Last active
June 29, 2021 06:01
-
-
Save byrongibson/2d7b969cd774462f66fe516428a66435 to your computer and use it in GitHub Desktop.
NixOS configuration.nix with Nvidia drivers causing boot failure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Edit this configuration file to define what should be installed on | |
| # your system. Help is available in the configuration.nix(5) man page | |
| # and in the NixOS manual (accessible by running ‘nixos-help’). | |
| { config, pkgs, ... }: | |
| { | |
| ################################################################################ | |
| # System | |
| ################################################################################ | |
| imports = | |
| [ # Include the results of the hardware scan. | |
| ./hardware-configuration.nix | |
| ]; | |
| # Default nixPath. Uncomment and modify to specify non-default nixPath | |
| # https://search.nixos.org/options?query=nix.nixPath | |
| #nix.nixPath = | |
| # [ | |
| # "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" | |
| # "nixos-config=/persist/etc/nixos/configuration.nix" | |
| # "/nix/var/nix/profiles/per-user/root/channels" | |
| # ]; | |
| # Enable non-free packages (Nvidia driver, etc) | |
| # Reboot after rebuilding to prevent possible clash with other kernel modules | |
| nixpkgs.config = { | |
| allowUnfree = true; | |
| }; | |
| # nixos-rebuild will snapshot the current configuration.nix to | |
| # /run/current-system/configuration.nix | |
| # With this enabled, every new system profile contains the configuration.nix | |
| # that created it. Useful in troubleshooting broken build, just diff | |
| # current vs prior working configurion.nix. This will only copy configuration.nix | |
| # and no other imported files, so put all config in this file. | |
| # Configuration.nix should have no imports besides hardware-configuration.nix. | |
| # https://search.nixos.org/options?query=system.copySystemConfiguration | |
| system.copySystemConfiguration = true; | |
| # This value determines the NixOS release from which the default | |
| # settings for stateful data, like file locations and database versions | |
| # on your system were taken. It‘s perfectly fine and recommended to leave | |
| # this value at the release version of the first install of this system. | |
| # Before changing this value read the documentation for this option | |
| # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). | |
| system.stateVersion = "21.05"; # Did you read the comment? | |
| # Select internationalisation properties. | |
| i18n.defaultLocale = "en_US.UTF-8"; | |
| console = { | |
| font = "Lat2-Terminus16"; | |
| keyMap = "us"; | |
| }; | |
| time.timeZone = "America/Los_Angeles"; | |
| ################################################################################ | |
| # Boot | |
| ################################################################################ | |
| # import /persist into initial ramdisk so that tmpfs can access persisted data like user passwords | |
| # https://www.reddit.com/r/NixOS/comments/o1er2p/tmpfs_as_root_but_without_hardcoding_your/h22f1b9/ | |
| # https://search.nixos.org/options?channel=21.05&show=fileSystems.%3Cname%3E.neededForBoot&query=fileSystems.%3Cname%3E.neededForBoot | |
| fileSystems."/persist".neededForBoot = true; | |
| # Use EFI boot loader with Grub. | |
| # https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning-UEFI | |
| boot = { | |
| supportedFilesystems = [ "vfat" "zfs" ]; | |
| loader = { | |
| systemd-boot.enable = true; | |
| efi = { | |
| #canTouchEfiVariables = true; # must be disabled if efiInstallAsRemovable=true | |
| #efiSysMountPoint = "/boot/efi"; # using the default /boot for this config | |
| }; | |
| grub = { | |
| enable = true; | |
| efiSupport = true; | |
| efiInstallAsRemovable = true; # grub will use efibootmgr | |
| zfsSupport = true; | |
| copyKernels = true; # https://nixos.wiki/wiki/NixOS_on_ZFS | |
| device = "nodev"; # "/dev/sdx", or "nodev" for efi only | |
| }; | |
| }; | |
| }; | |
| # use a different kernel than the default (latest LTS). make sure this is | |
| # not also used in ZFS section below | |
| # https://nixos.wiki/wiki/Linux_kernel | |
| #boot.kernelPackages = pkgs.linuxPackages_latest; | |
| ################################################################################ | |
| # ZFS | |
| ################################################################################ | |
| # Set the disk’s scheduler to none. ZFS takes this step automatically | |
| # if it controls the entire disk, but since it doesn't control the /boot | |
| # partition we must set this explicitly. | |
| # source: https://grahamc.com/blog/nixos-on-zfs | |
| boot.kernelParams = [ "elevator=none" ]; | |
| boot.zfs = { | |
| requestEncryptionCredentials = true; # enable if using ZFS encryption, ZFS will prompt for password during boot | |
| }; | |
| services.zfs = { | |
| autoScrub.enable = true; | |
| autoSnapshot.enable = true; | |
| # TODO: autoReplication | |
| }; | |
| ################################################################################ | |
| # Networking | |
| ################################################################################ | |
| networking = { | |
| #hostId = "$(head -c 8 /etc/machine-id)"; # required by zfs. hardware-specific so should be set in hardware-configuration.nix | |
| hostName = "z11pa-d8"; # Any arbitrary hostname. | |
| #wireless.enable = true; # Wireless via wpa_supplicant. Unecessary with Gnome. | |
| # The global useDHCP flag is deprecated, therefore explicitly set to false here. | |
| # Per-interface useDHCP will be mandatory in the future, so this generated config | |
| # replicates the default behaviour. | |
| useDHCP = false; | |
| interfaces = { | |
| eno1.useDHCP = true; | |
| eno2.useDHCP = true; | |
| eno3.useDHCP = true; | |
| eno4.useDHCP = true; | |
| wlp175s0.useDHCP = true; | |
| }; | |
| # Open ports in the firewall. | |
| firewall = { | |
| # allowedTCPPorts = [ ... ]; | |
| # allowedUDPPorts = [ ... ]; | |
| # Or disable the firewall altogether. | |
| enable = false; | |
| }; | |
| # Configure network proxy if necessary | |
| #proxy = { | |
| #default = "http://user:password@proxy:port/"; | |
| #noProxy = "127.0.0.1,localhost,internal.domain"; | |
| #}; | |
| }; | |
| ################################################################################ | |
| # Persisted Artifacts | |
| ################################################################################ | |
| #Erase Your Darlings & Tmpfs as Root: | |
| # config/secrets/etc to be persisted across tmpfs reboots and rebuilds. This sets up | |
| # soft-links from /persist/<loc on root> to their expected location on /<loc on root> | |
| # https://github.com/barrucadu/nixfiles/blob/master/hosts/nyarlathotep/configuration.nix | |
| # https://grahamc.com/blog/erase-your-darlings | |
| # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/ | |
| environment.etc = { | |
| # /etc/nixos: requires /persist/etc/nixos | |
| "nixos".source = "/persist/etc/nixos"; | |
| # NetworkManager/system-connections: requires /persist/etc/NetworkManager/system-connections | |
| "NetworkManager/system-connections".source = "/persist/etc/NetworkManager/system-connections/"; | |
| # machine-id is used by systemd for the journal, if you don't persist this | |
| # file you won't be able to easily use journalctl to look at journals for | |
| # previous boots. | |
| "machine-id".source = "/persist/etc/machine-id"; | |
| # if you want to run an openssh daemon, you may want to store the host keys | |
| # across reboots. | |
| "ssh/ssh_host_rsa_key".source = "/persist/etc/ssh/ssh_host_rsa_key"; | |
| "ssh/ssh_host_rsa_key.pub".source = "/persist/etc/ssh/ssh_host_rsa_key.pub"; | |
| "ssh/ssh_host_ed25519_key".source = "/persist/etc/ssh/ssh_host_ed25519_key"; | |
| "ssh/ssh_host_ed25519_key.pub".source = "/persist/etc/ssh/ssh_host_ed25519_key.pub"; | |
| }; | |
| #2. Wireguard: requires /persist/etc/wireguard/ | |
| networking.wireguard.interfaces.wg0 = { | |
| generatePrivateKeyFile = true; | |
| privateKeyFile = "/persist/etc/wireguard/wg0"; | |
| }; | |
| #3. Bluetooth: requires /persist/var/lib/bluetooth | |
| #4. ACME certificates: requires /persist/var/lib/acme | |
| systemd.tmpfiles.rules = [ | |
| "L /var/lib/bluetooth - - - - /persist/var/lib/bluetooth" | |
| "L /var/lib/bluetooth - - - - /persist/var/lib/bluetooth" | |
| "L /var/lib/acme - - - - /persist/var/lib/acme" | |
| ]; | |
| ################################################################################ | |
| # XServer & Drivers | |
| ################################################################################ | |
| # this doesn't seem to be needed, leaving here just in case something needs it | |
| #nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "nvidia-x11" ]; | |
| hardware.opengl = { | |
| enable = true; | |
| driSupport = true; # install and enable Vulkan: https://nixos.org/manual/nixos/unstable/index.html#sec-gpu-accel | |
| driSupport32Bit = true; | |
| }; | |
| # Enable X11 + Nvidia | |
| # https://nixos.org/manual/nixos/unstable/index.html#sec-gnome-gdm | |
| services.xserver = { | |
| enable = true; # enable X11 | |
| layout = "us"; | |
| xkbOptions = "eurosign:e"; | |
| # https://search.nixos.org/options?channel=21.05&show=services.xserver.videoDrivers&query=nvidia | |
| videoDrivers = [ "nvidia" ]; #(can't boot) | |
| }; | |
| ################################################################################ | |
| # Display Manager && Desktop Environment || WindowManager | |
| ################################################################################ | |
| # Enable gdm + GNOME | |
| services.xserver = { | |
| desktopManager.gnome.enable = true; | |
| displayManager.gdm.enable = true; | |
| }; | |
| }; | |
| ################################################################################ | |
| # System Activation Scripts | |
| ################################################################################ | |
| # Run shell commands at startup | |
| # https://search.nixos.org/options?channel=21.05&show=system.activationScripts&query=system.activation | |
| # https://mdleom.com/blog/2021/03/15/rsync-setup-nixos/ | |
| #system.activationScripts = { | |
| # | |
| #} | |
| ################################################################################ | |
| ################################################################################ | |
| # Enable CUPS to print documents. | |
| services.printing.enable = true; | |
| ################################################################################ | |
| # Sound | |
| ################################################################################ | |
| # Enable sound. | |
| sound.enable = true; | |
| hardware.pulseaudio.enable = true; | |
| hardware.pulseaudio.support32Bit = true; | |
| ################################################################################ | |
| # Input | |
| ################################################################################ | |
| # Enable touchpad support (enabled by default in most desktopManagers). | |
| # services.xserver.libinput.enable = true; | |
| ################################################################################ | |
| # GnuPG & SSH | |
| ################################################################################ | |
| # Enable the OpenSSH daemon. | |
| services.openssh = { | |
| enable = true; | |
| permitRootLogin = "no"; | |
| passwordAuthentication = true; | |
| hostKeys = | |
| [ | |
| { | |
| path = "/persist/etc/ssh/ssh_host_ed25519_key"; | |
| type = "ed25519"; | |
| } | |
| { | |
| path = "/persist/etc/ssh/ssh_host_rsa_key"; | |
| type = "rsa"; | |
| bits = 4096; | |
| } | |
| ]; | |
| }; | |
| # Enable GnuPG Agent | |
| programs.gnupg.agent = { | |
| enable = true; | |
| enableSSHSupport = true; | |
| }; | |
| ################################################################################ | |
| # IRC & ZNC | |
| ################################################################################ | |
| # https://nixos.wiki/wiki/ZNC | |
| # https://wiki.znc.in/Configuration | |
| services.znc = { | |
| enable = true; | |
| mutable = false; # Overwrite configuration set by ZNC from the web and chat interfaces. | |
| useLegacyConfig = false; # Turn off services.znc.confOptions and their defaults. | |
| #openFirewall = true; # ZNC uses TCP port 5000 by default. | |
| }; | |
| ################################################################################ | |
| # Users | |
| ################################################################################ | |
| # When using a password file via users.users.<name>.passwordFile, put the | |
| # passwordFile in the specified location *before* rebooting, or you will be | |
| # locked out of the system. To create this file, make a single file with only | |
| # a password hash in it, compatible with `chpasswd -e`. Or you can copy-paste | |
| # your password hash from `/etc/shadow` if you first built the system with | |
| # `password=`, `hashedPassword=`, initialPassword-, or initialHashedPassword=. | |
| # `sudo cat /etc/shadow` will show all hashed user passwords. | |
| # More info: https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.passwordFile&query=users.users.%3Cname%3E.passwordFile | |
| users = { | |
| mutableUsers = false; | |
| defaultUserShell = "/var/run/current-system/sw/bin/zsh"; | |
| users = { | |
| root = { | |
| # disable root login here, and also when installing nix by running `nixos-install --no-root-passwd` | |
| # https://discourse.nixos.org/t/how-to-disable-root-user-account-in-configuration-nix/13235/3 | |
| hashedPassword = "!"; # disable root logins, nothing hashes to ! | |
| }; | |
| test = { | |
| isNormalUser = true; | |
| description = "Test account for new config options that could break login. When not testing, disable sudo. Remove 'wheel' from extraGroups and rebuild."; | |
| passwordFile = "/persist/etc/users/test"; | |
| extraGroups = [ "wheel" "networkmanager" ]; | |
| #openssh.authorizedKeys.keys = [ "${AUTHORIZED_SSH_KEY}" ]; | |
| }; | |
| bgibson = { | |
| isNormalUser = true; | |
| description = "Byron Gibson's Account"; | |
| passwordFile = "/persist/etc/users/bgibson"; # make sure to copy this file into /mnt/persist/etc/users/me immediately after installation complete and before rebooting. If the file is not there on reboot you can't login. | |
| extraGroups = [ "wheel" "networkmanager" ]; | |
| #openssh.authorizedKeys.keys = [ "${AUTHORIZED_SSH_KEY}" ]; | |
| }; | |
| }; | |
| }; | |
| ################################################################################ | |
| # Applications | |
| ################################################################################ | |
| # List packages installed in system profile. To search, run: | |
| # $ nix search wget | |
| environment.systemPackages = with pkgs; [ | |
| # system core (use these for a minimal first install) | |
| efibootmgr | |
| nix-index | |
| pciutils uutils-coreutils | |
| parted gparted gptfdisk | |
| openssh ssh-copy-id ssh-import-id | |
| git htop ncdu | |
| firefox irssi | |
| # system extras | |
| # debugging | |
| strace nfstrace dnstracer time | |
| # system management | |
| cron earlyoom | |
| # network extras | |
| bandwhich ncat ngrep nmap nmap-graphical nmapsi4 rustscan tcptrack gping | |
| # OpenSSH extras | |
| ssh-chat ssh-tools pssh | |
| fail2ban sshguard | |
| # gnome | |
| gnome.gnome-tweak-tool | |
| gnome.gnome-disk-utility | |
| gnomeExtensions.ip-finder | |
| gnomeExtensions.overview-navigation | |
| deja-dup | |
| # CLI | |
| # terminals | |
| alacritty kitty st termpdfpy | |
| # shells | |
| zsh oh-my-zsh fzf-zsh zsh-fzf-tab spaceship-prompt | |
| elvish mosh nushell wezterm | |
| # terminal multiplexers | |
| screen tmux #zellij (requires nerdfonts) | |
| # terminal graphics | |
| ncurses chroma | |
| # cross-shell customization | |
| starship | |
| # directory tools | |
| hunter zoxide | |
| # file tools | |
| file agedu broot choose bat exa du-dust lsd fd dfc diskonaut trash-cli speedread | |
| grc fzf skim lf nnn duf duff ag fzf vgrep mcfly cheat | |
| #ripgrep-all | |
| ripgrep | |
| vgrep | |
| ugrep | |
| # http tools | |
| httpie xh curlie | |
| # Markdown tools | |
| mdcat | |
| # man pages | |
| tealdeer #(alias to tldr) | |
| # sed | |
| sd jq | |
| # system info | |
| bottom gotop iotop bpytop procs nload wavemon glances conky | |
| #nvtop (broken) | |
| # diff | |
| colordiff icdiff delta | |
| # fonts | |
| #nerdfonts (broken) | |
| # benchmarking | |
| hyperfine | |
| # Editors | |
| vim spacevim neovim powerline-rs vifm amp kakoune | |
| vimPlugins.zenburn | |
| #emacs | |
| emacs-nox | |
| texinfo hexdino xxv | |
| cmatrix tmatrix gomatrix | |
| # Secure Comms & Networking | |
| shadowsocks-rust | |
| tailscale wireguard-tools | |
| #File transfer | |
| wget uget magic-wormhole rsync syncthing zsync | |
| # File compression | |
| p7zip | |
| # Screen extender | |
| barrier | |
| # development-core | |
| # Nix | |
| lorri direnv niv | |
| # Python | |
| python39 | |
| # Go | |
| go | |
| # haskell: | |
| # - https://nixos.wiki/wiki/Haskell | |
| # - https://notes.srid.ca/haskell-nix | |
| ghc cabal-install cabal2nix stack haskell-language-server | |
| #rust: | |
| # - https://nixos.wiki/wiki/Rust | |
| # - https://christine.website/blog/how-i-start-nix-2020-03-08 | |
| rustc rustfmt cargo rust-analyzer | |
| # development-extras | |
| # use nix-shell for different dev environments | |
| # https://discourse.nixos.org/t/how-do-i-install-rust/7491/8 | |
| # Containers | |
| #lxd | |
| # Node.js / Deno | |
| #deno nodejs | |
| # Erlang | |
| #erlangR24 elixir gleam lfe | |
| # WASM | |
| #wasm-pack wasmer | |
| # agda | |
| #agda | |
| # idris | |
| #idris2 | |
| # formal analysis | |
| #beluga z3 | |
| # Machine Learning | |
| #cudnn (broken) | |
| # Git extras | |
| git-extras git-lfs gitui lazygit delta oh-my-git | |
| #TODO: git-branchless # https://blog.waleedkhan.name/git-undo/, https://github.com/arxanas/git-branchless | |
| # Secrets | |
| keepassxc gopass sops | |
| # browser extras | |
| ungoogled-chromium brave nyxt opera chrome-gnome-shell | |
| # Productivity | |
| watson timewarrior | |
| haskellPackages.arbtt gnomeExtensions.arbtt-stats | |
| # Notes | |
| #joplin joplin-desktop simplenote nvpy standardnotes | |
| tomboy | |
| #gnote (broken) | |
| # IRC & chat | |
| znc lynx irssi_fish | |
| #tox-node weechat hexchat | |
| discord ripcord | |
| element-desktop | |
| keybase keybase-gui kbfs | |
| signal-desktop | |
| slack-dark | |
| tdesktop | |
| zulip zulip-term | |
| pidgin-with-plugins purple-slack purple-discord telegram-purple toxprpl | |
| pdfgrep pdfmod pdfarranger zathura | |
| # Office | |
| gnucash libreoffice onlyoffice-bin | |
| # Research | |
| zotero | |
| # Math | |
| julia-stable octaveFull rWrapper sageWithDoc python39Packages.numpy gap | |
| # Science | |
| python39Packages.scipy | |
| # Download | |
| axel httrack | |
| # WINE | |
| wine winetricks protontricks vulkan-tools | |
| # Games | |
| #factorio (broken, also two minor versions out of date, use Steam version or direct download instead | |
| steam #steamPackages.steamcmd steam-tui | |
| #eidolon | |
| ]; | |
| ################################################################################ | |
| # Program Config | |
| ################################################################################ | |
| # Some programs need SUID wrappers, can be configured further or are | |
| # started in user sessions. | |
| programs.mtr.enable = true; | |
| programs.zsh = { | |
| enable = true; | |
| ohMyZsh = { | |
| enable = true; | |
| #plugins = [ "ansible" "ant" "aws" "branch" "cabal" "cargo" "colored-man-pages" "colorize" "command-not-found" "common-aliases" "copydir" "cp" "copyfile" "docker" "docker-compose" "docker-machine" "dotenv" "emacs" "fzf" "git" "git-extras" "git-lfs" "golang" "grc" "history" "lxd" "man" "mosh" "mix" "nmap" "node" "npm" "npx" "nvm" "pass" "pip" "pipenv" "python" "ripgrep" "rsync" "safe-paste" "scd" "screen" "stack" "systemadmin" "systemd" "tig" "tmux" "tmux-cssh" "ufw" "urltools" "vi-mode" "vscode" "wd" "z" "zsh-interactive-cd" ]; | |
| plugins = [ "cabal" "cargo" "colored-man-pages" "colorize" "command-not-found" "emacs" "git" "git-extras" "git-lfs" "golang" "history" "man" "mosh" "nmap" "ripgrep" "rsync" "safe-paste" "scd" "screen" "stack" "systemd" "tig" "tmux" "tmux-cssh" "urltools" "vi-mode" "z" "zsh-interactive-cd" ]; | |
| #theme = "spaceship"; | |
| theme = "juanghurtado"; | |
| #theme = "jonathan"; | |
| # themes w/ commit hash: peepcode simonoff smt theunraveler sunrise sunaku | |
| # cool themes: linuxonly agnoster blinks crcandy crunch essembeh flazz frisk gozilla itchy gallois eastwood dst clean bureau bira avit nanotech nicoulaj rkj-repos ys darkblood fox | |
| }; | |
| }; | |
| #enable Steam: https://linuxhint.com/how-to-instal-steam-on-nixos/ | |
| programs.steam.enable = true; | |
| # ACME certificates: https://nixos.org/manual/nixos/unstable/index.html#module-security-acme | |
| security.acme = { | |
| acceptTerms = true; | |
| email = "fbg111@gmail.com"; | |
| }; | |
| #services.rsyncd = { | |
| # enable = true; | |
| # settings = { | |
| # home = { | |
| # "auth users" = [ "bgibson" ]; | |
| # path = "/home/bgibson"; | |
| # comment = "My z11pa-d8 home directory"; | |
| # "read only" = "no"; | |
| # list = "yes"; | |
| # "use chroot" = false; | |
| # "secrets file" = "/persist/etc/rsyncd.secrets"; | |
| # }; | |
| # #global = { | |
| # #gid = "nobody"; | |
| # #max connections = 4; | |
| # #uid = "nobody"; | |
| # #use chroot = true; | |
| # }; | |
| # }; | |
| #}; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment