Shou · November 27, 2019 22:05
diff --git a/README.md b/README.md
diff --git a/configuration.nix b/configuration.nix
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

 { config, pkgs, ... }:

 let all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/81e51c7b1acfabab8b2b75c31ad684e20df6f67f") {};

 in {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./hardware-personal.nix
    ];

  nixpkgs.config = {
    # Disappoint Stallman
    allowUnfree = true;

    firefox = {
      enableGoogleTalkPlugin = true;
      # enableAdobeFlash = true;
      enableGnomeExtensions = true;
    };

    chromium = {
      # enablePepperFlash = true;
    };
  };

  nix.trustedUsers = [ "root" "benedict" "@sudo" ];

  nix.nrBuildUsers = 128;

  networking = {
    hostName = "peril";
    networkmanager.enable = true;
    firewall.enable = false;
    # nameservers = [ "127.0.0.1:53535" ];
  };

  services.dnscrypt-proxy = {
    enable = true;
    localPort = 53;
    resolverName = "cloudflare";
  };

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  i18n = {
    consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
  #   consoleKeyMap = "us";
  #   defaultLocale = "en_US.UTF-8";
    inputMethod = {
      enabled = "ibus";
      ibus.engines = with pkgs.ibus-engines; [
        uniemoji
        mozc
      ];
    };
  };

  fonts.fonts = with pkgs; [
    noto-fonts noto-fonts-cjk noto-fonts-emoji emojione lmodern
    carlito ipafont kochi-substitute
  ];

  # Set your time zone.
  time.timeZone = "Europe/London";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    neovim tmux firefox spotify paprefs pavucontrol hexchat bat ripgrep fd
    mpv smplayer docker chrome-gnome-shell fish nix-index docker_compose git
    noto-fonts-emoji emojione xsel bazel gnumake imagemagick curl direnv
    stack xvfb_run jq pcre kdiff3 postgresql_10 poppler_utils xmlstarlet
    libssh2 libxml2 tree gcc binutils autoconf automake gparted alacritty
    haskellPackages.ghcid hlint gimp chromium wine ghc flatpak
    # Haskell IDE Engine – specific versions
    # Install stable HIE for GHC 8.6.4, 8.6.3 and 8.4.3
    # (all-hies.selection { selector = p: { inherit (p) ghc864 ghc863 ghc843; }; })
    google-chrome gnome3.dconf-editor
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  programs.fish.enable = true;

  # List services that you want to enable:
  services.gnome3.chrome-gnome-shell.enable = true;
  #services.xserver.displayManager.gdm.autoLogin.user = "benedict";

  # Enable the OpenSSH daemon.
  services.openssh.enable = false;

  services.flatpak.enable = true;

  services.nginx = {
    enable = true;

    user = "benedict";
    group = "users";

    virtualHosts = {
      "localhost" = {
        default = true;
        root = "/home/benedict/Public";

        locations."/" = {
          extraConfig = ''
            autoindex on;
          '';
        };
      };
    };
  };

  # Enable Docker daemon.
  virtualisation.docker.enable = true;
  virtualisation.virtualbox.host.enable = false;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.

  # Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = [
      pkgs.gutenprint
      pkgs.gutenprintBin
    ];
  };

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio = {
    enable = true;
    zeroconf = {
      publish.enable = true;
      discovery.enable = true;
    };
    tcp.anonymousClients.allowAll = true;

    # Full Pulseaudio for Bluetooth support.
    package = pkgs.pulseaudioFull;

    # Good codecs; NOT IN 18.03; try 19.03
    extraModules = [ pkgs.pulseaudio-modules-bt ];

    # This seems to fix popping audio
    configFile = pkgs.runCommand "default.pa" {} ''
      sed 's/module-udev-detect$/module-udev-detect tsched=0/' \
      	${pkgs.pulseaudio}/etc/pulse/default.pa > $out
    '';
  };

  hardware.bluetooth.enable = true;

  # Enable A2DP sink.
  hardware.bluetooth.extraConfig = "
    [General]
    Enable=Source,Sink,Media,Socket
  ";

  services.xserver = {
    enable = true;
    layout = "us";
    libinput = {
      enable = true;
      tapping = true;
    };
    desktopManager = {
      gnome3.enable = true;
    };
    displayManager = {
      job.preStart = ''
        mkdir -p /run/gdm/.config/pulse
        ln -sf ${pulseConfig} /run/gdm/.config/pulse/default.pa
        chown -R gdm:gdm /run/gdm/.config
      '';
      gdm = {
        enable = true;
        wayland = false;

        autoLogin = {
          enable = true;
          user = "benedict";
        };
      };
      lightdm = {
        enable = false;
        autoLogin = {
          enable = true;
          user = "benedict";
        };
      };
    };
    videoDrivers = [ "nvidia" ];
  };

  # Define user accounts
  users = {
    users = {
      benedict = {
        isNormalUser = true;
        uid = 1000;
        extraGroups = [ "sudo" "docker" "networkmanager" "libvirtd" "kvm" "qemu" ];
        shell = pkgs.fish;
      };
      work = {
        isNormalUser = false;
        uid = 1001;
        extraGroups = [ "sudo" "docker" ];
        shell = pkgs.fish;
      };
    };
    groups = {
      sudo.gid = 707;
    };
  };

  # Set up sudoers group
  security.sudo.configFile = ''%sudo ALL=(ALL) ALL'';

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "19.03"; # Did you read the comment? no lol
  system.autoUpgrade.channel = "https://nixos.org/channels/nixos-20.03/";

  # Satisfy Elasticsearch requirement
  boot.kernel.sysctl = {
    "vm.max_map_count" = 262144;
  };

  ### Virtualisation
  boot.kernelModules = [
    "kvm-amd" "kvm-intel"
    # Add VFIO kernel modules
    "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"
  ];
  # Enable IOMMU
  boot.kernelParams = [ "amd_iommu=on" ];
  # Blacklist GPU drivers
  boot.blacklistedKernelModules = [ "nvidia" "nouveau" ];

  # Attach GPU to VFIO driver
  boot.extraModprobeConfig = "options vfio-pci ids=10de:1c03,10de:10f1";

  systemd.extraConfig = ''
    LimitNOFILE=65536
    DefaultLimitNOFILE=65536
    LimitMEMLOCK=infinity
    DefaultLimitMEMLOCK=infinity
  '';
 }
diff --git a/hardware-personal.nix b/hardware-personal.nix
 # Manually modified hardware config. This may be ignored if you aren't
 # following the outlined guide and instead just want the configuration.nix.

 { config, lib, pkgs, ... }:

 {
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  boot.loader.grub = {
    enable = true;
    device = "nodev";
    version = 2;
    efiSupport = true;
    enableCryptodisk = true;
    extraInitrd = /boot/initrd.keys.gz;
  };

  # Encryption
  boot.initrd.luks.devices = [
    {
      name = "root";
      device = "/dev/disk/by-uuid/fe1a9bac-29f8-44a3-a0dc-3232d87737ab";
      preLVM = true;
      keyFile = "/keyfile0.bin";
      allowDiscards = true;
    }
  ];
 }
	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, ... }:

	let all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/81e51c7b1acfabab8b2b75c31ad684e20df6f67f") {};

	in {
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	./hardware-personal.nix
	];

	nixpkgs.config = {
	# Disappoint Stallman
	allowUnfree = true;

	firefox = {
	enableGoogleTalkPlugin = true;
	# enableAdobeFlash = true;
	enableGnomeExtensions = true;
	};

	chromium = {
	# enablePepperFlash = true;
	};
	};

	nix.trustedUsers = [ "root" "benedict" "@sudo" ];

	nix.nrBuildUsers = 128;

	networking = {
	hostName = "peril";
	networkmanager.enable = true;
	firewall.enable = false;
	# nameservers = [ "127.0.0.1:53535" ];
	};

	services.dnscrypt-proxy = {
	enable = true;
	localPort = 53;
	resolverName = "cloudflare";
	};

	# Configure network proxy if necessary
	# networking.proxy.default = "http://user:password@proxy:port/";
	# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

	# Select internationalisation properties.
	i18n = {
	consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
	# consoleKeyMap = "us";
	# defaultLocale = "en_US.UTF-8";
	inputMethod = {
	enabled = "ibus";
	ibus.engines = with pkgs.ibus-engines; [
	uniemoji
	mozc
	];
	};
	};

	fonts.fonts = with pkgs; [
	noto-fonts noto-fonts-cjk noto-fonts-emoji emojione lmodern
	carlito ipafont kochi-substitute
	];

	# Set your time zone.
	time.timeZone = "Europe/London";

	# List packages installed in system profile. To search, run:
	# $ nix search wget
	environment.systemPackages = with pkgs; [
	neovim tmux firefox spotify paprefs pavucontrol hexchat bat ripgrep fd
	mpv smplayer docker chrome-gnome-shell fish nix-index docker_compose git
	noto-fonts-emoji emojione xsel bazel gnumake imagemagick curl direnv
	stack xvfb_run jq pcre kdiff3 postgresql_10 poppler_utils xmlstarlet
	libssh2 libxml2 tree gcc binutils autoconf automake gparted alacritty
	haskellPackages.ghcid hlint gimp chromium wine ghc flatpak
	# Haskell IDE Engine – specific versions
	# Install stable HIE for GHC 8.6.4, 8.6.3 and 8.4.3
	# (all-hies.selection { selector = p: { inherit (p) ghc864 ghc863 ghc843; }; })
	google-chrome gnome3.dconf-editor
	];

	# Some programs need SUID wrappers, can be configured further or are
	# started in user sessions.
	# programs.mtr.enable = true;
	# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
	programs.fish.enable = true;

	# List services that you want to enable:
	services.gnome3.chrome-gnome-shell.enable = true;
	#services.xserver.displayManager.gdm.autoLogin.user = "benedict";

	# Enable the OpenSSH daemon.
	services.openssh.enable = false;

	services.flatpak.enable = true;

	services.nginx = {
	enable = true;

	user = "benedict";
	group = "users";

	virtualHosts = {
	"localhost" = {
	default = true;
	root = "/home/benedict/Public";

	locations."/" = {
	extraConfig = ''
	autoindex on;
	'';
	};
	};
	};
	};

	# Enable Docker daemon.
	virtualisation.docker.enable = true;
	virtualisation.virtualbox.host.enable = false;

	# Open ports in the firewall.
	# networking.firewall.allowedTCPPorts = [ ... ];
	# networking.firewall.allowedUDPPorts = [ ... ];
	# Or disable the firewall altogether.

	# Enable CUPS to print documents.
	services.printing = {
	enable = true;
	drivers = [
	pkgs.gutenprint
	pkgs.gutenprintBin
	];
	};

	# Enable sound.
	sound.enable = true;
	hardware.pulseaudio = {
	enable = true;
	zeroconf = {
	publish.enable = true;
	discovery.enable = true;
	};
	tcp.anonymousClients.allowAll = true;

	# Full Pulseaudio for Bluetooth support.
	package = pkgs.pulseaudioFull;

	# Good codecs; NOT IN 18.03; try 19.03
	extraModules = [ pkgs.pulseaudio-modules-bt ];

	# This seems to fix popping audio
	configFile = pkgs.runCommand "default.pa" {} ''
	sed 's/module-udev-detect$/module-udev-detect tsched=0/' \
	${pkgs.pulseaudio}/etc/pulse/default.pa > $out
	'';
	};

	hardware.bluetooth.enable = true;

	# Enable A2DP sink.
	hardware.bluetooth.extraConfig = "
	[General]
	Enable=Source,Sink,Media,Socket
	";

	services.xserver = {
	enable = true;
	layout = "us";
	libinput = {
	enable = true;
	tapping = true;
	};
	desktopManager = {
	gnome3.enable = true;
	};
	displayManager = {
	job.preStart = ''
	mkdir -p /run/gdm/.config/pulse
	ln -sf ${pulseConfig} /run/gdm/.config/pulse/default.pa
	chown -R gdm:gdm /run/gdm/.config
	'';
	gdm = {
	enable = true;
	wayland = false;

	autoLogin = {
	enable = true;
	user = "benedict";
	};
	};
	lightdm = {
	enable = false;
	autoLogin = {
	enable = true;
	user = "benedict";
	};
	};
	};
	videoDrivers = [ "nvidia" ];
	};

	# Define user accounts
	users = {
	users = {
	benedict = {
	isNormalUser = true;
	uid = 1000;
	extraGroups = [ "sudo" "docker" "networkmanager" "libvirtd" "kvm" "qemu" ];
	shell = pkgs.fish;
	};
	work = {
	isNormalUser = false;
	uid = 1001;
	extraGroups = [ "sudo" "docker" ];
	shell = pkgs.fish;
	};
	};
	groups = {
	sudo.gid = 707;
	};
	};

	# Set up sudoers group
	security.sudo.configFile = ''%sudo ALL=(ALL) ALL'';

	# This value determines the NixOS release with which your system is to be
	# compatible, in order to avoid breaking some software such as database
	# servers. You should change this only after NixOS release notes say you
	# should.
	system.stateVersion = "19.03"; # Did you read the comment? no lol
	system.autoUpgrade.channel = "https://nixos.org/channels/nixos-20.03/";

	# Satisfy Elasticsearch requirement
	boot.kernel.sysctl = {
	"vm.max_map_count" = 262144;
	};

	### Virtualisation
	boot.kernelModules = [
	"kvm-amd" "kvm-intel"
	# Add VFIO kernel modules
	"vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"
	];
	# Enable IOMMU
	boot.kernelParams = [ "amd_iommu=on" ];
	# Blacklist GPU drivers
	boot.blacklistedKernelModules = [ "nvidia" "nouveau" ];

	# Attach GPU to VFIO driver
	boot.extraModprobeConfig = "options vfio-pci ids=10de:1c03,10de:10f1";

	systemd.extraConfig = ''
	LimitNOFILE=65536
	DefaultLimitNOFILE=65536
	LimitMEMLOCK=infinity
	DefaultLimitMEMLOCK=infinity
	'';
	}
	# Manually modified hardware config. This may be ignored if you aren't
	# following the outlined guide and instead just want the configuration.nix.

	{ config, lib, pkgs, ... }:

	{
	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;
	boot.loader.efi.efiSysMountPoint = "/boot/efi";
	boot.loader.grub = {
	enable = true;
	device = "nodev";
	version = 2;
	efiSupport = true;
	enableCryptodisk = true;
	extraInitrd = /boot/initrd.keys.gz;
	};

	# Encryption
	boot.initrd.luks.devices = [
	{
	name = "root";
	device = "/dev/disk/by-uuid/fe1a9bac-29f8-44a3-a0dc-3232d87737ab";
	preLVM = true;
	keyFile = "/keyfile0.bin";
	allowDiscards = true;
	}
	];
	}