commit 1750c1877a68f993a8d6dce50f38f165aeceff2c
Author: batvin321 <batvin123@protonmail.com>
Date:   Sun Jun 2 23:07:57 2024 -0400

    uploaded config

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..e4f313d
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,316 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }: 
+
+let
+  unstableTarball =
+    fetchTarball
+      https://github.com/NixOS/nixpkgs/archive/nixos-unstbale.tar.gz;
+in
+
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # legacy boot
+  #boot.loader.grub.enable = true;
+  #boot.loader.grub.device = "/dev/vda";
+  #boot.loader.grub.useOSProber = true;
+ 
+  # UEFI boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  #boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  boot.binfmt.registrations.appimage = {
+    interpreter = "${pkgs.appimage-run}/bin/appimage-run";
+    recognitionType = "magic";
+    offset = 0;
+    mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
+    magicOrExtension = ''\x7fELF....AI\x02'';
+  };
+
+  # boot logo
+  #boot.plymouth.enable = true;
+
+  # ZRAM
+  zramSwap.enable = true;
+  zramSwap.memoryPercent = 50;
+  boot.kernel.sysctl = { 
+    "vm.swappiness" = 10; 
+    "vm.vsf_cache_pressure" = 50; 
+  };
+
+  #boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  boot.kernelPackages = pkgs.linuxPackages_xanmod_stable;
+  #boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+
+  networking.hostName = "vincents-hp"; # Define your hostname.
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/New_York";
+  
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true;
+  };
+  fonts.packages = [ pkgs.corefonts ];
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # displaylink
+  services.xserver.videoDrivers = [ "displaylink" "modesetting" ];
+
+  # waydroid
+  #virtualisation.waydroid.enable = true;
+
+  # Enable the Cinnamon Desktop Environment.
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  programs.kdeconnect.enable = true;
+
+  # Configure keymap in X11
+  services.xserver = {
+    xkb.layout = "us";
+    xkb.variant = "colemak";
+    #xkb.model = "chromebook";
+  };
+  services.xserver.xkb.options = "grp:win_space_toggle";
+  
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  services.printing.openFirewall = true;
+  services.avahi.enable = true;
+  services.avahi.nssmdns4 = true;
+  services.avahi.openFirewall = true;
+  services.printing.drivers = [ pkgs.hplipWithPlugin ];
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    jack.enable = true;
+  
+    # use the example session manager (no others are packaged yet so this is en>
+    # no need to redefine it in your config for now)
+    wireplumber.enable = true;
+  };
+  programs.noisetorch.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  nix.settings.allowed-users = [ "@wheel" ];
+  
+  users.users.vincent = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    initialHashedPassword = "$y$j9T$bNzCzml0kKQQxROnHJGee0$o7DvtXzBul58giMCwV9qFbuDBjdLiG7PoRTLUzT/jCB";
+    extraGroups = [ "wheel" "networkmanager" "lp" "audio" "video" "cdrom" "input" ];
+    packages = with pkgs; [
+      # admin tools
+      clamtk
+      bleachbit
+      topgrade
+      hplip
+    ];
+  };
+  programs.fish.enable = true;
+
+  nix.extraOptions = ''experimental-features = nix-command flakes'';
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-12.2.3"
+  ];
+  
+  nixpkgs.config.allowUnfree = true;
+
+   nixpkgs.config = {
+     packageOverrides = pkgs: with pkgs; {
+       stable = import unstableTarball {
+         config = config.nixpkgs.config;
+       };
+     };
+   };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment = {
+    systemPackages = with pkgs; [
+      tailscale
+      btop
+      trayscale
+      # kde apps
+      kdePackages.discover
+      kdePackages.sddm-kcm
+      kdePackages.ark
+      kdePackages.qtmultimedia
+      kdePackages.kaccounts-integration
+      kdePackages.kaccounts-providers
+      kdePackages.signond
+      kdePackages.calendarsupport
+      kdePackages.sddm
+      kdePackages.sddm-kcm
+      # editors
+      kdePackages.kate
+      nano
+      # vm
+      quickemu
+      quickgui
+      # office apps
+      bottles
+      libreoffice-qt
+      logseq
+      nextcloud-client
+      orca-slicer
+      # package manager
+      wget
+      # web browser
+      librewolf
+    ];
+  };
+
+  # flatpak
+  xdg.portal.enable = true;
+  services.flatpak.enable = true;
+  systemd.services.configure-flathub-repo = {
+    wantedBy = ["multi-user.target"];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
+
+  # bluetooth
+  hardware.bluetooth.enable = true;
+
+  # dconf
+  programs.dconf.enable = true;
+  
+  # enable the tailscale service
+  services.tailscale.enable = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # List services that you want to enable:
+
+  # preload
+  services.preload.enable = true;
+  
+  # schedualer
+  services.system76-scheduler.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = false;
+  
+  # auto clean
+  nix.optimise.automatic = true;
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+
+  # enable fwupd
+  services.fwupd.enable = true;
+
+  # auto update
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.allowReboot = true;
+  system.autoUpgrade.rebootWindow = {
+    lower = "01:00";
+    upper = "05:00";
+  };
+  
+  # captive browser
+  programs.captive-browser.enable = true;
+  programs.captive-browser.bindInterface = false;
+
+  #clamav
+  services.clamav.updater.enable = true;
+  services.clamav.daemon.enable = true;
+
+  # audit
+   security.auditd.enable = true;
+   security.audit.enable = true;
+   security.audit.rules = [
+     "-a exit,always -F arch=b64 -S execve"
+   ];
+
+  
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 
+     22
+     8000 
+     21115
+     21116 
+     21117
+     21118
+     21119
+     21116
+  ];
+  networking.firewall.allowedUDPPorts = [
+    22000
+    21027
+    24800
+    5353
+    5900
+    3689
+    5353
+    7236
+    47998
+    47999
+    48000
+    48002
+    21116
+  ];
+  networking.firewall.allowedTCPPortRanges = [ 
+     {
+       from = 1714;
+       to = 1764;
+     }
+  ];
+  networking.firewall.allowedUDPPortRanges = [ 
+     {
+       from = 1714;
+       to = 1764;
+     }
+  ];
+  networking.firewall.rejectPackets = true;
+  # networking.firewall.allowedUDPPorts = [ 21116 ];
+  # Or disable the firewall altogether.
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+  services.fail2ban.enable = true;
+  networking.firewall.enable = true;
+
+  # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were 
+  # taken. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read 
+  # the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+
+}
+