meta: move config to separate file

2023-09-29 22:39:06 +02:00 · 2023-09-29 22:39:06 +02:00 · ad25a3cfe1
commit ad25a3cfe1
parent fcc0f05167
1 changed files with 0 additions and 341 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,341 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
  config,
  pkgs,
  lib,
  caps2esc,
  nix-xilinx,
  sops-nix,
  zremap,
  ...
 }: {
  imports = [];
  system.stateVersion = "23.05";
  system.autoUpgrade.enable = false;
  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
  sops.secrets."peerix/private" = {
    sopsFile = ./secrets/peerix.yaml;
    mode = "0400";
    owner = config.users.users.nobody.name;
    group = config.users.users.nobody.group;
  };
  nix = {
    optimise.automatic = true;
    gc.automatic = true;
    gc.options = "--delete-older-than 7d";
    package = pkgs.nixUnstable;
    settings = {
      experimental-features = ["nix-command" "flakes"];
      trusted-public-keys = [
        "binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
      ];
    };
  };
  boot = {
    extraModulePackages = with config.boot.kernelPackages; [usbip];
    initrd.compressor = "zstd";
    initrd.kernelModules = ["amdgpu"];
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = ["psmouse.synaptics_intertouch=0"];
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot.editor = false;
    loader.systemd-boot.enable = true;
    readOnlyNixStore = true;
    supportedFilesystems = ["btrfs"];
    tmp.useTmpfs = true;
  };
  security = {
    rtkit.enable = true;
    allowSimultaneousMultithreading = true;
    sudo.enable = true;
    doas.enable = true;
    doas.extraRules = [
      {
        users = ["akill"];
        keepEnv = true;
        persist = true;
      }
    ];
  };
  powerManagement = {
    enable = true;
  };
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [80 443];
    };
    hostName = "nixy";
    nameservers = ["127.0.0.1" "::1"];
    dhcpcd.extraConfig = "nohook resolv.conf";
    extraHosts = ''
      192.168.88.171 jellyfin.mediabox.lan
      192.168.88.171 mediabox.lan
      192.168.88.171 qbittorrent.mediabox.lan
      192.168.88.1   router.lan
      192.168.88.231 workstation.lan
    '';
    networkmanager = {
      enable = true;
      dns = "none";
      wifi.backend = "iwd";
    };
    wireless.iwd = {
      enable = true;
      settings = {
        General = {
          AddressRandomization = "network";
          #EnableNetworkConfiguration = true;
        };
      };
    };
  };
  time.timeZone = "Europe/Sarajevo";
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [nix-xilinx.overlay];
  environment = {
    homeBinInPath = true;
    variables = {
      PATH = "$HOME/.cargo/bin";
    };
  };
  programs = {
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    zsh.enable = true;
    firejail.enable = true;
    adb.enable = true;
    wireshark.enable = true;
    sway.enable = true;
  };
  # List services that you want to enable:
  systemd = {
    services = {
      "zremap" = {
        description = "Intercepts keyboard udev events";
        wants = ["systemd-udevd.service"];
        wantedBy = ["multi-user.target"];
        serviceConfig.Nice = -20;
        script = ''
 	  sleep 1
          ${zremap.defaultPackage.x86_64-linux}/bin/zremap \
          /dev/input/by-path/platform-i8042-serio-0-event-kbd
        '';
      };
    };
    extraConfig = ''
      DefaultTimeoutStartSec=30s
      DefaultTimeoutStopSec=30s
    '';
  };
  services = {
    acpid.enable = true;
    btrfs.autoScrub.enable = true;
    dbus.enable = true;
    fstrim.enable = true;
    fwupd.enable = true;
    ntp.enable = true;
    openssh.enable = true;
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    xserver = {
      enable = true;
      dpi = 144;
      libinput.enable = true;
      desktopManager.xterm.enable = false;
      displayManager = {
        lightdm.enable = false;
        startx.enable = true;
        defaultSession = "none+i3";
      };
      windowManager.i3.enable = true;
    };
    udev = {
      packages = [pkgs.rtl-sdr pkgs.openhantek6022];
      extraRules = ''
        #Xilinx FTDI
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
        #Xilinx Digilent
        ATTR{idVendor}=="1443", MODE:="666"
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
      '';
    };
    tlp = {
      enable = true;
    };
    actkbd = {
      enable = true;
      bindings = [
        {
          keys = [113];
          events = ["key"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
        }
        {
          keys = [114];
          events = ["key" "rep"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
        }
        {
          keys = [115];
          events = ["key" "rep"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
        }
        {
          keys = [224];
          events = ["key"];
          command = "${pkgs.light}/bin/light -U 5";
        }
        {
          keys = [225];
          events = ["key"];
          command = "${pkgs.light}/bin/light -A 5";
        }
      ];
    };
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        ipv6_servers = true;
        require_dnssec = true;
        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
      };
    };
    nix-serve = {
      enable = false;
      secretKeyFile = "/var/cache-priv-key.pem";
    };
    journald.extraConfig = ''
      SystemMaxUse=50M
    '';
    logind.extraConfig = ''
      KillUserProcesses=yes
    '';
  };
  fonts = {
    fontconfig = {
      cache32Bit = true;
      allowBitmaps = true;
      useEmbeddedBitmaps = true;
      defaultFonts = {
        monospace = ["JetBrainsMono"];
      };
    };
    packages = with pkgs; [
      dejavu_fonts
      dina-font
      fira-code
      fira-code-symbols
      font-awesome
      font-awesome_4
      inconsolata
      iosevka
      jetbrains-mono
      liberation_ttf
      noto-fonts
      noto-fonts-cjk
      noto-fonts-emoji
      proggyfonts
      siji
      terminus_font
      terminus_font_ttf
      ubuntu_font_family
    ];
  };
  virtualisation = {
    containers.storage.settings = {
      storage = {
        driver = "btrfs";
        graphroot = "/var/lib/containers/storage";
        runroot = "/run/containers/storage";
      };
    };
    podman = {
      enable = true;
      autoPrune.enable = true;
      dockerCompat = true;
    };
  };
  sound.enable = true;
  hardware = {
    bluetooth = {
      enable = true;
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
      extraPackages = with pkgs; [];
    };
  };
  zramSwap = {
    enable = false;
    algorithm = "zstd";
  };
  users.users.akill = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
  };
 }