Skip to content

Instantly share code, notes, and snippets.

@byrongibson

byrongibson/configuration.nix

Last active May 27, 2021 05:14
Show Gist options
  • Save byrongibson/8a9588fe14c105de157853eeac5bbe2b to your computer and use it in GitHub Desktop.
Save byrongibson/8a9588fe14c105de157853eeac5bbe2b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
################################################################################
# System
################################################################################
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Snapshot configuration.nix for every rebuild, stored in
# /run/current-system/configuration.nix
system.copySystemConfiguration = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
################################################################################
# Boot Loader
################################################################################
# Use GRUB2 & EFI
boot.loader = {
systemd-boot.enable = true;
grub = {
enable = true;
version = 2;
copyKernels = true;
efiSupport = true;
efiInstallAsRemovable = false;
device = "nodev"; # "/dev/sdx", or "nodev" for efi only
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
################################################################################
# ZFS
################################################################################
boot.zfs.requestEncryptionCredentials = true;
services.zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
# TODO: autoReplication
};
# rollback root dataset to blank on reboot
# source: https://grahamc.com/blog/erase-your-darlings
#boot.initrd.postDeviceCommands = lib.mkAfter ''
# zfs rollback -r ${ZFS_BLANK_SNAPSHOT}
#'';
################################################################################
# Networking
################################################################################
networking = {
hostId = "a5769739";
hostName = "z11pa-d8"; # Define your hostname.
#wireless.enable = true; # Enables wireless support via wpa_supplicant. Not necessary with Gnome.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
useDHCP = false;
interfaces = {
eno1.useDHCP = true;
eno2.useDHCP = true;
eno3.useDHCP = true;
eno4.useDHCP = true;
wlp175s0.useDHCP = true;
};
# Configure network proxy if necessary
# proxy = {
# default = "http://user:password@proxy:port/";
# noProxy = "127.0.0.1,localhost,internal.domain";
# };
# Open ports in the firewall.
# firewall = {
# enable = true; # = false to disable
# allowedTCPPorts = [ ... ];
# allowedUDPPorts = [ ... ];
# };
};
################################################################################
# GnuPG & SSH
################################################################################
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable GnuPG Agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
################################################################################
# Graphics & Desktop
################################################################################
# Enable X11 + Nvidia
# https://nixos.org/manual/nixos/unstable/index.html#sec-gnome-gdm
services.xserver = {
enable = true; # enable X11
layout = "us";
xkbOptions = "eurosign:e";
#videoDrivers = ["nvidia"];
displayManager.gdm.enable = true;
desktopManager.gnome3.enable = true;
};
################################################################################
# Print
################################################################################
# Enable CUPS to print documents.
# services.printing.enable = true;
################################################################################
# Sound
################################################################################
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
################################################################################
# Input
################################################################################
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
################################################################################
# Users
################################################################################
users = {
mutableUsers = false;
users = {
root = {
initialPassword = "password";
# https://discourse.nixos.org/t/how-to-disable-root-user-account-in-configuration-nix/13235/3
#hashedPassword = "!"; # disable root logins, nothing hashes to !
};
meme = {
isNormalUser = true;
createHome = true;
home = "/home/meme";
initialPassword = "password";
extraGroups = [ "wheel" "networkmanager" ];
#openssh.authorizedKeys.keys = [ "${AUTHORIZED_SSH_KEY}" ];
};
};
};
################################################################################
# Applications
################################################################################
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim
firefox
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}
Raw
hardware-configuration.nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.supportedFilesystems = ["zfs"]; # boot from zfs
boot.supportedFilesystems = [ "zfs" ];
fileSystems."/" =
{ device = "rpool/local/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/persist" =
{ device = "rpool/safe/persist";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/wwn-0x5001b448b94488f8-part1";
fsType = "vfat";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment