NixOS-Config/PC/configuration.nix

478 lines
11 KiB
Nix

{
config,
pkgs,
options,
lib,
...
}: let
# Set common boot paramaters
commonKernelParams = [
# Nvidia settings
"nvidia_drm.fbdev=1"
# VM/GPU passthrough
"amd_iommu=on"
"iommu=pt"
"nested=1"
# Virtualization nonsense
"transparent_hugepage=never"
# Isolate devices into IOMMU groups
"pcie_acs_override=downstream,multifunction"
"pci=routeirq"
];
in {
# Import other nix files and firmware
imports = let
homeManager =
fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
in [
./hardware-configuration.nix
./jimbo.nix
"${homeManager}/nixos"
];
# Allow unfree packages and accept packages from the Nix User Repos
nixpkgs = {
config = {
allowUnfree = true;
packageOverrides = pkgs: {
unstable =
import (
fetchTarball
"https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"
) {
inherit pkgs;
config.allowUnfree = true;
};
nur = import (
fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz"
) {inherit pkgs;};
};
};
# Package overlays/patches
overlays = [
# MPV scripts
(self: super: {
mpv = super.mpv.override {
scripts = with self.mpvScripts; [mpris sponsorblock thumbnail];
};
})
];
};
# Allow flakes and enable garbage collection
nix = {
settings.experimental-features = ["nix-command" "flakes"];
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
};
# Set all boot options
boot = {
# Set a kernel version and load/blacklist drivers
kernelPackages = pkgs.unstable.linuxPackages_zen;
blacklistedKernelModules = ["pcspkr"];
kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:1f82,10de:10fa"];
initrd.kernelModules = ["vfio" "vfio_pci" "vfio_iommu_type1"];
kernel.sysctl."vm.max_map_count" = 2147483642;
# Manage supported filesystems
supportedFilesystems = {
ntfs = true;
zfs = lib.mkForce false;
};
# Modprobe settings
extraModprobeConfig = ''
options hid_apple fnmode=2
'';
# Use the Systemd-Boot bootloader
loader.systemd-boot = {
enable = true;
netbootxyz.enable = true;
};
};
# Additional entry to boot from the second GPU
specialisation = {
gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:2504,10de:228e"];
};
};
# Allow binary firmware
hardware.enableRedistributableFirmware = true;
# Enable video drivers
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
modesetting.enable = true;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.beta;
open = true;
};
# Enable a permissioning system
security = {
sudo.enable = false;
doas = {
enable = true;
extraRules = [
# Give wheel root access, allow persistant session
{
groups = ["wheel"];
keepEnv = true;
persist = true;
}
];
};
};
# Enable the ZSH shell
programs.zsh.enable = true;
# Disable Nano
programs.nano.enable = false;
# Timezone
time.timeZone = "America/New_York";
# Define user accounts
users.users.jimbo = {
description = "Jimbo Awesome";
isNormalUser = true;
hashedPassword = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimDebianServer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeqiMCRXtpoP+BvKBmzvkL7oLKKCmbfdaQIF3yk/S8I jimbo@DV-JHAMPTON-NIXOS"
];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"disk"
"dialout"
"networkmanager"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
];
uid = 1000;
shell = pkgs.zsh;
};
# Install programs system-wide
environment.systemPackages = with pkgs; [
# Essential system tools
cifs-utils
parted
git
# Printer control
system-config-printer
# Virtual machines
virt-manager
virtiofsd
dnsmasq
spice-vdagent
looking-glass-client
];
# Disable the HTML documentation link
documentation = {
nixos.enable = false;
info.enable = false;
};
# Enable graphics
hardware.opengl = {
enable = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vulkan-loader
vulkan-validation-layers
vulkan-extension-layer
];
};
# Enable Steam hardware and gamemode
hardware.steam-hardware.enable = true;
programs.gamemode.enable = true;
# Networking settings
networking = {
# Set hostname
hostName = "JimNixPC";
# Choose networking method
dhcpcd.enable = true;
wireless.enable = false;
#networkmanager.enable = true;
#enableB43Firmware = true;
# Enable firewall
firewall = {
allowPing = false;
extraInputRules = ''
ip saddr 10.0.0.2 accept comment "Accept Server Connections"
'';
};
# Enable nftables over iptables
nftables.enable = true;
# Set hostnames
hosts = {
"10.0.0.2" = ["server"];
"10.0.0.3" = ["pc"];
};
};
# Enable Bluetooth
hardware.bluetooth = {
enable = true;
settings = {
General.Experimental = "true";
Policy.AutoEnable = "true";
};
};
# Enable lingering for Bluetooth and allow Looking-Glass permissions
systemd.tmpfiles.rules = [
"f /var/lib/systemd/linger/jimbo"
"f /dev/shm/looking-glass 0660 jimbo libvirtd -"
];
# Make udev rules to make PDP controller and Oculus Rift CV1 work
services.udev = let
oculusRules = pkgs.writeTextFile {
name = "10-oculus.rules";
text = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/10-oculus.rules";
};
pdpRules = pkgs.writeTextFile {
name = "10-pdp.rules";
text = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666"
'';
destination = "/etc/udev/rules.d/10-pdp.rules";
};
in {
packages = [oculusRules pdpRules];
};
# Enable audio
security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" ''
wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false }
'')
];
};
# Fonts
fonts = {
packages = with pkgs; [
liberation_ttf
twitter-color-emoji
ubuntu_font_family
noto-fonts
sarasa-gothic
orbitron
(nerdfonts.override {fonts = ["UbuntuMono"];})
];
fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"];
};
# Enable Dconf and some portals
services.dbus.enable = true;
programs.dconf.enable = true;
programs.light.enable = true;
security.pam.services.swaylock = {};
xdg.portal = {
enable = true;
config.common.default = "*";
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 60;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099";
};
};
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
# Configure greetd for remote login
services.greetd = let
startSway = pkgs.writeScript "startsway" ''
# Use NVIDIA variables if drivers are in use
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
# NVIDIA/AMD variables
export LIBVA_DRIVER_NAME=nvidia
export GBM_BACKEND=nvidia-drm
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1
else
:
fi
# Sway/Wayland
export XDG_CURRENT_DESKTOP=sway
export QT_QPA_PLATFORM="wayland;xcb"
# Start Sway
sway --unsupported-gpu
'';
in {
enable = true;
restart = true;
settings = {
terminal = {
vt = 2;
switch = true;
};
default_session = {
command = "${startSway}";
user = "jimbo";
};
};
};
# QT theming
qt = {
enable = true;
style = "gtk2";
platformTheme = "gtk2";
};
# Enable printing
services = {
printing = {
enable = true;
drivers = with pkgs; [hplip];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
# Enable virtualization
virtualisation = {
libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu = {
ovmf = {
enable = true;
packages = [pkgs.OVMFFull.fd];
};
swtpm.enable = true;
};
};
spiceUSBRedirection.enable = true;
};
# Enable SSH
services.openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "no";
PrintLastLog = "no";
PasswordAuthentication = false;
};
};
# Block SSH connections after numerous attempts
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "5m";
};
# Enable AppImages
programs.appimage = {
enable = true;
binfmt = true;
};
# Enable Sunshine as a service
services.sunshine = {
enable = true;
settings.port = 57989;
autoStart = false;
};
# Enable MPD
services.mpd = {
enable = true;
user = "jimbo";
group = "users";
musicDirectory = "/home/jimbo/JimboNFS/Music";
playlistDirectory = "/home/jimbo/JimboNFS/Music/Playlists";
extraConfig = ''
audio_output {
type "pipewire"
name "Local Pipewire"
}
'';
};
systemd.services.mpd.environment = {
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.jimbo.uid}";
};
# Enable AppArmor
security.apparmor.enable = true;
# Enable a keying agent
services.gnome.gnome-keyring.enable = true;
# Enable Polkit for authentication
security.polkit.enable = true;
# Battery saver for laptops
services.tlp.enable = true;
# Enable extra functionality in file managers
services.gvfs.enable = true;
# Attempt to automount USB drives
services.udisks2.enable = true;
# Enable school VPN
services.globalprotect.enable = true;
# Define the initial install version and allow auto-upgrades
system.stateVersion = "23.11";
system.autoUpgrade.enable = true;
}