195 lines
4.2 KiB
Nix
195 lines
4.2 KiB
Nix
{ config, pkgs, fetchFromGitea, ... }:
|
|
|
|
{
|
|
system.stateVersion = "24.05";
|
|
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Allow unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
## EARLY LEVEL
|
|
# Firmware
|
|
services.fwupd.enable = true;
|
|
# Bootloader & Booting
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
boot.initrd.luks.devices."luks-970d527c-57c2-4b6a-9d56-32e91f824d80".device = "/dev/disk/by-uuid/970d527c-57c2-4b6a-9d56-32e91f824d80";
|
|
boot.tmp.cleanOnBoot = true;
|
|
# Other low-level stuff
|
|
networking.hostName = "macabre";
|
|
networking.networkmanager.enable = true;
|
|
# Geo-Customisation
|
|
time.timeZone = "Europe/Berlin";
|
|
i18n.defaultLocale = "de_DE.UTF-8";
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "de_DE.UTF-8";
|
|
LC_IDENTIFICATION = "de_DE.UTF-8";
|
|
LC_MEASUREMENT = "de_DE.UTF-8";
|
|
LC_MONETARY = "de_DE.UTF-8";
|
|
LC_NAME = "de_DE.UTF-8";
|
|
LC_NUMERIC = "de_DE.UTF-8";
|
|
LC_PAPER = "de_DE.UTF-8";
|
|
LC_TELEPHONE = "de_DE.UTF-8";
|
|
LC_TIME = "de_DE.UTF-8";
|
|
};
|
|
console.keyMap = "de";
|
|
|
|
## SYSTEM LEVEL
|
|
# Graphic fu
|
|
services.xserver.enable = true;
|
|
services.xserver.displayManager.gdm.enable = true;
|
|
services.xserver.desktopManager.gnome.enable = true;
|
|
services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
|
|
[org.gnome.desktop.wm.preferences]
|
|
button-layout="appmenu:minimize,maximize,close"
|
|
'';
|
|
services.xserver.xkb = {
|
|
layout = "de";
|
|
variant = "";
|
|
};
|
|
# CUPS
|
|
services.printing.enable = true;
|
|
services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.epson-escpr pkgs.epson-escpr2 ];
|
|
services.avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
# Sound
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
};
|
|
security.rtkit.enable = true;
|
|
# Fingerprint reader support
|
|
services.fprintd.enable = true;
|
|
# Firewall
|
|
networking.firewall.enable = true;
|
|
networking.firewall.allowedTCPPorts = [ ];
|
|
networking.firewall.allowedUDPPorts = [ 13337 ];
|
|
# VPN
|
|
networking.wireguard.enable = true;
|
|
networking.wireguard.interfaces = {
|
|
lynx = {
|
|
ips = [ "10.42.250.16/32" ];
|
|
listenPort = 51820;
|
|
privateKeyFile = "/etc/wireguard/lynx.key";
|
|
peers = [{
|
|
publicKey = "lACsN0V8JheoQq7a/tCxj0NykqHy7okoYGMvqeyOKHI=";
|
|
allowedIPs = [ "10.42.0.0/16" ];
|
|
endpoint = "lynx.maride.cc:13337";
|
|
persistentKeepalive = 10;
|
|
}];
|
|
};
|
|
};
|
|
|
|
## USER LEVEL
|
|
users.users.maride = {
|
|
isNormalUser = true;
|
|
description = "maride";
|
|
extraGroups = [ "networkmanager" "wheel" ];
|
|
packages = with pkgs; [
|
|
thunderbird
|
|
spotify
|
|
keepassxc
|
|
obsidian
|
|
vscode
|
|
signal-desktop
|
|
element-desktop
|
|
vlc
|
|
virt-manager
|
|
gimp
|
|
inkscape
|
|
libreoffice
|
|
steam
|
|
yubikey-manager-qt
|
|
];
|
|
};
|
|
|
|
## PACKAGE LEVEL
|
|
environment.systemPackages = with pkgs; [
|
|
htop
|
|
neovim
|
|
alacritty
|
|
tmux
|
|
wireguard-tools
|
|
gnomeExtensions.wireguard-vpn-extension
|
|
mtr
|
|
docker
|
|
git
|
|
python3
|
|
dig
|
|
fprintd
|
|
usbutils
|
|
pciutils
|
|
nmap
|
|
file
|
|
tty-solitaire
|
|
nushell
|
|
mosh
|
|
ghostty
|
|
epson-escpr
|
|
epson-escpr2
|
|
a52dec
|
|
];
|
|
# GNOME-specific
|
|
environment.gnome.excludePackages = with pkgs; [
|
|
gnome-music
|
|
gnome-maps
|
|
gnome-weather
|
|
epiphany
|
|
gnome-characters
|
|
totem
|
|
geary
|
|
gnome-console
|
|
gnome-tour
|
|
];
|
|
|
|
## PROGRAM LEVEL
|
|
# Firefox
|
|
programs.firefox {
|
|
enable = true;
|
|
languagePacks = [ "de" ];
|
|
}
|
|
# Steam
|
|
programs.steam = {
|
|
enable = true;
|
|
remotePlay.openFirewall = true; # Steam Remote Play
|
|
dedicatedServer.openFirewall = true; # Source Dedicated Server
|
|
localNetworkGameTransfers.openFirewall = true; # Steam Local Network Game Transfers
|
|
};
|
|
# KVM & Docker
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.libvirtd.enable = true;
|
|
programs.virt-manager.enable = true;
|
|
# Neovim
|
|
programs.neovim = {
|
|
viAlias = true;
|
|
vimAlias = true;
|
|
};
|
|
|
|
## WILD WEST LEVEL
|
|
# one cannot live without a good round of solitaire once in a while
|
|
nixpkgs.overlays = [
|
|
(
|
|
final: prev: {
|
|
tty-solitaire = prev.tty-solitaire.overrideAttrs(old: {
|
|
src = pkgs.fetchFromGitea {
|
|
domain = "git.maride.cc";
|
|
owner = "maride";
|
|
repo = "tty-solitaire";
|
|
rev = "2024d53e48";
|
|
sha256 = "sha256-9d7Ex7g0QtbWJjyLmGc9UeynrVXALlmgK9mDqBtaql0=";
|
|
};
|
|
patches = [];
|
|
});
|
|
}
|
|
)
|
|
];
|
|
}
|