init

configuration.nix

@@ -0,0 +1,194 @@
+{ config, pkgs, fetchFromGitea, ... }:
+
+{
+	system.stateVersion = "24.05";
+
+	imports = [
+		./hardware-configuration.nix
+	];
+	
+	# Allow unfree packages
+	nixpkgs.config.allowUnfree = true;
+
+	## EARLY LEVEL
+	# Firmware
+	services.fwupd.enable = true;
+	# Bootloader & Booting
+	boot.loader.systemd-boot.enable = true;
+	boot.loader.efi.canTouchEfiVariables = true;
+	boot.initrd.luks.devices."luks-970d527c-57c2-4b6a-9d56-32e91f824d80".device = "/dev/disk/by-uuid/970d527c-57c2-4b6a-9d56-32e91f824d80";
+	boot.tmp.cleanOnBoot = true;
+	# Other low-level stuff
+	networking.hostName = "macabre";
+	networking.networkmanager.enable = true;
+	# Geo-Customisation
+	time.timeZone = "Europe/Berlin";
+	i18n.defaultLocale = "de_DE.UTF-8";
+	i18n.extraLocaleSettings = {
+		LC_ADDRESS = "de_DE.UTF-8";
+		LC_IDENTIFICATION = "de_DE.UTF-8";
+		LC_MEASUREMENT = "de_DE.UTF-8";
+		LC_MONETARY = "de_DE.UTF-8";
+		LC_NAME = "de_DE.UTF-8";
+		LC_NUMERIC = "de_DE.UTF-8";
+		LC_PAPER = "de_DE.UTF-8";
+		LC_TELEPHONE = "de_DE.UTF-8";
+		LC_TIME = "de_DE.UTF-8";
+	};
+	console.keyMap = "de";
+
+	## SYSTEM LEVEL
+	# Graphic fu
+	services.xserver.enable = true;
+	services.xserver.displayManager.gdm.enable = true;
+	services.xserver.desktopManager.gnome.enable = true;
+	services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
+	[org.gnome.desktop.wm.preferences]
+	button-layout="appmenu:minimize,maximize,close"
+	'';
+	services.xserver.xkb = {
+		layout = "de";
+		variant = "";
+	};
+	# CUPS
+	services.printing.enable = true;
+	services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.epson-escpr pkgs.epson-escpr2 ];
+	services.avahi = {
+		enable = true;
+		nssmdns4 = true;
+		openFirewall = true;
+	};
+	# Sound
+	services.pipewire = {
+		enable = true;
+		alsa.enable = true;
+		alsa.support32Bit = true;
+		pulse.enable = true;
+	};
+	security.rtkit.enable = true;
+	# Fingerprint reader support
+	services.fprintd.enable = true;
+	# Firewall
+	networking.firewall.enable = true;
+	networking.firewall.allowedTCPPorts = [ ];
+	networking.firewall.allowedUDPPorts = [ 13337 ];
+	# VPN
+	networking.wireguard.enable = true;
+	networking.wireguard.interfaces = {
+		lynx = {
+			ips = [ "10.42.250.16/32" ];
+			listenPort = 51820;
+			privateKeyFile = "/etc/wireguard/lynx.key";
+			peers = [{
+				publicKey = "lACsN0V8JheoQq7a/tCxj0NykqHy7okoYGMvqeyOKHI=";
+				allowedIPs = [ "10.42.0.0/16" ];
+				endpoint = "lynx.maride.cc:13337";
+				persistentKeepalive = 10;
+			}];
+		};
+	};
+
+	## USER LEVEL
+	users.users.maride = {
+		isNormalUser = true;
+		description = "maride";
+		extraGroups = [ "networkmanager" "wheel" ];
+		packages = with pkgs; [
+			thunderbird
+			spotify
+			keepassxc
+			obsidian
+			vscode
+			signal-desktop
+			element-desktop
+			vlc
+			virt-manager
+			gimp
+			inkscape
+			libreoffice
+			steam
+			yubikey-manager-qt
+		];
+	};
+
+	## PACKAGE LEVEL
+	environment.systemPackages = with pkgs; [
+		htop
+		neovim
+		alacritty
+		tmux
+		wireguard-tools
+		gnomeExtensions.wireguard-vpn-extension
+		mtr
+		docker
+		git
+		python3
+		dig
+		fprintd
+		usbutils
+		pciutils
+		nmap
+		file
+		tty-solitaire
+		nushell
+		mosh
+		ghostty
+		epson-escpr
+		epson-escpr2
+		a52dec
+	];
+	# GNOME-specific
+	environment.gnome.excludePackages = with pkgs; [
+		gnome-music
+		gnome-maps
+		gnome-weather
+		epiphany
+		gnome-characters
+		totem
+		geary
+		gnome-console
+		gnome-tour
+	];
+
+	## PROGRAM LEVEL
+	# Firefox
+	programs.firefox {
+		enable = true;
+		languagePacks = [ "de" ];
+	}
+	# Steam
+	programs.steam = {
+		enable = true;
+		remotePlay.openFirewall = true; # Steam Remote Play
+		dedicatedServer.openFirewall = true; # Source Dedicated Server
+		localNetworkGameTransfers.openFirewall = true; # Steam Local Network Game Transfers
+	};
+	# KVM & Docker
+	virtualisation.docker.enable = true;
+	virtualisation.libvirtd.enable = true;
+	programs.virt-manager.enable = true;
+	# Neovim
+	programs.neovim = {
+		viAlias = true;
+		vimAlias = true;
+	};
+
+	## WILD WEST LEVEL
+	# one cannot live without a good round of solitaire once in a while
+	nixpkgs.overlays = [
+		(
+			final: prev: {
+				tty-solitaire = prev.tty-solitaire.overrideAttrs(old: {
+					src = pkgs.fetchFromGitea {
+						domain = "git.maride.cc";
+						owner = "maride";
+						repo = "tty-solitaire";
+						rev = "2024d53e48";
+						sha256 = "sha256-9d7Ex7g0QtbWJjyLmGc9UeynrVXALlmgK9mDqBtaql0=";
+					};
+					patches = [];
+				});
+			}
+		 )
+	];
+}