sebastian/nixos-cesium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

[TASK] Initialize config

Browse Source
This commit is contained in:
Sebastian Fischer 2026-02-03 21:56:52 +01:00
commit 192cb6c777
8 changed files with 553 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.editorconfig Normal file
View File

@ -0,0 +1,17 @@
# EditorConfig is awesome: http://EditorConfig.org
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
charset = utf-8
end_of_line = lf
indent_style = space
indent_size = 4
insert_final_newline = true
trim_trailing_whitespace = true
# Nixos-Files
[*.nix]
indent_size = 2

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.iso
*.qcow2
config/hardware-configuration.nix

40
README.md Normal file
View File

@ -0,0 +1,40 @@
# nixos
## Playground
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Video QXL
configuration.nix services.spice-vdagentd.enable = true;
## Install
sudo -i
parted /dev/sda -- mklabel gpt
parted /dev/sda -- mkpart root ext4 512MB -8GB
parted /dev/sda -- mkpart swap linux-swap -8GB 100%
parted /dev/sda -- mkpart ESP fat32 1MB 512MB
parted --list
parted /dev/sda -- set 3 esp on
mkfs.ext4 -L nixos /dev/sda1
mkswap -L swap /dev/sda2
mkfs.fat -F 32 -n boot /dev/sda3
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount -o umask=077 /dev/disk/by-label/boot /mnt/boot
swapon /dev/sda2
nixos-generate-config --root /mnt
vi /mnt/etc/nixos/configuration.nix
https://nixos.org/manual/nixos/stable/
### install
sudo nixos-rebuild switch
### cleanup
sudo nix-collect-garbage -d
### optimize & cleanup
sudo nix-store --optimise && sudo nix-collect-garbage -d

136
config/common.nix Normal file
View File

@ -0,0 +1,136 @@
{ pkgs, ... }:
{
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
spice-vdagent
phodav
wl-clipboard
google-chrome
git
gitflow
vim
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 5;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "cesium"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
system.autoUpgrade = {
enable = true;
allowReboot = true;
channel = "https://channels.nixos.org/nixos-25.11";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
#services.xserver.videoDrivers = [ "nvidia" ];
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
variant = "";
};
# Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Configure console keymap
console.keyMap = "de";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.sebastian = {
isNormalUser = true;
description = "Sebastian Fischer";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
nix.settings.auto-optimise-store = true;
}

21
config/configuration.nix Normal file
View File

@ -0,0 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
./common.nix
# ./vm.nix
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

24
config/vm.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
# List services that you want to enable:
services.spice-vdagentd.enable = true;
services.spice-webdavd.enable = true;
services.gvfs.enable = true;
services.qemuGuest.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 9843 ];
environment.etc."xdg/autostart/spice-vdagent-custom.desktop".text = ''
[Desktop Entry]
Name=Spice vdagent Custom
Comment=Startet das Clipboard für QEMU/Spice
Exec=${pkgs.spice-vdagent}/bin/spice-vdagent
Terminal=false
Type=Application
Categories=Network;
StartupNotify=false
X-GNOME-Autostart-enabled=true
'';
}

119
install.md Normal file
View File

@ -0,0 +1,119 @@
#!/bin/bash
// apt
sudo apt install zsh vim git git-flow make curl cifs-utils ca-certificates 7zip thunderbird vlc gimp filezilla solaar libreoffice libreoffice-l10n-de libreoffice-help-de darktable stow lutris flatpak gnome-software-plugin-flatpak
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
echo "solaar works after a reboot"
wget -qO- https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo gpg --dearmor -o /usr/share/keyrings/google.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/google.gpg] https://dl-ssl.google.com/linux/chrome/deb/ stable main" | sudo tee /etc/apt/sources.list.d/google-chrome.list
sudo apt update
sudo apt install google-chrome-stable
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /usr/share/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -aG docker ${USER}
sudo systemctl stop docker
echo '{ "data-root": "/home/docker" }' | sudo tee /etc/docker/daemon.json
sudo systemctl start docker
wget -qO- https://pkg.ddev.com/apt/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/ddev.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/ddev.gpg] https://pkg.ddev.com/apt/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
sudo apt update
sudo apt install ddev
mkcert -install
wget -qO- https://updates.signal.org/desktop/apt/keys.asc | sudo gpg --dearmor -o /usr/share/keyrings/signal-desktop.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/signal-desktop.gpg] https://updates.signal.org/desktop/apt xenial main" | sudo tee /etc/apt/sources.list.d/signal-desktop.list
sudo apt update
sudo apt install signal-desktop
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install libgl1-mesa-dri libglx-mesa0 steam-installer
// Jetbrains
sudo apt install libfuse2
echo "fs.inotify.max_user_watches = 1048576" | sudo tee /etc/sysctl.d/99-inotify.conf
sudo sysctl -p --system
TMP_DIR="/tmp"
INSTALL_DIR="$HOME/.local/share/JetBrains/Toolbox"
ARCHIVE_URL=$(curl -s 'https://data.services.jetbrains.com/products/releases?code=TBA&latest=true&type=release' | grep -Po '"linux":.*?[^\\]",' | awk -F ':' '{print $3,":"$4}'| sed 's/[", ]//g')
ARCHIVE_FILENAME=$(basename "$ARCHIVE_URL")
rm "$TMP_DIR/$ARCHIVE_FILENAME" 2>/dev/null || true
wget -q --show-progress -cO "$TMP_DIR/$ARCHIVE_FILENAME" "$ARCHIVE_URL"
sudo mkdir -p "$INSTALL_DIR"
rm "$INSTALL_DIR/jetbrains-toolbox" 2>/dev/null || true
tar -xzf "$TMP_DIR/$ARCHIVE_FILENAME" -C "$INSTALL_DIR" --strip-components=1
rm "$TMP_DIR/$ARCHIVE_FILENAME"
chmod +x "$INSTALL_DIR/bin/jetbrains-toolbox"
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
// flatpak
sudo flatpak install flathub com.mattjakeman.ExtensionManager
sudo flatpak install flathub org.kde.kdenlive
sudo flatpak install flathub org.prismlauncher.PrismLauncher
flatpak override org.prismlauncher.PrismLauncher --filesystem=/home/Programme/Minecraft/
# zsh
sudo apt install ssh-askpass
sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
sudo mkdir /home/dotfiles
sudo chown -R sebastian /home/dotfiles
cd /home/dotfiles
git clone git@github.com:garbast/dotfiles.git .
mv /home/sebastian/.profile /home/sebastian/.profile.old
make install
# rustdesk
sudo apt install libxdo3
wget --directory-prefix=$HOME/Downloads/ https://github.com/rustdesk/rustdesk/releases/download/[1.4.4]/rustdesk-[1.4.4]-x86_64.deb
sudo dpkg -i rustdesk-[1.4.1]-x86_64.deb
sudo apt -f install
sudo dpkg -i rustdesk-[1.4.1]-x86_64.deb
# hibiscus
## first find latest version on https://www.willuhn.de/products/jameica/download.php
wget --directory-prefix=$HOME/Downloads/ https://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64-[2.12.0].zip
sudo unzip $HOME/Downloads/jameica-linux64-[2.12.0].zip -d /opt
echo "[Desktop Entry]\nName=Jameica\nExec=/opt/jameica/jameica.sh\nTerminal=false\nType=Application\nIcon=/opt/jameica/jameica-icon.png" | sudo tee /usr/share/applications/jameica.desktop
# Apps
#- jexiftoolgui
#**** The following active confs have different version dates than the samples that are shipped. ****
#**** This may be due to user customization or an update to the samples. ****
#**** You should compare the following files to the samples in the same folder and update them. ****
#**** Use the link at the top of the file to view the changelog. ****
#┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐
#│ old date │ new date │ path │
#├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤
#│ 2023-08-13 │ 2024-12-06 │ /config/nginx/ssl.conf │
#│ 2024-04-02 │ 2024-07-16 │ /config/nginx/site-confs/default.conf │
#│ 2023-04-13 │ 2024-12-17 │ /config/nginx/nginx.conf │
#└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘
# skipped
if [false]; then
sudo apt install libminizip1 gdebi-core
wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb -P /tmp
sudo apt install /tmp/teamviewer_amd64.deb
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor -o /usr/share/keyrings/microsoft.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/code stable main" | sudo tee /etc/apt/sources.list.d/vscode.list
sudo apt update
sudo apt install code golang-1.23
# go-hass-agent
# https://github.com/joshuar/go-hass-agent?tab=readme-ov-file#-installation
wget --directory-prefix=$HOME/Downloads/ https://github.com/joshuar/go-hass-agent/releases/download/v13.2.8/go-hass-agent_13.2.8_amd64.deb
sudo apt install dbus-x11
sudo dpkg -i $HOME/Downloads/go-hass-agent_13.2.8_amd64.deb
fi

193
kvm.xml Normal file
View File

@ -0,0 +1,193 @@
<domain type="kvm">
<name>nixos-unstable</name>
<uuid>d15ce739-f03e-4685-a67b-c836dc4d68d0</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://nixos.org/nixos/unstable"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">8388608</memory>
<currentMemory unit="KiB">8388608</currentMemory>
<vcpu placement="static">2</vcpu>
<os firmware="efi">
<type arch="x86_64" machine="pc-q35-8.2">hvm</type>
<firmware>
<feature enabled="no" name="enrolled-keys"/>
<feature enabled="no" name="secure-boot"/>
</firmware>
<loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE_4M.fd</loader>
<nvram template="/usr/share/OVMF/OVMF_VARS_4M.fd">/var/lib/libvirt/qemu/nvram/nixos-unstable_VARS.fd</nvram>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="none" migratable="on"/>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2"/>
<source file="/home/www/nixos/nixos.qcow2"/>
<target dev="vda" bus="virtio"/>
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</disk>
<disk type="file" device="cdrom">
<driver name="qemu" type="raw"/>
<target dev="sda" bus="sata"/>
<readonly/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="8" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<interface type="network">
<mac address="52:54:00:7a:96:58"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="unix">
<target type="virtio" name="org.qemu.guest_agent.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="3"/>
</channel>
<channel type="spiceport">
<source channel="org.spice-space.webdav.0"/>
<target type="virtio" name="org.spice-space.webdav.0"/>
<address type="virtio-serial" controller="0" bus="0" port="2"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<graphics type="spice">
<listen type="none"/>
<gl enable="no"/>
</graphics>
<sound model="ich9">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
</sound>
<audio id="1" type="spice"/>
<video>
<model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
</video>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<watchdog model="itco" action="reset"/>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
<rng model="virtio">
<backend model="random">/dev/urandom</backend>
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</rng>
</devices>
</domain>