Compare commits
No commits in common. "677ec570dbad28a8572ce8404cf66453402473c2" and "01c90737fc794306953339c0d66aba6f8df61617" have entirely different histories.
677ec570db
...
01c90737fc
|
@ -3,7 +3,7 @@
|
||||||
users.users.caleb = {
|
users.users.caleb = {
|
||||||
packages = with pkgs;
|
packages = with pkgs;
|
||||||
[
|
[
|
||||||
# apps
|
## apps
|
||||||
firefox
|
firefox
|
||||||
kate
|
kate
|
||||||
qalculate-qt
|
qalculate-qt
|
||||||
|
@ -16,20 +16,18 @@
|
||||||
monero-gui
|
monero-gui
|
||||||
tor-browser-bundle-bin
|
tor-browser-bundle-bin
|
||||||
yubikey-manager-qt
|
yubikey-manager-qt
|
||||||
libsForQt5.kdeconnect-kde
|
gparted
|
||||||
|
hashcat
|
||||||
|
|
||||||
|
##flatpak
|
||||||
|
flatpak
|
||||||
|
gnome.gnome-software
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# kde connect
|
environment.systemPackages = with pkgs; [
|
||||||
networking.firewall = {
|
openjdk8
|
||||||
enable = true;
|
|
||||||
allowedTCPPortRanges = [
|
|
||||||
{ from = 1714; to = 1764; } # KDE Connect
|
|
||||||
];
|
];
|
||||||
allowedUDPPortRanges = [
|
|
||||||
{ from = 1714; to = 1764; } # KDE Connect
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# install Steam
|
# install Steam
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
|
@ -40,3 +38,7 @@
|
||||||
|
|
||||||
# yubikey
|
# yubikey
|
||||||
services.pcscd.enable = true;
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
|
# flatpak for bluebubbles client
|
||||||
|
services.flatpak.enable = true;
|
||||||
|
}
|
||||||
|
|
|
@ -8,7 +8,10 @@
|
||||||
./networking-configuration.nix
|
./networking-configuration.nix
|
||||||
./application-configuration.nix
|
./application-configuration.nix
|
||||||
./software-development-configuration.nix
|
./software-development-configuration.nix
|
||||||
|
./school-configuration.nix
|
||||||
|
./virtualisation-configuration.nix
|
||||||
./faf-linux.nix
|
./faf-linux.nix
|
||||||
|
./winapps.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Set time zone.
|
# Set time zone.
|
||||||
|
@ -36,6 +39,7 @@
|
||||||
driSupport32Bit = true;
|
driSupport32Bit = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Allow unfree and insecure packages
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
"vista-fonts"
|
"vista-fonts"
|
||||||
"corefonts"
|
"corefonts"
|
||||||
|
@ -43,6 +47,8 @@
|
||||||
"steam"
|
"steam"
|
||||||
"steam-original"
|
"steam-original"
|
||||||
"steam-run"
|
"steam-run"
|
||||||
|
"vscode-extension-ms-vscode-cpptools"
|
||||||
|
"vscode-extension-ms-vscode-remote-remote-ssh"
|
||||||
|
|
||||||
"nvidia-x11"
|
"nvidia-x11"
|
||||||
"nvidia-settings"
|
"nvidia-settings"
|
||||||
|
@ -50,8 +56,7 @@
|
||||||
|
|
||||||
"vscode"
|
"vscode"
|
||||||
"code"
|
"code"
|
||||||
"vscode-extension-ms-vscode-cpptools"
|
"Oracle_VM_VirtualBox_Extension_Pack"
|
||||||
"vscode-extension-ms-vscode-remote-remote-ssh"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
|
@ -59,14 +64,14 @@
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
|
||||||
# Enable the KDE Plasma Desktop Environment.
|
# Enable the KDE Plasma Desktop Environment.
|
||||||
services.displayManager.sddm.enable = true;
|
services.xserver.displayManager.sddm.enable = true;
|
||||||
services.xserver.desktopManager.plasma5.enable = true;
|
services.xserver.desktopManager.plasma5.enable = true;
|
||||||
|
|
||||||
# fonts
|
# fonts
|
||||||
fonts.packages = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
vistafonts
|
vistafonts
|
||||||
corefonts
|
corefonts
|
||||||
nerdfonts # nvchad dependency
|
nerdfonts # nvcahd dependency
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable sound with pipewire.
|
# Enable sound with pipewire.
|
||||||
|
@ -80,7 +85,7 @@
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Define a user account.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.caleb = {
|
users.users.caleb = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "caleb";
|
description = "caleb";
|
||||||
|
@ -132,14 +137,14 @@
|
||||||
|
|
||||||
# remote build
|
# remote build
|
||||||
nix.buildMachines = [
|
nix.buildMachines = [
|
||||||
{
|
/* {
|
||||||
hostName = "talos";
|
hostName = "talos";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
protocol = "ssh-ng";
|
protocol = "ssh-ng";
|
||||||
speedFactor = 2;
|
speedFactor = 4;
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
}
|
} */
|
||||||
{
|
{
|
||||||
hostName = "january";
|
hostName = "january";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -148,6 +153,14 @@
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
}
|
}
|
||||||
|
/* {
|
||||||
|
hostName = "pubnix";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
protocol = "ssh-ng";
|
||||||
|
speedFactor = 2;
|
||||||
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
mandatoryFeatures = [ ];
|
||||||
|
} */
|
||||||
];
|
];
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
# optional, useful when the builder has a faster internet connection than yours
|
# optional, useful when the builder has a faster internet connection than yours
|
||||||
|
|
|
@ -11,46 +11,10 @@
|
||||||
systemd.services.NetworkManager-wait-online.enable = false; #disable wait online since it is broken
|
systemd.services.NetworkManager-wait-online.enable = false; #disable wait online since it is broken
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
|
|
||||||
# Enable encrypted DNS
|
|
||||||
services.dnscrypt-proxy2 = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
ipv6_servers = true;
|
|
||||||
require_dnssec = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.dnscrypt-proxy2.serviceConfig = {
|
|
||||||
StateDirectory = "dnscrypt-proxy";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable mullvad vpn
|
# Enable mullvad vpn
|
||||||
services.mullvad-vpn.package = pkgs.mullvad-vpn;
|
services.mullvad-vpn.package = pkgs.mullvad-vpn;
|
||||||
services.mullvad-vpn.enable = true;
|
services.mullvad-vpn.enable = true;
|
||||||
|
|
||||||
# Enable tailscale
|
# Enable tailscale
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
# exclude tailscale IPs from mullvad routing
|
|
||||||
networking.nftables = {
|
|
||||||
enable = true;
|
|
||||||
ruleset = ''
|
|
||||||
define TAILNET_DNS = {
|
|
||||||
100.100.100.100,
|
|
||||||
9.9.9.9
|
|
||||||
}
|
|
||||||
define TAILNET_IPV4 = {
|
|
||||||
100.64.0.0/10
|
|
||||||
}
|
|
||||||
define TAILNET_IPV6 = {
|
|
||||||
fd7a:115c:a1e0::/48
|
|
||||||
}
|
|
||||||
table inet excludeTraffic {
|
|
||||||
chain excludeDns {
|
|
||||||
type filter hook output priority -10; policy accept;
|
|
||||||
ip daddr $TAILNET_DNS udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
|
|
||||||
ip daddr $TAILNET_DNS tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
}
|
30
school-configuration.nix
Normal file
30
school-configuration.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
nmap
|
||||||
|
wireshark
|
||||||
|
libstdcxx5
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.caleb.packages = with pkgs; [
|
||||||
|
uhd
|
||||||
|
];
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
#USRP1
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="fffe", ATTRS{idProduct}=="0002", MODE:="0666"
|
||||||
|
|
||||||
|
#B100
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0002", MODE:="0666"
|
||||||
|
|
||||||
|
#B200
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0020", MODE:="0666"
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0021", MODE:="0666"
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2500", ATTRS{idProduct}=="0022", MODE:="0666"
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="3923", ATTRS{idProduct}=="7813", MODE:="0666"
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="3923", ATTRS{idProduct}=="7814", MODE:="0666"
|
||||||
|
'';
|
||||||
|
|
||||||
|
#virtualisation.virtualbox.host.enable = true;
|
||||||
|
#users.extraGroups.vboxusers.members = [ "caleb" ];
|
||||||
|
}
|
|
@ -1,4 +1,15 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# nvidia-offload script
|
||||||
|
let
|
||||||
|
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||||
|
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||||
|
export __VK_LAYER_NV_optimus=NVIDIA_only
|
||||||
|
exec "$@"
|
||||||
|
'';
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -14,7 +25,7 @@
|
||||||
# Nvidia driver setup
|
# Nvidia driver setup
|
||||||
hardware.nvidia = {
|
hardware.nvidia = {
|
||||||
modesetting.enable = true;
|
modesetting.enable = true;
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
package = config.boot.kernelPackages.nvidiaPackages.latest;
|
||||||
nvidiaSettings = true;
|
nvidiaSettings = true;
|
||||||
powerManagement = {
|
powerManagement = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
43
virtualisation-configuration.nix
Normal file
43
virtualisation-configuration.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
podman-compose
|
||||||
|
docker-compose
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
podman = {
|
||||||
|
enable = true;
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
docker = {
|
||||||
|
enable = true;
|
||||||
|
rootless = {
|
||||||
|
enable = true;
|
||||||
|
setSocketVariable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# enable libvirt
|
||||||
|
libvirtd = {
|
||||||
|
enable = true;
|
||||||
|
qemu = {
|
||||||
|
package = pkgs.qemu_kvm;
|
||||||
|
runAsRoot = true;
|
||||||
|
swtpm.enable = true;
|
||||||
|
ovmf = {
|
||||||
|
enable = true;
|
||||||
|
packages = [(pkgs.OVMF.override {
|
||||||
|
secureBoot = true;
|
||||||
|
tpmSupport = true;
|
||||||
|
}).fd];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
users.users.caleb = {
|
||||||
|
extraGroups = [ "libvirtd" "docker" ];
|
||||||
|
};
|
||||||
|
}
|
7
winapps.nix
Normal file
7
winapps.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
freerdp
|
||||||
|
bc
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user