Skip to content

Instantly share code, notes, and snippets.

@mpickering

mpickering/configuration.nix

Created August 21, 2025 10:07
Show Gist options
  • Save mpickering/b69eeb37a9c9b5cabe2e4045a056199c to your computer and use it in GitHub Desktop.
Save mpickering/b69eeb37a9c9b5cabe2e4045a056199c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration.nix
#Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
environment.variables.EDITOR = "vim";
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./mattermost-weekly.nix
# (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
];
#services.vscode-server.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.extraModprobeConfig = ''
options v4l2loopback video_nr=10,11 card_label="virtualcam,virtualcam-chrome" exclusive_caps=0,1
'';
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" "kvm-intel" "kvm-amd"];
nix = {
# package = pkgs.nixFlakes;
nixPath = [ "nixpkgs=/home/matt/nixpkgs" "nixos-config=/home/matt/config/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ];
extraOptions = ''
binary-caches-parallel-connections = 5
experimental-features = nix-command
'';
};
# Provide the token securely; this example shows a simple file.
# Use agenix or sops-nix in real setups.
environment.etc."mattermost-token.env".text = ''
MATTERMOST_TOKEN=cbtuca3t7fn1tqt6ct3t94nnqe
'';
systemd.tmpfiles.rules = [
"z /etc/mattermost-token.env 0600 root root -"
];
services.mattermostWeekly = {
enable = true;
baseUrl = "https://mattermost.well-typed.com";
channelName = "mercury";
teamName = "well-typed";
message = "@rodrigo @hannes @wen @matthew Please provide your weekly update.";
tokenFile = "/etc/mattermost-token.env";
schedule = "Tue 09:00";
};
#networking.hostName = "nixos"; # Define your hostname.
networking.nameservers = [ "8.8.8.8" ];
networking.networkmanager.wifi.scanRandMacAddress = false;
networking.firewall.checkReversePath = false;
programs.mosh.enable = true;
hardware.graphics.extraPackages = with pkgs; [
vaapiIntel
libvdpau-va-gl
intel-media-driver
];
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
time.timeZone = "Europe/London";
nixpkgs.config.permittedInsecurePackages = [
"p7zip-16.02"
"qtwebkit-5.212.0-alpha4"
];
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs;
[
firefox
htop
networkmanagerapplet
wget
neovim-with-packages
git
tmux
noip
jq
#haskellPackages.hlint
fzf
haskellPackages.ghcid
haskellPackages.fast-tags
#haskellPackages.hs-speedscope
#cachix
niv
haskellPackages.eventlog2html
#haskell-ide
#cabal2nix
haskell.packages.ghc9122.ghc
ghcs-nix.cabal-install
#ghc-head-from
haskellPackages.xmobar
scrot
gimp
mupdf
xclip
xsel
xscreensaver
dmenu
rxvt-unicode-unwrapped
#kimai
vscode
code-cursor
ripgrep
fd
bat
eza
# Font junk
xfontsel
xlsfonts
lxqt.pavucontrol-qt
# GIS
qgis
openorienteering-mapper
lutris
steam
wine
winetricks
vulkan-tools
vulkan-loader
vulkan-validation-layers
spotify
thunderbird
virt-manager
dbeaver-bin
gist
icdiff
unzip
];
networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "enp4s0";
networking.networkmanager.enable = true;
# networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
virtualisation.docker.enable = true;
virtualisation.docker.package = pkgs.docker_25;
virtualisation.libvirtd.enable = true;
virtualisation.virtualbox.host.enable = true;
users.extraGroups.vboxusers.members = [ "matt" ];
hardware.graphics.enable32Bit = true;
#services.xserver.enable = true;
#services.xserver.desktopManager.plasma5.enable = true;
services.xserver.windowManager = {
xmonad.enable = true;
xmonad.enableContribAndExtras = true;
};
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "none+xmonad";
services.xserver.xkb.layout = "gb";
services.xserver.videoDrivers = ["modesetting"];
services.xserver.xrandrHeads = [ "HDMI1" "HDMI2" ];
#services.xrdp.enable = true;
#services.xrdp.defaultWindowManager = "${pkgs.icewm}/bin/icewm";
networking.firewall.allowedTCPPorts = [ 3389 ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
networking.interfaces."enp4s0".wakeOnLan.enable = true;
services.fail2ban.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
#networking.firewall.enable = false;
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint ];
# Enable sound.
#hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
nix.settings.trusted-users = [ "root" "matt" ];
#nix.package = pkgs.nix_2_3;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.extraUsers.matt = {
createHome = true;
extraGroups = ["wheel" "video" "audio" "disk" "networkmanager" "docker" "libvirtd" "kvm" "vboxusers" ];
group = "users";
home = "/home/matt";
isNormalUser = true;
uid = 1000;
};
nixpkgs.overlays = [ (import /home/matt/config/overlay.nix) ];
# Enable the X11 windowing system.
services.xserver.displayManager.sessionCommands = ''
xinput set-prop 12 297 1
xinput set-prop 12 'Device Accel Constant Deceleration' 3 &
xrdb "${pkgs.writeText "xrdb.conf" ''
URxvt.font: xft:Dejavu Sans Mono for Powerline:size=11
XTerm*faceName: xft:Dejavu Sans Mono for Powerline:size=11
XTerm*utf8: 2
URxvt.iconFile: /usr/share/icons/elementary/apps/24/terminal.svg
URxvt.letterSpace: 0
URxvt.background: #121214
URxvt.foreground: #FFFFFF
XTerm*background: #121212
XTerm*foreground: #FFFFFF
! black
URxvt.color0 : #2E3436
URxvt.color8 : #555753
XTerm*color0 : #2E3436
XTerm*color8 : #555753
! red
URxvt.color1 : #CC0000
URxvt.color9 : #EF2929
XTerm*color1 : #CC0000
XTerm*color9 : #EF2929
! green
URxvt.color2 : #4E9A06
URxvt.color10 : #8AE234
XTerm*color2 : #4E9A06
XTerm*color10 : #8AE234
! yellow
URxvt.color3 : #C4A000
URxvt.color11 : #FCE94F
XTerm*color3 : #C4A000
XTerm*color11 : #FCE94F
! blue
URxvt.color4 : #3465A4
URxvt.color12 : #729FCF
XTerm*color4 : #3465A4
XTerm*color12 : #729FCF
! magenta
URxvt.color5 : #75507B
URxvt.color13 : #AD7FA8
XTerm*color5 : #75507B
XTerm*color13 : #AD7FA8
! cyan
URxvt.color6 : #06989A
URxvt.color14 : #34E2E2
XTerm*color6 : #06989A
XTerm*color14 : #34E2E2
! white
URxvt.color7 : #D3D7CF
URxvt.color15 : #EEEEEC
XTerm*color7 : #D3D7CF
XTerm*color15 : #EEEEEC
URxvt*saveLines: 32767
XTerm*saveLines: 32767
URxvt.colorUL: #AED210
URxvt.perl-ext: default,url-select
URxvt.perl-ext-common:-confirm-paste
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.url-select.launcher: /usr/bin/firefox -new-tab
URxvt.url-select.underline: true
Xft*dpi: 96
Xft*antialias: true
Xft*hinting: full
URxvt.scrollBar: false
URxvt*scrollTtyKeypress: true
URxvt*scrollTtyOutput: false
URxvt*scrollWithBuffer: false
URxvt*scrollstyle: plain
URxvt*secondaryScroll: true
Xft.autohint: 0
Xft.lcdfilter: lcddefault
Xft.hintstyle: hintfull
Xft.hinting: 1
Xft.antialias: 1
''}"
'';
fonts = {
fontDir.enable = true;
enableGhostscriptFonts = true;
enableDefaultPackages = true;
packages = with pkgs; [
anonymousPro
corefonts
dejavu_fonts
fira-mono
freefont_ttf
google-fonts
inconsolata
liberation_ttf
powerline-fonts
source-code-pro
terminus_font
ttf_bitstream_vera
ubuntu_font_family
];
};
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_16;
services.postgresql.settings = {
shared_preload_libraries = "pg_stat_statements";
"pg_stat_statements.track" = "all";
"pg_stat_statements.max" = 10000;
track_activity_query_size = 2048;
};
services.postgresql.extensions = with pkgs.postgresql_16.pkgs; [
postgis
];
services.postgresql.authentication = pkgs.lib.mkForce ''
# Generated file; do not edit!
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
system.copySystemConfiguration = true;
nixpkgs.config.allowUnfree = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.03"; # Did you read the comment?
nix.settings.trusted-binary-caches = [
"http://hydra.nixos.org"
"https://nixcache.reflex-frp.org"
];
nix.settings.binary-caches = [
"https://cache.nixos.org"
"https://nixcache.reflex-frp.org"
];
nix.settings.binary-cache-public-keys = [
"ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment