My NixOS configuration
The Purely Functional Linux Distribution – NixOS (by Dolstra, Eelco).
NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages.
The configuration is also on GitHub: My NixOS configuration files.
Also, earlier on this site: NixOS.
My configuration
configuration.nix
1# Edit this configuration file to define what should be installed on
2# your system. Help is available in the configuration.nix(5) man page
3# and in the NixOS manual (accessible by running ‘nixos-help’).
4#
5# https://nixos.org/nixos/manual/index.html
6# https://nixos.org/nixos/options.html
7# https://nixos.wiki/wiki/Configuration_Collection
8#
9
10{ config, pkgs, ... }:
11
12let unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
13in {
14 imports =
15 [ # Include the results of the hardware scan.
16 ./hardware-configuration.nix
17 ./fs-configuration.nix
18 ./network-configuration.nix
19 ./env-configuration.nix
20 ./vpn-configuration.nix
21 ./cachix.nix
22 ];
23
24 # Disable automatic storage optimization (computer needs to be responsive at all times).
25 # https://nixos.wiki/wiki/Storage_optimization
26 #nix.gc = {
27 # automatic = true;
28 # dates = "weekly";
29 # options = "--delete-older-than 31d";
30 #};
31
32 # nix.extraOptions = ''
33 # min-free = ${toString (5 * 1024 * 1024 * 1024)} # 5 GB
34 # max-free = ${toString (10* 1024 * 1024 * 1024)}
35 # '';
36
37 # Use the GRUB 2 boot loader.
38 boot.loader.grub.enable = true;
39 boot.loader.grub.version = 2;
40 # boot.loader.grub.efiSupport = true;
41 # boot.loader.grub.efiInstallAsRemovable = true;
42 # boot.loader.efi.efiSysMountPoint = "/boot/efi";
43 # Define on which hard drive you want to install Grub.
44 boot.loader.grub.device = "/dev/disk/by-id/ata-WDC_WD5000BEKT-60KA9T0_WD-WXG1AA0N9929"; # or "nodev" for efi only
45 # boot.loader.grub.extraConfig = "terminal_input_console terminal_output_console";
46
47 # Kernel parameters.
48 boot.kernelParams = [ "acpi_osi=Linux" ];
49
50 # Obelisk/Reflex -- https://github.com/obsidiansystems/obelisk
51 nix = {
52 binaryCaches = [
53 "https://nixcache.reflex-frp.org"
54 ];
55 binaryCachePublicKeys = [
56 "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
57 ];
58 };
59
60 programs.wireshark = {
61 enable = true;
62 package = pkgs.wireshark;
63 };
64
65 # Disable automatic refresh of ClamAV signatures database (do this manually).
66 #services.clamav = {
67 # # daemon.enable = true;
68 # updater.enable = true;
69 #};
70
71 # Configure network proxy if necessary
72 # networking.proxy.default = "http://user:password@proxy:port/";
73 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
74
75 # Docker host. The --iptables=false makes sure that Docker doesn't alter
76 # the firewall (as a default containers should no be accessible from outside).
77 #
78 virtualisation = {
79 docker = {
80 enable = true;
81 autoPrune.enable = true;
82 storageDriver = "overlay2";
83 #extraOptions = "--iptables=false";
84 };
85
86 libvirtd.enable = true;
87 };
88
89 # Enable nested virtualization for your guests to run KVM hypervisors
90 boot.extraModprobeConfig = "options kvm_intel nested=1";
91
92 # Font size.
93 fonts.fontconfig.dpi=96;
94
95 # Select internationalisation properties.
96 i18n = {
97 #consoleFont = "Lat2-Terminus16";
98 #consoleKeyMap = "us";
99 defaultLocale = "en_US.UTF-8";
100 extraLocaleSettings = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "nl_NL.UTF-8"; };
101 };
102
103 console = {
104 font = "Lat2-Terminus16";
105 keyMap = "us";
106 };
107
108 # Set your time zone.
109 time.timeZone = "Europe/Amsterdam";
110
111 # Allow packages with non-free licenses.
112 nixpkgs.config.allowUnfree = true;
113
114 # List packages installed in system profile. To search, run:
115 # `nix search wget`
116 environment.systemPackages = with pkgs; [
117 android-file-transfer
118 apktool
119 appimage-run
120 arandr
121 ark
122 ascii
123 aspellDicts.en
124 aspellDicts.en-computers
125 aspellDicts.en-science
126 aspellDicts.nl
127 banner
128 beep
129 binutils-unwrapped
130 bpytop
131 btrfs-progs
132 cabal-install
133 cabal2nix
134 cachix
135 calibre
136 castnow
137 ccache
138 chromium
139 clamav
140 clementineUnfree
141 cmus
142 cowsay
143 cryptsetup
144 darcs
145 #digikam
146 docker
147 docker_compose
148 dos2unix
149 e2fsprogs
150 emacs
151 entr
152 ffmpeg
153 figlet
154 file
155 filezilla
156 firefox
157 fortune
158 freetype
159 ghc
160 ghcid
161 gimp-with-plugins
162 git
163 git-crypt
164 gitAndTools.gitRemoteGcrypt
165 gitAndTools.tig
166 gnumake
167 gnupg
168 google-chrome
169 gqview
170 graphviz
171 hddtemp
172 heimdall-gui
173 hledger
174 hledger-ui
175 hlint
176 html-tidy
177 htop
178 #jdk11
179 jitsi
180 #kdiff3-qt5
181 keepassxc
182 killall
183 kismet
184 #krita
185 lftp
186 libav
187 libreoffice
188 lshw
189 lsof
190 lynis
191 mercurial
192 metasploit
193 microcodeIntel
194 mkvtoolnix
195 mpv-with-scripts
196 mupdf
197 nix-index
198 nix-prefetch-scripts
199 nmap
200 nodejs
201 nomacs
202 notmuch
203 offlineimap
204 openh264
205 openssl
206 ormolu
207 p7zip
208 pandoc
209 par
210 pciutils
211 pcmanfm
212 #pinentry
213 pkg-config
214 pstree
215 python3
216 ranger
217 rawtherapee
218 restic
219 rmlint
220 sabnzbd
221 screen
222 scrot
223 silver-searcher
224 smartmontools
225 snapper
226 speedtest-cli
227 sshfs
228 stack
229 subdl
230 tcpdump
231 telnet
232 texlive.combined.scheme-full
233 xfce.thunar-volman
234 thunderbird
235 #tmux # TODO tmux server crashes after a while...
236 tree
237 unzip
238 usbutils
239 vim
240 virtmanager
241 vlc
242 wcalc
243 wget
244 wirelesstools
245 wmctrl
246 wmctrl
247 wpa_supplicant
248 xclip
249 xdotool
250 xlockmore
251 xmobar
252 #xmonad-with-packages
253 xorg.xdpyinfo
254 xorg.xev
255 xorg.xeyes
256 xorg.xhost
257 xorg.xinit
258 xorg.xkill
259 xorg.xmessage
260 xorg.xmodmap
261 xorg.xwininfo
262 xsane
263 yara
264 youtube-dl
265 zoom-us
266 ];
267
268 services.fwupd.enable = true;
269
270 # Some programs need SUID wrappers, can be configured further or are
271 # started in user sessions.
272 # programs.mtr.enable = true;
273 # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
274
275 # Enable the OpenSSH daemon.
276 # services.openssh.enable = true;
277 services.openssh = {
278 enable = true;
279
280 # Only pubkey auth
281 passwordAuthentication = false;
282 challengeResponseAuthentication = false;
283 };
284
285 # Start ssh-agent as a systemd user service
286 programs.ssh.startAgent = true;
287
288 # Pinentry.
289 programs.gnupg.agent.enable = true;
290
291 programs.tmux = {
292 enable = true;
293 clock24 = true;
294 extraConfig = ''
295 set-option -g prefix C-z
296 unbind-key C-b
297 bind-key C-z send-prefix
298 '';
299 };
300
301 # Printing. Enable CUPS to print documents.
302 # https://nixos.wiki/wiki/Printing
303 services.printing.enable = true;
304 services.printing.drivers = with pkgs; [ hplipWithPlugin ];
305
306 # Scanning with sane.
307 hardware.sane.enable = true;
308 hardware.sane.extraBackends = with pkgs; [ hplipWithPlugin ];
309
310 # Enable sound.
311 sound.enable = true;
312 hardware.pulseaudio = {
313 enable = true;
314 support32Bit = true;
315 };
316
317 # OpenGL configuration.
318 hardware.opengl = {
319 enable = true;
320 driSupport32Bit = true;
321 };
322
323 # Enable Redshift.
324 services.redshift = {
325 enable = true;
326 brightness = {
327 day = "1";
328 night = "0.90";
329 };
330 temperature = {
331 day = 6500;
332 night = 3500;
333 };
334 };
335 location.provider = "geoclue2";
336
337 # Enable the X11 windowing system.
338 services.xserver.enable = true;
339 services.xserver.layout = "us";
340 # services.xserver.xkbVariant = "altgr-intl";
341 #services.xserver.xkbOptions = "eurosign:e";
342 # services.xserver.xkbOptions = "compose:caps,shift:both_capslock";
343 services.xserver.xkbOptions = "compose:sclk";
344
345 # Legacy video driver for NVIDIA GeForce 335M (?) support.
346 # TODO Package is marked as broken in NixOS stable 20.09 (...)
347 #services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
348
349 # https://nixos.wiki/wiki/Android
350 programs.adb.enable = true;
351
352 # Enable touchpad support.
353 services.xserver.libinput.enable = true;
354
355 # Compositor (supposedly fixes screen tearing).
356 # services.compton.enable = true;
357
358 # Required for screen-lock-on-suspend functionality.
359 services.logind.extraConfig = ''
360 LidSwitchIgnoreInhibited=False
361 HandleLidSwitch=suspend
362 HoldoffTimeoutSec=10
363 '';
364
365 # Graphical environment.
366 services.xserver = {
367 desktopManager = {
368 xterm.enable = false;
369 xfce.enable = true;
370 };
371 displayManager.defaultSession = "xfce";
372
373 # Enable the KDE Desktop Environment.
374 #displayManager.sddm.enable = true;
375 #desktopManager.plasma5.enable = true;
376
377 # Enable xmonad tiling window manager.
378 # windowManager.xmonad = {
379 # enable = true;
380 # enableContribAndExtras = true;
381 # extraPackages = haskellPackages: [
382 # haskellPackages.xmonad-contrib
383 # haskellPackages.xmonad-extras
384 # haskellPackages.xmonad
385 # ];
386 # };
387
388 # https://nixos.wiki/wiki/Using_X_without_a_Display_Manager
389 #displayManager.startx.enable = true; # BEWARE: lightdm doesn't start with this enabled.
390 displayManager.lightdm.enable = true;
391 #displayManager.defaultSession = "none+xmonad";
392
393 #displayManager.sessionCommands = with pkgs; lib.mkAfter
394 # ''
395 # xmodmap /path/to/.Xmodmap
396 # '';
397 };
398
399 # https://nixos.wiki/wiki/Fonts
400 fonts.fonts = with pkgs; [
401 hack-font
402 noto-fonts
403 noto-fonts-cjk
404 noto-fonts-emoji
405 google-fonts
406 # liberation_ttf
407 # fira-code
408 # fira-code-symbols
409 # mplus-outline-fonts
410 # dina-font
411 # proggyfonts
412 ];
413
414 # Define a user account. Don't forget to set a password with ‘passwd’.
415 users.users.mdo = {
416 isNormalUser = true;
417 extraGroups = [ "wheel" "docker" "libvirtd" "kvm"
418 "audio" "disk" "video" "network"
419 "systemd-journal" "lp" "scanner" "adbusers" ];
420 };
421
422 users.users.csp = {
423 isNormalUser = true;
424 extraGroups = [ "audio" "disk" "video" ];
425 };
426
427 # This value determines the NixOS release with which your system is to be
428 # compatible, in order to avoid breaking some software such as database
429 # servers. You should change this only after NixOS release notes say you
430 # should.
431 system.stateVersion = "20.03"; # Did you read the comment?
432}
hardware-configuration.nix
1# Do not modify this file! It was generated by ‘nixos-generate-config’
2# and may be overwritten by future invocations. Please make changes
3# to /etc/nixos/configuration.nix instead.
4{ config, lib, pkgs, ... }:
5
6{
7 imports =
8 [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
9 ];
10
11 boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_pci_sdmmc" ];
12 boot.initrd.kernelModules = [ ];
13 boot.kernelModules = [ "kvm-intel" ];
14 boot.extraModulePackages = [ ];
15
16 nix.maxJobs = lib.mkDefault 4;
17}
fs-configuration.nix
1{ config, pkgs, ... }:
2
3{
4 # Root filesystem.
5 #
6 fileSystems."/" =
7 { device = "/dev/disk/by-uuid/8be69c44-b987-4eb8-a1b6-c67ed80c9512";
8 fsType = "btrfs";
9 options = [ "noatime" "space_cache" ];
10 };
11
12 # Boot filesystem.
13 #
14 fileSystems."/boot" =
15 { device = "/dev/disk/by-uuid/bc62f488-7c99-4a12-816c-1aa671557a9d";
16 fsType = "ext4";
17 };
18
19 # Encrypted partition.
20 #
21 boot.initrd.luks.devices."cr-home" = {
22 device = "/dev/disk/by-uuid/75236c0e-cad4-43a7-986c-a5f82f68cf65";
23 };
24
25 fileSystems."/home" =
26 { device = "/dev/mapper/cr-home";
27 fsType = "btrfs";
28 options = [ "noatime" "space_cache" ];
29 };
30
31 # Swap partition.
32 #
33 swapDevices =
34 [ { device = "/dev/disk/by-uuid/99be5bc9-fac4-4386-83c0-63632edef9dc"; }
35 ];
36
37
38 # Enable NTFS support.
39 boot.supportedFilesystems = [ "ntfs" ];
40}
network-configuration.nix
1{ config, pkgs, ... }:
2
3{
4 #networking.networkmanager.enable = true;
5 #networking.networkmanager.wifi.powersave = false;
6
7 networking.hostName = "yourhostname"; # Define your hostname.
8 networking.nameservers = [ "1.1.1.1" "9.9.9.9" ];
9 networking.wireless.enable = false; # Wireless support via wpa_supplicant.
10 networking.wireless.networks = {
11 "home" = {
12 psk = "home wireless network pre-shared-key";
13 };
14 #free.wifi = {}; # Public wireless network
15 };
16 networking.wireless.userControlled = {
17 enable = true;
18 group = "network";
19 };
20
21 # Open ports in the firewall.
22 networking.firewall.allowedTCPPorts = [ 22 80 443 ];
23 # networking.firewall.allowedUDPPorts = [ ... ];
24 networking.firewall.enable = true;
25
26 # The global useDHCP flag is deprecated, therefore explicitly set to false here.
27 # Per-interface useDHCP will be mandatory in the future, so this generated config
28 # replicates the default behaviour.
29 networking.useDHCP = false;
30 networking.interfaces.ens5.useDHCP = true;
31 networking.interfaces.wlp3s0.useDHCP = true;
32
33 # Workaround for the no network after resume bug.
34 powerManagement.resumeCommands = ''
35 ${pkgs.systemd}/bin/systemctl restart wpa_supplicant
36 '';
37
38 # https://github.com/NixOS/nixpkgs/issues/49630
39 # (the suggested --load-media-router-component-extension=1 appears to be no longer required.)
40 services.avahi.enable = true;
41}
env-configuration.nix
1{ config, pkgs, ... }:
2
3{
4 # Environment variables.
5 environment.variables = {
6 #PATH="$PATH:$HOME/bin";
7 TERM = "xterm-256color";
8 # PS1 = "\[\033[01;32m\][\u@\h\[\033[01;37m\] \W\[\033[01;32m\]]\$\[\033[00m\] ";
9 EDITOR = "vi";
10 HISTCONTROL = "ignoredups:erasedups";
11 QT_LOGGING_RULES = "*=false";
12 FREETYPE_PROPERTIES = "truetype:interpreter-version=38";
13
14 environment.interactiveShellInit = ''
15 #alias config='git --git-dir=/home/mdo/.cfg/ --work-tree=/home/mdo'
16 '';
17}
vpn-configuration.nix
Disclaimer: didn't test this configuratiion yet.
1{ config, pkgs, ... }:
2
3{
4 # https://nixos.wiki/wiki/OpenVPN
5 services.openvpn.servers = {
6 nl1VPN = { config = '' config /root/vpn/nl1-mdonkers.ovpn ''; autoStart = false;};
7 fr1VPN = { config = '' config /root/vpn/fr1-mdonkers.ovpn ''; autoStart = false;};
8 es1VPN = { config = '' config /root/vpn/es1-mdonkers.ovpn ''; autoStart = false;};
9 us1VPN = { config = '' config /root/vpn/us1-mdonkers.ovpn''; autoStart = false;};
10 };
11}