2023-06-16 23:08:03 +00:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
2023-06-17 00:30:33 +00:00
{ config , pkgs , . . . }:
2023-06-16 23:08:03 +00:00
{
imports =
2023-06-17 17:51:24 +00:00
[
# Include the results of the hardware scan.
2023-06-16 23:08:03 +00:00
./hardware-configuration.nix
] ;
nix . settings . experimental-features = [ " n i x - c o m m a n d " " f l a k e s " ] ;
2023-06-17 17:51:24 +00:00
nixpkgs . config . allowUnfree = true ;
2024-03-01 03:45:21 +00:00
nixpkgs . config . permittedInsecurePackages = [
" e l e c t r o n - 2 5 . 9 . 0 "
] ;
2023-06-25 14:54:22 +00:00
2023-06-17 17:51:24 +00:00
hardware . system76 . enableAll = true ;
2023-06-16 23:08:03 +00:00
# Use the systemd-boot EFI boot loader.
boot . loader . systemd-boot . enable = true ;
boot . loader . efi . canTouchEfiVariables = true ;
networking . hostName = " n i x o s 7 6 " ; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
2023-06-17 17:51:24 +00:00
networking . networkmanager . enable = true ; # Easiest to use and most distros use this by default.
2023-06-16 23:08:03 +00:00
2024-02-11 19:36:13 +00:00
networking . firewall = {
2024-03-01 03:52:43 +00:00
allowedUDPPorts = [ 51820 22000 ] ; # Clients and peers can use the same port, see listenport
allowedTCPPorts = [ 22000 48412 62109 ] ;
2024-02-11 19:36:13 +00:00
} ;
2024-03-01 03:52:43 +00:00
2024-02-11 19:36:13 +00:00
# Enable WireGuard
networking . wireguard . interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ " 1 0 . 1 0 0 . 0 . 2 / 2 4 " ] ;
listenPort = 51820 ; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = " / h o m e / a l e x / w i r e g u a r d - k e y s / p r i v a t e " ;
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = " a D 4 0 D 1 j c g L b I Z G k A 1 A o X k w p m P 6 h S W c t t f 3 p t q 4 G R j C 0 = " ;
# Forward all the traffic via VPN.
allowedIPs = [ " 0 . 0 . 0 . 0 / 0 " ] ;
# Or forward only particular subnets
#allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
# Set this to the server IP and port.
endpoint = " 1 9 2 . 1 6 8 . 1 . 2 2 6 : 5 1 8 2 0 " ; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25 ;
}
] ;
} ;
} ;
2023-06-16 23:08:03 +00:00
# Set your time zone.
time . timeZone = " A m e r i c a / N e w _ Y o r k " ;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Add LUKS external drive mount
environment . etc . crypttab = {
enable = true ;
text = ''
2023-06-17 17:51:24 +00:00
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
# luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks
externaldrive UUID = b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks
'' ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / m e d i a / e x t e r n a l " . device = " / d e v / m a p p e r / e x t e r n a l d r i v e " ;
2023-06-17 17:51:24 +00:00
2023-06-16 23:08:03 +00:00
# Enable the X11 windowing system.
services . xserver . enable = true ;
services . xserver . desktopManager . xfce . enable = true ;
services . xserver . displayManager . defaultSession = " x f c e " ;
hardware . opengl . enable = true ;
hardware . opengl . driSupport = true ;
hardware . opengl . driSupport32Bit = true ;
hardware . opengl . setLdLibraryPath = true ;
hardware . opengl . extraPackages = [
pkgs . intel-media-driver
2023-06-17 17:51:24 +00:00
] ;
2023-06-16 23:08:03 +00:00
hardware . opengl . extraPackages32 = [
pkgs . intel-media-driver
pkgs . pkgsi686Linux . libva
2023-06-17 17:51:24 +00:00
] ;
2023-06-16 23:08:03 +00:00
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable blueooth
hardware . bluetooth . enable = true ;
# Enable sound.
sound . enable = true ;
hardware . pulseaudio = {
enable = true ;
package = pkgs . pulseaudioFull ;
support32Bit = true ;
} ;
# Enable touchpad support (enabled default in most desktopManager).
services . xserver . libinput . enable = true ;
# Define a user account. Don't forget to set a password with ‘ passwd’ .
users . users . alex = {
isNormalUser = true ;
extraGroups = [ " w h e e l " " n e t w o r k m a n a g e r " ] ; # Enable ‘ sudo’ for the user.
} ;
fileSystems . " / h o m e / a l e x / D o c u m e n t s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / D o c u m e n t s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / G a m e s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / G a m e s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / G i t " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / G i t " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / L u t r i s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / L u t r i s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / M u s i c " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / M u s i c " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / P i c t u r e s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / P i c t u r e s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
fileSystems . " / h o m e / a l e x / V i d e o s " = {
2023-06-17 17:51:24 +00:00
device = " / m e d i a / e x t e r n a l / V i d e o s " ;
options = [ " b i n d " ] ;
2023-06-16 23:08:03 +00:00
} ;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment . systemPackages = with pkgs ; [
2024-01-20 00:24:06 +00:00
# atau-wallpapers
2023-06-16 23:08:03 +00:00
blueman
dxvk
2023-12-10 18:04:58 +00:00
envsubst
2023-06-16 23:08:03 +00:00
font-manager
2023-12-24 22:07:21 +00:00
gparted
2023-06-16 23:08:03 +00:00
lshw
2024-01-20 00:24:06 +00:00
mesa
2023-12-10 18:35:31 +00:00
nodejs_20
2023-06-16 23:08:03 +00:00
pavucontrol
unzip
2023-06-25 14:54:22 +00:00
vim
2023-06-16 23:08:03 +00:00
vulkan-extension-layer
wget
] ;
2024-03-01 03:43:35 +00:00
# Syncthing
services = {
syncthing = {
enable = true ;
user = " a l e x " ;
dataDir = " / h o m e / a l e x / S y n c " ;
configDir = " / h o m e / a l e x / S y n c / . c o n f i g / s y n c t h i n g " ;
overrideDevices = true ; # overrides any devices added or deleted through the WebUI
overrideFolders = true ; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
" a t a u n o " = { id = " T X S U R D 2 - X C K O L D G - D J 7 6 O O K - J Z X O E 3 Q - X X T N O I M - X R 5 L B 2 B - Y W B V 2 E R - 6 K R F I Q N " ; } ;
} ;
folders = {
# "Documents" = {
# # Name of folder in Syncthing, also the folder ID
# path = "/home/myusername/Documents"; # Which folder to add to Syncthing
# devices = [ "device1" "device2" ]; # Which devices to share the folder with
# };
" v a u l t s " = {
2024-03-01 15:22:55 +00:00
id = " b b q n m - c a y a 2 " ;
2024-03-01 03:43:35 +00:00
path = " / h o m e / a l e x / v a u l t s " ;
devices = [ " a t a u n o " ] ;
ignorePerms = false ; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
} ;
} ;
} ;
} ;
} ;
2023-06-16 23:08:03 +00:00
services . blueman . enable = true ;
2023-12-22 22:33:41 +00:00
services . printing . enable = true ;
services . avahi = {
enable = true ;
2024-01-20 00:24:06 +00:00
nssmdns4 = true ;
2023-12-22 22:33:41 +00:00
openFirewall = true ;
} ;
2023-06-16 23:08:03 +00:00
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system . stateVersion = " 2 3 . 0 5 " ; # Did you read the comment?
}