DerekGraham78

imported-config.nix

Jul 17th, 2024
79
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.30 KB | None | 0 0
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. {
  5. config,
  6. pkgs,
  7. lib,
  8. ...
  9. }: {
  10. imports = [
  11. # Include the results of the hardware scan.
  12. ];
  13. # vscode = {
  14. # user = "dgraham";
  15. # homeDir = "/home/dgraham";
  16. # extensions = with pkgs.vscode-extensions; [ms-vscode.cpptools];
  17. # };
  18. programs = {
  19. neovim = {
  20. enable = true;
  21. defaultEditor = true;
  22. };
  23. git = {
  24. enable = true;
  25. # userName = "derekagraham78";
  26. # userEmail = "[email protected]";
  27. };
  28. zsh = {
  29. enable = true;
  30. # Your zsh config
  31. ohMyZsh = {
  32. enable = true;
  33. plugins = ["git" "python" "man" "1password"];
  34. theme = "aussiegeek";
  35. };
  36. };
  37. xfconf.enable = true;
  38. nm-applet.enable = true;
  39. };
  40. networking = {
  41. nameservers = ["100.100.100.100" "8.8.8.8" "1.1.1.1"];
  42. search = ["tail20553.ts.net"];
  43. firewall = {
  44. enable = true;
  45. allowedTCPPorts = [21 57796 80 443 8181 3306 8000 8095 8123 1220 6969 8081 26648 9090 8080 3389 51820 51827 32400 5901 5938 8581 43148 8888 23421 50707 51578 5580];
  46. allowedTCPPortRanges = [
  47. {
  48. from = 20000;
  49. to = 28000;
  50. }
  51. {
  52. from = 51000;
  53. to = 59000;
  54. }
  55. ];
  56. allowedUDPPorts = [1900 1901 137 136 138 41641 3478 21063 5353];
  57. trustedInterfaces = ["tailscale0"];
  58. };
  59. networkmanager.enable = true;
  60. enableIPv6 = true;
  61. };
  62. #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
  63. # Printer
  64. services = {
  65. emacs = {
  66. enable = true;
  67. package = pkgs.emacs;
  68. };
  69. resolved = {
  70. enable = true;
  71. dnssec = "true";
  72. domains = ["~."];
  73. fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
  74. dnsovertls = "true";
  75. };
  76. tailscale = {
  77. enable = true;
  78. };
  79. vsftpd = {
  80. enable = true;
  81. writeEnable = true;
  82. localUsers = true;
  83. userlist = ["dgraham" "root" "nginx"];
  84. userlistEnable = true;
  85. virtualUseLocalPrivs = true;
  86. };
  87. memcached.enable = true;
  88. avahi = {
  89. enable = true;
  90. nssmdns4 = true;
  91. openFirewall = true;
  92. };
  93.  
  94. certmgr.renewInterval = "30m";
  95. displayManager = {
  96. defaultSession = "plasmax11";
  97. sddm = {
  98. enable = true;
  99. wayland.enable = true;
  100. autoNumlock = true;
  101. };
  102. autoLogin = {
  103. enable = true;
  104. user = "dgraham";
  105. };
  106. };
  107. cockpit = {
  108. enable = true;
  109. port = 9090;
  110. settings = {
  111. WebService = {
  112. Origins = "https://www.papalpenguin.com:9090 https://papalpenguin.com:9090 http://www.papalpenguin.com:9090 http://papalpenguin.com:9090 https://192.168.4.60:9090 http://192.168.4.60:9090 ws://192.168.4.60:9090 ws://papalpenguin.com:9090 ws://www.papalpenguin.com:9090 http://mulder.tail20553.ts.net:9090 https://mulder.tail20553.ts.net:9090";
  113. ProtocolHeader = "X-Forwarded-Proto";
  114. ForwardedForHeader = "X-Forwarded-For";
  115. AllowUnencrypted = true;
  116. };
  117. };
  118. };
  119. desktopManager.plasma6.enable = true;
  120. openssh = {
  121. enable = true;
  122. openFirewall = false;
  123. settings = {
  124. PermitRootLogin = "yes";
  125. AllowGroups = ["wheel" "root"];
  126. };
  127. allowSFTP = true;
  128. };
  129. # printing.enable = true;
  130. # pipewire = {
  131. # enable = true;
  132. # alsa.enable = true;
  133. # alsa.support32Bit = true;
  134. # pulse.enable = false;
  135. # If you want to use JACK applications, uncomment this
  136. # jack.enable = true;
  137. # };
  138. fwupd.enable = true;
  139. xrdp.enable = true;
  140. printing.drivers = [pkgs.brlaser];
  141. plex = {
  142. enable = true;
  143. openFirewall = true;
  144. };
  145. libinput.enable = true;
  146. };
  147. # List services that you want to enable:
  148. systemd = {
  149. extraConfig = "DefaultTimeoutStopSec=10s";
  150. };
  151. security = {
  152. rtkit.enable = true;
  153. acme = {
  154. acceptTerms = true;
  155. defaults.email = "[email protected]";
  156. defaults.renewInterval = "daily";
  157. };
  158. doas = {
  159. enable = true;
  160. wheelNeedsPassword = false;
  161. };
  162. sudo = {
  163. enable = true;
  164. wheelNeedsPassword = false;
  165. };
  166. };
  167. virtualisation.docker.enable = true;
  168. # Enable networking
  169. # Set your time zone.
  170. time.timeZone = "America/Chicago";
  171. # Select internationalisation properties.
  172. #i18n.defaultLocale = "en_US.UTF-8";
  173. #i18n.extraLocaleSettings = {
  174. # LANGUAGE = "C";
  175. # LC_ADDRESS = "en_US.UTF-8";
  176. # LC_IDENTIFICATION = "en_US.UTF-8";
  177. # LC_MEASUREMENT = "en_US.UTF-8";
  178. # LC_MONETARY = "en_US.UTF-8";
  179. # LC_NAME = "en_US.UTF-8";
  180. # LC_NUMERIC = "en_US.UTF-8";
  181. # LC_PAPER = "en_US.UTF-8";
  182. # LC_TELEPHONE = "en_US.UTF-8";
  183. # LC_TIME = "en_US.UTF-8";
  184. #};
  185. # Enable the X11 windowing system.
  186. xdg.portal.enable = true;
  187. xdg.portal.config.common.default = ["kde" "gtk"];
  188. systemd.services.ownership = {
  189. path = [pkgs.zsh];
  190. serviceConfig = {
  191. ExecStart = "/root/bin/ownership-update";
  192. wantedBy = ["default.target"];
  193. Type = "oneshot";
  194. User = "root";
  195. };
  196. };
  197. systemd.timers.ownership = {
  198. timerConfig = {
  199. OnBootSec = "15m";
  200. OnUnitActiveSec = "15m";
  201. Unit = "ownership.service";
  202. };
  203. };
  204.  
  205. systemd.services.backupmyconfs = {
  206. path = [pkgs.zsh];
  207. serviceConfig = {
  208. ExecStart = "/home/dgraham/bin/check4update";
  209. wantedBy = ["default.target"];
  210. Type = "oneshot";
  211. User = "dgraham";
  212. };
  213. };
  214. systemd.timers.backupmyconfs = {
  215. timerConfig = {
  216. OnBootSec = "60m";
  217. OnUnitActiveSec = "60m";
  218. Unit = "backupmyconfs.service";
  219. };
  220. };
  221. # Configure keymap in X11
  222. # Enable CUPS to print documents.
  223. # Enable sound with pipewire.
  224. sound.enable = true;
  225. hardware = {
  226. pulseaudio = {
  227. package = pkgs.pulseaudio;
  228. enable = false;
  229. extraConfig = "load-module module-equalizer-sink";
  230. };
  231. };
  232.  
  233. fonts.packages = with pkgs; [
  234. rPackages.trekfont
  235. noto-fonts
  236. noto-fonts-cjk
  237. (nerdfonts.override {fonts = ["JetBrainsMono"];})
  238. terminus-nerdfont
  239. udev-gothic-nf
  240. powerline-fonts
  241. noto-fonts-emoji
  242. liberation_ttf
  243. fira-code
  244. nginx
  245. fira-code-symbols
  246. mplus-outline-fonts.githubRelease
  247. dina-font
  248. proggyfonts
  249. ];
  250. console = {
  251. earlySetup = true;
  252. packages = with pkgs; [
  253. nerdfonts
  254. terminus_font
  255. (nerdfonts.override {fonts = ["JetBrainsMono"];})
  256. terminus-nerdfont
  257. ];
  258. keyMap = "us";
  259. };
  260. # Enable touchpad support (enabled default in most desktopManager).
  261. # Auto Upgrade
  262. system.autoUpgrade = {
  263. enable = true;
  264. flake = "github:derekagraham78/nixos/flake.nix";
  265. flags = [
  266. "--update-input"
  267. "nixpkgs"
  268. "-L" # print build logs
  269. ];
  270. dates = "02:00";
  271. randomizedDelaySec = "45min";
  272. };
  273. # List packages installed in system profile. To search, run:
  274. # $ nix search wget
  275. environment.systemPackages = with pkgs; [
  276. # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  277. wineWowPackages.stable
  278. wine
  279. (wine.override {wineBuild = "wine64";})
  280. wine64
  281. wineWowPackages.staging
  282. winetricks
  283. wineWowPackages.waylandFull
  284. emacs
  285. helix
  286. micro
  287. filezilla
  288. microsoft-edge
  289. altserver-linux
  290. vivaldi
  291. vivaldi-ffmpeg-codecs
  292. imagemagick
  293. cockpit
  294. gnome.gnome-disk-utility
  295. gparted
  296. whois
  297. docker-compose
  298. zammad
  299. eza
  300. deadnix
  301. slack
  302. cachix
  303. statix
  304. wev
  305. w3m
  306. ox
  307. deluge-gtk
  308. gnome.nautilus
  309. nautilus-open-any-terminal
  310. gnome.sushi
  311. gwenview
  312. clipmenu
  313. emojipick
  314. wev
  315. killall
  316. grim #screes capture
  317. slurp
  318. pavucontrol
  319. pasystray
  320. paprefs
  321. patray
  322. noisetorch
  323. volctl
  324. vscode
  325. git
  326. wget
  327. gh
  328. fastfetch
  329. libsixel
  330. anydesk
  331. file
  332. hddtemp
  333. ipmitool
  334. mdadm
  335. smartmontools
  336. tree
  337. glxinfo
  338. wmctrl
  339. xorg.xdpyinfo
  340. wayland
  341. usbutils
  342. zip
  343. xz
  344. unzip
  345. p7zip
  346. # utils
  347. ripgrep # recursively searches directories>
  348. wp4nix
  349. jq # A lightweight and flexible command-li>
  350. # networking tools
  351. nm-tray
  352. networkmanager
  353. networkmanagerapplet
  354. mtr # A network diagnostic tool
  355. iperf3
  356. dnsutils # `dig` + `nslookup`
  357. ldns # replacement of `dig`, it provide th>
  358. aria2 # A lightweight multi-protocol & mul>
  359. socat # replacement of openbsd-netcat
  360. nmap # A utility for network discovery and>
  361. ipcalc # it is a calculator for the IPv4/>
  362. # misc
  363. alejandra
  364. php
  365. phpPackages.composer
  366. cowsay
  367. file
  368. which
  369. tree
  370. gnused
  371. gnutar
  372. gawk
  373. zstd
  374. gnupg
  375. # nix related
  376. #
  377. # it provides the command `nom` works just lik>
  378. # with more details log output
  379. nix-output-monitor
  380. # productivity
  381. hugo # static site generator
  382. glow # markdown previewer in terminal
  383. btop # replacement of htop/nmon
  384. iotop # io monitoring
  385. iftop # network monitoring
  386. # system call monitoring
  387. strace # system call monitoring
  388. ltrace # library call monitoring
  389. lsof # list open files
  390. # system tools
  391. inotify-tools
  392. sysstat
  393. lm_sensors # for `sensors` command
  394. ethtool
  395. pciutils # lspci
  396. usbutils # lsusb
  397. gh
  398. webp-pixbuf-loader
  399. poppler
  400. ffmpegthumbnailer
  401. evince
  402. stacer
  403. digikam
  404. _1password-gui
  405. cpu-x
  406. wireshark
  407. variety
  408. vim
  409. fmt
  410. telegram-desktop
  411. discord
  412. vlc
  413. nodejs_latest
  414. kitty
  415. kitty-img
  416. kitty-themes
  417. yarn2nix
  418. yarn
  419.  
  420. moc
  421. qt6.qt5compat
  422. pkgs.qt6.full
  423. libsForQt5.full
  424. xorg.xcbutil
  425. pkgs.nodePackages_latest.pnpm
  426. pkgs.usbutils
  427. freetype
  428. fontconfig
  429. gnumake
  430. gcc13
  431. resilio-sync
  432. fmt
  433. pciutils
  434. geekbench
  435. inxi
  436. rPackages.trekfont
  437. ];
  438.  
  439. # system.stateVersion = "unstable-small"; # Did you read the comment?
  440. }
  441.  
Advertisement
Add Comment
Please, Sign In to add comment