blob: dd470801deffb2bc1b529fb30c2b795328b8095f (
plain) (
tree)
|
|
{ config, pkgs, ... }:
let
compiledXkbLayout = pkgs.runCommand "keyboard-layout" {} ''
${pkgs.xorg.xkbcomp}/bin/xkbcomp ${../xkb/symbols/custom-fr} $out
'';
in
{
imports = [
./bnc.nix
];
boot.supportedFilesystems = [ "ntfs" ];
boot.tmp.cleanOnBoot = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.utf8";
LC_IDENTIFICATION = "fr_FR.utf8";
LC_MEASUREMENT = "fr_FR.utf8";
LC_MONETARY = "fr_FR.utf8";
LC_NAME = "fr_FR.utf8";
LC_NUMERIC = "fr_FR.utf8";
LC_PAPER = "fr_FR.utf8";
LC_TELEPHONE = "fr_FR.utf8";
LC_TIME = "fr_FR.utf8";
};
console = {
font = "sun12x22";
keyMap = "fr";
};
# ---- network config ----
networking.networkmanager.enable = true;
services.unbound =
let
alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ];
in {
enable = true;
resolveLocalQueries = true;
settings = {
server = {
log-servfail = true;
domain-insecure = alfisTld;
};
forward-zone = map (tld: {
name = tld;
forward-addr = "324:71e:281a:9ed3::53";
forward-tcp-upstream = false;
forward-tls-upstream = false;
}) alfisTld;
};
};
services.resolved.enable = false;
networking.extraHosts = ''
201:8c16:538b:891c:96cb:c8f6:40dd:125d lindy
'';
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
2022 # openssh
22000 # syncthing
];
networking.firewall.allowedUDPPorts = [
22000 # syncthing
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# ---- apps config ----
# Enable the X11 windowing system.
services.xserver.enable = true;
# Configure keymap in X11
services.xserver.layout = "fr-custom-lx";
#services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xkbcomp}/bin/xkbcomp ${compiledXkbLayout} $DISPLAY";
services.xserver.xkbOptions = "caps:escape";
services.xserver.extraLayouts."fr-custom-lx" = {
description = "French (LX custom azerty)";
languages = ["fre"];
symbolsFile = ../xkb/symbols/fr-custom-lx;
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
# Enable RTL-SDR
hardware.rtl-sdr.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# -------------------- users ---------------------
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.lx = {
isNormalUser = true;
description = "Alex";
extraGroups = [
"networkmanager"
"wheel"
"yggdrasil"
"plugdev"
"dialout"
"kvm"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw+IIX8+lZX9RrHAbwi/bncLYStXpI4EmK3AUcqPY2O"
];
};
# -------------------- yea openssh ---------------------
services.openssh = {
enable = true;
ports = [ 2022 ];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
# -------------------- packages ---------------------
nixpkgs.config.allowUnfree = true;
nix.gc.automatic = pkgs.lib.mkDefault true;
nix.gc.options = "--delete-older-than 30d";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
nixpkgs.overlays = [
# fix jellyfin media player to not try to use wayland-egl backend
(self: super: {
jellyfin-media-player = pkgs.symlinkJoin {
name = "jellyfin-media-player";
paths = [ super.jellyfin-media-player ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/jellyfinmediaplayer --set QT_QPA_PLATFORM xcb
'';
};
})
];
fonts.fonts = with pkgs; [
profont
symbola
ipafont
hanazono
takao
font-awesome
];
environment.systemPackages = with pkgs; [
home-manager
vim
nixfmt
nix-index
aspell
hunspell
aspellDicts.fr
aspellDicts.en
hunspellDicts.fr-any
hunspellDicts.en-us-large
hunspellDicts.en-gb-large
tmux
git
git-lfs
pass
openssl
pkg-config
htop
i7z
zip
unzip
powertop
iotop
jnettop
nethogs
nvme-cli
smartmontools
speedtest-cli
socat
mc
ncdu
dfc
wget
gcc
gnumake
clang
rustc
rustfmt
rust-analyzer
cargo
clippy
virtualenv
scc
rclone
restic
borgbackup
nomad
consul
drone-cli
hugo
zola
jq
python3Full
ffmpeg
gnupg
dig
inetutils
file
distrobox
killall
gomuks
alacritty
firefox
qutebrowser
tor-browser-bundle-bin
lagrange
thunderbird
qbittorrent
transmission-remote-gtk
keepassxc
vlc
mpv
spotify
sonixd
jellyfin-media-player
nheko
neochat
dino
element-desktop
signal-desktop
gimp
inkscape
krita
ghostscript
mupdf
llpp
xournalpp
pdfarranger
nextcloud-client
homebank
nicotine-plus
gnome.seahorse
gqrx
sdrpp
qgis
virt-manager
tagainijisho
(st.overrideAttrs (oldAttrs: rec {
patches = [
#../st/st-colorschemes-0.8.5.diff
#../st/st-copyurl-0.8.4.diff
];
configFile = writeText "config.def.h" (builtins.readFile ../st/config.h);
postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
}))
];
programs.vim.defaultEditor = true;
programs.steam = {
enable = true;
remotePlay.openFirewall =
true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall =
true; # Open ports in the firewall for Source Dedicated Server
};
programs.mtr.enable = true;
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
services.yggdrasil = {
enable = true;
persistentKeys = true;
settings = { Peers = [ "tls://37.187.118.206:53103" ]; };
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}
|