{ config, pkgs, fetchFromGitea, ... }: { system.stateVersion = "24.05"; imports = [ ./hardware-configuration.nix ]; # Allow unfree packages nixpkgs.config.allowUnfree = true; ## EARLY LEVEL # Firmware services.fwupd.enable = true; # Bootloader & Booting boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.luks.devices."luks-970d527c-57c2-4b6a-9d56-32e91f824d80".device = "/dev/disk/by-uuid/970d527c-57c2-4b6a-9d56-32e91f824d80"; boot.tmp.cleanOnBoot = true; # Other low-level stuff networking.hostName = "macabre"; networking.networkmanager.enable = true; # Geo-Customisation time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; console.keyMap = "de"; ## SYSTEM LEVEL # Graphic fu services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' [org.gnome.desktop.wm.preferences] button-layout="appmenu:minimize,maximize,close" ''; services.xserver.xkb = { layout = "de"; variant = ""; }; # CUPS services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.epson-escpr pkgs.epson-escpr2 ]; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # Sound services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; security.rtkit.enable = true; # Fingerprint reader support services.fprintd.enable = true; # Firewall networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedUDPPorts = [ 13337 ]; # VPN networking.wireguard.enable = true; networking.wireguard.interfaces = { lynx = { ips = [ "10.42.250.16/32" ]; listenPort = 51820; privateKeyFile = "/etc/wireguard/lynx.key"; peers = [{ publicKey = "lACsN0V8JheoQq7a/tCxj0NykqHy7okoYGMvqeyOKHI="; allowedIPs = [ "10.42.0.0/16" ]; endpoint = "lynx.maride.cc:13337"; persistentKeepalive = 10; }]; }; }; ## USER LEVEL users.users.maride = { isNormalUser = true; description = "maride"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; [ thunderbird spotify keepassxc obsidian vscode signal-desktop element-desktop vlc virt-manager gimp inkscape libreoffice steam yubikey-manager-qt ]; }; ## PACKAGE LEVEL environment.systemPackages = with pkgs; [ htop neovim alacritty tmux wireguard-tools gnomeExtensions.wireguard-vpn-extension mtr docker git python3 dig fprintd usbutils pciutils nmap file tty-solitaire nushell mosh ghostty epson-escpr epson-escpr2 a52dec ]; # GNOME-specific environment.gnome.excludePackages = with pkgs; [ gnome-music gnome-maps gnome-weather epiphany gnome-characters totem geary gnome-console gnome-tour ]; ## PROGRAM LEVEL # Firefox programs.firefox { enable = true; languagePacks = [ "de" ]; } # Steam programs.steam = { enable = true; remotePlay.openFirewall = true; # Steam Remote Play dedicatedServer.openFirewall = true; # Source Dedicated Server localNetworkGameTransfers.openFirewall = true; # Steam Local Network Game Transfers }; # KVM & Docker virtualisation.docker.enable = true; virtualisation.libvirtd.enable = true; programs.virt-manager.enable = true; # Neovim programs.neovim = { viAlias = true; vimAlias = true; }; ## WILD WEST LEVEL # one cannot live without a good round of solitaire once in a while nixpkgs.overlays = [ ( final: prev: { tty-solitaire = prev.tty-solitaire.overrideAttrs(old: { src = pkgs.fetchFromGitea { domain = "git.maride.cc"; owner = "maride"; repo = "tty-solitaire"; rev = "2024d53e48"; sha256 = "sha256-9d7Ex7g0QtbWJjyLmGc9UeynrVXALlmgK9mDqBtaql0="; }; patches = []; }); } ) ]; }