{ config, lib, pkgs, ... }: # usual environment, as a thin OS let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); in { imports = [ ./users.nix ]; security.sudo.wheelNeedsPassword = false; boot.initrd.availableKernelModules = [ "xhi_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = []; fileSystems."/boot".device = "/dev/disk/by-label/boot"; fileSystems."/boot".fsType = "vfat"; fileSystems."/".device = "/dev/disk/by-label/nixos"; fileSystems."/".fsType = "ext4"; swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; networking.hostName = "helium"; networking.networkmanager.enable = true; time.timeZone = "America/New_York"; location.latitude = 40.80; location.longitude = -81.52; fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; environment.systemPackages = [ ]; nixpkgs = { config = { allowUnfree = true; allowBroken = true; }; }; hardware.enableAllFirmware = true; hardware.bluetooth.enable = true; hardware.bluetooth.package = pkgs.bluezFull; # hardware.acpilight.enable = true; hardware.brillo.enable = true; hardware.opengl.enable = true; hardware.pulseaudio = { enable = true; extraConfig = '' load-module module-loopback ''; }; sound.enable = true; sound.mediaKeys.enable = true; programs = { bash.enableCompletion = true; command-not-found.enable = true; light.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; mosh.enable = true; ssh.agentTimeout = "1h"; }; services = { pcscd.enable = true; logind.lidSwitch = "suspend"; logind.extraConfig = "IdleAction=lock"; clight.enable = true; clight.temperature.day = 5000; clight.temperature.night = 2300; printing.enable = true; xserver.enable = true; xserver.autorun = true; xserver.layout = "us"; xserver.libinput.enable = true; xserver.xkbOptions = "caps:ctrl_modifier"; xserver.displayManager.sddm.enable = true; xserver.windowManager.xmonad.enable = true; xserver.desktopManager.xterm.enable = true; xserver.xautolock.enable = true; xserver.xautolock.enableNotifier = true; xserver.xautolock.notifier = "${pkgs.libnotify}/bin/notify-send 'locking in 10 seconds'"; xserver.xautolock.nowlocker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password"; xserver.xautolock.locker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password"; vnstat.enable = true; # security stuff fail2ban.enable = true; clamav.daemon.enable = true; clamav.updater.enable = true; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; powerManagement.enable = true; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; nix.nixPath = [ "nixpkgs=${nixpkgs}" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; nix.gc.automatic = false; nix.gc.dates = "03:15"; nix.binaryCaches = [ "https://cache.nixos.org/" ]; nix.extraOptions = '' builders-use-substitutes = true ''; nix.maxJobs = lib.mkDefault 4; nix.buildMachines = [ { hostName = "192.168.1.42"; sshUser = "ben"; sshKey = "/home/ben/.ssh/id_rsa"; system = "x86_64-linux"; } { hostName = "dev.simatime.com"; sshUser = "ben"; sshKey = "/home/ben/.ssh/id_rsa"; system = "x86_64-linux"; } ]; nix.distributedBuilds = true; nix.trustedUsers = [ "root" "ben" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "19.03"; # Did you read the comment? system.autoUpgrade.enable = true; }