{ config, pkgs, ... }: { imports = [ # where are we ? #./wollomi.nix # ./adrift.nix ./quiver.nix # home manager should exist for users ./cachix.nix # declarative cachix (import (builtins.fetchTarball "https://github.com/jonascarpay/declarative-cachix/archive/master.tar.gz")) ]; cachix = [ "nix-community" ]; nix.extraOptions = '' experimental-features = nix-command flakes keep-outputs = true keep-derivations = true ''; environment.pathsToLink = [ "/share/zsh" ]; boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.configurationLimit = 2; boot.loader.systemd-boot.consoleMode = "max"; boot.loader.timeout = 3; boot.kernelPackages = pkgs.linuxPackages_xanmod_latest; boot.tmpOnTmpfs = true; networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "Australia/Sydney"; time.hardwareClockInLocalTime = true; # Select internationalisation properties. i18n.defaultLocale = "en_AU.UTF-8"; i18n.supportedLocales = [ "en_AU.UTF-8/UTF-8" ]; console = { font = "Lat2-Terminus16"; useXkbConfig = true; # use xkbOptions in tty. }; nixpkgs.config.allowUnfree = true; hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; #input stuff # services.xserver.xkbOptions = { # "eurosign:e"; # "caps:escape" # map caps to escape. # }; services.xserver.enable = true; services.xserver.layout = "us"; services.xserver.libinput.enable = true; # kde time services.xserver.desktopManager.plasma5.enable = true; services.xserver.displayManager.sddm = { enable = true; theme = "${(pkgs.fetchFromGitHub { owner = "EricKotato"; repo = "sddm-slice"; rev = "763b8f4e01c00c1f8590fc7a103e14f6e8449443"; sha256 = "sha256-UW53ZdKb3RSrrcZ9GxZsJyjzS/uKR8lkaLLyi+2o27U="; })}"; autoNumlock = true; settings = { General = { InputMethod = ""; }; }; }; services.xserver.desktopManager.plasma5.runUsingSystemd = true; programs.dconf.enable = true; services.resolved = { enable = true; fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ]; dnssec = "false"; }; # Enable sound. security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # gtk compatibility qt5.enable = true; qt5.platformTheme = "kde"; #qt5.style = "gtk2"; programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; services.tailscale.enable = true; environment.systemPackages = with pkgs; [ rnix-lsp tailscale cachix helix ark curl home-manager git zsh nix-index comma ]; networking.wg-quick.interfaces = { mullvad = { address = [ "10.66.224.186/32" ]; dns = [ "10.64.0.1" ]; privateKey = "WD0CNYazB8D19SJvwz/TdPqoWgWCGfTwA7mim16q7UM="; peers = [ { publicKey = "kOpdNLq/ePrlc2wXGinRvbQWRhy755cZ4G4S7xwsKiw="; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "43.245.162.234:51820"; persistentKeepalive = 25; } ]; }; }; networking.firewall.enable = false; networking.firewall = { trustedInterfaces = [ "tailscale0" ]; checkReversePath = "loose"; }; systemd.services.fixNetworkingForTailscaleGodDamnit = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" "wg-quick-mullvad.service" ]; description = "fix the damn routing table"; serviceConfig = { Type = "oneshot"; User = "root"; ExecStart = ''${pkgs.bash}/bin/bash -c 'if [[ "$( ${pkgs.iproute2}/bin/ip rule | grep -e "62:.*52" | wc -l)" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi''''; # ExecStop = ''${pkgs.iproute2}/bin/ip rule del pref 62 table 52''; }; }; system.stateVersion = "22.05"; # Did you read the comment? }