atau
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/nixos76/system/configuration.nix

280 lines
8.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"electron-25.9.0"
];
hardware.system76.enableAll = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos76"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.firewall = {
allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
};
# Enable WireGuard
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ "10.100.0.2/24" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/home/alex/wireguard-keys/private";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "aD40D1jcgLbIZGkA1AoXkwpmP6hSWcttf3ptq4GRjC0=";
# Forward all the traffic via VPN.
allowedIPs = [ "0.0.0.0/0" ];
# Or forward only particular subnets
#allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
# Set this to the server IP and port.
endpoint = "192.168.1.226:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
# Set your time zone.
time.timeZone = "America/New_York";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Add LUKS external drive mount
environment.etc.crypttab = {
enable = true;
text = ''
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
# luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks
externaldrive UUID=b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks
'';
};
fileSystems."/media/external".device = "/dev/mapper/externaldrive";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
services.xserver.displayManager.defaultSession = "xfce";
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.setLdLibraryPath = true;
hardware.opengl.extraPackages = [
pkgs.intel-media-driver
];
hardware.opengl.extraPackages32 = [
pkgs.intel-media-driver
pkgs.pkgsi686Linux.libva
];
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable blueooth
hardware.bluetooth.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
support32Bit = true;
};
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ]; # Enable sudo for the user.
};
fileSystems."/home/alex/Documents" = {
device = "/media/external/Documents";
options = [ "bind" ];
};
fileSystems."/home/alex/Games" = {
device = "/media/external/Games";
options = [ "bind" ];
};
fileSystems."/home/alex/Git" = {
device = "/media/external/Git";
options = [ "bind" ];
};
fileSystems."/home/alex/Lutris" = {
device = "/media/external/Lutris";
options = [ "bind" ];
};
fileSystems."/home/alex/Music" = {
device = "/media/external/Music";
options = [ "bind" ];
};
fileSystems."/home/alex/Pictures" = {
device = "/media/external/Pictures";
options = [ "bind" ];
};
fileSystems."/home/alex/Videos" = {
device = "/media/external/Videos";
options = [ "bind" ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# atau-wallpapers
blueman
dxvk
envsubst
font-manager
gparted
lshw
mesa
nodejs_20
pavucontrol
unzip
vim
vulkan-extension-layer
wget
];
# Syncthing
services = {
syncthing = {
enable = true;
user = "alex";
dataDir = "/home/alex/Sync";
configDir = "/home/alex/Sync/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
"atauno" = { id = "TXSURD2-XCKOLDG-DJ76OOK-JZXOE3Q-XXTNOIM-XR5LB2B-YWBV2ER-6KRFIQN"; };
};
folders = {
# "Documents" = {
# # Name of folder in Syncthing, also the folder ID
# path = "/home/myusername/Documents"; # Which folder to add to Syncthing
# devices = [ "device1" "device2" ]; # Which devices to share the folder with
# };
"vaults" = {
path = "/home/alex/vaults";
devices = [ "atauno" ];
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
services.blueman.enable = true;
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink