summaryrefslogblamecommitdiff
path: root/nixos/common.nix
blob: f71e3c70424613c769d539b57ea2976f0ef3101e (plain) (tree)
1
2
3
4
5
6
7
8
9


                      



             
                                         
                              
 
















                                     
                  

    



                                          



                                                                                                     

                               











                                                 


                                   



                                                

                                         
                   









                                         


                                    
                           
                                           
                                                                      



                                                  
    

                                   
                                  








                                     
                       

    
                  

                                 


                                                                     


                                        

                                                    



                                                                            




                      
               
           
                
      

                                                                                        
                                                                                        











                                                          

    

                                                       
                                    
                                             

                                                                  

                                                                                                              



                           
 













                                                                            

                                                
                            
           
           
                
               


                    
    














                                   
        


                                           

       
          
             






                             


           

           
              
        
       

         


            
           
            
                 
                 
         
      

        
        

           


           
                 

          
          
              
       
          

              

          
             

        
      
               
          

         
             
            
        
             
           
          
 


               
                          
            
               

                           
             

       
           
          
                         
                   


            
                  


            
               
         
        
             
               
                    
            

                  
        
         
         
                
                
        









                                                                                   
    
 

                                                                                  

                                    

                    



                                                                    

    
                             
 


                                   


                          
                                                             

    



                                                                           
                                        







                                                                             

 
{ config, pkgs, ... }:

{
  imports = [
    ./bnc.nix
  ];

  boot.supportedFilesystems = [ "ntfs" ];
  boot.tmp.cleanOnBoot = true;

  time.timeZone = "Europe/Paris";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.utf8";
    LC_IDENTIFICATION = "fr_FR.utf8";
    LC_MEASUREMENT = "fr_FR.utf8";
    LC_MONETARY = "fr_FR.utf8";
    LC_NAME = "fr_FR.utf8";
    LC_NUMERIC = "fr_FR.utf8";
    LC_PAPER = "fr_FR.utf8";
    LC_TELEPHONE = "fr_FR.utf8";
    LC_TIME = "fr_FR.utf8";
  };

  console = {
    font = "sun12x22";
    keyMap = "fr";
  };

  # ---- network config ----

  networking.networkmanager.enable = true;

  services.unbound =
  let
    alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ];
  in {
    enable = true;
    resolveLocalQueries = true;
    settings = {
      server = {
        log-servfail = true;
        domain-insecure = alfisTld;
      };
      forward-zone = map (tld: {
          name = tld;
          forward-addr = "324:71e:281a:9ed3::53";
          forward-tcp-upstream = false;
          forward-tls-upstream = false;
        }) alfisTld;
    };
  };
  services.resolved.enable = false;

  networking.extraHosts = ''
    201:8c16:538b:891c:96cb:c8f6:40dd:125d lindy
  '';

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    2022  # openssh
    22000 # syncthing
  ];
  networking.firewall.allowedUDPPorts = [
    22000 # syncthing
  ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # ---- apps config ----

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Configure keymap in X11
  services.xserver.layout = "fr-custom-lx";
  services.xserver.xkbOptions = "terminate:ctrl_alt_bksp,caps:escape";
  services.xserver.extraLayouts."fr-custom-lx" = {
    description = "French (LX custom azerty)";
    languages = ["fre"];
    symbolsFile = ../xkb/symbols/fr-custom-lx;
  };

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };

  # Enable RTL-SDR
  hardware.rtl-sdr.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  services.xserver.libinput.enable = true;

  # Enable libvirt
  virtualisation.libvirtd.enable = true;

  # -------------------- users ---------------------

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.lx = {
    isNormalUser = true;
    description = "Alex";
    extraGroups = [
      "networkmanager"
      "wheel"
      "yggdrasil"
      "plugdev"
      "dialout"
      "kvm"
      "libvirtd"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw+IIX8+lZX9RrHAbwi/bncLYStXpI4EmK3AUcqPY2O"
    ];
  };

  # -------------------- yea openssh ---------------------

  services.openssh = {
    enable = true;
    ports = [ 2022 ];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
  };

  # -------------------- packages ---------------------

  nixpkgs.config.allowUnfree = true;
  nix.gc.automatic = pkgs.lib.mkDefault true;
  nix.gc.options = "--delete-older-than 30d";
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
  nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
  '';

  nixpkgs.overlays = [
    # fix jellyfin media player to not try to use wayland-egl backend
    (self: super: {
      jellyfin-media-player = pkgs.symlinkJoin {
        name = "jellyfin-media-player";
        paths = [ super.jellyfin-media-player ];
        buildInputs = [ pkgs.makeWrapper ];
        postBuild = ''
          wrapProgram $out/bin/jellyfinmediaplayer --set QT_QPA_PLATFORM xcb
        '';
      };
    })
  ];

  # ---- config for japanese (thx functor.tokyo)

  fonts.fonts = with pkgs; [
    profont
    symbola
    font-awesome
    inconsolata

    ipafont
    kochi-substitute
  ];
  fonts.fontconfig.defaultFonts = {
    monospace = [
      "DejaVu Sans Mono"
      "IPAGothic"
    ];
    sansSerif = [
      "DejaVu Sans"
      "IPAPGothic"
    ];
    serif = [
      "DejaVu Serif"
      "IPAPMincho"
    ];
  };

  # ----

  environment.systemPackages = with pkgs; [
    home-manager

    vim
    nixfmt
    nix-index
    aspell
    hunspell
    aspellDicts.fr
    aspellDicts.en
    hunspellDicts.fr-any
    hunspellDicts.en-us-large
    hunspellDicts.en-gb-large
    tmux
    git
    git-lfs
    pass
    openssl
    pkg-config
    htop
    i7z
    zip
    unzip
    powertop
    iotop
    jnettop
    nethogs
    nvme-cli
    smartmontools
    speedtest-cli
    socat
    mc
    ncdu
    dfc
    wget
    gcc
    gnumake
    clang
    rustc
    rustfmt
    rust-analyzer
    cargo
    clippy
    sqlite
    virtualenv
    scc
    rclone
    restic
    borgbackup
    nomad
    consul
    drone-cli
    hugo
    zola
    jq
    python3Full
    ffmpeg
    gnupg
    dig
    inetutils
    pciutils
    file
    distrobox
    killall
    gomuks

    alacritty
    firefox
    qutebrowser
    tor-browser-bundle-bin
    lagrange
    thunderbird
    qbittorrent
    transmission-remote-gtk
    keepassxc
    vlc
    mpv
    spotify
    sonixd
    jellyfin-media-player
    element-desktop
    #nheko
    #neochat
    dino
    signal-desktop
    gimp
    inkscape
    krita
    ghostscript
    mupdf
    llpp
    xournalpp
    pdfarranger
    nextcloud-client
    homebank
    nicotine-plus
    gnome.seahorse
    gqrx
    sdrpp
    #qgis
    virt-manager
    tagainijisho
    anki

	(st.overrideAttrs (oldAttrs: rec {
	  patches = [
        #../st/st-colorschemes-0.8.5.diff
        #../st/st-copyurl-0.8.4.diff
	  ];
	  configFile = writeText "config.def.h" (builtins.readFile ../st/config.h);
	  postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
	}))

  ];

  programs.dconf.enable = true; # virt-manager requires dconf to remember settings

  programs.vim.defaultEditor = true;

  programs.steam = {
    enable = true;
    remotePlay.openFirewall =
      true; # Open ports in the firewall for Steam Remote Play
    dedicatedServer.openFirewall =
      true; # Open ports in the firewall for Source Dedicated Server
  };

  programs.mtr.enable = true;

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  services.yggdrasil = {
    enable = true;
    persistentKeys = true;
    settings = { Peers = [ "tls://37.187.118.206:53103" ]; };
  };


  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}