diff options
Diffstat (limited to 'machines/profpatsch/katara.nix')
| -rw-r--r-- | machines/profpatsch/katara.nix | 343 |
1 files changed, 343 insertions, 0 deletions
diff --git a/machines/profpatsch/katara.nix b/machines/profpatsch/katara.nix new file mode 100644 index 00000000..00cbe88b --- /dev/null +++ b/machines/profpatsch/katara.nix @@ -0,0 +1,343 @@ +{ config, pkgs, lib, ... }: +let + + myPkgs = import ./pkgs.nix { inherit pkgs; }; + + mytexlive = with pkgs.texlive; combine { inherit scheme-medium minted units collection-bibtexextra; }; + +in { + + config = rec { + + ######### + # Kernel + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.luks.devices = [ { device = "/dev/sda2"; name = "cryptroot"; } ]; + + + ########### + # Hardware + + + fileSystems."/" = { + device = "/dev/dm-0"; + fsType = "btrfs"; + options = [ "ssd" ]; + }; + + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "ext3"; + }; + + hardware.pulseaudio.enable = true; + vuizvui.hardware.thinkpad.enable = true; + + + ###### + # Nix + + nix.maxJobs = 2; + vuizvui.enableGlobalNixpkgsConfig = true; + + ########## + # Network + + networking.hostName = "katara"; + networking.networkmanager.enable = true; + + networking.firewall = { + enable = true; + # Programmer’s dilemma + allowedTCPPortRanges = [ + { from = 8000; to = 8005; } + { from = 8080; to = 8085; } + ]; + }; + + i18n = { + consoleFont = "lat9w-16"; + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + + ########### + # Packages + + environment.profileRelativeEnvVars = { EDITOR = [ "${pkgs.vim}/bin/vim" ]; }; + + environment.systemPackages = with pkgs; + let + systemPkgs = [ + atool # archive tools + curl # transfer data to/from a URL + diffoscope # diff whole filetrees (and archives) + dos2unix # text file conversion + fdupes # file duplicate finder + file # file information + git # version control system + gnupg # PGP encryption + htop # top replacement + imagemagick # image conversion + jmtpfs # MTP fuse + gnumake # make + manpages # system manpages (not included by default) + mkpasswd # UNIX password creator + mosh # ssh with stable connections + nmap # stats about clients in the network + silver-searcher # file content searcher, > ack > grep + stow # dotfile management + tmux # detachable terminal multiplexer + traceroute # trace ip routes + vim # slight improvement over vi + wget # the other URL file fetcher + ]; + xPkgs = [ + dmenu # simple UI menu builder + dunst # notification daemon (implements libnotify) + i3lock # lock screen + libnotify # notification library + lxappearance # GTK theme chooser + myPkgs.taffybar # status bar + xbindkeys # keybinding manager + xclip # clipboard thingy + xorg.xkill # X11 application kill + ]; + guiPkgs = [ + gnome3.adwaita-icon-theme + # TODO: get themes to work. See notes.org. + gnome3.gnome_themes_standard + # kde4.oxygen-icons TODO + ]; + userPrograms = [ + abcde # high-level cd-ripper with tag support + anki # spaced repetition system + audacity lame # audio editor and mp3 codec + beets # audio file metadata tagger + # chromium # browser + (chromium.override { enablePepperFlash = true; }) + dropbox-cli # dropbox.com client + emacs # pretty neat operating system i guess + feh # brother of meh, displays images in a meh way, but fast + filezilla # FTP GUI business-ready interface framework + ghc # Glasgow Haskell Compiler, mostly for ghci + gimp # graphics + gmpc # mpd client and best music player interface in the world + httpie + keepassx # password manager + libreoffice # a giant ball of C++, that sometimes helps with proprietary shitformats + lilyterm # terminal emulator, best one around + # lyx mytexlive # you didn’t see a thing + mpv # you are my sun and my stars. and you play my stuff. + newsbeuter # RSS/Atom feed reader + networkmanagerapplet # NetworkManager status bar widget + poezio # CLI XMPP client + poppler_utils # pdfto* + ranger # CLI file browser + rtorrent # monster of a bittorrent client + stack # haskell package manager + pkgs.vuizvui.show-qr-code # display a QR code + zathura # pdf viewer + ]; + mailPkgs = [ + elinks # command line browser + myPkgs.offlineimap # IMAP client + mutt-with-sidebar # has been sucking less since 1970 + msmtp # SMTP client + notmuch # mail indexer + ]; + nixPkgs = [ + nix-repl # nix REPL + nix-prefetch-scripts # prefetch store paths from various destinations + haskellPackages.cabal2nix # convert cabal files to nix + ]; + tmpPkgs = [ + # needs user service + redshift # increases screen warmth at night (so i don’t have to feel cold) + snapper + ]; + in systemPkgs ++ xPkgs ++ guiPkgs ++ userPrograms ++ nixPkgs ++ mailPkgs ++ nixPkgs ++ tmpPkgs; + system.extraDependencies = with pkgs; lib.singleton ( + # Haskell packages I want to keep around + haskellPackages.ghcWithPackages (hpkgs: with hpkgs; + [ + # frp + frpnow + gloss + gtk + frpnow-gtk + frpnow-gloss + + lens + wreq + aeson-lens + ])) + ++ + # other packages that I use sometimes in a shell + [ + #wkhtmltopdf + rustc + haskellPackages.purescript + ]; + + ########### + # Services + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = [ pkgs.gutenprint ]; + }; + + time.timeZone = "Europe/Berlin"; + + # redshift TODO as user + services.redshift = { + # enable = true; + latitude = "48"; + longitude = "10"; + temperature.day = 6300; + }; + + # locate + services.locate = { + enable = true; + }; + + # Automount + services.udisks2.enable = true; + + services.journald.extraConfig = "SystemMaxUse=50M"; + + # TODO: taffybar battery depends on this + services.upower.enable = true; + + ################### + # Graphical System + + services.xserver = { + enable = true; + layout = "de"; + xkbVariant = "neo"; + xkbOptions = "altwin:swap_alt_win"; + serverFlagsSection = '' + Option "StandbyTime" "10" + Option "SuspendTime" "20" + Option "OffTime" "30" + ''; + synaptics.enable = true; + synaptics.minSpeed = "0.5"; + synaptics.accelFactor = "0.01"; + videoDrivers = [ "intel" ]; + + # otherwise xterm is enabled, creating an xterm that spawns the window manager. + desktopManager.xterm.enable = false; + + # TODO: include taffybar + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + displayManager = { + desktopManagerHandlesLidAndPower = false; + sessionCommands = + '' + #TODO add as nixpkg + export PATH+=":$HOME/scripts" #add utility scripts + export EDITOR=emacsclient + xset r rate 250 35 + set-background & + # TODO xbindkeys user service file + xbindkeys + nice -n19 dropbox start & + nm-applet & + ''; + }; + + startGnuPGAgent = true; + + }; + + fonts.fontconfig = { + defaultFonts = { + monospace = [ "Source Code Pro" "DejaVu Sans Mono" ]; # TODO does not work + sansSerif = [ "Liberation Sans" ]; + }; + # use overkill infinality settings from old Arch installation + ultimate = { + rendering = { + INFINALITY_FT_FILTER_PARAMS = "08 24 36 24 08"; + INFINALITY_FT_FRINGE_FILTER_STRENGTH = "25"; + INFINALITY_FT_USE_VARIOUS_TWEAKS = "true"; + INFINALITY_FT_WINDOWS_STYLE_SHARPENING_STRENGTH = "25"; + INFINALITY_FT_STEM_ALIGNMENT_STRENGTH = "15"; + INFINALITY_FT_STEM_FITTING_STRENGTH = "15"; + }; + }; + }; + fonts.fonts = with pkgs; [ + corefonts + source-han-sans-japanese + source-han-sans-korean + source-han-sans-simplified-chinese + source-code-pro + dejavu_fonts + ubuntu_font_family + ]; + + + ######## + # Users + + # Nobody wants mutable state. :) + users.mutableUsers = false; + users.extraUsers = + let authKeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJhthfk38lzDvoI7lPqRneI0yBpZEhLDGRBpcXzpPSu+V0YlgrDix5fHhBl+EKfw4aeQNvQNuAky3pDtX+BDK1b7idbz9ZMCExy2a1kBKDVJz/onLSQxiiZMuHlAljVj9iU4uoTOxX3vB85Ok9aZtMP1rByRIWR9e81/km4HdfZTCjFVRLWfvo0s29H7l0fnbG9bb2E6kydlvjnXJnZFXX+KUM16X11lK53ilPdPJdm87VtxeSKZ7GOiBz6q7FHzEd2Zc3CnzgupQiXGSblXrlN22IY3IWfm5S/8RTeQbMLVoH0TncgCeenXH7FU/sXD79ypqQV/WaVVDYMOirsnh/ philip@nyx"]; + in { + philip = rec { + name = "philip"; + group = "users"; + extraGroups = [ "wheel" "networkmanager" ]; + uid = 1000; + createHome = true; + home = "/home/philip"; + passwordFile = "${home}/.config/passwd"; + # password = "test"; # in case of emergency, break glass + shell = "/run/current-system/sw/bin/fish"; + openssh.authorizedKeys.keys = authKeys; + }; + }; + + ########### + # Programs + + # see gpgAgent + programs.ssh.startAgent = false; + + # friendly user shell + programs.fish.enable = true; + + vuizvui.user.profpatsch.programs.scanning.enable = true; + + ####### + # Misc + + # TODO seems to work only sometimes in chromium + # security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; + + ######## + # Fixes + + # fix for emacs ssh + programs.bash.promptInit = "PS1=\"# \""; + + }; +} |