├── .gitignore ├── README.rst ├── configuration-eve.nix ├── filesystems-boot-root-tmptmpfs.nix ├── hardware.nix ├── intel-xts-luksroot-sda.nix └── nobeep.nix /.gitignore: -------------------------------------------------------------------------------- 1 | postfix_generic_map.db 2 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | NixOS Configuration 2 | =================== 3 | 4 | Configuration and description of my nixos configuration. If you have some nice 5 | ideas how to improve, feel free to fork and let me know about your 6 | changes or just write me an email. 7 | 8 | Also if I am explaining something wrong, please let me know. 9 | 10 | Enjoy NixOS! 11 | 12 | How I use this config:: 13 | 14 | % ls -l /etc/nixos 15 | total 8K 16 | drwx------ 3 root root 4096 Feb 13 2011 cfg-private/ 17 | drwxr-xr-x 4 cfl cfl 4096 Jul 16 00:50 cfg-public/ 18 | lrwxrwxrwx 1 root root 32 Jan 12 2012 configuration.nix -> cfg-public/configuration-eve.nix 19 | 20 | cfg-public is the nixos-configurations repo, cfg-private contains 21 | credentials for e.g. postfix smtp delivery. 22 | 23 | 24 | Hardware 25 | -------- 26 | 27 | Laptop, Lenovo x201s, Core i7 L640, WXGA+ screen 28 | 29 | lspci:: 30 | 31 | 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02) 32 | 00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 02) 33 | 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 34 | 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 06) 35 | 00:1a.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 36 | 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06) 37 | 00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 06) 38 | 00:1c.4 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 5 (rev 06) 39 | 00:1d.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 40 | 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a6) 41 | 00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 06) 42 | 00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 06) 43 | 00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 06) 44 | 00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 06) 45 | 02:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 35) 46 | ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02) 47 | ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02) 48 | ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02) 49 | ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02) 50 | ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02) 51 | ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02) 52 | 53 | 54 | Software 55 | -------- 56 | 57 | - display manager: slim 58 | - window manager: xmonad 59 | - mailing: postfix, offlineimap, notmuch, emacs 60 | - calendar: emacs, orgmode 61 | - browser: conkeror, firefox, chrome 62 | 63 | 64 | Dealing with non-NixOS builds 65 | ----------------------------- 66 | 67 | NixOS does not have ``/usr``, instead there are profiles. 68 | 69 | You can define environments_, and use them to create profiles:: 70 | 71 | $ nix-env -p $NIX_USER_PROFILE_DIR/py27 -i py27env 72 | 73 | The same, but using a wrapper_:: 74 | 75 | $ pnix-env py27 -i py27env 76 | 77 | To use the environment, I use `another wrapper`_:: 78 | 79 | $ py27env python bootstrap.py 80 | $ py27env python ./bin/buildout 81 | 82 | It can also be sourced:: 83 | 84 | $ source ~/bin/py27env 85 | 86 | More on this you can find here_. 87 | 88 | .. _environments: https://github.com/chaoflow/skel/blob/master/.nixpkgs/config.nix 89 | .. _wrapper: https://github.com/chaoflow/skel/blob/master/bin/pnix-env 90 | .. _`another wrapper`: https://github.com/chaoflow/skel/blob/master/bin/py27env 91 | .. _here: http://wiki.nixos.org/wiki/Howto_keep_multiple_packages_up_to_date_at_once 92 | 93 | Advantages 94 | ^^^^^^^^^^ 95 | 96 | - rollback in case something is broken 97 | 98 | - possibility for having dedicated build environments 99 | 100 | - Packages that search things in ``/usr`` still won't work, but you 101 | can use one such profile and link it to ``/usr``. However, better 102 | would be to patch the offending packages. 103 | 104 | FAQ 105 | --- 106 | 107 | Q: How can I get a shell in an nix build environment? 108 | A: "exit 1" in the corresponding phase + nix-env -K 109 | 110 | 1. "exit 1" in the corresponding phase 111 | 2. nix-env -K -> will print the temp dir that is left over 112 | 113 | or: 114 | 115 | nix-build -K -A emacs23Packages.org /etc/nixos/nixpkgs/default.nix 116 | 117 | 118 | 119 | TODO 120 | ---- 121 | 122 | - emacs speedup man pages 123 | 124 | - create config dir in nixos svn and point to github, wait for github 125 | migration 126 | 127 | - suspend and hibernate vie Fn-, used to work via awesome 128 | mappings 129 | 130 | - (semi-)automatic backup 131 | 132 | - hibernate on very low battery 133 | 134 | - modularize config so generic parts can be reused by others directly 135 | 136 | - grub menu: indicate number of profile used as default, eg. in brackets 137 | 138 | Issues 139 | ^^^^^^ 140 | 141 | - iwconfig wlan0 mode ad-hoc (with >3_0?) 142 | 143 | - notmuch asks twice for passphrase, probably something about the 144 | gpg-agent 145 | 146 | - sudo does not remember me after system restart, /var/run/sudo is on tmpfs 147 | 148 | - anacron or is it somehow else ensured that commands are run, if 149 | powered off at given time 150 | 151 | - collisions in system-environment, priorization? 152 | 153 | - mail (from mailutils) expects /usr/bin/sendmail 154 | 155 | - postfix issues several warnings 156 | 157 | - postfix, received header (Local time zone must be set--see zic 158 | manual page) 159 | 160 | - postfix, verify server certificate 161 | 162 | - postfix, check whether it runs chrooted 163 | 164 | - postconf: smtp_sasl_tls_security_options = $var_smtp_sasl_opts ?! 165 | manually overwritten 166 | 167 | 168 | nice to have 169 | ^^^^^^^^^^^^ 170 | - get pm-suspend-hybrid to work, I think it does hibernate but then 171 | only suspends. Good if you forget that your laptop is in suspend for 172 | a couple of days. On the other hand, hibernate and resume from it is 173 | fast enough. so basically no need for suspend. 174 | 175 | - pm-powersave true|false support? 176 | 177 | - package qbittorrent 178 | 179 | - how could profiles be tested? including then packaged vim plugins, 180 | zc.buildouts depending on them, ... Would be great to build a new 181 | profile and automatically test it 182 | 183 | - can system profiles be labelled so they show up more meaningful in 184 | grub? 185 | 186 | - replace rsyslog with something that buffers and only rarely writes 187 | to disk (old, from ubuntu) 188 | 189 | - check sata link, host1 does not like min_power or something sets 190 | them to max_performance again (old, from ubuntu) 191 | 192 | - console keymap (alt, ctrl on caps) 193 | 194 | - mail relay should pretend mails coming via submission are locally 195 | generated to hide ip of the client sending it (server issue, not 196 | nixos related) 197 | 198 | 199 | - nix store optimise reports far less savings than achieved:: 200 | 201 | [root@eve:~]# df -h 202 | Filesystem Size Used Avail Use% Mounted on 203 | /dev/mapper/eve-nixos 204 | 7.9G 5.0G 2.6G 67% / 205 | none 3.9G 2.0M 3.9G 1% /dev 206 | tmpfs 3.9G 0 3.9G 0% /dev/shm 207 | none 3.9G 720K 3.9G 1% /var/run 208 | /dev/mapper/eve-home 119G 100G 14G 89% /home 209 | 210 | [root@eve:~]# nix-store --optimise 211 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.ccwmap' 212 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.ofmap' 213 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.pcimap' 214 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.seriomap' 215 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.symbols' 216 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.ieee1394map' 217 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.isapnpmap' 218 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.alias' 219 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.inputmap' 220 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.dep' 221 | skipping suspicious writable file `/nix/store/h531fraz114nyf7bh15aqfdk9nif6j8q-linux-2.6.36.2/lib/modules/2.6.36.2/modules.usbmap' 222 | 816411305 bytes (778.59 MiB, 3690712 blocks) freed by hard-linking 308398 files; there are 308398 files with equal contents out of 404000 files in total 223 | 224 | [root@eve:~]# df -h 225 | Filesystem Size Used Avail Use% Mounted on 226 | /dev/mapper/eve-nixos 227 | 7.9G 3.2G 4.3G 43% / 228 | none 3.9G 2.0M 3.9G 1% /dev 229 | tmpfs 3.9G 0 3.9G 0% /dev/shm 230 | none 3.9G 720K 3.9G 1% /var/run 231 | /dev/mapper/eve-home 119G 100G 14G 89% /home 232 | 233 | 234 | Credits 235 | ------- 236 | 237 | A big thank you for patient support via irc and mail: 238 | 239 | - Cillian de Róiste 240 | - Eelco Dolstra 241 | - Evgeny Egorochkin 242 | - Lluís Batlle i Rossell 243 | - Marc Weber 244 | - Micheal Raskin 245 | - Nicolas Pierron 246 | - Peter Simons 247 | - Vladimír Čunát 248 | -------------------------------------------------------------------------------- /configuration-eve.nix: -------------------------------------------------------------------------------- 1 | # Edit this configuration file which defines what would be installed on the 2 | # system. To Help while choosing option value, you can watch at the manual 3 | # page of configuration.nix or at the last chapter of the manual available 4 | # on the virtual console 8 (Alt+F8). 5 | 6 | { pkgs, ... }: 7 | 8 | { 9 | require = [ 10 | ./hardware.nix 11 | ./intel-xts-luksroot-sda.nix 12 | ./filesystems-boot-root-tmptmpfs.nix 13 | ./nobeep.nix 14 | ]; 15 | 16 | boot = { 17 | extraModprobeConfig = '' 18 | options thinkpad_acpi fan_control=1 19 | ''; 20 | initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; 21 | allowDiscards = true; } ]; 22 | # powertop needs msr and so far it does not load when needed 23 | kernelModules = [ "msr" ]; 24 | kernelPackages = pkgs.linuxPackages_3_16; 25 | # major:minor number of my swap device, fully lvm-based system 26 | #resumeDevice = "254:1"; 27 | }; 28 | 29 | environment = { 30 | #nix = pkgs.nixUnstable; 31 | 32 | # To also get the header files in the system environment. You only need 33 | # this if you want compile non-nixos stuff against the system environment. 34 | # You would only want that as a part of temporary solution to continue on 35 | # whatever you were working before christmas. However, there are better 36 | # ways. See https://github.com/chaoflow/nixos-configurations for more on 37 | # that. 38 | #pathsToLink = ["include"]; 39 | 40 | # shellInit = '' 41 | # export GEM_PATH=/var/run/current-system/sw/${pkgs.ruby.gemPath} 42 | # export RUBYLIB=/var/run/current-system/sw/lib 43 | # export RUBYOPT=rubygems 44 | # ''; 45 | 46 | systemPackages = with pkgs; [ 47 | acpitool 48 | alsaLib 49 | alsaPlugins 50 | alsaUtils 51 | cpufrequtils 52 | cryptsetup 53 | ddrescue 54 | dmenu 55 | file 56 | hdparm 57 | htop 58 | keychain 59 | sdparm 60 | zsh 61 | ant 62 | autoconf 63 | automake 64 | bazaar 65 | bazaarTools 66 | bc 67 | beret 68 | cmake 69 | colordiff 70 | cvs 71 | cvsps 72 | gcc 73 | gdb 74 | geeqie 75 | ghostscript 76 | gimp 77 | gitAndTools.gitFull 78 | gitAndTools.svn2git 79 | gitAndTools.tig 80 | gnupg 81 | gnupg1 82 | gnumake 83 | gperf 84 | graphviz 85 | guile 86 | imagemagick 87 | io 88 | irssi 89 | jscoverage 90 | jwhois 91 | links2 92 | lsof 93 | lua5 94 | lxdvdrip 95 | lynx 96 | man 97 | mdbtools 98 | mercurial 99 | ncftp 100 | netcat 101 | nmap 102 | openvpn 103 | p7zip 104 | parted 105 | pdfjam 106 | pinentry 107 | powertop 108 | pwgen 109 | qrencode 110 | rtorrent 111 | ruby 112 | screen 113 | stdmanpages 114 | subversion 115 | tcpdump 116 | telnet 117 | (let myTexLive = 118 | pkgs.texLiveAggregationFun { 119 | paths = 120 | [ pkgs.texLive 121 | pkgs.texLiveCMSuper 122 | pkgs.texLiveExtra 123 | pkgs.texLiveBeamer ]; 124 | }; 125 | in myTexLive) 126 | units 127 | unzip 128 | vim 129 | vlc 130 | w3m 131 | wget 132 | zip 133 | gv 134 | glxinfo 135 | mplayer 136 | rxvt_unicode 137 | qemu_kvm 138 | scrot 139 | unetbootin 140 | xlockmore 141 | xorg.xkill 142 | xpdf 143 | 144 | haskellPackages.xmonad 145 | haskellPackages.xmonadContrib 146 | haskellPackages.xmonadExtras 147 | stalonetray 148 | wpa_supplicant_gui 149 | xfontsel 150 | xlibs.xev 151 | xlibs.xinput 152 | xlibs.xmessage 153 | xlibs.xmodmap 154 | ]; 155 | }; 156 | 157 | # XXX: add more fonts! 158 | fonts = { 159 | enableCoreFonts = true; 160 | enableFontDir = true; 161 | enableGhostscriptFonts = false; 162 | 163 | # terminus I use for rxvt-unicode 164 | # see https://github.com/chaoflow/chaoflow.skel.home/blob/master/.Xdefaults 165 | fonts = [ 166 | #pkgs.cantarell_fonts 167 | #pkgs.dejavu_fonts 168 | #pkgs.dosemu_fonts 169 | #pkgs.freefont_ttf 170 | #pkgs.liberation_ttf 171 | pkgs.terminus_font 172 | #pkgs.ubuntu_font_family 173 | #pkgs.ucsFonts 174 | #pkgs.unifont 175 | #pkgs.vistafonts 176 | #pkgs.xlibs.fontadobe100dpi 177 | #pkgs.xlibs.fontadobe75dpi 178 | #pkgs.xlibs.fontadobeutopia100dpi 179 | #pkgs.xlibs.fontadobeutopia75dpi 180 | #pkgs.xlibs.fontadobeutopiatype1 181 | #pkgs.xlibs.fontarabicmisc 182 | pkgs.xlibs.fontbh100dpi 183 | pkgs.xlibs.fontbh75dpi 184 | pkgs.xlibs.fontbhlucidatypewriter100dpi 185 | pkgs.xlibs.fontbhlucidatypewriter75dpi 186 | pkgs.xlibs.fontbhttf 187 | pkgs.xlibs.fontbhtype1 188 | pkgs.xlibs.fontbitstream100dpi 189 | pkgs.xlibs.fontbitstream75dpi 190 | pkgs.xlibs.fontbitstreamtype1 191 | #pkgs.xlibs.fontcronyxcyrillic 192 | pkgs.xlibs.fontcursormisc 193 | pkgs.xlibs.fontdaewoomisc 194 | pkgs.xlibs.fontdecmisc 195 | pkgs.xlibs.fontibmtype1 196 | pkgs.xlibs.fontisasmisc 197 | pkgs.xlibs.fontjismisc 198 | pkgs.xlibs.fontmicromisc 199 | pkgs.xlibs.fontmisccyrillic 200 | pkgs.xlibs.fontmiscethiopic 201 | pkgs.xlibs.fontmiscmeltho 202 | pkgs.xlibs.fontmiscmisc 203 | pkgs.xlibs.fontmuttmisc 204 | pkgs.xlibs.fontschumachermisc 205 | pkgs.xlibs.fontscreencyrillic 206 | pkgs.xlibs.fontsonymisc 207 | pkgs.xlibs.fontsunmisc 208 | pkgs.xlibs.fontwinitzkicyrillic 209 | pkgs.xlibs.fontxfree86type1 210 | ]; 211 | }; 212 | 213 | hardware.pulseaudio.enable = true; 214 | # per user is broken (for me?) 215 | hardware.pulseaudio.systemWide = true; 216 | hardware.trackpoint.enable = true; 217 | hardware.trackpoint.sensitivity = 255; 218 | #hardware.trackpoint.speed = 255; 219 | 220 | # Select internationalisation properties. 221 | i18n = { 222 | consoleFont = "lat9w-16"; 223 | consoleKeyMap = "us"; 224 | defaultLocale = "en_US.UTF-8"; 225 | }; 226 | 227 | networking = { 228 | domain = "chaoflow.net"; 229 | # hardcode domain name 230 | # extraHosts = '' 231 | # 127.0.0.1 eve.chaoflow.net eve 232 | # ''; 233 | firewall = { 234 | allowedTCPPorts = [ 80 ]; 235 | enable = true; 236 | }; 237 | hostName = "eve"; 238 | interfaceMonitor.enable = false; # Watch for plugged cable. 239 | # host network for qemu-kvm 240 | localCommands = '' 241 | ip addr add 10.0.0.1/24 dev lo 242 | ${pkgs.procps}/sbin/sysctl -w net.ipv4.ip_forward=1 243 | ''; 244 | networkmanager.enable = false; 245 | wireless.enable = true; 246 | wireless.driver = "nl80211"; 247 | wireless.interfaces = [ "wlp2s0" ]; 248 | wireless.userControlled.enable = true; 249 | }; 250 | 251 | nix.extraOptions = '' 252 | auto-optimise-store = true 253 | env-keep-derivations = true 254 | gc-keep-outputs = true 255 | gc-keep-derivations = true 256 | ''; 257 | nix.useChroot = true; 258 | 259 | nixpkgs.config = { 260 | # XXX: unused so far 261 | xkeyboard_config = { extraLayoutPath = "./xkb-layout/chaoflow"; }; 262 | }; 263 | 264 | powerManagement.cpuFreqGovernor = "ondemand"; 265 | powerManagement.enable = true; 266 | #powerManagement.aggressive = true; 267 | 268 | users.defaultUserShell = "/var/run/current-system/sw/bin/zsh"; 269 | 270 | security.pam.loginLimits = [ 271 | { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } 272 | ]; 273 | 274 | services.atd.enable = false; 275 | services.dovecot2.enable = true; 276 | services.dovecot2.enablePop3 = false; 277 | services.dovecot2.mailLocation = "maildir:~/.mail"; 278 | services.dovecot2.extraConfig = '' 279 | listen = 127.0.0.1 280 | namespace { 281 | separator = / 282 | inbox = yes 283 | } 284 | ''; 285 | services.httpd = { 286 | adminAddr = "flo@chaoflow.net"; 287 | enable = true; 288 | enablePHP = true; 289 | enableUserDir = true; 290 | }; 291 | services.locate.enable = true; 292 | services.nixosManual.showManual = false; 293 | services.openssh.enable = false; 294 | services.printing.enable = true; 295 | services.printing.drivers = [ pkgs.foomatic_filters ]; 296 | services.postfix = { 297 | destination = [ "localhost" "eve.chaoflow.net" ]; 298 | enable = true; 299 | extraConfig = '' 300 | # For all options see ``man 5 postconf`` 301 | # Take care, empty lines will mess up whitespace removal. It would be 302 | # nice if empty lines would not be considered in minimal leading 303 | # whitespace analysis, but don't know about further implications. Also 304 | # take care not to mix tabs and spaces. Should tabs be treated like 8 305 | # spaces? 306 | # 307 | # ATTENTION! Will log passwords 308 | #debug_peer_level = 4 309 | #debug_peer_list = tesla.chaoflow.net 310 | inet_interfaces = loopback-only 311 | # 312 | # the nixos config option does not allow to specify a port, beware: 313 | # small 'h' in contrast to the config option with capital 'H' 314 | relayhost = [0x2c.org]:submission 315 | #relayhost = [127.0.0.1]:1587 316 | # 317 | #XXX: needs server certificate checking 318 | #smtp_enforce_tls = yes 319 | # 320 | # postfix generic map example content: 321 | # user@local.email user@public.email 322 | # Run ``# postmap hash:/etc/nixos/cfg-private/postfix_generic_map`` 323 | # after changing it. 324 | smtp_generic_maps = hash:/etc/nixos/cfg-private/postfix_generic_map 325 | smtp_sasl_auth_enable = yes 326 | smtp_sasl_mechanism_filter = plain, login 327 | # 328 | # username and password for smtp auth, example content: 329 | # : 330 | # The is exactly what you specified for relayHost, resp. 331 | # relayhost. 332 | smtp_sasl_password_maps = hash:/etc/nixos/cfg-private/postfix_passwd 333 | smtp_sasl_security_options = noanonymous 334 | smtp_sasl_tls_security_options = $smtp_sasl_security_options 335 | smtp_use_tls = yes 336 | ''; 337 | hostname = "eve.chaoflow.net"; 338 | rootAlias = "cfl"; 339 | }; 340 | services.thinkfan.enable = true; 341 | services.xserver = { 342 | autorun = true; 343 | # no desktop manager, no window manager configured here. This 344 | # results in only one session *custom* for slim which executes 345 | # ~/.xsession. See: 346 | # https://github.com/chaoflow/chaoflow.skel.home/blob/master/.xsession 347 | desktopManager.xterm.enable = false; 348 | displayManager.slim = { 349 | defaultUser = "cfl"; 350 | #hideCursor = true; 351 | }; 352 | enable = true; 353 | exportConfiguration = true; 354 | # custom is set in ./bin/init_keyboard.sh via .xsession with the 355 | # advantage of not breaking X in case the layout did not make it into the 356 | # newest profile generation 357 | layout = "us"; 358 | }; 359 | 360 | # List swap partitions that are mounted at boot time. 361 | #swapDevices = [{ label = "swap"; }]; 362 | 363 | #time.timeZone = "Asia/Hong_Kong"; 364 | time.timeZone = "Europe/Berlin"; 365 | #time.timeZone = "US/Eastern"; 366 | #time.timeZone = "US/Pacific"; 367 | } 368 | -------------------------------------------------------------------------------- /filesystems-boot-root-tmptmpfs.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | fileSystems = [ 3 | # Copy & Paste & Uncomment & Modify to add any other file system. 4 | # 5 | # { mountPoint = "/data"; # where you want to mount the device 6 | # device = "/dev/sdb"; # the device or the label of the device 7 | # # label = "data"; 8 | # fsType = "ext3"; # the type of the partition. 9 | # options = "data=journal"; 10 | # } 11 | { mountPoint = "/"; label = "root"; } 12 | { mountPoint = "/boot"; label = "boot"; } 13 | { mountPoint = "/tmp"; 14 | device = "tmpfs"; 15 | fsType = "tmpfs"; 16 | options = "nosuid,nodev,relatime"; 17 | } 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /hardware.nix: -------------------------------------------------------------------------------- 1 | { modulesPath, ... }: 2 | 3 | ### Lenovo x201s 4 | # 5 | # % lspci 6 | # 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02) 7 | # 00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 02) 8 | # 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 9 | # 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 06) 10 | # 00:1a.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 11 | # 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06) 12 | # 00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 06) 13 | # 00:1c.4 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 5 (rev 06) 14 | # 00:1d.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 15 | # 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a6) 16 | # 00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 06) 17 | # 00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 06) 18 | # 00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 06) 19 | # 00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 06) 20 | # 02:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 35) 21 | # ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02) 22 | # ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02) 23 | # ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02) 24 | # ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02) 25 | # ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02) 26 | # ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02) 27 | 28 | ### Lenovo x220 29 | # 30 | # % lspci 31 | # 00:00.0 Host bridge: Intel Corporation Sandy Bridge DRAM Controller (rev 09) 32 | # 00:02.0 VGA compatible controller: Intel Corporation Device 0126 (rev 09) 33 | # 00:16.0 Communication controller: Intel Corporation Cougar Point HECI Controller #1 (rev 04) 34 | # 00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04) 35 | # 00:1a.0 USB Controller: Intel Corporation Cougar Point USB Enhanced Host Controller #2 (rev 04) 36 | # 00:1b.0 Audio device: Intel Corporation Cougar Point High Definition Audio Controller (rev 04) 37 | # 00:1c.0 PCI bridge: Intel Corporation Cougar Point PCI Express Root Port 1 (rev b4) 38 | # 00:1c.1 PCI bridge: Intel Corporation Cougar Point PCI Express Root Port 2 (rev b4) 39 | # 00:1c.4 PCI bridge: Intel Corporation Cougar Point PCI Express Root Port 5 (rev b4) 40 | # 00:1d.0 USB Controller: Intel Corporation Cougar Point USB Enhanced Host Controller #1 (rev 04) 41 | # 00:1f.0 ISA bridge: Intel Corporation Cougar Point LPC Controller (rev 04) 42 | # 00:1f.2 SATA controller: Intel Corporation Cougar Point 6 port SATA AHCI Controller (rev 04) 43 | # 00:1f.3 SMBus: Intel Corporation Cougar Point SMBus Controller (rev 04) 44 | # 03:00.0 Network controller: Intel Corporation 6000 Series Gen2 (rev 34) 45 | # 0d:00.0 System peripheral: Ricoh Co Ltd Device e823 (rev 04) 46 | 47 | { 48 | # You may have a different wifi card 49 | # XXX: should these be turned into networking enable option (see 3945.nix)? 50 | require = [ 51 | "${modulesPath}/hardware/network/intel-5000.nix" 52 | "${modulesPath}/hardware/network/intel-6000.nix" 53 | "${modulesPath}/hardware/network/intel-6000g2a.nix" 54 | ]; 55 | boot.initrd.kernelModules = [ 56 | # rootfs, hardware specific 57 | "ahci" 58 | # proper console asap 59 | "fbcon" 60 | "i915" 61 | ]; 62 | 63 | # XXX: how can we load on-demand for qemu-kvm? 64 | boot.kernelModules = [ "kvm-intel" ]; 65 | 66 | # disabled for fbcon and i915 to kick in or to disable the kernelParams 67 | # XXX: investigate 68 | boot.vesa = false; 69 | 70 | nix.extraOptions = '' 71 | build-cores = 4 72 | ''; 73 | nix.maxJobs = 4; 74 | services.xserver.videoDrivers = [ "intel" ]; 75 | services.xserver.xkbModel = "thinkpad60"; 76 | } 77 | -------------------------------------------------------------------------------- /intel-xts-luksroot-sda.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | # ext4 root fs in aes-xts-plain64 encrypted lvm 5 | boot.initrd.kernelModules = [ "aesni-intel" "dm-crypt" "ext4" "xts" ]; 6 | 7 | # grub version 2 on sda 8 | boot.loader.grub = { 9 | version = 2; 10 | device = "/dev/sda"; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /nobeep.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | # no beeping, thx Jonas! 5 | boot.blacklistedKernelModules = [ "snd_pcsp" "pcspkr" ]; 6 | } 7 | --------------------------------------------------------------------------------