grow food, not lawn. thank you. <3

/etc/nixos/configuration.nix for a thinkpad t430s

uploaded to media.unturf.com


Description 
################################################################################
# █▄░█ █ ▀▄▀ █▀█ █▀ ▄▄ █░█ █▀█
# █░▀█ █ █░█ █▄█ ▄█ ░░ █▄█ █▀▀
#
# This NixOS installation brought to you by nixos-up!
# Please consider supporting the project (https://github.com/samuela/nixos-up)
# and the NixOS Foundation (https://opencollective.com/nixos)!
################################################################################

# Run this command after you change this file.
# nixos-rebuild switch

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ lib, config, pkgs, ... }:

let
  home-manager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-21.05.tar.gz";
  kubeMasterIP = "192.168.1.15";
  kubeMasterHostname = "nixos.foxhop.net";
  kubeMasterAPIServerPort = 6443;
in
{
  # Your home-manager configuration! Check out https://rycee.gitlab.io/home-manager/ for all possible options.
  home-manager.users.fox = { pkgs, ... }: {
    home.packages = with pkgs; [ hello ];
    programs.starship.enable = true;
  };

  # Include other .nix config files
  imports = [
    "${home-manager}/nixos"
    #  the results of the hardware scan.
    ./hardware-configuration.nix
  ];

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";

  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # resolve master hostname
  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; 

  # Set your time zone.
  time.timeZone = "America/New_York";

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.eno1.useDHCP = true;

  networking.nameservers = ["192.168.1.22"];

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  # };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;

  #services.xserver.videoDrivers = [ "nvidia" ];  

  # configured a predicate to allow specific non-free packages:
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    #"nvidia"
    #"nvidia-x11"
    #"nvidia-settings"
    "steam"
    "steam-original"
    "steam-runtime"
  ];

  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  services.xserver.libinput.enable = true;

  # Enable steam.
  programs.steam.enable = true; 

  # if you want to use steam contorller or index, uncomment.
  # hardware.steam-hardware.enable = true; 

  # services.openssh = {
  #   enable = true;
  #   permitRootLogin = "yes";
  # } 

  users.mutableUsers = false;
  users.users.fox = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "libvirt" "docker" ];
    passwordFile = "/etc/passwordFile-fox";
  };

  # Disable password-based login for root.
  users.users.root.hashedPassword = "!";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # Do not forget to add an editor to edit configuration.nix!
    # The Nano editor is also installed by default.
    vim
    git
    dig
    wget
    unzip

    firefox
    yggdrasil

    # autoformatting this file.
    nixpkgs-fmt

    # virtual machines!
    virtmanager

    # unix password store
    pass
    pass-wayland
    pinentry
    pinentry-gnome
    pinentry-curses

    # gpg
    gnupg
    gnumake

    # rust people really do cargo cult hard, sorta wierd.
    rustc
    cargo

    docker
    docker-compose

    # kubernetes
    # https://nixos.wiki/wiki/Kubernetes
    kompose
    kubectl
    kubernetes

    # try to install python3
    (let 
      my-python-packages = python-packages: with python-packages; [ 
        requests
      ];
      python-with-my-packages = python3.withPackages my-python-packages;
    in
    python-with-my-packages)

  ];

  environment.variables.EDITOR = "vim";

  services.yggdrasil = {
    enable = true;
    persistentKeys = true;
    # The NixOS module will generate new keys and a new IPv6 address each time
    # it is started if persistentKeys is not enabled.

    config = {
      Peers = [
        # Yggdrasil will automatically connect and "peer" with other nodes it
        # discovers via link-local multicast annoucements. Unless this is the
        # case (it probably isn't) a node needs peers within the existing
        # network that it can tunnel to.
        "tcp://50.236.201.218:56088"
        # Public peers can be found at
        # https://github.com/yggdrasil-network/public-peers
      ];
    };
  };

  virtualisation.libvirtd = {
    enable = true;
    onBoot = "ignore";
    onShutdown = "shutdown";
    qemu = {
       ovmf = {
         enable = true;
       };
       runAsRoot = false;
    };
  };

  # enable docker service.
  virtualisation.docker.enable = true;

  # kubernetes.
  services.kubernetes = {
    roles = ["master" "node"];
    masterAddress = kubeMasterHostname;
    apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
    easyCerts = true;
    apiserver = {
      securePort = kubeMasterAPIServerPort;
      advertiseAddress = kubeMasterIP;
    };

    # use coredns
    addons.dns.enable = true;

    # needed if you use swap
    kubelet.extraOpts = "--fail-swap-on=false";
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
  };
  services.pcscd.enable = true;

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?

  # Configure swap file. Sizes are in megabytes. Default swap is
  # max(1GB, sqrt(RAM)) = 1024. If you want to use hibernation with
  # this device, then it's recommended that you use
  # RAM + max(1GB, sqrt(RAM)) = 8940.000.
  swapDevices = [{ device = "/swapfile"; size = 1024; }];
}