materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-06-18 16:37:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
nixos-config/nix-config/host/oldie/configuration.nix
materus 65f9c1bb9d
oldie: more updates
2026-06-14 09:07:33 +02:00

462 lines
12 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
materusArgs,
mkk,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.tmp.useTmpfs = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
device = "nodev";
useOSProber = true;
memtest86.enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
libva-vdpau-driver
nvidia-vaapi-driver
libvdpau-va-gl
];
extraPackages32 = with pkgs; [
libva-vdpau-driver
nvidia-vaapi-driver
libvdpau-va-gl
];
};
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
networking.hostName = "oldie"; # Define your hostname.
environment.systemPackages = with pkgs; [
neovim
nano
fastfetch
brave
];
environment.enableAllTerminfo = true;
environment.pathsToLink = [
"/share/zsh"
"/share/bash-completion"
"/share/fish"
];
# Configure network connections interactively with nmcli or nmtui.
networking.networkmanager.enable = true;
programs.firefox.enable = true;
programs.java.enable = true;
services.flatpak.enable = true;
hardware.bluetooth.enable = true;
services.gvfs.enable = true;
programs.kdeconnect.enable = true;
services.fstrim = {
enable = true;
interval = "weekly";
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
extraPackages = with pkgs; [
vlc
libva
libva-utils
libva-vdpau-driver
mesa
mesa-demos
libvdpau-va-gl
nss
materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
];
extraCompatPackages = [
pkgs.proton-ge-bin
];
package = pkgs.steam.override {
extraEnv = {
PRESSURE_VESSEL_FILESYSTEMS_RW = "\${XDG_RUNTIME_DIR}/wivrn/comp_ipc";
#PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES="1";
};
extraLibraries =
p: with p; [
];
};
};
fonts.packages = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
pkgs.noto-fonts
pkgs.noto-fonts-color-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
pkgs.nerd-fonts.hack
pkgs.ubuntu-classic
pkgs.monocraft
pkgs.nerd-fonts.droid-sans-mono
pkgs.nerd-fonts.meslo-lg
pkgs.nerd-fonts.profont
pkgs.nerd-fonts.fira-code
];
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [
"Noto Sans"
"DejaVu Sans"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.serif = [
"Noto Serif"
"DejaVu Serif"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.emoji = [
"Noto Color Emoji"
"OpenMoji Color"
];
fonts.fontconfig.defaultFonts.monospace = [
"Hack Nerd Font"
"Noto Sans Mono"
"WenQuanYi Zen Hei Mono"
];
fonts.fontDir.enable = lib.mkDefault true;
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
};
# Set your time zone.
time.timeZone = "Europe/Warsaw";
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"scanner"
"lp"
];
#shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
#openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
#hashedPasswordFile = config.sops.secrets."users/materus".path;
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
users.defaultUserShell = pkgs.zsh;
programs.zsh = {
enable = true;
enableGlobalCompInit = false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = "";
};
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "pl";
useXkbConfig = false; # use xkb.options in tty.
};
programs.git = {
enable = true;
lfs.enable = true;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
# Enable the X11 windowing system.
services.xserver.enable = false;
services.displayManager = {
autoLogin.enable = true;
autoLogin.user = "materus";
plasma-login-manager.enable = true;
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
environment.plasma6.excludePackages = with pkgs.kdePackages; [
kwallet
kwalletmanager
kwallet-pam
];
programs.ssh.startAgent = true;
services.syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
jack.enable = true;
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [ "\${XDG_BIN_HOME}" ];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then ${pkgs.xhost}/bin/xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then ${pkgs.xhost}/bin/xhost +si:localuser:$USER &> /dev/null; fi;
'';
security.sudo = {
enable = true;
extraConfig = ''
Defaults pwfeedback
'';
};
i18n.inputMethod.enable = true;
i18n.inputMethod.type = "fcitx5";
i18n.inputMethod.fcitx5.addons = [
pkgs.qt6Packages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.kdePackages.fcitx5-qt
];
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# tree
# ];
# };
# programs.firefox.enable = true;
# List packages installed in system profile.
# You can use https://search.nixos.org/ to find more packages (and options).
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
24800
5900
5357
4656
#region Syncthing
22000
config.services.syncthing.relay.statusPort
config.services.syncthing.relay.port
#endregion
];
networking.firewall.allowedUDPPorts = [
24800
5900
3702
4656
#region Syncthing
22000
21027
#endregion
];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
hardware.uinput.enable = true;
hardware.steam-hardware.enable = true;
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "PodKos";
type = "wireguard";
interface-name = "wg-podkos";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${mkk.wireguard.peers.valkyrie.pubKey}" = {
endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
allowed-ips = "${mkk.wireguard.ip-masks.main};${mkk.wireguard.ip-masks.guest};${mkk.wireguard.ip-masks.asia};${mkk.wireguard.peers.valkyrie.ip}/32;";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${mkk.wireguard.peers.oldie.ip}/32";
dns = "${mkk.wireguard.peers.valkyrie.ip};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "26.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink