# # TODO: # - setdisplay gamma (gnome-gamma-tool) # - split into logical components (OS, hardware, ...) # - tablet-mode # - sensors # - home manager (???) # # # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; config = lib.mkMerge [ # Base configuration... # # The configuration is split into two parts to allow for two stage updates to conserve space # on storage-limited systems. # # To run a two stage update do: # $ sudo NIX_LIGHTWEIGHT=1 nixos-rebbuild switch # $ reboot # $ sudo nix-collect-garbage --delete-old # $ sudo nixos-rebbuild switch # { nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Allow unfree packages nixpkgs.config.allowUnfree = true; # intel video drivers... # XXX move to hardware... nixpkgs.config.packageOverrides = pkgs: { intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; }; }; #hardware.opengl = { hardware.graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; }; environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # XXX this is the same swap partition as fedora... boot.resumeDevice = "/dev/disk/by-uuid/6ac0c126-f701-43a5-8576-09cc76be1409"; #boot.kernelParams = [ "systemd.unified_cgroup_hierarchy=0" "resume_offset=13465600" ]; swapDevices = [ # { # device = "/var/lib/swapfile"; # size = 8*1024; # } { device = "/dev/disk/by-uuid/6ac0c126-f701-43a5-8576-09cc76be1409"; } ]; boot.kernelPackages = pkgs.linuxPackages_latest; # prevent the console fonts from being reset on driver detect/load... # XXX move to hardware-specific-file... boot.initrd.kernelModules = [ "i915" ]; # fix an issue with the touchpad/touchpoint not working after suspend... # XXX move to hardware-specific-file... boot.blacklistedKernelModules = [ "i2c_i801" ]; #powerManagement.resumeCommands = '' # ${pkgs.kmod}/bin/modprobe -r i2c_i801 # ${pkgs.kmod}/bin/modprobe i2c_i801 #''; # NOTE: this will be reset on loading of gpu driver, this can be fixed by preloading the # driver manually via: # boot.initrd.kernelModules = [ "i915" ]; console = { earlySetup = true; packages = with pkgs; [ terminus_font ]; font = "ter-u18n"; }; # ThinkPad keyboard auto highlight... # XXX this fails... #services.tp-auto-kbbl = { # enable = true; # device = "/dev/input/event19"; # arguments = [ # ]; #}; networking.hostName = "yoga-nix"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Europe/Moscow"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; #i18n.supportedLocales = [ # "en_US.UTF-8" # "ru_RU.UTF-8" #]; i18n.extraLocaleSettings = { LC_ADDRESS = "ru_RU.UTF-8"; LC_IDENTIFICATION = "ru_RU.UTF-8"; LC_MEASUREMENT = "en_GB.UTF-8"; LC_MONETARY = "ru_RU.UTF-8"; LC_NAME = "ru_RU.UTF-8"; LC_NUMERIC = "en_GB.UTF-8"; LC_PAPER = "ru_RU.UTF-8"; LC_TELEPHONE = "ru_RU.UTF-8"; LC_TIME = "en_GB.UTF-8"; }; services.gpm.enable = true; services.devmon.enable = true; services.gvfs.enable = true; services.udisks2.enable = true; # Enable the X11 windowing system. services.xserver.enable = true; # Configure keymap in X11 services.xserver.xkb = { layout = "us,ru"; options = "grp:alt_shift_toggle"; }; services.xserver.excludePackages = [ pkgs.xterm ]; services.xrdp.enable = true; services.xrdp.defaultWindowManager = "gnome-remote-desktop"; services.xrdp.openFirewall = true; # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; # set keyboard layouts and switching and othe key bindings... services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' [org.gnome.desktop.input-sources] sources=[('xkb', 'us'),('xkb', 'ru')] per-window=true [org.gnome.desktop.wm.keybindings] switch-input-source=['Shift_L'] switch-input-source-backward=['Alt_L'] panel-run-dialog=['r'] [org/gnome/settings-daemon/plugins/media-keys] custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] [org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0] binding='v' command='gvim' name='gvim' ''; environment.gnome.excludePackages = [ pkgs.gnome-tour ]; security.rtkit.enable = true; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound with pipewire. #sound.enable = true; #hardware.pulseaudio.enable = false; services.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; services.colord.enable = true; services.flatpak.enable = true; # Laptop configuration... services.logind.lidSwitch = "lock"; services.fwupd.enable = true; services.openssh.enable = true; services.keyd = { enable = true; keyboards = { default = { ids = ["*"]; settings = { main = { # Modern ThinkPad's printscrn to menu key... sysrq = "overload(prtsc, compose)"; rightshift = "overload(rightshift, rightshift)"; rightalt = "overload(rightalt, rightalt)"; }; prtsc = { # Gnome: screenshot... rightshift = "sysrq"; # Gnome: minimize/maximize... up = "M-up"; down = "M-down"; # Gnome: next/prev workspace... left = "M-A-left"; right = "M-A-right"; }; "rightshift:S" = { # Gnome: screenshot... sysrq = "sysrq"; }; "rightalt:A" = { # Gnome: move window... left = "macro(A-f7 20ms left left enter)"; right = "macro(A-f7 20ms right right enter)"; up = "macro(A-f7 20ms up up enter)"; down = "macro(A-f7 20ms down down enter)"; }; }; }; }; }; # group keyd keyboard with the rest of the internal HID devices letting libinput correctly # handle touchpad features line "disable while typing"... environment.etc."libinput/local-overrides.quirks".text = '' [keyd] MatchUdevType=keyboard MatchName=keyd virtual keyboard AttrKeyboardIntegration=internal ''; services.syncthing = { enable = true; user = "f_lynx"; configDir = "/home/f_lynx/.config/syncthing/"; dataDir = "/home/f_lynx/Sync/"; }; # Tor # see: https://nixos.wiki/wiki/Tor services.tor = { enable = true; client.enable = true; settings = { UseBridges = true; # obfs4... ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird"; Bridge = [ "obfs4 51.68.49.200:61511 D44D53FEBBD9BFB59726B5818CEAAC5A31DFDD24 cert=1Lc1kIQ84lYXsH3duofsZWh0Eb+xVVEmmsZP8YN8tLuFfjYghEgFfIsLmo78kXX383KMRw iat-mode=0" "obfs4 141.95.109.208:45280 377396B625F2A76E7DF51C1BF952EBD683EC3EA1 cert=R5X70kY6Hd4DdW8JbCsxBPMaMREIOwaqbwYGMff1NyPYUwLxnlQqzkP2fTD8uo2R7A5ROQ iat-mode=0" ]; ## snowflake... (XXX fails) #ClientTransportPlugin = "snowflake exec ${pkgs.snowflake}/bin/snowflake-client -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478"; #ClientTransportPlugin = "snowflake exec ${pkgs.snowflake}/bin/snowflake-client"; #Bridge = [ # "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn" # "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn" #]; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.f_lynx = { isNormalUser = true; description = "Alex A. Naanou"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; [ ]; }; environment.localBinInPath = true; environment.variables.EDITOR = "vim"; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ usbutils udiskie udisks exfat exfatprogs # XXX 20250614: does not build on 25.05 #scrounge-ntfs vim-full #micro vifm mc far2l nnn #ranger dos2unix psmisc #tdrop tmux tree btop htop iotop iftop ncdu du-dust # mostly needed for debugging... #libinput tlp acpi gparted #gdisk testdisk jdupes fdupes wget tor syncthingtray #shadowsocks-rust #shadowsocks-v2ray-plugin ungoogled-chromium #tor-browser zip unzip tldr bat # fonts... terminus_font # GUI keepassxc ulauncher kitty #ghostty #logseq # XXX this does not work on default gnome... wl-gammactl nextcloud-client # dev gitFull gnumake nodejs electron go python3 #python311Packages.pygobject3 #sbcl # Gnome stuff... gnome-tweaks dconf-editor gnome-remote-desktop gnomeExtensions.advanced-alttab-window-switcher gnomeExtensions.search-light gnomeExtensions.quick-settings-tweaker #gnomeExtensions.quake-mode gnomeExtensions.quake-terminal gnomeExtensions.gsconnect gnomeExtensions.dash-to-panel gnomeExtensions.blur-my-shell gnomeExtensions.unmess gnomeExtensions.custom-accent-colors #gnomeExtensions.tray-icons-reloaded gnomeExtensions.appindicator gnomeExtensions.customize-ibus gnomeExtensions.date-menu-formatter gnomeExtensions.lock-keys gnomeExtensions.clipboard-indicator gnomeExtensions.hibernate-status-button gnomeExtensions.caffeine gnomeExtensions.grand-theft-focus # XXX seems to be out of date for Gnome 46... gnomeExtensions.guillotine # XXX this seems to be missing... # see: https://github.com/AstraExt/astra-monitor #gnomeExtensions.astra-monitor gnome-firmware-updater gedit # media... vlc mpv cmus yt-dlp media-downloader ffmpeg #ffmpegthumbnailer httrack exiftool vips ]; programs.geary.enable = false; #programs.git.enable = true; programs.dconf.enable = true; programs.firefox.enable = true; # XXX not sure who wants electron... nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # ulauncher... # XXX can't get ulauncher to be centered and focus on launch... #systemd.user.services.ulauncher = { # enable = true; # description = "Start Ulauncher"; # script = '' # ${pkgs.coreutils-full}/bin/sleep 2 # ${pkgs.ulauncher}/bin/ulauncher --hide-window # ''; # documentation = [ "https://github.com/Ulauncher/Ulauncher/blob/f0905b9a9cabb342f9c29d0e9efd3ba4d0fa456e/contrib/systemd/ulauncher.service" ]; # # XXX this does not work for some reason... # #wantedBy = [ "graphical.target" ]; # wantedBy = [ "graphical-session.target" ]; # after = [ "display-manager.service" ]; #}; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? } # Full config... (lib.mkIf (builtins.getEnv "NIX_LIGHTWEIGHT" == "") { environment.systemPackages = with pkgs; [ # LaTeX #texlive.combined.scheme-full (texlive.combine { inherit (texlive) scheme-medium # missing: # calc graphicx ifthen pgffor rotating trimclip xinttools kvoptions xargs ifthenx iftex xint listofitems xkeyval etoolbox changepage pdfcomment eso-pic environ numprint xcolor pagecolor colorspace graphics adjustbox textpos fancyvrb flowfram fancyhdr pdfpages geometry varwidth hyphenat bigfoot lipsum anyfontsize cprotect ccicons multitoc hardwrap catchfile titlesec hypdoc doctools needspace xstring listings imakeidx latexmk; pax # fonts... opensans courier # languages... russ babel-russian hyphen-russian # photobook... photobook #(setq org-latex-compiler "lualatex") #(setq org-preview-latex-default-process 'dvisvgm) }) # jdk - required by texlive-pax (BUG: no dependency??) temurin-jre-bin # fonts... #nerdfonts #blender #krita #gimp3 gimp3-with-plugins ]; # Nerd Fonts... fonts.packages = [ pkgs.nerd-fonts.droid-sans-mono ]; #fonts.packages = [ ... ] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); # all nerd fonts (~8G)... #fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); }) ]; }