parent
a7ec834c6a
commit
727a70d843
8 changed files with 265 additions and 209 deletions
98
flake.nix
98
flake.nix
|
@ -97,17 +97,21 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# moduleArgs = {
|
/*
|
||||||
# # inherit style;
|
moduleArgs = {
|
||||||
# inherit helix slippi hyprland hardware disko home-manager;
|
# inherit style;
|
||||||
# inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
|
inherit helix slippi hyprland hardware disko home-manager;
|
||||||
# };
|
inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
|
||||||
|
};
|
||||||
|
*/
|
||||||
|
|
||||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
|
||||||
in {
|
in {
|
||||||
# kind of a quirk, but package definitions are actually in the "additions"
|
/*
|
||||||
# overlay I did this to work around some recursion problems
|
kind of a quirk, but package definitions are actually in the "additions"
|
||||||
# TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
|
overlay I did this to work around some recursion problems
|
||||||
|
TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
|
||||||
|
*/
|
||||||
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
|
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
|
||||||
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
|
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
|
||||||
templates = import ./templates;
|
templates = import ./templates;
|
||||||
|
@ -221,10 +225,12 @@
|
||||||
in rec {
|
in rec {
|
||||||
helix = helix.outputs.packages.${prev.system}.helix;
|
helix = helix.outputs.packages.${prev.system}.helix;
|
||||||
final.helix = helix;
|
final.helix = helix;
|
||||||
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
|
/*
|
||||||
# source: https://github.com/wez/wezterm/issues/3771
|
TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
|
||||||
# not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
|
source: https://github.com/wez/wezterm/issues/3771
|
||||||
# I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
|
not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
|
||||||
|
I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
|
||||||
|
*/
|
||||||
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
|
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
|
||||||
final.wezterm = wezterm;
|
final.wezterm = wezterm;
|
||||||
};
|
};
|
||||||
|
@ -437,33 +443,35 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# grablet = nixpkgs.lib.nixosSystem {
|
/*
|
||||||
# system = "x86_64-linux";
|
grablet = nixpkgs.lib.nixosSystem {
|
||||||
# modules = with nixosModules; [
|
system = "x86_64-linux";
|
||||||
# common
|
modules = with nixosModules; [
|
||||||
|
common
|
||||||
|
|
||||||
# outputs.diskoConfigurations.standard
|
outputs.diskoConfigurations.standard
|
||||||
# hardware.nixosModules.common-cpu-intel-kaby-lake
|
hardware.nixosModules.common-cpu-intel-kaby-lake
|
||||||
# hardware.nixosModules.common-pc-laptopp-ssd
|
hardware.nixosModules.common-pc-laptopp-ssd
|
||||||
# graphical-workstation
|
graphical-workstation
|
||||||
# laptop
|
laptop
|
||||||
# gaming
|
gaming
|
||||||
|
|
||||||
# ./nixos/thablet.nix
|
./nixos/thablet.nix
|
||||||
|
|
||||||
# {
|
{
|
||||||
# home-manager.users.daniel = {
|
home-manager.users.daniel = {
|
||||||
# imports = with homeManagerModules; [
|
imports = with homeManagerModules; [
|
||||||
# iex
|
iex
|
||||||
# cargo
|
cargo
|
||||||
# linux-desktop-environment-config
|
linux-desktop-environment-config
|
||||||
# ];
|
];
|
||||||
# };
|
};
|
||||||
|
|
||||||
# powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
# }
|
}
|
||||||
# ];
|
];
|
||||||
# };
|
};
|
||||||
|
*/
|
||||||
|
|
||||||
thinker = nixpkgs-unstable.lib.nixosSystem {
|
thinker = nixpkgs-unstable.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -561,11 +569,13 @@
|
||||||
linux
|
linux
|
||||||
troubleshooting-tools
|
troubleshooting-tools
|
||||||
|
|
||||||
# NOTE: maybe use this someday, but I think I need more concrete
|
/*
|
||||||
# networking knowledge before I know how to use it well. Additionally,
|
NOTE: maybe use this someday, but I think I need more concrete
|
||||||
# I can use my existing firewall configuration more easily if I manage
|
networking knowledge before I know how to use it well. Additionally,
|
||||||
# it directly.
|
I can use my existing firewall configuration more easily if I manage
|
||||||
# nnf.nixosModules.default
|
it directly.
|
||||||
|
nnf.nixosModules.default
|
||||||
|
*/
|
||||||
|
|
||||||
./nixos/router.nix
|
./nixos/router.nix
|
||||||
];
|
];
|
||||||
|
@ -599,8 +609,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: nix-on-droid for phone terminal usage?
|
/*
|
||||||
# TODO: nix-darwin for work?
|
TODO: nix-on-droid for phone terminal usage?
|
||||||
# TODO: nixos ISO?
|
TODO: nix-darwin for work?
|
||||||
|
TODO: nixos ISO?
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,9 +96,11 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
output = {
|
output = {
|
||||||
# "*" = {
|
/*
|
||||||
# background = "$HOME/.wallpaper fill";
|
"*" = {
|
||||||
# };
|
background = "$HOME/.wallpaper fill";
|
||||||
|
};
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: popup_during_fullscreen smart
|
# TODO: popup_during_fullscreen smart
|
||||||
|
|
|
@ -89,39 +89,41 @@
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
brightnessctl
|
brightnessctl
|
||||||
feh
|
feh
|
||||||
# gimp
|
|
||||||
grim
|
grim
|
||||||
# inkscape
|
|
||||||
# krita
|
|
||||||
libinput
|
libinput
|
||||||
libinput-gestures
|
libinput-gestures
|
||||||
libnotify
|
libnotify
|
||||||
mako
|
mako
|
||||||
# lutris
|
|
||||||
# nil
|
|
||||||
# nixpkgs-fmt
|
|
||||||
noto-fonts
|
noto-fonts
|
||||||
pamixer
|
pamixer
|
||||||
# pavucontrol
|
|
||||||
playerctl
|
playerctl
|
||||||
pulseaudio
|
pulseaudio
|
||||||
pulsemixer
|
pulsemixer
|
||||||
# rclone
|
|
||||||
# restic
|
|
||||||
slurp
|
slurp
|
||||||
# steam
|
|
||||||
swaybg
|
swaybg
|
||||||
swayidle
|
swayidle
|
||||||
swaylock
|
swaylock
|
||||||
swayosd
|
swayosd
|
||||||
tofi
|
tofi
|
||||||
# vlc
|
|
||||||
# vulkan-tools
|
|
||||||
waybar
|
waybar
|
||||||
# weechat
|
|
||||||
# wine
|
|
||||||
wl-clipboard
|
wl-clipboard
|
||||||
zathura
|
zathura
|
||||||
|
/*
|
||||||
|
gimp
|
||||||
|
inkscape
|
||||||
|
krita
|
||||||
|
lutris
|
||||||
|
nil
|
||||||
|
nixpkgs-fmt
|
||||||
|
pavucontrol
|
||||||
|
rclone
|
||||||
|
restic
|
||||||
|
steam
|
||||||
|
vlc
|
||||||
|
vulkan-tools
|
||||||
|
weechat
|
||||||
|
wine
|
||||||
|
*/
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -238,9 +240,11 @@
|
||||||
file
|
file
|
||||||
iputils
|
iputils
|
||||||
nettools
|
nettools
|
||||||
# nodePackages.bash-language-server # just pull in as needed?
|
/*
|
||||||
# shellcheck
|
nodePackages.bash-language-server # just pull in as needed?
|
||||||
# shfmt
|
shellcheck
|
||||||
|
shfmt
|
||||||
|
*/
|
||||||
killall
|
killall
|
||||||
ripgrep
|
ripgrep
|
||||||
rsync
|
rsync
|
||||||
|
@ -269,9 +273,11 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# https://nixos.wiki/wiki/Remote_disk_unlocking
|
/*
|
||||||
# "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
|
https://nixos.wiki/wiki/Remote_disk_unlocking
|
||||||
# ^ seems less than ideal
|
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
|
||||||
|
^ seems less than ideal
|
||||||
|
*/
|
||||||
boot.kernelParams = ["ip=dhcp"];
|
boot.kernelParams = ["ip=dhcp"];
|
||||||
boot.initrd = {
|
boot.initrd = {
|
||||||
# availableKernelModules = ["r8169"]; # ethernet drivers
|
# availableKernelModules = ["r8169"]; # ethernet drivers
|
||||||
|
@ -306,17 +312,21 @@
|
||||||
|
|
||||||
openFirewall = lib.mkDefault true;
|
openFirewall = lib.mkDefault true;
|
||||||
|
|
||||||
# listenAddresses = [
|
/*
|
||||||
# { addr = "0.0.0.0"; port = 22; }
|
listenAddresses = [
|
||||||
# ];
|
{ addr = "0.0.0.0"; port = 22; }
|
||||||
|
];
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
password-manager = {pkgs, ...}: {
|
password-manager = {pkgs, ...}: {
|
||||||
# programs.goldwarden = {
|
/*
|
||||||
# NOTE: This didn't seem to work for me, but would be awesome!
|
programs.goldwarden = {
|
||||||
# enable = true;
|
## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?)
|
||||||
# };
|
enable = true;
|
||||||
|
};
|
||||||
|
*/
|
||||||
|
|
||||||
home-manager.users.daniel = {
|
home-manager.users.daniel = {
|
||||||
imports = with homeManagerModules; [
|
imports = with homeManagerModules; [
|
||||||
|
@ -418,9 +428,11 @@
|
||||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||||
programs.neovim = {
|
programs.neovim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# plugins = [
|
/*
|
||||||
# pkgs.vimPlugins.nvim-treesitter.withAllGrammars
|
plugins = [
|
||||||
# ];
|
pkgs.vimPlugins.nvim-treesitter.withAllGrammars
|
||||||
|
];
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -574,8 +586,10 @@
|
||||||
then {
|
then {
|
||||||
graphics = {
|
graphics = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# driSupport32Bit = true;
|
/*
|
||||||
# driSupport = true;
|
driSupport32Bit = true;
|
||||||
|
driSupport = true;
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -591,8 +605,10 @@
|
||||||
slides
|
slides
|
||||||
];
|
];
|
||||||
variables = {
|
variables = {
|
||||||
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
/*
|
||||||
# GTK_USE_PORTAL = "1";
|
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||||
|
GTK_USE_PORTAL = "1";
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -603,10 +619,12 @@
|
||||||
kde-connect = {
|
kde-connect = {
|
||||||
programs.kdeconnect.enable = true;
|
programs.kdeconnect.enable = true;
|
||||||
|
|
||||||
# networking.firewall = {
|
/*
|
||||||
# allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
networking.firewall = {
|
||||||
# allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
|
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||||
# };
|
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||||
|
};
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts = {pkgs, ...}: {
|
fonts = {pkgs, ...}: {
|
||||||
|
@ -651,21 +669,24 @@
|
||||||
maliit-framework
|
maliit-framework
|
||||||
|
|
||||||
kdePackages.kate
|
kdePackages.kate
|
||||||
# kdePackages.kdenlive
|
|
||||||
# kdePackages.merkuro
|
|
||||||
kdePackages.kcalc
|
kdePackages.kcalc
|
||||||
# kdePackages.neochat
|
|
||||||
kdePackages.filelight
|
kdePackages.filelight
|
||||||
kdePackages.krdc
|
kdePackages.krdc
|
||||||
kdePackages.krfb
|
kdePackages.krfb
|
||||||
kdePackages.kclock
|
kdePackages.kclock
|
||||||
kdePackages.kweather
|
kdePackages.kweather
|
||||||
kdePackages.ktorrent
|
kdePackages.ktorrent
|
||||||
# kdePackages.kdevelop
|
|
||||||
# kdePackages.kdialog
|
|
||||||
kdePackages.kdeplasma-addons
|
kdePackages.kdeplasma-addons
|
||||||
|
|
||||||
unstable-packages.kdePackages.krdp
|
unstable-packages.kdePackages.krdp
|
||||||
|
|
||||||
|
/*
|
||||||
|
kdePackages.kdenlive
|
||||||
|
kdePackages.merkuro
|
||||||
|
kdePackages.neochat
|
||||||
|
kdePackages.kdevelop
|
||||||
|
kdePackages.kdialog
|
||||||
|
*/
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
|
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
|
||||||
|
@ -746,50 +767,56 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
# extraConfig.pipewire."92-low-latency" = {
|
/*
|
||||||
# context.properties = {
|
extraConfig.pipewire."92-low-latency" = {
|
||||||
# default.clock.rate = 48000;
|
context.properties = {
|
||||||
# default.clock.quantum = 32;
|
default.clock.rate = 48000;
|
||||||
# default.clock.min-quantum = 32;
|
default.clock.quantum = 32;
|
||||||
# default.clock.max-quantum = 32;
|
default.clock.min-quantum = 32;
|
||||||
# };
|
default.clock.max-quantum = 32;
|
||||||
# };
|
};
|
||||||
|
};
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
# recommended by https://nixos.wiki/wiki/PipeWire
|
# recommended by https://nixos.wiki/wiki/PipeWire
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
# services.pipewire = {
|
/*
|
||||||
# enable = true;
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
# wireplumber.enable = true;
|
wireplumber.enable = true;
|
||||||
# pulse.enable = true;
|
pulse.enable = true;
|
||||||
# jack.enable = true;
|
jack.enable = true;
|
||||||
|
|
||||||
# alsa = {
|
alsa = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# support32Bit = true;
|
support32Bit = true;
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
|
|
||||||
# hardware = {
|
hardware = {
|
||||||
# pulseaudio = {
|
pulseaudio = {
|
||||||
# enable = false;
|
enable = false;
|
||||||
# support32Bit = true;
|
support32Bit = true;
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
|
|
||||||
# security = {
|
security = {
|
||||||
# # I forget why I need these exactly...
|
# I forget why I need these exactly...
|
||||||
# polkit.enable = true;
|
polkit.enable = true;
|
||||||
|
|
||||||
# rtkit.enable = true;
|
rtkit.enable = true;
|
||||||
# };
|
};
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
music-production = {pkgs, ...}: {
|
music-production = {pkgs, ...}: {
|
||||||
# TODO: may want to force nixpkgs-stable for a more-stable music production
|
/*
|
||||||
# environment?
|
TODO: may want to force nixpkgs-stable for a more-stable music production
|
||||||
|
environment?
|
||||||
|
*/
|
||||||
imports = [
|
imports = [
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -800,11 +827,12 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: things to look into for music production:
|
/*
|
||||||
# - https://linuxmusicians.com/viewtopic.php?t=27016
|
TODO: things to look into for music production:
|
||||||
# - KXStudio?
|
- https://linuxmusicians.com/viewtopic.php?t=27016
|
||||||
# - falktx (https://github.com/DISTRHO/Cardinal)
|
- KXStudio?
|
||||||
# -
|
- falktx (https://github.com/DISTRHO/Cardinal)
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
podman = {pkgs, ...}: {
|
podman = {pkgs, ...}: {
|
||||||
|
@ -898,9 +926,11 @@
|
||||||
networking.networkmanager.enable = mkDefault true;
|
networking.networkmanager.enable = mkDefault true;
|
||||||
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
|
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
|
||||||
|
|
||||||
# TODO: networking.networkmanager.wifi.backend = "iwd"; ?
|
/*
|
||||||
# TODO: powersave?
|
TODO: networking.networkmanager.wifi.backend = "iwd"; ?
|
||||||
# TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
|
TODO: powersave?
|
||||||
|
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
steam = {pkgs, ...}: {
|
steam = {pkgs, ...}: {
|
||||||
|
@ -908,12 +938,15 @@
|
||||||
|
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# extest.enable = true;
|
|
||||||
# gamescopeSession.enable = true;
|
|
||||||
|
|
||||||
# extraPackages = with pkgs; [
|
/*
|
||||||
# gamescope
|
extest.enable = true;
|
||||||
# ];
|
gamescopeSession.enable = true;
|
||||||
|
|
||||||
|
extraPackages = with pkgs; [
|
||||||
|
gamescope
|
||||||
|
];
|
||||||
|
*/
|
||||||
|
|
||||||
extraCompatPackages = with pkgs; [
|
extraCompatPackages = with pkgs; [
|
||||||
proton-ge-bin
|
proton-ge-bin
|
||||||
|
@ -931,8 +964,10 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
|
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
|
||||||
# networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
/*
|
||||||
# networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||||
|
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
root = {
|
root = {
|
||||||
|
@ -1089,12 +1124,14 @@
|
||||||
|
|
||||||
# module has the incorrect file permissions out of the box
|
# module has the incorrect file permissions out of the box
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
# "kanidm" = {
|
/*
|
||||||
# enable = true;
|
"kanidm" = {
|
||||||
# user = "nobody";
|
enable = true;
|
||||||
# group = "users";
|
user = "nobody";
|
||||||
# mode = "0755";
|
group = "users";
|
||||||
# };
|
mode = "0755";
|
||||||
|
};
|
||||||
|
*/
|
||||||
"kanidm/unixd" = {
|
"kanidm/unixd" = {
|
||||||
user = "kanidm-unixd";
|
user = "kanidm-unixd";
|
||||||
group = "kanidm-unixd";
|
group = "kanidm-unixd";
|
||||||
|
|
|
@ -50,36 +50,35 @@
|
||||||
gnome.gnome-power-manager
|
gnome.gnome-power-manager
|
||||||
brightnessctl
|
brightnessctl
|
||||||
feh
|
feh
|
||||||
# gimp
|
|
||||||
grim
|
grim
|
||||||
# inkscape
|
|
||||||
# krita
|
|
||||||
libinput
|
libinput
|
||||||
libinput-gestures
|
libinput-gestures
|
||||||
libnotify
|
libnotify
|
||||||
# lutris
|
|
||||||
# nil
|
|
||||||
# nixpkgs-fmt
|
|
||||||
noto-fonts
|
noto-fonts
|
||||||
pamixer
|
pamixer
|
||||||
# pavucontrol
|
|
||||||
playerctl
|
playerctl
|
||||||
# pulseaudio
|
|
||||||
pulsemixer
|
pulsemixer
|
||||||
# rclone
|
|
||||||
# restic
|
|
||||||
slurp
|
slurp
|
||||||
# steam
|
|
||||||
swaybg
|
swaybg
|
||||||
swayidle
|
swayidle
|
||||||
swaylock
|
swaylock
|
||||||
# vlc
|
|
||||||
# vulkan-tools
|
|
||||||
waybar
|
waybar
|
||||||
# weechat
|
|
||||||
# wine
|
|
||||||
wl-clipboard
|
wl-clipboard
|
||||||
zathura
|
zathura
|
||||||
|
/*
|
||||||
|
gimp
|
||||||
|
inkscape
|
||||||
|
krita
|
||||||
|
pavucontrol
|
||||||
|
pulseaudio
|
||||||
|
rclone
|
||||||
|
restic
|
||||||
|
steam
|
||||||
|
vlc
|
||||||
|
vulkan-tools
|
||||||
|
weechat
|
||||||
|
wine
|
||||||
|
*/
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -84,9 +84,9 @@
|
||||||
monitor = [
|
monitor = [
|
||||||
# "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
# "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
||||||
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
||||||
# HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
|
## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
|
||||||
# "desc:LG Display 0x0521,3840x2160@120,0x0,1"
|
## "desc:LG Display 0x0521,3840x2160@120,0x0,1"
|
||||||
# "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
|
## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
|
||||||
"DP-2,3840x2160@60,0x0,1.5,transform,1"
|
"DP-2,3840x2160@60,0x0,1.5,transform,1"
|
||||||
];
|
];
|
||||||
input = {
|
input = {
|
||||||
|
|
|
@ -145,22 +145,22 @@ in {
|
||||||
checkRuleset = true;
|
checkRuleset = true;
|
||||||
ruleset = with inf; ''
|
ruleset = with inf; ''
|
||||||
table inet filter {
|
table inet filter {
|
||||||
# set LANv4 {
|
## set LANv4 {
|
||||||
# type ipv4_addr
|
## type ipv4_addr
|
||||||
# flags interval
|
## flags interval
|
||||||
# elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
|
## elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
|
||||||
# }
|
## }
|
||||||
# set LANv6 {
|
## set LANv6 {
|
||||||
# type ipv6_addr
|
## type ipv6_addr
|
||||||
# flags interval
|
## flags interval
|
||||||
# elements = { fd00::/8, fe80::/10 }
|
## elements = { fd00::/8, fe80::/10 }
|
||||||
# }
|
## }
|
||||||
# TODO: maybe tailnet?
|
## TODO: maybe tailnet?
|
||||||
|
|
||||||
# chain my_input_lan {
|
## chain my_input_lan {
|
||||||
# udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
## udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
||||||
# udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
## udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
||||||
# }
|
## }
|
||||||
|
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 0; policy drop;
|
type filter hook input priority 0; policy drop;
|
||||||
|
@ -199,8 +199,8 @@ in {
|
||||||
iifname "${lan}" accept comment "Allow local network to access the router"
|
iifname "${lan}" accept comment "Allow local network to access the router"
|
||||||
iifname "tailscale0" accept comment "Allow local network to access the router"
|
iifname "tailscale0" accept comment "Allow local network to access the router"
|
||||||
|
|
||||||
# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
||||||
# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
||||||
|
|
||||||
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
|
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
|
||||||
}
|
}
|
||||||
|
@ -215,13 +215,13 @@ in {
|
||||||
accept
|
accept
|
||||||
}
|
}
|
||||||
|
|
||||||
# chain forward {
|
## chain forward {
|
||||||
# type filter hook forward priority filter; policy drop;
|
## type filter hook forward priority filter; policy drop;
|
||||||
|
|
||||||
# iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
## iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||||
# iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
## iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||||
# iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
|
## iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
|
||||||
# }
|
## }
|
||||||
}
|
}
|
||||||
|
|
||||||
table ip nat {
|
table ip nat {
|
||||||
|
@ -263,16 +263,16 @@ in {
|
||||||
parent = interfaces.wan.name;
|
parent = interfaces.wan.name;
|
||||||
ipv4Addresses = [cidr];
|
ipv4Addresses = [cidr];
|
||||||
};
|
};
|
||||||
# banned = {
|
## banned = {
|
||||||
# ingressExpression = [
|
## ingressExpression = [
|
||||||
# "ip saddr @banlist"
|
## "ip saddr @banlist"
|
||||||
# "ip6 saddr @banlist6"
|
## "ip6 saddr @banlist6"
|
||||||
# ];
|
## ];
|
||||||
# egressExpression = [
|
## egressExpression = [
|
||||||
# "ip daddr @banlist"
|
## "ip daddr @banlist"
|
||||||
# "ip6 daddr @banlist6"
|
## "ip6 daddr @banlist6"
|
||||||
# ];
|
## ];
|
||||||
# };
|
## };
|
||||||
};
|
};
|
||||||
|
|
||||||
rules = {
|
rules = {
|
||||||
|
|
|
@ -5,22 +5,28 @@
|
||||||
pkgs = import nixpkgs {inherit (final) system;};
|
pkgs = import nixpkgs {inherit (final) system;};
|
||||||
};
|
};
|
||||||
|
|
||||||
# This one contains whatever you want to overlay
|
/*
|
||||||
# You can change versions, add patches, set compilation flags, anything really.
|
This one contains whatever you want to overlay
|
||||||
# https://nixos.wiki/wiki/Overlays
|
You can change versions, add patches, set compilation flags, anything really.
|
||||||
|
https://nixos.wiki/wiki/Overlays
|
||||||
|
*/
|
||||||
modifications = final: prev: {
|
modifications = final: prev: {
|
||||||
# final.fprintd = prev.fprintd.overrideAttrs {
|
/*
|
||||||
# # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
|
final.fprintd = prev.fprintd.overrideAttrs {
|
||||||
# mesonCheckFlags = [
|
# Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
|
||||||
# # PAM related checks are timing out
|
mesonCheckFlags = [
|
||||||
# "--no-suite"
|
# PAM related checks are timing out
|
||||||
# "fprintd:TestPamFprintd"
|
"--no-suite"
|
||||||
# ];
|
"fprintd:TestPamFprintd"
|
||||||
# };
|
];
|
||||||
|
};
|
||||||
|
*/
|
||||||
};
|
};
|
||||||
|
|
||||||
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
|
/*
|
||||||
# be accessible through 'pkgs.unstable'
|
When applied, the unstable nixpkgs set (declared in the flake inputs) will
|
||||||
|
be accessible through 'pkgs.unstable'
|
||||||
|
*/
|
||||||
unstable-packages = final: _prev: {
|
unstable-packages = final: _prev: {
|
||||||
unstable = import nixpkgs {
|
unstable = import nixpkgs {
|
||||||
system = final.system;
|
system = final.system;
|
||||||
|
|
|
@ -34,10 +34,10 @@ in ((iosevka.override {
|
||||||
menu = 900
|
menu = 900
|
||||||
css = 900
|
css = 900
|
||||||
|
|
||||||
# [[buildPlans.Iosevka${set}.compatibility-ligatures]]
|
## [[buildPlans.Iosevka${set}.compatibility-ligatures]]
|
||||||
# unicode = 57600 # 0xE100
|
## unicode = 57600 # 0xE100
|
||||||
# featureTag = 'calt'
|
## featureTag = 'calt'
|
||||||
# kequence = '<*>'
|
## kequence = '<*>'
|
||||||
|
|
||||||
[buildPlans.Iosevka${set}.variants]
|
[buildPlans.Iosevka${set}.variants]
|
||||||
inherits = "ss01"
|
inherits = "ss01"
|
||||||
|
|
Loading…
Reference in a new issue