andy/MinOS-prime
1
0
Fork 0
generated from andy/linux-nixos-hyprland-config-dotfiles
Code Activity

Initial nixos config edits

Browse Source
This commit is contained in:
Andy Kolibri Vendetti
2025-07-12 18:23:09 +05:00
parent 74c6a29a13
commit 9469b546a5
21 changed files with 95 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/auto-upgrade.nix
View File

@@ -6,7 +6,7 @@
# or get really full system upgrade, use `topgrade` CLI utility manually instead.
# I recommend running `topgrade` once a week or at least once a month)
system.autoUpgrade = {
enable = true;
enable = false;
operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
flake = "/etc/nixos";
flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];

2
nixos/bluetooth.nix
View File

@@ -2,7 +2,7 @@
{
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.enable = false;
hardware.bluetooth.powerOnBoot = false;
environment.systemPackages = with pkgs; [

2
nixos/clamav-scanner.nix
View File

@@ -2,7 +2,7 @@
{
services.clamav.scanner = {
enable = true;
enable = false;
interval = "Sat *-*-* 04:00:00";
};
}

3
nixos/environment-variables.nix
View File

@@ -2,7 +2,4 @@
{
# Setup Env Variables
environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
environment.variables.JDK_PATH = "${pkgs.jdk11}/";
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
}

4
nixos/fingerprint-scanner.nix
View File

@@ -3,8 +3,8 @@
{
# Enable fingerprint scanner
services.fprintd = {
enable = true;
tod.enable = true;
enable = false;
tod.enable = false;
tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
};
}

2
nixos/firewall.nix
View File

@@ -2,7 +2,7 @@
{
# Open ports in the firewall.
networking.firewall.enable = true;
networking.firewall.enable = false;
# networking.firewall.allowedTCPPorts = [ 3000 ];
# networking.firewall.allowedUDPPorts = [ 3000 ];
# Or disable the firewall altogether.

36
nixos/flake.nix
View File

@@ -1,11 +1,11 @@
{
description = "XNM's NixOS Configuration";
description = "Andy's NixOS Configuration";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
rust-overlay.url = "github:oxalica/rust-overlay";
wezterm.url = "github:wez/wezterm?dir=nix";
radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git";
# rust-overlay.url = "github:oxalica/rust-overlay";
# wezterm.url = "github:wez/wezterm?dir=nix";
# radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git";
};
outputs = { nixpkgs, ... } @ inputs:
@@ -15,12 +15,12 @@
modules = [
./configuration.nix
./hardware-configuration.nix
./nvidia.nix
# ./disable-nvidia.nix
# ./nvidia.nix
./disable-nvidia.nix
./opengl.nix
# ./fingerprint-scanner.nix
# ./clamav-scanner.nix
./yubikey.nix
# ./yubikey.nix
./sound.nix
./usb.nix
./keyboard.nix
@@ -43,27 +43,27 @@
# ./printing.nix
# ./gnome.nix
./hyprland.nix
./environment-variables.nix
./bluetooth.nix
# ./environment-variables.nix
# ./bluetooth.nix
./networking.nix
# ./mac-randomize.nix
# ./open-ssh.nix
./mosh.nix
# ./mosh.nix
./firewall.nix
./dns.nix
./vpn.nix
# ./vpn.nix
./users.nix
./virtualisation.nix
./programming-languages.nix
./lsp.nix
./rust.nix
./radicle.nix
./wasm.nix
# ./programming-languages.nix
# ./lsp.nix
# ./rust.nix
# ./radicle.nix
# ./wasm.nix
./info-fetchers.nix
./utils.nix
./terminal-utils.nix
./llm.nix
./work.nix
# ./llm.nix
# ./work.nix
];
};
};

11
nixos/hyprland.nix
View File

@@ -7,7 +7,7 @@
withUWSM = true;
};
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "0";
programs.hyprlock.enable = true;
services.hypridle.enable = true;
@@ -22,14 +22,15 @@
inputs.wezterm.packages.${pkgs.system}.default
kitty
cool-retro-term
# cool-retro-term
starship
helix
qutebrowser
zathura
mpv
# qutebrowser
# zathura
# mpv
vlc
imv
];
}

10
nixos/info-fetchers.nix
View File

@@ -8,11 +8,11 @@
cpufetch
ramfetch
starfetch
octofetch
# octofetch
htop
bottom
btop
zfxtop
# zfxtop
kmon
# vulkan-tools
@@ -20,10 +20,10 @@
# clinfo
# vdpauinfo
# libva-utils
nvtopPackages.nvidia
nvtopPackages.intel
# nvtopPackages.nvidia
# nvtopPackages.intel
wlr-randr
gpu-viewer
# gpu-viewer
dig
speedtest-rs
];

18
nixos/internationalisation.nix
View File

@@ -3,22 +3,21 @@
{
i18n.supportedLocales = [
"en_US.UTF-8/UTF-8"
"uk_UA.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_ADDRESS = "ru_RU.UTF-8/UTF-8";
LC_IDENTIFICATION = "ru_RU.UTF-8/UTF-8";
LC_MEASUREMENT = "ru_RU.UTF-8/UTF-8";
LC_MONETARY = "ru_RU.UTF-8/UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_NUMERIC = "ru_RU.UTF-8/UTF-8";
LC_PAPER = "ru_RU.UTF-8/UTF-8";
LC_TELEPHONE = "ru_RU.UTF-8/UTF-8";
LC_TIME = "ru_RU.UTF-8/UTF-8";
};
environment.systemPackages = with pkgs; [
@@ -26,7 +25,6 @@
hyphen
hunspell
hunspellDicts.en_US
hunspellDicts.uk_UA
hunspellDicts.ru_RU
];
}

10
nixos/keyboard.nix
View File

@@ -2,16 +2,10 @@
{
services.xserver = {
xkb.layout = "us,ua,ru";
xkb.options = "grp:alt_shift_toggle";
xkb.layout = "us,ru";
xkb.options = "grp:win_space_toggle";
};
environment.systemPackages = with pkgs; [
klavaro
gtypist
via
];
# services.kanata = {
# enable = true;
# keyboards = {

14
nixos/networking.nix
View File

@@ -2,20 +2,20 @@
{
# Enable networking
networking.hostName = "isitreal-laptop"; # Define your hostname.
networking.hostName = "vendetti"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# networking.networkmanager.wifi.backend = "iwd";
networking.wireless.iwd = {
enable = true;
enable = false;
settings = {
General = {
EnableNetworkConfiguration = true;
};
Network = {
EnableIPv6 = true;
EnableIPv6 = false;
};
Scan = {
DisablePeriodicScan = true;
@@ -27,8 +27,8 @@
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
environment.systemPackages = with pkgs; [
iwgtk
impala
];
# environment.systemPackages = with pkgs; [
# iwgtk
# impala
# ];
}

4
nixos/open-ssh.nix
View File

@@ -3,12 +3,12 @@
{
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
enable = false;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
AllowUsers = [ "xnm" ];
AllowUsers = [ "andy" ];
};
};
}

28
nixos/opengl.nix
View File

@@ -2,30 +2,30 @@
{
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
# nixpkgs.config.packageOverrides = pkgs: {
# intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
# };
# Enable OpenGL
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD
intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
# intel-compute-runtime
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
mesa
nvidia-vaapi-driver
nv-codec-headers-12
# nvidia-vaapi-driver
# nv-codec-headers-12
];
extraPackages32 = with pkgs.pkgsi686Linux; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
# intel-media-driver
# intel-vaapi-driver
# vaapiVdpau
mesa
libvdpau-va-gl
# libvdpau-va-gl
];
};
}

56
nixos/security-services.nix
View File

@@ -17,7 +17,7 @@
security.sudo.enable = false;
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
enable = false;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
@@ -32,7 +32,7 @@
security.pam.services = {
login.enableAppArmor = true;
sshd.enableAppArmor = true;
# sshd.enableAppArmor = true;
sudo-rs.enableAppArmor = true;
su.enableAppArmor = true;
greetd.enableAppArmor = true;
@@ -40,52 +40,28 @@
};
services.dbus.apparmor = "enabled";
services.fail2ban.enable = true;
# services.fail2ban.enable = true;
# security.polkit.enable = true;
programs.browserpass.enable = true;
services.clamav = {
daemon.enable = true;
fangfrisch.enable = true;
fangfrisch.interval = "daily";
updater.enable = true;
updater.interval = "daily"; #man systemd.time
updater.frequency = 12;
};
# programs.browserpass.enable = true;
# services.clamav = {
# daemon.enable = true;
# fangfrisch.enable = true;
# fangfrisch.interval = "daily";
# updater.enable = true;
# updater.interval = "daily"; #man systemd.time
# updater.frequency = 12;
# };
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
profile = "${pkgs.firejail}/etc/firejail/discord.profile";
};
slack = {
executable = "${lib.getBin pkgs.slack}/bin/slack";
profile = "${pkgs.firejail}/etc/firejail/slack.profile";
vlc = {
executable = "${lib.getBin pkgs.vlc}/bin/vlc";
profile = "${pkgs.firejail}/etc/firejail/vlc.profile";
};
telegram-desktop = {
executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
};
brave = {
executable = "${lib.getBin pkgs.brave}/bin/brave";
profile = "${pkgs.firejail}/etc/firejail/brave.profile";
};
qutebrowser = {
executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser";
profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile";
};
thunar = {
executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar";
profile = "${pkgs.firejail}/etc/firejail/thunar.profile";
@@ -99,7 +75,7 @@
environment.systemPackages = with pkgs; [
vulnix #scan command: vulnix --system
clamav #scan command: sudo freshclam; clamscan [options] [file/directory/-]
# clamav #scan command: sudo freshclam; clamscan [options] [file/directory/-]
chkrootkit #scan command: sudo chkrootkit
# passphrase2pgp

13
nixos/terminal-utils.nix
View File

@@ -14,8 +14,6 @@
gitleaks
git-secrets
pass-git-helper
jujutsu
jjui
just
xh
process-compose
@@ -28,13 +26,11 @@
rewrk
wrk2
procs
tealdeer
# skim #fzf better alternative in rust
monolith
# taskwarrior3
asciinema
asciinema-agg
aria
# wormhole-william
magic-wormhole-rs
# macchina #neofetch alternative in rust
@@ -44,12 +40,8 @@
duf
ncdu
du-dust
fd
jq
gh
trash-cli
zoxide
tokei
fzf
bat
hexyl
@@ -57,11 +49,6 @@
pandoc
lsd
lsof
gping
viu
tre-command
yazi
chafa
cmatrix
pipes-rs

4
nixos/theme.nix
View File

@@ -40,10 +40,6 @@
size = "standard";
variant = "macchiato";
};
discord = pkgs.discord.override {
withOpenASAR = true;
withTTS = true;
};
};
environment.systemPackages = with pkgs; [

2
nixos/time.nix
View File

@@ -3,5 +3,5 @@
{
# Set your time zone.
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Kyiv";
time.timeZone = "Asia/Tashkent";
}

2
nixos/usb.nix
View File

@@ -8,7 +8,7 @@
# Enable USB Guard
services.usbguard = {
enable = true;
enable = false;
dbus.enable = true;
implicitPolicyTarget = "block";
# FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard`

10
nixos/users.nix
View File

@@ -2,18 +2,14 @@
{
# Define a user account. Don't forget to set a password with passwd.
users.users.xnm = {
users.users.andy = {
isNormalUser = true;
description = "xnm";
description = "andy";
extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
shell = pkgs.fish;
packages = with pkgs; [
spotify
youtube-music
discord
tdesktop
telegram-desktop
vscodium
brave
];
};

12
nixos/virtualisation.nix
View File

@@ -34,19 +34,19 @@
defaultNetwork.settings.dns_enabled = true;
};
environment.variables.DBX_CONTAINER_MANAGER = "podman";
users.extraGroups.podman.members = [ "xnm" ];
users.extraGroups.podman.members = [ "andy" ];
environment.systemPackages = with pkgs; [
nvidia-docker
nerdctl
# nvidia-docker
# nerdctl
# firecracker
# firectl
# flintlock
distrobox
qemu
lima
# distrobox
# qemu
# lima
podman-compose
podman-tui