2023-05-06 22:00:07 +03:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2023-09-09 23:27:29 +03:00
|
|
|
|
inputs: { config, pkgs, lib, ... }:
|
2023-05-06 22:00:07 +03:00
|
|
|
|
let
|
2024-02-28 23:20:48 +02:00
|
|
|
|
# nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center;
|
2023-07-12 19:35:24 +03:00
|
|
|
|
# doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default;
|
2023-06-21 14:14:11 +03:00
|
|
|
|
nh = inputs.nix-but-gigachad.packages.${pkgs.system}.default;
|
2023-05-06 22:00:07 +03:00
|
|
|
|
in {
|
|
|
|
|
imports =
|
|
|
|
|
[ # Include the results of the hardware scan.
|
2023-09-09 23:27:29 +03:00
|
|
|
|
./hardware/hardware-configuration.nix
|
2023-05-06 22:00:07 +03:00
|
|
|
|
./cachix.nix
|
2023-09-09 23:27:29 +03:00
|
|
|
|
( import ./hardware/nvidia.nix inputs )
|
2023-12-17 11:39:52 +02:00
|
|
|
|
( import ./services/forge.nix inputs )
|
|
|
|
|
( import ./services/cloud.nix inputs )
|
|
|
|
|
( import ./services/vaultwarden.nix inputs )
|
2024-01-20 23:07:14 +02:00
|
|
|
|
( import ./services/matrix.nix inputs )
|
2024-02-28 23:20:48 +02:00
|
|
|
|
# ( import ./services/office.nix inputs )
|
|
|
|
|
# ( import ./services/Sharkey inputs )
|
2023-12-17 11:39:52 +02:00
|
|
|
|
# ( import ./services/caddy.nix inputs ) # doesn't work
|
|
|
|
|
# ( import ./services/dnsmasq.nix inputs ) # borks my DNS
|
|
|
|
|
# ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules
|
2023-06-21 14:14:11 +03:00
|
|
|
|
inputs.nix-but-gigachad.nixosModules.default
|
2023-05-06 22:00:07 +03:00
|
|
|
|
];
|
2023-06-21 14:14:11 +03:00
|
|
|
|
nh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
clean.enable = true;
|
|
|
|
|
};
|
2023-06-26 10:57:01 +03:00
|
|
|
|
fonts = {
|
|
|
|
|
fontconfig = {
|
|
|
|
|
defaultFonts = {
|
|
|
|
|
serif = [ "JetBrainsMono Nerd Font" ];
|
|
|
|
|
sansSerif = [ "JetBrainsMono Nerd Font" ];
|
|
|
|
|
monospace = [ "JetBrainsMono Nerd Font" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-06-05 15:02:59 +03:00
|
|
|
|
nix.settings = {
|
|
|
|
|
trusted-users = [ "root" "ultra" ];
|
|
|
|
|
experimental-features = [ "nix-command" "flakes" ];
|
2023-06-21 14:14:11 +03:00
|
|
|
|
substituters = [
|
|
|
|
|
"https://hyprland.cachix.org"
|
|
|
|
|
"https://viperml.cachix.org"
|
|
|
|
|
];
|
|
|
|
|
trusted-public-keys = [
|
|
|
|
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
|
|
|
|
"viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
|
|
|
|
|
];
|
2023-06-05 15:02:59 +03:00
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest; # Use the latest kernel
|
|
|
|
|
loader = {
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
efi = {
|
|
|
|
|
canTouchEfiVariables = true;
|
|
|
|
|
efiSysMountPoint = "/boot/efi";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
plymouth.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking = {
|
2023-07-11 22:08:46 +03:00
|
|
|
|
hostName = "titan"; # Define your hostname.
|
2024-01-20 23:07:14 +02:00
|
|
|
|
domain = "gra.phite.ro";
|
2023-05-06 22:00:07 +03:00
|
|
|
|
|
|
|
|
|
# Enable networking
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
|
2024-02-28 23:20:48 +02:00
|
|
|
|
hosts = {
|
|
|
|
|
# "192.168.0.221" = [ "pi" "pi-master" ];
|
|
|
|
|
"65.108.48.233" = [ "queer.af" ];
|
|
|
|
|
};
|
|
|
|
|
/*
|
|
|
|
|
nameservers = [
|
|
|
|
|
"8.8.8.8"
|
|
|
|
|
"94.16.114.254"
|
|
|
|
|
];
|
|
|
|
|
*/
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
|
|
|
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
|
|
|
|
|
|
|
|
# Configure network proxy if necessary
|
|
|
|
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
|
|
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
time.timeZone = "Europe/Bucharest";
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n.defaultLocale = "en_GB.utf8";
|
|
|
|
|
|
|
|
|
|
i18n.extraLocaleSettings = {
|
|
|
|
|
LC_ADDRESS = "ro_RO.utf8";
|
|
|
|
|
LC_IDENTIFICATION = "ro_RO.utf8";
|
|
|
|
|
LC_MEASUREMENT = "ro_RO.utf8";
|
|
|
|
|
LC_MONETARY = "ro_RO.utf8";
|
|
|
|
|
LC_NAME = "ro_RO.utf8";
|
|
|
|
|
LC_NUMERIC = "ro_RO.utf8";
|
|
|
|
|
LC_PAPER = "ro_RO.utf8";
|
|
|
|
|
LC_TELEPHONE = "ro_RO.utf8";
|
|
|
|
|
LC_TIME = "ro_RO.utf8";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable sound with pipewire.
|
|
|
|
|
sound.enable = true;
|
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
# If you want to use JACK applications, uncomment this
|
|
|
|
|
#jack.enable = true;
|
|
|
|
|
|
|
|
|
|
# use the example session manager (no others are packaged yet so this is enabled by default,
|
|
|
|
|
# no need to redefine it in your config for now)
|
|
|
|
|
#media-session.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable touchpad support (enabled default in most desktopManager).
|
|
|
|
|
# services.xserver.libinput.enable = true;
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.users.ultra = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Alex S.";
|
|
|
|
|
extraGroups = [
|
|
|
|
|
"networkmanager"
|
|
|
|
|
"wheel"
|
|
|
|
|
"vboxusers"
|
2023-11-16 16:08:33 +02:00
|
|
|
|
"input"
|
2024-01-20 23:07:14 +02:00
|
|
|
|
"uinput"
|
2023-05-06 22:00:07 +03:00
|
|
|
|
];
|
|
|
|
|
shell = pkgs.fish;
|
|
|
|
|
hashedPassword = "$6$OBjnSQhhJgHsr5LE$jFtUz.2qv0l2viv86exXmfHWC0fDFXKD3rqH41NmqgkdoBrwY2rPkDBCPjdq7PSoeudYcQ0nXxJvh1N7EIUs90";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Allow unfree packages
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
environment = {
|
2023-06-05 18:31:41 +03:00
|
|
|
|
sessionVariables = {
|
|
|
|
|
QT_QPA_PLATFORMTHEME = "qt5ct";
|
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
|
wget
|
|
|
|
|
neovim
|
|
|
|
|
neofetch
|
|
|
|
|
podman
|
|
|
|
|
distrobox
|
|
|
|
|
cargo
|
|
|
|
|
nushell
|
|
|
|
|
nerdfonts
|
|
|
|
|
steam-run
|
|
|
|
|
packagekit
|
2023-09-09 23:29:07 +03:00
|
|
|
|
# nix-software-center
|
2023-05-06 22:00:07 +03:00
|
|
|
|
fish
|
|
|
|
|
libsForQt5.yakuake
|
|
|
|
|
libsForQt5.discover
|
|
|
|
|
wacomtablet
|
|
|
|
|
git
|
|
|
|
|
starship
|
|
|
|
|
plymouth
|
2023-05-13 11:41:45 +03:00
|
|
|
|
clang-tools
|
2023-05-13 17:12:08 +03:00
|
|
|
|
nil
|
2023-09-28 16:11:49 +03:00
|
|
|
|
pkg-config
|
2023-06-21 14:14:11 +03:00
|
|
|
|
nh
|
2023-06-23 01:24:33 +03:00
|
|
|
|
ksnip
|
2023-06-26 10:46:16 +03:00
|
|
|
|
virt-manager
|
2023-06-28 09:12:30 +03:00
|
|
|
|
flutter
|
2023-09-09 23:29:07 +03:00
|
|
|
|
nixd
|
2023-09-19 17:39:50 +03:00
|
|
|
|
sddm-kcm
|
2023-11-16 16:01:37 +02:00
|
|
|
|
wooting-udev-rules
|
|
|
|
|
wootility
|
2024-02-28 23:20:48 +02:00
|
|
|
|
docker-compose
|
|
|
|
|
qflipper
|
2023-05-06 22:00:07 +03:00
|
|
|
|
];
|
|
|
|
|
variables = {
|
|
|
|
|
NIX_AUTO_RUN = "!";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-05-14 21:42:09 +03:00
|
|
|
|
programs = {
|
2023-06-26 10:46:16 +03:00
|
|
|
|
dconf.enable = true;
|
2023-05-14 21:42:09 +03:00
|
|
|
|
fish.enable = true;
|
|
|
|
|
kdeconnect = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-06-05 15:02:59 +03:00
|
|
|
|
hyprland = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-06-23 01:24:33 +03:00
|
|
|
|
command-not-found.enable = true;
|
2023-05-14 21:42:09 +03:00
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
# programs.nushell.enable = true;
|
|
|
|
|
# users.defaultUserShell = pkgs.zsh;
|
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
|
|
|
# started in user sessions.
|
|
|
|
|
# programs.mtr.enable = true;
|
|
|
|
|
# programs.gnupg.agent = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# enableSSHSupport = true;
|
|
|
|
|
# };
|
|
|
|
|
|
|
|
|
|
# List services that you want to enable:
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
# services.openssh.enable = true;
|
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
2023-09-24 22:00:50 +03:00
|
|
|
|
# networking.firewall.allowedTCPPorts = [ 21 20 22 ];
|
|
|
|
|
# networking.firewall.allowedUDPPorts = [ 21 20 22 ];
|
2023-05-06 22:00:07 +03:00
|
|
|
|
# Or disable the firewall altogether.
|
2023-09-24 22:00:50 +03:00
|
|
|
|
networking.firewall.enable = false;
|
2023-05-06 22:00:07 +03:00
|
|
|
|
|
|
|
|
|
# This value determines the NixOS release from which the default
|
|
|
|
|
# settings for stateful data, like file locations and database versions
|
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
|
|
|
# this value at the release version of the first install of this system.
|
|
|
|
|
# Before changing this value read the documentation for this option
|
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
|
|
|
system.stateVersion = "22.11"; # Did you read the comment?
|
|
|
|
|
|
|
|
|
|
system.autoUpgrade.enable = true;
|
|
|
|
|
system.autoUpgrade.allowReboot = false;
|
|
|
|
|
|
|
|
|
|
security.sudo.extraConfig = ''
|
|
|
|
|
Defaults insults
|
|
|
|
|
Defaults pwfeedback
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
virtualisation = {
|
2023-06-26 10:46:16 +03:00
|
|
|
|
libvirtd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
podman = {
|
|
|
|
|
enable = true;
|
|
|
|
|
dockerCompat = true;
|
|
|
|
|
# defaultNetwork.settings.dns_enabled = true;
|
|
|
|
|
};
|
|
|
|
|
waydroid.enable = true;
|
|
|
|
|
lxd.enable = true;
|
|
|
|
|
virtualbox = {
|
|
|
|
|
host = {
|
|
|
|
|
enable = false; # it takes a REALLY long time (and a lot of CPU) to build, and it still doesn't work.
|
|
|
|
|
enableExtensionPack = false; # false because this might build it (idk)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
emacs = {
|
|
|
|
|
enable = false; # takes a lot of time to compile
|
2023-07-12 19:35:24 +03:00
|
|
|
|
/*
|
2023-05-06 22:00:07 +03:00
|
|
|
|
package = doom-emacs.override {
|
|
|
|
|
doomPrivateDir = ./doom.d;
|
|
|
|
|
};
|
2023-07-12 19:35:24 +03:00
|
|
|
|
*/
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
|
|
|
|
flatpak.enable = true;
|
|
|
|
|
packagekit.enable = true;
|
|
|
|
|
xserver = {
|
|
|
|
|
# videoDrivers = [ "nvidia" ];
|
|
|
|
|
wacom.enable = true;
|
|
|
|
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
# Enable KDE Plasma 5
|
|
|
|
|
displayManager = {
|
2023-06-21 14:14:11 +03:00
|
|
|
|
/*
|
2023-05-06 22:00:07 +03:00
|
|
|
|
autoLogin = {
|
2023-06-05 18:31:41 +03:00
|
|
|
|
enable = false;
|
2023-06-21 14:14:11 +03:00
|
|
|
|
user = "ultra";
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
2023-06-21 14:14:11 +03:00
|
|
|
|
*/
|
2023-05-06 22:00:07 +03:00
|
|
|
|
|
|
|
|
|
sddm = {
|
|
|
|
|
enable = true;
|
2023-09-19 17:39:50 +03:00
|
|
|
|
settings = {
|
|
|
|
|
General = {
|
|
|
|
|
DisplayServer = "wayland";
|
|
|
|
|
GreeterEnbironment = "QT_WAYLAND_SHELL_INTEGRATION=layer-shell";
|
|
|
|
|
};
|
|
|
|
|
Wayland = {
|
|
|
|
|
CompositerCommand = "kwin_wayland --drm --no-lockscreen --no-global-shortcuts";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
2023-09-19 17:39:50 +03:00
|
|
|
|
startx.enable = true;
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
|
|
|
|
desktopManager.plasma5.enable = true;
|
|
|
|
|
|
|
|
|
|
# Keymap
|
|
|
|
|
layout = "ro";
|
|
|
|
|
xkbVariant = "";
|
|
|
|
|
};
|
|
|
|
|
apcupsd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable CUPS to print documents.
|
|
|
|
|
printing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-05-20 19:30:54 +03:00
|
|
|
|
twingate.enable = false;
|
2023-07-13 23:33:19 +03:00
|
|
|
|
kubo = {
|
2023-07-13 19:29:45 +03:00
|
|
|
|
enable = true;
|
2023-07-13 23:33:19 +03:00
|
|
|
|
startWhenNeeded = true;
|
|
|
|
|
autoMount = true;
|
2023-07-13 19:29:45 +03:00
|
|
|
|
};
|
2023-08-14 16:23:18 +03:00
|
|
|
|
|
|
|
|
|
# FTP daemon
|
|
|
|
|
vsftpd = {
|
|
|
|
|
enable = true; # enable the daemon
|
|
|
|
|
localUsers = true; # allow local users to use the daemon
|
|
|
|
|
|
|
|
|
|
# allow anonymous users to log in
|
|
|
|
|
anonymousUser = true;
|
|
|
|
|
anonymousUserNoPassword = true;
|
|
|
|
|
anonymousUploadEnable = false; # Anyone uploading files wouldn't be so secure, would it?
|
|
|
|
|
anonymousMkdirEnable = false; # Neither would them creating directories.
|
|
|
|
|
writeEnable = false;
|
|
|
|
|
};
|
2023-09-19 17:39:50 +03:00
|
|
|
|
|
|
|
|
|
snowflake-proxy.enable = true;
|
2023-09-24 22:00:50 +03:00
|
|
|
|
openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-12-09 20:29:26 +02:00
|
|
|
|
tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2024-01-20 23:07:14 +02:00
|
|
|
|
avahi = {
|
|
|
|
|
enable = true;
|
|
|
|
|
nssmdns = true;
|
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
};
|
|
|
|
|
|
2023-12-10 00:24:56 +02:00
|
|
|
|
# create a oneshot job to authenticate to Tailscale
|
|
|
|
|
systemd.services.tailscale-autoconnect = {
|
|
|
|
|
description = "Automatic connection to Tailscale";
|
|
|
|
|
|
|
|
|
|
# make sure tailscale is running before trying to connect to tailscale
|
|
|
|
|
after = [ "network-pre.target" "tailscale.service" ];
|
|
|
|
|
wants = [ "network-pre.target" "tailscale.service" ];
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
|
|
|
|
|
# set this service as a oneshot job
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
|
|
|
|
|
# have the job run this shell script
|
|
|
|
|
script = with pkgs; ''
|
|
|
|
|
# wait for tailscaled to settle
|
|
|
|
|
sleep 2
|
|
|
|
|
|
|
|
|
|
# check if we are already authenticated to tailscale
|
|
|
|
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
|
|
|
|
if [ $status = "Running" ]; then # if so, then do nothing
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# otherwise authenticate with tailscale
|
2023-12-10 00:26:23 +02:00
|
|
|
|
${tailscale}/bin/tailscale up
|
2023-12-10 00:24:56 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
|
2023-09-09 23:27:29 +03:00
|
|
|
|
|
2024-02-28 23:20:48 +02:00
|
|
|
|
hardware = {
|
2023-09-09 23:27:29 +03:00
|
|
|
|
|
|
|
|
|
|
2023-08-14 16:23:18 +03:00
|
|
|
|
|
2024-02-28 23:20:48 +02:00
|
|
|
|
# bluetooth config
|
|
|
|
|
bluetooth = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
wooting.enable = true;
|
|
|
|
|
xpadneo.enable = true;
|
|
|
|
|
flipperzero.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security = {
|
|
|
|
|
pam = {
|
|
|
|
|
loginLimits = [
|
|
|
|
|
{
|
|
|
|
|
domain = "*";
|
|
|
|
|
item = "nproc";
|
|
|
|
|
type = "soft";
|
|
|
|
|
value = "10000";
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-08-14 16:23:18 +03:00
|
|
|
|
};
|
2024-02-28 23:20:48 +02:00
|
|
|
|
};
|
2023-05-06 22:00:07 +03:00
|
|
|
|
}
|