150 lines
3.4 KiB
Nix
150 lines
3.4 KiB
Nix
{
|
|
inputs,
|
|
outputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./locales/paris.nix
|
|
|
|
./services/sshd.nix
|
|
./programs/neovim.nix
|
|
./programs/zsh.nix
|
|
./programs/git.nix
|
|
];
|
|
|
|
nixpkgs = {
|
|
overlays = [
|
|
outputs.overlays.additions
|
|
outputs.overlays.modifications
|
|
outputs.overlays.unstable-packages
|
|
];
|
|
};
|
|
|
|
# This will add each flake input as a registry
|
|
# To make nix3 commands consistent with your flake
|
|
nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
|
|
|
|
# This will additionally add your inputs to the system's legacy channels
|
|
# Making legacy nix commands consistent as well, awesome!
|
|
nix.nixPath = ["/etc/nix/path"];
|
|
environment.etc =
|
|
lib.mapAttrs'
|
|
(name: value: {
|
|
name = "nix/path/${name}";
|
|
value.source = value.flake;
|
|
})
|
|
config.nix.registry;
|
|
|
|
nix.settings = {
|
|
# Enable flakes and new 'nix' command
|
|
experimental-features = "nix-command flakes";
|
|
# Deduplicate and optimize nix store
|
|
auto-optimise-store = true;
|
|
};
|
|
|
|
# Unfree packages that can be installe even if "allow-unfree.nix" isn't imported
|
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
builtins.elem (lib.getName pkg) [
|
|
# Steam
|
|
"steam"
|
|
"steam-original"
|
|
"steam-run"
|
|
|
|
# Nvidia drivers
|
|
"nvidia-x11"
|
|
"nvidia-settings"
|
|
];
|
|
|
|
boot.loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
editor = false;
|
|
};
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
|
|
# boot.initrd.enable = true;
|
|
# boot.initrd.systemd.enable = true;
|
|
# boot.plymouth = {
|
|
# enable = true;
|
|
# font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
|
|
# themePackages = [ pkgs.catppuccin-plymouth ];
|
|
# theme = "catppuccin-macchiato";
|
|
# logo = pkgs.fetchurl {
|
|
# url = "https://nixos.org/logo/nixos-hires.png";
|
|
# sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
|
|
# };
|
|
# };
|
|
|
|
networking = {
|
|
networkmanager = {
|
|
enable = true;
|
|
wifi = {
|
|
powersave = true;
|
|
scanRandMacAddress = true;
|
|
# XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091
|
|
#backend = "iwd";
|
|
# Generate a random MAC for each WiFi and associate the two permanently.
|
|
macAddress = "stable";
|
|
};
|
|
# Randomize MAC for every ethernet connetion
|
|
ethernet.macAddress = "random";
|
|
connectionConfig = {
|
|
# IPv6 Privacy Extensions
|
|
"ipv6.ip6-privacy" = 2;
|
|
|
|
# unique DUID per connection
|
|
"ipv6.dhcp-duid" = "stable-uuid";
|
|
};
|
|
};
|
|
|
|
firewall = {
|
|
enable = true;
|
|
trustedInterfaces = ["tailscale0"];
|
|
};
|
|
};
|
|
|
|
# sudo and nix can only be used by the wheel group
|
|
nix.settings.allowed-users = ["@wheel"];
|
|
security.sudo.execWheelOnly = true;
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
programs.mtr.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
dig
|
|
nmap
|
|
btop
|
|
gitFull
|
|
smartmontools
|
|
lm_sensors
|
|
pciutils
|
|
gcc
|
|
gnumake
|
|
sysstat
|
|
file
|
|
ffmpeg
|
|
usbutils
|
|
];
|
|
|
|
services = {
|
|
fwupd.enable = true;
|
|
tailscale.enable = true;
|
|
};
|
|
# console = {
|
|
# earlySetup = true;
|
|
# };
|
|
|
|
# boot.blacklistedKernelModules = [ "nvidia_drm" ];
|
|
}
|