batvin321/nix-flake
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
nix-flake/system/vm/configuration.nix
batvin123 9cbea8c4f4 first commit
2024-07-03 18:17:11 -04:00

317 lines
7.7 KiB
Nix
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# legacy boot
#boot.loader.grub.enable = true;
#boot.loader.grub.device = "/dev/vda";
#boot.loader.grub.useOSProber = true;
# UEFI boot
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# secure boot
#boot.bootspec.enable = true;
# ZRAM
zramSwap.enable = true;
zramSwap.memoryPercent = 50;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.kernelPackages = pkgs.linuxPackages_xanmod_stable;
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
networking.hostName = "nixos-vm"; # Define your hostname.
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# opengl hardware
hardware.opengl.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
programs.kdeconnect.enable = true;
# Configure keymap in X11
services.xserver.layout = "us";
#services.xserver.xkbVariant = "colemak,";
#services.xserver.xkbOptions = "grp:win_space_toggle";
# Enable CUPS to print documents.
services.printing.enable = true;
services.avahi.enable = true;
services.avahi.nssmdns = true;
services.avahi.openFirewall = true;
services.printing.drivers = [ pkgs.hplip ];
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# use the example session manager (no others are packaged yet so this is en>
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.vincent = {
isNormalUser = true;
initialHashedPassword = "$y$j9T$60d2ruHdjJT4EZAUcS3GW.$e1xmxQrRFTr2RUld3G2blpBUSALlG047ygAnkmk2JaA";
extraGroups = [ "wheel" "networkmanager" "lp" "audio" "video" "cdrom" "libvirt" "kvm" "input" ];
};
nix.extraOptions = ''experimental-features = nix-command flakes'';
nixpkgs.config.permittedInsecurePackages = [
"electron-12.2.3"
];
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
xdg-desktop-portal-gtk
clamav
tailscale
linuxHeaders
steam-run
qgnomeplatform
open-dyslexic
glibc
cron
btop
neofetch
topgrade
papirus-icon-theme
# VM manager
virt-manager
OVMF
# remote access
sunshine
# backup
pika-backup
# gnome extensions
gnome.gnome-packagekit
gnomeExtensions.appindicator
gnomeExtensions.pop-shell
gnome.pomodoro
gnome.gnome-tweaks
# editors
libsForQt5.kate
nano
# office apps
onlyoffice-bin
trilium-desktop
celluloid
lollypop
# mirosoft font alitrnative
carlito
caladea
gelasio
comic-relief
noto-fonts
# battery saving packages
auto-cpufreq
tlp
# binary ELF interpreter
patchelf
binutils
# package manager
git
wget
flatpak
flatpak-builder
podman
distrobox
# web browser
librewolf
#captive browser
#captive-browser
];
# captive browser options
#programs.captive-browser.enable = true;
#programs.captive-browser.interface = "wlp2s0";
# sunshine udev rules
services.udev.extraRules = ''
Sunshine
KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
'';
# sunshine service
systemd.user.services.sunshine = {
description = "sunshine remote desktop";
script = "/run/current-system/sw/bin/sunshine";
wantedBy = [ "multi-user.target" ]; # starts after login
};
systemd.user.services.sunshine.enable = true;
# v4l2loopback
boot.kernelModules = [ "v4l2loopback" ];
# flatpak
xdg.portal.enable = true;
services.flatpak.enable = true;
# packagekit
services.packagekit.enable = true;
# enable libvirt and USB redirect
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
virtualisation.libvirtd.qemu.ovmf.enable = true;
# enable podman
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
environment.shellInit = ''
[ -n "$DISPLAY" ] && xhost +si:localuser:$USER || true
'';
# iio screen rotation
hardware.sensor.iio.enable = true;
# makemkv fix
boot.initrd.kernelModules = [ "sg" ];
# battery saving services enable
services.auto-cpufreq.enable = true;
services.tlp.enable = true;
services.power-profiles-daemon.enable = false;
# enable the tailscale service
services.tailscale.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# clamAV
services.clamav.updater.enable = true;
services.clamav.daemon.enable = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = false;
# auto clean
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 15d";
};
# auto update
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
system.autoUpgrade.rebootWindow = {
lower = "01:00";
upper = "05:00";
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22
8384
22000
24800
21116
7236
7250
47984
47989
47990
48010
];
networking.firewall.allowedUDPPorts = [
22000
21027
24800
5353
5900
3689
5353
7236
47998
47999
48000
48002
];
networking.firewall.allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
networking.firewall.rejectPackets = true;
# networking.firewall.allowedUDPPorts = [ 21116 ];
# Or disable the firewall altogether.
networking.firewall.checkReversePath = "loose";
services.fail2ban.enable = true;
networking.firewall.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink