2024-09-02 21:22:08 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
<home-manager/nixos>
|
|
|
|
];
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
networking.hostName = "moonshadow"; # Define your hostname.
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
time.timeZone = "America/Chicago";
|
|
|
|
|
|
|
|
# Enable sound.
|
|
|
|
services.pipewire = {
|
|
|
|
enable = true;
|
|
|
|
pulse.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Enable KDE Plasma 6
|
|
|
|
services.displayManager.sddm.enable = true;
|
|
|
|
services.displayManager.sddm.wayland.enable = true;
|
|
|
|
services.displayManager.defaultSession = "plasma";
|
|
|
|
services.desktopManager.plasma6.enable = true;
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
# $ nix search wget
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
arp-scan
|
|
|
|
autossh
|
|
|
|
bat
|
|
|
|
borgbackup
|
|
|
|
curl
|
|
|
|
dig
|
|
|
|
discord
|
|
|
|
diskonaut
|
|
|
|
doggo
|
|
|
|
duf
|
|
|
|
dust
|
|
|
|
element-desktop
|
|
|
|
emacs28
|
|
|
|
fblog
|
|
|
|
fd
|
2024-09-04 06:10:35 +02:00
|
|
|
ffmpeg-full
|
|
|
|
firefox
|
2024-09-02 21:22:08 +02:00
|
|
|
gcc
|
|
|
|
git
|
|
|
|
glances
|
|
|
|
glow
|
|
|
|
gum
|
|
|
|
htop
|
|
|
|
hyfetch
|
|
|
|
hyperfine
|
|
|
|
just
|
|
|
|
killall
|
|
|
|
kdePackages.isoimagewriter
|
|
|
|
kdePackages.kasts
|
|
|
|
kdePackages.kate
|
|
|
|
kdePackages.kcalc
|
|
|
|
kdePackages.kcron
|
|
|
|
kdePackages.kdeconnect-kde
|
|
|
|
kdePackages.kget
|
|
|
|
kdePackages.kjournald
|
|
|
|
kdePackages.kleopatra
|
|
|
|
kdePackages.kontrast
|
|
|
|
kdePackages.kpeople
|
|
|
|
kdePackages.tokodon
|
|
|
|
kdePackages.yakuake
|
|
|
|
lagrange
|
|
|
|
lsd
|
|
|
|
lynx
|
|
|
|
neovim
|
|
|
|
nix-diff
|
|
|
|
nix-doc
|
|
|
|
nix-du
|
|
|
|
nix-health
|
|
|
|
nix-inspect
|
|
|
|
nix-template
|
|
|
|
nix-top
|
|
|
|
nixfmt-rfc-style
|
|
|
|
nixos-icons
|
|
|
|
nmap
|
2024-09-02 21:35:25 +02:00
|
|
|
nodePackages_latest.prettier
|
2024-09-02 21:22:08 +02:00
|
|
|
parallel
|
|
|
|
procs
|
|
|
|
ripgrep
|
|
|
|
rsync
|
|
|
|
rustscan
|
|
|
|
starship
|
|
|
|
tealdeer
|
|
|
|
trash-cli
|
|
|
|
vivid
|
|
|
|
wget
|
|
|
|
wireshark
|
|
|
|
wl-clipboard
|
|
|
|
wthrr
|
|
|
|
yazi
|
|
|
|
zellij
|
|
|
|
];
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
# Tailscale
|
|
|
|
services.tailscale = {
|
|
|
|
enable = true;
|
|
|
|
authKeyFile = "/etc/tailscale-auth";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [ 22 ];
|
|
|
|
allowedTCPPortRanges = [
|
|
|
|
{
|
|
|
|
from = 1714;
|
|
|
|
to = 1764;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
allowedUDPPortRanges = [
|
|
|
|
{
|
|
|
|
from = 1714;
|
|
|
|
to = 1764;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Enable NetworkManager
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
|
2024-09-04 06:10:35 +02:00
|
|
|
# Enable atop
|
|
|
|
programs.atop = {
|
|
|
|
enable = true;
|
|
|
|
atopRotateTimer.enable = true;
|
|
|
|
atopService.enable = true;
|
|
|
|
atopacctService.enable = true;
|
|
|
|
};
|
|
|
|
|
2024-09-02 21:22:08 +02:00
|
|
|
# Enable Zsh
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
|
|
|
# sudo without password
|
|
|
|
security.sudo.extraRules = [
|
|
|
|
{
|
|
|
|
users = [ "jas" ];
|
|
|
|
commands = [
|
|
|
|
{
|
|
|
|
command = "ALL";
|
|
|
|
options = [ "NOPASSWD" ];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
## HOME MANAGER
|
|
|
|
users.users.jas = {
|
|
|
|
isNormalUser = true;
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
};
|
|
|
|
|
|
|
|
home-manager.users.jas =
|
|
|
|
{ config, ... }:
|
|
|
|
{
|
|
|
|
home.username = "jas";
|
|
|
|
home.homeDirectory = "/home/jas";
|
|
|
|
home.stateVersion = "24.05";
|
|
|
|
|
|
|
|
# dotfiles
|
|
|
|
home.file = {
|
|
|
|
".justfile".source = dotfiles/just/.justfile;
|
|
|
|
".zshrc".source = dotfiles/zsh/.zshrc;
|
|
|
|
".zshrc.d".source = dotfiles/zsh/.zshrc.d;
|
|
|
|
".zpath".source = dotfiles/zsh/.zpath;
|
|
|
|
".zshenv".source = dotfiles/zsh/.zshenv;
|
|
|
|
".config/zellij".source = dotfiles/config/.config/zellij;
|
|
|
|
".config/starship.toml".source = dotfiles/config/.config/starship.toml;
|
|
|
|
};
|
|
|
|
|
|
|
|
# git
|
|
|
|
programs.git = {
|
|
|
|
enable = true;
|
|
|
|
diff-so-fancy = {
|
|
|
|
enable = true;
|
|
|
|
pagerOpts = [
|
|
|
|
"--tabs=4"
|
|
|
|
"-RFX"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
userName = "Jeffrey Serio";
|
|
|
|
userEmail = "hyperreal@moonshadow.dev";
|
|
|
|
extraConfig = {
|
|
|
|
core.editor = "emacsclient";
|
|
|
|
init.defaultBranch = "main";
|
|
|
|
pull.rebase = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# SSH config
|
|
|
|
programs.ssh.enable = true;
|
|
|
|
programs.ssh.matchBlocks = {
|
|
|
|
"nixos.tail7dd4a.ts.net" = {
|
|
|
|
hostname = "nixos.tail7dd4a.ts.net";
|
|
|
|
user = "jas";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
"aux-vm" = {
|
|
|
|
hostname = "10.0.0.26";
|
|
|
|
user = "jas";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
"bttracker.nirn.quest" = {
|
|
|
|
hostname = "bttracker.nirn.quest";
|
|
|
|
user = "jas";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
"hyperreal.coffee" = {
|
|
|
|
hostname = "hyperreal.coffee";
|
|
|
|
user = "jas";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
"qbittorrent" = {
|
|
|
|
hostname = "qbittorrent.tail7dd4a.ts.net";
|
|
|
|
user = "jas";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
"truenas" = {
|
|
|
|
hostname = "truenas-scale.tail7dd4a.ts.net";
|
|
|
|
user = "admin";
|
|
|
|
identityFile = "~/.ssh/id_ed25519";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# direnv
|
|
|
|
programs.direnv = {
|
|
|
|
enable = true;
|
|
|
|
enableZshIntegration = true;
|
|
|
|
nix-direnv.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# XDG user dirs
|
|
|
|
xdg.userDirs = {
|
|
|
|
enable = true;
|
|
|
|
createDirectories = true;
|
|
|
|
desktop = "/home/jas/desktop";
|
|
|
|
documents = "/home/jas/shared/documents";
|
|
|
|
download = "/home/jas/downloads";
|
|
|
|
music = null;
|
|
|
|
pictures = "/home/jas/shared/pictures";
|
|
|
|
publicShare = "/home/jas/shared";
|
|
|
|
templates = null;
|
|
|
|
videos = null;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Nix settings
|
|
|
|
nix = {
|
|
|
|
settings = {
|
|
|
|
allowed-users = [ "jas" ];
|
|
|
|
auto-optimise-store = true;
|
|
|
|
experimental-features = [
|
|
|
|
"flakes"
|
|
|
|
"nix-command"
|
|
|
|
"repl-flake"
|
|
|
|
];
|
|
|
|
trusted-users = [
|
|
|
|
"jas"
|
|
|
|
"root"
|
|
|
|
];
|
|
|
|
keep-derivations = true;
|
|
|
|
keep-outputs = true;
|
|
|
|
warn-dirty = false;
|
|
|
|
};
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
dates = "weekly";
|
|
|
|
randomizedDelaySec = "14min";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Nixpkgs
|
|
|
|
nixpkgs.config = {
|
|
|
|
allowUnfree = true;
|
|
|
|
allowUnfreePredicate = _: true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# ZFS snapshots
|
2024-09-04 06:10:35 +02:00
|
|
|
services.znapzend = {
|
|
|
|
enable = true;
|
|
|
|
autoCreation = true;
|
|
|
|
pure = true;
|
|
|
|
zetup = {
|
|
|
|
"rpool/home" = {
|
|
|
|
plan = "1d=>1h,1m=>1d,1y=>1m";
|
|
|
|
recursive = true;
|
|
|
|
destinations = {
|
|
|
|
remote = {
|
|
|
|
host = "root@10.0.0.81";
|
|
|
|
dataset = "coffeeNAS/moonshadow";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-09-02 21:22:08 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Copy the NixOS configuration file and link it from the resulting system
|
|
|
|
# (/run/current-system/configuration.nix). This is useful in case you
|
|
|
|
# accidentally delete configuration.nix.
|
|
|
|
system.copySystemConfiguration = true;
|
|
|
|
|
|
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
|
|
#
|
|
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
|
|
#
|
|
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
|
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
|
|
|
# to actually do that.
|
|
|
|
#
|
|
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
|
|
# out of date, out of support, or vulnerable.
|
|
|
|
#
|
|
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
|
|
# and migrated your data accordingly.
|
|
|
|
#
|
|
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
|
|
system.stateVersion = "24.05"; # Did you read the comment?
|
|
|
|
|
|
|
|
}
|