cleanup

application-configuration.nix

@@ -3,7 +3,7 @@
   users.users.caleb = {
     packages = with pkgs;
       [
-        ## apps
+        # apps
         firefox
         kate
         qalculate-qt
@@ -16,18 +16,20 @@
         monero-gui
         tor-browser-bundle-bin
         yubikey-manager-qt
-        gparted
-        hashcat
-
-        ##flatpak
-        flatpak
-        gnome.gnome-software
+        libsForQt5.kdeconnect-kde
       ];
   };
 
-  environment.systemPackages = with pkgs; [
-    openjdk8
+  # kde connect
+  networking.firewall = {
+    enable = true;
+    allowedTCPPortRanges = [
+      { from = 1714; to = 1764; } # KDE Connect
     ];
+    allowedUDPPortRanges = [
+      { from = 1714; to = 1764; } # KDE Connect
+    ];
+  };
 
   # install Steam
   programs.steam = {
@@ -38,7 +40,3 @@
 
   # yubikey
   services.pcscd.enable = true;
-
-  # flatpak for bluebubbles client
-  services.flatpak.enable = true;
-}

configuration.nix

@@ -8,10 +8,7 @@
       ./networking-configuration.nix
       ./application-configuration.nix
       ./software-development-configuration.nix
-      ./school-configuration.nix
-      ./virtualisation-configuration.nix
       ./faf-linux.nix
-      ./winapps.nix
     ];
 
   # Set time zone.
@@ -39,7 +36,6 @@
     driSupport32Bit = true;
   };
 
-  # Allow unfree and insecure packages
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
     "vista-fonts"
     "corefonts"
@@ -47,8 +43,6 @@
     "steam"
     "steam-original"
     "steam-run"
-    "vscode-extension-ms-vscode-cpptools"
-    "vscode-extension-ms-vscode-remote-remote-ssh"
 
     "nvidia-x11"
     "nvidia-settings"
@@ -56,7 +50,8 @@
 
     "vscode"
     "code"
-    "Oracle_VM_VirtualBox_Extension_Pack"
+    "vscode-extension-ms-vscode-cpptools"
+    "vscode-extension-ms-vscode-remote-remote-ssh"
   ];
 
   # Enable the X11 windowing system.
@@ -64,14 +59,14 @@
   services.xserver.videoDrivers = [ "nvidia" ];
 
   # Enable the KDE Plasma Desktop Environment.
-  services.xserver.displayManager.sddm.enable = true;
+  services.displayManager.sddm.enable = true;
   services.xserver.desktopManager.plasma5.enable = true;
 
   # fonts
   fonts.packages = with pkgs; [
     vistafonts
     corefonts
-    nerdfonts # nvcahd dependency
+    nerdfonts # nvchad dependency
   ];
 
   # Enable sound with pipewire.
@@ -85,7 +80,7 @@
     pulse.enable = true;
   };
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # Define a user account.
   users.users.caleb = {
     isNormalUser = true;
     description = "caleb";
@@ -137,14 +132,14 @@
 
   # remote build
   nix.buildMachines = [
-    /* {
+    {
       hostName = "talos";
       system = "x86_64-linux";
       protocol = "ssh-ng";
-      speedFactor = 4;
+      speedFactor = 2;
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       mandatoryFeatures = [ ];
-    } */
+    }
     {
       hostName = "january";
       system = "x86_64-linux";
@@ -153,14 +148,6 @@
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       mandatoryFeatures = [ ];
     }
-    /* {
-      hostName = "pubnix";
-      system = "x86_64-linux";
-      protocol = "ssh-ng";
-      speedFactor = 2;
-      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      mandatoryFeatures = [ ];
-    } */
   ];
   nix.distributedBuilds = true;
   # optional, useful when the builder has a faster internet connection than yours

networking-configuration.nix

@@ -11,10 +11,46 @@
   systemd.services.NetworkManager-wait-online.enable = false; #disable wait online since it is broken
   hardware.bluetooth.enable = true;
 
+  # Enable encrypted DNS
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+    };
+  };
+  systemd.services.dnscrypt-proxy2.serviceConfig = {
+    StateDirectory = "dnscrypt-proxy";
+  };
+
   # Enable mullvad vpn
   services.mullvad-vpn.package = pkgs.mullvad-vpn;
   services.mullvad-vpn.enable = true;
 
   # Enable tailscale
   services.tailscale.enable = true;
+
+  # exclude tailscale IPs from mullvad routing
+  networking.nftables = {
+    enable = true;
+    ruleset = ''
+      define TAILNET_DNS = {
+        100.100.100.100,
+        9.9.9.9
+      }
+      define TAILNET_IPV4 = {
+        100.64.0.0/10
+      }
+      define TAILNET_IPV6 = {
+        fd7a:115c:a1e0::/48
+      }
+      table inet excludeTraffic {
+        chain excludeDns {
+          type filter hook output priority -10; policy accept;
+          ip daddr $TAILNET_DNS udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+          ip daddr $TAILNET_DNS tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+      }
+    '';
+  };
 }

school-configuration.nix

@@ -1,30 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    nmap
-    wireshark
-    libstdcxx5
-  ];
-
-  users.users.caleb.packages = with pkgs; [
-    uhd
-  ];
-
-  services.udev.extraRules = ''
-    #USRP1
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="fffe", ATTRS{idProduct}=="0002", MODE:="0666"
-
-    #B100
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0002", MODE:="0666"
-
-    #B200
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0020", MODE:="0666"
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0021", MODE:="0666"
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0022", MODE:="0666"
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="3923", ATTRS{idProduct}=="7813", MODE:="0666"
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="3923", ATTRS{idProduct}=="7814", MODE:="0666"
-  '';
-
-  #virtualisation.virtualbox.host.enable = true;
-  #users.extraGroups.vboxusers.members = [ "caleb" ];
-}

surfacebook-configuration.nix

@@ -1,15 +1,4 @@
 { config, lib, pkgs, ... }:
-
-# nvidia-offload script
-let
-  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
-    export __NV_PRIME_RENDER_OFFLOAD=1
-    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
-    export __GLX_VENDOR_LIBRARY_NAME=nvidia
-    export __VK_LAYER_NV_optimus=NVIDIA_only
-    exec "$@"
-  '';
-in
 {
   imports =
     [
@@ -25,7 +14,7 @@ in
   # Nvidia driver setup
   hardware.nvidia = {
     modesetting.enable = true;
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
     nvidiaSettings = true;
     powerManagement = {
       enable = true;

virtualisation-configuration.nix

@@ -1,43 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    podman-compose
-    docker-compose
-
-  ];
-
-  virtualisation = {
-    podman = {
-      enable = true;
-      defaultNetwork.settings.dns_enabled = true;
-    };
-
-    docker = {
-      enable = true;
-      rootless = {
-        enable = true;
-        setSocketVariable = true;      
-      };
-    };
-
-    # enable libvirt
-    libvirtd = {
-      enable = true;
-      qemu = {
-        package = pkgs.qemu_kvm;
-        runAsRoot = true;
-        swtpm.enable = true;
-        ovmf = {
-          enable = true;
-          packages = [(pkgs.OVMF.override {
-            secureBoot = true;
-            tpmSupport = true;
-          }).fd];
-        };
-      };
-    };
-  };
-  users.users.caleb = {
-    extraGroups = [ "libvirtd" "docker" ];
-  };
-}

winapps.nix

@@ -1,7 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    freerdp
-    bc
-  ];
-}