# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). # dell latitude e6430 { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix # ./onlyoffice.nix ]; # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.useOSProber = true; networking.hostName = "ne010"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; ################################################################# # fro Intel Graphics Drivers # The default and recommended driver for Intel Graphics in X.org is modesetting (included in the xorg-server package itself). services.xserver.videoDrivers = [ "modesetting" "nvidia" ]; #remove nvidia for systemd with only intel graphics # Enable the KDE Plasma Desktop Environment. services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; # Configure keymap in X11 services.xserver.enable = true; services.xserver.xkb.layout = "us"; services.xserver.xkb.variant = ""; # Enable automatic login for the user. services.xserver.displayManager.autoLogin.enable = true; services.xserver.displayManager.autoLogin.user = "user"; # Enable xrdp services services.xrdp.defaultWindowManager = "startplasma-x11"; services.xrdp.enable = true; services.xrdp.openFirewall = true; ########################################################################################### # Enable CUPS to print documents. services.printing.enable = true; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # CUPS (is weird... does not support UTF-8), so from terminal change password via doas passwd > 123 > then localhost:631/admin use "username:root" "password:123" services.printing.drivers = [ pkgs.cups-dymo ]; # users.users.user = { # extraGroups = [ “lp” ]; # }; # The settings base is the CUPS daemon that needs to be running. This is how the user sends commands to the printer it has access to. But enabling CUPS is not enough, as it runs under its own user and for you to interact with it you will need to be part of the CUPS group. Without this setting I was unable to send any command to the printer(both of them). Also in case of a printer that does not use IPP you will probably need to add a driver for the printer as I did for the Dymo.# # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; ############################################################################################## # Enable Firmware Update services.fwupd.enable = true; ############################################################################################## # SECURITY : doas to replace sudo security.doas.enable = true; security.doas.extraRules = [{ groups = [ "wheel" ]; persist = true; keepEnv = true; }]; security.sudo.enable = false; security.sudo.execWheelOnly = true; ############################################################################################## ## NVIDIA : DRIVERS & SYSTEM #https://nixos.wiki/wiki/Nvidia # Enable OpenGL hardware.graphics.enable = true; hardware.nvidia = { prime = { offload = { enable = true; enableOffloadCmd = true; }; # Make sure to use the correct Bus ID values for your system! intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:01:0:0"; # amdgpuBusId = "PCI:54:0:0"; For AMD GPU }; # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). powerManagement.finegrained = false; # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). # Support is limited to the Turing and later architectures. Full list of # supported GPUs is at: # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; ############################################################################################## # Enable Ollama LLM manager services.ollama.enable = true; # services.ollama = { # enable = true; # acceleration = "cuda"; # }; ############################################################################################## ############################################################################################## # NIX PACKAGE : MANAGEMENT & APPLICATIONS # Allow unfree packages nixpkgs.config.allowUnfree = true; # NOTES: # List packages installed in system profile. To search, run: # $ nix search wget # Install firefox. programs.firefox = { enable = true; package = pkgs.librewolf; policies = { DisableTelemetry = true; DisableFirefoxStudies = true; Preferences = { "cookiebanners.service.mode.privateBrowsing" = 2; # Block cookie banners in private browsing "cookiebanners.service.mode" = 2; # Block cookie banners "privacy.donottrackheader.enabled" = true; "privacy.fingerprintingProtection" = true; "privacy.resistFingerprinting" = true; "privacy.trackingprotection.emailtracking.enabled" = true; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.fingerprinting.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; }; ExtensionSettings = { "jid1-ZAdIEUB7XOzOJw@jetpack" = { install_url = "https://addons.mozilla.org/firefox/downloads/latest/duckduckgo-for-firefox/latest.xpi"; installation_mode = "force_installed"; }; "uBlock0@raymondhill.net" = { install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; installation_mode = "force_installed"; }; }; }; }; environment.systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget git pcsclite alpaca btop libfido2 # netbird-ui gnupg # step-ca # step-cli # appimage-run # sshuttle ghostscript gparted # For L4-Sol Admin # appimage-run # Moved to Flatpak # blender # kdenlive # vlc # librewolf # onlyoffice-desktopeditors # gimp-with-plugins # inkscape-with-extensions # zoom-us # gitui # vscode # nextcloud-client wireguard-tools # For L5-Engineering/Devlopers [ NOTE MUST BE USED WITH 'CONTAINIZAZATION' SECTION!!! ] dive # look into docker image layers podman-tui # status of containers in the terminal docker-compose # start group of containers for dev #podman-compose # start group of containers for dev distrobox # KDE kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice kdePackages.kcalc # Calculator kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts kdePackages.kcolorchooser # A small utility to select a color kdePackages.kolourpaint # Easy-to-use paint program kdePackages.ksystemlog # KDE SystemLog Application kdePackages.sddm-kcm # Configuration module for SDDM kdiff3 # Compares and merges 2 or 3 files or directories hardinfo2 # System information and benchmarks for Linux systems haruna # Open source video player built with Qt/QML and libmpv xclip # Tool to access the X clipboard from a console application ]; ############################################################################################## # Enable Netbird # services.netbird.enable = true; # for netbird service & CLI ############################################################################################## # Enable flatpak services.flatpak.enable = true; # must add to install_flatpaks.sh "https://github.com/nargacu83/nixos/blob/main/install-flatpaks.sh" # flatpak --user override --filesystem=$HOME/.local/share/fonts:ro; # flatpak --user override --filesystem=$HOME/.icons:ro; # flatpak --user override --filesystem=/nix/store:ro; ############################################################################################## # Install nerdfonts # fonts.packages = with pkgs; [ # nerdfonts # corefonts # ]; ###################################################################################### # To Enable Virtualization # Enable libvirtd for managing virtual machines virtualisation.libvirtd.enable = true; # Enable virt-manager, the graphical user interface programs.virt-manager.enable = true; # Add the current user to the libvirtd group for access # users.users.username.extraGroups = [ "libvirtd" ]; users.groups.libvirtd.members = ["user"]; # Configure QEMU (optional) virtualisation.libvirtd.qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; # Enable services for QEMU guests (optional) services.qemuGuest.enable = true; services.spice-vdagentd.enable = true; # Enable copy and paste virtualisation.spiceUSBRedirection.enable = true; ###################################################################################### # To Enable Containerization # Enable common container config files in /etc/containers virtualisation.containers.enable = true; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; }; }; ############################################################################################## ## For "User" Customization/Tailoring # Define a user account. Don't forget to set a password with ‘passwd’. users.users.user = { isNormalUser = true; description = "user"; extraGroups = [ "networkmanager" "wheel" "audio" "sound" "video" "input" "tty" "lp"]; packages = with pkgs; [ kdePackages.kate jq # com.warlordsoftwares.youtube-downloader-4ktube # thunderbird ]; shell = "${pkgs.bashInteractive}${pkgs.bashInteractive.shellPath}"; # openssh.authorizedKeys.keyFiles = [ # /etc/nixos/ssh/authorized_keys #] }; ###################################################################################### #// NOTE: MUST REGISTER YUBIKEY 5C FIRST ON THE COMPUTER SYSTEM # Create an authorization mapping file for your user. The authorization mapping file is like ~/.ssh/known_hosts but for Yubikeys. # nix-shell -p pam_u2f # mkdir -p ~/.config/Yubico # pamu2fcfg > ~/.config/Yubico/u2f_keys # add another yubikey (optional): pamu2fcfg -n >> ~/.config/Yubico/u2f_keys #// Enable pam security.pam.u2f = { enable = true; settings = { interactive = true; cue = true; }; }; security.pam.services = { login.u2fAuth = false; sudo.u2fAuth = true; }; security.pam.yubico = { enable = true; debug = true; mode = "challenge-response"; id = [ "33722643" ]; #### Change for each yubikey, set for demo ki }; services.pcscd.enable = true; ###################################################################################### # Configure alias ############################################################################# # Enable pam for "user" #security.pam.u2f.settings = { # origin = "pam://yubi"; # authfile = pkgs.writeText "u2f-mappings" ( # username:KOQnz9gjYOETURdkWlK08ZHWQC/nS1zpJ8Ue8NhAojq93u85VsdGlUwEHrbVC4UD72PkLxlxu8W/zvH+htbe5g==,+6sZEp6pJ2xvC5+Bf4vImf3AfanY04M3UJ6lIdkz6vv5YZWSCqbaNtmtYnLB/9sQX3CfgwPHUVnWOx8yoF8/og==,es256,+presence # ":,,," # ); # }; # services = { # pcscd.enable = true; # udev.packages = [ pkgs.yubikey-personalization ]; # }; ###################################################################################### # security.pam.u2f = { # origin = "pam://nixos"; # authFile = pkgs.writeText "u2f-mappings" (lib.concatStrings [ # user # ":EX33RpQfJfL424vAnY5vBu4T1wZpHl9cg6UhIRIpmPGoGagAaVxWlVyIxiCGvQltJaVqvDvOmw7Oto19uYEE1QDGd4mwmUTYNljg58jVTbF6slBvwSWFXkolpi7Opshk,59PIz9PuXnrJT9/OGX0XPKmeEpkhyFlruiKGeCgYl4NEhCXrkPhaMQ6un87MKkFtM5V1Qu0eTme863zOg97NAQ==,es256,+presence" #":,,," # ]); # }; # security.pam.services = { # login.u2fAuth = true; # sudo.u2fAuth = true; # }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "25.05"; # Did you read the comment? }