Initial nixos config edits

2025-07-12 18:23:09 +05:00
parent 74c6a29a13
commit 9469b546a5
21 changed files with 95 additions and 150 deletions
--- a/nixos/auto-upgrade.nix
+++ b/nixos/auto-upgrade.nix
@@ -6,7 +6,7 @@
  # or get really full system upgrade, use `topgrade` CLI utility manually instead.
  # I recommend running `topgrade` once a week or at least once a month)
  system.autoUpgrade = {
-    enable = true;
+    enable = false;
    operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
    flake = "/etc/nixos";
    flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
--- a/nixos/bluetooth.nix
+++ b/nixos/bluetooth.nix
@@ -2,7 +2,7 @@
 {
  # Enable Bluetooth
-  hardware.bluetooth.enable = true;
+  hardware.bluetooth.enable = false;
  hardware.bluetooth.powerOnBoot = false;
  environment.systemPackages = with pkgs; [
--- a/nixos/clamav-scanner.nix
+++ b/nixos/clamav-scanner.nix
@@ -2,7 +2,7 @@
 {
  services.clamav.scanner = {
-    enable = true;
+    enable = false;
    interval = "Sat *-*-* 04:00:00";
  };
 }
--- a/nixos/environment-variables.nix
+++ b/nixos/environment-variables.nix
@@ -2,7 +2,4 @@
 {
  # Setup Env Variables
  environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
  environment.variables.JDK_PATH = "${pkgs.jdk11}/";
  environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
 }
--- a/nixos/fingerprint-scanner.nix
+++ b/nixos/fingerprint-scanner.nix
@@ -3,8 +3,8 @@
 {
  # Enable fingerprint scanner
  services.fprintd = {
-    enable = true;
+    enable = false;
-    tod.enable = true;
+    tod.enable = false;
    tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
  };
 }
--- a/nixos/firewall.nix
+++ b/nixos/firewall.nix
@@ -2,7 +2,7 @@
 {
  # Open ports in the firewall.
-  networking.firewall.enable = true;
+  networking.firewall.enable = false;
  # networking.firewall.allowedTCPPorts = [ 3000 ];
  # networking.firewall.allowedUDPPorts = [ 3000 ];
  # Or disable the firewall altogether.
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@@ -1,11 +1,11 @@
 {
-  description = "XNM's NixOS Configuration";
+  description = "Andy's NixOS Configuration";
  inputs = {
      nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-      rust-overlay.url = "github:oxalica/rust-overlay";
+      # rust-overlay.url = "github:oxalica/rust-overlay";
-      wezterm.url = "github:wez/wezterm?dir=nix";
+      # wezterm.url = "github:wez/wezterm?dir=nix";
-      radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git";
+      # radicle-tui.url = "git+https://seed.radicle.xyz/z39mP9rQAaGmERfUMPULfPUi473tY.git";
  };
  outputs = { nixpkgs, ... } @ inputs:
@@ -15,12 +15,12 @@
      modules = [
        ./configuration.nix
        ./hardware-configuration.nix
-        ./nvidia.nix
+        # ./nvidia.nix
-        # ./disable-nvidia.nix
+        ./disable-nvidia.nix
        ./opengl.nix
        # ./fingerprint-scanner.nix
        # ./clamav-scanner.nix
-        ./yubikey.nix
+        # ./yubikey.nix
        ./sound.nix
        ./usb.nix
        ./keyboard.nix
@@ -43,27 +43,27 @@
        # ./printing.nix
        # ./gnome.nix
        ./hyprland.nix
-        ./environment-variables.nix
+        # ./environment-variables.nix
-        ./bluetooth.nix
+        # ./bluetooth.nix
        ./networking.nix
        # ./mac-randomize.nix
        # ./open-ssh.nix
-        ./mosh.nix
+        # ./mosh.nix
        ./firewall.nix
        ./dns.nix
-        ./vpn.nix
+        # ./vpn.nix
        ./users.nix
        ./virtualisation.nix
-        ./programming-languages.nix
+        # ./programming-languages.nix
-        ./lsp.nix
+        # ./lsp.nix
-        ./rust.nix
+        # ./rust.nix
-        ./radicle.nix
+        # ./radicle.nix
-        ./wasm.nix
+        # ./wasm.nix
        ./info-fetchers.nix
        ./utils.nix
        ./terminal-utils.nix
-        ./llm.nix
+        # ./llm.nix
-        ./work.nix
+        # ./work.nix
      ];
    };
  };
--- a/nixos/hyprland.nix
+++ b/nixos/hyprland.nix
@@ -7,7 +7,7 @@
    withUWSM = true;
  };
  environment.sessionVariables.NIXOS_OZONE_WL = "1";
-  environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
+  environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "0";
  programs.hyprlock.enable = true;
  services.hypridle.enable = true;
@@ -22,14 +22,15 @@
    inputs.wezterm.packages.${pkgs.system}.default
    kitty
-    cool-retro-term
+    # cool-retro-term
    starship
    helix
-    qutebrowser
+    # qutebrowser
-    zathura
+    # zathura
-    mpv
+    # mpv
    vlc
    imv
  ];
 }
--- a/nixos/info-fetchers.nix
+++ b/nixos/info-fetchers.nix
@@ -8,11 +8,11 @@
    cpufetch
    ramfetch
    starfetch
-    octofetch
+    # octofetch
    htop
    bottom
    btop
-    zfxtop
+    # zfxtop
    kmon
    # vulkan-tools
@@ -20,10 +20,10 @@
    # clinfo
    # vdpauinfo
    # libva-utils
-    nvtopPackages.nvidia
+    # nvtopPackages.nvidia
-    nvtopPackages.intel
+    # nvtopPackages.intel
    wlr-randr
-    gpu-viewer
+    # gpu-viewer
    dig
    speedtest-rs
  ];
--- a/nixos/internationalisation.nix
+++ b/nixos/internationalisation.nix
@@ -3,22 +3,21 @@
 {
  i18n.supportedLocales = [
    "en_US.UTF-8/UTF-8"
    "uk_UA.UTF-8/UTF-8"
    "ru_RU.UTF-8/UTF-8"
  ];
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
+    LC_ADDRESS = "ru_RU.UTF-8/UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_IDENTIFICATION = "ru_RU.UTF-8/UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MEASUREMENT = "ru_RU.UTF-8/UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
+    LC_MONETARY = "ru_RU.UTF-8/UTF-8";
    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
+    LC_NUMERIC = "ru_RU.UTF-8/UTF-8";
-    LC_PAPER = "en_US.UTF-8";
+    LC_PAPER = "ru_RU.UTF-8/UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TELEPHONE = "ru_RU.UTF-8/UTF-8";
-    LC_TIME = "en_US.UTF-8";
+    LC_TIME = "ru_RU.UTF-8/UTF-8";
  };
  environment.systemPackages = with pkgs; [
@@ -26,7 +25,6 @@
    hyphen
    hunspell
    hunspellDicts.en_US
    hunspellDicts.uk_UA
    hunspellDicts.ru_RU
  ];
 }
--- a/nixos/keyboard.nix
+++ b/nixos/keyboard.nix
@@ -2,16 +2,10 @@
 {
  services.xserver = {
-    xkb.layout = "us,ua,ru";
+    xkb.layout = "us,ru";
-    xkb.options = "grp:alt_shift_toggle";
+    xkb.options = "grp:win_space_toggle";
  };
  environment.systemPackages = with pkgs; [
    klavaro
    gtypist
    via
  ];
  # services.kanata = {
  #   enable = true;
  #   keyboards = {
--- a/nixos/networking.nix
+++ b/nixos/networking.nix
@@ -2,20 +2,20 @@
 {
  # Enable networking
-  networking.hostName = "isitreal-laptop"; # Define your hostname.
+  networking.hostName = "vendetti"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # networking.networkmanager.wifi.backend = "iwd";
  networking.wireless.iwd = {
-    enable = true;
+    enable = false;
    settings = {
      General = {
        EnableNetworkConfiguration = true;
      };
      Network = {
-        EnableIPv6 = true;
+        EnableIPv6 = false;
      };
      Scan = {
        DisablePeriodicScan = true;
@@ -27,8 +27,8 @@
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-  environment.systemPackages = with pkgs; [
+  # environment.systemPackages = with pkgs; [
-    iwgtk
+  #   iwgtk
-    impala
+  #   impala
-  ];
+  # ];
 }
--- a/nixos/open-ssh.nix
+++ b/nixos/open-ssh.nix
@@ -3,12 +3,12 @@
 {
  # Enable the OpenSSH daemon.
  services.openssh = {
-    enable = true;
+    enable = false;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
-      AllowUsers = [ "xnm" ];
+      AllowUsers = [ "andy" ];
    };
  };
 }
--- a/nixos/opengl.nix
+++ b/nixos/opengl.nix
@@ -2,30 +2,30 @@
 {
-  nixpkgs.config.packageOverrides = pkgs: {
+  # nixpkgs.config.packageOverrides = pkgs: {
-    intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+  #   intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
-  };
+  # };
  # Enable OpenGL
  hardware.graphics = {
    enable = true;
    enable32Bit = true;
    extraPackages = with pkgs; [
-      intel-compute-runtime
+      # intel-compute-runtime
-      intel-media-driver    # LIBVA_DRIVER_NAME=iHD
+      # intel-media-driver    # LIBVA_DRIVER_NAME=iHD
-      intel-vaapi-driver    # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      # intel-vaapi-driver    # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
-      vaapiVdpau
+      # vaapiVdpau
-      libvdpau-va-gl
+      # libvdpau-va-gl
      mesa
-      nvidia-vaapi-driver
+      # nvidia-vaapi-driver
-      nv-codec-headers-12
+      # nv-codec-headers-12
    ];
    extraPackages32 = with pkgs.pkgsi686Linux; [
-      intel-media-driver
+      # intel-media-driver
-      intel-vaapi-driver
+      # intel-vaapi-driver
-      vaapiVdpau
+      # vaapiVdpau
      mesa
-      libvdpau-va-gl
+      # libvdpau-va-gl
    ];
  };
 }
--- a/nixos/security-services.nix
+++ b/nixos/security-services.nix
@@ -17,7 +17,7 @@
  security.sudo.enable = false;
  users.users.root.hashedPassword = "!";
  security.tpm2 = {
-    enable = true;
+    enable = false;
    pkcs11.enable = true;
    tctiEnvironment.enable = true;
  };
@@ -32,7 +32,7 @@
  security.pam.services = {
    login.enableAppArmor = true;
-    sshd.enableAppArmor = true;
+    # sshd.enableAppArmor = true;
    sudo-rs.enableAppArmor = true;
    su.enableAppArmor = true;
    greetd.enableAppArmor = true;
@@ -40,52 +40,28 @@
  };
  services.dbus.apparmor = "enabled";
-  services.fail2ban.enable = true;
+  # services.fail2ban.enable = true;
  # security.polkit.enable = true;
-  programs.browserpass.enable = true;
+  # programs.browserpass.enable = true;
-  services.clamav = {
+  # services.clamav = {
-    daemon.enable = true;
+  #   daemon.enable = true;
-    fangfrisch.enable = true;
+  #   fangfrisch.enable = true;
-    fangfrisch.interval = "daily";
+  #   fangfrisch.interval = "daily";
-    updater.enable = true;
+  #   updater.enable = true;
-    updater.interval = "daily"; #man systemd.time
+  #   updater.interval = "daily"; #man systemd.time
-    updater.frequency = 12;
+  #   updater.frequency = 12;
-  };
+  # };
  programs.firejail = {
    enable = true;
    wrappedBinaries = { 
-      mpv = {
+      vlc = {
-        executable = "${lib.getBin pkgs.mpv}/bin/mpv";
+        executable = "${lib.getBin pkgs.vlc}/bin/vlc";
-        profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
+        profile = "${pkgs.firejail}/etc/firejail/vlc.profile";
      };
      imv = {
        executable = "${lib.getBin pkgs.imv}/bin/imv";
        profile = "${pkgs.firejail}/etc/firejail/imv.profile";
      };
      zathura = {
        executable = "${lib.getBin pkgs.zathura}/bin/zathura";
        profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
      };
      discord = {
        executable = "${lib.getBin pkgs.discord}/bin/discord";
        profile = "${pkgs.firejail}/etc/firejail/discord.profile";
      };
      slack = {
        executable = "${lib.getBin pkgs.slack}/bin/slack";
        profile = "${pkgs.firejail}/etc/firejail/slack.profile";
      };
      telegram-desktop = {
        executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
        profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
      };
      brave = {
        executable = "${lib.getBin pkgs.brave}/bin/brave";
        profile = "${pkgs.firejail}/etc/firejail/brave.profile";
      };
      qutebrowser = {
        executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser";
        profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile";
      };
      thunar = {
        executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar";
        profile = "${pkgs.firejail}/etc/firejail/thunar.profile";
@@ -99,7 +75,7 @@
  environment.systemPackages = with pkgs; [
    vulnix       #scan command: vulnix --system
-    clamav       #scan command: sudo freshclam; clamscan [options] [file/directory/-]
+    # clamav       #scan command: sudo freshclam; clamscan [options] [file/directory/-]
    chkrootkit   #scan command: sudo chkrootkit
    # passphrase2pgp
--- a/nixos/terminal-utils.nix
+++ b/nixos/terminal-utils.nix
@@ -14,8 +14,6 @@
    gitleaks
    git-secrets
    pass-git-helper
    jujutsu
    jjui
    just
    xh
    process-compose
@@ -28,13 +26,11 @@
    rewrk
    wrk2
    procs
    tealdeer
    # skim #fzf better alternative in rust
    monolith
    # taskwarrior3
    asciinema
    asciinema-agg
    aria
    # wormhole-william
    magic-wormhole-rs
    # macchina #neofetch alternative in rust
@@ -44,12 +40,8 @@
    duf
    ncdu
    du-dust
    fd
    jq
    gh
    trash-cli
    zoxide
    tokei
    fzf
    bat
    hexyl
@@ -57,11 +49,6 @@
    pandoc
    lsd
    lsof
    gping
    viu
    tre-command
    yazi
    chafa
    cmatrix
    pipes-rs
--- a/nixos/theme.nix
+++ b/nixos/theme.nix
@@ -40,10 +40,6 @@
      size = "standard";
      variant = "macchiato";
    };
    discord = pkgs.discord.override {
      withOpenASAR = true;
      withTTS = true;
    };
  };
  environment.systemPackages = with pkgs; [
--- a/nixos/time.nix
+++ b/nixos/time.nix
@@ -3,5 +3,5 @@
 {
  # Set your time zone.
  time.hardwareClockInLocalTime = true;
-  time.timeZone = "Europe/Kyiv";
+  time.timeZone = "Asia/Tashkent";
 }
--- a/nixos/usb.nix
+++ b/nixos/usb.nix
@@ -8,7 +8,7 @@
  # Enable USB Guard
  services.usbguard = {
-    enable = true;
+    enable = false;
    dbus.enable = true;
    implicitPolicyTarget = "block";
    # FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard`
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -2,18 +2,14 @@
 {
  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.xnm = {
+  users.users.andy = {
    isNormalUser = true;
-    description = "xnm";
+    description = "andy";
    extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
    shell = pkgs.fish;
    packages = with pkgs; [
-      spotify
+      telegram-desktop
      youtube-music
      discord
      tdesktop
      vscodium
      brave
    ];
  };
--- a/nixos/virtualisation.nix
+++ b/nixos/virtualisation.nix
@@ -34,19 +34,19 @@
    defaultNetwork.settings.dns_enabled = true;
  };
  environment.variables.DBX_CONTAINER_MANAGER = "podman";
-  users.extraGroups.podman.members = [ "xnm" ];
+  users.extraGroups.podman.members = [ "andy" ];
  environment.systemPackages = with pkgs; [
-    nvidia-docker
+    # nvidia-docker
-    nerdctl
+    # nerdctl
    # firecracker
    # firectl
    # flintlock
-    distrobox
+    # distrobox
-    qemu
+    # qemu
-    lima
+    # lima
    podman-compose
    podman-tui