andy/linux-nixos-hyprland-config-dotfiles
Template
1
0
Fork 0
mirror of https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles.git synced 2025-09-15 09:45:58 +03:00
Code Activity
Files
2fee05a0943c3da4aa2fa2292b6eb2f8fa16518b
linux-nixos-hyprland-config…/nixos/configuration.nix
xnm 7962a878aa return to stable 
checklog:
1. change `mainline` kernel to `liquorix` kernel
2. change `hyprland` from 'flake\dev' version to 'stable' version
3. update cargo packages
2023-12-02 20:34:01 +02:00

717 lines
18 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit trueconfiguration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, pkgs, lib, ... }:
{
imports =
[
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.timeout = 2;
boot.initrd.enable = true;
boot.initrd.systemd.enable = true;
boot.plymouth = {
enable = true;
font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
themePackages = [ pkgs.catppuccin-plymouth ];
theme = "catppuccin-macchiato";
};
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# FIXME: Enable swap on luks
zramSwap.enable = true;
# Enable Display Manager
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --time-format '%I:%M %p | %a %h | %F' --cmd Hyprland";
user = "greeter";
};
};
};
# # Enable Hyprland
programs.hyprland.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.WLR_NO_HARDWARE_CURSORS = "1";
# Enable Gnome
# services.xserver.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Gnome Exclude Packages
# environment.gnome.excludePackages = (with pkgs; [
# gnome-tour
# ]) ++ (with pkgs.gnome; [
# gnome-terminal
# gedit # text editor
# epiphany # web browser
# geary # email reader
# tali # poker game
# iagno # go game
# hitori # sudoku game
# atomix # puzzle game
# ]);
# Enable fingerprint scanner
# services.fprintd = {
# enable = true;
# tod.enable = true;
# tod.driver = pkgs.libfprint-2-tod1-goodix-550a;
# };
# Enable Theme
environment.variables.GTK_THEME = "Catppuccin-Macchiato-Standard-Teal-Dark";
environment.variables.XCURSOR_THEME = "Catppuccin-Macchiato-Teal";
environment.variables.XCURSOR_SIZE = "24";
console = {
earlySetup = true;
colors = [
"24273a"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"cad3f5"
"5b6078"
"ed8796"
"a6da95"
"eed49f"
"8aadf4"
"f5bde6"
"8bd5ca"
"a5adcb"
];
};
# Setup Env Variables
environment.variables.SPOTIFY_PATH = "${pkgs.spotify}/";
environment.variables.JDK_PATH = "${pkgs.jdk11}/";
environment.variables.NODEJS_PATH = "${pkgs.nodePackages_latest.nodejs}/";
environment.variables.CI = "1";
# environment.variables.CLIPBOARD_EDITOR = "hx";
environment.variables.CLIPBOARD_NOAUDIO = "1";
# environment.variables.CLIPBOARD_NOGUI = "1";
# environment.variables.CLIPBOARD_NOPROGRESS = "1";
# environment.variables.CLIPBOARD_NOREMOTE = "1";
environment.variables.CLIPBOARD_SILENT = "1";
# Nix Configuration
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
# Optimize storage and automatic scheduled GC running
# If you want to run GC manually, use commands:
# `nix-store --optimize` for finding and eliminating redundant copies of identical store paths
# `nix-store --gc` for optimizing the nix store and removing unreferenced and obsolete store paths
# `nix-collect-garbage -d` for deleting old generations of user profiles
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# Change runtime directory size
services.logind.extraConfig = "RuntimeDirectorySize=8G";
# Scheduled auto upgrade system (this is only for system upgrades,
# if you want to upgrade cargo\npm\pip global packages, docker containers or different part of the system
# or get really full system upgrade, use `topgrade` CLI utility manually instead.
# I recommend to use `topgrade` once a week or at least once a month)
system.autoUpgrade = {
enable = true;
operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
flake = "/etc/nixos";
flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
dates = "daily";
# channel = "https://nixos.org/channels/nixos-unstable";
};
# Linux Kernel
boot.kernelPackages = pkgs.linuxKernel.packages.linux_lqx;
boot.kernelParams = [
"quiet"
"fbcon=nodefer"
"vt.global_cursor_default=0"
"kernel.modules_disabled=1"
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
"usbcore.autosuspend=-1"
"video4linux"
"acpi_rev_override=5"
"security=selinux"
];
# boot.kernelPatches = [ {
# name = "selinux-config";
# patch = null;
# extraConfig = ''
# SECURITY_SELINUX y
# SECURITY_SELINUX_BOOTPARAM n
# SECURITY_SELINUX_DEVELOP y
# SECURITY_SELINUX_AVC_STATS y
# DEFAULT_SECURITY_SELINUX n
# '';
# } ];
# Enable networking
networking.networkmanager = {
enable = true;
dns = "none";
};
networking.hostName = "isitreal-laptop"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
services.blueman.enable = true;
# Set your time zone.
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Kyiv";
# Select internationalisation properties.
services.xserver = {
layout = "us,ua,ru";
xkbOptions = "grp:alt_shift_toggle";
};
i18n.supportedLocales = [
"en_US.UTF-8/UTF-8"
"uk_UA.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Fonts
fonts.packages = with pkgs; [
jetbrains-mono
nerd-font-patcher
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [ 3000 ];
# networking.firewall.allowedUDPPorts = [ 3000 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable Encrypted Proxy DNS
networking = {
nameservers = [ "127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = [ "cloudflare" "cloudflare-ipv6" "cloudflare-security" "cloudflare-security-ipv6" "adguard-dns-doh" "mullvad-adblock-doh" "mullvad-doh" "nextdns" "nextdns-ipv6" "quad9-dnscrypt-ipv4-filter-pri" "google" "google-ipv6" "ibksturm" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
# Enable Mullvad VPN
# services.mullvad-vpn.enable = true;
# services.mullvad-vpn.package = pkgs.mullvad; # `pkgs.mullvad` only provides the CLI tool, use `pkgs.mullvad-vpn` instead if you want to use the CLI and the GUI.
# Enable MAC Randomize
# systemd.services.macchanger = {
# enable = true;
# description = "Change MAC address";
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart = "${pkgs.macchanger}/bin/macchanger -r wlp0s20f3";
# ExecStop = "${pkgs.macchanger}/bin/macchanger -p wlp0s20f3";
# RemainAfterExit = true;
# };
# };
# Enable security services
users.users.root.hashedPassword = "!";
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
security.apparmor = {
enable = true;
packages = with pkgs; [
apparmor-utils
apparmor-profiles
];
};
services.fail2ban.enable = true;
# security.polkit.enable = true;
services.usbguard = {
enable = true;
dbus.enable = true;
implicitPolicyTarget = "block";
# FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs
rules = ''
allow id {id} # device 1
allow id {id} # device 2
'';
};
services.clamav = {
daemon.enable = true;
updater.enable = true;
updater.interval = "daily"; #man systemd.time
updater.frequency = 12;
};
programs.firejail = {
enable = true;
wrappedBinaries = {
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
imv = {
executable = "${lib.getBin pkgs.imv}/bin/imv";
profile = "${pkgs.firejail}/etc/firejail/imv.profile";
};
zathura = {
executable = "${lib.getBin pkgs.zathura}/bin/zathura";
profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
};
discord = {
executable = "${lib.getBin pkgs.discord}/bin/discord";
};
};
};
# Systemd services setup
systemd.package = pkgs.systemd.override { withSelinux = true; };
systemd.packages = with pkgs; [
auto-cpufreq
];
# Enable services
services.geoclue2 = {
enable = true;
appConfig = {
"gammastep" = {
isAllowed = true;
isSystem = false;
users = [ "1000" ]; # FIXME: set your user id (to get user id use command 'id -u "your_user_name"')
};
};
};
# services.avahi = {
# enable = true;
# nssmdns = true;
# };
programs.browserpass.enable = true;
programs.direnv.enable = true;
services.upower.enable = true;
programs.fish.enable = true;
programs.dconf.enable = true;
services.dbus.enable = true;
services.dbus.packages = with pkgs; [
xfce.xfconf
gnome2.GConf
];
programs.light.enable = true;
services.mpd.enable = true;
programs.thunar.enable = true;
services.tumbler.enable = true;
services.fwupd.enable = true;
services.auto-cpufreq.enable = true;
security.pam.services.swaylock = {};
# services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
# USB Automounting
services.gvfs.enable = true;
# services.udisks2.enable = true;
# services.devmon.enable = true;
# Wayland compatibility with X
# xdg.portal = {
# enable = true;
# wlr.enable = true;
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
### Enable container manager
# Enable Containerd
# virtualisation.containerd.enable = true;
# Enable Docker
# virtualisation.docker.enable = true;
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# users.extraGroups.docker.members = [ "xnm" ];
# Enable Podman
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.xnm = {
isNormalUser = true;
description = "xnm";
extraGroups = [ "networkmanager" "input" "wheel" "video" "audio" "tss" ];
shell = pkgs.fish;
packages = with pkgs; [
spotify
youtube-music
discord
tdesktop
vscode
brave
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Apply the overlay to the package set
nixpkgs.overlays = [
inputs.rust-overlay.overlays.default
];
# Override packages
nixpkgs.config.packageOverrides = pkgs: {
colloid-icon-theme = pkgs.colloid-icon-theme.override { colorVariants = ["teal"]; };
catppuccin-gtk = pkgs.catppuccin-gtk.override {
accents = [ "teal" ]; # You can specify multiple accents here to output multiple themes
size = "standard";
variant = "macchiato";
};
discord = pkgs.discord.override {
withOpenASAR = true;
withTTS = true;
};
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
policycoreutils
mold
gcc13
jdk11
go
gopls
delve
(python311Full.withPackages(ps: with ps; [ pygobject3 gobject-introspection pyqt6-sip]))
nodePackages_latest.nodejs
bun
lua
zig
numbat
python311Packages.python-lsp-server
nodePackages_latest.nodemon
nodePackages_latest.typescript
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
nodePackages_latest.yaml-language-server
nodePackages_latest.dockerfile-language-server-nodejs
sumneko-lua-language-server
marksman
nil
zls
(rust-bin.fromRustupToolchainFile ./rust-toolchain.toml)
evcxr #rust repl
taplo #toml formatter & lsp
cargo-watch
cargo-deny
cargo-audit
cargo-update
cargo-edit
cargo-outdated
cargo-license
cargo-tarpaulin
cargo-cross
cargo-zigbuild
cargo-nextest
cargo-spellcheck
cargo-modules
cargo-bloat
cargo-unused-features
bacon
lldb_16
upx
wasmedge
wasmer
lunatic
wasmi
# wasm3
# mullvad-closest
license-generator
git-ignore
just
xh
tgpt
wezterm
cool-retro-term
# mcfly # terminal history
starship
zellij
helix
git
progress
noti
topgrade
ripgrep
rewrk
wrk2
procs
tealdeer
# skim #fzf better alternative in rust
monolith
aria
# macchina #neofetch alternative in rust
sd
ouch
duf
du-dust
fd
jq
gh
trash-cli
zoxide
tokei
fzf
bat
mdcat
pandoc
lsd
gping
viu
tre-command
felix-fm
chafa
# nerdctl
# firecracker
# firectl
# flintlock
distrobox
qemu
podman-compose
podman-tui
lazydocker
lazygit
neofetch
onefetch
ipfetch
cpufetch
starfetch
octofetch
htop
bottom
btop
kmon
cmatrix
pipes-rs
rsclock
cava
figlet
qutebrowser
zathura
mpv
imv
numix-icon-theme-circle
colloid-icon-theme
catppuccin-gtk
catppuccin-kvantum
catppuccin-cursors.macchiatoTeal
at-spi2-atk
pamixer
pavucontrol
qt6.qtwayland
psi-notify
poweralertd
# wlsunset
gammastep
greetd.tuigreet
swaylock-effects
swayidle
brightnessctl
playerctl
psmisc
grim
slurp
imagemagick
swappy
ffmpeg_6-full
# wl-screenrec
wf-recorder
wl-clipboard
cliphist
clipboard-jh
xdg-utils
wtype
wlrctl
hyprpicker
pyprland
waybar
rofi-wayland
dunst
avizo
wlogout
wpaperd
# swww
gifsicle
nuspell
hyphen
hunspell
hunspellDicts.en_US
hunspellDicts.uk_UA
hunspellDicts.ru_RU
vulnix #scan command: vulnix --system
clamav #scan command: sudo freshcalm; clamscan [options] [file/directory/-]
chkrootkit #scan command: sudo chkrootkit
# passphrase2pgp
pass-wayland
pass2csv
passExtensions.pass-tomb
passExtensions.pass-update
passExtensions.pass-otp
passExtensions.pass-import
passExtensions.pass-audit
tomb
docker-credential-helpers
pass-git-helper
# vulkan-tools
# opencl-info
# clinfo
# vdpauinfo
# libva-utils
# nvtop
usbutils
dig
speedtest-rs
# gnome.gnome-tweaks
# gnome.gnome-shell
# xsettingsd
# gnome.gnome-shell-extensions
# themechanger
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}
View Git Blame Copy Permalink