thoth.ptnote.dev / nixos-config
the configuration for all my nixos machines (hacky! bad! ugly!)
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

initial commit

Joshua Barrett 48343131

+289
+27
flake.lock
··· 1 + { 2 + "nodes": { 3 + "nixpkgs": { 4 + "locked": { 5 + "lastModified": 1771574726, 6 + "narHash": "sha256-D1PA3xQv/s4W3lnR9yJFSld8UOLr0a/cBWMQMXS+1Qg=", 7 + "owner": "NixOS", 8 + "repo": "nixpkgs", 9 + "rev": "c217913993d6c6f6805c3b1a3bda5e639adfde6d", 10 + "type": "github" 11 + }, 12 + "original": { 13 + "owner": "NixOS", 14 + "ref": "nixos-25.11", 15 + "repo": "nixpkgs", 16 + "type": "github" 17 + } 18 + }, 19 + "root": { 20 + "inputs": { 21 + "nixpkgs": "nixpkgs" 22 + } 23 + } 24 + }, 25 + "root": "root", 26 + "version": 7 27 + }
+12
flake.nix
··· 1 + { 2 + inputs = { 3 + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; 4 + }; 5 + 6 + outputs = {self, nixpkgs, ...}: { 7 + nixosConfigurations.prospero = nixpkgs.lib.nixosSystem { 8 + system = "x86_64-linux"; 9 + modules = [ ./prospero/configuration.nix ]; 10 + }; 11 + }; 12 + }
+209
prospero/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page 3 + # and in the NixOS manual (accessible by running ‘nixos-help’). 4 + 5 + { config, lib, pkgs, ... }: 6 + 7 + { 8 + nixpkgs.overlays = [ (final: prev: { 9 + inherit (prev.lixPackageSets.stable) 10 + nixpkgs-review 11 + nix-eval-jobs 12 + nix-fast-build 13 + colmena; 14 + }) ]; 15 + nix.package = pkgs.lixPackageSets.stable.lix; 16 + nix.settings.experimental-features = ["nix-command" "flakes"]; 17 + imports = 18 + [ # Include the results of the hardware scan. 19 + ./hardware-configuration.nix 20 + ]; 21 + hardware.bluetooth.enable = true; 22 + # Bootloader. 23 + boot.loader.systemd-boot.enable = true; 24 + boot.loader.efi.canTouchEfiVariables = true; 25 + 26 + # Use latest kernel. 27 + boot.kernelPackages = pkgs.linuxPackages_latest; 28 + 29 + # Living on the edge! 30 + # (no but seriously this is a personal machine I use for dev. There's no reason 31 + # NOT to do this) 32 + boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0; 33 + 34 + networking.hostName = "prospero"; # Define your hostname. 35 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 36 + 37 + # Configure network proxy if necessary 38 + # networking.proxy.default = "http://user:password@proxy:port/"; 39 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 40 + 41 + # Enable networking 42 + networking.networkmanager.enable = true; 43 + 44 + virtualisation = { 45 + containers.enable = true; 46 + docker = { 47 + enable = true; 48 + }; 49 + }; 50 + 51 + systemd.services."user@".serviceConfig.Delegate="cpu cpuset io memory pids"; 52 + 53 + systemd.packages = [( 54 + pkgs.writeTextFile { 55 + name = "delegate.conf"; 56 + text = '' 57 + [Service] 58 + Delegate=yes 59 + ''; 60 + destination = "/etc/systemd/system/user@.service.d/delegate.conf"; 61 + } 62 + )]; 63 + 64 + # Set your time zone. 65 + time.timeZone = "America/New_York"; 66 + 67 + # Select internationalisation properties. 68 + i18n.defaultLocale = "en_US.UTF-8"; 69 + 70 + i18n.extraLocaleSettings = { 71 + LC_ADDRESS = "en_US.UTF-8"; 72 + LC_IDENTIFICATION = "en_US.UTF-8"; 73 + LC_MEASUREMENT = "en_US.UTF-8"; 74 + LC_MONETARY = "en_US.UTF-8"; 75 + LC_NAME = "en_US.UTF-8"; 76 + LC_NUMERIC = "en_US.UTF-8"; 77 + LC_PAPER = "en_US.UTF-8"; 78 + LC_TELEPHONE = "en_US.UTF-8"; 79 + LC_TIME = "en_US.UTF-8"; 80 + }; 81 + 82 + # Enable the X11 windowing system. 83 + # You can disable this if you're only using the Wayland session. 84 + services.xserver.enable = true; 85 + 86 + # Enable the KDE Plasma Desktop Environment. 87 + services.displayManager.sddm.enable = true; 88 + services.desktopManager.plasma6.enable = true; 89 + 90 + # Configure keymap in X11 91 + services.xserver.xkb = { 92 + layout = "us"; 93 + variant = ""; 94 + }; 95 + 96 + # Enable CUPS to print documents. 97 + services.printing.enable = true; 98 + 99 + # Enable sound with pipewire. 100 + services.pulseaudio.enable = false; 101 + security.rtkit.enable = true; 102 + services.pipewire = { 103 + enable = true; 104 + alsa.enable = true; 105 + alsa.support32Bit = true; 106 + pulse.enable = true; 107 + # If you want to use JACK applications, uncomment this 108 + #jack.enable = true; 109 + 110 + # use the example session manager (no others are packaged yet so this is enabled by default, 111 + # no need to redefine it in your config for now) 112 + #media-session.enable = true; 113 + }; 114 + 115 + # Enable touchpad support (enabled default in most desktopManager). 116 + # services.xserver.libinput.enable = true; 117 + 118 + # Define a user account. Don't forget to set a password with ‘passwd’. 119 + users.users.joshua = { 120 + subUidRanges = [ { startUid = 100000; count = 65536; } ]; 121 + subGidRanges = [ { startGid = 100000; count = 65536; } ]; 122 + isNormalUser = true; 123 + description = "Joshua Barrett"; 124 + shell = pkgs.zsh; 125 + extraGroups = [ "networkmanager" "wheel" "docker" ]; 126 + packages = with pkgs; [ 127 + 128 + ]; 129 + }; 130 + 131 + # Install firefox. 132 + programs.firefox.enable = true; 133 + programs.zsh.enable = true; 134 + programs.foot.enable = true; 135 + # Install steam 136 + programs.steam = { 137 + enable = true; 138 + remotePlay.openFirewall = true; 139 + localNetworkGameTransfers.openFirewall = true; 140 + }; 141 + 142 + # Allow unfree packages 143 + nixpkgs.config.allowUnfree = true; 144 + 145 + # List packages installed in system profile. To search, run: 146 + # $ nix search wget 147 + environment.systemPackages = with pkgs; [ 148 + gcc 149 + gnumake 150 + bison 151 + flex 152 + autoconf 153 + automake 154 + libtool 155 + discord 156 + calibre 157 + libreoffice 158 + enchant 159 + rustup 160 + pkg-config 161 + passt 162 + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. 163 + # wget 164 + ]; 165 + 166 + # Some programs need SUID wrappers, can be configured further or are 167 + # started in user sessions. 168 + programs.git.enable = true; 169 + programs.ssh.startAgent = true; 170 + 171 + # programs.mtr.enable = true; 172 + # programs.gnupg.agent = { 173 + # enable = true; 174 + # enableSSHSupport = true; 175 + # }; 176 + 177 + # List services that you want to enable: 178 + # Enable the OpenSSH daemon. 179 + # services.openssh.enable = true; 180 + # syncthing gets run as a user service, but we need the ports open up here 181 + services.syncthing.openDefaultPorts = true; 182 + # Open ports in the firewall. 183 + # networking.firewall.allowedTCPPorts = [ ... ]; 184 + # networking.firewall.allowedUDPPorts = [ ... ]; 185 + # Or disable the firewall altogether. 186 + networking.nftables.enable = true; 187 + networking.firewall = { 188 + enable = true; 189 + trustedInterfaces = [ "tailscale0" ]; 190 + allowedUDPPorts = [ config.services.tailscale.port ]; 191 + }; 192 + 193 + systemd.services.tailscaled.serviceConfig.Environment = [ 194 + "TS_DEBUG_FIREWALL_MODE=nftables" 195 + ]; 196 + services.tailscale.enable = true; 197 + services.resolved.enable = true; 198 + systemd.network.wait-online.enable = false; 199 + boot.initrd.systemd.network.wait-online.enable = false; 200 + 201 + # This value determines the NixOS release from which the default 202 + # settings for stateful data, like file locations and database versions 203 + # on your system were taken. It‘s perfectly fine and recommended to leave 204 + # this value at the release version of the first install of this system. 205 + # Before changing this value read the documentation for this option 206 + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 207 + system.stateVersion = "25.05"; # Did you read the comment? 208 + 209 + }
+41
prospero/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ (modulesPath + "/installer/scan/not-detected.nix") 9 + ]; 10 + 11 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; 12 + boot.initrd.kernelModules = [ ]; 13 + boot.kernelModules = [ "kvm-amd" ]; 14 + boot.extraModulePackages = [ ]; 15 + 16 + fileSystems."/" = 17 + { device = "/dev/disk/by-uuid/c3671d1e-92a3-43de-a52f-e649cf309931"; 18 + fsType = "ext4"; 19 + }; 20 + 21 + fileSystems."/boot" = 22 + { device = "/dev/disk/by-uuid/A250-67DA"; 23 + fsType = "vfat"; 24 + options = [ "fmask=0077" "dmask=0077" ]; 25 + }; 26 + 27 + swapDevices = 28 + [ { device = "/dev/disk/by-uuid/af095409-4c04-4b58-a20f-3a47bce0eb82"; } 29 + ]; 30 + 31 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 32 + # (the default) this is the recommended approach. When using systemd-networkd it's 33 + # still possible to use this option, but it's recommended to use it in conjunction 34 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 35 + networking.useDHCP = lib.mkDefault true; 36 + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; 37 + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; 38 + 39 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 40 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 41 + }