{ pkgs, lib, inputs, config, ... }: let sshKeys = import ../../crypto/ssh-keys.nix; in { imports = [ # Defaults ./hardware-configuration.nix ../../common/base.nix ../../common/full-install.nix # Localization ../../common/locales/en.nix ../../common/locales/fr-keymap.nix # Hardware ../../common/hardware/intel-cpu.nix ../../common/hardware/tpm2.nix ../../common/hardware/wireless.nix # ../../common/hardware/nvidia-gpu.nix # ../../common/hardware/nvidia-gpu-offload.nix ../../common/hardware/ssd.nix ../../common/hardware/btrfs.nix # Software components ../../common/components/de/sddm.nix ../../common/components/de/plasma6.nix # ../../common/components/de/hyprland.nix # Programs ../../common/programs/steam.nix # Services # ../../common/services/auditd.nix ../../common/services/nix-gc.nix ../../common/services/opensnitch.nix # ../../common/services/adguardhome.nix ../../common/services/syncthing.nix ../../common/services/usbguard.nix ../../common/services/autoupgrade.nix # Home-manager ../../home/tasia/home.nix inputs.agenix.nixosModules.default ../../common/components/wifi-secrets.nix inputs.thymis.nixosModules.thymis-controller # Personal modules # ../../modules/nixos/tildefriends.nix ./yubikey.nix ]; # RGB Keyboard backight boot.extraModulePackages = with config.boot.kernelPackages; [hid-ite8291r3]; services.udev.extraRules = '' ACTION=="add", SUBSYSTEM=="leds", DEVPATH=="*:kbd_backlight", TEST=="color", ATTR{color}="fc4f05" ''; # Nvidia GPU hardware.nvidia.prime = { intelBusId = "PCI:1:0:0"; nvidiaBusId = "PCI:0:2:0"; }; networking = { hostName = "yaseen"; firewall = { allowedTCPPorts = [ # 8080 # ? 80 443 3001 8000 # 8008 # ssb # 12345 # tildefriends # 13378 # audiobookshelf ]; allowedUDPPorts = [ # 8080 # ? ]; }; }; users.users.tasia.openssh.authorizedKeys.keys = [ sshKeys.tasia.yaseen ]; virtualisation.docker.enable = true; services.flatpak.enable = true; services.syncthing = { user = "tasia"; dataDir = lib.mkForce "/home/tasia/Sync/data"; configDir = lib.mkForce "/home/tasia/Sync/configuration"; }; # Needed to build enry boot.binfmt.emulatedSystems = ["aarch64-linux"]; environment.systemPackages = with pkgs; [ inputs.tildefriends.packages.${system}.default osu-lazer-bin prismlauncher sherlock whois android-tools ripgrep lsd viu logseq nix-tree android-studio lutris # nheko iamb ladybird lynx chirp yubikey-manager inputs.agenix.packages.x86_64-linux.default ]; fonts.packages = with pkgs; [ (nerdfonts.override {fonts = ["CascadiaCode"];}) ]; programs.adb.enable = true; # services.ddclient = { # enable = true; # # usev6=if, if=wlp5s0 # configFile = pkgs.writeText "ddclient-config" '' # usev6=webv6, web=dns.glauca.digital/checkip # ipv6=yes # ipv4=no # protocol=dyndns2 # server=dns.glauca.digital # login= # password= # hello.vulpecula.zone # ''; # }; # services.nginx.enable = true; # services.nginx.virtualHosts."test.vulpecula.zone" = { # # addSSL = true; # # enableACME = true; # root = "/www"; # }; # security.acme = { # acceptTerms = true; # defaults.email = "tasiaiso@proton.me"; # }; services.printing.drivers = [pkgs.cnijfilter2]; # services.uptime-kuma.enable = true; nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" "electron-27.3.11" ]; # services.mattermost = { # enable = true; # siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on. # }; # todo: ci runner # services.ollama = { # enable = true; # # acceleration = "cuda"; # }; # services.gotosocial = { # enable = true; # setupPostgresqlDB = true; # settings = { # application-name = "My GoToSocial"; # host = "gotosocial.example.com"; # protocol = "http"; # bind-address = "127.0.0.1"; # port = 8080; # }; # }; # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!"; # services.nextcloud = { # enable = true; # package = pkgs.nextcloud29; # hostName = "localhost"; # config.adminpassFile = "/etc/nextcloud-admin-pass"; # }; services.rustdesk-server = { enable = true; openFirewall = true; relayIP = "100.91.88.2"; }; # virtualisation.waydroid.enable = true; # users.users.lol = { # isNormalUser = true; # description = "lol"; # extraGroups = [ # "networkmanager" # # "wheel" # # "syncthing" # # "tss" # # "dialout" # # "vboxusers" # # "adbusers" # ]; # initialPassword = "password123"; # }; # netwobking # ipvx dns-search = ""; # wifi mac-address-blacklist = ""; # wifisec auth-alg = "open"; # services.thymis-controller = { # enable = true; # system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64 # system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false # repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project # database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database # base-url = "https://yaseen/"; # base URL of the controller, how it will be accessed from the outside # auth-basic = true; # whether to enable authentication using a basic username/password # auth-basic-username = "admin"; # username for basic authentication # auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication # # content will be automatically generated if it does not exist # listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections # listen-port = 33100; # port on which the controller listens for incoming connections # nginx-vhost-enable = false; # whether to enable the Nginx virtual host # nginx-vhost-name = "thymis"; # name of the Nginx virtual host # }; # # Configure the Nginx virtual host # services.nginx = { # enable = true; # virtualHosts."thymis" = { # serverName = "yaseen"; # enableACME = true; # forceSSL = true; # }; # }; # security.acme.defaults.email = "tasiaiso@proton.me"; security.acme.acceptTerms = true; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "23.11"; }