andy/linux-nixos-hyprland-config-dotfiles
Template
1
0
Fork 0
mirror of https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles.git synced 2025-09-15 09:45:58 +03:00
Code Activity

refactored nixos directory & updated README

Browse Source
This commit is contained in:
xnm
2023-12-10 21:35:37 +02:00
parent 2fee05a094
commit 03fdb7e1bf
44 changed files with 964 additions and 722 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/auto-upgrade.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
# Scheduled auto upgrade system (this is only for system upgrades,
# if you want to upgrade cargo\npm\pip global packages, docker containers or different part of the system
# or get really full system upgrade, use `topgrade` CLI utility manually instead.
# I recommend running `topgrade` once a week or at least once a month)
system.autoUpgrade = {
enable = true;
operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
flake = "/etc/nixos";
flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
dates = "daily";
# channel = "https://nixos.org/channels/nixos-unstable";
};
}

8
nixos/bluetooth.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
services.blueman.enable = true;
}

17
nixos/bootloader.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.timeout = 2;
boot.initrd.enable = true;
boot.initrd.systemd.enable = true;
boot.plymouth = {
enable = true;
font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
themePackages = [ pkgs.catppuccin-plymouth ];
theme = "catppuccin-macchiato";
};
}

704
nixos/configuration.nix
View File

@@ -2,708 +2,9 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, pkgs, lib, ... }:
{ ... }:
{
imports =
[
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.timeout = 2;
boot.initrd.enable = true;
boot.initrd.systemd.enable = true;
boot.plymouth = {
enable = true;
font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
themePackages = [ pkgs.catppuccin-plymouth ];
theme = "catppuccin-macchiato";
};
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# FIXME: Enable swap on luks
zramSwap.enable = true;
# Enable Display Manager
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a %h | %F' --cmd Hyprland";
user = "greeter";
};
};
};
# # Enable Hyprland
programs.hyprland.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
# Enable Gnome
# services.xserver.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Gnome Exclude Packages
# environment.gnome.excludePackages = (with pkgs; [
# gnome-tour
# ]) ++ (with pkgs.gnome; [
# gnome-terminal
# gedit # text editor
# epiphany # web browser
# geary # email reader
# tali # poker game
# iagno # go game
# hitori # sudoku game
# atomix # puzzle game
# ]);
# Enable fingerprint scanner
# services.fprintd = {
# enable = true;
# tod.enable = true;
# tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
# };
# Enable Theme
environment.variables.GTK_THEME = "Catppuccin-Macchiato-Standard-Teal-Dark";
environment.variables.XCURSOR_THEME = "Catppuccin-Macchiato-Teal";
environment.variables.XCURSOR_SIZE = "24";
console = {
earlySetup = true;
colors = [
"24273a"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"cad3f5"
"5b6078"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"a5adcb"
];
};
# Setup Env Variables
environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
environment.variables.JDK_PATH = "${pkgs.jdk11}/";
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
environment.variables.CI = "1";
# environment.variables.CLIPBOARD_EDITOR = "hx";
environment.variables.CLIPBOARD_NOAUDIO = "1";
# environment.variables.CLIPBOARD_NOGUI = "1";
# environment.variables.CLIPBOARD_NOPROGRESS = "1";
# environment.variables.CLIPBOARD_NOREMOTE = "1";
environment.variables.CLIPBOARD_SILENT = "1";
# Nix Configuration
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
# Optimize storage and automatic scheduled GC running
# If you want to run GC manually, use commands:
# `nix-store --optimize` for finding and eliminating redundant copies of identical store paths
# `nix-store --gc` for optimizing the nix store and removing unreferenced and obsolete store paths
# `nix-collect-garbage -d` for deleting old generations of user profiles
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# Change runtime directory size
services.logind.extraConfig = "RuntimeDirectorySize=8G";
# Scheduled auto upgrade system (this is only for system upgrades,
# if you want to upgrade cargo\npm\pip global packages, docker containers or different part of the system
# or get really full system upgrade, use `topgrade` CLI utility manually instead.
# I recommend to use `topgrade` once a week or at least once a month)
system.autoUpgrade = {
enable = true;
operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
flake = "/etc/nixos";
flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
dates = "daily";
# channel = "https://nixos.org/channels/nixos-unstable";
};
# Linux Kernel
boot.kernelPackages = pkgs.linuxKernel.packages.linux_lqx;
boot.kernelParams = [
"quiet"
"fbcon=nodefer"
"vt.global_cursor_default=0"
"kernel.modules_disabled=1"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
"usbcore.autosuspend=-1"
"video4linux"
"acpi_rev_override=5"
"security=selinux"
];
# boot.kernelPatches = [ {
# name = "selinux-config";
# patch = null;
# extraConfig = ''
# SECURITY_SELINUX y
# SECURITY_SELINUX_BOOTPARAM n
# SECURITY_SELINUX_DEVELOP y
# SECURITY_SELINUX_AVC_STATS y
# DEFAULT_SECURITY_SELINUX n
# '';
# } ];
# Enable networking
networking.networkmanager = {
enable = true;
dns = "none";
};
networking.hostName = "isitreal-laptop"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
services.blueman.enable = true;
# Set your time zone.
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Kyiv";
# Select internationalisation properties.
services.xserver = {
layout = "us,ua,ru";
xkbOptions = "grp:alt_shift_toggle";
};
i18n.supportedLocales = [
"en_US.UTF-8/UTF-8"
"uk_UA.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Fonts
fonts.packages = with pkgs; [
jetbrains-mono
nerd-font-patcher
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [ 3000 ];
# networking.firewall.allowedUDPPorts = [ 3000 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable Encrypted Proxy DNS
networking = {
nameservers = [ "127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = [ "cloudflare" "cloudflare-ipv6" "cloudflare-security" "cloudflare-security-ipv6" "adguard-dns-doh" "mullvad-adblock-doh" "mullvad-doh" "nextdns" "nextdns-ipv6" "quad9-dnscrypt-ipv4-filter-pri" "google" "google-ipv6" "ibksturm" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
# Enable Mullvad VPN
# services.mullvad-vpn.enable = true;
# services.mullvad-vpn.package = pkgs.mullvad; # `pkgs.mullvad` only provides the CLI tool, use `pkgs.mullvad-vpn` instead if you want to use the CLI and the GUI.
# Enable MAC Randomize
# systemd.services.macchanger = {
# enable = true;
# description = "Change MAC address";
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart = "${pkgs.macchanger}/bin/macchanger -r wlp0s20f3";
# ExecStop = "${pkgs.macchanger}/bin/macchanger -p wlp0s20f3";
# RemainAfterExit = true;
# };
# };
# Enable security services
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
security.apparmor = {
enable = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
};
services.fail2ban.enable = true;
# security.polkit.enable = true;
services.usbguard = {
enable = true;
dbus.enable = true;
implicitPolicyTarget = "block";
# FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs
rules = ''
allow id {id} # device 1
allow id {id} # device 2
'';
};
services.clamav = {
daemon.enable = true;
updater.enable = true;
updater.interval = "daily"; #man systemd.time
updater.frequency = 12;
};
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
};
};
};
# Systemd services setup
systemd.package = pkgs.systemd.override { withSelinux = true; };
systemd.packages = with pkgs; [
auto-cpufreq
];
# Enable services
services.geoclue2 = {
enable = true;
appConfig = {
"gammastep" = {
isAllowed = true;
isSystem = false;
users = [ "1000" ]; # FIXME: set your user id (to get user id use command 'id -u "your_user_name"')
};
};
};
# services.avahi = {
# enable = true;
# nssmdns = true;
# };
programs.browserpass.enable = true;
programs.direnv.enable = true;
services.upower.enable = true;
programs.fish.enable = true;
programs.dconf.enable = true;
services.dbus.enable = true;
services.dbus.packages = with pkgs; [
xfce.xfconf
gnome2.GConf
];
programs.light.enable = true;
services.mpd.enable = true;
programs.thunar.enable = true;
services.tumbler.enable = true;
services.fwupd.enable = true;
services.auto-cpufreq.enable = true;
security.pam.services.swaylock = {};
# services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
# USB Automounting
services.gvfs.enable = true;
# services.udisks2.enable = true;
# services.devmon.enable = true;
# Wayland compatibility with X
# xdg.portal = {
# enable = true;
# wlr.enable = true;
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
### Enable container manager
# Enable Containerd
# virtualisation.containerd.enable = true;
# Enable Docker
# virtualisation.docker.enable = true;
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# users.extraGroups.docker.members = [ "xnm" ];
# Enable Podman
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.xnm = {
isNormalUser = true;
description = "xnm";
extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
shell = pkgs.fish;
packages = with pkgs; [
spotify
youtube-music
discord
tdesktop
vscode
brave
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Apply the overlay to the package set
nixpkgs.overlays = [
inputs.rust-overlay.overlays.default
];
# Override packages
nixpkgs.config.packageOverrides = pkgs: {
colloid-icon-theme = pkgs.colloid-icon-theme.override { colorVariants = ["teal"]; };
catppuccin-gtk = pkgs.catppuccin-gtk.override {
accents = [ "teal" ]; # You can specify multiple accents here to output multiple themes
size = "standard";
variant = "macchiato";
};
discord = pkgs.discord.override {
withOpenASAR = true;
withTTS = true;
};
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
policycoreutils
mold
gcc13
jdk11
go
gopls
delve
(python311Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip]))
nodePackages_latest.nodejs
bun
lua
zig
numbat
python311Packages.python-lsp-server
nodePackages_latest.nodemon
nodePackages_latest.typescript
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
nodePackages_latest.yaml-language-server
nodePackages_latest.dockerfile-language-server-nodejs
sumneko-lua-language-server
marksman
nil
zls
(rust-bin.fromRustupToolchainFile ./rust-toolchain.toml)
evcxr #rust repl
taplo #toml formatter & lsp
cargo-watch
cargo-deny
cargo-audit
cargo-update
cargo-edit
cargo-outdated
cargo-license
cargo-tarpaulin
cargo-cross
cargo-zigbuild
cargo-nextest
cargo-spellcheck
cargo-modules
cargo-bloat
cargo-unused-features
bacon
lldb_16
upx
wasmedge
wasmer
lunatic
wasmi
# wasm3
# mullvad-closest
license-generator
git-ignore
just
xh
tgpt
wezterm
cool-retro-term
# mcfly # terminal history
starship
zellij
helix
git
progress
noti
topgrade
ripgrep
rewrk
wrk2
procs
tealdeer
# skim #fzf better alternative in rust
monolith
aria
# macchina #neofetch alternative in rust
sd
ouch
duf
du-dust
fd
jq
gh
trash-cli
zoxide
tokei
fzf
bat
mdcat
pandoc
lsd
gping
viu
tre-command
felix-fm
chafa
# nerdctl
# firecracker
# firectl
# flintlock
distrobox
qemu
podman-compose
podman-tui
lazydocker
lazygit
neofetch
onefetch
ipfetch
cpufetch
starfetch
octofetch
htop
bottom
btop
kmon
cmatrix
pipes-rs
rsclock
cava
figlet
qutebrowser
zathura
mpv
imv
numix-icon-theme-circle
colloid-icon-theme
catppuccin-gtk
catppuccin-kvantum
catppuccin-cursors.macchiatoTeal
at-spi2-atk
pamixer
pavucontrol
qt6.qtwayland
psi-notify
poweralertd
# wlsunset
gammastep
greetd.tuigreet
swaylock-effects
swayidle
brightnessctl
playerctl
psmisc
grim
slurp
imagemagick
swappy
ffmpeg_6-full
# wl-screenrec
wf-recorder
wl-clipboard
cliphist
clipboard-jh
xdg-utils
wtype
wlrctl
hyprpicker
pyprland
waybar
rofi-wayland
dunst
avizo
wlogout
wpaperd
# swww
gifsicle
nuspell
hyphen
hunspell
hunspellDicts.en_US
hunspellDicts.uk_UA
hunspellDicts.ru_RU
vulnix #scan command: vulnix --system
clamav #scan command: sudo freshcalm; clamscan [options] [file/directory/-]
chkrootkit #scan command: sudo chkrootkit
# passphrase2pgp
pass-wayland
pass2csv
passExtensions.pass-tomb
passExtensions.pass-update
passExtensions.pass-otp
passExtensions.pass-import
passExtensions.pass-audit
tomb
docker-credential-helpers
pass-git-helper
# vulkan-tools
# opencl-info
# clinfo
# vdpauinfo
# libva-utils
# nvtop
usbutils
dig
speedtest-rs
# gnome.gnome-tweaks
# gnome.gnome-shell
# xsettingsd
# gnome.gnome-shell-extensions
# themechanger
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
@@ -711,6 +12,7 @@
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
# FIXME: change it to version from your current, fresh and auto-generated after first installation `configuration.nix` config file
system.stateVersion = "your_version_here"; # Did you read the comment?
}

18
nixos/display-manager.nix Normal file
View File

@@ -0,0 +1,18 @@
{ pkgs, ... }:
{
# Enable Display Manager
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a %h | %F' --cmd Hyprland";
user = "greeter";
};
};
};
environment.systemPackages = with pkgs; [
greetd.tuigreet
];
}

36
nixos/dns.nix Normal file
View File

@@ -0,0 +1,36 @@
{ ... }:
{
# Enable Encrypted DNS
networking = {
nameservers = [ "127.0.0.1" "::1" ];
# If using dhcpcd:
dhcpcd.extraConfig = "nohook resolv.conf";
# If using NetworkManager:
networkmanager.dns = "none";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = [ "cloudflare" "cloudflare-ipv6" "cloudflare-security" "cloudflare-security-ipv6" "adguard-dns-doh" "mullvad-adblock-doh" "mullvad-doh" "nextdns" "nextdns-ipv6" "quad9-dnscrypt-ipv4-filter-pri" "google" "google-ipv6" "ibksturm" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}

16
nixos/environment-variables.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }:
{
# Setup Env Variables
environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
environment.variables.JDK_PATH = "${pkgs.jdk11}/";
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
environment.variables.CI = "1";
# environment.variables.CLIPBOARD_EDITOR = "hx";
environment.variables.CLIPBOARD_NOAUDIO = "1";
# environment.variables.CLIPBOARD_NOGUI = "1";
# environment.variables.CLIPBOARD_NOPROGRESS = "1";
# environment.variables.CLIPBOARD_NOREMOTE = "1";
environment.variables.CLIPBOARD_SILENT = "1";
}

10
nixos/fingerprint-scanner.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
# Enable fingerprint scanner
services.fprintd = {
enable = true;
tod.enable = true;
tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
};
}

10
nixos/firewall.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
# Open ports in the firewall.
networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [ 3000 ];
# networking.firewall.allowedUDPPorts = [ 3000 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

12
nixos/flake.lock generated
View File

@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github"
},
"original": {
@@ -62,11 +62,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1699495996,
"narHash": "sha256-m0LWmnEJhHTY4gJX9HPsQ8voZptvr1Sx6dXkk9Xp0sI=",
"lastModified": 1702001829,
"narHash": "sha256-6gEVidNVqzTb06zIy2Gxhz9m6/jXyAgViRxfgEpZkQ8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "603e4962d7d2225ba2caf66b0eabfcaa9a93c490",
"rev": "c2a1dd067a928624c1aab36f976758c0722c79bd",
"type": "github"
},
"original": {

39
nixos/flake.nix
View File

@@ -12,6 +12,45 @@
specialArgs = { inherit inputs; };
modules = [
./configuration.nix
./hardware-configuration.nix
# ./fingerprint-scanner.nix
./sound.nix
./usb.nix
./time.nix
./swap.nix
./bootloader.nix
./nix-settings.nix
./nixpkgs.nix
./gc.nix
./auto-upgrade.nix
./linux-kernel.nix
./screen.nix
./display-manager.nix
./theme.nix
./internationalisation.nix
./fonts.nix
./security-services.nix
./services.nix
# ./printing.nix
# ./gnome.nix
./hyprland.nix
./environment-variables.nix
./bluetooth.nix
./networking.nix
# ./mac-randomize.nix
# ./open-ssh.nix
./firewall.nix
./dns.nix
# ./vpn.nix
./users.nix
./virtualisation.nix
./programming-languages.nix
./lsp.nix
./rust.nix
./wasm.nix
./info-fetchers.nix
./utils.nix
./terminal-utils.nix
];
};
};

9
nixos/fonts.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }:
{
# Fonts
fonts.packages = with pkgs; [
jetbrains-mono
nerd-font-patcher
];
}

16
nixos/gc.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
# Optimize storage and automatic scheduled GC running
# If you want to run GC manually, use commands:
# `nix-store --optimize` for finding and eliminating redundant copies of identical store paths
# `nix-store --gc` for optimizing the nix store and removing unreferenced and obsolete store paths
# `nix-collect-garbage -d` for deleting old generations of user profiles
nix.settings.auto-optimise-store = true;
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
}

22
nixos/gnome.nix Normal file
View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
# Enable Gnome
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Gnome Exclude Packages
# environment.gnome.excludePackages = (with pkgs; [
# gnome-tour
# ]) ++ (with pkgs.gnome; [
# gnome-terminal
# gedit # text editor
# epiphany # web browser
# geary # email reader
# tali # poker game
# iagno # go game
# hitori # sudoku game
# atomix # puzzle game
# ]);
}

4
nixos/hardware-configuration.nix
View File

@@ -10,12 +10,12 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.blacklistedKernelModules = [ "nouveau" "nvidia" ];
boot.blacklistedKernelModules = [ "nouveau" "nvidia" ]; # Disable NVIDIA video cards
boot.kernelParams = [ "i915.enable_guc=2" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# FIXME: setup file systems, swap devices, luks and so on
# FIXME: Use your auto-generated `hardware-configuration.nix` instead of this file, you can tweak your `hardware-configuration.nix` using snippets from this file
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

21
nixos/hyprland.nix Normal file
View File

@@ -0,0 +1,21 @@
{ pkgs, ... }:
{
# Enable Hyprland
programs.hyprland.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
environment.systemPackages = with pkgs; [
wezterm
cool-retro-term
starship
helix
qutebrowser
zathura
mpv
imv
];
}

25
nixos/info-fetchers.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
neofetch
onefetch
ipfetch
cpufetch
starfetch
octofetch
htop
bottom
btop
kmon
# vulkan-tools
# opencl-info
# clinfo
# vdpauinfo
# libva-utils
# nvtop
dig
speedtest-rs
];
}

38
nixos/internationalisation.nix Normal file
View File

@@ -0,0 +1,38 @@
{ pkgs, ... }:
{
# Select internationalisation properties.
services.xserver = {
layout = "us,ua,ru";
xkbOptions = "grp:alt_shift_toggle";
};
i18n.supportedLocales = [
"en_US.UTF-8/UTF-8"
"uk_UA.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
nuspell
hyphen
hunspell
hunspellDicts.en_US
hunspellDicts.uk_UA
hunspellDicts.ru_RU
];
}

34
nixos/linux-kernel.nix Normal file
View File

@@ -0,0 +1,34 @@
{ pkgs, ... }:
{
# Linux Kernel
boot.kernelPackages = pkgs.linuxKernel.packages.linux_lqx;
boot.kernelParams = [
"quiet"
"fbcon=nodefer"
"vt.global_cursor_default=0"
"kernel.modules_disabled=1"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
"usbcore.autosuspend=-1"
"video4linux"
"acpi_rev_override=5"
"security=selinux"
];
# boot.kernelPatches = [ {
# name = "selinux-config";
# patch = null;
# extraConfig = ''
# SECURITY_SELINUX y
# SECURITY_SELINUX_BOOTPARAM n
# SECURITY_SELINUX_DEVELOP y
# SECURITY_SELINUX_AVC_STATS y
# DEFAULT_SECURITY_SELINUX n
# '';
# } ];
systemd.package = pkgs.systemd.override { withSelinux = true; };
environment.systemPackages = with pkgs; [
policycoreutils
];
}

19
nixos/lsp.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
python311Packages.python-lsp-server
nodePackages_latest.nodemon
nodePackages_latest.typescript
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
nodePackages_latest.yaml-language-server
nodePackages_latest.dockerfile-language-server-nodejs
sumneko-lua-language-server
marksman
nil
zls
gopls
delve
];
}

23
nixos/mac-randomize.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, ... }:
{
# When connecting to untrusted networks, such as public Wi-Fi use a random MAC address to prevent tracking and unauthorized access to your device.
# But my recommendation is to avoid untrusted networks whenever possible, opting for trusted home or mobile hotspot connections.
# Also, you can enhance your privacy and security by:
# - Employing a VPN (Virtual Private Network) to encrypt internet traffic.
# - Utilizing Encrypted DNS, with DNS over HTTPS (DoH) to encrypt communication with the DNS server and mask DNS traffic under HTTPS.
# Enable MAC Randomize
systemd.services.macchanger = {
enable = true;
description = "Change MAC address";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.macchanger}/bin/macchanger -r wlp0s20f3";
ExecStop = "${pkgs.macchanger}/bin/macchanger -p wlp0s20f3";
RemainAfterExit = true;
};
};
}

13
nixos/networking.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
# Enable networking
networking.hostName = "isitreal-laptop"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
}

8
nixos/nix-settings.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
# Nix Configuration
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
};
}

13
nixos/nixpkgs.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Override packages
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
}

6
nixos/open-ssh.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
# Enable the OpenSSH daemon.
services.openssh.enable = true;
}

10
nixos/printing.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
# Enable CUPS to print documents.
services.printing.enable = true;
# services.avahi = {
# enable = true;
# nssmdns = true;
# };
}

13
nixos/programming-languages.nix Normal file
View File

@@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
go
(python311Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip]))
nodePackages_latest.nodejs
bun
lua
zig
numbat
];
}

31
nixos/rust.nix Normal file
View File

@@ -0,0 +1,31 @@
{ inputs, pkgs, ... }:
{
# Apply the overlay to the package set
nixpkgs.overlays = [
inputs.rust-overlay.overlays.default
];
environment.systemPackages = with pkgs; [
(rust-bin.fromRustupToolchainFile ./rust-toolchain.toml)
evcxr #rust repl
taplo #toml formatter & lsp
cargo-watch
cargo-deny
cargo-audit
cargo-update
cargo-edit
cargo-outdated
cargo-license
cargo-tarpaulin
cargo-cross
cargo-zigbuild
cargo-nextest
cargo-spellcheck
cargo-modules
cargo-bloat
cargo-unused-features
bacon
lldb_16
];
}

19
nixos/screen.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }:
{
services.geoclue2.appConfig = {
"gammastep" = {
isAllowed = true;
isSystem = false;
users = [ "1000" ]; # FIXME: set your user id (to get user id use command 'id -u "your_user_name"')
};
};
programs.light.enable = true;
environment.systemPackages = with pkgs; [
# wlsunset
gammastep
brightnessctl
];
}

72
nixos/security-services.nix Normal file
View File

@@ -0,0 +1,72 @@
{ pkgs, lib, ... }:
{
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable Security Services
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
security.apparmor = {
enable = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
};
services.fail2ban.enable = true;
security.pam.services.swaylock = {};
# security.polkit.enable = true;
programs.browserpass.enable = true;
services.clamav = {
daemon.enable = true;
updater.enable = true;
updater.interval = "daily"; #man systemd.time
updater.frequency = 12;
};
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
};
};
};
environment.systemPackages = with pkgs; [
vulnix #scan command: vulnix --system
clamav #scan command: sudo freshcalm; clamscan [options] [file/directory/-]
chkrootkit #scan command: sudo chkrootkit
# passphrase2pgp
pass-wayland
pass2csv
passExtensions.pass-tomb
passExtensions.pass-update
passExtensions.pass-otp
passExtensions.pass-import
passExtensions.pass-audit
tomb
];
}

60
nixos/services.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, ... }:
{
# Systemd services setup
systemd.packages = with pkgs; [
auto-cpufreq
];
# Enable Services
services.geoclue2.enable = true;
programs.direnv.enable = true;
services.upower.enable = true;
programs.fish.enable = true;
programs.dconf.enable = true;
services.dbus.enable = true;
services.dbus.packages = with pkgs; [
xfce.xfconf
gnome2.GConf
];
services.mpd.enable = true;
programs.thunar.enable = true;
services.tumbler.enable = true;
services.fwupd.enable = true;
services.auto-cpufreq.enable = true;
# services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
environment.systemPackages = with pkgs; [
at-spi2-atk
qt6.qtwayland
psi-notify
poweralertd
swaylock-effects
swayidle
playerctl
psmisc
grim
slurp
imagemagick
swappy
ffmpeg_6-full
# wl-screenrec
wf-recorder
wl-clipboard
cliphist
clipboard-jh
xdg-utils
wtype
wlrctl
hyprpicker
pyprland
waybar
rofi-wayland
dunst
avizo
wlogout
wpaperd
# swww
gifsicle
];
}

26
nixos/sound.nix Normal file
View File

@@ -0,0 +1,26 @@
{ pkgs, ... }:
{
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
environment.systemPackages = with pkgs; [
pamixer
pavucontrol
];
}

5
nixos/swap.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
zramSwap.enable = true;
}

55
nixos/terminal-utils.nix Normal file
View File

@@ -0,0 +1,55 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
upx
git
lazygit
license-generator
git-ignore
pass-git-helper
just
xh
tgpt
# mcfly # terminal history
zellij
progress
noti
topgrade
ripgrep
rewrk
wrk2
procs
tealdeer
# skim #fzf better alternative in rust
monolith
aria
# macchina #neofetch alternative in rust
sd
ouch
duf
du-dust
fd
jq
gh
trash-cli
zoxide
tokei
fzf
bat
mdcat
pandoc
lsd
gping
viu
tre-command
felix-fm
chafa
cmatrix
pipes-rs
rsclock
cava
figlet
];
}

57
nixos/theme.nix Normal file
View File

@@ -0,0 +1,57 @@
{ pkgs, ... }:
{
# Enable Theme
environment.variables.GTK_THEME = "Catppuccin-Macchiato-Standard-Teal-Dark";
environment.variables.XCURSOR_THEME = "Catppuccin-Macchiato-Teal";
environment.variables.XCURSOR_SIZE = "24";
console = {
earlySetup = true;
colors = [
"24273a"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"cad3f5"
"5b6078"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"a5adcb"
];
};
# Override packages
nixpkgs.config.packageOverrides = pkgs: {
colloid-icon-theme = pkgs.colloid-icon-theme.override { colorVariants = ["teal"]; };
catppuccin-gtk = pkgs.catppuccin-gtk.override {
accents = [ "teal" ]; # You can specify multiple accents here to output multiple themes
size = "standard";
variant = "macchiato";
};
discord = pkgs.discord.override {
withOpenASAR = true;
withTTS = true;
};
};
environment.systemPackages = with pkgs; [
numix-icon-theme-circle
colloid-icon-theme
catppuccin-gtk
catppuccin-kvantum
catppuccin-cursors.macchiatoTeal
# gnome.gnome-tweaks
# gnome.gnome-shell
# xsettingsd
# gnome.gnome-shell-extensions
# themechanger
];
}

7
nixos/time.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
# Set your time zone.
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Kyiv";
}

25
nixos/usb.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, ... }:
{
# USB Automounting
services.gvfs.enable = true;
# services.udisks2.enable = true;
# services.devmon.enable = true;
# Enable USB Guard
services.usbguard = {
enable = true;
dbus.enable = true;
implicitPolicyTarget = "block";
# FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard`
rules = ''
allow id {id} # device 1
allow id {id} # device 2
'';
};
# Enable USB-specific packages
environment.systemPackages = with pkgs; [
usbutils
];
}

22
nixos/users.nix Normal file
View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.xnm = {
isNormalUser = true;
description = "xnm";
extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
shell = pkgs.fish;
packages = with pkgs; [
spotify
youtube-music
discord
tdesktop
vscode
brave
];
};
# Change runtime directory size
services.logind.extraConfig = "RuntimeDirectorySize=8G";
}

9
nixos/utils.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mold
gcc13
jdk11
];
}

44
nixos/virtualisation.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, ... }:
{
# Enable Containerd
# virtualisation.containerd.enable = true;
# Enable Docker
# virtualisation.docker.enable = true;
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# users.extraGroups.docker.members = [ "xnm" ];
# Enable Podman
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
# nerdctl
# firecracker
# firectl
# flintlock
distrobox
qemu
podman-compose
podman-tui
# lazydocker
# docker-credential-helpers
];
}

11
nixos/vpn.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
# Enable Mullvad VPN
services.mullvad-vpn.enable = true;
services.mullvad-vpn.package = pkgs.mullvad; # `pkgs.mullvad` only provides the CLI tool, use `pkgs.mullvad-vpn` instead if you want to use the CLI and the GUI.
environment.systemPackages = with pkgs; [
mullvad-closest
];
}

11
nixos/wasm.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
wasmedge
wasmer
lunatic
wasmi
# wasm3
];
}