rilla
/
nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-config/modules/nixos/desktop/default.nix

295 lines
8.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{ config, pkgs, ... }:
{
# boot.binfmt.emulatedSystems = [ "aarch64-linux" "qemu-aarch64" ];
networking = {
networkmanager = {
enable = true;
wifi = { scanRandMacAddress = false; };
};
useDHCP = false;
interfaces = { };
firewall = {
# 51820 is used by wireguard
allowedUDPPorts = [ 51820 ];
# 1714 - 1764 is used by kdeconnect
allowedTCPPortRanges = [{
from = 1714;
to = 1764;
}];
allowedUDPPortRanges = [{
from = 1714;
to = 1764;
}];
# if packets are still dropped, they will show up in dmesg
logReversePathDrops = true;
# # wireguard trips rpfilter up
# extraCommands = ''
# ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
# ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
# '';
# extraStopCommands = ''
# ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
# ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
# '';
};
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
services.dbus.enable = true;
services.tor.enable = true;
services.udev = { packages = [ pkgs.android-udev-rules ]; };
services.avahi.enable = true;
services.rpcbind.enable = true;
services.nfs.server.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
security.pam.services = {
swaylock.text = ''
auth include login
'';
waylock.text = ''
auth include system-auth
'';
login = {
allowNullPassword = true;
setEnvironment = true;
setLoginUid = true;
startSession = true;
unixAuth = true;
updateWtmp = true;
# Unlock keyring on login.
enableGnomeKeyring = true;
};
system-auth = {
allowNullPassword = true;
setEnvironment = true;
setLoginUid = true;
startSession = true;
unixAuth = true;
updateWtmp = true;
# Unlock keyring on login.
enableGnomeKeyring = true;
};
};
security.polkit.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# firefox
# ];
environment.systemPackages = with pkgs; [ dmidecode flashrom mbuffer ];
# Enable touchpad support (enabled default in most desktopManager).
# Define a user account. Don't forget to set a password with passwd.
users = {
groups = { plugdev = { }; };
users = {
rilla = {
shell = pkgs.zsh;
extraGroups = [
"wheel"
"docker"
"libvirtd"
"dialout"
"plugdev"
"adbusers"
"video"
"vboxusers"
];
subUidRanges = [{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
};
};
};
programs.mosh.enable = true;
programs.zsh.enable = true;
programs.slock.enable = true;
programs.fuse.userAllowOther = true;
programs.nix-ld.enable = true;
services.pcscd.enable = true;
virtualisation = {
docker.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd = {
enable = true;
allowedBridges = [ "virbr0" "virbr1" "virbr2" ];
};
spiceUSBRedirection.enable = true;
virtualbox.host.enable = true;
};
services.spice-vdagentd.enable = true;
programs.dconf.enable = true;
services.udev.extraRules = ''
# UDEV rules for Teensy USB devices
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="664", GROUP="plugdev"
# acpi brightness rulres
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="acpi_video0", GROUP="video", MODE="0664"
RUN+="${pkgs.coreutils-full}/bin/chgrp video /sys/class/backlight/intel_backlight/brightness"
RUN+="${pkgs.coreutils-full}/bin/chmod g+w /sys/class/backlight/intel_backlight/brightness"
'';
hardware.opengl.enable = true;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
environment.persistence = {
"/mnt/persist" = {
directories = [
"/etc/NetworkManager/system-connections"
"/etc/wireguard"
"/var/lib/bluetooth"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/systemd/coredump"
"/home/rilla/.Slic3r"
"/home/rilla/.abook"
"/home/rilla/.bitmonero"
"/home/rilla/.config/Element"
"/home/rilla/.config/Nextcloud"
"/home/rilla/.config/Signal"
"/home/rilla/.config/Slack"
"/home/rilla/.config/SuperCollider"
"/home/rilla/.config/VirtualBox"
"/home/rilla/.config/ardour6"
"/home/rilla/.config/chromium"
"/home/rilla/.config/kdeconnect"
"/home/rilla/.config/kicad"
"/home/rilla/.config/nvim/plugin"
"/home/rilla/.config/syncthing"
"/home/rilla/.config/tea"
"/home/rilla/.config/whatsapp-for-linux"
"/home/rilla/.electrum"
"/home/rilla/.gnupg"
"/home/rilla/.hydrogen"
"/home/rilla/.john"
"/home/rilla/.kube"
"/home/rilla/.librewolf"
"/home/rilla/.local/share/Bisq"
"/home/rilla/.local/share/Nextcloud"
"/home/rilla/.local/share/Steam"
"/home/rilla/.local/share/SuperCollider"
"/home/rilla/.local/share/TelegramDesktop"
"/home/rilla/.local/share/containers"
"/home/rilla/.local/share/dino"
"/home/rilla/.local/share/direnv"
"/home/rilla/.local/share/gopass/stores"
"/home/rilla/.local/share/keyrings"
"/home/rilla/.local/share/mpd"
"/home/rilla/.local/share/nvim"
"/home/rilla/.local/share/tor-browser"
"/home/rilla/.local/share/webkitgtk"
"/home/rilla/.local/state/wireplumber"
"/home/rilla/.local/state/zsh"
"/home/rilla/.mozilla"
"/home/rilla/.newsboat"
"/home/rilla/.password-store"
"/home/rilla/.platformio"
"/home/rilla/.vagrant.d"
"/home/rilla/.vdirsyncer"
"/home/rilla/.virtualenvs"
"/home/rilla/.wine"
"/home/rilla/Nextcloud"
"/home/rilla/VirtualBox VMs"
"/home/rilla/configs"
# "/home/rilla/.cache"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/home/rilla/.lmmsrc.xml"
"/home/rilla/.mailsynclastrun"
"/home/rilla/.ssh/known_hosts"
];
};
"/mnt/data" = {
directories = [
"/etc/luks-keys"
"/home/rilla/Audio"
"/home/rilla/Calendars"
"/home/rilla/Contacts"
"/home/rilla/Documents"
"/home/rilla/Downloads"
"/home/rilla/Images"
"/home/rilla/Maildir"
"/home/rilla/Monero"
"/home/rilla/code"
"/home/rilla/misc"
"/home/rilla/workspace"
];
files = [
"/etc/btrbk/id_ed25519"
"/etc/btrbk/id_ed25519.pub"
"/etc/btrbk/id_ed25519-cert.pub"
];
};
"/mnt/logs" = { directories = [ "/var/log" ]; };
"/mnt/vfs_share" = { directories = [ "/home/rilla/vfs_share" ]; };
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
#
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}
Reference in New Issue View Git Blame Copy Permalink