:"[Gmail].Bin"
Create Both
Expunge Both
SyncState *
Channel gmail-sent
Far :gmail-remote:"[Gmail]/Sent Mail"
Near :gmail-local:"[Gmail].Sent Mail"
Create Both
Expunge Both
SyncState *
Channel gmail-all
Far :gmail-remote:"[Gmail]/All Mail"
Near :gmail-local:"[Gmail].All Mail"
Create Both
Expunge Both
SyncState *
Channel gmail-starred
Far :gmail-remote:"[Gmail]/Starred"
Near :gmail-local:"[Gmail].Starred"
Create Both
Expunge Both
SyncState *
Channel office-inbox
Far :office-remote:
Near :office-local:
Patterns "*"
Create Both
Expunge Both
SyncState *
Channel outlook-inbox
Far :outlook-remote:
Near :outlook-local:
Patterns "*"
Create Both
Expunge Both
SyncState *
Channel cochrun-inbox
Far :cochrun-remote:
Near :cochrun-local:
Patterns "*"
Create Both
Expunge Both
SyncState *
# GROUPS PUT TOGETHER CHANNELS, SO THAT WE CAN INVOKE
# MBSYNC ON A GROUP TO SYNC ALL CHANNELS
#
# FOR INSTANCE: "mbsync gmail" GETS MAIL FROM
# "gmail-inbox", "gmail-sent", and "gmail-trash"
#
# Group gmail
# Channel gmail-inbox
# Channel gmail-sent
# Channel gmail-trash
# Channel gmail-all
# Channel gmail-starred
Group office
Channel office-inbox
Group outlook
Channel outlook-inbox
Group cochrun
Channel cochrun-inbox
'';
};
programs.msmtp.enable = true;
services.mbsync.enable = true;
programs.obs-studio = {
enable = true;
plugins = [ pkgs.obs-studio-plugins.obs-move-transition ];
};
<<mpv>>
services.nextcloud-client = {
enable = true;
startInBackground = true;
};
services.syncthing.enable = true;
# services.kdeconnect.enable = true;
services.easyeffects.enable = true;
services.espanso = {
enable = true;
settings = {
toggle_key = "RIGHT_CTRL";
matches = [
{ # dates
trigger = ":date";
replace = "{{mydate}}";
vars = [{
name = "mydate";
type = "date";
params = {format = "%m/%d/%Y";};
}];
}
{ # Shell commands
trigger = ":shell";
replace = "{{output}}";
vars = [{
name = "output";
type = "shell";
params = { cmd = "echo Hello from your shell";};
}];
}
{ # simple text
trigger = ":gml";
replace = "ccochrun21@gmail.com";
}
{
trigger = ":otl";
replace = "chris.cochrun@outlook.com";
}
{
trigger = ":tfcml";
replace = "chris@tfcconnection.org";
}
{
trigger = ":name";
replace = "Chris Cochrun";
}
{
trigger = ":cn";
replace = "A Giant Gummy Lizard";
}
];
};
};
home.file.".config/rofi" = {
source = ../rofi;
recursive = true;
};
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland.override {
cfg = {
enableTridactylNative = true;
enablePlasmaBrowserIntegration = true;
};
};
profiles.chris = {
name = "default";
path = "nw77o6yc.default";
isDefault = true;
};
};
home.file.".mozilla/native-messaging-hosts".source = "/run/current-system/sw/lib/mozilla/native-messaging-hosts";
home.file.".mozilla/firefox/nw77o6yc.default/chrome" = {
source = ../firefox/chrome;
recursive = true;
};
home.file.".config/tridactyl" = {
source = ../tridactyl;
recursive = true;
};
programs.rbw.enable = true;
home.file.".config/rbw" = {
source = ../rbw;
recursive = true;
};
home.file.".config/fish/config.fish" = {
source = ../fish/config.fish;
};
home.file.".config/fish/functions" = {
source = ../fish/functions;
};
programs.nushell = {
enable = true;
};
home.file.".config/hypr" = {
source = config.lib.file.mkOutOfStoreSymlink /home/chris/.dotfiles/hypr;
};
home.file.".config/dunst" = {
source = ../dunst;
};
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
# programs.qutebrowser.enable = true;
home.file.".config/qutebrowser/config.py" = {
source = ../qutebrowser/config.py;
};
home.file.".config/qutebrowser/bookmarks" = {
source = ../qutebrowser/bookmarks;
};
home.file.".config/qutebrowser/css" = {
source = ../qutebrowser/css;
};
home.file.".config/qutebrowser/quickmarks" = {
source = ../qutebrowser/quickmarks;
};
home.file.".config/qutebrowser/qsettings" = {
source = ../qutebrowser/qsettings;
};
home.file.".config/imv" = {
source = ../imv;
recursive = true;
};
home.file.".config/macchina" = {
source = ../macchina;
recursive = true;
};
home.file.".config/awesome" = {
source = ../awesome;
recursive = true;
};
home.file.".config/awesome/bling" = {
source = ../awesome/bling;
recursive = true;
};
home.file.".config/awesome/rubato" = {
source = ../awesome/rubato;
recursive = true;
};
home.file.".config/alacritty" = {
source = ../alacritty;
recursive = true;
};
home.file.".config/picom.conf" = {
source = ../picom.conf;
};
# home.file.".config/networkmanager-dmenu/config.ini" = {
# source = ../networkmanager-dmenu/config.ini;
# };
home.file."bin" = {
source = ../scripts;
recursive = true;
};
home.shellAliases = {
ls = "exa -l";
la = "exa -la";
mpf = "mpv --profile=fast";
mps = "mpv --profile=slow";
ec = "emacsclient -t";
ecc = "emacsclient -c";
mkdir = "mkdir -pv";
nupd = "update-nix";
nupg = "upgrade-nix";
suspend = "systemctl suspend";
sysuse = "systemctl --user";
myip = "curl icanhazip.com";
nixs = "nix search nixpkgs";
ytd = "yt-dlp -o ~/Videos/%(title)s.%(ext)s";
};
programs.starship = {
enable = true;
enableBashIntegration = true;
};
programs.bash = {
enable = true;
bashrcExtra = ''
# export ENV_EFI_CODE_SECURE=/run/libvirt/nix-ovmf/OVMF_CODE.fd ENV_EFI_VARS_SECURE=/run/libvirt/nix-ovmf/OVMF_VARS.fd
source $(blesh-share)
ble-face auto_complete="fg=238"
# eval "$(starship init bash)"
'';
};
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
enableSyntaxHighlighting = true;
autocd = true;
dotDir = ".config/zsh";
shellAliases = {
ls = "exa -l";
la = "exa -la";
mpf = "mpv --profile=fast";
mps = "mpv --profile=slow";
ec = "emacsclient -t";
ecc = "emacsclient -c";
mkdir = "mkdir -pv";
nupd = "update-nix";
nupg = "upgrade-nix";
suspend = "systemctl suspend";
sysuse = "systemctl --user";
myip = "curl icanhazip.com";
};
initExtra = ''
macchina
'';
};
xdg.desktopEntries = {
mpv-slow = {
name = "MPV";
genericName = "Play from MPV but at normal speed";
exec = "alacritty -e mpv --profile=slow %U";
terminal = true;
categories = [ "Application" ];
mimeType = [ "audio/ogg" "audio/mpeg" "audio/opus" "audio/x-opus+ogg" "audio/x-wav" ];
};
imv-rifle = {
name = "IMV";
genericName = "Show images in current directory in IMV";
exec = "/home/chris/bin/rifle-imv %U";
terminal = false;
categories = [ "Application" ];
mimeType = [ "image/gif" "image/jpeg" "image/png" "image/heif" ];
};
};
systemd.user.services = {
ydotoold = {
Unit = {
Description = "An auto-input utility for wayland";
Documentation = [ "man:ydotool(1)" "man:ydotoold(8)" ];
};
Service = {
ExecStart = "/run/current-system/sw/bin/ydotoold --socket-path /tmp/ydotools";
};
Install = {
WantedBy = ["default.target"];
};
};
jellyfin-mpv-shim = {
Unit = {
Description = "Play Jellyfin media in mpv";
After = "graphical-session-pre.target";
};
Service = {
ExecStart = "/run/current-system/sw/bin/jellyfin-mpv-shim";
};
Install = {
WantedBy = ["graphical-session.target"];
};
};
nextlcoud-client = {
Unit = {
Description = "Nextcloud Client";
After = [ "graphical-session.target" ];
# PartOf = [ "plasma-workspace.target" ];
};
Service = {
Environment = ["PATH=/etc/profiles/per-user/chris/bin"
"WAYLAND_DISPLAY=wayland-1"];
};
};
};
}Plasma
Plasma manager helps me to configure plasma declaratively.
Thanks!
EXTRA
Possible efibootmgr command to make efistub work on desktop
efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "Arch Linux" --loader /boot/vmlinuz-linux-zen --unicode 'root=PARTUUID=d920ee9c-3b42-4c83-9c4c-a33406421ed1 rootflags=subvol=@ rw noatime nodiratime compress=zstd:3 ssd space_cache initrd=\initramfs-linux-zen.img' --verbose