# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; hardware.system76.enableAll = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "nixos76"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.firewall = { allowedUDPPorts = [ 51820 22000 ]; # Clients and peers can use the same port, see listenport allowedTCPPorts = [ 22000 48412 62109 ]; }; # Enable WireGuard networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. ips = [ "10.100.0.2/24" ]; listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. # # Note: The private key can also be included inline via the privateKey option, # but this makes the private key world-readable; thus, using privateKeyFile is # recommended. privateKeyFile = "/home/alex/wireguard-keys/private"; peers = [ # For a client configuration, one peer entry for the server will suffice. { # Public key of the server (not a file path). publicKey = "aD40D1jcgLbIZGkA1AoXkwpmP6hSWcttf3ptq4GRjC0="; # Forward all the traffic via VPN. allowedIPs = [ "0.0.0.0/0" ]; # Or forward only particular subnets #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ]; # Set this to the server IP and port. endpoint = "192.168.1.226:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; } ]; }; }; # Set your time zone. time.timeZone = "America/New_York"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. # }; # Add LUKS external drive mount environment.etc.crypttab = { enable = true; text = '' # /etc/crypttab: mappings for encrypted partitions. # # Each mapped device will be created in /dev/mapper, so your /etc/fstab # should use the /dev/mapper/ paths for encrypted devices. # # See crypttab(5) for the supported syntax. # # NOTE: Do not list your root (/) partition here, it must be set up # beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies # to encrypted swap, which should be set up with mkinitcpio-openswap # for resume support. # # # luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks externaldrive UUID=b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks ''; }; fileSystems."/media/external".device = "/dev/mapper/externaldrive"; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; services.displayManager.defaultSession = "xfce"; hardware.graphics.enable = true; hardware.graphics.driSupport = true; hardware.graphics.driSupport32Bit = true; hardware.graphics.setLdLibraryPath = true; hardware.graphics.extraPackages = [ pkgs.intel-media-driver ]; hardware.graphics.extraPackages32 = [ pkgs.intel-media-driver pkgs.pkgsi686Linux.libva ]; # Configure keymap in X11 # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e,caps:escape"; # Enable blueooth hardware.bluetooth.enable = true; # Enable sound. # sound.enable = true; hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; support32Bit = true; }; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.alex = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. }; fileSystems."/home/alex/Documents" = { device = "/media/external/Documents"; options = [ "bind" ]; }; fileSystems."/home/alex/Games" = { device = "/media/external/Games"; options = [ "bind" ]; }; fileSystems."/home/alex/Git" = { device = "/media/external/Git"; options = [ "bind" ]; }; fileSystems."/home/alex/Lutris" = { device = "/media/external/Lutris"; options = [ "bind" ]; }; fileSystems."/home/alex/Music" = { device = "/media/external/Music"; options = [ "bind" ]; }; fileSystems."/home/alex/Pictures" = { device = "/media/external/Pictures"; options = [ "bind" ]; }; fileSystems."/home/alex/Videos" = { device = "/media/external/Videos"; options = [ "bind" ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ # atau-wallpapers blueman dxvk envsubst font-manager gparted lshw mesa nodejs_20 pavucontrol unzip vim vulkan-extension-layer wget ]; # Syncthing services = { syncthing = { enable = true; user = "alex"; dataDir = "/home/alex/Sync"; configDir = "/home/alex/Sync/.config/syncthing"; overrideDevices = true; # overrides any devices added or deleted through the WebUI overrideFolders = true; # overrides any folders added or deleted through the WebUI settings = { devices = { "atauno" = { id = "TXSURD2-XCKOLDG-DJ76OOK-JZXOE3Q-XXTNOIM-XR5LB2B-YWBV2ER-6KRFIQN"; }; }; folders = { # "Documents" = { # # Name of folder in Syncthing, also the folder ID # path = "/home/myusername/Documents"; # Which folder to add to Syncthing # devices = [ "device1" "device2" ]; # Which devices to share the folder with # }; "vaults" = { id = "bbqnm-caya2"; path = "/home/alex/vaults"; devices = [ "atauno" ]; ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. }; }; }; }; }; services.blueman.enable = true; services.printing.enable = true; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }