# This file merged the original configuration.nix and hardware-configuration.nix files, refactoring common system config out { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../../modules/system76-pc.nix ]; nix.settings.auto-optimise-store = true; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 5d"; }; networking.hostName = "nixos76"; # Define your hostname. boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; environment.etc.crypttab = { enable = true; text = '' # /etc/crypttab: mappings for encrypted partitions. # # Each mapped device will be created in /dev/mapper, so your /etc/fstab # should use the /dev/mapper/ paths for encrypted devices. # # See crypttab(5) for the supported syntax. # # NOTE: Do not list your root (/) partition here, it must be set up # beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies # to encrypted swap, which should be set up with mkinitcpio-openswap # for resume support. # # externaldrive UUID=b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks ''; }; fileSystems = let externalPrefix = "/media/external"; homePrefix = "/home/alex"; in { "/" = { device = "/dev/disk/by-uuid/6d62467a-ccc1-44ed-a1cc-f473b3962c64"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-uuid/2330-1A62"; fsType = "vfat"; }; "/media/external" = { device = "/dev/mapper/externaldrive"; options = [ "x-gvfs-show" ]; }; "${homePrefix}/Documents" = { device = "${externalPrefix}/Documents"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Games" = { device = "${externalPrefix}/Games"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Git" = { device = "${externalPrefix}/Git"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Lutris" = { device = "${externalPrefix}/Lutris"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Music" = { device = "${externalPrefix}/Music"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Pictures" = { device = "${externalPrefix}/Pictures"; options = [ "bind" "x-gvfs-hide" ]; }; "${homePrefix}/Videos" = { device = "${externalPrefix}/Videos"; options = [ "bind" "x-gvfs-hide" ]; }; }; swapDevices = [{ device = "/dev/disk/by-uuid/fda4f9fe-383f-477c-b2a2-c07f7efcc161"; }]; # What was this for? maybe wireguard? networking.firewall = { allowedUDPPorts = [ 51820 22000 ]; # Clients and peers can use the same port, see listenport allowedTCPPorts = [ 22000 48412 62109 ]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } # KDE Connect ]; allowedUDPPortRanges = [ { from = 1714; to = 1764; } # KDE Connect ]; }; # Enable WireGuard networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. ips = [ "10.100.0.2/24" ]; listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. # # Note: The private key can also be included inline via the privateKey option, # but this makes the private key world-readable; thus, using privateKeyFile is # recommended. privateKeyFile = "/home/alex/wireguard-keys/private"; peers = [ # For a client configuration, one peer entry for the server will suffice. { # Public key of the server (not a file path). publicKey = "aD40D1jcgLbIZGkA1AoXkwpmP6hSWcttf3ptq4GRjC0="; # Forward all the traffic via VPN. allowedIPs = [ "0.0.0.0/0" ]; # Or forward only particular subnets #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ]; # Set this to the server IP and port. endpoint = "192.168.1.226:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; } ]; }; }; # Enable the X11 windowing system. # services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; services.displayManager.defaultSession = "xfce"; # Syncthing services = { syncthing = lib.mkForce { enable = true; user = "alex"; dataDir = "/home/alex/Sync"; configDir = "/home/alex/Sync/.config/syncthing"; overrideDevices = true; # overrides any devices added or deleted through the WebUI overrideFolders = true; # overrides any folders added or deleted through the WebUI settings = { devices = { "atauno" = { id = "TXSURD2-XCKOLDG-DJ76OOK-JZXOE3Q-XXTNOIM-XR5LB2B-YWBV2ER-6KRFIQN"; }; }; folders = { # "Documents" = { # # Name of folder in Syncthing, also the folder ID # path = "/home/myusername/Documents"; # Which folder to add to Syncthing # devices = [ "device1" "device2" ]; # Which devices to share the folder with # }; "vaults" = { id = "bbqnm-caya2"; path = "/home/alex/vaults"; devices = [ "atauno" ]; ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. }; }; }; }; }; services.blueman.enable = true; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp58s0f1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp59s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }