{ config, pkgs, lib, ... }: { imports = [ ./packages/default.nix ]; # Use the systemd-boot EFI boot loader. boot.kernelPackages = pkgs.linuxPackages_zen; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Enable the X11 windowing system. services.xserver.enable = false; # Enable CUPS to print documents. services.printing.enable = true; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # Swaylock allow to unlock security.pam.services.swaylock = {}; security.sudo.wheelNeedsPassword=false; security.rtkit.enable = true; services.gnome.gnome-keyring.enable = true; services.usbmuxd.enable = true; services.pipewire = { enable = true; pulse.enable = true; alsa.enable = true; }; programs.zsh.enable = true; programs.openvpn3.enable = true; programs.hyprland.enable = true; programs.neovim = { enable = true; viAlias = true; vimAlias = true; defaultEditor = true; configure = { customRC = builtins.readFile ./config/nvim/init.vim; packages.myVimPackage = with pkgs.vimPlugins; { start = [ nvim-lspconfig nvim-cmp cmp-nvim-lsp luasnip cmp_luasnip tokyonight-nvim vim-lsp-cxx-highlight ]; }; }; }; boot.kernel.sysctl."kernel.sched_rt_runtime_us" = -1; users.mutableUsers = false; users.users = { root.initialHashedPassword = "!"; }; networking.firewall = { enable = true; # if packets are still dropped, they will show up in dmesg logReversePathDrops = true; # wireguard trips rpfilter up extraCommands = '' ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN ''; extraStopCommands = '' ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true ''; # Open ports in the firewall. allowedTCPPorts = [ 22000 ]; allowedUDPPorts = [ 22000 ]; }; }