From f03eb696451dc63ae75a5c20fc356b5aa46b6dd9 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Sun, 22 Sep 2024 21:17:32 -0700 Subject: fix configuration to use stable; this is because unstable will break the build process of packages --- configuration.nix | 173 ++++++++++++++++++++++++++++++++++++++++++++----- flake.nix | 4 +- home.nix | 191 +++++++++++++++++++++++++++++++----------------------- 3 files changed, 268 insertions(+), 100 deletions(-) diff --git a/configuration.nix b/configuration.nix index 150304c..fd9ea5a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -6,16 +6,19 @@ ./hardware-configuration.nix ]; - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; networking = { hostName = "continuity"; networkmanager.enable = true; firewall = { - allowedTCPPorts = [ 80 443 6600 8000 11434 7777 ]; + allowedTCPPorts = [ 80 443 6600 8000 18080 37889 11434 7777 ]; }; }; @@ -24,7 +27,8 @@ enable = true; powerOnBoot = true; }; - graphics = { + + opengl = { enable = true; extraPackages = with pkgs; [ vaapiVdpau @@ -32,6 +36,7 @@ nvidia-vaapi-driver ]; }; + nvidia = { modesetting.enable = true; powerManagement = { @@ -46,20 +51,34 @@ }; services = { + dbus = { + apparmor = "enabled"; + }; + xserver = { - enable = true; displayManager = { startx.enable = true; }; + + windowManager = { + i3 = { + enable = true; + package = pkgs.i3-gaps; + }; + }; + desktopManager = { runXdgAutostartIfNone = true; }; - videoDrivers = [ "nvidia" ]; + xkb = { layout = "us"; variant = ""; options = "caps:escape"; }; + + videoDrivers = [ "nvidia" ]; + enable = true; }; pipewire = { @@ -70,7 +89,7 @@ }; pulse.enable = true; jack.enable = true; - #media-session.enable = true; + wireplumber.enable = true; }; kanata = { @@ -82,7 +101,6 @@ enable = true; user = "preston"; openFirewall = true; - # group = "preston"; listen = { port = 9999; @@ -97,10 +115,49 @@ }; }; + monero = { + enable = true; + }; + + tor = { + enable = true; + openFirewall = true; + }; + + i2pd = { + enable = true; + address = "0.0.0.0"; + inTunnels = { + }; + outTunnels = { + }; + }; + ollama = { enable = true; acceleration = "cuda"; - host = "0.0.0.0"; + # host = "0.0.0.0"; + }; + + # Email Service + dovecot2 = { + enable = true; + enableImap = true; + enablePop3 = true; + }; + + postfix = { + enable = true; + config = { + }; + }; + + # Git server + gitDaemon = { + enable = true; + exportAll = true; + listenAddress = "0.0.0.0"; + basePath = "/srv/git"; }; openssh = { @@ -114,13 +171,73 @@ nginx = { enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + appendHttpConfig = '' + # Add HSTS header with preloading to HTTPS requests. + # Adding this header to HTTP requests is discouraged + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + + # Enable CSP for your services. + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + + # Minimize information leaked to other domains + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + + # Disable embedding as a frame + add_header X-Frame-Options DENY; + + # Prevent injection of code in other mime types (XSS Attacks) + add_header X-Content-Type-Options nosniff; + + # This might create errors + proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + + virtualHosts = { + "ret2pop.net" = { + # addSSL = true; + # enableACME = true; + root = "/home/preston/ret2pop-website/"; + }; + }; }; + # xmrig = { + # enable = true; + # package = pkgs.xmrig-mo; + # settings = { + # autosave = true; + # cpu = true; + # opencl = false; + # cuda = false; + # pools = [ + # { + # url = "pool.supportxmr.com:443"; + # user = "49Yyj1PBXSefihA88bm8RzaKiaBizrDoWTnQy4kKVRWU5vnnqx7CfWbEe9ioKTozYWBMa9Am81q9uMgBdhj8iAriF47TQnM"; + # keepalive = true; + # tls = true; + # } + # ]; + # }; + # }; + # Misc. - udev.packages = [ - pkgs.platformio-core - pkgs.platformio-core.udev - pkgs.openocd + udev.packages = with pkgs; [ + platformio-core + platformio-core.udev + openocd ]; printing.enable = true; @@ -142,10 +259,22 @@ ]; }; + security = { + # acme = { + # acceptTerms = true; + # defaults.email = "ret2pop@gmail.com"; + # }; + + rtkit.enable = true; + + lockKernelModules = true; + protectKernelImage = true; + }; + xdg.portal = { enable = true; wlr.enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal pkgs.xdg-desktop-portal-hyprland ]; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal xdg-desktop-portal-hyprland ]; config.common.default = "*"; }; @@ -165,12 +294,22 @@ root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" ]; + + git = { + isSystemUser = true; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" + ]; + }; + preston = { isNormalUser = true; description = "Preston Pan"; extraGroups = [ "networkmanager" "wheel" "video" "docker" ]; shell = pkgs.zsh; - packages = with pkgs; [ + packages = [ ]; }; }; @@ -178,8 +317,6 @@ nix.settings.experimental-features = "nix-command flakes"; virtualisation.docker.enable = true; - security.rtkit.enable = true; - # services.xserver.libinput.enable = true; time.timeZone = "America/Vancouver"; i18n.defaultLocale = "en_CA.UTF-8"; diff --git a/flake.nix b/flake.nix index f58cd09..cf6925e 100644 --- a/flake.nix +++ b/flake.nix @@ -3,10 +3,10 @@ inputs = { nixpkgs = { - url = "github:nixos/nixpkgs/nixos-unstable"; + url = "github:nixos/nixpkgs/nixos-24.05"; }; home-manager = { - url = "github:nix-community/home-manager/release-23.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home.nix b/home.nix index 95dd8db..9577530 100644 --- a/home.nix +++ b/home.nix @@ -5,11 +5,16 @@ username = "preston"; homeDirectory = "/home/preston"; stateVersion = "23.11"; + packages = with pkgs; [ alsa-scarlett-gui + ardour + audacity autobuild + bisq-desktop bear blender + bun cargo clang clang-tools @@ -17,10 +22,10 @@ cowsay croc curl + dmenu electrum ffmpeg fira-code - fluffychat fswebcam ghostscript git @@ -31,11 +36,13 @@ helvum imagemagick inkscape - kdenlive + # kdenlive kicad krita light + libnotify monero-gui + monero-cli mpc-cli mu nixd @@ -57,12 +64,18 @@ python3 python312Packages.jedi qsynth + qpwgraph rsync rust-analyzer + rustfmt + slack + sox swww telegram-desktop texliveFull timeshift + # typescript-language-server + typescript tor-browser veracrypt vesktop @@ -71,6 +84,7 @@ wget x11_ssh_askpass xdg-utils + signal-desktop (aspellWithDicts (dicts: with dicts; [ en en-computers en-science ])) (nerdfonts.override { fonts = [ "Iosevka" ]; }) @@ -79,9 +93,22 @@ }; services = { + mako = { + enable = true; + backgroundColor = "#11111bf8"; + textColor = "#cdd6f4"; + borderColor = "#89b4faff"; + borderRadius = 1; + font = "Fira Code 10"; + defaultTimeout = 3000; + extraConfig = '' +on-notify=exec mpv /home/preston/sounds/notification.mp3 --no-config +''; + }; + gpg-agent = { + pinentryPackage = pkgs.pinentry-emacs; enable = true; - pinentryFlavor = "emacs"; extraConfig = '' allow-emacs-pinentry allow-loopback-pinentry @@ -93,11 +120,12 @@ provider = "manual"; latitude = 49.282730; longitude = -123.120735; - + temperature = { - day = 5000; - night = 3000; + day = 5000; + night = 3000; }; + settings = { general = { adjustment-method = "wayland"; @@ -131,24 +159,6 @@ } ''; }; - - pantalaimon = { - enable = true; - settings = { - Default = { - LogLevel = "Debug"; - SSL = true; - }; - local-matrix = { - Homeserver = "https://social.nullring.xyz"; - ListenAddress = "0.0.0.0"; - ListenPort = 8008; - SSL = false; - UseKeyring = false; - IgnoreVerification = true; - }; - }; - }; }; programs = { @@ -1021,11 +1031,12 @@ py = "python3"; rb = "sudo nixos-rebuild switch"; nfu = "cd /etc/nixos/ && sudo nix flake update"; + i3 = "exec ${pkgs.i3-gaps}/bin/i3"; }; loginExtra = '' -if [ "$(tty)" = "/dev/tty1" ];then - exec Hyprland -fi +#if [ "$(tty)" = "/dev/tty1" ];then +# exec Hyprland +#fi ''; }; @@ -1037,68 +1048,69 @@ fi (org-babel-load-file (expand-file-name "~/org/website/config/emacs.org"))''; extraPackages = epkgs: [ - epkgs.nix-mode - epkgs.emms - epkgs.magit - epkgs.vterm + epkgs.all-the-icons epkgs.auctex - epkgs.use-package + epkgs.catppuccin-theme + epkgs.chatgpt-shell + epkgs.company + epkgs.counsel + epkgs.dashboard + epkgs.doom-modeline + epkgs.elfeed + epkgs.elfeed-org + epkgs.ellama + epkgs.elpher + epkgs.ement + epkgs.emmet-mode + epkgs.emms + epkgs.enwc epkgs.evil epkgs.evil-collection - epkgs.org-roam - epkgs.org-journal + epkgs.evil-commentary + epkgs.evil-org + epkgs.f epkgs.general - epkgs.which-key + epkgs.gptel epkgs.gruvbox-theme - epkgs.elfeed - epkgs.elfeed-org - epkgs.doom-modeline - epkgs.dashboard - epkgs.org-superstar - epkgs.projectile - epkgs.lsp-mode + epkgs.htmlize epkgs.ivy + epkgs.ivy-pass + epkgs.latex-preview-pane epkgs.lsp-ivy - epkgs.all-the-icons - epkgs.page-break-lines - epkgs.counsel + epkgs.lsp-mode + epkgs.lyrics-fetcher + epkgs.magit + epkgs.magit-delta epkgs.mu4e - epkgs.yasnippet - epkgs.yasnippet-snippets - epkgs.company - epkgs.pinentry + epkgs.nix-mode + epkgs.org-fragtog + epkgs.org-journal + epkgs.org-roam + epkgs.org-roam-ui + epkgs.org-superstar + epkgs.page-break-lines + epkgs.password-store epkgs.pdf-tools - epkgs.ivy-pass - epkgs.magit-delta - epkgs.sudo-edit - epkgs.evil-commentary - epkgs.evil-org - epkgs.catppuccin-theme - epkgs.htmlize - epkgs.web-mode - epkgs.emmet-mode - epkgs.ement + epkgs.pinentry + epkgs.projectile epkgs.rustic - epkgs.chatgpt-shell - epkgs.ellama - epkgs.latex-preview-pane + epkgs.scad-mode + epkgs.simple-httpd + epkgs.sudo-edit epkgs.treemacs - epkgs.treemacs-projectile epkgs.treemacs-evil epkgs.treemacs-magit + epkgs.treemacs-projectile epkgs.treesit-auto - epkgs.gptel - epkgs.elpher - epkgs.lyrics-fetcher - epkgs.password-store - epkgs.org-roam-ui + epkgs.typescript-mode + epkgs.use-package + epkgs.vterm + epkgs.web-mode epkgs.websocket - epkgs.simple-httpd - epkgs.f - epkgs.org-fragtog - epkgs.enwc + epkgs.which-key epkgs.writegood-mode - epkgs.scad-mode + epkgs.yasnippet + epkgs.yasnippet-snippets ]; }; @@ -1181,7 +1193,6 @@ fi b = "branch"; }; }; - home-manager.enable = true; }; @@ -1261,12 +1272,12 @@ fi let c = (x + 1) / 10; in - builtins.toString (x + 1 - (c * 10)); + builtins.toString (x + 1 - (c * 10)); in - [ - "$mod, ${ws}, workspace, ${toString (x + 1)}" - "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" - ] + [ + "$mod, ${ws}, workspace, ${toString (x + 1)}" + "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" + ] ) 10) ); @@ -1314,10 +1325,17 @@ fi }; }; + gtk = { + enable = true; + theme = null; + iconTheme = null; + }; + i18n.inputMethod = { enabled = "fcitx5"; fcitx5.addons = with pkgs; [ fcitx5-gtk + fcitx5-chinese-addons fcitx5-configtool fcitx5-mozc fcitx5-rime @@ -1325,7 +1343,20 @@ fi }; fonts.fontconfig.enable = true; - xsession.enable = true; + # xsession = { + # enable = true; + # windowManager.i3 = { + # enable = true; + # package = pkgs.i3-gaps; + # config = { + # modifier = "Mod4"; + # gaps = { + # inner = 10; + # outer = 5; + # }; + # }; + # }; + # }; nixpkgs.config.cudaSupport = true; } -- cgit