# This file merged the original configuration.nix and hardware-configuration.nix files, refactoring common system config out { config, lib, pkgs, modulesPath, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; networking.hostName = "nixos76"; # Define your hostname. # What was this for? maybe wireguard? networking.firewall = { allowedUDPPorts = [ 51820 22000 ]; # Clients and peers can use the same port, see listenport allowedTCPPorts = [ 22000 48412 62109 ]; }; # Enable WireGuard networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. ips = [ "10.100.0.2/24" ]; listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. # # Note: The private key can also be included inline via the privateKey option, # but this makes the private key world-readable; thus, using privateKeyFile is # recommended. privateKeyFile = "/home/alex/wireguard-keys/private"; peers = [ # For a client configuration, one peer entry for the server will suffice. { # Public key of the server (not a file path). publicKey = "aD40D1jcgLbIZGkA1AoXkwpmP6hSWcttf3ptq4GRjC0="; # Forward all the traffic via VPN. allowedIPs = [ "0.0.0.0/0" ]; # Or forward only particular subnets #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ]; # Set this to the server IP and port. endpoint = "192.168.1.226:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; } ]; }; }; # Add LUKS external drive mount environment.etc.crypttab = { enable = true; text = '' # /etc/crypttab: mappings for encrypted partitions. # # Each mapped device will be created in /dev/mapper, so your /etc/fstab # should use the /dev/mapper/ paths for encrypted devices. # # See crypttab(5) for the supported syntax. # # NOTE: Do not list your root (/) partition here, it must be set up # beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies # to encrypted swap, which should be set up with mkinitcpio-openswap # for resume support. # # # luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks externaldrive UUID=b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks ''; }; fileSystems."/media/external".device = "/dev/mapper/externaldrive"; # Enable the X11 windowing system. # services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; services.displayManager.defaultSession = "xfce"; # hardware.graphics.enable = true; # hardware.graphics.extraPackages = [ # pkgs.intel-media-driver # ]; # hardware.graphics.extraPackages32 = [ # pkgs.intel-media-driver # pkgs.pkgsi686Linux.libva # ]; # Configure keymap in X11 # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e,caps:escape"; # Enable blueooth # hardware.bluetooth.enable = true; # Enable sound. # sound.enable = true; # hardware.pulseaudio = { # enable = true; # package = pkgs.pulseaudioFull; # support32Bit = true; # }; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. # users.users.alex = { # isNormalUser = true; # extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. # }; fileSystems."/home/alex/Documents" = { device = "/media/external/Documents"; options = [ "bind" ]; }; fileSystems."/home/alex/Games" = { device = "/media/external/Games"; options = [ "bind" ]; }; fileSystems."/home/alex/Git" = { device = "/media/external/Git"; options = [ "bind" ]; }; fileSystems."/home/alex/Lutris" = { device = "/media/external/Lutris"; options = [ "bind" ]; }; fileSystems."/home/alex/Music" = { device = "/media/external/Music"; options = [ "bind" ]; }; fileSystems."/home/alex/Pictures" = { device = "/media/external/Pictures"; options = [ "bind" ]; }; fileSystems."/home/alex/Videos" = { device = "/media/external/Videos"; options = [ "bind" ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ # atau-wallpapers blueman dxvk envsubst font-manager gparted lshw mesa nodejs_20 pavucontrol unzip vim vulkan-extension-layer wget ]; # Syncthing services = { syncthing = { enable = true; user = "alex"; dataDir = "/home/alex/Sync"; configDir = "/home/alex/Sync/.config/syncthing"; overrideDevices = true; # overrides any devices added or deleted through the WebUI overrideFolders = true; # overrides any folders added or deleted through the WebUI settings = { devices = { "atauno" = { id = "TXSURD2-XCKOLDG-DJ76OOK-JZXOE3Q-XXTNOIM-XR5LB2B-YWBV2ER-6KRFIQN"; }; }; folders = { # "Documents" = { # # Name of folder in Syncthing, also the folder ID # path = "/home/myusername/Documents"; # Which folder to add to Syncthing # devices = [ "device1" "device2" ]; # Which devices to share the folder with # }; "vaults" = { id = "bbqnm-caya2"; path = "/home/alex/vaults"; devices = [ "atauno" ]; ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. }; }; }; }; }; services.blueman.enable = true; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }