I am setting up my first nixos system and am running into an issue with enabling secure boot via lanzaboote.
I have followed the official lanzaboote setup guide and get through all steps until inserting the lanzaboote fragment into my configuration.nix.
This is the recommended fragment I am inserting:
# file: configuration.nix
{ pkgs, lib, ... }:
let
sources = import ./lon.nix;
lanzaboote = import sources.lanzaboote;
in
{
imports = [ lanzaboote.nixosModules.lanzaboote ];
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}
When I use nixos-rebuild switch I get the following syntax error:
error: syntax error, unexpected LET, expecting INHERIT
at /etc/nixos/configuration.nix:18:1:
17| # file: configuration.nix
18| let
| ^
19| sources = import ./lon.nix;
I am new to the Nix language and declarative programming and working on learning, but unsure how to correct the error. I’ve tried:
Omitting the { pkgs, lib, … }: string
Commenting out the boot.loader.systemd-boot.enable = true;
Made the recommended fix of changing ‘let’ to ‘inherit’
I’m sure there’s an obvious mistake I’m making but would love some help in identifying it.
Can you please post your whole configuration.nix? When you say you’ve inserted this segment, did you actually just insert it in your configuration as-is, or you just added the parts that were needed?
Edit: Depending on how you’ve imported Lanzaboote, you might need to edit the import line like this:
Thanks for your help! Sure, here’s my configuration.nix file:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
let
sources = import ./lon.nix;
lanzaboote = import sources.lanzaboote;
in
{
imports = [ lanzaboote.nixosModules.lanzaboote ];
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}
# Enable fish
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
# kanshi systemd service
systemd.user.services.kanshi = {
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY="wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi -c kanshi_config_file'';
};
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.eli = {
isNormalUser = true;
description = "Eli Lassman";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
bash-completion
bind
blueman
brightnessctl
dex
efibootmgr
emacs
file-roller
firefox
fish
flatpak
fwupd
gimp
git
google-chrome
kanshi
kitty
libreoffice-fresh
lon
man-db
nano
nerdfix
networkmanagerapplet
noto-fonts
noto-fonts-color-emoji
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
pasystray
pavucontrol
rsync
sbctl
sudo
sway
swaybg
swayidle
swaylock
swaynotificationcenter
vim
vlc
waybar
wdisplays
wget
wine
wofi
wttrbar
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
# Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Installing fonts
fonts.packages = with pkgs; [
nerd-fonts._3270
nerd-fonts.agave
nerd-fonts.anonymice
nerd-fonts.arimo
nerd-fonts.aurulent-sans-mono
nerd-fonts.bigblue-terminal
nerd-fonts.bitstream-vera-sans-mono
nerd-fonts.blex-mono
nerd-fonts.caskaydia-cove
nerd-fonts.caskaydia-mono
nerd-fonts.code-new-roman
nerd-fonts.comic-shanns-mono
nerd-fonts.commit-mono
nerd-fonts.cousine
nerd-fonts.d2coding
nerd-fonts.daddy-time-mono
nerd-fonts.departure-mono
nerd-fonts.dejavu-sans-mono
nerd-fonts.droid-sans-mono
nerd-fonts.envy-code-r
nerd-fonts.fantasque-sans-mono
nerd-fonts.fira-code
nerd-fonts.fira-mono
nerd-fonts.geist-mono
nerd-fonts.go-mono
nerd-fonts.gohufont
nerd-fonts.hack
nerd-fonts.hasklug
nerd-fonts.heavy-data
nerd-fonts.hurmit
nerd-fonts.im-writing
nerd-fonts.inconsolata
nerd-fonts.inconsolata-go
nerd-fonts.inconsolata-lgc
nerd-fonts.intone-mono
nerd-fonts.iosevka
nerd-fonts.iosevka-term
nerd-fonts.iosevka-term-slab
nerd-fonts.jetbrains-mono
nerd-fonts.lekton
nerd-fonts.liberation
nerd-fonts.lilex
nerd-fonts.martian-mono
nerd-fonts.meslo-lg
nerd-fonts.monaspace
nerd-fonts.monofur
nerd-fonts.monoid
nerd-fonts.mononoki
nerd-fonts.noto
nerd-fonts.open-dyslexic
nerd-fonts.overpass
nerd-fonts.profont
nerd-fonts.proggy-clean-tt
nerd-fonts.recursive-mono
nerd-fonts.roboto-mono
nerd-fonts.shure-tech-mono
nerd-fonts.sauce-code-pro
nerd-fonts.space-mono
nerd-fonts.symbols-only
nerd-fonts.terminess-ttf
nerd-fonts.tinos
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
nerd-fonts.ubuntu-sans
nerd-fonts.victor-mono
nerd-fonts.zed-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-monochrome-emoji
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.ubuntu
nerd-fonts.symbols-only
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
];
services.fwupd.enable = true;
# For network issues, you might need something like this:
# networking.networkmanager.enable = true;
# services.fwupd.extraConfig = ''
# [GSettings]
# GIO_USE_NETWORK_MONITOR=base
# '';
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}
As I suspected - you have duplicated code fragments and that’s why the build fails. Here’s the cleaned-up version (notice the single configuration block). It has systemd disabled, and sbctlis moved to the system’s environmentPackagesdeclaration.
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
let
sources = import ./lon.nix;
lanzaboote = import sources.lanzaboote;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
lanzaboote.nixosModules.lanzaboote
];
# Bootloader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# Enable fish
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
# kanshi systemd service
systemd.user.services.kanshi = {
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY="wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi -c kanshi_config_file'';
};
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.eli = {
isNormalUser = true;
description = "Eli Lassman";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
sbctl # needed for Lanzaboote
bash-completion
bind
blueman
brightnessctl
dex
efibootmgr
emacs
file-roller
firefox
fish
flatpak
fwupd
gimp
git
google-chrome
kanshi
kitty
libreoffice-fresh
lon
man-db
nano
nerdfix
networkmanagerapplet
noto-fonts
noto-fonts-color-emoji
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
pasystray
pavucontrol
rsync
sbctl
sudo
sway
swaybg
swayidle
swaylock
swaynotificationcenter
vim
vlc
waybar
wdisplays
wget
wine
wofi
wttrbar
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
# Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Installing fonts
fonts.packages = with pkgs; [
nerd-fonts._3270
nerd-fonts.agave
nerd-fonts.anonymice
nerd-fonts.arimo
nerd-fonts.aurulent-sans-mono
nerd-fonts.bigblue-terminal
nerd-fonts.bitstream-vera-sans-mono
nerd-fonts.blex-mono
nerd-fonts.caskaydia-cove
nerd-fonts.caskaydia-mono
nerd-fonts.code-new-roman
nerd-fonts.comic-shanns-mono
nerd-fonts.commit-mono
nerd-fonts.cousine
nerd-fonts.d2coding
nerd-fonts.daddy-time-mono
nerd-fonts.departure-mono
nerd-fonts.dejavu-sans-mono
nerd-fonts.droid-sans-mono
nerd-fonts.envy-code-r
nerd-fonts.fantasque-sans-mono
nerd-fonts.fira-code
nerd-fonts.fira-mono
nerd-fonts.geist-mono
nerd-fonts.go-mono
nerd-fonts.gohufont
nerd-fonts.hack
nerd-fonts.hasklug
nerd-fonts.heavy-data
nerd-fonts.hurmit
nerd-fonts.im-writing
nerd-fonts.inconsolata
nerd-fonts.inconsolata-go
nerd-fonts.inconsolata-lgc
nerd-fonts.intone-mono
nerd-fonts.iosevka
nerd-fonts.iosevka-term
nerd-fonts.iosevka-term-slab
nerd-fonts.jetbrains-mono
nerd-fonts.lekton
nerd-fonts.liberation
nerd-fonts.lilex
nerd-fonts.martian-mono
nerd-fonts.meslo-lg
nerd-fonts.monaspace
nerd-fonts.monofur
nerd-fonts.monoid
nerd-fonts.mononoki
nerd-fonts.noto
nerd-fonts.open-dyslexic
nerd-fonts.overpass
nerd-fonts.profont
nerd-fonts.proggy-clean-tt
nerd-fonts.recursive-mono
nerd-fonts.roboto-mono
nerd-fonts.shure-tech-mono
nerd-fonts.sauce-code-pro
nerd-fonts.space-mono
nerd-fonts.symbols-only
nerd-fonts.terminess-ttf
nerd-fonts.tinos
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
nerd-fonts.ubuntu-sans
nerd-fonts.victor-mono
nerd-fonts.zed-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-monochrome-emoji
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.ubuntu
nerd-fonts.symbols-only
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
];
services.fwupd.enable = true;
# For network issues, you might need something like this:
# networking.networkmanager.enable = true;
# services.fwupd.extraConfig = ''
# [GSettings]
# GIO_USE_NETWORK_MONITOR=base
# '';
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}
Edit: I highly suggest you familiarize yourself with the basics of the Nix language so you understand what you’re actually doing. There’s a lot of documentation on https://nix.dev and https://wiki.nixos.org
The wiki is sadly largely useless or outright misleading, in spite of efforts to improve the situation.
It’s not so much that you have duplicated anything, it’s that you were writing code that was inherently nonsensical from a syntax perspective. You assume you can just copy modules into the middle of an attribute set and have nix figure it out, unaware of what attribute sets even are, let alone what the modules you’re writing are
I fixed it up for you (just enough to make nixfmt happy).
I’d recommend getting a language server (nixd) and a formatter (nixfmt) configured for your editor, it’ll help you catch errors as you write them
Read nix pills too, they’re great for learning Nix quickly.
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
config,
lib,
pkgs,
...
}:
let
sources = import ./lon.nix;
lanzaboote = import sources.lanzaboote;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
lanzaboote.nixosModules.lanzaboote
];
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
# Enable fish
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
# kanshi systemd service
systemd.user.services.kanshi = {
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY = "wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi -c kanshi_config_file'';
};
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.eli = {
isNormalUser = true;
description = "Eli Lassman";
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
bash-completion
bind
blueman
brightnessctl
dex
efibootmgr
emacs
file-roller
firefox
fish
flatpak
fwupd
gimp
git
google-chrome
kanshi
kitty
libreoffice-fresh
lon
man-db
nano
nerdfix
networkmanagerapplet
noto-fonts
noto-fonts-color-emoji
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
pasystray
pavucontrol
rsync
sbctl
sudo
sway
swaybg
swayidle
swaylock
swaynotificationcenter
vim
vlc
waybar
wdisplays
wget
wine
wofi
wttrbar
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
# Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Installing fonts
fonts.packages = with pkgs; [
nerd-fonts._3270
nerd-fonts.agave
nerd-fonts.anonymice
nerd-fonts.arimo
nerd-fonts.aurulent-sans-mono
nerd-fonts.bigblue-terminal
nerd-fonts.bitstream-vera-sans-mono
nerd-fonts.blex-mono
nerd-fonts.caskaydia-cove
nerd-fonts.caskaydia-mono
nerd-fonts.code-new-roman
nerd-fonts.comic-shanns-mono
nerd-fonts.commit-mono
nerd-fonts.cousine
nerd-fonts.d2coding
nerd-fonts.daddy-time-mono
nerd-fonts.departure-mono
nerd-fonts.dejavu-sans-mono
nerd-fonts.droid-sans-mono
nerd-fonts.envy-code-r
nerd-fonts.fantasque-sans-mono
nerd-fonts.fira-code
nerd-fonts.fira-mono
nerd-fonts.geist-mono
nerd-fonts.go-mono
nerd-fonts.gohufont
nerd-fonts.hack
nerd-fonts.hasklug
nerd-fonts.heavy-data
nerd-fonts.hurmit
nerd-fonts.im-writing
nerd-fonts.inconsolata
nerd-fonts.inconsolata-go
nerd-fonts.inconsolata-lgc
nerd-fonts.intone-mono
nerd-fonts.iosevka
nerd-fonts.iosevka-term
nerd-fonts.iosevka-term-slab
nerd-fonts.jetbrains-mono
nerd-fonts.lekton
nerd-fonts.liberation
nerd-fonts.lilex
nerd-fonts.martian-mono
nerd-fonts.meslo-lg
nerd-fonts.monaspace
nerd-fonts.monofur
nerd-fonts.monoid
nerd-fonts.mononoki
nerd-fonts.noto
nerd-fonts.open-dyslexic
nerd-fonts.overpass
nerd-fonts.profont
nerd-fonts.proggy-clean-tt
nerd-fonts.recursive-mono
nerd-fonts.roboto-mono
nerd-fonts.shure-tech-mono
nerd-fonts.sauce-code-pro
nerd-fonts.space-mono
nerd-fonts.symbols-only
nerd-fonts.terminess-ttf
nerd-fonts.tinos
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
nerd-fonts.ubuntu-sans
nerd-fonts.victor-mono
nerd-fonts.zed-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-monochrome-emoji
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.ubuntu
nerd-fonts.symbols-only
font-awesome
font-awesome_4
font-awesome_5
font-awesome_6
];
services.fwupd.enable = true;
# For network issues, you might need something like this:
# networking.networkmanager.enable = true;
# services.fwupd.extraConfig = ''
# [GSettings]
# GIO_USE_NETWORK_MONITOR=base
# '';
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}
