{ config, pkgs, ... }: let compiledXkbLayout = pkgs.runCommand "keyboard-layout" {} '' ${pkgs.xorg.xkbcomp}/bin/xkbcomp ${../xkb/symbols/custom-fr} $out ''; in { imports = [ ./bnc.nix ]; boot.supportedFilesystems = [ "ntfs" ]; boot.tmp.cleanOnBoot = true; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "fr_FR.utf8"; LC_IDENTIFICATION = "fr_FR.utf8"; LC_MEASUREMENT = "fr_FR.utf8"; LC_MONETARY = "fr_FR.utf8"; LC_NAME = "fr_FR.utf8"; LC_NUMERIC = "fr_FR.utf8"; LC_PAPER = "fr_FR.utf8"; LC_TELEPHONE = "fr_FR.utf8"; LC_TIME = "fr_FR.utf8"; }; console = { font = "sun12x22"; keyMap = "fr"; }; # ---- network config ---- networking.networkmanager.enable = true; services.unbound = let alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ]; in { enable = true; resolveLocalQueries = true; settings = { server = { log-servfail = true; domain-insecure = alfisTld; }; forward-zone = map (tld: { name = tld; forward-addr = "324:71e:281a:9ed3::53"; forward-tcp-upstream = false; forward-tls-upstream = false; }) alfisTld; }; }; services.resolved.enable = false; networking.extraHosts = '' 201:8c16:538b:891c:96cb:c8f6:40dd:125d lindy ''; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 2022 # openssh 22000 # syncthing ]; networking.firewall.allowedUDPPorts = [ 22000 # syncthing ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # ---- apps config ---- # Enable the X11 windowing system. services.xserver.enable = true; # Configure keymap in X11 services.xserver.layout = "fr-custom-lx"; #services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xkbcomp}/bin/xkbcomp ${compiledXkbLayout} $DISPLAY"; services.xserver.xkbOptions = "caps:escape"; services.xserver.extraLayouts."fr-custom-lx" = { description = "French (LX custom azerty)"; languages = ["fre"]; symbolsFile = ../xkb/symbols/fr-custom-lx; }; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # Enable RTL-SDR hardware.rtl-sdr.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; # -------------------- users --------------------- # Define a user account. Don't forget to set a password with ‘passwd’. users.users.lx = { isNormalUser = true; description = "Alex"; extraGroups = [ "networkmanager" "wheel" "yggdrasil" "plugdev" "dialout" "kvm" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw+IIX8+lZX9RrHAbwi/bncLYStXpI4EmK3AUcqPY2O" ]; }; # -------------------- yea openssh --------------------- services.openssh = { enable = true; ports = [ 2022 ]; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; # -------------------- packages --------------------- nixpkgs.config.allowUnfree = true; nix.gc.automatic = pkgs.lib.mkDefault true; nix.gc.options = "--delete-older-than 30d"; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ]; nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ]; nix.extraOptions = '' keep-outputs = true keep-derivations = true ''; nixpkgs.overlays = [ # fix jellyfin media player to not try to use wayland-egl backend (self: super: { jellyfin-media-player = pkgs.symlinkJoin { name = "jellyfin-media-player"; paths = [ super.jellyfin-media-player ]; buildInputs = [ pkgs.makeWrapper ]; postBuild = '' wrapProgram $out/bin/jellyfinmediaplayer --set QT_QPA_PLATFORM xcb ''; }; }) ]; fonts.fonts = with pkgs; [ profont symbola ipafont hanazono takao font-awesome ]; environment.systemPackages = with pkgs; [ home-manager vim nixfmt nix-index aspell hunspell aspellDicts.fr aspellDicts.en hunspellDicts.fr-any hunspellDicts.en-us-large hunspellDicts.en-gb-large tmux git git-lfs pass openssl pkg-config htop i7z zip unzip powertop iotop jnettop nethogs nvme-cli smartmontools speedtest-cli socat mc ncdu dfc wget gcc gnumake clang rustc rustfmt rust-analyzer cargo clippy virtualenv scc rclone restic borgbackup nomad consul drone-cli hugo zola jq python3Full ffmpeg gnupg dig inetutils file distrobox killall gomuks alacritty firefox qutebrowser tor-browser-bundle-bin lagrange thunderbird qbittorrent transmission-remote-gtk keepassxc vlc mpv spotify sonixd jellyfin-media-player nheko neochat dino element-desktop signal-desktop gimp inkscape krita ghostscript mupdf llpp xournalpp pdfarranger nextcloud-client homebank nicotine-plus gnome.seahorse gqrx sdrpp qgis virt-manager tagainijisho (st.overrideAttrs (oldAttrs: rec { patches = [ #../st/st-colorschemes-0.8.5.diff #../st/st-copyurl-0.8.4.diff ]; configFile = writeText "config.def.h" (builtins.readFile ../st/config.h); postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h"; })) ]; programs.vim.defaultEditor = true; programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; programs.mtr.enable = true; # Enable the OpenSSH daemon. # services.openssh.enable = true; services.yggdrasil = { enable = true; persistentKeys = true; settings = { Peers = [ "tls://37.187.118.206:53103" ]; }; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }