# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, inputs, ... }: let sops = builtins.fetchTarball { url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz"; sha256 = "1wzm5hs3cda6l7q9ls5nw16bifb00v5kan1xcab57bb5fg6qqnyb"; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix (import "${sops}/modules/sops") ]; nixpkgs.config.allowUnfree = true; nix = { gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; extraOptions = '' min-free = ${toString (1024 * 300 * 1024 * 1024)} max-free = ${toString (1024 * 20 * 1024 * 1024)} ''; }; systemd.services.nix-channel-update = { description = "Update nix channels"; wants = ["network-online.target"]; after = ["network-online.target"]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.nix}/bin/nix-channel --update"; ExecStartPre = "${pkgs.systemd}/bin/systemctl is-active network-online.target"; }; startAt = "weekly"; unitConfig = { ConditionACPower = true; ConditionPathExists = "!/var/lib/NetworkManager/NetworkManager-intern.conf"; }; }; # Bootloader. boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { # grub = { # splashImage = "/etc/nixos/dotfiles/ferris.png"; # }; systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd.luks.devices."luks-368f684f-d514-405f-a909-fb4488d19183".device = "/dev/disk/by-uuid/368f684f-d514-405f-a909-fb4488d19183"; }; nix.settings.experimental-features = ["nix-command" "flakes"]; networking = { hostName = "scbnb"; # Define your hostname. networkmanager.enable = true; firewall.allowedTCPPorts = [ 8080 ]; }; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; }; # Enable Docker virtualisation.docker.enable = true; # Alternatively, specify docker group members directly # users.extraGroups.docker.members = [ "username-with-access-to-socket" ]; # Configure storage driver (optional, e.g., for btrfs) # virtualisation.docker.storageDriver = "btrfs"; # Enable rootless Docker (optional) virtualisation.docker.rootless = { enable = true; setSocketVariable = true; }; # Change Docker daemon's data root (optional) # virtualisation.docker.daemon.settings = { # data-root = "/some-place/to-store-the-docker-data"; # }; # Use Arion for Docker Compose-like functionality (optional) # modules = [ arion.nixosModules.arion ]; # virtualisation.arion = { # Arion configuration goes here # }; services = { pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # displayManager.sddm = { # enable = true; # theme = "${import ./sddm-theme-dawn.nix {inherit pkgs;}}"; # }; xserver = { enable = true; desktopManager.gnome = { enable = true; extraGSettingsOverrides = '' [org.gnome.desktop.interface] color-scheme='prefer-dark' ''; }; displayManager.gdm = { enable = true; wayland = true; # extraConfig = '' # [org.gnome.desktop.interface] # gtk-theme='Adwaita-dark' # ''; }; xkb = { layout = "us,de"; variant = ","; options = "grp:alt_shift_toggle"; }; excludePackages = (with pkgs; [ nano xterm epiphany cheese geary totem gnome-music tali iagno hitori atomix ]); }; # Enable CUPS to print documents. printing = { enable = true; drivers = [ pkgs.gutenprint ]; }; }; # Enable sound with pipewire. # sound.enable = true; services.pulseaudio.enable = false; security.rtkit.enable = true; users.groups.fsc = { gid = 1010; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.itsscb = { isNormalUser = true; uid = 1000; description = "itsscb"; extraGroups = ["networkmanager" "wheel" "fsc" "docker"]; packages = with pkgs; [ ]; }; users.users."k.sc" = { isNormalUser = true; uid = 1001; description = "k.sc"; extraGroups = ["networkmanager" "fsc"]; packages = with pkgs; [ ]; }; fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; programs = { neovim = { enable = true; defaultEditor = true; }; steam = { enable = true; }; # hyprland = { # enable = true; # xwayland.enable = true; # }; }; environment = { sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; NIXOS_OZONE_WL = "1"; PATH = ["~/.cargo/bin" "$PATH"]; }; variables = { EDITOR = "zeditor"; XCURSOR_THEME = "Adwaita"; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; }; }; hardware = { graphics.enable = true; nvidia.modesetting.enable = true; printers = { ensurePrinters = [ { name = "ITSP0001"; # deviceUri = "ipp://192.168.128.3/ipp/print"; deviceUri = "socket://192.168.128.3"; # model = "Kyocera/Kyocera-ECOSYS-M5526cdn.ppd.gz"; model = "drv:///sample.drv/generic.ppd"; # model = "Kyocera/Kyocera-FS-1025MFP-KPDL-en.ppd.gz"; } ]; }; }; home-manager = { backupFileExtension = "backup"; users = { "itsscb" = import ./home.nix; "root" = { home.stateVersion = "24.11"; home.file.".config/helix".source = ./dotfiles/helix; programs.bash = { enable = true; shellAliases = { ls = "eza -l --git"; grep = "rg"; cat = "bat"; }; }; }; }; }; xdg = { portal.enable = true; mime = { defaultApplications = { "text/html" = "chromium-browser.desktop"; "application/pdf" = "org.gnome.Evince.desktop"; "text/plain" = "Helix.desktop"; "image/png" = "org.gnome.Loupe.desktop"; "image/jpeg" = "org.gnome.Loupe.desktop"; "image/gif" = "org.gnome.Loupe.desktop"; "image/jpg" = "org.gnome.Loupe.desktop"; "video/mp4" = "vlc.desktop"; "audio/mpeg" = "vlc.desktop"; "x-scheme-handler/http" = "chromium-browser.desktop"; "x-scheme-handler/https" = "chromium-browser.desktop"; "inode/directory" = "nemo.desktop"; }; }; }; qt.enable = true; environment.systemPackages = with pkgs; [ rustup # rustc # cargo # clippy # rustfmt # rust-analyzer gcc # nix specific ## Secrets Manager sops # Password Manager keepassxc ## nix formatter alejandra # Encryption age # SDDM Login Screen requirements libsForQt5.qt5.qtquickcontrols2 libsForQt5.qt5.qtgraphicaleffects # Hyprland / Window Manager # xdg-desktop-portal-gtk # xdg-desktop-portal-hyprland ## App Starter # rofi-wayland ## Network Settings # networkmanagerapplet # Audio Settings # pavucontrol ## Bluetooth Settings # blueman ## Lockscreen # hyprlock ## Top Bar # waybar # ( # waybar.overrideAttrs (oldAttrs: { # mesonFlags = oldAttrs.mesonFlags ++ ["-Dexperimental=true"]; # }) # ) ## ??? # dunst ## Notification Daemon (?) # libnotify ## File Manager # dolphin nemo kdePackages.breeze-icons ## ??? # swww # Clipboard Manager xclip # xsel # wl-clipboard unzip # Image Manipulation inkscape gimp # Office libreoffice # Video ffmpeg vlc # Music spotify # Terminal alacritty kitty ## 'ls' replacement eza ## 'cat' replacement bat ## 'grep' replacement ripgrep ## 'find' replacement fd lazygit ## Default Tools curl gitFull # git # broot # file manager yazi # file manager jq # json tool poppler # ??? fzf # ??? # Editor helix vscode zed-editor docker-compose # Mail Client thunderbird google-chrome ]; sops.validateSopsFiles = false; sops.defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; sops.defaultSopsFormat = "yaml"; sops.age.keyFile = "/home/itsscb/.config/sops/age/keys.txt"; sops.secrets."nas" = { owner = config.users.users.itsscb.name; }; sops.secrets."git" = { owner = config.users.users.itsscb.name; path = "${config.users.users.itsscb.home}/.config/git/credentials-git"; }; sops.secrets."gitea" = { owner = config.users.users.itsscb.name; path = "${config.users.users.itsscb.home}/.config/git/credentials-gitea"; }; sops.secrets."kagi" = { owner = config.users.users.itsscb.name; path = "${config.users.users.itsscb.home}/.config/kagi/token"; }; programs.chromium = { enable = true; homepageLocation = "https://perplexity.ai"; extraOpts = { syncDisabled = true; BrowserSignin = 0; PasswordManagerEnabled = false; SpellcheckEnabled = false; }; defaultSearchProviderEnabled = true; # defaultSearchProviderSearchURL = "https://perplexity.ai/search?q={searchTerms}"; defaultSearchProviderSearchURL = "https://kagi.com/search?token=${builtins.readFile "${config.users.users.itsscb.home}/.config/kagi/token"}&q={searchTerms}"; }; fileSystems = { "/mnt/home" = { device = "//192.168.128.2/Cloud_Privat"; fsType = "cifs"; # label = "HOME"; options = let automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user"; in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"]; }; "/mnt/music" = { device = "//192.168.128.2/music"; fsType = "cifs"; # label = "HOME"; options = let automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user"; in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"]; }; "/mnt/scan" = { device = "//192.168.128.2/scan"; fsType = "cifs"; options = let automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user"; in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"]; }; "/mnt/shared" = { device = "//192.168.128.2/shared"; fsType = "cifs"; options = let automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user"; in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"]; }; }; programs.nix-ld.enable = true; programs.nix-ld.libraries = with pkgs; [ # Add any missing dynamic libraries for unpackaged # programs here, NOT in environment.systemPackages ]; system.stateVersion = "23.11"; # Did you read the comment? }