# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./disk-config.nix { _module.args = { disk = "/dev/vda"; withSwap = true; swapSize = "16"; }; } ]; # Experimental nix.settings.experimental-features = [ "nix-command" "flakes" ]; # I18n & Time time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; # Starter config console = { font = "Lat2-Terminus16"; keyMap = "us"; # useXkbConfig = true; # use xkb.options in tty. }; # Enable the KDE Desktop Environment. services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; boot = { kernelPackages = pkgs.linuxPackages_latest; supportedFilesystems = [ "btrfs" ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 3; }; initrd = { kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; # Mount USB key before trying to decrypt root filesystem # postDeviceCommands = pkgs.lib.mkBefore '' # mkdir -m 0755 -p /key # sleep 2 # To make sure the usb key has been loaded # mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key # ''; ### ----> Instead use systemd mount unit #systemd = { # enable = true; # tpm2 unlock requires systemd initrd # mounts = [{ # what = "UUID=720657da-2c89-4f47-aba9-b43618778a3d"; # where = "/key"; # type = "btrfs"; # }]; #}; luks.devices."crypted" = { bypassWorkqueues = true; device = lib.mkDefault "/dev/disk/by-partuuid/5e65cc4c-eb35-4d62-8fcd-387d6a87c067"; # crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock preLVM = true; # If using a USB or SD Card for decryption include the following. allowDiscards = true; # keyFileSize = 4096; # This is the disk id of your USB or SD Card. # Get this by running `ls -l /dev/disk/by-id`, # and copy the long string into the spot below. # keyFile = "/key/hdd.key"; # Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!! #~~~~~ Actually it doesn't work as it is implied by systemd stage 1... # fallbackToPassword = true; }; }; resumeDevice = "/dev/nvme0n1"; # should be pointing to part. where swap resides kernelParams = [ # hibernation "resume_offset=533760" ]; }; swapDevices = [ { device = "/.swapvol"; size=16*1024; } ]; networking = { hostName = "jeroboam"; domain = "mattmor.in"; # wireless.enable = true; # Enables wireless support via wpa_supplicant. networkmanager.enable = true; # Easiest to use and most distros use this by default. enableIPv6 = false; }; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable the X11 windowing system. services.xserver.enable = true; # Configure keymap in X11 services.xserver.xkb.layout = "us"; services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. hardware.pulseaudio.enable = true; # OR # services.pipewire = { # enable = true; # pulse.enable = true; # }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.laozi = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ firefox tree ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget git ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }