256 lines
6.8 KiB
Nix
256 lines
6.8 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{ config, lib, pkgs, user, allowed, secrets, ... }:
|
|
|
|
{
|
|
imports =
|
|
[ # Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
# boot.loader.systemd-boot.enable = false;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
# device = "/dev/nvme0n1p1";
|
|
device = "nodev";
|
|
# useOSProber = true;
|
|
efiSupport = true;
|
|
};
|
|
|
|
|
|
networking.hostName = "NxXPS"; # Define your hostname.
|
|
|
|
networking.networkmanager = {
|
|
enable = true;
|
|
# enableStrongSwan = true;
|
|
};
|
|
environment.etc = {
|
|
# easyroam HSMW
|
|
"ssl/certs/easyroam_client_cert.pem".source = ./secrets/easyroam-hsmw/easyroam_client_cert.pem;
|
|
"ssl/certs/easyroam_root_ca.pem".source = ./secrets/easyroam-hsmw/easyroam_root_ca.pem;
|
|
"ssl/certs/easyroam_client_key.pem".source = ./secrets/easyroam-hsmw/easyroam_client_key.pem;
|
|
"NetworkManager/system-connections/eduroam.nmconnection" = {
|
|
text = secrets.easyroamHSMW.nmconfig;
|
|
mode = "0600";
|
|
};
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Configure network proxy if necessary
|
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de";
|
|
# useXkbConfig = true; # use xkb.options in tty.
|
|
};
|
|
|
|
# Enable the X11 windowing system.
|
|
services.xserver.enable = true;
|
|
|
|
|
|
|
|
|
|
# Configure keymap in X11
|
|
services.xserver.xkb.layout = "de";
|
|
services.xserver.xkb.options = "eurosign:e,caps:escape";
|
|
|
|
# Enable CUPS to print documents.
|
|
services.printing.enable = true;
|
|
|
|
# Enable sound.
|
|
#sound.enable = true;
|
|
#hardware.pulseaudio.enable = true;
|
|
|
|
# rtkit is optional but recommended
|
|
security.rtkit.enable = true;
|
|
|
|
|
|
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
# If you want to use JACK applications, uncomment this
|
|
jack.enable = true;
|
|
};
|
|
|
|
# Enable touchpad support (enabled default in most desktopManager).
|
|
services.xserver.libinput.enable = true;
|
|
hardware.uinput.enable = true;
|
|
|
|
users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
|
|
programs.bash = {
|
|
interactiveShellInit = ''
|
|
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
|
then
|
|
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
|
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
|
fi
|
|
'';
|
|
};
|
|
|
|
users.users.nx2 = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ];
|
|
useDefaultShell = true;
|
|
packages = with pkgs; []; # all in home.nix
|
|
};
|
|
|
|
nixpkgs.config = {
|
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
|
|
permittedInsecurePackages = [
|
|
"electron-25.9.0"
|
|
];
|
|
};
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
# $ nix search wget
|
|
environment.systemPackages = with pkgs; [
|
|
ntfs3g
|
|
fish
|
|
starship
|
|
git
|
|
git-crypt
|
|
wget
|
|
curl
|
|
zip
|
|
unzip
|
|
p7zip
|
|
killall
|
|
nano
|
|
micro
|
|
yazi
|
|
bat
|
|
du-dust
|
|
htop
|
|
eza
|
|
zoxide
|
|
neofetch
|
|
direnv
|
|
openssl
|
|
openvpn
|
|
ollama # maybe
|
|
];
|
|
|
|
environment.sessionVariables = rec {
|
|
XDG_CACHE_HOME = "$HOME/.cache";
|
|
GTK_THEME = "Adwaita-Dark";
|
|
};
|
|
environment.variables = rec {
|
|
XDG_CACHE_HOME = "$HOME/.cache";
|
|
GTK_THEME = "Adwaita-Dark";
|
|
};
|
|
|
|
|
|
fonts.packages = with pkgs; [
|
|
noto-fonts
|
|
noto-fonts-cjk
|
|
noto-fonts-emoji
|
|
atkinson-hyperlegible
|
|
(nerdfonts.override { fonts = [ "CascadiaCode" ]; })
|
|
|
|
];
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
programs.fish = {
|
|
enable = true;
|
|
};
|
|
programs.hyprland = {
|
|
enable = true;
|
|
xwayland.enable = true;
|
|
};
|
|
|
|
|
|
### OLLAMA
|
|
systemd.services.ollama = {
|
|
description = "Ollama Service";
|
|
after = [ "network-online.target" "ollama-doesnt-respect-xdg-data-home.service" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
# Environment = "\"XDG_DATA_HOME=/run/current-system/sw/share\"";
|
|
ExecStart = "${pkgs.ollama}/bin/ollama serve";
|
|
User = "ollama";
|
|
Group = "ollama";
|
|
Restart = "always";
|
|
RestartSec = "3";
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
|
|
users.users.ollama = {
|
|
isSystemUser = true;
|
|
home = "/usr/share/ollama";
|
|
shell = "/bin/false";
|
|
group = "ollama";
|
|
};
|
|
users.groups.ollama = {};
|
|
|
|
systemd.services.ollama-doesnt-respect-xdg-data-home = {
|
|
wantedBy = ["multi-user.target"];
|
|
script = ''
|
|
mkdir -p /usr/share/ollama/.ollama
|
|
chown ollama:ollama -R /usr/share/ollama
|
|
'';
|
|
};
|
|
|
|
### END OLLAMA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# List services that you want to enable:
|
|
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh.enable = true;
|
|
|
|
# Open ports in the firewall.
|
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
# networking.firewall.enable = false;
|
|
|
|
# Copy the NixOS configuration file and link it from the resulting system
|
|
# (/run/current-system/configuration.nix). This is useful in case you
|
|
# accidentally delete configuration.nix.
|
|
# system.copySystemConfiguration = true;
|
|
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
#
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
#
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
# so changing it will NOT upgrade your system.
|
|
#
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
# out of date, out of support, or vulnerable.
|
|
#
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
# and migrated your data accordingly.
|
|
#
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
} |