nix-config: 6f4e39ac083533c3d66f9f00f0044792f92d4fa1
1: # Edit this configuration file to define what should be installed on
2: # your system. Help is available in the configuration.nix(5) man page
3: # and in the NixOS manual (accessible by running ‘nixos-help’).
4: { config, pkgs, ... }:
5:
6: with builtins;
7: with rec {
8: nix-config =
9: with { fallback = /home/chris/Programming/Nix/nix-config; };
10: if pathExists ../overlays.nix
11: then ../.
12: else if pathExists fallback
13: then fallback
14: else null;
15: };
16: rec {
17: # Low level/hardware stuff
18: machine = {
19: i686-linux = "thinkpad";
20: aarch64-linux = "pinephone";
21: x86_64-darwin = "macbook";
22: }."${builtins.currentSystem}" or null;
23:
24: imports =
25: # Custom NixOS modules
26: map (f: ./modules + "/${f}") (attrNames (readDir ./modules)) ++
27:
28: # Include the results of the hardware scan.
29: [ ./hardware-configuration.nix ];
30:
31: nixpkgs.config.allowUnfree = true;
32: nixpkgs.overlays = if nix-config == null
33: then trace "WARNING: No overlays found" []
34: else import (nix-config + "/overlays.nix");
35:
36:
37: # 4 is reasonable, 7 is everything
38: boot.consoleLogLevel = 4;
39:
40: hardware.enableAllFirmware = true;
41:
42: networking = {
43: firewall.enable = false;
44: firewall.autoLoadConntrackHelpers = true;
45:
46: # Don't rely on those from DHCP, since the ISP might MITM
47: nameservers = [ "208.67.222.222" "208.67.220.220" "8.8.8.8" ];
48:
49: # Block surveillance, malicious actors, time wasters, etc.
50: extraHosts =
51: with pkgs.lib;
52: with rec {
53: format = lst: concatStringsSep "\n" (map (d: "127.0.0.1 ${d}") lst);
54:
55: blockList = url: pkgs.runCommand "blocklist.nix"
56: {
57: inherit url;
58: __noChroot = true;
59: buildInputs = with pkgs; [ curl ];
60: SSL_CERT_FILE = /etc/ssl/certs/ca-bundle.crt;
61: }
62: ''
63: echo "Fetching block list '$url'" 1>&2
64: curl "$url" > tmp
65:
66: # Keep only non-empty lines
67: grep '^.' < tmp > tmp2
68: mv tmp2 tmp
69:
70: # Remove comments
71: grep -v '^\s*#' < tmp > tmp2
72: mv tmp2 tmp
73:
74: # Collapse spaces
75: sed -e 's/\s\s*/ /g' < tmp > tmp2
76: mv tmp2 tmp
77:
78: # Extract second field
79: cut -d ' ' -f2 < tmp > tmp2
80: mv tmp2 tmp
81:
82: echo '[' > "$out"
83: sed -e 's/^\(.*\)$/"\1"/g' < tmp >> "$out"
84: echo ']' >> "$out"
85: '';
86:
87: general = blockList "http://someonewhocares.org/hosts/hosts";
88: facebook = blockList "https://www.remembertheusers.com/files/hosts-fb";
89:
90: timewasters = [
91: "facebook.com"
92: "www.facebook.com"
93: "twitter.com"
94: "www.twitter.com"
95: #"ycombinator.com"
96: #"news.ycombinator.com"
97: #"lobste.rs"
98: #"www.lobste.rs"
99: "slashdot.org"
100: "www.slashdot.org"
101: "slashdot.com"
102: "www.slashdot.com"
103: "lesswrong.com"
104: "www.lesswrong.com"
105: ];
106: };
107: ''
108: 127.0.0.1 ${config.networking.hostName}
109: 192.168.1.202 phone
110: ${trace ''
111: FIXME: Faking texLive mirror source. See
112: https://github.com/NixOS/nixpkgs/issues/24683#issuecomment-314631069
113: '' "146.185.144.154 lipa.ms.mff.cuni.cz"}
114: ${format (import general)}
115: ${format (import facebook)}
116: ${format timewasters}
117: '';
118: };
119:
120: time = {
121: timeZone = "Europe/London";
122: };
123:
124: environment = {
125: # For SSHFS
126: etc."fuse.conf".text = ''
127: user_allow_other
128: '';
129:
130: # Apparently needed for GTK themes.
131: pathsToLink = [ "/share" ];
132:
133: # Make system themes available to user sessions
134: variables = {
135: GTK_DATA_PREFIX = [ "${config.system.path}" ];
136:
137: # find theme engines
138: GTK_PATH = concatStringsSep ":" [
139: "${config.system.path}/lib/gtk-3.0"
140: "${config.system.path}/lib/gtk-2.0"
141: ];
142:
143: # Find the mouse
144: # XCURSOR_PATH = [
145: # "~/.icons"
146: # "~/.nix-profile/share/icons"
147: # "/var/run/current-system/sw/share/icons"
148: # ];
149: };
150:
151: # Packages to install in system profile.
152: # NOTE: You *could* install these individually via `nix-env -i` as root, but
153: # those won't be updated by `nixos-rebuild` and aren't version controlled.
154: # To see if there are any such packages, do `nix-env -q` as root.
155: systemPackages = [ pkgs.allPkgs ];
156: };
157:
158: fonts = {
159: enableDefaultFonts = true;
160: fontconfig.defaultFonts = {
161: monospace = [ "Droid Sans Mono" ];
162: sansSerif = [ "Droid Sans" ];
163: serif = [ "Droid Sans" ];
164: };
165: fonts = [
166: pkgs.anonymousPro
167: pkgs.droid-fonts
168: pkgs.liberation_ttf
169: pkgs.terminus_font
170: pkgs.ttf_bitstream_vera
171: ];
172: };
173:
174: nix = {
175: # Defaults to 'true' in 19.03, which disallows network access in builders.
176: # We prefer "relaxed", which allows derivations to opt-out by having a
177: # '__noChroot = true' attribute.
178: useSandbox = "relaxed";
179: trustedBinaryCaches = [ "http://hydra.nixos.org/" ];
180:
181: # Non-sandboxed builds, including the __noChroot opt-out, can only be built
182: # by these users and root (if the useSandbox option isn't false).
183: trustedUsers = [ "chris" "laminar" ];
184: };
185:
186: programs = {
187: gnupg.agent.enable = true;
188: iotop.enable = true;
189: mosh.enable = true;
190: qt5ct.enable = true; # Non-DE Qt config GUI
191: };
192:
193: # Programs which need to be setuid, etc. should be put in here. These will get
194: # wrappers made and put into a system-wide directory when the config is
195: # activated, and will be removed when switched away.
196: security.wrappers = {
197: fusermount.source = "${pkgs.fuse}/bin/fusermount";
198: fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
199: };
200:
201: # List services that you want to enable:
202:
203: services.avahi = {
204: inherit (config.networking) hostName;
205: enable = true;
206: nssmdns = true;
207: publish.enable = true;
208: publish.addresses = true;
209: publish.workstation = true;
210: };
211:
212: services.bitlbee = {
213: enable = true;
214: authMode = "Registered";
215: };
216:
217: services.ipfs = {
218: enable = false; # Quite resource-hungry
219: autoMount = false; # Mounting can cause FUSE errors
220: enableGC = true; # Laptop, limited storage
221: dataDir = "/var/lib/ipfs/.ipfs";
222: serviceFdlimit = 64 * 1024; # Bump up, since it keeps running out
223: extraConfig = {
224: # Reduce memory usage (from https://github.com/ipfs/go-ipfs/issues/4145 )
225: Swarm = {
226: AddrFilters = null;
227: ConnMgr = {
228: GracePeriod = "20s";
229: HighWater = 100;
230: LowWater = 50;
231: Type = "basic";
232: };
233: };
234: };
235: extraFlags = [
236: # Reduce CPU usage (from https://github.com/ipfs/go-ipfs/issues/4145 )
237: "--routing=dhtclient"
238: ];
239: };
240:
241: # Limit the size of our logs, to prevent ridiculous space usage and slowdown
242: services.journald = {
243: extraConfig = ''
244: SystemMaxUse=100M
245: RuntimeMaxUse=100M
246: '';
247: };
248:
249: services.nix-daemon-tunnel.enable = true;
250:
251: services.openssh = {
252: enable = true;
253: forwardX11 = true;
254: };
255:
256: services.printing = {
257: enable = true;
258: drivers = [ pkgs.nixpkgs1709.hplip pkgs.nixpkgs1709.gutenprint ];
259: };
260:
261: # Because Tories
262: services.tor = { client = { enable = true; }; };
263:
264: services.xserver = {
265: layout = "gb";
266: xkbOptions = "ctrl:nocaps";
267: };
268:
269: system.activationScripts = {
270: dotfiles = ''
271: cd /home/chris/.dotfiles || exit 1
272: for X in *
273: do
274: [[ "x$X" = "x.issues" ]] && continue
275: [[ "x$X" = "xetc_nixos" ]] && continue
276: [[ "x$X" = "xREADME" ]] && continue
277: [[ "x$X" = "xcheck.sh" ]] && continue
278: [[ -h "/home/chris/.$X" ]] && continue
279: [[ -e "/home/chris/.$X" ]] && {
280: echo "WARNING: Found ~/.$X but it's not a symlink" 1>&2
281: continue
282: }
283: (cd /home/chris && ln -s .dotfiles/"$X" ."$X")
284: done
285: '';
286: dotEmacs = with pkgs; ''
287: # ~/.emacs.d is currently stand alone, but we still want to hook some Nix
288: # things into it, e.g. paths to executables
289: X='(setq explicit-shell-file-name "${warbo-utilities}/bin/wrappedShell")'
290: echo "$X" > /home/chris/.emacs.d/personal/preload/wrapped-shell.el
291: '';
292: };
293:
294: systemd.services = import ./services.nix { inherit config pkgs; };
295:
296: console.keyMap = "uk";
297: i18n.defaultLocale = "en_GB.UTF-8";
298:
299: # Define a user account. Don't forget to set a password with ‘passwd’.
300: users = {
301: extraUsers = {
302: chris = {
303: name = "chris";
304: group = "users";
305: uid = 1000;
306: createHome = true;
307: home = "/home/chris";
308: shell = "/run/current-system/sw/bin/bash";
309: isNormalUser = true;
310: extraGroups = [
311: "atd" "audio" "dialout" "docker" "fuse" "netdev" "networkmanager"
312: "pulse" "voice" "wheel"
313: ];
314: };
315: };
316: };
317: }
Generated by git2html.