314 lines
6.7 KiB
Nix
314 lines
6.7 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, ... }:
|
||
|
||
{
|
||
imports =
|
||
[ # Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
./security.nix
|
||
./monitor-hotplug.nix
|
||
];
|
||
|
||
# Use the systemd-boot EFI boot loader.
|
||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.plymouth.enable = true;
|
||
boot.extraModprobeConfig = ''
|
||
options hid_apple fnmode=2
|
||
'';
|
||
|
||
networking = {
|
||
hostName = "lenovo";
|
||
#wireless.enable = true;
|
||
useDHCP = false;
|
||
#wicd.enable = true;
|
||
networkmanager = {
|
||
enable = true;
|
||
};
|
||
extraHosts = ''
|
||
89.176.42.143 pkcloud
|
||
'';
|
||
};
|
||
|
||
# Select internationalisation properties.
|
||
i18n = {
|
||
defaultLocale = "en_US.UTF-8";
|
||
};
|
||
|
||
console = {
|
||
font = "Lat2-Terminus16";
|
||
keyMap = "us";
|
||
};
|
||
|
||
# Set your time zone.
|
||
time.timeZone = "Europe/Prague";
|
||
|
||
# List packages installed in system profile. To search by name, run:
|
||
# $ nix-env -qaP | grep wget
|
||
environment.systemPackages = with pkgs; [
|
||
wget
|
||
bind
|
||
vim
|
||
#firefox
|
||
(firefox.override { extraNativeMessagingHosts = [ passff-host ]; })
|
||
brave
|
||
xdg-desktop-portal-kde
|
||
plasma-browser-integration
|
||
keepassxc
|
||
kitty
|
||
fish
|
||
transmission_gtk
|
||
wireshark
|
||
vlc
|
||
moc
|
||
libmtp
|
||
usbutils
|
||
binutils-unwrapped
|
||
patchelf
|
||
file
|
||
highlight
|
||
mediainfo
|
||
xfontsel
|
||
xorg.xbacklight
|
||
xorg.xev
|
||
volumeicon
|
||
ntfs3g
|
||
htop
|
||
git
|
||
gitRepo
|
||
lm_sensors
|
||
acpi
|
||
pavucontrol
|
||
#openjdk8
|
||
#openjdk11
|
||
#graalvm8
|
||
visualvm
|
||
scala
|
||
dotty
|
||
(sbt.override { jre = pkgs.openjdk; })
|
||
docker
|
||
protobuf3_9
|
||
openssl
|
||
openssl.dev
|
||
pv
|
||
graphviz
|
||
wirelesstools
|
||
openfortivpn
|
||
imagemagick
|
||
squashfsTools
|
||
rpm
|
||
unzip
|
||
chromium
|
||
#masterpdfeditor
|
||
telnet
|
||
#geteltorito
|
||
nix-index
|
||
maven
|
||
nodejs
|
||
mongodb-tools
|
||
screen
|
||
p7zip
|
||
zlib.static
|
||
zlib.dev
|
||
#llvm
|
||
#clang
|
||
gcc
|
||
#libunwind.out
|
||
#libunwind.dev
|
||
re2
|
||
robo3t
|
||
#nextcloud-client
|
||
cmake
|
||
gnumake
|
||
gperf
|
||
netcat-gnu
|
||
smartmontools
|
||
unrar
|
||
docker_compose
|
||
#(python3.withPackages (ps: with ps; [ setuptools ]))
|
||
jenkins-job-builder
|
||
sysstat
|
||
yad
|
||
xdotool
|
||
okular
|
||
dolphin
|
||
kcalc
|
||
kate
|
||
okteta
|
||
spectacle
|
||
ark
|
||
filelight
|
||
ffmpeg
|
||
poppler_utils
|
||
libusb
|
||
pcsclite
|
||
pcsctools
|
||
easyrsa
|
||
openvpn
|
||
#qtcreator
|
||
tcpdump
|
||
kdiff3
|
||
xscreensaver
|
||
aqemu
|
||
flatpak
|
||
jq
|
||
android-file-transfer
|
||
pass
|
||
passff-host
|
||
minikube
|
||
yed
|
||
pencil
|
||
dia
|
||
mongodb-tools
|
||
meld
|
||
gnuplot
|
||
#mysql-workbench
|
||
#zookeeper
|
||
wireguard
|
||
wireguard-tools
|
||
];
|
||
|
||
fonts = {
|
||
enableFontDir = true;
|
||
fonts = with pkgs; [
|
||
source-code-pro
|
||
liberation_ttf
|
||
font-awesome-ttf
|
||
];
|
||
};
|
||
|
||
nixpkgs.config = {
|
||
allowUnfree = true;
|
||
android_sdk.accept_license = true;
|
||
firefox.enablePlasmaBrowserIntegration = true;
|
||
permittedInsecurePackages = [
|
||
"openssl-1.0.2u"
|
||
];
|
||
};
|
||
|
||
# Some programs need SUID wrappers, can be configured further or are
|
||
# started in user sessions.
|
||
# programs.bash.enableCompletion = true;
|
||
# programs.mtr.enable = true;
|
||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||
programs.wireshark.enable = true;
|
||
|
||
# List services that you want to enable:
|
||
|
||
services.openvpn.servers = {
|
||
client = {
|
||
config = ''
|
||
client
|
||
dev tun
|
||
proto udp
|
||
remote 192.168.1.5 1194
|
||
nobind
|
||
ca /home/nnm/openvpn/ca.crt
|
||
cert /home/nnm/openvpn/lenovo-laptop1.crt
|
||
key /home/nnm/openvpn/lenovo-laptop1.key
|
||
tls-auth /home/nnm/openvpn/ta.key 1
|
||
remote-cert-tls server
|
||
'';
|
||
};
|
||
};
|
||
|
||
services.flatpak.enable = true;
|
||
services.pcscd.enable = true;
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh.enable = true;
|
||
services.teamviewer.enable = true;
|
||
|
||
# Open ports in the firewall.
|
||
networking.firewall.allowedTCPPorts = [ 88 8443 111 2049 ];
|
||
networking.firewall.allowedUDPPorts = [ 111 2049 1194 ];
|
||
# Or disable the firewall altogether.
|
||
#networking.firewall.enable = false;
|
||
|
||
# Enable CUPS to print documents.
|
||
services.printing.enable = true;
|
||
services.printing.drivers = [ pkgs.splix ];
|
||
|
||
#services.mongodb.enable = true;
|
||
#services.postgresql = {
|
||
# enable = true;
|
||
# ensureUsers = [ { name = "nnm"; } ];
|
||
#};
|
||
|
||
# keyring
|
||
#services.gnome3.gnome-keyring.enable = true;
|
||
#services.gnome3.seahorse.enable = true;
|
||
#services.gnome3.at-spi2-core.enable = true;
|
||
|
||
# Enable the X11 windowing system.
|
||
services.xserver.enable = true;
|
||
services.xserver.layout = "us,ru";
|
||
services.xserver.xkbOptions = "grp:caps_toggle";
|
||
|
||
# Enable touchpad support.
|
||
services.xserver.libinput.enable = true;
|
||
|
||
# i3
|
||
#services.xserver.displayManager.lightdm.enable = true;
|
||
#services.xserver.windowManager.i3.enable = true;
|
||
|
||
# kde
|
||
services.xserver.displayManager.sddm.enable = true;
|
||
services.xserver.desktopManager.plasma5.enable = true;
|
||
|
||
# virtualisation
|
||
virtualisation = {
|
||
docker.enable = true;
|
||
libvirtd = {
|
||
enable = true;
|
||
qemuPackage = pkgs.qemu_kvm;
|
||
};
|
||
};
|
||
#virtualisation.virtualbox.host.enable = true;
|
||
#users.extraGroups.vboxusers.members = [ "nnm" ];
|
||
|
||
services.accounts-daemon.enable = true;
|
||
|
||
sound.enable = true;
|
||
|
||
environment.pathsToLink = [ "/share" ];
|
||
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users.nnm = {
|
||
isNormalUser = true;
|
||
uid = 1000;
|
||
shell = pkgs.fish;
|
||
extraGroups = ["audio" "networkmanager" "wireshark" "wheel" "docker" "kvm" "libvirtd"];
|
||
};
|
||
|
||
#services.minidlna = {
|
||
# enable = true;
|
||
# mediaDirs = [ "/mnt/downloads" ];
|
||
# config = ''
|
||
# notify_interval=10
|
||
# '';
|
||
#};
|
||
|
||
fileSystems."/mnt/pkcloud-export" = {
|
||
device = "192.168.1.5:/";
|
||
fsType = "nfs";
|
||
options = [ "x-systemd.automount" "noauto" "user" "soft" "timeo=10"];
|
||
};
|
||
|
||
security.wrappers = {
|
||
"mount.nfs".source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
|
||
"umount.nfs".source = "${pkgs.nfs-utils.out}/bin/umount.nfs";
|
||
};
|
||
|
||
# This value determines the NixOS release with which your system is to be
|
||
# compatible, in order to avoid breaking some software such as database
|
||
# servers. You should change this only after NixOS release notes say you
|
||
# should.
|
||
system.stateVersion = "20.09"; # Did you read the comment?
|
||
}
|
||
|