133 lines
2.9 KiB
Nix
Executable file
133 lines
2.9 KiB
Nix
Executable file
{
|
|
config,
|
|
pkgs,
|
|
attrs,
|
|
...
|
|
}: let
|
|
# Horrid workaround for https://github.com/nix-community/home-manager/issues/1011
|
|
homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh";
|
|
in {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./nano.nix
|
|
./backups.nix
|
|
];
|
|
environment.systemPackages = with pkgs; [
|
|
cryptsetup
|
|
nfs-utils
|
|
];
|
|
environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
|
|
|
|
boot = {
|
|
loader.systemd-boot.enable = true;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
supportedFilesystems = ["zfs"];
|
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
zfs.forceImportRoot = false;
|
|
};
|
|
# Networking
|
|
networking = {
|
|
hostId = "1185c58e";
|
|
nameservers = ["1.1.1.1#one.one.one.one"];
|
|
networkmanager = {
|
|
enable = true;
|
|
dns = "systemd-resolved";
|
|
};
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [11111];
|
|
allowedUDPPorts = [];
|
|
trustedInterfaces = ["tailscale0"];
|
|
logRefusedConnections = true;
|
|
};
|
|
};
|
|
|
|
# Services
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
};
|
|
};
|
|
|
|
security.pam.services.swaylock = {};
|
|
xdg.portal = {
|
|
enable = true;
|
|
xdgOpenUsePortal = false;
|
|
extraPortals = [pkgs.xdg-desktop-portal-gtk];
|
|
};
|
|
programs = {
|
|
light.enable = true;
|
|
hyprland.enable = true;
|
|
ssh = {
|
|
startAgent = true;
|
|
};
|
|
};
|
|
services = {
|
|
resolved = {
|
|
enable = true;
|
|
fallbackDns = [
|
|
"1.1.1.1#one.one.one.one"
|
|
];
|
|
extraConfig = ''
|
|
DNSOverTLS=yes
|
|
'';
|
|
};
|
|
tailscale.enable = true;
|
|
avahi.enable = true; # chromecast
|
|
pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
flatpak.enable = true;
|
|
dbus.enable = true;
|
|
|
|
tlp = {
|
|
enable = true;
|
|
settings = {
|
|
WIFI_PWR_ON_BAT = "off";
|
|
START_CHARGE_THRESH_BAT0 = 80;
|
|
STOP_CHARGE_THRESH_BAT0 = 85;
|
|
};
|
|
};
|
|
ratbagd.enable = true; # Logitech
|
|
keyd = {
|
|
enable = true;
|
|
keyboards = {
|
|
default = {
|
|
ids = ["*"];
|
|
settings = {
|
|
main = {
|
|
pause = "timeout(esc, 150, space)";
|
|
scrolllock = "layer(shift)";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# workaround for wait-online killing nixos build
|
|
systemd.services.NetworkManager-wait-online = {
|
|
serviceConfig = {
|
|
ExecStart = ["" "${pkgs.networkmanager}/bin/nm-online -q"];
|
|
};
|
|
};
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
extraPackages = [
|
|
pkgs.mesa.drivers
|
|
pkgs.libGL
|
|
];
|
|
};
|
|
|
|
# Set a sane system-wide default font
|
|
fonts.packages = with pkgs; [
|
|
(nerdfonts.override {fonts = ["UbuntuMono"];})
|
|
spleen
|
|
];
|
|
fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"];
|
|
system.stateVersion = "22.11";
|
|
}
|