NCrashed/configuration.nix

## configuration.nix
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, lib, pkgs, ... }:
with lib;
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./private-ssh-pipe.nix
    ];
  # Pass through private ssh agent
  services.private-ssh-pipe.enable = true;
  services.private-ssh-pipe.user = "user"; # Here insert name of your user
  services.private-ssh-pipe.user-socket = "/run/user/1000/gnupg/S.gpg-agent.ssh";

  systemd.coredump.enable = true;
  virtualisation.docker.enable = true;

  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
    pidgin-with-plugins = pkgs.pidgin-with-plugins.override {
      plugins = [ pidginotr ];
    };
    hplip = pkgs.hplip.override {
      withPlugin = true;
    };
  };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.luks.devices = [
    {
      name = "root";
      device = "/dev/disk/by-uuid/4c0f8159-a76c-4bf8-92fc-eb9ce43f60c8";
      preLVM = true;
      allowDiscards = true;
    }
  ];


  # SSD support
  # fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
  # Fix bug with lenovo laptops (wifi switcher)
  boot.blacklistedKernelModules = ["ideapad_laptop"];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
  programs.mtr.enable = true;
  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable = true;
  networking.wireless.enable = mkForce false;

  powerManagement.enable = true;
  hardware = {
    enableAllFirmware = true;
    cpu.intel.updateMicrocode = true;
    cpu.amd.updateMicrocode = false;
    facetimehd.enable = true;
    #nvidiaOptimus.disable = true;
    opengl.enable = true;
    opengl.driSupport32Bit = true;
    opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
    opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
    pulseaudio.enable = true;
    pulseaudio.support32Bit = true;
    pulseaudio.daemon.config = {
      flat-volumes = "no";
    };
    bluetooth.enable = true;
  };

  # Select internationalisation properties.
  time.timeZone = "Europe/Moscow";
  #i18n = {
  #  consoleFont = "Lat2-Terminus16";
  #  consoleKeyMap = "us";
  #  defaultLocale = "ru_RU.UTF-8";
  #};
  #i18n.inputMethod = {
  #  enabled = "ibus";
  #  ibus.engines = with pkgs.ibus-engines; [
  #    table
  #    table-others
  #    m17n
  #  ];
  #};

  # Networking
  networking.hostName = "userlaptop";
  networking.hostId = "8425e349";
  networking.extraHosts =
    ''
    '';

  programs.light.enable = true;
  #programs.ssh.startAgent = true;

  environment.systemPackages = with pkgs; [
    wget vimHugeX sudo coreutils
    manpages
    gitAndTools.gitFull
    git-crypt
    iptables nmap tcpdump
    rxvt_unicode
    zlib
    bc
    bash
    fuse3
    ntfs3g
    openvpn
    networkmanager-openvpn
    update-resolv-conf
    htop
    libreoffice
    gimp
    gwenview
    digikam5
    vlc
    ark
    file
    gnupg
    gzip
    unzip

    # kde
    kdeFrameworks.kwallet
    kdeApplications.kwalletmanager
    kdeApplications.spectacle
    kdeFrameworks.kconfig
    kdeFrameworks.kconfigwidgets
    konsole
    dolphin
    kdeApplications.dolphin-plugins
    kwalletcli
    pinentry_qt5
    bluedevil
    kate
    ktorrent
    kdeconnect
    yakuake
    kdeApplications.print-manager
    simple-scan
    okular

    # coding junk
    gcc
    automake
    cmake
    gnumake

    # nix package for nix-shell etc
    binutils
    nix
    nix-prefetch-git
    nixops
    #virtualboxHardened
    #virtualbox
    #linuxPackages_3_10.virtualbox

    # X11 packages
    chromium
    firefoxWrapper
    trayer

    # Comminication programs
    pidgin-with-plugins
    transmission_gtk

    # Font junk
    xfontsel
    xlsfonts

    # Other applications
    dmenu
    xscreensaver
    xclip
    atom
    glxinfo
    tdesktop
    electrum
    steam
    vlc
    rhythmbox
    tigervnc
    pwgen

    # Tor
    tor
    torsocks
    torbrowser
    # need to go about:config page and set browser.tabs.remote.autostart.2 = false
    socat
  ];

  services.openssh.enable = true;
  virtualisation.virtualbox.host.enable = true;

  # User account
  users.extraUsers.user = {
    createHome = true;
    home = "/home/user";
    description = "User";
    extraGroups = ["wheel" "disk" "cdrom" "vboxdusers" "docker" ];
    isSystemUser = false;
    useDefaultShell = true;
  };
  security.sudo.enable = true;

  services.xserver = {
    enable = true;
    #autorun = mkForce false;
    displayManager.slim = {
      enable = true;
    };
    desktopManager.plasma5 = {
      enable = true;
      enableQt4Support = false;
    };

    # Enable touchpad support for many laptops.
    synaptics.enable = true;

    # Russian layout
    xkbModel = "microsoft";
    layout = "us,ru";
    #xkbOptions = "grp:alt_shift_toggle";
  };

  networking.firewall.allowedTCPPorts = [ 22 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.printing.drivers = [ pkgs.hplip ];
  # Enable sound.
  sound.enable = true;

  # Enable touchpad support.
  # services.xserver.libinput.enable = true;

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.nixos.version = "18.09"; # Did you read the comment?

  # Haskell specific binary caches
  nix.binaryCaches = [ "https://cache.nixos.org" "https://nixcache.reflex-frp.org" "ssh://nix-ssh@cache.hxr.team" ];
  nix.binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" "cache.hxr.team-1:hMN5cbH9fBQ/GhiZ4KlT2zXB18+/5AeMae1frHrDtrg=" "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="];
  nix.distributedBuilds = true;
  nix.trustedUsers = [ "root" "user" ];
  nix.requireSignedBinaryCaches = true;
  nix.useSandbox = "relaxed";

  environment.etc."adobe/mms.cfg" = {
    text = ''
      DisableDeviceFontEnumeration = 1
    '';
    mode = "444";
  };

}
	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, lib, pkgs, ... }:
	with lib;
	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	./private-ssh-pipe.nix
	];
	# Pass through private ssh agent
	services.private-ssh-pipe.enable = true;
	services.private-ssh-pipe.user = "user"; # Here insert name of your user
	services.private-ssh-pipe.user-socket = "/run/user/1000/gnupg/S.gpg-agent.ssh";

	systemd.coredump.enable = true;
	virtualisation.docker.enable = true;

	nixpkgs.config.allowUnfree = true;
	nixpkgs.config.packageOverrides = pkgs: with pkgs; {
	pidgin-with-plugins = pkgs.pidgin-with-plugins.override {
	plugins = [ pidginotr ];
	};
	hplip = pkgs.hplip.override {
	withPlugin = true;
	};
	};

	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;
	boot.initrd.luks.devices = [
	{
	name = "root";
	device = "/dev/disk/by-uuid/4c0f8159-a76c-4bf8-92fc-eb9ce43f60c8";
	preLVM = true;
	allowDiscards = true;
	}
	];


	# SSD support
	# fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
	# Fix bug with lenovo laptops (wifi switcher)
	boot.blacklistedKernelModules = ["ideapad_laptop"];

	# Some programs need SUID wrappers, can be configured further or are
	# started in user sessions.
	programs.bash.enableCompletion = true;
	programs.mtr.enable = true;
	programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

	# Enables wireless support via wpa_supplicant.
	networking.networkmanager.enable = true;
	networking.wireless.enable = mkForce false;

	powerManagement.enable = true;
	hardware = {
	enableAllFirmware = true;
	cpu.intel.updateMicrocode = true;
	cpu.amd.updateMicrocode = false;
	facetimehd.enable = true;
	#nvidiaOptimus.disable = true;
	opengl.enable = true;
	opengl.driSupport32Bit = true;
	opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
	opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
	pulseaudio.enable = true;
	pulseaudio.support32Bit = true;
	pulseaudio.daemon.config = {
	flat-volumes = "no";
	};
	bluetooth.enable = true;
	};

	# Select internationalisation properties.
	time.timeZone = "Europe/Moscow";
	#i18n = {
	# consoleFont = "Lat2-Terminus16";
	# consoleKeyMap = "us";
	# defaultLocale = "ru_RU.UTF-8";
	#};
	#i18n.inputMethod = {
	# enabled = "ibus";
	# ibus.engines = with pkgs.ibus-engines; [
	# table
	# table-others
	# m17n
	# ];
	#};

	# Networking
	networking.hostName = "userlaptop";
	networking.hostId = "8425e349";
	networking.extraHosts =
	''
	'';

	programs.light.enable = true;
	#programs.ssh.startAgent = true;

	environment.systemPackages = with pkgs; [
	wget vimHugeX sudo coreutils
	manpages
	gitAndTools.gitFull
	git-crypt
	iptables nmap tcpdump
	rxvt_unicode
	zlib
	bc
	bash
	fuse3
	ntfs3g
	openvpn
	networkmanager-openvpn
	update-resolv-conf
	htop
	libreoffice
	gimp
	gwenview
	digikam5
	vlc
	ark
	file
	gnupg
	gzip
	unzip

	# kde
	kdeFrameworks.kwallet
	kdeApplications.kwalletmanager
	kdeApplications.spectacle
	kdeFrameworks.kconfig
	kdeFrameworks.kconfigwidgets
	konsole
	dolphin
	kdeApplications.dolphin-plugins
	kwalletcli
	pinentry_qt5
	bluedevil
	kate
	ktorrent
	kdeconnect
	yakuake
	kdeApplications.print-manager
	simple-scan
	okular

	# coding junk
	gcc
	automake
	cmake
	gnumake

	# nix package for nix-shell etc
	binutils
	nix
	nix-prefetch-git
	nixops
	#virtualboxHardened
	#virtualbox
	#linuxPackages_3_10.virtualbox

	# X11 packages
	chromium
	firefoxWrapper
	trayer

	# Comminication programs
	pidgin-with-plugins
	transmission_gtk

	# Font junk
	xfontsel
	xlsfonts

	# Other applications
	dmenu
	xscreensaver
	xclip
	atom
	glxinfo
	tdesktop
	electrum
	steam
	vlc
	rhythmbox
	tigervnc
	pwgen

	# Tor
	tor
	torsocks
	torbrowser
	# need to go about:config page and set browser.tabs.remote.autostart.2 = false
	socat
	];

	services.openssh.enable = true;
	virtualisation.virtualbox.host.enable = true;

	# User account
	users.extraUsers.user = {
	createHome = true;
	home = "/home/user";
	description = "User";
	extraGroups = ["wheel" "disk" "cdrom" "vboxdusers" "docker" ];
	isSystemUser = false;
	useDefaultShell = true;
	};
	security.sudo.enable = true;

	services.xserver = {
	enable = true;
	#autorun = mkForce false;
	displayManager.slim = {
	enable = true;
	};
	desktopManager.plasma5 = {
	enable = true;
	enableQt4Support = false;
	};

	# Enable touchpad support for many laptops.
	synaptics.enable = true;

	# Russian layout
	xkbModel = "microsoft";
	layout = "us,ru";
	#xkbOptions = "grp:alt_shift_toggle";
	};

	networking.firewall.allowedTCPPorts = [ 22 ];
	# networking.firewall.allowedUDPPorts = [ ... ];
	# Or disable the firewall altogether.
	# networking.firewall.enable = false;

	# Enable CUPS to print documents.
	services.printing.enable = true;
	services.printing.drivers = [ pkgs.hplip ];
	# Enable sound.
	sound.enable = true;

	# Enable touchpad support.
	# services.xserver.libinput.enable = true;

	# This value determines the NixOS release with which your system is to be
	# compatible, in order to avoid breaking some software such as database
	# servers. You should change this only after NixOS release notes say you
	# should.
	system.nixos.version = "18.09"; # Did you read the comment?

	# Haskell specific binary caches
	nix.binaryCaches = [ "https://cache.nixos.org" "https://nixcache.reflex-frp.org" "ssh://nix-ssh@cache.hxr.team" ];
	nix.binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" "cache.hxr.team-1:hMN5cbH9fBQ/GhiZ4KlT2zXB18+/5AeMae1frHrDtrg=" "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="];
	nix.distributedBuilds = true;
	nix.trustedUsers = [ "root" "user" ];
	nix.requireSignedBinaryCaches = true;
	nix.useSandbox = "relaxed";

	environment.etc."adobe/mms.cfg" = {
	text = ''
	DisableDeviceFontEnumeration = 1
	'';
	mode = "444";
	};

	}