My NixOS configuration

The Purely Functional Linux Distribution – NixOS (by Dolstra, Eelco).

NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages.

The configuration is also on GitHub: My NixOS configuration files.

Also, earlier on this site: NixOS.

My configuration

configuration.nix

  1# Edit this configuration file to define what should be installed on
  2# your system. Help is available in the configuration.nix(5) man page
  3# and in the NixOS manual (accessible by running ‘nixos-help’).
  4#
  5# https://nixos.org/nixos/manual/index.html
  6# https://nixos.org/nixos/options.html
  7# https://nixos.wiki/wiki/Configuration_Collection
  8#
  9
 10{ config, pkgs, ... }:
 11
 12let unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
 13in {
 14  imports =
 15    [ # Include the results of the hardware scan.
 16      ./hardware-configuration.nix
 17      ./fs-configuration.nix
 18      ./network-configuration.nix
 19      ./env-configuration.nix
 20      ./vpn-configuration.nix
 21      ./cachix.nix
 22    ];
 23
 24  # Disable automatic storage optimization (computer needs to be responsive at all times).
 25  # https://nixos.wiki/wiki/Storage_optimization
 26  #nix.gc = {
 27  #  automatic = true;
 28  #  dates = "weekly";
 29  #  options = "--delete-older-than 31d";
 30  #};
 31
 32  # nix.extraOptions = ''
 33  #   min-free = ${toString (5 * 1024 * 1024 * 1024)} # 5 GB
 34  #   max-free = ${toString (10* 1024 * 1024 * 1024)}
 35  # '';
 36
 37  # Use the GRUB 2 boot loader.
 38  boot.loader.grub.enable = true;
 39  boot.loader.grub.version = 2;
 40  # boot.loader.grub.efiSupport = true;
 41  # boot.loader.grub.efiInstallAsRemovable = true;
 42  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
 43  # Define on which hard drive you want to install Grub.
 44  boot.loader.grub.device = "/dev/disk/by-id/ata-WDC_WD5000BEKT-60KA9T0_WD-WXG1AA0N9929"; # or "nodev" for efi only
 45  # boot.loader.grub.extraConfig = "terminal_input_console terminal_output_console";
 46
 47  # Kernel parameters.
 48  boot.kernelParams = [ "acpi_osi=Linux" ];
 49
 50  # Obelisk/Reflex -- https://github.com/obsidiansystems/obelisk
 51  nix = {
 52    binaryCaches = [
 53      "https://nixcache.reflex-frp.org"
 54    ];
 55    binaryCachePublicKeys = [
 56      "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
 57    ];
 58  };
 59
 60  programs.wireshark = {
 61    enable = true;
 62    package = pkgs.wireshark;
 63  };
 64
 65  # Disable automatic refresh of ClamAV signatures database (do this manually).
 66  #services.clamav = {
 67  #  # daemon.enable = true;
 68  #  updater.enable = true;
 69  #};
 70
 71  # Configure network proxy if necessary
 72  # networking.proxy.default = "http://user:password@proxy:port/";
 73  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 74
 75  # Docker host. The --iptables=false makes sure that Docker doesn't alter
 76  # the firewall (as a default containers should no be accessible from outside).
 77  #
 78  virtualisation =  {
 79    docker = {
 80      enable = true;
 81      autoPrune.enable = true;
 82      storageDriver = "overlay2";
 83      #extraOptions = "--iptables=false";
 84    };
 85
 86    libvirtd.enable = true;
 87  };
 88
 89  # Enable nested virtualization for your guests to run KVM hypervisors
 90  boot.extraModprobeConfig = "options kvm_intel nested=1";
 91
 92  # Font size.
 93  fonts.fontconfig.dpi=96;
 94
 95  # Select internationalisation properties.
 96  i18n = {
 97    #consoleFont = "Lat2-Terminus16";
 98    #consoleKeyMap = "us";
 99    defaultLocale = "en_US.UTF-8";
100    extraLocaleSettings = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "nl_NL.UTF-8"; };
101  };
102
103  console = {
104    font = "Lat2-Terminus16";
105    keyMap = "us";
106  };
107
108  # Set your time zone.
109  time.timeZone = "Europe/Amsterdam";
110
111  # Allow packages with non-free licenses.
112  nixpkgs.config.allowUnfree = true;
113
114  # List packages installed in system profile. To search, run:
115  # `nix search wget`
116  environment.systemPackages = with pkgs; [
117    android-file-transfer
118    apktool
119    appimage-run
120    arandr
121    ark
122    ascii
123    aspellDicts.en
124    aspellDicts.en-computers
125    aspellDicts.en-science
126    aspellDicts.nl
127    banner
128    beep
129    binutils-unwrapped
130    bpytop
131    btrfs-progs
132    cabal-install
133    cabal2nix
134    cachix
135    calibre
136    castnow
137    ccache
138    chromium
139    clamav
140    clementineUnfree
141    cmus
142    cowsay
143    cryptsetup
144    darcs
145    #digikam
146    docker
147    docker_compose
148    dos2unix
149    e2fsprogs
150    emacs
151    entr
152    ffmpeg
153    figlet
154    file
155    filezilla
156    firefox
157    fortune
158    freetype
159    ghc
160    ghcid
161    gimp-with-plugins
162    git
163    git-crypt
164    gitAndTools.gitRemoteGcrypt
165    gitAndTools.tig
166    gnumake
167    gnupg
168    google-chrome
169    gqview
170    graphviz
171    hddtemp
172    heimdall-gui
173    hledger
174    hledger-ui
175    hlint
176    html-tidy
177    htop
178    #jdk11
179    jitsi
180    #kdiff3-qt5
181    keepassxc
182    killall
183    kismet
184    #krita
185    lftp
186    libav
187    libreoffice
188    lshw
189    lsof
190    lynis
191    mercurial
192    metasploit
193    microcodeIntel
194    mkvtoolnix
195    mpv-with-scripts
196    mupdf
197    nix-index
198    nix-prefetch-scripts
199    nmap
200    nodejs
201    nomacs
202    notmuch
203    offlineimap
204    openh264
205    openssl
206    ormolu
207    p7zip
208    pandoc
209    par
210    pciutils
211    pcmanfm
212    #pinentry
213    pkg-config
214    pstree
215    python3
216    ranger
217    rawtherapee
218    restic
219    rmlint
220    sabnzbd
221    screen
222    scrot
223    silver-searcher
224    smartmontools
225    snapper
226    speedtest-cli
227    sshfs
228    stack
229    subdl
230    tcpdump
231    telnet
232    texlive.combined.scheme-full
233    xfce.thunar-volman
234    thunderbird
235    #tmux  # TODO tmux server crashes after a while...
236    tree
237    unzip
238    usbutils
239    vim
240    virtmanager
241    vlc
242    wcalc
243    wget
244    wirelesstools
245    wmctrl
246    wmctrl
247    wpa_supplicant
248    xclip
249    xdotool
250    xlockmore
251    xmobar
252    #xmonad-with-packages
253    xorg.xdpyinfo
254    xorg.xev
255    xorg.xeyes
256    xorg.xhost
257    xorg.xinit
258    xorg.xkill
259    xorg.xmessage
260    xorg.xmodmap
261    xorg.xwininfo
262    xsane
263    yara
264    youtube-dl
265    zoom-us
266  ];
267
268  services.fwupd.enable = true;
269
270  # Some programs need SUID wrappers, can be configured further or are
271  # started in user sessions.
272  # programs.mtr.enable = true;
273  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
274
275  # Enable the OpenSSH daemon.
276  # services.openssh.enable = true;
277  services.openssh = {
278    enable = true;
279
280    # Only pubkey auth
281    passwordAuthentication = false;
282    challengeResponseAuthentication = false;
283  };
284
285  # Start ssh-agent as a systemd user service
286  programs.ssh.startAgent = true;
287
288  # Pinentry.
289  programs.gnupg.agent.enable = true;
290
291  programs.tmux = {
292    enable = true;
293    clock24 = true;
294    extraConfig = '' 
295      set-option -g prefix C-z
296      unbind-key C-b
297      bind-key C-z send-prefix
298    '';
299  };
300
301  # Printing. Enable CUPS to print documents.
302  # https://nixos.wiki/wiki/Printing
303  services.printing.enable = true;
304  services.printing.drivers = with pkgs; [ hplipWithPlugin ];
305
306  # Scanning with sane.
307  hardware.sane.enable = true;
308  hardware.sane.extraBackends = with pkgs; [ hplipWithPlugin ];
309
310  # Enable sound.
311  sound.enable = true;
312  hardware.pulseaudio = {
313    enable = true;
314    support32Bit = true;
315  };
316
317  # OpenGL configuration.
318  hardware.opengl = {
319    enable = true;
320    driSupport32Bit = true;
321  };
322
323  # Enable Redshift.
324  services.redshift = {
325    enable = true;
326    brightness = {
327      day = "1";
328      night = "0.90";
329    };
330    temperature = {
331      day = 6500;
332      night = 3500;
333    };
334  };
335  location.provider = "geoclue2";
336
337  # Enable the X11 windowing system.
338  services.xserver.enable = true;
339  services.xserver.layout = "us"; 
340  # services.xserver.xkbVariant = "altgr-intl"; 
341  #services.xserver.xkbOptions = "eurosign:e";
342  # services.xserver.xkbOptions = "compose:caps,shift:both_capslock";
343  services.xserver.xkbOptions = "compose:sclk";
344
345  # Legacy video driver for NVIDIA GeForce 335M (?) support.
346  # TODO Package is marked as broken in NixOS stable 20.09 (...)
347  #services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
348
349  # https://nixos.wiki/wiki/Android
350  programs.adb.enable = true;
351
352  # Enable touchpad support.
353  services.xserver.libinput.enable = true;
354
355  # Compositor (supposedly fixes screen tearing).
356  # services.compton.enable = true;
357
358  # Required for screen-lock-on-suspend functionality.
359  services.logind.extraConfig = ''
360    LidSwitchIgnoreInhibited=False
361    HandleLidSwitch=suspend
362    HoldoffTimeoutSec=10
363  '';
364
365  # Graphical environment.
366  services.xserver = {
367    desktopManager = {
368      xterm.enable = false;
369      xfce.enable = true;
370    };
371    displayManager.defaultSession = "xfce";
372
373    # Enable the KDE Desktop Environment.
374    #displayManager.sddm.enable = true;
375    #desktopManager.plasma5.enable = true;
376
377    # Enable xmonad tiling window manager.
378    # windowManager.xmonad = {
379    #   enable = true;
380    #   enableContribAndExtras = true;
381    #   extraPackages = haskellPackages: [
382    #     haskellPackages.xmonad-contrib
383    #     haskellPackages.xmonad-extras
384    #     haskellPackages.xmonad
385    #   ];
386    # };
387
388    # https://nixos.wiki/wiki/Using_X_without_a_Display_Manager
389    #displayManager.startx.enable = true; # BEWARE: lightdm doesn't start with this enabled.
390    displayManager.lightdm.enable = true;
391    #displayManager.defaultSession = "none+xmonad";
392
393    #displayManager.sessionCommands = with pkgs; lib.mkAfter
394    #  ''
395    #  xmodmap /path/to/.Xmodmap
396    #  '';
397  };
398
399 # https://nixos.wiki/wiki/Fonts
400  fonts.fonts = with pkgs; [
401    hack-font
402    noto-fonts
403    noto-fonts-cjk
404    noto-fonts-emoji
405    google-fonts
406 #   liberation_ttf
407 #   fira-code
408 #   fira-code-symbols
409 #   mplus-outline-fonts
410 #   dina-font
411 #   proggyfonts
412  ];
413
414  # Define a user account. Don't forget to set a password with ‘passwd’.
415  users.users.mdo = {
416    isNormalUser = true;
417    extraGroups = [ "wheel" "docker" "libvirtd" "kvm"
418                    "audio" "disk" "video" "network"
419                    "systemd-journal" "lp" "scanner" "adbusers" ];
420  };
421
422  users.users.csp = {
423    isNormalUser = true;
424    extraGroups = [ "audio" "disk" "video" ];
425  };
426
427  # This value determines the NixOS release with which your system is to be
428  # compatible, in order to avoid breaking some software such as database
429  # servers. You should change this only after NixOS release notes say you
430  # should.
431  system.stateVersion = "20.03"; # Did you read the comment?
432}

hardware-configuration.nix

 1# Do not modify this file!  It was generated by ‘nixos-generate-config’
 2# and may be overwritten by future invocations.  Please make changes
 3# to /etc/nixos/configuration.nix instead.
 4{ config, lib, pkgs, ... }:
 5
 6{
 7  imports =
 8    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
 9    ];
10
11  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_pci_sdmmc" ];
12  boot.initrd.kernelModules = [ ];
13  boot.kernelModules = [ "kvm-intel" ];
14  boot.extraModulePackages = [ ];
15
16  nix.maxJobs = lib.mkDefault 4;
17}

fs-configuration.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  # Root filesystem.
 5  #
 6  fileSystems."/" =
 7    { device = "/dev/disk/by-uuid/8be69c44-b987-4eb8-a1b6-c67ed80c9512";
 8      fsType = "btrfs";
 9      options = [ "noatime" "space_cache" ];
10    };
11
12  # Boot filesystem.
13  #
14  fileSystems."/boot" =
15    { device = "/dev/disk/by-uuid/bc62f488-7c99-4a12-816c-1aa671557a9d";
16      fsType = "ext4";
17    };
18
19  # Encrypted partition.
20  #
21  boot.initrd.luks.devices."cr-home" = {
22      device = "/dev/disk/by-uuid/75236c0e-cad4-43a7-986c-a5f82f68cf65";
23    };
24
25  fileSystems."/home" =
26    { device = "/dev/mapper/cr-home";
27      fsType = "btrfs";
28      options = [ "noatime" "space_cache" ];
29    };
30
31  # Swap partition.
32  #
33  swapDevices =
34    [ { device = "/dev/disk/by-uuid/99be5bc9-fac4-4386-83c0-63632edef9dc"; }
35    ];
36
37
38  # Enable NTFS support.
39  boot.supportedFilesystems = [ "ntfs" ];
40}

network-configuration.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  #networking.networkmanager.enable = true;
 5  #networking.networkmanager.wifi.powersave = false;
 6
 7  networking.hostName = "yourhostname"; # Define your hostname.
 8  networking.nameservers = [ "1.1.1.1" "9.9.9.9" ];
 9  networking.wireless.enable = false;  # Wireless support via wpa_supplicant.
10  networking.wireless.networks = {
11    "home" = {
12      psk = "home wireless network pre-shared-key";
13    };
14    #free.wifi = {};            # Public wireless network
15  };
16  networking.wireless.userControlled = {
17    enable = true;
18    group = "network";
19  };
20
21  # Open ports in the firewall.
22  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
23  # networking.firewall.allowedUDPPorts = [ ... ];
24  networking.firewall.enable = true;
25
26  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
27  # Per-interface useDHCP will be mandatory in the future, so this generated config
28  # replicates the default behaviour.
29  networking.useDHCP = false;
30  networking.interfaces.ens5.useDHCP = true;
31  networking.interfaces.wlp3s0.useDHCP = true;
32
33  # Workaround for the no network after resume bug.
34  powerManagement.resumeCommands = ''
35    ${pkgs.systemd}/bin/systemctl restart wpa_supplicant
36  '';
37
38  # https://github.com/NixOS/nixpkgs/issues/49630
39  # (the suggested --load-media-router-component-extension=1 appears to be no longer required.)
40  services.avahi.enable = true;
41}

env-configuration.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  # Environment variables.
 5  environment.variables = {
 6    #PATH="$PATH:$HOME/bin";
 7    TERM = "xterm-256color";
 8    # PS1 = "\[\033[01;32m\][\u@\h\[\033[01;37m\] \W\[\033[01;32m\]]\$\[\033[00m\] ";
 9    EDITOR = "vi";
10    HISTCONTROL = "ignoredups:erasedups";
11    QT_LOGGING_RULES = "*=false";
12    FREETYPE_PROPERTIES = "truetype:interpreter-version=38";
13
14  environment.interactiveShellInit = ''
15    #alias config='git --git-dir=/home/mdo/.cfg/ --work-tree=/home/mdo'
16  '';
17}

vpn-configuration.nix

Disclaimer: didn't test this configuratiion yet.

 1{ config, pkgs, ... }:
 2
 3{
 4  # https://nixos.wiki/wiki/OpenVPN
 5  services.openvpn.servers = {
 6    nl1VPN  = { config = '' config /root/vpn/nl1-mdonkers.ovpn ''; autoStart = false;};
 7    fr1VPN  = { config = '' config /root/vpn/fr1-mdonkers.ovpn ''; autoStart = false;};
 8    es1VPN  = { config = '' config /root/vpn/es1-mdonkers.ovpn ''; autoStart = false;};
 9    us1VPN  = { config = '' config /root/vpn/us1-mdonkers.ovpn''; autoStart = false;};
10  };
11}

Posts in this Series