nix-config: 90d0a60a36b50917f9e5b18fe62910384d72e15e
1: # Edit this configuration file to define what should be installed on
2: # your system. Help is available in the configuration.nix(5) man page
3: # and in the NixOS manual (accessible by running ‘nixos-help’).
4: { config, pkgs, ... }:
5:
6: with builtins;
7: with rec {
8: nix-config =
9: with { fallback = /home/chris/Programming/Nix/nix-config; };
10: if pathExists ../overlays.nix then
11: ../.
12: else if pathExists fallback then
13: fallback
14: else
15: null;
16: };
17: rec {
18: # Low level/hardware stuff
19: machine =
20: {
21: i686-linux = "thinkpad";
22: aarch64-linux = "pinephone";
23: x86_64-darwin = "macbook";
24: }
25: ."${builtins.currentSystem}" or null;
26:
27: imports =
28: # Custom NixOS modules
29: map (f: ./modules + "/${f}") (attrNames (readDir ./modules))
30: ++
31:
32: # Include the results of the hardware scan.
33: [ ./hardware-configuration.nix ];
34:
35: nixpkgs.config.allowUnfree = true;
36: nixpkgs.overlays =
37: if nix-config == null then
38: trace "WARNING: No overlays found" [ ]
39: else
40: import (nix-config + "/overlays.nix");
41:
42: # 4 is reasonable, 7 is everything
43: boot.consoleLogLevel = 4;
44:
45: hardware.enableAllFirmware = true;
46:
47: networking = {
48: firewall.enable = false;
49: firewall.autoLoadConntrackHelpers = true;
50:
51: # Don't rely on those from DHCP, since the ISP might MITM
52: nameservers = [
53: "208.67.222.222"
54: "208.67.220.220"
55: "8.8.8.8"
56: ];
57:
58: # Block surveillance, malicious actors, time wasters, etc.
59: extraHosts =
60: with pkgs.lib;
61: with rec {
62: format = lst: concatStringsSep "\n" (map (d: "127.0.0.1 ${d}") lst);
63:
64: blockList =
65: url:
66: pkgs.runCommand "blocklist.nix"
67: {
68: inherit url;
69: __noChroot = true;
70: buildInputs = with pkgs; [ curl ];
71: SSL_CERT_FILE = /etc/ssl/certs/ca-bundle.crt;
72: }
73: ''
74: echo "Fetching block list '$url'" 1>&2
75: curl "$url" > tmp
76:
77: # Keep only non-empty lines
78: grep '^.' < tmp > tmp2
79: mv tmp2 tmp
80:
81: # Remove comments
82: grep -v '^\s*#' < tmp > tmp2
83: mv tmp2 tmp
84:
85: # Collapse spaces
86: sed -e 's/\s\s*/ /g' < tmp > tmp2
87: mv tmp2 tmp
88:
89: # Extract second field
90: cut -d ' ' -f2 < tmp > tmp2
91: mv tmp2 tmp
92:
93: echo '[' > "$out"
94: sed -e 's/^\(.*\)$/"\1"/g' < tmp >> "$out"
95: echo ']' >> "$out"
96: '';
97:
98: general = blockList "http://someonewhocares.org/hosts/hosts";
99: facebook = blockList "https://www.remembertheusers.com/files/hosts-fb";
100:
101: timewasters = [
102: "facebook.com"
103: "www.facebook.com"
104: "twitter.com"
105: "www.twitter.com"
106: #"ycombinator.com"
107: #"news.ycombinator.com"
108: #"lobste.rs"
109: #"www.lobste.rs"
110: "slashdot.org"
111: "www.slashdot.org"
112: "slashdot.com"
113: "www.slashdot.com"
114: "lesswrong.com"
115: "www.lesswrong.com"
116: ];
117: };
118: ''
119: 127.0.0.1 ${config.networking.hostName}
120: 192.168.1.202 phone
121: ${trace ''
122: FIXME: Faking texLive mirror source. See
123: https://github.com/NixOS/nixpkgs/issues/24683#issuecomment-314631069
124: '' "146.185.144.154 lipa.ms.mff.cuni.cz"}
125: ${format (import general)}
126: ${format (import facebook)}
127: ${format timewasters}
128: '';
129: };
130:
131: time = {
132: timeZone = "Europe/London";
133: };
134:
135: environment = {
136: # For SSHFS
137: etc."fuse.conf".text = ''
138: user_allow_other
139: '';
140:
141: # Apparently needed for GTK themes.
142: pathsToLink = [ "/share" ];
143:
144: # Make system themes available to user sessions
145: variables = {
146: GTK_DATA_PREFIX = [ "${config.system.path}" ];
147:
148: # find theme engines
149: GTK_PATH = concatStringsSep ":" [
150: "${config.system.path}/lib/gtk-3.0"
151: "${config.system.path}/lib/gtk-2.0"
152: ];
153:
154: # Find the mouse
155: # XCURSOR_PATH = [
156: # "~/.icons"
157: # "~/.nix-profile/share/icons"
158: # "/var/run/current-system/sw/share/icons"
159: # ];
160: };
161:
162: # Packages to install in system profile.
163: # NOTE: You *could* install these individually via `nix-env -i` as root, but
164: # those won't be updated by `nixos-rebuild` and aren't version controlled.
165: # To see if there are any such packages, do `nix-env -q` as root.
166: systemPackages = [ pkgs.allPkgs ];
167: };
168:
169: fonts = {
170: enableDefaultFonts = true;
171: fontconfig.defaultFonts = {
172: monospace = [ "Droid Sans Mono" ];
173: sansSerif = [ "Droid Sans" ];
174: serif = [ "Droid Sans" ];
175: };
176: fonts = [
177: pkgs.anonymousPro
178: pkgs.liberation_ttf
179: pkgs.nerdfonts
180: pkgs.terminus_font
181: pkgs.ttf_bitstream_vera
182: ];
183: };
184:
185: nix = {
186: # Defaults to 'true' in 19.03, which disallows network access in builders.
187: # We prefer "relaxed", which allows derivations to opt-out by having a
188: # '__noChroot = true' attribute.
189: useSandbox = "relaxed";
190: trustedBinaryCaches = [ "http://hydra.nixos.org/" ];
191:
192: # Non-sandboxed builds, including the __noChroot opt-out, can only be built
193: # by these users and root (if the useSandbox option isn't false).
194: trustedUsers = [
195: "chris"
196: "laminar"
197: ];
198: };
199:
200: programs = {
201: gnupg.agent.enable = true;
202: iotop.enable = true;
203: mosh.enable = true;
204: qt5ct.enable = true; # Non-DE Qt config GUI
205: };
206:
207: # Programs which need to be setuid, etc. should be put in here. These will get
208: # wrappers made and put into a system-wide directory when the config is
209: # activated, and will be removed when switched away.
210: security.wrappers = {
211: fusermount.source = "${pkgs.fuse}/bin/fusermount";
212: fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
213: };
214:
215: # List services that you want to enable:
216:
217: services.avahi = {
218: inherit (config.networking) hostName;
219: enable = true;
220: nssmdns4 = true;
221: publish.enable = true;
222: publish.addresses = true;
223: publish.workstation = true;
224: };
225:
226: services.bitlbee = {
227: enable = true;
228: authMode = "Registered";
229: };
230:
231: services.ipfs = {
232: enable = false; # Quite resource-hungry
233: autoMount = false; # Mounting can cause FUSE errors
234: enableGC = true; # Laptop, limited storage
235: dataDir = "/var/lib/ipfs/.ipfs";
236: serviceFdlimit = 64 * 1024; # Bump up, since it keeps running out
237: extraConfig = {
238: # Reduce memory usage (from https://github.com/ipfs/go-ipfs/issues/4145 )
239: Swarm = {
240: AddrFilters = null;
241: ConnMgr = {
242: GracePeriod = "20s";
243: HighWater = 100;
244: LowWater = 50;
245: Type = "basic";
246: };
247: };
248: };
249: extraFlags = [
250: # Reduce CPU usage (from https://github.com/ipfs/go-ipfs/issues/4145 )
251: "--routing=dhtclient"
252: ];
253: };
254:
255: # Limit the size of our logs, to prevent ridiculous space usage and slowdown
256: services.journald = {
257: extraConfig = ''
258: SystemMaxUse=100M
259: RuntimeMaxUse=100M
260: '';
261: };
262:
263: services.nix-daemon-tunnel.enable = true;
264:
265: services.openssh = {
266: enable = true;
267: forwardX11 = true;
268: };
269:
270: services.printing = {
271: enable = true;
272: drivers = [
273: pkgs.nixpkgs1709.hplip
274: pkgs.nixpkgs1709.gutenprint
275: ];
276: };
277:
278: # Because Tories
279: services.tor = {
280: client = {
281: enable = true;
282: };
283: };
284:
285: services.xserver = {
286: layout = "gb";
287: xkbOptions = "ctrl:nocaps";
288: };
289:
290: system.activationScripts = {
291: dotfiles = ''
292: cd /home/chris/.dotfiles || exit 1
293: for X in *
294: do
295: [[ "x$X" = "x.issues" ]] && continue
296: [[ "x$X" = "xetc_nixos" ]] && continue
297: [[ "x$X" = "xREADME" ]] && continue
298: [[ "x$X" = "xcheck.sh" ]] && continue
299: [[ -h "/home/chris/.$X" ]] && continue
300: [[ -e "/home/chris/.$X" ]] && {
301: echo "WARNING: Found ~/.$X but it's not a symlink" 1>&2
302: continue
303: }
304: (cd /home/chris && ln -s .dotfiles/"$X" ."$X")
305: done
306: '';
307: dotEmacs = with pkgs; ''
308: # ~/.emacs.d is currently stand alone, but we still want to hook some Nix
309: # things into it, e.g. paths to executables
310: X='(setq explicit-shell-file-name "${warbo-utilities}/bin/wrappedShell")'
311: echo "$X" > /home/chris/.emacs.d/personal/preload/wrapped-shell.el
312: '';
313: };
314:
315: systemd.services = import ./services.nix { inherit config pkgs; };
316:
317: console.keyMap = "uk";
318: i18n.defaultLocale = "en_GB.UTF-8";
319:
320: # Define a user account. Don't forget to set a password with ‘passwd’.
321: users = {
322: extraUsers = {
323: chris = {
324: name = "chris";
325: group = "users";
326: uid = 1000;
327: createHome = true;
328: home = "/home/chris";
329: shell = "/run/current-system/sw/bin/bash";
330: isNormalUser = true;
331: extraGroups = [
332: "atd"
333: "audio"
334: "dialout"
335: "docker"
336: "fuse"
337: "netdev"
338: "networkmanager"
339: "pulse"
340: "voice"
341: "wheel"
342: ];
343: };
344: };
345: };
346: }
Generated by git2html.