203 lines
4.5 KiB
Nix
203 lines
4.5 KiB
Nix
{
|
|
inputs,
|
|
outputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
nix-rice,
|
|
...
|
|
}:
|
|
{
|
|
nixpkgs = {
|
|
overlays = [
|
|
inputs.nur.overlay
|
|
outputs.overlays.additions
|
|
outputs.overlays.unstable-pkgs
|
|
inputs.nix-rice.overlays.default
|
|
outputs.overlays.rice
|
|
];
|
|
config = {
|
|
allowUnfree = true;
|
|
allowUnfreePredicate = _: true;
|
|
};
|
|
};
|
|
|
|
nix = {
|
|
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
|
settings = {
|
|
experimental-features = "nix-command flakes";
|
|
};
|
|
};
|
|
|
|
imports = [
|
|
# inputs.declarative-cachix.nixosModules.declarative-cachix
|
|
# inputs.helix
|
|
];
|
|
|
|
# cachix = [
|
|
# "nix-community"
|
|
# ];
|
|
|
|
nix.extraOptions = ''
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = true;
|
|
|
|
environment.pathsToLink = ["/share/zsh"];
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
hardware.enableAllFirmware = true;
|
|
boot.loader.systemd-boot.consoleMode = "max";
|
|
boot.loader.timeout = 3;
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.tmp.useTmpfs = true;
|
|
|
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
|
|
|
time.timeZone = "Australia/Sydney";
|
|
time.hardwareClockInLocalTime = true;
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_AU.UTF-8";
|
|
i18n.supportedLocales = ["en_AU.UTF-8/UTF-8"];
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
useXkbConfig = true; # use xkbOptions in tty.
|
|
};
|
|
|
|
hardware.opengl.enable = true;
|
|
hardware.opengl.driSupport32Bit = true;
|
|
|
|
#input stuff
|
|
services.xserver.enable = false;
|
|
services.xserver.xkbOptions = "caps:escape";
|
|
services.xserver.layout = "us";
|
|
services.xserver.libinput.enable = true;
|
|
services.xserver.displayManager.lightdm.enable = false; # gets installed by default..
|
|
|
|
services.greetd = {
|
|
enable = true;
|
|
settings = {
|
|
default_session = {
|
|
command = "${pkgs.greetd.tuigreet}/bin/tuigreet -r -g \"what's good\" --time --sessions ${config.services.xserver.displayManager.sessionData.desktops}/share/wayland-sessions";
|
|
user = "greeter";
|
|
};
|
|
};
|
|
};
|
|
|
|
security.polkit.enable = true;
|
|
|
|
programs.dconf.enable = true;
|
|
|
|
xdg.autostart.enable = true;
|
|
|
|
services.resolved = {
|
|
enable = true;
|
|
fallbackDns = ["103.1.206.179" "168.138.8.38" "168.138.12.137"];
|
|
dnssec = "false";
|
|
};
|
|
|
|
# Enable sound.
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
# jack.enable = true;
|
|
};
|
|
|
|
qt.enable = true;
|
|
qt.platformTheme = "gtk2";
|
|
qt.style = "gtk2";
|
|
|
|
programs.zsh.enable = true;
|
|
programs.xonsh = {
|
|
enable = true;
|
|
config = builtins.replaceStrings
|
|
["#NEWPATHS"]
|
|
[''
|
|
'${pkgs.xonsh}/lib/python3.10/site-packages',
|
|
'${pkgs.python310Packages.pip}/lib/python3.10/site-packages'
|
|
'']
|
|
(builtins.readFile ../home/dots/xonshrc);
|
|
};
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
services.tailscale.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
rnix-lsp
|
|
|
|
tailscale
|
|
|
|
home-manager
|
|
cachix
|
|
|
|
ark
|
|
|
|
curl
|
|
exa
|
|
|
|
git
|
|
|
|
nix-index
|
|
comma
|
|
starship
|
|
|
|
cachix
|
|
|
|
alejandra
|
|
|
|
];
|
|
|
|
programs.nix-index-database.comma.enable = true;
|
|
programs.nix-index.enableZshIntegration = false;
|
|
programs.nix-index.enableBashIntegration = false;
|
|
|
|
# services.mullvad-vpn.enable = true;
|
|
|
|
networking.wg-quick.interfaces = {
|
|
mullvad = {
|
|
address = ["10.67.227.64/32"];
|
|
dns = ["10.64.0.1"];
|
|
privateKey = "OOPAlePjy7x2DVpg6d7BoBqpST3lDJSYght185tSUl8=";
|
|
peers = [
|
|
{
|
|
publicKey = "LXuRwa9JRTt2/UtldklKGlj/IVLORITqgET4II4DRkU=";
|
|
allowedIPs = ["0.0.0.0/0"];
|
|
endpoint = "146.70.200.194:51820";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
networking.firewall.enable = true;
|
|
networking.firewall = {
|
|
trustedInterfaces = ["tailscale0"];
|
|
checkReversePath = "loose";
|
|
};
|
|
|
|
systemd.services.fixNetworkingForTailscale = {
|
|
wantedBy = ["multi-user.target"];
|
|
after = ["network.target" "mullvad-daemon.service"];
|
|
description = "fix the damn routing table";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "root";
|
|
ExecStart = ''${pkgs.bash}/bin/bash -c "if [[ \"$( ${pkgs.iproute2}/bin/ip rule | grep -e \"62:.*52\" | wc -l)\" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi"'';
|
|
};
|
|
};
|
|
|
|
security.pam.services.waylock = {
|
|
text = ''
|
|
auth include login
|
|
'';
|
|
};
|
|
|
|
system.stateVersion = "23.05"; # Did you read the comment? # lol no
|
|
}
|