{ config, lib, pkgs, ... }:
# usual environment, as a thin OS
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
imports = [ ./users.nix ];
security.sudo.wheelNeedsPassword = false;
boot.initrd.availableKernelModules = [
"xhi_pci" "ehci_pci" "ahci"
"usb_storage" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [];
fileSystems."/boot".device = "/dev/disk/by-label/boot";
fileSystems."/boot".fsType = "vfat";
fileSystems."/".device = "/dev/disk/by-label/nixos";
fileSystems."/".fsType = "ext4";
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
networking.hostName = "helium";
networking.networkmanager.enable = true;
time.timeZone = "America/New_York";
location.latitude = 40.80;
location.longitude = -81.52;
fonts.fonts = with pkgs; [
google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
fira fira-code fira-code-symbols
];
environment.systemPackages = [
];
nixpkgs = {
config = {
allowUnfree = true;
allowBroken = true;
};
};
hardware.enableAllFirmware = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.package = pkgs.bluezFull;
# hardware.acpilight.enable = true;
hardware.brillo.enable = true;
hardware.opengl.enable = true;
hardware.pulseaudio = {
enable = true;
extraConfig = ''
load-module module-loopback
'';
};
sound.enable = true;
sound.mediaKeys.enable = true;
programs = {
bash.enableCompletion = true;
command-not-found.enable = true;
light.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
mosh.enable = true;
ssh.agentTimeout = "1h";
};
services = {
pcscd.enable = true;
logind.lidSwitch = "suspend";
logind.extraConfig = "IdleAction=lock";
clight.enable = true;
clight.temperature.day = 5000;
clight.temperature.night = 2300;
printing.enable = true;
xserver.enable = true;
xserver.autorun = true;
xserver.layout = "us";
xserver.libinput.enable = true;
xserver.xkbOptions = "caps:ctrl_modifier";
xserver.displayManager.sddm.enable = true;
xserver.windowManager.xmonad.enable = true;
xserver.desktopManager.xterm.enable = true;
xserver.xautolock.enable = true;
xserver.xautolock.enableNotifier = true;
xserver.xautolock.notifier = "${pkgs.libnotify}/bin/notify-send 'locking in 10 seconds'";
xserver.xautolock.nowlocker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password";
xserver.xautolock.locker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password";
vnstat.enable = true;
# security stuff
fail2ban.enable = true;
clamav.daemon.enable = true;
clamav.updater.enable = true;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
powerManagement.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
nix.nixPath = [
"nixpkgs=${nixpkgs}"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
nix.gc.automatic = false;
nix.gc.dates = "03:15";
nix.binaryCaches = [ "https://cache.nixos.org/" ];
nix.extraOptions = ''
builders-use-substitutes = true
'';
nix.maxJobs = lib.mkDefault 4;
nix.buildMachines = [
{
hostName = "192.168.1.42";
sshUser = "ben";
sshKey = "/home/ben/.ssh/id_rsa";
system = "x86_64-linux";
}
{
hostName = "dev.simatime.com";
sshUser = "ben";
sshKey = "/home/ben/.ssh/id_rsa";
system = "x86_64-linux";
}
];
nix.distributedBuilds = true;
nix.trustedUsers = [ "root" "ben" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
system.autoUpgrade.enable = true;
}