2024-07-26 23:59:54 +00:00
# This file merged the original configuration.nix and hardware-configuration.nix files, refactoring common system config out
2023-06-16 23:08:03 +00:00
2024-07-26 23:59:54 +00:00
{ config , lib , pkgs , modulesPath , . . . }:
2023-06-16 23:08:03 +00:00
{
imports =
2023-06-17 17:51:24 +00:00
[
2024-07-27 00:35:51 +00:00
( modulesPath + " / i n s t a l l e r / s c a n / n o t - d e t e c t e d . n i x " )
../../modules/system76-pc.nix
2023-06-16 23:08:03 +00:00
] ;
networking . hostName = " n i x o s 7 6 " ; # Define your hostname.
2024-07-27 00:35:51 +00:00
boot . initrd . availableKernelModules = [ " x h c i _ p c i " " a h c i " " u s b _ s t o r a g e " " u s b h i d " " s d _ m o d " " r t s x _ p c i _ s d m m c " ] ;
boot . initrd . kernelModules = [ ] ;
boot . kernelModules = [ " k v m - i n t e l " ] ;
boot . extraModulePackages = [ ] ;
environment . etc . crypttab = {
enable = true ;
text = ''
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
externaldrive UUID = b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks
'' ;
} ;
2024-07-30 02:06:38 +00:00
fileSystems =
let
externalPrefix = " / m e d i a / e x t e r n a l " ;
homePrefix = " / h o m e / a l e x " ;
in
{
" / " = {
device = " / d e v / d i s k / b y - u u i d / 6 d 6 2 4 6 7 a - c c c 1 - 4 4 e d - a 1 c c - f 4 7 3 b 3 9 6 2 c 6 4 " ;
fsType = " e x t 4 " ;
} ;
" / b o o t " = {
device = " / d e v / d i s k / b y - u u i d / 2 3 3 0 - 1 A 6 2 " ;
fsType = " v f a t " ;
} ;
externalPrefix = {
device = " / d e v / m a p p e r / e x t e r n a l d r i v e " ;
} ;
" ${ homePrefix } / D o c u m e n t s " = {
device = " ${ externalPrefix } / D o c u m e n t s " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / G a m e s " = {
device = " ${ externalPrefix } / G a m e s " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / G i t " = {
device = " ${ externalPrefix } / G i t " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / L u t r i s " = {
device = " ${ externalPrefix } / L u t r i s " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / M u s i c " = {
device = " ${ externalPrefix } / M u s i c " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / P i c t u r e s " = {
device = " ${ externalPrefix } / P i c t u r e s " ;
options = [ " b i n d " ] ;
} ;
" ${ homePrefix } / V i d e o s " = {
device = " ${ externalPrefix } / V i d e o s " ;
options = [ " b i n d " ] ;
} ;
2024-07-27 00:35:51 +00:00
} ;
swapDevices =
[ { device = " / d e v / d i s k / b y - u u i d / f d a 4 f 9 f e - 3 8 3 f - 4 7 7 c - b 2 a 2 - c 0 7 f 7 e f c c 1 6 1 " ; } ] ;
2024-07-26 22:27:47 +00:00
# What was this for? maybe wireguard?
2024-02-11 19:36:13 +00:00
networking . firewall = {
2024-03-01 03:52:43 +00:00
allowedUDPPorts = [ 51820 22000 ] ; # Clients and peers can use the same port, see listenport
allowedTCPPorts = [ 22000 48412 62109 ] ;
2024-02-11 19:36:13 +00:00
} ;
2024-03-01 03:52:43 +00:00
2024-02-11 19:36:13 +00:00
# Enable WireGuard
networking . wireguard . interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ " 1 0 . 1 0 0 . 0 . 2 / 2 4 " ] ;
listenPort = 51820 ; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = " / h o m e / a l e x / w i r e g u a r d - k e y s / p r i v a t e " ;
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = " a D 4 0 D 1 j c g L b I Z G k A 1 A o X k w p m P 6 h S W c t t f 3 p t q 4 G R j C 0 = " ;
# Forward all the traffic via VPN.
allowedIPs = [ " 0 . 0 . 0 . 0 / 0 " ] ;
# Or forward only particular subnets
#allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
# Set this to the server IP and port.
endpoint = " 1 9 2 . 1 6 8 . 1 . 2 2 6 : 5 1 8 2 0 " ; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25 ;
}
] ;
} ;
} ;
2023-06-16 23:08:03 +00:00
# Enable the X11 windowing system.
2024-07-27 00:20:25 +00:00
# services.xserver.enable = true;
2023-06-16 23:08:03 +00:00
services . xserver . desktopManager . xfce . enable = true ;
2024-07-20 13:33:08 +00:00
services . displayManager . defaultSession = " x f c e " ;
2023-06-16 23:08:03 +00:00
2024-03-01 03:43:35 +00:00
# Syncthing
services = {
syncthing = {
enable = true ;
user = " a l e x " ;
dataDir = " / h o m e / a l e x / S y n c " ;
configDir = " / h o m e / a l e x / S y n c / . c o n f i g / s y n c t h i n g " ;
overrideDevices = true ; # overrides any devices added or deleted through the WebUI
overrideFolders = true ; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
" a t a u n o " = { id = " T X S U R D 2 - X C K O L D G - D J 7 6 O O K - J Z X O E 3 Q - X X T N O I M - X R 5 L B 2 B - Y W B V 2 E R - 6 K R F I Q N " ; } ;
} ;
folders = {
# "Documents" = {
# # Name of folder in Syncthing, also the folder ID
# path = "/home/myusername/Documents"; # Which folder to add to Syncthing
# devices = [ "device1" "device2" ]; # Which devices to share the folder with
# };
" v a u l t s " = {
2024-03-01 15:22:55 +00:00
id = " b b q n m - c a y a 2 " ;
2024-03-01 03:43:35 +00:00
path = " / h o m e / a l e x / v a u l t s " ;
devices = [ " a t a u n o " ] ;
ignorePerms = false ; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
} ;
} ;
} ;
} ;
} ;
2023-06-16 23:08:03 +00:00
services . blueman . enable = true ;
2023-12-22 22:33:41 +00:00
services . avahi = {
enable = true ;
2024-01-20 00:24:06 +00:00
nssmdns4 = true ;
2023-12-22 22:33:41 +00:00
openFirewall = true ;
} ;
2024-07-27 00:35:51 +00:00
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking . useDHCP = lib . mkDefault true ;
# networking.interfaces.enp58s0f1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp59s0.useDHCP = lib.mkDefault true;
nixpkgs . hostPlatform = lib . mkDefault " x 8 6 _ 6 4 - l i n u x " ;
powerManagement . cpuFreqGovernor = lib . mkDefault " p o w e r s a v e " ;
hardware . cpu . intel . updateMicrocode = lib . mkDefault config . hardware . enableRedistributableFirmware ;
2023-06-16 23:08:03 +00:00
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system . stateVersion = " 2 3 . 0 5 " ; # Did you read the comment?
}
