Skip to content

Instantly share code, notes, and snippets.

@calbrecht

calbrecht/configuration.nix

Last active August 6, 2018 07:00
Show Gist options
  • Save calbrecht/055bf83943afbeb9bcbe to your computer and use it in GitHub Desktop.
Save calbrecht/055bf83943afbeb9bcbe to your computer and use it in GitHub Desktop.
Download ZIP
nix configuration
Raw
configuration.nix
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
#./hardware-configuration.nix
];
boot = {
initrd = {
luks = {
devices = [
{
name = "pvNixOs";
device = "/dev/sda3";
preLVM = true;
allowDiscards = true;
}
#{
# name = "vgNixOsUsb";
# device = "/dev/sdb2";
# preLVM = true;
# allowDiscards = true;
#}
];
cryptoModules = [
"aes"
"sha256"
"xts"
];
};
kernelModules = [
#"usb-common"
#"usbcore"
#"scsi_mod"
"xhci_hcd" # USB 3 support
"usb_storage"
"ext4"
"ehci_pci" "ahci" "sd_mod" "sr_mod" "kvm-intel"
];
availableKernelModules = [
];
};
loader.grub = {
enable = true;
enableCryptodisk = true;
version = 2;
device = "/dev/sdb";
};
};
hardware = {
trackpoint = {
emulateWheel = true;
sensitivity = 255;
speed = 255;
};
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
};
fileSystems = {
"/" = {
mountPoint = "/";
device = "/dev/mapper/vgNixOs-lvRoot";
fsType = "ext4";
options = "noatime,nodiratime,discard";
};
#"/" = {
# mountPoint = "/";
# device = "/dev/mapper/vgNixOsUsb-lvRoot";
# fsType = "ext4";
# options = "noatime,nodiratime,discard";
#};
#"/boot" = {
# mountPoint = "/boot";
# device = "/dev/sdb1";
# fsType = "ext4";
# options = "noatime,nodiratime,discard";
#};
};
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
environment = {
etc = {
"default/dircolors" = {
source = pkgs.fetchurl {
url = "https://github.com/seebi/dircolors-solarized/raw/master/dircolors.ansi-universal";
sha256 = "a887000726a9ce38fefc9560213134bb7e4d4b8ba199b9575af1be2c14cf3eee";
};
};
};
interactiveShellInit = ''
eval `dircolors /etc/default/dircolors`
test $USER = alab && {
export SSH_AUTH_SOCK="$HOME/.gnupg/S.gpg-agent.ssh"
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1
}
'';
loginShellInit = ''
'';
shellInit = ''
test $USER = alab && {
export SSH_AUTH_SOCK="$HOME/.gnupg/S.gpg-agent.ssh"
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1
}
'';
sessionVariables = rec {
RCRC = "$HOME/.files/rcrc";
GPG_TTY = "/dev/tty";
ALTERNATE_EDITOR = ""; # will start emacs --daemon if empty
EDITOR = "emacsclient -t";
TERM_FONT = "Terminus:pixelsize=14:weight=medium:antialias=false:autohint=false";
TILE_CMD = "${pkgs.dvtm}/bin/dvtm -M $SHELL";
TERM_CMD = "${pkgs.stSolarized}/bin/st -f ${TERM_FONT}";
};
shellAliases = rec {
".." = "cd ..";
e = "$=EDITOR";
d = "$=TILE_CMD";
st = "$=TERM_CMD";
cg = "grep --color=always";
cgr = "cg -r";
less = "less -R";
timestamp = "date +%s -d";
virtbox = "VirtualBox --startvm";
vpn = "sudo service openvpn";
};
systemPackages = with pkgs; [
bridge-utils
cryptsetup
dmenu
dunst
dvtm
#emacs-25.1.50
firefox
git
gnupg
i3lock
#i3pythonEnv
i3status
isync
libnotify
libreoffice
mu
nodejs
ncdu
pass
pavucontrol
php
phpstormLatest
pinentry
psmisc
rcm
silver-searcher
stSolarized
tig
linuxPackages.tp_smapi
lynx
vagrant
wget
which
#zshFunctionsNixCompletions
xdotool
xautolock
];
};
fonts.fonts = with pkgs; [
terminus_font
# font-roboto
font-droid
];
networking = {
firewall = {
trustedInterfaces = [ "virbr0" ];
allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 80 ];
allowPing = true;
checkReversePath = false;
extraCommands = ''
# enable internet in vagrant boxes
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 ! -d 192.168.10.0/24 -j MASQUERADE
'';
extraStopCommands = ''
# cleanup nat entry
iptables -t nat -D POSTROUTING -s 192.168.10.0/24 ! -d 192.168.10.0/24 -j MASQUERADE
'';
};
hostName = "tutnix";
enableIntel3945ABGFirmware = true;
wireless = {
enable = true;
driver = "wext";
interfaces = [ "wlp3s0" ];
};
extraHosts = ''
192.168.10.100 development.mvs-corp.com
'';
};
nix = {
binaryCaches = [
"https://hydra.mayflower.de"
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
binaryCachePublicKeys = [
"hydra.mayflower.de:9knPU2SJ2xyl0KTJjtUKOGUVdR2/3cOB4VNDQThcfaY="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
extraOptions = "signed-binary-caches = 0";
nixPath = [
"nixpkgs=/home/alab/ws/nixpkgs"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
nixpkgs = {
config = {
allowBroken = true;
allowUnfree = true;
packageOverrides = with pkgs; pkgs: rec {
stSolarized = lib.overrideDerivation st (attrs: rec {
version = "2015-11-22";
src = (fetchgit {
url = "http://git.suckless.org/st";
rev = "375b28720f7c78e6fac1c274f9dee7c40a78aacb";
sha256 = "1akvwgjapagqvvqs6yg71khimiv73s89imbxfkamly6z04c5kc1s";
});
patches = [
(fetchurl {
url = "http://st.suckless.org/patches/st-git-20151122-scrollback.diff";
sha256 = "0h99dlvq68d51zfcr3n9f9x4q2x9xwa0khx8r5pha4yjndlig34i";
})
(fetchurl {
url = "http://st.suckless.org/patches/st-git-20151106-scrollback-mouse.diff";
sha256 = "1py5cfchqmhymjyjwj1sar81kg7zl7cy9mvw3idvbgr0x6ffx6b9";
})
(fetchurl {
url = "http://st.suckless.org/patches/st-git-20150917-no-bold-colors.diff";
sha256 = "0vq1al46v6wl9qlgy4c8z0ji8vqsdqk0xvlls15y90czgy2whamg";
})
(fetchurl {
url = "http://st.suckless.org/patches/st-git-20151119-solarized-light.diff";
sha256 = "14bi0vsvyj75mp5nqsp34c2x8kkkv9c2q0kbx495k2a4gcsgv1s7";
})
];
postPatch = ''
substituteInPlace config.def.h \
--replace "histsize = 2000" "histsize = 99999"
'';
});
i3pythonEnv = myEnvFun {
name = "i3python";
buildInputs = [
python26
python26Packages.i3ipc
];
};
idea = recurseIntoAttrs (
callPackages /home/alab/ws/nixpkgs/pkgs/applications/editors/idea {
androidsdk = androidsdk_4_4;
jdk = oraclejre8;
});
phpstormLatest = lib.overrideDerivation idea.phpstorm (attrs: rec {
name = "phpstorm-${version}";
version = "10.0.2";
build = "143.1184";
src = fetchurl {
url = "http://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "0snzcjm24j7ylhsliv19clk06ds3ppij00sqrqyglkcn5isp75cj";
};
});
# firefoxBeta = lib.overrideDerivation firefox (attrs: rec {
# name = "firefox-4309";
# version = "43.0b9";
# src = fetchurl {
# url = "http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
# sha256 = "0nzlbhsxcc3rifimnda7h54pjh0ga19mm89wgxlyzn1blb9lv8ac";
# };
# });
};
};
system = "x86_64-linux";
};
programs = {
ssh = {
askPassword = "/run/current-system/sw/bin/true";
startAgent = false;
setXAuthLocation = false;
};
zsh = {
enable = true;
interactiveShellInit = ''
precmd_functions=( vcs_info )
#source /run/current-system/sw/share/zsh/site-functions/nix.plugin.zsh
#autoload -U compinit && compinit
'';
promptInit = ''
setopt prompt_subst
zstyle ':vcs_info:*' enable git
zstyle ':vcs_info:git*:*' get-revision true
zstyle ':vcs_info:git*:*' check-for-changes true
# hash changes branch misc
zstyle ':vcs_info:git*' formats "(%s) %12.12i %c%u %b%m"
zstyle ':vcs_info:git*' actionformats "(%s|%a) %12.12i %c%u %b%m"
autoload -Uz vcs_info
export PROMPT='%f%F{%(!.red.green)}%m%f %F{yellow}%~%f $vcs_info_msg_0_%E
%F{%(!.red.green)}%#%f%E '
'';
};
};
security.sudo.extraConfig = ''
alab ALL = NOPASSWD: /home/alab/bin/brightness
alab ALL=(root) NOPASSWD: /usr/local/bin/vagrant-lxc-wrapper
'';
services = {
acpid = {
enable = true;
lidEventCommands = "systemctl suspend";
};
ntp.enable = false;
chrony.enable = true;
dnsmasq = {
enable = false;
servers = ["8.8.8.8" "8.8.4.4"];
resolveLocalQueries = true;
extraConfig = ''
interface=br0
local=/localdomain/
dhcp-authoritative
dhcp-range=192.168.122.50,192.168.122.150,12h
domain=localdomain,192.168.122.0/24
log-dhcp
'';
};
openssh = {
enable = true;
allowSFTP = false;
permitRootLogin = "no";
passwordAuthentication = false;
challengeResponseAuthentication = false;
};
# printing.enable = true;
redshift = {
enable = false;
brightness.night = "0.5";
latitude = "48";
longitude = "11";
};
resolved.enable = true;
timesyncd.enable = true;
# thinkfan.enable = true;
xserver = {
enable = true;
layout = "us,de";
xkbVariant = "altgr-intl,";
xkbOptions = "caps:super,grp:win_space_toggle,compose:lwin-altgr";
startGnuPGAgent = false;
displayManager = {
auto.enable = true;
auto.user = "alab";
sessionCommands = ''
xautolock -locker "i3lock --color=000000" -time 5 &
i3lock --color=000000 &
xset r rate 200 50 &
'';
};
desktopManager = {
default = "none";
xterm.enable = false;
};
windowManager = {
default = "i3";
i3.enable = true;
};
};
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
systemd = {
network = {
enable = true;
netdevs = {
tap0 = {
netdevConfig = { Name = "tap0"; Kind = "tap"; };
};
virbr0 = {
netdevConfig = { Name = "virbr0"; Kind = "bridge"; };
};
};
networks = {
wired = {
matchConfig = { Name = "en*"; };
networkConfig = { DHCP = "both"; IPForward = "yes"; };
dhcpConfig = { RouteMetric = 10; };
};
wireless = {
matchConfig = { Name = "wl*"; };
networkConfig = { DHCP = "both"; IPForward = "yes"; };
dhcpConfig = { RouteMetric = 20; };
};
tap0 = {
matchConfig = { Name = "tap0"; };
networkConfig = { Bridge = "virbr0"; IPForward = "yes"; };
};
virbr0 = {
address = [ "192.168.10.1/24" ];
matchConfig = { Name = "virbr0"; };
networkConfig = { DHCPServer = "yes"; IPForward = "yes"; };
dhcpServerConfig = { DNS = [ "8.8.8.8" ]; PoolOffset = 100; PoolSize = 1; };
};
};
};
services = {
systemd-networkd-wait-online.enable = false;
};
};
time.timeZone = "Europe/Berlin";
users = {
defaultUserShell = "/run/current-system/sw/bin/zsh";
extraUsers.alab = {
isNormalUser = true;
description = "Christian Albrecht";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [
/home/alab/.ssh/id_rsa.pub
];
};
};
virtualisation = {
lxc.enable = true;
lxc.defaultConfig = ''
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.aa_profile = unconfined
'';
virtualbox.host.enable = false;
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment