2024-07-26 23:59:54 +00:00
# This file merged the original configuration.nix and hardware-configuration.nix files, refactoring common system config out
2023-06-16 23:08:03 +00:00
2024-07-26 23:59:54 +00:00
{ config , lib , pkgs , modulesPath , . . . }:
2023-06-16 23:08:03 +00:00
{
imports =
2023-06-17 17:51:24 +00:00
[
# Include the results of the hardware scan.
2023-06-16 23:08:03 +00:00
./hardware-configuration.nix
] ;
networking . hostName = " n i x o s 7 6 " ; # Define your hostname.
2024-07-26 22:27:47 +00:00
# What was this for? maybe wireguard?
2024-02-11 19:36:13 +00:00
networking . firewall = {
2024-03-01 03:52:43 +00:00
allowedUDPPorts = [ 51820 22000 ] ; # Clients and peers can use the same port, see listenport
allowedTCPPorts = [ 22000 48412 62109 ] ;
2024-02-11 19:36:13 +00:00
} ;
2024-03-01 03:52:43 +00:00
2024-02-11 19:36:13 +00:00
# Enable WireGuard
networking . wireguard . interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ " 1 0 . 1 0 0 . 0 . 2 / 2 4 " ] ;
listenPort = 51820 ; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = " / h o m e / a l e x / w i r e g u a r d - k e y s / p r i v a t e " ;
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = " a D 4 0 D 1 j c g L b I Z G k A 1 A o X k w p m P 6 h S W c t t f 3 p t q 4 G R j C 0 = " ;
# Forward all the traffic via VPN.
allowedIPs = [ " 0 . 0 . 0 . 0 / 0 " ] ;
# Or forward only particular subnets
#allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
# Set this to the server IP and port.
endpoint = " 1 9 2 . 1 6 8 . 1 . 2 2 6 : 5 1 8 2 0 " ; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25 ;
}
] ;
} ;
} ;
2023-06-16 23:08:03 +00:00
# Add LUKS external drive mount
environment . etc . crypttab = {
enable = true ;
text = ''
2023-06-17 17:51:24 +00:00
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
# luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks
externaldrive UUID = b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks
'' ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / m e d i a / e x t e r n a l " . device = " / d e v / m a p p e r / e x t e r n a l d r i v e " ;
2023-06-17 17:51:24 +00:00
2023-06-16 23:08:03 +00:00
# Enable the X11 windowing system.
2024-07-27 00:20:25 +00:00
# services.xserver.enable = true;
2023-06-16 23:08:03 +00:00
services . xserver . desktopManager . xfce . enable = true ;
2024-07-20 13:33:08 +00:00
services . displayManager . defaultSession = " x f c e " ;
2023-06-16 23:08:03 +00:00
2024-07-27 00:20:25 +00:00
# hardware.graphics.enable = true;
# hardware.graphics.extraPackages = [
# pkgs.intel-media-driver
# ];
# hardware.graphics.extraPackages32 = [
# pkgs.intel-media-driver
# pkgs.pkgsi686Linux.libva
# ];
2023-06-16 23:08:03 +00:00
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable blueooth
2024-07-27 00:20:25 +00:00
# hardware.bluetooth.enable = true;
2023-06-16 23:08:03 +00:00
# Enable sound.
2024-07-19 22:35:03 +00:00
# sound.enable = true;
2024-07-27 00:20:25 +00:00
# hardware.pulseaudio = {
# enable = true;
# package = pkgs.pulseaudioFull;
# support32Bit = true;
# };
2023-06-16 23:08:03 +00:00
# Enable touchpad support (enabled default in most desktopManager).
2024-07-20 13:33:08 +00:00
# services.xserver.libinput.enable = true;
2023-06-16 23:08:03 +00:00
# Define a user account. Don't forget to set a password with ‘ ’
2024-07-27 00:20:25 +00:00
# users.users.alex = {
# isNormalUser = true;
# extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘ ’
# };
2023-06-16 23:08:03 +00:00
fileSystems . " / h o m e / a l e x / D o c u m e n t s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / D o c u m e n t s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / G a m e s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / G a m e s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / G i t " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / G i t " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / L u t r i s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / L u t r i s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / M u s i c " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / M u s i c " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / P i c t u r e s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / P i c t u r e s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / V i d e o s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / V i d e o s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment . systemPackages = with pkgs ; [
2024-01-20 00:24:06 +00:00
# atau-wallpapers
2023-06-16 23:08:03 +00:00
blueman
dxvk
2023-12-10 18:04:58 +00:00
envsubst
2023-06-16 23:08:03 +00:00
font-manager
2023-12-24 22:07:21 +00:00
gparted
2023-06-16 23:08:03 +00:00
lshw
2024-01-20 00:24:06 +00:00
mesa
2023-12-10 18:35:31 +00:00
nodejs_20
2023-06-16 23:08:03 +00:00
pavucontrol
unzip
2023-06-25 14:54:22 +00:00
vim
2023-06-16 23:08:03 +00:00
vulkan-extension-layer
wget
] ;
2024-03-01 03:43:35 +00:00
# Syncthing
services = {
syncthing = {
enable = true ;
user = " a l e x " ;
dataDir = " / h o m e / a l e x / S y n c " ;
configDir = " / h o m e / a l e x / S y n c / . c o n f i g / s y n c t h i n g " ;
overrideDevices = true ; # overrides any devices added or deleted through the WebUI
overrideFolders = true ; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
" a t a u n o " = { id = " T X S U R D 2 - X C K O L D G - D J 7 6 O O K - J Z X O E 3 Q - X X T N O I M - X R 5 L B 2 B - Y W B V 2 E R - 6 K R F I Q N " ; } ;
} ;
folders = {
# "Documents" = {
# # Name of folder in Syncthing, also the folder ID
# path = "/home/myusername/Documents"; # Which folder to add to Syncthing
# devices = [ "device1" "device2" ]; # Which devices to share the folder with
# };
" v a u l t s " = {
2024-03-01 15:22:55 +00:00
id = " b b q n m - c a y a 2 " ;
2024-03-01 03:43:35 +00:00
path = " / h o m e / a l e x / v a u l t s " ;
devices = [ " a t a u n o " ] ;
ignorePerms = false ; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
} ;
} ;
} ;
} ;
} ;
2023-06-16 23:08:03 +00:00
services . blueman . enable = true ;
2023-12-22 22:33:41 +00:00
services . avahi = {
enable = true ;
2024-01-20 00:24:06 +00:00
nssmdns4 = true ;
2023-12-22 22:33:41 +00:00
openFirewall = true ;
} ;
2023-06-16 23:08:03 +00:00
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system . stateVersion = " 2 3 . 0 5 " ; # Did you read the comment?
}
