# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, unstable, ... }: { #imports = # [ # Include the results of the hardware scan. # ./hardware-configuration.nix # ]; # legacy boot #boot.loader.grub.enable = true; #boot.loader.grub.device = "/dev/vda"; #boot.loader.grub.useOSProber = true; # UEFI boot boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; #boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.binfmt.registrations.appimage = { interpreter = "${pkgs.appimage-run}/bin/appimage-run"; recognitionType = "magic"; offset = 0; mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; magicOrExtension = ''\x7fELF....AI\x02''; }; # boot logo boot.plymouth.enable = true; # ZRAM zramSwap.enable = true; zramSwap.memoryPercent = 50; boot.kernel.sysctl = { "vm.swappiness" = 10; "vm.vsf_cache_pressure" = 50; }; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; networking.hostName = "vincents-chonky-hp"; # Define your hostname. networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; useXkbConfig = true; }; fonts.packages = [ pkgs.corefonts ]; # Enable the X11 windowing system. services.xserver.enable = true; # displaylink #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; # waydroid virtualisation.waydroid.enable = true; # Enable the Cinnamon Desktop Environment. services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; programs.kdeconnect.enable = true; # Configure keymap in X11 services.xserver = { xkb.layout = "us"; #xkb.variant = "colemak"; #xkb.model = "chromebook"; }; services.xserver.xkb.options = "grp:win_space_toggle"; # Enable CUPS to print documents. services.printing.enable = true; services.printing.openFirewall = true; services.avahi.enable = true; services.avahi.nssmdns4 = true; services.avahi.openFirewall = true; services.printing.drivers = [ pkgs.hplip ]; # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this jack.enable = true; # use the example session manager (no others are packaged yet so this is en> # no need to redefine it in your config for now) wireplumber.enable = true; }; programs.noisetorch.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.vincent = { isNormalUser = true; shell = pkgs.fish; initialHashedPassword = "$y$j9T$0PPbSXGEwyGq6ZFvJMhmE/$D5ZlKOwR/4NCDD8eaxWiQiG1TTRSK4PfbQe/Tm60Id/"; extraGroups = [ "wheel" "networkmanager" "uniput" "lp" "audio" "video" "cdrom" "input" "libvirtd" "dialout" ]; }; programs.fish.enable = true; nix.extraOptions = ''experimental-features = nix-command flakes''; nixpkgs.config.permittedInsecurePackages = [ "electron-12.2.3" "electron-27.3.11" ]; nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search, run: # $ nix search wget environment = { systemPackages = with pkgs; [ tailscale bleachbit btop git rpi-imager neofetch clamtk trayscale topgrade appimage-run unstable.gearlever # kde apps kdePackages.discover kdePackages.sddm-kcm kdePackages.ark kdePackages.qtmultimedia # editors kdePackages.kate nano # vm unstable.quickemu # containers podman podman-compose distrobox boxbuddy # office apps bottles onlyoffice-bin_latest logseq zoom-us orca-slicer gpodder # package manager wget # web browser librewolf ungoogled-chromium ]; }; services = { syncthing = { enable = true; user = "vincent"; openDefaultPorts = true; dataDir = "/home/vincent/logseq"; # Default folder for new synced folders configDir = "/home/vincent/Documents/.config/syncthing"; # Folder for Syncthing's settings and keys }; }; # flatpak xdg.portal.enable = true; services.flatpak.enable = true; systemd.services.configure-flathub-repo = { wantedBy = ["multi-user.target"]; path = [ pkgs.flatpak ]; script = '' flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo ''; }; # podman virtualisation.containers.enable = true; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; }; }; # bluetooth hardware.bluetooth.enable = true; # dconf programs.dconf.enable = true; # enable the tailscale service services.tailscale.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # preload services.preload.enable = true; # schedualer services.system76-scheduler.enable = true; # Enable the OpenSSH daemon. services.openssh.enable = false; # auto clean nix.optimise.automatic = true; # enable fwupd services.fwupd.enable = true; # captive browser programs.captive-browser.enable = true; programs.captive-browser.bindInterface = false; # auto update system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = true; system.autoUpgrade.rebootWindow = { lower = "01:00"; upper = "05:00"; }; #clamav services.clamav.updater.enable = true; services.clamav.daemon.enable = true; # audit security.auditd.enable = true; security.audit.enable = true; security.audit.rules = [ "-a exit,always -F arch=b64 -S execve" ]; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 22 8384 22000 24800 21116 7236 7250 47984 47989 47990 48010 ]; networking.firewall.allowedUDPPorts = [ 22000 21027 24800 5353 5900 3689 5353 7236 47998 47999 48000 48002 ]; networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.rejectPackets = true; # networking.firewall.allowedUDPPorts = [ 21116 ]; # Or disable the firewall altogether. networking.firewall.trustedInterfaces = [ "tailscale0" ]; services.fail2ban.enable = true; networking.firewall.enable = true; # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were # taken. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read # the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? }