diff --git a/nixos/auto-upgrade.nix b/nixos/auto-upgrade.nix index f23cd1d..1bcaddb 100644 --- a/nixos/auto-upgrade.nix +++ b/nixos/auto-upgrade.nix @@ -6,7 +6,7 @@ # or get really full system upgrade, use `topgrade` CLI utility manually instead. # I recommend running `topgrade` once a week or at least once a month) system.autoUpgrade = { - enable = true; + enable = false; operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case flake = "/etc/nixos"; flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ]; diff --git a/nixos/bluetooth.nix b/nixos/bluetooth.nix index 82c0336..dd52f29 100644 --- a/nixos/bluetooth.nix +++ b/nixos/bluetooth.nix @@ -2,7 +2,7 @@ { # Enable Bluetooth - hardware.bluetooth.enable = true; + hardware.bluetooth.enable = false; hardware.bluetooth.powerOnBoot = false; environment.systemPackages = with pkgs; [ diff --git a/nixos/clamav-scanner.nix b/nixos/clamav-scanner.nix index b6668cd..6e8fc35 100644 --- a/nixos/clamav-scanner.nix +++ b/nixos/clamav-scanner.nix @@ -2,7 +2,7 @@ { services.clamav.scanner = { - enable = true; + enable = false; interval = "Sat *-*-* 04:00:00"; }; } diff --git a/nixos/environment-variables.nix b/nixos/environment-variables.nix index 0a47745..a25bbdc 100644 --- a/nixos/environment-variables.nix +++ b/nixos/environment-variables.nix @@ -2,7 +2,4 @@ { # Setup Env Variables - environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/"; - environment.variables.JDK_PATH = "${pkgs.jdk11}/"; - environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/"; } diff --git a/nixos/fingerprint-scanner.nix b/nixos/fingerprint-scanner.nix index 49f23fb..d79a456 100644 --- a/nixos/fingerprint-scanner.nix +++ b/nixos/fingerprint-scanner.nix @@ -3,8 +3,8 @@ { # Enable fingerprint scanner services.fprintd = { - enable = true; - tod.enable = true; + enable = false; + tod.enable = false; tod.driver = pkgs.libfprint-2-tod1-goodix-550a; }; } diff --git a/nixos/firewall.nix b/nixos/firewall.nix index 6b8f1dc..3df5fe5 100644 --- a/nixos/firewall.nix +++ b/nixos/firewall.nix @@ -2,7 +2,7 @@ { # Open ports in the firewall. - networking.firewall.enable = true; + networking.firewall.enable = false; # networking.firewall.allowedTCPPorts = [ 3000 ]; # networking.firewall.allowedUDPPorts = [ 3000 ]; # Or disable the firewall altogether. diff --git a/nixos/flake.nix b/nixos/flake.nix index b6dc879..20b80b3 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -1,11 +1,11 @@ { - description = "XNM's NixOS Configuration"; + description = "Andy's NixOS Configuration"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - rust-overlay.url = "github:oxalica/rust-overlay"; - wezterm.url = "github:wez/wezterm?dir=nix"; - radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git"; + # rust-overlay.url = "github:oxalica/rust-overlay"; + # wezterm.url = "github:wez/wezterm?dir=nix"; + # radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git"; }; outputs = { nixpkgs, ... } @ inputs: @@ -15,12 +15,12 @@ modules = [ ./configuration.nix ./hardware-configuration.nix - ./nvidia.nix - # ./disable-nvidia.nix + # ./nvidia.nix + ./disable-nvidia.nix ./opengl.nix # ./fingerprint-scanner.nix # ./clamav-scanner.nix - ./yubikey.nix + # ./yubikey.nix ./sound.nix ./usb.nix ./keyboard.nix @@ -43,27 +43,27 @@ # ./printing.nix # ./gnome.nix ./hyprland.nix - ./environment-variables.nix - ./bluetooth.nix + # ./environment-variables.nix + # ./bluetooth.nix ./networking.nix # ./mac-randomize.nix # ./open-ssh.nix - ./mosh.nix + # ./mosh.nix ./firewall.nix ./dns.nix - ./vpn.nix + # ./vpn.nix ./users.nix ./virtualisation.nix - ./programming-languages.nix - ./lsp.nix - ./rust.nix - ./radicle.nix - ./wasm.nix + # ./programming-languages.nix + # ./lsp.nix + # ./rust.nix + # ./radicle.nix + # ./wasm.nix ./info-fetchers.nix ./utils.nix ./terminal-utils.nix - ./llm.nix - ./work.nix + # ./llm.nix + # ./work.nix ]; }; }; diff --git a/nixos/hyprland.nix b/nixos/hyprland.nix index 0f410f7..71c6c70 100644 --- a/nixos/hyprland.nix +++ b/nixos/hyprland.nix @@ -7,7 +7,7 @@ withUWSM = true; }; environment.sessionVariables.NIXOS_OZONE_WL = "1"; - environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1"; + environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "0"; programs.hyprlock.enable = true; services.hypridle.enable = true; @@ -22,14 +22,15 @@ inputs.wezterm.packages.${pkgs.system}.default kitty - cool-retro-term + # cool-retro-term starship helix - qutebrowser - zathura - mpv + # qutebrowser + # zathura + # mpv + vlc imv ]; } diff --git a/nixos/info-fetchers.nix b/nixos/info-fetchers.nix index 654eb67..458063f 100644 --- a/nixos/info-fetchers.nix +++ b/nixos/info-fetchers.nix @@ -8,11 +8,11 @@ cpufetch ramfetch starfetch - octofetch + # octofetch htop bottom btop - zfxtop + # zfxtop kmon # vulkan-tools @@ -20,10 +20,10 @@ # clinfo # vdpauinfo # libva-utils - nvtopPackages.nvidia - nvtopPackages.intel + # nvtopPackages.nvidia + # nvtopPackages.intel wlr-randr - gpu-viewer + # gpu-viewer dig speedtest-rs ]; diff --git a/nixos/internationalisation.nix b/nixos/internationalisation.nix index 94b3da8..3f09ac1 100644 --- a/nixos/internationalisation.nix +++ b/nixos/internationalisation.nix @@ -3,22 +3,21 @@ { i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" - "uk_UA.UTF-8/UTF-8" "ru_RU.UTF-8/UTF-8" ]; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; + LC_ADDRESS = "ru_RU.UTF-8/UTF-8"; + LC_IDENTIFICATION = "ru_RU.UTF-8/UTF-8"; + LC_MEASUREMENT = "ru_RU.UTF-8/UTF-8"; + LC_MONETARY = "ru_RU.UTF-8/UTF-8"; LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + LC_NUMERIC = "ru_RU.UTF-8/UTF-8"; + LC_PAPER = "ru_RU.UTF-8/UTF-8"; + LC_TELEPHONE = "ru_RU.UTF-8/UTF-8"; + LC_TIME = "ru_RU.UTF-8/UTF-8"; }; environment.systemPackages = with pkgs; [ @@ -26,7 +25,6 @@ hyphen hunspell hunspellDicts.en_US - hunspellDicts.uk_UA hunspellDicts.ru_RU ]; } diff --git a/nixos/keyboard.nix b/nixos/keyboard.nix index 0e1fd4b..4e80a6e 100644 --- a/nixos/keyboard.nix +++ b/nixos/keyboard.nix @@ -2,16 +2,10 @@ { services.xserver = { - xkb.layout = "us,ua,ru"; - xkb.options = "grp:alt_shift_toggle"; + xkb.layout = "us,ru"; + xkb.options = "grp:win_space_toggle"; }; - environment.systemPackages = with pkgs; [ - klavaro - gtypist - via - ]; - # services.kanata = { # enable = true; # keyboards = { diff --git a/nixos/networking.nix b/nixos/networking.nix index 20fd73f..b34ed2c 100644 --- a/nixos/networking.nix +++ b/nixos/networking.nix @@ -2,20 +2,20 @@ { # Enable networking - networking.hostName = "isitreal-laptop"; # Define your hostname. + networking.hostName = "vendetti"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # networking.networkmanager.wifi.backend = "iwd"; networking.wireless.iwd = { - enable = true; + enable = false; settings = { General = { EnableNetworkConfiguration = true; }; Network = { - EnableIPv6 = true; + EnableIPv6 = false; }; Scan = { DisablePeriodicScan = true; @@ -27,8 +27,8 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - environment.systemPackages = with pkgs; [ - iwgtk - impala - ]; + # environment.systemPackages = with pkgs; [ + # iwgtk + # impala + # ]; } diff --git a/nixos/open-ssh.nix b/nixos/open-ssh.nix index ebe79b8..71841a9 100644 --- a/nixos/open-ssh.nix +++ b/nixos/open-ssh.nix @@ -3,12 +3,12 @@ { # Enable the OpenSSH daemon. services.openssh = { - enable = true; + enable = false; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "no"; - AllowUsers = [ "xnm" ]; + AllowUsers = [ "andy" ]; }; }; } diff --git a/nixos/opengl.nix b/nixos/opengl.nix index 1e6c01d..50c635e 100644 --- a/nixos/opengl.nix +++ b/nixos/opengl.nix @@ -2,30 +2,30 @@ { - nixpkgs.config.packageOverrides = pkgs: { - intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; }; - }; + # nixpkgs.config.packageOverrides = pkgs: { + # intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; }; + # }; # Enable OpenGL hardware.graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ - intel-compute-runtime - intel-media-driver # LIBVA_DRIVER_NAME=iHD - intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl + # intel-compute-runtime + # intel-media-driver # LIBVA_DRIVER_NAME=iHD + # intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + # vaapiVdpau + # libvdpau-va-gl mesa - nvidia-vaapi-driver - nv-codec-headers-12 + # nvidia-vaapi-driver + # nv-codec-headers-12 ]; extraPackages32 = with pkgs.pkgsi686Linux; [ - intel-media-driver - intel-vaapi-driver - vaapiVdpau + # intel-media-driver + # intel-vaapi-driver + # vaapiVdpau mesa - libvdpau-va-gl + # libvdpau-va-gl ]; }; } diff --git a/nixos/security-services.nix b/nixos/security-services.nix index 6e5bf59..78bdfc6 100644 --- a/nixos/security-services.nix +++ b/nixos/security-services.nix @@ -17,7 +17,7 @@ security.sudo.enable = false; users.users.root.hashedPassword = "!"; security.tpm2 = { - enable = true; + enable = false; pkcs11.enable = true; tctiEnvironment.enable = true; }; @@ -32,7 +32,7 @@ security.pam.services = { login.enableAppArmor = true; - sshd.enableAppArmor = true; + # sshd.enableAppArmor = true; sudo-rs.enableAppArmor = true; su.enableAppArmor = true; greetd.enableAppArmor = true; @@ -40,52 +40,28 @@ }; services.dbus.apparmor = "enabled"; - services.fail2ban.enable = true; + # services.fail2ban.enable = true; # security.polkit.enable = true; - programs.browserpass.enable = true; - services.clamav = { - daemon.enable = true; - fangfrisch.enable = true; - fangfrisch.interval = "daily"; - updater.enable = true; - updater.interval = "daily"; #man systemd.time - updater.frequency = 12; - }; + # programs.browserpass.enable = true; + # services.clamav = { + # daemon.enable = true; + # fangfrisch.enable = true; + # fangfrisch.interval = "daily"; + # updater.enable = true; + # updater.interval = "daily"; #man systemd.time + # updater.frequency = 12; + # }; programs.firejail = { enable = true; wrappedBinaries = { - mpv = { - executable = "${lib.getBin pkgs.mpv}/bin/mpv"; - profile = "${pkgs.firejail}/etc/firejail/mpv.profile"; - }; - imv = { - executable = "${lib.getBin pkgs.imv}/bin/imv"; - profile = "${pkgs.firejail}/etc/firejail/imv.profile"; - }; - zathura = { - executable = "${lib.getBin pkgs.zathura}/bin/zathura"; - profile = "${pkgs.firejail}/etc/firejail/zathura.profile"; - }; - discord = { - executable = "${lib.getBin pkgs.discord}/bin/discord"; - profile = "${pkgs.firejail}/etc/firejail/discord.profile"; - }; - slack = { - executable = "${lib.getBin pkgs.slack}/bin/slack"; - profile = "${pkgs.firejail}/etc/firejail/slack.profile"; + vlc = { + executable = "${lib.getBin pkgs.vlc}/bin/vlc"; + profile = "${pkgs.firejail}/etc/firejail/vlc.profile"; }; telegram-desktop = { executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop"; profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile"; }; - brave = { - executable = "${lib.getBin pkgs.brave}/bin/brave"; - profile = "${pkgs.firejail}/etc/firejail/brave.profile"; - }; - qutebrowser = { - executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser"; - profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile"; - }; thunar = { executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar"; profile = "${pkgs.firejail}/etc/firejail/thunar.profile"; @@ -99,7 +75,7 @@ environment.systemPackages = with pkgs; [ vulnix #scan command: vulnix --system - clamav #scan command: sudo freshclam; clamscan [options] [file/directory/-] + # clamav #scan command: sudo freshclam; clamscan [options] [file/directory/-] chkrootkit #scan command: sudo chkrootkit # passphrase2pgp diff --git a/nixos/terminal-utils.nix b/nixos/terminal-utils.nix index 51f42ee..0b6a2d5 100644 --- a/nixos/terminal-utils.nix +++ b/nixos/terminal-utils.nix @@ -14,8 +14,6 @@ gitleaks git-secrets pass-git-helper - jujutsu - jjui just xh process-compose @@ -28,13 +26,11 @@ rewrk wrk2 procs - tealdeer # skim #fzf better alternative in rust monolith # taskwarrior3 asciinema asciinema-agg - aria # wormhole-william magic-wormhole-rs # macchina #neofetch alternative in rust @@ -44,12 +40,8 @@ duf ncdu du-dust - fd - jq - gh trash-cli zoxide - tokei fzf bat hexyl @@ -57,11 +49,6 @@ pandoc lsd lsof - gping - viu - tre-command - yazi - chafa cmatrix pipes-rs diff --git a/nixos/theme.nix b/nixos/theme.nix index ca2e646..7eb2eff 100644 --- a/nixos/theme.nix +++ b/nixos/theme.nix @@ -40,10 +40,6 @@ size = "standard"; variant = "macchiato"; }; - discord = pkgs.discord.override { - withOpenASAR = true; - withTTS = true; - }; }; environment.systemPackages = with pkgs; [ diff --git a/nixos/time.nix b/nixos/time.nix index b8a94f8..ee4b8de 100644 --- a/nixos/time.nix +++ b/nixos/time.nix @@ -3,5 +3,5 @@ { # Set your time zone. time.hardwareClockInLocalTime = true; - time.timeZone = "Europe/Kyiv"; + time.timeZone = "Asia/Tashkent"; } diff --git a/nixos/usb.nix b/nixos/usb.nix index d36174e..61cfc24 100644 --- a/nixos/usb.nix +++ b/nixos/usb.nix @@ -8,7 +8,7 @@ # Enable USB Guard services.usbguard = { - enable = true; + enable = false; dbus.enable = true; implicitPolicyTarget = "block"; # FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard` diff --git a/nixos/users.nix b/nixos/users.nix index b21951c..ae6fbd6 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -2,18 +2,14 @@ { # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.xnm = { + users.users.andy = { isNormalUser = true; - description = "xnm"; + description = "andy"; extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ]; shell = pkgs.fish; packages = with pkgs; [ - spotify - youtube-music - discord - tdesktop + telegram-desktop vscodium - brave ]; }; diff --git a/nixos/virtualisation.nix b/nixos/virtualisation.nix index 5cd1731..508e5f2 100644 --- a/nixos/virtualisation.nix +++ b/nixos/virtualisation.nix @@ -34,19 +34,19 @@ defaultNetwork.settings.dns_enabled = true; }; environment.variables.DBX_CONTAINER_MANAGER = "podman"; - users.extraGroups.podman.members = [ "xnm" ]; + users.extraGroups.podman.members = [ "andy" ]; environment.systemPackages = with pkgs; [ - nvidia-docker - nerdctl + # nvidia-docker + # nerdctl # firecracker # firectl # flintlock - distrobox - qemu - lima + # distrobox + # qemu + # lima podman-compose podman-tui