dotfiles/configuration.nix

121 lines
3.2 KiB
Nix
Raw Normal View History

2023-08-05 18:48:10 -07:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
2024-01-20 17:53:24 -08:00
{ config, pkgs, lib, ... }:
2023-08-05 18:48:10 -07:00
{
imports =
2024-01-20 17:53:24 -08:00
[
2023-08-05 21:03:24 -07:00
./packages/default.nix
2023-08-05 18:48:10 -07:00
];
# Use the systemd-boot EFI boot loader.
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.loader.systemd-boot.enable = true;
2024-01-23 20:02:43 -08:00
boot.loader.efi.canTouchEfiVariables = true;
2024-01-20 17:53:24 -08:00
2023-08-05 18:48:10 -07:00
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable the X11 windowing system.
services.xserver.enable = false;
# Enable CUPS to print documents.
services.printing.enable = true;
2024-01-23 20:02:43 -08:00
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
2023-08-05 21:03:24 -07:00
# Swaylock allow to unlock
2023-08-05 18:48:10 -07:00
security.pam.services.swaylock = {};
2024-01-20 17:53:24 -08:00
security.sudo.wheelNeedsPassword=false;
2023-08-05 18:48:10 -07:00
security.rtkit.enable = true;
services.gnome.gnome-keyring.enable = true;
2024-01-20 17:53:24 -08:00
services.usbmuxd.enable = true;
2023-08-05 18:48:10 -07:00
services.pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
};
programs.zsh.enable = true;
2024-01-20 17:53:24 -08:00
programs.openvpn3.enable = true;
programs.hyprland.enable = true;
2023-08-05 18:48:10 -07:00
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
configure = {
2024-02-01 19:48:41 -08:00
customRC = builtins.readFile ./config/nvim/init.vim;
2023-08-05 18:48:10 -07:00
packages.myVimPackage = with pkgs.vimPlugins; {
start = [
nvim-lspconfig
nvim-cmp
cmp-nvim-lsp
luasnip
cmp_luasnip
tokyonight-nvim
vim-lsp-cxx-highlight
];
};
};
};
2024-01-20 17:53:24 -08:00
boot.kernel.sysctl."kernel.sched_rt_runtime_us" = -1;
2023-08-05 18:48:10 -07:00
2024-01-20 17:53:24 -08:00
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem ( lib.getName pkg) [
"osu-lazer"
];
2023-08-05 18:48:10 -07:00
users.mutableUsers = false;
2024-01-23 20:02:43 -08:00
users.users = {
stitchynyan = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/stitchynyan";
description = "Personal user";
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirt" "audio" ];
initialHashedPassword = "$y$j9T$rvySCWHYE4AO4A9J0Vf20.$x5hpBNsOWovQFtNfFUIt17OAH5MJFwFBGjxbaEIagJ3";
};
nyadmin = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/nyadmin";
description = "Administrator~";
2024-01-23 23:27:40 -08:00
extraGroups = [ "wheel" "kvm" "libvirt" "docker" ];
2024-01-23 20:02:43 -08:00
initialHashedPassword = "$y$j9T$XguIcj/AVXsWW/MxSYAGh0$TivGAa0z8KNCli2mKTd24vtqimpadNzqMFwfbeh0p30";
openssh.authorizedKeys.keys = [
2024-01-23 22:27:45 -08:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVgHcJ9C8TD515x+KqFKNYUa6IZML6LU3FWovmDIvyZ" ];
2024-01-23 20:02:43 -08:00
};
2023-08-05 18:48:10 -07:00
};
2024-01-20 17:53:24 -08:00
networking.firewall = {
enable = true;
# if packets are still dropped, they will show up in dmesg
logReversePathDrops = true;
# wireguard trips rpfilter up
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
'';
# Open ports in the firewall.
allowedTCPPorts = [ 22000 ];
allowedUDPPorts = [ 22000 ];
};
2023-08-05 18:48:10 -07:00
}