sam/nixos-4screen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b7fa961bc857b5163f3ed30eb360a5659897027
nixos-4screen/hosts/sam-4screen-desktop/configuration.nix
sam rolfe 7b2e6e1fd2 chore: document non-target disks and harden NixOS base config 
Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
2026-02-08 14:00:03 +11:00

179 lines
3.9 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
];
# ---
# Nix (enable flakes on the installed system)
# ---
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# ---
# Bootloader / kernel
# ---
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Known-good baseline from niri-4screen.md
boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ];
# ---
# Identity
# ---
networking.hostName = "sam-4screen-desktop";
time.timeZone = "Australia/Sydney";
# ---
# Networking
# ---
networking.networkmanager.enable = true;
networking.networkmanager.ensureProfiles.profiles."Wired connection 1" = {
connection = {
id = "Wired connection 1";
type = "802-3-ethernet";
interface-name = "enp0s31f6";
autoconnect = "true";
};
ethernet = { };
ipv4 = {
method = "manual";
addresses = [ "192.168.20.27/24" ];
gateway = "192.168.20.1";
dns = "192.168.20.35;192.168.20.13;";
ignore-auto-dns = "true";
never-default = "false";
};
ipv6 = {
method = "auto";
};
};
# ---
# Users
# ---
programs.zsh.enable = true;
users.users.sam = {
isNormalUser = true;
description = "Sam";
extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ];
shell = pkgs.zsh;
};
# ---
# SSH
# ---
services.openssh.enable = true;
services.openssh.openFirewall = true;
# Defaulting to keys-only for safety. If you explicitly want password auth for the migration,
# flip this to true.
services.openssh.settings.PasswordAuthentication = false;
# Explicitly enable firewall (keep SSH as the only opened port via openFirewall above).
networking.firewall.enable = true;
# ---
# dconf (helps portals/GTK apps)
# ---
programs.dconf.enable = true;
# Polkit is commonly required for a smooth experience with portals and desktop actions,
# especially in minimal Wayland sessions.
security.polkit.enable = true;
# ---
# Firmware / microcode (stability)
# ---
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
# ---
# OpenGL (important for NVIDIA Wayland apps)
# ---
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# ---
# Audio (PipeWire)
# ---
security.rtkit.enable = true;
services.pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
wireplumber.enable = true;
};
# ---
# Docker
# ---
virtualisation.docker.enable = true;
# ---
# Mounts
# ---
fileSystems."/data" = {
device = "/dev/disk/by-uuid/27febd74-20aa-4a3a-92c1-6fdd1ad7e88e";
fsType = "ext4";
options = [ "nofail" "x-systemd.device-timeout=1s" ];
};
# ---
# Niri + login (greetd)
# ---
services.greetd = {
enable = true;
settings = {
default_session = {
user = "greeter";
command =
"${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${
lib.escapeShellArg "${pkgs.niri}/bin/niri --session"
}";
};
};
};
# Wayland portals (refine later if screencast needs a different backend)
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
];
};
# Minimal system packages needed for the session and core usability
environment.systemPackages = with pkgs; [
niri
greetd.tuigreet
xwayland
wl-clipboard
grim
slurp
];
# ---
# NVIDIA (simple, first-boot stable config; PRIME tuning later)
# ---
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.modesetting.enable = true;
hardware.nvidia.nvidiaSettings = true;
hardware.nvidia.nvidiaPersistenced = true;
# ---
# NixOS release compatibility
# ---
system.stateVersion = "24.05";
}
Reference in New Issue View Git Blame Copy Permalink