-
-
Save dejanr/967aaa13f8be1deed3e1239e18a2bd6d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ lib, config, pkgs, ... }: | |
let | |
username = "dejanr"; | |
unstableTarball = fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; | |
githubKeys = builtins.fetchurl { | |
name = "github-ssh-keys"; | |
url = "https://api.github.com/users/${username}/keys"; | |
sha256 = "1z8kphz22dhr06kfdwbkl5904mbvmp2a6c0jr76s9d3b6bcif0hq"; | |
}; | |
in | |
{ | |
nix.nixPath = [ | |
"nixos=channel:nixos" | |
"nixos-hardware=https://github.com/NixOS/nixos-hardware/archive/master.tar.gz" | |
"nixpkgs=channel:nixpkgs-unstable" | |
"nixos-config=/etc/nixos/configuration.nix" | |
"nixpkgs-overlays=/home/${username}/.config/nixpkgs/overlays" | |
]; | |
nix.extraOptions = '' | |
gc-keep-outputs = false | |
gc-keep-derivations = false | |
auto-optimise-store = true | |
''; | |
nix.binaryCaches = [ https://cache.nixos.org ]; | |
nix.trustedUsers = [ "${username}" "root" ]; | |
nixpkgs.config = { | |
allowUnfree = true; | |
allowBroken = true; | |
allowUnsupportedSystem = true; | |
android_sdk.accept_license = true; | |
packageOverrides = pkgs: { | |
unstable = import unstableTarball { | |
config = config.nixpkgs.config; | |
}; | |
}; | |
}; | |
nixpkgs.overlays = | |
let | |
paths = [ | |
../overlays | |
]; | |
in with builtins; | |
concatMap (path: | |
(map (n: import (path + ("/" + n))) | |
(filter (n: match ".*\\.nix" n != null || | |
pathExists (path + ("/" + n + "/default.nix"))) | |
(attrNames (readDir path))))) paths; | |
time.timeZone = "Europe/Berlin"; | |
fonts = { | |
enableFontDir = true; | |
fonts = with pkgs; [ | |
pragmatapro | |
]; | |
}; | |
environment.systemPackages = with pkgs; [ | |
# scripts | |
t | |
wm-lock | |
wm-wallpaper | |
music | |
# nixpkgs | |
apg # Tools for random password generation | |
bash | |
grobi # Automatically configure monitors/outputs for Xorg via RANDR | |
bash-completion | |
nix-bash-completions | |
haskellPackages.gitHUD # command-line HUD for git repos | |
linuxPackages.cpupower # Tool to examine and tune power saving features | |
wget # Tool for retrieving files | |
unstable.neovim | |
unstable.vimHugeX | |
rsync # A fast incremental file transfer utility | |
unzip # An extraction utility for archives compressed in .zip format | |
zip # Compressor/archiver for creating and modifying zipfiles | |
gitAndTools.gitFull # Distributed version control system | |
gitAndTools.diff-so-fancy # Good looking diffs | |
htop # An interactive process viewer for Linux | |
pixz # A parallel compressor/decompressor for xz format | |
psmisc # A set of small useful utilities that use the proc filesystem (such as fuser, killall and pstree) | |
pwgen # Password generator which creates passwords which can be easily memorized by a human | |
tmux # Terminal multiplexer | |
bc # GNU software calculator | |
nixops # NixOS cloud provisioning and deployment tool | |
rxvt | |
rxvt_unicode | |
urxvt_vtwheel | |
urxvt_font_size | |
urxvt_perl | |
urxvt_perls | |
font-manager # Simple font management for GTK+ desktop environments | |
gnome3.gnome_keyring | |
keychain | |
kdeApplications.kleopatra | |
]; | |
security.pam.services.lightdm.enableGnomeKeyring = true; | |
programs.gnupg.agent.enable = true; | |
users = { | |
mutableUsers = true; | |
users.dejanr = { | |
description = "Dejan Ranisavljevic"; | |
name = "dejanr"; | |
group = "users"; | |
extraGroups = [ | |
"lp" "kmem" | |
"wheel" "disk" | |
"audio" "video" | |
"networkmanager" | |
"systemd-journal" | |
"vboxusers" "docker" | |
"utmp" "adm" "input" | |
"tty" "floppy" "uucp" | |
"cdrom" "tape" "dialout" | |
"libvirtd" | |
"transmission" "plex" | |
"adbusers" | |
]; | |
shell = "/run/current-system/sw/bin/bash"; | |
home = "/home/dejanr"; | |
createHome = true; | |
openssh.authorizedKeys.keys = builtins.map (x: x.key) (builtins.fromJSON (builtins.readFile githubKeys)); | |
}; | |
}; | |
#services.openssh.authorizedKeysFiles = ["/home/dejanr/.ssh/authorized_keys" "/etc/nixos/authorized_keys"]; | |
programs.mosh.enable = true; | |
programs.vim.defaultEditor = true; | |
programs.ssh.startAgent = true; | |
programs.bash.enableCompletion = true; | |
networking = { | |
networkmanager.enable = true; | |
firewall = { | |
enable = true; | |
allowPing = true; | |
allowedTCPPorts = [ # incoming connections allowed | |
22 # ssh | |
9418 # tor | |
25565 # minecraft server | |
80 | |
443 | |
631 # CUPS ports | |
3000 | |
4000 | |
5000 | |
]; | |
allowedTCPPortRanges = [ | |
# castnow | |
{ from = 4100; to = 4105; } | |
]; | |
allowedUDPPorts = [ | |
631 # CUPS ports | |
5353 | |
4445 # minecraft discovery | |
]; | |
allowedUDPPortRanges = []; | |
connectionTrackingModules = []; | |
}; | |
}; | |
i18n = { | |
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; | |
consoleKeyMap = "us"; | |
defaultLocale = "en_US.UTF-8"; | |
supportedLocales = [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" "sr_RS@latin/UTF-8" ]; | |
}; | |
security.sudo.wheelNeedsPassword = false; | |
security.polkit.enable = true; | |
security.rtkit.enable = true; | |
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; | |
security.pam.loginLimits = [{ | |
domain = "*"; | |
type = "soft"; | |
item = "nofile"; | |
value = "4096"; | |
}]; | |
powerManagement.resumeCommands = '' | |
sudo systemctl restart fancontrol | |
''; | |
} |
@tilpner thanks, i was just about to remove all unstable namespace override, and just rely on nixos-unstable channel.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You left too quickly, but
"nixpkgs=channel:nixpkgs-unstable"
is dangerous. nixpkgs-unstable receives no NixOS-specific testing, and may eat your data or at least force you to boot a previous generation. Prefer nixos-unstable on NixOS.