mirror of
https://git.gay/sneexy/nixos.git
synced 2026-01-11 05:03:15 -08:00
253 lines
7.1 KiB
Nix
253 lines
7.1 KiB
Nix
# This is your system's configuration file.
|
|
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
|
{
|
|
inputs,
|
|
outputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# You can import other NixOS modules here
|
|
imports = [
|
|
# If you want to use modules your own flake exports (from modules/nixos):
|
|
# outputs.nixosModules.example
|
|
|
|
# Or modules from other flakes (such as nixos-hardware):
|
|
# inputs.hardware.nixosModules.common-cpu-amd
|
|
# inputs.hardware.nixosModules.common-ssd
|
|
|
|
# You can also split up your configuration and import pieces of it here:
|
|
# ./users.nix
|
|
];
|
|
|
|
nixpkgs = {
|
|
# You can add overlays here
|
|
overlays = [
|
|
# Add overlays your own flake exports (from overlays and pkgs dir):
|
|
|
|
# You can also add overlays exported from other flakes:
|
|
# neovim-nightly-overlay.overlays.default
|
|
|
|
# Or define it inline, for example:
|
|
# (final: prev: {
|
|
# hi = final.hello.overrideAttrs (oldAttrs: {
|
|
# patches = [ ./change-hello-to-hi.patch ];
|
|
# });
|
|
# })
|
|
];
|
|
# Configure your nixpkgs instance
|
|
config = {
|
|
# Disable if you don't want unfree packages
|
|
allowUnfree = true;
|
|
};
|
|
};
|
|
|
|
# This will add each flake input as a registry
|
|
# To make nix3 commands consistent with your flake
|
|
nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
|
|
|
|
# This will additionally add your inputs to the system's legacy channels
|
|
# Making legacy nix commands consistent as well, awesome!
|
|
nix.nixPath = ["/etc/nix/path"];
|
|
environment.etc =
|
|
lib.mapAttrs'
|
|
(name: value: {
|
|
name = "nix/path/${name}";
|
|
value.source = value.flake;
|
|
})
|
|
config.nix.registry;
|
|
|
|
nix.settings = {
|
|
# Enable flakes and new 'nix' command
|
|
experimental-features = "nix-command flakes";
|
|
# Deduplicate and optimize nix store
|
|
auto-optimise-store = true;
|
|
};
|
|
|
|
# use linux-cachy from the nyx repo.
|
|
# is this actually "required"? no, not really. but i can have it, so why not?
|
|
# see nyx: https://www.nyx.chaotic.cx/
|
|
# see cachyos: https://github.com/CachyOS/linux-cachyos
|
|
boot.kernelPackages = pkgs.linuxPackages_cachyos;
|
|
|
|
# Bootloader.
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# Enable networking
|
|
networking.networkmanager.enable = true;
|
|
|
|
# we're using/prioritizing dnscrypt!
|
|
networking.nameservers = ["127.0.0.1" "::1"];
|
|
# resolved and others conflicts with setting dns here
|
|
networking.resolvconf.enable = pkgs.lib.mkForce false;
|
|
networking.dhcpcd.extraConfig = "nohook resolv.conf";
|
|
services.resolved.enable = false;
|
|
# also ensuring that networkmanager doesn't modify dns settings
|
|
networking.networkmanager.dns = "none";
|
|
|
|
# dnscrypt settings
|
|
services.dnscrypt-proxy2 = {
|
|
enable = true;
|
|
settings = {
|
|
ipv6_servers = true;
|
|
require_dnssec = true;
|
|
|
|
sources.public-resolvers = {
|
|
# of course, sourcing from the main public lists
|
|
urls = [
|
|
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
|
|
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
|
|
];
|
|
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
|
|
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
|
|
};
|
|
|
|
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
|
|
# prioritize quad9, then adguard, and cloudflare as last resort
|
|
server_names = ["quad9-dnscrypt-ip4-filter-pri" "quad9-doh-ip4-port443-filter-pri" "quad9-doh-ip6-port443-filter-pri" "adguard-dns-doh" "adguard-dns-ipv6" "cloudflare" "cloudflare-ipv6"];
|
|
};
|
|
};
|
|
|
|
systemd.services.dnscrypt-proxy2.serviceConfig = {
|
|
StateDirectory = "dnscrypt-proxy";
|
|
};
|
|
|
|
# enable plymouth because it looks cool :)))
|
|
boot.plymouth = {
|
|
enable = true;
|
|
theme = "bgrt";
|
|
};
|
|
|
|
# Enable CUPS to print documents.
|
|
services.printing = {
|
|
enable = true;
|
|
drivers = with pkgs; [canon-cups-ufr2];
|
|
};
|
|
services.avahi.enable = true;
|
|
services.avahi.nssmdns4 = true;
|
|
|
|
# so, funny thing i learned - "xserver" is basically the blanket term for all gui stuff in nixos.
|
|
# this really confuses me, because i'm trying to keep xorg out of this install and only wayland in.
|
|
# i may miss some spots though.
|
|
# see: https://www.reddit.com/r/NixOS/comments/17ia1g8/i_dont_understand_nixoss_wayland_setup/
|
|
# EDIT: they changed it !!!!
|
|
|
|
services.xserver.enable = true;
|
|
|
|
# use sddm and only use its wayland session
|
|
services.displayManager.sddm.enable = true;
|
|
services.displayManager.sddm.wayland.enable = true;
|
|
# default to plasma wayland session
|
|
services.displayManager.defaultSession = "plasma";
|
|
# gyattde rizzma 6
|
|
services.desktopManager.plasma6 = {
|
|
enable = true;
|
|
};
|
|
|
|
programs.xwayland.enable = true;
|
|
|
|
# Configure keymap in X11
|
|
services.xserver.xkb = {
|
|
layout = "us";
|
|
};
|
|
|
|
# don't install some of the default packages since i don't need them
|
|
environment.plasma6.excludePackages = with pkgs.kdePackages; [
|
|
elisa
|
|
];
|
|
|
|
environment.variables = {
|
|
# wayland related
|
|
NIXOS_OZONE_WL = "1";
|
|
# custom sudo prompt for the xds
|
|
SUDO_PROMPT = "[sudo] stick out your gyatt for the rizzler: ";
|
|
};
|
|
|
|
fonts = {
|
|
fontDir.enable = true;
|
|
packages = with pkgs; [
|
|
noto-fonts
|
|
lexend
|
|
liberation_ttf
|
|
unifont
|
|
(nerdfonts.override {fonts = ["JetBrainsMono" "Iosevka" "FiraCode" "DroidSansMono"];})
|
|
noto-fonts-color-emoji
|
|
];
|
|
fontconfig = {
|
|
defaultFonts = {
|
|
emoji = ["Noto Color Emoji"];
|
|
};
|
|
};
|
|
};
|
|
|
|
# Enable sound with pipewire.
|
|
sound.enable = true;
|
|
hardware.pulseaudio.enable = false;
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
# If you want to use JACK applications, uncomment this
|
|
#jack.enable = true;
|
|
|
|
# wireplumber exists so, lets *not* use the example session
|
|
wireplumber.enable = true;
|
|
};
|
|
|
|
# flatpaks for the one time i'll need them for some reason
|
|
services.flatpak.enable = true;
|
|
|
|
# system packages
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
wget
|
|
fzf
|
|
curl
|
|
curlHTTP3
|
|
virt-manager
|
|
pinentry-curses
|
|
kitty
|
|
wezterm
|
|
distrobox
|
|
];
|
|
|
|
# firefox
|
|
programs.firefox.enable = true;
|
|
|
|
# steam
|
|
programs.steam.enable = true;
|
|
|
|
# android debugging tools
|
|
programs.adb.enable = true;
|
|
|
|
# gnupg is basically required for everything i use
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
# podmen
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
dockerSocket.enable = true;
|
|
};
|
|
|
|
# virtualization stuff
|
|
virtualisation.libvirtd = {
|
|
enable = true;
|
|
#qemu.runAsRoot = false;
|
|
qemu.swtpm.enable = true;
|
|
};
|
|
virtualisation.spiceUSBRedirection.enable = true;
|
|
|
|
# waydroid
|
|
virtualisation.waydroid.enable = true;
|
|
|
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
|
system.stateVersion = "23.11";
|
|
}
|