1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
|
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.initrd.kernelModules = [ "amdgpu" "zfs" ];
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.generationsDir.copyKernels = true;
boot.loader.systemd-boot.enable = true;
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.devNodes = "/dev/disk/by-label";
documentation.dev.enable = true;
documentation.man.enable = true;
environment.shells = with pkgs; [ zsh ];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
bc
bespokesynth
bintools
cardinal
cargo
conntrack-tools
curl
dmenu
dict
dig
dmidecode
easyeffects
encfs
enscript
evince
feh
ffmpeg
file
flac
fldigi
fluidsynth
foot
fortune
fping
geeqie
geonkick
gimp-with-plugins
git
go
godot_4
google-authenticator
google-chrome
gv
helm
i3
i3status
imagemagick
inkscape
inxi
iotop
ipcalc
iperf
jq
lame
libreoffice
libva-utils
lilypond-unstable-with-fonts
lshw
lsof
mame
mariadb
mednafen
mednaffe
mesa-demos
mkvtoolnix
mpv
mutt
netcat-openbsd
nix-index
nmap
ntfs3g
oath-toolkit
openldap
openssl
(pass.withExtensions (ext: with ext; [pass-otp]))
pass
patchelf
pavucontrol
pciutils
picom
polkit_gnome
polyphone
poppler_utils
powertop
psmisc
pv
pwgen
qemu_kvm
qpwgraph
qrencode
qsynth
radeontop
rdesktop
read-edid
reaper
recode
rosegarden
rustc
samplv1
sfizz
sg3_utils
signal-desktop
speedtest-cli
sqlite
sshfs
st
stoken
surge
#surge-XT
sxiv
synthv1
sysstat
tcpdump
tigervnc
traceroute
tree
tshark
turbovnc
unrar
unzip
usbutils
vapoursynth
vdpauinfo
vim
vlc
vmpk
vocproc
vulkan-tools
wavpack
wget
whois
winetricks
wineWowPackages.stagingFull
wireguard-tools
x11vnc
x265
xclip
xdotool
xorg.xdpyinfo
xscreensaver
xsnow
yabridge
yabridgectl
yoshimi
zig
zip
zynaddsubfx
];
i18n.defaultLocale = "en_US.UTF-8";
networking.hostId = "8425e349";
networking.hostName = "ginaz";
networking.networkmanager.enable = true;
networking.nftables.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
programs.atop.enable = true;
programs.firefox.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.iftop.enable = true;
programs.mtr.enable = true;
programs.nm-applet.enable = true;
programs.steam.enable = true;
programs.tmux.enable = true;
programs.zsh.enable = true;
security.pam.services = {
chfn.googleAuthenticator.enable = true;
chsh.googleAuthenticator.enable = true;
cups.googleAuthenticator.enable = true;
lightdm.googleAuthenticator.enable = true;
login.googleAuthenticator.enable = true;
other.googleAuthenticator.enable = true;
sshd.googleAuthenticator.enable = true;
su.googleAuthenticator.enable = true;
sudo.googleAuthenticator.enable = true;
vlock.googleAuthenticator.enable = true;
xlock.googleAuthenticator.enable = true;
xscreensaver.googleAuthenticator.enable = true;
};
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("users")
&& (
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
)
)
{
return polkit.Result.YES;
}
})
'';
};
security.rtkit.enable = true;
services.blueman.enable = true;
services.openssh = {
enable = true;
openFirewall = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.printing.enable = true;
services.udev.extraRules = ''
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666"
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3000",MODE:="0666"
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3010",MODE:="0666"
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3020",MODE:="0666"
SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3030",MODE:="0666"
'';
services.xserver = {
displayManager.defaultSession = "xsession";
displayManager.lightdm = {
enable = true;
extraSeatDefaults = ''greeter-hide-users=true'';
};
displayManager.session = [
{
manage = "desktop";
name = "xsession";
start = ''exec $HOME/.xsession'';
}
];
enable = true;
libinput.enable = true;
videoDrivers = [ "amdgpu" ];
xkb.layout = "us";
xkb.options = "caps:super,compose:ralt";
};
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
system.stateVersion = "23.11";
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
time.timeZone = "America/Los_Angeles";
users.groups.nipsy.gid = 1000;
users.users.nipsy = {
isNormalUser = true;
group = "nipsy";
home = "/home/nipsy";
description = "Mark Nipper";
extraGroups = [ "wheel" "networkmanager" ];
#packages = with pkgs; [
# firefox
# tree
#];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ];
};
users.users.root = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ];
};
}
|