From d91e31b078b3115ea7615a6f544003a591fab31a Mon Sep 17 00:00:00 2001 From: maride Date: Wed, 7 May 2025 16:16:32 +0200 Subject: [PATCH] init --- configuration.nix | 194 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 194 insertions(+) create mode 100644 configuration.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..bdd1603 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,194 @@ +{ config, pkgs, fetchFromGitea, ... }: + +{ + system.stateVersion = "24.05"; + + imports = [ + ./hardware-configuration.nix + ]; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + ## EARLY LEVEL + # Firmware + services.fwupd.enable = true; + # Bootloader & Booting + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.luks.devices."luks-970d527c-57c2-4b6a-9d56-32e91f824d80".device = "/dev/disk/by-uuid/970d527c-57c2-4b6a-9d56-32e91f824d80"; + boot.tmp.cleanOnBoot = true; + # Other low-level stuff + networking.hostName = "macabre"; + networking.networkmanager.enable = true; + # Geo-Customisation + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "de_DE.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + console.keyMap = "de"; + + ## SYSTEM LEVEL + # Graphic fu + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' + [org.gnome.desktop.wm.preferences] + button-layout="appmenu:minimize,maximize,close" + ''; + services.xserver.xkb = { + layout = "de"; + variant = ""; + }; + # CUPS + services.printing.enable = true; + services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.epson-escpr pkgs.epson-escpr2 ]; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + # Sound + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + # Fingerprint reader support + services.fprintd.enable = true; + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ ]; + networking.firewall.allowedUDPPorts = [ 13337 ]; + # VPN + networking.wireguard.enable = true; + networking.wireguard.interfaces = { + lynx = { + ips = [ "10.42.250.16/32" ]; + listenPort = 51820; + privateKeyFile = "/etc/wireguard/lynx.key"; + peers = [{ + publicKey = "lACsN0V8JheoQq7a/tCxj0NykqHy7okoYGMvqeyOKHI="; + allowedIPs = [ "10.42.0.0/16" ]; + endpoint = "lynx.maride.cc:13337"; + persistentKeepalive = 10; + }]; + }; + }; + + ## USER LEVEL + users.users.maride = { + isNormalUser = true; + description = "maride"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + thunderbird + spotify + keepassxc + obsidian + vscode + signal-desktop + element-desktop + vlc + virt-manager + gimp + inkscape + libreoffice + steam + yubikey-manager-qt + ]; + }; + + ## PACKAGE LEVEL + environment.systemPackages = with pkgs; [ + htop + neovim + alacritty + tmux + wireguard-tools + gnomeExtensions.wireguard-vpn-extension + mtr + docker + git + python3 + dig + fprintd + usbutils + pciutils + nmap + file + tty-solitaire + nushell + mosh + ghostty + epson-escpr + epson-escpr2 + a52dec + ]; + # GNOME-specific + environment.gnome.excludePackages = with pkgs; [ + gnome-music + gnome-maps + gnome-weather + epiphany + gnome-characters + totem + geary + gnome-console + gnome-tour + ]; + + ## PROGRAM LEVEL + # Firefox + programs.firefox { + enable = true; + languagePacks = [ "de" ]; + } + # Steam + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Steam Remote Play + dedicatedServer.openFirewall = true; # Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Steam Local Network Game Transfers + }; + # KVM & Docker + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + # Neovim + programs.neovim = { + viAlias = true; + vimAlias = true; + }; + + ## WILD WEST LEVEL + # one cannot live without a good round of solitaire once in a while + nixpkgs.overlays = [ + ( + final: prev: { + tty-solitaire = prev.tty-solitaire.overrideAttrs(old: { + src = pkgs.fetchFromGitea { + domain = "git.maride.cc"; + owner = "maride"; + repo = "tty-solitaire"; + rev = "2024d53e48"; + sha256 = "sha256-9d7Ex7g0QtbWJjyLmGc9UeynrVXALlmgK9mDqBtaql0="; + }; + patches = []; + }); + } + ) + ]; +}