aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configuration.nix173
-rw-r--r--flake.nix4
-rw-r--r--home.nix191
3 files changed, 268 insertions, 100 deletions
diff --git a/configuration.nix b/configuration.nix
index 150304c..fd9ea5a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,16 +6,19 @@
./hardware-configuration.nix
];
- boot.loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
+
+ boot = {
+ loader = {
+ systemd-boot.enable = true;
+ efi.canTouchEfiVariables = true;
+ };
};
networking = {
hostName = "continuity";
networkmanager.enable = true;
firewall = {
- allowedTCPPorts = [ 80 443 6600 8000 11434 7777 ];
+ allowedTCPPorts = [ 80 443 6600 8000 18080 37889 11434 7777 ];
};
};
@@ -24,7 +27,8 @@
enable = true;
powerOnBoot = true;
};
- graphics = {
+
+ opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
@@ -32,6 +36,7 @@
nvidia-vaapi-driver
];
};
+
nvidia = {
modesetting.enable = true;
powerManagement = {
@@ -46,20 +51,34 @@
};
services = {
+ dbus = {
+ apparmor = "enabled";
+ };
+
xserver = {
- enable = true;
displayManager = {
startx.enable = true;
};
+
+ windowManager = {
+ i3 = {
+ enable = true;
+ package = pkgs.i3-gaps;
+ };
+ };
+
desktopManager = {
runXdgAutostartIfNone = true;
};
- videoDrivers = [ "nvidia" ];
+
xkb = {
layout = "us";
variant = "";
options = "caps:escape";
};
+
+ videoDrivers = [ "nvidia" ];
+ enable = true;
};
pipewire = {
@@ -70,7 +89,7 @@
};
pulse.enable = true;
jack.enable = true;
- #media-session.enable = true;
+ wireplumber.enable = true;
};
kanata = {
@@ -82,7 +101,6 @@
enable = true;
user = "preston";
openFirewall = true;
- # group = "preston";
listen = {
port = 9999;
@@ -97,10 +115,49 @@
};
};
+ monero = {
+ enable = true;
+ };
+
+ tor = {
+ enable = true;
+ openFirewall = true;
+ };
+
+ i2pd = {
+ enable = true;
+ address = "0.0.0.0";
+ inTunnels = {
+ };
+ outTunnels = {
+ };
+ };
+
ollama = {
enable = true;
acceleration = "cuda";
- host = "0.0.0.0";
+ # host = "0.0.0.0";
+ };
+
+ # Email Service
+ dovecot2 = {
+ enable = true;
+ enableImap = true;
+ enablePop3 = true;
+ };
+
+ postfix = {
+ enable = true;
+ config = {
+ };
+ };
+
+ # Git server
+ gitDaemon = {
+ enable = true;
+ exportAll = true;
+ listenAddress = "0.0.0.0";
+ basePath = "/srv/git";
};
openssh = {
@@ -114,13 +171,73 @@
nginx = {
enable = true;
+
+ # Use recommended settings
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+
+ # Only allow PFS-enabled ciphers with AES256
+ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+ appendHttpConfig = ''
+ # Add HSTS header with preloading to HTTPS requests.
+ # Adding this header to HTTP requests is discouraged
+ map $scheme $hsts_header {
+ https "max-age=31536000; includeSubdomains; preload";
+ }
+ add_header Strict-Transport-Security $hsts_header;
+
+ # Enable CSP for your services.
+ #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+
+ # Minimize information leaked to other domains
+ add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+ # Disable embedding as a frame
+ add_header X-Frame-Options DENY;
+
+ # Prevent injection of code in other mime types (XSS Attacks)
+ add_header X-Content-Type-Options nosniff;
+
+ # This might create errors
+ proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+ '';
+
+ virtualHosts = {
+ "ret2pop.net" = {
+ # addSSL = true;
+ # enableACME = true;
+ root = "/home/preston/ret2pop-website/";
+ };
+ };
};
+ # xmrig = {
+ # enable = true;
+ # package = pkgs.xmrig-mo;
+ # settings = {
+ # autosave = true;
+ # cpu = true;
+ # opencl = false;
+ # cuda = false;
+ # pools = [
+ # {
+ # url = "pool.supportxmr.com:443";
+ # user = "49Yyj1PBXSefihA88bm8RzaKiaBizrDoWTnQy4kKVRWU5vnnqx7CfWbEe9ioKTozYWBMa9Am81q9uMgBdhj8iAriF47TQnM";
+ # keepalive = true;
+ # tls = true;
+ # }
+ # ];
+ # };
+ # };
+
# Misc.
- udev.packages = [
- pkgs.platformio-core
- pkgs.platformio-core.udev
- pkgs.openocd
+ udev.packages = with pkgs; [
+ platformio-core
+ platformio-core.udev
+ openocd
];
printing.enable = true;
@@ -142,10 +259,22 @@
];
};
+ security = {
+ # acme = {
+ # acceptTerms = true;
+ # defaults.email = "ret2pop@gmail.com";
+ # };
+
+ rtkit.enable = true;
+
+ lockKernelModules = true;
+ protectKernelImage = true;
+ };
+
xdg.portal = {
enable = true;
wlr.enable = true;
- extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal pkgs.xdg-desktop-portal-hyprland ];
+ extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal xdg-desktop-portal-hyprland ];
config.common.default = "*";
};
@@ -165,12 +294,22 @@
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
];
+
+ git = {
+ isSystemUser = true;
+ home = "/srv/git";
+ shell = "${pkgs.git}/bin/git-shell";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
+ ];
+ };
+
preston = {
isNormalUser = true;
description = "Preston Pan";
extraGroups = [ "networkmanager" "wheel" "video" "docker" ];
shell = pkgs.zsh;
- packages = with pkgs; [
+ packages = [
];
};
};
@@ -178,8 +317,6 @@
nix.settings.experimental-features = "nix-command flakes";
virtualisation.docker.enable = true;
- security.rtkit.enable = true;
- # services.xserver.libinput.enable = true;
time.timeZone = "America/Vancouver";
i18n.defaultLocale = "en_CA.UTF-8";
diff --git a/flake.nix b/flake.nix
index f58cd09..cf6925e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,10 +3,10 @@
inputs = {
nixpkgs = {
- url = "github:nixos/nixpkgs/nixos-unstable";
+ url = "github:nixos/nixpkgs/nixos-24.05";
};
home-manager = {
- url = "github:nix-community/home-manager/release-23.11";
+ url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
diff --git a/home.nix b/home.nix
index 95dd8db..9577530 100644
--- a/home.nix
+++ b/home.nix
@@ -5,11 +5,16 @@
username = "preston";
homeDirectory = "/home/preston";
stateVersion = "23.11";
+
packages = with pkgs; [
alsa-scarlett-gui
+ ardour
+ audacity
autobuild
+ bisq-desktop
bear
blender
+ bun
cargo
clang
clang-tools
@@ -17,10 +22,10 @@
cowsay
croc
curl
+ dmenu
electrum
ffmpeg
fira-code
- fluffychat
fswebcam
ghostscript
git
@@ -31,11 +36,13 @@
helvum
imagemagick
inkscape
- kdenlive
+ # kdenlive
kicad
krita
light
+ libnotify
monero-gui
+ monero-cli
mpc-cli
mu
nixd
@@ -57,12 +64,18 @@
python3
python312Packages.jedi
qsynth
+ qpwgraph
rsync
rust-analyzer
+ rustfmt
+ slack
+ sox
swww
telegram-desktop
texliveFull
timeshift
+ # typescript-language-server
+ typescript
tor-browser
veracrypt
vesktop
@@ -71,6 +84,7 @@
wget
x11_ssh_askpass
xdg-utils
+ signal-desktop
(aspellWithDicts
(dicts: with dicts; [ en en-computers en-science ]))
(nerdfonts.override { fonts = [ "Iosevka" ]; })
@@ -79,9 +93,22 @@
};
services = {
+ mako = {
+ enable = true;
+ backgroundColor = "#11111bf8";
+ textColor = "#cdd6f4";
+ borderColor = "#89b4faff";
+ borderRadius = 1;
+ font = "Fira Code 10";
+ defaultTimeout = 3000;
+ extraConfig = ''
+on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config
+'';
+ };
+
gpg-agent = {
+ pinentryPackage = pkgs.pinentry-emacs;
enable = true;
- pinentryFlavor = "emacs";
extraConfig = ''
allow-emacs-pinentry
allow-loopback-pinentry
@@ -93,11 +120,12 @@
provider = "manual";
latitude = 49.282730;
longitude = -123.120735;
-
+
temperature = {
- day = 5000;
- night = 3000;
+ day = 5000;
+ night = 3000;
};
+
settings = {
general = {
adjustment-method = "wayland";
@@ -131,24 +159,6 @@
}
'';
};
-
- pantalaimon = {
- enable = true;
- settings = {
- Default = {
- LogLevel = "Debug";
- SSL = true;
- };
- local-matrix = {
- Homeserver = "https://social.nullring.xyz";
- ListenAddress = "0.0.0.0";
- ListenPort = 8008;
- SSL = false;
- UseKeyring = false;
- IgnoreVerification = true;
- };
- };
- };
};
programs = {
@@ -1021,11 +1031,12 @@
py = "python3";
rb = "sudo nixos-rebuild switch";
nfu = "cd /etc/nixos/ && sudo nix flake update";
+ i3 = "exec ${pkgs.i3-gaps}/bin/i3";
};
loginExtra = ''
-if [ "$(tty)" = "/dev/tty1" ];then
- exec Hyprland
-fi
+#if [ "$(tty)" = "/dev/tty1" ];then
+# exec Hyprland
+#fi
'';
};
@@ -1037,68 +1048,69 @@ fi
(org-babel-load-file
(expand-file-name "~/org/website/config/emacs.org"))'';
extraPackages = epkgs: [
- epkgs.nix-mode
- epkgs.emms
- epkgs.magit
- epkgs.vterm
+ epkgs.all-the-icons
epkgs.auctex
- epkgs.use-package
+ epkgs.catppuccin-theme
+ epkgs.chatgpt-shell
+ epkgs.company
+ epkgs.counsel
+ epkgs.dashboard
+ epkgs.doom-modeline
+ epkgs.elfeed
+ epkgs.elfeed-org
+ epkgs.ellama
+ epkgs.elpher
+ epkgs.ement
+ epkgs.emmet-mode
+ epkgs.emms
+ epkgs.enwc
epkgs.evil
epkgs.evil-collection
- epkgs.org-roam
- epkgs.org-journal
+ epkgs.evil-commentary
+ epkgs.evil-org
+ epkgs.f
epkgs.general
- epkgs.which-key
+ epkgs.gptel
epkgs.gruvbox-theme
- epkgs.elfeed
- epkgs.elfeed-org
- epkgs.doom-modeline
- epkgs.dashboard
- epkgs.org-superstar
- epkgs.projectile
- epkgs.lsp-mode
+ epkgs.htmlize
epkgs.ivy
+ epkgs.ivy-pass
+ epkgs.latex-preview-pane
epkgs.lsp-ivy
- epkgs.all-the-icons
- epkgs.page-break-lines
- epkgs.counsel
+ epkgs.lsp-mode
+ epkgs.lyrics-fetcher
+ epkgs.magit
+ epkgs.magit-delta
epkgs.mu4e
- epkgs.yasnippet
- epkgs.yasnippet-snippets
- epkgs.company
- epkgs.pinentry
+ epkgs.nix-mode
+ epkgs.org-fragtog
+ epkgs.org-journal
+ epkgs.org-roam
+ epkgs.org-roam-ui
+ epkgs.org-superstar
+ epkgs.page-break-lines
+ epkgs.password-store
epkgs.pdf-tools
- epkgs.ivy-pass
- epkgs.magit-delta
- epkgs.sudo-edit
- epkgs.evil-commentary
- epkgs.evil-org
- epkgs.catppuccin-theme
- epkgs.htmlize
- epkgs.web-mode
- epkgs.emmet-mode
- epkgs.ement
+ epkgs.pinentry
+ epkgs.projectile
epkgs.rustic
- epkgs.chatgpt-shell
- epkgs.ellama
- epkgs.latex-preview-pane
+ epkgs.scad-mode
+ epkgs.simple-httpd
+ epkgs.sudo-edit
epkgs.treemacs
- epkgs.treemacs-projectile
epkgs.treemacs-evil
epkgs.treemacs-magit
+ epkgs.treemacs-projectile
epkgs.treesit-auto
- epkgs.gptel
- epkgs.elpher
- epkgs.lyrics-fetcher
- epkgs.password-store
- epkgs.org-roam-ui
+ epkgs.typescript-mode
+ epkgs.use-package
+ epkgs.vterm
+ epkgs.web-mode
epkgs.websocket
- epkgs.simple-httpd
- epkgs.f
- epkgs.org-fragtog
- epkgs.enwc
+ epkgs.which-key
epkgs.writegood-mode
- epkgs.scad-mode
+ epkgs.yasnippet
+ epkgs.yasnippet-snippets
];
};
@@ -1181,7 +1193,6 @@ fi
b = "branch";
};
};
-
home-manager.enable = true;
};
@@ -1261,12 +1272,12 @@ fi
let
c = (x + 1) / 10;
in
- builtins.toString (x + 1 - (c * 10));
+ builtins.toString (x + 1 - (c * 10));
in
- [
- "$mod, ${ws}, workspace, ${toString (x + 1)}"
- "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}"
- ]
+ [
+ "$mod, ${ws}, workspace, ${toString (x + 1)}"
+ "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}"
+ ]
)
10)
);
@@ -1314,10 +1325,17 @@ fi
};
};
+ gtk = {
+ enable = true;
+ theme = null;
+ iconTheme = null;
+ };
+
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-gtk
+ fcitx5-chinese-addons
fcitx5-configtool
fcitx5-mozc
fcitx5-rime
@@ -1325,7 +1343,20 @@ fi
};
fonts.fontconfig.enable = true;
- xsession.enable = true;
+ # xsession = {
+ # enable = true;
+ # windowManager.i3 = {
+ # enable = true;
+ # package = pkgs.i3-gaps;
+ # config = {
+ # modifier = "Mod4";
+ # gaps = {
+ # inner = 10;
+ # outer = 5;
+ # };
+ # };
+ # };
+ # };
nixpkgs.config.cudaSupport = true;
}