This commit is contained in:
Daniel Ziltener 2024-10-04 16:56:41 +02:00
parent cb19bffc0a
commit 029a324787
Signed by: zilti
GPG key ID: B38976E82C9DAE42
3 changed files with 73 additions and 62 deletions

View file

@ -2,17 +2,23 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, inputs, pkgs, lib, ... }: {
config,
inputs,
pkgs,
lib,
...
}:
{ {
imports = imports = [
[ # Include the results of the hardware scan. # Include the results of the hardware scan.
# NOTE: Required bevuta config is part of this file here, and not bevuta specific. # NOTE: Required bevuta config is part of this file here, and not bevuta specific.
# ./bevuta-config/bevuta.nix # ./bevuta-config/bevuta.nix
./hardware-configuration.nix ./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix" "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
./disko-config.nix ./disko-config.nix
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -35,7 +41,7 @@
#networking.hostName = "ziltis-desktop"; # Define your hostname. #networking.hostName = "ziltis-desktop"; # Define your hostname.
# Pick only one of the below networking options. # Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -48,7 +54,7 @@
# i18n.defaultLocale = "en_US.UTF-8"; # i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
# keyMap = "de"; # keyMap = "de";
useXkbConfig = true; # use xkbOptions in tty. useXkbConfig = true; # use xkbOptions in tty.
}; };
@ -87,7 +93,6 @@
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
}; };
services.flatpak.enable = true; services.flatpak.enable = true;
@ -105,27 +110,27 @@
apparmor = { apparmor = {
enable = true; enable = true;
policies.dummy.profile = '' policies.dummy.profile = ''
/dummy { /dummy {
} }
''; '';
}; };
# This blacklist is from bevuta # This blacklist is from bevuta
pki.caCertificateBlacklist = [ pki.caCertificateBlacklist = [
"certSIGN ROOT CA" "certSIGN ROOT CA"
"certSIGN Root CA G2" "certSIGN Root CA G2"
"CFCA EV ROOT" "CFCA EV ROOT"
"ePKI Root Certification Authority" "ePKI Root Certification Authority"
"SecureSign RootCA11" "SecureSign RootCA11"
"GDCA TrustAUTH R5 ROOT" "GDCA TrustAUTH R5 ROOT"
"Hongkong Post Root CA 3" "Hongkong Post Root CA 3"
"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
"Hellenic Academic and Research Institutions ECC RootCA 2015" "Hellenic Academic and Research Institutions ECC RootCA 2015"
"Hellenic Academic and Research Institutions RootCA 2015" "Hellenic Academic and Research Institutions RootCA 2015"
"NAVER Global Root Certification Authority" "NAVER Global Root Certification Authority"
"UCA Extended Validation Root" "UCA Extended Validation Root"
"UCA Global G2 Root" "UCA Global G2 Root"
"TWCA Global Root CA" "TWCA Global Root CA"
"TWCA Root Certification Authority" "TWCA Root Certification Authority"
]; ];
}; };
@ -150,7 +155,12 @@
users.users.zilti = { users.users.zilti = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "kvm" "qemu" ]; extraGroups = [
"wheel"
"libvirtd"
"kvm"
"qemu"
];
}; };
services.fprintd = { services.fprintd = {
@ -182,22 +192,23 @@
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu = { qemu = {
package = pkgs.qemu_kvm; package = pkgs.qemu_full;
runAsRoot = true; runAsRoot = true;
swtpm.enable = true; swtpm.enable = true;
vhostUserPackages = [ pkgs.virtiofsd ]; vhostUserPackages = [ pkgs.virtiofsd ];
}; };
}; };
# podman = {
# enable = true; # podman = {
# dockerCompat = true; # enable = true;
# defaultNetwork.settings.dns_enabled = true; # dockerCompat = true;
# }; # defaultNetwork.settings.dns_enabled = true;
# containers.storage.settings = { # };
# storage = { # containers.storage.settings = {
# driver = "btrfs"; # storage = {
# }; # driver = "btrfs";
# }; # };
# };
}; };
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -236,19 +247,25 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ from = 1714; to = 1764; } {
from = 1714;
to = 1764;
}
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 1714; to = 1764; } {
from = 1714;
to = 1764;
}
]; ];
}; };
# networking.extraHosts = '' # networking.extraHosts = ''
# 127.0.0.1 l.redsky.io # 127.0.0.1 l.redsky.io
# ::1 l.redsky.io # ::1 l.redsky.io
# ''; # '';
# security.pam.services.swaylock = {}; # security.pam.services.swaylock = {};
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
@ -287,4 +304,3 @@
# the idiocy of all the people who keep recommending it online. # the idiocy of all the people who keep recommending it online.
nix.settings.experimental-features = "nix-command flakes"; nix.settings.experimental-features = "nix-command flakes";
} }

View file

@ -25,11 +25,6 @@
}; };
# flatpaks.url = "github:GermanBread/declarative-flatpak/stable-v3"; # flatpaks.url = "github:GermanBread/declarative-flatpak/stable-v3";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&ref=refs/tags/v0.43.0";
hyprsplit = {
url = "github:shezdy/hyprsplit";
inputs.hyprland.follows = "hyprland";
};
}; };
outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, ... }: { outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, ... }: {

View file

@ -17,8 +17,8 @@ args@{ config, lib, inputs, pkgs, wayland, ... }:
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
systemd.enable = true; systemd.enable = true;
plugins = [ plugins = with pkgs.hyprlandPlugins; [
inputs.hyprsplit.packages.${pkgs.stdenv.hostPlatform.system}.hyprsplit hyprsplit
]; ];
settings = { settings = {
source = source =
@ -175,7 +175,7 @@ args@{ config, lib, inputs, pkgs, wayland, ... }:
exec-once = [ exec-once = [
"[workspace special] ${pkgs.kitty}/bin/kitty" "[workspace special] ${pkgs.kitty}/bin/kitty"
# "sleep 1; hyprctl dispatch layoutmsg orientationleft; hyprctl dispatch togglespecialworkspace" # "sleep 1; hyprctl dispatch layoutmsg orientationleft; hyprctl dispatch togglespecialworkspace"
"blueman-applet &" "sleep 5 && blueman-applet &"
]; ];
}; };
}; };