don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity
NixOS-Configs/workstation/configuration.nix
Don Harper dce4134ea0 workstation | added steam support
2023-01-19 21:54:19 -06:00

302 lines
7.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
let
my-python-packages = python-packages: with python-packages; [
pip
pipx
#tldextract
#setuptools
];
python-with-my-packages = pkgs.python310Full.withPackages my-python-packages;
in
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
boot.kernelPackages = pkgs.linuxPackages_latest;
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = true;
networking.useDHCP = false;
networking.extraHosts =
''
100.75.7.116 harper.tail rss.duckland.org vault.duckland.org git.duckland.org photos.duckland.org recipes.duckland.org vault.duckland.org dashy.duckland.org music.duckland.org bandwidth.duckland.org bandwidth2.duckland.org speed.duckland.org cloud.duckland.org plex.duckland.org smoke.duckland.org smart.duckland.org drone.home.duckland.org webhook.home.duckland.org cal.duckland.org gluetun.config.duckland.org jelly.duckland.org harper
'';
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
# Splash screen
boot.plymouth.enable = true;
boot.plymouth.theme = "breeze";
security.polkit.enable = true;
# Enable doas instead of sudo
security.sudo.enable = false;
security.doas.enable = true;
security.doas.extraRules = [{
users = [ "don" ];
keepEnv = true;
noPass = true;
}];
services.avahi.enable = true;
services.avahi.nssmdns = true;
services.printing.enable = true;
services.udisks2.enable = true;
services.nscd.enableNsncd = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.bluetooth.enable = true;
hardware.pulseaudio.enable = false;
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xdg.portal.enable = true; # only needed if you are not doing Gnome
services.flatpak.enable = true;
users.users.don = {
isNormalUser = true;
description = "Don Harper";
extraGroups = [ "networkmanager" "wheel" "scanner" "lp" "video" "mlocate" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
python-with-my-packages
acpi
aspell
authy
bc
bitwarden
bitwarden-cli
blueberry
bpytop
btop
cantarell-fonts
citrix_workspace
darktable
diff-so-fancy
dmenu-wayland
element-desktop
espeak-classic
exiftool
feh
figlet
file
firefox
flameshot
font-awesome
fractal
fuzzel
fzf
git-crypt
gitFull
gnome.gnome-tweaks
gnome.simple-scan
gnumake
gnupg
gtop
headset-charge-indicator
headsetcontrol
home-manager
hugo
imagemagick
imv
isync
jellyfin-media-player
jq
kanshi
kdeconnect
keyutils
khal
khard
kitty
ktimer
libnotify
libreoffice-fresh-unwrapped
links2
lsb-release
mairix
moreutils
mosh
mutt
mutt-ics
ncdu
neovim-qt
nerdfonts
newsboat
nmap
noto-fonts
obsidian
pandoc
pasystray
pavucontrol
playerctl
poweralertd
powerline-fonts
psmisc
pulseaudio
python3
qutebrowser
ranger
rofi
ruby
signal-desktop
slack
source-code-pro
statix
steam
sublime-music
syncthing
tailscale
tasksh
taskwarrior
tdesktop
terminus-nerdfont
texlive.combined.scheme-medium
timewarrior
tmux
tmux-cssh
tmuxp
toot
topgrade
topgrade
tut
ubuntu_font_family
udiskie
urlview
vdirsyncer
vifm-full
vit
wget
widevine-cdm
wlsunset
xdg-utils
xfce.thunar
yt-dlp
zathura
zoom-us
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.dconf.enable = true;
programs.light.enable = true;
programs.mtr.enable = true;
nixpkgs.overlays = [
(final: prev: { qutebrowser = prev.qutebrowser.override { enableWideVine = true; }; })
];
services.tailscale.enable = true;
# create a oneshot job to authenticate to Tailscale
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey tskey-api-kDQcva6CNTRL-kvcJzSix6yLb2dgjr1Pi
'';
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
#permitRootLogin = "yes";
};
# Open ports in the firewall.
networking.firewall = {
enable = true;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
# allow the Tailscale UDP port through the firewall
allowedUDPPorts = [ config.services.tailscale.port ];
allowedUDPPortRanges = [ { from = 1714 ; to = 1764; }];
# allow you to SSH in over the public internet
allowedTCPPorts = [ 22 ];
allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
# nixpkgs.config.firefox.enableGnomeExtenions = true;
# services.gnome.gnome-browser-connector.enable = true;
programs.msmtp = {
enable = true;
accounts = {
default = {
auth = true;
tls = true;
port = 587;
from = "duck@duckland.org";
host = "smtp.gmail.com";
user = "duckunix@gmail.com";
passwordeval = "cat /home/don/.smtp_password.txt";
};
};
};
services.locate = {
enable = true;
locate = pkgs.mlocate;
localuser = null;
};
nix.gc = {
automatic = true;
options = "-d";
};
}
Reference in a new issue View git blame Copy permalink