120 lines
3.2 KiB
Nix
120 lines
3.2 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
# and in the NixOS manual (accessible by running `nixos-help`).
|
|
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./packages/default.nix
|
|
];
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.kernelPackages = pkgs.linuxPackages_zen;
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Enable the X11 windowing system.
|
|
services.xserver.enable = false;
|
|
|
|
# Enable CUPS to print documents.
|
|
services.printing.enable = true;
|
|
|
|
|
|
services.avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Swaylock allow to unlock
|
|
security.pam.services.swaylock = {};
|
|
security.sudo.wheelNeedsPassword=false;
|
|
security.rtkit.enable = true;
|
|
services.gnome.gnome-keyring.enable = true;
|
|
services.usbmuxd.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
alsa.enable = true;
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
programs.openvpn3.enable = true;
|
|
programs.hyprland.enable = true;
|
|
|
|
|
|
programs.neovim = {
|
|
enable = true;
|
|
viAlias = true;
|
|
vimAlias = true;
|
|
defaultEditor = true;
|
|
configure = {
|
|
customRC = builtins.readFile ./config/nvim/init.vim;
|
|
packages.myVimPackage = with pkgs.vimPlugins; {
|
|
start = [
|
|
nvim-lspconfig
|
|
nvim-cmp
|
|
cmp-nvim-lsp
|
|
luasnip
|
|
cmp_luasnip
|
|
tokyonight-nvim
|
|
vim-lsp-cxx-highlight
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
boot.kernel.sysctl."kernel.sched_rt_runtime_us" = -1;
|
|
|
|
|
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
builtins.elem ( lib.getName pkg) [
|
|
"osu-lazer"
|
|
];
|
|
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
stitchynyan = {
|
|
isNormalUser = true;
|
|
shell = pkgs.zsh;
|
|
home = "/home/stitchynyan";
|
|
description = "Personal user";
|
|
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirt" "audio" ];
|
|
initialHashedPassword = "$y$j9T$rvySCWHYE4AO4A9J0Vf20.$x5hpBNsOWovQFtNfFUIt17OAH5MJFwFBGjxbaEIagJ3";
|
|
};
|
|
nyadmin = {
|
|
isNormalUser = true;
|
|
shell = pkgs.zsh;
|
|
home = "/home/nyadmin";
|
|
description = "Administrator~";
|
|
extraGroups = [ "wheel" "kvm" "libvirt" "docker" ];
|
|
initialHashedPassword = "$y$j9T$XguIcj/AVXsWW/MxSYAGh0$TivGAa0z8KNCli2mKTd24vtqimpadNzqMFwfbeh0p30";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVgHcJ9C8TD515x+KqFKNYUa6IZML6LU3FWovmDIvyZ" ];
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
# if packets are still dropped, they will show up in dmesg
|
|
logReversePathDrops = true;
|
|
# wireguard trips rpfilter up
|
|
extraCommands = ''
|
|
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
|
|
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
|
|
'';
|
|
extraStopCommands = ''
|
|
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
|
|
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
|
|
'';
|
|
# Open ports in the firewall.
|
|
allowedTCPPorts = [ 22000 ];
|
|
allowedUDPPorts = [ 22000 ];
|
|
};
|
|
}
|