92 lines
2.2 KiB
Nix
92 lines
2.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./packages/default.nix
|
|
];
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.kernelPackages = pkgs.linuxPackages_zen;
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Enable the X11 windowing system.
|
|
services.xserver.enable = false;
|
|
|
|
# Enable CUPS to print documents.
|
|
services.printing.enable = true;
|
|
|
|
|
|
services.avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Swaylock allow to unlock
|
|
security.pam.services.swaylock = {};
|
|
security.sudo.wheelNeedsPassword=false;
|
|
security.rtkit.enable = true;
|
|
services.gnome.gnome-keyring.enable = true;
|
|
services.usbmuxd.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
alsa.enable = true;
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
programs.openvpn3.enable = true;
|
|
programs.hyprland.enable = true;
|
|
|
|
|
|
programs.neovim = {
|
|
enable = true;
|
|
viAlias = true;
|
|
vimAlias = true;
|
|
defaultEditor = true;
|
|
configure = {
|
|
customRC = builtins.readFile ./config/nvim/init.vim;
|
|
packages.myVimPackage = with pkgs.vimPlugins; {
|
|
start = [
|
|
nvim-lspconfig
|
|
nvim-cmp
|
|
cmp-nvim-lsp
|
|
luasnip
|
|
cmp_luasnip
|
|
tokyonight-nvim
|
|
vim-lsp-cxx-highlight
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
boot.kernel.sysctl."kernel.sched_rt_runtime_us" = -1;
|
|
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
root.initialHashedPassword = "!";
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
# if packets are still dropped, they will show up in dmesg
|
|
logReversePathDrops = true;
|
|
# wireguard trips rpfilter up
|
|
extraCommands = ''
|
|
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
|
|
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
|
|
'';
|
|
extraStopCommands = ''
|
|
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
|
|
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
|
|
'';
|
|
# Open ports in the firewall.
|
|
allowedTCPPorts = [ 22000 ];
|
|
allowedUDPPorts = [ 22000 ];
|
|
};
|
|
}
|