zilti/nixconfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
Daniel Ziltener 2024-10-04 16:56:41 +02:00
parent cb19bffc0a
commit 029a324787
Signed by: zilti
GPG key ID: B38976E82C9DAE42
3 changed files with 73 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
configuration.nix
View file

@ -2,17 +2,23 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, inputs, pkgs, lib, ... }:
{
config,
inputs,
pkgs,
lib,
...
}:
{
imports =
[ # Include the results of the hardware scan.
# NOTE: Required bevuta config is part of this file here, and not bevuta specific.
# ./bevuta-config/bevuta.nix
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
./disko-config.nix
];
imports = [
# Include the results of the hardware scan.
# NOTE: Required bevuta config is part of this file here, and not bevuta specific.
# ./bevuta-config/bevuta.nix
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
./disko-config.nix
];
# Use the systemd-boot EFI boot loader.
@ -35,7 +41,7 @@
#networking.hostName = "ziltis-desktop"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -48,7 +54,7 @@
# i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
# keyMap = "de";
# keyMap = "de";
useXkbConfig = true; # use xkbOptions in tty.
};
@ -87,7 +93,6 @@
programs.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
};
services.flatpak.enable = true;
@ -105,27 +110,27 @@
apparmor = {
enable = true;
policies.dummy.profile = ''
/dummy {
}
/dummy {
}
'';
};
# This blacklist is from bevuta
pki.caCertificateBlacklist = [
"certSIGN ROOT CA"
"certSIGN Root CA G2"
"CFCA EV ROOT"
"ePKI Root Certification Authority"
"SecureSign RootCA11"
"GDCA TrustAUTH R5 ROOT"
"Hongkong Post Root CA 3"
"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
"Hellenic Academic and Research Institutions ECC RootCA 2015"
"Hellenic Academic and Research Institutions RootCA 2015"
"NAVER Global Root Certification Authority"
"UCA Extended Validation Root"
"UCA Global G2 Root"
"TWCA Global Root CA"
"TWCA Root Certification Authority"
"certSIGN ROOT CA"
"certSIGN Root CA G2"
"CFCA EV ROOT"
"ePKI Root Certification Authority"
"SecureSign RootCA11"
"GDCA TrustAUTH R5 ROOT"
"Hongkong Post Root CA 3"
"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
"Hellenic Academic and Research Institutions ECC RootCA 2015"
"Hellenic Academic and Research Institutions RootCA 2015"
"NAVER Global Root Certification Authority"
"UCA Extended Validation Root"
"UCA Global G2 Root"
"TWCA Global Root CA"
"TWCA Root Certification Authority"
];
};
@ -150,7 +155,12 @@
users.users.zilti = {
isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "kvm" "qemu" ];
extraGroups = [
"wheel"
"libvirtd"
"kvm"
"qemu"
];
};
services.fprintd = {
@ -182,22 +192,23 @@
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = [ pkgs.virtiofsd ];
package = pkgs.qemu_full;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = [ pkgs.virtiofsd ];
};
};
# podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
# containers.storage.settings = {
# storage = {
# driver = "btrfs";
# };
# };
# podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
# containers.storage.settings = {
# storage = {
# driver = "btrfs";
# };
# };
};
# Some programs need SUID wrappers, can be configured further or are
@ -236,19 +247,25 @@
networking.firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 1714; to = 1764; }
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; }
{
from = 1714;
to = 1764;
}
];
};
# networking.extraHosts = ''
# 127.0.0.1 l.redsky.io
# ::1 l.redsky.io
# '';
# networking.extraHosts = ''
# 127.0.0.1 l.redsky.io
# ::1 l.redsky.io
# '';
# security.pam.services.swaylock = {};
# security.pam.services.swaylock = {};
services.btrfs = {
autoScrub = {
@ -287,4 +304,3 @@
# the idiocy of all the people who keep recommending it online.
nix.settings.experimental-features = "nix-command flakes";
}

5
flake.nix
View file

@ -25,11 +25,6 @@
};
# flatpaks.url = "github:GermanBread/declarative-flatpak/stable-v3";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&ref=refs/tags/v0.43.0";
hyprsplit = {
url = "github:shezdy/hyprsplit";
inputs.hyprland.follows = "hyprland";
};
};
outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, ... }: {

6
hyprland/hyprland.nix
View file

@ -17,8 +17,8 @@ args@{ config, lib, inputs, pkgs, wayland, ... }:
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = true;
plugins = [
inputs.hyprsplit.packages.${pkgs.stdenv.hostPlatform.system}.hyprsplit
plugins = with pkgs.hyprlandPlugins; [
hyprsplit
];
settings = {
source =
@ -175,7 +175,7 @@ args@{ config, lib, inputs, pkgs, wayland, ... }:
exec-once = [
"[workspace special] ${pkgs.kitty}/bin/kitty"
# "sleep 1; hyprctl dispatch layoutmsg orientationleft; hyprctl dispatch togglespecialworkspace"
"blueman-applet &"
"sleep 5 && blueman-applet &"
];
};
};