252 lines
5.2 KiB
Nix
252 lines
5.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
username,
|
|
system,
|
|
hostname,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./declarative-nm.nix
|
|
./distrobox.nix
|
|
./vm.nix
|
|
|
|
inputs.agenix.nixosModules.default
|
|
inputs.nixos-hardware.nixosModules.common-pc-ssd
|
|
inputs.chaotic.nixosModules.default
|
|
];
|
|
|
|
nixpkgs.config.allowUnfreePredicate =
|
|
pkg:
|
|
builtins.elem (lib.getName pkg) [
|
|
"steam"
|
|
"steam-original"
|
|
"steam-unwrapped"
|
|
"steam-run"
|
|
];
|
|
|
|
nix = {
|
|
# optimize the store
|
|
optimise.automatic = true;
|
|
|
|
# enable flakes!
|
|
settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
};
|
|
|
|
# https://github.com/viperML/nh
|
|
programs.nh = {
|
|
enable = true;
|
|
clean.enable = true;
|
|
clean.extraArgs = "--keep-since 4d --keep 3";
|
|
};
|
|
|
|
# kernel options
|
|
boot = {
|
|
#cachyos-lto currently broken
|
|
# kernelPackages = pkgs.linuxPackages_cachyos-lto;
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
kernel.sysctl = {
|
|
# dmesg shushhhhh
|
|
"kernel.printk" = "2 4 1 7";
|
|
};
|
|
|
|
# Bootloader.
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
timeout = 1;
|
|
};
|
|
|
|
initrd = {
|
|
compressor = "zstd";
|
|
};
|
|
|
|
kernelModules = [
|
|
"ip_tables"
|
|
"iptable_nat"
|
|
"msr"
|
|
];
|
|
};
|
|
|
|
environment.etc = {
|
|
# override default nixos /etc/issue
|
|
"issue".text = "";
|
|
};
|
|
|
|
services = {
|
|
# fwupd for updating firmware
|
|
fwupd = {
|
|
enable = true;
|
|
extraRemotes = [ "lvfs-testing" ];
|
|
};
|
|
|
|
# auto detect network printers
|
|
avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Enable CUPS to print documents.
|
|
printing = {
|
|
enable = true;
|
|
# disabled, build broken
|
|
# drivers = with pkgs; [ hplip ];
|
|
};
|
|
|
|
# disable fprintd (doesn't compile, idk)
|
|
fprintd.enable = false;
|
|
|
|
# Making sure mullvad works on boot
|
|
mullvad-vpn.enable = true;
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "America/New_York";
|
|
|
|
security = {
|
|
# lets use doas and not sudo!
|
|
doas.enable = true;
|
|
sudo.enable = false;
|
|
# Configure doas
|
|
doas.extraRules = [
|
|
{
|
|
users = [ username ];
|
|
keepEnv = true;
|
|
persist = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
age.identityPaths = [ "/home/${username}/.ssh/id_ed25519" ];
|
|
|
|
# networking
|
|
networking = import ./networking.nix { inherit hostname; };
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "en_US.UTF-8";
|
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
LC_MEASUREMENT = "en_US.UTF-8";
|
|
LC_MONETARY = "en_US.UTF-8";
|
|
LC_NAME = "en_US.UTF-8";
|
|
LC_NUMERIC = "en_US.UTF-8";
|
|
LC_PAPER = "en_US.UTF-8";
|
|
LC_TELEPHONE = "en_US.UTF-8";
|
|
LC_TIME = "en_US.UTF-8";
|
|
};
|
|
|
|
# Enable Bluetooth
|
|
hardware.bluetooth = {
|
|
enable = true;
|
|
powerOnBoot = true;
|
|
|
|
# Enable experimental features for battery % of bluetooth devices
|
|
settings.General.Experimental = true;
|
|
};
|
|
|
|
# Apply gtk themes by enabling dconf
|
|
programs.dconf.enable = true;
|
|
|
|
# Enable sound with pipewire.
|
|
services.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
age.secrets.primary-password = {
|
|
file = ./secrets/primary-password.age;
|
|
path = "/etc/secrets/primary-password";
|
|
};
|
|
|
|
# Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
|
|
users.users.${username} = {
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
"networkmanager"
|
|
"wheel"
|
|
"video"
|
|
"camera"
|
|
"adbusers"
|
|
];
|
|
hashedPasswordFile = config.age.secrets.primary-password.path;
|
|
};
|
|
|
|
services.gvfs.enable = true;
|
|
programs.gphoto2.enable = true;
|
|
|
|
programs.adb.enable = true;
|
|
|
|
# Enable thermal data
|
|
services.thermald.enable = true;
|
|
|
|
services.pcscd.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
pinentryPackage = pkgs.pinentry-curses;
|
|
enableSSHSupport = false;
|
|
};
|
|
|
|
programs.steam = {
|
|
enable = true;
|
|
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
|
|
extraCompatPackages = with pkgs; [ proton-ge-bin ];
|
|
};
|
|
|
|
# System packages
|
|
environment.systemPackages = with pkgs; [
|
|
mullvad-vpn
|
|
|
|
#secureboot ctl
|
|
sbctl
|
|
|
|
dmidecode
|
|
|
|
(inputs.agenix.packages.${pkgs.system}.default.override { ageBin = "${pkgs.rage}/bin/rage"; })
|
|
|
|
doas-sudo-shim
|
|
|
|
glib
|
|
usbutils
|
|
libmtp
|
|
man-pages
|
|
man-pages-posix
|
|
];
|
|
|
|
# wayland with electron/chromium applications
|
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
|
|
|
# https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
|
|
programs.fish.enable = true;
|
|
programs.bash = {
|
|
interactiveShellInit = ''
|
|
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
|
then
|
|
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
|
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
|
fi
|
|
'';
|
|
};
|
|
|
|
system.stateVersion = "24.11";
|
|
|
|
documentation.enable = true;
|
|
documentation.man.enable = true;
|
|
documentation.dev.enable = true;
|
|
|
|
}
|