255 lines
8.4 KiB
Nix
255 lines
8.4 KiB
Nix
|
# Edit this configuration file to define what should be installed on
|
|||
|
# your system. Help is available in the configuration.nix(5) man page
|
|||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|||
|
|
|||
|
{ config, pkgs, lib, fetchpatch, ... }:
|
|||
|
|
|||
|
let
|
|||
|
unstable = import <nixos-unstable> { };
|
|||
|
in
|
|||
|
{
|
|||
|
imports =
|
|||
|
[
|
|||
|
# Include the results of the hardware scan.
|
|||
|
./hardware-configuration.nix
|
|||
|
./software.nix
|
|||
|
./modules/gnome.nix
|
|||
|
./modules/zsh.nix
|
|||
|
./modules/vscode.nix
|
|||
|
./vscode.nix
|
|||
|
];
|
|||
|
|
|||
|
nix.trustedUsers = [ "root" "inex" ];
|
|||
|
|
|||
|
nixpkgs.config = {
|
|||
|
allowUnfree = true;
|
|||
|
android_sdk.accept_license = true;
|
|||
|
};
|
|||
|
|
|||
|
nixpkgs.overlays = [
|
|||
|
(self: super:
|
|||
|
{
|
|||
|
openhmd = super.openhmd.overrideAttrs (old: {
|
|||
|
src = super.fetchFromGitHub {
|
|||
|
owner = "OpenHMD";
|
|||
|
repo = "OpenHMD";
|
|||
|
rev = "dfac0203376552c5274976c42f0757b31310c483";
|
|||
|
sha256 = "1rm8iw03glfgnhggg221p8zycm9yjw84bv9ldb0vg2ygybds9m27";
|
|||
|
};
|
|||
|
});
|
|||
|
vscode-extensions = super.vscode-extensions // {
|
|||
|
github.copilot = pkgs.vscode-utils.buildVscodeMarketplaceExtension {
|
|||
|
mktplcRef = {
|
|||
|
publisher = "github";
|
|||
|
name = "copilot";
|
|||
|
version = "1.22.5957";
|
|||
|
sha256 = "04jak6ml7l19ryv2q6qn7qvvgw31jllgvd9g8xlac89xnndsfl6s";
|
|||
|
};
|
|||
|
};
|
|||
|
};
|
|||
|
}
|
|||
|
)
|
|||
|
];
|
|||
|
|
|||
|
# Use the systemd-boot EFI boot loader.
|
|||
|
boot.loader = {
|
|||
|
systemd-boot.enable = true;
|
|||
|
efi.canTouchEfiVariables = true;
|
|||
|
grub.useOSProber = true;
|
|||
|
grub.memtest86.enable = true;
|
|||
|
};
|
|||
|
|
|||
|
boot.supportedFilesystems = [ "btrfs" "ntfs" ];
|
|||
|
|
|||
|
fileSystems."/mediastorage" = {
|
|||
|
device = "/dev/disk/by-uuid/aed202ac-7414-40b9-9d71-011b7043c850";
|
|||
|
fsType = "ext4";
|
|||
|
};
|
|||
|
|
|||
|
fileSystems."/backups" = {
|
|||
|
device = "/dev/disk/by-uuid/63db910e-f906-4211-bac5-4330777c8283";
|
|||
|
fsType = "ext4";
|
|||
|
};
|
|||
|
|
|||
|
# fileSystems."/nvme" = {
|
|||
|
# device = "/dev/disk/by-uuid/8c1c5508-ecaa-433d-87c0-49d131395ddd";
|
|||
|
# fsType = "btrfs";
|
|||
|
# };
|
|||
|
|
|||
|
networking = {
|
|||
|
hostName = "inex-pc";
|
|||
|
networkmanager.enable = true;
|
|||
|
useDHCP = false;
|
|||
|
interfaces = {
|
|||
|
enp8s0 = {
|
|||
|
useDHCP = true;
|
|||
|
};
|
|||
|
wlp5s0 = {
|
|||
|
useDHCP = true;
|
|||
|
};
|
|||
|
};
|
|||
|
firewall = {
|
|||
|
enable = false;
|
|||
|
allowedTCPPorts = [ 8437 1716 51820 24642 27036 27037 24800 ];
|
|||
|
allowedUDPPorts = [ 8437 1716 51820 24642 27031 27036 24800 ];
|
|||
|
checkReversePath = false;
|
|||
|
};
|
|||
|
wireguard.interfaces = {
|
|||
|
wg0 = {
|
|||
|
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
|||
|
ips = [ "10.100.0.6/24" ];
|
|||
|
listenPort = 51820;
|
|||
|
|
|||
|
postSetup = "${pkgs.iproute}/bin/ip route add 135.181.97.221 via 192.168.1.1";
|
|||
|
postShutdown = "${pkgs.iproute}/bin/ip route del 135.181.97.221 via 192.168.1.1";
|
|||
|
|
|||
|
# Path to the private key file.
|
|||
|
#
|
|||
|
# Note: The private key can also be included inline via the privateKey option,
|
|||
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
|||
|
# recommended.
|
|||
|
privateKeyFile = "/home/inex/wireguard-keys/private";
|
|||
|
|
|||
|
peers = [
|
|||
|
# For a client configuration, one peer entry for the server will suffice.
|
|||
|
{
|
|||
|
# Public key of the server (not a file path).
|
|||
|
publicKey = "8sEAHYhydEGKTVecXcOb28zeGHGLGCsri5evbSQV8mY=";
|
|||
|
|
|||
|
# Forward all the traffic via VPN.
|
|||
|
#allowedIPs = [ "0.0.0.0/0" ];
|
|||
|
# Or forward only particular subnets
|
|||
|
allowedIPs = [ "10.100.0.0/24" ];
|
|||
|
|
|||
|
# Set this to the server IP and port.
|
|||
|
endpoint = "135.181.97.221:51820";
|
|||
|
|
|||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|||
|
persistentKeepalive = 25;
|
|||
|
}
|
|||
|
];
|
|||
|
};
|
|||
|
};
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
# Select internationalisation properties.
|
|||
|
# i18n.defaultLocale = "en_US.UTF-8";
|
|||
|
console = {
|
|||
|
font = "Lat2-Terminus16";
|
|||
|
keyMap = "us";
|
|||
|
};
|
|||
|
|
|||
|
# Set your time zone.
|
|||
|
time.timeZone = "Europe/Moscow";
|
|||
|
|
|||
|
services = {
|
|||
|
printing.enable = true;
|
|||
|
xserver = {
|
|||
|
enable = true;
|
|||
|
layout = "us";
|
|||
|
xkbVariant = "colemak";
|
|||
|
videoDrivers = [ "amdgpu" ];
|
|||
|
libinput.enable = true;
|
|||
|
exportConfiguration = true;
|
|||
|
wacom.enable = true;
|
|||
|
};
|
|||
|
openssh = {
|
|||
|
enable = true;
|
|||
|
passwordAuthentication = false;
|
|||
|
forwardX11 = true;
|
|||
|
};
|
|||
|
flatpak.enable = true;
|
|||
|
udev.packages = [
|
|||
|
(pkgs.writeTextFile {
|
|||
|
name = "wacom_udev";
|
|||
|
text = ''
|
|||
|
KERNEL!="event[0-9]*", GOTO="wacom_end"
|
|||
|
DRIVERS=="wacom", ATTRS{bInterfaceNumber}=="00", ENV{WACOM_TYPE}="stylus"
|
|||
|
DRIVERS=="wacom", ATTRS{bInterfaceNumber}=="01", ENV{WACOM_TYPE}="touch"
|
|||
|
ATTRS{idVendor}=="056a", ENV{WACOM_TYPE}!="touch", SYMLINK+="input/wacom"
|
|||
|
ATTRS{idVendor}=="056a", ENV{WACOM_TYPE}=="touch", SYMLINK+="input/wacom-touch"
|
|||
|
#ATTRS{idVendor}=="056a", ACTION=="add", RUN+="check_driver wacom $devpath $env{ID_BUS}"
|
|||
|
LABEL="wacom_end"
|
|||
|
'';
|
|||
|
destination = "/etc/udev/rules.d/50-wacom.rules";
|
|||
|
|
|||
|
})
|
|||
|
];
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
sound.enable = true;
|
|||
|
|
|||
|
# Video driver
|
|||
|
hardware = {
|
|||
|
opengl = {
|
|||
|
enable = true;
|
|||
|
driSupport32Bit = true;
|
|||
|
extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-runtime pkgs.rocm-opencl-runtime ];
|
|||
|
};
|
|||
|
steam-hardware.enable = true;
|
|||
|
bluetooth = {
|
|||
|
enable = true;
|
|||
|
package = pkgs.bluezFull;
|
|||
|
};
|
|||
|
pulseaudio = {
|
|||
|
package = pkgs.pulseaudioFull;
|
|||
|
support32Bit = true;
|
|||
|
extraModules = [ pkgs.pulseaudio-modules-bt ];
|
|||
|
};
|
|||
|
};
|
|||
|
|
|||
|
environment.variables.VK_ICD_FILENAMES = "${pkgs.amdvlk}/share/vulkan/icd.d/amd_icd64.json";
|
|||
|
|
|||
|
programs = {
|
|||
|
adb.enable = true;
|
|||
|
java = {
|
|||
|
enable = true;
|
|||
|
};
|
|||
|
};
|
|||
|
|
|||
|
virtualisation = {
|
|||
|
docker = {
|
|||
|
enable = true;
|
|||
|
enableOnBoot = false;
|
|||
|
};
|
|||
|
waydroid.enable = true;
|
|||
|
virtualbox.host = {
|
|||
|
enable = false;
|
|||
|
};
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|||
|
users.users.inex = {
|
|||
|
isNormalUser = true;
|
|||
|
home = "/home/inex";
|
|||
|
description = "Inex Code";
|
|||
|
extraGroups = [ "wheel" "networkmanager" "jackaudio" "audio" "video" "adbusers" "docker" "cdrom" ]; # Enable ‘sudo’ for the user.
|
|||
|
openssh.authorizedKeys.keys = [
|
|||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzL0gmvpMOZbijqZOlTuNqtVHZGoNrxCiWJXIDcUwr1cx8M2o61qK/wNMZmyYGROpJbpsFERAjXIXBpwg2KQ3ONRL6q44nPrOSbHm3zL8pnFEvzM0BUKV1Mq2T1dM+geMhQnLrwZhOxvp3+9uhFSTPP/dVzWQ19pEiK5hHpXlD3eyO+LIaS/wkTJvBy/wCKz+O/coLyBQ+Mn5hGQaJAyDec/ovu8OhBkJbbvWp03F2zcWUCxwVfZ1VnLQxn7tk9L4iTw1+rDt0kaRQvVISV3KdqLJnPODku6eC38LcMfHIFXAWBdSUslGUl9Qkd1c+6Gorzt3BrfYL/HDW2Xk3UTQF inex-envy"
|
|||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbUS/AblfzZcfr/iMxHJ5pubzCuriVTu12TKt1iRQFDjQDo+/j0/Ga07zqyB9VUhpJg/IOcJ6o2T4PBixNuHQQX5z4sb/tqzbx3buBz0HIp8VHRC3TtLAmsFj24AldxlADlQpGnlt+g3p200m2dwu/Yoe4+GD8Twwg6FCsyiRjstbfo89Kmwi9yVbXx5aBssscEkXBQODTpwOB05nCz3oUuvQ5ex+yH+o02cTlYyBoglgfzM6HzR0GkmCRDlx613nqa1+ICxwWY0cXMbhnUwDoJASk5eJovtmEqC29qJKABxZaKRYsaW3sMJiMOvPHf9BkVKp4uPINhLc5vopwZI10xsNOn75AXRptkHzenn7ymC+qwJr53Z1tAAfMb5ypJ+u+SE8wazd4x2CIFHH+LbaputqxyfUxNoMbFMGNXICDAOCCQ0nkax7Ifr1NlTp07zTYH6VP0kzqqYiAlBu5qo3qIi5dRsLvb6/McerDNhRmYh25Ww7zpEY4Q9uTWDZkCP8= u0_a122@localhost"
|
|||
|
];
|
|||
|
};
|
|||
|
|
|||
|
# This value determines the NixOS release from which the default
|
|||
|
# settings for stateful data, like file locations and database versions
|
|||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|||
|
# this value at the release version of the first install of this system.
|
|||
|
# Before changing this value read the documentation for this option
|
|||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|||
|
system.stateVersion = "20.03"; # Did you read the comment?
|
|||
|
system.autoUpgrade.enable = true;
|
|||
|
|
|||
|
environment.shellInit = ''
|
|||
|
export VST_PATH=/nix/var/nix/profiles/default/lib/vst:/var/run/current-system/sw/lib/vst:~/.vst
|
|||
|
export LXVST_PATH=/nix/var/nix/profiles/default/lib/lxvst:/var/run/current-system/sw/lib/lxvst:~/.lxvst
|
|||
|
export LADSPA_PATH=/nix/var/nix/profiles/default/lib/ladspa:/var/run/current-system/sw/lib/ladspa:~/.ladspa
|
|||
|
export LV2_PATH=/nix/var/nix/profiles/default/lib/lv2:/var/run/current-system/sw/lib/lv2:~/.lv2
|
|||
|
export DSSI_PATH=/nix/var/nix/profiles/default/lib/dssi:/var/run/current-system/sw/lib/dssi:~/.dssi
|
|||
|
export VST3_PATH=/nix/var/nix/profiles/default/lib/vst3:/var/run/current-system/sw/lib/vst3:~/.vst3
|
|||
|
'';
|
|||
|
|
|||
|
}
|