summaryrefslogblamecommitdiff
path: root/nixos/common.nix
blob: 5a0d66dba7f5c740499bb601ae4c8c5c94d479c7 (plain) (tree)
1
2
3
4
5
6
7
8
9
10


                                 
                           

 



             
                                         
                              
 
















                                     
                  

    



                                          

                                                                    

                                         
                   









                                         


                                    
                           


                                                                       














                                                
    
 







                                     
                       


                                                                     
                                  
 



                                                    

                                                    



                                                                            




                      
               
           
                
      

                                                                                        
                                                                                        











                                                          

    

                                                       
                                    
 
                                                                  

                                                                                                              



                           
 













                                                                            

                                                
                               
           
           
                
               


                    
    
 














                                   
        
 





                                              

                                           

       
               
             






                             


           

           
              
        
       

         
         


            
           
       
             
            
                 
                 
         
      

        
        

           


           
                 
        

          
              
          
              
       
          

              

          
             

        
      
               
          

         
          
             
            
        
             
           
          
         
 


               
                          
            
               

                           
             

       
           
          
              
                         
                   
        
                  
         

            
          
               
         
        
             
               
            
                 
          
                  
        
         
                
                
        
            









                                                                                   
    
 

                                                                                  

                                    

                    



                                                                    

    
                             
 

                                      


                          






                                    

    


                                                                           
                                        







                                                                             

 
# Common / necessary stuff here
# Additional stuff in common2.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ./bnc.nix
  ];

  boot.supportedFilesystems = [ "ntfs" ];
  boot.tmp.cleanOnBoot = true;

  time.timeZone = "Europe/Paris";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.utf8";
    LC_IDENTIFICATION = "fr_FR.utf8";
    LC_MEASUREMENT = "fr_FR.utf8";
    LC_MONETARY = "fr_FR.utf8";
    LC_NAME = "fr_FR.utf8";
    LC_NUMERIC = "fr_FR.utf8";
    LC_PAPER = "fr_FR.utf8";
    LC_TELEPHONE = "fr_FR.utf8";
    LC_TIME = "fr_FR.utf8";
  };

  console = {
    font = "sun12x22";
    keyMap = "fr";
  };

  # ---- network config ----

  networking.networkmanager.enable = true;

  networking.stevenblack.enable = true;   # adware+malware blocklist

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    2022  # openssh
    22000 # syncthing
  ];
  networking.firewall.allowedUDPPorts = [
    22000 # syncthing
  ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # ---- apps config ----

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Configure keymap in X11
  services.xserver.xkb.layout = "fr-custom-lx,ergol-lx";
  services.xserver.xkb.options = "terminate:ctrl_alt_bksp,caps:escape";
  services.xserver.xkb.extraLayouts = {
    "fr-custom-lx" = {
      description = "French (LX custom azerty)";
      languages = ["fre"];
      symbolsFile = ../xkb/symbols/fr-custom-lx;
    };
    "ergol" = {
      description = "Ergol";
      languages = ["fre"];
      symbolsFile = ../xkb/symbols/ergol-07;
    };
    "ergol-lx" = {
      description = "Ergol LX";
      languages = ["fre"];
      symbolsFile = ../xkb/symbols/ergol-07-lx;
    };
  };

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;

  # Enable logitech unifying reciever support
  hardware.logitech.wireless.enable = true;
  hardware.logitech.wireless.enableGraphical = true;

  # -------------------- users ---------------------

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.lx = {
    isNormalUser = true;
    description = "Alex";
    extraGroups = [
      "networkmanager"
      "wheel"
      "yggdrasil"
      "plugdev"
      "dialout"
      "kvm"
      "libvirtd"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw+IIX8+lZX9RrHAbwi/bncLYStXpI4EmK3AUcqPY2O"
    ];
  };

  # -------------------- yea openssh ---------------------

  services.openssh = {
    enable = true;
    ports = [ 2022 ];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
  };

  # -------------------- packages ---------------------

  nixpkgs.config.allowUnfree = true;

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
  nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
  '';

  nixpkgs.overlays = [
    # fix jellyfin media player to not try to use wayland-egl backend
    (self: super: {
      jellyfin-media-player = pkgs.symlinkJoin {
        name = "jellyfin-media-player";
        paths = [ super.jellyfin-media-player ];
        buildInputs = [ pkgs.makeWrapper ];
        postBuild = ''
          wrapProgram $out/bin/jellyfinmediaplayer --set QT_QPA_PLATFORM xcb
        '';
      };
    })
  ];

  # ---- config for japanese (thx functor.tokyo)

  fonts.packages = with pkgs; [
    profont
    symbola
    font-awesome
    inconsolata

    ipafont
    kochi-substitute
  ];

  fonts.fontconfig.defaultFonts = {
    monospace = [
      "DejaVu Sans Mono"
      "IPAGothic"
    ];
    sansSerif = [
      "DejaVu Sans"
      "IPAPGothic"
    ];
    serif = [
      "DejaVu Serif"
      "IPAPMincho"
    ];
  };

  # ----

  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
    "electron-27.3.11"
    "python3.11-youtube-dl-2021.12.17"
  ];

  environment.systemPackages = with pkgs; [
    home-manager

    vim
    nixpkgs-fmt
    nix-index
    aspell
    hunspell
    aspellDicts.fr
    aspellDicts.en
    hunspellDicts.fr-any
    hunspellDicts.en-us-large
    hunspellDicts.en-gb-large
    tmux
    git
    git-lfs
    pass
    openssl
    pkg-config
    htop
    i7z
    zip
    unzip
    unrar
    powertop
    iotop
    jnettop
    nethogs
    mtr
    moreutils
    nvme-cli
    smartmontools
    speedtest-cli
    socat
    mc
    ncdu
    dfc
    wget
    gcc
    gnumake
    clang
    rustc
    rustfmt
    rust-analyzer
    mold
    cargo
    clippy
    difftastic
    sqlite
    virtualenv
    scc
    rclone
    restic
    borgbackup
    nomad
    consul
    drone-cli
    hugo
    zola
    jq
    python3Full
    ffmpeg
    gnupg
    dig
    netcat
    inetutils
    pciutils
    file
    distrobox
    killall
    gomuks
    beets

    alacritty
    firefox
    qutebrowser
    tor-browser-bundle-bin
    lagrange
    thunderbird
    qbittorrent
    transmission-remote-gtk
    keepassxc
    vlc
    mpv
    spotify
    sonixd
    supersonic
    jellyfin-media-player
    element-desktop
    dino
    signal-desktop
    #gimp
    inkscape
    krita
    gthumb
    ghostscript
    mupdf
    llpp
    xournalpp
    pdfarranger
    homebank
    nicotine-plus
    logseq
    gnome.seahorse
    gqrx
    sdrpp
    virt-manager
    tagainijisho
    anki
    lollypop

	(st.overrideAttrs (oldAttrs: rec {
	  patches = [
        #../st/st-colorschemes-0.8.5.diff
        #../st/st-copyurl-0.8.4.diff
	  ];
	  configFile = writeText "config.def.h" (builtins.readFile ../st/config.h);
	  postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
	}))

  ];

  programs.dconf.enable = true; # virt-manager requires dconf to remember settings

  programs.vim.defaultEditor = true;

  programs.steam = {
    enable = true;
    remotePlay.openFirewall =
      true; # Open ports in the firewall for Steam Remote Play
    dedicatedServer.openFirewall =
      true; # Open ports in the firewall for Source Dedicated Server
  };

  programs.mtr.enable = true;

  # ---- fancy networks and stuff ----

  services.yggdrasil = {
    enable = true;
    persistentKeys = true;
    settings = {
      Peers = [
        "tls://37.187.118.206:53103"
        "tls://ygg.mkg20001.io:443"
        "tls://54.36.100.60:34219"
      ];
    };
  };

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}