initial commit

config/base.nix

@@ -0,0 +1,45 @@
+# base.nix: basic have-this-everywhere nixos config
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ 
+    ../hardware-configuration.nix
+    ./users.nix
+  ];
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "de_DE.UTF-8";
+  console.font = "Lat2-Terminus16";
+  console.keyMap = "de";
+
+  time.timeZone = "Europe/Berlin";
+  services.timesyncd.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    pkgs.vim_configurable
+    pkgs.neovim
+    pkgs.zsh
+    pkgs.wget 
+    pkgs.curl 
+    pkgs.rsync 
+    pkgs.git
+    pkgs.git-hub 
+    pkgs.python3
+    pkgs.pciutils
+    pkgs.dmidecode
+    pkgs.cpufrequtils
+    pkgs.binutils
+    pkgs.mc
+    pkgs.git
+    pkgs.htop
+    pkgs.bpytop
+  ];
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+  };
+  services.openssh.enable = true;
+
+}

config/gnome.nix

@@ -0,0 +1,20 @@
+# gnome.nix: install gnome
+ 
+ { config, pkgs, ... }:
+ 
+ {
+ services.xserver.desktopManager.gnome3.enable = true;
+   environment.gnome3.excludePackages = with pkgs.gnome3; [
+     epiphany
+     evolution
+     gnome-maps
+     gnome-music
+     gnome-photos
+     gedit
+     totem
+     gnome-calendar
+     gnome-weather
+     accerciser
+     gnome-software
+   ];
+ }

config/grsec.nix

@@ -0,0 +1,27 @@
+# grsec.nix: NIXOS used HARDEN! NIXOS's DEFENSE ROSE!
+
+{ config, lib, pkgs, ... }:
+
+{
+
+  # if you're an acer c710 (i know i am sometimes) you might also want:
+  # CHROME_PLATFORMS y
+  # CHROMEOS_LAPTOP m
+  # CHROMEOS_PSTORE m
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    linux_grsec_nixos = pkgs.linux_grsec_nixos.override {
+      extraConfig = ''
+            PAX y
+            GRKERNSEC y
+            GRKERNSEC_CONFIG_AUTO y
+            GRKERNSEC_CONFIG_DESKTOP y
+            GRKERNSEC_CONFIG_SECURE y
+            GRKERNSEC_CONFIG_VIRT_EPT y
+      '';
+    };
+  };
+
+  security.grsecurity.enable = true;
+
+}

config/gui.nix

@@ -0,0 +1,82 @@
+# gui.nix: configure x11 stuff common to any wm/de
+
+{ config, pkgs, ... }:
+
+{
+  #imports = [ ./base.nix ];
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    pkgs.powerline-fonts
+
+    pkgs.gtk3
+    pkgs.gtk_engines
+    pkgs.gnome2.gnome_icon_theme
+    pkgs.shared_mime_info
+    pkgs.arc-theme
+    pkgs.arc-icon-theme
+    pkgs.hicolor_icon_theme
+    pkgs.elementary-xfce-icon-theme
+
+    pkgs.rxvt_unicode
+    pkgs.redshift
+    pkgs.xorg.xbacklight
+    # internet / communication stuff
+    pkgs.pulseaudioFull
+    pkgs.pamixer
+    pkgs.pulsemixer
+    pkgs.google-chrome
+    pkgs.chromium
+    pkgs.firefox
+    #pkgs.flashplayer
+    pkgs.discord
+    pkgs.tdesktop
+    pkgs.thunderbird
+    pkgs.keepassxc
+    pkgs.xorg.xkill
+    pkgs.nextcloud-client
+    pkgs.rxvt_unicode
+    pkgs.networkmanager_openvpn
+    pkgs.networkmanager_vpnc
+    pkgs.networkmanager_strongswan
+    pkgs.networkmanagerapplet
+    pkgs.signal-desktop
+    pkgs.anydesk
+    pkgs.keybase
+    pkgs.keybase-gui
+    pkgs.kbfs
+    #stable.spotify
+    pkgs.pavucontrol
+    pkgs.gnupg
+    pkgs.libsecret
+#    pkgs.gnome3.gnome-keyring
+  ];
+
+  services.xserver = {
+    enable = true;
+    layout = "de";
+    displayManager.lightdm.enable = true;
+  };
+  services.gnome3.gnome-keyring = {
+    enable = true;
+  };
+
+  fonts = {
+    enableFontDir = true;
+    enableGhostscriptFonts = true;
+    fonts = with pkgs; [
+      corefonts
+      roboto
+      inconsolata
+      ubuntu_font_family
+      unifont
+      terminus_font
+      powerline-fonts
+    ];
+  };
+#  security.pam.enableGnomeKeyring = {
+#    enable = true;
+# };
+}

config/i3.nix

@@ -0,0 +1,48 @@
+# i3.nix: use i3 as the desktop manager
+
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    # window manager + basic essentials
+    pkgs.lightdm
+    pkgs.i3
+    pkgs.i3status
+    pkgs.i3status-rust
+    pkgs.i3lock-fancy
+    pkgs.xautolock
+    pkgs.dmenu
+    pkgs.j4-dmenu-desktop
+    pkgs.powerline-fonts
+    pkgs.font-awesome
+    pkgs.font-awesome-ttf
+    pkgs.font-awesome_5
+    pkgs.font-awesome_4
+    pkgs.lxappearance
+
+    pkgs.xfce.exo
+    pkgs.xfce.gvfs
+    pkgs.xfce.thunar
+    pkgs.xfce.thunar_volman
+    pkgs.xfce.thunar-archive-plugin
+    pkgs.xfce.xfce4icontheme
+    pkgs.xfce.terminal
+    # internet / communication stuff
+    pkgs.tdesktop
+    pkgs.rofi
+    pkgs.maim
+    pkgs.pasystray
+    pkgs.feh
+    pkgs.networkmanager_dmenu
+    pkgs.udiskie
+    pkgs.inconsolata
+    pkgs.termite
+  ];
+
+  services.xserver = {
+    windowManager.i3.enable = true;
+  };
+  services.gnome3.at-spi2-core.enable = true;
+  services.dbus.socketActivated = true;
+
+}

config/laptop.nix

@@ -0,0 +1,15 @@
+# laptop.nix: basic laptop config, power management, etc
+
+{ config, pkgs, ... }:
+
+{
+
+  environment.systemPackages = with pkgs; [
+    pkgs.powertop
+    pkgs.acpi
+    pkgs.upower
+  ];
+
+  services.upower.enable = true;
+
+}

config/screenlock.nix

@@ -0,0 +1,36 @@
+{ pkgs, config, ... }:
+
+#with import <stockholm/lib>;
+
+let
+  cfg = config.screenlock;
+
+  out = {
+    options.screenlock = api;
+  };
+
+  api = {
+    enable = mkEnableOption "screenlock";
+    command = mkOption {
+      type = types.str;
+      default = "${pkgs.xlockmore}/bin/i3lock-fancy";
+    };
+  };
+
+  imp = {
+    systemd.services.screenlock = {
+      before = [ "sleep.target" ];
+      wantedBy = [ "sleep.target" ];
+      environment = {
+        DISPLAY = ":${toString config.services.xserver.display}";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "screenlock";
+        ExecStart = cfg.command;
+        Type = "simple";
+        User = "templis";
+      };
+    };
+  };
+
+in out

config/unify.nix

@@ -0,0 +1,10 @@
+ # unify.nix: config for unify network devices
+ 
+ { config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    pkgs.unifi
+  ];
+services.unifi.enable = true;
+}

config/users.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+  users.extraUsers.templis = {
+    isNormalUser = true;
+    createHome = true;
+    uid = 1000;
+    group = "users";
+    extraGroups = [
+      "wheel" "audio" "video" "netdev" "networkmanager" "systemd-journal"
+    ];
+    shell = "/run/current-system/sw/bin/zsh";
+  };
+
+}

configuration.nix

@@ -0,0 +1 @@
+hosts/dynamix.nix

configuration.nix.bak

@@ -0,0 +1,112 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+  boot.initrd.availableKernelModules = [ "aes_x86_64" "aesni_intel" "cryptd" ];
+
+  swapDevices = [{device = "/swapfile"; size = 10000;}];
+
+  # networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.eno0.useDHCP = true;
+  networking.interfaces.wlp2s0.useDHCP = true;
+  networking.interfaces.wwp0s20u4i6.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  # Enable the GNOME 3 Desktop Environment.
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome3.enable = true;
+  
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.jane = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  # };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+     wget vim
+     firefox
+     ntfs3g
+   ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+
+}
+

hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5d9455de-01c4-4e45-b89d-ec8b39c50c25";
+      fsType = "btrfs";
+      options = [ "subvol=nixos" ];
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f116eea8-651d-4c93-bfb4-6c3fcb74a94d";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/7d02a865-66af-4711-abbb-ac2e5741899f";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

hosts/dynamix.nix

@@ -0,0 +1,152 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ../hardware-configuration.nix
+      ../config/base.nix
+      ../config/users.nix
+      ../config/laptop.nix
+      ../config/gui.nix
+      ../config/i3.nix
+      ../config/gnome.nix
+      #../config/grsec.nix
+    ];
+  services.xserver.displayManager.defaultSession = "none+i3"; # set default WM
+  networking.hostName = "dynamix"; # Set Hostname
+
+  # https://bugzilla.kernel.org/show_bug.cgi?id=1l0941
+  boot.kernelParams = ["intel_pstate=no_hwp" ];
+
+  # Supposedly better for the SSD
+  fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  #boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  #boot.loader.grub.device = "nodev"; # or "nodev" for efi only
+  #boot.loader.efi.canTouchEfiVariables = true;
+  #boot.loader.grub.gfxmodeEfi = "1024x768";
+  #boot.loader.systemd-boot.enable = true;
+  #boot.loader.efi.canTouchEfiVariables = true;
+  #boot.cleanTmpDir = true;
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "aes_x86_64" "aesni_intel" "cryptd" ];
+
+  swapDevices = [{device = "/swapfile"; size = 10000;}];
+
+  #networking.useNetworkd = true; # Use Networkd as default Networking Daemon - suitable on static Networks e.g. PCs
+  networking.networkmanager.enable = true; # Use Networkmanager as defaukt Networking Daemon - suitable on dynamic Networks e.g. Laptops
+
+  hardware.pulseaudio.package = pkgs.pulseaudioFull; # support for bluetooth headsets
+  hardware.bluetooth.enable = true;
+
+  # Have stable and unstable Packages
+  nixpkgs.config = {
+    # Allow proprietary packages
+    allowUnfree = true;
+
+    # Create an alias for the unstable channel
+    packageOverrides = pkgs: {
+      unstable = import <nixos-unstable> {
+        # pass the nixpgs config to the unstable alias
+        # to ensure 'allowUnfree = true;' is propagated:
+        config = config.nixpkgs.config;
+      };
+     # stable = import <nixos-stable> {
+        # pass the nixpgs config to the unstable alias
+        # to ensure 'allowUnfree = true;' is propagated:
+       # config = config.nixpkgs.config;
+     # };
+    };
+
+    #firefox.enableAdobeFlash = true;
+    #chromium.enablePepperFlash = true;
+    #google-chrome-stable.enablePepperFlash = true;
+  };
+
+  # List packages installed in system profile. To search by name, run:
+  # $ nix-env -qaP | grep wget
+  environment.systemPackages = with pkgs; [
+    acpi
+    acpitool
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.bash.enableCompletion = true;
+  # programs.mtr.enable = true;
+  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+  networking.firewall.allowPing = true;
+
+  services.journald.extraConfig = ''
+  MaxRetentionSec=4day
+  '';
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable touchpad support.
+  services.xserver.libinput.enable = true;
+
+  # Enable the KDE Desktop Environment.
+  # services.xserver.displayManager.sddm.enable = true;
+  # services.xserver.desktopManager.plasma5.enable = true;
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "20.09"; # Did you read the comment?
+  
+  # Enable Autoupgrades
+  system.autoUpgrade.enable = true;
+
+  # enable pulseaudio
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.support32Bit = true;
+
+  # Add user to sudoers file
+  security.sudo.configFile = "templis ALL=(ALL) NOPASSWD: ALL";
+
+  programs.zsh.enable = true;
+
+  services.acpid = {
+      enable = true;
+      lidEventCommands = ''
+        if grep -q closed /proc/acpi/button/lid/LID/state; then
+          date >> /tmp/i3lock.log
+          DISPLAY=":0.0" XAUTHORITY=/home/templis/.Xauthority ${pkgs.i3lock}/bin/i3lock-fancy &>> /tmp/i3lock.log
+        fi
+      '';
+  };
+  systemd.user.services.i3lock-sleep = {
+    enable = true;
+    description = "Automatically lock screen before going to sleep";
+    wantedBy = [ "default.target" ];
+    path = with pkgs; [ xss-lock i3lock-fancy getopt fontconfig ];
+    serviceConfig = {
+      Restart = "always";
+      ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${pkgs.i3lock-fancy}/bin/i3lock-fancy";
+    };
+  };
+}