313 lines
8 KiB
Nix
313 lines
8 KiB
Nix
{ config, pkgs, ... }:
|
||
|
||
let
|
||
# bash script to let dbus know about important env variables and
|
||
# propagate them to relevent services run at the end of sway config
|
||
# see
|
||
# https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist
|
||
# note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts
|
||
# some user services to make sure they have the correct environment variables
|
||
dbus-sway-environment = pkgs.writeTextFile {
|
||
name = "dbus-sway-environment";
|
||
destination = "/bin/dbus-sway-environment";
|
||
executable = true;
|
||
|
||
text = ''
|
||
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
||
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
||
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
||
'';
|
||
};
|
||
|
||
# currently, there is some friction between sway and gtk:
|
||
# https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland
|
||
# the suggested way to set gtk settings is with gsettings
|
||
# for gsettings to work, we need to tell it where the schemas are
|
||
# using the XDG_DATA_DIR environment variable
|
||
# run at the end of sway config
|
||
configure-gtk = pkgs.writeTextFile {
|
||
name = "configure-gtk";
|
||
destination = "/bin/configure-gtk";
|
||
executable = true;
|
||
text = let
|
||
schema = pkgs.gsettings-desktop-schemas;
|
||
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
|
||
in ''
|
||
export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS
|
||
gnome_schema=org.gnome.desktop.interface
|
||
gsettings set $gnome_schema gtk-theme 'Dracula'
|
||
'';
|
||
};
|
||
|
||
|
||
in
|
||
|
||
{
|
||
imports =
|
||
[
|
||
./hardware-configuration.nix
|
||
./cachix.nix
|
||
./wayland.nix
|
||
];
|
||
|
||
# Bootloader
|
||
boot = {
|
||
loader = {
|
||
grub = {
|
||
enable = true;
|
||
device = "nodev";
|
||
useOSProber = true;
|
||
efiSupport = true;
|
||
enableCryptodisk = true;
|
||
};
|
||
efi = {
|
||
canTouchEfiVariables = true;
|
||
efiSysMountPoint = "/boot/efi";
|
||
};
|
||
};
|
||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||
extraModulePackages = with pkgs; [
|
||
config.boot.kernelPackages.v4l2loopback
|
||
];
|
||
kernelPackages = pkgs.linuxPackages_zen;
|
||
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
|
||
|
||
initrd.secrets = {
|
||
"/crypto_keyfile.bin" = null;
|
||
};
|
||
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
|
||
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
|
||
keyFile = "/crypto_keyfile.bin";
|
||
};
|
||
};
|
||
|
||
hardware.cpu.amd.updateMicrocode = true;
|
||
|
||
nix = {
|
||
settings = {
|
||
experimental-features = [ "nix-command" "flakes" ];
|
||
auto-optimise-store = true;
|
||
};
|
||
gc = {
|
||
automatic = true;
|
||
dates = "weekly";
|
||
options = "--delete-older-than 15d";
|
||
};
|
||
};
|
||
nixpkgs.config.allowUnfree = true;
|
||
systemd.services.NetworkManager-wait-online.enable = false;
|
||
networking = {
|
||
hostName = "LONDON";
|
||
networkmanager.enable = true;
|
||
firewall = {
|
||
enable = true;
|
||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||
allowedTCPPorts = [ 7000 7100 ];
|
||
allowedUDPPorts = [ 6000 6001 7011 ];
|
||
trustedInterfaces = [ "tailscale0" ];
|
||
checkReversePath = "loose";
|
||
};
|
||
nftables.enable = true;
|
||
};
|
||
|
||
time.timeZone = "Europe/London";
|
||
i18n.defaultLocale = "en_GB.utf8";
|
||
|
||
services = {
|
||
dbus.enable = true;
|
||
yubikey-agent.enable = true;
|
||
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
|
||
tailscale.enable = true;
|
||
pcscd.enable = true;
|
||
mullvad-vpn.enable = true;
|
||
xserver = {
|
||
layout = "us";
|
||
xkbVariant = "";
|
||
videoDrivers = [ "nvidia" ];
|
||
enable = true;
|
||
displayManager = {
|
||
gdm.wayland = true;
|
||
sddm.enable = true;
|
||
};
|
||
desktopManager.plasma5.enable = true;
|
||
};
|
||
pipewire = {
|
||
enable = true;
|
||
alsa.enable = true;
|
||
alsa.support32Bit = true;
|
||
pulse.enable = true;
|
||
jack.enable = true;
|
||
};
|
||
printing = {
|
||
enable = true;
|
||
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
|
||
};
|
||
avahi = {
|
||
nssmdns = true;
|
||
enable = true;
|
||
publish = {
|
||
enable = true;
|
||
userServices = true;
|
||
domain = true;
|
||
};
|
||
};
|
||
};
|
||
|
||
hardware = {
|
||
opengl = {
|
||
enable = true;
|
||
driSupport = true;
|
||
driSupport32Bit = true;
|
||
};
|
||
nvidia = {
|
||
modesetting.enable = true;
|
||
nvidiaSettings = true;
|
||
};
|
||
sane.enable = true;
|
||
sane.extraBackends = [ pkgs.epkowa ];
|
||
pulseaudio.enable = false;
|
||
};
|
||
|
||
xdg = {
|
||
portal = {
|
||
enable = true;
|
||
extraPortals = with pkgs; [
|
||
xdg-desktop-portal-wlr
|
||
xdg-desktop-portal-gtk
|
||
];
|
||
};
|
||
};
|
||
|
||
programs = {
|
||
zsh.enable = true;
|
||
fish.enable = true;
|
||
nix-ld.enable = true;
|
||
dconf.enable = true;
|
||
steam = {
|
||
enable = true;
|
||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
|
||
};
|
||
gnupg.agent = {
|
||
enable = true;
|
||
pinentryFlavor = "qt";
|
||
enableSSHSupport = false;
|
||
};
|
||
};
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users.gsimmer = {
|
||
shell = pkgs.fish;
|
||
isNormalUser = true;
|
||
description = "Gabriel Simmer";
|
||
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" ];
|
||
packages = with pkgs; [
|
||
firefox-wayland
|
||
vim
|
||
lm_sensors
|
||
];
|
||
};
|
||
|
||
virtualisation = {
|
||
docker = {
|
||
enable = true;
|
||
enableNvidia = true;
|
||
rootless = {
|
||
enable = true;
|
||
setSocketVariable = true;
|
||
};
|
||
};
|
||
libvirtd.enable = true;
|
||
};
|
||
|
||
fonts.packages = with pkgs; [
|
||
ibm-plex
|
||
jetbrains-mono
|
||
emojione
|
||
];
|
||
|
||
environment = {
|
||
shells = with pkgs; [ zsh fish ];
|
||
systemPackages = with pkgs; [
|
||
os-prober
|
||
tailscale
|
||
cifs-utils
|
||
pinentry-curses
|
||
noisetorch
|
||
nix-output-monitor
|
||
pinentry-qt
|
||
xdg-utils
|
||
dracula-theme
|
||
dbus-sway-environment
|
||
yubikey-touch-detector
|
||
i3pystatus (python310.withPackages(ps: with ps; [ i3pystatus keyring ]))
|
||
];
|
||
};
|
||
|
||
# -- Sway Stuff --
|
||
systemd.user.targets.sway-session = {
|
||
description = "Sway compositor session";
|
||
documentation = [ "man:systemd.special(7)" ];
|
||
bindsTo = [ "graphical-session.target" ];
|
||
wants = [ "graphical-session-pre.target" ];
|
||
after = [ "graphical-session-pre.target" ];
|
||
};
|
||
|
||
programs.sway = {
|
||
enable = true;
|
||
extraOptions = [ "--unsupported-gpu" ];
|
||
wrapperFeatures.gtk = true;
|
||
extraPackages = with pkgs; [
|
||
bemenu
|
||
swaylock
|
||
swayidle
|
||
xwayland
|
||
mako
|
||
kanshi
|
||
grim
|
||
slurp
|
||
wl-clipboard
|
||
wf-recorder
|
||
(python310.withPackages(ps: with ps; [ i3pystatus keyring ]))
|
||
];
|
||
extraSessionCommands = ''
|
||
export SDL_VIDEODRIVER=wayland
|
||
export QT_QPA_PLATFORM=wayland
|
||
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
|
||
export _JAVA_AWT_WM_NONREPARENTING=1
|
||
export MOZ_ENABLE_WAYLAND=1
|
||
export WLR_RENDERER=vulkan
|
||
'';
|
||
};
|
||
|
||
|
||
hardware.opengl.extraPackages = with pkgs; [
|
||
# trying to fix `WLR_RENDERER=vulkan sway`
|
||
vulkan-validation-layers
|
||
];
|
||
|
||
# configuring kanshi
|
||
systemd.user.services.kanshi = {
|
||
description = "Kanshi output autoconfig ";
|
||
wantedBy = [ "graphical-session.target" ];
|
||
partOf = [ "graphical-session.target" ];
|
||
environment = { XDG_CONFIG_HOME="/home/mschwaig/.config"; };
|
||
serviceConfig = {
|
||
# kanshi doesn't have an option to specifiy config file yet, so it looks
|
||
# at .config/kanshi/config
|
||
ExecStart = ''
|
||
${pkgs.kanshi}/bin/kanshi
|
||
'';
|
||
RestartSec = 5;
|
||
Restart = "always";
|
||
};
|
||
};
|
||
|
||
security = {
|
||
polkit.enable = true;
|
||
rtkit.enable = true;
|
||
};
|
||
system.stateVersion = "23.05"; # Did you read the comment?
|
||
|
||
}
|