Skip to content

Instantly share code, notes, and snippets.

@mikelane

mikelane/configuration.nix

Created March 29, 2024 00:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mikelane/4ad0c97aa21389de5549d5451be50a5e to your computer and use it in GitHub Desktop.
Save mikelane/4ad0c97aa21389de5549d5451be50a5e to your computer and use it in GitHub Desktop.
Download ZIP
$HOME/hosts/desktop/configuration.nix
Raw
configuration.nix
{ config, lib, pkgs, helix, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
../../openrgb
];
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "mikelane" "@wheel" ];
auto-optimise-store = true;
};
hardware = {
i2c.enable = true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = true;
prime = {
sync.enable = true;
amdgpuBusId = "PCI:18:0:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
pulseaudio.enable = false;
};
# Bootloader.
boot = {
kernelModules = [ "i2c-dev" "i2c-piix4" "igc" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
networking.hostName = "desktop"; # Define your hostname.
networking.networkmanager.enable = true;
time.timeZone = "America/Los_Angeles";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
sound.enable = true;
virtualisation.docker.enable = true;
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = lib.mkForce pkgs.pinentry-qt;
};
tmux = {
enable = true;
clock24 = true;
};
mtr.enable = true;
zsh.enable = true;
};
users = {
defaultUserShell = pkgs.zsh;
users.mikelane = {
isNormalUser = true;
description = "mikelane";
extraGroups = [ "networkmanager" "wheel" "docker" "input" ];
};
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"nix-2.15.3"
];
environment = {
shells = with pkgs; [ zsh ];
shellAliases = {
pbcopy = "xclip -sel clip";
pbpaste = "xclip -selection clipboard -o";
};
pathsToLink = [ "~/.zsh/completions" ];
systemPackages = with pkgs; [
age
curl
gcc
git
git-credential-1password
glxinfo
(jetbrains.plugins.addPlugins jetbrains.datagrip [ "github-copilot" ])
(jetbrains.plugins.addPlugins jetbrains.idea-ultimate [ "github-copilot" ])
jetbrains.jdk
(jetbrains.plugins.addPlugins jetbrains.pycharm-professional [ "github-copilot" "nixidea" ])
(jetbrains.plugins.addPlugins jetbrains.webstorm [ "github-copilot" ])
jetbrains-toolbox
openrgb-with-all-plugins
openssl
pciutils
wget
xclip
];
variables = {
EDITOR = "nvim";
HOSTNAME = "desktop";
FART = "9001";
};
};
age.secrets = {
openai_api_key = {
file = ../../secrets/openai_api_key.age;
owner = "mikelane";
group = "wheel";
mode = "440";
};
};
fonts.packages = with pkgs; [
nerdfonts
];
services = {
blueman.enable = true; # pair and manage bluetooth devices
openssh.enable = true; # Enable the OpenSSH daemon.
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
printing.enable = true; # Enable CUPS to print documents.
udev.extraRules = ''
SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
'';
xserver = {
enable = true;
xkb = {
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
};
};
security = {
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "65536";
}];
# NOTE: You must copy these files from github:RewstApp/infrastructure/development/certs
# to be in the same directory as the configuration.nix file in order for these certs
# to be added properly. They will get concatenated into /etc/ssl/certs/ca-certificates.crt
# Ref: https://search.nixos.org/options?channel=unstable&show=security.pki.certificateFiles&from=0&size=50&sort=relevance&type=packages&query=security.pki.certificateFiles
pki.certificateFiles = [
../../rewst/nginx/certs/trust-root-ca.pem
];
polkit.enable = true;
rtkit.enable = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment