andy/MinOS-prime
1
0
Fork 0
generated from andy/linux-nixos-hyprland-config-dotfiles
Code Activity

Initial commit

Browse Source
This commit is contained in:
Andy Kolibri Vendetti
2025-07-11 18:08:12 +03:00
commit 74c6a29a13
478 changed files with 23775 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/auto-upgrade.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
# Scheduled auto upgrade system (this is only for system upgrades,
# if you want to upgrade cargo\npm\pip global packages, docker containers or different part of the system
# or get really full system upgrade, use `topgrade` CLI utility manually instead.
# I recommend running `topgrade` once a week or at least once a month)
system.autoUpgrade = {
enable = true;
operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
flake = "/etc/nixos";
flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
dates = "weekly";
# channel = "https://nixos.org/channels/nixos-unstable";
};
}

11
nixos/bluetooth.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
environment.systemPackages = with pkgs; [
overskride
];
}

20
nixos/bootloader.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.timeout = 2;
boot.initrd.enable = true;
boot.initrd.verbose = false;
boot.initrd.systemd.enable = true;
boot.initrd.availableKernelModules = [ "i915" ];
boot.initrd.kernelModules = [ "i915" ];
boot.consoleLogLevel = 3;
boot.plymouth = {
enable = true;
font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
themePackages = [ pkgs.catppuccin-plymouth ];
theme = "catppuccin-macchiato";
};
}

8
nixos/clamav-scanner.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
services.clamav.scanner = {
enable = true;
interval = "Sat *-*-* 04:00:00";
};
}

18
nixos/configuration.nix Normal file
View File

@@ -0,0 +1,18 @@
# Edit trueconfiguration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ ... }:
{
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
# FIXME: change it to version from your current, fresh and auto-generated after first installation `configuration.nix` config file
system.stateVersion = "your_version_here"; # Did you read the comment?
}

21
nixos/disable-nvidia.nix Normal file
View File

@@ -0,0 +1,21 @@
{ ... }:
{
boot.extraModprobeConfig = ''
blacklist nouveau
options nouveau modeset=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA VGA/3D controller devices
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
'';
boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ];
}

27
nixos/display-manager.nix Normal file
View File

@@ -0,0 +1,27 @@
{ pkgs, ... }:
{
# Enable Display Manager
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet \
--time --time-format '%I:%M %p | %a %h | %F' \
--cmd 'uwsm start hyprland'";
user = "greeter";
};
};
};
users.users.greeter = {
isNormalUser = false;
description = "greetd greeter user";
extraGroups = [ "video" "audio" ];
linger = true;
};
environment.systemPackages = with pkgs; [
greetd.tuigreet
];
}

49
nixos/dns.nix Normal file
View File

@@ -0,0 +1,49 @@
{ ... }:
{
# Enable Encrypted DNS
networking = {
nameservers = [ "127.0.0.1" "[::1]" ];
# If using dhcpcd:
dhcpcd.enable = false; # disable, because enabled by default
dhcpcd.extraConfig = "nohook resolv.conf";
# If using NetworkManager:
networkmanager.dns = "none";
# If using resolvconf:
resolvconf = {
enable = true; # FIXME remember to delete /etc/resolv.conf if you disable `resolvconf`
useLocalResolver = true;
};
# If using iwd:
wireless.iwd.settings.Network.NameResolvingService = "none";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
listen_addresses = [ "127.0.0.1:53" "[::1]:53" ];
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = [ "cloudflare" "cloudflare-ipv6" "cloudflare-security" "cloudflare-security-ipv6" "adguard-dns-doh" "mullvad-adblock-doh" "mullvad-doh" "nextdns" "nextdns-ipv6" "quad9-dnscrypt-ipv4-filter-pri" "google" "google-ipv6" "ibksturm" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}

8
nixos/environment-variables.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
# Setup Env Variables
environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
environment.variables.JDK_PATH = "${pkgs.jdk11}/";
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
}

10
nixos/fingerprint-scanner.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
# Enable fingerprint scanner
services.fprintd = {
enable = true;
tod.enable = true;
tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
};
}

10
nixos/firewall.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
# Open ports in the firewall.
networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [ 3000 ];
# networking.firewall.allowedUDPPorts = [ 3000 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

227
nixos/flake.lock generated Normal file
View File

@@ -0,0 +1,227 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1727348695,
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1718428119,
"narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e6cea36f83499eb4e9cd184c8a8e823296b50ad5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1726238386,
"narHash": "sha256-3//V84fYaGVncFImitM6lSAliRdrGayZLdxWlpcuGk0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "01f064c99c792715054dc7a70e4c1626dbbec0c3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1727577080,
"narHash": "sha256-2LPT76Acp6ebt7fCt90eq/M8T2+X09s/yTVgfVFrtno=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "73a833855442ce8cee710cf4d8d054fea1c81196",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay_2",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1726890735,
"narHash": "sha256-0qrs+abRPD8o9uLbwy187rqtxs5twcC1Iw9K59pjjWs=",
"owner": "wez",
"repo": "wezterm",
"rev": "6c1dbc0eb2f602a23e6d5f1479db218f8e705839",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

70
nixos/flake.nix Normal file
View File

@@ -0,0 +1,70 @@
{
description = "XNM's NixOS Configuration";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
rust-overlay.url = "github:oxalica/rust-overlay";
wezterm.url = "github:wez/wezterm?dir=nix";
radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git";
};
outputs = { nixpkgs, ... } @ inputs:
{
nixosConfigurations.isitreal-laptop = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./configuration.nix
./hardware-configuration.nix
./nvidia.nix
# ./disable-nvidia.nix
./opengl.nix
# ./fingerprint-scanner.nix
# ./clamav-scanner.nix
./yubikey.nix
./sound.nix
./usb.nix
./keyboard.nix
./time.nix
./swap.nix
./bootloader.nix
./nix-settings.nix
./nixpkgs.nix
./gc.nix
# ./auto-upgrade.nix
./linux-kernel.nix
./screen.nix
# ./location.nix
./display-manager.nix
./theme.nix
./internationalisation.nix
./fonts.nix
./security-services.nix
./services.nix
# ./printing.nix
# ./gnome.nix
./hyprland.nix
./environment-variables.nix
./bluetooth.nix
./networking.nix
# ./mac-randomize.nix
# ./open-ssh.nix
./mosh.nix
./firewall.nix
./dns.nix
./vpn.nix
./users.nix
./virtualisation.nix
./programming-languages.nix
./lsp.nix
./rust.nix
./radicle.nix
./wasm.nix
./info-fetchers.nix
./utils.nix
./terminal-utils.nix
./llm.nix
./work.nix
];
};
};
}

10
nixos/fonts.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
# Fonts
fonts.packages = with pkgs; [
jetbrains-mono
nerd-font-patcher
noto-fonts-color-emoji
];
}

16
nixos/gc.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
# Optimize storage and automatic scheduled GC running
# If you want to run GC manually, use commands:
# `nix-store --optimize` for finding and eliminating redundant copies of identical store paths
# `nix-store --gc` for optimizing the nix store and removing unreferenced and obsolete store paths
# `nix-collect-garbage -d` for deleting old generations of user profiles
nix.settings.auto-optimise-store = true;
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
}

22
nixos/gnome.nix Normal file
View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
# Enable Gnome
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Gnome Exclude Packages
# environment.gnome.excludePackages = (with pkgs; [
# gnome-tour
# ]) ++ (with pkgs.gnome; [
# gnome-terminal
# gedit # text editor
# epiphany # web browser
# geary # email reader
# tali # poker game
# iagno # go game
# hitori # sudoku game
# atomix # puzzle game
# ]);
}

35
nixos/hyprland.nix Normal file
View File

@@ -0,0 +1,35 @@
{ inputs, pkgs, ... }:
{
# Enable Hyprland
programs.hyprland = {
enable = true;
withUWSM = true;
};
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
programs.hyprlock.enable = true;
services.hypridle.enable = true;
environment.systemPackages = with pkgs; [
pyprland
hyprpicker
hyprcursor
hyprlock
hypridle
hyprpaper
inputs.wezterm.packages.${pkgs.system}.default
kitty
cool-retro-term
starship
helix
qutebrowser
zathura
mpv
imv
];
}

30
nixos/info-fetchers.nix Normal file
View File

@@ -0,0 +1,30 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
neofetch
onefetch
ipfetch
cpufetch
ramfetch
starfetch
octofetch
htop
bottom
btop
zfxtop
kmon
# vulkan-tools
# opencl-info
# clinfo
# vdpauinfo
# libva-utils
nvtopPackages.nvidia
nvtopPackages.intel
wlr-randr
gpu-viewer
dig
speedtest-rs
];
}

32
nixos/internationalisation.nix Normal file
View File

@@ -0,0 +1,32 @@
{ pkgs, ... }:
{
i18n.supportedLocales = [
"en_US.UTF-8/UTF-8"
"uk_UA.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
nuspell
hyphen
hunspell
hunspellDicts.en_US
hunspellDicts.uk_UA
hunspellDicts.ru_RU
];
}

53
nixos/keyboard.nix Normal file
View File

@@ -0,0 +1,53 @@
{ pkgs, ... }:
{
services.xserver = {
xkb.layout = "us,ua,ru";
xkb.options = "grp:alt_shift_toggle";
};
environment.systemPackages = with pkgs; [
klavaro
gtypist
via
];
# services.kanata = {
# enable = true;
# keyboards = {
# internalKeyboard = {
# extraDefCfg = "process-unmapped-keys yes";
# config = ''
# (defsrc
# caps a s d f j k l ; lctl h
# )
# (defvar
# tap-time 200
# hold-time 200
# )
# (defalias
# escsuper (tap-hold $tap-time $hold-time esc lmet)
# a-mod (tap-hold $tap-time $hold-time a lctl)
# s-mod (tap-hold $tap-time $hold-time s lsft)
# d-mod (tap-hold $tap-time $hold-time d lalt)
# f-mod (tap-hold $tap-time $hold-time f lmet)
# j-mod (tap-hold $tap-time $hold-time j rmet)
# k-mod (tap-hold $tap-time $hold-time k ralt)
# l-mod (tap-hold $tap-time $hold-time l rsft)
# ;-mod (tap-hold $tap-time $hold-time ; rctl)
# ctrl-h-backpace (tap-hold $tap-time $hold-time lctl (layer-toggle ctrl-h-layer))
# )
# (deflayer base
# @escsuper @a-mod @s-mod @d-mod @f-mod @j-mod @k-mod @l-mod @;-mod @ctrl-h-backpace h
# )
# (deflayer ctrl-h-layer
# _ _ _ _ _ _ _ _ _ _ bspc
# )
# '';
# };
# };
# };
}

42
nixos/linux-kernel.nix Normal file
View File

@@ -0,0 +1,42 @@
{ pkgs, ... }:
{
# Linux Kernel
security.forcePageTableIsolation = true;
# security.lockKernelModules = true;
# security.protectKernelImage = true;
security.unprivilegedUsernsClone = true;
security.virtualisation.flushL1DataCache = "cond";
boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
boot.kernelParams = [
"quiet"
"splash"
"loglevel=3"
"rd.udev.log_priority=3"
"systemd.show_status=auto"
"fbcon=nodefer"
"vt.global_cursor_default=0"
"kernel.modules_disabled=1"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf"
"usbcore.autosuspend=-1"
"video4linux"
"acpi_rev_override=5"
];
# boot.kernelPatches = [ {
# name = "selinux-config";
# patch = null;
# extraConfig = ''
# SECURITY_SELINUX y
# SECURITY_SELINUX_BOOTPARAM n
# SECURITY_SELINUX_DEVELOP y
# SECURITY_SELINUX_AVC_STATS y
# DEFAULT_SECURITY_SELINUX n
# '';
# } ];
# systemd.package = pkgs.systemd.override { withSelinux = true; };
# environment.systemPackages = with pkgs; [
# policycoreutils
# ];
}

44
nixos/llm.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, config, ... }:
{
services.ollama = {
enable = true;
loadModels = [ "llama3.2:3b" "phi4-reasoning:14b" "dolphin3:8b" "smallthinker:3b" "gemma3n:e4b" "gemma3:12b" "gemma3:27b" "deepcoder:14b" "qwen3:14b" "nomic-embed-text" ];
acceleration = "cuda";
};
services.searx = {
enable = true;
settings = {
server = {
port = 7777;
bind_address = "127.0.0.1";
secret_key = "@SEARX_SECRET_KEY@"; # FIXME: Set up this key in the .env file described below, name of variable `SEARX_SECRET_KEY`
};
search = {
formats = [ "html" "json" ];
};
};
environmentFile = "${config.users.users.xnm.home}/.config/.env.searxng"; # FIXME: The location of the `.env` file where you need to set up the key
};
services.open-webui = {
enable = true;
port = 8888;
host = "127.0.0.1";
};
environment.systemPackages = with pkgs; [
oterm
alpaca
aichat
fabric-ai
aider-chat
# tgpt
# smartcat
# nextjs-ollama-llm-ui
# open-webui
];
}

14
nixos/location.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
# services.geoclue2.appConfig = {
# "gammastep" = {
# isAllowed = true;
# isSystem = false;
# users = [ "1000" ]; # FIXME: set your user id (to get user id use command 'id -u "your_user_name"')
# };
# };
location.provider = "geoclue2";
services.geoclue2.enable = true;
}

33
nixos/lsp.nix Normal file
View File

@@ -0,0 +1,33 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
python311Packages.python-lsp-server
nodePackages_latest.nodemon
nodePackages_latest.typescript
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
nodePackages_latest.yaml-language-server
nodePackages_latest.dockerfile-language-server-nodejs
nodePackages_latest.bash-language-server
nodePackages_latest.graphql-language-service-cli
vue-language-server
sumneko-lua-language-server
marksman
markdown-oxide
nil
zls
gopls
delve
emmet-language-server
buf
cmake-language-server
docker-compose-language-service
vscode-extensions.vadimcn.vscode-lldb
slint-lsp
terraform-ls
ansible-language-server
hyprls
helix-gpt
];
}

23
nixos/mac-randomize.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, ... }:
{
# When connecting to untrusted networks, such as public Wi-Fi use a random MAC address to prevent tracking and unauthorized access to your device.
# But my recommendation is to avoid untrusted networks whenever possible, opting for trusted home or mobile hotspot connections.
# Also, you can enhance your privacy and security by:
# - Employing a VPN (Virtual Private Network) to encrypt internet traffic.
# - Utilizing Encrypted DNS, with DNS over HTTPS (DoH) to encrypt communication with the DNS server and mask DNS traffic under HTTPS.
# Enable MAC Randomize
systemd.services.macchanger = {
enable = true;
description = "Change MAC address";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.macchanger}/bin/macchanger -r wlp0s20f3";
ExecStop = "${pkgs.macchanger}/bin/macchanger -p wlp0s20f3";
RemainAfterExit = true;
};
};
}

21
nixos/mosh.nix Normal file
View File

@@ -0,0 +1,21 @@
{ pkgs, ... }:
{
# programs.mosh = {
# enable = true;
# programs.mosh.openFirewall = false;
# };
# services.openssh = {
# settings = {
# PasswordAuthentication = false;
# KbdInteractiveAuthentication = false;
# PermitRootLogin = "no";
# AllowUsers = [ "xnm" ];
# };
# };
environment.systemPackages = with pkgs; [
mosh
];
}

34
nixos/networking.nix Normal file
View File

@@ -0,0 +1,34 @@
{ pkgs, ... }:
{
# Enable networking
networking.hostName = "isitreal-laptop"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# networking.networkmanager.wifi.backend = "iwd";
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
};
Network = {
EnableIPv6 = true;
};
Scan = {
DisablePeriodicScan = true;
};
};
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
environment.systemPackages = with pkgs; [
iwgtk
impala
];
}

8
nixos/nix-settings.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
# Nix Configuration
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
};
}

13
nixos/nixpkgs.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Override packages
# nixpkgs.config.packageOverrides = pkgs: {
# nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
# inherit pkgs;
# };
# };
}

79
nixos/nvidia.nix Normal file
View File

@@ -0,0 +1,79 @@
{ config, lib, ... }:
{
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = ["nvidia"];
# Enable access to nvidia from containers (Docker, Podman)
hardware.nvidia-container-toolkit.enable = true;
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = true;
# Dynamic Boost. It is a technology found in NVIDIA Max-Q design laptops with RTX GPUs.
# It intelligently and automatically shifts power between
# the CPU and GPU in real-time based on the workload of your game or application.
dynamicBoost.enable = lib.mkForce true;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
# Nvidia Optimus PRIME. It is a technology developed by Nvidia to optimize
# the power consumption and performance of laptops equipped with their GPUs.
# It seamlessly switches between the integrated graphics,
# usually from Intel, for lightweight tasks to save power,
# and the discrete Nvidia GPU for performance-intensive tasks.
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
# FIXME: Change the following values to the correct Bus ID values for your system!
# More on "https://wiki.nixos.org/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_(Mandatory)"
nvidiaBusId = "PCI:0:0:0";
intelBusId = "PCI:0:0:0";
};
};
# NixOS specialization named 'nvidia-sync'. Provides the ability
# to switch the Nvidia Optimus Prime profile
# to sync mode during the boot process, enhancing performance.
specialisation = {
nvidia-sync.configuration = {
system.nixos.tags = [ "nvidia-sync" ];
hardware.nvidia = {
powerManagement.finegrained = lib.mkForce false;
prime.offload.enable = lib.mkForce false;
prime.offload.enableOffloadCmd = lib.mkForce false;
prime.sync.enable = lib.mkForce true;
};
};
};
}

14
nixos/open-ssh.nix Normal file
View File

@@ -0,0 +1,14 @@
{ ... }:
{
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
AllowUsers = [ "xnm" ];
};
};
}

31
nixos/opengl.nix Normal file
View File

@@ -0,0 +1,31 @@
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
# Enable OpenGL
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD
intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
mesa
nvidia-vaapi-driver
nv-codec-headers-12
];
extraPackages32 = with pkgs.pkgsi686Linux; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
mesa
libvdpau-va-gl
];
};
}

10
nixos/printing.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
# Enable CUPS to print documents.
services.printing.enable = true;
# services.avahi = {
# enable = true;
# nssmdns4 = true;
# };
}

14
nixos/programming-languages.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
go
(python312Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip]))
nodePackages_latest.nodejs
nodePackages_latest.pnpm
bun
lua
zig
numbat
];
}

13
nixos/radicle.nix Normal file
View File

@@ -0,0 +1,13 @@
{ inputs, pkgs, ... }:
{
services.radicle = {
enable = false;
checkConfig = false;
};
environment.systemPackages = with pkgs; [
inputs.radicle-tui.packages.${pkgs.system}.default
radicle-node
];
}

15
nixos/rust-toolchain.toml Normal file
View File

@@ -0,0 +1,15 @@
[toolchain]
# channel = "nightly"
channel = "stable"
# components = [ "rust-src", "rust-analyzer", "rustc-codegen-cranelift", "miri", "llvm-tools", "rust-docs-json" ]
components = [ "rust-src", "rust-analyzer" ]
targets = [
"wasm32-unknown-unknown",
"wasm32-wasip1",
"wasm32-wasip2",
"x86_64-pc-windows-gnu",
"x86_64-unknown-linux-gnu",
"aarch64-unknown-linux-gnu",
"x86_64-unknown-linux-musl"
]
profile = "default"

32
nixos/rust.nix Normal file
View File

@@ -0,0 +1,32 @@
{ inputs, pkgs, ... }:
{
# Apply the overlay to the package set
nixpkgs.overlays = [
inputs.rust-overlay.overlays.default
];
environment.systemPackages = with pkgs; [
(rust-bin.fromRustupToolchainFile ./rust-toolchain.toml)
taplo #toml formatter & lsp
cargo-watch
cargo-deny
cargo-audit
cargo-update
cargo-edit
cargo-outdated
cargo-license
cargo-tarpaulin
cargo-cross
cargo-zigbuild
cargo-nextest
cargo-spellcheck
cargo-modules
cargo-bloat
cargo-unused-features
cargo-feature
cargo-features-manager
bacon
evcxr #rust repl
];
}

10
nixos/screen.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
programs.light.enable = true;
environment.systemPackages = with pkgs; [
wlsunset
brightnessctl
];
}

117
nixos/security-services.nix Normal file
View File

@@ -0,0 +1,117 @@
{ pkgs, lib, ... }:
{
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable Security Services
security.sudo-rs = {
enable = true;
execWheelOnly = true;
};
security.sudo.enable = false;
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
security.apparmor = {
enable = true;
killUnconfinedConfinables = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
};
security.pam.services = {
login.enableAppArmor = true;
sshd.enableAppArmor = true;
sudo-rs.enableAppArmor = true;
su.enableAppArmor = true;
greetd.enableAppArmor = true;
u2f.enableAppArmor = true;
};
services.dbus.apparmor = "enabled";
services.fail2ban.enable = true;
# security.polkit.enable = true;
programs.browserpass.enable = true;
services.clamav = {
daemon.enable = true;
fangfrisch.enable = true;
fangfrisch.interval = "daily";
updater.enable = true;
updater.interval = "daily"; #man systemd.time
updater.frequency = 12;
};
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
profile = "${pkgs.firejail}/etc/firejail/discord.profile";
};
slack = {
executable = "${lib.getBin pkgs.slack}/bin/slack";
profile = "${pkgs.firejail}/etc/firejail/slack.profile";
};
telegram-desktop = {
executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
};
brave = {
executable = "${lib.getBin pkgs.brave}/bin/brave";
profile = "${pkgs.firejail}/etc/firejail/brave.profile";
};
qutebrowser = {
executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser";
profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile";
};
thunar = {
executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar";
profile = "${pkgs.firejail}/etc/firejail/thunar.profile";
};
vscodium = {
executable = "${lib.getBin pkgs.vscodium}/bin/vscodium";
profile = "${pkgs.firejail}/etc/firejail/vscodium.profile";
};
};
};
environment.systemPackages = with pkgs; [
vulnix #scan command: vulnix --system
clamav #scan command: sudo freshclam; clamscan [options] [file/directory/-]
chkrootkit #scan command: sudo chkrootkit
# passphrase2pgp
pass-wayland
pass2csv
passExtensions.pass-tomb
passExtensions.pass-update
passExtensions.pass-otp
passExtensions.pass-import
passExtensions.pass-audit
tomb
pwgen
pwgen-secure
];
}

57
nixos/services.nix Normal file
View File

@@ -0,0 +1,57 @@
{ pkgs, ... }:
{
# Systemd services setup
systemd.packages = with pkgs; [
auto-cpufreq
];
# Enable Services
programs.direnv.enable = true;
services.upower.enable = true;
programs.fish.enable = true;
programs.dconf.enable = true;
services.dbus = {
enable = true;
implementation = "broker";
packages = with pkgs; [
xfce.xfconf
gnome2.GConf
];
};
services.mpd.enable = true;
programs.thunar.enable = true;
programs.xfconf.enable = true;
services.tumbler.enable = true;
services.fwupd.enable = true;
services.auto-cpufreq.enable = true;
# services.gnome.core-shell.enable = true;
# services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
environment.systemPackages = with pkgs; [
at-spi2-atk
qt6.qtwayland
psi-notify
poweralertd
playerctl
psmisc
grim
slurp
imagemagick
swappy
ffmpeg_6-full
wl-screenrec
wl-clipboard
wl-clip-persist
cliphist
xdg-utils
wtype
wlrctl
waybar
rofi-wayland
dunst
avizo
wlogout
gifsicle
];
}

25
nixos/sound.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, ... }:
{
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
environment.systemPackages = with pkgs; [
pamixer
pavucontrol
];
}

5
nixos/swap.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
zramSwap.enable = true;
}

72
nixos/terminal-utils.nix Normal file
View File

@@ -0,0 +1,72 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
moreutils
file
upx
dotenvx
git
lazygit
delta
license-generator
git-ignore
gitleaks
git-secrets
pass-git-helper
jujutsu
jjui
just
xh
process-compose
# mcfly # terminal history
zellij
progress
noti
topgrade
ripgrep
rewrk
wrk2
procs
tealdeer
# skim #fzf better alternative in rust
monolith
# taskwarrior3
asciinema
asciinema-agg
aria
# wormhole-william
magic-wormhole-rs
# macchina #neofetch alternative in rust
dogdns
sd
ouch
duf
ncdu
du-dust
fd
jq
gh
trash-cli
zoxide
tokei
fzf
bat
hexyl
mdcat
pandoc
lsd
lsof
gping
viu
tre-command
yazi
chafa
cmatrix
pipes-rs
rsclock
cava
figlet
];
}

62
nixos/theme.nix Normal file
View File

@@ -0,0 +1,62 @@
{ pkgs, ... }:
{
# Enable Theme
environment.variables.GTK_THEME = "catppuccin-macchiato-teal-standard";
environment.variables.XCURSOR_THEME = "Catppuccin-Macchiato-Teal";
environment.variables.XCURSOR_SIZE = "24";
environment.variables.HYPRCURSOR_THEME = "Catppuccin-Macchiato-Teal";
environment.variables.HYPRCURSOR_SIZE = "24";
qt.enable = true;
qt.platformTheme = "gtk2";
qt.style = "gtk2";
console = {
earlySetup = true;
colors = [
"24273a"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"cad3f5"
"5b6078"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"a5adcb"
];
};
# Override packages
nixpkgs.config.packageOverrides = pkgs: {
colloid-icon-theme = pkgs.colloid-icon-theme.override { colorVariants = ["teal"]; };
catppuccin-gtk = pkgs.catppuccin-gtk.override {
accents = [ "teal" ]; # You can specify multiple accents here to output multiple themes
size = "standard";
variant = "macchiato";
};
discord = pkgs.discord.override {
withOpenASAR = true;
withTTS = true;
};
};
environment.systemPackages = with pkgs; [
numix-icon-theme-circle
colloid-icon-theme
catppuccin-gtk
catppuccin-kvantum
catppuccin-cursors.macchiatoTeal
# gnome.gnome-tweaks
# gnome.gnome-shell
# gnome.gnome-shell-extensions
# xsettingsd
# themechanger
];
}

7
nixos/time.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
# Set your time zone.
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Kyiv";
}

25
nixos/usb.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, ... }:
{
# USB Automounting
services.gvfs.enable = true;
# services.udisks2.enable = true;
# services.devmon.enable = true;
# Enable USB Guard
services.usbguard = {
enable = true;
dbus.enable = true;
implicitPolicyTarget = "block";
# FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard`
rules = ''
allow id {id} # device 1
allow id {id} # device 2
'';
};
# Enable USB-specific packages
environment.systemPackages = with pkgs; [
usbutils
];
}

22
nixos/users.nix Normal file
View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.xnm = {
isNormalUser = true;
description = "xnm";
extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
shell = pkgs.fish;
packages = with pkgs; [
spotify
youtube-music
discord
tdesktop
vscodium
brave
];
};
# Change runtime directory size
services.logind.extraConfig = "RuntimeDirectorySize=8G";
}

19
nixos/utils.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mold
gcc
clang
lld
lldb
musl
jdk11
dioxus-cli
surrealdb
surrealdb-migrations
surrealist
trunk
sqlx-cli
];
}

58
nixos/virtualisation.nix Normal file
View File

@@ -0,0 +1,58 @@
{ pkgs, ... }:
{
# Enable Kasm
# services.kasmweb = {
# enable = true;
# listenPort = 9999;
# };
# Enable Containerd
# virtualisation.containerd.enable = true;
# Enable Docker
# virtualisation.docker = {
# enable = true;
# rootless = {
# enable = true;
# setSocketVariable = true;
# daemon.settings.features.cdi = true;
# };
# };
# users.extraGroups.docker.members = [ "xnm" ];
# Enable Podman
virtualisation.podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
environment.variables.DBX_CONTAINER_MANAGER = "podman";
users.extraGroups.podman.members = [ "xnm" ];
environment.systemPackages = with pkgs; [
nvidia-docker
nerdctl
# firecracker
# firectl
# flintlock
distrobox
qemu
lima
podman-compose
podman-tui
docker-compose
# lazydocker
# docker-credential-helpers
];
}

14
nixos/vpn.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
# Enable Mullvad VPN
services.mullvad-vpn.enable = true;
services.mullvad-vpn.package = pkgs.mullvad; # `pkgs.mullvad` only provides the CLI tool, use `pkgs.mullvad-vpn` instead if you want to use the CLI and the GUI.
environment.systemPackages = with pkgs; [
mullvad-closest
mullvad-browser
tor-browser
];
}

11
nixos/wasm.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
wasmedge
wasmer
lunatic
wasmi
# wasm3
];
}

17
nixos/work.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
slack
aws-sam-cli
google-cloud-sdk
awscli2
ssm-session-manager-plugin
cargo-lambda
gnumake
cmake
firebase-tools
redli
android-studio
];
}

24
nixos/yubikey.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ...}:
{
services.udev.packages = [ pkgs.yubikey-personalization ];
programs.ssh.startAgent = true;
# FIXME Don't forget to create an authorization mapping file for your user (https://nixos.wiki/wiki/Yubikey#pam_u2f)
security.pam.u2f = {
enable = true;
settings.cue = true;
control = "sufficient";
};
security.pam.services = {
greetd.u2fAuth = true;
sudo-rs.u2fAuth = true;
hyprlock.u2fAuth = true;
};
environment.systemPackages = with pkgs; [
yubikey-manager
];
}