2024-11-18 17:02:00 -05:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘ ’
{ config , pkgs , lib , unstable , . . . }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
] ;
# legacy boot
#boot.loader.grub.enable = true;
#boot.loader.grub.device = "/dev/vda";
#boot.loader.grub.useOSProber = true;
# UEFI boot
boot . loader . systemd-boot . enable = true ;
boot . loader . efi . canTouchEfiVariables = true ;
#boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot . binfmt . registrations . appimage = {
interpreter = " ${ pkgs . appimage-run } / b i n / a p p i m a g e - r u n " ;
recognitionType = " m a g i c " ;
offset = 0 ;
mask = '' \ x f f \ x f f \ x f f \ x f f \ x 0 0 \ x 0 0 \ x 0 0 \ x 0 0 \ x f f \ x f f \ x f f '' ;
magicOrExtension = '' \ x 7 f E L F . . . . A I \ x 0 2 '' ;
} ;
# boot logo
boot . plymouth . enable = true ;
# ZRAM
zramSwap . enable = true ;
zramSwap . memoryPercent = 50 ;
boot . kernel . sysctl = {
" v m . s w a p p i n e s s " = 10 ;
" v m . v s f _ c a c h e _ p r e s s u r e " = 50 ;
} ;
boot . binfmt . emulatedSystems = [ " a a r c h 6 4 - l i n u x " ] ;
2024-11-18 19:47:06 -05:00
#boot.kernelPackages = pkgs.linuxPackages_xanmod_stable;
2024-11-18 17:02:00 -05:00
boot . extraModulePackages = with config . boot . kernelPackages ; [ v4l2loopback ] ;
networking . hostName = " 2 0 1 2 m a c m i n i " ; # Define your hostname.
networking . networkmanager . enable = true ;
# Set your time zone.
time . timeZone = " A m e r i c a / N e w _ Y o r k " ;
# Select internationalisation properties.
i18n . defaultLocale = " e n _ U S . U T F - 8 " ;
console = {
font = " L a t 2 - T e r m i n u s 1 6 " ;
useXkbConfig = true ;
} ;
fonts . packages = [ pkgs . corefonts ] ;
# Enable the X11 windowing system.
services . xserver . enable = true ;
# displaylink
#services.xserver.videoDrivers = [ "displaylink" "modesetting" ];
# waydroid
virtualisation . waydroid . enable = true ;
# Enable the Cinnamon Desktop Environment.
services . displayManager . sddm . enable = true ;
services . desktopManager . plasma6 . enable = true ;
programs . kdeconnect . enable = true ;
# Configure keymap in X11
services . xserver = {
xkb . layout = " u s " ;
#xkb.variant = "colemak";
#xkb.model = "chromebook";
} ;
services . xserver . xkb . options = " g r p : w i n _ s p a c e _ t o g g l e " ;
# Enable CUPS to print documents.
services . printing . enable = true ;
services . printing . openFirewall = true ;
services . avahi . enable = true ;
services . avahi . nssmdns4 = true ;
services . avahi . openFirewall = true ;
services . printing . drivers = [ pkgs . hplip ] ;
# Enable sound with pipewire.
hardware . pulseaudio . enable = false ;
security . rtkit . enable = true ;
services . pipewire = {
enable = true ;
alsa . enable = true ;
alsa . support32Bit = true ;
pulse . enable = true ;
# If you want to use JACK applications, uncomment this
jack . enable = true ;
# use the example session manager (no others are packaged yet so this is en>
# no need to redefine it in your config for now)
wireplumber . enable = true ;
} ;
programs . noisetorch . enable = true ;
# Enable touchpad support (enabled default in most desktopManager).
services . libinput . enable = true ;
# Define a user account. Don't forget to set a password with ‘ ’
users . users . vincent = {
isNormalUser = true ;
shell = pkgs . fish ;
initialHashedPassword = " $ y $ j 9 T $ 0 P P b S X G E w y G q 6 Z F v J M h m E / $ D 5 Z l K O w R / 4 N C D D 8 e a x W i Q i G 1 T T R S K 4 P f b Q e / T m 6 0 I d / " ;
extraGroups = [ " w h e e l " " n e t w o r k m a n a g e r " " u n i p u t " " l p " " a u d i o " " v i d e o " " c d r o m " " i n p u t " " l i b v i r t d " " d i a l o u t " ] ;
} ;
programs . fish . enable = true ;
nix . extraOptions = '' e x p e r i m e n t a l - f e a t u r e s = n i x - c o m m a n d f l a k e s '' ;
nixpkgs . config . permittedInsecurePackages = [
" e l e c t r o n - 1 2 . 2 . 3 "
" e l e c t r o n - 2 7 . 3 . 1 1 "
] ;
nixpkgs . config . allowUnfree = true ;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = {
systemPackages = with pkgs ; [
tailscale
bleachbit
neofetch
clamtk
2025-01-05 15:50:29 -05:00
btop
2024-11-18 17:02:00 -05:00
trayscale
topgrade
appimage-run
git
2025-01-05 15:50:29 -05:00
gearlever
2024-11-18 17:02:00 -05:00
# kde apps
kdePackages . discover
kdePackages . sddm-kcm
kdePackages . ark
kdePackages . qtmultimedia
# editors
kdePackages . kate
nano
# vm
unstable . quickemu
# containers
podman
podman-compose
distrobox
boxbuddy
2025-01-05 15:50:29 -05:00
# notes
nb
git
w3m
2024-11-18 17:02:00 -05:00
# office apps
bottles
onlyoffice-bin_latest
zoom-us
orca-slicer
2025-01-05 15:50:29 -05:00
freecad
2024-11-18 17:02:00 -05:00
gpodder
2025-01-05 15:50:29 -05:00
rpi-imager
2024-11-18 17:02:00 -05:00
# package manager
wget
# web browser
librewolf
ungoogled-chromium
] ;
} ;
# flatpak
xdg . portal . enable = true ;
services . flatpak . enable = true ;
systemd . services . configure-flathub-repo = {
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
path = [ pkgs . flatpak ] ;
script = ''
flatpak remote-add - - if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'' ;
} ;
# podman
virtualisation . containers . enable = true ;
virtualisation = {
podman = {
enable = true ;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true ;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork . settings . dns_enabled = true ;
} ;
} ;
# bluetooth
hardware . bluetooth . enable = true ;
# dconf
programs . dconf . enable = true ;
# enable the tailscale service
services . tailscale . enable = true ;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs . mtr . enable = true ;
programs . gnupg . agent = {
enable = true ;
enableSSHSupport = true ;
} ;
# List services that you want to enable:
# preload
services . preload . enable = true ;
# schedualer
services . system76-scheduler . enable = true ;
# Enable the OpenSSH daemon.
services . openssh . enable = false ;
# auto clean
nix . optimise . automatic = true ;
# enable fwupd
services . fwupd . enable = true ;
# captive browser
programs . captive-browser . enable = true ;
programs . captive-browser . bindInterface = false ;
# auto update
system . autoUpgrade . enable = true ;
system . autoUpgrade . allowReboot = true ;
system . autoUpgrade . rebootWindow = {
lower = " 0 1 : 0 0 " ;
upper = " 0 5 : 0 0 " ;
} ;
#clamav
services . clamav . updater . enable = true ;
services . clamav . daemon . enable = true ;
# audit
security . auditd . enable = true ;
security . audit . enable = true ;
security . audit . rules = [
" - a e x i t , a l w a y s - F a r c h = b 6 4 - S e x e c v e "
] ;
# Open ports in the firewall.
networking . firewall . allowedTCPPorts = [
22
8384
22000
24800
21116
7236
7250
47984
47989
47990
48010
] ;
networking . firewall . allowedUDPPorts = [
22000
21027
24800
5353
5900
3689
5353
7236
47998
47999
48000
48002
] ;
networking . firewall . allowedTCPPortRanges = [
{
from = 1714 ;
to = 1764 ;
}
] ;
networking . firewall . allowedUDPPortRanges = [
{
from = 1714 ;
to = 1764 ;
}
] ;
networking . firewall . rejectPackets = true ;
# networking.firewall.allowedUDPPorts = [ 21116 ];
# Or disable the firewall altogether.
networking . firewall . trustedInterfaces = [ " t a i l s c a l e 0 " ] ;
services . fail2ban . enable = true ;
networking . firewall . enable = true ;
# This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were
# taken. It‘
# the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system . stateVersion = " 2 4 . 0 5 " ; # Did you read the comment?
}
