Skip to content

Instantly share code, notes, and snippets.

@rainly

rainly/configuration.nix

Forked from hemashushu/configuration.nix
Created May 9, 2025 10:41
Show Gist options
  • Save rainly/a05821c007de9cedb4bde9218f093495 to your computer and use it in GitHub Desktop.
Save rainly/a05821c007de9cedb4bde9218f093495 to your computer and use it in GitHub Desktop.
Download ZIP
NixOS configuration reference 2025-05
Raw
configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Bootloader configuration
#
# Enable systemd-boot as the bootloader
boot.loader.systemd-boot.enable = true;
# Allow EFI variables to be modified
boot.loader.efi.canTouchEfiVariables = true;
# Enable support for NTFS file systems
boot.supportedFilesystems = [ "ntfs" ];
# Intel CPU microcode updates (uncomment to enable)
# hardware.cpu.intel.updateMicrocode = true;
networking.hostName = "nixos-home"; # Set the hostname for the system
# networking.wireless.enable = true; # Enable wireless support using wpa_supplicant (uncomment to enable)
networking.nameservers = [
"8.8.8.8"
"223.5.5.5"
"208.67.222.222"
"192.168.1.1"
]; # Specify DNS servers
services.resolved = {
enable = true; # Enable systemd-resolved for DNS resolution
# dnssec = "true"; # Enable DNSSEC (uncomment to enable)
# domains = ["~."]; # Specify search domains (uncomment to enable)
# fallbackDns = ["192.168.1.1"]; # Specify fallback DNS servers (uncomment to enable)
# dnsovertls = "false"; # Disable DNS over TLS (uncomment to enable)
};
# Configure network proxy settings if required
# networking.proxy.default = "http://user:password@proxy:port/"; # Set default proxy
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Specify addresses to bypass proxy
# Enable NetworkManager for managing network connections
networking.networkmanager.enable = true;
# Add custom entries to the /etc/hosts file
networking.extraHosts = ''
127.0.0.1 baidu.com
'';
# Set the system time zone
time.timeZone = "Asia/Shanghai";
# Configure internationalization settings
i18n.defaultLocale = "en_US.UTF-8"; # Set the default locale
i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_CN.UTF-8"; # Set locale for address formatting
LC_IDENTIFICATION = "zh_CN.UTF-8"; # Set locale for identification
LC_MEASUREMENT = "zh_CN.UTF-8"; # Set locale for measurement units
LC_MONETARY = "zh_CN.UTF-8"; # Set locale for monetary formatting
LC_NAME = "zh_CN.UTF-8"; # Set locale for personal names
LC_NUMERIC = "zh_CN.UTF-8"; # Set locale for numeric formatting
LC_PAPER = "zh_CN.UTF-8"; # Set locale for paper size
LC_TELEPHONE = "zh_CN.UTF-8"; # Set locale for telephone numbers
LC_TIME = "zh_CN.UTF-8"; # Set locale for time formatting
};
# Configure input method editor (IME) settings
i18n.inputMethod = {
enable = true; # Enable input method support
type = "fcitx5"; # Use Fcitx5 as the input method framework
# waylandFrontend = true; # Enable Wayland frontend (uncomment to enable)
fcitx5.addons = with pkgs; [ fcitx5-rime ]; # Add Rime addon for Fcitx5
};
# Install additional fonts
fonts.packages = with pkgs; [
# Common fonts
dejavu_fonts
roboto
liberation_ttf
open-sans
inter
overpass
# CJK fonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
wqy_microhei
lxgw-wenkai
lxgw-neoxihei
# Coding fonts
jetbrains-mono
roboto-mono
ibm-plex
camingo-code
victor-mono
iosevka
source-code-pro
cascadia-code
fira-code
];
# Define a user account. Remember to set a password using ‘passwd’.
users.users.yang = {
isNormalUser = true; # Mark as a regular user
description = "yang"; # Set user description
extraGroups =
[ "networkmanager" "wheel" "adbusers" ]; # Add user to additional groups
packages = with pkgs;
[
# List of packages for the user
];
};
# Define environment variables for the user
environment = {
sessionVariables = {
# Add environment variables here
};
};
security.rtkit.enable = true; # Enable real-time kit for audio processing
security.sudo.wheelNeedsPassword =
false; # Allow members of the wheel group to use sudo without a password
# Allow installation of unfree packages
nixpkgs.config.allowUnfree = true;
# Enable experimental Nix features, such as the new Nix CLI and flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Configure binary cache mirrors for faster downloads. These mirrors are hosted in China.
nix.settings.substituters = [
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://mirror.sjtu.edu.cn/nix-channels/store"
];
# These settings can also be specified via the command line, for example:
# nixos-rebuild switch --option substituters "https://mirror.sjtu.edu.cn/nix-channels/store"
# nixos-rebuild switch --option substituters "https://mirrors.ustc.edu.cn/nix-channels/store"
# nixos-rebuild switch --option substituters "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
# Uncomment the following line to enable support for RGB devices
# services.hardware.openrgb.enable = true;
# Define the list of system-wide packages to be installed
environment.systemPackages = with pkgs; [
# Utilities for general use
vim
wget
aria2
ffmpeg
netcat-openbsd
psmisc
pciutils
usbutils
htop
p7zip
unrar
file
fastfetch
localsend
# Tools for C development
# Note: Some packages like `musl`, `cmake`, `meson`, `pkg-config`, and `ninja` may not work as expected.
# Refer to https://wiki.nixos.org/wiki/C for more details.
gcc
gnumake
binutils
gdb
# Nix
nixfmt-classic
nixd
# Man pages
man-pages
man-pages-posix
# Programming language
# Use `programs.java.enable = true` to enable Java support
rustup # Rust toolchain manager
go # Go programming language
nodejs # Node.js runtime
python314 # Python 3.14 interpreter
pipx # Python package installer for isolated environments
flutter # Flutter framework for building cross-platform apps (ref: https://wiki.nixos.org/wiki/Flutter)
# Development tools
vscode # Visual Studio Code (some extensions like CodeLLDB may not work, ref: https://wiki.nixos.org/wiki/Visual_Studio_Code)
git # Version control system
qemu # Hardware virtualization tool
meld # Diff and merge tool
# binaryninja-free # Reverse engineering tool (not available in the 24.11 repository)
cutter # x86 disassembler
d-spy # D-Bus exploration tool
# Internet tools
google-chrome # Web browser
qbittorrent # BitTorrent client
# Multimedia tools
vlc # Video player
mpv # Lightweight video player
smplayer # Video player with advanced features
audacious # Music player
# Creative tools
kicad # Electronic Design Automation (EDA) suite
libreoffice-qt # Office suite with Qt integration
gimp # Image editor
inkscape # Vector graphics editor
blender-hip # Blender optimized for AMD GPUs using HIP
audacity # Audio editor
krita # Digital painting software
calibre # E-book management software
kdePackages.kdenlive # Video editor
# GUI utilities
gparted # Disk partitioning tool
gnome-disk-utility # Disk management tool
kdePackages.filelight # Disk usage visualization tool
kdePackages.yakuake # Drop-down terminal emulator
kdePackages.kcalc # Calculator
kdePackages.krdc # Remote desktop client
# GPU utilities
amdgpu_top # GPU monitoring tool with GUI (launch using `amdgpu_top --gui`)
radeontop # GPU monitoring tool with CLI
furmark # Vulkan-based GPU benchmark and stress test
# Flatpak utilities (commented out by default)
#
# kdePackages.discover # Flatpak software center
# kdePackages.flatpak-kcm # Flatpak permissions management
# Container tools (commented out by default)
#
# dive # Inspect Docker image layers
# podman-tui # Terminal-based Podman container manager
# podman-compose # Manage groups of containers for development
# Appearance (commented out by default)
#
# numix-icon-theme-circle # Icon theme
# tela-circle-icon-theme # Icon theme
# Games
kdePackages.ksudoku # Sudoku game
# superTuxKart # Classic kart racing game
# prismlauncher # Minecraft launcher
# Xorg compatibility tools
xorg.xauth # X authentication utility
xorg.xhost # X server access control program
];
# Enable additional documentation and manpages for development
documentation.dev.enable = true;
# KDE Connect for device integration
programs.kdeconnect.enable = true;
# Enable Firefox browser
programs.firefox.enable = true;
# Steam gaming platform
programs.steam = {
enable = true;
# Open firewall ports for Steam Remote Play
remotePlay.openFirewall = true;
# Open firewall ports for Source Dedicated Server
dedicatedServer.openFirewall = true;
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-unwrapped"
"steam-original"
"steam-run"
];
# AMD GPU configuration
boot.initrd.kernelModules = [ "amdgpu" ];
# AMD OpenCL support
hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
environment.variables = { ROC_ENABLE_PRE_VEGA = "1"; };
# AMD GPU Vulkan support
hardware.graphics = {
enable = true;
enable32Bit = true; # Enable 32-bit application support
};
# VirtualBox virtualization
virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enableExtensionPack = true; # Requires recompilation on every rebuild, disabled for convenience
users.extraGroups.vboxusers.members = [ "yang" ];
# GnuPG configuration
#
# Some programs require SUID wrappers, additional configuration, or user session startup.
# programs.mtr.enable = true; # Uncomment to enable MTR
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true; # Enable SSH agent support
};
# Podman container management
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for Podman to use it as a drop-in replacement
dockerCompat = true;
# Enable DNS for containers under podman-compose
defaultNetwork.settings.dns_enabled = true;
};
};
# Android tools
programs.adb.enable = true;
# Java support
programs.java.enable = true;
# OBS Studio for screen recording and streaming
programs.obs-studio.enable = true;
# AppImage support
programs.appimage = {
enable = true;
binfmt = true; # Enable binary format support
};
# File system configuration
fileSystems."/run/media/yang/linux_ext" = {
device = "/dev/disk/by-uuid/YOUR_PARTITION_UUID";
fsType = "ext4";
options = [
"defaults"
# Note: "users" and "user" imply "noexec", "nosuid", and "nodev"
# References:
# https://help.ubuntu.com/community/Fstab
# https://linux.die.net/man/8/mount
# For exFAT format, specify uid and gid to avoid read-only issues
# "uid=1000"
# "gid=100"
# "fmask=0113"
# "dmask=0002"
"nofail" # Prevent system failure if the drive doesn't mount
];
};
# Enable Ollama service
services.ollama = {
enable = true;
acceleration = "rocm"; # Use AMD GPU acceleration
rocmOverrideGfx = "10.3.0"; # Specify AMD ROCm version
host = "0.0.0.0"; # Listen on all interfaces
openFirewall = true; # Open firewall for this service
};
# Enable Flatpak support
#
# services.flatpak.enable = true;
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# xdg.portal.config.common.default = "gtk";
# Enable KDE Plasma Desktop Environment
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true;
# Enable CUPS for printing
services.printing.enable = true;
# Enable Bluetooth support
hardware.bluetooth.enable = true;
# Power on the default Bluetooth controller at boot
hardware.bluetooth.powerOnBoot = true;
# Enable sound with PipeWire
hardware.pulseaudio.enable = false; # Disable PulseAudio
# services.pulseaudio.enable = false; # New syntax in NixOS 25.05
services.pipewire = {
enable = true; # Enable PipeWire
alsa.enable = true; # Enable ALSA support
alsa.support32Bit = true; # Enable 32-bit ALSA support
pulse.enable = true; # Enable PulseAudio compatibility
jack.enable = true; # Add support for JACK applications
};
# Enable OpenSSH daemon
services.openssh.enable = true;
# Enable Samba for file sharing
services.samba = {
enable = true;
openFirewall = true; # Open firewall for Samba
settings = {
global = {
"workgroup" = "WORKGROUP"; # Set workgroup name
"server string" = "nixos-home"; # Set server description
"netbios name" = "nixos-home"; # Set NetBIOS name
"security" = "user"; # Use user-level security
"guest account" = "nobody"; # Set guest account
};
};
};
# Enable Samba WSDD for network discovery
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
# Enable Avahi for network service discovery
services.avahi = {
enable = true;
nssmdns4 = true; # Enable mDNS for IPv4
openFirewall = true;
};
# Firewall configuration
# networking.firewall.allowedTCPPorts = [ ... ]; # Specify allowed TCP ports
# networking.firewall.allowedUDPPorts = [ ... ]; # Specify allowed UDP ports
# Or disable the firewall altogether.
networking.firewall.enable = false; # Disable the firewall
networking.firewall.allowPing = true; # Allow ping requests
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment