# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: let sources = import ./nix/sources.nix; git_https = "https://git.libre.moe"; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # tpm2 functionality security.tpm2 = { enable = true; pkcs11.enable = true; tctiEnvironment.enable = true; }; # Use the systemd-boot EFI boot loader. boot = { kernelPackages = pkgs.linuxPackages_zen; #extraModulePackages = [ # config.boot.kernelPackages.ddcci-driver # ddcci-driver #]; #kernelModules = [ # "ddcci-driver" # Brightness Controll (even on OLEDS) # "i2c-dev" # Brightness Controll (even on OLEDS) #]; #kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ]; #kernelPatches = [ { # name = "hdr"; # patch = null; # extraConfig = '' # AMD_PRIVATE_COLOR y # ''; # } ]; #extraModprobeConfig = '' # options nvidia_drm modes.et=1 fbdev=1 # options nvidia NVreg_PreserveVideoMemoryAllocations=1 #''; loader = { efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot"; #systemd-boot = { # consoleMode = "max"; # memtest86.enable = true; #}; grub = { enable = true; efiSupport = true; device = "nodev"; }; }; initrd.systemd.enable = true; }; # Filesystems fileSystems = { #"/share" = { # options = [ # "nofail" # ]; #}; }; # Graphics hardware = { graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ vpl-gpu-rt # newer gpus intel-media-sdk # older gpus ]; }; bluetooth.enable = true; #nvidia = { # modesetting.enable = true; # required # powerManagement.enable = false; # Experimental # open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # nvidiaSettings = true; # accessible via nvidia-settings # package = config.boot.kernelPackages.nvidiaPackages.stable; #}; }; networking = { hostName = "Zuse2"; # Define your hostname networkmanager.enable = true; wireless.userControlled.enable = true; #nameservers = [ # "127.0.0.1" # "::1" # "192.168.178.1" # "fd00::b2f2:8ff:fe44:3002" # "2a02:8071:6240:2400:b2f2:8ff:fe44:3002" # "1.1.1.3" # "1.0.0.3" # "2606:4700:4700::1113" # "2606:4700:4700::1003" #]; }; # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Berlin"; # Windows compat time.hardwareClockInLocalTime = true; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { #keyMap = "us"; useXkbConfig = true; # use xkb.options in tty. }; # Enable the X11 windowing system. services.xserver = { enable = true; #videoDrivers = [ "nvidia" ]; excludePackages = with pkgs; [ xterm # why the fuck is this garbage even shipped? ]; # Configure keymap in X11 xkb.layout = "de"; xkb.options = "eurosign:e,caps:escape"; # DWM (minimal Xorg Fallback) windowManager.dwm = { enable = true; package = pkgs.dwm.override { patches = [ (pkgs.fetchpatch{ url = "${git_https}/KomuHome/dwm-patches/raw/branch/stable/config.h.diff"; sha256 = "sha256-82cjMhSHEbLfh9O3xXC6+W1EtgEZoC/a+8x7Ad/7W48="; }) ]; }; }; }; # Display Manager services.displayManager.sddm = { enable = true; autoNumlock = true; # Enable NumLock at login wayland.enable = true; theme = "catppuccin-mocha"; package = pkgs.kdePackages.sddm; }; services.xserver.displayManager.startx.enable = true; # GNOME Keyring services.gnome.gnome-keyring.enable = true; security.pam.services.sddm.enableGnomeKeyring = true; security.pam.services.hyprlock.enableGnomeKeyring = true; # Bluetooth managment services.blueman.enable = true; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound. # hardware.pulseaudio.enable = true; # OR security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # udev services.udev.extraRules = '' KERNEL=="i2c-[0-9]*", GROUP="i2c" ''; # Linux Torrents services.transmission = { enable = true; webHome = pkgs.flood-for-transmission; }; # (p)locate, quickly find files services.locate.package = { enable = true; locate = pkgs.plocate; services.locate.localuser = null; }; services.languagetool.enable = true; security.krb5 = { enable = true; settings = { libdefaults = { default_realm = "UNI-PADERBORN.DE"; forwardable = true; ticket_lifetime = "10h"; renew_lifetime = "7d"; dns_lookup_realm = true; dns_lookup_kdc = true; }; }; }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; # /share users.groups.share = {}; # /steam group users.groups.steam = {}; # i2c group for udev users.groups.i2c = {}; # Create or adjust /share and /steam systemd.tmpfiles.rules = [ "q /steam 774 root steam" "Z /steam 774 - steam" "v /share 774 root share" "Z /share 774 - share" "q /home/leon/Downloads 770 leon users 1d" ]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.leon = { isNormalUser = true; extraGroups = [ "wheel" # enable sudo root-access "tss" # enable access to tpm "steam" # /steam "share" # /share "audio" # audio "video" # video "i2c" # needed for ddcci "docker" # Docker Root "libvirtd" # virtualization "transmission" # Linux Torrents ]; shell = pkgs.zsh; }; users.users.kiosk = { isNormalUser = true; home = "/var/kiosk"; homeMode = "700"; extraGroups = ["audio"]; }; # Font Config fonts = { enableDefaultPackages = true; packages = with pkgs; [ fira # My favorite font fira-code-nerdfont # My favorite programming font fira-code-symbols # My favorite programming glyphs fira-math # My favorite math font ]; fontconfig = { defaultFonts = { serif = [ "Liberation Serif" ]; sansSerif = [ "Fira Sans" ]; monospace = [ "Fira Code" "Fira Mono" ]; }; }; }; # Environment Variables environment.sessionVariables = rec { NIXOS_OZONE_WL = "1"; XDG_CACHE_HOME = "$HOME/.cache"; XDG_CONFIG_HOME = "$HOME/.config"; XDG_DATA_HOME = "$HOME/.local/share"; XDG_STATE_HOME = "$HOME/.local/state"; XDG_BIN_HOME = "$HOME/.local/bin"; XDG_DESKTOP_DIR = "$HOME/Desktop"; XDG_DOCUMENTS_DIR = "$HOME/Documents"; XDG_DOWNLOAD_DIR = "$HOME/Downloads"; XDG_MUSIC_DIR = "$HOME/Music"; XDG_PICTURES_DIR = "$HOME/Pictures"; XDG_PUBLICSHARE_DIR = "$HOME/Public"; XDG_TEMPLATES_DIR = "$HOME/Templates"; XDG_VIDEOS_DIR = "$HOME/Videos"; XDG_RUNTIME_DIR = "/run/user/$UID"; GRIM_DEFAULT_DIR = "$XDG_PICTURE_DIR/Screenshots"; PATH = [ "${XDG_BIN_HOME}" ]; }; environment.etc.crypttab = { mode = "0600"; text = '' # [key-file] [options] swap /dev/disk/by-uuid/48a41300-6d83-4968-9248-a819d17fee3c - tpm2-device=auto ''; }; # List packages installed in system profile. To search, run: # $ nix search wget nixpkgs.config.allowUnfree = true; #nixpkgs.config.segger-jlink.acceptLicense = true; environment.systemPackages = with pkgs; [ xorg.xauth # Dependency of startx (??) home-manager # Nix's Home-Manager egl-wayland # NVIDIA compat nvidia-vaapi-driver # NVIDIA compat catppuccin-cursors.mochaDark # Catppuccin Mouse Cursors (catppuccin-sddm.override { flavor = "mocha"; font = "Fira Sans"; fontSize = "9"; #backgroundbin = "$XDG_PICTURES_DIR/Wallpapers/current"; loginBackground = true; }) networkmanagerapplet # Network Manager GUI ]; programs = { hyprland = { enable = true; xwayland.enable = true; }; steam = { enable = true; remotePlay.openFirewall = true; gamescopeSession.enable = true; extraCompatPackages = [ pkgs.proton-ge-bin ]; }; nix-ld = { enable = true; libraries = with pkgs; [ # Add any missing dynamic libraries for unpackaged programs # here, NOT in environment.systemPackages libGL # FO:LONDON Downgrader libgcc # " + steamcmd ]; }; virt-manager.enable = true; seahorse.enable = true; zsh.enable = true; neovim.enable = true; git.enable = true; }; xdg.portal = { enable = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; security.polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if ( subject.isInGroup("users") && ( action.id == "org.freedesktop.login1.reboot" || action.id == "org.freedesktop.login1.reboot-multiple-sessions" || action.id == "org.freedesktop.login1.power-off" || action.id == "org.freedesktop.login1.power-off-multiple-sessions" ) ) { return polkit.Result.YES; } }) ''; }; system.userActivationScripts.linktosharedfolder.text = '' if [[ ! -h "$XDG_MUSIC_DIR" ]]; then ln -s "/share/Music" "$XDG_MUSIC_DIR" fi ''; virtualisation.docker = { enable = true; storageDriver = "btrfs"; rootless = { enable = true; setSocketVariable = true; }; }; virtualisation.libvirtd.enable = true; # Man pages documentation.dev.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Chaotic Nyx # https://www.nyx.chaotic.cx/ # Here be dragons! #chaotic.hdr = #{ # enable = true; # specialisation.enable = true; #}; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }